shell-things

mirror of https://gitea.blesmrt.net/mikaela/shell-things.git synced 2024-11-06 09:29:22 +01:00

Author	SHA1	Message	Date
Aminda Suomalainen	c2c7d401dd	sudoers.d: add teamviewerd	2024-03-13 09:07:25 +02:00
Aminda Suomalainen	a6c2c28727	etc/yum.repos.d: add teamviewer.repo	2024-03-13 09:02:40 +02:00
Aminda Suomalainen	0729b8b681	chromium policy: add Chrome Remote Desktop	2024-03-13 08:46:10 +02:00
Aminda Suomalainen	be8e2d655e	aminda-extensions.json: fix allowed_url paths (paths unsupported, must not contain /*	2024-03-13 08:45:30 +02:00
Aminda Suomalainen	7d48ac8a1a	sysctl.d/99-enable-ipv6.conf: workaround NordVPN	2024-03-12 17:55:32 +02:00
Aminda Suomalainen	5c1dce8d36	{firefox,chromium} policy: explicitly configure PrivacyBadger I think all of these default to true anyway, but explicit is better than implicit is what they say	2024-03-12 10:15:15 +02:00
Aminda Suomalainen	cfe02d26be	chromiun: allow wayback machine to function on archive.org by default	2024-03-10 07:59:27 +02:00
Aminda Suomalainen	e4304fd641	chromium: block uBlock Origin from Chrome/Edge stores to avoid conflict with AdNauseam force_install	2024-03-09 15:54:13 +02:00
Aminda Suomalainen	e35c477a71	firefox policy: block uBlock & uMatrix to avoid conflict with force_install AdNauseam	2024-03-09 15:45:02 +02:00
Aminda Suomalainen	685b14c2f6	firefox policy: block wayback machine	2024-03-09 15:41:39 +02:00
Aminda Suomalainen	26ecc69156	chromium policy: add doh-mullvad-base.json	2024-03-09 10:52:54 +02:00
Aminda Suomalainen	ee36e24997	Chromium policy: add blank new tab	2024-03-09 10:52:31 +02:00
Aminda Suomalainen	3eb921f212	chromium: adjust runtime_allowed_hosts for DDG as per Edge's behaviour	2024-03-09 10:30:22 +02:00
Aminda Suomalainen	d7244eefc5	aminda-extensions.json: click to run wbm	2024-03-08 11:19:07 +02:00
Aminda Suomalainen	5149b23598	browser policies: add wayback machine	2024-03-08 08:41:41 +02:00
Aminda Suomalainen	16d6a3df09	browser policies: install Bias Finder	2024-03-08 08:29:54 +02:00
Aminda Suomalainen	0f23d25647	firefox policy: add offline-qr-code-generator	2024-03-04 12:29:45 +02:00
Aminda Suomalainen	f2e8b86665	browser policies: remove AdNauseam advancedSettings	2024-03-02 16:26:47 +02:00
Aminda Suomalainen	6029869230	browsers: force_install Privacy Badger again While this isn't the recommended configuration, Privacy Badger has the widget replacements, automatic learning (enabled by default as per this policy), canvas protection etc. AdNauseam again can replace NoScript (that I previously removed from the policies for too aggressive for basic users) and fails to click ads for me anyway, so I think this is the best option for me.	2024-02-29 11:22:29 +02:00
Aminda Suomalainen	d242b05e76	browser policies: ship AdNauseam in filterAuthorMode	2024-02-29 08:56:59 +02:00
Aminda Suomalainen	e343e80858	Weaken protection for Ad Nauseam since I am already so unique/fingerprintable	2024-02-28 20:55:46 +02:00
Aminda Suomalainen	2d7539b0ed	browser policies: install AdNauseam	2024-02-28 20:04:08 +02:00
Aminda Suomalainen	2e4744bc90	Don't install NoScript on browsers automatically due to being a bit extreme on unsuspecting family members after self-reflection.	2024-02-27 09:44:28 +02:00
Aminda Suomalainen	5c3e5e29b3	browser policies: add Terms of Service;Didn't Read	2024-02-26 12:20:47 +02:00
Aminda Suomalainen	8b0e28f417	firefox policies: also keep sidebery installed	2024-02-24 11:08:48 +02:00
Aminda Suomalainen	2620f975fc	add etc/dnf/protected.d/ I am plotting switching to systemd-bootd in hopes of getting my kernel version unfrozen	2024-02-23 11:37:48 +02:00
Aminda Suomalainen	3498e0d830	firefox. fix peertube-companion ID	2024-02-23 08:59:50 +02:00
Aminda Suomalainen	4ff3705df0	firefox: force install peertube companion as a stronger stance against youtube centralization	2024-02-22 19:55:17 +02:00
Aminda Suomalainen	6afb099d1c	chromium: don't enable the labs button It has nothing that interesting and is just distraction.	2024-02-21 09:52:00 +02:00
Aminda Suomalainen	c6304ca36a	chromium/doh-dns0: allow fallback to system dns	2024-02-21 09:51:20 +02:00
Aminda Suomalainen	04be9339d5	Chromium: restrict DuckDuckGo to itself and google.com	2024-02-20 14:59:56 +02:00
Aminda Suomalainen	4dbfd94d90	{chromium,firefox}: force install (& pin in Chromium) Snowflake too	2024-02-19 18:00:06 +02:00
Aminda Suomalainen	303f69a671	firefox: actually force_install tab suspender	2024-02-19 16:45:36 +02:00
Aminda Suomalainen	0f95863ea2	systemd/earlyoom.service.d: conflicts, never-fail & dynamicuser=false	2024-02-18 19:44:32 +02:00
Aminda Suomalainen	52b2dd1e69	Chromium policy README.md: linkify extensions	2024-02-17 18:25:37 +02:00
Aminda Suomalainen	11baf2e142	Chromium README.md: add TODO/Inconsistencies	2024-02-16 19:47:58 +02:00
Aminda Suomalainen	a1056807bf	firefox: add peertubeify as indiewiki buddy kind of opened the door for it	2024-02-16 19:41:45 +02:00
Aminda Suomalainen	67ddd26f71	browser policies: include indiewiki buddy	2024-02-16 17:13:33 +02:00
Aminda Suomalainen	fe8ac1bbb7	unbound: remove blocklists, deprecated by Browser Policy	2024-02-15 20:47:34 +02:00
Aminda Suomalainen	398cf45bdf	add etc/systemd/oomd.conf.d/	2024-02-14 20:26:10 +02:00
Aminda Suomalainen	f4423b251f	etc: add firefox-esr for Debian	2024-02-14 11:25:44 +02:00
Aminda Suomalainen	22426e858c	firefox & chromium policy READMEs: links to upstream on top	2024-02-12 17:10:51 +02:00
Aminda Suomalainen	c55b2a6aed	{systemd-resolved,unbound}: utilize unfiltered dns0 since nordvpn is unlikely to filter either	2024-02-11 13:37:32 +02:00
Aminda Suomalainen	75d8833b03	firefox/policies.json: fix DDG Start Description & Method	2024-02-11 13:33:27 +02:00
Aminda Suomalainen	75b938f3ce	firefox policies: restore pocket, searchengines	2024-02-11 13:23:04 +02:00
Aminda Suomalainen	3b99fd30b7	Chromium policy README.md: note the PrivacyPass domains	2024-02-11 13:13:13 +02:00
Aminda Suomalainen	2b45c13960	Chromium policy README.md: add forgotten NoScript	2024-02-11 13:11:37 +02:00
Aminda Suomalainen	121aedd2ff	chromium: add noscript	2024-02-10 12:39:19 +02:00
Aminda Suomalainen	d37d9e8019	firefox policies: add noscript	2024-02-10 12:34:52 +02:00
Aminda Suomalainen	e4d223ab42	chromium: default unpin snowflake & silk	2024-02-08 10:54:05 +02:00
Aminda Suomalainen	da0ab06fdf	chromium: install DuckDuckGo by default	2024-02-08 10:46:30 +02:00
Aminda Suomalainen	7afdc0e046	firefox: install DuckDuckGo by default	2024-02-08 10:42:34 +02:00
Aminda Suomalainen	6bd2acac6b	firefox policies.json: clean up advertisements	2024-02-08 10:31:31 +02:00
Aminda Suomalainen	963f266dad	firefox: note that search engine policy is ESR-only	2024-02-08 10:15:26 +02:00
Aminda Suomalainen	fa4395def9	firefox policies.json: add new tab suspender	2024-02-08 10:06:57 +02:00
Aminda Suomalainen	3cd94522df	firefox policies.json: add extensions based on the Chromium one	2024-02-08 10:03:07 +02:00
Aminda Suomalainen	e71446363b	firefox policy README.md: add link to documentation	2024-02-08 09:37:06 +02:00
Aminda Suomalainen	4a849a8811	chromium: add Silk (Privacy Pass) & Snowflake	2024-02-07 17:07:54 +02:00
Aminda Suomalainen	e7f137f282	chromium: rename policies to be in line with my unbound/resolved naming	2024-02-07 10:51:12 +02:00
Aminda Suomalainen	c1af586c26	chromium README: quick explanations	2024-02-07 10:46:57 +02:00
Aminda Suomalainen	5eab48fcd5	chromium README: sort aminda-extensions.json	2024-02-07 10:38:15 +02:00
Aminda Suomalainen	0e26c96b39	chromium: add privacy-manager	2024-02-07 10:34:43 +02:00
Aminda Suomalainen	ce175c5645	etc/init-browser-policies.bash: ln -siv	2024-02-06 11:43:45 +02:00
Aminda Suomalainen	f4c796c5ed	etc: add quick script init-browser-policies.bash	2024-02-05 20:54:17 +02:00
Aminda Suomalainen	e672d04d46	rm etc/install Obsolete script that I don't ever remember using	2024-02-05 20:34:45 +02:00
Aminda Suomalainen	8c11a1afce	brave policies	2024-02-05 19:06:35 +02:00
Aminda Suomalainen	f0ee77fa05	add symlinks and README for Vivaldi policies as well	2024-02-05 18:58:50 +02:00
Aminda Suomalainen	3c9a97ed2f	chromium/enable-ech-ocsp.json: additionally enable AdditionalDnsQueryTypesEnabled & BuiltInDnsClientEnabled	2024-02-04 10:29:41 +02:00
Aminda Suomalainen	902f011468	chromium: add multiple mutually incompatible policy files	2024-02-04 10:21:10 +02:00
Aminda Suomalainen	13a8956758	{resolved,unbound}/nordvpn: add dns0 in case it helps with automatic connection issues	2024-02-02 08:51:52 +02:00
Aminda Suomalainen	8e1f947591	etc/opt: edge is chromium	2024-02-01 19:58:11 +02:00
Aminda Suomalainen	82014c0c0c	etc/firefox/policies: add README.md	2024-02-01 19:48:27 +02:00
Aminda Suomalainen	738ddcbfaf	firefox policies: add EnableTrackingProtection	2024-02-01 19:43:03 +02:00
Aminda Suomalainen	f0fe1a93b2	firefox policies: add DoH	2024-02-01 19:36:26 +02:00
Aminda Suomalainen	2c67c85786	rm etc/librewolf: it's not read and overrides LibreWolf customizations	2024-02-01 19:07:40 +02:00
Aminda Suomalainen	f37ec89f3f	etc/firefox/policies/policies.json: initial commit (just PrivacyBadger and LibreAwoo symlink so far)	2024-02-01 18:50:13 +02:00
Aminda Suomalainen	b53f8f6f52	chroium policy: default_unpin fedora user agent	2024-01-31 18:49:16 +02:00
Aminda Suomalainen	e1eae5dd48	chromium policies: throw in Dark Reader and Bitwarden	2024-01-31 14:28:14 +02:00
Aminda Suomalainen	7cb754def8	chrome policies: force_enable HttpsOnlyMode	2024-01-31 14:12:21 +02:00
Aminda Suomalainen	23bcc0e908	test managed chrome profilies	2024-01-31 13:43:10 +02:00
Aminda Suomalainen	bc39daa2ed	unbound/insecure-domains: add norwegianwifi.com while it's unlikely for me to run unbound on flight	2024-01-27 13:09:14 +02:00
Aminda Suomalainen	57ac0a8c7a	systemd: add nordvpnd.service.d	2024-01-27 10:20:55 +02:00
Aminda Suomalainen	7c9aaef375	systemd/service.d: add iwd.conf & network-online.conf	2024-01-27 10:19:08 +02:00
Aminda Suomalainen	58bc1dd726	systemd-networkd/wlan: comments for when iwd doesn't manage network	2024-01-27 10:18:18 +02:00
Aminda Suomalainen	e9b77cbc05	etc/iwd/main.conf: disable network configuration	2024-01-27 10:15:54 +02:00
Aminda Suomalainen	73604ae80f	systmed-timesyncd: add {google,facebook}.conf commented	2024-01-26 10:47:18 +02:00
Aminda Suomalainen	cc76eb7d5c	timesyncd.conf.d/finland: add ntp.miuku.net It would have NTS and this is hoping for systemd-timesyncd to support it one day	2024-01-26 10:44:55 +02:00
Aminda Suomalainen	e3381049b5	systemd-timesyncd/hetzner: replace with individual servers	2024-01-26 10:43:07 +02:00
Aminda Suomalainen	3b3f1c5193	chrony/ntppool.sources: add zone links to comments	2024-01-25 09:40:34 +02:00
Aminda Suomalainen	e2e130ea5d	chrony/sources.d/hetzner.sources: replace pool with individual servers	2024-01-24 20:32:23 +02:00
Aminda Suomalainen	ff1bc7b3ba	nts-servers.sources: no preferring non-ISP servers	2024-01-24 20:00:22 +02:00
Aminda Suomalainen	e246d21038	chrony/sources: add the ntppool.sources although commented	2024-01-24 18:04:15 +02:00
Aminda Suomalainen	48976cacce	chrony/sources.d: prefer ISP and CF The ISP should be closest server to sync to and Cloudflare is anycast with potentially lower stratum than the other nts servers. 'nts' implies 'require' and 'trust' already and other servers get picked over lower stratum although higher distance.	2024-01-24 10:57:52 +02:00
Aminda Suomalainen	8a93a2a9ac	unbound: another accidental rewrite of nordvpn.conf, now with IPv6	2024-01-23 09:20:13 +02:00
Aminda Suomalainen	e5fb27a15e	nts-servers.sources: System76 is actually not an NTS pool	2024-01-22 12:56:20 +02:00
Aminda Suomalainen	9e0333908d	nts-servers.sources: bring the uncommented Finnish server closer to top	2024-01-22 12:53:53 +02:00
Aminda Suomalainen	9c90a36069	chrony/nts-servers.sources: update System76 entries, increase their line numbers	2024-01-22 12:52:44 +02:00
Aminda Suomalainen	7a2b36864b	systemd-resolved/nordvpn.conf: add what appears to be their IPv6	2024-01-20 12:41:21 +02:00
Aminda Suomalainen	62fc911835	systemd-resolved: accidentally rewrit nordvpn.conf Now accounting for precense of unbound as a maybe fallback resolver	2024-01-20 12:35:23 +02:00
Aminda Suomalainen	7ec7937d2f	chrony: add ntp.miuku.net	2024-01-17 13:16:37 +02:00
Aminda Suomalainen	ddbd1acca0	ssh: disable RSA host key	2024-01-12 13:50:49 +02:00
Aminda Suomalainen	53c78384e0	etc/apt/sources.list: rm ubuntu* Seems pretty outdated and I cannot see the purpose.	2024-01-07 12:33:53 +02:00
Aminda Suomalainen	2b4487fccb	etc/sources.list.d: add untested nordvpn.list for the only Debian around	2024-01-07 12:29:49 +02:00
Aminda Suomalainen	7748d64ad7	systemd: deduplicate qbittorrent, add qbittorrent-nox@.service overrides	2024-01-06 12:34:44 +02:00
Aminda Suomalainen	86575ddd37	etc/sudoers.d/lecture: rewrite comment including superuser & serverfault links	2024-01-05 13:17:22 +02:00
Aminda Suomalainen	0f5dceed49	etc/sudoers.d: add nordvpn	2024-01-05 12:56:06 +02:00
Aminda Suomalainen	39dffa8939	systemd service.d: move common explanations from never-fail.conf to README.md	2024-01-04 12:35:48 +02:00
Aminda Suomalainen	d99566d26f	systemd/service.d: add nordvpn.conf	2024-01-04 12:31:11 +02:00
Aminda Suomalainen	8a73d0fd63	unbound.conf.d: add nordvpn.conf	2024-01-04 12:28:38 +02:00
Aminda Suomalainen	aa97b82e31	systemd-resolved: add nordvpn.conf	2024-01-04 12:25:53 +02:00
Aminda Suomalainen	8771c98645	etc/yum.repos.d/brave-*: remove unknown option autorefresh	2024-01-04 07:45:11 +02:00
Aminda Suomalainen	09b64835f7	etc/yum.repos.d/nordvpn.repo: initial commit I don't want to use their curlbash and I am considering a Revolut plan that would include their standard plan as well	2024-01-03 16:54:59 +02:00
Aminda Suomalainen	bb60cbe8e6	yum/repos.d/librewolf-repo.repo: correct repo name	2024-01-03 16:53:38 +02:00
Aminda Suomalainen	e4c6ff7569	etc/sudoers.d: add lecture for always giving the first time lecture	2024-01-02 10:54:53 +02:00
Aminda Suomalainen	9a0895e412	unbound: merge dot-quad9-ecs.conf into dot-quad9.conf	2023-12-31 16:38:05 +02:00
Aminda Suomalainen	dba9d4c908	unbound/dot-dns0-*.conf: merge to dot-dns0.conf	2023-12-30 15:46:22 +02:00
Aminda Suomalainen	a6dd953817	etc/dracut.conf.d/10-asahi.conf: workaround F40 kernel update failures	2023-12-29 13:26:25 +02:00
Aminda Suomalainen	feef4cbba5	bluetooth.service.d: clarify comments on tested distros & ponder name	2023-12-28 21:30:26 +02:00
Aminda Suomalainen	be618810c5	bluetooth.service.d: drop fedora- from experimental.conf	2023-12-28 21:28:27 +02:00
Aminda Suomalainen	f31cb882a5	practically rewrite etc/resolv.conf	2023-12-26 10:51:30 +02:00
Aminda Suomalainen	9d69584103	Revert "systemd/service.d: add for-network-online.conf so the service is enabled for that" This reverts commit `0dc32a525a`.	2023-12-25 21:26:10 +02:00
Aminda Suomalainen	fc91247cd1	Revert "yggdrasil.service.d: also allow yggdrasil to start before network-online" This reverts commit `fbc82b81f4`.	2023-12-25 21:25:44 +02:00
Aminda Suomalainen	68fc6be7b9	Revert "unbound.service.d: add the for-network-online.conf" This reverts commit `6ba99feb58`.	2023-12-25 21:25:22 +02:00
Aminda Suomalainen	85dbc413f0	systemd/system: write tlp-masker.bash instead of having symlinks to /dev/null	2023-12-25 17:27:30 +02:00
Aminda Suomalainen	7d8fe8c1fa	systemd/system/README: attempt to fix formatting	2023-12-25 17:03:14 +02:00
Aminda Suomalainen	0327162daa	systemd-resolved: double dnssec	2023-12-25 15:48:23 +02:00
Aminda Suomalainen	f8f71d77a2	resolv.conf: add systemd-resolved default as a comment too	2023-12-25 15:40:41 +02:00
Aminda Suomalainen	4286b4a22f	systemd: add start-unbound.service	2023-12-25 15:39:35 +02:00
Aminda Suomalainen	fbc82b81f4	yggdrasil.service.d: also allow yggdrasil to start before network-online	2023-12-25 12:41:46 +02:00
Aminda Suomalainen	214966ae54	unbound.service.d: rm WRONG fedora-network-pre.conf	2023-12-25 12:40:40 +02:00
Aminda Suomalainen	6ba99feb58	unbound.service.d: add the for-network-online.conf	2023-12-25 12:39:58 +02:00
Aminda Suomalainen	0dc32a525a	systemd/service.d: add for-network-online.conf so the service is enabled for that	2023-12-25 12:38:05 +02:00
Aminda Suomalainen	5f6e07f353	etc/…/dnf.conf: note RPMCoW plugin in comment on delta RPMs	2023-12-18 09:00:49 +02:00
Aminda Suomalainen	3f0557b1d0	move & update pipewire-media-session notes to wireplumber	2023-12-17 21:56:45 +02:00
Aminda Suomalainen	2222ebd249	wireplumber: note package pipewire-codec-aptx	2023-12-17 21:48:57 +02:00
Aminda Suomalainen	e9fe061b2c	etc/sudoers.d: add insults	2023-12-15 13:04:08 +02:00
Aminda Suomalainen	dc1fa5e65d	wireplumber/61-more-codecs.lua: note that all disables HQ playback	2023-11-30 10:43:01 +02:00
Aminda Suomalainen	b770e2f51d	etc/wireplumber: don't artificially restrict codecs	2023-11-30 10:38:06 +02:00
Aminda Suomalainen	90556db965	bluetooth.service.d: add steamos-experimental.conf	2023-11-29 09:54:28 +02:00
Aminda Suomalainen	88bfa88985	experimental wireplumber configuration	2023-11-29 09:44:35 +02:00
Aminda Suomalainen	9853513f01	dnf: disable DeltaRPMs	2023-11-27 09:12:45 +02:00
Aminda Suomalainen	91428c51af	systemd-resolved: git rm dot-nextdns.conf	2023-11-26 16:23:31 +02:00
Aminda Suomalainen	1abfd94f01	systemd-resolved/dot-dns0: merge lines	2023-11-26 16:23:12 +02:00
Aminda Suomalainen	b583b8a6d4	systemd-resolved/*.conf: add appliedprivacy DoTo443 as a comment	2023-11-26 16:19:55 +02:00
Aminda Suomalainen	dee168e287	systemd-resolved: merge provider configs	2023-11-26 16:18:15 +02:00
Aminda Suomalainen	fa3fc72afb	systemd-resolved: cleanup configs I don't recommend	2023-11-26 16:12:38 +02:00
Aminda Suomalainen	16ddfd92e8	chrony/sources.d: rethink yggdrasil.sources	2023-11-22 11:28:21 +02:00
Aminda Suomalainen	865e816384	chrony/finland.sources: enable xleave for the known Chrony	2023-11-22 10:17:32 +02:00
Aminda Suomalainen	88f443911f	chrony/yggdrasil.sources: comment kincarron, unlikely to return in near future	2023-11-22 08:38:40 +02:00
Aminda Suomalainen	b9bc665e07	chrony/nts-servers.sources: comment sources not in Finland	2023-11-22 08:38:12 +02:00
Aminda Suomalainen	6918ac27d4	yum.repos.d: add mullvad.repo	2023-11-20 21:27:48 +02:00
Aminda Suomalainen	da99ce785f	chrony/conf.d: add .FIXME suffix to ca-certificates.conf, clarifying comments	2023-11-16 20:19:39 +02:00
Aminda Suomalainen	428802a4fd	unbound: rm mullvad configuration It's wrong and I am not currently using it	2023-11-12 12:51:54 +02:00
Aminda Suomalainen	e825c1dac3	systemd-resolved: dot-mullvad.conf: update domains, add commented other server options	2023-11-12 12:51:07 +02:00
Aminda Suomalainen	60b3c620fb	systemd-resolved: rm dot-mullvad-adblock.conf	2023-11-12 12:46:35 +02:00
Aminda Suomalainen	f64b94894c	resolv.tsv: update Mullvad addresses	2023-11-12 12:45:43 +02:00
Aminda Suomalainen	4f2f41762c	etc/yum.repos.d: note LibreWolf upstream documentation	2023-11-11 18:27:55 +02:00
Aminda Suomalainen	35b90b6d06	resolv.tsv: update/add/fix Mullvad offering	2023-11-10 15:14:42 +02:00
Aminda Suomalainen	d2c6f99401	ssh_config: remove deprecated option useroaming Even Debian Bookworm mentions it as deprecated in ssh -vvv and I seriously doubt I have such old SSH running anywhere	2023-10-28 22:27:06 +03:00
Aminda Suomalainen	4f87dd6221	samba/playstation2.conf: specify hosts allow	2023-10-28 20:35:08 +03:00
Aminda Suomalainen	ad59c45eb3	yum.repos.d/README.md: update Yggdrasil address	2023-10-28 18:12:51 +03:00
Aminda Suomalainen	b6ecd1b173	systemd-resolved: keep DNSSEC enabled	2023-10-21 11:27:07 +03:00
Aminda Suomalainen	7b4d791d07	flatpak-update.timer: increase frequency	2023-10-19 10:43:55 +03:00
Aminda Suomalainen	94c23e2f7d	etc/nginx: fix line endings and indentation UNTESTED! TODO WIP etc.?	2023-10-19 09:27:55 +03:00
Aminda Suomalainen	90edac262a	resolved.conf.d: add dot-dns0-appliedprivacy.conf in style of quad9-ecs-appliedprivacy	2023-10-14 19:18:45 +03:00
Aminda Suomalainen	79210446ed	local/share/applications: add SteamOS-kscreenlocker.desktop symlink	2023-10-09 12:54:34 +03:00
Aminda Suomalainen	5419ff1bc7	move submodule to submodules/	2023-10-09 12:50:52 +03:00
Aminda Suomalainen	b8f1aa69dd	unbound/00-insecure-domains.conf: add router.asus.com	2023-10-07 13:10:07 +03:00
Aminda Suomalainen	1eeef2f511	resolved: add dot-quad9-ecs-appliedprivacy.conf for Steam Deck purposes	2023-10-01 19:06:46 +03:00
Aminda Suomalainen	5297140958	systemd/limnoria.service: place limit on memory, commented cpuquote	2023-10-01 10:47:06 +03:00
Aminda Suomalainen	024fd40e87	git rm etc/hosts.append https://gitea.blesmrt.net/mikaela/gist/src/branch/master/DNS/blocklist.txt	2023-09-30 17:39:47 +03:00
Aminda Suomalainen	d7acebbe45	chrony/sources.d/yggdrasil: remove Teknologia Avoimeksi	2023-09-30 17:38:45 +03:00
Aminda Suomalainen	10a841acfe	systemd/journald.conf.d: add 00-journal-size.conf	2023-09-29 15:06:41 +03:00
Aminda Suomalainen	c32910df57	systemd/syncplay-server.service: use venv Resolves: #145 Thanks again @EchedeyLR	2023-09-29 10:57:06 +03:00
Aminda Suomalainen	a4b7bdb51a	systemd/limnoria: use venv & update Ergo's name Thanks @EchedeyLR (ref: mikaela/shell-things#145)	2023-09-29 10:39:44 +03:00
Aminda Suomalainen	2c47aaae48	sshd_config.d/README.md: fix formatting, note priority	2023-09-28 14:35:21 +03:00
Aminda Suomalainen	c0fcc82c4d	sshd_config: add 00- prefix to basic-security.conf as apparently first wins in ssh	2023-09-28 14:34:13 +03:00
Aminda Suomalainen	f20e23df42	sshd_config.d: maybe keyed root login is fine in special case of SteamOS on Steam Deck?	2023-09-27 18:02:50 +03:00
Aminda Suomalainen	71a8913d37	update submodule etc/chrony/sources.d/jauderho-nts-servers	2023-09-27 12:21:32 +03:00
Aminda Suomalainen	dfcbc7e971	systemd/timesyncd.conf.d: sync sources from Chrony This is for SteamOS, although without Yggdrasil (that I am not hacking in yet) and NTS which systemd-timesyncd doesn't do to my knowledge	2023-09-27 12:16:55 +03:00
Aminda Suomalainen	9429b48aaa	etc/iwd/main.conf: throw in comments on defaults	2023-09-26 17:33:12 +03:00
Aminda Suomalainen	ce7ab5ea40	grub/forcefsck: add fsck.repair=yes	2023-09-24 17:26:40 +03:00
Aminda Suomalainen	49d6dfc766	update submodule etc/chrony/sources.d/jauderho-nts-servers	2023-09-17 20:29:37 +03:00
Aminda Suomalainen	24eb3890c2	systemd-resolved: prefer IPv6 over IPv4	2023-09-10 11:16:57 +03:00
Aminda Suomalainen	1e3a7f8fa3	systemd-resolved/dns-over-tls.conf: drop appliedprivacy#443 to the bottom of the list Apparently systemd-resolved wants to go in strict order and thus it's always sending my queries to distant Austria instead of neighbouring regions	2023-09-10 11:10:39 +03:00
Aminda Suomalainen	e2829267d7	systemd: add debugging & symlinks for networkd, resolved, never-fail networkd	2023-09-10 11:07:11 +03:00
Aminda Suomalainen	c7b5330dfb	systemd/resolved/dot: add missing bracket, remove extra ones Apparently IPv6 must only be surrounded by brackets, otherwise it's invalid syntax	2023-09-10 09:52:59 +03:00
Aminda Suomalainen	1d8e457f97	systemd-resolved: add dns-over-tls.conf mimicing unbound's equivalent	2023-09-10 09:31:35 +03:00
Aminda Suomalainen	4d68dd7e7f	systemd: add journald.conf.d/.gitignore as a placeholder	2023-08-24 16:12:43 +03:00
Aminda Suomalainen	27dacbf5f8	systemd-networkd: add commented RequiredFamilyForOnline= under [Link]	2023-08-23 14:40:18 +03:00
Aminda Suomalainen	2e1a5cbfe1	chrony: add ca-certificates.conf to explicitly specify their location	2023-08-20 11:13:51 +03:00
Aminda Suomalainen	5120a7aff8	update submodule jauderho-nts-servers	2023-08-20 11:13:28 +03:00
Aminda Suomalainen	78bb0cdcc8	etc/resolv.tsv: add Applied Privacy	2023-08-05 12:36:20 +03:00
Aminda Suomalainen	9fdeb56762	unbound.service.d: add fedora-network-pre.conf	2023-08-04 13:09:58 +03:00
Aminda Suomalainen	34b4ffb8ac	unbound/dns-over-tls.conf: cut to 443 and private ECS capable non-filtering servers	2023-08-04 12:45:03 +03:00
Aminda Suomalainen	d024ac1234	Revert "rm etc/unbound/unbound.conf.d/dns-over-tls.conf" This reverts commit `e9998f4079`.	2023-08-04 12:27:41 +03:00
Aminda Suomalainen	db6bdd6222	unbound.service.d: override to require dnsproxy for starting	2023-08-03 12:43:10 +03:00
Aminda Suomalainen	6fdfad9e93	dnsproxy.service: return to network-pre.target	2023-08-03 12:41:58 +03:00
Aminda Suomalainen	5acec4c00e	dnsproxy.service: second-guess to start after network-noline.target and before unbound.service?	2023-08-03 12:15:24 +03:00
Aminda Suomalainen	809d723293	systemd: fix symlinks to never-fail.conf Technically they would still work through the yggdrasil symlink, but I don't like it	2023-08-03 11:54:01 +03:00
Aminda Suomalainen	bbd7a02b60	dnsproxy.service: start before network management and hope it handles dynamic network conditions	2023-08-03 11:50:52 +03:00
Aminda Suomalainen	918bdc2a97	systemd: move never-fail to more appropiate location	2023-08-03 11:50:12 +03:00
Aminda Suomalainen	f3c9d1006b	update submodule etc/chrony/sources.d/jauderho-nts-servers	2023-07-29 21:31:46 +03:00
Aminda Suomalainen	2738d239ce	etc/yum.repos.d: add librewolf-repo.repo	2023-07-13 12:24:14 +03:00
Aminda Suomalainen	eab5c3b07e	systemd/network: add number prefixes as per man systemd.network	2023-07-05 10:57:03 +03:00
Aminda Suomalainen	5749b2c0fa	update submodule etc/chrony/sources.d/jauderho-nts-servers	2023-07-04 11:46:33 +03:00
Aminda Suomalainen	a13a0dd86b	systemd-networkd: match naming with types	2023-07-04 11:45:29 +03:00
Aminda Suomalainen	8cc9353374	systemd-networkd: configure based on type rather than name, add a comment on MACAddress matching Resolves: warnings on potentially unpredictable interface names.	2023-07-04 11:24:29 +03:00
Aminda Suomalainen	d3c613bc41	etc/iwd/main.conf: add spacing, comment AddressRandomization=disabled for Realtek	2023-06-25 17:58:41 +03:00
Aminda Suomalainen	30253761b3	systemd/network: enable IPv6 Privacy Extensions and link-local stable-privacy	2023-06-25 14:13:00 +03:00
Aminda Suomalainen	cbdfc0f46d	systemd-networkd: unmanage wlan0	2023-06-25 10:36:29 +03:00
Aminda Suomalainen	6159876f05	unbound/blocklist.conf: add {reddit,twitter}.com to support the protest	2023-06-11 18:53:16 +03:00
Aminda Suomalainen	f61d8c3edb	systemd/dnsproxy.service: use the same DNS0 for bootstrap as DoH	2023-06-11 08:56:04 +03:00
Aminda Suomalainen	c54a8c0a10	update submodule etc/chrony/sources.d/jauderho-nts-servers	2023-06-10 08:20:22 +03:00
Aminda Suomalainen	7ac9b9a7cc	etc/unbound/blocklist: remove duplicates, add graph.facebook.com `local-zone: "google-analytics.com." always_refuse` implies subdomains	2023-06-06 12:09:48 +03:00
Aminda Suomalainen	5d00ccaf6b	unbound: add blocklist-tld.conf mainly for zip & mov	2023-05-28 10:36:52 +03:00
Aminda Suomalainen	1b1514f993	systemd: add masks required by tlp as a note to self	2023-05-25 07:48:22 +03:00
Aminda Suomalainen	8fb52ec8f2	add shfmt	2023-05-18 11:58:51 +03:00
Aminda Suomalainen	687a6433bb	add & run prettier-plugin-nginx	2023-05-18 11:35:13 +03:00
Aminda Suomalainen	e0dc070cd1	etc/nginx: append .nginx to file names in preparation of prettier-nginx	2023-05-18 11:17:24 +03:00
Aminda Suomalainen	ca2956b678	unbound/blocklist: note encrypted client hello	2023-05-13 17:17:20 +03:00
Aminda Suomalainen	603ac4a011	unbound/blocklist.conf: remove Mozilla Telemetry	2023-05-13 17:16:17 +03:00
Aminda Suomalainen	fdeab81c2b	unbound/blocklist.conf: add matrix.to as dared by !KMbEUhVQHLwZHmwzKX:matrix.org	2023-05-13 17:14:45 +03:00
Aminda Suomalainen	19f3a0b720	update submodule jauderho-nts-servers	2023-05-12 09:30:28 +03:00
Aminda Suomalainen	58ead9302c	etc/apt/sources.list: keep adding non-free-firmwares Fixes: `94d26e811a` Resolves: #159	2023-05-12 09:29:32 +03:00
Aminda Suomalainen	42f1c58fa0	etc/yum.repos.d: add vivaldi	2023-05-08 20:54:22 +03:00
Aminda Suomalainen	442a4fb89a	update submodules	2023-05-04 15:57:12 +03:00
Aminda Suomalainen	94d26e811a	etc/apt/sources.list: enable non-free-firmware for Debians Resolves: #159	2023-04-10 17:07:48 +03:00
Aminda Suomalainen	8309e9254e	ssh_config: StrictHostKeyChecking accept-new	2023-04-03 11:03:48 +03:00
Aminda Suomalainen	0a5e526cc5	systemd-networkd/eth0: don't require being up Resolves: #157	2023-03-31 13:33:27 +03:00
Aminda Suomalainen	5f6bddfe8a	systemd: add NetworkManager-wait-online.service & systemd-networkd-wait-online.service to refresh my memory	2023-03-25 18:32:23 +02:00
Aminda Suomalainen	bae5e38347	etc/samba/playstation2.conf: apparently both log level & syslog lines are needed	2023-03-25 12:12:57 +02:00
Aminda Suomalainen	3e9331c84f	etc/samba/playstation2.conf: move deadtime & keepalive to [global]	2023-03-25 12:05:43 +02:00
Aminda Suomalainen	4757f05060	etc/samba/playstation2.conf: fix logging?	2023-03-25 12:03:54 +02:00
Aminda Suomalainen	f43106f002	etc/samba/playstation2.conf: enable logging	2023-03-25 11:55:54 +02:00
Aminda Suomalainen	e491a114a1	etc/samba/playstation2.conf: disable deadtime, shorten keepalive	2023-03-25 11:46:33 +02:00
Aminda Suomalainen	7ea097c6fe	etc/resolv.conf: search for . Resolves: #156	2023-03-24 10:37:52 +02:00
Aminda Suomalainen	6333883dc3	etc/samba/playstation2.conf: document issues coming up with real hardware	2023-03-14 16:57:14 +02:00
Aminda Suomalainen	30684318aa	etc/resolv.tsv: test ECS support of some empty fields	2023-03-11 15:54:04 +02:00
Aminda Suomalainen	33301bb8e5	etc/chrony/sources.d: update submodule	2023-03-11 08:18:48 +02:00
Aminda Suomalainen	cc0e5514ab	etc/chrony/sources.d: update submodule, add license information, add German servers	2023-03-10 09:49:35 +02:00
Aminda Suomalainen	4f7d891f68	jauderho-nts-servers: update submodule	2023-03-09 11:45:58 +02:00
Aminda Suomalainen	1b113e0c3e	etc/systemd/network: add commented DHCP=yes	2023-03-07 15:02:13 +02:00
Aminda Suomalainen	514ed85374	etc/systemd/network: update samples and comments to reflect my current views	2023-03-07 14:46:28 +02:00
Aminda Suomalainen	d51d8e810a	update submodule, symlink	2023-03-07 12:08:53 +02:00
Aminda Suomalainen	a80342b82b	etc/samba/playstation2.conf: rename share to PS2SMB, update comments	2023-03-03 17:14:19 +02:00
Aminda Suomalainen	e265916ba1	etc/samba/playstation2.conf: initial commit	2023-03-03 09:54:02 +02:00
Aminda Suomalainen	e9998f4079	rm etc/unbound/unbound.conf.d/dns-over-tls.conf I think the file is inherently flawed due to different types of filtering/non-filtering resolvers, different locations, unknown ECS policies etc. Importantly I am not actively looking at this and just came across old version running in production	2023-02-26 09:15:19 +02:00
Aminda Suomalainen	5350804d41	etc/resolv.tsv: remove /fi/ from DNS0.eu ECS links	2023-02-25 14:33:52 +02:00
Aminda Suomalainen	e839c83f53	etc/resolv.tsv: add EDNS Client-Subnet support & sources	2023-02-25 14:12:39 +02:00
Aminda Suomalainen	e520e78c1a	etc/resolv.tsv: add/update AdGuard	2023-02-25 13:58:47 +02:00
Aminda Suomalainen	06f6f2f2a6	etc/resolv.conf: uncomment trust-ad less dd to press when actually applying this	2023-02-24 08:43:41 +02:00
Aminda Suomalainen	faf242d8ca	etc/yum.repos.d: add brave beta & nightly Yes, the upstream instructions say nightly and beta have the same key	2023-02-23 21:28:52 +02:00
Aminda Suomalainen	0cfb5859ad	dnsproxy: remove --user that doesn't apply anymore	2023-02-23 14:31:48 +02:00
Aminda Suomalainen	4761b94331	dnsproxy.service: convert to system service	2023-02-23 14:25:12 +02:00
Aminda Suomalainen	9bdc67dd29	unbound & systmed-resolved: add DNS0 open Ref: #153	2023-02-23 10:11:03 +02:00
Aminda Suomalainen	cc5e7b7225	unbound: add DNS0 & DNS0 zero DoT config Resolves: #153	2023-02-22 10:58:04 +02:00
Aminda Suomalainen	a2c3d9248d	fix ends of lines	2023-02-21 20:11:35 +02:00
Aminda Suomalainen	b39b5db0d4	run prettier on markdown again?	2023-02-21 19:33:31 +02:00
Aminda Suomalainen	2e6a03d402	sastisfy editorconfig check	2023-02-21 19:08:54 +02:00
Aminda Suomalainen	19994e3286	run prettier	2023-02-21 17:54:39 +02:00
Aminda Suomalainen	fcb57144c9	chmod -x *.desktop && add .pre-commit-config.yaml	2023-02-21 16:16:33 +02:00
Aminda Suomalainen	1706269308	etc/resolv.tsv: add dns0 open Resolves: #154	2023-02-21 12:57:55 +02:00
Aminda Suomalainen	1385bf6105	ssh_config: comment ProxyCommand I just keep disabling it anyway so it's more harm than good	2023-02-21 10:11:34 +02:00
Aminda Suomalainen	4a20f75d3c	etc/systemd/resolved.conf.d: add DNS0 DoT configs Their website already had the correct syntax for the entries Ref: #153	2023-02-20 11:49:31 +02:00
Aminda Suomalainen	8e3244f785	etc/resolv.tsv: add mobileconfig links This is just the official ones I found, I could link to encrypted-dns.party, but that is a task for later, I can find it without this file Resolves: #152	2023-02-20 11:43:32 +02:00
Aminda Suomalainen	5ee54038de	etc/ssh/ssh_config: retab	2023-02-17 17:29:45 +02:00
Aminda Suomalainen	ff524fec97	etc/yum.repos.d: add fedora-crystal.repo	2023-02-13 17:47:23 +02:00
Aminda Suomalainen	1b243c279d	resolv.tsv: fix formatting	2023-02-13 11:52:43 +02:00
Aminda Suomalainen	4257bf5341	etc: resolv.csv -> resolv.tsv	2023-02-13 11:44:36 +02:00
Aminda Suomalainen	8ab861d791	etc/iwd/main.conf: uncomment "AddressRandomizationRange=nic" and update comment	2023-02-10 22:04:12 +02:00
Aminda Suomalainen	421087e536	etc/resolv.csv: add DNS0.eu Resolves: #150	2023-02-09 11:56:09 +02:00
Aminda Suomalainen	47eaebeece	etc/chrony/sources.d: submodule the curated NTS server list gist for future discoverability This repository is random anyway and has files that don't belong such as resolv.csv	2023-02-06 10:43:46 +02:00
Aminda Suomalainen	36c2688cec	etc/systemd/system/unbound.service.d/never-fail.conf: unbound isn't allowed to fail either	2023-02-03 10:59:31 +02:00
Aminda Suomalainen	3439b284a7	etc/iwd/main.conf: note that AddressRandomizationRange=nic has 254 possible addresses	2023-01-28 18:37:43 +02:00
Aminda Suomalainen	6b2cb6575b	etc/iwd/main.conf: add a comment(ed/) on AddressRandomizationRange=nic	2023-01-27 13:21:32 +02:00
Aminda Suomalainen	ebc01c16eb	{etc,var/lib/}iwd/: read manual, adjust accordingly	2023-01-27 10:51:51 +02:00
Aminda Suomalainen	d2dc35b2d1	etc/iwd/main.conf: add egrep to the check/refresh command	2023-01-22 21:06:46 +02:00
Aminda Suomalainen	86b2bbabcb	etc/iwd/main.conf: fix comment typos, remove unnecessary section Channel ranking on Lumina was unrelated to 5 GHz not getting used.	2023-01-22 21:02:15 +02:00
Aminda Suomalainen	a92c1444c7	etc/iwd/main.conf: mention iw dev wlan0 scan	2023-01-22 17:43:47 +02:00
Aminda Suomalainen	da914331ea	etc/iwd/main.conf: update the comment on how I perceive Country to work	2023-01-22 17:13:54 +02:00
Aminda Suomalainen	825f2745de	etc/iwd/main.conf: request regdom/Country FI	2023-01-22 08:11:03 +02:00
Aminda Suomalainen	53dcbb1d28	etc/iwd: attempt to prefer 5&6 GHz over 2.4 GHz	2023-01-21 18:32:44 +02:00
Aminda Suomalainen	edadd1f453	etc/iwd/main.conf: initial commit	2023-01-06 14:50:14 +02:00
Aminda Suomalainen	3aa962024e	etc/NetworkManager/conf.d/iwd.conf: add wifi.iwd.autoconnect=true This seems to affect nothing though	2023-01-06 14:02:55 +02:00
Aminda Suomalainen	caa0d5e185	etc/ssh/ssh_config: add VisualHostKey yes	2022-12-19 19:42:10 +02:00
Aminda Suomalainen	c9251b5acd	chrony/conf.d: add require-nts.conf Resolves: #148	2022-12-06 14:47:45 +02:00
Aminda Suomalainen	6cf6426df6	etc/chrony/sources.d/dna-moi: turn to pool of 3	2022-12-05 13:21:52 +02:00
Aminda Suomalainen	28068278c4	chrony/sources.d/finland.sources: add mikes time{1,2,3}	2022-12-05 12:49:23 +02:00
Aminda Suomalainen	77dfbf59af	etc/dnf/dnf.conf: add a commented cachedir for zaldaryn	2022-11-30 17:56:17 +02:00
Aminda Suomalainen	0619d60340	etc/chrony/README.md: note GH cadusilva's check command Ref: #148	2022-11-26 12:30:24 +02:00
Aminda Suomalainen	b94e62b884	chrony/sources.d/nts: add System76 Paris & time.nl Ref: #148	2022-11-26 12:28:01 +02:00
Aminda Suomalainen	c484b20cb3	chrony/sources.d/finland: remove snopyta part of the NTP pool anyway	2022-11-26 12:13:18 +02:00
Aminda Suomalainen	b350e525e6	etc/ssh/ssh_config: torify ssh	2022-10-10 23:00:16 +03:00
Aminda Suomalainen	1de04a8367	unbound/00-insecure-domains.conf: add http.badssl.com, my captive portal trigger goto	2022-10-03 22:01:15 +03:00
Aminda Suomalainen	9ad97b4560	etc/default/grub.d: add cpufreq-powersave.cfg	2022-09-21 16:34:28 +03:00
Aminda Suomalainen	b16a6a428c	etc/tlp.d/lumina.conf: add powersave cpu governor	2022-09-21 16:32:12 +03:00
Aminda Suomalainen	903774fc10	dnf.conf: set commented timeout to 2, note not setting it lower Otherwise there is trouble with the default value of 'migrate' and too many working mirrors start failing	2022-09-17 21:51:13 +03:00
Aminda Suomalainen	037b57fe00	etc/dnf/dnf.conf: add commented timeout (30 -> 5 seconds) S3 seems down and I am not patient enough to wait for 30 seconds X times	2022-09-17 21:42:15 +03:00
Aminda Suomalainen	d2bbe52a21	etc/yum.repos.d: replace unstable protonvpn with stable	2022-09-17 20:20:55 +03:00
Aminda Suomalainen	b4c663db73	torrc-client: update hybridirc-onion	2022-09-02 13:25:23 +03:00
Aminda Suomalainen	d2aeabb1c9	etc/pki/ca-trust/source/anchors/README.md: add a note on installing CA certificates	2022-08-15 18:42:46 +03:00
Aminda Suomalainen	71cc6e18ef	etc/yum.repos.d: add brave-browser.repo I am not impressed by the upstream documentation.	2022-07-05 17:54:39 +03:00
Aminda Suomalainen	e9fcfbb1c3	sysctl.d/99-ssd-swappiness.conf: add reminder on earlyoom	2022-06-24 23:15:59 +03:00
Aminda Suomalainen	3c23a31d18	etc/sysctl.d: add 99-ssd-swappiness.conf (and .gitignore) The default 99-sysctl.conf doesn't have to be here, it's a symlink to top directory anyway.	2022-06-13 17:20:53 +03:00
Aminda Suomalainen	3e3added6c	etc/tlp.d: add lumina.conf	2022-06-04 14:17:22 +03:00
Aminda Suomalainen	1c86e28c67	etc/yum.repos.d/README.md: note `sudo fedora-third-party enable`	2022-04-21 09:13:44 +03:00
Aminda Suomalainen	e74d1b6eea	etc/tor: add torrc.d, README, http.conf	2022-04-12 15:10:45 +03:00
Aminda Suomalainen	bb7f283891	Revert "systemd/matterbridge.service: import parts of upstream" This reverts commit `35aea33043`. Ref: https://github.com/42wim/matterbridge/issues/1794	2022-04-04 09:50:46 +03:00
Aminda Suomalainen	35aea33043	systemd/matterbridge.service: import parts of upstream https://github.com/42wim/matterbridge/wiki/Service-files#systemd	2022-04-04 08:35:23 +03:00
Aminda Suomalainen	12db5c8841	torrc-client: uncomment 8118	2022-03-31 08:26:55 +03:00
Aminda Suomalainen	82ef806e9f	systemd-resolved README: add quickstart, remove extra h-levels	2022-03-28 20:43:03 +03:00
Aminda Suomalainen	17da76e484	systemd/resolved/README.md: add the ArchWiki DNSSEC issue links	2022-03-28 20:37:37 +03:00
Aminda Suomalainen	f55c00dae6	systemd/resolved/README.md: add missing word, improve formatting	2022-03-28 20:36:11 +03:00
Aminda Suomalainen	8c532e3ef8	etc…resolved…: add/clarify links in/to comments Courtesy of https://wiki.archlinux.org/title/Systemd-resolved#DNSSEC	2022-03-28 20:34:37 +03:00
Aminda Suomalainen	d47c374706	etc/ststemd/resolved…: aggressive cleanup/rewriting	2022-03-28 20:28:17 +03:00
Aminda Suomalainen	64bba542b1	systemd/matterbridge.service: remove -debug, mention /groupId	2022-03-18 10:44:25 +02:00
Aminda Suomalainen	76814f830f	etc/{i2pd,systemd}: modernise to less bad ideas The issue has been fixed last year and considering I2Pd can connect through Yggdrasil natively, tunneling Yggdrasil in is a bad idea and could lead into Yggdrasil over Yggdrasil loop situation.	2022-03-08 18:18:40 +02:00
Aminda Suomalainen	3513928492	etc/tor/torrc-client: add PirateIRC	2022-03-02 14:44:13 +02:00
Aminda Suomalainen	5613e1bd9a	etc/tor/…-client: add hybridirc onion	2022-02-26 21:07:39 +02:00
Aminda Suomalainen	d2e21e9b4e	etc/resolv.csv: add OpenDNS DoT with a question mark Ref: #127	2022-02-23 09:58:06 +02:00
Aminda Suomalainen	859bc2a28c	etc/sudoers.d: add restart-matterbridge Allows restarting matterbridge passwordlessly	2022-02-14 12:14:22 +02:00
Aminda Suomalainen	0778849f34	etc/sudoers.d: rm protonvpn TODO: figure out does the hibernate file have reason for existing, I have faint idea of the package being removed	2022-02-14 12:07:47 +02:00
Aminda Suomalainen	018f80e6fe	etc/pkcs11/modules: correct libcryptoki & README	2022-02-10 17:40:40 +02:00
Aminda Suomalainen	33950a762e	etc/pkcs11/modules: add README.md,libcryptoki.module	2022-02-10 16:33:49 +02:00
Aminda Suomalainen	82d2146706	etc/tor/client: remove PirateIRC and freenode PirateIRC with Ergo is yet to get onion setup and I imagine freenode destroyed their onion a long time ago. I haven't been using it though.	2022-01-17 17:31:33 +02:00
Aminda Suomalainen	df3e710c60	etc/tor/torrc-client: add MapAddress for OFTC	2022-01-17 17:30:39 +02:00
Aminda Suomalainen	f0029674e7	etc/apt/sources.list: also update debug.mirrors.debian.org onion Resolves: #124	2022-01-16 19:17:48 +02:00
Aminda Suomalainen	4c6cc2391f	etc/apt/sources.list: attempt to update to onionV3 Resolves: #124	2022-01-16 19:06:41 +02:00
Aminda Suomalainen	f58d0d7d01	ssh/user-permit-password: add example for multiple users	2022-01-16 15:15:09 +02:00
Mikaela Suomalainen	1356fccd20	systemd: add flatpak-update.{service,timer} Resolves: #121	2021-12-18 13:45:53 +02:00
Mikaela Suomalainen	1b4ac2b6d7	etc/systemd/system.conf.d: add log4shell.conf	2021-12-13 13:09:35 +02:00
Mikaela Suomalainen	5704353d55	systemd: copy matterbridge restarter into gitea one It used to stop working randomly without a good reason, but that is likely fixed upstream a long time ago and while I removed it from cron, these units exist so should the issue recur, I can throw these back in. The cron wasn't randomized though, but I don't think there is harm in this being a bit random.	2021-12-06 23:48:40 +02:00
Mikaela Suomalainen	8e69874534	matterbridge-restart.timer: fix language	2021-12-06 23:48:30 +02:00
Mikaela Suomalainen	8209a74c6b	etc: small xdg/autostarts updates: * pulseeffects -> easyeffects * wire -> deprecated/ * telegramdesktop.desktop: add workaround (and supposedly it didn't exist here, #42) Resolves: #42	2021-12-02 19:52:34 +02:00
Mikaela Suomalainen	bd91ef704d	systemd: matterbridge.timer -> matterbridge-restart.{service,timer} Resolves: #98	2021-11-22 09:56:56 +02:00
Mikaela Suomalainen	9ba056cfd3	matterbridge-cleanup.service: fix typo, ignore exit state	2021-11-21 17:15:12 +02:00
Mikaela Suomalainen	62573195d9	systemd: add matterbridge-cleanup.{service,timer} Resolves: #98	2021-11-21 17:11:44 +02:00
Mikaela Suomalainen	13278214d1	matterbridge.timer: OnBootSec=0 just in case Ref: #98	2021-11-21 16:59:05 +02:00
Mikaela Suomalainen	29f7cf6b98	systemd: first attempt at matterbridge restarter timer Ref: #98	2021-11-21 16:52:14 +02:00
Mikaela Suomalainen	4f50f4a367	systemd-resolved: don't DNSSEC with adblocking	2021-11-21 11:37:03 +02:00
Mikaela Suomalainen	12fe7a59a8	etc/systemd/resolved: add configuration for Mullvad DoT	2021-11-21 11:16:11 +02:00
Mikaela Suomalainen	d49b78680b	etc/resolv.csv: add CZ.NIC ODVR Ref: #110 Ref: #112	2021-11-07 18:59:16 +02:00
Mikaela Suomalainen	1e40420115	unbound: rm outdated yggdrasil-override Ref: #89	2021-10-05 12:38:16 +03:00
Mikaela Suomalainen	bfa51f500b	unbound/dns-over-tls.conf: stop advertising Debian 9	2021-10-05 12:34:10 +03:00
Mikaela Suomalainen	ee293669d9	unbound: add dot-flushable-cache.conf Resolves: #105	2021-10-05 12:33:40 +03:00
Mikaela Suomalainen	862808fe07	etc/yum.repos.d: partially rewrite README.md Main problem was "dnf still reads this repository apparently" where the word "repository" was wrong, and I couldn't fix it without changing everything :)	2021-10-05 12:18:42 +03:00
Mikaela Suomalainen	4b57b299cc	etc/yum.repos.d/*.repo: rename descriptively The fedora-dino.repo was unfriendly towards Windows (#106) and I noticed that the other renamed files contained Fedora, so I think they should be named appropiately. microsoft-edge-dev.repo mentioned generally yumrepos, so it seems to not be Fedora specific.	2021-10-05 12:13:11 +03:00
Mikaela Suomalainen	e49187f9dc	chrony/README: fix Windows doc	2021-10-05 10:59:53 +03:00
Mikaela Suomalainen	12127744b5	systemd: also keep trying Chrony	2021-10-03 09:58:59 +03:00
Mikaela Suomalainen	84e714b55e	systemd: keep retrying yggdrasil, don't sleep	2021-10-03 09:58:03 +03:00
Mikaela Suomalainen	38ef6e7314	chrony/sources/nts: add nts.netnod.se They appear to be the only bigger party hosting NTS in addition to Cloudflare and being in neighbouring country isn't too bad Via https://gist.github.com/jauderho/2ad0d441760fc5ed69d8d4e2d6b35f8d which encouraged me to look into them a bit more. Additionally having read chrony or chrony.conf manual on default behaviour implying NTS servers are "require trust" and when mixing them with NTP servers, NTP servers never get selected unless they agree with NTS servers.	2021-09-26 21:28:06 +03:00
Mikaela Suomalainen	61ad1e935b	00-ptrace-restricted.conf: set to 3 I cannot remember when I last needed it and this makes Edgium about:sandbox happy	2021-09-06 18:45:38 +03:00
Mikaela Suomalainen	575b68fe3a	etc/apt/sources.list/stable: update security name https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#security-archive	2021-08-15 00:42:58 +03:00
Mikaela Suomalainen	c8189a3aa6	chrony/yggdrasil.sources: update jolly-roger address	2021-08-08 00:07:01 +03:00
Mikaela Suomalainen	a7ea71ae38	chrony/conf.d: add cmd.conf Ref: #95 which this attempts to workaround and fails	2021-08-07 23:56:38 +03:00
Mikaela Suomalainen	a43478e430	chrony: add broken NTS configuration Ref: #94	2021-08-07 23:52:15 +03:00
Mikaela Suomalainen	a9f34a8d1c	sysctl/questionable: 99-nonlocalbind.conf Resolves: #55	2021-06-27 17:43:34 +03:00
Mikaela Suomalainen	8f09ff7d45	chrony/confdir: add fedora-sourcedir.conf Fedora doesn't specify non-DHCP sourcedir by default so I specify one here	2021-06-26 23:24:51 +03:00
Mikaela Suomalainen	0c5413171f	sysctl.d: add 00-max-ipv6-route.conf	2021-06-20 00:42:24 +03:00
Mikaela Suomalainen	1c0073920a	pipewire/README: more on pro-audio, alsamixer and not deafening	2021-06-19 23:45:19 +03:00
Mikaela Suomalainen	c73d7a3a0c	sysctl.d: 00-magicsysrq.conf -> 60-magicsysrq.conf Otherwise Fedora seems to overwrite it with priority 50 file	2021-06-19 15:49:27 +03:00
Mikaela Suomalainen	3b99675a34	etc/sysctl.d: go through, mkdir questionable/ Resolves: #93	2021-06-19 15:41:49 +03:00
Mikaela Suomalainen	9c7d0c6210	etc/ssh/config.d: add example.conf So I can stop having to dig this from manual every time I want to configure a new host, and a couple of options I haven't used previously, but could as they seem nice	2021-06-18 13:48:41 +03:00
Mikaela Suomalainen	a5836327c4	etc: pipewire & bluetooth: enable codes, battery reporting https://web.archive.org/web/20210614103423/https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html	2021-06-14 13:36:34 +03:00
Mikaela Suomalainen	437a417697	etc/pipewire/…: say that using Pro-audio is enough fix	2021-06-14 12:13:57 +03:00
Mikaela Suomalainen	93823eabd6	sysctl.d: add 23-starts-unprivileged-ports.conf Self-explanatory within comments. Link list notes to selves contributing into this version: * https://kernelnewbies.org/Linux_4.11 * https://stackoverflow.com/a/51439516 * https://stackoverflow.com/questions/413807/is-there-a-way-for-non-root-processes-to-bind-to-privileged-ports-on-linux#comment90027734_51439516 * https://developer.apple.com/forums/thread/674179 * https://news.ycombinator.com/item?id=18302380 * https://security.stackexchange.com/q/242859 * https://stackoverflow.com/questions/413807/is-there-a-way-for-non-root-processes-to-bind-to-privileged-ports-on-linux#comment90027734_51439516	2021-06-12 21:52:39 +03:00
Mikaela Suomalainen	75731868e7	unbound/dns-over-tls.conf: allow non-Finnish anycast & note being used on servers	2021-06-11 19:39:57 +03:00
Mikaela Suomalainen	126918d98d	systemd/limnoria.service: add TZ env & RestartSec	2021-06-02 17:50:30 +03:00
Mikaela Suomalainen	30a308d29f	torrc-client: add MapAddress for palladium.libera.chat https://libera.chat/guides/connect#verifying-tor-tls-connections	2021-05-27 17:50:03 +03:00
Mikaela Suomalainen	6576e83901	etc/tor/torrc-client: add irc.ergo.chat	2021-05-27 02:52:30 +03:00
Mikaela Suomalainen	6f7016a596	torrc-client: add irc.liberta.casa	2021-05-22 13:16:26 +03:00
Mikaela Suomalainen	c1768cae67	systemd: "rewrite" supybot -> limnoria, move znc, rmdir irc/	2021-05-16 18:00:31 +03:00
Mikaela Suomalainen	306270c441	etc/systemd: rm cjdns & miredo, I am unlikely to use them again	2021-05-16 11:15:34 +03:00
Mikaela Suomalainen	49facd9d39	etc/dnf.conf: comment tor example	2021-05-05 20:43:52 +03:00
Mikaela Suomalainen	aa18d746db	etc/pipewire/README.md: cut a long line into two	2021-05-05 11:02:53 +03:00
Mikaela Suomalainen	4b445c2aaf	etc/pipewire: remove the ...example.donotuse I am quite sure that the config file has changed so much that the file wouldn't work anyway and I don't think I really need it with the important part being in the README.md	2021-05-05 11:01:50 +03:00
Mikaela Suomalainen	c6a75f0962	ssh/anoncvs.conf: fix typo	2021-05-04 16:18:31 +03:00
Mikaela Suomalainen	447e8192c2	etc/default/grub.d: add remember-previous.cfg	2021-04-30 20:05:22 +03:00
Mikaela Suomalainen	ad6ac7d45e	dnf.conf: double max_parallel_downloads	2021-04-28 12:32:58 +03:00
Mikaela Suomalainen	1ad289aa49	unbound/dot-mullvad-adblock.conf: add missing port number	2021-04-27 21:40:16 +03:00
Mikaela Suomalainen	41879fe5e8	unbound.conf.d: rm dns-mullvad, add dot-mullvad[-adblock]	2021-04-27 21:35:58 +03:00
Mikaela Suomalainen	61d19724fa	resolv.csv: add Mullvad	2021-04-27 21:30:46 +03:00
Mikaela Suomalainen	e4c9d168ba	yum.repos.d: add tor.repo	2021-03-28 09:41:15 +03:00
Mikaela Suomalainen	6f8c7de6af	unbound.conf.d: add 00-insecure-domains.conf (WiFi repeater config)	2021-03-14 21:00:32 +02:00
Mikaela Suomalainen	3b4847f447	yum.repos.d/protonvpn-unstable: remove unneeded expansions Fixes pkcon complaining	2021-03-13 18:29:30 +02:00
Mikaela Suomalainen	134999487f	yum.repos.d: add microsoft-edge-dev.repo	2021-03-07 16:46:47 +02:00
Mikaela Suomalainen	93b9bc5ba6	yum.repos.d: move Dino from README to .repo	2021-03-07 16:37:15 +02:00
Mikaela Suomalainen	267f68ae80	yum.repos.d: add microsoft-prod.repo	2021-03-07 16:36:04 +02:00
Mikaela Suomalainen	e5c259eda6	README.md: write about soft-mixer	2021-03-02 12:21:58 +02:00
Mikaela Suomalainen	85d97aec3e	apt/preferences.d/pulseaudio: pin priority -1 backports too	2021-03-01 19:08:18 +02:00
Mikaela Suomalainen	51b0b5dde5	sudoers.d/protonvpn: add more paths & potential legacy note	2021-02-27 09:02:10 +02:00
Mikaela Suomalainen	5903664cb7	yum.repos.d: add protonvpn-unstable.repo	2021-02-26 14:10:38 +02:00
Mikaela Suomalainen	f21e22e80f	etc/sudoers.d: fix name, make notes to README.md	2021-02-26 11:34:20 +02:00
Mikaela Suomalainen	267dd77604	im.riot.Riot.desktop: add missing word "run"	2021-02-19 14:27:16 +02:00
Mikaela Suomalainen	8463fa8f5c	local/share/applications: Riot -> Element Package name hasn't changed though so I imagine the icon is the same too	2021-02-19 13:59:27 +02:00
Mikaela Suomalainen	95a44d0be9	etc/pipewire: document the volume cutoff (pulseaudio style) workaround	2021-02-18 14:51:22 +02:00
Mikaela Suomalainen	c8e89a5817	systemd: add coredump.conf.d/biggercores.conf	2021-02-18 14:47:23 +02:00
Mikaela Suomalainen	8155bec959	sysctl.d: add 00-quic-go-udp-receive-buffer.conf So I will remember it's existence	2021-02-13 09:36:28 +02:00
Mikaela Suomalainen	a0c61231f4	systemd/resolved.conf.d: add snopyta-strict.conf While posting an example how I would do it I might as well put it here	2021-02-10 16:12:42 +02:00
Mikaela Suomalainen	288b010fe5	sshd: move mikaela-prohibit-password.conf to broken/ Apparently OpenSSH only allows PasswordAuthentication yes within a Match block.	2021-02-02 14:12:43 +02:00
Mikaela Suomalainen	1be2720861	sshd: explicitly "terminate" Match blocks by Match All https://unix.stackexchange.com/a/303982/17126 & man sshd_config	2021-02-02 13:58:35 +02:00
Mikaela Suomalainen	3260950712	sshd/anoncvs.conf: vcs users shouldn't ever be asked for a password even if the system would allow that.	2021-02-02 13:06:04 +02:00
Mikaela Suomalainen	2711c5975e	NetworkManager.conf.d: add no-search-domains.conf	2021-02-02 12:52:34 +02:00
Mikaela Suomalainen	7ad17f8087	sshd/user-permit-password.conf: note on how to allow specific user to use passwords	2021-02-01 17:11:06 +02:00
Mikaela Suomalainen	1503367c86	sshd_config & ….d/README: note min version & date	2021-01-31 13:51:06 +02:00
Mikaela Suomalainen	f75bc7bd07	sshd/basic-security.conf: remove deprecated option > /etc/ssh/sshd_config.d/basic-security.conf line 24: Deprecated option UsePrivilegeSeparation OpenSSH_8.4p1, OpenSSL 1.1.1i FIPS 8 Dec 2020	2021-01-31 13:39:51 +02:00
Mikaela Suomalainen	0151bee9b0	sshd/mikaela-prohibit-password.conf: add AuthenticationMethods publickey	2021-01-30 22:15:51 +02:00
Mikaela Suomalainen	f1ea1e17d9	etc/ssh: rm copy	2021-01-30 21:35:05 +02:00
Mikaela Suomalainen	0572613d99	etc/ssh: cut sshd_config into multiple .confs	2021-01-30 21:31:38 +02:00
Mikaela Suomalainen	c5fa3daf29	sshd_config.d: read Mozilla docs & adjust accordingly https://infosec.mozilla.org/guidelines/openssh	2021-01-30 21:18:41 +02:00
Mikaela Suomalainen	5211fb772c	sshd_config.d: add anoncvs.conf	2021-01-30 21:00:06 +02:00
Mikaela Suomalainen	de3a0739b4	sshd_config.d: add mikaela-prohibit-password.conf Resolves: #88	2021-01-30 20:50:21 +02:00
Mikaela Suomalainen	a7c643bb7a	etc/sshd_config.d: add basic-security.conf Ref: 88	2021-01-30 20:47:21 +02:00
Mikaela Suomalainen	8628ec28e0	yum.repos.d: add Dino	2021-01-30 11:01:17 +02:00
Mikaela Suomalainen	84ee7aeada	yum.repos.d: list Keybase too	2021-01-29 19:18:11 +02:00
Mikaela Suomalainen	27d1914424	etc: add dnf/dnf.conf & yum.repos.d/README.md	2021-01-29 19:15:08 +02:00
Mikaela Suomalainen	81296a241c	chrony: cut chrony.d/ into conf.d/ and sources.d/ I hope these are wider defaults than just Debian and allow me to not conflit with package manager, but regardless having a separate sources.d/ looks like a good idea for being able to `chronyc reload sources`	2021-01-29 12:56:38 +02:00
Mikaela Suomalainen	fc0730d7a5	sudoers.d/protonvpn.conf: add /usr/bin/protonvpn	2021-01-28 13:13:28 +02:00
Mikaela Suomalainen	16b19fb34d	torrc-client: add etro.mikaela.info	2021-01-26 19:42:25 +02:00
Mikaela Suomalainen	6216d8cda3	sudoers.d: add passwordless protonvpn-{tray,gui}	2021-01-16 20:40:21 +02:00
Mikaela Suomalainen	2df7aed162	chrony/yggdrasil: add comment & Kotka computers	2021-01-08 11:25:16 +02:00
Mikaela Suomalainen	0f94c59b81	chrony: add hetzner srevers	2020-12-19 13:03:54 +02:00
Mikaela Suomalainen	abb0c37ef2	unbound.conf.d: add yggdrasil-override.conf Begins #89 at a better time	2020-12-15 20:34:01 +02:00
Mikaela Suomalainen	b26c9f698d	chrony/yggdrasil: add Etro	2020-12-15 14:30:30 +02:00
Mikaela Suomalainen	b20f3367b1	systemd/yggdrasil: add mullvad-exclude (& fix chrony override typo)	2020-12-09 09:38:49 +02:00
Mikaela Suomalainen	36b6a99e85	chrony.d: local-servers: add notes + xleave to the first comment	2020-12-09 08:44:34 +02:00
Mikaela Suomalainen	40d535f2c0	systemd/chrony.service.d/mullvad-exclude: actually fix this	2020-12-08 18:36:34 +02:00
Mikaela Suomalainen	f92b8d8d05	chrony.d/yggdrasil.conf: add y.Jolly-Roger	2020-12-06 19:49:12 +02:00
Mikaela Suomalainen	e27e88efd8	chrony.d: add hwtimestamp.conf	2020-12-06 19:26:04 +02:00
Mikaela Suomalainen	4a25481db2	chrony/yggdrasil.conf: add Sedric	2020-12-06 18:36:23 +02:00
Mikaela Suomalainen	5e94147e81	chrony.d/yggdrasil.conf: initial commit	2020-12-06 18:02:43 +02:00
Mikaela Suomalainen	2a615d8241	chrony: note that confdir and NTS require 4.0	2020-12-03 10:52:47 +02:00
Mikaela Suomalainen	e9aefd711b	blocklist.conf: refuse blocked instead of nxdomain Only the Firefox DoH needs to be NXDOMAIN while REFUSE may be more accurate for the rest.	2020-11-21 12:13:55 +02:00
Mikaela Suomalainen	e7a6e00b83	unbound/dns-over-tls: comment Adguard & NextDNS for not being in FI	2020-11-15 09:46:50 +02:00
Mikaela Suomalainen	aadcc009a0	unbound/dns-over-tls.conf: add Adguard (unfiltered) & NextDNS	2020-11-12 16:12:18 +02:00
Mikaela Suomalainen	3289a812ee	unbound: add dns-mullvad.conf (not encrypted) Contains Mullvad Wireguard, OpenVPN and public addresses	2020-11-10 16:04:48 +02:00
Mikaela Suomalainen	9536101263	resolv.csv: add BlahDNS DoH CDNs Just doh1, because it and doh2 resolve into the same addresses for me and I don't want to add duplicate DoH field when only BlahDNS has two differnt addresses for the same thing.	2020-11-08 12:50:31 +02:00
Mikaela Suomalainen	49d969822b	etc/resolv.csv: add BlahDNS Resolves: #85	2020-11-04 12:56:48 +02:00
Mikaela Suomalainen	c302b10caf	chrony.d: restore log.conf	2020-11-01 11:57:57 +02:00
Mikaela Suomalainen	07e8c52f3b	chrony.d/local-servers: remove duplicate line it's in README.md	2020-11-01 11:36:30 +02:00
Mikaela Suomalainen	dced82b820	etc/chrony: break chrony.conf into README.md & chrony.d/	2020-11-01 11:23:59 +02:00
Mikaela Suomalainen	52458cc8aa	chrony.conf: add xleave for peer	2020-11-01 10:47:30 +02:00
Mikaela Suomalainen	84a669f51f	chrony.conf: add note for Windows on nettime	2020-10-31 18:10:25 +02:00
Mikaela Suomalainen	c55e6b97e8	chrony.conf: comments for nmap and VPNs	2020-10-31 14:34:47 +02:00
Mikaela Suomalainen	0c7038da14	systemd: systemd-resolved.service.d/unbound.conf: After unbound	2020-10-30 10:19:39 +02:00
Mikaela Suomalainen	fe83cbbb3a	systemd: add config for excluding Chrony from Mullvad	2020-10-30 08:04:58 +02:00
Mikaela Suomalainen	f878041e2e	unbound/dns-over-tls.conf: reverse order of providers It seems to have some (small?) relevance to where queries go to.	2020-10-29 16:24:52 +02:00
Mikaela Suomalainen	6e1f41533c	unbound/dns-over-tls.conf: comment the 443 appliedprivacy Thinking it a bit more, it's not useful to use their resources on devices that practically never encounter blocked port 853.	2020-10-29 13:22:19 +02:00
Mikaela Suomalainen	b03e00faaa	local/share/apps: add firejailed mirage (todo: test it)	2020-10-29 13:15:48 +02:00
Mikaela Suomalainen	c93034ba7f	unbound/dns-over-tls.conf: major cleanup	2020-10-29 13:15:23 +02:00
Mikaela Suomalainen	8b04c26065	chrony.conf: add a peer comment for LOCALMACHINE.local	2020-10-27 10:35:09 +02:00
Mikaela Suomalainen	dc2ac02412	begin depulseaudioing https://wiki.archlinux.org/index.php/PulseAudio/Troubleshooting#No_sound_below_a_volume_cutoff_or_Clipping_on_a_particular_output_device is too much for me. I expect to suffer this decision too though. * i3: bind audio buttons to amixer (TODO: there are still pulse-specific shortcuts and no shortcut for any kind of a mixer. $TERMINAL alsamixer?) * i3status: comment pulse to make it see alsa * apt: pin pulseaudio to negative priority	2020-10-26 17:21:39 +02:00
Mikaela Suomalainen	9b197cbaed	chrony.conf: add a local server example	2020-10-26 07:34:10 +02:00
Mikaela Suomalainen	258cf72ccb	chrony.conf: mark Cloudflare as a pool of 2	2020-10-25 19:46:36 +02:00
Mikaela Suomalainen	9ae9856c0a	chrony.conf: mark Snopyta & Telia as pools with maxsources 3	2020-10-25 18:54:53 +02:00
Mikaela Suomalainen	51080f52d8	chrony.conf: add comments on allowing lan access	2020-10-25 17:43:07 +02:00
Mikaela Suomalainen	b4ca31e6c6	chrony.conf: add DNA & Telia NTP servers Resolves: #83	2020-10-25 17:22:59 +02:00
Mikaela Suomalainen	4cebe7fbd5	chrony.conf: list NTP servers Ref: #83	2020-10-25 12:44:53 +02:00
Mikaela Suomalainen	993759577e	Bind systemd-resolved to Unbound	2020-10-25 09:05:07 +02:00
Mikaela Suomalainen	73f273f4bb	etc/chrony: add small chrony.conf notes	2020-10-24 11:32:07 +03:00
Mikaela Suomalainen	d3e00fb1a3	xdg-applications: add firejailed appimage of chatterino	2020-10-24 09:11:14 +03:00
Mikaela Suomalainen	1e70d7d4d7	etc/systemd-resolved&unbound: add Quad9 ECS configs Untested. The last time I saw the documentation, they didn't mention DoT.	2020-10-21 17:09:20 +03:00
Mikaela Suomalainen	1467454284	hosts.append: prepend empty line It makes it easier to see where this begins in the appended /etc/hosts	2020-10-21 15:18:03 +03:00
Mikaela Suomalainen	de7184794a	etc: add hosts.append for appending into hosts for systemd-resolved	2020-10-21 15:16:56 +03:00
Mikaela Suomalainen	ca4c85b7df	etc/resolv.csv: add Quad9 ECS The DoT address is guessed and verified to be open through nmap, as it's not documented, I don't know surely that it's what it should. DoH is mentioned in https://www.quad9.net/doh-quad9-dns-servers/ via https://gitlab.com/nitrohorse/ios14-encrypted-dns-mobileconfigs/-/issues/6	2020-10-18 11:11:27 +03:00
Mikaela Suomalainen	cb5781044c	resolv.conf: add OpenDNS Family	2020-10-03 14:56:52 +03:00
Mikaela Suomalainen	5f9cf10c68	resolv.csv: add Cleanbrowsing	2020-10-03 14:07:41 +03:00
Mikaela Suomalainen	531abc1f42	resolv.csv: fix Cloudflare DoT address	2020-10-03 13:49:04 +03:00
Mikaela Suomalainen	96d19d99cb	resolv.csv: add Cloudflare family, fill CF antimalware IPv6	2020-10-03 13:46:13 +03:00
Mikaela Suomalainen	8241d0e695	resolv.csv: add AdGuard Family	2020-10-03 13:42:05 +03:00
Mikaela Suomalainen	ae533261ab	etc/resolv.csv restore Firefox addresses	2020-10-03 13:38:31 +03:00
Mikaela Suomalainen	13a03812ba	resolv.conf: move resolvers to resolv.csv	2020-09-27 15:05:53 +03:00
Mikaela Suomalainen	31a15a9abc	systemd-resolved & unbound: update AdGuard IPs Resolves: #81	2020-09-27 14:34:54 +03:00
Mikaela Suomalainen	09d7a87dfb	fix zaldaryn-r8168?	2020-09-03 19:39:34 +03:00
Mikaela Suomalainen	6c2475676c	unbound.conf.d/dot-adguard.conf: fix SNI domain	2020-08-30 16:56:51 +03:00
Mikaela Suomalainen	edb259b1c8	unbound.conf.d: add dot-adguard.conf	2020-08-30 16:45:35 +03:00
Mikaela Suomalainen	cc965d4692	blocklist.conf: add empty line & incoming.telemetry.mozilla.org	2020-08-22 23:31:54 +03:00
Mikaela Suomalainen	263f828550	unbound blocklist: add ssl.google-analytics.com	2020-08-20 19:30:47 +03:00
Mikaela Suomalainen	94eace15e7	unbound/blocklist.conf: specify it's server clause Introduced by `e4d18d47c5`	2020-08-20 18:38:37 +03:00
Mikaela Suomalainen	cabf7c570d	blocklist.conf: add [www.]google-analytics.com.	2020-08-20 18:33:51 +03:00
Mikaela Suomalainen	b5cafdeb90	unbound: the mass file is not a good idea? cut it?	2020-08-16 12:18:07 +03:00
Mikaela Suomalainen	e4d18d47c5	etc/.../unbound.conf: update for 1.11.0-1+	2020-08-15 10:27:50 +03:00
Mikaela Suomalainen	cf8dc85ec0	systemd/timesyncd.conf.d: add cloudflare.conf	2020-08-09 10:51:36 +03:00
Mikaela Suomalainen	82cf5e7742	systemd/resolved.conf.d: add generic NextDNS confs	2020-08-09 00:07:06 +03:00
Mikaela Suomalainen	c3f9205610	resolv.conf: fix nextdns addresses	2020-08-09 00:03:13 +03:00
Mikaela Suomalainen	bbbe4a2f04	resolv.conf: add Firefox DoH resolvers Excluding Comcast	2020-08-08 20:06:39 +03:00
Mikaela Suomalainen	f58ba9424e	resolv.conf: more notes, hilight systemd-resolved, add DoH addresses	2020-08-08 19:44:08 +03:00
Mikaela Suomalainen	ca25fa1a66	sources.list: rm 16.04.archive.ubuntu.com I don't see enough difference compared to ubuntu. Resolves: #78	2020-08-07 15:58:54 +03:00
Mikaela Suomalainen	0be7388798	sources.list: add ubuntu Resolves: #77	2020-08-07 10:40:22 +03:00
Mikaela Suomalainen	73fb88e11d	systemd-resolved.conf.d: everywhere -> 00-everywhere	2020-07-24 12:16:31 +03:00
Mikaela Suomalainen	8af19aab5e	resolv.conf: link to Mullvad issue while at it	2020-07-23 23:28:14 +03:00
Mikaela Suomalainen	99cda3d7ed	resolv.conf: add a missing word	2020-07-23 23:27:37 +03:00
Mikaela Suomalainen	7da5babc43	resolv.conf: add missing empty line	2020-07-23 22:59:53 +03:00
Mikaela Suomalainen	d3e1aaee30	resolv.conf: more systemd-resolved info	2020-07-23 22:52:32 +03:00
Mikaela Suomalainen	6289837766	resolv.conf: note the systemd-resolved files	2020-07-23 22:43:04 +03:00
Mikaela Suomalainen	a8e9d7d81f	etc/resolv.conf: add option trust-ad	2020-07-20 23:11:55 +03:00
Mikaela Suomalainen	69f55cd724	systemd/resolved: adguard-strict -> adguard-dot	2020-07-18 14:05:36 +03:00
Mikaela Suomalainen	550b68d149	etc/systemd/resolved: add [adguard,cloudflare}-strict.conf I am not actually using either though and I am not sure if I will, but maybe they are nice to have as a backup here just in case.	2020-07-18 02:20:56 +03:00
Mikaela Suomalainen	b3cb953b9c	systemd/resolved: add a comment to everywhere.conf too as every other file explains who it is for, why not this	2020-07-04 19:09:26 +03:00
Mikaela Suomalainen	0ae22081a0	etc/systemd-resolved: rework all files more or less * explain things in README.md, don't duplicate comments * opportunistic-insecure.conf should be used everywhere by default, so thus it's now everywhere.conf. However I am yet to test it does what I expect, so this is bad case of testing in production or after committing it in general.	2020-07-04 19:06:18 +03:00
Mikaela Suomalainen	7a73088beb	systemd/resolved.conf.d/quad9*.conf: enable SNI	2020-06-26 12:22:09 +03:00
Mikaela Suomalainen	bce9af0edd	resolved.conf: add quad9-compat.conf	2020-06-26 12:22:09 +03:00
Mikaela Suomalainen	507b9b15c7	etc/containers: add registries.conf example linking to source, it seems to be enough to get started with podman	2020-05-27 11:01:08 +03:00
Mikaela Suomalainen	856085bd74	ssh_config: document ForwardAgent and ForwardX11... ...Previously they were no without explanation, but it never hurts to explicitly have comments on not doing that, I didn't quickly find anything nice for ForwardAgent, but I remember the Matrix.org people somehow avoiding hearing it and ForwardX11 first result was that StackExchange.	2020-05-22 14:36:26 +03:00
Mikaela Suomalainen	d8d48508bd	ssh_config: update comments, add Includes Resolves: #69	2020-05-22 14:29:37 +03:00
Mikaela Suomalainen	c2c27c8adb	local: add firejail-appimage-patchwork.desktop	2020-05-08 18:14:42 +03:00
Mikaela Suomalainen	5226399637	grub.d: add quiet.cfg to remind me to not remove it	2020-04-08 19:24:22 +03:00
Mikaela Suomalainen	1e08997ad5	etc/sources.list: add (Debian's) experimental	2020-03-30 18:12:16 +03:00
Mikaela Suomalainen	6f2f986d2f	etc/fahclient/config.xml: let the slider be MEDIUM	2020-03-30 09:16:32 +03:00
Mikaela Suomalainen	d1fc83913b	systemd/user: add ipfs, transmission-daemon (from system)	2020-03-30 08:42:06 +03:00
Mikaela Suomalainen	b2dac44a64	etc: add fahclient/config.xml	2020-03-30 08:35:56 +03:00
Mikaela Suomalainen	d39ec4ccfe	grub.d/oldifnames.cfg: update comment I seem to be using it in multiple systems so I cannot say I don't recommend it, when it's understood.	2020-03-29 15:12:00 +03:00
Mikaela Suomalainen	53944a0673	grub.d: add forcefsck.cfg	2020-03-29 15:11:48 +03:00
Mikaela Suomalainen	b217baaec9	systemd/system: update syncplay-server.service It never got the TLS flag apparently	2020-03-27 18:02:34 +02:00
Mikaela Suomalainen	d71357613f	apt/preferences.d/limit-unstable: add unstable-debug repo It may be unhelpful to have debug symbols getting pulled from Unstable while using packages from Testing or even Stable.	2020-03-21 16:40:00 +02:00
Mikaela Suomalainen	9d70aa8119	org.signal.Signal.desktop: rename to Signal Tray	2020-03-09 09:35:19 +02:00
Mikaela Suomalainen	8fc2d8905c	etc/nginx/README.md: add future warning	2020-03-07 21:08:57 +02:00
Mikaela Suomalainen	64d5fef6f3	ipfs.service: point to the new meta issue	2020-02-29 18:03:32 +02:00
Mikaela Suomalainen	b125fc1804	etc/systemd/resolved.conf.d: general.conf -> opportunistic-insecure.conf	2020-02-21 19:03:56 +02:00
Mikaela Suomalainen	60cac14929	etc: add multi-user.cfg	2020-02-18 01:42:27 +02:00
Mikaela Suomalainen	585266bc28	update pomotroid.desktop & add ipfs-desktop.desktop Pomotroid now stores data	2020-02-13 20:17:39 +02:00
Mikaela Suomalainen	a3d7b0af22	etc/default/grub.d/lockdown.cfg: notes + lockdown=integrity comment	2020-02-13 02:03:52 +02:00
Mikaela Suomalainen	b770e356cb	etc/default/grub.d: add lockdown.cfg	2020-02-13 01:17:39 +02:00
Mikaela Suomalainen	60899ca667	etc/sysctl.d: add kernel.yama.ptrace_scope = 1	2020-02-12 22:36:17 +02:00
Mikaela Suomalainen	3e325cca03	etc/sysctl.d: add 00-local-userns.conf with warnings/rant	2020-02-12 22:00:11 +02:00
Mikaela Suomalainen	bd6488e0ed	etc/default/grub.d: nouveau.cfg -> itwjyg.cfg + more modules	2020-02-10 17:54:47 +02:00
Mikaela Suomalainen	fafc6fad62	etc/xdg/autostart: add pomotroid.desktop Resolves: #50	2020-02-09 20:36:56 +02:00
Mikaela Suomalainen	1a8c6fcd24	merge local/share/applications & etc/xdg/autostart	2020-02-09 20:35:54 +02:00
Mikaela Suomalainen	ee0038c568	add /etc/network/interfaces.d/eth0	2020-02-09 14:53:56 +02:00
Mikaela Suomalainen	8472ffa7cd	NetworkManager: add manage-ifupdown.conf	2020-02-09 14:53:01 +02:00
Mikaela Suomalainen	9177966264	etc/default/grub.d: -supposedly & modprobe r8168	2020-02-09 14:50:43 +02:00
Mikaela Suomalainen	da2f090f56	logind.conf.d/lidclose.conf: mention systemd-rfkill, ref: #51	2020-02-03 22:41:47 +02:00
Mikaela Suomalainen	d54ec98f99	NM/iwd.conf: add missing line (enable --now iwd)	2020-02-03 21:40:11 +02:00
Mikaela Suomalainen	d8740f54e1	NetworkManager/conf.d: add iwd.conf for replacing wpa_supplicant	2020-02-03 21:15:35 +02:00
Mikaela Suomalainen	c0399054bb	etc/systemd/login.conf.d/lidclose.conf: ignore lid close	2020-02-03 19:36:05 +02:00
Mikaela Suomalainen	a82e3fd989	etc/NetworkManager: add no-mac-randomizing.conf	2020-01-28 23:12:54 +02:00
Mikaela Suomalainen	b04c724b5b	etc/default/grub.d: add flags to disable hibernating	2020-01-19 13:47:33 +02:00
Mikaela Suomalainen	2168bc47ed	apt/preferences.d: don't consider firefox/jami as badideas	2020-01-12 13:24:11 +02:00
Mikaela Suomalainen	86cb1a02dc	etc/xdg/autostart: add com.github.wwmm.pulseeffects.desktop	2020-01-11 22:25:33 +02:00
Mikaela Suomalainen	e47568e178	etc/xdg/autostart: add Nextcloud.desktop	2020-01-11 22:24:23 +02:00
Mikaela Suomalainen	5c6f66e5fc	etc/apt/preferences.d: add hacks/limit-buster	2020-01-11 22:11:25 +02:00
Mikaela Suomalainen	eabd12a26d	etc/apt/preferenced: move not-so-good-ideas to badideas/	2020-01-11 21:43:52 +02:00
Mikaela Suomalainen	31c53595f8	etc/apt/preferences.d: add limit-unstable from Wireguard	2020-01-11 21:41:09 +02:00
Mikaela Suomalainen	3011004856	NetworkManager/conf.d: add no-resolvconf.conf	2020-01-11 21:05:05 +02:00
Mikaela Suomalainen	346d726bb7	NetworkManager/unbound: note unbound-control-setup	2020-01-03 01:52:21 +02:00
Mikaela Suomalainen	2df7887dda	NetworkManager/conf.d: add unbound.conf For Unbound which I generally use, even while it requires dnssec-trigger	2020-01-02 15:32:50 +02:00
Mikaela Suomalainen	6ae87b6de8	etc/default/grub.d: add oldifnames.cfg see comments of the file for reason	2019-12-30 16:24:42 +02:00
Mikaela Suomalainen	05ffc40c7d	xdg/autostart: add Mullvad-VPN gui	2019-12-28 19:27:52 +02:00
Mikaela Suomalainen	a6c5902c08	etc/default/grub: add random.trust_cpu=on Possibly some help to boot time entropy exhaustion, but it may have been enabled by default already.	2019-12-27 19:46:30 +02:00
Mikaela Suomalainen	b1f7177d7f	etc/xdg/autostart: add dino & jami	2019-12-24 16:58:45 +02:00
Mikaela Suomalainen	4e640e3d50	etc/xdg/autostart: add Riot & -many to Telegram	2019-12-23 12:49:05 +02:00
Mikaela Suomalainen	bc46ad3119	torrc-client: add port 9119 for http	2019-12-23 12:48:33 +02:00
Mikaela Suomalainen	0c4bacc1ca	etc/xdg/autostart: add Gajim & Signal	2019-12-21 18:54:02 +02:00
Mikaela Suomalainen	7541d93206	dns-over-tls.conf: update BlahDNS-JP addresses	2019-12-01 12:48:02 +02:00
Mikaela Suomalainen	10b1b8ad86	unbound/dot: fix outdated comment	2019-11-03 00:49:19 +02:00
Mikaela Suomalainen	7b2c1568d1	unbound/dns-over-tls.conf: replace BlahDNS CH with FI Shutting down on December 31th https://blahdns.com/	2019-11-03 00:15:59 +02:00
Mikaela Suomalainen	4e93c66d67	systemd/resolved.conf.d/quad9: expand on versions	2019-11-02 18:37:12 +02:00
Mikaela Suomalainen	d062d6675c	unbound/blacklist.conf: Riot has fixed it's habits Integration manager and identity server can be configured in settings	2019-10-16 15:01:48 +03:00
Mikaela Suomalainen	5a1ed609ed	update etc/xdg/autostart/README.md	2019-10-12 19:02:45 +03:00
Mikaela Suomalainen	64934af736	etc/xdg/redshift: add icon & chmod +x	2019-10-12 19:02:27 +03:00
Mikaela Suomalainen	a79e9d3c21	etx/xdg/auostart: add com.wire.WireDesktop & telegramdesktop	2019-10-12 19:00:58 +03:00
Mikaela Suomalainen	a482390118	etc/xdg/autostart: deprecate unnecessary ones	2019-10-12 18:46:23 +03:00
Mikaela Suomalainen	1e636a65af	unbound/dns-over-tls.conf: enable BlahDNS over Yggdrasil	2019-10-08 20:52:41 +03:00
Mikaela Suomalainen	077b1a7679	etc/NetworkManager: move relevant parts to conf.d/ I have no idea when I have previously looked into those two files (git history would probably tell me), but I don't think they make much sense, while the important parts can be cut into conf.d/ and applied individually as needed.	2019-10-04 20:18:32 +03:00
Mikaela Suomalainen	16e66010a2	etc/NetworkManager: add conf.d and cp from Itwjyg Strangely Itwjyg is a special case system where I need systemd-resolved and its opportunistic DNSSEC/DoT. I also accidentally forgot dns-none.conf (then dns.conf) there, but systemd-resolved.conf appears to have overridden it, so it was fine and I have now removed the extra one.	2019-10-04 20:10:27 +03:00
Mikaela Suomalainen	cb79fa283a	apt/preferences.d/firefox: add l10n	2019-09-24 21:57:54 +03:00
Mikaela Suomalainen	f1b6101afd	apt/preferences.d: pin firefox[-esr] from sid	2019-09-24 21:46:13 +03:00
Mikaela Suomalainen	bda94cac72	etc/nginx: remove / from the proxies while I still remember	2019-09-18 17:40:00 +03:00
Mikaela Suomalainen	ee03a773c0	apt/preferences.d: add jami	2019-09-17 17:22:15 +03:00
Mikaela Suomalainen	bc9848185d	i2pd: increase tunnel lengths to 2 in hope of better NAT evading	2019-09-15 14:40:44 +03:00
Mikaela Suomalainen	b3dc6ced51	systemd: initial i2pd.service & .d/override.conf Begins #38	2019-09-15 13:52:57 +03:00
Mikaela Suomalainen	b614486427	etc/nginx: more modern working configs from Relpda	2019-09-13 16:32:01 +03:00
Mikaela Suomalainen	0ca2718569	unbound/blocklist.conf: use always_nxdomain, remove publicbt.com	2019-09-10 21:27:23 +03:00
Mikaela Suomalainen	01cd9e7b45	etc/fstab: notes on encryption, tmpfs, cleanup	2019-09-10 00:21:48 +03:00
Mikaela Suomalainen	541a4a4f15	etc/i2pd/tunnels.conf.d: add yggdrasil-in.conf	2019-09-09 14:40:09 +03:00
Mikaela Suomalainen	0c70f41afc	unbound/blocklist: uncomment vector.im, add use-application-dns.net * Vector.im is the identity server that gets restored by itself and I don't seem to ever have any business to Vector.im website, while the other domains I need to visit at times. * use-application-dns.net being NXDOMAIN tells Firefox to not send traffic to Cloudflare DoH. I thought of this when I saw the news and got courage to actually do this after seeing that DNSCrypt-proxy also does so.	2019-09-07 14:42:15 +03:00
Mikaela Suomalainen	91025d7129	etc/default/grub.d: merge mds.cfg into mitigations.cfg Ref: #33 Still missing documentation/comments	2019-09-06 12:38:42 +03:00
Mikaela Suomalainen	f4f8b3f529	grub.d/{mitigations,nosmt}.cfg: initial commit TODO: documents Ref: #34	2019-09-06 01:17:32 +03:00
Mikaela Suomalainen	47c7a3aca2	grub.d: add default-windows.cfg Resolves: #33	2019-09-04 12:00:57 +03:00
Mikaela Suomalainen	4b214b0e0f	etc/default/grub.d: add nouveau	2019-09-04 11:40:06 +03:00
Mikaela Suomalainen	c91b1b97a9	systemd/system: add unit file for etherpad-lite Closes: #27	2019-08-29 13:10:55 +03:00
Mikaela Suomalainen	319ae6c2bf	etc/modprobe.d/blacklist-hdmi-audio.conf: add source	2019-08-29 01:31:32 +03:00
Mikaela Suomalainen	9bb1dbb301	etc/modprobe.d: blacklist snd_hda_codec_hdmi	2019-08-29 01:27:40 +03:00
Mikaela Suomalainen	3f81f02bfd	etc/default/grub.d/sedric.cfg: acpi_backlight=vendor has no effect	2019-08-26 10:23:41 +03:00
Mikaela Suomalainen	06c56bbc78	etc/default/grub.d: add mds.conf for mitigating mds CPU vuln Ref: #22	2019-08-25 20:32:38 +03:00
Mikaela Suomalainen	066c42717c	torrc-client: enable ClientPreferIPv6ORPort as my IPv6 works	2019-08-25 18:39:12 +03:00
Mikaela Suomalainen	9bcd2d61c7	unbound/dns64: add Cloudflare	2019-08-25 18:27:11 +03:00
Mikaela Suomalainen	aa2c53349d	unbound/plain-dns64.conf: add Google DNS	2019-08-25 18:21:16 +03:00
Mikaela Suomalainen	31aa6066b5	unbound/dns-over-tls.conf: don't mention forwards.conf I renamed it.	2019-08-25 18:17:50 +03:00
Mikaela Suomalainen	41644a9b65	unbound: add dns64-over-tls.conf (broken for now)	2019-08-25 18:16:51 +03:00
Mikaela Suomalainen	6308c9af72	unbound: clean up plain-dns64.conf (only TREX for now)	2019-08-25 18:09:50 +03:00
Mikaela Suomalainen	04658408d4	unbound: rename forwards.conf -> plain-dns64.conf	2019-08-25 18:07:28 +03:00
Mikaela Suomalainen	3dc273fbe0	unbound: mention other files of interest in dot & add threads	2019-08-24 12:40:04 +03:00
Mikaela Suomalainen	6274ed8e13	unbound/dot: add nic.cz & nixnet	2019-08-24 12:02:26 +03:00
Mikaela Suomalainen	5462af3059	unbound/dot: add Lelux.fi	2019-08-24 11:57:42 +03:00
Mikaela Suomalainen	7afaa57882	unbound/dot: add Snopyta	2019-08-24 11:55:22 +03:00
Mikaela Suomalainen	4e4d19a765	unbound.conf.d/logging.conf: print statistics hourly	2019-08-20 18:05:19 +03:00
Mikaela Suomalainen	d7d252f98f	unbound/logging: add statistics printing	2019-08-20 17:41:43 +03:00
Mikaela Suomalainen	2c3fe4a5df	unbound: enable IPv6 preferring	2019-08-20 12:49:19 +03:00
Mikaela Suomalainen	be7c4185eb	etc/unbound/dns-over-tls: comment Cloudflare	2019-08-20 11:49:37 +03:00
Mikaela Suomalainen	56b5b905e2	fix github link, closes #16	2019-08-18 02:05:52 +03:00
Mikaela Suomalainen	26624bcd5d	unbound.conf.d: increase TTL to 15 mins from 5	2019-08-17 21:06:01 +03:00
Mikaela Suomalainen	d539237fbf	unbound/blocklist.conf: add source	2019-08-17 13:43:11 +03:00
Mikaela Suomalainen	057d42bafd	unbound/dns-over-tls.conf: fix typo	2019-08-17 13:40:39 +03:00
Mikaela Suomalainen	914fe1d26c	unbound/dot: finish adding providers Ref: #15	2019-08-17 13:37:02 +03:00
Mikaela Suomalainen	410a02a968	unbound/dot: add securedns (both), dnswarden (adblock)	2019-08-17 13:23:28 +03:00
Mikaela Suomalainen	a5ccd88e70	unbound/dns-over-tls.conf: add server locations Ref: #15	2019-08-17 12:34:03 +03:00
Mikaela Suomalainen	596c18c0e0	etc/unbound: add blocklist.conf Closes: #13	2019-08-17 12:16:53 +03:00
Mikaela Suomalainen	601bd3ac86	unbound dot: alphabetical order Ref: #15	2019-08-17 00:52:41 +03:00
Mikaela Suomalainen	39493f3bf9	unbound dot: move things around	2019-08-17 00:26:36 +03:00
Mikaela Suomalainen	b3a7266eb5	unbound.conf.d/dns-over-tls: remove Google	2019-08-17 00:14:41 +03:00
Mikaela Suomalainen	c78eecb547	unbound/dns-over-tls: add two port 443 resolvers	2019-08-17 00:10:32 +03:00
Mikaela Suomalainen	4de337722e	etc/apt/preferences.d: add testing-debug & rename stable.donotuse Resolves: #124 (see comment)	2019-07-30 01:08:09 +03:00
Mikaela Suomalainen	2112575a98	etc/apt/preferences.d: commit dark magic that shouldn't exist	2019-07-30 00:52:32 +03:00
Mikaela Suomalainen	a01e53171e	grub.d/sedric.cfg: comment that acpi_osi=Linux doesn't work	2019-07-28 10:45:04 +03:00
Mikaela Suomalainen	100d9a7433	dnscrypt-proxy.toml: move cache above & add comments & min cache TTL 300	2019-07-23 16:13:22 +03:00
Mikaela Suomalainen	55050ec0e5	cache.conf: increase NXDOMAIN cache size and set min TTL to 300	2019-07-23 15:09:34 +03:00
Mikaela Suomalainen	2b8a460b63	etc/unbound: add cache.conf	2019-07-23 12:30:53 +03:00
Mikaela Suomalainen	93fa7a003c	etc/default/grub.d: add beep.cfg & sedric.cfg beep.cfg is the default example on getting a beep on grub startup, sedric.cfg just contains `acpi_osi=` which fixes the hardware keys for some reason.	2019-07-22 18:56:38 +03:00
Mikaela Suomalainen	97006ddf9b	unbound.conf.d/logging.conf: quote the fine manual for unbound.conf	2019-07-22 17:18:53 +03:00
Mikaela Suomalainen	222a030cee	unbound/dns-over-tls: note version requirement 1.7.3 Debian 9 has 1.6.0 with which I am stuck for now. Debian 10 has 1.9.0	2019-07-22 16:52:07 +03:00
Mikaela Suomalainen	29eae6f89a	etc/dnscrypt-proxy: note I run Unbound in front of it	2019-07-22 16:25:21 +03:00
Mikaela Suomalainen	eb6315d92f	resolv.conf: add Quad9 and note I am not sure what it tries to be Public DNS resolver with easy address list for emergency?	2019-07-22 16:22:55 +03:00
Mikaela Suomalainen	430b9b7bfc	resolv.conf: note local resolver separately from dnscrypt-proxy	2019-07-22 16:17:27 +03:00
Mikaela Suomalainen	7b83f84633	unbound/dns-over-tls.conf: add AdGuard DNS I am surprised it actually works with DNSSEC validation enabled	2019-07-22 16:12:09 +03:00
Mikaela Suomalainen	ffbbe9e522	unbound: replace forwards.conf with dns-over-tls.conf Simultaneously rm puntcat, their DNS appears to be down at the moment and I didn't find their own homepage.	2019-07-22 16:05:05 +03:00
Mikaela Suomalainen	6ed44de3d1	unbound.conf.d: clarify logging.conf in a comment	2019-07-22 15:27:27 +03:00
Mikaela Suomalainen	bb14632b9a	unbound: add another Debian default	2019-07-22 15:16:34 +03:00
Mikaela Suomalainen	3b9acff361	etc/unbound add unbound.conf & unbound-control.conf copy-pastes from Debian & Arch Wiki, however unbound-control in status no as I guess it can be a hole most of time.	2019-07-22 15:14:11 +03:00
Mikaela Suomalainen	5569a1129c	unbound.conf.d/dnscrypt-proxy.conf: update for dnscrypt-proxy v2 Closes #121	2019-07-22 15:12:49 +03:00
Mikaela Suomalainen	fc5fb4d7bd	`b6a511d6a6`: add comments	2019-07-20 11:37:28 +03:00
Mikaela Suomalainen	b6a511d6a6	etc: backup some apt.conf.d & preferences.d files	2019-07-20 11:09:42 +03:00
Mikaela Suomalainen	41f44924be	dnscrypt-proxy.toml: note 2.0.24 fastest -> first	2019-07-14 18:36:31 +03:00
Mikaela Suomalainen	117801ec9d	dnscrypt-proxy: fix comments Resolves: #120	2019-07-14 18:15:35 +03:00
Mikaela Suomalainen	646956b4e0	dnscrypt-proxy.toml: restore Quad9 examples Rbtpzn was using them for some reason and was hitting less errors than Zaldaryn in as basic test as "apt update", so I guess it's worth having it included. I think I am mainly leaving it for family devices.	2019-07-14 13:30:29 +03:00
Mikaela Suomalainen	a5868f6395	etc/sources.list: update testing for bullseye & add note to stable for it > over the last years we had people getting confused over <suite>-updates > (recommended updates) and <suite>/updates (security updates). Starting > with Debian 11 "bullseye" we have therefore renamed the suite including > the security updates to <suite>-security. https://lists.debian.org/debian-devel-announce/2019/07/msg00004.html	2019-07-14 12:40:56 +03:00
Mikaela Suomalainen	2fe92afa26	etc/apt/sources.list: change keyserver Ref: #119 I am not sure I would advice running that even if it happened to exist.	2019-07-01 11:50:26 +03:00
Mikaela Suomalainen	128f1781f3	torrc-client: add MapAddress for PirateIRC & freenode Closes #118	2019-06-30 14:27:20 +03:00
Mikaela Suomalainen	a915db9f8a	etc/systemd: tor-services: add ExecReload I am running `systemctl restart tor-client` too often to be comfortable.	2019-06-30 14:11:34 +03:00
Mikaela Suomalainen	bf3b91d93a	torrc-client: update from running config Preparation to #118	2019-06-30 13:31:16 +03:00
Mikaela Suomalainen	5128e8646a	ipfs.service: use dht routing instead of dhtclient routing	2019-06-11 01:17:22 +03:00
Mikaela Suomalainen	85bd70f382	etc/systemd/system/ipfs: important notice for VPS/dedi/etc.	2019-06-11 01:12:28 +03:00
Mikaela Suomalainen	6ce553f84e	dnscrypt-proxy: fix cloudflare excluding	2019-06-02 22:30:49 +03:00
Mikaela Suomalainen	540798ed17	dnscrypt-proxy: use Socks Authentication	2019-05-22 12:01:34 +03:00
Mikaela Suomalainen	b96eb372d0	torrc-client: ensure IsolateSOCKSAuth & add HTTPTunnelPort	2019-05-22 11:58:05 +03:00
Mikaela Suomalainen	3eefbaf296	etc/tor/torrc-onehoponion: CookieAuthFile 0	2019-05-17 18:54:34 +03:00
Mikaela Suomalainen	7dbafe4a54	resolv.conf: more comments	2019-05-16 15:28:15 +03:00
Mikaela Suomalainen	21adba9a02	dnscrypt-proxy.toml: update ~~stories~~ comments	2019-05-15 10:48:11 +03:00
Mikaela Suomalainen	e972a47d4a	torrc-client: add SocksPorts and comment on two guards I need unisolated port for dnscrypt-proxy which I fear would otherwise generate too many circuits which wouldn't even be used and I guess there is no harm in sending Yggdrasil to a separate port that only has access to onions which is a port I may sometimes wish I have otherwise too.	2019-05-15 10:31:47 +03:00
Mikaela Suomalainen	95bcf095df	VerifyHostKeyByDNS is supposed to be yes fix previous commit, I imagine I changed it by accident.	2019-05-11 00:58:00 +03:00
Mikaela Suomalainen	e634ee8863	ssh_config: update comment for VerifyHostKeyDNS OpenSSH is evil and gives you three not-optimal options to this: A) trust DNSSEC and don't write known_hosts B) ask whether to trust DNS, but don't bother telling me if it's signed C) don't even check SSHFP I see A) as the least evil, but I wish known_hosts was written. Alternatively B) should tell me whether there is DNSSEC or not, not only "matching keys found from DNS" or whatever it says always.	2019-05-09 18:44:36 +03:00
Mikaela Suomalainen	9e03598e3f	etc/apt/sources.list: add missing tor+ for Debian	2019-05-09 14:05:54 +03:00
Mikaela Suomalainen	0ce3c5f47a	dnscrypt-proxy: adjust sources, add prefixes	2019-05-07 00:55:07 +03:00
Mikaela Suomalainen	f978853d11	dnscrypt-proxy.toml: add onion resolvers	2019-05-07 00:23:51 +03:00
Mikaela Suomalainen	d2bd2be652	systemd/zeronet.service: use Python 3 & always use Tor	2019-05-05 20:28:14 +03:00
Mikaela Suomalainen	d8ba42bdd1	etc/tor: disable control, document enabling for client	2019-05-04 20:41:18 +03:00
Mikaela Suomalainen	8e01a42c62	etc: systemd & tor: add tor-onehoponion (and torrc-relay)	2019-05-04 17:26:57 +03:00
Mikaela Suomalainen	c726daa62c	etc/tor/torrc-client: add comments	2019-05-04 16:55:08 +03:00
Mikaela Suomalainen	b0ef3a18f6	torrc-client: remove deprecated ClientPreferIPv6DirPort comment > The ClientPreferIPv6DirPort option is deprecated, and will most likely be removed in a future version of Tor. It has no effect on relays, and has had no effect on clients since 0.2.8. (If you think this is a mistake, please let us know!)	2019-05-04 16:28:58 +03:00
Mikaela Suomalainen	9c8cf613cd	etc/systemd: add tor-client.service & tor: add torrc-client	2019-05-03 12:31:33 +03:00
Mikaela Suomalainen	4c2b21bbfa	ipfs.service: add routing note	2019-05-01 23:30:12 +03:00
Mikaela Suomalainen	ce84c26bcd	ipfs.service: adapt lowpower profile & mention badgerds If the lowpower option uses values 40 and 20 which are a lot higher than mine were and considered suitable for laptops and smartphones, I guess they are the best for me to use and I find content faster.	2019-04-23 13:51:18 +03:00
Mikaela Suomalainen	6981481c77	ipfs.service: add options I forgot before	2019-03-26 22:26:25 +02:00
Mikaela Suomalainen	3ecfc2473d	ipfs.service: document my IPFS config Closes #111	2019-03-26 22:05:52 +02:00
Mikaela Suomalainen	a90243a55a	dnscrypt-proxy.toml: use Quad9 while waiting for disabled_server_names	2019-03-26 10:12:57 +02:00
Mikaela Suomalainen	466a7bc2c1	etc/systemd/resolved.conf.d: add some configs These aren't seeing real world usage though as the only host not running dnscrypt-proxy has too old systemd.	2019-03-25 13:41:23 +02:00
Mikaela Suomalainen	f336393db9	systemd preset: enable pcscd for FINEID	2019-02-28 13:00:42 +02:00
Mikaela Suomalainen	81fcfb539d	systemd preset: Zaldaryn additions	2019-02-28 12:17:07 +02:00
Mikaela Suomalainen	758d4302ac	systemd preset: remove cjdns, enable ssh.service	2019-02-28 12:10:14 +02:00
Mikaela Suomalainen	284a50288c	sysctl.d: document privacy extensions & use double # for comments	2019-02-26 20:32:08 +02:00
Mikaela Suomalainen	cc0f5db3bd	dnscrypt-proxy: use dns.watch#2 as fallback reslver 84.200.70.40	2019-02-25 11:06:49 +02:00
Mikaela Suomalainen	07ae3bbef6	etc/sudoers.d/hibernate: allow suspend & change group to plugdev It seemed like a suitable one from the default groups Debian creates.	2019-02-18 20:07:36 +02:00
Mikaela Suomalainen	d406334560	systemd preset: enable TTY & cups	2019-02-17 21:07:10 +02:00
Mikaela Suomalainen	5fe9477c55	etc/systemd: add ipfs.service & zeronet.service Closes #101	2019-02-12 20:32:40 +02:00
Mikaela Suomalainen	993d3f6994	systemd preset: enable yggdrasil-resume	2019-02-08 10:21:14 +02:00
Mikaela Suomalainen	0afc716ccf	Partially revert `f7fbf35109` That was just too evil, especially as the line has moved to my i3wm config where nothing else I have tried works.	2019-02-04 20:33:31 +02:00
Mikaela Suomalainen	518c9fcdaf	i3: add hibernation & sudoers.d: allow passwordless hibernate	2019-01-30 20:12:38 +02:00
Mikaela Suomalainen	f7fbf35109	update setxkbmap and hope no one else is using these files	2019-01-30 19:16:45 +02:00
Mikaela Suomalainen	d29a0532d2	Debian sources.list: disable http security, use https CDN & Tor	2019-01-23 10:18:35 +02:00
Mikaela Suomalainen	d27cc15888	add systemd-preset	2019-01-21 18:41:36 +02:00
Mikaela Suomalainen	3e5e55bf75	etc/apt/sources.list: enable Debian debugsym repos It seems that I am always going to enable it sooner or later anyway, so why woulnd't I have it enabled for quick installing when I do need it? Example: KDE Connect crashed on login, and asked me to report it, but the reporter app warned that there is no address to report it and debug information had one or two stars and said that it's likely bad quality and I think this is due to missing debug symbols which I then installed. Naturally after installing them, I am unable to reproduce the issue, but that is beside the point.	2018-12-19 11:48:32 +02:00
Mikaela Suomalainen	5c6c026226	hosts-mikaela.txt: alternative domain for Korsin	2018-12-15 20:57:43 +02:00
Mikaela Suomalainen	c80591d9a7	hosts-mikaela.txt: add Korsin	2018-12-15 16:56:36 +02:00
Mikaela Suomalainen	08bfdde7c8	etc/dnscrypt-proxy/hosts-mikaela: add two cwinfo servers	2018-12-10 12:10:41 +02:00
Mikaela Suomalainen	7695b26abf	etc/dnscrypt-proxy: update README.md The situation has changed a bit and I had forgotten to add links.	2018-12-03 12:22:58 +02:00
Mikaela Suomalainen	9be5b35b32	dnscrypt-proxy: use syslog, cert_refresh_delay I happened to wonder about reload times and think that this is nice to have visible here. Syslog is used by default and I am expecting it so it probably won't hurt being visible.	2018-11-29 11:30:28 +02:00
Mikaela Suomalainen	b7017d7c50	dnscrypt-proxy: update comments, lb_strategy = p2 Removed my weird comment and added refresh_delay to OpenNIC. I am using p2 instead of ph as per the wiki as apparently they don't consider balancing queries over multiple services as important as speed, so maybe I don't have to worry about that either.	2018-11-29 11:23:05 +02:00
Mikaela Suomalainen	b6bb15a198	dnscrypt-proxy.toml: add commented OpenNIC It's waiting for me to make up my mind about it and whether or not I support it. I have mixed feelings/thoughts about it and will need to read more.	2018-11-27 20:04:12 +02:00
Mikaela Suomalainen	2d3b324d9f	dnscrypt-proxy.toml: add mirrors of public-resolvers.md	2018-11-27 20:01:35 +02:00
Mikaela Suomalainen	8497d4fb84	dnscrypt-proxy.toml: enable require_nolog Learning that I don't have to specify servers there is a lot more variety even if I start requiring more things, as Sedric says to see 33 live servers, I guess dnscrypt servers in general respect privacy. However I guess I still have to trust on what the servers say as AFAIK dnscrypt-proxy is only that, a proxy, and won't start validating dnssec by itself.	2018-11-26 23:43:39 +02:00
Mikaela Suomalainen	32b1fd4a9a	dnscrypt-proxy.toml: disable logging & put it where it belongs	2018-11-26 17:01:30 +02:00
Mikaela Suomalainen	397821db0a	dnscrypt-proxy: -empty lines +cloaking_rules dn#	2018-11-26 16:53:47 +02:00
Mikaela Suomalainen	c8fb2b896a	dnscrypt-proxy.toml: sort the options and add/update/fix comments Now the options that I am more likely to care about or want to adjust are on the top.	2018-11-26 16:46:30 +02:00
Mikaela Suomalainen	eecb4a980d	dnscrypt-proxy: add commented not-socket	2018-11-26 16:12:02 +02:00
Mikaela Suomalainen	c3c8a41e43	dnscrypt-proxy.toml: comment server_names	2018-11-26 16:03:02 +02:00
Mikaela Suomalainen	c8c342ec68	hosts-mikaela.txt: add tezagm	2018-11-26 15:46:52 +02:00
Mikaela Suomalainen	4f99f6ebed	syncplay-server.service: ccxcz's endpoints ExecStart just in case	2018-11-24 20:36:17 +02:00
Mikaela Suomalainen	c57d5443ab	add systemd unit for syncplay-server	2018-11-23 17:23:38 +02:00
Mikaela Suomalainen	33db566a27	sources.list: Debian updates repo over Tor	2018-11-22 20:39:22 +02:00

... 12 13 14 15 16 ...

1556 Commits