Commit Graph

434 Commits

Author SHA1 Message Date
a3d7b0af22
etc/default/grub.d/lockdown.cfg: notes + lockdown=integrity comment 2020-02-13 02:03:52 +02:00
b770e356cb
etc/default/grub.d: add lockdown.cfg 2020-02-13 01:17:39 +02:00
60899ca667
etc/sysctl.d: add kernel.yama.ptrace_scope = 1 2020-02-12 22:36:17 +02:00
3e325cca03
etc/sysctl.d: add 00-local-userns.conf with warnings/rant 2020-02-12 22:00:11 +02:00
bd6488e0ed
etc/default/grub.d: nouveau.cfg -> itwjyg.cfg + more modules 2020-02-10 17:54:47 +02:00
fafc6fad62
etc/xdg/autostart: add pomotroid.desktop
Resolves: #50
2020-02-09 20:36:56 +02:00
1a8c6fcd24
merge local/share/applications & etc/xdg/autostart 2020-02-09 20:35:54 +02:00
ee0038c568
add /etc/network/interfaces.d/eth0 2020-02-09 14:53:56 +02:00
8472ffa7cd
NetworkManager: add manage-ifupdown.conf 2020-02-09 14:53:01 +02:00
9177966264
etc/default/grub.d: -supposedly & modprobe r8168 2020-02-09 14:50:43 +02:00
da2f090f56
logind.conf.d/lidclose.conf: mention systemd-rfkill, ref: #51 2020-02-03 22:41:47 +02:00
d54ec98f99
NM/iwd.conf: add missing line (enable --now iwd) 2020-02-03 21:40:11 +02:00
d8740f54e1
NetworkManager/conf.d: add iwd.conf for replacing wpa_supplicant 2020-02-03 21:15:35 +02:00
c0399054bb
etc/systemd/login.conf.d/lidclose.conf: ignore lid close 2020-02-03 19:36:05 +02:00
a82e3fd989
etc/NetworkManager: add no-mac-randomizing.conf 2020-01-28 23:12:54 +02:00
b04c724b5b
etc/default/grub.d: add flags to disable hibernating 2020-01-19 13:47:33 +02:00
2168bc47ed
apt/preferences.d: don't consider firefox/jami as badideas 2020-01-12 13:24:11 +02:00
86cb1a02dc
etc/xdg/autostart: add com.github.wwmm.pulseeffects.desktop 2020-01-11 22:25:33 +02:00
e47568e178
etc/xdg/autostart: add Nextcloud.desktop 2020-01-11 22:24:23 +02:00
5c6f66e5fc
etc/apt/preferences.d: add hacks/limit-buster 2020-01-11 22:11:25 +02:00
eabd12a26d
etc/apt/preferenced: move not-so-good-ideas to badideas/ 2020-01-11 21:43:52 +02:00
31c53595f8
etc/apt/preferences.d: add limit-unstable from Wireguard 2020-01-11 21:41:09 +02:00
3011004856
NetworkManager/conf.d: add no-resolvconf.conf 2020-01-11 21:05:05 +02:00
346d726bb7
NetworkManager/unbound: note unbound-control-setup 2020-01-03 01:52:21 +02:00
2df7887dda
NetworkManager/conf.d: add unbound.conf
For Unbound which I generally use, even while it requires dnssec-trigger
2020-01-02 15:32:50 +02:00
6ae87b6de8
etc/default/grub.d: add oldifnames.cfg
see comments of the file for reason
2019-12-30 16:24:42 +02:00
05ffc40c7d
xdg/autostart: add Mullvad-VPN gui 2019-12-28 19:27:52 +02:00
a6c5902c08
etc/default/grub: add random.trust_cpu=on
Possibly some help to boot time entropy exhaustion, but it may have been
enabled by default already.
2019-12-27 19:46:30 +02:00
b1f7177d7f
etc/xdg/autostart: add dino & jami 2019-12-24 16:58:45 +02:00
4e640e3d50
etc/xdg/autostart: add Riot & -many to Telegram 2019-12-23 12:49:05 +02:00
bc46ad3119
torrc-client: add port 9119 for http 2019-12-23 12:48:33 +02:00
0c4bacc1ca
etc/xdg/autostart: add Gajim & Signal 2019-12-21 18:54:02 +02:00
7541d93206
dns-over-tls.conf: update BlahDNS-JP addresses 2019-12-01 12:48:02 +02:00
10b1b8ad86
unbound/dot: fix outdated comment 2019-11-03 00:49:19 +02:00
7b2c1568d1
unbound/dns-over-tls.conf: replace BlahDNS CH with FI
Shutting down on December 31th https://blahdns.com/
2019-11-03 00:15:59 +02:00
4e93c66d67
systemd/resolved.conf.d/quad9: expand on versions 2019-11-02 18:37:12 +02:00
d062d6675c
unbound/blacklist.conf: Riot has fixed it's habits
Integration manager and identity server can be configured in settings
2019-10-16 15:01:48 +03:00
5a1ed609ed
update etc/xdg/autostart/README.md 2019-10-12 19:02:45 +03:00
64934af736
etc/xdg/redshift: add icon & chmod +x 2019-10-12 19:02:27 +03:00
a79e9d3c21
etx/xdg/auostart: add com.wire.WireDesktop & telegramdesktop 2019-10-12 19:00:58 +03:00
a482390118
etc/xdg/autostart: deprecate unnecessary ones 2019-10-12 18:46:23 +03:00
1e636a65af
unbound/dns-over-tls.conf: enable BlahDNS over Yggdrasil 2019-10-08 20:52:41 +03:00
077b1a7679
etc/NetworkManager: move relevant parts to conf.d/
I have no idea when I have previously looked into those two files (git
history would probably tell me), but I don't think they make much sense,
while the important parts can be cut into conf.d/ and applied
individually as needed.
2019-10-04 20:18:32 +03:00
16e66010a2
etc/NetworkManager: add conf.d and cp from Itwjyg
Strangely Itwjyg is a special case system where I need systemd-resolved
and its opportunistic DNSSEC/DoT. I also accidentally forgot
dns-none.conf (then dns.conf) there, but systemd-resolved.conf appears
to have overridden it, so it was fine and I have now removed the extra
one.
2019-10-04 20:10:27 +03:00
cb79fa283a
apt/preferences.d/firefox: add l10n 2019-09-24 21:57:54 +03:00
f1b6101afd
apt/preferences.d: pin firefox[-esr] from sid 2019-09-24 21:46:13 +03:00
bda94cac72
etc/nginx: remove / from the proxies
while I still remember
2019-09-18 17:40:00 +03:00
ee03a773c0
apt/preferences.d: add jami 2019-09-17 17:22:15 +03:00
bc9848185d
i2pd: increase tunnel lengths to 2 in hope of better NAT evading 2019-09-15 14:40:44 +03:00
b3dc6ced51
systemd: initial i2pd.service & .d/override.conf
Begins #38
2019-09-15 13:52:57 +03:00
b614486427
etc/nginx: more modern working configs from Relpda 2019-09-13 16:32:01 +03:00
0ca2718569
unbound/blocklist.conf: use always_nxdomain, remove publicbt.com 2019-09-10 21:27:23 +03:00
01cd9e7b45
etc/fstab: notes on encryption, tmpfs, cleanup 2019-09-10 00:21:48 +03:00
541a4a4f15
etc/i2pd/tunnels.conf.d: add yggdrasil-in.conf 2019-09-09 14:40:09 +03:00
0c70f41afc
unbound/blocklist: uncomment vector.im, add use-application-dns.net
* Vector.im is the identity server that gets restored by itself and I
  don't seem to ever have any business to Vector.im website, while
  the other domains I need to visit at times.
* use-application-dns.net being NXDOMAIN tells Firefox to not send
  traffic to Cloudflare DoH. I thought of this when I saw the news and
  got courage to actually do this after seeing that DNSCrypt-proxy also
  does so.
2019-09-07 14:42:15 +03:00
91025d7129
etc/default/grub.d: merge mds.cfg into mitigations.cfg
Ref: #33

Still missing documentation/comments
2019-09-06 12:38:42 +03:00
f4f8b3f529
grub.d/{mitigations,nosmt}.cfg: initial commit
TODO: documents

Ref: #34
2019-09-06 01:17:32 +03:00
47c7a3aca2
grub.d: add default-windows.cfg
Resolves: #33
2019-09-04 12:00:57 +03:00
4b214b0e0f
etc/default/grub.d: add nouveau 2019-09-04 11:40:06 +03:00
c91b1b97a9
systemd/system: add unit file for etherpad-lite
Closes: #27
2019-08-29 13:10:55 +03:00
319ae6c2bf
etc/modprobe.d/blacklist-hdmi-audio.conf: add source 2019-08-29 01:31:32 +03:00
9bb1dbb301
etc/modprobe.d: blacklist snd_hda_codec_hdmi 2019-08-29 01:27:40 +03:00
3f81f02bfd
etc/default/grub.d/sedric.cfg: acpi_backlight=vendor has no effect 2019-08-26 10:23:41 +03:00
06c56bbc78
etc/default/grub.d: add mds.conf for mitigating mds CPU vuln
Ref: #22
2019-08-25 20:32:38 +03:00
066c42717c
torrc-client: enable ClientPreferIPv6ORPort as my IPv6 works 2019-08-25 18:39:12 +03:00
9bcd2d61c7
unbound/*dns64*: add Cloudflare 2019-08-25 18:27:11 +03:00
aa2c53349d
unbound/plain-dns64.conf: add Google DNS 2019-08-25 18:21:16 +03:00
31aa6066b5
unbound/dns-over-tls.conf: don't mention forwards.conf
I renamed it.
2019-08-25 18:17:50 +03:00
41644a9b65
unbound: add dns64-over-tls.conf (broken for now) 2019-08-25 18:16:51 +03:00
6308c9af72
unbound: clean up plain-dns64.conf (only TREX for now) 2019-08-25 18:09:50 +03:00
04658408d4
unbound: rename forwards.conf -> plain-dns64.conf 2019-08-25 18:07:28 +03:00
3dc273fbe0
unbound: mention other files of interest in dot & add threads 2019-08-24 12:40:04 +03:00
6274ed8e13
unbound/dot: add nic.cz & nixnet 2019-08-24 12:02:26 +03:00
5462af3059
unbound/dot: add Lelux.fi 2019-08-24 11:57:42 +03:00
7afaa57882
unbound/dot: add Snopyta 2019-08-24 11:55:22 +03:00
4e4d19a765
unbound.conf.d/logging.conf: print statistics hourly 2019-08-20 18:05:19 +03:00
d7d252f98f
unbound/logging: add statistics printing 2019-08-20 17:41:43 +03:00
2c3fe4a5df
unbound: enable IPv6 preferring 2019-08-20 12:49:19 +03:00
be7c4185eb
etc/unbound/dns-over-tls: comment Cloudflare 2019-08-20 11:49:37 +03:00
56b5b905e2
fix github link, closes #16 2019-08-18 02:05:52 +03:00
26624bcd5d
unbound.conf.d: increase TTL to 15 mins from 5 2019-08-17 21:06:01 +03:00
d539237fbf
unbound/blocklist.conf: add source 2019-08-17 13:43:11 +03:00
057d42bafd
unbound/dns-over-tls.conf: fix typo 2019-08-17 13:40:39 +03:00
914fe1d26c
unbound/dot: finish adding providers
Ref: #15
2019-08-17 13:37:02 +03:00
410a02a968
unbound/dot: add securedns (both), dnswarden (adblock) 2019-08-17 13:23:28 +03:00
a5ccd88e70
unbound/dns-over-tls.conf: add server locations
Ref: #15
2019-08-17 12:34:03 +03:00
596c18c0e0
etc/unbound: add blocklist.conf
Closes: #13
2019-08-17 12:16:53 +03:00
601bd3ac86
unbound dot: alphabetical order
Ref: #15
2019-08-17 00:52:41 +03:00
39493f3bf9
unbound dot: move things around 2019-08-17 00:26:36 +03:00
b3a7266eb5
unbound.conf.d/dns-over-tls: remove Google 2019-08-17 00:14:41 +03:00
c78eecb547
unbound/dns-over-tls: add two port 443 resolvers 2019-08-17 00:10:32 +03:00
4de337722e
etc/apt/preferences.d: add testing-debug & rename stable.donotuse
Resolves: #124 (see comment)
2019-07-30 01:08:09 +03:00
2112575a98
etc/apt/preferences.d: commit dark magic that shouldn't exist 2019-07-30 00:52:32 +03:00
a01e53171e
grub.d/sedric.cfg: comment that acpi_osi=Linux doesn't work 2019-07-28 10:45:04 +03:00
100d9a7433
dnscrypt-proxy.toml: move cache above & add comments & min cache TTL 300 2019-07-23 16:13:22 +03:00
55050ec0e5
cache.conf: increase NXDOMAIN cache size and set min TTL to 300 2019-07-23 15:09:34 +03:00
2b8a460b63
etc/unbound: add cache.conf 2019-07-23 12:30:53 +03:00
93fa7a003c
etc/default/grub.d: add beep.cfg & sedric.cfg
beep.cfg is the default example on getting a beep on grub startup,
sedric.cfg just contains `acpi_osi=` which fixes the hardware keys for
some reason.
2019-07-22 18:56:38 +03:00
97006ddf9b
unbound.conf.d/logging.conf: quote the fine manual for unbound.conf 2019-07-22 17:18:53 +03:00
222a030cee
unbound/dns-over-tls: note version requirement 1.7.3
Debian 9 has 1.6.0 with which I am stuck for now. Debian 10 has 1.9.0
2019-07-22 16:52:07 +03:00