Aminda Suomalainen
82d2146706
etc/tor/client: remove PirateIRC and freenode
...
PirateIRC with Ergo is yet to get onion setup and I imagine freenode
destroyed their onion a long time ago. I haven't been using it though.
2022-01-17 17:31:33 +02:00
Aminda Suomalainen
df3e710c60
etc/tor/torrc-client: add MapAddress for OFTC
2022-01-17 17:30:39 +02:00
Aminda Suomalainen
f0029674e7
etc/apt/sources.list: also update debug.mirrors.debian.org onion
...
Resolves : #124
2022-01-16 19:17:48 +02:00
Aminda Suomalainen
4c6cc2391f
etc/apt/sources.list: attempt to update to onionV3
...
Resolves : #124
2022-01-16 19:06:41 +02:00
Aminda Suomalainen
f58d0d7d01
ssh/user-permit-password: add example for multiple users
2022-01-16 15:15:09 +02:00
Aminda Suomalainen
1356fccd20
systemd: add flatpak-update.{service,timer}
...
Resolves : #121
2021-12-18 13:45:53 +02:00
Aminda Suomalainen
1b4ac2b6d7
etc/systemd/system.conf.d: add log4shell.conf
2021-12-13 13:09:35 +02:00
Aminda Suomalainen
5704353d55
systemd: copy matterbridge restarter into gitea one
...
It used to stop working randomly without a good reason, but that is
likely fixed upstream a long time ago and while I removed it from cron,
these units exist so should the issue recur, I can throw these back in.
The cron wasn't randomized though, but I don't think there is harm in
this being a bit random.
2021-12-06 23:48:40 +02:00
Aminda Suomalainen
8e69874534
matterbridge-restart.timer: fix language
2021-12-06 23:48:30 +02:00
Aminda Suomalainen
8209a74c6b
etc: small xdg/autostarts updates:
...
* pulseeffects -> easyeffects
* wire -> deprecated/
* telegramdesktop.desktop: add workaround (and supposedly it didn't
exist here, #42 )
Resolves : #42
2021-12-02 19:52:34 +02:00
Aminda Suomalainen
bd91ef704d
systemd: matterbridge.timer -> matterbridge-restart.{service,timer}
...
Resolves : #98
2021-11-22 09:56:56 +02:00
Aminda Suomalainen
9ba056cfd3
matterbridge-cleanup.service: fix typo, ignore exit state
2021-11-21 17:15:12 +02:00
Aminda Suomalainen
62573195d9
systemd: add matterbridge-cleanup.{service,timer}
...
Resolves : #98
2021-11-21 17:11:44 +02:00
Aminda Suomalainen
13278214d1
matterbridge.timer: OnBootSec=0 just in case
...
Ref: #98
2021-11-21 16:59:05 +02:00
Aminda Suomalainen
29f7cf6b98
systemd: first attempt at matterbridge restarter timer
...
Ref: #98
2021-11-21 16:52:14 +02:00
Aminda Suomalainen
4f50f4a367
systemd-resolved: don't DNSSEC with adblocking
2021-11-21 11:37:03 +02:00
Aminda Suomalainen
12fe7a59a8
etc/systemd/resolved: add configuration for Mullvad DoT
2021-11-21 11:16:11 +02:00
Aminda Suomalainen
d49b78680b
etc/resolv.csv: add CZ.NIC ODVR
...
Ref: #110
Ref: #112
2021-11-07 18:59:16 +02:00
Aminda Suomalainen
1e40420115
unbound: rm outdated yggdrasil-override
...
Ref: #89
2021-10-05 12:38:16 +03:00
Aminda Suomalainen
bfa51f500b
unbound/dns-over-tls.conf: stop advertising Debian 9
2021-10-05 12:34:10 +03:00
Aminda Suomalainen
ee293669d9
unbound: add dot-flushable-cache.conf
...
Resolves : #105
2021-10-05 12:33:40 +03:00
Aminda Suomalainen
862808fe07
etc/yum.repos.d: partially rewrite README.md
...
Main problem was "dnf still reads this repository apparently" where the
word "repository" was wrong, and I couldn't fix it without changing
everything :)
2021-10-05 12:18:42 +03:00
Aminda Suomalainen
4b57b299cc
etc/yum.repos.d/*.repo: rename descriptively
...
The fedora-dino.repo was unfriendly towards Windows (#106 ) and I noticed
that the other renamed files contained Fedora, so I think they should be
named appropiately. microsoft-edge-dev.repo mentioned generally
yumrepos, so it seems to not be Fedora specific.
2021-10-05 12:13:11 +03:00
Aminda Suomalainen
e49187f9dc
chrony/README: fix Windows doc
2021-10-05 10:59:53 +03:00
Aminda Suomalainen
12127744b5
systemd: also keep trying Chrony
2021-10-03 09:58:59 +03:00
Aminda Suomalainen
84e714b55e
systemd: keep retrying yggdrasil, don't sleep
2021-10-03 09:58:03 +03:00
Aminda Suomalainen
38ef6e7314
chrony/sources/nts: add nts.netnod.se
...
They appear to be the only bigger party hosting NTS in addition to
Cloudflare and being in neighbouring country isn't too bad
Via https://gist.github.com/jauderho/2ad0d441760fc5ed69d8d4e2d6b35f8d
which encouraged me to look into them a bit more. Additionally having
read chrony or chrony.conf manual on default behaviour implying NTS
servers are "require trust" and when mixing them with NTP servers, NTP
servers never get selected unless they agree with NTS servers.
2021-09-26 21:28:06 +03:00
Aminda Suomalainen
61ad1e935b
00-ptrace-restricted.conf: set to 3
...
I cannot remember when I last needed it and this makes Edgium
about:sandbox happy
2021-09-06 18:45:38 +03:00
Aminda Suomalainen
575b68fe3a
etc/apt/sources.list/stable: update security name
...
https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#security-archive
2021-08-15 00:42:58 +03:00
Aminda Suomalainen
c8189a3aa6
chrony/yggdrasil.sources: update jolly-roger address
2021-08-08 00:07:01 +03:00
Aminda Suomalainen
a7ea71ae38
chrony/conf.d: add cmd.conf
...
Ref: #95
which this attempts to workaround and fails
2021-08-07 23:56:38 +03:00
Aminda Suomalainen
a43478e430
chrony: add broken NTS configuration
...
Ref: #94
2021-08-07 23:52:15 +03:00
Aminda Suomalainen
a9f34a8d1c
sysctl/questionable: 99-nonlocalbind.conf
...
Resolves : #55
2021-06-27 17:43:34 +03:00
Aminda Suomalainen
8f09ff7d45
chrony/confdir: add fedora-sourcedir.conf
...
Fedora doesn't specify non-DHCP sourcedir by default so I specify one
here
2021-06-26 23:24:51 +03:00
Aminda Suomalainen
0c5413171f
sysctl.d: add 00-max-ipv6-route.conf
2021-06-20 00:42:24 +03:00
Aminda Suomalainen
1c0073920a
pipewire/README: more on pro-audio, alsamixer and not deafening
2021-06-19 23:45:19 +03:00
Aminda Suomalainen
c73d7a3a0c
sysctl.d: 00-magicsysrq.conf -> 60-magicsysrq.conf
...
Otherwise Fedora seems to overwrite it with priority 50 file
2021-06-19 15:49:27 +03:00
Aminda Suomalainen
3b99675a34
etc/sysctl.d: go through, mkdir questionable/
...
Resolves : #93
2021-06-19 15:41:49 +03:00
Aminda Suomalainen
9c7d0c6210
etc/ssh/config.d: add example.conf
...
So I can stop having to dig this from manual every time I want to
configure a new host, and a couple of options I haven't used previously,
but could as they seem nice
2021-06-18 13:48:41 +03:00
Aminda Suomalainen
a5836327c4
etc: pipewire & bluetooth: enable codes, battery reporting
...
https://web.archive.org/web/20210614103423/https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
2021-06-14 13:36:34 +03:00
Aminda Suomalainen
437a417697
etc/pipewire/…: say that using Pro-audio is enough fix
2021-06-14 12:13:57 +03:00
Aminda Suomalainen
93823eabd6
sysctl.d: add 23-starts-unprivileged-ports.conf
...
Self-explanatory within comments. Link list notes to selves contributing
into this version:
* https://kernelnewbies.org/Linux_4.11
* https://stackoverflow.com/a/51439516
* https://stackoverflow.com/questions/413807/is-there-a-way-for-non-root-processes-to-bind-to-privileged-ports-on-linux#comment90027734_51439516
* https://developer.apple.com/forums/thread/674179
* https://news.ycombinator.com/item?id=18302380
* https://security.stackexchange.com/q/242859
* https://stackoverflow.com/questions/413807/is-there-a-way-for-non-root-processes-to-bind-to-privileged-ports-on-linux#comment90027734_51439516
2021-06-12 21:52:39 +03:00
Aminda Suomalainen
75731868e7
unbound/dns-over-tls.conf: allow non-Finnish anycast & note being used on servers
2021-06-11 19:39:57 +03:00
Aminda Suomalainen
126918d98d
systemd/limnoria.service: add TZ env & RestartSec
2021-06-02 17:50:30 +03:00
Aminda Suomalainen
30a308d29f
torrc-client: add MapAddress for palladium.libera.chat
...
https://libera.chat/guides/connect#verifying-tor-tls-connections
2021-05-27 17:50:03 +03:00
Aminda Suomalainen
6576e83901
etc/tor/torrc-client: add irc.ergo.chat
2021-05-27 02:52:30 +03:00
Aminda Suomalainen
6f7016a596
torrc-client: add irc.liberta.casa
2021-05-22 13:16:26 +03:00
Aminda Suomalainen
c1768cae67
systemd: "rewrite" supybot -> limnoria, move znc, rmdir irc/
2021-05-16 18:00:31 +03:00
Aminda Suomalainen
306270c441
etc/systemd: rm cjdns & miredo, I am unlikely to use them again
2021-05-16 11:15:34 +03:00
Aminda Suomalainen
49facd9d39
etc/dnf.conf: comment tor example
2021-05-05 20:43:52 +03:00
Aminda Suomalainen
aa18d746db
etc/pipewire/README.md: cut a long line into two
2021-05-05 11:02:53 +03:00
Aminda Suomalainen
4b445c2aaf
etc/pipewire: remove the ...example.donotuse
...
I am quite sure that the config file has changed so much that the file
wouldn't work anyway and I don't think I really need it with the
important part being in the README.md
2021-05-05 11:01:50 +03:00
Aminda Suomalainen
c6a75f0962
ssh/anoncvs.conf: fix typo
2021-05-04 16:18:31 +03:00
Aminda Suomalainen
447e8192c2
etc/default/grub.d: add remember-previous.cfg
2021-04-30 20:05:22 +03:00
Aminda Suomalainen
ad6ac7d45e
dnf.conf: double max_parallel_downloads
2021-04-28 12:32:58 +03:00
Aminda Suomalainen
1ad289aa49
unbound/dot-mullvad-adblock.conf: add missing port number
2021-04-27 21:40:16 +03:00
Aminda Suomalainen
41879fe5e8
unbound.conf.d: rm dns-mullvad, add dot-mullvad[-adblock]
2021-04-27 21:35:58 +03:00
Aminda Suomalainen
61d19724fa
resolv.csv: add Mullvad
2021-04-27 21:30:46 +03:00
Aminda Suomalainen
e4c9d168ba
yum.repos.d: add tor.repo
2021-03-28 09:41:15 +03:00
Aminda Suomalainen
6f8c7de6af
unbound.conf.d: add 00-insecure-domains.conf (WiFi repeater config)
2021-03-14 21:00:32 +02:00
Aminda Suomalainen
3b4847f447
yum.repos.d/protonvpn-unstable: remove unneeded expansions
...
Fixes pkcon complaining
2021-03-13 18:29:30 +02:00
Aminda Suomalainen
134999487f
yum.repos.d: add microsoft-edge-dev.repo
2021-03-07 16:46:47 +02:00
Aminda Suomalainen
93b9bc5ba6
yum.repos.d: move Dino from README to .repo
2021-03-07 16:37:15 +02:00
Aminda Suomalainen
267f68ae80
yum.repos.d: add microsoft-prod.repo
2021-03-07 16:36:04 +02:00
Aminda Suomalainen
e5c259eda6
README.md: write about soft-mixer
2021-03-02 12:21:58 +02:00
Aminda Suomalainen
85d97aec3e
apt/preferences.d/pulseaudio: pin priority -1 backports too
2021-03-01 19:08:18 +02:00
Aminda Suomalainen
51b0b5dde5
sudoers.d/protonvpn: add more paths & potential legacy note
2021-02-27 09:02:10 +02:00
Aminda Suomalainen
5903664cb7
yum.repos.d: add protonvpn-unstable.repo
2021-02-26 14:10:38 +02:00
Aminda Suomalainen
f21e22e80f
etc/sudoers.d: fix name, make notes to README.md
2021-02-26 11:34:20 +02:00
Aminda Suomalainen
267dd77604
im.riot.Riot.desktop: add missing word "run"
2021-02-19 14:27:16 +02:00
Aminda Suomalainen
8463fa8f5c
local/share/applications: Riot -> Element
...
Package name hasn't changed though so I imagine the icon is the same too
2021-02-19 13:59:27 +02:00
Aminda Suomalainen
95a44d0be9
etc/pipewire: document the volume cutoff (pulseaudio style) workaround
2021-02-18 14:51:22 +02:00
Aminda Suomalainen
c8e89a5817
systemd: add coredump.conf.d/biggercores.conf
2021-02-18 14:47:23 +02:00
Aminda Suomalainen
8155bec959
sysctl.d: add 00-quic-go-udp-receive-buffer.conf
...
So I will remember it's existence
2021-02-13 09:36:28 +02:00
Aminda Suomalainen
a0c61231f4
systemd/resolved.conf.d: add snopyta-strict.conf
...
While posting an example how I would do it I might as well put it here
2021-02-10 16:12:42 +02:00
Aminda Suomalainen
288b010fe5
sshd: move mikaela-prohibit-password.conf to broken/
...
Apparently OpenSSH only allows PasswordAuthentication yes within a Match
block.
2021-02-02 14:12:43 +02:00
Aminda Suomalainen
1be2720861
sshd: explicitly "terminate" Match blocks by Match All
...
https://unix.stackexchange.com/a/303982/17126 & man sshd_config
2021-02-02 13:58:35 +02:00
Aminda Suomalainen
3260950712
sshd/anoncvs.conf: vcs users shouldn't ever be asked for a password
...
even if the system would allow that.
2021-02-02 13:06:04 +02:00
Aminda Suomalainen
2711c5975e
NetworkManager.conf.d: add no-search-domains.conf
2021-02-02 12:52:34 +02:00
Aminda Suomalainen
7ad17f8087
sshd/user-permit-password.conf: note on how to allow specific user to use passwords
2021-02-01 17:11:06 +02:00
Aminda Suomalainen
1503367c86
sshd_config & ….d/README: note min version & date
2021-01-31 13:51:06 +02:00
Aminda Suomalainen
f75bc7bd07
sshd/basic-security.conf: remove deprecated option
...
> /etc/ssh/sshd_config.d/basic-security.conf line 24: Deprecated option UsePrivilegeSeparation
OpenSSH_8.4p1, OpenSSL 1.1.1i FIPS 8 Dec 2020
2021-01-31 13:39:51 +02:00
Aminda Suomalainen
0151bee9b0
sshd/mikaela-prohibit-password.conf: add AuthenticationMethods publickey
2021-01-30 22:15:51 +02:00
Aminda Suomalainen
f1ea1e17d9
etc/ssh: rm copy
2021-01-30 21:35:05 +02:00
Aminda Suomalainen
0572613d99
etc/ssh: cut sshd_config into multiple .confs
2021-01-30 21:31:38 +02:00
Aminda Suomalainen
c5fa3daf29
sshd_config.d: read Mozilla docs & adjust accordingly
...
https://infosec.mozilla.org/guidelines/openssh
2021-01-30 21:18:41 +02:00
Aminda Suomalainen
5211fb772c
sshd_config.d: add anoncvs.conf
2021-01-30 21:00:06 +02:00
Aminda Suomalainen
de3a0739b4
sshd_config.d: add mikaela-prohibit-password.conf
...
Resolves : #88
2021-01-30 20:50:21 +02:00
Aminda Suomalainen
a7c643bb7a
etc/sshd_config.d: add basic-security.conf
...
Ref: 88
2021-01-30 20:47:21 +02:00
Aminda Suomalainen
8628ec28e0
yum.repos.d: add Dino
2021-01-30 11:01:17 +02:00
Aminda Suomalainen
84ee7aeada
yum.repos.d: list Keybase too
2021-01-29 19:18:11 +02:00
Aminda Suomalainen
27d1914424
etc: add dnf/dnf.conf & yum.repos.d/README.md
2021-01-29 19:15:08 +02:00
Aminda Suomalainen
81296a241c
chrony: cut chrony.d/ into conf.d/ and sources.d/
...
I hope these are wider defaults than just Debian and allow me to not
conflit with package manager, but regardless having a separate
sources.d/ looks like a good idea for being able to `chronyc reload sources`
2021-01-29 12:56:38 +02:00
Aminda Suomalainen
fc0730d7a5
sudoers.d/protonvpn.conf: add /usr/bin/protonvpn
2021-01-28 13:13:28 +02:00
Aminda Suomalainen
16b19fb34d
torrc-client: add etro.mikaela.info
2021-01-26 19:42:25 +02:00
Aminda Suomalainen
6216d8cda3
sudoers.d: add passwordless protonvpn-{tray,gui}
2021-01-16 20:40:21 +02:00
Aminda Suomalainen
2df7aed162
chrony/yggdrasil: add comment & Kotka computers
2021-01-08 11:25:16 +02:00
Mikaela Suomalainen
0f94c59b81
chrony: add hetzner srevers
2020-12-19 13:03:54 +02:00
Aminda Suomalainen
abb0c37ef2
unbound.conf.d: add yggdrasil-override.conf
...
Begins #89 at a better time
2020-12-15 20:34:01 +02:00
Aminda Suomalainen
b26c9f698d
chrony/yggdrasil: add Etro
2020-12-15 14:30:30 +02:00
Aminda Suomalainen
b20f3367b1
systemd/yggdrasil: add mullvad-exclude (& fix chrony override typo)
2020-12-09 09:38:49 +02:00
Aminda Suomalainen
36b6a99e85
chrony.d: local-servers: add notes + xleave to the first comment
2020-12-09 08:44:34 +02:00
Aminda Suomalainen
40d535f2c0
systemd/chrony.service.d/mullvad-exclude: actually fix this
2020-12-08 18:36:34 +02:00
Aminda Suomalainen
f92b8d8d05
chrony.d/yggdrasil.conf: add y.Jolly-Roger
2020-12-06 19:49:12 +02:00
Aminda Suomalainen
e27e88efd8
chrony.d: add hwtimestamp.conf
2020-12-06 19:26:04 +02:00
Aminda Suomalainen
4a25481db2
chrony/yggdrasil.conf: add Sedric
2020-12-06 18:36:23 +02:00
Aminda Suomalainen
5e94147e81
chrony.d/yggdrasil.conf: initial commit
2020-12-06 18:02:43 +02:00
Aminda Suomalainen
2a615d8241
chrony: note that confdir and NTS require 4.0
2020-12-03 10:52:47 +02:00
Aminda Suomalainen
e9aefd711b
blocklist.conf: refuse blocked instead of nxdomain
...
Only the Firefox DoH needs to be NXDOMAIN while REFUSE may be more
accurate for the rest.
2020-11-21 12:13:55 +02:00
Aminda Suomalainen
e7a6e00b83
unbound/dns-over-tls: comment Adguard & NextDNS for not being in FI
2020-11-15 09:46:50 +02:00
Aminda Suomalainen
aadcc009a0
unbound/dns-over-tls.conf: add Adguard (unfiltered) & NextDNS
2020-11-12 16:12:18 +02:00
Aminda Suomalainen
3289a812ee
unbound: add dns-mullvad.conf (not encrypted)
...
Contains Mullvad Wireguard, OpenVPN and public addresses
2020-11-10 16:04:48 +02:00
Aminda Suomalainen
9536101263
resolv.csv: add BlahDNS DoH CDNs
...
Just doh1, because it and doh2 resolve into the same addresses for me
and I don't want to add duplicate DoH field when only BlahDNS has two
differnt addresses for the same thing.
2020-11-08 12:50:31 +02:00
Aminda Suomalainen
49d969822b
etc/resolv.csv: add BlahDNS
...
Resolves : #85
2020-11-04 12:56:48 +02:00
Aminda Suomalainen
c302b10caf
chrony.d: restore log.conf
2020-11-01 11:57:57 +02:00
Aminda Suomalainen
07e8c52f3b
chrony.d/local-servers: remove duplicate line
...
it's in README.md
2020-11-01 11:36:30 +02:00
Aminda Suomalainen
dced82b820
etc/chrony: break chrony.conf into README.md & chrony.d/
2020-11-01 11:23:59 +02:00
Aminda Suomalainen
52458cc8aa
chrony.conf: add xleave for peer
2020-11-01 10:47:30 +02:00
Aminda Suomalainen
84a669f51f
chrony.conf: add note for Windows on nettime
2020-10-31 18:10:25 +02:00
Aminda Suomalainen
c55e6b97e8
chrony.conf: comments for nmap and VPNs
2020-10-31 14:34:47 +02:00
Aminda Suomalainen
0c7038da14
systemd: systemd-resolved.service.d/unbound.conf: After unbound
2020-10-30 10:19:39 +02:00
Aminda Suomalainen
fe83cbbb3a
systemd: add config for excluding Chrony from Mullvad
2020-10-30 08:04:58 +02:00
Aminda Suomalainen
f878041e2e
unbound/dns-over-tls.conf: reverse order of providers
...
It seems to have some (small?) relevance to where queries go to.
2020-10-29 16:24:52 +02:00
Aminda Suomalainen
6e1f41533c
unbound/dns-over-tls.conf: comment the 443 appliedprivacy
...
Thinking it a bit more, it's not useful to use their resources on
devices that practically never encounter blocked port 853.
2020-10-29 13:22:19 +02:00
Aminda Suomalainen
b03e00faaa
local/share/apps: add firejailed mirage (todo: test it)
2020-10-29 13:15:48 +02:00
Aminda Suomalainen
c93034ba7f
unbound/dns-over-tls.conf: major cleanup
2020-10-29 13:15:23 +02:00
Aminda Suomalainen
8b04c26065
chrony.conf: add a peer comment for LOCALMACHINE.local
2020-10-27 10:35:09 +02:00
Aminda Suomalainen
dc2ac02412
begin depulseaudioing
...
https://wiki.archlinux.org/index.php/PulseAudio/Troubleshooting#No_sound_below_a_volume_cutoff_or_Clipping_on_a_particular_output_device
is too much for me. I expect to suffer this decision too though.
* i3: bind audio buttons to amixer (TODO: there are still pulse-specific
shortcuts and no shortcut for any kind of a mixer. $TERMINAL
alsamixer?)
* i3status: comment pulse to make it see alsa
* apt: pin pulseaudio to negative priority
2020-10-26 17:21:39 +02:00
Aminda Suomalainen
9b197cbaed
chrony.conf: add a local server example
2020-10-26 07:34:10 +02:00
Aminda Suomalainen
258cf72ccb
chrony.conf: mark Cloudflare as a pool of 2
2020-10-25 19:46:36 +02:00
Aminda Suomalainen
9ae9856c0a
chrony.conf: mark Snopyta & Telia as pools with maxsources 3
2020-10-25 18:54:53 +02:00
Aminda Suomalainen
51080f52d8
chrony.conf: add comments on allowing lan access
2020-10-25 17:43:07 +02:00
Aminda Suomalainen
b4ca31e6c6
chrony.conf: add DNA & Telia NTP servers
...
Resolves : #83
2020-10-25 17:22:59 +02:00
Aminda Suomalainen
4cebe7fbd5
chrony.conf: list NTP servers
...
Ref: #83
2020-10-25 12:44:53 +02:00
Aminda Suomalainen
993759577e
Bind systemd-resolved to Unbound
2020-10-25 09:05:07 +02:00
Aminda Suomalainen
73f273f4bb
etc/chrony: add small chrony.conf notes
2020-10-24 11:32:07 +03:00
Aminda Suomalainen
d3e00fb1a3
xdg-applications: add firejailed appimage of chatterino
2020-10-24 09:11:14 +03:00
Aminda Suomalainen
1e70d7d4d7
etc/systemd-resolved&unbound: add Quad9 ECS configs
...
Untested. The last time I saw the documentation, they didn't mention
DoT.
2020-10-21 17:09:20 +03:00
Aminda Suomalainen
1467454284
hosts.append: prepend empty line
...
It makes it easier to see where this begins in the appended /etc/hosts
2020-10-21 15:18:03 +03:00
Aminda Suomalainen
de7184794a
etc: add hosts.append for appending into hosts for systemd-resolved
2020-10-21 15:16:56 +03:00
Aminda Suomalainen
ca4c85b7df
etc/resolv.csv: add Quad9 ECS
...
The DoT address is guessed and verified to be open through nmap, as it's
not documented, I don't know surely that it's what it should.
DoH is mentioned in https://www.quad9.net/doh-quad9-dns-servers/
via https://gitlab.com/nitrohorse/ios14-encrypted-dns-mobileconfigs/-/issues/6
2020-10-18 11:11:27 +03:00
Aminda Suomalainen
cb5781044c
resolv.conf: add OpenDNS Family
2020-10-03 14:56:52 +03:00
Aminda Suomalainen
5f9cf10c68
resolv.csv: add Cleanbrowsing
2020-10-03 14:07:41 +03:00
Aminda Suomalainen
531abc1f42
resolv.csv: fix Cloudflare DoT address
2020-10-03 13:49:04 +03:00
Aminda Suomalainen
96d19d99cb
resolv.csv: add Cloudflare family, fill CF antimalware IPv6
2020-10-03 13:46:13 +03:00
Aminda Suomalainen
8241d0e695
resolv.csv: add AdGuard Family
2020-10-03 13:42:05 +03:00
Aminda Suomalainen
ae533261ab
etc/resolv.csv restore Firefox addresses
2020-10-03 13:38:31 +03:00
Aminda Suomalainen
13a03812ba
resolv.conf: move resolvers to resolv.csv
2020-09-27 15:05:53 +03:00
Aminda Suomalainen
31a15a9abc
systemd-resolved & unbound: update AdGuard IPs
...
Resolves : #81
2020-09-27 14:34:54 +03:00
Aminda Suomalainen
09d7a87dfb
fix zaldaryn-r8168?
2020-09-03 19:39:34 +03:00
Aminda Suomalainen
6c2475676c
unbound.conf.d/dot-adguard.conf: fix SNI domain
2020-08-30 16:56:51 +03:00
Aminda Suomalainen
edb259b1c8
unbound.conf.d: add dot-adguard.conf
2020-08-30 16:45:35 +03:00
Aminda Suomalainen
cc965d4692
blocklist.conf: add empty line & incoming.telemetry.mozilla.org
2020-08-22 23:31:54 +03:00
Aminda Suomalainen
263f828550
unbound blocklist: add ssl.google-analytics.com
2020-08-20 19:30:47 +03:00
Aminda Suomalainen
94eace15e7
unbound/blocklist.conf: specify it's server clause
...
Introduced by e4d18d47c5
2020-08-20 18:38:37 +03:00
Aminda Suomalainen
cabf7c570d
blocklist.conf: add [www.]google-analytics.com.
2020-08-20 18:33:51 +03:00
Aminda Suomalainen
b5cafdeb90
unbound: the mass file is not a good idea? cut it?
2020-08-16 12:18:07 +03:00
Aminda Suomalainen
e4d18d47c5
etc/.../unbound.conf: update for 1.11.0-1+
2020-08-15 10:27:50 +03:00
Aminda Suomalainen
cf8dc85ec0
systemd/timesyncd.conf.d: add cloudflare.conf
2020-08-09 10:51:36 +03:00
Aminda Suomalainen
82cf5e7742
systemd/resolved.conf.d: add generic NextDNS confs
2020-08-09 00:07:06 +03:00
Aminda Suomalainen
c3f9205610
resolv.conf: fix nextdns addresses
2020-08-09 00:03:13 +03:00
Aminda Suomalainen
bbbe4a2f04
resolv.conf: add Firefox DoH resolvers
...
Excluding Comcast
2020-08-08 20:06:39 +03:00
Aminda Suomalainen
f58ba9424e
resolv.conf: more notes, hilight systemd-resolved, add DoH addresses
2020-08-08 19:44:08 +03:00
Aminda Suomalainen
ca25fa1a66
sources.list: rm 16.04.archive.ubuntu.com
...
I don't see enough difference compared to ubuntu.
Resolves : #78
2020-08-07 15:58:54 +03:00
Mikaela Suomalainen
0be7388798
sources.list: add ubuntu
...
Resolves : #77
2020-08-07 10:40:22 +03:00
Aminda Suomalainen
73fb88e11d
systemd-resolved.conf.d: everywhere -> 00-everywhere
2020-07-24 12:16:31 +03:00
Aminda Suomalainen
8af19aab5e
resolv.conf: link to Mullvad issue while at it
2020-07-23 23:28:14 +03:00
Aminda Suomalainen
99cda3d7ed
resolv.conf: add a missing word
2020-07-23 23:27:37 +03:00
Aminda Suomalainen
7da5babc43
resolv.conf: add missing empty line
2020-07-23 22:59:53 +03:00
Aminda Suomalainen
d3e1aaee30
resolv.conf: more systemd-resolved info
2020-07-23 22:52:32 +03:00
Aminda Suomalainen
6289837766
resolv.conf: note the systemd-resolved files
2020-07-23 22:43:04 +03:00
Aminda Suomalainen
a8e9d7d81f
etc/resolv.conf: add option trust-ad
2020-07-20 23:11:55 +03:00
Aminda Suomalainen
69f55cd724
systemd/resolved: adguard-strict -> adguard-dot
2020-07-18 14:05:36 +03:00
Aminda Suomalainen
550b68d149
etc/systemd/resolved: add [adguard,cloudflare}-strict.conf
...
I am not actually using either though and I am not sure if I will,
but maybe they are nice to have as a backup here just in case.
2020-07-18 02:20:56 +03:00
Aminda Suomalainen
b3cb953b9c
systemd/resolved: add a comment to everywhere.conf too
...
as every other file explains who it is for, why not this
2020-07-04 19:09:26 +03:00
Aminda Suomalainen
0ae22081a0
etc/systemd-resolved: rework all files more or less
...
* explain things in README.md, don't duplicate comments
* opportunistic-insecure.conf should be used everywhere by default, so
thus it's now everywhere.conf. However I am yet to test it does what
I expect, so this is bad case of testing in production or after
committing it in general.
2020-07-04 19:06:18 +03:00
Aminda Suomalainen
7a73088beb
systemd/resolved.conf.d/quad9*.conf: enable SNI
2020-06-26 12:22:09 +03:00
Aminda Suomalainen
bce9af0edd
resolved.conf: add quad9-compat.conf
2020-06-26 12:22:09 +03:00
Mikaela Suomalainen
507b9b15c7
etc/containers: add registries.conf example
...
linking to source, it seems to be enough to get started with podman
2020-05-27 11:01:08 +03:00
Mikaela Suomalainen
856085bd74
ssh_config: document ForwardAgent and ForwardX11...
...
...Previously they were no without explanation, but it never hurts to
explicitly have comments on not doing that, I didn't quickly find
anything nice for ForwardAgent, but I remember the Matrix.org people
somehow avoiding hearing it and ForwardX11 first result was that
StackExchange.
2020-05-22 14:36:26 +03:00
Mikaela Suomalainen
d8d48508bd
ssh_config: update comments, add Includes
...
Resolves : #69
2020-05-22 14:29:37 +03:00
Aminda Suomalainen
c2c27c8adb
local: add firejail-appimage-patchwork.desktop
2020-05-08 18:14:42 +03:00
Aminda Suomalainen
5226399637
grub.d: add quiet.cfg to remind me to not remove it
2020-04-08 19:24:22 +03:00
Aminda Suomalainen
1e08997ad5
etc/sources.list: add (Debian's) experimental
2020-03-30 18:12:16 +03:00
Aminda Suomalainen
6f2f986d2f
etc/fahclient/config.xml: let the slider be MEDIUM
2020-03-30 09:16:32 +03:00
Aminda Suomalainen
d1fc83913b
systemd/user: add ipfs, transmission-daemon (from system)
2020-03-30 08:42:06 +03:00
Aminda Suomalainen
b2dac44a64
etc: add fahclient/config.xml
2020-03-30 08:35:56 +03:00
Aminda Suomalainen
d39ec4ccfe
grub.d/oldifnames.cfg: update comment
...
I seem to be using it in multiple systems so I cannot say I don't
recommend it, when it's understood.
2020-03-29 15:12:00 +03:00
Aminda Suomalainen
53944a0673
grub.d: add forcefsck.cfg
2020-03-29 15:11:48 +03:00
Aminda Suomalainen
b217baaec9
systemd/system: update syncplay-server.service
...
It never got the TLS flag apparently
2020-03-27 18:02:34 +02:00
Aminda Suomalainen
d71357613f
apt/preferences.d/limit-unstable: add unstable-debug repo
...
It may be unhelpful to have debug symbols getting pulled from Unstable
while using packages from Testing or even Stable.
2020-03-21 16:40:00 +02:00
Aminda Suomalainen
9d70aa8119
org.signal.Signal.desktop: rename to Signal Tray
2020-03-09 09:35:19 +02:00
Aminda Suomalainen
8fc2d8905c
etc/nginx/README.md: add future warning
2020-03-07 21:08:57 +02:00
Aminda Suomalainen
64d5fef6f3
ipfs.service: point to the new meta issue
2020-02-29 18:03:32 +02:00
Aminda Suomalainen
b125fc1804
etc/systemd/resolved.conf.d: general.conf -> opportunistic-insecure.conf
2020-02-21 19:03:56 +02:00
Aminda Suomalainen
60cac14929
etc: add multi-user.cfg
2020-02-18 01:42:27 +02:00
Aminda Suomalainen
585266bc28
update pomotroid.desktop & add ipfs-desktop.desktop
...
Pomotroid now stores data
2020-02-13 20:17:39 +02:00
Aminda Suomalainen
a3d7b0af22
etc/default/grub.d/lockdown.cfg: notes + lockdown=integrity comment
2020-02-13 02:03:52 +02:00
Aminda Suomalainen
b770e356cb
etc/default/grub.d: add lockdown.cfg
2020-02-13 01:17:39 +02:00
Aminda Suomalainen
60899ca667
etc/sysctl.d: add kernel.yama.ptrace_scope = 1
2020-02-12 22:36:17 +02:00
Aminda Suomalainen
3e325cca03
etc/sysctl.d: add 00-local-userns.conf with warnings/rant
2020-02-12 22:00:11 +02:00
Aminda Suomalainen
bd6488e0ed
etc/default/grub.d: nouveau.cfg -> itwjyg.cfg + more modules
2020-02-10 17:54:47 +02:00
Aminda Suomalainen
fafc6fad62
etc/xdg/autostart: add pomotroid.desktop
...
Resolves : #50
2020-02-09 20:36:56 +02:00
Aminda Suomalainen
1a8c6fcd24
merge local/share/applications & etc/xdg/autostart
2020-02-09 20:35:54 +02:00
Aminda Suomalainen
ee0038c568
add /etc/network/interfaces.d/eth0
2020-02-09 14:53:56 +02:00
Aminda Suomalainen
8472ffa7cd
NetworkManager: add manage-ifupdown.conf
2020-02-09 14:53:01 +02:00
Aminda Suomalainen
9177966264
etc/default/grub.d: -supposedly & modprobe r8168
2020-02-09 14:50:43 +02:00
Aminda Suomalainen
da2f090f56
logind.conf.d/lidclose.conf: mention systemd-rfkill, ref: #51
2020-02-03 22:41:47 +02:00
Aminda Suomalainen
d54ec98f99
NM/iwd.conf: add missing line (enable --now iwd)
2020-02-03 21:40:11 +02:00
Aminda Suomalainen
d8740f54e1
NetworkManager/conf.d: add iwd.conf for replacing wpa_supplicant
2020-02-03 21:15:35 +02:00
Aminda Suomalainen
c0399054bb
etc/systemd/login.conf.d/lidclose.conf: ignore lid close
2020-02-03 19:36:05 +02:00
Aminda Suomalainen
a82e3fd989
etc/NetworkManager: add no-mac-randomizing.conf
2020-01-28 23:12:54 +02:00
Aminda Suomalainen
b04c724b5b
etc/default/grub.d: add flags to disable hibernating
2020-01-19 13:47:33 +02:00
Aminda Suomalainen
2168bc47ed
apt/preferences.d: don't consider firefox/jami as badideas
2020-01-12 13:24:11 +02:00
Aminda Suomalainen
86cb1a02dc
etc/xdg/autostart: add com.github.wwmm.pulseeffects.desktop
2020-01-11 22:25:33 +02:00
Aminda Suomalainen
e47568e178
etc/xdg/autostart: add Nextcloud.desktop
2020-01-11 22:24:23 +02:00
Aminda Suomalainen
5c6f66e5fc
etc/apt/preferences.d: add hacks/limit-buster
2020-01-11 22:11:25 +02:00
Aminda Suomalainen
eabd12a26d
etc/apt/preferenced: move not-so-good-ideas to badideas/
2020-01-11 21:43:52 +02:00
Aminda Suomalainen
31c53595f8
etc/apt/preferences.d: add limit-unstable from Wireguard
2020-01-11 21:41:09 +02:00
Aminda Suomalainen
3011004856
NetworkManager/conf.d: add no-resolvconf.conf
2020-01-11 21:05:05 +02:00
Aminda Suomalainen
346d726bb7
NetworkManager/unbound: note unbound-control-setup
2020-01-03 01:52:21 +02:00
Aminda Suomalainen
2df7887dda
NetworkManager/conf.d: add unbound.conf
...
For Unbound which I generally use, even while it requires dnssec-trigger
2020-01-02 15:32:50 +02:00
Aminda Suomalainen
6ae87b6de8
etc/default/grub.d: add oldifnames.cfg
...
see comments of the file for reason
2019-12-30 16:24:42 +02:00
Aminda Suomalainen
05ffc40c7d
xdg/autostart: add Mullvad-VPN gui
2019-12-28 19:27:52 +02:00
Aminda Suomalainen
a6c5902c08
etc/default/grub: add random.trust_cpu=on
...
Possibly some help to boot time entropy exhaustion, but it may have been
enabled by default already.
2019-12-27 19:46:30 +02:00
Aminda Suomalainen
b1f7177d7f
etc/xdg/autostart: add dino & jami
2019-12-24 16:58:45 +02:00
Aminda Suomalainen
4e640e3d50
etc/xdg/autostart: add Riot & -many to Telegram
2019-12-23 12:49:05 +02:00
Aminda Suomalainen
bc46ad3119
torrc-client: add port 9119 for http
2019-12-23 12:48:33 +02:00
Aminda Suomalainen
0c4bacc1ca
etc/xdg/autostart: add Gajim & Signal
2019-12-21 18:54:02 +02:00
Aminda Suomalainen
7541d93206
dns-over-tls.conf: update BlahDNS-JP addresses
2019-12-01 12:48:02 +02:00
Aminda Suomalainen
10b1b8ad86
unbound/dot: fix outdated comment
2019-11-03 00:49:19 +02:00
Aminda Suomalainen
7b2c1568d1
unbound/dns-over-tls.conf: replace BlahDNS CH with FI
...
Shutting down on December 31th https://blahdns.com/
2019-11-03 00:15:59 +02:00
Aminda Suomalainen
4e93c66d67
systemd/resolved.conf.d/quad9: expand on versions
2019-11-02 18:37:12 +02:00
Aminda Suomalainen
d062d6675c
unbound/blacklist.conf: Riot has fixed it's habits
...
Integration manager and identity server can be configured in settings
2019-10-16 15:01:48 +03:00
Aminda Suomalainen
5a1ed609ed
update etc/xdg/autostart/README.md
2019-10-12 19:02:45 +03:00
Aminda Suomalainen
64934af736
etc/xdg/redshift: add icon & chmod +x
2019-10-12 19:02:27 +03:00
Aminda Suomalainen
a79e9d3c21
etx/xdg/auostart: add com.wire.WireDesktop & telegramdesktop
2019-10-12 19:00:58 +03:00
Aminda Suomalainen
a482390118
etc/xdg/autostart: deprecate unnecessary ones
2019-10-12 18:46:23 +03:00
Aminda Suomalainen
1e636a65af
unbound/dns-over-tls.conf: enable BlahDNS over Yggdrasil
2019-10-08 20:52:41 +03:00
Aminda Suomalainen
077b1a7679
etc/NetworkManager: move relevant parts to conf.d/
...
I have no idea when I have previously looked into those two files (git
history would probably tell me), but I don't think they make much sense,
while the important parts can be cut into conf.d/ and applied
individually as needed.
2019-10-04 20:18:32 +03:00
Aminda Suomalainen
16e66010a2
etc/NetworkManager: add conf.d and cp from Itwjyg
...
Strangely Itwjyg is a special case system where I need systemd-resolved
and its opportunistic DNSSEC/DoT. I also accidentally forgot
dns-none.conf (then dns.conf) there, but systemd-resolved.conf appears
to have overridden it, so it was fine and I have now removed the extra
one.
2019-10-04 20:10:27 +03:00
Aminda Suomalainen
cb79fa283a
apt/preferences.d/firefox: add l10n
2019-09-24 21:57:54 +03:00
Aminda Suomalainen
f1b6101afd
apt/preferences.d: pin firefox[-esr] from sid
2019-09-24 21:46:13 +03:00
Aminda Suomalainen
bda94cac72
etc/nginx: remove / from the proxies
...
while I still remember
2019-09-18 17:40:00 +03:00
Aminda Suomalainen
ee03a773c0
apt/preferences.d: add jami
2019-09-17 17:22:15 +03:00
Aminda Suomalainen
bc9848185d
i2pd: increase tunnel lengths to 2 in hope of better NAT evading
2019-09-15 14:40:44 +03:00
Aminda Suomalainen
b3dc6ced51
systemd: initial i2pd.service & .d/override.conf
...
Begins #38
2019-09-15 13:52:57 +03:00
Aminda Suomalainen
b614486427
etc/nginx: more modern working configs from Relpda
2019-09-13 16:32:01 +03:00
Aminda Suomalainen
0ca2718569
unbound/blocklist.conf: use always_nxdomain, remove publicbt.com
2019-09-10 21:27:23 +03:00
Aminda Suomalainen
01cd9e7b45
etc/fstab: notes on encryption, tmpfs, cleanup
2019-09-10 00:21:48 +03:00
Aminda Suomalainen
541a4a4f15
etc/i2pd/tunnels.conf.d: add yggdrasil-in.conf
2019-09-09 14:40:09 +03:00
Aminda Suomalainen
0c70f41afc
unbound/blocklist: uncomment vector.im, add use-application-dns.net
...
* Vector.im is the identity server that gets restored by itself and I
don't seem to ever have any business to Vector.im website, while
the other domains I need to visit at times.
* use-application-dns.net being NXDOMAIN tells Firefox to not send
traffic to Cloudflare DoH. I thought of this when I saw the news and
got courage to actually do this after seeing that DNSCrypt-proxy also
does so.
2019-09-07 14:42:15 +03:00
Aminda Suomalainen
91025d7129
etc/default/grub.d: merge mds.cfg into mitigations.cfg
...
Ref: #33
Still missing documentation/comments
2019-09-06 12:38:42 +03:00
Aminda Suomalainen
f4f8b3f529
grub.d/{mitigations,nosmt}.cfg: initial commit
...
TODO: documents
Ref: #34
2019-09-06 01:17:32 +03:00
Aminda Suomalainen
47c7a3aca2
grub.d: add default-windows.cfg
...
Resolves : #33
2019-09-04 12:00:57 +03:00
Aminda Suomalainen
4b214b0e0f
etc/default/grub.d: add nouveau
2019-09-04 11:40:06 +03:00
Aminda Suomalainen
c91b1b97a9
systemd/system: add unit file for etherpad-lite
...
Closes : #27
2019-08-29 13:10:55 +03:00
Aminda Suomalainen
319ae6c2bf
etc/modprobe.d/blacklist-hdmi-audio.conf: add source
2019-08-29 01:31:32 +03:00
Aminda Suomalainen
9bb1dbb301
etc/modprobe.d: blacklist snd_hda_codec_hdmi
2019-08-29 01:27:40 +03:00
Aminda Suomalainen
3f81f02bfd
etc/default/grub.d/sedric.cfg: acpi_backlight=vendor has no effect
2019-08-26 10:23:41 +03:00
Aminda Suomalainen
06c56bbc78
etc/default/grub.d: add mds.conf for mitigating mds CPU vuln
...
Ref: #22
2019-08-25 20:32:38 +03:00
Aminda Suomalainen
066c42717c
torrc-client: enable ClientPreferIPv6ORPort as my IPv6 works
2019-08-25 18:39:12 +03:00
Aminda Suomalainen
9bcd2d61c7
unbound/*dns64*: add Cloudflare
2019-08-25 18:27:11 +03:00
Aminda Suomalainen
aa2c53349d
unbound/plain-dns64.conf: add Google DNS
2019-08-25 18:21:16 +03:00
Aminda Suomalainen
31aa6066b5
unbound/dns-over-tls.conf: don't mention forwards.conf
...
I renamed it.
2019-08-25 18:17:50 +03:00
Aminda Suomalainen
41644a9b65
unbound: add dns64-over-tls.conf (broken for now)
2019-08-25 18:16:51 +03:00
Aminda Suomalainen
6308c9af72
unbound: clean up plain-dns64.conf (only TREX for now)
2019-08-25 18:09:50 +03:00
Aminda Suomalainen
04658408d4
unbound: rename forwards.conf -> plain-dns64.conf
2019-08-25 18:07:28 +03:00
Aminda Suomalainen
3dc273fbe0
unbound: mention other files of interest in dot & add threads
2019-08-24 12:40:04 +03:00
Aminda Suomalainen
6274ed8e13
unbound/dot: add nic.cz & nixnet
2019-08-24 12:02:26 +03:00
Aminda Suomalainen
5462af3059
unbound/dot: add Lelux.fi
2019-08-24 11:57:42 +03:00
Aminda Suomalainen
7afaa57882
unbound/dot: add Snopyta
2019-08-24 11:55:22 +03:00
Aminda Suomalainen
4e4d19a765
unbound.conf.d/logging.conf: print statistics hourly
2019-08-20 18:05:19 +03:00
Aminda Suomalainen
d7d252f98f
unbound/logging: add statistics printing
2019-08-20 17:41:43 +03:00
Aminda Suomalainen
2c3fe4a5df
unbound: enable IPv6 preferring
2019-08-20 12:49:19 +03:00
Aminda Suomalainen
be7c4185eb
etc/unbound/dns-over-tls: comment Cloudflare
2019-08-20 11:49:37 +03:00
Aminda Suomalainen
56b5b905e2
fix github link, closes #16
2019-08-18 02:05:52 +03:00
Aminda Suomalainen
26624bcd5d
unbound.conf.d: increase TTL to 15 mins from 5
2019-08-17 21:06:01 +03:00
Aminda Suomalainen
d539237fbf
unbound/blocklist.conf: add source
2019-08-17 13:43:11 +03:00
Aminda Suomalainen
057d42bafd
unbound/dns-over-tls.conf: fix typo
2019-08-17 13:40:39 +03:00
Aminda Suomalainen
914fe1d26c
unbound/dot: finish adding providers
...
Ref: #15
2019-08-17 13:37:02 +03:00
Aminda Suomalainen
410a02a968
unbound/dot: add securedns (both), dnswarden (adblock)
2019-08-17 13:23:28 +03:00
Aminda Suomalainen
a5ccd88e70
unbound/dns-over-tls.conf: add server locations
...
Ref: #15
2019-08-17 12:34:03 +03:00
Aminda Suomalainen
596c18c0e0
etc/unbound: add blocklist.conf
...
Closes : #13
2019-08-17 12:16:53 +03:00
Aminda Suomalainen
601bd3ac86
unbound dot: alphabetical order
...
Ref: #15
2019-08-17 00:52:41 +03:00
Aminda Suomalainen
39493f3bf9
unbound dot: move things around
2019-08-17 00:26:36 +03:00
Aminda Suomalainen
b3a7266eb5
unbound.conf.d/dns-over-tls: remove Google
2019-08-17 00:14:41 +03:00
Aminda Suomalainen
c78eecb547
unbound/dns-over-tls: add two port 443 resolvers
2019-08-17 00:10:32 +03:00
Aminda Suomalainen
4de337722e
etc/apt/preferences.d: add testing-debug & rename stable.donotuse
...
Resolves : #124 (see comment)
2019-07-30 01:08:09 +03:00
Aminda Suomalainen
2112575a98
etc/apt/preferences.d: commit dark magic that shouldn't exist
2019-07-30 00:52:32 +03:00
Aminda Suomalainen
a01e53171e
grub.d/sedric.cfg: comment that acpi_osi=Linux doesn't work
2019-07-28 10:45:04 +03:00
Aminda Suomalainen
100d9a7433
dnscrypt-proxy.toml: move cache above & add comments & min cache TTL 300
2019-07-23 16:13:22 +03:00
Aminda Suomalainen
55050ec0e5
cache.conf: increase NXDOMAIN cache size and set min TTL to 300
2019-07-23 15:09:34 +03:00
Aminda Suomalainen
2b8a460b63
etc/unbound: add cache.conf
2019-07-23 12:30:53 +03:00
Aminda Suomalainen
93fa7a003c
etc/default/grub.d: add beep.cfg & sedric.cfg
...
beep.cfg is the default example on getting a beep on grub startup,
sedric.cfg just contains `acpi_osi=` which fixes the hardware keys for
some reason.
2019-07-22 18:56:38 +03:00
Aminda Suomalainen
97006ddf9b
unbound.conf.d/logging.conf: quote the fine manual for unbound.conf
2019-07-22 17:18:53 +03:00
Aminda Suomalainen
222a030cee
unbound/dns-over-tls: note version requirement 1.7.3
...
Debian 9 has 1.6.0 with which I am stuck for now. Debian 10 has 1.9.0
2019-07-22 16:52:07 +03:00
Aminda Suomalainen
29eae6f89a
etc/dnscrypt-proxy: note I run Unbound in front of it
2019-07-22 16:25:21 +03:00
Aminda Suomalainen
eb6315d92f
resolv.conf: add Quad9 and note I am not sure what it tries to be
...
Public DNS resolver with easy address list for emergency?
2019-07-22 16:22:55 +03:00
Aminda Suomalainen
430b9b7bfc
resolv.conf: note local resolver separately from dnscrypt-proxy
2019-07-22 16:17:27 +03:00
Aminda Suomalainen
7b83f84633
unbound/dns-over-tls.conf: add AdGuard DNS
...
I am surprised it actually works with DNSSEC validation enabled
2019-07-22 16:12:09 +03:00
Aminda Suomalainen
ffbbe9e522
unbound: replace forwards.conf with dns-over-tls.conf
...
Simultaneously rm puntcat, their DNS appears to be down at the moment
and I didn't find their own homepage.
2019-07-22 16:05:05 +03:00
Aminda Suomalainen
6ed44de3d1
unbound.conf.d: clarify logging.conf in a comment
2019-07-22 15:27:27 +03:00
Aminda Suomalainen
bb14632b9a
unbound: add another Debian default
2019-07-22 15:16:34 +03:00
Aminda Suomalainen
3b9acff361
etc/unbound add unbound.conf & unbound-control.conf
...
copy-pastes from Debian & Arch Wiki, however unbound-control in status
no as I guess it can be a hole most of time.
2019-07-22 15:14:11 +03:00
Aminda Suomalainen
5569a1129c
unbound.conf.d/dnscrypt-proxy.conf: update for dnscrypt-proxy v2
...
Closes #121
2019-07-22 15:12:49 +03:00
Aminda Suomalainen
fc5fb4d7bd
b6a511d6a63b6b6bb5fc918eae221d3ff062d89f: add comments
2019-07-20 11:37:28 +03:00
Aminda Suomalainen
b6a511d6a6
etc: backup some apt.conf.d & preferences.d files
2019-07-20 11:09:42 +03:00
Aminda Suomalainen
41f44924be
dnscrypt-proxy.toml: note 2.0.24 fastest -> first
2019-07-14 18:36:31 +03:00
Aminda Suomalainen
117801ec9d
dnscrypt-proxy: fix comments
...
Resolves : #120
2019-07-14 18:15:35 +03:00
Aminda Suomalainen
646956b4e0
dnscrypt-proxy.toml: restore Quad9 examples
...
Rbtpzn was using them for some reason and was hitting less errors than
Zaldaryn in as basic test as "apt update", so I guess it's worth having
it included. I think I am mainly leaving it for family devices.
2019-07-14 13:30:29 +03:00
Aminda Suomalainen
a5868f6395
etc/sources.list: update testing for bullseye & add note to stable for it
...
> over the last years we had people getting confused over <suite>-updates
> (recommended updates) and <suite>/updates (security updates). Starting
> with Debian 11 "bullseye" we have therefore renamed the suite including
> the security updates to <suite>-security.
https://lists.debian.org/debian-devel-announce/2019/07/msg00004.html
2019-07-14 12:40:56 +03:00
Aminda Suomalainen
2fe92afa26
etc/apt/sources.list: change keyserver
...
Ref: #119
I am not sure I would advice running that even if it happened to exist.
2019-07-01 11:50:26 +03:00
Aminda Suomalainen
128f1781f3
torrc-client: add MapAddress for PirateIRC & freenode
...
Closes #118
2019-06-30 14:27:20 +03:00
Aminda Suomalainen
a915db9f8a
etc/systemd: tor-services: add ExecReload
...
I am running `systemctl restart tor-client` too often to be comfortable.
2019-06-30 14:11:34 +03:00
Aminda Suomalainen
bf3b91d93a
torrc-client: update from running config
...
Preparation to #118
2019-06-30 13:31:16 +03:00
Aminda Suomalainen
5128e8646a
ipfs.service: use dht routing instead of dhtclient routing
2019-06-11 01:17:22 +03:00
Aminda Suomalainen
85bd70f382
etc/systemd/system/ipfs: important notice for VPS/dedi/etc.
2019-06-11 01:12:28 +03:00
Aminda Suomalainen
6ce553f84e
dnscrypt-proxy: fix cloudflare excluding
2019-06-02 22:30:49 +03:00
Aminda Suomalainen
540798ed17
dnscrypt-proxy: use Socks Authentication
2019-05-22 12:01:34 +03:00
Aminda Suomalainen
b96eb372d0
torrc-client: ensure IsolateSOCKSAuth & add HTTPTunnelPort
2019-05-22 11:58:05 +03:00
Aminda Suomalainen
3eefbaf296
etc/tor/torrc-onehoponion: CookieAuthFile 0
2019-05-17 18:54:34 +03:00
Aminda Suomalainen
7dbafe4a54
resolv.conf: more comments
2019-05-16 15:28:15 +03:00
Aminda Suomalainen
21adba9a02
dnscrypt-proxy.toml: update ~~stories~~ comments
2019-05-15 10:48:11 +03:00
Aminda Suomalainen
e972a47d4a
torrc-client: add SocksPorts and comment on two guards
...
I need unisolated port for dnscrypt-proxy which I fear would otherwise
generate too many circuits which wouldn't even be used and I guess
there is no harm in sending Yggdrasil to a separate port that only has
access to onions which is a port I may sometimes wish I have otherwise
too.
2019-05-15 10:31:47 +03:00
Aminda Suomalainen
95bcf095df
VerifyHostKeyByDNS is supposed to be yes
...
fix previous commit, I imagine I changed it by accident.
2019-05-11 00:58:00 +03:00
Aminda Suomalainen
e634ee8863
ssh_config: update comment for VerifyHostKeyDNS
...
OpenSSH is evil and gives you three not-optimal options to this:
A) trust DNSSEC and don't write known_hosts
B) ask whether to trust DNS, but don't bother telling me if it's signed
C) don't even check SSHFP
I see A) as the least evil, but I wish known_hosts was written.
Alternatively B) should tell me whether there is DNSSEC or not, not
only "matching keys found from DNS" or whatever it says always.
2019-05-09 18:44:36 +03:00
Aminda Suomalainen
9e03598e3f
etc/apt/sources.list: add missing tor+ for Debian
2019-05-09 14:05:54 +03:00
Aminda Suomalainen
0ce3c5f47a
dnscrypt-proxy: adjust sources, add prefixes
2019-05-07 00:55:07 +03:00
Aminda Suomalainen
f978853d11
dnscrypt-proxy.toml: add onion resolvers
2019-05-07 00:23:51 +03:00
Aminda Suomalainen
d2bd2be652
systemd/zeronet.service: use Python 3 & always use Tor
2019-05-05 20:28:14 +03:00
Aminda Suomalainen
d8ba42bdd1
etc/tor: disable control, document enabling for client
2019-05-04 20:41:18 +03:00
Aminda Suomalainen
8e01a42c62
etc: systemd & tor: add tor-onehoponion (and torrc-relay)
2019-05-04 17:26:57 +03:00
Aminda Suomalainen
c726daa62c
etc/tor/torrc-client: add comments
2019-05-04 16:55:08 +03:00
Aminda Suomalainen
b0ef3a18f6
torrc-client: remove deprecated ClientPreferIPv6DirPort comment
...
> The ClientPreferIPv6DirPort option is deprecated, and will most likely be removed in a future version of Tor. It has no effect on relays, and has had no effect on clients since 0.2.8. (If you think this is a mistake, please let us know!)
2019-05-04 16:28:58 +03:00
Aminda Suomalainen
9c8cf613cd
etc/systemd: add tor-client.service & tor: add torrc-client
2019-05-03 12:31:33 +03:00
Aminda Suomalainen
4c2b21bbfa
ipfs.service: add routing note
2019-05-01 23:30:12 +03:00
Aminda Suomalainen
ce84c26bcd
ipfs.service: adapt lowpower profile & mention badgerds
...
If the lowpower option uses values 40 and 20 which are a lot higher than
mine were and considered suitable for laptops and smartphones, I guess
they are the best for me to use and I find content faster.
2019-04-23 13:51:18 +03:00
Aminda Suomalainen
6981481c77
ipfs.service: add options I forgot before
2019-03-26 22:26:25 +02:00
Aminda Suomalainen
3ecfc2473d
ipfs.service: document my IPFS config
...
Closes #111
2019-03-26 22:05:52 +02:00
Aminda Suomalainen
a90243a55a
dnscrypt-proxy.toml: use Quad9 while waiting for disabled_server_names
2019-03-26 10:12:57 +02:00
Aminda Suomalainen
466a7bc2c1
etc/systemd/resolved.conf.d: add some configs
...
These aren't seeing real world usage though as the only host not running
dnscrypt-proxy has too old systemd.
2019-03-25 13:41:23 +02:00
Aminda Suomalainen
f336393db9
systemd preset: enable pcscd for FINEID
2019-02-28 13:00:42 +02:00
Aminda Suomalainen
81fcfb539d
systemd preset: Zaldaryn additions
2019-02-28 12:17:07 +02:00
Aminda Suomalainen
758d4302ac
systemd preset: remove cjdns, enable ssh.service
2019-02-28 12:10:14 +02:00
Aminda Suomalainen
284a50288c
sysctl.d: document privacy extensions & use double # for comments
2019-02-26 20:32:08 +02:00
Aminda Suomalainen
cc0f5db3bd
dnscrypt-proxy: use dns.watch#2 as fallback reslver
...
84.200.70.40
2019-02-25 11:06:49 +02:00
Aminda Suomalainen
07ae3bbef6
etc/sudoers.d/hibernate: allow suspend & change group to plugdev
...
It seemed like a suitable one from the default groups Debian creates.
2019-02-18 20:07:36 +02:00
Aminda Suomalainen
d406334560
systemd preset: enable TTY & cups
2019-02-17 21:07:10 +02:00
Aminda Suomalainen
5fe9477c55
etc/systemd: add ipfs.service & zeronet.service
...
Closes #101
2019-02-12 20:32:40 +02:00
Aminda Suomalainen
993d3f6994
systemd preset: enable yggdrasil-resume
2019-02-08 10:21:14 +02:00
Aminda Suomalainen
0afc716ccf
Partially revert f7fbf35109
...
That was just too evil, especially as the line has moved to my i3wm
config where nothing else I have tried works.
2019-02-04 20:33:31 +02:00
Aminda Suomalainen
518c9fcdaf
i3: add hibernation & sudoers.d: allow passwordless hibernate
2019-01-30 20:12:38 +02:00
Aminda Suomalainen
f7fbf35109
update setxkbmap and hope no one else is using these files
2019-01-30 19:16:45 +02:00
Aminda Suomalainen
d29a0532d2
Debian sources.list: disable http security, use https CDN & Tor
2019-01-23 10:18:35 +02:00
Aminda Suomalainen
d27cc15888
add systemd-preset
2019-01-21 18:41:36 +02:00
Aminda Suomalainen
3e5e55bf75
etc/apt/sources.list: enable Debian debugsym repos
...
It seems that I am always going to enable it sooner or later anyway, so
why woulnd't I have it enabled for quick installing when I do need it?
Example: KDE Connect crashed on login, and asked me to report it, but
the reporter app warned that there is no address to report it and debug
information had one or two stars and said that it's likely bad quality
and I think this is due to missing debug symbols which I then installed.
Naturally after installing them, I am unable to reproduce the issue, but
that is beside the point.
2018-12-19 11:48:32 +02:00
Aminda Suomalainen
5c6c026226
hosts-mikaela.txt: alternative domain for Korsin
2018-12-15 20:57:43 +02:00
Aminda Suomalainen
c80591d9a7
hosts-mikaela.txt: add Korsin
2018-12-15 16:56:36 +02:00
Aminda Suomalainen
08bfdde7c8
etc/dnscrypt-proxy/hosts-mikaela: add two cwinfo servers
2018-12-10 12:10:41 +02:00
Aminda Suomalainen
7695b26abf
etc/dnscrypt-proxy: update README.md
...
The situation has changed a bit and I had forgotten to add links.
2018-12-03 12:22:58 +02:00
Aminda Suomalainen
9be5b35b32
dnscrypt-proxy: use syslog, cert_refresh_delay
...
I happened to wonder about reload times and think that this is nice to
have visible here.
Syslog is used by default and I am expecting it so it probably won't
hurt being visible.
2018-11-29 11:30:28 +02:00
Aminda Suomalainen
b7017d7c50
dnscrypt-proxy: update comments, lb_strategy = p2
...
Removed my weird comment and added refresh_delay to OpenNIC. I am using
p2 instead of ph as per the wiki as apparently they don't consider
balancing queries over multiple services as important as speed, so maybe
I don't have to worry about that either.
2018-11-29 11:23:05 +02:00
Aminda Suomalainen
b6bb15a198
dnscrypt-proxy.toml: add commented OpenNIC
...
It's waiting for me to make up my mind about it and whether or not I
support it. I have mixed feelings/thoughts about it and will need to
read more.
2018-11-27 20:04:12 +02:00
Aminda Suomalainen
2d3b324d9f
dnscrypt-proxy.toml: add mirrors of public-resolvers.md
2018-11-27 20:01:35 +02:00
Aminda Suomalainen
8497d4fb84
dnscrypt-proxy.toml: enable require_nolog
...
Learning that I don't have to specify servers there is a lot more
variety even if I start requiring more things, as Sedric says to
see 33 live servers, I guess dnscrypt servers in general respect
privacy. However I guess I still have to trust on what the servers
say as AFAIK dnscrypt-proxy is only that, a proxy, and won't start
validating dnssec by itself.
2018-11-26 23:43:39 +02:00
Aminda Suomalainen
32b1fd4a9a
dnscrypt-proxy.toml: disable logging & put it where it belongs
2018-11-26 17:01:30 +02:00
Aminda Suomalainen
397821db0a
dnscrypt-proxy: -empty lines +cloaking_rules
...
dn#
2018-11-26 16:53:47 +02:00
Aminda Suomalainen
c8fb2b896a
dnscrypt-proxy.toml: sort the options and add/update/fix comments
...
Now the options that I am more likely to care about or want to adjust
are on the top.
2018-11-26 16:46:30 +02:00
Aminda Suomalainen
eecb4a980d
dnscrypt-proxy: add commented not-socket
2018-11-26 16:12:02 +02:00
Aminda Suomalainen
c3c8a41e43
dnscrypt-proxy.toml: comment server_names
2018-11-26 16:03:02 +02:00
Aminda Suomalainen
c8c342ec68
hosts-mikaela.txt: add tezagm
2018-11-26 15:46:52 +02:00
Aminda Suomalainen
4f99f6ebed
syncplay-server.service: ccxcz's endpoints ExecStart just in case
2018-11-24 20:36:17 +02:00
Aminda Suomalainen
c57d5443ab
add systemd unit for syncplay-server
2018-11-23 17:23:38 +02:00
Aminda Suomalainen
33db566a27
sources.list: Debian updates repo over Tor
2018-11-22 20:39:22 +02:00
Aminda Suomalainen
a47018899d
sources.list: rewrite the Debian ones?
...
Apparently I had been negleceting one important one, if not more.
2018-11-22 20:27:40 +02:00
Aminda Suomalainen
6419ce29fb
sources.list: add Debian onion repos (commented)
2018-11-22 20:00:33 +02:00
Aminda Suomalainen
f050ef9550
sources.list: add Debian debug repos (commented)
2018-11-22 19:34:11 +02:00
Aminda Suomalainen
7983975ba8
etc/apt/sources.list: remove README & scripts
...
They don't reflect what I am doing in reality and I think they possibly
encouraged bad practices, so it's better that they don't exist here.
2018-11-22 19:14:42 +02:00
Aminda Suomalainen
b0c6e5ffb2
hosts-mikaela.txt: add itwjyg
2018-11-15 11:54:49 +02:00
Aminda Suomalainen
6e9af60c0f
hosts-mikaela: add ano & jasan, fix formatting?
2018-11-02 16:02:02 +02:00
Aminda Suomalainen
fd8b734e56
hosts-mikaela: cleanup
2018-11-01 16:15:23 +02:00
Aminda Suomalainen
a15ff2e5dc
more hosts-mikaela.txt updates
...
* add invictus, it's not mine, but neither are roubaix (dnscrypt-proxy
dislikes dashes?) and this file is meant for just my use, so does it
matter what it contains?
2018-10-30 23:39:41 +02:00
Aminda Suomalainen
f27ce8fd82
hosts-mikaela: add roubaix-fr
2018-10-30 16:19:26 +02:00
Aminda Suomalainen
c7ffb18523
hosts-mikaela: add rbtpzn
2018-10-30 09:12:33 +02:00
Aminda Suomalainen
e7d2b312ef
hosts-mikaela: add zaldaryn
...
TODO: add to DNS
2018-10-29 21:40:31 +02:00
Aminda Suomalainen
a83e8dce36
etc/resolv.conf: add dnscrypt-proxy & searches
...
mikaela.internal that I have adopted and I have no idea if I am allowed
to use TLDs here, but I am putting local there anyway.
2018-10-26 22:48:38 +03:00
Aminda Suomalainen
859cc89436
dnscrypt/hosts: adopt .internal
...
At the moment I am having problem with mikaela.info being in HSTS
preload list and when I begun this list, I was hoping to use something
conflict free and thought that mikaela.info would be the least bad
choice while reading the reserver domains.
Now I have searched on the issues more and encountered .internal TLD
that seems to be what I am after and I hope it will become official.
https://github.com/wkumari/draft-wkumari-dnsop-internal
I think I can change these addresses safely as I am not using them
anywhere as I worry about accidentally sending them to the internet and
that opening new problems. This will mainly benefit me with web
browsers, I hope.
I will still have to link other people to direct IPv6 addresses that
won't change with the platforms I use or mikaela.info will not be in the
HSTS preload lists at time I need it. I wouldn't memorize IPv4 addresses
though or start telling them someone in quick chat.
2018-10-26 22:38:59 +03:00
Aminda Suomalainen
5ac7dc9670
hosts-mikaela: add y.silta.piraatit.fi
2018-10-23 11:32:20 +03:00
Aminda Suomalainen
3d6dccbfc0
hosts-mikaela.txt: add y.vietnam.mikaela.info
2018-10-22 18:43:50 +03:00
Aminda Suomalainen
87f4305e71
etc/dnscrypt-proxy: add hosts-mikaela.txt
...
Closes #93
2018-10-18 19:57:00 +03:00
Aminda Suomalainen
534f34a5bc
add override.conf for tor.service for allowing binding to 80/443
...
It took me some time a few days ago to figure out this (and notice that
port 80 was already used by automatically installed Apache that was
doing nothing).
I have understood that ports 443 (Orport) and 80 (Dirport) are the best
for users behind strict firewalls especially if they aren't needed for
anything else on the system running Tor relay.
2018-10-12 23:10:48 +03:00
Aminda Suomalainen
492cac7158
Revert "ssh_config: controlpersist auto instead of on"
...
This reverts commit 330e8a80ad
.
I got complaining about bad value
2018-10-11 13:45:31 +03:00
Aminda Suomalainen
fa007ee830
dnscrypt-proxy: add quad9 nofilters, lb ph
...
See that #92
2018-10-09 14:08:38 +03:00
Aminda Suomalainen
5d2b138b3e
dnscrypt-proxy: more thinking for #92
...
* Comment that the fastest server is automatically picked.
* Explicitly don't filter AAAA requests.
* Require provider to not do filtering
* which is implied by DNSSEC which would get broken.
* Use Google DNS B as fallback resolver and explain what it does in
comment.
* Add commented options for using Tor.
2018-10-08 20:43:30 +03:00
Aminda Suomalainen
4e52673b7d
etc: rm -r polipo/
...
Polipo is no longer maintained and it seems that I am doing the same
thing with Privoxy except censoring accept-language which I need to
investigate. I think Privoxy warned about changing headers possibly
making ones fingerprint more unique and thus trackable? But aren't those
also going inside https so maybe there is no point?
2018-10-08 20:27:17 +03:00
Aminda Suomalainen
d1151aaf8c
etc/systemd: rm -r dnscrypt/
...
Dnscrypt-proxy appears to handle multiple servers by itself nowadays and
does it in the config file. The servers listed may also be down.
Ref: #92 where I remembered these files still being here.
2018-10-08 20:25:09 +03:00
Aminda Suomalainen
44cbf89582
etc/dnscrypt-proxy: prefer CF-v6, add G, fallback OpenDNS
...
This still needs more thinking... #92
2018-10-08 20:18:48 +03:00
Aminda Suomalainen
44ac6ff573
resolv.conf: add single-request-reopen to options
...
It's in dnscrypt-proxy documentation for putting into resolv.conf
2018-10-07 21:20:41 +03:00
Aminda Suomalainen
330e8a80ad
ssh_config: controlpersist auto instead of on
...
just in case that would be used for tracking and hoping that SSH is
clever enough.
2018-10-07 21:12:08 +03:00
Aminda Suomalainen
b8bda9cf49
ssh_config: use more private ControlPath
2018-10-07 20:54:41 +03:00
Aminda Suomalainen
ae04839807
add etc/dnscrypt-proxy.toml (WIP!)
2018-10-07 13:45:45 +03:00
Aminda Suomalainen
63027a97a7
etc/privoxy/config: example to Torify everything
2018-10-06 16:41:20 +03:00
Aminda Suomalainen
06d5ff55d0
etc/systemd/system: add cjdns/
2018-10-05 13:27:35 +03:00
Aminda Suomalainen
35f12ae35c
etc/privoxy/config: toggle 0, buffer-limit 51200
2018-10-03 16:18:27 +03:00
Aminda Suomalainen
c2fda6d7fc
etc/privoxy: add minimalistic config
2018-10-03 13:37:52 +03:00
Aminda Suomalainen
930be20983
etc/sources.list/: use https://deb.debian.org
...
Apparently they have deprecated httpredir while I wasn't looking.
2018-09-20 13:39:51 +03:00
Aminda Suomalainen
55018ef7ef
etc/sources.list: remove Debian codenames
2018-09-20 13:37:32 +03:00
Aminda Suomalainen
b2f590f357
etc/sources.list: rm EOL distributions
2018-09-20 13:35:59 +03:00
Aminda Suomalainen
4877b2e45b
etc/resolv.conf: add notes for nm-connection-editor
2018-08-10 17:18:33 +03:00
Aminda Suomalainen
9f13a96513
sources.list: add 18.04 (copy from 16.04)
2018-04-30 17:25:48 +03:00
Aminda Suomalainen
446c5c14ab
sysctl: don't touch vm.swappiness
...
I think my distribution is more capable of choosing a reasonable value
and I am not confident in understanding it enough.
2018-04-20 12:32:46 +03:00
Aminda Suomalainen
537fc06dd7
etc/resolv.conf: update based on note to self
...
I have no idea why I even have this file :(
I guess the number four has something to do with Windows as resolv.conf
actually doesn't take more than three, am I preparing for situation
where there is no network, but ISP DNS is down or something? Why? When has
that actually happened?
2018-04-19 14:46:25 +03:00
Aminda Suomalainen
73d3d51377
move compose key to menu (from lwin)
...
Closes #90
2017-09-18 22:06:11 +03:00
Aminda Suomalainen
36b1544606
dnsmasq: I don't care about breaking OpenDNS
...
OpenDNS should care about breaking me.
2017-01-12 12:54:52 +02:00
Aminda Suomalainen
61296f1cea
NetworkManager: mess .conf more, add .conf.arch
2016-12-14 12:04:35 +02:00
Aminda Suomalainen
d17a1d936b
NetworkManager: add dnsmasq.d/mikaela.conf
...
I want DNSMasq to behave a little differently from the NetworkManager
defaults.
The default cache size of 150/400 seems a little small and 10 000 probably
won't be full soon and I am sure modern systems at least at home where I
am using dnsmasq again won't suffer from it.
By default dnsmasq started by NEtworkManager only listens on 127.0.0.1
while ::1 also exists, I want it to be also listened on in case anything
decides to try querying with it.
DNSSEC is not checked by default while I want that behaviour, but as I
am using OpenDNS I cannot make it verify unsigned zones are unsigned :(
Also add symlink to trust-anchors.conf that should ship with DNSSEC to
avoid having to deal with it manually. It should work as a reminder that
it's also needed.
2016-12-14 11:54:48 +02:00
Aminda Suomalainen
1ba8dd4137
systemd: snapd.refresh.service override
...
It fails on laptops thanks to not being able to do DNS resolution thanks
to network connection not existing during boot.
Now it fails to `Download snap "ubuntu-core" (423) from channel "stable"
(cannot authenticate to snap store: Provided email/password is not
correct.)` which is process and appears to not be my issue.
2016-12-13 19:30:32 +02:00
Aminda Suomalainen
56de53ee30
systemd: only override issues with stock units
...
Only oidentd.socket and miredo.service were copied instead of being
units that exist in the system and they don't need to do anything
else than fix the issue I have with the stock units.
* oidentd.socket is IPv6-only on my systems unless is BindIPv6Only=both.
because of net.ipv6.bindv6only=1
* miredo.service is here because it starts before there is network
connection (network-online.target) and there is never network
connection with laptops before they are connected to WLAN even if
NetworkManager might be up seeking/connecting to network.
2016-12-13 19:22:26 +02:00
Aminda Suomalainen
0925e0d23e
somewhat rewrite etc/resolv.conf
2016-12-08 11:13:22 +02:00
Aminda Suomalainen
2151d9b602
etc/resolv.conf: add commented OpenDNS just in case
...
And possibly helpful comments, I wish they started doing DNSSEC.
2016-11-29 10:44:25 +02:00
Aminda Suomalainen
314a03ee24
sysctl: increase vm.swappiness to 10
2016-07-25 17:01:12 +03:00
Aminda Suomalainen
299b5ce108
redshift: use coordinates of Lauttasaari
2016-05-17 21:28:43 +03:00
Aminda Suomalainen
6b6cefb9cd
export XCURSOR_DISCOVER=1
...
Workarounds invisible cursor issue and I think it doesn't hurt even when
that issue isn't encountered.
2016-04-15 21:15:06 +03:00
Aminda Suomalainen
e99cffb130
sources.list: 16.04.archive.ubuntu.com
...
This shouldn't be used, but this is the only working way through "hash
sum mismatch".
2016-04-14 09:05:38 +03:00
Aminda Suomalainen
f91e9c6a2b
ydns-simple --> ydns6
2016-04-11 15:34:28 +03:00
Aminda Suomalainen
bdc742b728
NetworkManager.conf: add captive portal check
2016-03-31 15:41:37 +03:00
Aminda Suomalainen
070f879946
etc/xdg/autostart: add chromium & chrome
2016-03-15 11:13:23 +02:00
Aminda Suomalainen
36b99e8679
sysctl: enable Magic SysRq key
2016-03-03 16:12:33 +02:00
Aminda Suomalainen
f2451906ce
etc/NetworkManaer/NetworkManager.conf
2016-02-04 12:00:25 +02:00
Aminda Suomalainen
c772dd308f
sysctl.d: 40-ipv6.conf
2016-02-04 11:45:03 +02:00
Aminda Suomalainen
9a662594d2
Fix #87 (explain ssh_config UseRoaming no)
2016-01-14 20:37:51 +02:00
Aminda Suomalainen
bbfb63dabd
unify the two ssh_config files (fix typos)
2016-01-14 16:59:18 +02:00
Aminda Suomalainen
9d5db7ee3c
ssh_config: add "UseRoaming no"
...
https://twitter.com/msfriedl/status/687635945642967040
2016-01-14 16:47:30 +02:00
Aminda Suomalainen
e80dbd29fe
etc/nginx/host: enable http2
2016-01-13 12:05:35 +02:00
Aminda Suomalainen
d903ba5985
sshd_config: no instead of No
...
Permitrootlogin had it for some reason and Jolla's sshd didn't like it.
2016-01-06 10:17:33 +02:00
Aminda Suomalainen
f1817f4014
sources.list: I don't maintain devel
2015-12-28 14:50:21 +02:00
Aminda Suomalainen
c0503fab51
sources.list/ubuntu: fix apt-key command
2015-12-28 14:48:31 +02:00
Aminda Suomalainen
fb9961be7b
unbound.d/logging.conf: I need verbosity 2
...
1 doesn't seem to tell me when things start randomly failing.
2015-12-18 11:37:47 +02:00
Aminda Suomalainen
8804f7e9f6
etc/unbound/unbound.conf.d: logging.conf
...
Logging to systemd-journald (journalct) with verbosity 1.
2015-12-18 09:52:18 +02:00
Aminda Suomalainen
a187ae584d
profile: numlockx on
2015-12-15 20:06:23 +02:00
Aminda Suomalainen
2dce923a56
etc/apt/sources.list: commented Ubuntu MATE
2015-12-15 18:11:50 +02:00
Aminda Suomalainen
8342c97bc2
git rm 15.04
2015-12-15 18:07:34 +02:00
Aminda Suomalainen
9431381b93
sources.list: add Ubuntu 16.04
2015-11-06 09:14:27 +02:00
Aminda Suomalainen
f58977d151
unbound forwards.conf: add commented trex dns64
2015-10-26 08:58:36 +02:00
Aminda Suomalainen
50d27ca7b6
etc/xdg/autostart: add clipit
2015-10-25 14:30:42 +02:00
Aminda Suomalainen
4257dcfb37
etc/xdg/autostart/redshift: add comment on Kotka
2015-10-25 14:27:06 +02:00
Aminda Suomalainen
2154ee9b01
etx/xdg/autostart: cleaning
2015-10-25 14:26:24 +02:00
Aminda Suomalainen
a5ca47e88d
nginx: X-Xss-Protectio & -Content-Type-Options
...
via https://securityheaders.io/ via znc/znc#1168
2015-10-25 09:18:34 +02:00
Aminda Suomalainen
47eac3b6eb
sources.list README: add wget method
2015-10-17 14:31:48 +03:00
Aminda Suomalainen
650829aea9
nginx: add Upgrade Insecure Requests
...
http://caniuse.com/#feat=upgradeinsecurerequests
2015-09-23 17:50:11 +03:00
Aminda Suomalainen
02f4f2f0d4
profile.d/mikaela.sh: set TZ to $(date +%Z)
...
Also remove the commented Steam thing as it's Antergos-only issue.
2015-09-13 10:46:38 +03:00
Aminda Suomalainen
c42ae8eb43
ssh: also send EDITOR
2015-09-12 11:45:42 +03:00
Aminda Suomalainen
fdf8255372
ssh: send/accept also TZ TERM
2015-09-12 11:42:44 +03:00
Aminda Suomalainen
0f00443a7b
sshd_config: mention the LC_ALL anyway
...
my config files are horrible, too many comments.
2015-09-06 18:42:36 +03:00
Aminda Suomalainen
96ca38818f
sshd_config: don't talk so much about locales
2015-09-06 18:40:02 +03:00
Aminda Suomalainen
801e3e0941
sshd_config: AcceptEnv LANG, LANGUAGE LC_*
...
but not LC_ALL and there is no asterisk, the varibles are allowed
separately. It's very unlikely that someone invents a new locale type.
2015-09-06 18:36:48 +03:00
Aminda Suomalainen
a3d5fbd9d7
sshd_config: http://serverfault.com/a/660325
2015-09-06 18:27:50 +03:00
Aminda Suomalainen
a0352630fd
sshd_config: verbose logging of sftp
2015-09-06 17:37:34 +03:00
Aminda Suomalainen
8d55bc53db
sshd_config: use internal sftp & fixes
...
thanks again @grawity
2015-09-06 17:20:12 +03:00
Aminda Suomalainen
c82b706942
fix 7470403158
...
thanks @DarthGandalf and @grawity on #znc
2015-09-06 17:13:21 +03:00
Aminda Suomalainen
7470403158
sshd_config: add Fedora & Gentoo sftp-server
...
thanks Conjuro and @DarthGandalf on #znc
2015-09-06 17:09:55 +03:00
Aminda Suomalainen
774346c8d0
fix sshd_config
2015-09-06 08:42:29 +03:00
Aminda Suomalainen
68c6da5aec
ssh_config: fix comments
2015-09-06 08:15:17 +03:00
Aminda Suomalainen
dc9f8b0ab5
sort sshd_config
2015-09-06 08:12:41 +03:00
Aminda Suomalainen
c3f351d21f
sshd_config: add commented AcceptEnv
...
and reason why it's commented, security, ShellShock worked with remotely
sent environent variables even with restricted accounts.
2015-09-06 07:33:32 +03:00
Aminda Suomalainen
90c86466dd
ssh_config: also sendenv LANGUAGE
2015-09-06 07:30:41 +03:00
Aminda Suomalainen
6fc4b6a29b
ssh_config: add missing dot
2015-09-05 23:50:31 +03:00
Aminda Suomalainen
28c2f0b8d8
ssh_config: SendEnv LANG LC_*
2015-09-05 23:46:00 +03:00
Aminda Suomalainen
c50516ced3
etc/xdg/autostart: add redshift-gtk
2015-09-05 22:57:45 +03:00
Aminda Suomalainen
c2b93abe27
relevant systemd services: after network-online
2015-09-05 09:07:41 +03:00
Aminda Suomalainen
bd3ee60e61
ssh_config: fix paste fail
2015-09-02 08:33:02 +03:00
Aminda Suomalainen
66f604a6dd
ssh_config: add UpdateHostKeys yes
2015-09-02 08:15:16 +03:00
Aminda Suomalainen
c05b52354f
sshd_config: restore Client*
...
I am sure I committed them already, but they have disappeared somewhere.
Maybe I accidentally overwrote them.
2015-09-01 17:37:33 +03:00
Aminda Suomalainen
888686ef48
etc/ssh/copy: add verbosity
2015-09-01 17:32:56 +03:00
Aminda Suomalainen
c2c0c4fa08
etc/ssh: add copy script
2015-09-01 17:31:42 +03:00
Aminda Suomalainen
25bf96e30a
ssh_config: my ssh key is not system-wide
2015-09-01 17:16:37 +03:00
Aminda Suomalainen
96dfc06668
ssh_config: remove unrelated comments
2015-09-01 17:06:33 +03:00
Aminda Suomalainen
defa0b9df1
etc/ssh: add ssh_config
2015-09-01 16:48:27 +03:00
Aminda Suomalainen
4cdf8dfe71
sshd_config: add ClientAliveCountMax ClientAliveInterval
2015-09-01 16:40:56 +03:00
Aminda Suomalainen
73e9e99d9c
sshd_config: cleaning up
2015-08-30 16:54:21 +03:00
Aminda Suomalainen
c922d0aa37
etc/ssh/sshd_config: fix banner
2015-08-28 19:25:26 +03:00
Aminda Suomalainen
7e4bbfba5a
sshd_config: also remove ecdsa keys
2015-08-28 14:29:34 +03:00
Aminda Suomalainen
04df2e532b
update sshd_config from Arch
...
OpenSSH 7.1p1-1
Note the sftp subsystem which differs between at least Debian and Arch.
2015-08-28 14:00:25 +03:00
Aminda Suomalainen
f69a361ed1
sshd_config: deprecate dsa
2015-08-28 13:54:36 +03:00
Aminda Suomalainen
ae6651cd47
systemd: add reflector.service
2015-08-25 14:13:44 +03:00
Aminda Suomalainen
7ff510b42b
add etc/install
...
Closes #74
2015-08-22 15:10:01 +03:00
Aminda Suomalainen
bec7aced22
etc/systemd/system: README updates
2015-08-21 19:27:40 +03:00
Aminda Suomalainen
76633ba61d
add etc/unbound/dnscrypt-proxy.conf
2015-08-21 19:16:12 +03:00
Aminda Suomalainen
18931c320a
add dnscrypt proxy services
...
Thanks @Fusl
Fixes #63
2015-08-21 19:09:39 +03:00
Aminda Suomalainen
dc5531dfcd
cleaning etc/systemd/system
2015-08-21 19:06:11 +03:00
Aminda Suomalainen
c4dcb39b8c
nginx: remove the neverused vhost
2015-08-20 20:47:18 +03:00
Aminda Suomalainen
3a32185433
etc/nginx/sites-availble: add X-Frame-Options
2015-08-20 20:36:32 +03:00
Aminda Suomalainen
a06465d161
unbound: move forwards.conf under unbound.conf.d
2015-08-20 18:39:40 +03:00
Aminda Suomalainen
2ab0601c8d
systemd: remove dnscrypt-proxy & add miredo
2015-08-20 18:29:00 +03:00
Aminda Suomalainen
3065c552da
resolv.conf: add ::1 anyway
2015-08-20 15:24:57 +03:00
Aminda Suomalainen
c8dcba24a3
major cleaning
2015-08-20 15:22:22 +03:00
Aminda Suomalainen
baff3f7dd1
clean resolv.conf
2015-08-20 15:09:13 +03:00
Aminda Suomalainen
e3b067cf5d
etc/resolv.conf: swap Google DNS
...
I prefer them to be in order primary and seconary if I use both and as
IPv6 is above it should be the primary making IPv4 below secondary.
2015-08-16 12:07:59 +03:00
Aminda Suomalainen
a55ab90ca3
resolv.conf: replace OpenDNS with Google
...
If both Google servers go down, there are still the others which unbound
that I run on all devices is using.
2015-08-16 12:05:50 +03:00
Aminda Suomalainen
f6b562f517
comment on etc/resolv.conf
2015-08-16 11:30:06 +03:00
Aminda Suomalainen
518a5c2a17
sources.list: add (Ubuntu) devel
2015-08-06 12:01:21 +03:00
Aminda Suomalainen
93d775c3a5
fix etc/profile.d/mikaela.sh
2015-07-29 10:16:30 +03:00
Aminda Suomalainen
632f2f2b6b
sources.list: clean Ubuntu ones
2015-07-29 10:04:54 +03:00
Aminda Suomalainen
741c6a8571
sources.list/ubuntu: add commented proposed
...
Closes #79
2015-07-28 19:23:48 +03:00
Aminda Suomalainen
aeeed423df
sources.list/ubuntu: coment ddebs
2015-07-28 19:09:26 +03:00
Aminda Suomalainen
95dc6cfa17
sources.list: ubuntu: add ddebs.ubuntu.com
...
https://wiki.ubuntu.com/DebuggingProgramCrash
2015-07-28 19:06:38 +03:00
Aminda Suomalainen
fa44f85e48
sources.list: chmod +x install*
2015-07-28 18:59:03 +03:00
Aminda Suomalainen
6b527a87cb
sources.list: 14.10 is EOL
2015-07-24 09:06:19 +03:00
Aminda Suomalainen
2ba606cce6
nginx: HSTS: subdomains & preload
2015-07-22 12:55:51 +03:00
Aminda Suomalainen
ff94369b6d
sources.list/README: add missing rm
2015-07-12 11:52:28 +03:00
Aminda Suomalainen
93e5eab3f5
sources.list: fix install scripts
2015-07-12 11:39:41 +03:00
Aminda Suomalainen
b4f3ac370e
sources.list/install: add missing shebang
2015-07-12 11:36:38 +03:00
Aminda Suomalainen
87ffc8515e
sources.list: improve README
2015-07-12 11:35:53 +03:00
Aminda Suomalainen
8783d0d5b7
sources.list: add install scripts
...
Closes #78
2015-07-12 11:26:47 +03:00
Aminda Suomalainen
2fd3c3986b
sources.list: add README & touch scripts
...
ref: #78
2015-07-12 11:21:38 +03:00
Aminda Suomalainen
60402c6999
sources.list: add forgotten stretch
2015-07-12 11:06:03 +03:00
Aminda Suomalainen
abc4060a3a
sources.list: add sid so both scripts work
2015-07-12 11:03:51 +03:00
Aminda Suomalainen
6400fd909e
sources.list: rename debian* to codenames
...
So they are compatible with the function which uses `lsb_release -sr`.
2015-07-12 10:51:19 +03:00
Aminda Suomalainen
f98e2a4375
somewhat rewrite etc/oidentd.conf
2015-07-09 10:48:28 +03:00
Aminda Suomalainen
cf13b0faaf
sources.list/squeeze: add squeeze-lts
2015-07-07 17:10:43 +03:00
Aminda Suomalainen
b16ae44601
Revert "services: remove unneeded pidfiles"
...
This reverts commit 98093edc99
.
* * * * *
They aren't needed if systemd starts the service, but what if user
services are used together with cron and liching isn't allowed?
2015-07-07 10:10:10 +03:00
Aminda Suomalainen
b6969cd7fe
rm debianu as git didn't like it
2015-07-06 15:22:23 +03:00
Aminda Suomalainen
0a8c630265
http.debian.net --> httpredir.debian.org
...
I was told that it moved and moving to debian.org means that it's now
officially supported :)
2015-07-06 15:18:25 +03:00
Aminda Suomalainen
fe1890ea34
debianu --> sid & ln -s sid debianu
...
sid makes more sense and as it has static codename, why to not use it?
2015-07-06 15:08:42 +03:00
Aminda Suomalainen
805f669954
sources.list: add supported Debians
...
also remove the top line and add debianu for unstable.
2015-07-06 15:05:31 +03:00
Aminda Suomalainen
6cb22a6de2
sysctl/60-mikaela.conf: mention systemd-networkd
2015-06-24 16:09:05 +03:00
Aminda Suomalainen
a5de194c6f
fix sysctl.d/60-mikaela.conf
...
EUI-64, not SLAAC & privacy extensions for all
2015-06-24 15:12:11 +03:00
Aminda Suomalainen
1f1d071e5e
systemd/network: rename enp… eth0 & timesyncd
2015-06-07 19:12:15 +03:00
Aminda Suomalainen
47b05e1bd9
fix aliendalvik-stopper.service
2015-05-27 12:09:31 +03:00
Aminda Suomalainen
4391fb5c19
systemd: aliendalvik-stopper
2015-05-27 12:00:35 +03:00
Aminda Suomalainen
bf03a22823
systemd/system: update README
...
https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme
2015-05-23 11:29:18 +03:00
Aminda Suomalainen
3370327db0
ydns-simple service & timer
2015-05-22 20:15:23 +03:00
Aminda Suomalainen
9ac3c776d7
sysctl.d: net.ipv6.conf.default.use_tempaddr
2015-05-14 19:04:35 +03:00
Aminda Suomalainen
e512759368
fix resolv.conf
2015-05-14 00:16:49 +03:00
Aminda Suomalainen
e660ec9b21
resolv.conf: use IPv4 localhost
...
because of the other files I added maybe in previous commit
2015-05-13 22:27:22 +03:00
Aminda Suomalainen
17b5596d80
etc: dnscrypt
2015-05-13 22:20:28 +03:00
Aminda Suomalainen
8e952350e7
etc/resolv.conf: don't be so verbose
2015-05-13 20:52:48 +03:00
Aminda Suomalainen
b761f8f5ed
add etc/resolv.conf
2015-05-13 20:49:35 +03:00
Aminda Suomalainen
cbbd9dcf2c
nginx/host: enable HSTS
2015-05-12 18:41:24 +03:00
Aminda Suomalainen
8e433e3660
etc/xdg/autostart: README, linphone, redshift§
2015-05-08 09:08:30 +03:00
Aminda Suomalainen
43af7aef52
sources.list: rm ubuntu
2015-05-05 07:56:39 +03:00
Aminda Suomalainen
adb361bc0e
sources.list: 15.10
2015-05-05 07:56:11 +03:00
Aminda Suomalainen
a9eaecf61c
unbound: add dns.watch & puntcat
2015-05-01 17:05:58 +03:00
Aminda Suomalainen
0510858a0d
etc/unbound: remove non-DNSSEC resolvers
2015-05-01 15:10:49 +03:00
Aminda Suomalainen
e9ad27c7ff
etc/systemd/network: add enp0s18.network
...
from Rbtpzn
2015-04-29 10:41:42 +03:00
Aminda Suomalainen
9e37b3b2d8
etc: nsswitch.conf, not fully
2015-04-28 13:14:25 +03:00
Aminda Suomalainen
27d24a81b1
copy ipv6 services
2015-04-23 22:38:30 +03:00
Aminda Suomalainen
3d54d51c24
rm dnsmasq & fedora
...
I am not using either. The only Fedora here was Pidora and it has died
some time ago and the project is a little slow.
I am currently wondering whether to start learning FreeBSD by putting it
on the Pi.
2015-04-22 22:50:54 +03:00
Aminda Suomalainen
f74a76250b
Rename Manjaro --> Arch
...
I didn't ever try Manjaro outside of Virtualbox and I have learned that
Manjaro is not good. I am currently using Antergos which is Arch + one
custom repo, so I feel I can rename to Arch.
2015-04-22 22:42:01 +03:00