Commit Graph

1854 Commits

Author SHA1 Message Date
288b010fe5
sshd: move mikaela-prohibit-password.conf to broken/
Apparently OpenSSH only allows PasswordAuthentication yes within a Match
block.
2021-02-02 14:12:43 +02:00
1be2720861
sshd: explicitly "terminate" Match blocks by Match All
https://unix.stackexchange.com/a/303982/17126 & man sshd_config
2021-02-02 13:58:35 +02:00
3260950712
sshd/anoncvs.conf: vcs users shouldn't ever be asked for a password
even if the system would allow that.
2021-02-02 13:06:04 +02:00
2711c5975e
NetworkManager.conf.d: add no-search-domains.conf 2021-02-02 12:52:34 +02:00
7ad17f8087
sshd/user-permit-password.conf: note on how to allow specific user to use passwords 2021-02-01 17:11:06 +02:00
1503367c86
sshd_config & ….d/README: note min version & date 2021-01-31 13:51:06 +02:00
f75bc7bd07
sshd/basic-security.conf: remove deprecated option
> /etc/ssh/sshd_config.d/basic-security.conf line 24: Deprecated option UsePrivilegeSeparation

OpenSSH_8.4p1, OpenSSL 1.1.1i FIPS  8 Dec 2020
2021-01-31 13:39:51 +02:00
0151bee9b0
sshd/mikaela-prohibit-password.conf: add AuthenticationMethods publickey 2021-01-30 22:15:51 +02:00
f1ea1e17d9
etc/ssh: rm copy 2021-01-30 21:35:05 +02:00
0572613d99
etc/ssh: cut sshd_config into multiple .confs 2021-01-30 21:31:38 +02:00
c5fa3daf29
sshd_config.d: read Mozilla docs & adjust accordingly
https://infosec.mozilla.org/guidelines/openssh
2021-01-30 21:18:41 +02:00
5211fb772c
sshd_config.d: add anoncvs.conf 2021-01-30 21:00:06 +02:00
de3a0739b4
sshd_config.d: add mikaela-prohibit-password.conf
Resolves: #88
2021-01-30 20:50:21 +02:00
a7c643bb7a
etc/sshd_config.d: add basic-security.conf
Ref: 88
2021-01-30 20:47:21 +02:00
35a118a5e8
i3: uncomment pasystray 2021-01-30 20:08:36 +02:00
b5b4feddd1
i3: start blueman-applet 2021-01-30 19:59:12 +02:00
8628ec28e0
yum.repos.d: add Dino 2021-01-30 11:01:17 +02:00
84ee7aeada
yum.repos.d: list Keybase too 2021-01-29 19:18:11 +02:00
27d1914424
etc: add dnf/dnf.conf & yum.repos.d/README.md 2021-01-29 19:15:08 +02:00
81296a241c
chrony: cut chrony.d/ into conf.d/ and sources.d/
I hope these are wider defaults than just Debian and allow me to not
conflit with package manager, but regardless having a separate
sources.d/ looks like a good idea for being able to `chronyc reload sources`
2021-01-29 12:56:38 +02:00
55b9a96a77
i3: attempt to fix shell command 2021-01-28 13:27:55 +02:00
e907b733a8
i3: fix most of terminals 2021-01-28 13:18:49 +02:00
fc0730d7a5
sudoers.d/protonvpn.conf: add /usr/bin/protonvpn 2021-01-28 13:13:28 +02:00
16b19fb34d
torrc-client: add etro.mikaela.info 2021-01-26 19:42:25 +02:00
0dc1b42265
add systemd user service for qbittorrent-nox 2021-01-25 11:28:04 +02:00
1062b0291d
i3: fix typo 2021-01-25 08:47:03 +02:00
585d364220
i3: ensure zsh getting used 2021-01-25 08:45:40 +02:00
cbcbac6a07
i3: switch to i3-dmenu-desktop as j4-demu-desktop isn't on Fedora 2021-01-24 21:48:45 +02:00
058796e467
i3: fix typo 2021-01-24 11:26:43 +02:00
63697d4694
i3: start adding Fedora depedencies 2021-01-24 11:21:09 +02:00
6216d8cda3
sudoers.d: add passwordless protonvpn-{tray,gui} 2021-01-16 20:40:21 +02:00
2df7aed162
chrony/yggdrasil: add comment & Kotka computers 2021-01-08 11:25:16 +02:00
Mikaela Suomalainen
0f94c59b81
chrony: add hetzner srevers 2020-12-19 13:03:54 +02:00
d60b12c105
{bash,zsh}rc: add udp to netstat-listening-ports alias 2020-12-17 08:05:52 +02:00
abb0c37ef2
unbound.conf.d: add yggdrasil-override.conf
Begins #89 at a better time
2020-12-15 20:34:01 +02:00
b26c9f698d
chrony/yggdrasil: add Etro 2020-12-15 14:30:30 +02:00
b20f3367b1
systemd/yggdrasil: add mullvad-exclude (& fix chrony override typo) 2020-12-09 09:38:49 +02:00
36b6a99e85
chrony.d: local-servers: add notes + xleave to the first comment 2020-12-09 08:44:34 +02:00
40d535f2c0
systemd/chrony.service.d/mullvad-exclude: actually fix this 2020-12-08 18:36:34 +02:00
f92b8d8d05
chrony.d/yggdrasil.conf: add y.Jolly-Roger 2020-12-06 19:49:12 +02:00
e27e88efd8
chrony.d: add hwtimestamp.conf 2020-12-06 19:26:04 +02:00
4a25481db2
chrony/yggdrasil.conf: add Sedric 2020-12-06 18:36:23 +02:00
5e94147e81
chrony.d/yggdrasil.conf: initial commit 2020-12-06 18:02:43 +02:00
2a615d8241
chrony: note that confdir and NTS require 4.0 2020-12-03 10:52:47 +02:00
e9aefd711b
blocklist.conf: refuse blocked instead of nxdomain
Only the Firefox DoH needs to be NXDOMAIN while REFUSE may be more
accurate for the rest.
2020-11-21 12:13:55 +02:00
e7a6e00b83
unbound/dns-over-tls: comment Adguard & NextDNS for not being in FI 2020-11-15 09:46:50 +02:00
aadcc009a0
unbound/dns-over-tls.conf: add Adguard (unfiltered) & NextDNS 2020-11-12 16:12:18 +02:00
3289a812ee
unbound: add dns-mullvad.conf (not encrypted)
Contains Mullvad Wireguard, OpenVPN and public addresses
2020-11-10 16:04:48 +02:00
e18f8a2326
mpv.conf: fix xorg crashing on me 2020-11-09 21:06:41 +02:00
44bc8faf4b
i3: decrease font size by 1
For fitting status bar comfortably with Sedric's HiDPI scaling, however
it's borderline uncomfortable with Kincarron now. How about I start
using per-device font sizes like with some other lines?
2020-11-09 17:13:20 +02:00