fix .prettierrc & run prettier again

This commit is contained in:
Aminda Suomalainen 2024-07-03 19:08:14 +03:00
parent 3027652652
commit 447dcfdf08
Signed by: Mikaela
SSH Key Fingerprint: SHA256:CXLULpqNBdUKB6E6fLA1b/4SzG0HvKD19PbIePU175Q
17 changed files with 162 additions and 91 deletions

View File

@ -1,3 +1,5 @@
# @format
# Based on https://pre-commit.com # Based on https://pre-commit.com
image: python:alpine image: python:alpine
gitlab-ci-pre-commit: gitlab-ci-pre-commit:

View File

@ -13,11 +13,11 @@
{ "files": ".prettierrc", "options": { "parser": "json" } }, { "files": ".prettierrc", "options": { "parser": "json" } },
{ {
"files": "conf/librewolf.overrides.cfg", "files": "conf/librewolf.overrides.cfg",
"options": { "parser": ".js" } "options": { "parser": "babel" }
}, },
{ {
"files": "conf/autoconfig.js.online", "files": "conf/autoconfig.js.online",
"options": { "parser": ".js" } "options": { "parser": "babel" }
} }
] ]
} }

View File

@ -1,3 +1,5 @@
<!-- @format -->
Config files that I wish to have everywhere. You could probably call this Config files that I wish to have everywhere. You could probably call this
repository as dotfiles, but historical reasons... repository as dotfiles, but historical reasons...

View File

@ -1,10 +1,12 @@
<!-- @format -->
# DNS over HTTPS in Windows 11 # DNS over HTTPS in Windows 11
Requires Windows 11. Requires Windows 11.
- `GPO-EnforceDoH.reg` enables the group policy to require DoH. However it - `GPO-EnforceDoH.reg` enables the group policy to require DoH. However it
didn't seem to work for me or it allowed me to set the DNS server to not didn't seem to work for me or it allowed me to set the DNS server to not use
use DoH. DoH.
- `DohWellKnownServers` adds DoH support for multiple IPv4 & IPv6 addresses - `DohWellKnownServers` adds DoH support for multiple IPv4 & IPv6 addresses
that Windows 11 isn't shipping by default, currently: that Windows 11 isn't shipping by default, currently:
@ -17,14 +19,18 @@ Requires Windows 11.
- Mullvad - Mullvad
- Mullvad Adblock - Mullvad Adblock
- Quad9 ECS (Windows 11 defaults include Quad9 default) - Quad9 ECS (Windows 11 defaults include Quad9 default)
- TREX (actually points to Quad9 as per [their documentation](https://www.trex.fi/service/resolvers.html)) - TREX (actually points to Quad9 as per
[their documentation](https://www.trex.fi/service/resolvers.html))
## Configuration ## Configuration
Once Windows knows about the DoH servers (DohWellKnownServers.reg), DNS-over Once Windows knows about the DoH servers (DohWellKnownServers.reg), DNS-over
HTTPS can be enabled for: HTTPS can be enabled for:
- All networks: `Windows-I (Settings) -> Network & Internet -> Advanced network settings -> WLAN -> View additional properties -> DNS Server assignment -> Edit` - All networks:
`Windows-I (Settings) -> Network & Internet -> Advanced network settings -> WLAN -> View additional properties -> DNS Server assignment -> Edit`
- Same place for Ethernet etc. - Same place for Ethernet etc.
- Specific network: `Windows-I (Settings) -> Network & Internet -> WiFi -> Connected SSID -> DNS server assignment -> Edit` - Specific network:
- Note: if the all networks one is configured, there is a warning about it not being used. `Windows-I (Settings) -> Network & Internet -> WiFi -> Connected SSID -> DNS server assignment -> Edit`
- Note: if the all networks one is configured, there is a warning about it
not being used.

View File

@ -1,3 +1,5 @@
<!-- @format -->
This file is supposed to explain [Windows.reg](Windows.reg). This file is supposed to explain [Windows.reg](Windows.reg).
``` ```
@ -10,9 +12,10 @@ Windows Registry Editor Version 5.00
- Make the file Windows Registry Editor script - Make the file Windows Registry Editor script
- Ask admins for password/PIN in UAC - Ask admins for password/PIN in UAC
- 2 would ask for yes or no, 0 disable entirely (don't do that). - 2 would ask for yes or no, 0 disable entirely (don't do that).
- prompt standard users for username and password. 2021-12-19: I don't understand this or the line below. - prompt standard users for username and password. 2021-12-19: I don't
- The other option (1) doesn't even give them UAC prompt so you must understand this or the line below.
always login as admin to do anything. - The other option (1) doesn't even give them UAC prompt so you must always
login as admin to do anything.
``` ```
"dontdisplaylastusername"=dword:00000000 "dontdisplaylastusername"=dword:00000000
@ -39,8 +42,8 @@ Windows Registry Editor Version 5.00
``` ```
- Sets hardware clock to UTC time (doesn't affect system clock!) - Sets hardware clock to UTC time (doesn't affect system clock!)
- qword for 64-bit, dword for 32-bit systems. The actual reg file has - qword for 64-bit, dword for 32-bit systems. The actual reg file has only
only qword as I haven't seen 32-bit Windowses lately. qword as I haven't seen 32-bit Windowses lately.
``` ```
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]

View File

@ -1,3 +1,5 @@
/** @format */
// This file belongs to Firefox `default/pref` directory. // This file belongs to Firefox `default/pref` directory.
// E.g. /usr/lib64/firefox/defaults/pref/ or ~/.local/firefox/defaults/pref/ // E.g. /usr/lib64/firefox/defaults/pref/ or ~/.local/firefox/defaults/pref/

View File

@ -1,10 +1,15 @@
/** @format */
// This file belongs to Firefox `default/pref` directory as `autoconfig.js`. // This file belongs to Firefox `default/pref` directory as `autoconfig.js`.
// E.g. /usr/lib64/firefox/defaults/pref/autoconfig.js // E.g. /usr/lib64/firefox/defaults/pref/autoconfig.js
// WARNING: lockPref() IS NOT ALLOWED HERE! // WARNING: lockPref() IS NOT ALLOWED HERE!
//pref("autoadmin.global_config_url","https://gitea.blesmrt.net/mikaela/shell-things/raw/branch/master/conf/firefox-forbidden-policies.js"); //pref("autoadmin.global_config_url","https://gitea.blesmrt.net/mikaela/shell-things/raw/branch/master/conf/firefox-forbidden-policies.js");
pref("autoadmin.global_config_url","file:///home/aminda/public_html/autoconfig.js"); pref(
"autoadmin.global_config_url",
"file:///home/aminda/public_html/autoconfig.js",
);
pref("general.config.obscure_value", 0); pref("general.config.obscure_value", 0);
pref("autoadmin.refresh_interval", 120); pref("autoadmin.refresh_interval", 120);
pref("autoadmin.offline_failover", true); pref("autoadmin.offline_failover", true);

View File

@ -1,3 +1,4 @@
/** @format */
// ~/.{librewolf,var/app/io.gitlab.librewolf-community/.librewolf}/librewolf.overrides.cfg // ~/.{librewolf,var/app/io.gitlab.librewolf-community/.librewolf}/librewolf.overrides.cfg
// The first line of this file is supposed to be empty. // The first line of this file is supposed to be empty.
@ -11,7 +12,10 @@
// NOTE! A lot is commented either for being a note, wrong, TODO, whatever, or most likely in my /etc/firefox/policies/policies.json // NOTE! A lot is commented either for being a note, wrong, TODO, whatever, or most likely in my /etc/firefox/policies/policies.json
// Firefox autoconfig // Firefox autoconfig
pref("autoadmin.global_config_url", "https://gitea.blesmrt.net/mikaela/shell-things/raw/branch/master/conf/librewolf.overrides.cfg"); pref(
"autoadmin.global_config_url",
"https://gitea.blesmrt.net/mikaela/shell-things/raw/branch/master/conf/librewolf.overrides.cfg",
);
//pref("general.config.obscure_value", 0); //pref("general.config.obscure_value", 0);
pref("autoadmin.refresh_interval", 120); pref("autoadmin.refresh_interval", 120);
pref("autoadmin.offline_failover", true); pref("autoadmin.offline_failover", true);
@ -51,7 +55,10 @@ pref("privacy.fingerprintingProtection.pbmode", true);
// usability and reveal the real platform (voting for Linux // usability and reveal the real platform (voting for Linux
// existing in statistics). https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargets.inc // existing in statistics). https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargets.inc
// It's not like I have any uniqueness with `intl.accept_languages` below... // It's not like I have any uniqueness with `intl.accept_languages` below...
pref("privacy.fingerprintingProtection.overrides", "+AllTargets,-KeyboardEvents,-SpeechSynthesis,-CSSPrefersColorScheme,-CSSPrefersReducedMotion,-NavigatorPlatform,-NavigatorUserAgent,-JSDateTimeUTC,-HttpUserAgent,-FontVisibilityRestrictGenerics,-FontVisibilityBaseSystem,-FontVisibilityLangPack"); pref(
"privacy.fingerprintingProtection.overrides",
"+AllTargets,-KeyboardEvents,-SpeechSynthesis,-CSSPrefersColorScheme,-CSSPrefersReducedMotion,-NavigatorPlatform,-NavigatorUserAgent,-JSDateTimeUTC,-HttpUserAgent,-FontVisibilityRestrictGenerics,-FontVisibilityBaseSystem,-FontVisibilityLangPack",
);
// :( but fingerprintability // :( but fingerprintability
pref("javascript.use_us_english_locale", true); pref("javascript.use_us_english_locale", true);
@ -147,8 +154,14 @@ pref("browser.cache.memory.enable", true);
//pref("privacy.userContext.ui.enabled", true); //pref("privacy.userContext.ui.enabled", true);
//pref("browser.contentblocking.category", "strict"); //pref("browser.contentblocking.category", "strict");
pref("privacy.partition.always_partition_third_party_non_cookie_storage", true); pref(
pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", false); "privacy.partition.always_partition_third_party_non_cookie_storage",
true,
);
pref(
"privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage",
false,
);
/** prevent media cache from being written to disk in pb, but increase max cache size to avoid playback issues */ /** prevent media cache from being written to disk in pb, but increase max cache size to avoid playback issues */
pref("browser.privatebrowsing.forceMediaMemoryCache", true); pref("browser.privatebrowsing.forceMediaMemoryCache", true);
@ -271,7 +284,6 @@ pref("browser.urlbar.weather.featureGate", false);
// these are from Arkenfox, I decided to put them here. // these are from Arkenfox, I decided to put them here.
pref("browser.download.start_downloads_in_tmp_dir", true); // Arkenfox user.js v118 pref("browser.download.start_downloads_in_tmp_dir", true); // Arkenfox user.js v118
/** /**
* the pref disables the whole feature and hide it from the ui * the pref disables the whole feature and hide it from the ui
* (as noted in https://bugzilla.mozilla.org/show_bug.cgi?id=1755057). * (as noted in https://bugzilla.mozilla.org/show_bug.cgi?id=1755057).
@ -307,8 +319,6 @@ pref("browser.link.open_newwindow.restriction", 0);
/** [SECTION] MOUSE */ /** [SECTION] MOUSE */
pref("browser.tabs.searchclipboardfor.middleclick", false); // prevent mouse middle click on new tab button to trigger searches or page loads pref("browser.tabs.searchclipboardfor.middleclick", false); // prevent mouse middle click on new tab button to trigger searches or page loads
/** [CATEGORY] EXTENSIONS */ /** [CATEGORY] EXTENSIONS */
/** [SECTION] USER INSTALLED /** [SECTION] USER INSTALLED
@ -363,14 +373,20 @@ pref("browser.shopping.experience2023.active", false);
/** [SECTION] OTHERS */ /** [SECTION] OTHERS */
pref("webchannel.allowObject.urlWhitelist", ""); // remove web channel whitelist pref("webchannel.allowObject.urlWhitelist", ""); // remove web channel whitelist
pref("services.settings.server", "https://%.invalid") // set the remote settings URL (REMOTE_SETTINGS_SERVER_URL in the code) pref("services.settings.server", "https://%.invalid"); // set the remote settings URL (REMOTE_SETTINGS_SERVER_URL in the code)
/** [SECTION] NEW TAB PAGE /** [SECTION] NEW TAB PAGE
* we want NTP to display nothing but the search bar without anything distracting. * we want NTP to display nothing but the search bar without anything distracting.
* the three prefs below are just for minimalism and they should be easy to revert for users. * the three prefs below are just for minimalism and they should be easy to revert for users.
*/ */
pref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); pref(
pref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false); "browser.newtabpage.activity-stream.section.highlights.includeDownloads",
false,
);
pref(
"browser.newtabpage.activity-stream.section.highlights.includeVisited",
false,
);
pref("browser.newtabpage.activity-stream.feeds.topsites", false); pref("browser.newtabpage.activity-stream.feeds.topsites", false);
// hide stories and sponsored content from Firefox Home // hide stories and sponsored content from Firefox Home
pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
@ -380,7 +396,10 @@ pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false);
pref("browser.newtabpage.activity-stream.feeds.telemetry", false); pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
pref("browser.newtabpage.activity-stream.telemetry", false); pref("browser.newtabpage.activity-stream.telemetry", false);
// hide stories UI in about:preferences#home, empty highlights list // hide stories UI in about:preferences#home, empty highlights list
pref("browser.newtabpage.activity-stream.feeds.section.topstories.options", "{\"hidden\":true}"); pref(
"browser.newtabpage.activity-stream.feeds.section.topstories.options",
'{"hidden":true}',
);
pref("browser.newtabpage.activity-stream.default.sites", ""); pref("browser.newtabpage.activity-stream.default.sites", "");
/** [SECTION] ABOUT /** [SECTION] ABOUT
@ -406,8 +425,14 @@ pref("browser.preferences.moreFromMozilla", false);
/** [SECTION] RECOMMENDED /** [SECTION] RECOMMENDED
* disable all "recommend as you browse" activity. * disable all "recommend as you browse" activity.
*/ */
pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); pref(
pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features",
false,
);
pref(
"browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons",
false,
);
// Maybe Windows specific, but looks useful. // Maybe Windows specific, but looks useful.
pref("network.protocol-handler.external.ms-windows-store", false); // prevent links from launching windows store pref("network.protocol-handler.external.ms-windows-store", false); // prevent links from launching windows store

View File

@ -1,16 +1,18 @@
<!-- @format -->
My configs for [dnscrypt-proxy] My configs for [dnscrypt-proxy]
At the time of writing, hosts-mikaela.txt is intended for not having to At the time of writing, hosts-mikaela.txt is intended for not having to
remember or trust the DNS for all of the domains or the hypothetical remember or trust the DNS for all of the domains or the hypothetical scenario
scenario where I have no access to DNS, but for some reason having access where I have no access to DNS, but for some reason having access to
to [Yggdrasil] and/or [Hyperboria] or just to answer the question, why to [Yggdrasil] and/or [Hyperboria] or just to answer the question, why to rely on
rely on centralized technology on decentralized web. centralized technology on decentralized web.
Mosts of the domains in hosts-mikaela.txt should also work without the file Mosts of the domains in hosts-mikaela.txt should also work without the file
when mikaela.internal is replaced with mikaela.info, however relying on DNS, when mikaela.internal is replaced with mikaela.info, however relying on DNS,
but that way you must trust DNSSEC, CloudFlare and wherever the CNAME but that way you must trust DNSSEC, CloudFlare and wherever the CNAME points
points to who may not have DNSSEC. If you are using this file to who may not have DNSSEC. If you are using this file (you shouldn't), you
(you shouldn't), you are already trusting me. are already trusting me.
[dnscrypt-proxy]: https://github.com/jedisct1/dnscrypt-proxy [dnscrypt-proxy]: https://github.com/jedisct1/dnscrypt-proxy
[hyperboria]: https://hyperboria.net/ [hyperboria]: https://hyperboria.net/

View File

@ -1,3 +1,5 @@
<!-- @format -->
# Firefox `policies.json` # Firefox `policies.json`
- https://mozilla.github.io/policy-templates/ - https://mozilla.github.io/policy-templates/
@ -32,8 +34,8 @@ per whatever I am doing.
## WARNING TO LIBREWOLF USERS ## WARNING TO LIBREWOLF USERS
This file takes priority over This file takes priority over
`/usr/share/librewolf/distribution/policies.json` so don't apply this or `/usr/share/librewolf/distribution/policies.json` so don't apply this or a lot
a lot of LibreWolf specific customizations stops being in force. of LibreWolf specific customizations stops being in force.
## General warning ## General warning

View File

@ -1,3 +1,5 @@
<!-- @format -->
# Chromium policies # Chromium policies
- https://chromeenterprise.google/policies/ - https://chromeenterprise.google/policies/
@ -200,8 +202,8 @@ disabling GTK/Qt themes.
## `brave-shields-disabled.json` ## `brave-shields-disabled.json`
Allowlist for sites where I think Brave Shields may be breaking things. Similar is also in Allowlist for sites where I think Brave Shields may be breaking things.
`aminda-extensions.json` for Privacy Badger. Similar is also in `aminda-extensions.json` for Privacy Badger.
## `disable-brave-ipfs.json` ## `disable-brave-ipfs.json`
@ -254,14 +256,15 @@ Simply forces DNS-over-HTTPS with DNS0.eu.
## `doh-mullvad-base.json` ## `doh-mullvad-base.json`
Forces DNS-over-HTTPS with Mullvad Base, which features ad, malware & tracker blocking. Forces DNS-over-HTTPS with Mullvad Base, which features ad, malware & tracker
blocking.
- https://mullvad.net/en/help/dns-over-https-and-dns-over-tls#specifications - https://mullvad.net/en/help/dns-over-https-and-dns-over-tls#specifications
## `doh-quad9-ecs.json` ## `doh-quad9-ecs.json`
Forces DNS over HTTPS with Quad9 ECS enabled threat-blocking server and also contains Forces DNS over HTTPS with Quad9 ECS enabled threat-blocking server and also
their alternative port. contains their alternative port.
## `doh-quad9.json` ## `doh-quad9.json`
@ -270,15 +273,18 @@ their alternative port.
## `doh-unlocked-unset.json` ## `doh-unlocked-unset.json`
Allows configuring DoH even with managed policies present (unless another DoH rule is in force) since enabling any managed policy will otherwise gray out the option. Allows configuring DoH even with managed policies present (unless another DoH
rule is in force) since enabling any managed policy will otherwise gray out
the option.
If no DNS over HTTPS policy is used, this unlocks the setting. Enabling managed policies disable it by default. If no DNS over HTTPS policy is used, this unlocks the setting. Enabling
managed policies disable it by default.
My other `doh-*.json` set this as well, because `secure` doesn't allow My other `doh-*.json` set this as well, because `secure` doesn't allow
downgrade to system resolver and Chromium seems somewhat unreliable with it often reporting downgrade to system resolver and Chromium seems somewhat unreliable with it
`DNS_PROBE_POSSIBLE` and while this occassionally disables ECH, it works and often reporting `DNS_PROBE_POSSIBLE` and while this occassionally disables
my system resolvers are encrypted. I hope they will implement ECH with system ECH, it works and my system resolvers are encrypted. I hope they will
resolver soon to fix this. implement ECH with system resolver soon to fix this.
## `edge-appsfavorites.json` ## `edge-appsfavorites.json`
@ -298,7 +304,8 @@ Explicitly enables Chromecast support.
## `enable-labs.json` ## `enable-labs.json`
Enables the beaker button "Experiments" for easier management than `about:flags`. Enables the beaker button "Experiments" for easier management than
`about:flags`.
## `enable-passwordleakdetection.json` ## `enable-passwordleakdetection.json`
@ -332,14 +339,14 @@ This file evolved to merge another one, so now it:
## `prefetch.json` ## `prefetch.json`
Enables prefetching. Will make sites very speedy, but decreases privacy and may Enables prefetching. Will make sites very speedy, but decreases privacy and
conflict with uBlock Origin. However AdNauseam is already clicking those ads, so may conflict with uBlock Origin. However AdNauseam is already clicking those
maybe it's not that big of an issue. ads, so maybe it's not that big of an issue.
## `profilemanager.json` ## `profilemanager.json`
Forces the profile screen even with only one profile. I love the feature in Firefox Forces the profile screen even with only one profile. I love the feature in
and want to see it here too, now that I accidentally noticed it. Firefox and want to see it here too, now that I accidentally noticed it.
## `README.md` ## `README.md`

View File

@ -1,3 +1,5 @@
<!-- @format -->
# systemd-resolved additional config files # systemd-resolved additional config files
<!-- editorconfig-checker-disable --> <!-- editorconfig-checker-disable -->
@ -17,8 +19,8 @@
## Quickstart ## Quickstart
This is also done by `../../systemd-resolv.conf-restore.bash` which takes This is also done by `../../systemd-resolv.conf-restore.bash` which takes into
into account more circumstances... account more circumstances...
```bash ```bash
sudo systemctl enable --now systemd-resolved.service sudo systemctl enable --now systemd-resolved.service
@ -33,13 +35,13 @@ offer.
## Files explained ## Files explained
- `00-defaults.conf` - configuration that should be used everywhere. - `00-defaults.conf` - configuration that should be used everywhere. Enables
Enables DNSSEC (regardless of systemd-resolved not handling it properly), DNSSEC (regardless of systemd-resolved not handling it properly), enables
enables opportunistic DoT, caching and local DNS servers (because they opportunistic DoT, caching and local DNS servers (because they should exist
should exist anyway as I don't trust systemd-resolved entirely. Anyway if anyway as I don't trust systemd-resolved entirely. Anyway if there truly is
there truly is no local resolver, systemd-resolved will detect that and act accordingly.) no local resolver, systemd-resolved will detect that and act accordingly.)
- To rephrase, this is to be used together with other files, especially - To rephrase, this is to be used together with other files, especially some
some of those beginning with `10-dot-`. of those beginning with `10-dot-`.
- `05-do53-dna-moi.conf` - DNS servers used by DNA and Moi (who is on DNA's - `05-do53-dna-moi.conf` - DNS servers used by DNA and Moi (who is on DNA's
network and owned by them) network and owned by them)
- `05-do53-elisa.conf` - DNS servers used by Elisa and apparently their - `05-do53-elisa.conf` - DNS servers used by Elisa and apparently their
@ -48,12 +50,12 @@ offer.
At least one of these should be used in addition to `00-defaults.conf` At least one of these should be used in addition to `00-defaults.conf`
- `98-local-resolver.conf` attempts to configure localhost resolver and - `98-local-resolver.conf` attempts to configure localhost resolver and
disables unnecessary features for that scenario. The number 10 takes disables unnecessary features for that scenario. The number 10 takes
priority over 00 and 05 so if a DNSOverTLS=true is uncommented, it will priority over 00 and 05 so if a DNSOverTLS=true is uncommented, it will also
also apply to the former ones that are unlikely to support it. When apply to the former ones that are unlikely to support it. When numbering the
numbering the files, I didn't think I would be adding the plaintext DNS files, I didn't think I would be adding the plaintext DNS servers that I am
servers that I am unlikely to use whenever Unbound is available (and I unlikely to use whenever Unbound is available (and I currently have only one
currently have only one system that has systemd-resolved while not having system that has systemd-resolved while not having Unbound and it seems to
Unbound and it seems to prefer DoT over my router anyway). prefer DoT over my router anyway).
- `99-lan-resolver.conf.sample` when renamed would allow enabling resolvers on - `99-lan-resolver.conf.sample` when renamed would allow enabling resolvers on
LAN assuming they are trusted. Note that if used together with LAN assuming they are trusted. Note that if used together with
`98-local-resolver.conf`, DNSSEC would be disabled. `98-local-resolver.conf`, DNSSEC would be disabled.
@ -61,30 +63,33 @@ offer.
## General commentary ## General commentary
- DNSOverTLS became supported in systemd v239, strict mode (true) in - DNSOverTLS became supported in systemd v239, strict mode (true) in v243 (big
v243 (big improvements in v244). improvements in v244).
- TODO: find out when SNI became supported, I have just spotted it in the - TODO: find out when SNI became supported, I have just spotted it in the
fine manual in 2020-06-??. fine manual in 2020-06-??.
- Domains has to be `.~` for them to override DHCP. See https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd - Domains has to be `.~` for them to override DHCP. See
https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd
without which I wouldn't have got this right. without which I wouldn't have got this right.
- DNSSEC may not work if the system is down for a long time and not updated. - DNSSEC may not work if the system is down for a long time and not updated.
Thus `allow-downgrade` may be better for non-tech people, even with the Thus `allow-downgrade` may be better for non-tech people, even with the
potential downgrade attack. There are also captive portals, affecting potential downgrade attack. There are also captive portals, affecting
`DNSOverTLS`. Both take `true` or `false` or their own special option, `DNSOverTLS`. Both take `true` or `false` or their own special option, for
for DNSSEC the `allow-downgrade`, for DNSOverTLS `opportunistic`. DNSSEC the `allow-downgrade`, for DNSOverTLS `opportunistic`.
- Then again when was any system that outdated to not have working DNSSEC? - Then again when was any system that outdated to not have working DNSSEC?
- TODO: return to this configuration should that actually happen? - TODO: return to this configuration should that actually happen?
- I am actually running Unbound simultaneously with `resolv.conf` pointing - I am actually running Unbound simultaneously with `resolv.conf` pointing
to both with `options rotate edns0 trust-ad` which might workaround that to both with `options rotate edns0 trust-ad` which might workaround that
potential issue. potential issue.
- DNS server priority is the one they are specified in. The first working one - DNS server priority is the one they are specified in. The first working one
will be used when it won't work anymore and then the next is used as long will be used when it won't work anymore and then the next is used as long as
as it works and then it's back to the beginning. it works and then it's back to the beginning.
- https://github.com/systemd/systemd/issues/16322#issuecomment-724143641 - https://github.com/systemd/systemd/issues/16322#issuecomment-724143641
Other links I have found important and my files are based on: Other links I have found important and my files are based on:
- https://wiki.archlinux.org/index.php/Systemd-resolved - https://wiki.archlinux.org/index.php/Systemd-resolved
- Also provides the serious issues systemd-resolved+DNSSEC issues, https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867 - Also provides the serious issues systemd-resolved+DNSSEC issues,
https://github.com/systemd/systemd/issues/10579 &
https://github.com/systemd/systemd/issues/9867
- request for strict DoT: https://github.com/systemd/systemd/issues/10755 - request for strict DoT: https://github.com/systemd/systemd/issues/10755
- vulnerable to MITM: https://github.com/systemd/systemd/issues/9397 - vulnerable to MITM: https://github.com/systemd/systemd/issues/9397

View File

@ -1,15 +1,19 @@
<!-- @format -->
Systemd services. These are sorted by some kind of category into Systemd services. These are sorted by some kind of category into
subdirectories. The sudirectories won't exist in the real subdirectories. The sudirectories won't exist in the real
`/etc/systemd/system` unless they end `.wants` or `.d` or something similar `/etc/systemd/system` unless they end `.wants` or `.d` or something similar
and I forget to update this README file if that happens. and I forget to update this README file if that happens.
- reflector.service is copied from https://wiki.archlinux.org/index.php/Reflector - reflector.service is copied from
but uses https instead of http, because there is no reason I would want https://wiki.archlinux.org/index.php/Reflector but uses https instead of
someone to see what I download. http, because there is no reason I would want someone to see what I
download.
## Worth reading ## Worth reading
- Waiting for network devices to have IP address (**I only use this for - Waiting for network devices to have IP address (**I only use this for
cables**) https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme cables**)
https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme
- `systemctl enable NetworkManager-wait-online.service` - `systemctl enable NetworkManager-wait-online.service`
- `systemctl enable systemd-networkd-wait-online.service` - `systemctl enable systemd-networkd-wait-online.service`

View File

@ -1,3 +1,5 @@
<!-- @format -->
# Autostart files for graphical desktop environments # Autostart files for graphical desktop environments
This mostly caters for my family. This mostly caters for my family.

View File

@ -1,3 +1,5 @@
<!-- @format -->
# Custom app menu entries # Custom app menu entries
These can be used for either `~/.local/share/applications` or These can be used for either `~/.local/share/applications` or
@ -25,12 +27,12 @@ so graphical desktop environments started the apps on login.
## `a-*.desktop` ## `a-*.desktop`
These files are companions to my script repos `bash/usr-local-bin/*` belonging These files are companions to my script repos `bash/usr-local-bin/*` belonging
to `/usr/local/share/applications` and are named so to to `/usr/local/share/applications` and are named so to avoid masking package
avoid masking package manager. They have clearly different names such as using manager. They have clearly different names such as using all caps.
all caps.
Apparently one can also have subdirectories in `/usr/local/share/applications/` Apparently one can also have subdirectories in
and `~/.local/share/applications/` making life easier. `/usr/local/share/applications/` and `~/.local/share/applications/` making
life easier.
## Refreshing the menus ## Refreshing the menus

View File

@ -1,3 +1,5 @@
<!-- @format -->
iwd network configuration lives in this directory iwd network configuration lives in this directory
See also `../../../etc/iwd/main.conf` especially in standalone iwd without See also `../../../etc/iwd/main.conf` especially in standalone iwd without
@ -5,11 +7,11 @@ NetworkManager.
Notes: Notes:
- `git commit`ing the same SSID with different capitalisations breaks - `git commit`ing the same SSID with different capitalisations breaks Windows
Windows and more common macOS setups due to their filesystems being and more common macOS setups due to their filesystems being
case-insensitive. case-insensitive.
- `Settings.AutoConnect=true` is unnecessary as it defaults to true - `Settings.AutoConnect=true` is unnecessary as it defaults to true according
according to `man iwd.network`. to `man iwd.network`.
- `IPv6.Enabled=true` defauls to true being also unnecessary. - `IPv6.Enabled=true` defauls to true being also unnecessary.
- `private-home-sample.psk` has a comment on MAC address override and sends - `private-home-sample.psk` has a comment on MAC address override and sends
hostname with IPv4 DHCP. `private-cafe-sample.psk` always randomizes MAC hostname with IPv4 DHCP. `private-cafe-sample.psk` always randomizes MAC