Commit Graph

303 Commits

Author SHA1 Message Date
44b6e5b618
systemd-networkd: add DNSSEC & DNSOverTLS & search domains 2024-04-22 12:25:25 +03:00
945ca0462d
Revert "systemd-networkd: attempt to deduplicate by cutting into 10-global.network"
This reverts commit 19b6fbef3c.
2024-04-22 12:21:56 +03:00
06787a38de
resolved/00-no-local-resolver.conf: comment local resolver since I break DNSSEC 2024-04-22 12:14:34 +03:00
19b6fbef3c
systemd-networkd: attempt to deduplicate by cutting into 10-global.network 2024-04-22 12:07:39 +03:00
4a47d14069
resolved.conf.d: add dot-trex.conf symlink and explaining comments like in unbound 2024-04-21 13:14:53 +03:00
eb47fac4cb
systemd-resolved: add vim modelines 2024-04-21 10:58:45 +03:00
f126e681a2
systemd-resolved: split applied-privacy#443 to its own file as resolved configs don't exclude each other 2024-04-21 10:57:25 +03:00
a0ccd790ab
unbound & systemd-resolved: add Quad9 alternative port 2024-04-21 10:54:22 +03:00
422ab0de4e
libreawoo, unbound & resolved: uncomment Quad9 default, comment ECS 2024-04-20 17:50:12 +03:00
b248392e8a
systemd-resolved: think more on local resolvers or not 2024-04-18 14:31:56 +03:00
9aa71de638
systemd-resolved/dot-quad9.conf: add commented DNS10 & DNS12 2024-04-18 11:08:23 +03:00
f10b151a3b
systemd: add firewalld.service.d/never-fail.conf due to failing to timeout on sedric 2024-04-17 11:38:43 +03:00
0d4c40ba16
systemd: mark systemd-resolved.conf to be conflicting with avahi-daemon 2024-04-12 10:58:15 +03:00
e88c2a8067
etc: attempt to enable mDNS/LLMNR for systemd-{networkd,resolved} & NetworkManager
Some boolean fixing slipped in as well
2024-04-12 09:52:32 +03:00
80ac65acd1
systemd-resolved/README.md: enable doctoc 2024-04-11 10:06:18 +03:00
cce932960e
systemd-resolved/README.md: mention nordvpn.conf 2024-04-11 10:05:18 +03:00
a2e36f2a3b
systemd-resolved/README.md: remove EOL Ubuntu, fix booleans, note my actual DNS config 2024-04-11 10:03:53 +03:00
da6eab8dfc
systemd-resolved: use true/false as booleans (not yes/no) & remove repeated localhost 2024-04-11 10:02:49 +03:00
3009af55a6
resolved.conf.d/README.md: mention 00-defaults and dot-something being supposed to be used together 2024-04-10 15:09:31 +03:00
9a210c4bba
systemd-resolved: further decrease repeating, comment DNS-Over-TLS since it's in 00-defaults.conf already (+ local resolver) 2024-04-10 15:06:14 +03:00
f12d0ceb8a
systemd-resolved: don't repeat cache 2024-04-10 15:02:30 +03:00
241405c776
systemd-resolved: merge unbound.conf into 00-defaults.conf 2024-04-10 11:59:36 +03:00
1d05061bb4
hack nordvpnd to work with yggdrasil 2024-03-29 07:58:44 +02:00
0f95863ea2
systemd/earlyoom.service.d: conflicts, never-fail & dynamicuser=false 2024-02-18 19:44:32 +02:00
398cf45bdf
add etc/systemd/oomd.conf.d/ 2024-02-14 20:26:10 +02:00
c55b2a6aed
{systemd-resolved,unbound}: utilize unfiltered dns0 since nordvpn is unlikely to filter either 2024-02-11 13:37:32 +02:00
13a8956758
{resolved,unbound}/nordvpn: add dns0 in case it helps with automatic connection issues 2024-02-02 08:51:52 +02:00
57ac0a8c7a
systemd: add nordvpnd.service.d 2024-01-27 10:20:55 +02:00
7c9aaef375
systemd/service.d: add iwd.conf & network-online.conf 2024-01-27 10:19:08 +02:00
58bc1dd726
systemd-networkd/wlan: comments for when iwd doesn't manage network 2024-01-27 10:18:18 +02:00
73604ae80f
systmed-timesyncd: add {google,facebook}.conf commented 2024-01-26 10:47:18 +02:00
cc76eb7d5c
timesyncd.conf.d/finland: add ntp.miuku.net
It would have NTS and this is hoping for systemd-timesyncd to support it one day
2024-01-26 10:44:55 +02:00
e3381049b5
systemd-timesyncd/hetzner: replace with individual servers 2024-01-26 10:43:07 +02:00
7a2b36864b
systemd-resolved/nordvpn.conf: add what appears to be their IPv6 2024-01-20 12:41:21 +02:00
62fc911835
systemd-resolved: accidentally rewrit nordvpn.conf
Now accounting for precense of unbound as a maybe fallback resolver
2024-01-20 12:35:23 +02:00
7748d64ad7
systemd: deduplicate qbittorrent, add qbittorrent-nox@.service overrides 2024-01-06 12:34:44 +02:00
39dffa8939
systemd service.d: move common explanations from never-fail.conf to README.md 2024-01-04 12:35:48 +02:00
d99566d26f
systemd/service.d: add nordvpn.conf 2024-01-04 12:31:11 +02:00
aa97b82e31
systemd-resolved: add nordvpn.conf 2024-01-04 12:25:53 +02:00
feef4cbba5
bluetooth.service.d: clarify comments on tested distros & ponder name 2023-12-28 21:30:26 +02:00
be618810c5
bluetooth.service.d: drop fedora- from experimental.conf 2023-12-28 21:28:27 +02:00
9d69584103
Revert "systemd/service.d: add for-network-online.conf so the service is enabled for that"
This reverts commit 0dc32a525a.
2023-12-25 21:26:10 +02:00
fc91247cd1
Revert "yggdrasil.service.d: also allow yggdrasil to start before network-online"
This reverts commit fbc82b81f4.
2023-12-25 21:25:44 +02:00
68fc6be7b9
Revert "unbound.service.d: add the for-network-online.conf"
This reverts commit 6ba99feb58.
2023-12-25 21:25:22 +02:00
85dbc413f0
systemd/system: write tlp-masker.bash instead of having symlinks to /dev/null 2023-12-25 17:27:30 +02:00
7d8fe8c1fa
systemd/system/README: attempt to fix formatting 2023-12-25 17:03:14 +02:00
0327162daa
systemd-resolved: double dnssec 2023-12-25 15:48:23 +02:00
4286b4a22f
systemd: add start-unbound.service 2023-12-25 15:39:35 +02:00
fbc82b81f4
yggdrasil.service.d: also allow yggdrasil to start before network-online 2023-12-25 12:41:46 +02:00
214966ae54
unbound.service.d: rm WRONG fedora-network-pre.conf 2023-12-25 12:40:40 +02:00
6ba99feb58
unbound.service.d: add the for-network-online.conf 2023-12-25 12:39:58 +02:00
0dc32a525a
systemd/service.d: add for-network-online.conf so the service is enabled for that 2023-12-25 12:38:05 +02:00
90556db965
bluetooth.service.d: add steamos-experimental.conf 2023-11-29 09:54:28 +02:00
91428c51af
systemd-resolved: git rm dot-nextdns.conf 2023-11-26 16:23:31 +02:00
1abfd94f01
systemd-resolved/dot-dns0: merge lines 2023-11-26 16:23:12 +02:00
b583b8a6d4
systemd-resolved/*.conf: add appliedprivacy DoTo443 as a comment 2023-11-26 16:19:55 +02:00
dee168e287
systemd-resolved: merge provider configs 2023-11-26 16:18:15 +02:00
fa3fc72afb
systemd-resolved: cleanup configs I don't recommend 2023-11-26 16:12:38 +02:00
e825c1dac3
systemd-resolved: dot-mullvad.conf: update domains, add commented other server options 2023-11-12 12:51:07 +02:00
60b3c620fb
systemd-resolved: rm dot-mullvad-adblock.conf 2023-11-12 12:46:35 +02:00
b6ecd1b173
systemd-resolved: keep DNSSEC enabled 2023-10-21 11:27:07 +03:00
7b4d791d07
flatpak-update.timer: increase frequency 2023-10-19 10:43:55 +03:00
90edac262a
resolved.conf.d: add dot-dns0-appliedprivacy.conf in style of quad9-ecs-appliedprivacy 2023-10-14 19:18:45 +03:00
1eeef2f511
resolved: add dot-quad9-ecs-appliedprivacy.conf for Steam Deck purposes 2023-10-01 19:06:46 +03:00
5297140958
systemd/limnoria.service: place limit on memory, commented cpuquote 2023-10-01 10:47:06 +03:00
10a841acfe
systemd/journald.conf.d: add 00-journal-size.conf 2023-09-29 15:06:41 +03:00
c32910df57
systemd/syncplay-server.service: use venv
Resolves: #145

Thanks again @EchedeyLR
2023-09-29 10:57:06 +03:00
a4b7bdb51a
systemd/limnoria: use venv & update Ergo's name
Thanks @EchedeyLR (ref: mikaela/shell-things#145)
2023-09-29 10:39:44 +03:00
dfcbc7e971
systemd/timesyncd.conf.d: sync sources from Chrony
This is for SteamOS, although without Yggdrasil (that I am not hacking in
yet) and NTS which systemd-timesyncd doesn't do to my knowledge
2023-09-27 12:16:55 +03:00
24eb3890c2
systemd-resolved: prefer IPv6 over IPv4 2023-09-10 11:16:57 +03:00
1e3a7f8fa3
systemd-resolved/dns-over-tls.conf: drop appliedprivacy#443 to the bottom of the list
Apparently systemd-resolved wants to go in strict order and thus it's always sending my queries to distant Austria instead of neighbouring regions
2023-09-10 11:10:39 +03:00
e2829267d7
systemd: add debugging & symlinks for networkd, resolved, never-fail networkd 2023-09-10 11:07:11 +03:00
c7b5330dfb
systemd/resolved/dot: add missing bracket, remove extra ones
Apparently IPv6 must only be surrounded by brackets, otherwise it's invalid syntax
2023-09-10 09:52:59 +03:00
1d8e457f97
systemd-resolved: add dns-over-tls.conf mimicing unbound's equivalent 2023-09-10 09:31:35 +03:00
4d68dd7e7f
systemd: add journald.conf.d/.gitignore as a placeholder 2023-08-24 16:12:43 +03:00
27dacbf5f8
systemd-networkd: add commented RequiredFamilyForOnline= under [Link] 2023-08-23 14:40:18 +03:00
9fdeb56762
unbound.service.d: add fedora-network-pre.conf 2023-08-04 13:09:58 +03:00
db6bdd6222
unbound.service.d: override to require dnsproxy for starting 2023-08-03 12:43:10 +03:00
6fdfad9e93
dnsproxy.service: return to network-pre.target 2023-08-03 12:41:58 +03:00
5acec4c00e
dnsproxy.service: second-guess to start after network-noline.target and before unbound.service? 2023-08-03 12:15:24 +03:00
809d723293
systemd: fix symlinks to never-fail.conf
Technically they would still work through the yggdrasil symlink, but I don't like it
2023-08-03 11:54:01 +03:00
bbd7a02b60
dnsproxy.service: start before network management and hope it handles dynamic network conditions 2023-08-03 11:50:52 +03:00
918bdc2a97
systemd: move never-fail to more appropiate location 2023-08-03 11:50:12 +03:00
eab5c3b07e
systemd/network: add number prefixes as per man systemd.network 2023-07-05 10:57:03 +03:00
a13a0dd86b
systemd-networkd: match naming with types 2023-07-04 11:45:29 +03:00
8cc9353374
systemd-networkd: configure based on type rather than name, add a comment on MACAddress matching
Resolves: warnings on potentially unpredictable interface names.
2023-07-04 11:24:29 +03:00
30253761b3
systemd/network: enable IPv6 Privacy Extensions and link-local stable-privacy 2023-06-25 14:13:00 +03:00
cbdfc0f46d
systemd-networkd: unmanage wlan0 2023-06-25 10:36:29 +03:00
f61d8c3edb
systemd/dnsproxy.service: use the same DNS0 for bootstrap as DoH 2023-06-11 08:56:04 +03:00
1b1514f993
systemd: add masks required by tlp as a note to self 2023-05-25 07:48:22 +03:00
0a5e526cc5
systemd-networkd/eth0: don't require being up
Resolves: #157
2023-03-31 13:33:27 +03:00
5f6bddfe8a
systemd: add NetworkManager-wait-online.service & systemd-networkd-wait-online.service to refresh my memory 2023-03-25 18:32:23 +02:00
1b113e0c3e
etc/systemd/network: add commented DHCP=yes 2023-03-07 15:02:13 +02:00
514ed85374
etc/systemd/network: update samples and comments to reflect my current views 2023-03-07 14:46:28 +02:00
0cfb5859ad
dnsproxy: remove --user that doesn't apply anymore 2023-02-23 14:31:48 +02:00
4761b94331
dnsproxy.service: convert to system service 2023-02-23 14:25:12 +02:00
9bdc67dd29
unbound & systmed-resolved: add DNS0 open
Ref: #153
2023-02-23 10:11:03 +02:00
a2c3d9248d
fix ends of lines 2023-02-21 20:11:35 +02:00
b39b5db0d4
run prettier on markdown again? 2023-02-21 19:33:31 +02:00
2e6a03d402
sastisfy editorconfig check 2023-02-21 19:08:54 +02:00
19994e3286
run prettier 2023-02-21 17:54:39 +02:00
4a20f75d3c
etc/systemd/resolved.conf.d: add DNS0 DoT configs
Their website already had the correct syntax for the entries

Ref: #153
2023-02-20 11:49:31 +02:00
36c2688cec
etc/systemd/system/unbound.service.d/never-fail.conf: unbound isn't allowed to fail either 2023-02-03 10:59:31 +02:00
bb7f283891
Revert "systemd/matterbridge.service: import parts of upstream"
This reverts commit 35aea33043.

Ref: https://github.com/42wim/matterbridge/issues/1794
2022-04-04 09:50:46 +03:00
35aea33043
systemd/matterbridge.service: import parts of upstream
https://github.com/42wim/matterbridge/wiki/Service-files#systemd
2022-04-04 08:35:23 +03:00
82ef806e9f
systemd-resolved README: add quickstart, remove extra h-levels 2022-03-28 20:43:03 +03:00
17da76e484
systemd/resolved/README.md: add the ArchWiki DNSSEC issue links 2022-03-28 20:37:37 +03:00
f55c00dae6
systemd/resolved/README.md: add missing word, improve formatting 2022-03-28 20:36:11 +03:00
8c532e3ef8
etc…resolved…: add/clarify links in/to comments
Courtesy of https://wiki.archlinux.org/title/Systemd-resolved#DNSSEC
2022-03-28 20:34:37 +03:00
d47c374706
etc/ststemd/resolved…: aggressive cleanup/rewriting 2022-03-28 20:28:17 +03:00
64bba542b1
systemd/matterbridge.service: remove -debug, mention /groupId 2022-03-18 10:44:25 +02:00
76814f830f
etc/{i2pd,systemd}: modernise to less bad ideas
The issue has been fixed last year and considering I2Pd can connect
through Yggdrasil natively, tunneling Yggdrasil in is a bad idea and
could lead into Yggdrasil over Yggdrasil loop situation.
2022-03-08 18:18:40 +02:00
1356fccd20
systemd: add flatpak-update.{service,timer}
Resolves: #121
2021-12-18 13:45:53 +02:00
1b4ac2b6d7
etc/systemd/system.conf.d: add log4shell.conf 2021-12-13 13:09:35 +02:00
5704353d55
systemd: copy matterbridge restarter into gitea one
It used to stop working randomly without a good reason, but that is
likely fixed upstream a long time ago and while I removed it from cron,
these units exist so should the issue recur, I can throw these back in.

The cron wasn't randomized though, but I don't think there is harm in
this being a bit random.
2021-12-06 23:48:40 +02:00
8e69874534
matterbridge-restart.timer: fix language 2021-12-06 23:48:30 +02:00
bd91ef704d
systemd: matterbridge.timer -> matterbridge-restart.{service,timer}
Resolves: #98
2021-11-22 09:56:56 +02:00
9ba056cfd3
matterbridge-cleanup.service: fix typo, ignore exit state 2021-11-21 17:15:12 +02:00
62573195d9
systemd: add matterbridge-cleanup.{service,timer}
Resolves: #98
2021-11-21 17:11:44 +02:00
13278214d1
matterbridge.timer: OnBootSec=0 just in case
Ref: #98
2021-11-21 16:59:05 +02:00
29f7cf6b98
systemd: first attempt at matterbridge restarter timer
Ref: #98
2021-11-21 16:52:14 +02:00
4f50f4a367
systemd-resolved: don't DNSSEC with adblocking 2021-11-21 11:37:03 +02:00
12fe7a59a8
etc/systemd/resolved: add configuration for Mullvad DoT 2021-11-21 11:16:11 +02:00
12127744b5
systemd: also keep trying Chrony 2021-10-03 09:58:59 +03:00
84e714b55e
systemd: keep retrying yggdrasil, don't sleep 2021-10-03 09:58:03 +03:00
a5836327c4
etc: pipewire & bluetooth: enable codes, battery reporting
https://web.archive.org/web/20210614103423/https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
2021-06-14 13:36:34 +03:00
126918d98d
systemd/limnoria.service: add TZ env & RestartSec 2021-06-02 17:50:30 +03:00
c1768cae67
systemd: "rewrite" supybot -> limnoria, move znc, rmdir irc/ 2021-05-16 18:00:31 +03:00
306270c441
etc/systemd: rm cjdns & miredo, I am unlikely to use them again 2021-05-16 11:15:34 +03:00
c8e89a5817
systemd: add coredump.conf.d/biggercores.conf 2021-02-18 14:47:23 +02:00
a0c61231f4
systemd/resolved.conf.d: add snopyta-strict.conf
While posting an example how I would do it I might as well put it here
2021-02-10 16:12:42 +02:00
b20f3367b1
systemd/yggdrasil: add mullvad-exclude (& fix chrony override typo) 2020-12-09 09:38:49 +02:00
40d535f2c0
systemd/chrony.service.d/mullvad-exclude: actually fix this 2020-12-08 18:36:34 +02:00
0c7038da14
systemd: systemd-resolved.service.d/unbound.conf: After unbound 2020-10-30 10:19:39 +02:00
fe83cbbb3a
systemd: add config for excluding Chrony from Mullvad 2020-10-30 08:04:58 +02:00
993759577e
Bind systemd-resolved to Unbound 2020-10-25 09:05:07 +02:00
1e70d7d4d7
etc/systemd-resolved&unbound: add Quad9 ECS configs
Untested. The last time I saw the documentation, they didn't mention
DoT.
2020-10-21 17:09:20 +03:00
31a15a9abc
systemd-resolved & unbound: update AdGuard IPs
Resolves: #81
2020-09-27 14:34:54 +03:00
cf8dc85ec0
systemd/timesyncd.conf.d: add cloudflare.conf 2020-08-09 10:51:36 +03:00
82cf5e7742
systemd/resolved.conf.d: add generic NextDNS confs 2020-08-09 00:07:06 +03:00
73fb88e11d
systemd-resolved.conf.d: everywhere -> 00-everywhere 2020-07-24 12:16:31 +03:00
69f55cd724
systemd/resolved: adguard-strict -> adguard-dot 2020-07-18 14:05:36 +03:00
550b68d149
etc/systemd/resolved: add [adguard,cloudflare}-strict.conf
I am not actually using either though and I am not sure if I will,
but maybe they are nice to have as a backup here just in case.
2020-07-18 02:20:56 +03:00
b3cb953b9c
systemd/resolved: add a comment to everywhere.conf too
as every other file explains who it is for, why not this
2020-07-04 19:09:26 +03:00
0ae22081a0
etc/systemd-resolved: rework all files more or less
* explain things in README.md, don't duplicate comments
* opportunistic-insecure.conf should be used everywhere by default, so
  thus it's now everywhere.conf. However I am yet to test it does what
  I expect, so this is bad case of testing in production or after
  committing it in general.
2020-07-04 19:06:18 +03:00
7a73088beb
systemd/resolved.conf.d/quad9*.conf: enable SNI 2020-06-26 12:22:09 +03:00
bce9af0edd
resolved.conf: add quad9-compat.conf 2020-06-26 12:22:09 +03:00
d1fc83913b
systemd/user: add ipfs, transmission-daemon (from system) 2020-03-30 08:42:06 +03:00
b217baaec9
systemd/system: update syncplay-server.service
It never got the TLS flag apparently
2020-03-27 18:02:34 +02:00
64d5fef6f3
ipfs.service: point to the new meta issue 2020-02-29 18:03:32 +02:00