Mikaela
/
shell-things
mirror of https://gitea.blesmrt.net/mikaela/shell-things.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,222 Commits 1 Branch 0 Tags 5.8 MiB
Commit Graph

645 Commits

Author SHA1 Message Date
Aminda Suomalainen d3e00fb1a3
xdg-applications: add firejailed appimage of chatterino 2020-10-24 09:11:14 +03:00
Aminda Suomalainen 1e70d7d4d7
etc/systemd-resolved&unbound: add Quad9 ECS configs 
Untested. The last time I saw the documentation, they didn't mention
DoT.
 2020-10-21 17:09:20 +03:00
Aminda Suomalainen 1467454284
hosts.append: prepend empty line 
It makes it easier to see where this begins in the appended /etc/hosts
 2020-10-21 15:18:03 +03:00
Aminda Suomalainen de7184794a
etc: add hosts.append for appending into hosts for systemd-resolved 2020-10-21 15:16:56 +03:00
Aminda Suomalainen ca4c85b7df
etc/resolv.csv: add Quad9 ECS 
The DoT address is guessed and verified to be open through nmap, as it's
not documented, I don't know surely that it's what it should.

DoH is mentioned in https://www.quad9.net/doh-quad9-dns-servers/

via https://gitlab.com/nitrohorse/ios14-encrypted-dns-mobileconfigs/-/issues/6
 2020-10-18 11:11:27 +03:00
Aminda Suomalainen cb5781044c
resolv.conf: add OpenDNS Family 2020-10-03 14:56:52 +03:00
Aminda Suomalainen 5f9cf10c68
resolv.csv: add Cleanbrowsing 2020-10-03 14:07:41 +03:00
Aminda Suomalainen 531abc1f42
resolv.csv: fix Cloudflare DoT address 2020-10-03 13:49:04 +03:00
Aminda Suomalainen 96d19d99cb
resolv.csv: add Cloudflare family, fill CF antimalware IPv6 2020-10-03 13:46:13 +03:00
Aminda Suomalainen 8241d0e695
resolv.csv: add AdGuard Family 2020-10-03 13:42:05 +03:00
Aminda Suomalainen ae533261ab
etc/resolv.csv restore Firefox addresses 2020-10-03 13:38:31 +03:00
Aminda Suomalainen 13a03812ba
resolv.conf: move resolvers to resolv.csv 2020-09-27 15:05:53 +03:00
Aminda Suomalainen 31a15a9abc
systemd-resolved & unbound: update AdGuard IPs 
Resolves: #81
 2020-09-27 14:34:54 +03:00
Aminda Suomalainen 09d7a87dfb
fix zaldaryn-r8168? 2020-09-03 19:39:34 +03:00
Aminda Suomalainen 6c2475676c
unbound.conf.d/dot-adguard.conf: fix SNI domain 2020-08-30 16:56:51 +03:00
Aminda Suomalainen edb259b1c8
unbound.conf.d: add dot-adguard.conf 2020-08-30 16:45:35 +03:00
Aminda Suomalainen cc965d4692
blocklist.conf: add empty line & incoming.telemetry.mozilla.org 2020-08-22 23:31:54 +03:00
Aminda Suomalainen 263f828550
unbound blocklist: add ssl.google-analytics.com 2020-08-20 19:30:47 +03:00
Aminda Suomalainen 94eace15e7
unbound/blocklist.conf: specify it's server clause 
Introduced by e4d18d47c5
 2020-08-20 18:38:37 +03:00
Aminda Suomalainen cabf7c570d
blocklist.conf: add [www.]google-analytics.com. 2020-08-20 18:33:51 +03:00
Aminda Suomalainen b5cafdeb90
unbound: the mass file is not a good idea? cut it? 2020-08-16 12:18:07 +03:00
Aminda Suomalainen e4d18d47c5
etc/.../unbound.conf: update for 1.11.0-1+ 2020-08-15 10:27:50 +03:00
Aminda Suomalainen cf8dc85ec0
systemd/timesyncd.conf.d: add cloudflare.conf 2020-08-09 10:51:36 +03:00
Aminda Suomalainen 82cf5e7742
systemd/resolved.conf.d: add generic NextDNS confs 2020-08-09 00:07:06 +03:00
Aminda Suomalainen c3f9205610
resolv.conf: fix nextdns addresses 2020-08-09 00:03:13 +03:00
Aminda Suomalainen bbbe4a2f04
resolv.conf: add Firefox DoH resolvers 
Excluding Comcast
 2020-08-08 20:06:39 +03:00
Aminda Suomalainen f58ba9424e
resolv.conf: more notes, hilight systemd-resolved, add DoH addresses 2020-08-08 19:44:08 +03:00
Aminda Suomalainen ca25fa1a66
sources.list: rm 16.04.archive.ubuntu.com 
I don't see enough difference compared to ubuntu.

Resolves: #78
 2020-08-07 15:58:54 +03:00
Mikaela Suomalainen 0be7388798
sources.list: add ubuntu 
Resolves: #77
 2020-08-07 10:40:22 +03:00
Aminda Suomalainen 73fb88e11d
systemd-resolved.conf.d: everywhere -> 00-everywhere 2020-07-24 12:16:31 +03:00
Aminda Suomalainen 8af19aab5e
resolv.conf: link to Mullvad issue while at it 2020-07-23 23:28:14 +03:00
Aminda Suomalainen 99cda3d7ed
resolv.conf: add a missing word 2020-07-23 23:27:37 +03:00
Aminda Suomalainen 7da5babc43
resolv.conf: add missing empty line 2020-07-23 22:59:53 +03:00
Aminda Suomalainen d3e1aaee30
resolv.conf: more systemd-resolved info 2020-07-23 22:52:32 +03:00
Aminda Suomalainen 6289837766
resolv.conf: note the systemd-resolved files 2020-07-23 22:43:04 +03:00
Aminda Suomalainen a8e9d7d81f
etc/resolv.conf: add option trust-ad 2020-07-20 23:11:55 +03:00
Aminda Suomalainen 69f55cd724
systemd/resolved: adguard-strict -> adguard-dot 2020-07-18 14:05:36 +03:00
Aminda Suomalainen 550b68d149
etc/systemd/resolved: add [adguard,cloudflare}-strict.conf 
I am not actually using either though and I am not sure if I will,
but maybe they are nice to have as a backup here just in case.
 2020-07-18 02:20:56 +03:00
Aminda Suomalainen b3cb953b9c
systemd/resolved: add a comment to everywhere.conf too 
as every other file explains who it is for, why not this
 2020-07-04 19:09:26 +03:00
Aminda Suomalainen 0ae22081a0
etc/systemd-resolved: rework all files more or less 
* explain things in README.md, don't duplicate comments
* opportunistic-insecure.conf should be used everywhere by default, so
  thus it's now everywhere.conf. However I am yet to test it does what
  I expect, so this is bad case of testing in production or after
  committing it in general.
 2020-07-04 19:06:18 +03:00
Aminda Suomalainen 7a73088beb
systemd/resolved.conf.d/quad9*.conf: enable SNI 2020-06-26 12:22:09 +03:00
Aminda Suomalainen bce9af0edd
resolved.conf: add quad9-compat.conf 2020-06-26 12:22:09 +03:00
Mikaela Suomalainen 507b9b15c7
etc/containers: add registries.conf example 
linking to source, it seems to be enough to get started with podman
 2020-05-27 11:01:08 +03:00
Mikaela Suomalainen 856085bd74
ssh_config: document ForwardAgent and ForwardX11... 
...Previously they were no without explanation, but it never hurts to
explicitly have comments on not doing that, I didn't quickly find
anything nice for ForwardAgent, but I remember the Matrix.org people
somehow avoiding hearing it and ForwardX11 first result was that
StackExchange.
 2020-05-22 14:36:26 +03:00
Mikaela Suomalainen d8d48508bd
ssh_config: update comments, add Includes 
Resolves: #69
 2020-05-22 14:29:37 +03:00
Aminda Suomalainen c2c27c8adb
local: add firejail-appimage-patchwork.desktop 2020-05-08 18:14:42 +03:00
Aminda Suomalainen 5226399637
grub.d: add quiet.cfg to remind me to not remove it 2020-04-08 19:24:22 +03:00
Aminda Suomalainen 1e08997ad5
etc/sources.list: add (Debian's) experimental 2020-03-30 18:12:16 +03:00
Aminda Suomalainen 6f2f986d2f
etc/fahclient/config.xml: let the slider be MEDIUM 2020-03-30 09:16:32 +03:00
Aminda Suomalainen d1fc83913b
systemd/user: add ipfs, transmission-daemon (from system) 2020-03-30 08:42:06 +03:00
Aminda Suomalainen b2dac44a64
etc: add fahclient/config.xml 2020-03-30 08:35:56 +03:00
Aminda Suomalainen d39ec4ccfe
grub.d/oldifnames.cfg: update comment 
I seem to be using it in multiple systems so I cannot say I don't
recommend it, when it's understood.
 2020-03-29 15:12:00 +03:00
Aminda Suomalainen 53944a0673
grub.d: add forcefsck.cfg 2020-03-29 15:11:48 +03:00
Aminda Suomalainen b217baaec9
systemd/system: update syncplay-server.service 
It never got the TLS flag apparently
 2020-03-27 18:02:34 +02:00
Aminda Suomalainen d71357613f
apt/preferences.d/limit-unstable: add unstable-debug repo 
It may be unhelpful to have debug symbols getting pulled from Unstable
while using packages from Testing or even Stable.
 2020-03-21 16:40:00 +02:00
Aminda Suomalainen 9d70aa8119
org.signal.Signal.desktop: rename to Signal Tray 2020-03-09 09:35:19 +02:00
Aminda Suomalainen 8fc2d8905c
etc/nginx/README.md: add future warning 2020-03-07 21:08:57 +02:00
Aminda Suomalainen 64d5fef6f3
ipfs.service: point to the new meta issue 2020-02-29 18:03:32 +02:00
Aminda Suomalainen b125fc1804
etc/systemd/resolved.conf.d: general.conf -> opportunistic-insecure.conf 2020-02-21 19:03:56 +02:00
Aminda Suomalainen 60cac14929
etc: add multi-user.cfg 2020-02-18 01:42:27 +02:00
Aminda Suomalainen 585266bc28
update pomotroid.desktop & add ipfs-desktop.desktop 
Pomotroid now stores data
 2020-02-13 20:17:39 +02:00
Aminda Suomalainen a3d7b0af22
etc/default/grub.d/lockdown.cfg: notes + lockdown=integrity comment 2020-02-13 02:03:52 +02:00
Aminda Suomalainen b770e356cb
etc/default/grub.d: add lockdown.cfg 2020-02-13 01:17:39 +02:00
Aminda Suomalainen 60899ca667
etc/sysctl.d: add kernel.yama.ptrace_scope = 1 2020-02-12 22:36:17 +02:00
Aminda Suomalainen 3e325cca03
etc/sysctl.d: add 00-local-userns.conf with warnings/rant 2020-02-12 22:00:11 +02:00
Aminda Suomalainen bd6488e0ed
etc/default/grub.d: nouveau.cfg -> itwjyg.cfg + more modules 2020-02-10 17:54:47 +02:00
Aminda Suomalainen fafc6fad62
etc/xdg/autostart: add pomotroid.desktop 
Resolves: #50
 2020-02-09 20:36:56 +02:00
Aminda Suomalainen 1a8c6fcd24
merge local/share/applications & etc/xdg/autostart 2020-02-09 20:35:54 +02:00
Aminda Suomalainen ee0038c568
add /etc/network/interfaces.d/eth0 2020-02-09 14:53:56 +02:00
Aminda Suomalainen 8472ffa7cd
NetworkManager: add manage-ifupdown.conf 2020-02-09 14:53:01 +02:00
Aminda Suomalainen 9177966264
etc/default/grub.d: -supposedly & modprobe r8168 2020-02-09 14:50:43 +02:00
Aminda Suomalainen da2f090f56
logind.conf.d/lidclose.conf: mention systemd-rfkill, ref: #51 2020-02-03 22:41:47 +02:00
Aminda Suomalainen d54ec98f99
NM/iwd.conf: add missing line (enable --now iwd) 2020-02-03 21:40:11 +02:00
Aminda Suomalainen d8740f54e1
NetworkManager/conf.d: add iwd.conf for replacing wpa_supplicant 2020-02-03 21:15:35 +02:00
Aminda Suomalainen c0399054bb
etc/systemd/login.conf.d/lidclose.conf: ignore lid close 2020-02-03 19:36:05 +02:00
Aminda Suomalainen a82e3fd989
etc/NetworkManager: add no-mac-randomizing.conf 2020-01-28 23:12:54 +02:00
Aminda Suomalainen b04c724b5b
etc/default/grub.d: add flags to disable hibernating 2020-01-19 13:47:33 +02:00
Aminda Suomalainen 2168bc47ed
apt/preferences.d: don't consider firefox/jami as badideas 2020-01-12 13:24:11 +02:00
Aminda Suomalainen 86cb1a02dc
etc/xdg/autostart: add com.github.wwmm.pulseeffects.desktop 2020-01-11 22:25:33 +02:00
Aminda Suomalainen e47568e178
etc/xdg/autostart: add Nextcloud.desktop 2020-01-11 22:24:23 +02:00
Aminda Suomalainen 5c6f66e5fc
etc/apt/preferences.d: add hacks/limit-buster 2020-01-11 22:11:25 +02:00
Aminda Suomalainen eabd12a26d
etc/apt/preferenced: move not-so-good-ideas to badideas/ 2020-01-11 21:43:52 +02:00
Aminda Suomalainen 31c53595f8
etc/apt/preferences.d: add limit-unstable from Wireguard 2020-01-11 21:41:09 +02:00
Aminda Suomalainen 3011004856
NetworkManager/conf.d: add no-resolvconf.conf 2020-01-11 21:05:05 +02:00
Aminda Suomalainen 346d726bb7
NetworkManager/unbound: note unbound-control-setup 2020-01-03 01:52:21 +02:00
Aminda Suomalainen 2df7887dda
NetworkManager/conf.d: add unbound.conf 
For Unbound which I generally use, even while it requires dnssec-trigger
 2020-01-02 15:32:50 +02:00
Aminda Suomalainen 6ae87b6de8
etc/default/grub.d: add oldifnames.cfg 
see comments of the file for reason
 2019-12-30 16:24:42 +02:00
Aminda Suomalainen 05ffc40c7d
xdg/autostart: add Mullvad-VPN gui 2019-12-28 19:27:52 +02:00
Aminda Suomalainen a6c5902c08
etc/default/grub: add random.trust_cpu=on 
Possibly some help to boot time entropy exhaustion, but it may have been
enabled by default already.
 2019-12-27 19:46:30 +02:00
Aminda Suomalainen b1f7177d7f
etc/xdg/autostart: add dino & jami 2019-12-24 16:58:45 +02:00
Aminda Suomalainen 4e640e3d50
etc/xdg/autostart: add Riot & -many to Telegram 2019-12-23 12:49:05 +02:00
Aminda Suomalainen bc46ad3119
torrc-client: add port 9119 for http 2019-12-23 12:48:33 +02:00
Aminda Suomalainen 0c4bacc1ca
etc/xdg/autostart: add Gajim & Signal 2019-12-21 18:54:02 +02:00
Aminda Suomalainen 7541d93206
dns-over-tls.conf: update BlahDNS-JP addresses 2019-12-01 12:48:02 +02:00
Aminda Suomalainen 10b1b8ad86
unbound/dot: fix outdated comment 2019-11-03 00:49:19 +02:00
Aminda Suomalainen 7b2c1568d1
unbound/dns-over-tls.conf: replace BlahDNS CH with FI 
Shutting down on December 31th https://blahdns.com/
 2019-11-03 00:15:59 +02:00
Aminda Suomalainen 4e93c66d67
systemd/resolved.conf.d/quad9: expand on versions 2019-11-02 18:37:12 +02:00
Aminda Suomalainen d062d6675c
unbound/blacklist.conf: Riot has fixed it's habits 
Integration manager and identity server can be configured in settings
 2019-10-16 15:01:48 +03:00
Aminda Suomalainen 5a1ed609ed
update etc/xdg/autostart/README.md 2019-10-12 19:02:45 +03:00
Aminda Suomalainen 64934af736
etc/xdg/redshift: add icon & chmod +x 2019-10-12 19:02:27 +03:00
Aminda Suomalainen a79e9d3c21
etx/xdg/auostart: add com.wire.WireDesktop & telegramdesktop 2019-10-12 19:00:58 +03:00
Aminda Suomalainen a482390118
etc/xdg/autostart: deprecate unnecessary ones 2019-10-12 18:46:23 +03:00
Aminda Suomalainen 1e636a65af
unbound/dns-over-tls.conf: enable BlahDNS over Yggdrasil 2019-10-08 20:52:41 +03:00
Aminda Suomalainen 077b1a7679
etc/NetworkManager: move relevant parts to conf.d/ 
I have no idea when I have previously looked into those two files (git
history would probably tell me), but I don't think they make much sense,
while the important parts can be cut into conf.d/ and applied
individually as needed.
 2019-10-04 20:18:32 +03:00
Aminda Suomalainen 16e66010a2
etc/NetworkManager: add conf.d and cp from Itwjyg 
Strangely Itwjyg is a special case system where I need systemd-resolved
and its opportunistic DNSSEC/DoT. I also accidentally forgot
dns-none.conf (then dns.conf) there, but systemd-resolved.conf appears
to have overridden it, so it was fine and I have now removed the extra
one.
 2019-10-04 20:10:27 +03:00
Aminda Suomalainen cb79fa283a
apt/preferences.d/firefox: add l10n 2019-09-24 21:57:54 +03:00
Aminda Suomalainen f1b6101afd
apt/preferences.d: pin firefox[-esr] from sid 2019-09-24 21:46:13 +03:00
Aminda Suomalainen bda94cac72
etc/nginx: remove / from the proxies 
while I still remember
 2019-09-18 17:40:00 +03:00
Aminda Suomalainen ee03a773c0
apt/preferences.d: add jami 2019-09-17 17:22:15 +03:00
Aminda Suomalainen bc9848185d
i2pd: increase tunnel lengths to 2 in hope of better NAT evading 2019-09-15 14:40:44 +03:00
Aminda Suomalainen b3dc6ced51
systemd: initial i2pd.service & .d/override.conf 
Begins #38
 2019-09-15 13:52:57 +03:00
Aminda Suomalainen b614486427
etc/nginx: more modern working configs from Relpda 2019-09-13 16:32:01 +03:00
Aminda Suomalainen 0ca2718569
unbound/blocklist.conf: use always_nxdomain, remove publicbt.com 2019-09-10 21:27:23 +03:00
Aminda Suomalainen 01cd9e7b45
etc/fstab: notes on encryption, tmpfs, cleanup 2019-09-10 00:21:48 +03:00
Aminda Suomalainen 541a4a4f15
etc/i2pd/tunnels.conf.d: add yggdrasil-in.conf 2019-09-09 14:40:09 +03:00
Aminda Suomalainen 0c70f41afc
unbound/blocklist: uncomment vector.im, add use-application-dns.net 
* Vector.im is the identity server that gets restored by itself and I
  don't seem to ever have any business to Vector.im website, while
  the other domains I need to visit at times.
* use-application-dns.net being NXDOMAIN tells Firefox to not send
  traffic to Cloudflare DoH. I thought of this when I saw the news and
  got courage to actually do this after seeing that DNSCrypt-proxy also
  does so.
 2019-09-07 14:42:15 +03:00
Aminda Suomalainen 91025d7129
etc/default/grub.d: merge mds.cfg into mitigations.cfg 
Ref: #33

Still missing documentation/comments
 2019-09-06 12:38:42 +03:00
Aminda Suomalainen f4f8b3f529
grub.d/{mitigations,nosmt}.cfg: initial commit 
TODO: documents

Ref: #34
 2019-09-06 01:17:32 +03:00
Aminda Suomalainen 47c7a3aca2
grub.d: add default-windows.cfg 
Resolves: #33
 2019-09-04 12:00:57 +03:00
Aminda Suomalainen 4b214b0e0f
etc/default/grub.d: add nouveau 2019-09-04 11:40:06 +03:00
Aminda Suomalainen c91b1b97a9
systemd/system: add unit file for etherpad-lite 
Closes: #27
 2019-08-29 13:10:55 +03:00
Aminda Suomalainen 319ae6c2bf
etc/modprobe.d/blacklist-hdmi-audio.conf: add source 2019-08-29 01:31:32 +03:00
Aminda Suomalainen 9bb1dbb301
etc/modprobe.d: blacklist snd_hda_codec_hdmi 2019-08-29 01:27:40 +03:00
Aminda Suomalainen 3f81f02bfd
etc/default/grub.d/sedric.cfg: acpi_backlight=vendor has no effect 2019-08-26 10:23:41 +03:00
Aminda Suomalainen 06c56bbc78
etc/default/grub.d: add mds.conf for mitigating mds CPU vuln 
Ref: #22
 2019-08-25 20:32:38 +03:00
Aminda Suomalainen 066c42717c
torrc-client: enable ClientPreferIPv6ORPort as my IPv6 works 2019-08-25 18:39:12 +03:00
Aminda Suomalainen 9bcd2d61c7
unbound/*dns64*: add Cloudflare 2019-08-25 18:27:11 +03:00
Aminda Suomalainen aa2c53349d
unbound/plain-dns64.conf: add Google DNS 2019-08-25 18:21:16 +03:00
Aminda Suomalainen 31aa6066b5
unbound/dns-over-tls.conf: don't mention forwards.conf 
I renamed it.
 2019-08-25 18:17:50 +03:00
Aminda Suomalainen 41644a9b65
unbound: add dns64-over-tls.conf (broken for now) 2019-08-25 18:16:51 +03:00
Aminda Suomalainen 6308c9af72
unbound: clean up plain-dns64.conf (only TREX for now) 2019-08-25 18:09:50 +03:00
Aminda Suomalainen 04658408d4
unbound: rename forwards.conf -> plain-dns64.conf 2019-08-25 18:07:28 +03:00
Aminda Suomalainen 3dc273fbe0
unbound: mention other files of interest in dot & add threads 2019-08-24 12:40:04 +03:00
Aminda Suomalainen 6274ed8e13
unbound/dot: add nic.cz & nixnet 2019-08-24 12:02:26 +03:00
Aminda Suomalainen 5462af3059
unbound/dot: add Lelux.fi 2019-08-24 11:57:42 +03:00
Aminda Suomalainen 7afaa57882
unbound/dot: add Snopyta 2019-08-24 11:55:22 +03:00
Aminda Suomalainen 4e4d19a765
unbound.conf.d/logging.conf: print statistics hourly 2019-08-20 18:05:19 +03:00
Aminda Suomalainen d7d252f98f
unbound/logging: add statistics printing 2019-08-20 17:41:43 +03:00
Aminda Suomalainen 2c3fe4a5df
unbound: enable IPv6 preferring 2019-08-20 12:49:19 +03:00
Aminda Suomalainen be7c4185eb
etc/unbound/dns-over-tls: comment Cloudflare 2019-08-20 11:49:37 +03:00
Aminda Suomalainen 56b5b905e2
fix github link, closes #16 2019-08-18 02:05:52 +03:00
Aminda Suomalainen 26624bcd5d
unbound.conf.d: increase TTL to 15 mins from 5 2019-08-17 21:06:01 +03:00
Aminda Suomalainen d539237fbf
unbound/blocklist.conf: add source 2019-08-17 13:43:11 +03:00
Aminda Suomalainen 057d42bafd
unbound/dns-over-tls.conf: fix typo 2019-08-17 13:40:39 +03:00
Aminda Suomalainen 914fe1d26c
unbound/dot: finish adding providers 
Ref: #15
 2019-08-17 13:37:02 +03:00
Aminda Suomalainen 410a02a968
unbound/dot: add securedns (both), dnswarden (adblock) 2019-08-17 13:23:28 +03:00
Aminda Suomalainen a5ccd88e70
unbound/dns-over-tls.conf: add server locations 
Ref: #15
 2019-08-17 12:34:03 +03:00
Aminda Suomalainen 596c18c0e0
etc/unbound: add blocklist.conf 
Closes: #13
 2019-08-17 12:16:53 +03:00
Aminda Suomalainen 601bd3ac86
unbound dot: alphabetical order 
Ref: #15
 2019-08-17 00:52:41 +03:00
Aminda Suomalainen 39493f3bf9
unbound dot: move things around 2019-08-17 00:26:36 +03:00
Aminda Suomalainen b3a7266eb5
unbound.conf.d/dns-over-tls: remove Google 2019-08-17 00:14:41 +03:00
Aminda Suomalainen c78eecb547
unbound/dns-over-tls: add two port 443 resolvers 2019-08-17 00:10:32 +03:00
Aminda Suomalainen 4de337722e
etc/apt/preferences.d: add testing-debug & rename stable.donotuse 
Resolves: #124 (see comment)
 2019-07-30 01:08:09 +03:00
Aminda Suomalainen 2112575a98
etc/apt/preferences.d: commit dark magic that shouldn't exist 2019-07-30 00:52:32 +03:00
Aminda Suomalainen a01e53171e
grub.d/sedric.cfg: comment that acpi_osi=Linux doesn't work 2019-07-28 10:45:04 +03:00
Aminda Suomalainen 100d9a7433
dnscrypt-proxy.toml: move cache above & add comments & min cache TTL 300 2019-07-23 16:13:22 +03:00
Aminda Suomalainen 55050ec0e5
cache.conf: increase NXDOMAIN cache size and set min TTL to 300 2019-07-23 15:09:34 +03:00
Aminda Suomalainen 2b8a460b63
etc/unbound: add cache.conf 2019-07-23 12:30:53 +03:00
Aminda Suomalainen 93fa7a003c
etc/default/grub.d: add beep.cfg & sedric.cfg 
beep.cfg is the default example on getting a beep on grub startup,
sedric.cfg just contains `acpi_osi=` which fixes the hardware keys for
some reason.
 2019-07-22 18:56:38 +03:00
Aminda Suomalainen 97006ddf9b
unbound.conf.d/logging.conf: quote the fine manual for unbound.conf 2019-07-22 17:18:53 +03:00
Aminda Suomalainen 222a030cee
unbound/dns-over-tls: note version requirement 1.7.3 
Debian 9 has 1.6.0 with which I am stuck for now. Debian 10 has 1.9.0
 2019-07-22 16:52:07 +03:00
Aminda Suomalainen 29eae6f89a
etc/dnscrypt-proxy: note I run Unbound in front of it 2019-07-22 16:25:21 +03:00
Aminda Suomalainen eb6315d92f
resolv.conf: add Quad9 and note I am not sure what it tries to be 
Public DNS resolver with easy address list for emergency?
 2019-07-22 16:22:55 +03:00
Aminda Suomalainen 430b9b7bfc
resolv.conf: note local resolver separately from dnscrypt-proxy 2019-07-22 16:17:27 +03:00
Aminda Suomalainen 7b83f84633
unbound/dns-over-tls.conf: add AdGuard DNS 
I am surprised it actually works with DNSSEC validation enabled
 2019-07-22 16:12:09 +03:00
Aminda Suomalainen ffbbe9e522
unbound: replace forwards.conf with dns-over-tls.conf 
Simultaneously rm puntcat, their DNS appears to be down at the moment
and I didn't find their own homepage.
 2019-07-22 16:05:05 +03:00
Aminda Suomalainen 6ed44de3d1
unbound.conf.d: clarify logging.conf in a comment 2019-07-22 15:27:27 +03:00
Aminda Suomalainen bb14632b9a
unbound: add another Debian default 2019-07-22 15:16:34 +03:00
Aminda Suomalainen 3b9acff361
etc/unbound add unbound.conf & unbound-control.conf 
copy-pastes from Debian & Arch Wiki, however unbound-control in status
no as I guess it can be a hole most of time.
 2019-07-22 15:14:11 +03:00
Aminda Suomalainen 5569a1129c
unbound.conf.d/dnscrypt-proxy.conf: update for dnscrypt-proxy v2 
Closes #121
 2019-07-22 15:12:49 +03:00
Aminda Suomalainen fc5fb4d7bd
b6a511d6a63b6b6bb5fc918eae221d3ff062d89f: add comments 2019-07-20 11:37:28 +03:00
Aminda Suomalainen b6a511d6a6
etc: backup some apt.conf.d & preferences.d files 2019-07-20 11:09:42 +03:00
Aminda Suomalainen 41f44924be
dnscrypt-proxy.toml: note 2.0.24 fastest -> first 2019-07-14 18:36:31 +03:00
Aminda Suomalainen 117801ec9d
dnscrypt-proxy: fix comments 
Resolves: #120
 2019-07-14 18:15:35 +03:00
Aminda Suomalainen 646956b4e0
dnscrypt-proxy.toml: restore Quad9 examples 
Rbtpzn was using them for some reason and was hitting less errors than
Zaldaryn in as basic test as "apt update", so I guess it's worth having
it included. I think I am mainly leaving it for family devices.
 2019-07-14 13:30:29 +03:00
Aminda Suomalainen a5868f6395
etc/sources.list: update testing for bullseye & add note to stable for it 
> over the last years we had people getting confused over <suite>-updates
> (recommended updates) and <suite>/updates (security updates).  Starting
> with Debian 11 "bullseye" we have therefore renamed the suite including
> the security updates to <suite>-security.

https://lists.debian.org/debian-devel-announce/2019/07/msg00004.html
 2019-07-14 12:40:56 +03:00
Aminda Suomalainen 2fe92afa26
etc/apt/sources.list: change keyserver 
Ref: #119

I am not sure I would advice running that even if it happened to exist.
 2019-07-01 11:50:26 +03:00
Aminda Suomalainen 128f1781f3
torrc-client: add MapAddress for PirateIRC & freenode 
Closes #118
 2019-06-30 14:27:20 +03:00
Aminda Suomalainen a915db9f8a
etc/systemd: tor-services: add ExecReload 
I am running `systemctl restart tor-client` too often to be comfortable.
 2019-06-30 14:11:34 +03:00
Aminda Suomalainen bf3b91d93a
torrc-client: update from running config 
Preparation to #118
 2019-06-30 13:31:16 +03:00
Aminda Suomalainen 5128e8646a
ipfs.service: use dht routing instead of dhtclient routing 2019-06-11 01:17:22 +03:00
Aminda Suomalainen 85bd70f382
etc/systemd/system/ipfs: important notice for VPS/dedi/etc. 2019-06-11 01:12:28 +03:00
Aminda Suomalainen 6ce553f84e
dnscrypt-proxy: fix cloudflare excluding 2019-06-02 22:30:49 +03:00
Aminda Suomalainen 540798ed17
dnscrypt-proxy: use Socks Authentication 2019-05-22 12:01:34 +03:00
Aminda Suomalainen b96eb372d0
torrc-client: ensure IsolateSOCKSAuth & add HTTPTunnelPort 2019-05-22 11:58:05 +03:00
Aminda Suomalainen 3eefbaf296
etc/tor/torrc-onehoponion: CookieAuthFile 0 2019-05-17 18:54:34 +03:00
Aminda Suomalainen 7dbafe4a54
resolv.conf: more comments 2019-05-16 15:28:15 +03:00
Aminda Suomalainen 21adba9a02
dnscrypt-proxy.toml: update ~~stories~~ comments 2019-05-15 10:48:11 +03:00
Aminda Suomalainen e972a47d4a
torrc-client: add SocksPorts and comment on two guards 
I need unisolated port for dnscrypt-proxy which I fear would otherwise
generate too many circuits which wouldn't even be used and I guess
there is no harm in sending Yggdrasil to a separate port that only has
access to onions which is a port I may sometimes wish I have otherwise
too.
 2019-05-15 10:31:47 +03:00
Aminda Suomalainen 95bcf095df
VerifyHostKeyByDNS is supposed to be yes 
fix previous commit, I imagine I changed it by accident.
 2019-05-11 00:58:00 +03:00
Aminda Suomalainen e634ee8863
ssh_config: update comment for VerifyHostKeyDNS 
OpenSSH is evil and gives you three not-optimal options to this:

A) trust DNSSEC and don't write known_hosts
B) ask whether to trust DNS, but don't bother telling me if it's signed
C) don't even check SSHFP

I see A) as the least evil, but I wish known_hosts was written.
Alternatively B) should tell me whether there is DNSSEC or not, not
only "matching keys found from DNS" or whatever it says always.
 2019-05-09 18:44:36 +03:00
Aminda Suomalainen 9e03598e3f
etc/apt/sources.list: add missing tor+ for Debian 2019-05-09 14:05:54 +03:00
Aminda Suomalainen 0ce3c5f47a
dnscrypt-proxy: adjust sources, add prefixes 2019-05-07 00:55:07 +03:00
Aminda Suomalainen f978853d11
dnscrypt-proxy.toml: add onion resolvers 2019-05-07 00:23:51 +03:00
Aminda Suomalainen d2bd2be652
systemd/zeronet.service: use Python 3 & always use Tor 2019-05-05 20:28:14 +03:00
Aminda Suomalainen d8ba42bdd1
etc/tor: disable control, document enabling for client 2019-05-04 20:41:18 +03:00
Aminda Suomalainen 8e01a42c62
etc: systemd & tor: add tor-onehoponion (and torrc-relay) 2019-05-04 17:26:57 +03:00
Aminda Suomalainen c726daa62c
etc/tor/torrc-client: add comments 2019-05-04 16:55:08 +03:00
Aminda Suomalainen b0ef3a18f6
torrc-client: remove deprecated ClientPreferIPv6DirPort comment 
> The ClientPreferIPv6DirPort option is deprecated, and will most likely be removed in a future version of Tor. It has no effect on relays, and has had no effect on clients since 0.2.8. (If you think this is a mistake, please let us know!)
 2019-05-04 16:28:58 +03:00
Aminda Suomalainen 9c8cf613cd
etc/systemd: add tor-client.service & tor: add torrc-client 2019-05-03 12:31:33 +03:00
Aminda Suomalainen 4c2b21bbfa
ipfs.service: add routing note 2019-05-01 23:30:12 +03:00
Aminda Suomalainen ce84c26bcd
ipfs.service: adapt lowpower profile & mention badgerds 
If the lowpower option uses values 40 and 20 which are a lot higher than
mine were and considered suitable for laptops and smartphones, I guess
they are the best for me to use and I find content faster.
 2019-04-23 13:51:18 +03:00
Aminda Suomalainen 6981481c77
ipfs.service: add options I forgot before 2019-03-26 22:26:25 +02:00
Aminda Suomalainen 3ecfc2473d
ipfs.service: document my IPFS config 
Closes #111
 2019-03-26 22:05:52 +02:00
Aminda Suomalainen a90243a55a
dnscrypt-proxy.toml: use Quad9 while waiting for disabled_server_names 2019-03-26 10:12:57 +02:00
Aminda Suomalainen 466a7bc2c1
etc/systemd/resolved.conf.d: add some configs 
These aren't seeing real world usage though as the only host not running
dnscrypt-proxy has too old systemd.
 2019-03-25 13:41:23 +02:00
Aminda Suomalainen f336393db9
systemd preset: enable pcscd for FINEID 2019-02-28 13:00:42 +02:00
Aminda Suomalainen 81fcfb539d
systemd preset: Zaldaryn additions 2019-02-28 12:17:07 +02:00
Aminda Suomalainen 758d4302ac
systemd preset: remove cjdns, enable ssh.service 2019-02-28 12:10:14 +02:00
Aminda Suomalainen 284a50288c
sysctl.d: document privacy extensions & use double # for comments 2019-02-26 20:32:08 +02:00
Aminda Suomalainen cc0f5db3bd
dnscrypt-proxy: use dns.watch#2 as fallback reslver 
84.200.70.40
 2019-02-25 11:06:49 +02:00
Aminda Suomalainen 07ae3bbef6
etc/sudoers.d/hibernate: allow suspend & change group to plugdev 
It seemed like a suitable one from the default groups Debian creates.
 2019-02-18 20:07:36 +02:00
Aminda Suomalainen d406334560
systemd preset: enable TTY & cups 2019-02-17 21:07:10 +02:00
Aminda Suomalainen 5fe9477c55
etc/systemd: add ipfs.service & zeronet.service 
Closes #101
 2019-02-12 20:32:40 +02:00
Aminda Suomalainen 993d3f6994
systemd preset: enable yggdrasil-resume 2019-02-08 10:21:14 +02:00
Aminda Suomalainen 0afc716ccf
Partially revert f7fbf35109 
That was just too evil, especially as the line has moved to my i3wm
config where nothing else I have tried works.
 2019-02-04 20:33:31 +02:00
Aminda Suomalainen 518c9fcdaf
i3: add hibernation & sudoers.d: allow passwordless hibernate 2019-01-30 20:12:38 +02:00
Aminda Suomalainen f7fbf35109
update setxkbmap and hope no one else is using these files 2019-01-30 19:16:45 +02:00
Aminda Suomalainen d29a0532d2
Debian sources.list: disable http security, use https CDN & Tor 2019-01-23 10:18:35 +02:00
Aminda Suomalainen d27cc15888
add systemd-preset 2019-01-21 18:41:36 +02:00
Aminda Suomalainen 3e5e55bf75
etc/apt/sources.list: enable Debian debugsym repos 
It seems that I am always going to enable it sooner or later anyway, so
why woulnd't I have it enabled for quick installing when I do need it?

Example: KDE Connect crashed on login, and asked me to report it, but
the reporter app warned that there is no address to report it and debug
information had one or two stars and said that it's likely bad quality
and I think this is due to missing debug symbols which I then installed.

Naturally after installing them, I am unable to reproduce the issue, but
that is beside the point.
 2018-12-19 11:48:32 +02:00
Aminda Suomalainen 5c6c026226
hosts-mikaela.txt: alternative domain for Korsin 2018-12-15 20:57:43 +02:00
Aminda Suomalainen c80591d9a7
hosts-mikaela.txt: add Korsin 2018-12-15 16:56:36 +02:00
Aminda Suomalainen 08bfdde7c8
etc/dnscrypt-proxy/hosts-mikaela: add two cwinfo servers 2018-12-10 12:10:41 +02:00
Aminda Suomalainen 7695b26abf
etc/dnscrypt-proxy: update README.md 
The situation has changed a bit and I had forgotten to add links.
 2018-12-03 12:22:58 +02:00
Aminda Suomalainen 9be5b35b32
dnscrypt-proxy: use syslog, cert_refresh_delay 
I happened to wonder about reload times and think that this is nice to
have visible here.

Syslog is used by default and I am expecting it so it probably won't
hurt being visible.
 2018-11-29 11:30:28 +02:00
Aminda Suomalainen b7017d7c50
dnscrypt-proxy: update comments, lb_strategy = p2 
Removed my weird comment and added refresh_delay to OpenNIC. I am using
p2 instead of ph as per the wiki as apparently they don't consider
balancing queries over multiple services as important as speed, so maybe
I don't have to worry about that either.
 2018-11-29 11:23:05 +02:00
Aminda Suomalainen b6bb15a198
dnscrypt-proxy.toml: add commented OpenNIC 
It's waiting for me to make up my mind about it and whether or not I
support it. I have mixed feelings/thoughts about it and will need to
read more.
 2018-11-27 20:04:12 +02:00
Aminda Suomalainen 2d3b324d9f
dnscrypt-proxy.toml: add mirrors of public-resolvers.md 2018-11-27 20:01:35 +02:00
Aminda Suomalainen 8497d4fb84
dnscrypt-proxy.toml: enable require_nolog 
Learning that I don't have to specify servers there is a lot more
variety even if I start requiring more things, as Sedric says to
see 33 live servers, I guess dnscrypt servers in general respect
privacy. However I guess I still have to trust on what the servers
say as AFAIK dnscrypt-proxy is only that, a proxy, and won't start
validating dnssec by itself.
 2018-11-26 23:43:39 +02:00
Aminda Suomalainen 32b1fd4a9a
dnscrypt-proxy.toml: disable logging & put it where it belongs 2018-11-26 17:01:30 +02:00
Aminda Suomalainen 397821db0a
dnscrypt-proxy: -empty lines +cloaking_rules 
dn#
 2018-11-26 16:53:47 +02:00
Aminda Suomalainen c8fb2b896a
dnscrypt-proxy.toml: sort the options and add/update/fix comments 
Now the options that I am more likely to care about or want to adjust
are on the top.
 2018-11-26 16:46:30 +02:00
Aminda Suomalainen eecb4a980d
dnscrypt-proxy: add commented not-socket 2018-11-26 16:12:02 +02:00
Aminda Suomalainen c3c8a41e43
dnscrypt-proxy.toml: comment server_names 2018-11-26 16:03:02 +02:00
Aminda Suomalainen c8c342ec68
hosts-mikaela.txt: add tezagm 2018-11-26 15:46:52 +02:00
Aminda Suomalainen 4f99f6ebed
syncplay-server.service: ccxcz's endpoints ExecStart just in case 2018-11-24 20:36:17 +02:00
Aminda Suomalainen c57d5443ab
add systemd unit for syncplay-server 2018-11-23 17:23:38 +02:00
Aminda Suomalainen 33db566a27
sources.list: Debian updates repo over Tor 2018-11-22 20:39:22 +02:00
Aminda Suomalainen a47018899d
sources.list: rewrite the Debian ones? 
Apparently I had been negleceting one important one, if not more.
 2018-11-22 20:27:40 +02:00
Aminda Suomalainen 6419ce29fb
sources.list: add Debian onion repos (commented) 2018-11-22 20:00:33 +02:00
Aminda Suomalainen f050ef9550
sources.list: add Debian debug repos (commented) 2018-11-22 19:34:11 +02:00
Aminda Suomalainen 7983975ba8
etc/apt/sources.list: remove README & scripts 
They don't reflect what I am doing in reality and I think they possibly
encouraged bad practices, so it's better that they don't exist here.
 2018-11-22 19:14:42 +02:00
Aminda Suomalainen b0c6e5ffb2
hosts-mikaela.txt: add itwjyg 2018-11-15 11:54:49 +02:00
Aminda Suomalainen 6e9af60c0f
hosts-mikaela: add ano & jasan, fix formatting? 2018-11-02 16:02:02 +02:00
Aminda Suomalainen fd8b734e56
hosts-mikaela: cleanup 2018-11-01 16:15:23 +02:00
Aminda Suomalainen a15ff2e5dc
more hosts-mikaela.txt updates 
* add invictus, it's not mine, but neither are roubaix (dnscrypt-proxy
dislikes dashes?) and this file is meant for just my use, so does it
matter what it contains?
 2018-10-30 23:39:41 +02:00
Aminda Suomalainen f27ce8fd82
hosts-mikaela: add roubaix-fr 2018-10-30 16:19:26 +02:00
Aminda Suomalainen c7ffb18523
hosts-mikaela: add rbtpzn 2018-10-30 09:12:33 +02:00
Aminda Suomalainen e7d2b312ef
hosts-mikaela: add zaldaryn 
TODO: add to DNS
 2018-10-29 21:40:31 +02:00