shell-things

mirror of https://gitea.blesmrt.net/mikaela/shell-things.git synced 2024-11-06 09:29:22 +01:00

Author	SHA1	Message	Date
Aminda Suomalainen	cb57ba5e3e	firefox: no, don't trim https or URLs for me	2024-05-23 07:02:01 +03:00
Aminda Suomalainen	f0fe05393e	firefox: add sidebar.revamp and allow unloading Sidebery	2024-05-23 06:57:13 +03:00
Aminda Suomalainen	4451ecfa31	Dear Firefox, system title bar exists, please use it I am on Sway, the maximize and minimize do nothing to me and the close annoys me since I Super+Shift+Q or Ctrl+q you anyway	2024-05-22 08:11:29 +03:00
Aminda Suomalainen	27d5681141	etc/dracut.conf.d: omit some more modules as there is no space	2024-05-22 07:55:58 +03:00
Aminda Suomalainen	616785fc1f	{firefox,chromium}: trust default restricted domains of Firefox I trust Privacy Badger to handle any potential trackers there and I especially suspect JavaScript blocking of breaking things. Besides they are very unlikely to be actively malicious.	2024-05-21 21:24:34 +03:00
Aminda Suomalainen	ae87cac5a8	firefox: set extensions.webextensions.restrictedDomains to user set	2024-05-21 21:17:50 +03:00
Aminda Suomalainen	1c549d964e	firefox: underline links by default	2024-05-21 20:56:27 +03:00
Aminda Suomalainen	1769f3b6dc	firefox: remove deprecated navigator.platform as well	2024-05-21 18:59:51 +03:00
Aminda Suomalainen	7006c43e77	firefox: test if OpenDyslexic extension works even if fonts aren't exposed	2024-05-21 18:23:28 +03:00
Aminda Suomalainen	2a56a0183b	firefox: disable user-agent header revealing	2024-05-21 18:21:32 +03:00
Aminda Suomalainen	129a2a04a0	firefox: restore OpenDyslexic since it works with standard contentblocking	2024-05-21 18:07:40 +03:00
Aminda Suomalainen	ef2232bb2b	firefox: give fingerprintingprotection another chance	2024-05-21 17:42:56 +03:00
Aminda Suomalainen	3d299f96f5	firefox: tone down the radicalism a bit This reverts commit `7421820cf6`.	2024-05-21 17:12:06 +03:00
Aminda Suomalainen	7421820cf6	firefox: radicalize and trust only AdNauseam since all protection seems to conflict with accessibility or something else I care about	2024-05-21 16:52:00 +03:00
Aminda Suomalainen	3f668d68a0	firefox: another prefetch variable	2024-05-21 11:10:12 +03:00
Aminda Suomalainen	f7a484ca03	{firefox,chromium}: use GET requests with DoH for caching and speed	2024-05-21 11:07:09 +03:00
Aminda Suomalainen	a2640115c9	firefox: attempt to mitigate CVE-2024-4367 + hardening https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/	2024-05-21 06:35:32 +03:00
Aminda Suomalainen	ae471c224b	aminda-duperemove.service: fix path to the binary	2024-05-20 21:15:23 +03:00
Aminda Suomalainen	1af8de8186	systemd/aminda-duperemove.service: add /usr/local/bin It's mostly filled with my scripts repo and has duplicates since the symlinks turn into duplicate files instead of staying as symlinks. Not that I expect it to affect much.	2024-05-20 21:11:32 +03:00
Aminda Suomalainen	a00bd7ae42	firefox: clear app.update.download.attempts	2024-05-20 19:48:12 +03:00
Aminda Suomalainen	73ff0cbcf0	{firefox,chromium}: ask for download directory to make drive-by attempts more obvious	2024-05-20 19:42:19 +03:00
Aminda Suomalainen	f0a7657d47	chromium: rm disable-incognito.json.badidea I just tried disabling it and then searching for the difference between it and guest mode and it was so full of ads without even the option to allow my usual extensions	2024-05-20 19:35:20 +03:00
Aminda Suomalainen	0597b4f359	{firefox,chromium}: add PrivacyGuides recommended LegitimateURLShortener.txt	2024-05-20 18:22:29 +03:00
Aminda Suomalainen	e2188d25f8	{firefox,chromium}: further cut/adjust default allowlists	2024-05-20 18:20:23 +03:00
Aminda Suomalainen	9a78f6c387	{firefox,chromium}#uBlockOrigin: add uBlock Quick Fixes just in case	2024-05-20 13:30:50 +03:00
Aminda Suomalainen	9a639609cd	{firefox,chromium}#uBlockOrigin: cut filter lists that no one has asked for yet	2024-05-20 13:21:49 +03:00
Aminda Suomalainen	5840a1a8c9	{firefox,chromium}: reset accept_languages to Firefox default	2024-05-20 13:11:23 +03:00
Aminda Suomalainen	889da57c3d	more microsoft login domains + I am not touching browser ETP without a good reason.	2024-05-19 21:12:14 +03:00
Aminda Suomalainen	6d87da0227	Does Microsoft seriously require en-GB?	2024-05-19 20:57:24 +03:00
Aminda Suomalainen	81d1a2a0fb	privacy.userContext.extension is extra forbidden!	2024-05-19 20:32:14 +03:00
Aminda Suomalainen	e066a99481	Does Mozilla have a point in not allowing me to customize fonts through policy? No comment.	2024-05-19 20:19:35 +03:00
Aminda Suomalainen	fc8efef261	pre-commit: return & run pretty-format-json as I like its sorting	2024-05-19 19:49:46 +03:00
Aminda Suomalainen	1585a6daae	firefox: or maybe I don't trust my family that much	2024-05-19 19:46:13 +03:00
Aminda Suomalainen	8b050a2bab	firefox: force enable phishing & malware protection Although they can still be disabled through about:config, I am trusting my family to not start doing that	2024-05-19 19:31:14 +03:00
Aminda Suomalainen	428f60d00e	chromium: recommend restoring previous session at startup This is painful in testing otherwise	2024-05-19 19:02:48 +03:00
Aminda Suomalainen	ee83db4ddc	firefox: comment fingerprinting protections for now	2024-05-19 19:01:38 +03:00
Aminda Suomalainen	294bcb4049	policies.json: comment what is unclear and I understand, clear what I don't understand	2024-05-19 18:40:16 +03:00
Aminda Suomalainen	3ec414c933	firefox: disable extension recommendations & default sending crashreports	2024-05-19 18:28:15 +03:00
Aminda Suomalainen	c8e85859c3	{firefox,chromium}: accept regional languages as well to not fallback to Russian?	2024-05-19 18:22:21 +03:00
Aminda Suomalainen	0e5b94c867	firefox: allow disabling peertube-companion, remove forgotten blocked_message & opendyslexic	2024-05-19 18:05:07 +03:00
Aminda Suomalainen	6c3382683b	firefox: install facebook container	2024-05-19 18:02:54 +03:00
Aminda Suomalainen	4d11897918	{firefox,chromium}#ubo: add antipaywall.txt which apparently helps with Quora login prompt as well	2024-05-19 15:04:52 +03:00
Aminda Suomalainen	6ece6f5e75	{firefox,chromium}#ubo: add lists I can imagine triggering in near future	2024-05-19 14:47:06 +03:00
Aminda Suomalainen	17a189396b	initial commit of firefox-forbidden-policies.js (autoconfig take#2)	2024-05-19 14:05:04 +03:00
Aminda Suomalainen	6293ce0a14	run prettier on json files (4)	2024-05-19 13:10:20 +03:00
Aminda Suomalainen	79411a0932	{firefox,brave}: add forgotten integrated protection excemptions	2024-05-19 11:59:50 +03:00
Aminda Suomalainen	162912dd82	{firefox,chromium}#PrivacyBadger: just trust cloudflare.com directly I remembered that the analytics domain is cloudflareinsigts.com and I use cloudflare's esni testing etc. too often	2024-05-19 11:54:58 +03:00
Aminda Suomalainen	79a7e38d93	{firefox,chromium}: actually cut PrivacyBadger's list a lot	2024-05-19 11:41:20 +03:00
Aminda Suomalainen	1f0ac5a0e9	{firefox,chromium}: simplify allowlist configuration PrivacyBadger continues having stricter rules and I am trusting it to catch what I let through	2024-05-19 11:38:18 +03:00
Aminda Suomalainen	b4e1f7fd0e	{firefox,chromium}: allow challenges.cloudflare.com just in case	2024-05-19 11:04:09 +03:00
Aminda Suomalainen	77e2e37362	{firefox,chromium}: add cookie lists to uBlock Origin I was staring at them too much while testing policies	2024-05-19 09:53:16 +03:00
Aminda Suomalainen	e8a3ecff0c	firefox: stop offering to translate English [and Finnish] by default Otherwise it's not intelligent enough to understand that accepted language en also means en-US	2024-05-19 09:27:32 +03:00
Aminda Suomalainen	9fff2bb17d	firefox: don't install Dark Reader by default I cannot deploy it, so I have to configure it anyway and this means only Bitwarden throws a welcome page at me	2024-05-19 09:07:51 +03:00
Aminda Suomalainen	ea5db5a670	firefox: install Ecosia extension by default for non-{ESR,nightly}	2024-05-19 09:03:51 +03:00
Aminda Suomalainen	a4f3943073	{firefox,chromium}: add small hints of possibly being connected to Russia https://krebsonsecurity.com/2021/05/try-this-one-weird-trick-russian-hackers-hate/	2024-05-19 08:32:00 +03:00
Aminda Suomalainen	9b348b16cc	{firefox,chromium}: switch from AdNauseam to uBlock Origin I love AdNauseam, but it's a tool for protests and it shows constantly, while uBlock Origin is more sysadmin-friendly deploying silently and not complaining about browser protection or PrivacyBadger etc.	2024-05-19 07:37:33 +03:00
Aminda Suomalainen	b4a1da8423	chromium: move manifestv2 from disable-floc to aminda-extensions	2024-05-19 06:45:40 +03:00
Aminda Suomalainen	6a9798c61b	firefox: restore prefetching I accidentally tried it and it's just too significant performance improvement for me to keep disabled. Additionally AdNauseam is making clicks to ads anyway and I think I am still safer than someone who has no tracking protections at all.	2024-05-18 18:44:39 +03:00
Aminda Suomalainen	2351d43020	chromium: enable prefetching and profilemanager	2024-05-18 18:24:45 +03:00
Aminda Suomalainen	bf85d162d1	chromium policy & documentation: cleanup	2024-05-18 18:22:54 +03:00
Aminda Suomalainen	95671fb32d	chromium: doh-private-ecs.json was supposed to be automatic	2024-05-18 16:55:38 +03:00
Aminda Suomalainen	0a4179df0c	Revert "chromium/recommended/{duckduckgo,ecosia}.json: trick Brave & Edge into complying by NewTabPageLocation" This reverts commit `7bab72fb3c`.	2024-05-18 16:36:46 +03:00
Aminda Suomalainen	c2e0917c3a	unbound/dns-over-tls.conf: remove Quad9 ECS comments	2024-05-18 16:14:57 +03:00
Aminda Suomalainen	bec86d1344	{systemd-resolved,unbound}: add commented unfiltered adguard to appropiate file	2024-05-18 16:12:58 +03:00
Aminda Suomalainen	a7ef548dab	{chromium,unbound}: experimental dot-private-ecs.conf	2024-05-18 16:08:17 +03:00
Aminda Suomalainen	e6696d22f6	Revert "unbound/dns-over-tls.conf: remove ECS and private ECS" This reverts commit `78fa2b7b9c`.	2024-05-18 15:51:13 +03:00
Aminda Suomalainen	5b4f78f5f4	chromium/doh-google{,64}.json: use get requests more as a note that it can be done	2024-05-18 15:35:36 +03:00
Aminda Suomalainen	2ff416d880	{firefox,chromium}: also enable curben-phishing	2024-05-18 14:04:43 +03:00
Aminda Suomalainen	20679e705d	{firefox,chromium}: enable AdNauseam ublock-annoyances & adguard-mobile-app-banners	2024-05-18 13:55:18 +03:00
Aminda Suomalainen	c68e3f66ab	firefox: attempt to enable http for esr	2024-05-18 10:21:44 +03:00
Aminda Suomalainen	5a88836d59	firefox: Comment/clear network.dns.native_https_query_win10	2024-05-18 09:44:25 +03:00
Aminda Suomalainen	5995ef8f32	firefox/policies.json: attempt to autoconfig, but again not allowed	2024-05-18 09:24:25 +03:00
Aminda Suomalainen	1290db73f5	firefox/policies.json: import more disallowed things from autoconfig, comment disallowed ones, clear location provider	2024-05-18 09:15:10 +03:00
Aminda Suomalainen	c05eedbb78	chromium README: note Bitwarden management options for self-hosters	2024-05-18 08:03:29 +03:00
Aminda Suomalainen	df1458af1f	firefox: use system DNS for ECH (and prefer IPv6 and try image.animation.mode) The last is not allowed for stability reasons apparently.	2024-05-18 07:33:10 +03:00
Aminda Suomalainen	38c331494c	chromium/managed: merge enable-ech-ocsp.json into https-everywhere.json This will not appear on my blog post. ECH is enough offtopic and OCSP would only bring argument on whether it's useful and is that usefulness more important than privacy leakage to non-ocsp-stapling websites.	2024-05-17 16:15:34 +03:00
Aminda Suomalainen	fb57ae0ea5	firefox & chromium: accidentally silence DuckDuckGo post-install	2024-05-17 14:28:33 +03:00
Aminda Suomalainen	c92ded3ad3	firefox & chromium: add Ruffle.rs	2024-05-17 11:05:31 +03:00
Aminda Suomalainen	9f8eaab73d	init-browser-policies.bash: why am I creating managed & recommended separately? Let's not	2024-05-17 08:31:13 +03:00
Aminda Suomalainen	344caa700d	Init-browser-policies.bash: how about not making recursive symlinks in the first place? Properly resolves: `0ce24f54d9`	2024-05-16 21:04:01 +03:00
Aminda Suomalainen	05a3cb6c08	firefox: allow private ECS	2024-05-16 19:48:39 +03:00
Aminda Suomalainen	38710540f2	firefox & chromium: add missing favicons for DDG & Brave	2024-05-16 19:12:10 +03:00
Aminda Suomalainen	6a916ed3b9	chromium/recommended/{duckduckgo,ecosia}.json: also restore forgotten HomepageIsNewTabPage	2024-05-16 18:51:51 +03:00
Aminda Suomalainen	7bab72fb3c	chromium/recommended/{duckduckgo,ecosia}.json: trick Brave & Edge into complying by NewTabPageLocation	2024-05-16 18:47:22 +03:00
Aminda Suomalainen	006ed65597	Re-integrate Edge policies into Chromium by removing apps-as-homepage.json	2024-05-16 18:35:48 +03:00
Aminda Suomalainen	859f2a9f1d	chromium/duckduckgo.json: fill in DefaultSearchProviderNewTabURL	2024-05-16 18:29:54 +03:00
Aminda Suomalainen	729013c3c1	firefox: install user-agent-string-switcher automatically so I don't have to worry about that for Microsoft Teams TODO: proper automagic deployment	2024-05-16 15:37:59 +03:00
Aminda Suomalainen	e6f4bd72ba	firefox: explicitly enable FirefoxAccounts & Screenshots I have a feeling I might sometime have a situation where I want to disable at least accounts	2024-05-16 15:16:25 +03:00
Aminda Suomalainen	b36f37196f	firefox: lock DoH again since I don't want to worry about multiple places where to edit it when I inevitably do	2024-05-16 15:13:11 +03:00
Aminda Suomalainen	34799d0776	firefox & curl: default to dns0.eu, but have comment on unfiltered.adguard-dns.con available as well	2024-05-16 15:12:12 +03:00
Aminda Suomalainen	23803ad433	firefox: restore privacy.userContext Reverts: `4b7eff36b2`	2024-05-16 15:06:04 +03:00
Aminda Suomalainen	5158b52da4	firefox: apparently HTTPS Only mode can be set here contrary to the documentation Also generic hardening(?)	2024-05-16 15:03:01 +03:00
Aminda Suomalainen	83d53b8c17	systemd-resolved/10-dot-cloudflare.conf: add malicious domain filtering and alternative SNI	2024-05-15 20:38:49 +03:00
Aminda Suomalainen	ef7584566f	systemd/resolved/10-dot-{443,adguard,dns0}.conf: fix server order	2024-05-15 20:33:23 +03:00
Aminda Suomalainen	7f918cc797	systemd/resolved.conf.d/README: note my scripts existing	2024-05-15 20:29:59 +03:00
Aminda Suomalainen	cb3c944d47	systemd-resolved: note server priority	2024-05-15 20:23:27 +03:00
Aminda Suomalainen	1f5815b54e	hosts/dns: comment the IPv4-as-IPv6 hack, uncomment proper IPv6	2024-05-15 17:44:50 +03:00
Aminda Suomalainen	4b7eff36b2	firefox: remove privacy.userContext policies for stability reasons (Firefox ESR is upset by them)	2024-05-14 15:40:37 +03:00
Aminda Suomalainen	8d34384c78	unbound: mark dot-flushable-cache.conf as .badidea	2024-05-14 15:08:26 +03:00
Aminda Suomalainen	901c634424	unbound: I have been using Fedora for a couple of years, I know where the ca bundle is without attributing to ctrl.blog	2024-05-14 15:07:11 +03:00
Aminda Suomalainen	78fa2b7b9c	unbound/dns-over-tls.conf: remove ECS and private ECS	2024-05-14 15:01:41 +03:00
Aminda Suomalainen	8d3609f171	firefox: lock ecs to disabled	2024-05-14 15:01:14 +03:00
Aminda Suomalainen	5672e14c89	Revert "Stop pretending issues of ECS weight more than pros of it after GApple upgrades delayed my going to bed." This reverts commit `afe50117fe`.	2024-05-14 14:47:09 +03:00
Aminda Suomalainen	c1b1eaa040	unbound/dot-dns0-quad9.conf: add forgotten ports	2024-05-14 12:23:09 +03:00
Aminda Suomalainen	fb6a44d264	firefox: on second thoughts, let the user have some control	2024-05-14 11:51:22 +03:00
Aminda Suomalainen	ae0e3beb9a	firefox: fix pdf dark mode	2024-05-14 11:49:17 +03:00
Aminda Suomalainen	0a9767bf38	etc/samba/playstation2.conf: hide the share from sight	2024-05-14 11:32:46 +03:00
Aminda Suomalainen	b60bc9f1b8	firefox: switch to AMO version of Privacy Badger	2024-05-14 11:18:26 +03:00
Aminda Suomalainen	afe50117fe	Stop pretending issues of ECS weight more than pros of it after GApple upgrades delayed my going to bed.	2024-05-14 11:06:01 +03:00
Aminda Suomalainen	5d46d529bb	firefox: new tab page crashes? No problem, we can disable it.	2024-05-14 11:01:28 +03:00
Aminda Suomalainen	c23e857c91	firefox: confusing user and default means I can use dark theme here	2024-05-14 10:44:14 +03:00
Aminda Suomalainen	7b22530eb9	policies.json: seems like I confused default and user	2024-05-14 10:38:39 +03:00
Aminda Suomalainen	a0795908b2	init-browser-policies.bash: this script requires root by the way	2024-05-14 10:25:49 +03:00
Aminda Suomalainen	0ce24f54d9	init-browser-policies.bash: rm recursive symlinks caused by multiple runs	2024-05-14 10:20:55 +03:00
Aminda Suomalainen	303af92a6a	firefox/libreawoo: remove wrong warning	2024-05-14 10:17:22 +03:00
Aminda Suomalainen	372a032a18	firefox: actually trr.mode 3 may be nice for the ECH	2024-05-14 10:10:50 +03:00
Aminda Suomalainen	583cc6a8a3	firefox: please do warn if TRR isn't working	2024-05-14 10:08:19 +03:00
Aminda Suomalainen	7c867e1329	firefox: explicitly allow about:{addons,config,profiles,support}	2024-05-14 09:57:52 +03:00
Aminda Suomalainen	fb73f8e5d3	firefox: maybe be done with preferences?	2024-05-14 09:55:24 +03:00
Aminda Suomalainen	5cc2e5d720	firefox: the end of preferences additions is approaching	2024-05-14 09:43:17 +03:00
Aminda Suomalainen	89dd05c882	firefox: set user policies of hiding Mozilla ads	2024-05-14 09:38:12 +03:00
Aminda Suomalainen	cb5c844e1c	firefox: TRR IPv6 preference & reading /etc/hosts	2024-05-14 09:34:01 +03:00
Aminda Suomalainen	82bcaa0d80	firefox: disable prediction/prefetching Interestingly the policy didn't seem to touch the two preferences	2024-05-14 09:25:17 +03:00
Aminda Suomalainen	88c391fd04	firefox: don't protect any domains from extensions OK, so this simultaneously hurts security as extensions could modify the page, but it may improve privacy by blocking analytics and it can improve accessibility for any accessibility extensions.	2024-05-14 09:18:26 +03:00
Aminda Suomalainen	fd22af5142	firefox: move DoH excluded domains here	2024-05-14 09:12:21 +03:00
Aminda Suomalainen	beee380a30	firefox: begin adding security preferences	2024-05-14 09:04:56 +03:00
Aminda Suomalainen	7f653b52e3	firefox/policies/README: note WebsiteFilter as not that useful for me	2024-05-14 08:49:45 +03:00
Aminda Suomalainen	7a68117198	firefox policies: go wild	2024-05-13 21:54:05 +03:00
Aminda Suomalainen	0a0fe39076	note to self: firefox TRR policy lock locks trr.mode to 2 (TRR first)	2024-05-13 19:33:30 +03:00
Aminda Suomalainen	95d59857eb	policies.json: lock DoH provider so I only have to configure it at one place	2024-05-13 18:07:22 +03:00
Aminda Suomalainen	9b4cc804e5	browsers: expose to Ecosia that we are using gpo (or policies), remove extraneous PostData from Firefox The logic here is hope that it will stop offering the addon if I am following their instructions and sending them the information. Oh and I added icons	2024-05-13 17:56:41 +03:00
Aminda Suomalainen	d93b8eb3d5	firefox policy: disable bookmarks toolbar, default browser checking & add tracking protection exceptions	2024-05-13 06:29:17 +03:00
Aminda Suomalainen	575332b4ce	firefox: return to Quad9 ECS, disable Pocket (I don't actually use it), fix search engine typo	2024-05-12 21:43:33 +03:00
Aminda Suomalainen	f6e8c3fb45	chromium/managed: remember I have a README.md and update it	2024-05-12 18:42:50 +03:00
Aminda Suomalainen	bb84a4ed65	chromium/managed: add generative-ai.json	2024-05-12 18:40:48 +03:00
Aminda Suomalainen	4a642d3dea	chromium/managed: add amber-theme-colour.json.sample It looks fancy, while not exactly for me.	2024-05-12 18:34:10 +03:00
Aminda Suomalainen	87f5c78298	chromium: move safe browsings from managed to recommended I just don't feel right with them being in managed	2024-05-12 18:27:18 +03:00
Aminda Suomalainen	e5fc9bfbaf	{firefox,chromium}: add Plasma Integration mainly for family	2024-05-12 15:49:12 +03:00
Aminda Suomalainen	5ea86f54a7	etc/hosts/dns: add the two other adguard options	2024-05-12 15:36:05 +03:00
Aminda Suomalainen	c9a4a1c7cc	chromium: add doh-adguard policies	2024-05-12 15:30:52 +03:00
Aminda Suomalainen	dceb88b272	Revert "chromium/recommended/ecosia: trick Brave into using it as well" This reverts commit `4835a8c89d`. It's too annoying and impractical compared to my apps page.	2024-05-12 09:26:05 +03:00
Aminda Suomalainen	4835a8c89d	chromium/recommended/ecosia: trick Brave into using it as well	2024-05-11 22:31:26 +03:00
Aminda Suomalainen	ef00ae4d90	chromium: set Ecosia's DefaultSearchProviderNewTabURL	2024-05-11 22:24:56 +03:00
Aminda Suomalainen	a4c35994e8	chromium: rename black-theme-colour.json -> black-theme-colour.json.sample to stop me accidentally applying it	2024-05-11 20:36:08 +03:00
Aminda Suomalainen	4743efb556	chromium: add enable-google-safebrowsing-less-private.json.sample	2024-05-11 20:34:36 +03:00
Aminda Suomalainen	e2dd25113a	chromium: ExtensionManifestV2Availability expects 2, not true	2024-05-11 19:49:04 +03:00
Aminda Suomalainen	0ad28afe47	chromium: allow manifestv2, enable chromecast, safebrowsing, passwordleakdetection, efficiencymode, suggest disabling bookmarks bar and document previously forgotten policies	2024-05-11 19:44:16 +03:00
Aminda Suomalainen	d6aae8fb9a	browsers: add OISD (big) to AdNauseam	2024-05-11 18:01:05 +03:00
Aminda Suomalainen	7430dd9e99	{firefox,chromium}: add HTTP Indicator	2024-05-11 17:35:37 +03:00
Aminda Suomalainen	28542ca06a	firefox policy: clean-up attempt	2024-05-11 17:28:29 +03:00
Aminda Suomalainen	ba4fb50c76	firefox: set DoH to Quad9 DNS as a more international option, Ecosia Search Engine	2024-05-11 17:26:33 +03:00
Aminda Suomalainen	fef359500f	firefox: add AdNauseam configuration	2024-05-11 17:24:44 +03:00
Aminda Suomalainen	ec40dd0250	chromium: initial commit of AdNauseam managed configuration	2024-05-11 17:22:26 +03:00
Aminda Suomalainen	972c866541	chromium/aminda-extensions cleanup	2024-05-11 16:46:20 +03:00
Aminda Suomalainen	9a974e7bca	{firefox,chromium,edge}: add Ecosia	2024-05-11 16:16:12 +03:00
Aminda Suomalainen	97bbaa09a1	dracut.conf.d: fix name recovery to rescue, add yes_rescue counterpart	2024-05-11 10:41:41 +03:00
Aminda Suomalainen	9fcb0aa289	dnf.conf: note install_only_limit and kernel updates	2024-05-10 19:27:32 +03:00
Aminda Suomalainen	0cb5b0992b	sudoers.d/nordvpnd: instead of restarting DNS, allow reloading it. Also IPv6 enabling	2024-05-10 18:27:06 +03:00
Aminda Suomalainen	c81c1dd7d0	unbound: restore dot-dns0-quad9.conf with IPv4 for DNS0 & IPv6 for Quad9 ECS This partially reverts commit `422ab0de4e`	2024-05-09 20:02:23 +03:00
Aminda Suomalainen	93e2ab81dd	chromium policy: fix doh-cloudflare-secure.json name inconsistency	2024-05-09 17:11:17 +03:00
Aminda Suomalainen	764073e241	etc/hosts/blocklist: use only ::1, systemd-resolved will fix it automatically to 127.0.0.1 too	2024-05-09 12:05:37 +03:00
Aminda Suomalainen	dff016aa45	hosts/dns: IPv4 represented as IPv6 is technically valid, but this feels so wrong...	2024-05-09 10:21:23 +03:00
Aminda Suomalainen	f5223b871f	etc/hosts/dns: attempt to block private ECS providers on IPv6	2024-05-09 09:48:00 +03:00
Aminda Suomalainen	9f2b75368d	etc/hosts/dns: add dns9.quad9.net alias (note the first 9)	2024-05-09 09:41:03 +03:00
Aminda Suomalainen	1e807e888c	etc: add NetworkManager-resolv.conf-restore.bash	2024-05-09 09:38:25 +03:00
Aminda Suomalainen	6567488801	NetworkManager: also add explicit no-systemd-resolved.conf	2024-05-09 09:31:39 +03:00
Aminda Suomalainen	0566ebbbc2	NetworkManager: add comments on {dns-none,paws-off-my-resolv,systemd-resolved}.conf	2024-05-09 09:29:53 +03:00
Aminda Suomalainen	8f11f1a512	NetworkManager: fix dns-none.conf (no longer symlink)	2024-05-09 09:26:29 +03:00
Aminda Suomalainen	c751a61146	NetworkManager: fix no-search-domains.conf & systemd-resolved.conf Although in systemd-resolved.conf everything is already implied	2024-05-09 09:25:20 +03:00
Aminda Suomalainen	71582a9b95	NetworkManager/conf.d: add vim modelines	2024-05-09 09:21:21 +03:00
Aminda Suomalainen	6900a44b4a	NetworkManager/paws-off-my-resolv.conf: actually use rc-manager instead of dns=none (commented)	2024-05-09 09:19:22 +03:00
Aminda Suomalainen	d7703b6b63	dnf.conf: comment fastestmirror and explain it in a comment	2024-05-08 19:38:00 +03:00
Aminda Suomalainen	3b5434eb1d	etc: add traditional-resolv.conf-generate.bash which takes three arguments and has no trust-ad	2024-05-07 19:29:05 +03:00
Aminda Suomalainen	8fe31b9e64	fix edge paths	2024-05-07 11:29:37 +03:00
Aminda Suomalainen	e7b26cd343	chromium/policies/managed: add non-functional Edge policies	2024-05-07 11:23:30 +03:00
Aminda Suomalainen	e4d691f2b1	unbound: prefer IPv4 with private ECS using DoT servers	2024-05-07 08:26:20 +03:00
Aminda Suomalainen	afb0801430	unbound: add doh-local.sample Works otherwise, but self-signed cert didn't satisfy Chromium I wanted to point at it	2024-05-06 18:55:00 +03:00
Aminda Suomalainen	10bec4c782	resolv.tsv: use more appropiate link for AdGuard prvate ECS	2024-05-06 09:05:00 +03:00
Aminda Suomalainen	f5b76c1341	unbound: add .sample to threads.conf, comment to question it's necessity and usage	2024-05-05 11:08:52 +03:00
Aminda Suomalainen	b18df5462c	unbound: add/rename/fix prefer-ip{4,6}.conf	2024-05-04 09:05:16 +03:00
Aminda Suomalainen	0063e2409b	etc/dracut.conf.d: add sedric configs	2024-05-03 21:19:32 +03:00
Aminda Suomalainen	175256d8e4	etc/dnf/protected.d: add systemd-ukify.conf although not yet in use	2024-05-03 20:48:14 +03:00
Aminda Suomalainen	252f77ab0c	systemd-resolved & unbound: comment ECS servers again. This partially reverts `85c7fedcb2` and will be explained at https://aminda.eu/n/dns soon	2024-05-03 18:07:51 +03:00
Aminda Suomalainen	aa865106db	unbound: correct ecs.conf.sample	2024-05-03 17:35:15 +03:00
Aminda Suomalainen	962817874e	etc/dracut.conf.d: add UKI generation & Lumina cmdline	2024-05-03 16:24:03 +03:00
Aminda Suomalainen	85c7fedcb2	systemd-resolved, unbound: only ECS IPv6	2024-05-03 06:23:37 +03:00
Aminda Suomalainen	6cae19ba4f	unbound: more ecs.conf.sample experimentation	2024-05-02 21:32:39 +03:00
Aminda Suomalainen	32c99a2d43	etc/resolv.conf: fix comment explaining rotate	2024-05-01 13:08:06 +03:00
Aminda Suomalainen	1aca183f92	aminda-nocron-reboot.service: fix conflict with systemd-zram-setup@zram0.service	2024-05-01 10:38:54 +03:00
Aminda Suomalainen	6e0f72c7b1	aminda-nocron-reboot.service: split duperemove and sysctl -p --system to aminda-duperemove.service & sysctl-p--system.service	2024-05-01 10:22:57 +03:00
Aminda Suomalainen	aa6aad28ba	resolv: follow the same order as man resolv.conf	2024-05-01 10:13:30 +03:00
Aminda Suomalainen	ba298f94a5	resolv: increase timeout to 2 (match unbound/RFC 8767), decrease attempts to 2, rotate	2024-05-01 09:54:07 +03:00
Aminda Suomalainen	447385fdb8	chrony: rename ntppool.sources -> ntp-pool.sources	2024-04-30 21:02:28 +03:00
Aminda Suomalainen	78136f7437	systemd/timesyncd.conf.d: don't only use ntp pool as a fallback	2024-04-30 21:01:46 +03:00
Aminda Suomalainen	f6e9aa58da	unbound: add replace-systemd-resolved.conf.sample for listening on systemd-resolved ports	2024-04-30 20:30:15 +03:00
Aminda Suomalainen	4882cb66be	systemd-resolv.conf-generate.bash: who is going to stop me from specifying the same resolver thrice?	2024-04-30 20:21:12 +03:00
Aminda Suomalainen	b9daad6a2f	resolv.conf: explain 127.0.0.54	2024-04-30 20:16:46 +03:00
Aminda Suomalainen	d6e4fd1be7	etc: create systemd-resolv.conf-generate.bash & systemd-resolv.conf-restore.bash, mention them in resolv.conf	2024-04-30 20:05:53 +03:00
Aminda Suomalainen	fa5462212d	aminda-nocron-reboot.service: add zram-generator just in case	2024-04-30 19:10:28 +03:00
Aminda Suomalainen	72ea5ca51e	unbound: fix typo in (1)5 minutes cache, apparently a commit once removed the 1	2024-04-30 17:34:01 +03:00
Aminda Suomalainen	5d4e0e10dd	unbound/min-ttl-hour.conf: also print the stats hourly, not every 15 minutes	2024-04-30 17:26:14 +03:00
Aminda Suomalainen	437b69bd6e	unbound: apparently rename min-ttl.conf.sample to min-ttl-five-min.conf	2024-04-30 17:17:46 +03:00
Aminda Suomalainen	9671adf293	unbound: break statistics interval from logging.conf to min-ttl*	2024-04-30 17:11:32 +03:00
Aminda Suomalainen	819d6a782e	unbound: add mixed-case-queries.conf	2024-04-30 17:11:09 +03:00
Aminda Suomalainen	08de11b594	unbound/min-ttl-hour.conf: fix comment	2024-04-30 06:52:46 +03:00
Aminda Suomalainen	87bedac239	unbound: cut cache.conf.SAMPLE into more descriptive files	2024-04-30 06:45:53 +03:00
Aminda Suomalainen	531cdd82c5	unbound/cache.conf.SAMPLE: fix oversight, logging.conf: reducei nterval to quaterly	2024-04-29 20:48:51 +03:00
Aminda Suomalainen	0d0be5f9bc	unbound/cache.conf: rename to cache.conf.SAMPLE and add scary warnings there	2024-04-29 20:46:00 +03:00
Aminda Suomalainen	b54f55a1bc	document Microsoft Edge recommended policy	2024-04-29 12:39:58 +03:00
Aminda Suomalainen	788143ec01	init-browser-policies.bash: touch Firefox, break LibreWolf, verbose, handle Edge Recommended separately, warn about that too, etc.?	2024-04-29 12:25:17 +03:00
Aminda Suomalainen	d377157b46	init-browser-policies.bash: manage Edge recommended profiles separately	2024-04-29 12:15:26 +03:00
Aminda Suomalainen	a14446ed71	unbound/dns-over-tls.conf: add Cloudflare, Mullvad & Control D This is now practically https://www.privacyguides.org/en/dns/ plus Appliedprivacy	2024-04-29 08:29:07 +03:00
Aminda Suomalainen	0ee83e9a90	chrony/sources: enable xleave with ~everything I was unable to find much information about this, but see the previous commit and Brave Leo said > Yes, it's generally acceptable to use interleaved mode with a public NTP (Network Time Protocol) server, as long as you comply with the server's usage policies. This mode allows for time synchronization while also providing a fallback if the primary time source fails. However, keep in mind that public NTP servers are often subject to heavy traffic, so they may not provide the most accurate or timely synchronization.	2024-04-29 06:55:16 +03:00
Aminda Suomalainen	6f0184b519	chrony/sources/ntppool: enable xleave From https://community.ntppool.org/t/chrony-conf-noclientlog-vs-clientloglimit/2263/4 I got the impression it's fine to do and the manual says it's compatible with the basic mode and xleave supporting servers may still reply in basic mode sometimes so this shouldn't break anything	2024-04-29 06:51:27 +03:00
Aminda Suomalainen	0f66e552c1	Revert "nts-servers.sources: no preferring non-ISP servers" This reverts commit `ff1bc7b3ba`.	2024-04-28 20:08:42 +03:00
Aminda Suomalainen	4081c974bb	unbound/cache.conf: make the min ttl an hour in my quest to break DNS	2024-04-28 19:15:42 +03:00
Aminda Suomalainen	23672028d5	unbound/ecs.conf: attempt to send larger subnets than default around	2024-04-28 18:02:18 +03:00
Aminda Suomalainen	d64b4f2001	systemd-resolved: add DNA/Moi & Elisa DNS servers I was unable to find authoritative source for what is Telia's DNS	2024-04-28 16:14:30 +03:00
Aminda Suomalainen	44e22716f9	chrony sources: make add .sample to local-servers.sources, make it more useful for me	2024-04-28 10:02:31 +03:00
Aminda Suomalainen	18a04b1351	{firefox,chromium}: disable protections for one.one.one.one For some reason they make connection to 1.1.1.1 appear as no or unreachable.	2024-04-28 09:21:29 +03:00
Aminda Suomalainen	55dcb2f2cd	systemd-resolved/98-local-resolver.conf: fix comment talking about alphabet while everything is now numerals	2024-04-28 09:17:07 +03:00
Aminda Suomalainen	35b99a6bc0	systemd-resolved: add 99-lan-resolver.conf.sample for trusted LANs	2024-04-28 09:13:46 +03:00
Aminda Suomalainen	5ab33c154e	systemd-resolved: rename conf files to have a number prefix	2024-04-28 09:13:20 +03:00
Aminda Suomalainen	9375b3c2b2	unbound: add dot-cloudflare.conf	2024-04-27 21:22:28 +03:00
Aminda Suomalainen	2aa221b77f	unbound/cache: take the cache-min-ttl: 3000 challenge It will not affect web browsers which are using DoH for ECH eliminating most of breakage and I am just curious on will anything outside of web browser suffer that.	2024-04-27 18:35:22 +03:00
Aminda Suomalainen	652c11391f	unbound/cache.conf: explicitly set serve-expired-reply-ttl to 30	2024-04-27 16:52:39 +03:00
Aminda Suomalainen	d3773468fa	chromium/policies: add doh-{disabled,google}.json	2024-04-27 16:18:40 +03:00
Aminda Suomalainen	a083a9d704	unbound/cache: comment cache-min-ttl=900, add commented 3000	2024-04-27 15:42:29 +03:00
Aminda Suomalainen	30a27f980d	unbound/cache.conf: RFC 8767ish configuration	2024-04-27 15:00:12 +03:00
Aminda Suomalainen	813878a4de	systemd/{iwd,systemd-networkd}.service.d: add appropiate symlinks	2024-04-27 12:25:00 +03:00
Aminda Suomalainen	c59fe1ae53	sudoers.d/nordvpnd: also allow restarting tor-client.service I have a suspicion I am adding it to the script sooner or later	2024-04-27 12:21:07 +03:00
Aminda Suomalainen	ef9c4acfc3	sudoers.d/nordvpnd: also allow restarting Tor	2024-04-27 12:10:15 +03:00
Aminda Suomalainen	955e52f5af	yum.repos.d: add google-Chrome.repo to workaround their crontab disliking my system	2024-04-27 10:21:20 +03:00
Aminda Suomalainen	8fe7ff55e6	chromium: add managed black-theme-colour & recommended apps-as-homepage, disable-default-browser-check	2024-04-27 10:08:43 +03:00
Aminda Suomalainen	b76b7cac5c	systemd/user: review vpn wants, rm transmission-daemon copy-paste	2024-04-27 08:34:46 +03:00
Aminda Suomalainen	2113b593e7	Chromium & Firefox: force Bitwarden (for passkeys)	2024-04-27 08:32:39 +03:00
Aminda Suomalainen	da85d0d9c7	firefox & chromium: allow PrivacyPass attestor & Keyoxide.org	2024-04-27 08:31:05 +03:00
Aminda Suomalainen	61dc3706ab	systemd/{chrony,i2pd,yggdrasil}.service.d/mullvad-exclude.conf: fix mistakes and Requires=	2024-04-26 17:43:37 +03:00
Aminda Suomalainen	1b64bc5e13	systemd/service.d: fix typo & use Requires= where appropiate	2024-04-26 17:38:33 +03:00
Aminda Suomalainen	db7de1c3e4	systemd/service.d/unbound-wanted.conf: break circular skipping by removing After=	2024-04-26 17:35:31 +03:00
Aminda Suomalainen	7f410148e3	aminda-nocron-rebootish.service: repeat that dns should be running	2024-04-26 16:13:39 +03:00
Aminda Suomalainen	1d7308e74e	unbound: explicitly enable ede and it's log	2024-04-26 13:53:50 +03:00
Aminda Suomalainen	2f585209e7	matterbridge-cleanup.timer: use more human friendly term minutely on OnCalendar=	2024-04-26 13:21:20 +03:00
Aminda Suomalainen	65f58dc224	systemd: aminda-nocron-rebootish.{service,timer} is a delayed variant of -ish	2024-04-26 13:16:33 +03:00
Aminda Suomalainen	c55b20a89a	move systemd user units from conf/systemd/user to etc/systemd/user symlink remains to show what is the correct location	2024-04-26 13:05:08 +03:00
Aminda Suomalainen	b36fe67bc3	systemd/user: attempt to flatpak-update-user.{service,timer}	2024-04-26 13:03:05 +03:00
Aminda Suomalainen	b8f720fa7f	aminda-nocron-reboot.timer: fix typo in comment	2024-04-26 12:48:47 +03:00
Aminda Suomalainen	9e38fdf223	aminda-nocron-reboot.timer: add RemainAfterElapse=false	2024-04-26 12:37:55 +03:00
Aminda Suomalainen	90b64c9543	systemd: rename aminda-nocron -> aminda-nocron-reboot for clarity also opens up aminda-nocron-hourly etc.	2024-04-26 12:30:58 +03:00
Aminda Suomalainen	b0ec7cffde	chromium/README: EnableOnlineRevocationChecks does also enable CRL	2024-04-26 11:27:11 +03:00

... 3 4 5 6 7 ...

1523 Commits