run prettier on markdown again?

This commit is contained in:
Aminda Suomalainen 2023-02-21 19:33:31 +02:00
parent 5106f8d98e
commit b39b5db0d4
Signed by: Mikaela
SSH Key Fingerprint: SHA256:CXLULpqNBdUKB6E6fLA1b/4SzG0HvKD19PbIePU175Q
14 changed files with 90 additions and 90 deletions

View File

@ -4,7 +4,7 @@ repository as dotfiles, but historical reasons...
# Directories explained # Directories explained
- .mikaela — files that most likely aren't suitable for places where other - .mikaela — files that most likely aren't suitable for places where other
people than me have access too people than me have access too
- Windows — files releated to Windows - Windows — files releated to Windows
- conf — config files like .tmux.conf - conf — config files like .tmux.conf
- etc — /etc/ - etc — /etc/

View File

@ -22,11 +22,11 @@ I think the first method is likely the best, but I cannot rule these working
on another system out yet. They didn't work on my first system tried. on another system out yet. They didn't work on my first system tried.
- `00-AllowUpgradesWithUnsupportedTPMOrCPU.reg` - the official Microsoft - `00-AllowUpgradesWithUnsupportedTPMOrCPU.reg` - the official Microsoft
recommendation and the only one that should be used. If after reboot recommendation and the only one that should be used. If after reboot
nothing happens, maybe try the rest rebooting every failure. nothing happens, maybe try the rest rebooting every failure.
- https://support.microsoft.com/windows/windows-11-n-asentaminen-e0edbbfb-cfc5-4011-868b-2ce77ac7c70e - https://support.microsoft.com/windows/windows-11-n-asentaminen-e0edbbfb-cfc5-4011-868b-2ce77ac7c70e
- `01-LabConfig.reg` - widely reported to work - `01-LabConfig.reg` - widely reported to work
- `01-Setup.reg` - ^ - `01-Setup.reg` - ^
- `02-DevRing.reg` - after joining the Insider program, this should enforce - `02-DevRing.reg` - after joining the Insider program, this should enforce
joining to Dev ring which should offer Windows 11 instantly. It may be joining to Dev ring which should offer Windows 11 instantly. It may be
advisable to leave after successful update. advisable to leave after successful update.

View File

@ -3,17 +3,17 @@
Requires Windows 11. Requires Windows 11.
- `GPO-EnforceDoH.reg` enables the group policy to require DoH. However it - `GPO-EnforceDoH.reg` enables the group policy to require DoH. However it
didn't seem to work for me or it allowed me to set the DNS server to not didn't seem to work for me or it allowed me to set the DNS server to not
use DoH. use DoH.
- `DohWellKnownServers` adds DoH support for multiple IPv4 & IPv6 addresses - `DohWellKnownServers` adds DoH support for multiple IPv4 & IPv6 addresses
that Windows 11 isn't shipping by default, currently: that Windows 11 isn't shipping by default, currently:
- Adguard - Adguard
- Cloudflare antimalware - Cloudflare antimalware
- DNS0 (& Zero) - DNS0 (& Zero)
- Mullvad - Mullvad
- Mullvad Adblock - Mullvad Adblock
- Quad9 ECS (Windows 11 defaults include Quad9 default) - Quad9 ECS (Windows 11 defaults include Quad9 default)
## Configuration ## Configuration
@ -21,6 +21,6 @@ Once Windows knows about the DoH servers (DohWellKnownServers.reg), DNS-over
HTTPS can be enabled for: HTTPS can be enabled for:
- All networks: `Windows-I (Settings) -> Network & Internet -> Advanced network settings -> WLAN -> View additional properties -> DNS Server assignment -> Edit` - All networks: `Windows-I (Settings) -> Network & Internet -> Advanced network settings -> WLAN -> View additional properties -> DNS Server assignment -> Edit`
- Same place for Ethernet etc. - Same place for Ethernet etc.
- Specific network: `Windows-I (Settings) -> Network & Internet -> WiFi -> Connected SSID -> DNS server assignment -> Edit` - Specific network: `Windows-I (Settings) -> Network & Internet -> WiFi -> Connected SSID -> DNS server assignment -> Edit`
- Note: if the all networks one is configured, there is a warning about it not being used. - Note: if the all networks one is configured, there is a warning about it not being used.

View File

@ -3,6 +3,6 @@ Some kind of explaining for [IPv6.reg](IPv6.reg) like
- Resolve IPv6 even without native connectivity. - Resolve IPv6 even without native connectivity.
- Enable Teredo - Enable Teredo
- As EnterpriseClient so it also works when joined into domain. - As EnterpriseClient so it also works when joined into domain.
- Use `teredo.trex.fi` as Teredo server. This should be replaced with - Use `teredo.trex.fi` as Teredo server. This should be replaced with
something that is as near as possible. something that is as near as possible.

View File

@ -9,10 +9,10 @@ Windows Registry Editor Version 5.00
- Make the file Windows Registry Editor script - Make the file Windows Registry Editor script
- Ask admins for password/PIN in UAC - Ask admins for password/PIN in UAC
- 2 would ask for yes or no, 0 disable entirely (don't do that). - 2 would ask for yes or no, 0 disable entirely (don't do that).
- prompt standard users for username and password. 2021-12-19: I don't understand this or the line below. - prompt standard users for username and password. 2021-12-19: I don't understand this or the line below.
- The other option (1) doesn't even give them UAC prompt so you must - The other option (1) doesn't even give them UAC prompt so you must
always login as admin to do anything. always login as admin to do anything.
``` ```
"dontdisplaylastusername"=dword:00000000 "dontdisplaylastusername"=dword:00000000
@ -39,8 +39,8 @@ Windows Registry Editor Version 5.00
``` ```
- Sets hardware clock to UTC time (doesn't affect system clock!) - Sets hardware clock to UTC time (doesn't affect system clock!)
- qword for 64-bit, dword for 32-bit systems. The actual reg file has - qword for 64-bit, dword for 32-bit systems. The actual reg file has
only qword as I haven't seen 32-bit Windowses lately. only qword as I haven't seen 32-bit Windowses lately.
``` ```
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]

View File

@ -7,16 +7,16 @@ w32tm /query /peers
``` ```
- The list is space separated NTP servers, while I think Windows uses SNTP instead - The list is space separated NTP servers, while I think Windows uses SNTP instead
of NTP. of NTP.
- `/resync` may sync current time, but is also required for the GUI - `/resync` may sync current time, but is also required for the GUI
(Windows + I, Date & time) and following command to get aware of peers. (Windows + I, Date & time) and following command to get aware of peers.
- Shows where time is synced from and statistics. - Shows where time is synced from and statistics.
- There is also `net time` to sync, I am unsure of the differences while - There is also `net time` to sync, I am unsure of the differences while
that may be blocked while the second keeps working. It may also not that may be blocked while the second keeps working. It may also not
show all the peers, just the primary one, while `w32tm` is more verbose show all the peers, just the primary one, while `w32tm` is more verbose
and has all of them. and has all of them.
- As Windows doesn't support NTS and probably won't in near future, there is - As Windows doesn't support NTS and probably won't in near future, there is
no point in listing distant foreign servers. no point in listing distant foreign servers.
## Variations ## Variations
@ -47,14 +47,14 @@ w32tm /config /syncfromflags:manual /manualpeerlist:"time.cloudflare.com ntp1.ko
- https://www.netnod.se/nts/network-time-security - https://www.netnod.se/nts/network-time-security
- https://www.vttresearch.com/fi/palvelut/suomen-aika-ntp-palvelu#julkinen - https://www.vttresearch.com/fi/palvelut/suomen-aika-ntp-palvelu#julkinen
- https://www.ntppool.org/use.html - https://www.ntppool.org/use.html
- Also mentions the syntax for multiple servers, but considering this Elisa - Also mentions the syntax for multiple servers, but considering this Elisa
list has so many servers I am only picking one pool address just in case list has so many servers I am only picking one pool address just in case
the others somehow fail. the others somehow fail.
## Additional reading ## Additional reading
- Above links - Above links
- https://jasoncoltrin.com/2018/08/02/how-to-set-clock-time-on-ad-domain-controller-and-sync-windows-clients/ - https://jasoncoltrin.com/2018/08/02/how-to-set-clock-time-on-ad-domain-controller-and-sync-windows-clients/
- this file might not exist without this post, while it doesn't mention - this file might not exist without this post, while it doesn't mention
multiple servers, uses `time.windows.com` and I am yet to actually touch multiple servers, uses `time.windows.com` and I am yet to actually touch
NTP on Windows Server environment. NTP on Windows Server environment.

View File

@ -25,7 +25,7 @@ methods setting fonts):
- Document text: Noto Serif Regular 11 - Document text: Noto Serif Regular 11
- Monospace text: Noto Sans Mono Regular 10 - Monospace text: Noto Sans Mono Regular 10
- Legacy window title text: Noto Serif Bold 11 - Legacy window title text: Noto Serif Bold 11
- Apparently this means "apps that don't use client-side decorations" - Apparently this means "apps that don't use client-side decorations"
The number behind is obviously the number and it's based on what were the The number behind is obviously the number and it's based on what were the
defaults before I touched them so I am hoping GNOME knows what they are defaults before I touched them so I am hoping GNOME knows what they are
@ -42,10 +42,10 @@ have trouble handling it, e.g. mpv (makes Ä and Ö and Å all Å) and Firefox
Other font settings in GNOME-Tweak: Other font settings in GNOME-Tweak:
- Hinting: _a bit_ - Hinting: _a bit_
- for no particular reason - for no particular reason
- Antialiasing: _Subpixel (for LCD-displays)_ - Antialiasing: _Subpixel (for LCD-displays)_
- I have no idea where there are "standard grayscale" displays that aren't - I have no idea where there are "standard grayscale" displays that aren't
LCD. LCD.
### Screen mirroring ### Screen mirroring
@ -56,6 +56,6 @@ Workarounds:
- Use VNC (see my Scripts repo [`bash/swaymirror.bash`](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/swaymirror.bash)) - Use VNC (see my Scripts repo [`bash/swaymirror.bash`](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/swaymirror.bash))
- Do something weird with OBS - Do something weird with OBS
- Use a dedicated application that don't seem to be in Fedora repos, flatpak - Use a dedicated application that don't seem to be in Fedora repos, flatpak
or snap. or snap.
- [github.com/Ferdi265/wl-mirror](https://github.com/Ferdi265/wl-mirror) - [github.com/Ferdi265/wl-mirror](https://github.com/Ferdi265/wl-mirror)
- [github.com/progandy/wdomirror](https://github.com/progandy/wdomirror) - [github.com/progandy/wdomirror](https://github.com/progandy/wdomirror)

View File

@ -5,7 +5,7 @@ Thus this `README.md` is not read, even if I happened to carelessly
copy-paste it in. copy-paste it in.
- `autostart-communication.conf` - chat/communication apps I am expected to have - `autostart-communication.conf` - chat/communication apps I am expected to have
open or at least check at times open or at least check at times
- `autostart-fineid.conf` - Finnish electric identity card, that I also use as SSH key - `autostart-fineid.conf` - Finnish electric identity card, that I also use as SSH key
- `autostart-utilities.conf` - general utilities, like `nm-applet` or VPN etc. - `autostart-utilities.conf` - general utilities, like `nm-applet` or VPN etc.
- `grimshot.conf` - screenshotting keybinds using `grimshot` - `grimshot.conf` - screenshotting keybinds using `grimshot`
@ -13,15 +13,15 @@ copy-paste it in.
- `keyboard.conf` - keyboard configuration - `keyboard.conf` - keyboard configuration
- `media.conf` - media key configuration and autostarts related to it - `media.conf` - media key configuration and autostarts related to it
- `pointer-accel.conf` - pointer/mouse configuration, mainly setting acceleration - `pointer-accel.conf` - pointer/mouse configuration, mainly setting acceleration
profile to `flat` profile to `flat`
- `README.md` - you are currently reading this :wink: - `README.md` - you are currently reading this :wink:
- `sedric.conf` - configuration specific to my laptop hostnamed `sedric` - `sedric.conf` - configuration specific to my laptop hostnamed `sedric`
- `swaybar.conf` - `swaybar` configuration - `swaybar.conf` - `swaybar` configuration
- `swayidle.conf` - `swayidle` configuration/autostart - `swayidle.conf` - `swayidle` configuration/autostart
- `wlsunset-kotka.conf` - `wlsunset` configuration/autostart for my hometown for when - `wlsunset-kotka.conf` - `wlsunset` configuration/autostart for my hometown for when
I happen to visit for longer period of time I happen to visit for longer period of time
- `wlsunset-lauttasaari.conf` - `wlsunset` configuration for my home neighbourhood - `wlsunset-lauttasaari.conf` - `wlsunset` configuration for my home neighbourhood
- `zz-floating.conf` - configures windows that should float. For some reason - `zz-floating.conf` - configures windows that should float. For some reason
that is inherited from my `i3` config, it tells to put float rules above the that is inherited from my `i3` config, it tells to put float rules above the
last line, so it should be read last and `z` is the last letter of English last line, so it should be read last and `z` is the last letter of English
alphabet so it will hopefully be read last. alphabet so it will hopefully be read last.

View File

@ -8,9 +8,9 @@ cannot read them from here.
These files may age badly, so here are some hopefully timeless pointers: These files may age badly, so here are some hopefully timeless pointers:
- Generate the config file with https://ssl-config.mozilla.org/ (and if - Generate the config file with https://ssl-config.mozilla.org/ (and if
time eats it, try https://github.com/mozilla/ssl-config-generator/ in time eats it, try https://github.com/mozilla/ssl-config-generator/ in
hope of finding where it is now. \* Name it 00-something so it will be the first file read and make hope of finding where it is now. \* Name it 00-something so it will be the first file read and make
everything a different file. everything a different file.
- If using my acmesh-ssl.bash script, the files to fill should be like: - If using my acmesh-ssl.bash script, the files to fill should be like:
(the script runs `$ACMESH --key-file $NGINXDIR/key.pem --fullchain-file $NGINXDIR/cert.pem --reloadcmd "$SYSTEMCTLRESTART nginx"`) (the script runs `$ACMESH --key-file $NGINXDIR/key.pem --fullchain-file $NGINXDIR/cert.pem --reloadcmd "$SYSTEMCTLRESTART nginx"`)
@ -21,11 +21,11 @@ These files may age badly, so here are some hopefully timeless pointers:
The header syntax is following, **_THIS LIKELY WON'T TIME WELL, ESPECIALLY CSP_** The header syntax is following, **_THIS LIKELY WON'T TIME WELL, ESPECIALLY CSP_**
``` ```
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Frame-Options "SAMEORIGIN" always;
add_header Content-Security-Policy "block-all-mixed-content; default-src 'none'; form-action 'self'; connect-src 'self' ws: wss:; style-src 'self' https: 'unsafe-inline'; script-src 'self'; worker-src 'self'; child-src 'self'; manifest-src 'self'; font-src 'self' https:; media-src 'self' https:; img-src 'self' data: https://user-images.githubusercontent.com" always; add_header Content-Security-Policy "block-all-mixed-content; default-src 'none'; form-action 'self'; connect-src 'self' ws: wss:; style-src 'self' https: 'unsafe-inline'; script-src 'self'; worker-src 'self'; child-src 'self'; manifest-src 'self'; font-src 'self' https:; media-src 'self' https:; img-src 'self' data: https://user-images.githubusercontent.com" always;
add_header X-Content-Type-Options "nosniff" always; add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer" always; add_header Referrer-Policy "no-referrer" always;
``` ```
The CSP comes from `HEAD "http://[::]:9000/#/chan-1"` to figure out what The CSP comes from `HEAD "http://[::]:9000/#/chan-1"` to figure out what
@ -33,9 +33,9 @@ TheLounge would be setting without a reverse proxy in front of it. `HEAD` is
in Debian package `libwww-perl` in Debian package `libwww-perl`
- Refer to tester tools to see if the configuration is fine: - Refer to tester tools to see if the configuration is fine:
- https://observatory.mozilla.org/ - https://observatory.mozilla.org/
- https://securityheaders.com/ - https://securityheaders.com/
- https://www.ssllabs.com/ssltest/ - https://www.ssllabs.com/ssltest/
--- ---

View File

@ -33,9 +33,9 @@ don't exist by default anymore, they need to be copied and edited separately
See also: See also:
- https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/1220 - https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/1220
- marked as duplicate of: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/207 - marked as duplicate of: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/207
## Bluetooth ## Bluetooth
- https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html - https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
- https://web.archive.org/web/20210614103423/https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html - https://web.archive.org/web/20210614103423/https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html

View File

@ -12,31 +12,31 @@ sudo systemctl restart systemd-resolved
## Files explained ## Files explained
- `00-defaults.conf` - configuration not touching resolvers. Disables DNSSEC (as - `00-defaults.conf` - configuration not touching resolvers. Disables DNSSEC (as
systemd-resolved doesn't handle it properly), enables opportunistic DoT and systemd-resolved doesn't handle it properly), enables opportunistic DoT and
caching. caching.
- `dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS. If - `dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS. If
captive portals are a concern, `DNSOverTLS=no`. captive portals are a concern, `DNSOverTLS=no`.
- `README.md` - you are reading it right now. - `README.md` - you are reading it right now.
## General commentary ## General commentary
- Based on my test DNSOverTLS is not supported in Ubuntu 18.04.x LTS (however - Based on my test DNSOverTLS is not supported in Ubuntu 18.04.x LTS (however
at the time of writing this README.md, the current version is Ubuntu 20.04.0) at the time of writing this README.md, the current version is Ubuntu 20.04.0)
(systemd v237). DNSOverTLS became supported in v239, strict mode (yes) in (systemd v237). DNSOverTLS became supported in v239, strict mode (yes) in
v243 (big improvements in v244). v243 (big improvements in v244).
- TODO: find out when SNI became supported, I have just spotted it in the - TODO: find out when SNI became supported, I have just spotted it in the
fine manual in 2020-06-??. fine manual in 2020-06-??.
- Domains has to be `.~` for them to override DHCP. See https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd - Domains has to be `.~` for them to override DHCP. See https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd
without which I wouldn't have got this right. without which I wouldn't have got this right.
- DNSSEC may not work if the system is down for a long time and not updated. - DNSSEC may not work if the system is down for a long time and not updated.
Thus `allow-downgrade` may be better for non-tech people, even with the Thus `allow-downgrade` may be better for non-tech people, even with the
potential downgrade attack. There are also captive portals, affecting potential downgrade attack. There are also captive portals, affecting
`DNSOverTLS`. Both take `yes` or `no` or their own special option, `DNSOverTLS`. Both take `yes` or `no` or their own special option,
for DNNSEC the `allow-downgrade`, for DNSOverTLS `opportunistic`. for DNNSEC the `allow-downgrade`, for DNSOverTLS `opportunistic`.
Other links I have found important and my files are based on: Other links I have found important and my files are based on:
- https://wiki.archlinux.org/index.php/Systemd-resolved - https://wiki.archlinux.org/index.php/Systemd-resolved
- Also provides the serious issues systemd-resolved+DNSSEC issues, https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867 - Also provides the serious issues systemd-resolved+DNSSEC issues, https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
- request for strict DOT: https://github.com/systemd/systemd/issues/10755 - request for strict DOT: https://github.com/systemd/systemd/issues/10755
- vulnerable to MITM: https://github.com/systemd/systemd/issues/9397 - vulnerable to MITM: https://github.com/systemd/systemd/issues/9397

View File

@ -4,12 +4,12 @@ subdirectories. The sudirectories won't exist in the real
and I forget to update this README file if that happens. and I forget to update this README file if that happens.
- reflector.service is copied from https://wiki.archlinux.org/index.php/Reflector - reflector.service is copied from https://wiki.archlinux.org/index.php/Reflector
but uses https instead of http, because there is no reason I would want but uses https instead of http, because there is no reason I would want
someone to see what I download. someone to see what I download.
## Worth reading ## Worth reading
- Waiting for network devices to have IP address (**I only use this for - Waiting for network devices to have IP address (**I only use this for
cables**) https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme cables**) https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme
_ systemctl enable NetworkManager-wait-online.service _ systemctl enable NetworkManager-wait-online.service
_ systemctl enable systemd-networkd-wait-online.service _ systemctl enable systemd-networkd-wait-online.service

View File

@ -3,4 +3,4 @@ Sailfish OS. It doesn't have cron, so I tried the nearest equivalent
that is there out-of-box, systemd timers. that is there out-of-box, systemd timers.
- aliendalvik-stopper again stops android support hourly so it won't waste - aliendalvik-stopper again stops android support hourly so it won't waste
battery. battery.

View File

@ -6,14 +6,14 @@ NetworkManager.
Notes: Notes:
- `git commit`ing the same SSID with different capitalisations breaks - `git commit`ing the same SSID with different capitalisations breaks
Windows and more common macOS setups due to their filesystems being Windows and more common macOS setups due to their filesystems being
case-insensitive. case-insensitive.
- `Settings.AutoConnect=true` is unnecessary as it defaults to true - `Settings.AutoConnect=true` is unnecessary as it defaults to true
according to `man iwd.network`. according to `man iwd.network`.
- `IPv6.Enabled=true` defauls to true being also unnecessary. - `IPv6.Enabled=true` defauls to true being also unnecessary.
- `private-home-sample.psk` has a comment on MAC address override and sends - `private-home-sample.psk` has a comment on MAC address override and sends
hostname with IPv4 DHCP. `private-cafe-sample.psk` always randomizes MAC hostname with IPv4 DHCP. `private-cafe-sample.psk` always randomizes MAC
address and doesn't send hostname. address and doesn't send hostname.
- The `.open` networks always randomize MAC address too. If a network is - The `.open` networks always randomize MAC address too. If a network is
private and needs MAC address for captive portal override or something, private and needs MAC address for captive portal override or something,
`private-home-sample.psk` should be adjusted from. `private-home-sample.psk` should be adjusted from.