mirror of
https://gitea.blesmrt.net/mikaela/shell-things.git
synced 2024-12-24 03:33:12 +01:00
sastisfy editorconfig check
This commit is contained in:
parent
cff2ac755f
commit
2e6a03d402
@ -5,7 +5,7 @@
|
||||
# This file is free software; as a special exception the author gives
|
||||
# unlimited permission to copy and/or distribute it, with or without
|
||||
# modifications, as long as this notice is preserved.
|
||||
#
|
||||
#
|
||||
# This file is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
|
||||
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
|
@ -1,6 +1,6 @@
|
||||
<pastebinit>
|
||||
<pastebin>http://sprunge.us</pastebin>
|
||||
<author>Mikaela</author>
|
||||
<jabberid>mikaela@kapsi.fi</jabberid>
|
||||
<format>text</format>
|
||||
<pastebinit>
|
||||
<pastebin>http://sprunge.us</pastebin>
|
||||
<author>Mikaela</author>
|
||||
<jabberid>mikaela@kapsi.fi</jabberid>
|
||||
<format>text</format>
|
||||
</pastebinit>
|
||||
|
2
LICENSE
2
LICENSE
@ -1,4 +1,4 @@
|
||||
Copyright (c) <year> <owner>.
|
||||
Copyright (c) <year> <owner>.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
|
||||
|
||||
|
@ -4,7 +4,7 @@ repository as dotfiles, but historical reasons...
|
||||
# Directories explained
|
||||
|
||||
- .mikaela — files that most likely aren't suitable for places where other
|
||||
people than me have access too
|
||||
people than me have access too
|
||||
- Windows — files releated to Windows
|
||||
- conf — config files like .tmux.conf
|
||||
- etc — /etc/
|
||||
|
2
Windows/.gitattributes
vendored
2
Windows/.gitattributes
vendored
@ -1 +1 @@
|
||||
* text=auto eol=crlf
|
||||
* text=auto eol=crlf
|
||||
|
@ -22,11 +22,11 @@ I think the first method is likely the best, but I cannot rule these working
|
||||
on another system out yet. They didn't work on my first system tried.
|
||||
|
||||
- `00-AllowUpgradesWithUnsupportedTPMOrCPU.reg` - the official Microsoft
|
||||
recommendation and the only one that should be used. If after reboot
|
||||
nothing happens, maybe try the rest rebooting every failure.
|
||||
- https://support.microsoft.com/windows/windows-11-n-asentaminen-e0edbbfb-cfc5-4011-868b-2ce77ac7c70e
|
||||
recommendation and the only one that should be used. If after reboot
|
||||
nothing happens, maybe try the rest rebooting every failure.
|
||||
- https://support.microsoft.com/windows/windows-11-n-asentaminen-e0edbbfb-cfc5-4011-868b-2ce77ac7c70e
|
||||
- `01-LabConfig.reg` - widely reported to work
|
||||
- `01-Setup.reg` - ^
|
||||
- `02-DevRing.reg` - after joining the Insider program, this should enforce
|
||||
joining to Dev ring which should offer Windows 11 instantly. It may be
|
||||
advisable to leave after successful update.
|
||||
joining to Dev ring which should offer Windows 11 instantly. It may be
|
||||
advisable to leave after successful update.
|
||||
|
Binary file not shown.
@ -3,17 +3,17 @@
|
||||
Requires Windows 11.
|
||||
|
||||
- `GPO-EnforceDoH.reg` enables the group policy to require DoH. However it
|
||||
didn't seem to work for me or it allowed me to set the DNS server to not
|
||||
use DoH.
|
||||
didn't seem to work for me or it allowed me to set the DNS server to not
|
||||
use DoH.
|
||||
|
||||
- `DohWellKnownServers` adds DoH support for multiple IPv4 & IPv6 addresses
|
||||
that Windows 11 isn't shipping by default, currently:
|
||||
- Adguard
|
||||
- Cloudflare antimalware
|
||||
- DNS0 (& Zero)
|
||||
- Mullvad
|
||||
- Mullvad Adblock
|
||||
- Quad9 ECS (Windows 11 defaults include Quad9 default)
|
||||
that Windows 11 isn't shipping by default, currently:
|
||||
- Adguard
|
||||
- Cloudflare antimalware
|
||||
- DNS0 (& Zero)
|
||||
- Mullvad
|
||||
- Mullvad Adblock
|
||||
- Quad9 ECS (Windows 11 defaults include Quad9 default)
|
||||
|
||||
## Configuration
|
||||
|
||||
@ -21,6 +21,6 @@ Once Windows knows about the DoH servers (DohWellKnownServers.reg), DNS-over
|
||||
HTTPS can be enabled for:
|
||||
|
||||
- All networks: `Windows-I (Settings) -> Network & Internet -> Advanced network settings -> WLAN -> View additional properties -> DNS Server assignment -> Edit`
|
||||
- Same place for Ethernet etc.
|
||||
- Same place for Ethernet etc.
|
||||
- Specific network: `Windows-I (Settings) -> Network & Internet -> WiFi -> Connected SSID -> DNS server assignment -> Edit`
|
||||
- Note: if the all networks one is configured, there is a warning about it not being used.
|
||||
- Note: if the all networks one is configured, there is a warning about it not being used.
|
||||
|
@ -6,4 +6,4 @@ netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent
|
||||
netsh interface ipv6 set privacy state=disabled store=active
|
||||
netsh interface ipv6 set privacy state=disabled store=persistent
|
||||
pause
|
||||
echo on
|
||||
echo on
|
||||
|
@ -4,4 +4,4 @@ pause
|
||||
netsh interface ipv6 set global randomizeidentifiers=disabled store=active
|
||||
netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent
|
||||
pause
|
||||
echo on
|
||||
echo on
|
||||
|
@ -3,6 +3,6 @@ Some kind of explaining for [IPv6.reg](IPv6.reg) like
|
||||
|
||||
- Resolve IPv6 even without native connectivity.
|
||||
- Enable Teredo
|
||||
- As EnterpriseClient so it also works when joined into domain.
|
||||
- As EnterpriseClient so it also works when joined into domain.
|
||||
- Use `teredo.trex.fi` as Teredo server. This should be replaced with
|
||||
something that is as near as possible.
|
||||
something that is as near as possible.
|
||||
|
@ -9,10 +9,10 @@ Windows Registry Editor Version 5.00
|
||||
|
||||
- Make the file Windows Registry Editor script
|
||||
- Ask admins for password/PIN in UAC
|
||||
- 2 would ask for yes or no, 0 disable entirely (don't do that).
|
||||
- 2 would ask for yes or no, 0 disable entirely (don't do that).
|
||||
- prompt standard users for username and password. 2021-12-19: I don't understand this or the line below.
|
||||
- The other option (1) doesn't even give them UAC prompt so you must
|
||||
always login as admin to do anything.
|
||||
- The other option (1) doesn't even give them UAC prompt so you must
|
||||
always login as admin to do anything.
|
||||
|
||||
```
|
||||
"dontdisplaylastusername"=dword:00000000
|
||||
@ -39,8 +39,8 @@ Windows Registry Editor Version 5.00
|
||||
```
|
||||
|
||||
- Sets hardware clock to UTC time (doesn't affect system clock!)
|
||||
- qword for 64-bit, dword for 32-bit systems. The actual reg file has
|
||||
only qword as I haven't seen 32-bit Windowses lately.
|
||||
- qword for 64-bit, dword for 32-bit systems. The actual reg file has
|
||||
only qword as I haven't seen 32-bit Windowses lately.
|
||||
|
||||
```
|
||||
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]
|
||||
|
@ -1 +1 @@
|
||||
CapsLock:: Send {BackSpace}
|
||||
CapsLock:: Send {BackSpace}
|
||||
|
@ -7,16 +7,16 @@ w32tm /query /peers
|
||||
```
|
||||
|
||||
- The list is space separated NTP servers, while I think Windows uses SNTP instead
|
||||
of NTP.
|
||||
of NTP.
|
||||
- `/resync` may sync current time, but is also required for the GUI
|
||||
(Windows + I, Date & time) and following command to get aware of peers.
|
||||
(Windows + I, Date & time) and following command to get aware of peers.
|
||||
- Shows where time is synced from and statistics.
|
||||
- There is also `net time` to sync, I am unsure of the differences while
|
||||
that may be blocked while the second keeps working. It may also not
|
||||
show all the peers, just the primary one, while `w32tm` is more verbose
|
||||
and has all of them.
|
||||
- There is also `net time` to sync, I am unsure of the differences while
|
||||
that may be blocked while the second keeps working. It may also not
|
||||
show all the peers, just the primary one, while `w32tm` is more verbose
|
||||
and has all of them.
|
||||
- As Windows doesn't support NTS and probably won't in near future, there is
|
||||
no point in listing distant foreign servers.
|
||||
no point in listing distant foreign servers.
|
||||
|
||||
## Variations
|
||||
|
||||
@ -47,14 +47,14 @@ w32tm /config /syncfromflags:manual /manualpeerlist:"time.cloudflare.com ntp1.ko
|
||||
- https://www.netnod.se/nts/network-time-security
|
||||
- https://www.vttresearch.com/fi/palvelut/suomen-aika-ntp-palvelu#julkinen
|
||||
- https://www.ntppool.org/use.html
|
||||
- Also mentions the syntax for multiple servers, but considering this Elisa
|
||||
list has so many servers I am only picking one pool address just in case
|
||||
the others somehow fail.
|
||||
- Also mentions the syntax for multiple servers, but considering this Elisa
|
||||
list has so many servers I am only picking one pool address just in case
|
||||
the others somehow fail.
|
||||
|
||||
## Additional reading
|
||||
|
||||
- Above links
|
||||
- https://jasoncoltrin.com/2018/08/02/how-to-set-clock-time-on-ad-domain-controller-and-sync-windows-clients/
|
||||
- this file might not exist without this post, while it doesn't mention
|
||||
multiple servers, uses `time.windows.com` and I am yet to actually touch
|
||||
NTP on Windows Server environment.
|
||||
- this file might not exist without this post, while it doesn't mention
|
||||
multiple servers, uses `time.windows.com` and I am yet to actually touch
|
||||
NTP on Windows Server environment.
|
||||
|
2
chmod
2
chmod
@ -1,5 +1,5 @@
|
||||
#!/usr/bin/env bash
|
||||
# This script removes permissions from other people than the owner to
|
||||
# This script removes permissions from other people than the owner to
|
||||
# files/folders that they don't have access to and where they don't need
|
||||
# access.
|
||||
set -x
|
||||
|
@ -19,48 +19,48 @@ the Free Software Foundation, either version 3 of the License, or
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
]]
|
||||
|
||||
conky.config = {
|
||||
alignment = 'top_left',
|
||||
background = true,
|
||||
border_width = 1,
|
||||
cpu_avg_samples = 2,
|
||||
default_color = '#dedede',
|
||||
default_outline_color = '#dedede',
|
||||
default_shade_color = '#dedede',
|
||||
draw_borders = true,
|
||||
draw_graph_borders = true,
|
||||
draw_outline = false,
|
||||
draw_shades = false,
|
||||
use_xft = true,
|
||||
font = 'DejaVu Sans Mono:size=8',
|
||||
gap_x = 6,
|
||||
gap_y = 28,
|
||||
minimum_height = 5,
|
||||
minimum_width = 5,
|
||||
net_avg_samples = 2,
|
||||
no_buffers = true,
|
||||
out_to_console = false,
|
||||
out_to_stderr = false,
|
||||
extra_newline = false,
|
||||
own_window = true,
|
||||
own_window_transparent = false,
|
||||
own_window_argb_visual = true,
|
||||
own_window_argb_value = 95,
|
||||
own_window_class = 'Conky',
|
||||
own_window_type = 'override',
|
||||
stippled_borders = 0,
|
||||
update_interval = 5,
|
||||
uppercase = false,
|
||||
use_spacer = 'none',
|
||||
show_graph_scale = false,
|
||||
show_graph_range = false,
|
||||
double_buffer = true
|
||||
alignment = 'top_left',
|
||||
background = true,
|
||||
border_width = 1,
|
||||
cpu_avg_samples = 2,
|
||||
default_color = '#dedede',
|
||||
default_outline_color = '#dedede',
|
||||
default_shade_color = '#dedede',
|
||||
draw_borders = true,
|
||||
draw_graph_borders = true,
|
||||
draw_outline = false,
|
||||
draw_shades = false,
|
||||
use_xft = true,
|
||||
font = 'DejaVu Sans Mono:size=8',
|
||||
gap_x = 6,
|
||||
gap_y = 28,
|
||||
minimum_height = 5,
|
||||
minimum_width = 5,
|
||||
net_avg_samples = 2,
|
||||
no_buffers = true,
|
||||
out_to_console = false,
|
||||
out_to_stderr = false,
|
||||
extra_newline = false,
|
||||
own_window = true,
|
||||
own_window_transparent = false,
|
||||
own_window_argb_visual = true,
|
||||
own_window_argb_value = 95,
|
||||
own_window_class = 'Conky',
|
||||
own_window_type = 'override',
|
||||
stippled_borders = 0,
|
||||
update_interval = 5,
|
||||
uppercase = false,
|
||||
use_spacer = 'none',
|
||||
show_graph_scale = false,
|
||||
show_graph_range = false,
|
||||
double_buffer = true
|
||||
}
|
||||
|
||||
conky.text = [[
|
||||
@ -72,16 +72,16 @@ ${color grey}Frequency (in GHz):$color $freq_g
|
||||
${color grey}RAM Usage:$color $mem/$memmax - $memperc% ${membar 4}
|
||||
${color grey}Swap Usage:$color $swap/$swapmax - $swapperc% ${swapbar 4}
|
||||
${color grey}CPU Usage:$color $cpu% ${cpubar 4}
|
||||
${color grey}Processes:$color $processes ${color grey}Running:$color $running_processes
|
||||
${color grey}Processes:$color $processes ${color grey}Running:$color $running_processes
|
||||
$hr
|
||||
${color grey}File systems:
|
||||
/ $color${fs_used /}/${fs_size /} ${fs_bar 6 /}
|
||||
/ $color${fs_used /}/${fs_size /} ${fs_bar 6 /}
|
||||
${color grey} /home $color${fs_used /home}/${fs_size /home} ${fs_bar 6 /}
|
||||
${color grey}HDD Temperature:${color} $hddtemp °C
|
||||
${color grey}Networking:
|
||||
eth0 Up:$color ${upspeed eth0} ${color grey} - Down:$color ${downspeed eth0}
|
||||
${color grey}wlan0 Up:$color ${upspeed wlan0} ${color grey} - Down:$color ${downspeed wlan0}
|
||||
${color grey}yggdrasil Up:$color ${upspeed yggdrasil} ${color grey} - Down:$color ${downspeed yggdrasil}
|
||||
eth0 Up:$color ${upspeed eth0} ${color grey} - Down:$color ${downspeed eth0}
|
||||
${color grey}wlan0 Up:$color ${upspeed wlan0} ${color grey} - Down:$color ${downspeed wlan0}
|
||||
${color grey}yggdrasil Up:$color ${upspeed yggdrasil} ${color grey} - Down:$color ${downspeed yggdrasil}
|
||||
$hr
|
||||
${color grey}Sensors${color}
|
||||
${execpi 60 sensors|grep °}
|
||||
|
@ -1,9 +1,9 @@
|
||||
# Packages expected (just break line-length!):
|
||||
# Debian: i3 suckless-tools j4-dmenu-desktop gnome-screenshot i3lock sudo hibernate playerctl galculator network-manager-gnome redshift-gtk x11-xserver-utils feh rofi libnotify-bin xcompmgr konsole fonts-dejavu dbus-x11 arandr numlockx fcitx-bin fcitx-mozc conky-all flatpak apparmor-notify caffeine kdocker mumble audacious telegram-desktop steam htop kdeconnect nextcloud-client parcimonie lxqt-powermanagement kteatime hsetroot tmux
|
||||
# ALSA: alsa-utils apulse coreutils pnmixer
|
||||
# NOTE! apulse is a wrapper and `apulse` is put in front of pulseaudio
|
||||
# requiring app. See also (shell-things) rc/asoundrc for USB headset and
|
||||
# similar.
|
||||
# NOTE! apulse is a wrapper and `apulse` is put in front of pulseaudio
|
||||
# requiring app. See also (shell-things) rc/asoundrc for USB headset and
|
||||
# similar.
|
||||
# pulseaudio: pulseaudio-utils pasystray pulsemixer pavucontrol pulseeffects
|
||||
# insync: https://www.insynchq.com/downloads
|
||||
# Mullvad: https://mullvad.net/download
|
||||
@ -15,7 +15,7 @@
|
||||
# Debian theming: lxappearance gtk-chtheme qt4-qtconfig qt5ct
|
||||
# https://askubuntu.com/a/600946
|
||||
# + ~/.xprofile specifies GTK_THEME which hopefully gets detected/understood
|
||||
# by browsers etc.
|
||||
# by browsers etc.
|
||||
#
|
||||
# YES! This file is a monster and there really are that many weird
|
||||
# packages!
|
||||
@ -50,7 +50,7 @@ set $ScreenLockCmd i3lock -c 000000 -p win -f
|
||||
# This font is widely installed, provides lots of unicode glyphs, right-to-left
|
||||
# text rendering and scalability on retina/hidpi displays (thanks to pango).
|
||||
# NOTE! Bigger font than 8 is too big for Kincarron
|
||||
# 7 is too big for Sedric with dpi scaling 144
|
||||
# 7 is too big for Sedric with dpi scaling 144
|
||||
#font pango:DejaVu Sans Mono Book 7
|
||||
font pango:OpenDyslexic 9
|
||||
|
||||
@ -192,27 +192,27 @@ bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the EXIT shortcu
|
||||
|
||||
# resize window (you can also use the mouse for that)
|
||||
mode "resize" {
|
||||
# These bindings trigger as soon as you enter the resize mode
|
||||
# These bindings trigger as soon as you enter the resize mode
|
||||
|
||||
# Pressing left will shrink the window’s width.
|
||||
# Pressing right will grow the window’s width.
|
||||
# Pressing up will shrink the window’s height.
|
||||
# Pressing down will grow the window’s height.
|
||||
bindsym j resize shrink width 10 px or 10 ppt
|
||||
bindsym k resize grow height 10 px or 10 ppt
|
||||
bindsym l resize shrink height 10 px or 10 ppt
|
||||
bindsym odiaeresis resize grow width 10 px or 10 ppt
|
||||
# Pressing left will shrink the window’s width.
|
||||
# Pressing right will grow the window’s width.
|
||||
# Pressing up will shrink the window’s height.
|
||||
# Pressing down will grow the window’s height.
|
||||
bindsym j resize shrink width 10 px or 10 ppt
|
||||
bindsym k resize grow height 10 px or 10 ppt
|
||||
bindsym l resize shrink height 10 px or 10 ppt
|
||||
bindsym odiaeresis resize grow width 10 px or 10 ppt
|
||||
|
||||
# same bindings, but for the arrow keys
|
||||
bindsym Left resize shrink width 10 px or 10 ppt
|
||||
bindsym Down resize grow height 10 px or 10 ppt
|
||||
bindsym Up resize shrink height 10 px or 10 ppt
|
||||
bindsym Right resize grow width 10 px or 10 ppt
|
||||
# same bindings, but for the arrow keys
|
||||
bindsym Left resize shrink width 10 px or 10 ppt
|
||||
bindsym Down resize grow height 10 px or 10 ppt
|
||||
bindsym Up resize shrink height 10 px or 10 ppt
|
||||
bindsym Right resize grow width 10 px or 10 ppt
|
||||
|
||||
# back to normal: Enter or Escape or $mod+r
|
||||
bindsym Return mode "default"
|
||||
bindsym Escape mode "default"
|
||||
bindsym $mod+r mode "default"
|
||||
# back to normal: Enter or Escape or $mod+r
|
||||
bindsym Return mode "default"
|
||||
bindsym Escape mode "default"
|
||||
bindsym $mod+r mode "default"
|
||||
}
|
||||
|
||||
bindsym $mod+r mode "resize"
|
||||
@ -277,30 +277,30 @@ set $br_violet #b891f5
|
||||
# Start i3bar to display a workspace bar (plus the system information i3status
|
||||
# finds out, if available) CHANGEME
|
||||
bar {
|
||||
position top
|
||||
#status_command LC_ALL=fi_FI.utf8 i3status
|
||||
# Temporary workaround to broken i3status in Fedora
|
||||
status_command LC_ALL=fi_FI.utf8 i3status-rs ~/.config/i3status-rs/config.toml
|
||||
# Selenized black from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3-selenized-black.conf
|
||||
colors {
|
||||
separator $blue
|
||||
background $bg
|
||||
statusline $br_white
|
||||
focused_workspace $green $green $bg
|
||||
active_workspace $cyan $blue $black
|
||||
inactive_workspace $black $black $fg
|
||||
urgent_workspace $yellow $yellow $black
|
||||
}
|
||||
# Selenized light from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3-selenized-light.conf
|
||||
#colors {
|
||||
# separator $blue
|
||||
# background $bg
|
||||
# statusline $br_white
|
||||
# focused_workspace $green $green $bg
|
||||
# active_workspace $cyan $blue $black
|
||||
# inactive_workspace $black $black $fg
|
||||
# urgent_workspace $yellow $yellow $black
|
||||
# }
|
||||
position top
|
||||
#status_command LC_ALL=fi_FI.utf8 i3status
|
||||
# Temporary workaround to broken i3status in Fedora
|
||||
status_command LC_ALL=fi_FI.utf8 i3status-rs ~/.config/i3status-rs/config.toml
|
||||
# Selenized black from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3-selenized-black.conf
|
||||
colors {
|
||||
separator $blue
|
||||
background $bg
|
||||
statusline $br_white
|
||||
focused_workspace $green $green $bg
|
||||
active_workspace $cyan $blue $black
|
||||
inactive_workspace $black $black $fg
|
||||
urgent_workspace $yellow $yellow $black
|
||||
}
|
||||
# Selenized light from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3-selenized-light.conf
|
||||
#colors {
|
||||
# separator $blue
|
||||
# background $bg
|
||||
# statusline $br_white
|
||||
# focused_workspace $green $green $bg
|
||||
# active_workspace $cyan $blue $black
|
||||
# inactive_workspace $black $black $fg
|
||||
# urgent_workspace $yellow $yellow $black
|
||||
# }
|
||||
}
|
||||
|
||||
# Selenized black from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3-selenized-black.conf
|
||||
@ -486,7 +486,7 @@ exec --no-startup-id redshift-gtk -l 60.15937:24.87530
|
||||
#exec --no-startup-id redshift-gtk -l 60.46742:26.94508
|
||||
|
||||
# Sedric - 150 % display scaling (HiDPI), see also `xdpyinfo | grep resolution
|
||||
# where 96 = 100 %
|
||||
# where 96 = 100 %
|
||||
#exec --no-startup-id xrandr --dpi 144
|
||||
|
||||
# Sedric, external GPU as primary
|
||||
@ -535,5 +535,5 @@ exec --no-startup-id redshift-gtk -l 60.15937:24.87530
|
||||
# Special keyboard options that WILL CONFUSE YOU.
|
||||
# windows+space should change layout, but doesn't, both ctrls do
|
||||
# fi allows mostly typing fi/se (identicatal), cz/es.
|
||||
# See also: `man xkeyboard-config` (layouts) `setxkbmap -query` (for current options)
|
||||
# See also: `man xkeyboard-config` (layouts) `setxkbmap -query` (for current options)
|
||||
exec --no-startup-id setxkbmap -option compose:menu -option terminate:ctrl_alt_bksp -option nbsp:none -option caps:backspace -option shift:both_capslock -option grp:ctrls_toggle -option grp:win_space_toggle -layout fi,us,epo,ru -variant ,altgr-intl,,phonetic_winkeys
|
||||
|
@ -2,10 +2,10 @@
|
||||
# based heavily on /usr/share/doc/i3status-rs/example_config.toml & https://github.com/greshake/i3status-rust/tree/master/examples
|
||||
# and manpage from search engine
|
||||
# Note: I am not confident that "irstatus-rs" and "i3status-rust" are the same
|
||||
# software.
|
||||
# software.
|
||||
|
||||
# WIP: migration from i3status
|
||||
# contains: (disk /, disk/home,) load, ipv6, wireless, ethernet, battery, volume, (utc) time, (local time)
|
||||
# contains: (disk /, disk/home,) load, ipv6, wireless, ethernet, battery, volume, (utc) time, (local time)
|
||||
|
||||
[theme]
|
||||
name = "solarized-dark"
|
||||
|
@ -7,21 +7,21 @@
|
||||
# If the above line is not correctly displayed, fix your editor first!
|
||||
|
||||
general {
|
||||
output_format = "i3bar"
|
||||
colors = true
|
||||
# 1 is horrible with battery status and possibly unnecessary
|
||||
# weight for older devices. 5 appears to be Debian default, and I
|
||||
# guess it's enough often for seeing if the system is frozen when
|
||||
# staring at a clock.
|
||||
interval = 5
|
||||
# Selenized black from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3status-selenized-black.conf
|
||||
color_good = "#70b433"
|
||||
color_degraded = "#dbb32d"
|
||||
color_bad = "#ed4a46"
|
||||
# Selenized light from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3status-selenized-light.conf
|
||||
#color_good = "#489100"
|
||||
#color_degraded = "#ad8900"
|
||||
#color_bad = "#d2212d"
|
||||
output_format = "i3bar"
|
||||
colors = true
|
||||
# 1 is horrible with battery status and possibly unnecessary
|
||||
# weight for older devices. 5 appears to be Debian default, and I
|
||||
# guess it's enough often for seeing if the system is frozen when
|
||||
# staring at a clock.
|
||||
interval = 5
|
||||
# Selenized black from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3status-selenized-black.conf
|
||||
color_good = "#70b433"
|
||||
color_degraded = "#dbb32d"
|
||||
color_bad = "#ed4a46"
|
||||
# Selenized light from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3status-selenized-light.conf
|
||||
#color_good = "#489100"
|
||||
#color_degraded = "#ad8900"
|
||||
#color_bad = "#d2212d"
|
||||
}
|
||||
|
||||
# Logicish: colour changing things at first (load is often red especially
|
||||
@ -44,50 +44,50 @@ order += "time"
|
||||
|
||||
# Load is first as the treshold may need the most modification here
|
||||
load {
|
||||
format = "%1min %5min %15min"
|
||||
# Defaults to 5, nosmt MDS mitigation disables ½ of the cores
|
||||
# X,7 ? https://scoutapm.com/blog/understanding-load-averages
|
||||
# CHANGEME - apparently whether . or , works depends on locale -.-
|
||||
# Rbtpzn, the oldest machine from 2006, single core
|
||||
#max_threshold = "0,7"
|
||||
# Dualcore, mostly everything else
|
||||
max_threshold = "1,7"
|
||||
# Zaldaryn, quadcore
|
||||
#max_threshold = "3,7"
|
||||
format = "%1min %5min %15min"
|
||||
# Defaults to 5, nosmt MDS mitigation disables ½ of the cores
|
||||
# X,7 ? https://scoutapm.com/blog/understanding-load-averages
|
||||
# CHANGEME - apparently whether . or , works depends on locale -.-
|
||||
# Rbtpzn, the oldest machine from 2006, single core
|
||||
#max_threshold = "0,7"
|
||||
# Dualcore, mostly everything else
|
||||
max_threshold = "1,7"
|
||||
# Zaldaryn, quadcore
|
||||
#max_threshold = "3,7"
|
||||
}
|
||||
|
||||
wireless _first_ {
|
||||
#format_up = "W: (%quality at %essid, %bitrate / %frequency) %ip"
|
||||
format_up = "W:%quality @ %essid (%frequency, %bitrate)"
|
||||
#format_up = "W:%quality %frequency"
|
||||
#format_down = "W:🢃"
|
||||
format_down = ""
|
||||
#format_quality = "%3d%s"
|
||||
#format_up = "W: (%quality at %essid, %bitrate / %frequency) %ip"
|
||||
format_up = "W:%quality @ %essid (%frequency, %bitrate)"
|
||||
#format_up = "W:%quality %frequency"
|
||||
#format_down = "W:🢃"
|
||||
format_down = ""
|
||||
#format_quality = "%3d%s"
|
||||
}
|
||||
|
||||
ethernet _first_ {
|
||||
# if you use %speed, i3status requires root privileges
|
||||
#format_up = "E: %ip (%speed)"
|
||||
#format_up = "E:🢁"
|
||||
format_up = "E:%speed"
|
||||
#format_down = "E:🢃"
|
||||
format_down = ""
|
||||
# if you use %speed, i3status requires root privileges
|
||||
#format_up = "E: %ip (%speed)"
|
||||
#format_up = "E:🢁"
|
||||
format_up = "E:%speed"
|
||||
#format_down = "E:🢃"
|
||||
format_down = ""
|
||||
}
|
||||
|
||||
battery all {
|
||||
# %remaining looks horrible especially with updating every second
|
||||
format = "🔌%status %percentage %remaining"
|
||||
format_down = ""
|
||||
status_full = "🔌☻"
|
||||
#status_unk = "?"
|
||||
# kincarron battery fix
|
||||
#path = "/sys/class/power_supply/%d/uevent"
|
||||
# %remaining looks horrible especially with updating every second
|
||||
format = "🔌%status %percentage %remaining"
|
||||
format_down = ""
|
||||
status_full = "🔌☻"
|
||||
#status_unk = "?"
|
||||
# kincarron battery fix
|
||||
#path = "/sys/class/power_supply/%d/uevent"
|
||||
}
|
||||
|
||||
tztime utc {
|
||||
timezone = "UTC"
|
||||
# ISO 8601ish
|
||||
format = "%Z: %Y-%m-%d %H:%M:%S%z"
|
||||
timezone = "UTC"
|
||||
# ISO 8601ish
|
||||
format = "%Z: %Y-%m-%d %H:%M:%S%z"
|
||||
}
|
||||
|
||||
# Date format explanations
|
||||
@ -106,29 +106,29 @@ tztime utc {
|
||||
|
||||
#tztime local {
|
||||
time {
|
||||
# Finnishish formatting with my adjustments
|
||||
format = "%G-W%V-%u (%j/%a/%B) %F %H.%M.%S%z"
|
||||
# Finnishish formatting with my adjustments
|
||||
format = "%G-W%V-%u (%j/%a/%B) %F %H.%M.%S%z"
|
||||
}
|
||||
|
||||
volume master {
|
||||
format = "♪: %volume"
|
||||
format_muted = "♪: muted (%volume)"
|
||||
#device = "pulse"
|
||||
format = "♪: %volume"
|
||||
format_muted = "♪: muted (%volume)"
|
||||
#device = "pulse"
|
||||
}
|
||||
|
||||
ipv6 {
|
||||
#format_up = "IPv6:🢁"
|
||||
format_up = "6"
|
||||
#format_down = "IPv6:🢃"
|
||||
format_down = ""
|
||||
#format_up = "IPv6:🢁"
|
||||
format_up = "6"
|
||||
#format_down = "IPv6:🢃"
|
||||
format_down = ""
|
||||
}
|
||||
|
||||
# %avail vs %free: https://github.com/i3/i3status/issues/349#issuecomment-506565599
|
||||
|
||||
disk / {
|
||||
format = "/: %avail"
|
||||
format = "/: %avail"
|
||||
}
|
||||
|
||||
disk /home {
|
||||
format = "/home: %avail"
|
||||
format = "/home: %avail"
|
||||
}
|
||||
|
@ -1,6 +1,6 @@
|
||||
<pastebinit>
|
||||
<pastebin>http://sprunge.us</pastebin>
|
||||
<author></author>
|
||||
<jabberid></jabberid>
|
||||
<format>text</format>
|
||||
<pastebinit>
|
||||
<pastebin>http://sprunge.us</pastebin>
|
||||
<author></author>
|
||||
<jabberid></jabberid>
|
||||
<format>text</format>
|
||||
</pastebinit>
|
||||
|
@ -6,130 +6,130 @@
|
||||
# then restart pipewire and pipewire-pulse like so: systemctl --user restart pipewire pipewire-pulse
|
||||
|
||||
properties = {
|
||||
# Create a JACK device. This is not enabled by default because
|
||||
# it requires that the PipeWire JACK replacement libraries are
|
||||
# not used by the session manager, in order to be able to
|
||||
# connect to the real JACK server.
|
||||
#alsa.jack-device = false
|
||||
# Create a JACK device. This is not enabled by default because
|
||||
# it requires that the PipeWire JACK replacement libraries are
|
||||
# not used by the session manager, in order to be able to
|
||||
# connect to the real JACK server.
|
||||
#alsa.jack-device = false
|
||||
|
||||
# Reserve devices.
|
||||
#alsa.reserve = true
|
||||
# Reserve devices.
|
||||
#alsa.reserve = true
|
||||
}
|
||||
|
||||
rules = [
|
||||
# An array of matches/actions to evaluate.
|
||||
{
|
||||
# Rules for matching a device or node. It is an array of
|
||||
# properties that all need to match the regexp. If any of the
|
||||
# matches work, the actions are executed for the object.
|
||||
matches = [
|
||||
{
|
||||
# This matches all cards. These are regular expressions
|
||||
# so "." matches one character and ".*" matches many.
|
||||
device.name = "~alsa_card.*"
|
||||
}
|
||||
]
|
||||
actions = {
|
||||
# Actions can update properties on the matched object.
|
||||
update-props = {
|
||||
# Use ALSA-Card-Profile devices. They use UCM or
|
||||
# the profile configuration to configure the device
|
||||
# and mixer settings.
|
||||
api.alsa.use-acp = true
|
||||
# An array of matches/actions to evaluate.
|
||||
{
|
||||
# Rules for matching a device or node. It is an array of
|
||||
# properties that all need to match the regexp. If any of the
|
||||
# matches work, the actions are executed for the object.
|
||||
matches = [
|
||||
{
|
||||
# This matches all cards. These are regular expressions
|
||||
# so "." matches one character and ".*" matches many.
|
||||
device.name = "~alsa_card.*"
|
||||
}
|
||||
]
|
||||
actions = {
|
||||
# Actions can update properties on the matched object.
|
||||
update-props = {
|
||||
# Use ALSA-Card-Profile devices. They use UCM or
|
||||
# the profile configuration to configure the device
|
||||
# and mixer settings.
|
||||
api.alsa.use-acp = true
|
||||
|
||||
# Use UCM instead of profile when available. Can be
|
||||
# disabled to skip trying to use the UCM profile.
|
||||
#api.alsa.use-ucm = true
|
||||
# Use UCM instead of profile when available. Can be
|
||||
# disabled to skip trying to use the UCM profile.
|
||||
#api.alsa.use-ucm = true
|
||||
|
||||
# Don't use the hardware mixer for volume control. It
|
||||
# will only use software volume. The mixer is still used
|
||||
# to mute unused paths based on the selected port.
|
||||
#api.alsa.soft-mixer = false
|
||||
# Don't use the hardware mixer for volume control. It
|
||||
# will only use software volume. The mixer is still used
|
||||
# to mute unused paths based on the selected port.
|
||||
#api.alsa.soft-mixer = false
|
||||
|
||||
# Ignore decibel settings of the driver. Can be used to
|
||||
# work around buggy drivers that report wrong values.
|
||||
#api.alsa.ignore-dB = false
|
||||
# Ignore decibel settings of the driver. Can be used to
|
||||
# work around buggy drivers that report wrong values.
|
||||
#api.alsa.ignore-dB = false
|
||||
|
||||
# The profile set to use for the device. Usually this is
|
||||
# "default.conf" but can be changed with a udev rule
|
||||
# or here.
|
||||
#device.profile-set = "profileset-name.conf"
|
||||
# The profile set to use for the device. Usually this is
|
||||
# "default.conf" but can be changed with a udev rule
|
||||
# or here.
|
||||
#device.profile-set = "profileset-name.conf"
|
||||
|
||||
# The default active profile. Is by default set to "Off".
|
||||
#device.profile = "default profile name"
|
||||
# The default active profile. Is by default set to "Off".
|
||||
#device.profile = "default profile name"
|
||||
|
||||
# Automatically select the best profile. This is the
|
||||
# highest priority available profile. This is disabled
|
||||
# here and instead implemented in the session manager
|
||||
# where it can save and load previous preferences.
|
||||
api.acp.auto-profile = false
|
||||
# Automatically select the best profile. This is the
|
||||
# highest priority available profile. This is disabled
|
||||
# here and instead implemented in the session manager
|
||||
# where it can save and load previous preferences.
|
||||
api.acp.auto-profile = false
|
||||
|
||||
# Automatically switch to the highest priority available
|
||||
# port. This is disabled here and implemented in the
|
||||
# session manager instead.
|
||||
api.acp.auto-port = false
|
||||
# Automatically switch to the highest priority available
|
||||
# port. This is disabled here and implemented in the
|
||||
# session manager instead.
|
||||
api.acp.auto-port = false
|
||||
|
||||
# Other properties can be set here.
|
||||
#device.nick = "My Device"
|
||||
}
|
||||
}
|
||||
}
|
||||
# Other properties can be set here.
|
||||
#device.nick = "My Device"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Begin customized config section
|
||||
|
||||
{
|
||||
matches = [
|
||||
{
|
||||
# This matches your USB headset
|
||||
device.name = "alsa_card.usb-Logitech_Logitech_USB_Headset-00"
|
||||
}
|
||||
]
|
||||
actions = {
|
||||
# Actions can update properties on the matched object.
|
||||
update-props = {
|
||||
api.alsa.soft-mixer = true
|
||||
}
|
||||
}
|
||||
}
|
||||
{
|
||||
matches = [
|
||||
{
|
||||
# This matches your USB headset
|
||||
device.name = "alsa_card.usb-Logitech_Logitech_USB_Headset-00"
|
||||
}
|
||||
]
|
||||
actions = {
|
||||
# Actions can update properties on the matched object.
|
||||
update-props = {
|
||||
api.alsa.soft-mixer = true
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#End customized config section
|
||||
|
||||
{
|
||||
matches = [
|
||||
{
|
||||
# Matches all sources. These are regular expressions
|
||||
# so "." matches one character and ".*" matches many.
|
||||
node.name = "~alsa_input.*"
|
||||
}
|
||||
{
|
||||
# Matches all sinks.
|
||||
node.name = "~alsa_output.*"
|
||||
}
|
||||
]
|
||||
actions = {
|
||||
update-props = {
|
||||
#node.nick = "My Node"
|
||||
#node.nick = null
|
||||
#priority.driver = 100
|
||||
#priority.session = 100
|
||||
node.pause-on-idle = false
|
||||
#resample.quality = 4
|
||||
#channelmix.normalize = false
|
||||
#channelmix.mix-lfe = false
|
||||
#audio.channels = 2
|
||||
#audio.format = "S16LE"
|
||||
#audio.rate = 44100
|
||||
#audio.position = "FL,FR"
|
||||
#session.suspend-timeout-seconds = 5 # 0 disables suspend
|
||||
#monitor.channel-volumes = false
|
||||
{
|
||||
matches = [
|
||||
{
|
||||
# Matches all sources. These are regular expressions
|
||||
# so "." matches one character and ".*" matches many.
|
||||
node.name = "~alsa_input.*"
|
||||
}
|
||||
{
|
||||
# Matches all sinks.
|
||||
node.name = "~alsa_output.*"
|
||||
}
|
||||
]
|
||||
actions = {
|
||||
update-props = {
|
||||
#node.nick = "My Node"
|
||||
#node.nick = null
|
||||
#priority.driver = 100
|
||||
#priority.session = 100
|
||||
node.pause-on-idle = false
|
||||
#resample.quality = 4
|
||||
#channelmix.normalize = false
|
||||
#channelmix.mix-lfe = false
|
||||
#audio.channels = 2
|
||||
#audio.format = "S16LE"
|
||||
#audio.rate = 44100
|
||||
#audio.position = "FL,FR"
|
||||
#session.suspend-timeout-seconds = 5 # 0 disables suspend
|
||||
#monitor.channel-volumes = false
|
||||
|
||||
#api.alsa.period-size = 1024
|
||||
#api.alsa.headroom = 0
|
||||
#api.alsa.start-delay = 0
|
||||
#api.alsa.disable-mmap = false
|
||||
#api.alsa.disable-batch = false
|
||||
#api.alsa.use-chmap = false
|
||||
}
|
||||
}
|
||||
}
|
||||
#api.alsa.period-size = 1024
|
||||
#api.alsa.headroom = 0
|
||||
#api.alsa.start-delay = 0
|
||||
#api.alsa.disable-mmap = false
|
||||
#api.alsa.disable-batch = false
|
||||
#api.alsa.use-chmap = false
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
|
@ -25,7 +25,7 @@ methods setting fonts):
|
||||
- Document text: Noto Serif Regular 11
|
||||
- Monospace text: Noto Sans Mono Regular 10
|
||||
- Legacy window title text: Noto Serif Bold 11
|
||||
- Apparently this means "apps that don't use client-side decorations"
|
||||
- Apparently this means "apps that don't use client-side decorations"
|
||||
|
||||
The number behind is obviously the number and it's based on what were the
|
||||
defaults before I touched them so I am hoping GNOME knows what they are
|
||||
@ -42,10 +42,10 @@ have trouble handling it, e.g. mpv (makes Ä and Ö and Å all Å) and Firefox
|
||||
Other font settings in GNOME-Tweak:
|
||||
|
||||
- Hinting: _a bit_
|
||||
- for no particular reason
|
||||
- for no particular reason
|
||||
- Antialiasing: _Subpixel (for LCD-displays)_
|
||||
- I have no idea where there are "standard grayscale" displays that aren't
|
||||
LCD.
|
||||
- I have no idea where there are "standard grayscale" displays that aren't
|
||||
LCD.
|
||||
|
||||
### Screen mirroring
|
||||
|
||||
@ -56,6 +56,6 @@ Workarounds:
|
||||
- Use VNC (see my Scripts repo [`bash/swaymirror.bash`](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/swaymirror.bash))
|
||||
- Do something weird with OBS
|
||||
- Use a dedicated application that don't seem to be in Fedora repos, flatpak
|
||||
or snap.
|
||||
- [github.com/Ferdi265/wl-mirror](https://github.com/Ferdi265/wl-mirror)
|
||||
- [github.com/progandy/wdomirror](https://github.com/progandy/wdomirror)
|
||||
or snap.
|
||||
- [github.com/Ferdi265/wl-mirror](https://github.com/Ferdi265/wl-mirror)
|
||||
- [github.com/progandy/wdomirror](https://github.com/progandy/wdomirror)
|
||||
|
@ -5,7 +5,7 @@ Thus this `README.md` is not read, even if I happened to carelessly
|
||||
copy-paste it in.
|
||||
|
||||
- `autostart-communication.conf` - chat/communication apps I am expected to have
|
||||
open or at least check at times
|
||||
open or at least check at times
|
||||
- `autostart-fineid.conf` - Finnish electric identity card, that I also use as SSH key
|
||||
- `autostart-utilities.conf` - general utilities, like `nm-applet` or VPN etc.
|
||||
- `grimshot.conf` - screenshotting keybinds using `grimshot`
|
||||
@ -13,15 +13,15 @@ copy-paste it in.
|
||||
- `keyboard.conf` - keyboard configuration
|
||||
- `media.conf` - media key configuration and autostarts related to it
|
||||
- `pointer-accel.conf` - pointer/mouse configuration, mainly setting acceleration
|
||||
profile to `flat`
|
||||
profile to `flat`
|
||||
- `README.md` - you are currently reading this :wink:
|
||||
- `sedric.conf` - configuration specific to my laptop hostnamed `sedric`
|
||||
- `swaybar.conf` - `swaybar` configuration
|
||||
- `swayidle.conf` - `swayidle` configuration/autostart
|
||||
- `wlsunset-kotka.conf` - `wlsunset` configuration/autostart for my hometown for when
|
||||
I happen to visit for longer period of time
|
||||
I happen to visit for longer period of time
|
||||
- `wlsunset-lauttasaari.conf` - `wlsunset` configuration for my home neighbourhood
|
||||
- `zz-floating.conf` - configures windows that should float. For some reason
|
||||
that is inherited from my `i3` config, it tells to put float rules above the
|
||||
last line, so it should be read last and `z` is the last letter of English
|
||||
alphabet so it will hopefully be read last.
|
||||
that is inherited from my `i3` config, it tells to put float rules above the
|
||||
last line, so it should be read last and `z` is the last letter of English
|
||||
alphabet so it will hopefully be read last.
|
||||
|
@ -1,11 +1,11 @@
|
||||
# Copied from `man swayidle`, except the $ScreenLockCmd that I don't
|
||||
# want to repeat.
|
||||
# This will lock your screen after 300 seconds of inactivity, then turn off
|
||||
# your displays after another 300 seconds, and turn your screens back on
|
||||
# when resumed. It will also lock your screen before your computer goes to
|
||||
# sleep.
|
||||
# This will lock your screen after 300 seconds of inactivity, then turn off
|
||||
# your displays after another 300 seconds, and turn your screens back on
|
||||
# when resumed. It will also lock your screen before your computer goes to
|
||||
# sleep.
|
||||
exec swayidle -w \
|
||||
timeout 300 "\"$ScreenLockCmd\"" \
|
||||
timeout 600 'swaymsg "output * dpms off"' \
|
||||
timeout 300 "\"$ScreenLockCmd\"" \
|
||||
timeout 600 'swaymsg "output * dpms off"' \
|
||||
resume 'swaymsg "output * dpms on"' \
|
||||
before-sleep "\"$ScreenLockCmd\""
|
||||
before-sleep "\"$ScreenLockCmd\""
|
||||
|
@ -2,5 +2,5 @@
|
||||
# Intended for systems with ncurses < 6 which is missing TERMINFO
|
||||
# for tmux-256color.
|
||||
if [[ $TERM == 'tmux-256color' ]]; then
|
||||
export TERM=screen-256color
|
||||
export TERM=screen-256color
|
||||
fi
|
||||
|
@ -1,8 +1,8 @@
|
||||
# Read and parsed by systemd-localed. It's probably wise not to edit this file
|
||||
# manually too freely.
|
||||
Section "InputClass"
|
||||
Identifier "system-keyboard"
|
||||
MatchIsKeyboard "on"
|
||||
Option "XkbLayout" "fi"
|
||||
Option "XkbModel" "compose:menu"
|
||||
Identifier "system-keyboard"
|
||||
MatchIsKeyboard "on"
|
||||
Option "XkbLayout" "fi"
|
||||
Option "XkbModel" "compose:menu"
|
||||
EndSection
|
||||
|
@ -46,4 +46,4 @@ deb-src http://security.ubuntu.com/ubuntu/ CODENAME-security main restricted
|
||||
deb http://security.ubuntu.com/ubuntu/ CODENAME-security universe
|
||||
deb-src http://security.ubuntu.com/ubuntu/ CODENAME-security universe
|
||||
deb http://security.ubuntu.com/ubuntu/ CODENAME-security multiverse
|
||||
deb-src http://security.ubuntu.com/ubuntu/ CODENAME-security multiverse
|
||||
deb-src http://security.ubuntu.com/ubuntu/ CODENAME-security multiverse
|
||||
|
@ -70,31 +70,31 @@ lb_strategy = 'p2'
|
||||
|
||||
# Logging to be enabled by hand on systems needing them
|
||||
#[query_log]
|
||||
# file = '/var/log/dnscrypt-proxy/query.log'
|
||||
# file = '/var/log/dnscrypt-proxy/query.log'
|
||||
#[nx_log]
|
||||
# file = '/var/log/dnscrypt-proxy/nx.log'
|
||||
# file = '/var/log/dnscrypt-proxy/nx.log'
|
||||
|
||||
[sources]
|
||||
[sources.'public-resolvers']
|
||||
#url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
|
||||
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md', 'https://cdn.staticaly.com/gh/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://evilvibes.com/list/public-resolvers.md']
|
||||
cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
|
||||
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
|
||||
refresh_delay = 72
|
||||
prefix = 'public-'
|
||||
[sources.'public-resolvers']
|
||||
#url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
|
||||
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md', 'https://cdn.staticaly.com/gh/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://evilvibes.com/list/public-resolvers.md']
|
||||
cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
|
||||
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
|
||||
refresh_delay = 72
|
||||
prefix = 'public-'
|
||||
|
||||
[sources.'opennic']
|
||||
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/opennic.md', 'https://download.dnscrypt.info/resolvers-list/v2/opennic.md']
|
||||
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
|
||||
refresh_delay = 72
|
||||
cache_file = '/var/cache/dnscrypt-proxy/opennic.md'
|
||||
prefix = 'opennic-'
|
||||
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/opennic.md', 'https://download.dnscrypt.info/resolvers-list/v2/opennic.md']
|
||||
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
|
||||
refresh_delay = 72
|
||||
cache_file = '/var/cache/dnscrypt-proxy/opennic.md'
|
||||
prefix = 'opennic-'
|
||||
|
||||
# 2.0.23 recommended so onions won't be attempted without proxy enabled
|
||||
# (5c9edfccfe67474bee2836ada67f955f10e43357)
|
||||
# I won't uncomment this until I have updated version everywhere.
|
||||
#[sources.'onion-services']
|
||||
# urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/onion-services.md', 'https://download.dnscrypt.info/resolvers-list/v2/onion-services.md']
|
||||
# minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
|
||||
# cache_file = '/var/cache/dnscrypt-proxy/onion-services.md'
|
||||
# prefix = 'onion-'
|
||||
# urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/onion-services.md', 'https://download.dnscrypt.info/resolvers-list/v2/onion-services.md']
|
||||
# minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
|
||||
# cache_file = '/var/cache/dnscrypt-proxy/onion-services.md'
|
||||
# prefix = 'onion-'
|
||||
|
@ -1,21 +1,21 @@
|
||||
<config>
|
||||
<!-- Client Control -->
|
||||
<client-threads v='2'/>
|
||||
<fold-anon v='true'/>
|
||||
<!-- Client Control -->
|
||||
<client-threads v='2'/>
|
||||
<fold-anon v='true'/>
|
||||
|
||||
<!-- Folding Core -->
|
||||
<cpu-usage v='50'/>
|
||||
<gpu-usage v='50'/>
|
||||
<!-- Folding Core -->
|
||||
<cpu-usage v='50'/>
|
||||
<gpu-usage v='50'/>
|
||||
|
||||
<!-- Slot Control -->
|
||||
<power v='MEDIUM'/>
|
||||
<!-- Slot Control -->
|
||||
<power v='MEDIUM'/>
|
||||
|
||||
<!-- User Information -->
|
||||
<passkey v=''/>
|
||||
<team v='201753'/>
|
||||
<user v='Mikaela'/>
|
||||
<!-- User Information -->
|
||||
<passkey v=''/>
|
||||
<team v='201753'/>
|
||||
<user v='Mikaela'/>
|
||||
|
||||
<!-- Folding Slots -->
|
||||
<slot id='0' type='CPU'/>
|
||||
<slot id='1' type='GPU'/>
|
||||
<!-- Folding Slots -->
|
||||
<slot id='0' type='CPU'/>
|
||||
<slot id='1' type='GPU'/>
|
||||
</config>
|
||||
|
@ -15,8 +15,8 @@ chmod a+r /etc/systemd/system/oidentd.socket
|
||||
|
||||
mkdir -p /etc/sysctl.d/
|
||||
if [ ! -f /etc/sysctl.d/60-mikaela.conf ]; then
|
||||
cat sysctl.d/60-mikaela.conf > /etc/sysctl.d/60-mikaela.conf
|
||||
chmod a+r /etc/sysctl.d/60-mikaela.conf
|
||||
cat sysctl.d/60-mikaela.conf > /etc/sysctl.d/60-mikaela.conf
|
||||
chmod a+r /etc/sysctl.d/60-mikaela.conf
|
||||
fi
|
||||
|
||||
echo 'If you use systemd or oidentd you should "systemctl daemon-reload"'
|
||||
|
@ -8,9 +8,9 @@ cannot read them from here.
|
||||
These files may age badly, so here are some hopefully timeless pointers:
|
||||
|
||||
- Generate the config file with https://ssl-config.mozilla.org/ (and if
|
||||
time eats it, try https://github.com/mozilla/ssl-config-generator/ in
|
||||
hope of finding where it is now. \* Name it 00-something so it will be the first file read and make
|
||||
everything a different file.
|
||||
time eats it, try https://github.com/mozilla/ssl-config-generator/ in
|
||||
hope of finding where it is now. \* Name it 00-something so it will be the first file read and make
|
||||
everything a different file.
|
||||
- If using my acmesh-ssl.bash script, the files to fill should be like:
|
||||
|
||||
(the script runs `$ACMESH --key-file $NGINXDIR/key.pem --fullchain-file $NGINXDIR/cert.pem --reloadcmd "$SYSTEMCTLRESTART nginx"`)
|
||||
@ -21,11 +21,11 @@ These files may age badly, so here are some hopefully timeless pointers:
|
||||
The header syntax is following, **_THIS LIKELY WON'T TIME WELL, ESPECIALLY CSP_**
|
||||
|
||||
```
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header Content-Security-Policy "block-all-mixed-content; default-src 'none'; form-action 'self'; connect-src 'self' ws: wss:; style-src 'self' https: 'unsafe-inline'; script-src 'self'; worker-src 'self'; child-src 'self'; manifest-src 'self'; font-src 'self' https:; media-src 'self' https:; img-src 'self' data: https://user-images.githubusercontent.com" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header Content-Security-Policy "block-all-mixed-content; default-src 'none'; form-action 'self'; connect-src 'self' ws: wss:; style-src 'self' https: 'unsafe-inline'; script-src 'self'; worker-src 'self'; child-src 'self'; manifest-src 'self'; font-src 'self' https:; media-src 'self' https:; img-src 'self' data: https://user-images.githubusercontent.com" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
```
|
||||
|
||||
The CSP comes from `HEAD "http://[::]:9000/#/chan-1"` to figure out what
|
||||
@ -33,9 +33,9 @@ TheLounge would be setting without a reverse proxy in front of it. `HEAD` is
|
||||
in Debian package `libwww-perl`
|
||||
|
||||
- Refer to tester tools to see if the configuration is fine:
|
||||
- https://observatory.mozilla.org/
|
||||
- https://securityheaders.com/
|
||||
- https://www.ssllabs.com/ssltest/
|
||||
- https://observatory.mozilla.org/
|
||||
- https://securityheaders.com/
|
||||
- https://www.ssllabs.com/ssltest/
|
||||
|
||||
---
|
||||
|
||||
|
@ -1,17 +1,17 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen 443;
|
||||
listen 14402;
|
||||
listen [::]:80;
|
||||
listen [::]:443;
|
||||
listen [::]:14402;
|
||||
ssl_certificate /etc/nginx/ssl/cert.pem;
|
||||
ssl_certificate_key /etc/nginx/ssl/key.pem;
|
||||
server_name bitbot.relpda.mikaela.info;
|
||||
listen 80;
|
||||
listen 443;
|
||||
listen 14402;
|
||||
listen [::]:80;
|
||||
listen [::]:443;
|
||||
listen [::]:14402;
|
||||
ssl_certificate /etc/nginx/ssl/cert.pem;
|
||||
ssl_certificate_key /etc/nginx/ssl/key.pem;
|
||||
server_name bitbot.relpda.mikaela.info;
|
||||
|
||||
access_log /var/log/nginx/bitbot.access.log main;
|
||||
access_log /var/log/nginx/bitbot.access.log main;
|
||||
|
||||
location / {
|
||||
proxy_pass http://[::1]:9050;
|
||||
}
|
||||
location / {
|
||||
proxy_pass http://[::1]:9050;
|
||||
}
|
||||
}
|
||||
|
@ -1,20 +1,20 @@
|
||||
# Cloudflare
|
||||
set_real_ip_from 199.27.128.0/21;
|
||||
set_real_ip_from 173.245.48.0/20;
|
||||
set_real_ip_from 103.21.244.0/22;
|
||||
set_real_ip_from 103.22.200.0/22;
|
||||
set_real_ip_from 103.31.4.0/22;
|
||||
set_real_ip_from 141.101.64.0/18;
|
||||
set_real_ip_from 108.162.192.0/18;
|
||||
set_real_ip_from 190.93.240.0/20;
|
||||
set_real_ip_from 188.114.96.0/20;
|
||||
set_real_ip_from 197.234.240.0/22;
|
||||
set_real_ip_from 198.41.128.0/17;
|
||||
set_real_ip_from 162.158.0.0/15;
|
||||
set_real_ip_from 104.16.0.0/12;
|
||||
set_real_ip_from 2400:cb00::/32;
|
||||
set_real_ip_from 2606:4700::/32;
|
||||
set_real_ip_from 2803:f800::/32;
|
||||
set_real_ip_from 2405:b500::/32;
|
||||
set_real_ip_from 2405:8100::/32;
|
||||
real_ip_header CF-Connecting-IP;
|
||||
# Cloudflare
|
||||
set_real_ip_from 199.27.128.0/21;
|
||||
set_real_ip_from 173.245.48.0/20;
|
||||
set_real_ip_from 103.21.244.0/22;
|
||||
set_real_ip_from 103.22.200.0/22;
|
||||
set_real_ip_from 103.31.4.0/22;
|
||||
set_real_ip_from 141.101.64.0/18;
|
||||
set_real_ip_from 108.162.192.0/18;
|
||||
set_real_ip_from 190.93.240.0/20;
|
||||
set_real_ip_from 188.114.96.0/20;
|
||||
set_real_ip_from 197.234.240.0/22;
|
||||
set_real_ip_from 198.41.128.0/17;
|
||||
set_real_ip_from 162.158.0.0/15;
|
||||
set_real_ip_from 104.16.0.0/12;
|
||||
set_real_ip_from 2400:cb00::/32;
|
||||
set_real_ip_from 2606:4700::/32;
|
||||
set_real_ip_from 2803:f800::/32;
|
||||
set_real_ip_from 2405:b500::/32;
|
||||
set_real_ip_from 2405:8100::/32;
|
||||
real_ip_header CF-Connecting-IP;
|
||||
|
@ -1,57 +1,57 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen 443 ssl;
|
||||
listen 14402 ssl;
|
||||
listen [::]:80 ipv6only=on;
|
||||
listen [::]:443 ssl ipv6only=on;
|
||||
listen [::]:14402 ssl ipv6only=on;
|
||||
ssl_certificate /etc/nginx/ssl/cert.pem;
|
||||
ssl_certificate_key /etc/nginx/ssl/key.pem;
|
||||
server_name relpda.mikaela.info;
|
||||
listen 80;
|
||||
listen 443 ssl;
|
||||
listen 14402 ssl;
|
||||
listen [::]:80 ipv6only=on;
|
||||
listen [::]:443 ssl ipv6only=on;
|
||||
listen [::]:14402 ssl ipv6only=on;
|
||||
ssl_certificate /etc/nginx/ssl/cert.pem;
|
||||
ssl_certificate_key /etc/nginx/ssl/key.pem;
|
||||
server_name relpda.mikaela.info;
|
||||
|
||||
#charset koi8-r;
|
||||
#access_log /var/log/nginx/host.access.log main;
|
||||
#charset koi8-r;
|
||||
#access_log /var/log/nginx/host.access.log main;
|
||||
|
||||
#location /api/ {
|
||||
# proxy_pass http://[::1]:9050;
|
||||
# }
|
||||
# proxy_pass http://[::1]:9050;
|
||||
# }
|
||||
|
||||
|
||||
location / {
|
||||
root /usr/share/nginx/html;
|
||||
index index.html index.htm;
|
||||
}
|
||||
location / {
|
||||
root /usr/share/nginx/html;
|
||||
index index.html index.htm;
|
||||
}
|
||||
|
||||
#error_page 404 /404.html;
|
||||
#error_page 404 /404.html;
|
||||
|
||||
# redirect server error pages to the static page /50x.html
|
||||
#
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
# redirect server error pages to the static page /50x.html
|
||||
#
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
|
||||
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
|
||||
#
|
||||
#location ~ \.php$ {
|
||||
# proxy_pass http://127.0.0.1;
|
||||
#}
|
||||
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
|
||||
#
|
||||
#location ~ \.php$ {
|
||||
# proxy_pass http://127.0.0.1;
|
||||
#}
|
||||
|
||||
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
|
||||
#
|
||||
#location ~ \.php$ {
|
||||
# root html;
|
||||
# fastcgi_pass 127.0.0.1:9000;
|
||||
# fastcgi_index index.php;
|
||||
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
|
||||
# include fastcgi_params;
|
||||
#}
|
||||
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
|
||||
#
|
||||
#location ~ \.php$ {
|
||||
# root html;
|
||||
# fastcgi_pass 127.0.0.1:9000;
|
||||
# fastcgi_index index.php;
|
||||
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
|
||||
# include fastcgi_params;
|
||||
#}
|
||||
|
||||
# deny access to .htaccess files, if Apache's document root
|
||||
# concurs with nginx's one
|
||||
#
|
||||
#location ~ /\.ht {
|
||||
# deny all;
|
||||
#}
|
||||
# deny access to .htaccess files, if Apache's document root
|
||||
# concurs with nginx's one
|
||||
#
|
||||
#location ~ /\.ht {
|
||||
# deny all;
|
||||
#}
|
||||
}
|
||||
|
||||
|
@ -1,94 +1,94 @@
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server ipv6only=on;
|
||||
listen 443 default_server ssl http2;
|
||||
listen [::]:443 default_server ssl http2 ipv6only=on;
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server ipv6only=on;
|
||||
listen 443 default_server ssl http2;
|
||||
listen [::]:443 default_server ssl http2 ipv6only=on;
|
||||
|
||||
root /var/www/default/;
|
||||
index index.php index.html index.htm;
|
||||
root /var/www/default/;
|
||||
index index.php index.html index.htm;
|
||||
|
||||
### Generating SSL certificate:
|
||||
## mkdir -p /etc/nginx/ssl && cd /etc/nginx/ssl
|
||||
## openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout nginx.key -out nginx.crt
|
||||
### this takes forever and is used on line 23.
|
||||
## openssl dhparam -out dhparam.pem 4096
|
||||
ssl_certificate /etc/nginx/ssl/nginx.crt;
|
||||
ssl_certificate_key /etc/nginx/ssl/nginx.key;
|
||||
ssl_certificate /etc/nginx/ssl/nginx.crt;
|
||||
ssl_certificate_key /etc/nginx/ssl/nginx.key;
|
||||
# ----- begin of Mozilla Server Side TLS recommendations -----
|
||||
# **2014-11-07** https://wiki.mozilla.org/Security/Server_Side_TLS
|
||||
ssl_session_timeout 5m;
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
ssl_session_timeout 5m;
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
|
||||
# Diffie-Hellman parameter for DHE ciphersuites, recommended 4096 bits
|
||||
# See generation on line 14
|
||||
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
|
||||
# Diffie-Hellman parameter for DHE ciphersuites, recommended 4096 bits
|
||||
# See generation on line 14
|
||||
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
|
||||
|
||||
# Intermediate configuration. tweak to your needs.
|
||||
# comment just for me, don't uncomment.
|
||||
#ssl_ciphers '';
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
|
||||
ssl_prefer_server_ciphers on;
|
||||
# Intermediate configuration. tweak to your needs.
|
||||
# comment just for me, don't uncomment.
|
||||
#ssl_ciphers '';
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
# Enable this if your want HSTS (recommended)
|
||||
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
|
||||
add_header X-Frame-Options SAMEORIGIN;
|
||||
add_header Content-Security-Policy upgrade-insecure-requests;
|
||||
add_header X-Xss-Protection "1; mode=block" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
# Enable this if your want HSTS (recommended)
|
||||
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
|
||||
add_header X-Frame-Options SAMEORIGIN;
|
||||
add_header Content-Security-Policy upgrade-insecure-requests;
|
||||
add_header X-Xss-Protection "1; mode=block" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
|
||||
# OCSP Stapling ---
|
||||
# fetch OCSP records from URL in ssl_certificate and cache them
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
## verify chain of trust of OCSP response using Root CA and Intermediate certs
|
||||
#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
|
||||
#resolver ::1;
|
||||
# OCSP Stapling ---
|
||||
# fetch OCSP records from URL in ssl_certificate and cache them
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
## verify chain of trust of OCSP response using Root CA and Intermediate certs
|
||||
#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
|
||||
#resolver ::1;
|
||||
# ----- end of Mozilla Server Side TLS recommendations -----
|
||||
|
||||
location / {
|
||||
# First attempt to serve request as file, then
|
||||
# as directory, then fall back to displaying a 404.
|
||||
try_files $uri $uri/ =404;
|
||||
autoindex on;
|
||||
}
|
||||
location / {
|
||||
# First attempt to serve request as file, then
|
||||
# as directory, then fall back to displaying a 404.
|
||||
try_files $uri $uri/ =404;
|
||||
autoindex on;
|
||||
}
|
||||
|
||||
# Userdir
|
||||
location ~ ^/~(.+?)(/.*)?$ {
|
||||
alias /home/$1/public_html$2;
|
||||
index index.html index.htm;
|
||||
autoindex on;
|
||||
}
|
||||
# Userdir
|
||||
location ~ ^/~(.+?)(/.*)?$ {
|
||||
alias /home/$1/public_html$2;
|
||||
index index.html index.htm;
|
||||
autoindex on;
|
||||
}
|
||||
|
||||
|
||||
#error_page 404 /404.html;
|
||||
#error_page 404 /404.html;
|
||||
|
||||
# redirect server error pages to the static page /50x.html
|
||||
#
|
||||
#error_page 500 502 503 504 /50x.html;
|
||||
#location = /50x.html {
|
||||
# root /usr/share/nginx/html;
|
||||
#}
|
||||
# redirect server error pages to the static page /50x.html
|
||||
#
|
||||
#error_page 500 502 503 504 /50x.html;
|
||||
#location = /50x.html {
|
||||
# root /usr/share/nginx/html;
|
||||
#}
|
||||
|
||||
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
|
||||
#
|
||||
location ~ \.php$ {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
|
||||
#
|
||||
# # With php5-cgi alone:
|
||||
# fastcgi_pass 127.0.0.1:9000;
|
||||
# # With php5-fpm:
|
||||
fastcgi_pass unix:/var/run/php5-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
#include fastcgi_params;
|
||||
include fastcgi.conf;
|
||||
}
|
||||
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
|
||||
#
|
||||
location ~ \.php$ {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
|
||||
#
|
||||
# # With php5-cgi alone:
|
||||
# fastcgi_pass 127.0.0.1:9000;
|
||||
# # With php5-fpm:
|
||||
fastcgi_pass unix:/var/run/php5-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
#include fastcgi_params;
|
||||
include fastcgi.conf;
|
||||
}
|
||||
|
||||
# deny access to .htaccess files, if Apache's document root
|
||||
# concurs with nginx's one
|
||||
#
|
||||
location ~ /\.ht {
|
||||
deny all;
|
||||
}
|
||||
# deny access to .htaccess files, if Apache's document root
|
||||
# concurs with nginx's one
|
||||
#
|
||||
location ~ /\.ht {
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
|
@ -1,23 +1,23 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
|
||||
# Enable this if your want HSTS (recommended)
|
||||
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
|
||||
add_header X-Frame-Options SAMEORIGIN;
|
||||
add_header Content-Security-Policy upgrade-insecure-requests;
|
||||
add_header X-Xss-Protection "1; mode=block" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
# Enable this if your want HSTS (recommended)
|
||||
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
|
||||
add_header X-Frame-Options SAMEORIGIN;
|
||||
add_header Content-Security-Policy upgrade-insecure-requests;
|
||||
add_header X-Xss-Protection "1; mode=block" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
|
||||
server_name something.example.org;
|
||||
server_name something.example.org;
|
||||
|
||||
# NOTE: For X-Real-IP & X-Forwarded-For see ../conf.d/rproxy.conf
|
||||
# Behind CloudFlare see ../conf.d/cloudflare.conf
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:8080;
|
||||
}
|
||||
proxy_pass http://localhost:8080;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,67 +1,67 @@
|
||||
server {
|
||||
|
||||
# default_server from default vhost must exist somewhere!
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
# default_server from default vhost must exist somewhere!
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
|
||||
# Enable this if your want HSTS (recommended)
|
||||
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
|
||||
add_header X-Frame-Options SAMEORIGIN;
|
||||
add_header Content-Security-Policy upgrade-insecure-requests;
|
||||
add_header X-Xss-Protection "1; mode=block" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
# Enable this if your want HSTS (recommended)
|
||||
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
|
||||
add_header X-Frame-Options SAMEORIGIN;
|
||||
add_header Content-Security-Policy upgrade-insecure-requests;
|
||||
add_header X-Xss-Protection "1; mode=block" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
|
||||
root /var/www/vhostdir;
|
||||
index index.php index.html index.htm;
|
||||
root /var/www/vhostdir;
|
||||
index index.php index.html index.htm;
|
||||
|
||||
# vhost address
|
||||
server_name vhost.example.org;
|
||||
# vhost address
|
||||
server_name vhost.example.org;
|
||||
|
||||
location / {
|
||||
# First attempt to serve request as file, then
|
||||
# as directory, then fall back to displaying a 404.
|
||||
try_files $uri $uri/ =404;
|
||||
autoindex off;
|
||||
}
|
||||
location / {
|
||||
# First attempt to serve request as file, then
|
||||
# as directory, then fall back to displaying a 404.
|
||||
try_files $uri $uri/ =404;
|
||||
autoindex off;
|
||||
}
|
||||
|
||||
# Userdir
|
||||
#ilocation ~ ^/~(.+?)(/.*)?$ {
|
||||
# alias /home/$1/public_html$2;
|
||||
# index index.html index.htm;
|
||||
# autoindex on;
|
||||
#}
|
||||
# Userdir
|
||||
#ilocation ~ ^/~(.+?)(/.*)?$ {
|
||||
# alias /home/$1/public_html$2;
|
||||
# index index.html index.htm;
|
||||
# autoindex on;
|
||||
#}
|
||||
|
||||
|
||||
#error_page 404 /404.html;
|
||||
#error_page 404 /404.html;
|
||||
|
||||
# redirect server error pages to the static page /50x.html
|
||||
#
|
||||
#error_page 500 502 503 504 /50x.html;
|
||||
#location = /50x.html {
|
||||
# root /usr/share/nginx/html;
|
||||
#}
|
||||
# redirect server error pages to the static page /50x.html
|
||||
#
|
||||
#error_page 500 502 503 504 /50x.html;
|
||||
#location = /50x.html {
|
||||
# root /usr/share/nginx/html;
|
||||
#}
|
||||
|
||||
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
|
||||
#
|
||||
location ~ \.php$ {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
|
||||
#
|
||||
# # With php5-cgi alone:
|
||||
# fastcgi_pass 127.0.0.1:9000;
|
||||
# # With php5-fpm:
|
||||
fastcgi_pass unix:/var/run/php5-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
#include fastcgi_params;
|
||||
include fastcgi.conf;
|
||||
}
|
||||
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
|
||||
#
|
||||
location ~ \.php$ {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
|
||||
#
|
||||
# # With php5-cgi alone:
|
||||
# fastcgi_pass 127.0.0.1:9000;
|
||||
# # With php5-fpm:
|
||||
fastcgi_pass unix:/var/run/php5-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
#include fastcgi_params;
|
||||
include fastcgi.conf;
|
||||
}
|
||||
|
||||
# deny access to .htaccess files, if Apache's document root
|
||||
# concurs with nginx's one
|
||||
#
|
||||
location ~ /\.ht {
|
||||
deny all;
|
||||
}
|
||||
# deny access to .htaccess files, if Apache's document root
|
||||
# concurs with nginx's one
|
||||
#
|
||||
location ~ /\.ht {
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
|
@ -6,22 +6,22 @@
|
||||
|
||||
# Deny everything by default
|
||||
default {
|
||||
default {
|
||||
deny spoof
|
||||
deny spoof_all
|
||||
deny spoof_privport
|
||||
deny random
|
||||
deny random_numeric
|
||||
deny numeric
|
||||
deny hide
|
||||
}
|
||||
default {
|
||||
deny spoof
|
||||
deny spoof_all
|
||||
deny spoof_privport
|
||||
deny random
|
||||
deny random_numeric
|
||||
deny numeric
|
||||
deny hide
|
||||
}
|
||||
}
|
||||
|
||||
# Don't respond to ident request to root
|
||||
user root {
|
||||
default {
|
||||
force hide
|
||||
}
|
||||
default {
|
||||
force hide
|
||||
}
|
||||
}
|
||||
|
||||
# Allow user znc to spoof when *Identfile is used
|
||||
@ -33,13 +33,13 @@ user root {
|
||||
# /msg *identfile setfile ~/.oidentd.conf
|
||||
# /msg *identfile setformat global { reply "%user%" }
|
||||
user "znc" {
|
||||
default {
|
||||
allow spoof
|
||||
allow spoof_all
|
||||
allow spoof_privport
|
||||
deny random
|
||||
deny random_numeric
|
||||
deny numeric
|
||||
deny hide
|
||||
}
|
||||
default {
|
||||
allow spoof
|
||||
allow spoof_all
|
||||
allow spoof_privport
|
||||
deny random
|
||||
deny random_numeric
|
||||
deny numeric
|
||||
deny hide
|
||||
}
|
||||
}
|
||||
|
@ -33,9 +33,9 @@ don't exist by default anymore, they need to be copied and edited separately
|
||||
See also:
|
||||
|
||||
- https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/1220
|
||||
- marked as duplicate of: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/207
|
||||
- marked as duplicate of: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/207
|
||||
|
||||
## Bluetooth
|
||||
|
||||
- https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
|
||||
- https://web.archive.org/web/20210614103423/https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
|
||||
- https://web.archive.org/web/20210614103423/https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
|
||||
|
@ -1,15 +1,15 @@
|
||||
interface eth0
|
||||
{
|
||||
AdvSendAdvert on;
|
||||
AdvOtherConfigFlag on;
|
||||
prefix 2001:14b8:100:8397::/64
|
||||
{
|
||||
AdvOnLink on;
|
||||
AdvAutonomous on;
|
||||
};
|
||||
prefix ULA::/64
|
||||
{
|
||||
AdvOnLink on;
|
||||
AdvAutonomous on;
|
||||
};
|
||||
AdvSendAdvert on;
|
||||
AdvOtherConfigFlag on;
|
||||
prefix 2001:14b8:100:8397::/64
|
||||
{
|
||||
AdvOnLink on;
|
||||
AdvAutonomous on;
|
||||
};
|
||||
prefix ULA::/64
|
||||
{
|
||||
AdvOnLink on;
|
||||
AdvAutonomous on;
|
||||
};
|
||||
};
|
||||
|
@ -26,9 +26,9 @@ options edns0 single-request-reopen #trust-ad
|
||||
# !!! /run/systemd/resolve/stub-resolv.conf !!! /usr/lib/systemd/resolv.conf /run/systemd/resolve/resolv.conf
|
||||
|
||||
# !!! /run/systemd/resolve/stub-resolv.conf !!! contains search domains and doesn't seem to be
|
||||
# overwritable and somehow works with Mullvad
|
||||
# https://github.com/mullvad/mullvadvpn-app/issues/1952
|
||||
# /usr/lib/systemd/resolv.conf doesn't contain search domains, can
|
||||
# get overwritten and "broken"
|
||||
# /run/systemd/resolve/resolv.conf contains uplink resolvers and domains
|
||||
# SHOULDN'T BE USED!
|
||||
# overwritable and somehow works with Mullvad
|
||||
# https://github.com/mullvad/mullvadvpn-app/issues/1952
|
||||
# /usr/lib/systemd/resolv.conf doesn't contain search domains, can
|
||||
# get overwritten and "broken"
|
||||
# /run/systemd/resolve/resolv.conf contains uplink resolvers and domains
|
||||
# SHOULDN'T BE USED!
|
||||
|
@ -1,6 +1,6 @@
|
||||
#Host example
|
||||
#Hostname compuutteri.example.net
|
||||
#Port 12345
|
||||
#IdentityFile /home/username/.ssh/privkey
|
||||
#ProxyJump uzanto@komputilo.example.net:2222
|
||||
#User account42
|
||||
#Hostname compuutteri.example.net
|
||||
#Port 12345
|
||||
#IdentityFile /home/username/.ssh/privkey
|
||||
#ProxyJump uzanto@komputilo.example.net:2222
|
||||
#User account42
|
||||
|
@ -2,6 +2,6 @@
|
||||
# in reverse so this file is useless. https://serverfault.com/a/461865
|
||||
# & OpenSSH_8.4p1
|
||||
Match User mikaela
|
||||
PasswordAuthentication no
|
||||
AuthenticationMethods publickey
|
||||
PasswordAuthentication no
|
||||
AuthenticationMethods publickey
|
||||
Match All
|
||||
|
@ -6,6 +6,6 @@
|
||||
# https://serverfault.com/a/461865 OpenSSH_8.4p1
|
||||
|
||||
#Match User someone,somebodyelse,whoever
|
||||
# PasswordAuthentication yes
|
||||
# AuthenticationMethods any
|
||||
# PasswordAuthentication yes
|
||||
# AuthenticationMethods any
|
||||
#Match All
|
||||
|
@ -12,31 +12,31 @@ sudo systemctl restart systemd-resolved
|
||||
## Files explained
|
||||
|
||||
- `00-defaults.conf` - configuration not touching resolvers. Disables DNSSEC (as
|
||||
systemd-resolved doesn't handle it properly), enables opportunistic DoT and
|
||||
caching.
|
||||
systemd-resolved doesn't handle it properly), enables opportunistic DoT and
|
||||
caching.
|
||||
- `dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS. If
|
||||
captive portals are a concern, `DNSOverTLS=no`.
|
||||
captive portals are a concern, `DNSOverTLS=no`.
|
||||
- `README.md` - you are reading it right now.
|
||||
|
||||
## General commentary
|
||||
|
||||
- Based on my test DNSOverTLS is not supported in Ubuntu 18.04.x LTS (however
|
||||
at the time of writing this README.md, the current version is Ubuntu 20.04.0)
|
||||
(systemd v237). DNSOverTLS became supported in v239, strict mode (yes) in
|
||||
v243 (big improvements in v244).
|
||||
- TODO: find out when SNI became supported, I have just spotted it in the
|
||||
fine manual in 2020-06-??.
|
||||
at the time of writing this README.md, the current version is Ubuntu 20.04.0)
|
||||
(systemd v237). DNSOverTLS became supported in v239, strict mode (yes) in
|
||||
v243 (big improvements in v244).
|
||||
- TODO: find out when SNI became supported, I have just spotted it in the
|
||||
fine manual in 2020-06-??.
|
||||
- Domains has to be `.~` for them to override DHCP. See https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd
|
||||
without which I wouldn't have got this right.
|
||||
without which I wouldn't have got this right.
|
||||
- DNSSEC may not work if the system is down for a long time and not updated.
|
||||
Thus `allow-downgrade` may be better for non-tech people, even with the
|
||||
potential downgrade attack. There are also captive portals, affecting
|
||||
`DNSOverTLS`. Both take `yes` or `no` or their own special option,
|
||||
for DNNSEC the `allow-downgrade`, for DNSOverTLS `opportunistic`.
|
||||
Thus `allow-downgrade` may be better for non-tech people, even with the
|
||||
potential downgrade attack. There are also captive portals, affecting
|
||||
`DNSOverTLS`. Both take `yes` or `no` or their own special option,
|
||||
for DNNSEC the `allow-downgrade`, for DNSOverTLS `opportunistic`.
|
||||
|
||||
Other links I have found important and my files are based on:
|
||||
|
||||
- https://wiki.archlinux.org/index.php/Systemd-resolved
|
||||
- Also provides the serious issues systemd-resolved+DNSSEC issues, https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
|
||||
- Also provides the serious issues systemd-resolved+DNSSEC issues, https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
|
||||
- request for strict DOT: https://github.com/systemd/systemd/issues/10755
|
||||
- vulnerable to MITM: https://github.com/systemd/systemd/issues/9397
|
||||
|
@ -4,12 +4,12 @@ subdirectories. The sudirectories won't exist in the real
|
||||
and I forget to update this README file if that happens.
|
||||
|
||||
- reflector.service is copied from https://wiki.archlinux.org/index.php/Reflector
|
||||
but uses https instead of http, because there is no reason I would want
|
||||
someone to see what I download.
|
||||
but uses https instead of http, because there is no reason I would want
|
||||
someone to see what I download.
|
||||
|
||||
## Worth reading
|
||||
|
||||
- Waiting for network devices to have IP address (**I only use this for
|
||||
cables**) https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme
|
||||
_ systemctl enable NetworkManager-wait-online.service
|
||||
_ systemctl enable systemd-networkd-wait-online.service
|
||||
cables**) https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme
|
||||
_ systemctl enable NetworkManager-wait-online.service
|
||||
_ systemctl enable systemd-networkd-wait-online.service
|
||||
|
@ -3,4 +3,4 @@ Sailfish OS. It doesn't have cron, so I tried the nearest equivalent
|
||||
that is there out-of-box, systemd timers.
|
||||
|
||||
- aliendalvik-stopper again stops android support hourly so it won't waste
|
||||
battery.
|
||||
battery.
|
||||
|
@ -7,17 +7,17 @@
|
||||
|
||||
server:
|
||||
forward-zone:
|
||||
name: "mywifiext.net"
|
||||
forward-tls-upstream: no
|
||||
forward-addr: 8.8.8.8
|
||||
name: "mywifiext.net"
|
||||
forward-tls-upstream: no
|
||||
forward-addr: 8.8.8.8
|
||||
|
||||
forward-zone:
|
||||
name: "tplinkrepeater.net"
|
||||
forward-tls-upstream: no
|
||||
forward-addr: 8.8.8.8
|
||||
name: "tplinkrepeater.net"
|
||||
forward-tls-upstream: no
|
||||
forward-addr: 8.8.8.8
|
||||
|
||||
# Can I refer to subdomain as a zone?
|
||||
forward-zone:
|
||||
name: "http.badssl.com"
|
||||
forward-tls-upstream: no
|
||||
forward-addr: 8.8.8.8
|
||||
name: "http.badssl.com"
|
||||
forward-tls-upstream: no
|
||||
forward-addr: 8.8.8.8
|
||||
|
@ -4,14 +4,14 @@
|
||||
# See also MEMORY CONTROL EXAMPLE in man unbound.conf
|
||||
|
||||
server:
|
||||
# bytes in message cache, defaults to 4m
|
||||
msg-cache-size: 50m
|
||||
# bytes in rrset cache, defaults to 4m
|
||||
rrset-cache-size: 50m
|
||||
# nxdomain cache, default 1m
|
||||
neg-cache-size: 10m
|
||||
# Cache results for 15 minutes even if they had a shorter TTL. Cloudflare
|
||||
# zone export used to have 1 second, and I have also been seeing 1
|
||||
# minute in the wild, I think 5 mins shouldn't break anything, but bigger
|
||||
# might.
|
||||
cache-min-ttl: 900
|
||||
# bytes in message cache, defaults to 4m
|
||||
msg-cache-size: 50m
|
||||
# bytes in rrset cache, defaults to 4m
|
||||
rrset-cache-size: 50m
|
||||
# nxdomain cache, default 1m
|
||||
neg-cache-size: 10m
|
||||
# Cache results for 15 minutes even if they had a shorter TTL. Cloudflare
|
||||
# zone export used to have 1 second, and I have also been seeing 1
|
||||
# minute in the wild, I think 5 mins shouldn't break anything, but bigger
|
||||
# might.
|
||||
cache-min-ttl: 900
|
||||
|
@ -7,10 +7,10 @@
|
||||
# root-auto-trust-anchor-file.conf at least on Debian.
|
||||
|
||||
server:
|
||||
# Debian ca-certificates location
|
||||
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||
# Fedora location
|
||||
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||
# Debian ca-certificates location
|
||||
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||
# Fedora location
|
||||
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||
|
||||
# Hopefully a reasonable set of non-filtering servers including those
|
||||
# listening on 443, preferably Anycast, but not necessarily.
|
||||
@ -21,37 +21,37 @@ server:
|
||||
# (Also I cannot rename this file due to it being linked around))
|
||||
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-tls-upstream: yes
|
||||
name: "."
|
||||
forward-tls-upstream: yes
|
||||
|
||||
# Quad9 - Anycast, Switzerland based
|
||||
# Non filtering "insecure" servers without DNSSEC, but that is done
|
||||
# by Unbound locally anyway.
|
||||
forward-addr: 2620:fe::fe:10@853#dns10.quad9.net
|
||||
forward-addr: 9.9.9.10@853#dns10.quad9.net
|
||||
forward-addr: 2620:fe::10@853#dns10.quad9.net
|
||||
forward-addr: 149.112.112.10@853#dns10.quad9.net
|
||||
# Quad9 - Anycast, Switzerland based
|
||||
# Non filtering "insecure" servers without DNSSEC, but that is done
|
||||
# by Unbound locally anyway.
|
||||
forward-addr: 2620:fe::fe:10@853#dns10.quad9.net
|
||||
forward-addr: 9.9.9.10@853#dns10.quad9.net
|
||||
forward-addr: 2620:fe::10@853#dns10.quad9.net
|
||||
forward-addr: 149.112.112.10@853#dns10.quad9.net
|
||||
|
||||
# Cloudflare DNS - anycast
|
||||
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
|
||||
forward-addr: 1.1.1.1@853#cloudflare-dns.com
|
||||
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
|
||||
forward-addr: 1.0.0.1@853#cloudflare-dns.com
|
||||
# Cloudflare DNS - anycast
|
||||
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
|
||||
forward-addr: 1.1.1.1@853#cloudflare-dns.com
|
||||
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
|
||||
forward-addr: 1.0.0.1@853#cloudflare-dns.com
|
||||
|
||||
## DNS-over-TLS on port 443, no filtering. Mainly useful for traveling
|
||||
## laptops?
|
||||
# https://appliedprivacy.net/services/dns/ - Vienna, Austria
|
||||
#forward-addr: 2a02:1b8:10:234::2@443#dot1.applied-privacy.net
|
||||
#forward-addr: 146.255.56.98@443#dot1.applied-privacy.net
|
||||
## DNS-over-TLS on port 443, no filtering. Mainly useful for traveling
|
||||
## laptops?
|
||||
# https://appliedprivacy.net/services/dns/ - Vienna, Austria
|
||||
#forward-addr: 2a02:1b8:10:234::2@443#dot1.applied-privacy.net
|
||||
#forward-addr: 146.255.56.98@443#dot1.applied-privacy.net
|
||||
|
||||
# Adguard DNS Unfiltered Anycast
|
||||
forward-addr: 2a10:50c0::1:ff@853#dns-unfiltered.adguard.com
|
||||
forward-addr: 2a10:50c0::2:ff@853#dns-unfiltered.adguard.com
|
||||
forward-addr: 94.140.14.140@853#dns-unfiltered.adguard.com
|
||||
forward-addr: 94.140.14.141@853#dns-unfiltered.adguard.com
|
||||
# Adguard DNS Unfiltered Anycast
|
||||
forward-addr: 2a10:50c0::1:ff@853#dns-unfiltered.adguard.com
|
||||
forward-addr: 2a10:50c0::2:ff@853#dns-unfiltered.adguard.com
|
||||
forward-addr: 94.140.14.140@853#dns-unfiltered.adguard.com
|
||||
forward-addr: 94.140.14.141@853#dns-unfiltered.adguard.com
|
||||
|
||||
# NextDNS - anycast
|
||||
forward-addr: 45.90.28.0@853#dns1.nextdns.io
|
||||
forward-addr: 2a07:a8c0::@853#dns1.nextdns.io
|
||||
forward-addr: 45.90.30.0@853#dns2.nextdns.io
|
||||
forward-addr: 2a07:a8c1::@853#dns2.nextdns.io
|
||||
# NextDNS - anycast
|
||||
forward-addr: 45.90.28.0@853#dns1.nextdns.io
|
||||
forward-addr: 2a07:a8c0::@853#dns1.nextdns.io
|
||||
forward-addr: 45.90.30.0@853#dns2.nextdns.io
|
||||
forward-addr: 2a07:a8c1::@853#dns2.nextdns.io
|
||||
|
@ -2,23 +2,23 @@
|
||||
# are currently rare. And this is more of a placeholder.
|
||||
|
||||
server:
|
||||
# Debian ca-certificates location
|
||||
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||
# ctrl.blog says this is the Fedora location
|
||||
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||
# Debian ca-certificates location
|
||||
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||
# ctrl.blog says this is the Fedora location
|
||||
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||
|
||||
# Forward queries to
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-tls-upstream: yes
|
||||
name: "."
|
||||
forward-tls-upstream: yes
|
||||
|
||||
# Google DNS64 for 64:ff9b::/96
|
||||
# As of 2019-08-25 this doesn't seem to actually be working, but I hope
|
||||
# Google will fix it by the time I actually have IPv6 only hosts and
|
||||
# there will be not-Google options.
|
||||
#forward-addr: 2001:4860:4860::6464@853#dns64.dns.google
|
||||
#forward-addr: 2001:4860:4860::64@853#dns64.dns.google
|
||||
# Google DNS64 for 64:ff9b::/96
|
||||
# As of 2019-08-25 this doesn't seem to actually be working, but I hope
|
||||
# Google will fix it by the time I actually have IPv6 only hosts and
|
||||
# there will be not-Google options.
|
||||
#forward-addr: 2001:4860:4860::6464@853#dns64.dns.google
|
||||
#forward-addr: 2001:4860:4860::64@853#dns64.dns.google
|
||||
|
||||
# Cloudflare for 64:ff9b::/96
|
||||
forward-addr: 2606:4700:4700::64@853#dns64.cloudflare-dns.com
|
||||
forward-addr: 2606:4700:4700::6400@853#dns64.cloudflare-dns.com
|
||||
# Cloudflare for 64:ff9b::/96
|
||||
forward-addr: 2606:4700:4700::64@853#dns64.cloudflare-dns.com
|
||||
forward-addr: 2606:4700:4700::6400@853#dns64.cloudflare-dns.com
|
||||
|
@ -1,5 +1,5 @@
|
||||
# From https://wiki.archlinux.org/index.php/DNSCrypt
|
||||
do-not-query-localhost: no
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-addr: 127.0.2.1@53
|
||||
name: "."
|
||||
forward-addr: 127.0.2.1@53
|
||||
|
@ -1,15 +1,15 @@
|
||||
server:
|
||||
# Debian ca-certificates location
|
||||
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||
# ctrl.blog says this is the Fedora location
|
||||
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||
# Debian ca-certificates location
|
||||
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||
# ctrl.blog says this is the Fedora location
|
||||
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-tls-upstream: yes
|
||||
forward-addr: 2a10:50c0::ad1:ff@853#dns.adguard.com
|
||||
forward-addr: 94.140.14.14@853#dns.adguard.com
|
||||
forward-addr: 2a10:50c0::ad2:ff@853#dns.adguard.com
|
||||
forward-addr: 94.140.15.15@853#dns.adguard.com
|
||||
name: "."
|
||||
forward-tls-upstream: yes
|
||||
forward-addr: 2a10:50c0::ad1:ff@853#dns.adguard.com
|
||||
forward-addr: 94.140.14.14@853#dns.adguard.com
|
||||
forward-addr: 2a10:50c0::ad2:ff@853#dns.adguard.com
|
||||
forward-addr: 94.140.15.15@853#dns.adguard.com
|
||||
|
||||
# Updated for https://adguard.com/en/blog/adguard-dns-new-addresses.html
|
||||
|
@ -2,25 +2,25 @@
|
||||
# Based on https://www.ctrl.blog/entry/unbound-tls-forwarding.html
|
||||
|
||||
server:
|
||||
# Debian ca-certificates location
|
||||
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||
# Fedora location
|
||||
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||
# Debian ca-certificates location
|
||||
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||
# Fedora location
|
||||
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||
|
||||
# DNS servers that have public button for flushing cache. Privacy not considered.
|
||||
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-tls-upstream: yes
|
||||
name: "."
|
||||
forward-tls-upstream: yes
|
||||
|
||||
# Cloudflare / https://1.1.1.1/purge-cache/
|
||||
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
|
||||
forward-addr: 1.1.1.1@853#cloudflare-dns.com
|
||||
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
|
||||
forward-addr: 1.0.0.1@853#cloudflare-dns.com
|
||||
# Cloudflare / https://1.1.1.1/purge-cache/
|
||||
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
|
||||
forward-addr: 1.1.1.1@853#cloudflare-dns.com
|
||||
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
|
||||
forward-addr: 1.0.0.1@853#cloudflare-dns.com
|
||||
|
||||
# Google / https://dns.google/cache
|
||||
forward-addr: 8.8.8.8@853#dns.google
|
||||
forward-addr: 8.8.4.4@853#dns.google
|
||||
forward-addr: 2001:4860:4860::8888@853#dns.google
|
||||
forward-addr: 2001:4860:4860::8844@853#dns.google
|
||||
# Google / https://dns.google/cache
|
||||
forward-addr: 8.8.8.8@853#dns.google
|
||||
forward-addr: 8.8.4.4@853#dns.google
|
||||
forward-addr: 2001:4860:4860::8888@853#dns.google
|
||||
forward-addr: 2001:4860:4860::8844@853#dns.google
|
||||
|
@ -1,12 +1,12 @@
|
||||
server:
|
||||
# Debian ca-certificates location
|
||||
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||
# ctrl.blog says this is the Fedora location
|
||||
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||
# Debian ca-certificates location
|
||||
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||
# ctrl.blog says this is the Fedora location
|
||||
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-tls-upstream: yes
|
||||
forward-addr: 2a07:e340::3@853#adblock.doh.mullvad.net
|
||||
forward-addr: 194.242.2.3@853#adblock.doh.mullvad.net
|
||||
forward-addr: 193.19.108.3@853#adblock.doh.mullvad.net
|
||||
name: "."
|
||||
forward-tls-upstream: yes
|
||||
forward-addr: 2a07:e340::3@853#adblock.doh.mullvad.net
|
||||
forward-addr: 194.242.2.3@853#adblock.doh.mullvad.net
|
||||
forward-addr: 193.19.108.3@853#adblock.doh.mullvad.net
|
||||
|
@ -1,12 +1,12 @@
|
||||
server:
|
||||
# Debian ca-certificates location
|
||||
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||
# ctrl.blog says this is the Fedora location
|
||||
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||
# Debian ca-certificates location
|
||||
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||
# ctrl.blog says this is the Fedora location
|
||||
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-tls-upstream: yes
|
||||
forward-addr: 2a07:e340::2@853#doh.mullvad.net
|
||||
forward-addr: 194.242.2.2@853#doh.mullvad.net
|
||||
forward-addr: 193.19.108.2@853#doh.mullvad.net
|
||||
name: "."
|
||||
forward-tls-upstream: yes
|
||||
forward-addr: 2a07:e340::2@853#doh.mullvad.net
|
||||
forward-addr: 194.242.2.2@853#doh.mullvad.net
|
||||
forward-addr: 193.19.108.2@853#doh.mullvad.net
|
||||
|
@ -1,13 +1,13 @@
|
||||
server:
|
||||
# Debian ca-certificates location
|
||||
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||
# ctrl.blog says this is the Fedora location
|
||||
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||
# Debian ca-certificates location
|
||||
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||
# ctrl.blog says this is the Fedora location
|
||||
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-tls-upstream: yes
|
||||
forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
|
||||
forward-addr: 9.9.9.11@853#dns11.quad9.net
|
||||
forward-addr: 2620:fe::11@853#dns11.quad9.net
|
||||
forward-addr: 149.112.112.11@853#dns11.quad9.net
|
||||
name: "."
|
||||
forward-tls-upstream: yes
|
||||
forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
|
||||
forward-addr: 9.9.9.11@853#dns11.quad9.net
|
||||
forward-addr: 2620:fe::11@853#dns11.quad9.net
|
||||
forward-addr: 149.112.112.11@853#dns11.quad9.net
|
||||
|
@ -1,13 +1,13 @@
|
||||
server:
|
||||
# Debian ca-certificates location
|
||||
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||
# ctrl.blog says this is the Fedora location
|
||||
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||
# Debian ca-certificates location
|
||||
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||
# ctrl.blog says this is the Fedora location
|
||||
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-tls-upstream: yes
|
||||
forward-addr: 2620:fe::fe@853#dns.quad9.net
|
||||
forward-addr: 9.9.9.9@853#dns.quad9.net
|
||||
forward-addr: 2620:fe::9@853#dns.quad9.net
|
||||
forward-addr: 149.112.112.112@853#dns.quad9.net
|
||||
name: "."
|
||||
forward-tls-upstream: yes
|
||||
forward-addr: 2620:fe::fe@853#dns.quad9.net
|
||||
forward-addr: 9.9.9.9@853#dns.quad9.net
|
||||
forward-addr: 2620:fe::9@853#dns.quad9.net
|
||||
forward-addr: 149.112.112.112@853#dns.quad9.net
|
||||
|
@ -1,3 +1,3 @@
|
||||
server:
|
||||
# Prefer IPv6 transport for sending DNS queries to internet nameservers.
|
||||
prefer-ip6: yes
|
||||
# Prefer IPv6 transport for sending DNS queries to internet nameservers.
|
||||
prefer-ip6: yes
|
||||
|
@ -1,10 +1,10 @@
|
||||
server:
|
||||
use-syslog: yes
|
||||
#logfile: "/tmp/unbound.log"
|
||||
# level 0 means no verbosity, only errors. Level 1 gives operational
|
||||
# information. Level 2 gives detailed operational information. Level 3
|
||||
# gives query level information, output per query. Level 4 gives
|
||||
# algorithm level information.
|
||||
verbosity: 2
|
||||
# Print statistics to the log hourly
|
||||
statistics-interval: 3600
|
||||
use-syslog: yes
|
||||
#logfile: "/tmp/unbound.log"
|
||||
# level 0 means no verbosity, only errors. Level 1 gives operational
|
||||
# information. Level 2 gives detailed operational information. Level 3
|
||||
# gives query level information, output per query. Level 4 gives
|
||||
# algorithm level information.
|
||||
verbosity: 2
|
||||
# Print statistics to the log hourly
|
||||
statistics-interval: 3600
|
||||
|
@ -2,19 +2,19 @@
|
||||
# Check dns64-over-tls.conf instead!
|
||||
|
||||
forward-zone:
|
||||
name: "."
|
||||
name: "."
|
||||
|
||||
# Cloudflare DNS64 for 64:ff9b::/96
|
||||
forward-addr: 2606:4700:4700::64
|
||||
forward-addr: 2606:4700:4700::6400
|
||||
# Cloudflare DNS64 for 64:ff9b::/96
|
||||
forward-addr: 2606:4700:4700::64
|
||||
forward-addr: 2606:4700:4700::6400
|
||||
|
||||
# Trex DNS64/NAT64 <http://www.trex.fi/2011/dns64.html>
|
||||
# > The generated AAAA records point to address blocks in TREX's public
|
||||
# address space 2001:67c:2b0::/48 so they are usable from anywhere on
|
||||
# the Internet.
|
||||
forward-addr: 2001:67c:2b0::4
|
||||
forward-addr: 2001:67c:2b0::6
|
||||
# Trex DNS64/NAT64 <http://www.trex.fi/2011/dns64.html>
|
||||
# > The generated AAAA records point to address blocks in TREX's public
|
||||
# address space 2001:67c:2b0::/48 so they are usable from anywhere on
|
||||
# the Internet.
|
||||
forward-addr: 2001:67c:2b0::4
|
||||
forward-addr: 2001:67c:2b0::6
|
||||
|
||||
# Google DNS64 for 64:ff9b::/96 (reserved NAT64 space)
|
||||
#forward-addr: 2001:4860:4860::6464
|
||||
#forward-addr: 2001:4860:4860::64
|
||||
# Google DNS64 for 64:ff9b::/96 (reserved NAT64 space)
|
||||
#forward-addr: 2001:4860:4860::6464
|
||||
#forward-addr: 2001:4860:4860::64
|
||||
|
@ -1,6 +1,6 @@
|
||||
# This is another Debian default, that I may be missing under Arch, even
|
||||
# if the location changes.
|
||||
server:
|
||||
# The following line will configure unbound to perform cryptographic
|
||||
# DNSSEC validation using the root trust anchor.
|
||||
auto-trust-anchor-file: "/var/lib/unbound/root.key"
|
||||
# The following line will configure unbound to perform cryptographic
|
||||
# DNSSEC validation using the root trust anchor.
|
||||
auto-trust-anchor-file: "/var/lib/unbound/root.key"
|
||||
|
@ -1,4 +1,4 @@
|
||||
server:
|
||||
# Use two threads, I think more than 1 threads will help with Firefox
|
||||
# at times telling name resolution failed
|
||||
num-threads: 2
|
||||
# Use two threads, I think more than 1 threads will help with Firefox
|
||||
# at times telling name resolution failed
|
||||
num-threads: 2
|
||||
|
@ -5,7 +5,7 @@
|
||||
# This file is free software; as a special exception the author gives
|
||||
# unlimited permission to copy and/or distribute it, with or without
|
||||
# modifications, as long as this notice is preserved.
|
||||
#
|
||||
#
|
||||
# This file is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
|
||||
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
|
6
install
6
install
@ -18,7 +18,7 @@ cat conf/makepkg.conf > ~/.makepkg.conf
|
||||
mkdir -p ~/.config/mpv/
|
||||
cat conf/mpv.conf > ~/.config/mpv/mpv.conf
|
||||
if [ ! -f ~/.oidentd.conf ]; then
|
||||
cat conf/oidentd.conf > ~/.oidentd.conf
|
||||
cat conf/oidentd.conf > ~/.oidentd.conf
|
||||
fi
|
||||
mkdir -p ~/.gnupg
|
||||
cat gpg/gpg.conf > ~/.gnupg/gpg.conf
|
||||
@ -37,12 +37,12 @@ bash -x ./chmod&
|
||||
|
||||
if [ -f $HOME/.MIKAELAGREP ]
|
||||
then
|
||||
mv $HOME/.MIKAELAGREP $MIKAELA_GREP
|
||||
mv $HOME/.MIKAELAGREP $MIKAELA_GREP
|
||||
fi
|
||||
|
||||
if [ -f "$MIKAELA_GREP" ]
|
||||
then
|
||||
bash -x .mikaela_install
|
||||
bash -x .mikaela_install
|
||||
fi
|
||||
|
||||
set +x
|
||||
|
42
rc/bashrc
42
rc/bashrc
@ -108,7 +108,7 @@ if [[ $UNAME = Darwin ]]; then
|
||||
alias l="ls -CFGp"
|
||||
fi
|
||||
|
||||
# Add an "alert" alias for long running commands. Use like so:
|
||||
# Add an "alert" alias for long running commands. Use like so:
|
||||
# sleep 10; alert
|
||||
alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"'
|
||||
|
||||
@ -276,7 +276,7 @@ alias nmap-quick-plus="sudo nmap -sV -T4 -O -F --version-light "
|
||||
alias nmap-traceroute="sudo nmap -sP -PE -PS22,25,80 -PA21,23,80,3389 -PU -PO --traceroute "
|
||||
alias nmap-regular="nmap "
|
||||
alias nmap-comprehensive="sudo nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all "
|
||||
# Little "safer" scan as connecting to only HTTP and HTTPS ports doesn't look so attacking. Copy-paste to .bash_custom and remove " -p 80,443" if you want to scan all ports which nmap scans by default.
|
||||
# Little "safer" scan as connecting to only HTTP and HTTPS ports doesn't look so attacking. Copy-paste to .bash_custom and remove " -p 80,443" if you want to scan all ports which nmap scans by default.
|
||||
alias nmap-osscan="sudo nmap -p 80,443 -O -v --osscan-guess --fuzzy "
|
||||
|
||||
# Downloads folder over SSH. Usage: rdownload <host>:<remotefolder> <local_destination> | TIP: use ~/ssh/config to configure hosts.
|
||||
@ -530,7 +530,7 @@ alias mpvms="mpv --no-video --shuffle"
|
||||
# Compatibility with my i3 alsactl mess
|
||||
if [ -f ~/.config/asound.state ]
|
||||
then
|
||||
alias alsactl="\alsactl -f ~/.config/asound.state"
|
||||
alias alsactl="\alsactl -f ~/.config/asound.state"
|
||||
fi
|
||||
|
||||
# More simple SSH file signing, ~/.ssh/signingkey.pub should be a symlink
|
||||
@ -573,26 +573,26 @@ function ex ()
|
||||
{
|
||||
if [ -f "$1" ] ; then
|
||||
case "$1" in
|
||||
*.tar) tar xvf $1 ;;
|
||||
*.tar.bz2 | *.tbz2 ) tar xjvf $1 ;;
|
||||
*.tar.gz | *.tgz ) tar xzvf $1 ;;
|
||||
*.bz2) bunzip2 $1 ;;
|
||||
*.rar) unrar x $1 ;;
|
||||
*.gz) gunzip $1 ;;
|
||||
*.zip) unzip $1 ;;
|
||||
*.Z) uncompress $1 ;;
|
||||
*.7z) 7z x $1 ;;
|
||||
*.xz) tar xJvf $1 ;;
|
||||
*.deb)
|
||||
DIR=${1%%_*.deb}
|
||||
ar xv $1
|
||||
mkdir ${DIR}
|
||||
tar -C ${DIR} -xzvf data.tar.gz ;;
|
||||
*.rpm) rpm2cpio $1 | cpio -vid ;;
|
||||
*) echo ""${1}" cannot be extracted via extract()"
|
||||
*.tar) tar xvf $1 ;;
|
||||
*.tar.bz2 | *.tbz2 ) tar xjvf $1 ;;
|
||||
*.tar.gz | *.tgz ) tar xzvf $1 ;;
|
||||
*.bz2) bunzip2 $1 ;;
|
||||
*.rar) unrar x $1 ;;
|
||||
*.gz) gunzip $1 ;;
|
||||
*.zip) unzip $1 ;;
|
||||
*.Z) uncompress $1 ;;
|
||||
*.7z) 7z x $1 ;;
|
||||
*.xz) tar xJvf $1 ;;
|
||||
*.deb)
|
||||
DIR=${1%%_*.deb}
|
||||
ar xv $1
|
||||
mkdir ${DIR}
|
||||
tar -C ${DIR} -xzvf data.tar.gz ;;
|
||||
*.rpm) rpm2cpio $1 | cpio -vid ;;
|
||||
*) echo ""${1}" cannot be extracted via extract()"
|
||||
;;
|
||||
esac
|
||||
else
|
||||
else
|
||||
echo ""${1}" is not a valid file"
|
||||
fi
|
||||
}
|
||||
|
6
rc/vimrc
6
rc/vimrc
@ -79,9 +79,9 @@ filetype plugin indent on
|
||||
|
||||
" Return to last edit position when opening files (You want this!)
|
||||
autocmd BufReadPost *
|
||||
\ if line("'\"") > 0 && line("'\"") <= line("$") |
|
||||
\ exe "normal! g`\"" |
|
||||
\ endif
|
||||
\ if line("'\"") > 0 && line("'\"") <= line("$") |
|
||||
\ exe "normal! g`\"" |
|
||||
\ endif
|
||||
|
||||
" I think leaving line endings to git may be more safe
|
||||
" dos2unix ^M copied from https://stackoverflow.com/a/5361702/1675649
|
||||
|
50
rc/zshrc
50
rc/zshrc
@ -11,20 +11,20 @@ UNAME=$(uname)
|
||||
# Dynamic window title via https://stackoverflow.com/a/20772424
|
||||
## BREAKS TMUX TITLE CHANGING WHICH IS BETTER THAN THIS.
|
||||
#case $TERM in
|
||||
# (*xterm* | *rxvt*)
|
||||
# (*xterm* | *rxvt*)
|
||||
|
||||
# Write some info to terminal title.
|
||||
# This is seen when the shell prompts for input.
|
||||
# function precmd {
|
||||
# print -Pn "\e]0;zsh%L %(1j,%j job%(2j|s|); ,)%~\a"
|
||||
# print -Pn "\e]0;zsh%L %(1j,%j job%(2j|s|); ,)%~\a"
|
||||
# }
|
||||
# Write command and args to terminal title.
|
||||
# This is seen while the shell waits for a command to complete.
|
||||
# function preexec {
|
||||
# printf "\033]0;%s\a" "$1"
|
||||
# printf "\033]0;%s\a" "$1"
|
||||
# }
|
||||
#
|
||||
# ;;
|
||||
#;;
|
||||
#esac
|
||||
|
||||
# enable terminal bell
|
||||
@ -232,7 +232,7 @@ alias nmap-quick-plus="sudo nmap -sV -T4 -O -F --version-light "
|
||||
alias nmap-traceroute="sudo nmap -sP -PE -PS22,25,80 -PA21,23,80,3389 -PU -PO --traceroute "
|
||||
alias nmap-regular="nmap "
|
||||
alias nmap-comprehensive="sudo nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all "
|
||||
# Little "safer" scan as connecting to only HTTP and HTTPS ports doesn't look so attacking. Copy-paste to .zsh_custom and remove " -p 80,443" if you want to scan all ports which nmap scans by default.
|
||||
# Little "safer" scan as connecting to only HTTP and HTTPS ports doesn't look so attacking. Copy-paste to .zsh_custom and remove" -p 80,443" if you want to scan all ports which nmap scans by default.
|
||||
alias nmap-osscan="sudo nmap -p 80,443 -O -v --osscan-guess --fuzzy "
|
||||
|
||||
# Downloads folder over SSH. Usage: rdownload <host>:<remotefolder> <local_destination> | TIP: use ~/ssh/config to configure hosts.
|
||||
@ -281,7 +281,7 @@ if [[ $UNAME = Darwin ]]; then
|
||||
alias l="ls -CFGp"
|
||||
fi
|
||||
|
||||
# Add an "alert" alias for long running commands. Use like so:
|
||||
# Add an "alert" alias for long running commands. Use like so:
|
||||
alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"'
|
||||
|
||||
## -- End of aliases which are saved from Ubuntu default bashrc. --
|
||||
@ -507,7 +507,7 @@ alias mpvms="mpv --no-video --shuffle"
|
||||
# Compatibility with my i3 alsactl mess
|
||||
if [ -f ~/.config/asound.state ]
|
||||
then
|
||||
alias alsactl="\alsactl -f ~/.config/asound.state"
|
||||
alias alsactl="\alsactl -f ~/.config/asound.state"
|
||||
fi
|
||||
|
||||
# More simple SSH file signing, ~/.ssh/signingkey.pub should be a symlink
|
||||
@ -550,26 +550,26 @@ function ex ()
|
||||
{
|
||||
if [ -f "$1" ] ; then
|
||||
case "$1" in
|
||||
*.tar) tar xvf $1 ;;
|
||||
*.tar.bz2 | *.tbz2 ) tar xjvf $1 ;;
|
||||
*.tar.gz | *.tgz ) tar xzvf $1 ;;
|
||||
*.bz2) bunzip2 $1 ;;
|
||||
*.rar) unrar x $1 ;;
|
||||
*.gz) gunzip $1 ;;
|
||||
*.zip) unzip $1 ;;
|
||||
*.Z) uncompress $1 ;;
|
||||
*.7z) 7z x $1 ;;
|
||||
*.xz) tar xJvf $1 ;;
|
||||
*.deb)
|
||||
DIR=${1%%_*.deb}
|
||||
ar xv $1
|
||||
mkdir ${DIR}
|
||||
tar -C ${DIR} -xzvf data.tar.gz ;;
|
||||
*.rpm) rpm2cpio $1 | cpio -vid ;;
|
||||
*) echo ""${1}" cannot be extracted via extract()"
|
||||
*.tar) tar xvf $1 ;;
|
||||
*.tar.bz2 | *.tbz2 ) tar xjvf $1 ;;
|
||||
*.tar.gz | *.tgz ) tar xzvf $1 ;;
|
||||
*.bz2) bunzip2 $1 ;;
|
||||
*.rar) unrar x $1 ;;
|
||||
*.gz) gunzip $1 ;;
|
||||
*.zip) unzip $1 ;;
|
||||
*.Z) uncompress $1 ;;
|
||||
*.7z) 7z x $1 ;;
|
||||
*.xz) tar xJvf $1 ;;
|
||||
*.deb)
|
||||
DIR=${1%%_*.deb}
|
||||
ar xv $1
|
||||
mkdir ${DIR}
|
||||
tar -C ${DIR} -xzvf data.tar.gz ;;
|
||||
*.rpm) rpm2cpio $1 | cpio -vid ;;
|
||||
*) echo ""${1}" cannot be extracted via extract()"
|
||||
;;
|
||||
esac
|
||||
else
|
||||
else
|
||||
echo ""${1}" is not a valid file"
|
||||
fi
|
||||
}
|
||||
|
@ -6,14 +6,14 @@ NetworkManager.
|
||||
Notes:
|
||||
|
||||
- `git commit`ing the same SSID with different capitalisations breaks
|
||||
Windows and more common macOS setups due to their filesystems being
|
||||
case-insensitive.
|
||||
Windows and more common macOS setups due to their filesystems being
|
||||
case-insensitive.
|
||||
- `Settings.AutoConnect=true` is unnecessary as it defaults to true
|
||||
according to `man iwd.network`.
|
||||
according to `man iwd.network`.
|
||||
- `IPv6.Enabled=true` defauls to true being also unnecessary.
|
||||
- `private-home-sample.psk` has a comment on MAC address override and sends
|
||||
hostname with IPv4 DHCP. `private-cafe-sample.psk` always randomizes MAC
|
||||
address and doesn't send hostname.
|
||||
hostname with IPv4 DHCP. `private-cafe-sample.psk` always randomizes MAC
|
||||
address and doesn't send hostname.
|
||||
- The `.open` networks always randomize MAC address too. If a network is
|
||||
private and needs MAC address for captive portal override or something,
|
||||
`private-home-sample.psk` should be adjusted from.
|
||||
private and needs MAC address for captive portal override or something,
|
||||
`private-home-sample.psk` should be adjusted from.
|
||||
|
Loading…
Reference in New Issue
Block a user