fix .prettierrc & run prettier again

This commit is contained in:
Aminda Suomalainen 2024-07-03 19:08:14 +03:00
parent 3027652652
commit 447dcfdf08
Signed by: Mikaela
SSH Key Fingerprint: SHA256:CXLULpqNBdUKB6E6fLA1b/4SzG0HvKD19PbIePU175Q
17 changed files with 162 additions and 91 deletions

View File

@ -1,3 +1,5 @@
# @format
# Based on https://pre-commit.com
image: python:alpine
gitlab-ci-pre-commit:

View File

@ -13,11 +13,11 @@
{ "files": ".prettierrc", "options": { "parser": "json" } },
{
"files": "conf/librewolf.overrides.cfg",
"options": { "parser": ".js" }
"options": { "parser": "babel" }
},
{
"files": "conf/autoconfig.js.online",
"options": { "parser": ".js" }
"options": { "parser": "babel" }
}
]
}

View File

@ -1,3 +1,5 @@
<!-- @format -->
Config files that I wish to have everywhere. You could probably call this
repository as dotfiles, but historical reasons...

View File

@ -1,10 +1,12 @@
<!-- @format -->
# DNS over HTTPS in Windows 11
Requires Windows 11.
- `GPO-EnforceDoH.reg` enables the group policy to require DoH. However it
didn't seem to work for me or it allowed me to set the DNS server to not
use DoH.
didn't seem to work for me or it allowed me to set the DNS server to not use
DoH.
- `DohWellKnownServers` adds DoH support for multiple IPv4 & IPv6 addresses
that Windows 11 isn't shipping by default, currently:
@ -17,14 +19,18 @@ Requires Windows 11.
- Mullvad
- Mullvad Adblock
- Quad9 ECS (Windows 11 defaults include Quad9 default)
- TREX (actually points to Quad9 as per [their documentation](https://www.trex.fi/service/resolvers.html))
- TREX (actually points to Quad9 as per
[their documentation](https://www.trex.fi/service/resolvers.html))
## Configuration
Once Windows knows about the DoH servers (DohWellKnownServers.reg), DNS-over
HTTPS can be enabled for:
- All networks: `Windows-I (Settings) -> Network & Internet -> Advanced network settings -> WLAN -> View additional properties -> DNS Server assignment -> Edit`
- All networks:
`Windows-I (Settings) -> Network & Internet -> Advanced network settings -> WLAN -> View additional properties -> DNS Server assignment -> Edit`
- Same place for Ethernet etc.
- Specific network: `Windows-I (Settings) -> Network & Internet -> WiFi -> Connected SSID -> DNS server assignment -> Edit`
- Note: if the all networks one is configured, there is a warning about it not being used.
- Specific network:
`Windows-I (Settings) -> Network & Internet -> WiFi -> Connected SSID -> DNS server assignment -> Edit`
- Note: if the all networks one is configured, there is a warning about it
not being used.

View File

@ -1,3 +1,5 @@
<!-- @format -->
This file is supposed to explain [Windows.reg](Windows.reg).
```
@ -10,9 +12,10 @@ Windows Registry Editor Version 5.00
- Make the file Windows Registry Editor script
- Ask admins for password/PIN in UAC
- 2 would ask for yes or no, 0 disable entirely (don't do that).
- prompt standard users for username and password. 2021-12-19: I don't understand this or the line below.
- The other option (1) doesn't even give them UAC prompt so you must
always login as admin to do anything.
- prompt standard users for username and password. 2021-12-19: I don't
understand this or the line below.
- The other option (1) doesn't even give them UAC prompt so you must always
login as admin to do anything.
```
"dontdisplaylastusername"=dword:00000000
@ -39,8 +42,8 @@ Windows Registry Editor Version 5.00
```
- Sets hardware clock to UTC time (doesn't affect system clock!)
- qword for 64-bit, dword for 32-bit systems. The actual reg file has
only qword as I haven't seen 32-bit Windowses lately.
- qword for 64-bit, dword for 32-bit systems. The actual reg file has only
qword as I haven't seen 32-bit Windowses lately.
```
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]

View File

@ -1,3 +1,5 @@
/** @format */
// This file belongs to Firefox `default/pref` directory.
// E.g. /usr/lib64/firefox/defaults/pref/ or ~/.local/firefox/defaults/pref/

View File

@ -1,10 +1,15 @@
/** @format */
// This file belongs to Firefox `default/pref` directory as `autoconfig.js`.
// E.g. /usr/lib64/firefox/defaults/pref/autoconfig.js
// WARNING: lockPref() IS NOT ALLOWED HERE!
//pref("autoadmin.global_config_url","https://gitea.blesmrt.net/mikaela/shell-things/raw/branch/master/conf/firefox-forbidden-policies.js");
pref("autoadmin.global_config_url","file:///home/aminda/public_html/autoconfig.js");
pref(
"autoadmin.global_config_url",
"file:///home/aminda/public_html/autoconfig.js",
);
pref("general.config.obscure_value", 0);
pref("autoadmin.refresh_interval", 120);
pref("autoadmin.offline_failover", true);

View File

@ -1,3 +1,4 @@
/** @format */
// ~/.{librewolf,var/app/io.gitlab.librewolf-community/.librewolf}/librewolf.overrides.cfg
// The first line of this file is supposed to be empty.
@ -11,7 +12,10 @@
// NOTE! A lot is commented either for being a note, wrong, TODO, whatever, or most likely in my /etc/firefox/policies/policies.json
// Firefox autoconfig
pref("autoadmin.global_config_url", "https://gitea.blesmrt.net/mikaela/shell-things/raw/branch/master/conf/librewolf.overrides.cfg");
pref(
"autoadmin.global_config_url",
"https://gitea.blesmrt.net/mikaela/shell-things/raw/branch/master/conf/librewolf.overrides.cfg",
);
//pref("general.config.obscure_value", 0);
pref("autoadmin.refresh_interval", 120);
pref("autoadmin.offline_failover", true);
@ -51,7 +55,10 @@ pref("privacy.fingerprintingProtection.pbmode", true);
// usability and reveal the real platform (voting for Linux
// existing in statistics). https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargets.inc
// It's not like I have any uniqueness with `intl.accept_languages` below...
pref("privacy.fingerprintingProtection.overrides", "+AllTargets,-KeyboardEvents,-SpeechSynthesis,-CSSPrefersColorScheme,-CSSPrefersReducedMotion,-NavigatorPlatform,-NavigatorUserAgent,-JSDateTimeUTC,-HttpUserAgent,-FontVisibilityRestrictGenerics,-FontVisibilityBaseSystem,-FontVisibilityLangPack");
pref(
"privacy.fingerprintingProtection.overrides",
"+AllTargets,-KeyboardEvents,-SpeechSynthesis,-CSSPrefersColorScheme,-CSSPrefersReducedMotion,-NavigatorPlatform,-NavigatorUserAgent,-JSDateTimeUTC,-HttpUserAgent,-FontVisibilityRestrictGenerics,-FontVisibilityBaseSystem,-FontVisibilityLangPack",
);
// :( but fingerprintability
pref("javascript.use_us_english_locale", true);
@ -147,8 +154,14 @@ pref("browser.cache.memory.enable", true);
//pref("privacy.userContext.ui.enabled", true);
//pref("browser.contentblocking.category", "strict");
pref("privacy.partition.always_partition_third_party_non_cookie_storage", true);
pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", false);
pref(
"privacy.partition.always_partition_third_party_non_cookie_storage",
true,
);
pref(
"privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage",
false,
);
/** prevent media cache from being written to disk in pb, but increase max cache size to avoid playback issues */
pref("browser.privatebrowsing.forceMediaMemoryCache", true);
@ -271,7 +284,6 @@ pref("browser.urlbar.weather.featureGate", false);
// these are from Arkenfox, I decided to put them here.
pref("browser.download.start_downloads_in_tmp_dir", true); // Arkenfox user.js v118
/**
* the pref disables the whole feature and hide it from the ui
* (as noted in https://bugzilla.mozilla.org/show_bug.cgi?id=1755057).
@ -307,8 +319,6 @@ pref("browser.link.open_newwindow.restriction", 0);
/** [SECTION] MOUSE */
pref("browser.tabs.searchclipboardfor.middleclick", false); // prevent mouse middle click on new tab button to trigger searches or page loads
/** [CATEGORY] EXTENSIONS */
/** [SECTION] USER INSTALLED
@ -363,14 +373,20 @@ pref("browser.shopping.experience2023.active", false);
/** [SECTION] OTHERS */
pref("webchannel.allowObject.urlWhitelist", ""); // remove web channel whitelist
pref("services.settings.server", "https://%.invalid") // set the remote settings URL (REMOTE_SETTINGS_SERVER_URL in the code)
pref("services.settings.server", "https://%.invalid"); // set the remote settings URL (REMOTE_SETTINGS_SERVER_URL in the code)
/** [SECTION] NEW TAB PAGE
* we want NTP to display nothing but the search bar without anything distracting.
* the three prefs below are just for minimalism and they should be easy to revert for users.
*/
pref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false);
pref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false);
pref(
"browser.newtabpage.activity-stream.section.highlights.includeDownloads",
false,
);
pref(
"browser.newtabpage.activity-stream.section.highlights.includeVisited",
false,
);
pref("browser.newtabpage.activity-stream.feeds.topsites", false);
// hide stories and sponsored content from Firefox Home
pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
@ -380,7 +396,10 @@ pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false);
pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
pref("browser.newtabpage.activity-stream.telemetry", false);
// hide stories UI in about:preferences#home, empty highlights list
pref("browser.newtabpage.activity-stream.feeds.section.topstories.options", "{\"hidden\":true}");
pref(
"browser.newtabpage.activity-stream.feeds.section.topstories.options",
'{"hidden":true}',
);
pref("browser.newtabpage.activity-stream.default.sites", "");
/** [SECTION] ABOUT
@ -406,8 +425,14 @@ pref("browser.preferences.moreFromMozilla", false);
/** [SECTION] RECOMMENDED
* disable all "recommend as you browse" activity.
*/
pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false);
pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false);
pref(
"browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features",
false,
);
pref(
"browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons",
false,
);
// Maybe Windows specific, but looks useful.
pref("network.protocol-handler.external.ms-windows-store", false); // prevent links from launching windows store

View File

@ -1,16 +1,18 @@
<!-- @format -->
My configs for [dnscrypt-proxy]
At the time of writing, hosts-mikaela.txt is intended for not having to
remember or trust the DNS for all of the domains or the hypothetical
scenario where I have no access to DNS, but for some reason having access
to [Yggdrasil] and/or [Hyperboria] or just to answer the question, why to
rely on centralized technology on decentralized web.
remember or trust the DNS for all of the domains or the hypothetical scenario
where I have no access to DNS, but for some reason having access to
[Yggdrasil] and/or [Hyperboria] or just to answer the question, why to rely on
centralized technology on decentralized web.
Mosts of the domains in hosts-mikaela.txt should also work without the file
when mikaela.internal is replaced with mikaela.info, however relying on DNS,
but that way you must trust DNSSEC, CloudFlare and wherever the CNAME
points to who may not have DNSSEC. If you are using this file
(you shouldn't), you are already trusting me.
but that way you must trust DNSSEC, CloudFlare and wherever the CNAME points
to who may not have DNSSEC. If you are using this file (you shouldn't), you
are already trusting me.
[dnscrypt-proxy]: https://github.com/jedisct1/dnscrypt-proxy
[hyperboria]: https://hyperboria.net/

View File

@ -1,3 +1,5 @@
<!-- @format -->
# Firefox `policies.json`
- https://mozilla.github.io/policy-templates/
@ -32,8 +34,8 @@ per whatever I am doing.
## WARNING TO LIBREWOLF USERS
This file takes priority over
`/usr/share/librewolf/distribution/policies.json` so don't apply this or
a lot of LibreWolf specific customizations stops being in force.
`/usr/share/librewolf/distribution/policies.json` so don't apply this or a lot
of LibreWolf specific customizations stops being in force.
## General warning

View File

@ -1,3 +1,5 @@
<!-- @format -->
# Chromium policies
- https://chromeenterprise.google/policies/
@ -200,8 +202,8 @@ disabling GTK/Qt themes.
## `brave-shields-disabled.json`
Allowlist for sites where I think Brave Shields may be breaking things. Similar is also in
`aminda-extensions.json` for Privacy Badger.
Allowlist for sites where I think Brave Shields may be breaking things.
Similar is also in `aminda-extensions.json` for Privacy Badger.
## `disable-brave-ipfs.json`
@ -254,14 +256,15 @@ Simply forces DNS-over-HTTPS with DNS0.eu.
## `doh-mullvad-base.json`
Forces DNS-over-HTTPS with Mullvad Base, which features ad, malware & tracker blocking.
Forces DNS-over-HTTPS with Mullvad Base, which features ad, malware & tracker
blocking.
- https://mullvad.net/en/help/dns-over-https-and-dns-over-tls#specifications
## `doh-quad9-ecs.json`
Forces DNS over HTTPS with Quad9 ECS enabled threat-blocking server and also contains
their alternative port.
Forces DNS over HTTPS with Quad9 ECS enabled threat-blocking server and also
contains their alternative port.
## `doh-quad9.json`
@ -270,15 +273,18 @@ their alternative port.
## `doh-unlocked-unset.json`
Allows configuring DoH even with managed policies present (unless another DoH rule is in force) since enabling any managed policy will otherwise gray out the option.
Allows configuring DoH even with managed policies present (unless another DoH
rule is in force) since enabling any managed policy will otherwise gray out
the option.
If no DNS over HTTPS policy is used, this unlocks the setting. Enabling managed policies disable it by default.
If no DNS over HTTPS policy is used, this unlocks the setting. Enabling
managed policies disable it by default.
My other `doh-*.json` set this as well, because `secure` doesn't allow
downgrade to system resolver and Chromium seems somewhat unreliable with it often reporting
`DNS_PROBE_POSSIBLE` and while this occassionally disables ECH, it works and
my system resolvers are encrypted. I hope they will implement ECH with system
resolver soon to fix this.
downgrade to system resolver and Chromium seems somewhat unreliable with it
often reporting `DNS_PROBE_POSSIBLE` and while this occassionally disables
ECH, it works and my system resolvers are encrypted. I hope they will
implement ECH with system resolver soon to fix this.
## `edge-appsfavorites.json`
@ -298,7 +304,8 @@ Explicitly enables Chromecast support.
## `enable-labs.json`
Enables the beaker button "Experiments" for easier management than `about:flags`.
Enables the beaker button "Experiments" for easier management than
`about:flags`.
## `enable-passwordleakdetection.json`
@ -332,14 +339,14 @@ This file evolved to merge another one, so now it:
## `prefetch.json`
Enables prefetching. Will make sites very speedy, but decreases privacy and may
conflict with uBlock Origin. However AdNauseam is already clicking those ads, so
maybe it's not that big of an issue.
Enables prefetching. Will make sites very speedy, but decreases privacy and
may conflict with uBlock Origin. However AdNauseam is already clicking those
ads, so maybe it's not that big of an issue.
## `profilemanager.json`
Forces the profile screen even with only one profile. I love the feature in Firefox
and want to see it here too, now that I accidentally noticed it.
Forces the profile screen even with only one profile. I love the feature in
Firefox and want to see it here too, now that I accidentally noticed it.
## `README.md`

View File

@ -1,3 +1,5 @@
<!-- @format -->
# systemd-resolved additional config files
<!-- editorconfig-checker-disable -->
@ -17,8 +19,8 @@
## Quickstart
This is also done by `../../systemd-resolv.conf-restore.bash` which takes
into account more circumstances...
This is also done by `../../systemd-resolv.conf-restore.bash` which takes into
account more circumstances...
```bash
sudo systemctl enable --now systemd-resolved.service
@ -33,13 +35,13 @@ offer.
## Files explained
- `00-defaults.conf` - configuration that should be used everywhere.
Enables DNSSEC (regardless of systemd-resolved not handling it properly),
enables opportunistic DoT, caching and local DNS servers (because they
should exist anyway as I don't trust systemd-resolved entirely. Anyway if
there truly is no local resolver, systemd-resolved will detect that and act accordingly.)
- To rephrase, this is to be used together with other files, especially
some of those beginning with `10-dot-`.
- `00-defaults.conf` - configuration that should be used everywhere. Enables
DNSSEC (regardless of systemd-resolved not handling it properly), enables
opportunistic DoT, caching and local DNS servers (because they should exist
anyway as I don't trust systemd-resolved entirely. Anyway if there truly is
no local resolver, systemd-resolved will detect that and act accordingly.)
- To rephrase, this is to be used together with other files, especially some
of those beginning with `10-dot-`.
- `05-do53-dna-moi.conf` - DNS servers used by DNA and Moi (who is on DNA's
network and owned by them)
- `05-do53-elisa.conf` - DNS servers used by Elisa and apparently their
@ -48,12 +50,12 @@ offer.
At least one of these should be used in addition to `00-defaults.conf`
- `98-local-resolver.conf` attempts to configure localhost resolver and
disables unnecessary features for that scenario. The number 10 takes
priority over 00 and 05 so if a DNSOverTLS=true is uncommented, it will
also apply to the former ones that are unlikely to support it. When
numbering the files, I didn't think I would be adding the plaintext DNS
servers that I am unlikely to use whenever Unbound is available (and I
currently have only one system that has systemd-resolved while not having
Unbound and it seems to prefer DoT over my router anyway).
priority over 00 and 05 so if a DNSOverTLS=true is uncommented, it will also
apply to the former ones that are unlikely to support it. When numbering the
files, I didn't think I would be adding the plaintext DNS servers that I am
unlikely to use whenever Unbound is available (and I currently have only one
system that has systemd-resolved while not having Unbound and it seems to
prefer DoT over my router anyway).
- `99-lan-resolver.conf.sample` when renamed would allow enabling resolvers on
LAN assuming they are trusted. Note that if used together with
`98-local-resolver.conf`, DNSSEC would be disabled.
@ -61,30 +63,33 @@ offer.
## General commentary
- DNSOverTLS became supported in systemd v239, strict mode (true) in
v243 (big improvements in v244).
- DNSOverTLS became supported in systemd v239, strict mode (true) in v243 (big
improvements in v244).
- TODO: find out when SNI became supported, I have just spotted it in the
fine manual in 2020-06-??.
- Domains has to be `.~` for them to override DHCP. See https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd
- Domains has to be `.~` for them to override DHCP. See
https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd
without which I wouldn't have got this right.
- DNSSEC may not work if the system is down for a long time and not updated.
Thus `allow-downgrade` may be better for non-tech people, even with the
potential downgrade attack. There are also captive portals, affecting
`DNSOverTLS`. Both take `true` or `false` or their own special option,
for DNSSEC the `allow-downgrade`, for DNSOverTLS `opportunistic`.
`DNSOverTLS`. Both take `true` or `false` or their own special option, for
DNSSEC the `allow-downgrade`, for DNSOverTLS `opportunistic`.
- Then again when was any system that outdated to not have working DNSSEC?
- TODO: return to this configuration should that actually happen?
- I am actually running Unbound simultaneously with `resolv.conf` pointing
to both with `options rotate edns0 trust-ad` which might workaround that
potential issue.
- DNS server priority is the one they are specified in. The first working one
will be used when it won't work anymore and then the next is used as long
as it works and then it's back to the beginning.
will be used when it won't work anymore and then the next is used as long as
it works and then it's back to the beginning.
- https://github.com/systemd/systemd/issues/16322#issuecomment-724143641
Other links I have found important and my files are based on:
- https://wiki.archlinux.org/index.php/Systemd-resolved
- Also provides the serious issues systemd-resolved+DNSSEC issues, https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
- Also provides the serious issues systemd-resolved+DNSSEC issues,
https://github.com/systemd/systemd/issues/10579 &
https://github.com/systemd/systemd/issues/9867
- request for strict DoT: https://github.com/systemd/systemd/issues/10755
- vulnerable to MITM: https://github.com/systemd/systemd/issues/9397

View File

@ -1,15 +1,19 @@
<!-- @format -->
Systemd services. These are sorted by some kind of category into
subdirectories. The sudirectories won't exist in the real
`/etc/systemd/system` unless they end `.wants` or `.d` or something similar
and I forget to update this README file if that happens.
- reflector.service is copied from https://wiki.archlinux.org/index.php/Reflector
but uses https instead of http, because there is no reason I would want
someone to see what I download.
- reflector.service is copied from
https://wiki.archlinux.org/index.php/Reflector but uses https instead of
http, because there is no reason I would want someone to see what I
download.
## Worth reading
- Waiting for network devices to have IP address (**I only use this for
cables**) https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme
cables**)
https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme
- `systemctl enable NetworkManager-wait-online.service`
- `systemctl enable systemd-networkd-wait-online.service`

View File

@ -1,3 +1,5 @@
<!-- @format -->
# Autostart files for graphical desktop environments
This mostly caters for my family.

View File

@ -1,3 +1,5 @@
<!-- @format -->
# Custom app menu entries
These can be used for either `~/.local/share/applications` or
@ -25,12 +27,12 @@ so graphical desktop environments started the apps on login.
## `a-*.desktop`
These files are companions to my script repos `bash/usr-local-bin/*` belonging
to `/usr/local/share/applications` and are named so to
avoid masking package manager. They have clearly different names such as using
all caps.
to `/usr/local/share/applications` and are named so to avoid masking package
manager. They have clearly different names such as using all caps.
Apparently one can also have subdirectories in `/usr/local/share/applications/`
and `~/.local/share/applications/` making life easier.
Apparently one can also have subdirectories in
`/usr/local/share/applications/` and `~/.local/share/applications/` making
life easier.
## Refreshing the menus

View File

@ -1,3 +1,5 @@
<!-- @format -->
iwd network configuration lives in this directory
See also `../../../etc/iwd/main.conf` especially in standalone iwd without
@ -5,11 +7,11 @@ NetworkManager.
Notes:
- `git commit`ing the same SSID with different capitalisations breaks
Windows and more common macOS setups due to their filesystems being
- `git commit`ing the same SSID with different capitalisations breaks Windows
and more common macOS setups due to their filesystems being
case-insensitive.
- `Settings.AutoConnect=true` is unnecessary as it defaults to true
according to `man iwd.network`.
- `Settings.AutoConnect=true` is unnecessary as it defaults to true according
to `man iwd.network`.
- `IPv6.Enabled=true` defauls to true being also unnecessary.
- `private-home-sample.psk` has a comment on MAC address override and sends
hostname with IPv4 DHCP. `private-cafe-sample.psk` always randomizes MAC