430b9b7bfc
resolv.conf: note local resolver separately from dnscrypt-proxy
2019-07-22 16:17:27 +03:00
7b83f84633
unbound/dns-over-tls.conf: add AdGuard DNS
...
I am surprised it actually works with DNSSEC validation enabled
2019-07-22 16:12:09 +03:00
ffbbe9e522
unbound: replace forwards.conf with dns-over-tls.conf
...
Simultaneously rm puntcat, their DNS appears to be down at the moment
and I didn't find their own homepage.
2019-07-22 16:05:05 +03:00
6ed44de3d1
unbound.conf.d: clarify logging.conf in a comment
2019-07-22 15:27:27 +03:00
bb14632b9a
unbound: add another Debian default
2019-07-22 15:16:34 +03:00
3b9acff361
etc/unbound add unbound.conf & unbound-control.conf
...
copy-pastes from Debian & Arch Wiki, however unbound-control in status
no as I guess it can be a hole most of time.
2019-07-22 15:14:11 +03:00
5569a1129c
unbound.conf.d/dnscrypt-proxy.conf: update for dnscrypt-proxy v2
...
Closes #121
2019-07-22 15:12:49 +03:00
fc5fb4d7bd
b6a511d6a6
: add comments
2019-07-20 11:37:28 +03:00
b6a511d6a6
etc: backup some apt.conf.d & preferences.d files
2019-07-20 11:09:42 +03:00
41f44924be
dnscrypt-proxy.toml: note 2.0.24 fastest -> first
2019-07-14 18:36:31 +03:00
117801ec9d
dnscrypt-proxy: fix comments
...
Resolves : #120
2019-07-14 18:15:35 +03:00
646956b4e0
dnscrypt-proxy.toml: restore Quad9 examples
...
Rbtpzn was using them for some reason and was hitting less errors than
Zaldaryn in as basic test as "apt update", so I guess it's worth having
it included. I think I am mainly leaving it for family devices.
2019-07-14 13:30:29 +03:00
a5868f6395
etc/sources.list: update testing for bullseye & add note to stable for it
...
> over the last years we had people getting confused over <suite>-updates
> (recommended updates) and <suite>/updates (security updates). Starting
> with Debian 11 "bullseye" we have therefore renamed the suite including
> the security updates to <suite>-security.
https://lists.debian.org/debian-devel-announce/2019/07/msg00004.html
2019-07-14 12:40:56 +03:00
2fe92afa26
etc/apt/sources.list: change keyserver
...
Ref: #119
I am not sure I would advice running that even if it happened to exist.
2019-07-01 11:50:26 +03:00
128f1781f3
torrc-client: add MapAddress for PirateIRC & freenode
...
Closes #118
2019-06-30 14:27:20 +03:00
a915db9f8a
etc/systemd: tor-services: add ExecReload
...
I am running `systemctl restart tor-client` too often to be comfortable.
2019-06-30 14:11:34 +03:00
bf3b91d93a
torrc-client: update from running config
...
Preparation to #118
2019-06-30 13:31:16 +03:00
5128e8646a
ipfs.service: use dht routing instead of dhtclient routing
2019-06-11 01:17:22 +03:00
85bd70f382
etc/systemd/system/ipfs: important notice for VPS/dedi/etc.
2019-06-11 01:12:28 +03:00
6ce553f84e
dnscrypt-proxy: fix cloudflare excluding
2019-06-02 22:30:49 +03:00
540798ed17
dnscrypt-proxy: use Socks Authentication
2019-05-22 12:01:34 +03:00
b96eb372d0
torrc-client: ensure IsolateSOCKSAuth & add HTTPTunnelPort
2019-05-22 11:58:05 +03:00
3eefbaf296
etc/tor/torrc-onehoponion: CookieAuthFile 0
2019-05-17 18:54:34 +03:00
7dbafe4a54
resolv.conf: more comments
2019-05-16 15:28:15 +03:00
21adba9a02
dnscrypt-proxy.toml: update ~~stories~~ comments
2019-05-15 10:48:11 +03:00
e972a47d4a
torrc-client: add SocksPorts and comment on two guards
...
I need unisolated port for dnscrypt-proxy which I fear would otherwise
generate too many circuits which wouldn't even be used and I guess
there is no harm in sending Yggdrasil to a separate port that only has
access to onions which is a port I may sometimes wish I have otherwise
too.
2019-05-15 10:31:47 +03:00
95bcf095df
VerifyHostKeyByDNS is supposed to be yes
...
fix previous commit, I imagine I changed it by accident.
2019-05-11 00:58:00 +03:00
e634ee8863
ssh_config: update comment for VerifyHostKeyDNS
...
OpenSSH is evil and gives you three not-optimal options to this:
A) trust DNSSEC and don't write known_hosts
B) ask whether to trust DNS, but don't bother telling me if it's signed
C) don't even check SSHFP
I see A) as the least evil, but I wish known_hosts was written.
Alternatively B) should tell me whether there is DNSSEC or not, not
only "matching keys found from DNS" or whatever it says always.
2019-05-09 18:44:36 +03:00
9e03598e3f
etc/apt/sources.list: add missing tor+ for Debian
2019-05-09 14:05:54 +03:00
0ce3c5f47a
dnscrypt-proxy: adjust sources, add prefixes
2019-05-07 00:55:07 +03:00
f978853d11
dnscrypt-proxy.toml: add onion resolvers
2019-05-07 00:23:51 +03:00
d2bd2be652
systemd/zeronet.service: use Python 3 & always use Tor
2019-05-05 20:28:14 +03:00
d8ba42bdd1
etc/tor: disable control, document enabling for client
2019-05-04 20:41:18 +03:00
8e01a42c62
etc: systemd & tor: add tor-onehoponion (and torrc-relay)
2019-05-04 17:26:57 +03:00
c726daa62c
etc/tor/torrc-client: add comments
2019-05-04 16:55:08 +03:00
b0ef3a18f6
torrc-client: remove deprecated ClientPreferIPv6DirPort comment
...
> The ClientPreferIPv6DirPort option is deprecated, and will most likely be removed in a future version of Tor. It has no effect on relays, and has had no effect on clients since 0.2.8. (If you think this is a mistake, please let us know!)
2019-05-04 16:28:58 +03:00
9c8cf613cd
etc/systemd: add tor-client.service & tor: add torrc-client
2019-05-03 12:31:33 +03:00
4c2b21bbfa
ipfs.service: add routing note
2019-05-01 23:30:12 +03:00
ce84c26bcd
ipfs.service: adapt lowpower profile & mention badgerds
...
If the lowpower option uses values 40 and 20 which are a lot higher than
mine were and considered suitable for laptops and smartphones, I guess
they are the best for me to use and I find content faster.
2019-04-23 13:51:18 +03:00
6981481c77
ipfs.service: add options I forgot before
2019-03-26 22:26:25 +02:00
3ecfc2473d
ipfs.service: document my IPFS config
...
Closes #111
2019-03-26 22:05:52 +02:00
a90243a55a
dnscrypt-proxy.toml: use Quad9 while waiting for disabled_server_names
2019-03-26 10:12:57 +02:00
466a7bc2c1
etc/systemd/resolved.conf.d: add some configs
...
These aren't seeing real world usage though as the only host not running
dnscrypt-proxy has too old systemd.
2019-03-25 13:41:23 +02:00
f336393db9
systemd preset: enable pcscd for FINEID
2019-02-28 13:00:42 +02:00
81fcfb539d
systemd preset: Zaldaryn additions
2019-02-28 12:17:07 +02:00
758d4302ac
systemd preset: remove cjdns, enable ssh.service
2019-02-28 12:10:14 +02:00
284a50288c
sysctl.d: document privacy extensions & use double # for comments
2019-02-26 20:32:08 +02:00
cc0f5db3bd
dnscrypt-proxy: use dns.watch#2 as fallback reslver
...
84.200.70.40
2019-02-25 11:06:49 +02:00
07ae3bbef6
etc/sudoers.d/hibernate: allow suspend & change group to plugdev
...
It seemed like a suitable one from the default groups Debian creates.
2019-02-18 20:07:36 +02:00
d406334560
systemd preset: enable TTY & cups
2019-02-17 21:07:10 +02:00