8472ffa7cd
NetworkManager: add manage-ifupdown.conf
2020-02-09 14:53:01 +02:00
9177966264
etc/default/grub.d: -supposedly & modprobe r8168
2020-02-09 14:50:43 +02:00
da2f090f56
logind.conf.d/lidclose.conf: mention systemd-rfkill, ref: #51
2020-02-03 22:41:47 +02:00
d54ec98f99
NM/iwd.conf: add missing line (enable --now iwd)
2020-02-03 21:40:11 +02:00
d8740f54e1
NetworkManager/conf.d: add iwd.conf for replacing wpa_supplicant
2020-02-03 21:15:35 +02:00
c0399054bb
etc/systemd/login.conf.d/lidclose.conf: ignore lid close
2020-02-03 19:36:05 +02:00
a82e3fd989
etc/NetworkManager: add no-mac-randomizing.conf
2020-01-28 23:12:54 +02:00
b04c724b5b
etc/default/grub.d: add flags to disable hibernating
2020-01-19 13:47:33 +02:00
2168bc47ed
apt/preferences.d: don't consider firefox/jami as badideas
2020-01-12 13:24:11 +02:00
86cb1a02dc
etc/xdg/autostart: add com.github.wwmm.pulseeffects.desktop
2020-01-11 22:25:33 +02:00
e47568e178
etc/xdg/autostart: add Nextcloud.desktop
2020-01-11 22:24:23 +02:00
5c6f66e5fc
etc/apt/preferences.d: add hacks/limit-buster
2020-01-11 22:11:25 +02:00
eabd12a26d
etc/apt/preferenced: move not-so-good-ideas to badideas/
2020-01-11 21:43:52 +02:00
31c53595f8
etc/apt/preferences.d: add limit-unstable from Wireguard
2020-01-11 21:41:09 +02:00
3011004856
NetworkManager/conf.d: add no-resolvconf.conf
2020-01-11 21:05:05 +02:00
346d726bb7
NetworkManager/unbound: note unbound-control-setup
2020-01-03 01:52:21 +02:00
2df7887dda
NetworkManager/conf.d: add unbound.conf
...
For Unbound which I generally use, even while it requires dnssec-trigger
2020-01-02 15:32:50 +02:00
6ae87b6de8
etc/default/grub.d: add oldifnames.cfg
...
see comments of the file for reason
2019-12-30 16:24:42 +02:00
05ffc40c7d
xdg/autostart: add Mullvad-VPN gui
2019-12-28 19:27:52 +02:00
a6c5902c08
etc/default/grub: add random.trust_cpu=on
...
Possibly some help to boot time entropy exhaustion, but it may have been
enabled by default already.
2019-12-27 19:46:30 +02:00
b1f7177d7f
etc/xdg/autostart: add dino & jami
2019-12-24 16:58:45 +02:00
4e640e3d50
etc/xdg/autostart: add Riot & -many to Telegram
2019-12-23 12:49:05 +02:00
bc46ad3119
torrc-client: add port 9119 for http
2019-12-23 12:48:33 +02:00
0c4bacc1ca
etc/xdg/autostart: add Gajim & Signal
2019-12-21 18:54:02 +02:00
7541d93206
dns-over-tls.conf: update BlahDNS-JP addresses
2019-12-01 12:48:02 +02:00
10b1b8ad86
unbound/dot: fix outdated comment
2019-11-03 00:49:19 +02:00
7b2c1568d1
unbound/dns-over-tls.conf: replace BlahDNS CH with FI
...
Shutting down on December 31th https://blahdns.com/
2019-11-03 00:15:59 +02:00
4e93c66d67
systemd/resolved.conf.d/quad9: expand on versions
2019-11-02 18:37:12 +02:00
d062d6675c
unbound/blacklist.conf: Riot has fixed it's habits
...
Integration manager and identity server can be configured in settings
2019-10-16 15:01:48 +03:00
5a1ed609ed
update etc/xdg/autostart/README.md
2019-10-12 19:02:45 +03:00
64934af736
etc/xdg/redshift: add icon & chmod +x
2019-10-12 19:02:27 +03:00
a79e9d3c21
etx/xdg/auostart: add com.wire.WireDesktop & telegramdesktop
2019-10-12 19:00:58 +03:00
a482390118
etc/xdg/autostart: deprecate unnecessary ones
2019-10-12 18:46:23 +03:00
1e636a65af
unbound/dns-over-tls.conf: enable BlahDNS over Yggdrasil
2019-10-08 20:52:41 +03:00
077b1a7679
etc/NetworkManager: move relevant parts to conf.d/
...
I have no idea when I have previously looked into those two files (git
history would probably tell me), but I don't think they make much sense,
while the important parts can be cut into conf.d/ and applied
individually as needed.
2019-10-04 20:18:32 +03:00
16e66010a2
etc/NetworkManager: add conf.d and cp from Itwjyg
...
Strangely Itwjyg is a special case system where I need systemd-resolved
and its opportunistic DNSSEC/DoT. I also accidentally forgot
dns-none.conf (then dns.conf) there, but systemd-resolved.conf appears
to have overridden it, so it was fine and I have now removed the extra
one.
2019-10-04 20:10:27 +03:00
cb79fa283a
apt/preferences.d/firefox: add l10n
2019-09-24 21:57:54 +03:00
f1b6101afd
apt/preferences.d: pin firefox[-esr] from sid
2019-09-24 21:46:13 +03:00
bda94cac72
etc/nginx: remove / from the proxies
...
while I still remember
2019-09-18 17:40:00 +03:00
ee03a773c0
apt/preferences.d: add jami
2019-09-17 17:22:15 +03:00
bc9848185d
i2pd: increase tunnel lengths to 2 in hope of better NAT evading
2019-09-15 14:40:44 +03:00
b3dc6ced51
systemd: initial i2pd.service & .d/override.conf
...
Begins #38
2019-09-15 13:52:57 +03:00
b614486427
etc/nginx: more modern working configs from Relpda
2019-09-13 16:32:01 +03:00
0ca2718569
unbound/blocklist.conf: use always_nxdomain, remove publicbt.com
2019-09-10 21:27:23 +03:00
01cd9e7b45
etc/fstab: notes on encryption, tmpfs, cleanup
2019-09-10 00:21:48 +03:00
541a4a4f15
etc/i2pd/tunnels.conf.d: add yggdrasil-in.conf
2019-09-09 14:40:09 +03:00
0c70f41afc
unbound/blocklist: uncomment vector.im, add use-application-dns.net
...
* Vector.im is the identity server that gets restored by itself and I
don't seem to ever have any business to Vector.im website, while
the other domains I need to visit at times.
* use-application-dns.net being NXDOMAIN tells Firefox to not send
traffic to Cloudflare DoH. I thought of this when I saw the news and
got courage to actually do this after seeing that DNSCrypt-proxy also
does so.
2019-09-07 14:42:15 +03:00
91025d7129
etc/default/grub.d: merge mds.cfg into mitigations.cfg
...
Ref: #33
Still missing documentation/comments
2019-09-06 12:38:42 +03:00
f4f8b3f529
grub.d/{mitigations,nosmt}.cfg: initial commit
...
TODO: documents
Ref: #34
2019-09-06 01:17:32 +03:00
47c7a3aca2
grub.d: add default-windows.cfg
...
Resolves : #33
2019-09-04 12:00:57 +03:00
4b214b0e0f
etc/default/grub.d: add nouveau
2019-09-04 11:40:06 +03:00
c91b1b97a9
systemd/system: add unit file for etherpad-lite
...
Closes : #27
2019-08-29 13:10:55 +03:00
319ae6c2bf
etc/modprobe.d/blacklist-hdmi-audio.conf: add source
2019-08-29 01:31:32 +03:00
9bb1dbb301
etc/modprobe.d: blacklist snd_hda_codec_hdmi
2019-08-29 01:27:40 +03:00
3f81f02bfd
etc/default/grub.d/sedric.cfg: acpi_backlight=vendor has no effect
2019-08-26 10:23:41 +03:00
06c56bbc78
etc/default/grub.d: add mds.conf for mitigating mds CPU vuln
...
Ref: #22
2019-08-25 20:32:38 +03:00
066c42717c
torrc-client: enable ClientPreferIPv6ORPort as my IPv6 works
2019-08-25 18:39:12 +03:00
9bcd2d61c7
unbound/*dns64*: add Cloudflare
2019-08-25 18:27:11 +03:00
aa2c53349d
unbound/plain-dns64.conf: add Google DNS
2019-08-25 18:21:16 +03:00
31aa6066b5
unbound/dns-over-tls.conf: don't mention forwards.conf
...
I renamed it.
2019-08-25 18:17:50 +03:00
41644a9b65
unbound: add dns64-over-tls.conf (broken for now)
2019-08-25 18:16:51 +03:00
6308c9af72
unbound: clean up plain-dns64.conf (only TREX for now)
2019-08-25 18:09:50 +03:00
04658408d4
unbound: rename forwards.conf -> plain-dns64.conf
2019-08-25 18:07:28 +03:00
3dc273fbe0
unbound: mention other files of interest in dot & add threads
2019-08-24 12:40:04 +03:00
6274ed8e13
unbound/dot: add nic.cz & nixnet
2019-08-24 12:02:26 +03:00
5462af3059
unbound/dot: add Lelux.fi
2019-08-24 11:57:42 +03:00
7afaa57882
unbound/dot: add Snopyta
2019-08-24 11:55:22 +03:00
4e4d19a765
unbound.conf.d/logging.conf: print statistics hourly
2019-08-20 18:05:19 +03:00
d7d252f98f
unbound/logging: add statistics printing
2019-08-20 17:41:43 +03:00
2c3fe4a5df
unbound: enable IPv6 preferring
2019-08-20 12:49:19 +03:00
be7c4185eb
etc/unbound/dns-over-tls: comment Cloudflare
2019-08-20 11:49:37 +03:00
56b5b905e2
fix github link, closes #16
2019-08-18 02:05:52 +03:00
26624bcd5d
unbound.conf.d: increase TTL to 15 mins from 5
2019-08-17 21:06:01 +03:00
d539237fbf
unbound/blocklist.conf: add source
2019-08-17 13:43:11 +03:00
057d42bafd
unbound/dns-over-tls.conf: fix typo
2019-08-17 13:40:39 +03:00
914fe1d26c
unbound/dot: finish adding providers
...
Ref: #15
2019-08-17 13:37:02 +03:00
410a02a968
unbound/dot: add securedns (both), dnswarden (adblock)
2019-08-17 13:23:28 +03:00
a5ccd88e70
unbound/dns-over-tls.conf: add server locations
...
Ref: #15
2019-08-17 12:34:03 +03:00
596c18c0e0
etc/unbound: add blocklist.conf
...
Closes : #13
2019-08-17 12:16:53 +03:00
601bd3ac86
unbound dot: alphabetical order
...
Ref: #15
2019-08-17 00:52:41 +03:00
39493f3bf9
unbound dot: move things around
2019-08-17 00:26:36 +03:00
b3a7266eb5
unbound.conf.d/dns-over-tls: remove Google
2019-08-17 00:14:41 +03:00
c78eecb547
unbound/dns-over-tls: add two port 443 resolvers
2019-08-17 00:10:32 +03:00
4de337722e
etc/apt/preferences.d: add testing-debug & rename stable.donotuse
...
Resolves : #124 (see comment)
2019-07-30 01:08:09 +03:00
2112575a98
etc/apt/preferences.d: commit dark magic that shouldn't exist
2019-07-30 00:52:32 +03:00
a01e53171e
grub.d/sedric.cfg: comment that acpi_osi=Linux doesn't work
2019-07-28 10:45:04 +03:00
100d9a7433
dnscrypt-proxy.toml: move cache above & add comments & min cache TTL 300
2019-07-23 16:13:22 +03:00
55050ec0e5
cache.conf: increase NXDOMAIN cache size and set min TTL to 300
2019-07-23 15:09:34 +03:00
2b8a460b63
etc/unbound: add cache.conf
2019-07-23 12:30:53 +03:00
93fa7a003c
etc/default/grub.d: add beep.cfg & sedric.cfg
...
beep.cfg is the default example on getting a beep on grub startup,
sedric.cfg just contains `acpi_osi=` which fixes the hardware keys for
some reason.
2019-07-22 18:56:38 +03:00
97006ddf9b
unbound.conf.d/logging.conf: quote the fine manual for unbound.conf
2019-07-22 17:18:53 +03:00
222a030cee
unbound/dns-over-tls: note version requirement 1.7.3
...
Debian 9 has 1.6.0 with which I am stuck for now. Debian 10 has 1.9.0
2019-07-22 16:52:07 +03:00
29eae6f89a
etc/dnscrypt-proxy: note I run Unbound in front of it
2019-07-22 16:25:21 +03:00
eb6315d92f
resolv.conf: add Quad9 and note I am not sure what it tries to be
...
Public DNS resolver with easy address list for emergency?
2019-07-22 16:22:55 +03:00
430b9b7bfc
resolv.conf: note local resolver separately from dnscrypt-proxy
2019-07-22 16:17:27 +03:00
7b83f84633
unbound/dns-over-tls.conf: add AdGuard DNS
...
I am surprised it actually works with DNSSEC validation enabled
2019-07-22 16:12:09 +03:00
ffbbe9e522
unbound: replace forwards.conf with dns-over-tls.conf
...
Simultaneously rm puntcat, their DNS appears to be down at the moment
and I didn't find their own homepage.
2019-07-22 16:05:05 +03:00
6ed44de3d1
unbound.conf.d: clarify logging.conf in a comment
2019-07-22 15:27:27 +03:00
bb14632b9a
unbound: add another Debian default
2019-07-22 15:16:34 +03:00
3b9acff361
etc/unbound add unbound.conf & unbound-control.conf
...
copy-pastes from Debian & Arch Wiki, however unbound-control in status
no as I guess it can be a hole most of time.
2019-07-22 15:14:11 +03:00
5569a1129c
unbound.conf.d/dnscrypt-proxy.conf: update for dnscrypt-proxy v2
...
Closes #121
2019-07-22 15:12:49 +03:00
fc5fb4d7bd
b6a511d6a6
: add comments
2019-07-20 11:37:28 +03:00
b6a511d6a6
etc: backup some apt.conf.d & preferences.d files
2019-07-20 11:09:42 +03:00
41f44924be
dnscrypt-proxy.toml: note 2.0.24 fastest -> first
2019-07-14 18:36:31 +03:00
117801ec9d
dnscrypt-proxy: fix comments
...
Resolves : #120
2019-07-14 18:15:35 +03:00
646956b4e0
dnscrypt-proxy.toml: restore Quad9 examples
...
Rbtpzn was using them for some reason and was hitting less errors than
Zaldaryn in as basic test as "apt update", so I guess it's worth having
it included. I think I am mainly leaving it for family devices.
2019-07-14 13:30:29 +03:00
a5868f6395
etc/sources.list: update testing for bullseye & add note to stable for it
...
> over the last years we had people getting confused over <suite>-updates
> (recommended updates) and <suite>/updates (security updates). Starting
> with Debian 11 "bullseye" we have therefore renamed the suite including
> the security updates to <suite>-security.
https://lists.debian.org/debian-devel-announce/2019/07/msg00004.html
2019-07-14 12:40:56 +03:00
2fe92afa26
etc/apt/sources.list: change keyserver
...
Ref: #119
I am not sure I would advice running that even if it happened to exist.
2019-07-01 11:50:26 +03:00
128f1781f3
torrc-client: add MapAddress for PirateIRC & freenode
...
Closes #118
2019-06-30 14:27:20 +03:00
a915db9f8a
etc/systemd: tor-services: add ExecReload
...
I am running `systemctl restart tor-client` too often to be comfortable.
2019-06-30 14:11:34 +03:00
bf3b91d93a
torrc-client: update from running config
...
Preparation to #118
2019-06-30 13:31:16 +03:00
5128e8646a
ipfs.service: use dht routing instead of dhtclient routing
2019-06-11 01:17:22 +03:00
85bd70f382
etc/systemd/system/ipfs: important notice for VPS/dedi/etc.
2019-06-11 01:12:28 +03:00
6ce553f84e
dnscrypt-proxy: fix cloudflare excluding
2019-06-02 22:30:49 +03:00
540798ed17
dnscrypt-proxy: use Socks Authentication
2019-05-22 12:01:34 +03:00
b96eb372d0
torrc-client: ensure IsolateSOCKSAuth & add HTTPTunnelPort
2019-05-22 11:58:05 +03:00
3eefbaf296
etc/tor/torrc-onehoponion: CookieAuthFile 0
2019-05-17 18:54:34 +03:00
7dbafe4a54
resolv.conf: more comments
2019-05-16 15:28:15 +03:00
21adba9a02
dnscrypt-proxy.toml: update ~~stories~~ comments
2019-05-15 10:48:11 +03:00
e972a47d4a
torrc-client: add SocksPorts and comment on two guards
...
I need unisolated port for dnscrypt-proxy which I fear would otherwise
generate too many circuits which wouldn't even be used and I guess
there is no harm in sending Yggdrasil to a separate port that only has
access to onions which is a port I may sometimes wish I have otherwise
too.
2019-05-15 10:31:47 +03:00
95bcf095df
VerifyHostKeyByDNS is supposed to be yes
...
fix previous commit, I imagine I changed it by accident.
2019-05-11 00:58:00 +03:00
e634ee8863
ssh_config: update comment for VerifyHostKeyDNS
...
OpenSSH is evil and gives you three not-optimal options to this:
A) trust DNSSEC and don't write known_hosts
B) ask whether to trust DNS, but don't bother telling me if it's signed
C) don't even check SSHFP
I see A) as the least evil, but I wish known_hosts was written.
Alternatively B) should tell me whether there is DNSSEC or not, not
only "matching keys found from DNS" or whatever it says always.
2019-05-09 18:44:36 +03:00
9e03598e3f
etc/apt/sources.list: add missing tor+ for Debian
2019-05-09 14:05:54 +03:00
0ce3c5f47a
dnscrypt-proxy: adjust sources, add prefixes
2019-05-07 00:55:07 +03:00
f978853d11
dnscrypt-proxy.toml: add onion resolvers
2019-05-07 00:23:51 +03:00
d2bd2be652
systemd/zeronet.service: use Python 3 & always use Tor
2019-05-05 20:28:14 +03:00
d8ba42bdd1
etc/tor: disable control, document enabling for client
2019-05-04 20:41:18 +03:00
8e01a42c62
etc: systemd & tor: add tor-onehoponion (and torrc-relay)
2019-05-04 17:26:57 +03:00
c726daa62c
etc/tor/torrc-client: add comments
2019-05-04 16:55:08 +03:00
b0ef3a18f6
torrc-client: remove deprecated ClientPreferIPv6DirPort comment
...
> The ClientPreferIPv6DirPort option is deprecated, and will most likely be removed in a future version of Tor. It has no effect on relays, and has had no effect on clients since 0.2.8. (If you think this is a mistake, please let us know!)
2019-05-04 16:28:58 +03:00
9c8cf613cd
etc/systemd: add tor-client.service & tor: add torrc-client
2019-05-03 12:31:33 +03:00
4c2b21bbfa
ipfs.service: add routing note
2019-05-01 23:30:12 +03:00
ce84c26bcd
ipfs.service: adapt lowpower profile & mention badgerds
...
If the lowpower option uses values 40 and 20 which are a lot higher than
mine were and considered suitable for laptops and smartphones, I guess
they are the best for me to use and I find content faster.
2019-04-23 13:51:18 +03:00
6981481c77
ipfs.service: add options I forgot before
2019-03-26 22:26:25 +02:00
3ecfc2473d
ipfs.service: document my IPFS config
...
Closes #111
2019-03-26 22:05:52 +02:00
a90243a55a
dnscrypt-proxy.toml: use Quad9 while waiting for disabled_server_names
2019-03-26 10:12:57 +02:00
466a7bc2c1
etc/systemd/resolved.conf.d: add some configs
...
These aren't seeing real world usage though as the only host not running
dnscrypt-proxy has too old systemd.
2019-03-25 13:41:23 +02:00
f336393db9
systemd preset: enable pcscd for FINEID
2019-02-28 13:00:42 +02:00
81fcfb539d
systemd preset: Zaldaryn additions
2019-02-28 12:17:07 +02:00
758d4302ac
systemd preset: remove cjdns, enable ssh.service
2019-02-28 12:10:14 +02:00
284a50288c
sysctl.d: document privacy extensions & use double # for comments
2019-02-26 20:32:08 +02:00
cc0f5db3bd
dnscrypt-proxy: use dns.watch#2 as fallback reslver
...
84.200.70.40
2019-02-25 11:06:49 +02:00
07ae3bbef6
etc/sudoers.d/hibernate: allow suspend & change group to plugdev
...
It seemed like a suitable one from the default groups Debian creates.
2019-02-18 20:07:36 +02:00
d406334560
systemd preset: enable TTY & cups
2019-02-17 21:07:10 +02:00
5fe9477c55
etc/systemd: add ipfs.service & zeronet.service
...
Closes #101
2019-02-12 20:32:40 +02:00
993d3f6994
systemd preset: enable yggdrasil-resume
2019-02-08 10:21:14 +02:00
0afc716ccf
Partially revert f7fbf35109
...
That was just too evil, especially as the line has moved to my i3wm
config where nothing else I have tried works.
2019-02-04 20:33:31 +02:00
518c9fcdaf
i3: add hibernation & sudoers.d: allow passwordless hibernate
2019-01-30 20:12:38 +02:00
f7fbf35109
update setxkbmap and hope no one else is using these files
2019-01-30 19:16:45 +02:00
d29a0532d2
Debian sources.list: disable http security, use https CDN & Tor
2019-01-23 10:18:35 +02:00