etc/sysctl.d: go through, mkdir questionable/

Resolves: #93

etc/sysctl.d/00-bindv6only.conf

@@ -0,0 +1,2 @@
+# When binding to IPv6, only bind to IPv6. Avoids dotted-decimals
+net.ipv6.bindv6only=1

etc/sysctl.d/00-magicsysrq.conf

@@ -0,0 +1,3 @@
+# Enable the Magic SysRq key
+# https://en.wikipedia.org/wiki/Magic_SysRq_key
+kernel.sysrq = 1

etc/sysctl.d/00-ptrace-restricted.conf

@@ -1,3 +1,3 @@
-# Only let debugging child processes
+# Only let child processes to be debugged
 # https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html
 kernel.yama.ptrace_scope = 1

etc/sysctl.d/40-ipv6.conf

@@ -1,8 +0,0 @@
-# Enable IPv6 Privacy Extensions
-# 2 for enabling and preferring, 1 to only enable, 0 to disable
-net.ipv6.conf.all.use_tempaddr = 2
-net.ipv6.conf.default.use_tempaddr = 2
-#net.ipv6.conf.eth0.use_tempaddr = 2
-#net.ipv6.conf.wlan0.use_tempaddr = 2
-net.ipv6.conf.enp4s0f1.use_tempaddr = 2
-net.ipv6.conf.wlp3s0.use_tempaddr = 2

etc/sysctl.d/60-mikaela.conf

@@ -1,27 +0,0 @@
-## Kernel settings that I prefer to have. ~~ Mikaela
-
-## Core files appear with filename <binary>-<PID>-<hostname>.core
-kernel.core_pattern = %e-%p-%h.core
-
-## When binding to IPv6, only bind to IPv6. Avoids dotted-decimals
-net.ipv6.bindv6only=1
-
-## Enable IPv6 privacy extensions and prefer them to the EUI-64 address
-## This should be 2 for clients to use and prefer private extensions address
-## and 0 for servers or devices that don't move around.
-net.ipv6.conf.default.use_tempaddr=2
-net.ipv6.conf.all.use_tempaddr=2
-## In case of systemd-networkd (which won't work with the above) and
-## interfaces that are up when the option is changed:
-#net.ipv6.conf.eth0.use_tempaddr=2
-#net.ipv6.conf.enp4s0f1.use_tempaddr=2
-#net.ipv6.conf.wlan0.use_tempaddr=2
-#net.ipv6.conf.wlp3s0.use_tempaddr=2
-
-## Enable the Magic SysRq key
-## https://en.wikipedia.org/wiki/Magic_SysRq_key
-kernel.sysrq = 1
-
-# Only let debugging child processes
-# https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html
-kernel.yama.ptrace_scope = 1

etc/sysctl.d/questionable/00-kernel-core_pattern.conf

@@ -0,0 +1,4 @@
+# Core files appear with filename <binary>-<PID>-<hostname>.core
+# Note, I am not sure if this makes sense especially when systemd or apport
+# or something similar is used as it tends to override this option
+kernel.core_pattern = %e-%p-%h.core

etc/sysctl.d/questionable/00-local-userns.conf

@@ -1,3 +1,5 @@
+# TODO: is this deprecated? It might be Debian-only regardless.
+
 # A security hole required by at least by
 #  * Brave https://github.com/brave/brave-browser/issues/3420
 #  * IPFS Desktop https://github.com/ipfs-shipyard/ipfs-desktop/issues/1044

etc/sysctl.d/questionable/40-ipv6.conf

@@ -0,0 +1,20 @@
+# I think this may be deprecated or done better / different way by
+# NetworkManager and similar software.
+
+# Enable IPv6 privacy extensions and prefer them to the EUI-64 address
+# This should be 2 for clients to use and prefer private extensions address
+# and 0 for servers or devices that don't move around.
+# 2 for enabling and preferring, 1 to only enable, 0 to disable
+net.ipv6.conf.all.use_tempaddr = 2
+net.ipv6.conf.default.use_tempaddr = 2
+#net.ipv6.conf.eth0.use_tempaddr = 2
+#net.ipv6.conf.wlan0.use_tempaddr = 2
+net.ipv6.conf.enp4s0f1.use_tempaddr = 2
+net.ipv6.conf.wlp3s0.use_tempaddr = 2
+
+## In case of systemd-networkd (which won't work with the above) and
+## interfaces that are up when the option is changed:
+#net.ipv6.conf.eth0.use_tempaddr=2
+#net.ipv6.conf.enp4s0f1.use_tempaddr=2
+#net.ipv6.conf.wlan0.use_tempaddr=2
+#net.ipv6.conf.wlp3s0.use_tempaddr=2

etc/sysctl.d/questionable/README.md

@@ -0,0 +1,2 @@
+This file contains questionable choices and options which may be deprecated
+or otherwise not so good ideas.