|
579e98f27c
|
unbound/well-known-dns.conf: use typetransparent so non-local queries won't get NODATA
|
2024-04-22 07:28:55 +03:00 |
|
|
623a9150fd
|
unbound: merge 00-insecure-domains.conf into blocklist.conf
|
2024-04-22 07:10:18 +03:00 |
|
|
892feb3c1b
|
unbound/blocklist: add fritz.box.
|
2024-04-22 07:06:21 +03:00 |
|
|
c90b551ac4
|
chromium: merge doh-forced to the doh files due to it being required anyway, update documentation, rename doh-allowed → doh-unlocked-unset
|
2024-04-21 14:00:39 +03:00 |
|
|
4a47d14069
|
resolved.conf.d: add dot-trex.conf symlink and explaining comments like in unbound
|
2024-04-21 13:14:53 +03:00 |
|
|
ce9159e756
|
unbound/dot-quad9.conf: prettier sorting
|
2024-04-21 13:13:41 +03:00 |
|
|
7379241a20
|
chromium: add the rest of Quad9 & update README.md
|
2024-04-21 11:35:28 +03:00 |
|
|
3540f2442e
|
chromium/doh-quad9*: add alternative port as Chromium allows multiple
|
2024-04-21 11:28:07 +03:00 |
|
|
eb47fac4cb
|
systemd-resolved: add vim modelines
|
2024-04-21 10:58:45 +03:00 |
|
|
f126e681a2
|
systemd-resolved: split applied-privacy#443 to its own file as resolved configs don't exclude each other
|
2024-04-21 10:57:25 +03:00 |
|
|
a0ccd790ab
|
unbound & systemd-resolved: add Quad9 alternative port
|
2024-04-21 10:54:22 +03:00 |
|
|
e64e4e7fd0
|
firefox: DisableEncryptedClientHello: false
I am not sure if this does anything, I just saw a message in logs and it didn't trigger an error
|
2024-04-21 10:13:29 +03:00 |
|
|
6a97040386
|
firefox: add IPvFoo*
|
2024-04-21 10:08:43 +03:00 |
|
|
069da00a38
|
Chromium: add IPvFoo* and note that users should go through extensions
|
2024-04-21 09:58:30 +03:00 |
|
|
e6bd2b13ad
|
unbound: add TREX upstream configuration
|
2024-04-20 20:25:48 +03:00 |
|
|
a7cf718453
|
uncound/well-known-dns.conf: add DNS0 {Zero,Kids,Open}
|
2024-04-20 17:59:46 +03:00 |
|
|
41c65344f1
|
chromium: add dot-dns0-{kids,open,zero}.json
|
2024-04-20 17:53:33 +03:00 |
|
|
437ec3b49c
|
chromium/doh-dns0.json: add trailing / as Chromium requires it (or fails every DNS request)
|
2024-04-20 17:50:57 +03:00 |
|
|
422ab0de4e
|
libreawoo, unbound & resolved: uncomment Quad9 default, comment ECS
|
2024-04-20 17:50:12 +03:00 |
|
|
bec7f8bbaa
|
separate local/share/applications & etc/xdg/autostart
|
2024-04-20 12:14:02 +03:00 |
|
|
ffc4c53615
|
sudoers/nordvpnd: allow chronyc online
|
2024-04-20 11:56:14 +03:00 |
|
|
c9cad77caf
|
move etc/xdg/autostart to more descriptive location of local/share/applications
|
2024-04-20 11:18:33 +03:00 |
|
|
9bd3a05d5b
|
clean up old desktop entries I cannot see myself using
|
2024-04-20 11:13:02 +03:00 |
|
|
cebcec5792
|
add syncplay.desktop
|
2024-04-20 11:07:03 +03:00 |
|
|
8e296b5a25
|
add mpv.desktop that avoids pseudo-gui
|
2024-04-20 11:04:30 +03:00 |
|
|
24c9209cbe
|
add/fix desktop entries for wrappers firefox, steam, thunderbird
|
2024-04-20 10:58:09 +03:00 |
|
|
4c841781b3
|
add/fix libreawoo & firefox desktop entries
|
2024-04-20 10:50:09 +03:00 |
|
|
93c60b21b2
|
finish chromium desktop files?
|
2024-04-20 10:43:17 +03:00 |
|
|
bbcb37c334
|
add libreawoo.desktop
|
2024-04-20 10:32:55 +03:00 |
|
|
816157fc25
|
add initial desktop files for the scripts wrappers
|
2024-04-20 10:23:15 +03:00 |
|
|
45f1c1078f
|
unbound/well-known-dns.conf: add Google DNS
|
2024-04-20 09:10:36 +03:00 |
|
|
134622edad
|
unbound/well-known-dns.conf: add missing dots
|
2024-04-20 09:00:44 +03:00 |
|
|
e319c8aacf
|
unbound: restore and update blocklist.conf
This reverts commit fe8ac1bbb7 .
|
2024-04-20 08:57:26 +03:00 |
|
|
c7633838de
|
unbound: fill well-known-dns.conf some more
|
2024-04-20 08:52:49 +03:00 |
|
|
dda5f2c110
|
chromium/enable-ech-ocsp.json: remove not strictly releated policies
|
2024-04-20 07:47:31 +03:00 |
|
|
4a889dd9b4
|
sudoers.d/nordvpnd: add restarting of iwd & systemd-networkd
|
2024-04-20 07:42:40 +03:00 |
|
|
6a87111f8b
|
unbound/well-known-dns.conf: initial commit
|
2024-04-19 19:58:23 +03:00 |
|
|
1e22108950
|
unbound/00-insecure-domains.conf: qname minimization is not relevant here
|
2024-04-19 09:17:01 +03:00 |
|
|
1a1bf9adb9
|
unbound/conf.d: add vim modelines/filetypes
|
2024-04-19 09:14:32 +03:00 |
|
|
b3eb6e06e7
|
unbound: add symlink for the Fedora name as I keep tab failing
|
2024-04-19 09:09:36 +03:00 |
|
|
47e51ee38b
|
firefox policy: use Quad9 ECS as TRR
|
2024-04-19 08:48:57 +03:00 |
|
|
39f2eb4f0f
|
chromium: add doh-cloudflare-secure.json, ECH notes
|
2024-04-19 08:24:29 +03:00 |
|
|
b248392e8a
|
systemd-resolved: think more on local resolvers or not
|
2024-04-18 14:31:56 +03:00 |
|
|
4c4508ba36
|
unbound/dot-*quad9.conf: add DNS10 & DNS12 (commented), remove extra spaces
|
2024-04-18 11:16:20 +03:00 |
|
|
9aa71de638
|
systemd-resolved/dot-quad9.conf: add commented DNS10 & DNS12
|
2024-04-18 11:08:23 +03:00 |
|
|
5097076daf
|
unbound: also disable qname-minimization for DNSo53 forwarders
|
2024-04-17 16:03:23 +03:00 |
|
|
363be56010
|
unbound: move to tls-ystem-cert from tls-cert-bundle & disable qname minimization for DoT forward-zones
|
2024-04-17 16:01:38 +03:00 |
|
|
bbab2f335d
|
resolv.tsv: sort
|
2024-04-17 15:42:34 +03:00 |
|
|
9ba083f81f
|
resolv.tsv: add Quad9 unfiltered variants
|
2024-04-17 15:42:08 +03:00 |
|
|
c18fe92ad8
|
etc/resolv.tsv: add Quad9 Apple Mobileconfigs
|
2024-04-17 15:34:43 +03:00 |
|
|
f10b151a3b
|
systemd: add firewalld.service.d/never-fail.conf due to failing to timeout on sedric
|
2024-04-17 11:38:43 +03:00 |
|
|
75c39ddb0d
|
sudoers.d/nordvpnd: include nordvpnd.socket
|
2024-04-16 08:39:16 +03:00 |
|
|
419805bc91
|
chromium/README: add forgotten files, fix description for those moved from recommended
|
2024-04-16 07:15:30 +03:00 |
|
|
a0456269a1
|
chromium: move brave feature disabling from recommended to managed for actual effect
|
2024-04-16 07:11:55 +03:00 |
|
|
36f433f35b
|
chromium/managed: add enable-labs.json
I have decided that I want it anyway and unlike before, now it has its own file so I can decide to leave it alone on shared devices
|
2024-04-15 21:08:56 +03:00 |
|
|
8c748dd2d6
|
unbound/dot-dns0-quad9.conf: fix duplicate forward zone
|
2024-04-14 14:23:58 +03:00 |
|
|
ac922aea86
|
{firefox,chromium}: add Floccus bookmarks sync so I will remember its existence
|
2024-04-14 14:10:39 +03:00 |
|
|
cd2ae2c852
|
etc/resolv.tsv: add Google DNS & DNS64 as they too are Android hard-coded for DoH3
|
2024-04-14 09:18:05 +03:00 |
|
|
cc25967b22
|
etc/resolv.tsv: note Cloudflare being DoH3 on Android, add Cloudflare antimalware/family DoT addresses
|
2024-04-14 09:10:06 +03:00 |
|
|
44c3168a39
|
chromium policy: strip DnsOverHttpsMode to two different files, rename automatic to allowed for clarity & update README.md on these
|
2024-04-13 18:38:26 +03:00 |
|
|
46ac8aefd8
|
unbound: add dot-dns0-quad9.conf
|
2024-04-12 17:01:32 +03:00 |
|
|
ab74e45a9f
|
chromium policy/brave-shields-disabled.json: add glowing-bear
|
2024-04-12 14:29:49 +03:00 |
|
|
b9d8da4df4
|
chromium policy. add brave-shields-disabled.json based on Privacy Badger
|
2024-04-12 14:26:31 +03:00 |
|
|
bf1fdc4cff
|
{firefox,chromium} policy: PB exclude Disroot Mvim, Microsoft {Teams,Learn}
|
2024-04-12 14:24:31 +03:00 |
|
|
b1a0125674
|
unbound: add local-tlds.conf
|
2024-04-12 14:16:10 +03:00 |
|
|
0d4c40ba16
|
systemd: mark systemd-resolved.conf to be conflicting with avahi-daemon
|
2024-04-12 10:58:15 +03:00 |
|
|
73865c747d
|
root-auto-trust-anchor-file.conf -> debian-root-auto-trust-anchor-file.conf
Let's not overwrite files accidentally
|
2024-04-12 10:56:51 +03:00 |
|
|
0bac3a8ab0
|
chromium: add doh-quad9.json
|
2024-04-12 10:42:51 +03:00 |
|
|
e88c2a8067
|
etc: attempt to enable mDNS/LLMNR for systemd-{networkd,resolved} & NetworkManager
Some boolean fixing slipped in as well
|
2024-04-12 09:52:32 +03:00 |
|
|
4d4dc026fd
|
unbound: ipv6.conf -> prefer-ipv6.conf
more descriptive name
|
2024-04-12 09:19:02 +03:00 |
|
|
a7bb2f5ec8
|
etc/iwd/main.conf: update comments on DNS
|
2024-04-11 10:16:21 +03:00 |
|
|
80ac65acd1
|
systemd-resolved/README.md: enable doctoc
|
2024-04-11 10:06:18 +03:00 |
|
|
cce932960e
|
systemd-resolved/README.md: mention nordvpn.conf
|
2024-04-11 10:05:18 +03:00 |
|
|
a2e36f2a3b
|
systemd-resolved/README.md: remove EOL Ubuntu, fix booleans, note my actual DNS config
|
2024-04-11 10:03:53 +03:00 |
|
|
da6eab8dfc
|
systemd-resolved: use true/false as booleans (not yes/no) & remove repeated localhost
|
2024-04-11 10:02:49 +03:00 |
|
|
3009af55a6
|
resolved.conf.d/README.md: mention 00-defaults and dot-something being supposed to be used together
|
2024-04-10 15:09:31 +03:00 |
|
|
9a210c4bba
|
systemd-resolved: further decrease repeating, comment DNS-Over-TLS since it's in 00-defaults.conf already (+ local resolver)
|
2024-04-10 15:06:14 +03:00 |
|
|
f12d0ceb8a
|
systemd-resolved: don't repeat cache
|
2024-04-10 15:02:30 +03:00 |
|
|
241405c776
|
systemd-resolved: merge unbound.conf into 00-defaults.conf
|
2024-04-10 11:59:36 +03:00 |
|
|
f885dcd73a
|
chromium/recommended: disable Tor in Brave
|
2024-04-10 11:21:52 +03:00 |
|
|
4cfd7ab75f
|
chromium: add recommendation of disabling Brave rewards & wallet
|
2024-04-10 11:18:42 +03:00 |
|
|
2282429f94
|
brave: use boolean for disabling vpn
|
2024-04-10 11:16:55 +03:00 |
|
|
149cadfa41
|
firefox & chromium: add IPFS Companion
|
2024-04-10 11:03:19 +03:00 |
|
|
d7879eeb6b
|
chromium: update README with the two new files
|
2024-04-10 10:53:37 +03:00 |
|
|
450aac4c32
|
chromium: add disable-brave-vpn.json
|
2024-04-10 10:51:38 +03:00 |
|
|
35e1faaabc
|
chromium: add doh-quad9-ecs.json
|
2024-04-10 10:51:15 +03:00 |
|
|
4a08068634
|
unbound/cache: serve-expired: yes
I am unsure on whether this actually affects anything without setting the other expired options too
|
2024-04-07 19:44:10 +03:00 |
|
|
b03218c78b
|
unbound/cache.conf: add prefetch & prefetch-key
|
2024-04-07 17:34:36 +03:00 |
|
|
c034e016e8
|
firefox policy: add search engine suggestion urls
|
2024-04-05 14:04:14 +03:00 |
|
|
99c63d25fe
|
{firefox,chromium} policy: add OpenDyslexic
|
2024-04-04 14:27:43 +03:00 |
|
|
08ae59ed99
|
firefox policy: configure Homepage
|
2024-03-31 08:46:12 +03:00 |
|
|
a581ee2dd5
|
rm etc/sysctl.d/99-enable-ipv6.conf
Refer to crontab, yggdrasil.service.d and nordvpn.service.d
|
2024-03-29 08:57:35 +02:00 |
|
|
323dde1545
|
{firefox, chromium}: force install privacy pass
This is in hopes of reducing family member frustation with captchas should they happen
|
2024-03-29 08:32:44 +02:00 |
|
|
1d05061bb4
|
hack nordvpnd to work with yggdrasil
|
2024-03-29 07:58:44 +02:00 |
|
|
9fb90d4b30
|
chromium/README: mention fix-edge-search.json
|
2024-03-28 18:57:29 +02:00 |
|
|
80df53aa6a
|
chromium: move edge policy from recommended searches to managed/fix-edge-search.json
|
2024-03-28 18:53:15 +02:00 |
|
|
c5dd75077d
|
chromium: throw home enabling & search engines into recommended policy instead
|
2024-03-27 16:51:29 +02:00 |
|
|
860970df78
|
etc/init-browser-policies.bash: note recommended policies
|
2024-03-27 16:43:17 +02:00 |
|
|
58df0709f4
|
firefox policy README.md: note that search engines also work on nightly
|
2024-03-24 08:17:31 +02:00 |
|
|
e823810723
|
firefox: add search engine aliases
|
2024-03-24 08:16:20 +02:00 |
|