mirror of
https://gitea.blesmrt.net/mikaela/shell-things.git
synced 2024-11-25 04:29:29 +01:00
run prettier on markdown again?
This commit is contained in:
parent
5106f8d98e
commit
b39b5db0d4
@ -4,7 +4,7 @@ repository as dotfiles, but historical reasons...
|
|||||||
# Directories explained
|
# Directories explained
|
||||||
|
|
||||||
- .mikaela — files that most likely aren't suitable for places where other
|
- .mikaela — files that most likely aren't suitable for places where other
|
||||||
people than me have access too
|
people than me have access too
|
||||||
- Windows — files releated to Windows
|
- Windows — files releated to Windows
|
||||||
- conf — config files like .tmux.conf
|
- conf — config files like .tmux.conf
|
||||||
- etc — /etc/
|
- etc — /etc/
|
||||||
|
@ -22,11 +22,11 @@ I think the first method is likely the best, but I cannot rule these working
|
|||||||
on another system out yet. They didn't work on my first system tried.
|
on another system out yet. They didn't work on my first system tried.
|
||||||
|
|
||||||
- `00-AllowUpgradesWithUnsupportedTPMOrCPU.reg` - the official Microsoft
|
- `00-AllowUpgradesWithUnsupportedTPMOrCPU.reg` - the official Microsoft
|
||||||
recommendation and the only one that should be used. If after reboot
|
recommendation and the only one that should be used. If after reboot
|
||||||
nothing happens, maybe try the rest rebooting every failure.
|
nothing happens, maybe try the rest rebooting every failure.
|
||||||
- https://support.microsoft.com/windows/windows-11-n-asentaminen-e0edbbfb-cfc5-4011-868b-2ce77ac7c70e
|
- https://support.microsoft.com/windows/windows-11-n-asentaminen-e0edbbfb-cfc5-4011-868b-2ce77ac7c70e
|
||||||
- `01-LabConfig.reg` - widely reported to work
|
- `01-LabConfig.reg` - widely reported to work
|
||||||
- `01-Setup.reg` - ^
|
- `01-Setup.reg` - ^
|
||||||
- `02-DevRing.reg` - after joining the Insider program, this should enforce
|
- `02-DevRing.reg` - after joining the Insider program, this should enforce
|
||||||
joining to Dev ring which should offer Windows 11 instantly. It may be
|
joining to Dev ring which should offer Windows 11 instantly. It may be
|
||||||
advisable to leave after successful update.
|
advisable to leave after successful update.
|
||||||
|
@ -3,17 +3,17 @@
|
|||||||
Requires Windows 11.
|
Requires Windows 11.
|
||||||
|
|
||||||
- `GPO-EnforceDoH.reg` enables the group policy to require DoH. However it
|
- `GPO-EnforceDoH.reg` enables the group policy to require DoH. However it
|
||||||
didn't seem to work for me or it allowed me to set the DNS server to not
|
didn't seem to work for me or it allowed me to set the DNS server to not
|
||||||
use DoH.
|
use DoH.
|
||||||
|
|
||||||
- `DohWellKnownServers` adds DoH support for multiple IPv4 & IPv6 addresses
|
- `DohWellKnownServers` adds DoH support for multiple IPv4 & IPv6 addresses
|
||||||
that Windows 11 isn't shipping by default, currently:
|
that Windows 11 isn't shipping by default, currently:
|
||||||
- Adguard
|
- Adguard
|
||||||
- Cloudflare antimalware
|
- Cloudflare antimalware
|
||||||
- DNS0 (& Zero)
|
- DNS0 (& Zero)
|
||||||
- Mullvad
|
- Mullvad
|
||||||
- Mullvad Adblock
|
- Mullvad Adblock
|
||||||
- Quad9 ECS (Windows 11 defaults include Quad9 default)
|
- Quad9 ECS (Windows 11 defaults include Quad9 default)
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
@ -21,6 +21,6 @@ Once Windows knows about the DoH servers (DohWellKnownServers.reg), DNS-over
|
|||||||
HTTPS can be enabled for:
|
HTTPS can be enabled for:
|
||||||
|
|
||||||
- All networks: `Windows-I (Settings) -> Network & Internet -> Advanced network settings -> WLAN -> View additional properties -> DNS Server assignment -> Edit`
|
- All networks: `Windows-I (Settings) -> Network & Internet -> Advanced network settings -> WLAN -> View additional properties -> DNS Server assignment -> Edit`
|
||||||
- Same place for Ethernet etc.
|
- Same place for Ethernet etc.
|
||||||
- Specific network: `Windows-I (Settings) -> Network & Internet -> WiFi -> Connected SSID -> DNS server assignment -> Edit`
|
- Specific network: `Windows-I (Settings) -> Network & Internet -> WiFi -> Connected SSID -> DNS server assignment -> Edit`
|
||||||
- Note: if the all networks one is configured, there is a warning about it not being used.
|
- Note: if the all networks one is configured, there is a warning about it not being used.
|
||||||
|
@ -3,6 +3,6 @@ Some kind of explaining for [IPv6.reg](IPv6.reg) like
|
|||||||
|
|
||||||
- Resolve IPv6 even without native connectivity.
|
- Resolve IPv6 even without native connectivity.
|
||||||
- Enable Teredo
|
- Enable Teredo
|
||||||
- As EnterpriseClient so it also works when joined into domain.
|
- As EnterpriseClient so it also works when joined into domain.
|
||||||
- Use `teredo.trex.fi` as Teredo server. This should be replaced with
|
- Use `teredo.trex.fi` as Teredo server. This should be replaced with
|
||||||
something that is as near as possible.
|
something that is as near as possible.
|
||||||
|
@ -9,10 +9,10 @@ Windows Registry Editor Version 5.00
|
|||||||
|
|
||||||
- Make the file Windows Registry Editor script
|
- Make the file Windows Registry Editor script
|
||||||
- Ask admins for password/PIN in UAC
|
- Ask admins for password/PIN in UAC
|
||||||
- 2 would ask for yes or no, 0 disable entirely (don't do that).
|
- 2 would ask for yes or no, 0 disable entirely (don't do that).
|
||||||
- prompt standard users for username and password. 2021-12-19: I don't understand this or the line below.
|
- prompt standard users for username and password. 2021-12-19: I don't understand this or the line below.
|
||||||
- The other option (1) doesn't even give them UAC prompt so you must
|
- The other option (1) doesn't even give them UAC prompt so you must
|
||||||
always login as admin to do anything.
|
always login as admin to do anything.
|
||||||
|
|
||||||
```
|
```
|
||||||
"dontdisplaylastusername"=dword:00000000
|
"dontdisplaylastusername"=dword:00000000
|
||||||
@ -39,8 +39,8 @@ Windows Registry Editor Version 5.00
|
|||||||
```
|
```
|
||||||
|
|
||||||
- Sets hardware clock to UTC time (doesn't affect system clock!)
|
- Sets hardware clock to UTC time (doesn't affect system clock!)
|
||||||
- qword for 64-bit, dword for 32-bit systems. The actual reg file has
|
- qword for 64-bit, dword for 32-bit systems. The actual reg file has
|
||||||
only qword as I haven't seen 32-bit Windowses lately.
|
only qword as I haven't seen 32-bit Windowses lately.
|
||||||
|
|
||||||
```
|
```
|
||||||
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]
|
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]
|
||||||
|
@ -7,16 +7,16 @@ w32tm /query /peers
|
|||||||
```
|
```
|
||||||
|
|
||||||
- The list is space separated NTP servers, while I think Windows uses SNTP instead
|
- The list is space separated NTP servers, while I think Windows uses SNTP instead
|
||||||
of NTP.
|
of NTP.
|
||||||
- `/resync` may sync current time, but is also required for the GUI
|
- `/resync` may sync current time, but is also required for the GUI
|
||||||
(Windows + I, Date & time) and following command to get aware of peers.
|
(Windows + I, Date & time) and following command to get aware of peers.
|
||||||
- Shows where time is synced from and statistics.
|
- Shows where time is synced from and statistics.
|
||||||
- There is also `net time` to sync, I am unsure of the differences while
|
- There is also `net time` to sync, I am unsure of the differences while
|
||||||
that may be blocked while the second keeps working. It may also not
|
that may be blocked while the second keeps working. It may also not
|
||||||
show all the peers, just the primary one, while `w32tm` is more verbose
|
show all the peers, just the primary one, while `w32tm` is more verbose
|
||||||
and has all of them.
|
and has all of them.
|
||||||
- As Windows doesn't support NTS and probably won't in near future, there is
|
- As Windows doesn't support NTS and probably won't in near future, there is
|
||||||
no point in listing distant foreign servers.
|
no point in listing distant foreign servers.
|
||||||
|
|
||||||
## Variations
|
## Variations
|
||||||
|
|
||||||
@ -47,14 +47,14 @@ w32tm /config /syncfromflags:manual /manualpeerlist:"time.cloudflare.com ntp1.ko
|
|||||||
- https://www.netnod.se/nts/network-time-security
|
- https://www.netnod.se/nts/network-time-security
|
||||||
- https://www.vttresearch.com/fi/palvelut/suomen-aika-ntp-palvelu#julkinen
|
- https://www.vttresearch.com/fi/palvelut/suomen-aika-ntp-palvelu#julkinen
|
||||||
- https://www.ntppool.org/use.html
|
- https://www.ntppool.org/use.html
|
||||||
- Also mentions the syntax for multiple servers, but considering this Elisa
|
- Also mentions the syntax for multiple servers, but considering this Elisa
|
||||||
list has so many servers I am only picking one pool address just in case
|
list has so many servers I am only picking one pool address just in case
|
||||||
the others somehow fail.
|
the others somehow fail.
|
||||||
|
|
||||||
## Additional reading
|
## Additional reading
|
||||||
|
|
||||||
- Above links
|
- Above links
|
||||||
- https://jasoncoltrin.com/2018/08/02/how-to-set-clock-time-on-ad-domain-controller-and-sync-windows-clients/
|
- https://jasoncoltrin.com/2018/08/02/how-to-set-clock-time-on-ad-domain-controller-and-sync-windows-clients/
|
||||||
- this file might not exist without this post, while it doesn't mention
|
- this file might not exist without this post, while it doesn't mention
|
||||||
multiple servers, uses `time.windows.com` and I am yet to actually touch
|
multiple servers, uses `time.windows.com` and I am yet to actually touch
|
||||||
NTP on Windows Server environment.
|
NTP on Windows Server environment.
|
||||||
|
@ -25,7 +25,7 @@ methods setting fonts):
|
|||||||
- Document text: Noto Serif Regular 11
|
- Document text: Noto Serif Regular 11
|
||||||
- Monospace text: Noto Sans Mono Regular 10
|
- Monospace text: Noto Sans Mono Regular 10
|
||||||
- Legacy window title text: Noto Serif Bold 11
|
- Legacy window title text: Noto Serif Bold 11
|
||||||
- Apparently this means "apps that don't use client-side decorations"
|
- Apparently this means "apps that don't use client-side decorations"
|
||||||
|
|
||||||
The number behind is obviously the number and it's based on what were the
|
The number behind is obviously the number and it's based on what were the
|
||||||
defaults before I touched them so I am hoping GNOME knows what they are
|
defaults before I touched them so I am hoping GNOME knows what they are
|
||||||
@ -42,10 +42,10 @@ have trouble handling it, e.g. mpv (makes Ä and Ö and Å all Å) and Firefox
|
|||||||
Other font settings in GNOME-Tweak:
|
Other font settings in GNOME-Tweak:
|
||||||
|
|
||||||
- Hinting: _a bit_
|
- Hinting: _a bit_
|
||||||
- for no particular reason
|
- for no particular reason
|
||||||
- Antialiasing: _Subpixel (for LCD-displays)_
|
- Antialiasing: _Subpixel (for LCD-displays)_
|
||||||
- I have no idea where there are "standard grayscale" displays that aren't
|
- I have no idea where there are "standard grayscale" displays that aren't
|
||||||
LCD.
|
LCD.
|
||||||
|
|
||||||
### Screen mirroring
|
### Screen mirroring
|
||||||
|
|
||||||
@ -56,6 +56,6 @@ Workarounds:
|
|||||||
- Use VNC (see my Scripts repo [`bash/swaymirror.bash`](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/swaymirror.bash))
|
- Use VNC (see my Scripts repo [`bash/swaymirror.bash`](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/swaymirror.bash))
|
||||||
- Do something weird with OBS
|
- Do something weird with OBS
|
||||||
- Use a dedicated application that don't seem to be in Fedora repos, flatpak
|
- Use a dedicated application that don't seem to be in Fedora repos, flatpak
|
||||||
or snap.
|
or snap.
|
||||||
- [github.com/Ferdi265/wl-mirror](https://github.com/Ferdi265/wl-mirror)
|
- [github.com/Ferdi265/wl-mirror](https://github.com/Ferdi265/wl-mirror)
|
||||||
- [github.com/progandy/wdomirror](https://github.com/progandy/wdomirror)
|
- [github.com/progandy/wdomirror](https://github.com/progandy/wdomirror)
|
||||||
|
@ -5,7 +5,7 @@ Thus this `README.md` is not read, even if I happened to carelessly
|
|||||||
copy-paste it in.
|
copy-paste it in.
|
||||||
|
|
||||||
- `autostart-communication.conf` - chat/communication apps I am expected to have
|
- `autostart-communication.conf` - chat/communication apps I am expected to have
|
||||||
open or at least check at times
|
open or at least check at times
|
||||||
- `autostart-fineid.conf` - Finnish electric identity card, that I also use as SSH key
|
- `autostart-fineid.conf` - Finnish electric identity card, that I also use as SSH key
|
||||||
- `autostart-utilities.conf` - general utilities, like `nm-applet` or VPN etc.
|
- `autostart-utilities.conf` - general utilities, like `nm-applet` or VPN etc.
|
||||||
- `grimshot.conf` - screenshotting keybinds using `grimshot`
|
- `grimshot.conf` - screenshotting keybinds using `grimshot`
|
||||||
@ -13,15 +13,15 @@ copy-paste it in.
|
|||||||
- `keyboard.conf` - keyboard configuration
|
- `keyboard.conf` - keyboard configuration
|
||||||
- `media.conf` - media key configuration and autostarts related to it
|
- `media.conf` - media key configuration and autostarts related to it
|
||||||
- `pointer-accel.conf` - pointer/mouse configuration, mainly setting acceleration
|
- `pointer-accel.conf` - pointer/mouse configuration, mainly setting acceleration
|
||||||
profile to `flat`
|
profile to `flat`
|
||||||
- `README.md` - you are currently reading this :wink:
|
- `README.md` - you are currently reading this :wink:
|
||||||
- `sedric.conf` - configuration specific to my laptop hostnamed `sedric`
|
- `sedric.conf` - configuration specific to my laptop hostnamed `sedric`
|
||||||
- `swaybar.conf` - `swaybar` configuration
|
- `swaybar.conf` - `swaybar` configuration
|
||||||
- `swayidle.conf` - `swayidle` configuration/autostart
|
- `swayidle.conf` - `swayidle` configuration/autostart
|
||||||
- `wlsunset-kotka.conf` - `wlsunset` configuration/autostart for my hometown for when
|
- `wlsunset-kotka.conf` - `wlsunset` configuration/autostart for my hometown for when
|
||||||
I happen to visit for longer period of time
|
I happen to visit for longer period of time
|
||||||
- `wlsunset-lauttasaari.conf` - `wlsunset` configuration for my home neighbourhood
|
- `wlsunset-lauttasaari.conf` - `wlsunset` configuration for my home neighbourhood
|
||||||
- `zz-floating.conf` - configures windows that should float. For some reason
|
- `zz-floating.conf` - configures windows that should float. For some reason
|
||||||
that is inherited from my `i3` config, it tells to put float rules above the
|
that is inherited from my `i3` config, it tells to put float rules above the
|
||||||
last line, so it should be read last and `z` is the last letter of English
|
last line, so it should be read last and `z` is the last letter of English
|
||||||
alphabet so it will hopefully be read last.
|
alphabet so it will hopefully be read last.
|
||||||
|
@ -8,9 +8,9 @@ cannot read them from here.
|
|||||||
These files may age badly, so here are some hopefully timeless pointers:
|
These files may age badly, so here are some hopefully timeless pointers:
|
||||||
|
|
||||||
- Generate the config file with https://ssl-config.mozilla.org/ (and if
|
- Generate the config file with https://ssl-config.mozilla.org/ (and if
|
||||||
time eats it, try https://github.com/mozilla/ssl-config-generator/ in
|
time eats it, try https://github.com/mozilla/ssl-config-generator/ in
|
||||||
hope of finding where it is now. \* Name it 00-something so it will be the first file read and make
|
hope of finding where it is now. \* Name it 00-something so it will be the first file read and make
|
||||||
everything a different file.
|
everything a different file.
|
||||||
- If using my acmesh-ssl.bash script, the files to fill should be like:
|
- If using my acmesh-ssl.bash script, the files to fill should be like:
|
||||||
|
|
||||||
(the script runs `$ACMESH --key-file $NGINXDIR/key.pem --fullchain-file $NGINXDIR/cert.pem --reloadcmd "$SYSTEMCTLRESTART nginx"`)
|
(the script runs `$ACMESH --key-file $NGINXDIR/key.pem --fullchain-file $NGINXDIR/cert.pem --reloadcmd "$SYSTEMCTLRESTART nginx"`)
|
||||||
@ -21,11 +21,11 @@ These files may age badly, so here are some hopefully timeless pointers:
|
|||||||
The header syntax is following, **_THIS LIKELY WON'T TIME WELL, ESPECIALLY CSP_**
|
The header syntax is following, **_THIS LIKELY WON'T TIME WELL, ESPECIALLY CSP_**
|
||||||
|
|
||||||
```
|
```
|
||||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
|
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
|
||||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||||
add_header Content-Security-Policy "block-all-mixed-content; default-src 'none'; form-action 'self'; connect-src 'self' ws: wss:; style-src 'self' https: 'unsafe-inline'; script-src 'self'; worker-src 'self'; child-src 'self'; manifest-src 'self'; font-src 'self' https:; media-src 'self' https:; img-src 'self' data: https://user-images.githubusercontent.com" always;
|
add_header Content-Security-Policy "block-all-mixed-content; default-src 'none'; form-action 'self'; connect-src 'self' ws: wss:; style-src 'self' https: 'unsafe-inline'; script-src 'self'; worker-src 'self'; child-src 'self'; manifest-src 'self'; font-src 'self' https:; media-src 'self' https:; img-src 'self' data: https://user-images.githubusercontent.com" always;
|
||||||
add_header X-Content-Type-Options "nosniff" always;
|
add_header X-Content-Type-Options "nosniff" always;
|
||||||
add_header Referrer-Policy "no-referrer" always;
|
add_header Referrer-Policy "no-referrer" always;
|
||||||
```
|
```
|
||||||
|
|
||||||
The CSP comes from `HEAD "http://[::]:9000/#/chan-1"` to figure out what
|
The CSP comes from `HEAD "http://[::]:9000/#/chan-1"` to figure out what
|
||||||
@ -33,9 +33,9 @@ TheLounge would be setting without a reverse proxy in front of it. `HEAD` is
|
|||||||
in Debian package `libwww-perl`
|
in Debian package `libwww-perl`
|
||||||
|
|
||||||
- Refer to tester tools to see if the configuration is fine:
|
- Refer to tester tools to see if the configuration is fine:
|
||||||
- https://observatory.mozilla.org/
|
- https://observatory.mozilla.org/
|
||||||
- https://securityheaders.com/
|
- https://securityheaders.com/
|
||||||
- https://www.ssllabs.com/ssltest/
|
- https://www.ssllabs.com/ssltest/
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -33,9 +33,9 @@ don't exist by default anymore, they need to be copied and edited separately
|
|||||||
See also:
|
See also:
|
||||||
|
|
||||||
- https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/1220
|
- https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/1220
|
||||||
- marked as duplicate of: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/207
|
- marked as duplicate of: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/207
|
||||||
|
|
||||||
## Bluetooth
|
## Bluetooth
|
||||||
|
|
||||||
- https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
|
- https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
|
||||||
- https://web.archive.org/web/20210614103423/https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
|
- https://web.archive.org/web/20210614103423/https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
|
||||||
|
@ -12,31 +12,31 @@ sudo systemctl restart systemd-resolved
|
|||||||
## Files explained
|
## Files explained
|
||||||
|
|
||||||
- `00-defaults.conf` - configuration not touching resolvers. Disables DNSSEC (as
|
- `00-defaults.conf` - configuration not touching resolvers. Disables DNSSEC (as
|
||||||
systemd-resolved doesn't handle it properly), enables opportunistic DoT and
|
systemd-resolved doesn't handle it properly), enables opportunistic DoT and
|
||||||
caching.
|
caching.
|
||||||
- `dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS. If
|
- `dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS. If
|
||||||
captive portals are a concern, `DNSOverTLS=no`.
|
captive portals are a concern, `DNSOverTLS=no`.
|
||||||
- `README.md` - you are reading it right now.
|
- `README.md` - you are reading it right now.
|
||||||
|
|
||||||
## General commentary
|
## General commentary
|
||||||
|
|
||||||
- Based on my test DNSOverTLS is not supported in Ubuntu 18.04.x LTS (however
|
- Based on my test DNSOverTLS is not supported in Ubuntu 18.04.x LTS (however
|
||||||
at the time of writing this README.md, the current version is Ubuntu 20.04.0)
|
at the time of writing this README.md, the current version is Ubuntu 20.04.0)
|
||||||
(systemd v237). DNSOverTLS became supported in v239, strict mode (yes) in
|
(systemd v237). DNSOverTLS became supported in v239, strict mode (yes) in
|
||||||
v243 (big improvements in v244).
|
v243 (big improvements in v244).
|
||||||
- TODO: find out when SNI became supported, I have just spotted it in the
|
- TODO: find out when SNI became supported, I have just spotted it in the
|
||||||
fine manual in 2020-06-??.
|
fine manual in 2020-06-??.
|
||||||
- Domains has to be `.~` for them to override DHCP. See https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd
|
- Domains has to be `.~` for them to override DHCP. See https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd
|
||||||
without which I wouldn't have got this right.
|
without which I wouldn't have got this right.
|
||||||
- DNSSEC may not work if the system is down for a long time and not updated.
|
- DNSSEC may not work if the system is down for a long time and not updated.
|
||||||
Thus `allow-downgrade` may be better for non-tech people, even with the
|
Thus `allow-downgrade` may be better for non-tech people, even with the
|
||||||
potential downgrade attack. There are also captive portals, affecting
|
potential downgrade attack. There are also captive portals, affecting
|
||||||
`DNSOverTLS`. Both take `yes` or `no` or their own special option,
|
`DNSOverTLS`. Both take `yes` or `no` or their own special option,
|
||||||
for DNNSEC the `allow-downgrade`, for DNSOverTLS `opportunistic`.
|
for DNNSEC the `allow-downgrade`, for DNSOverTLS `opportunistic`.
|
||||||
|
|
||||||
Other links I have found important and my files are based on:
|
Other links I have found important and my files are based on:
|
||||||
|
|
||||||
- https://wiki.archlinux.org/index.php/Systemd-resolved
|
- https://wiki.archlinux.org/index.php/Systemd-resolved
|
||||||
- Also provides the serious issues systemd-resolved+DNSSEC issues, https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
|
- Also provides the serious issues systemd-resolved+DNSSEC issues, https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
|
||||||
- request for strict DOT: https://github.com/systemd/systemd/issues/10755
|
- request for strict DOT: https://github.com/systemd/systemd/issues/10755
|
||||||
- vulnerable to MITM: https://github.com/systemd/systemd/issues/9397
|
- vulnerable to MITM: https://github.com/systemd/systemd/issues/9397
|
||||||
|
@ -4,12 +4,12 @@ subdirectories. The sudirectories won't exist in the real
|
|||||||
and I forget to update this README file if that happens.
|
and I forget to update this README file if that happens.
|
||||||
|
|
||||||
- reflector.service is copied from https://wiki.archlinux.org/index.php/Reflector
|
- reflector.service is copied from https://wiki.archlinux.org/index.php/Reflector
|
||||||
but uses https instead of http, because there is no reason I would want
|
but uses https instead of http, because there is no reason I would want
|
||||||
someone to see what I download.
|
someone to see what I download.
|
||||||
|
|
||||||
## Worth reading
|
## Worth reading
|
||||||
|
|
||||||
- Waiting for network devices to have IP address (**I only use this for
|
- Waiting for network devices to have IP address (**I only use this for
|
||||||
cables**) https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme
|
cables**) https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme
|
||||||
_ systemctl enable NetworkManager-wait-online.service
|
_ systemctl enable NetworkManager-wait-online.service
|
||||||
_ systemctl enable systemd-networkd-wait-online.service
|
_ systemctl enable systemd-networkd-wait-online.service
|
||||||
|
@ -3,4 +3,4 @@ Sailfish OS. It doesn't have cron, so I tried the nearest equivalent
|
|||||||
that is there out-of-box, systemd timers.
|
that is there out-of-box, systemd timers.
|
||||||
|
|
||||||
- aliendalvik-stopper again stops android support hourly so it won't waste
|
- aliendalvik-stopper again stops android support hourly so it won't waste
|
||||||
battery.
|
battery.
|
||||||
|
@ -6,14 +6,14 @@ NetworkManager.
|
|||||||
Notes:
|
Notes:
|
||||||
|
|
||||||
- `git commit`ing the same SSID with different capitalisations breaks
|
- `git commit`ing the same SSID with different capitalisations breaks
|
||||||
Windows and more common macOS setups due to their filesystems being
|
Windows and more common macOS setups due to their filesystems being
|
||||||
case-insensitive.
|
case-insensitive.
|
||||||
- `Settings.AutoConnect=true` is unnecessary as it defaults to true
|
- `Settings.AutoConnect=true` is unnecessary as it defaults to true
|
||||||
according to `man iwd.network`.
|
according to `man iwd.network`.
|
||||||
- `IPv6.Enabled=true` defauls to true being also unnecessary.
|
- `IPv6.Enabled=true` defauls to true being also unnecessary.
|
||||||
- `private-home-sample.psk` has a comment on MAC address override and sends
|
- `private-home-sample.psk` has a comment on MAC address override and sends
|
||||||
hostname with IPv4 DHCP. `private-cafe-sample.psk` always randomizes MAC
|
hostname with IPv4 DHCP. `private-cafe-sample.psk` always randomizes MAC
|
||||||
address and doesn't send hostname.
|
address and doesn't send hostname.
|
||||||
- The `.open` networks always randomize MAC address too. If a network is
|
- The `.open` networks always randomize MAC address too. If a network is
|
||||||
private and needs MAC address for captive portal override or something,
|
private and needs MAC address for captive portal override or something,
|
||||||
`private-home-sample.psk` should be adjusted from.
|
`private-home-sample.psk` should be adjusted from.
|
||||||
|
Loading…
Reference in New Issue
Block a user