|
2c47aaae48
|
sshd_config.d/README.md: fix formatting, note priority
|
2023-09-28 14:35:21 +03:00 |
|
|
c0fcc82c4d
|
sshd_config: add 00- prefix to basic-security.conf as apparently first wins in ssh
|
2023-09-28 14:34:13 +03:00 |
|
|
f20e23df42
|
sshd_config.d: maybe keyed root login is fine in special case of SteamOS on Steam Deck?
|
2023-09-27 18:02:50 +03:00 |
|
|
71a8913d37
|
update submodule etc/chrony/sources.d/jauderho-nts-servers
|
2023-09-27 12:21:32 +03:00 |
|
|
dfcbc7e971
|
systemd/timesyncd.conf.d: sync sources from Chrony
This is for SteamOS, although without Yggdrasil (that I am not hacking in
yet) and NTS which systemd-timesyncd doesn't do to my knowledge
|
2023-09-27 12:16:55 +03:00 |
|
|
9429b48aaa
|
etc/iwd/main.conf: throw in comments on defaults
|
2023-09-26 17:33:12 +03:00 |
|
|
ce7ab5ea40
|
grub/forcefsck: add fsck.repair=yes
|
2023-09-24 17:26:40 +03:00 |
|
|
49d6dfc766
|
update submodule etc/chrony/sources.d/jauderho-nts-servers
|
2023-09-17 20:29:37 +03:00 |
|
|
24eb3890c2
|
systemd-resolved: prefer IPv6 over IPv4
|
2023-09-10 11:16:57 +03:00 |
|
|
1e3a7f8fa3
|
systemd-resolved/dns-over-tls.conf: drop appliedprivacy#443 to the bottom of the list
Apparently systemd-resolved wants to go in strict order and thus it's always sending my queries to distant Austria instead of neighbouring regions
|
2023-09-10 11:10:39 +03:00 |
|
|
e2829267d7
|
systemd: add debugging & symlinks for networkd, resolved, never-fail networkd
|
2023-09-10 11:07:11 +03:00 |
|
|
c7b5330dfb
|
systemd/resolved/dot: add missing bracket, remove extra ones
Apparently IPv6 must only be surrounded by brackets, otherwise it's invalid syntax
|
2023-09-10 09:52:59 +03:00 |
|
|
1d8e457f97
|
systemd-resolved: add dns-over-tls.conf mimicing unbound's equivalent
|
2023-09-10 09:31:35 +03:00 |
|
|
4d68dd7e7f
|
systemd: add journald.conf.d/.gitignore as a placeholder
|
2023-08-24 16:12:43 +03:00 |
|
|
27dacbf5f8
|
systemd-networkd: add commented RequiredFamilyForOnline= under [Link]
|
2023-08-23 14:40:18 +03:00 |
|
|
2e1a5cbfe1
|
chrony: add ca-certificates.conf to explicitly specify their location
|
2023-08-20 11:13:51 +03:00 |
|
|
5120a7aff8
|
update submodule jauderho-nts-servers
|
2023-08-20 11:13:28 +03:00 |
|
|
78bb0cdcc8
|
etc/resolv.tsv: add Applied Privacy
|
2023-08-05 12:36:20 +03:00 |
|
|
9fdeb56762
|
unbound.service.d: add fedora-network-pre.conf
|
2023-08-04 13:09:58 +03:00 |
|
|
34b4ffb8ac
|
unbound/dns-over-tls.conf: cut to 443 and private ECS capable non-filtering servers
|
2023-08-04 12:45:03 +03:00 |
|
|
d024ac1234
|
Revert "rm etc/unbound/unbound.conf.d/dns-over-tls.conf"
This reverts commit e9998f4079 .
|
2023-08-04 12:27:41 +03:00 |
|
|
db6bdd6222
|
unbound.service.d: override to require dnsproxy for starting
|
2023-08-03 12:43:10 +03:00 |
|
|
6fdfad9e93
|
dnsproxy.service: return to network-pre.target
|
2023-08-03 12:41:58 +03:00 |
|
|
5acec4c00e
|
dnsproxy.service: second-guess to start after network-noline.target and before unbound.service?
|
2023-08-03 12:15:24 +03:00 |
|
|
809d723293
|
systemd: fix symlinks to never-fail.conf
Technically they would still work through the yggdrasil symlink, but I don't like it
|
2023-08-03 11:54:01 +03:00 |
|
|
bbd7a02b60
|
dnsproxy.service: start before network management and hope it handles dynamic network conditions
|
2023-08-03 11:50:52 +03:00 |
|
|
918bdc2a97
|
systemd: move never-fail to more appropiate location
|
2023-08-03 11:50:12 +03:00 |
|
|
f3c9d1006b
|
update submodule etc/chrony/sources.d/jauderho-nts-servers
|
2023-07-29 21:31:46 +03:00 |
|
|
2738d239ce
|
etc/yum.repos.d: add librewolf-repo.repo
|
2023-07-13 12:24:14 +03:00 |
|
|
eab5c3b07e
|
systemd/network: add number prefixes as per man systemd.network
|
2023-07-05 10:57:03 +03:00 |
|
|
5749b2c0fa
|
update submodule etc/chrony/sources.d/jauderho-nts-servers
|
2023-07-04 11:46:33 +03:00 |
|
|
a13a0dd86b
|
systemd-networkd: match naming with types
|
2023-07-04 11:45:29 +03:00 |
|
|
8cc9353374
|
systemd-networkd: configure based on type rather than name, add a comment on MACAddress matching
Resolves: warnings on potentially unpredictable interface names.
|
2023-07-04 11:24:29 +03:00 |
|
|
d3c613bc41
|
etc/iwd/main.conf: add spacing, comment AddressRandomization=disabled for Realtek
|
2023-06-25 17:58:41 +03:00 |
|
|
30253761b3
|
systemd/network: enable IPv6 Privacy Extensions and link-local stable-privacy
|
2023-06-25 14:13:00 +03:00 |
|
|
cbdfc0f46d
|
systemd-networkd: unmanage wlan0
|
2023-06-25 10:36:29 +03:00 |
|
|
6159876f05
|
unbound/blocklist.conf: add {reddit,twitter}.com to support the protest
|
2023-06-11 18:53:16 +03:00 |
|
|
f61d8c3edb
|
systemd/dnsproxy.service: use the same DNS0 for bootstrap as DoH
|
2023-06-11 08:56:04 +03:00 |
|
|
c54a8c0a10
|
update submodule etc/chrony/sources.d/jauderho-nts-servers
|
2023-06-10 08:20:22 +03:00 |
|
|
7ac9b9a7cc
|
etc/unbound/blocklist: remove duplicates, add graph.facebook.com
`local-zone: "google-analytics.com." always_refuse` implies subdomains
|
2023-06-06 12:09:48 +03:00 |
|
|
5d00ccaf6b
|
unbound: add blocklist-tld.conf mainly for zip & mov
|
2023-05-28 10:36:52 +03:00 |
|
|
1b1514f993
|
systemd: add masks required by tlp as a note to self
|
2023-05-25 07:48:22 +03:00 |
|
|
8fb52ec8f2
|
add shfmt
|
2023-05-18 11:58:51 +03:00 |
|
|
687a6433bb
|
add & run prettier-plugin-nginx
|
2023-05-18 11:35:13 +03:00 |
|
|
e0dc070cd1
|
etc/nginx: append .nginx to file names
in preparation of prettier-nginx
|
2023-05-18 11:17:24 +03:00 |
|
|
ca2956b678
|
unbound/blocklist: note encrypted client hello
|
2023-05-13 17:17:20 +03:00 |
|
|
603ac4a011
|
unbound/blocklist.conf: remove Mozilla Telemetry
|
2023-05-13 17:16:17 +03:00 |
|
|
fdeab81c2b
|
unbound/blocklist.conf: add matrix.to as dared by !KMbEUhVQHLwZHmwzKX:matrix.org
|
2023-05-13 17:14:45 +03:00 |
|
|
19f3a0b720
|
update submodule jauderho-nts-servers
|
2023-05-12 09:30:28 +03:00 |
|
|
58ead9302c
|
etc/apt/sources.list: keep adding non-free-firmwares
Fixes: 94d26e811a
Resolves: #159
|
2023-05-12 09:29:32 +03:00 |
|