Commit Graph

790 Commits

Author SHA1 Message Date
5419ff1bc7
move submodule to submodules/ 2023-10-09 12:50:52 +03:00
b8f1aa69dd
unbound/00-insecure-domains.conf: add router.asus.com 2023-10-07 13:10:07 +03:00
1eeef2f511
resolved: add dot-quad9-ecs-appliedprivacy.conf for Steam Deck purposes 2023-10-01 19:06:46 +03:00
5297140958
systemd/limnoria.service: place limit on memory, commented cpuquote 2023-10-01 10:47:06 +03:00
024fd40e87
git rm etc/hosts.append
https://gitea.blesmrt.net/mikaela/gist/src/branch/master/DNS/blocklist.txt
2023-09-30 17:39:47 +03:00
d7acebbe45
chrony/sources.d/yggdrasil: remove Teknologia Avoimeksi 2023-09-30 17:38:45 +03:00
10a841acfe
systemd/journald.conf.d: add 00-journal-size.conf 2023-09-29 15:06:41 +03:00
c32910df57
systemd/syncplay-server.service: use venv
Resolves: #145

Thanks again @EchedeyLR
2023-09-29 10:57:06 +03:00
a4b7bdb51a
systemd/limnoria: use venv & update Ergo's name
Thanks @EchedeyLR (ref: mikaela/shell-things#145)
2023-09-29 10:39:44 +03:00
2c47aaae48
sshd_config.d/README.md: fix formatting, note priority 2023-09-28 14:35:21 +03:00
c0fcc82c4d
sshd_config: add 00- prefix to basic-security.conf as apparently first wins in ssh 2023-09-28 14:34:13 +03:00
f20e23df42
sshd_config.d: maybe keyed root login is fine in special case of SteamOS on Steam Deck? 2023-09-27 18:02:50 +03:00
71a8913d37
update submodule etc/chrony/sources.d/jauderho-nts-servers 2023-09-27 12:21:32 +03:00
dfcbc7e971
systemd/timesyncd.conf.d: sync sources from Chrony
This is for SteamOS, although without Yggdrasil (that I am not hacking in
yet) and NTS which systemd-timesyncd doesn't do to my knowledge
2023-09-27 12:16:55 +03:00
9429b48aaa
etc/iwd/main.conf: throw in comments on defaults 2023-09-26 17:33:12 +03:00
ce7ab5ea40
grub/forcefsck: add fsck.repair=yes 2023-09-24 17:26:40 +03:00
49d6dfc766
update submodule etc/chrony/sources.d/jauderho-nts-servers 2023-09-17 20:29:37 +03:00
24eb3890c2
systemd-resolved: prefer IPv6 over IPv4 2023-09-10 11:16:57 +03:00
1e3a7f8fa3
systemd-resolved/dns-over-tls.conf: drop appliedprivacy#443 to the bottom of the list
Apparently systemd-resolved wants to go in strict order and thus it's always sending my queries to distant Austria instead of neighbouring regions
2023-09-10 11:10:39 +03:00
e2829267d7
systemd: add debugging & symlinks for networkd, resolved, never-fail networkd 2023-09-10 11:07:11 +03:00
c7b5330dfb
systemd/resolved/dot: add missing bracket, remove extra ones
Apparently IPv6 must only be surrounded by brackets, otherwise it's invalid syntax
2023-09-10 09:52:59 +03:00
1d8e457f97
systemd-resolved: add dns-over-tls.conf mimicing unbound's equivalent 2023-09-10 09:31:35 +03:00
4d68dd7e7f
systemd: add journald.conf.d/.gitignore as a placeholder 2023-08-24 16:12:43 +03:00
27dacbf5f8
systemd-networkd: add commented RequiredFamilyForOnline= under [Link] 2023-08-23 14:40:18 +03:00
2e1a5cbfe1
chrony: add ca-certificates.conf to explicitly specify their location 2023-08-20 11:13:51 +03:00
5120a7aff8
update submodule jauderho-nts-servers 2023-08-20 11:13:28 +03:00
78bb0cdcc8
etc/resolv.tsv: add Applied Privacy 2023-08-05 12:36:20 +03:00
9fdeb56762
unbound.service.d: add fedora-network-pre.conf 2023-08-04 13:09:58 +03:00
34b4ffb8ac
unbound/dns-over-tls.conf: cut to 443 and private ECS capable non-filtering servers 2023-08-04 12:45:03 +03:00
d024ac1234
Revert "rm etc/unbound/unbound.conf.d/dns-over-tls.conf"
This reverts commit e9998f4079.
2023-08-04 12:27:41 +03:00
db6bdd6222
unbound.service.d: override to require dnsproxy for starting 2023-08-03 12:43:10 +03:00
6fdfad9e93
dnsproxy.service: return to network-pre.target 2023-08-03 12:41:58 +03:00
5acec4c00e
dnsproxy.service: second-guess to start after network-noline.target and before unbound.service? 2023-08-03 12:15:24 +03:00
809d723293
systemd: fix symlinks to never-fail.conf
Technically they would still work through the yggdrasil symlink, but I don't like it
2023-08-03 11:54:01 +03:00
bbd7a02b60
dnsproxy.service: start before network management and hope it handles dynamic network conditions 2023-08-03 11:50:52 +03:00
918bdc2a97
systemd: move never-fail to more appropiate location 2023-08-03 11:50:12 +03:00
f3c9d1006b
update submodule etc/chrony/sources.d/jauderho-nts-servers 2023-07-29 21:31:46 +03:00
2738d239ce
etc/yum.repos.d: add librewolf-repo.repo 2023-07-13 12:24:14 +03:00
eab5c3b07e
systemd/network: add number prefixes as per man systemd.network 2023-07-05 10:57:03 +03:00
5749b2c0fa
update submodule etc/chrony/sources.d/jauderho-nts-servers 2023-07-04 11:46:33 +03:00
a13a0dd86b
systemd-networkd: match naming with types 2023-07-04 11:45:29 +03:00
8cc9353374
systemd-networkd: configure based on type rather than name, add a comment on MACAddress matching
Resolves: warnings on potentially unpredictable interface names.
2023-07-04 11:24:29 +03:00
d3c613bc41
etc/iwd/main.conf: add spacing, comment AddressRandomization=disabled for Realtek 2023-06-25 17:58:41 +03:00
30253761b3
systemd/network: enable IPv6 Privacy Extensions and link-local stable-privacy 2023-06-25 14:13:00 +03:00
cbdfc0f46d
systemd-networkd: unmanage wlan0 2023-06-25 10:36:29 +03:00
6159876f05
unbound/blocklist.conf: add {reddit,twitter}.com to support the protest 2023-06-11 18:53:16 +03:00
f61d8c3edb
systemd/dnsproxy.service: use the same DNS0 for bootstrap as DoH 2023-06-11 08:56:04 +03:00
c54a8c0a10
update submodule etc/chrony/sources.d/jauderho-nts-servers 2023-06-10 08:20:22 +03:00
7ac9b9a7cc
etc/unbound/blocklist: remove duplicates, add graph.facebook.com
`local-zone: "google-analytics.com." always_refuse` implies subdomains
2023-06-06 12:09:48 +03:00
5d00ccaf6b
unbound: add blocklist-tld.conf mainly for zip & mov 2023-05-28 10:36:52 +03:00
1b1514f993
systemd: add masks required by tlp as a note to self 2023-05-25 07:48:22 +03:00
8fb52ec8f2
add shfmt 2023-05-18 11:58:51 +03:00
687a6433bb
add & run prettier-plugin-nginx 2023-05-18 11:35:13 +03:00
e0dc070cd1
etc/nginx: append .nginx to file names
in preparation of prettier-nginx
2023-05-18 11:17:24 +03:00
ca2956b678
unbound/blocklist: note encrypted client hello 2023-05-13 17:17:20 +03:00
603ac4a011
unbound/blocklist.conf: remove Mozilla Telemetry 2023-05-13 17:16:17 +03:00
fdeab81c2b
unbound/blocklist.conf: add matrix.to as dared by !KMbEUhVQHLwZHmwzKX:matrix.org 2023-05-13 17:14:45 +03:00
19f3a0b720
update submodule jauderho-nts-servers 2023-05-12 09:30:28 +03:00
58ead9302c
etc/apt/sources.list: keep adding non-free-firmwares
Fixes: 94d26e811a
Resolves: #159
2023-05-12 09:29:32 +03:00
42f1c58fa0
etc/yum.repos.d: add vivaldi 2023-05-08 20:54:22 +03:00
442a4fb89a
update submodules 2023-05-04 15:57:12 +03:00
94d26e811a
etc/apt/sources.list: enable non-free-firmware for Debians
Resolves: #159
2023-04-10 17:07:48 +03:00
8309e9254e
ssh_config: StrictHostKeyChecking accept-new 2023-04-03 11:03:48 +03:00
0a5e526cc5
systemd-networkd/eth0: don't require being up
Resolves: #157
2023-03-31 13:33:27 +03:00
5f6bddfe8a
systemd: add NetworkManager-wait-online.service & systemd-networkd-wait-online.service to refresh my memory 2023-03-25 18:32:23 +02:00
bae5e38347
etc/samba/playstation2.conf: apparently both log level & syslog lines are needed 2023-03-25 12:12:57 +02:00
3e9331c84f
etc/samba/playstation2.conf: move deadtime & keepalive to [global] 2023-03-25 12:05:43 +02:00
4757f05060
etc/samba/playstation2.conf: fix logging? 2023-03-25 12:03:54 +02:00
f43106f002
etc/samba/playstation2.conf: enable logging 2023-03-25 11:55:54 +02:00
e491a114a1
etc/samba/playstation2.conf: disable deadtime, shorten keepalive 2023-03-25 11:46:33 +02:00
7ea097c6fe
etc/resolv.conf: search for .
Resolves: #156
2023-03-24 10:37:52 +02:00
6333883dc3
etc/samba/playstation2.conf: document issues coming up with real hardware 2023-03-14 16:57:14 +02:00
30684318aa
etc/resolv.tsv: test ECS support of some empty fields 2023-03-11 15:54:04 +02:00
33301bb8e5
etc/chrony/sources.d: update submodule 2023-03-11 08:18:48 +02:00
cc0e5514ab
etc/chrony/sources.d: update submodule, add license information, add German servers 2023-03-10 09:49:35 +02:00
4f7d891f68
jauderho-nts-servers: update submodule 2023-03-09 11:45:58 +02:00
1b113e0c3e
etc/systemd/network: add commented DHCP=yes 2023-03-07 15:02:13 +02:00
514ed85374
etc/systemd/network: update samples and comments to reflect my current views 2023-03-07 14:46:28 +02:00
d51d8e810a
update submodule, symlink 2023-03-07 12:08:53 +02:00
a80342b82b
etc/samba/playstation2.conf: rename share to PS2SMB, update comments 2023-03-03 17:14:19 +02:00
e265916ba1
etc/samba/playstation2.conf: initial commit 2023-03-03 09:54:02 +02:00
e9998f4079
rm etc/unbound/unbound.conf.d/dns-over-tls.conf
I think the file is inherently flawed due to different types of filtering/non-filtering resolvers, different locations, unknown ECS policies etc. Importantly I am not actively looking at this and just came across old version running in production
2023-02-26 09:15:19 +02:00
5350804d41
etc/resolv.tsv: remove /fi/ from DNS0.eu ECS links 2023-02-25 14:33:52 +02:00
e839c83f53
etc/resolv.tsv: add EDNS Client-Subnet support & sources 2023-02-25 14:12:39 +02:00
e520e78c1a
etc/resolv.tsv: add/update AdGuard 2023-02-25 13:58:47 +02:00
06f6f2f2a6
etc/resolv.conf: uncomment trust-ad
less dd to press when actually applying this
2023-02-24 08:43:41 +02:00
faf242d8ca
etc/yum.repos.d: add brave beta & nightly
Yes, the upstream instructions say nightly and beta have the same key
2023-02-23 21:28:52 +02:00
0cfb5859ad
dnsproxy: remove --user that doesn't apply anymore 2023-02-23 14:31:48 +02:00
4761b94331
dnsproxy.service: convert to system service 2023-02-23 14:25:12 +02:00
9bdc67dd29
unbound & systmed-resolved: add DNS0 open
Ref: #153
2023-02-23 10:11:03 +02:00
cc5e7b7225
unbound: add DNS0 & DNS0 zero DoT config
Resolves: #153
2023-02-22 10:58:04 +02:00
a2c3d9248d
fix ends of lines 2023-02-21 20:11:35 +02:00
b39b5db0d4
run prettier on markdown again? 2023-02-21 19:33:31 +02:00
2e6a03d402
sastisfy editorconfig check 2023-02-21 19:08:54 +02:00
19994e3286
run prettier 2023-02-21 17:54:39 +02:00
fcb57144c9
chmod -x *.desktop && add .pre-commit-config.yaml 2023-02-21 16:16:33 +02:00
1706269308
etc/resolv.tsv: add dns0 open
Resolves: #154
2023-02-21 12:57:55 +02:00
1385bf6105
ssh_config: comment ProxyCommand
I just keep disabling it anyway so it's more harm than good
2023-02-21 10:11:34 +02:00
4a20f75d3c
etc/systemd/resolved.conf.d: add DNS0 DoT configs
Their website already had the correct syntax for the entries

Ref: #153
2023-02-20 11:49:31 +02:00
8e3244f785
etc/resolv.tsv: add mobileconfig links
This is just the official ones I found, I could link to encrypted-dns.party, but that is a task for later, I can find it without this file

Resolves: #152
2023-02-20 11:43:32 +02:00