shell-things

mirror of https://gitea.blesmrt.net/mikaela/shell-things.git synced 2024-11-13 03:49:22 +01:00

Author	SHA1	Message	Date
Mikaela Suomalainen	62573195d9	systemd: add matterbridge-cleanup.{service,timer} Resolves: #98	2021-11-21 17:11:44 +02:00
Mikaela Suomalainen	13278214d1	matterbridge.timer: OnBootSec=0 just in case Ref: #98	2021-11-21 16:59:05 +02:00
Mikaela Suomalainen	29f7cf6b98	systemd: first attempt at matterbridge restarter timer Ref: #98	2021-11-21 16:52:14 +02:00
Mikaela Suomalainen	4f50f4a367	systemd-resolved: don't DNSSEC with adblocking	2021-11-21 11:37:03 +02:00
Mikaela Suomalainen	12fe7a59a8	etc/systemd/resolved: add configuration for Mullvad DoT	2021-11-21 11:16:11 +02:00
Mikaela Suomalainen	d49b78680b	etc/resolv.csv: add CZ.NIC ODVR Ref: #110 Ref: #112	2021-11-07 18:59:16 +02:00
Mikaela Suomalainen	1e40420115	unbound: rm outdated yggdrasil-override Ref: #89	2021-10-05 12:38:16 +03:00
Mikaela Suomalainen	bfa51f500b	unbound/dns-over-tls.conf: stop advertising Debian 9	2021-10-05 12:34:10 +03:00
Mikaela Suomalainen	ee293669d9	unbound: add dot-flushable-cache.conf Resolves: #105	2021-10-05 12:33:40 +03:00
Mikaela Suomalainen	862808fe07	etc/yum.repos.d: partially rewrite README.md Main problem was "dnf still reads this repository apparently" where the word "repository" was wrong, and I couldn't fix it without changing everything :)	2021-10-05 12:18:42 +03:00
Mikaela Suomalainen	4b57b299cc	etc/yum.repos.d/*.repo: rename descriptively The fedora-dino.repo was unfriendly towards Windows (#106) and I noticed that the other renamed files contained Fedora, so I think they should be named appropiately. microsoft-edge-dev.repo mentioned generally yumrepos, so it seems to not be Fedora specific.	2021-10-05 12:13:11 +03:00
Mikaela Suomalainen	e49187f9dc	chrony/README: fix Windows doc	2021-10-05 10:59:53 +03:00
Mikaela Suomalainen	12127744b5	systemd: also keep trying Chrony	2021-10-03 09:58:59 +03:00
Mikaela Suomalainen	84e714b55e	systemd: keep retrying yggdrasil, don't sleep	2021-10-03 09:58:03 +03:00
Mikaela Suomalainen	38ef6e7314	chrony/sources/nts: add nts.netnod.se They appear to be the only bigger party hosting NTS in addition to Cloudflare and being in neighbouring country isn't too bad Via https://gist.github.com/jauderho/2ad0d441760fc5ed69d8d4e2d6b35f8d which encouraged me to look into them a bit more. Additionally having read chrony or chrony.conf manual on default behaviour implying NTS servers are "require trust" and when mixing them with NTP servers, NTP servers never get selected unless they agree with NTS servers.	2021-09-26 21:28:06 +03:00
Mikaela Suomalainen	61ad1e935b	00-ptrace-restricted.conf: set to 3 I cannot remember when I last needed it and this makes Edgium about:sandbox happy	2021-09-06 18:45:38 +03:00
Mikaela Suomalainen	575b68fe3a	etc/apt/sources.list/stable: update security name https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#security-archive	2021-08-15 00:42:58 +03:00
Mikaela Suomalainen	c8189a3aa6	chrony/yggdrasil.sources: update jolly-roger address	2021-08-08 00:07:01 +03:00
Mikaela Suomalainen	a7ea71ae38	chrony/conf.d: add cmd.conf Ref: #95 which this attempts to workaround and fails	2021-08-07 23:56:38 +03:00
Mikaela Suomalainen	a43478e430	chrony: add broken NTS configuration Ref: #94	2021-08-07 23:52:15 +03:00
Mikaela Suomalainen	a9f34a8d1c	sysctl/questionable: 99-nonlocalbind.conf Resolves: #55	2021-06-27 17:43:34 +03:00
Mikaela Suomalainen	8f09ff7d45	chrony/confdir: add fedora-sourcedir.conf Fedora doesn't specify non-DHCP sourcedir by default so I specify one here	2021-06-26 23:24:51 +03:00
Mikaela Suomalainen	0c5413171f	sysctl.d: add 00-max-ipv6-route.conf	2021-06-20 00:42:24 +03:00
Mikaela Suomalainen	1c0073920a	pipewire/README: more on pro-audio, alsamixer and not deafening	2021-06-19 23:45:19 +03:00
Mikaela Suomalainen	c73d7a3a0c	sysctl.d: 00-magicsysrq.conf -> 60-magicsysrq.conf Otherwise Fedora seems to overwrite it with priority 50 file	2021-06-19 15:49:27 +03:00
Mikaela Suomalainen	3b99675a34	etc/sysctl.d: go through, mkdir questionable/ Resolves: #93	2021-06-19 15:41:49 +03:00
Mikaela Suomalainen	9c7d0c6210	etc/ssh/config.d: add example.conf So I can stop having to dig this from manual every time I want to configure a new host, and a couple of options I haven't used previously, but could as they seem nice	2021-06-18 13:48:41 +03:00
Mikaela Suomalainen	a5836327c4	etc: pipewire & bluetooth: enable codes, battery reporting https://web.archive.org/web/20210614103423/https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html	2021-06-14 13:36:34 +03:00
Mikaela Suomalainen	437a417697	etc/pipewire/…: say that using Pro-audio is enough fix	2021-06-14 12:13:57 +03:00
Mikaela Suomalainen	93823eabd6	sysctl.d: add 23-starts-unprivileged-ports.conf Self-explanatory within comments. Link list notes to selves contributing into this version: * https://kernelnewbies.org/Linux_4.11 * https://stackoverflow.com/a/51439516 * https://stackoverflow.com/questions/413807/is-there-a-way-for-non-root-processes-to-bind-to-privileged-ports-on-linux#comment90027734_51439516 * https://developer.apple.com/forums/thread/674179 * https://news.ycombinator.com/item?id=18302380 * https://security.stackexchange.com/q/242859 * https://stackoverflow.com/questions/413807/is-there-a-way-for-non-root-processes-to-bind-to-privileged-ports-on-linux#comment90027734_51439516	2021-06-12 21:52:39 +03:00
Mikaela Suomalainen	75731868e7	unbound/dns-over-tls.conf: allow non-Finnish anycast & note being used on servers	2021-06-11 19:39:57 +03:00
Mikaela Suomalainen	126918d98d	systemd/limnoria.service: add TZ env & RestartSec	2021-06-02 17:50:30 +03:00
Mikaela Suomalainen	30a308d29f	torrc-client: add MapAddress for palladium.libera.chat https://libera.chat/guides/connect#verifying-tor-tls-connections	2021-05-27 17:50:03 +03:00
Mikaela Suomalainen	6576e83901	etc/tor/torrc-client: add irc.ergo.chat	2021-05-27 02:52:30 +03:00
Mikaela Suomalainen	6f7016a596	torrc-client: add irc.liberta.casa	2021-05-22 13:16:26 +03:00
Mikaela Suomalainen	c1768cae67	systemd: "rewrite" supybot -> limnoria, move znc, rmdir irc/	2021-05-16 18:00:31 +03:00
Mikaela Suomalainen	306270c441	etc/systemd: rm cjdns & miredo, I am unlikely to use them again	2021-05-16 11:15:34 +03:00
Mikaela Suomalainen	49facd9d39	etc/dnf.conf: comment tor example	2021-05-05 20:43:52 +03:00
Mikaela Suomalainen	aa18d746db	etc/pipewire/README.md: cut a long line into two	2021-05-05 11:02:53 +03:00
Mikaela Suomalainen	4b445c2aaf	etc/pipewire: remove the ...example.donotuse I am quite sure that the config file has changed so much that the file wouldn't work anyway and I don't think I really need it with the important part being in the README.md	2021-05-05 11:01:50 +03:00
Mikaela Suomalainen	c6a75f0962	ssh/anoncvs.conf: fix typo	2021-05-04 16:18:31 +03:00
Mikaela Suomalainen	447e8192c2	etc/default/grub.d: add remember-previous.cfg	2021-04-30 20:05:22 +03:00
Mikaela Suomalainen	ad6ac7d45e	dnf.conf: double max_parallel_downloads	2021-04-28 12:32:58 +03:00
Mikaela Suomalainen	1ad289aa49	unbound/dot-mullvad-adblock.conf: add missing port number	2021-04-27 21:40:16 +03:00
Mikaela Suomalainen	41879fe5e8	unbound.conf.d: rm dns-mullvad, add dot-mullvad[-adblock]	2021-04-27 21:35:58 +03:00
Mikaela Suomalainen	61d19724fa	resolv.csv: add Mullvad	2021-04-27 21:30:46 +03:00
Mikaela Suomalainen	e4c9d168ba	yum.repos.d: add tor.repo	2021-03-28 09:41:15 +03:00
Mikaela Suomalainen	6f8c7de6af	unbound.conf.d: add 00-insecure-domains.conf (WiFi repeater config)	2021-03-14 21:00:32 +02:00
Mikaela Suomalainen	3b4847f447	yum.repos.d/protonvpn-unstable: remove unneeded expansions Fixes pkcon complaining	2021-03-13 18:29:30 +02:00
Mikaela Suomalainen	134999487f	yum.repos.d: add microsoft-edge-dev.repo	2021-03-07 16:46:47 +02:00
Mikaela Suomalainen	93b9bc5ba6	yum.repos.d: move Dino from README to .repo	2021-03-07 16:37:15 +02:00
Mikaela Suomalainen	267f68ae80	yum.repos.d: add microsoft-prod.repo	2021-03-07 16:36:04 +02:00
Mikaela Suomalainen	e5c259eda6	README.md: write about soft-mixer	2021-03-02 12:21:58 +02:00
Mikaela Suomalainen	85d97aec3e	apt/preferences.d/pulseaudio: pin priority -1 backports too	2021-03-01 19:08:18 +02:00
Mikaela Suomalainen	51b0b5dde5	sudoers.d/protonvpn: add more paths & potential legacy note	2021-02-27 09:02:10 +02:00
Mikaela Suomalainen	5903664cb7	yum.repos.d: add protonvpn-unstable.repo	2021-02-26 14:10:38 +02:00
Mikaela Suomalainen	f21e22e80f	etc/sudoers.d: fix name, make notes to README.md	2021-02-26 11:34:20 +02:00
Mikaela Suomalainen	267dd77604	im.riot.Riot.desktop: add missing word "run"	2021-02-19 14:27:16 +02:00
Mikaela Suomalainen	8463fa8f5c	local/share/applications: Riot -> Element Package name hasn't changed though so I imagine the icon is the same too	2021-02-19 13:59:27 +02:00
Mikaela Suomalainen	95a44d0be9	etc/pipewire: document the volume cutoff (pulseaudio style) workaround	2021-02-18 14:51:22 +02:00
Mikaela Suomalainen	c8e89a5817	systemd: add coredump.conf.d/biggercores.conf	2021-02-18 14:47:23 +02:00
Mikaela Suomalainen	8155bec959	sysctl.d: add 00-quic-go-udp-receive-buffer.conf So I will remember it's existence	2021-02-13 09:36:28 +02:00
Mikaela Suomalainen	a0c61231f4	systemd/resolved.conf.d: add snopyta-strict.conf While posting an example how I would do it I might as well put it here	2021-02-10 16:12:42 +02:00
Mikaela Suomalainen	288b010fe5	sshd: move mikaela-prohibit-password.conf to broken/ Apparently OpenSSH only allows PasswordAuthentication yes within a Match block.	2021-02-02 14:12:43 +02:00
Mikaela Suomalainen	1be2720861	sshd: explicitly "terminate" Match blocks by Match All https://unix.stackexchange.com/a/303982/17126 & man sshd_config	2021-02-02 13:58:35 +02:00
Mikaela Suomalainen	3260950712	sshd/anoncvs.conf: vcs users shouldn't ever be asked for a password even if the system would allow that.	2021-02-02 13:06:04 +02:00
Mikaela Suomalainen	2711c5975e	NetworkManager.conf.d: add no-search-domains.conf	2021-02-02 12:52:34 +02:00
Mikaela Suomalainen	7ad17f8087	sshd/user-permit-password.conf: note on how to allow specific user to use passwords	2021-02-01 17:11:06 +02:00
Mikaela Suomalainen	1503367c86	sshd_config & ….d/README: note min version & date	2021-01-31 13:51:06 +02:00
Mikaela Suomalainen	f75bc7bd07	sshd/basic-security.conf: remove deprecated option > /etc/ssh/sshd_config.d/basic-security.conf line 24: Deprecated option UsePrivilegeSeparation OpenSSH_8.4p1, OpenSSL 1.1.1i FIPS 8 Dec 2020	2021-01-31 13:39:51 +02:00
Mikaela Suomalainen	0151bee9b0	sshd/mikaela-prohibit-password.conf: add AuthenticationMethods publickey	2021-01-30 22:15:51 +02:00
Mikaela Suomalainen	f1ea1e17d9	etc/ssh: rm copy	2021-01-30 21:35:05 +02:00
Mikaela Suomalainen	0572613d99	etc/ssh: cut sshd_config into multiple .confs	2021-01-30 21:31:38 +02:00
Mikaela Suomalainen	c5fa3daf29	sshd_config.d: read Mozilla docs & adjust accordingly https://infosec.mozilla.org/guidelines/openssh	2021-01-30 21:18:41 +02:00
Mikaela Suomalainen	5211fb772c	sshd_config.d: add anoncvs.conf	2021-01-30 21:00:06 +02:00
Mikaela Suomalainen	de3a0739b4	sshd_config.d: add mikaela-prohibit-password.conf Resolves: #88	2021-01-30 20:50:21 +02:00
Mikaela Suomalainen	a7c643bb7a	etc/sshd_config.d: add basic-security.conf Ref: 88	2021-01-30 20:47:21 +02:00
Mikaela Suomalainen	8628ec28e0	yum.repos.d: add Dino	2021-01-30 11:01:17 +02:00
Mikaela Suomalainen	84ee7aeada	yum.repos.d: list Keybase too	2021-01-29 19:18:11 +02:00
Mikaela Suomalainen	27d1914424	etc: add dnf/dnf.conf & yum.repos.d/README.md	2021-01-29 19:15:08 +02:00
Mikaela Suomalainen	81296a241c	chrony: cut chrony.d/ into conf.d/ and sources.d/ I hope these are wider defaults than just Debian and allow me to not conflit with package manager, but regardless having a separate sources.d/ looks like a good idea for being able to `chronyc reload sources`	2021-01-29 12:56:38 +02:00
Mikaela Suomalainen	fc0730d7a5	sudoers.d/protonvpn.conf: add /usr/bin/protonvpn	2021-01-28 13:13:28 +02:00
Mikaela Suomalainen	16b19fb34d	torrc-client: add etro.mikaela.info	2021-01-26 19:42:25 +02:00
Mikaela Suomalainen	6216d8cda3	sudoers.d: add passwordless protonvpn-{tray,gui}	2021-01-16 20:40:21 +02:00
Mikaela Suomalainen	2df7aed162	chrony/yggdrasil: add comment & Kotka computers	2021-01-08 11:25:16 +02:00
Mikaela Suomalainen	0f94c59b81	chrony: add hetzner srevers	2020-12-19 13:03:54 +02:00
Mikaela Suomalainen	abb0c37ef2	unbound.conf.d: add yggdrasil-override.conf Begins #89 at a better time	2020-12-15 20:34:01 +02:00
Mikaela Suomalainen	b26c9f698d	chrony/yggdrasil: add Etro	2020-12-15 14:30:30 +02:00
Mikaela Suomalainen	b20f3367b1	systemd/yggdrasil: add mullvad-exclude (& fix chrony override typo)	2020-12-09 09:38:49 +02:00
Mikaela Suomalainen	36b6a99e85	chrony.d: local-servers: add notes + xleave to the first comment	2020-12-09 08:44:34 +02:00
Mikaela Suomalainen	40d535f2c0	systemd/chrony.service.d/mullvad-exclude: actually fix this	2020-12-08 18:36:34 +02:00
Mikaela Suomalainen	f92b8d8d05	chrony.d/yggdrasil.conf: add y.Jolly-Roger	2020-12-06 19:49:12 +02:00
Mikaela Suomalainen	e27e88efd8	chrony.d: add hwtimestamp.conf	2020-12-06 19:26:04 +02:00
Mikaela Suomalainen	4a25481db2	chrony/yggdrasil.conf: add Sedric	2020-12-06 18:36:23 +02:00
Mikaela Suomalainen	5e94147e81	chrony.d/yggdrasil.conf: initial commit	2020-12-06 18:02:43 +02:00
Mikaela Suomalainen	2a615d8241	chrony: note that confdir and NTS require 4.0	2020-12-03 10:52:47 +02:00
Mikaela Suomalainen	e9aefd711b	blocklist.conf: refuse blocked instead of nxdomain Only the Firefox DoH needs to be NXDOMAIN while REFUSE may be more accurate for the rest.	2020-11-21 12:13:55 +02:00
Mikaela Suomalainen	e7a6e00b83	unbound/dns-over-tls: comment Adguard & NextDNS for not being in FI	2020-11-15 09:46:50 +02:00
Mikaela Suomalainen	aadcc009a0	unbound/dns-over-tls.conf: add Adguard (unfiltered) & NextDNS	2020-11-12 16:12:18 +02:00
Mikaela Suomalainen	3289a812ee	unbound: add dns-mullvad.conf (not encrypted) Contains Mullvad Wireguard, OpenVPN and public addresses	2020-11-10 16:04:48 +02:00

1 2 3 4 5 ...

619 Commits