2711c5975e
NetworkManager.conf.d: add no-search-domains.conf
2021-02-02 12:52:34 +02:00
7ad17f8087
sshd/user-permit-password.conf: note on how to allow specific user to use passwords
2021-02-01 17:11:06 +02:00
1503367c86
sshd_config & ….d/README: note min version & date
2021-01-31 13:51:06 +02:00
f75bc7bd07
sshd/basic-security.conf: remove deprecated option
...
> /etc/ssh/sshd_config.d/basic-security.conf line 24: Deprecated option UsePrivilegeSeparation
OpenSSH_8.4p1, OpenSSL 1.1.1i FIPS 8 Dec 2020
2021-01-31 13:39:51 +02:00
0151bee9b0
sshd/mikaela-prohibit-password.conf: add AuthenticationMethods publickey
2021-01-30 22:15:51 +02:00
f1ea1e17d9
etc/ssh: rm copy
2021-01-30 21:35:05 +02:00
0572613d99
etc/ssh: cut sshd_config into multiple .confs
2021-01-30 21:31:38 +02:00
c5fa3daf29
sshd_config.d: read Mozilla docs & adjust accordingly
...
https://infosec.mozilla.org/guidelines/openssh
2021-01-30 21:18:41 +02:00
5211fb772c
sshd_config.d: add anoncvs.conf
2021-01-30 21:00:06 +02:00
de3a0739b4
sshd_config.d: add mikaela-prohibit-password.conf
...
Resolves : #88
2021-01-30 20:50:21 +02:00
a7c643bb7a
etc/sshd_config.d: add basic-security.conf
...
Ref: 88
2021-01-30 20:47:21 +02:00
8628ec28e0
yum.repos.d: add Dino
2021-01-30 11:01:17 +02:00
84ee7aeada
yum.repos.d: list Keybase too
2021-01-29 19:18:11 +02:00
27d1914424
etc: add dnf/dnf.conf & yum.repos.d/README.md
2021-01-29 19:15:08 +02:00
81296a241c
chrony: cut chrony.d/ into conf.d/ and sources.d/
...
I hope these are wider defaults than just Debian and allow me to not
conflit with package manager, but regardless having a separate
sources.d/ looks like a good idea for being able to `chronyc reload sources`
2021-01-29 12:56:38 +02:00
fc0730d7a5
sudoers.d/protonvpn.conf: add /usr/bin/protonvpn
2021-01-28 13:13:28 +02:00
16b19fb34d
torrc-client: add etro.mikaela.info
2021-01-26 19:42:25 +02:00
6216d8cda3
sudoers.d: add passwordless protonvpn-{tray,gui}
2021-01-16 20:40:21 +02:00
2df7aed162
chrony/yggdrasil: add comment & Kotka computers
2021-01-08 11:25:16 +02:00
Mikaela Suomalainen
0f94c59b81
chrony: add hetzner srevers
2020-12-19 13:03:54 +02:00
abb0c37ef2
unbound.conf.d: add yggdrasil-override.conf
...
Begins #89 at a better time
2020-12-15 20:34:01 +02:00
b26c9f698d
chrony/yggdrasil: add Etro
2020-12-15 14:30:30 +02:00
b20f3367b1
systemd/yggdrasil: add mullvad-exclude (& fix chrony override typo)
2020-12-09 09:38:49 +02:00
36b6a99e85
chrony.d: local-servers: add notes + xleave to the first comment
2020-12-09 08:44:34 +02:00
40d535f2c0
systemd/chrony.service.d/mullvad-exclude: actually fix this
2020-12-08 18:36:34 +02:00
f92b8d8d05
chrony.d/yggdrasil.conf: add y.Jolly-Roger
2020-12-06 19:49:12 +02:00
e27e88efd8
chrony.d: add hwtimestamp.conf
2020-12-06 19:26:04 +02:00
4a25481db2
chrony/yggdrasil.conf: add Sedric
2020-12-06 18:36:23 +02:00
5e94147e81
chrony.d/yggdrasil.conf: initial commit
2020-12-06 18:02:43 +02:00
2a615d8241
chrony: note that confdir and NTS require 4.0
2020-12-03 10:52:47 +02:00
e9aefd711b
blocklist.conf: refuse blocked instead of nxdomain
...
Only the Firefox DoH needs to be NXDOMAIN while REFUSE may be more
accurate for the rest.
2020-11-21 12:13:55 +02:00
e7a6e00b83
unbound/dns-over-tls: comment Adguard & NextDNS for not being in FI
2020-11-15 09:46:50 +02:00
aadcc009a0
unbound/dns-over-tls.conf: add Adguard (unfiltered) & NextDNS
2020-11-12 16:12:18 +02:00
3289a812ee
unbound: add dns-mullvad.conf (not encrypted)
...
Contains Mullvad Wireguard, OpenVPN and public addresses
2020-11-10 16:04:48 +02:00
9536101263
resolv.csv: add BlahDNS DoH CDNs
...
Just doh1, because it and doh2 resolve into the same addresses for me
and I don't want to add duplicate DoH field when only BlahDNS has two
differnt addresses for the same thing.
2020-11-08 12:50:31 +02:00
49d969822b
etc/resolv.csv: add BlahDNS
...
Resolves : #85
2020-11-04 12:56:48 +02:00
c302b10caf
chrony.d: restore log.conf
2020-11-01 11:57:57 +02:00
07e8c52f3b
chrony.d/local-servers: remove duplicate line
...
it's in README.md
2020-11-01 11:36:30 +02:00
dced82b820
etc/chrony: break chrony.conf into README.md & chrony.d/
2020-11-01 11:23:59 +02:00
52458cc8aa
chrony.conf: add xleave for peer
2020-11-01 10:47:30 +02:00
84a669f51f
chrony.conf: add note for Windows on nettime
2020-10-31 18:10:25 +02:00
c55e6b97e8
chrony.conf: comments for nmap and VPNs
2020-10-31 14:34:47 +02:00
0c7038da14
systemd: systemd-resolved.service.d/unbound.conf: After unbound
2020-10-30 10:19:39 +02:00
fe83cbbb3a
systemd: add config for excluding Chrony from Mullvad
2020-10-30 08:04:58 +02:00
f878041e2e
unbound/dns-over-tls.conf: reverse order of providers
...
It seems to have some (small?) relevance to where queries go to.
2020-10-29 16:24:52 +02:00
6e1f41533c
unbound/dns-over-tls.conf: comment the 443 appliedprivacy
...
Thinking it a bit more, it's not useful to use their resources on
devices that practically never encounter blocked port 853.
2020-10-29 13:22:19 +02:00
b03e00faaa
local/share/apps: add firejailed mirage (todo: test it)
2020-10-29 13:15:48 +02:00
c93034ba7f
unbound/dns-over-tls.conf: major cleanup
2020-10-29 13:15:23 +02:00
8b04c26065
chrony.conf: add a peer comment for LOCALMACHINE.local
2020-10-27 10:35:09 +02:00
dc2ac02412
begin depulseaudioing
...
https://wiki.archlinux.org/index.php/PulseAudio/Troubleshooting#No_sound_below_a_volume_cutoff_or_Clipping_on_a_particular_output_device
is too much for me. I expect to suffer this decision too though.
* i3: bind audio buttons to amixer (TODO: there are still pulse-specific
shortcuts and no shortcut for any kind of a mixer. $TERMINAL
alsamixer?)
* i3status: comment pulse to make it see alsa
* apt: pin pulseaudio to negative priority
2020-10-26 17:21:39 +02:00
9b197cbaed
chrony.conf: add a local server example
2020-10-26 07:34:10 +02:00
258cf72ccb
chrony.conf: mark Cloudflare as a pool of 2
2020-10-25 19:46:36 +02:00
9ae9856c0a
chrony.conf: mark Snopyta & Telia as pools with maxsources 3
2020-10-25 18:54:53 +02:00
51080f52d8
chrony.conf: add comments on allowing lan access
2020-10-25 17:43:07 +02:00
b4ca31e6c6
chrony.conf: add DNA & Telia NTP servers
...
Resolves : #83
2020-10-25 17:22:59 +02:00
4cebe7fbd5
chrony.conf: list NTP servers
...
Ref: #83
2020-10-25 12:44:53 +02:00
993759577e
Bind systemd-resolved to Unbound
2020-10-25 09:05:07 +02:00
73f273f4bb
etc/chrony: add small chrony.conf notes
2020-10-24 11:32:07 +03:00
d3e00fb1a3
xdg-applications: add firejailed appimage of chatterino
2020-10-24 09:11:14 +03:00
1e70d7d4d7
etc/systemd-resolved&unbound: add Quad9 ECS configs
...
Untested. The last time I saw the documentation, they didn't mention
DoT.
2020-10-21 17:09:20 +03:00
1467454284
hosts.append: prepend empty line
...
It makes it easier to see where this begins in the appended /etc/hosts
2020-10-21 15:18:03 +03:00
de7184794a
etc: add hosts.append for appending into hosts for systemd-resolved
2020-10-21 15:16:56 +03:00
ca4c85b7df
etc/resolv.csv: add Quad9 ECS
...
The DoT address is guessed and verified to be open through nmap, as it's
not documented, I don't know surely that it's what it should.
DoH is mentioned in https://www.quad9.net/doh-quad9-dns-servers/
via https://gitlab.com/nitrohorse/ios14-encrypted-dns-mobileconfigs/-/issues/6
2020-10-18 11:11:27 +03:00
cb5781044c
resolv.conf: add OpenDNS Family
2020-10-03 14:56:52 +03:00
5f9cf10c68
resolv.csv: add Cleanbrowsing
2020-10-03 14:07:41 +03:00
531abc1f42
resolv.csv: fix Cloudflare DoT address
2020-10-03 13:49:04 +03:00
96d19d99cb
resolv.csv: add Cloudflare family, fill CF antimalware IPv6
2020-10-03 13:46:13 +03:00
8241d0e695
resolv.csv: add AdGuard Family
2020-10-03 13:42:05 +03:00
ae533261ab
etc/resolv.csv restore Firefox addresses
2020-10-03 13:38:31 +03:00
13a03812ba
resolv.conf: move resolvers to resolv.csv
2020-09-27 15:05:53 +03:00
31a15a9abc
systemd-resolved & unbound: update AdGuard IPs
...
Resolves : #81
2020-09-27 14:34:54 +03:00
09d7a87dfb
fix zaldaryn-r8168?
2020-09-03 19:39:34 +03:00
6c2475676c
unbound.conf.d/dot-adguard.conf: fix SNI domain
2020-08-30 16:56:51 +03:00
edb259b1c8
unbound.conf.d: add dot-adguard.conf
2020-08-30 16:45:35 +03:00
cc965d4692
blocklist.conf: add empty line & incoming.telemetry.mozilla.org
2020-08-22 23:31:54 +03:00
263f828550
unbound blocklist: add ssl.google-analytics.com
2020-08-20 19:30:47 +03:00
94eace15e7
unbound/blocklist.conf: specify it's server clause
...
Introduced by e4d18d47c5
2020-08-20 18:38:37 +03:00
cabf7c570d
blocklist.conf: add [www.]google-analytics.com.
2020-08-20 18:33:51 +03:00
b5cafdeb90
unbound: the mass file is not a good idea? cut it?
2020-08-16 12:18:07 +03:00
e4d18d47c5
etc/.../unbound.conf: update for 1.11.0-1+
2020-08-15 10:27:50 +03:00
cf8dc85ec0
systemd/timesyncd.conf.d: add cloudflare.conf
2020-08-09 10:51:36 +03:00
82cf5e7742
systemd/resolved.conf.d: add generic NextDNS confs
2020-08-09 00:07:06 +03:00
c3f9205610
resolv.conf: fix nextdns addresses
2020-08-09 00:03:13 +03:00
bbbe4a2f04
resolv.conf: add Firefox DoH resolvers
...
Excluding Comcast
2020-08-08 20:06:39 +03:00
f58ba9424e
resolv.conf: more notes, hilight systemd-resolved, add DoH addresses
2020-08-08 19:44:08 +03:00
ca25fa1a66
sources.list: rm 16.04.archive.ubuntu.com
...
I don't see enough difference compared to ubuntu.
Resolves : #78
2020-08-07 15:58:54 +03:00
Mikaela Suomalainen
0be7388798
sources.list: add ubuntu
...
Resolves : #77
2020-08-07 10:40:22 +03:00
73fb88e11d
systemd-resolved.conf.d: everywhere -> 00-everywhere
2020-07-24 12:16:31 +03:00
8af19aab5e
resolv.conf: link to Mullvad issue while at it
2020-07-23 23:28:14 +03:00
99cda3d7ed
resolv.conf: add a missing word
2020-07-23 23:27:37 +03:00
7da5babc43
resolv.conf: add missing empty line
2020-07-23 22:59:53 +03:00
d3e1aaee30
resolv.conf: more systemd-resolved info
2020-07-23 22:52:32 +03:00
6289837766
resolv.conf: note the systemd-resolved files
2020-07-23 22:43:04 +03:00
a8e9d7d81f
etc/resolv.conf: add option trust-ad
2020-07-20 23:11:55 +03:00
69f55cd724
systemd/resolved: adguard-strict -> adguard-dot
2020-07-18 14:05:36 +03:00
550b68d149
etc/systemd/resolved: add [adguard,cloudflare}-strict.conf
...
I am not actually using either though and I am not sure if I will,
but maybe they are nice to have as a backup here just in case.
2020-07-18 02:20:56 +03:00
b3cb953b9c
systemd/resolved: add a comment to everywhere.conf too
...
as every other file explains who it is for, why not this
2020-07-04 19:09:26 +03:00
0ae22081a0
etc/systemd-resolved: rework all files more or less
...
* explain things in README.md, don't duplicate comments
* opportunistic-insecure.conf should be used everywhere by default, so
thus it's now everywhere.conf. However I am yet to test it does what
I expect, so this is bad case of testing in production or after
committing it in general.
2020-07-04 19:06:18 +03:00
7a73088beb
systemd/resolved.conf.d/quad9*.conf: enable SNI
2020-06-26 12:22:09 +03:00
bce9af0edd
resolved.conf: add quad9-compat.conf
2020-06-26 12:22:09 +03:00