a5ca47e88d
nginx: X-Xss-Protectio & -Content-Type-Options
...
via https://securityheaders.io/ via znc/znc#1168
2015-10-25 09:18:34 +02:00
47eac3b6eb
sources.list README: add wget method
2015-10-17 14:31:48 +03:00
650829aea9
nginx: add Upgrade Insecure Requests
...
http://caniuse.com/#feat=upgradeinsecurerequests
2015-09-23 17:50:11 +03:00
02f4f2f0d4
profile.d/mikaela.sh: set TZ to $(date +%Z)
...
Also remove the commented Steam thing as it's Antergos-only issue.
2015-09-13 10:46:38 +03:00
c42ae8eb43
ssh: also send EDITOR
2015-09-12 11:45:42 +03:00
fdf8255372
ssh: send/accept also TZ TERM
2015-09-12 11:42:44 +03:00
0f00443a7b
sshd_config: mention the LC_ALL anyway
...
my config files are horrible, too many comments.
2015-09-06 18:42:36 +03:00
96ca38818f
sshd_config: don't talk so much about locales
2015-09-06 18:40:02 +03:00
801e3e0941
sshd_config: AcceptEnv LANG, LANGUAGE LC_*
...
but not LC_ALL and there is no asterisk, the varibles are allowed
separately. It's very unlikely that someone invents a new locale type.
2015-09-06 18:36:48 +03:00
a3d5fbd9d7
sshd_config: http://serverfault.com/a/660325
2015-09-06 18:27:50 +03:00
a0352630fd
sshd_config: verbose logging of sftp
2015-09-06 17:37:34 +03:00
8d55bc53db
sshd_config: use internal sftp & fixes
...
thanks again @grawity
2015-09-06 17:20:12 +03:00
c82b706942
fix 7470403158
...
thanks @DarthGandalf and @grawity on #znc
2015-09-06 17:13:21 +03:00
7470403158
sshd_config: add Fedora & Gentoo sftp-server
...
thanks Conjuro and @DarthGandalf on #znc
2015-09-06 17:09:55 +03:00
774346c8d0
fix sshd_config
2015-09-06 08:42:29 +03:00
68c6da5aec
ssh_config: fix comments
2015-09-06 08:15:17 +03:00
dc9f8b0ab5
sort sshd_config
2015-09-06 08:12:41 +03:00
c3f351d21f
sshd_config: add commented AcceptEnv
...
and reason why it's commented, security, ShellShock worked with remotely
sent environent variables even with restricted accounts.
2015-09-06 07:33:32 +03:00
90c86466dd
ssh_config: also sendenv LANGUAGE
2015-09-06 07:30:41 +03:00
6fc4b6a29b
ssh_config: add missing dot
2015-09-05 23:50:31 +03:00
28c2f0b8d8
ssh_config: SendEnv LANG LC_*
2015-09-05 23:46:00 +03:00
c50516ced3
etc/xdg/autostart: add redshift-gtk
2015-09-05 22:57:45 +03:00
c2b93abe27
relevant systemd services: after network-online
2015-09-05 09:07:41 +03:00
bd3ee60e61
ssh_config: fix paste fail
2015-09-02 08:33:02 +03:00
66f604a6dd
ssh_config: add UpdateHostKeys yes
2015-09-02 08:15:16 +03:00
c05b52354f
sshd_config: restore Client*
...
I am sure I committed them already, but they have disappeared somewhere.
Maybe I accidentally overwrote them.
2015-09-01 17:37:33 +03:00
888686ef48
etc/ssh/copy: add verbosity
2015-09-01 17:32:56 +03:00
c2c0c4fa08
etc/ssh: add copy script
2015-09-01 17:31:42 +03:00
25bf96e30a
ssh_config: my ssh key is not system-wide
2015-09-01 17:16:37 +03:00
96dfc06668
ssh_config: remove unrelated comments
2015-09-01 17:06:33 +03:00
defa0b9df1
etc/ssh: add ssh_config
2015-09-01 16:48:27 +03:00
4cdf8dfe71
sshd_config: add ClientAliveCountMax ClientAliveInterval
2015-09-01 16:40:56 +03:00
73e9e99d9c
sshd_config: cleaning up
2015-08-30 16:54:21 +03:00
c922d0aa37
etc/ssh/sshd_config: fix banner
2015-08-28 19:25:26 +03:00
7e4bbfba5a
sshd_config: also remove ecdsa keys
2015-08-28 14:29:34 +03:00
04df2e532b
update sshd_config from Arch
...
OpenSSH 7.1p1-1
Note the sftp subsystem which differs between at least Debian and Arch.
2015-08-28 14:00:25 +03:00
f69a361ed1
sshd_config: deprecate dsa
2015-08-28 13:54:36 +03:00
ae6651cd47
systemd: add reflector.service
2015-08-25 14:13:44 +03:00
7ff510b42b
add etc/install
...
Closes #74
2015-08-22 15:10:01 +03:00
bec7aced22
etc/systemd/system: README updates
2015-08-21 19:27:40 +03:00
76633ba61d
add etc/unbound/dnscrypt-proxy.conf
2015-08-21 19:16:12 +03:00
18931c320a
add dnscrypt proxy services
...
Thanks @Fusl
Fixes #63
2015-08-21 19:09:39 +03:00
dc5531dfcd
cleaning etc/systemd/system
2015-08-21 19:06:11 +03:00
c4dcb39b8c
nginx: remove the neverused vhost
2015-08-20 20:47:18 +03:00
3a32185433
etc/nginx/sites-availble: add X-Frame-Options
2015-08-20 20:36:32 +03:00
a06465d161
unbound: move forwards.conf under unbound.conf.d
2015-08-20 18:39:40 +03:00
2ab0601c8d
systemd: remove dnscrypt-proxy & add miredo
2015-08-20 18:29:00 +03:00
3065c552da
resolv.conf: add ::1 anyway
2015-08-20 15:24:57 +03:00
c8dcba24a3
major cleaning
2015-08-20 15:22:22 +03:00
baff3f7dd1
clean resolv.conf
2015-08-20 15:09:13 +03:00
e3b067cf5d
etc/resolv.conf: swap Google DNS
...
I prefer them to be in order primary and seconary if I use both and as
IPv6 is above it should be the primary making IPv4 below secondary.
2015-08-16 12:07:59 +03:00
a55ab90ca3
resolv.conf: replace OpenDNS with Google
...
If both Google servers go down, there are still the others which unbound
that I run on all devices is using.
2015-08-16 12:05:50 +03:00
f6b562f517
comment on etc/resolv.conf
2015-08-16 11:30:06 +03:00
518a5c2a17
sources.list: add (Ubuntu) devel
2015-08-06 12:01:21 +03:00
93d775c3a5
fix etc/profile.d/mikaela.sh
2015-07-29 10:16:30 +03:00
632f2f2b6b
sources.list: clean Ubuntu ones
2015-07-29 10:04:54 +03:00
741c6a8571
sources.list/ubuntu: add commented proposed
...
Closes #79
2015-07-28 19:23:48 +03:00
aeeed423df
sources.list/ubuntu: coment ddebs
2015-07-28 19:09:26 +03:00
95dc6cfa17
sources.list: ubuntu: add ddebs.ubuntu.com
...
https://wiki.ubuntu.com/DebuggingProgramCrash
2015-07-28 19:06:38 +03:00
fa44f85e48
sources.list: chmod +x install*
2015-07-28 18:59:03 +03:00
6b527a87cb
sources.list: 14.10 is EOL
2015-07-24 09:06:19 +03:00
2ba606cce6
nginx: HSTS: subdomains & preload
2015-07-22 12:55:51 +03:00
ff94369b6d
sources.list/README: add missing rm
2015-07-12 11:52:28 +03:00
93e5eab3f5
sources.list: fix install scripts
2015-07-12 11:39:41 +03:00
b4f3ac370e
sources.list/install: add missing shebang
2015-07-12 11:36:38 +03:00
87ffc8515e
sources.list: improve README
2015-07-12 11:35:53 +03:00
8783d0d5b7
sources.list: add install scripts
...
Closes #78
2015-07-12 11:26:47 +03:00
2fd3c3986b
sources.list: add README & touch scripts
...
ref: #78
2015-07-12 11:21:38 +03:00
60402c6999
sources.list: add forgotten stretch
2015-07-12 11:06:03 +03:00
abc4060a3a
sources.list: add sid so both scripts work
2015-07-12 11:03:51 +03:00
6400fd909e
sources.list: rename debian* to codenames
...
So they are compatible with the function which uses `lsb_release -sr`.
2015-07-12 10:51:19 +03:00
f98e2a4375
somewhat rewrite etc/oidentd.conf
2015-07-09 10:48:28 +03:00
cf13b0faaf
sources.list/squeeze: add squeeze-lts
2015-07-07 17:10:43 +03:00
b16ae44601
Revert "services: remove unneeded pidfiles"
...
This reverts commit 98093edc99
.
* * * * *
They aren't needed if systemd starts the service, but what if user
services are used together with cron and liching isn't allowed?
2015-07-07 10:10:10 +03:00
b6969cd7fe
rm debianu as git didn't like it
2015-07-06 15:22:23 +03:00
0a8c630265
http.debian.net --> httpredir.debian.org
...
I was told that it moved and moving to debian.org means that it's now
officially supported :)
2015-07-06 15:18:25 +03:00
fe1890ea34
debianu --> sid & ln -s sid debianu
...
sid makes more sense and as it has static codename, why to not use it?
2015-07-06 15:08:42 +03:00
805f669954
sources.list: add supported Debians
...
also remove the top line and add debianu for unstable.
2015-07-06 15:05:31 +03:00
6cb22a6de2
sysctl/60-mikaela.conf: mention systemd-networkd
2015-06-24 16:09:05 +03:00
a5de194c6f
fix sysctl.d/60-mikaela.conf
...
EUI-64, not SLAAC & privacy extensions for all
2015-06-24 15:12:11 +03:00
1f1d071e5e
systemd/network: rename enp… eth0 & timesyncd
2015-06-07 19:12:15 +03:00
47b05e1bd9
fix aliendalvik-stopper.service
2015-05-27 12:09:31 +03:00
4391fb5c19
systemd: aliendalvik-stopper
2015-05-27 12:00:35 +03:00
bf03a22823
systemd/system: update README
...
https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme
2015-05-23 11:29:18 +03:00
3370327db0
ydns-simple service & timer
2015-05-22 20:15:23 +03:00
9ac3c776d7
sysctl.d: net.ipv6.conf.default.use_tempaddr
2015-05-14 19:04:35 +03:00
e512759368
fix resolv.conf
2015-05-14 00:16:49 +03:00
e660ec9b21
resolv.conf: use IPv4 localhost
...
because of the other files I added maybe in previous commit
2015-05-13 22:27:22 +03:00
17b5596d80
etc: dnscrypt
2015-05-13 22:20:28 +03:00
8e952350e7
etc/resolv.conf: don't be so verbose
2015-05-13 20:52:48 +03:00
b761f8f5ed
add etc/resolv.conf
2015-05-13 20:49:35 +03:00
cbbd9dcf2c
nginx/host: enable HSTS
2015-05-12 18:41:24 +03:00
8e433e3660
etc/xdg/autostart: README, linphone, redshift§
2015-05-08 09:08:30 +03:00
43af7aef52
sources.list: rm ubuntu
2015-05-05 07:56:39 +03:00
adb361bc0e
sources.list: 15.10
2015-05-05 07:56:11 +03:00
a9eaecf61c
unbound: add dns.watch & puntcat
2015-05-01 17:05:58 +03:00
0510858a0d
etc/unbound: remove non-DNSSEC resolvers
2015-05-01 15:10:49 +03:00
e9ad27c7ff
etc/systemd/network: add enp0s18.network
...
from Rbtpzn
2015-04-29 10:41:42 +03:00
9e37b3b2d8
etc: nsswitch.conf, not fully
2015-04-28 13:14:25 +03:00
27d24a81b1
copy ipv6 services
2015-04-23 22:38:30 +03:00
3d54d51c24
rm dnsmasq & fedora
...
I am not using either. The only Fedora here was Pidora and it has died
some time ago and the project is a little slow.
I am currently wondering whether to start learning FreeBSD by putting it
on the Pi.
2015-04-22 22:50:54 +03:00
f74a76250b
Rename Manjaro --> Arch
...
I didn't ever try Manjaro outside of Virtualbox and I have learned that
Manjaro is not good. I am currently using Antergos which is Arch + one
custom repo, so I feel I can rename to Arch.
2015-04-22 22:42:01 +03:00
146738e147
etc: add oidentd.conf
...
This file is not shipped on Arch.
2015-04-22 22:27:24 +03:00
3b976e3cd4
move sysctl from \*rc functions to etc/sysctl.p/
2015-04-22 22:20:30 +03:00
9d5721899e
systemd units: add oidentd.socket
...
With my sysctl config oidentd is IPv6 only unless `BindIPv6Only=both`
is added.
2015-04-22 22:12:06 +03:00
bb8d854150
NO MORE UNBREAKABLE SPACE! :D
...
(Serious commit messages™)
2015-04-10 18:36:06 +03:00
55e4921e64
etc/profile.d: copy from Antergos just in case
2015-04-08 20:08:07 +03:00
a5c9156eb4
sources.list/15.04: drop extras.ubuntu.com
...
It's dead
https://bugs.launchpad.net/ubuntu/+source/apt-setup/+bug/1409555
2015-04-05 23:21:44 +03:00
ca7f295036
map compose to left super
2015-03-23 09:17:02 +02:00
a2712ca422
etc: add x keyboard
2015-03-23 09:15:52 +02:00
8729f1cb37
Ubuntu 14.10 sources.list: fix Ubuntu MATE PPA
...
Ubuntu MATE decided to change their PPA and the install image most
likely will be missing this change, so I must add it here.
https://ubuntu-mate.org/blog/ubuntu-mate-utopic-ppa/
2015-03-19 21:54:35 +02:00
bf5409616a
etc/nginx readme: add manjaro other than php
2015-03-13 15:40:24 +02:00
b1e1581fe3
unbound: add manjaro
...
closes #69
2015-03-13 15:08:19 +02:00
6457bc4361
unbound: add config for Pidora
...
ref: #69
2015-03-12 11:46:37 +02:00
6820fa23d7
fix unbound config files
2015-03-12 11:44:03 +02:00
d2e8d49ec2
unbound: disable OpenDNS
...
Missing DNSSEC causes my Pidora to SERVFAIL. Now checking if this is
cause of #69...
2015-03-12 11:33:52 +02:00
73ffff658c
mysql: fix unicode.cnf
...
https://mathiasbynens.be/notes/mysql-utf8mb4
2015-02-27 11:12:04 +02:00
c391357cf7
sources.list: add security.ubuntu.com & rm MATE
...
For some reason I had thought that the default installation uses local
mirror instead of the main repo so I used that.
I also removed MATE now as it causes dupliate warnings with Ubuntu MATE
and it's not needed starting from 15.04. It's also not difficult to
find.
2015-02-27 10:10:58 +02:00
de26949c16
unbound: uncomment the dnssec line
...
it seems that I am accidentally removing the trust anchor includer file…
2015-02-19 18:43:08 +02:00
98093edc99
services: remove unneeded pidfiles
2015-02-19 14:30:49 +02:00
ca71eef52e
fix supybot.service
...
ref: #63
2015-02-19 14:16:15 +02:00
766a756914
add untested supybot.service
2015-02-19 14:06:53 +02:00
f54bc8d573
add znc.service
...
Ref: #63 - based on the included unit file and znc/znc#647
2015-02-19 12:42:45 +02:00
44b2b2ada9
etc: import mariadb conf.d
2015-02-16 13:58:37 +02:00
fc35481c8d
unbound: fix access-control.conf
...
* .conf was missing from the end
* comment access allowing
* fix wrong CIDR
2015-02-12 08:22:02 +02:00
Mikaela Suomalainen
6c06e01f0f
etc/resolv.conf.d/head: remove commented DNS servers
...
they are in etc/unbound/unbound.conf.d/forwards.conf
2014-12-31 16:55:26 +02:00
Mikaela Suomalainen
a45d82b0b0
unbound: rm dnsmasq.conf
2014-12-29 16:04:24 +02:00
Mikaela Suomalainen
04ccc1ba14
unbound: fix interfaces
2014-12-29 12:55:37 +02:00
Mikaela Suomalainen
c22386c5d4
unbound: add access-control
2014-12-29 12:28:06 +02:00
Mikaela Suomalainen
76d4ed352f
make unbound files more clear
2014-12-29 12:10:20 +02:00
Mikaela Suomalainen
e628c006b3
etc/apt/preferences.d: add no-dnsmasq
...
This is yet another template. I ended up adding this to one host as
dnsmasq was dying by itself and it didn't want to leave peacefully.
2014-12-28 18:36:29 +02:00
Mikaela Suomalainen
c0a9ecf7a1
etc/<dns servers>: increase cache size
2014-12-27 12:28:03 +02:00
Mikaela Suomalainen
938247e19f
etc: import from gh-pages
2014-12-27 11:09:00 +02:00