From bd0dd51936028d483bf3050addf8930b1b43a387 Mon Sep 17 00:00:00 2001 From: Aminda Suomalainen Date: Thu, 27 Mar 2025 15:19:34 +0200 Subject: [PATCH] Address woke alerts --- .gitignore | 1 + .wokeignore | 17 +++++++++++++++++ etc/default/grub.d/itwjyg.cfg | 1 + etc/dracut.conf.d/99-cmdline.conf.sedric | 1 + ...dmi-audio.conf => blocklist-hdmi-audio.conf} | 1 + .../policies/managed/aminda-extensions.json | 14 -------------- etc/resolv.tsv | 6 +++--- 7 files changed, 24 insertions(+), 17 deletions(-) create mode 100644 .wokeignore rename etc/modprobe.d/{blacklist-hdmi-audio.conf => blocklist-hdmi-audio.conf} (84%) diff --git a/.gitignore b/.gitignore index 868cbd7a..3031423f 100644 --- a/.gitignore +++ b/.gitignore @@ -19,6 +19,7 @@ !.python-version !.renovate-shared.json* !.reuse +!.wokeignore # Certificates (unlikely to happen, but better safe than sorry) *.pem diff --git a/.wokeignore b/.wokeignore new file mode 100644 index 00000000..de31239b --- /dev/null +++ b/.wokeignore @@ -0,0 +1,17 @@ +# ASCII armoured GPG content, I don't control words included. +*.asc + +# When you become IRC operator on Charybdis IRCd, it will tell you: +# We would like to take this moment to remind you that we accept +# absolutely no liability for the INSANITY you're about to endure. +# I think it's appropiate reminder for logging in as root (which people +# shouldn't be doing, sudo logs superuser actions better) and thus I wish to +# keep it in my configuration and I hope everyone doing system administration +# understands it without getting upset. That is not to say I am not open for +# alternatives, if you know of an more inclusive saying and are a person, +# please contact me. +rc/bashrc +rc/zshrc + +# A certain CAPITALIZED word above is an issue. +.wokeignore diff --git a/etc/default/grub.d/itwjyg.cfg b/etc/default/grub.d/itwjyg.cfg index d19d4084..88f4aeff 100644 --- a/etc/default/grub.d/itwjyg.cfg +++ b/etc/default/grub.d/itwjyg.cfg @@ -1,4 +1,5 @@ # Itwjyg is a MacBook 7,1, brcmsmac is the WLAN driver, Nouveau is the # driver that actually gets picture visible and I think nvidia is the # propietary driver that doesn't manage that. +# wokeignore:rule=blacklist GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT brcmsmac nouveau module_blacklist=nvidia" diff --git a/etc/dracut.conf.d/99-cmdline.conf.sedric b/etc/dracut.conf.d/99-cmdline.conf.sedric index f61c65b5..d3b6feba 100644 --- a/etc/dracut.conf.d/99-cmdline.conf.sedric +++ b/etc/dracut.conf.d/99-cmdline.conf.sedric @@ -1,2 +1,3 @@ +# wokeignore:rule=blacklist kernel_cmdline="root=UUID=c3df30ca-878b-4125-bcb4-ba3ba4398efd rw rootflags=subvol=root rd.lvm.lv=fedora_localhost-live/root rd.luks.uuid=luks-f9a33e19-4176-44b3-8e06-2ee7fb70f3d0 mitigations=auto,nosmt btusb.force_scofix=1 btusb.enable_autosuspend=0 cpufreq.default_governor=schedutil rd.driver.blacklist=nouveau modprobe.blacklist=nouveau" # vim: filetype=conf diff --git a/etc/modprobe.d/blacklist-hdmi-audio.conf b/etc/modprobe.d/blocklist-hdmi-audio.conf similarity index 84% rename from etc/modprobe.d/blacklist-hdmi-audio.conf rename to etc/modprobe.d/blocklist-hdmi-audio.conf index 3bee7d2e..3c329b08 100644 --- a/etc/modprobe.d/blacklist-hdmi-audio.conf +++ b/etc/modprobe.d/blocklist-hdmi-audio.conf @@ -1,3 +1,4 @@ # Prevents HDMI driver from getting loaded and thus it appearing in # pavucontrol. Source: https://askubuntu.com/a/1127760 +# wokeignore:rule=blacklist blacklist snd_hda_codec_hdmi diff --git a/etc/opt/chromium/policies/managed/aminda-extensions.json b/etc/opt/chromium/policies/managed/aminda-extensions.json index df129be3..d2b520cd 100644 --- a/etc/opt/chromium/policies/managed/aminda-extensions.json +++ b/etc/opt/chromium/policies/managed/aminda-extensions.json @@ -123,20 +123,6 @@ "+annoyances-overlays" ] }, - "mlojlfildnehdpnlmpkeiiglhhkofhpb": { - "toAdd": { - "trustedSiteDirectives": [ - "" - ] - }, - "toOverwrite": { - "filterLists": [ - "easylist", - "adnauseam-filters", - "eff-dnt-whitelist" - ] - } - }, "nngceckbapebfimnlniiiahkandclblb": { "environment": { "base": "https://vault.bitwarden.eu", diff --git a/etc/resolv.tsv b/etc/resolv.tsv index a98ead22..ce077779 100644 --- a/etc/resolv.tsv +++ b/etc/resolv.tsv @@ -26,10 +26,10 @@ Mullvad All https://all.dns.mullvad.net/dns-query all.dns.mullvad.net 2a07:e340: Mullvad Base https://base.dns.mullvad.net/dns-query base.dns.mullvad.net 2a07:e340::4 194.242.2.4 https://github.com/mullvad/encrypted-dns-profiles Mullvad Extended https://extended.dns.mullvad.net/dns-query extended.dns.mullvad.net 2a07:e340::5 194.242.2.5 https://github.com/mullvad/encrypted-dns-profiles Mullvad Vanilla https://dns.mullvad.net/dns-query dns.mullvad.net 2a07:e340::2 194.242.2.2 https://github.com/mullvad/encrypted-dns-profiles No 2023-03-11 I tested with https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/dns-ecs-debug.bash -NextDNS https://dns.nextdns.io dns.nextdns.io 2a07:a8c1:: 2a07:a8c0:: 45.90.30.0 45.90.28.0 https://apple.nextdns.io/ opt-in, private, upstream whitelist https://medium.com/nextdns/how-we-made-dns-both-fast-and-private-with-ecs-4970d70401e5 +NextDNS https://dns.nextdns.io dns.nextdns.io 2a07:a8c1:: 2a07:a8c0:: 45.90.30.0 45.90.28.0 https://apple.nextdns.io/ opt-in, private, upstream inclusion list https://medium.com/nextdns/how-we-made-dns-both-fast-and-private-with-ecs-4970d70401e5 NextDNS Firefox https://firefox.dns.nextdns.io no -OpenDNS https://doh.opendns.com/dns-query dns.opendns.com ? (#127) 2620:119:35::35 2620:119:53::53 208.67.222.222 208.67.220.220 yes, upstream whitelist https://support.opendns.com/hc/articles/227987647-EDNS-Client-Subnet-FAQ -OpenDNS Family https://doh.familyshield.opendns.com/dns-query 208.67.222.123 208.67.220.123 yes, upstream whitelist https://support.opendns.com/hc/articles/227987647-EDNS-Client-Subnet-FAQ +OpenDNS https://doh.opendns.com/dns-query dns.opendns.com ? (#127) 2620:119:35::35 2620:119:53::53 208.67.222.222 208.67.220.220 yes, upstream inclusion list https://support.opendns.com/hc/articles/227987647-EDNS-Client-Subnet-FAQ +OpenDNS Family https://doh.familyshield.opendns.com/dns-query 208.67.222.123 208.67.220.123 yes, upstream inclusion list https://support.opendns.com/hc/articles/227987647-EDNS-Client-Subnet-FAQ Quad9 (Secure) https://dns.quad9.net/dns-query dns.quad9.net 2620:fe::fe 2620:fe::9 9.9.9.9 149.112.112.112 https://docs.quad9.net/Setup_Guides/iOS/iOS_14_and_later_%28Encrypted%29/#download-profile no https://www.quad9.net/support/faq/#edns Quad9-10 (No Threat Blocking) https://dns10.quad9.net/dns-query dns10.quad9.net 2620:fe::10 2620:fe::fe:10 9.9.9.10 149.112.112.10 https://docs.quad9.net/Setup_Guides/iOS/iOS_14_and_later_%28Encrypted%29/#download-profile no https://docs.quad9.net/services/ Quad9-11 (Secure + ECS) https://dns11.quad9.net/dns-query dns11.quad9.net 2620:fe::11 2620:fe::fe:11 9.9.9.11 149.112.112.11 https://docs.quad9.net/Setup_Guides/iOS/iOS_14_and_later_%28Encrypted%29/#download-profile yes https://www.quad9.net/support/faq/#edns