267dd77604
im.riot.Riot.desktop: add missing word "run"
2021-02-19 14:27:16 +02:00
8463fa8f5c
local/share/applications: Riot -> Element
...
Package name hasn't changed though so I imagine the icon is the same too
2021-02-19 13:59:27 +02:00
95a44d0be9
etc/pipewire: document the volume cutoff (pulseaudio style) workaround
2021-02-18 14:51:22 +02:00
c8e89a5817
systemd: add coredump.conf.d/biggercores.conf
2021-02-18 14:47:23 +02:00
8155bec959
sysctl.d: add 00-quic-go-udp-receive-buffer.conf
...
So I will remember it's existence
2021-02-13 09:36:28 +02:00
a0c61231f4
systemd/resolved.conf.d: add snopyta-strict.conf
...
While posting an example how I would do it I might as well put it here
2021-02-10 16:12:42 +02:00
288b010fe5
sshd: move mikaela-prohibit-password.conf to broken/
...
Apparently OpenSSH only allows PasswordAuthentication yes within a Match
block.
2021-02-02 14:12:43 +02:00
1be2720861
sshd: explicitly "terminate" Match blocks by Match All
...
https://unix.stackexchange.com/a/303982/17126 & man sshd_config
2021-02-02 13:58:35 +02:00
3260950712
sshd/anoncvs.conf: vcs users shouldn't ever be asked for a password
...
even if the system would allow that.
2021-02-02 13:06:04 +02:00
2711c5975e
NetworkManager.conf.d: add no-search-domains.conf
2021-02-02 12:52:34 +02:00
7ad17f8087
sshd/user-permit-password.conf: note on how to allow specific user to use passwords
2021-02-01 17:11:06 +02:00
1503367c86
sshd_config & ….d/README: note min version & date
2021-01-31 13:51:06 +02:00
f75bc7bd07
sshd/basic-security.conf: remove deprecated option
...
> /etc/ssh/sshd_config.d/basic-security.conf line 24: Deprecated option UsePrivilegeSeparation
OpenSSH_8.4p1, OpenSSL 1.1.1i FIPS 8 Dec 2020
2021-01-31 13:39:51 +02:00
0151bee9b0
sshd/mikaela-prohibit-password.conf: add AuthenticationMethods publickey
2021-01-30 22:15:51 +02:00
f1ea1e17d9
etc/ssh: rm copy
2021-01-30 21:35:05 +02:00
0572613d99
etc/ssh: cut sshd_config into multiple .confs
2021-01-30 21:31:38 +02:00
c5fa3daf29
sshd_config.d: read Mozilla docs & adjust accordingly
...
https://infosec.mozilla.org/guidelines/openssh
2021-01-30 21:18:41 +02:00
5211fb772c
sshd_config.d: add anoncvs.conf
2021-01-30 21:00:06 +02:00
de3a0739b4
sshd_config.d: add mikaela-prohibit-password.conf
...
Resolves : #88
2021-01-30 20:50:21 +02:00
a7c643bb7a
etc/sshd_config.d: add basic-security.conf
...
Ref: 88
2021-01-30 20:47:21 +02:00
8628ec28e0
yum.repos.d: add Dino
2021-01-30 11:01:17 +02:00
84ee7aeada
yum.repos.d: list Keybase too
2021-01-29 19:18:11 +02:00
27d1914424
etc: add dnf/dnf.conf & yum.repos.d/README.md
2021-01-29 19:15:08 +02:00
81296a241c
chrony: cut chrony.d/ into conf.d/ and sources.d/
...
I hope these are wider defaults than just Debian and allow me to not
conflit with package manager, but regardless having a separate
sources.d/ looks like a good idea for being able to `chronyc reload sources`
2021-01-29 12:56:38 +02:00
fc0730d7a5
sudoers.d/protonvpn.conf: add /usr/bin/protonvpn
2021-01-28 13:13:28 +02:00
16b19fb34d
torrc-client: add etro.mikaela.info
2021-01-26 19:42:25 +02:00
6216d8cda3
sudoers.d: add passwordless protonvpn-{tray,gui}
2021-01-16 20:40:21 +02:00
2df7aed162
chrony/yggdrasil: add comment & Kotka computers
2021-01-08 11:25:16 +02:00
Mikaela Suomalainen
0f94c59b81
chrony: add hetzner srevers
2020-12-19 13:03:54 +02:00
abb0c37ef2
unbound.conf.d: add yggdrasil-override.conf
...
Begins #89 at a better time
2020-12-15 20:34:01 +02:00
b26c9f698d
chrony/yggdrasil: add Etro
2020-12-15 14:30:30 +02:00
b20f3367b1
systemd/yggdrasil: add mullvad-exclude (& fix chrony override typo)
2020-12-09 09:38:49 +02:00
36b6a99e85
chrony.d: local-servers: add notes + xleave to the first comment
2020-12-09 08:44:34 +02:00
40d535f2c0
systemd/chrony.service.d/mullvad-exclude: actually fix this
2020-12-08 18:36:34 +02:00
f92b8d8d05
chrony.d/yggdrasil.conf: add y.Jolly-Roger
2020-12-06 19:49:12 +02:00
e27e88efd8
chrony.d: add hwtimestamp.conf
2020-12-06 19:26:04 +02:00
4a25481db2
chrony/yggdrasil.conf: add Sedric
2020-12-06 18:36:23 +02:00
5e94147e81
chrony.d/yggdrasil.conf: initial commit
2020-12-06 18:02:43 +02:00
2a615d8241
chrony: note that confdir and NTS require 4.0
2020-12-03 10:52:47 +02:00
e9aefd711b
blocklist.conf: refuse blocked instead of nxdomain
...
Only the Firefox DoH needs to be NXDOMAIN while REFUSE may be more
accurate for the rest.
2020-11-21 12:13:55 +02:00
e7a6e00b83
unbound/dns-over-tls: comment Adguard & NextDNS for not being in FI
2020-11-15 09:46:50 +02:00
aadcc009a0
unbound/dns-over-tls.conf: add Adguard (unfiltered) & NextDNS
2020-11-12 16:12:18 +02:00
3289a812ee
unbound: add dns-mullvad.conf (not encrypted)
...
Contains Mullvad Wireguard, OpenVPN and public addresses
2020-11-10 16:04:48 +02:00
9536101263
resolv.csv: add BlahDNS DoH CDNs
...
Just doh1, because it and doh2 resolve into the same addresses for me
and I don't want to add duplicate DoH field when only BlahDNS has two
differnt addresses for the same thing.
2020-11-08 12:50:31 +02:00
49d969822b
etc/resolv.csv: add BlahDNS
...
Resolves : #85
2020-11-04 12:56:48 +02:00
c302b10caf
chrony.d: restore log.conf
2020-11-01 11:57:57 +02:00
07e8c52f3b
chrony.d/local-servers: remove duplicate line
...
it's in README.md
2020-11-01 11:36:30 +02:00
dced82b820
etc/chrony: break chrony.conf into README.md & chrony.d/
2020-11-01 11:23:59 +02:00
52458cc8aa
chrony.conf: add xleave for peer
2020-11-01 10:47:30 +02:00
84a669f51f
chrony.conf: add note for Windows on nettime
2020-10-31 18:10:25 +02:00
c55e6b97e8
chrony.conf: comments for nmap and VPNs
2020-10-31 14:34:47 +02:00
0c7038da14
systemd: systemd-resolved.service.d/unbound.conf: After unbound
2020-10-30 10:19:39 +02:00
fe83cbbb3a
systemd: add config for excluding Chrony from Mullvad
2020-10-30 08:04:58 +02:00
f878041e2e
unbound/dns-over-tls.conf: reverse order of providers
...
It seems to have some (small?) relevance to where queries go to.
2020-10-29 16:24:52 +02:00
6e1f41533c
unbound/dns-over-tls.conf: comment the 443 appliedprivacy
...
Thinking it a bit more, it's not useful to use their resources on
devices that practically never encounter blocked port 853.
2020-10-29 13:22:19 +02:00
b03e00faaa
local/share/apps: add firejailed mirage (todo: test it)
2020-10-29 13:15:48 +02:00
c93034ba7f
unbound/dns-over-tls.conf: major cleanup
2020-10-29 13:15:23 +02:00
8b04c26065
chrony.conf: add a peer comment for LOCALMACHINE.local
2020-10-27 10:35:09 +02:00
dc2ac02412
begin depulseaudioing
...
https://wiki.archlinux.org/index.php/PulseAudio/Troubleshooting#No_sound_below_a_volume_cutoff_or_Clipping_on_a_particular_output_device
is too much for me. I expect to suffer this decision too though.
* i3: bind audio buttons to amixer (TODO: there are still pulse-specific
shortcuts and no shortcut for any kind of a mixer. $TERMINAL
alsamixer?)
* i3status: comment pulse to make it see alsa
* apt: pin pulseaudio to negative priority
2020-10-26 17:21:39 +02:00
9b197cbaed
chrony.conf: add a local server example
2020-10-26 07:34:10 +02:00
258cf72ccb
chrony.conf: mark Cloudflare as a pool of 2
2020-10-25 19:46:36 +02:00
9ae9856c0a
chrony.conf: mark Snopyta & Telia as pools with maxsources 3
2020-10-25 18:54:53 +02:00
51080f52d8
chrony.conf: add comments on allowing lan access
2020-10-25 17:43:07 +02:00
b4ca31e6c6
chrony.conf: add DNA & Telia NTP servers
...
Resolves : #83
2020-10-25 17:22:59 +02:00
4cebe7fbd5
chrony.conf: list NTP servers
...
Ref: #83
2020-10-25 12:44:53 +02:00
993759577e
Bind systemd-resolved to Unbound
2020-10-25 09:05:07 +02:00
73f273f4bb
etc/chrony: add small chrony.conf notes
2020-10-24 11:32:07 +03:00
d3e00fb1a3
xdg-applications: add firejailed appimage of chatterino
2020-10-24 09:11:14 +03:00
1e70d7d4d7
etc/systemd-resolved&unbound: add Quad9 ECS configs
...
Untested. The last time I saw the documentation, they didn't mention
DoT.
2020-10-21 17:09:20 +03:00
1467454284
hosts.append: prepend empty line
...
It makes it easier to see where this begins in the appended /etc/hosts
2020-10-21 15:18:03 +03:00
de7184794a
etc: add hosts.append for appending into hosts for systemd-resolved
2020-10-21 15:16:56 +03:00
ca4c85b7df
etc/resolv.csv: add Quad9 ECS
...
The DoT address is guessed and verified to be open through nmap, as it's
not documented, I don't know surely that it's what it should.
DoH is mentioned in https://www.quad9.net/doh-quad9-dns-servers/
via https://gitlab.com/nitrohorse/ios14-encrypted-dns-mobileconfigs/-/issues/6
2020-10-18 11:11:27 +03:00
cb5781044c
resolv.conf: add OpenDNS Family
2020-10-03 14:56:52 +03:00
5f9cf10c68
resolv.csv: add Cleanbrowsing
2020-10-03 14:07:41 +03:00
531abc1f42
resolv.csv: fix Cloudflare DoT address
2020-10-03 13:49:04 +03:00
96d19d99cb
resolv.csv: add Cloudflare family, fill CF antimalware IPv6
2020-10-03 13:46:13 +03:00
8241d0e695
resolv.csv: add AdGuard Family
2020-10-03 13:42:05 +03:00
ae533261ab
etc/resolv.csv restore Firefox addresses
2020-10-03 13:38:31 +03:00
13a03812ba
resolv.conf: move resolvers to resolv.csv
2020-09-27 15:05:53 +03:00
31a15a9abc
systemd-resolved & unbound: update AdGuard IPs
...
Resolves : #81
2020-09-27 14:34:54 +03:00
09d7a87dfb
fix zaldaryn-r8168?
2020-09-03 19:39:34 +03:00
6c2475676c
unbound.conf.d/dot-adguard.conf: fix SNI domain
2020-08-30 16:56:51 +03:00
edb259b1c8
unbound.conf.d: add dot-adguard.conf
2020-08-30 16:45:35 +03:00
cc965d4692
blocklist.conf: add empty line & incoming.telemetry.mozilla.org
2020-08-22 23:31:54 +03:00
263f828550
unbound blocklist: add ssl.google-analytics.com
2020-08-20 19:30:47 +03:00
94eace15e7
unbound/blocklist.conf: specify it's server clause
...
Introduced by e4d18d47c5
2020-08-20 18:38:37 +03:00
cabf7c570d
blocklist.conf: add [www.]google-analytics.com.
2020-08-20 18:33:51 +03:00
b5cafdeb90
unbound: the mass file is not a good idea? cut it?
2020-08-16 12:18:07 +03:00
e4d18d47c5
etc/.../unbound.conf: update for 1.11.0-1+
2020-08-15 10:27:50 +03:00
cf8dc85ec0
systemd/timesyncd.conf.d: add cloudflare.conf
2020-08-09 10:51:36 +03:00
82cf5e7742
systemd/resolved.conf.d: add generic NextDNS confs
2020-08-09 00:07:06 +03:00
c3f9205610
resolv.conf: fix nextdns addresses
2020-08-09 00:03:13 +03:00
bbbe4a2f04
resolv.conf: add Firefox DoH resolvers
...
Excluding Comcast
2020-08-08 20:06:39 +03:00
f58ba9424e
resolv.conf: more notes, hilight systemd-resolved, add DoH addresses
2020-08-08 19:44:08 +03:00
ca25fa1a66
sources.list: rm 16.04.archive.ubuntu.com
...
I don't see enough difference compared to ubuntu.
Resolves : #78
2020-08-07 15:58:54 +03:00
Mikaela Suomalainen
0be7388798
sources.list: add ubuntu
...
Resolves : #77
2020-08-07 10:40:22 +03:00
73fb88e11d
systemd-resolved.conf.d: everywhere -> 00-everywhere
2020-07-24 12:16:31 +03:00
8af19aab5e
resolv.conf: link to Mullvad issue while at it
2020-07-23 23:28:14 +03:00
99cda3d7ed
resolv.conf: add a missing word
2020-07-23 23:27:37 +03:00
7da5babc43
resolv.conf: add missing empty line
2020-07-23 22:59:53 +03:00
d3e1aaee30
resolv.conf: more systemd-resolved info
2020-07-23 22:52:32 +03:00
6289837766
resolv.conf: note the systemd-resolved files
2020-07-23 22:43:04 +03:00
a8e9d7d81f
etc/resolv.conf: add option trust-ad
2020-07-20 23:11:55 +03:00
69f55cd724
systemd/resolved: adguard-strict -> adguard-dot
2020-07-18 14:05:36 +03:00
550b68d149
etc/systemd/resolved: add [adguard,cloudflare}-strict.conf
...
I am not actually using either though and I am not sure if I will,
but maybe they are nice to have as a backup here just in case.
2020-07-18 02:20:56 +03:00
b3cb953b9c
systemd/resolved: add a comment to everywhere.conf too
...
as every other file explains who it is for, why not this
2020-07-04 19:09:26 +03:00
0ae22081a0
etc/systemd-resolved: rework all files more or less
...
* explain things in README.md, don't duplicate comments
* opportunistic-insecure.conf should be used everywhere by default, so
thus it's now everywhere.conf. However I am yet to test it does what
I expect, so this is bad case of testing in production or after
committing it in general.
2020-07-04 19:06:18 +03:00
7a73088beb
systemd/resolved.conf.d/quad9*.conf: enable SNI
2020-06-26 12:22:09 +03:00
bce9af0edd
resolved.conf: add quad9-compat.conf
2020-06-26 12:22:09 +03:00
Mikaela Suomalainen
507b9b15c7
etc/containers: add registries.conf example
...
linking to source, it seems to be enough to get started with podman
2020-05-27 11:01:08 +03:00
Mikaela Suomalainen
856085bd74
ssh_config: document ForwardAgent and ForwardX11...
...
...Previously they were no without explanation, but it never hurts to
explicitly have comments on not doing that, I didn't quickly find
anything nice for ForwardAgent, but I remember the Matrix.org people
somehow avoiding hearing it and ForwardX11 first result was that
StackExchange.
2020-05-22 14:36:26 +03:00
Mikaela Suomalainen
d8d48508bd
ssh_config: update comments, add Includes
...
Resolves : #69
2020-05-22 14:29:37 +03:00
c2c27c8adb
local: add firejail-appimage-patchwork.desktop
2020-05-08 18:14:42 +03:00
5226399637
grub.d: add quiet.cfg to remind me to not remove it
2020-04-08 19:24:22 +03:00
1e08997ad5
etc/sources.list: add (Debian's) experimental
2020-03-30 18:12:16 +03:00
6f2f986d2f
etc/fahclient/config.xml: let the slider be MEDIUM
2020-03-30 09:16:32 +03:00
d1fc83913b
systemd/user: add ipfs, transmission-daemon (from system)
2020-03-30 08:42:06 +03:00
b2dac44a64
etc: add fahclient/config.xml
2020-03-30 08:35:56 +03:00
d39ec4ccfe
grub.d/oldifnames.cfg: update comment
...
I seem to be using it in multiple systems so I cannot say I don't
recommend it, when it's understood.
2020-03-29 15:12:00 +03:00
53944a0673
grub.d: add forcefsck.cfg
2020-03-29 15:11:48 +03:00
b217baaec9
systemd/system: update syncplay-server.service
...
It never got the TLS flag apparently
2020-03-27 18:02:34 +02:00
d71357613f
apt/preferences.d/limit-unstable: add unstable-debug repo
...
It may be unhelpful to have debug symbols getting pulled from Unstable
while using packages from Testing or even Stable.
2020-03-21 16:40:00 +02:00
9d70aa8119
org.signal.Signal.desktop: rename to Signal Tray
2020-03-09 09:35:19 +02:00
8fc2d8905c
etc/nginx/README.md: add future warning
2020-03-07 21:08:57 +02:00
64d5fef6f3
ipfs.service: point to the new meta issue
2020-02-29 18:03:32 +02:00
b125fc1804
etc/systemd/resolved.conf.d: general.conf -> opportunistic-insecure.conf
2020-02-21 19:03:56 +02:00
60cac14929
etc: add multi-user.cfg
2020-02-18 01:42:27 +02:00
585266bc28
update pomotroid.desktop & add ipfs-desktop.desktop
...
Pomotroid now stores data
2020-02-13 20:17:39 +02:00
a3d7b0af22
etc/default/grub.d/lockdown.cfg: notes + lockdown=integrity comment
2020-02-13 02:03:52 +02:00
b770e356cb
etc/default/grub.d: add lockdown.cfg
2020-02-13 01:17:39 +02:00
60899ca667
etc/sysctl.d: add kernel.yama.ptrace_scope = 1
2020-02-12 22:36:17 +02:00
3e325cca03
etc/sysctl.d: add 00-local-userns.conf with warnings/rant
2020-02-12 22:00:11 +02:00
bd6488e0ed
etc/default/grub.d: nouveau.cfg -> itwjyg.cfg + more modules
2020-02-10 17:54:47 +02:00
fafc6fad62
etc/xdg/autostart: add pomotroid.desktop
...
Resolves : #50
2020-02-09 20:36:56 +02:00
1a8c6fcd24
merge local/share/applications & etc/xdg/autostart
2020-02-09 20:35:54 +02:00
ee0038c568
add /etc/network/interfaces.d/eth0
2020-02-09 14:53:56 +02:00
8472ffa7cd
NetworkManager: add manage-ifupdown.conf
2020-02-09 14:53:01 +02:00
9177966264
etc/default/grub.d: -supposedly & modprobe r8168
2020-02-09 14:50:43 +02:00
da2f090f56
logind.conf.d/lidclose.conf: mention systemd-rfkill, ref: #51
2020-02-03 22:41:47 +02:00
d54ec98f99
NM/iwd.conf: add missing line (enable --now iwd)
2020-02-03 21:40:11 +02:00
d8740f54e1
NetworkManager/conf.d: add iwd.conf for replacing wpa_supplicant
2020-02-03 21:15:35 +02:00
c0399054bb
etc/systemd/login.conf.d/lidclose.conf: ignore lid close
2020-02-03 19:36:05 +02:00
a82e3fd989
etc/NetworkManager: add no-mac-randomizing.conf
2020-01-28 23:12:54 +02:00
b04c724b5b
etc/default/grub.d: add flags to disable hibernating
2020-01-19 13:47:33 +02:00
2168bc47ed
apt/preferences.d: don't consider firefox/jami as badideas
2020-01-12 13:24:11 +02:00
86cb1a02dc
etc/xdg/autostart: add com.github.wwmm.pulseeffects.desktop
2020-01-11 22:25:33 +02:00
e47568e178
etc/xdg/autostart: add Nextcloud.desktop
2020-01-11 22:24:23 +02:00
5c6f66e5fc
etc/apt/preferences.d: add hacks/limit-buster
2020-01-11 22:11:25 +02:00
eabd12a26d
etc/apt/preferenced: move not-so-good-ideas to badideas/
2020-01-11 21:43:52 +02:00
31c53595f8
etc/apt/preferences.d: add limit-unstable from Wireguard
2020-01-11 21:41:09 +02:00