Mikaela
/
shell-things
mirror of https://gitea.blesmrt.net/mikaela/shell-things.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
3,056 Commits 1 Branch 0 Tags 5.8 MiB
Commit Graph

1140 Commits

Author SHA1 Message Date
Aminda Suomalainen 8fe7ff55e6
chromium: add managed black-theme-colour & recommended apps-as-homepage, disable-default-browser-check 2024-04-27 10:08:43 +03:00
Aminda Suomalainen b76b7cac5c
systemd/user: review vpn wants, rm transmission-daemon copy-paste 2024-04-27 08:34:46 +03:00
Aminda Suomalainen 2113b593e7
Chromium & Firefox: force Bitwarden (for passkeys) 2024-04-27 08:32:39 +03:00
Aminda Suomalainen da85d0d9c7
firefox & chromium: allow PrivacyPass attestor & Keyoxide.org 2024-04-27 08:31:05 +03:00
Aminda Suomalainen 61dc3706ab
systemd/{chrony,i2pd,yggdrasil}.service.d/mullvad-exclude.conf: fix mistakes and Requires= 2024-04-26 17:43:37 +03:00
Aminda Suomalainen 1b64bc5e13
systemd/service.d: fix typo & use Requires= where appropiate 2024-04-26 17:38:33 +03:00
Aminda Suomalainen db7de1c3e4
systemd/service.d/unbound-wanted.conf: break circular skipping by removing After= 2024-04-26 17:35:31 +03:00
Aminda Suomalainen 7f410148e3
aminda-nocron-rebootish.service: repeat that dns should be running 2024-04-26 16:13:39 +03:00
Aminda Suomalainen 1d7308e74e
unbound: explicitly enable ede and it's log 2024-04-26 13:53:50 +03:00
Aminda Suomalainen 2f585209e7
matterbridge-cleanup.timer: use more human friendly term minutely on OnCalendar= 2024-04-26 13:21:20 +03:00
Aminda Suomalainen 65f58dc224
systemd: aminda-nocron-rebootish.{service,timer} is a delayed variant of -ish 2024-04-26 13:16:33 +03:00
Aminda Suomalainen c55b20a89a
move systemd user units from conf/systemd/user to etc/systemd/user 
symlink remains to show what is the correct location
 2024-04-26 13:05:08 +03:00
Aminda Suomalainen b36fe67bc3
systemd/user: attempt to flatpak-update-user.{service,timer} 2024-04-26 13:03:05 +03:00
Aminda Suomalainen b8f720fa7f
aminda-nocron-reboot.timer: fix typo in comment 2024-04-26 12:48:47 +03:00
Aminda Suomalainen 9e38fdf223
aminda-nocron-reboot.timer: add RemainAfterElapse=false 2024-04-26 12:37:55 +03:00
Aminda Suomalainen 90b64c9543
systemd: rename aminda-nocron -> aminda-nocron-reboot for clarity 
also opens up aminda-nocron-hourly etc.
 2024-04-26 12:30:58 +03:00
Aminda Suomalainen b0ec7cffde
chromium/README: EnableOnlineRevocationChecks does also enable CRL 2024-04-26 11:27:11 +03:00
Aminda Suomalainen 16d2f74135
systemd/aminda-nocron.service: explicitly start DNS too 2024-04-26 11:08:15 +03:00
Aminda Suomalainen def77bc4c3
systemd: add aminmda-nocron.{service,timer} for my @reboot crontabs for cronless systems (SteamOS) 2024-04-26 10:43:08 +03:00
Aminda Suomalainen 901dbfe138
etc/hosts: attempt to increase legibility by adding leading and trailing # 2024-04-25 19:45:11 +03:00
Aminda Suomalainen 21b59adfd2
etc/hosts/hostname: copy Debian behaviour as a good practice 2024-04-25 19:40:56 +03:00
Aminda Suomalainen fb65f717fc
etc: cleanup symlinks/files handled by init-browser-policies.bash 
They brought no value to me, just confused me in git forges by clicktrapping me and not following the symlinks
 2024-04-25 17:31:09 +03:00
Aminda Suomalainen 6375d55b8f
systemd-resolved/mullvad: default to base for consistency with unbound 2024-04-25 17:27:55 +03:00
Aminda Suomalainen 17e0b68d20
unbound: add dot-mullvad.conf defalting on base 
I found myself missing this on an old family PC that has limited resources and as I didn't have this file at hand, I just went with AdGuard which will work too.
 2024-04-25 17:24:41 +03:00
Aminda Suomalainen a17ff2903a
unbound/nordvpn-domains.conf: add comments/sources, fix duplicate zone, add missing domains 2024-04-25 15:07:37 +03:00
Aminda Suomalainen bbeb1d3e02
unbound/nordvpn: rename, send only their domains to them 2024-04-25 14:34:47 +03:00
Aminda Suomalainen 046b9c5f1a
systemd: use more descriptive drop-in name unbound-wanted.conf instead of unbound.conf 2024-04-25 14:10:26 +03:00
Aminda Suomalainen 1ea9fff29a
chromium: declare more things as .badidea 2024-04-25 14:01:54 +03:00
Aminda Suomalainen f87c4899b6
chromium: add dns-over-https.json.badidea and declare it as a bad idea 2024-04-25 13:57:01 +03:00
Aminda Suomalainen 861b35c25f
systemd-resolved: add the other applied-privacy.net port too 2024-04-25 13:47:18 +03:00
Aminda Suomalainen 342e3116a6
systemd-resolved: another attempt at local resolvers 2024-04-25 13:45:37 +03:00
Aminda Suomalainen d17ad34650
unbound/dns-over-tls.conf: note Applied Privacy does no ECS, add 853, add Quad9 unfiltered (ECS commented) 2024-04-25 13:26:01 +03:00
Aminda Suomalainen 52b0807fcb
systemd/yggdrasil.service.d: rename nordvpnd to restore-ipv6.conf 2024-04-25 12:52:30 +03:00
Aminda Suomalainen 520470e3dd
systemd: add firewalld-icmpv6.conf as drop-in 2024-04-25 12:51:03 +03:00
Aminda Suomalainen 45cf5ecf61
opt/chromium/policies/managed: update documentation about working preferred over ECH enforced 2024-04-25 11:00:40 +03:00
Aminda Suomalainen 32883d5c73
chromium: allow DoH downgrade to at least work. Breaks ECH :( 2024-04-25 08:15:28 +03:00
Aminda Suomalainen 7c80e2c329
NetworkManager: paws-off-my-resolv.conf 2024-04-24 18:21:33 +03:00
Aminda Suomalainen 38152ab152
etc/sudoers.d: add vim modelines just in case 
I think it autodetected them correctly though
 2024-04-24 18:16:42 +03:00
Aminda Suomalainen 505c6ec74a
etc/hosts: add hosts.steamos 2024-04-24 18:15:50 +03:00
Aminda Suomalainen 7113fda702
sudoers.d/nordvpnd: add restarting unbound & systemd-resolved 2024-04-24 18:00:00 +03:00
Aminda Suomalainen 32c5da4422
etc/resolv.conf-generate.bash: also be verbose with chattr & chmod 2024-04-24 12:09:15 +03:00
Aminda Suomalainen 9b01bc5260
etc/hosts/README.md: add forgotten blocklist and formatting 2024-04-24 11:55:35 +03:00
Aminda Suomalainen c00f750d96
etc/resolv.conf-generate.bash: simple resolv.conf writer the way I want 2024-04-24 11:06:35 +03:00
Aminda Suomalainen fa9da0901d
etc/hosts/blocklist: initial commit 2024-04-24 09:21:42 +03:00
Aminda Suomalainen b36ba70a70
systemd/service.d: add resolv.conf example with warnings 2024-04-24 07:31:10 +03:00
Aminda Suomalainen bdcd7249c3
etc/resolv.conf: fix comment 2024-04-23 16:47:03 +03:00
Aminda Suomalainen 95e17d0a49
resolv.conf: remove rotate comments, attempt to explain the logic behind timeout & attempts 2024-04-23 16:23:36 +03:00
Aminda Suomalainen 425af3eabf
etc/resolv.conf: specify timeout 1 and attempts 5 2024-04-23 16:03:49 +03:00
Aminda Suomalainen 70ed890742
dnf/protected.d: add README.md, aminda-{desktop,essentials}.conf 2024-04-23 07:51:29 +03:00
Aminda Suomalainen 4dac26e46e
dnf: also protect unbound 2024-04-23 07:41:49 +03:00
Aminda Suomalainen b0f7876436
etc/dnf/protected.d: add systemd-{networkd,resolved}.conf 2024-04-23 07:29:18 +03:00
Aminda Suomalainen f41e80d66a
hosts/dns: comment where it begins and where it ends 2024-04-22 17:11:03 +03:00
Aminda Suomalainen 97c2e74220
etc/hosts: attempt to perform the bad idea of well-known DNS servers here instead 2024-04-22 16:24:51 +03:00
Aminda Suomalainen 4560e776df
systemd-{resolved,networkd}: just break things 2024-04-22 15:43:50 +03:00
Aminda Suomalainen 886b8dbfbd
unbound.conf.d: well-known-dns.conf -> well-known-dns.conf.badidea 
This will break DNSSEC and a lot of things.
 2024-04-22 15:39:47 +03:00
Aminda Suomalainen 4acd22dc37
systemd-networkd: add untested none (Yggdrasil) & wireguard configuration 2024-04-22 15:17:14 +03:00
Aminda Suomalainen 6ea0a570dd
systemd-networkd: match systemd-resolved configuration 2024-04-22 15:12:07 +03:00
Aminda Suomalainen dea732d15b
systemd-resolved: attempt to simplify configuration 2024-04-22 15:08:03 +03:00
Aminda Suomalainen f976c9a530
etc/resolv.conf: comment rotate, remove bad search domain comment 2024-04-22 14:51:58 +03:00
Aminda Suomalainen 895359ff67
etc/resolv.conf: add warning about mixing systemd-resolved & unbound 2024-04-22 14:50:37 +03:00
Aminda Suomalainen 903e38f307
systemd-networkd: unset other DNS 2024-04-22 13:32:12 +03:00
Aminda Suomalainen 7be1800002
systemd-networkd: disable DNSSEC/DNSOverTLS by default as localhost 2024-04-22 13:16:14 +03:00
Aminda Suomalainen 3d58aee508
systemd-networkd/10-ether.network: mention unmanaged/NetworkManager 2024-04-22 13:09:28 +03:00
Aminda Suomalainen e56e5e1909
systemd-networkd: remove comment I don't stand behind 2024-04-22 13:05:58 +03:00
Aminda Suomalainen 02c434b81b
systemd-networkd: list local DNS resolvers 2024-04-22 12:59:38 +03:00
Aminda Suomalainen 44b6e5b618
systemd-networkd: add DNSSEC & DNSOverTLS & search domains 2024-04-22 12:25:25 +03:00
Aminda Suomalainen 945ca0462d
Revert "systemd-networkd: attempt to deduplicate by cutting into 10-global.network" 
This reverts commit 19b6fbef3c.
 2024-04-22 12:21:56 +03:00
Aminda Suomalainen 06787a38de
resolved/00-no-local-resolver.conf: comment local resolver since I break DNSSEC 2024-04-22 12:14:34 +03:00
Aminda Suomalainen 19b6fbef3c
systemd-networkd: attempt to deduplicate by cutting into 10-global.network 2024-04-22 12:07:39 +03:00
Aminda Suomalainen aac3ccdec3
unbound/well-known-dns.conf: add CNAMEs one.one.one.one & dns.google.com 2024-04-22 11:26:46 +03:00
Aminda Suomalainen dc6fc85174
chromium: exclude bittimittari.fi 2024-04-22 10:09:28 +03:00
Aminda Suomalainen fe1970cfd9
chromium: add brave IPFS disabling policy 
IPFS is known for killing routers and having it on two machines while trying to VoIP with a lot of people, it gets a bit too heavy
 2024-04-22 10:03:53 +03:00
Aminda Suomalainen abd21e008a
well-known-dns.conf: typetransparent subdomains just in case 
Theoretically the higher level domain affects them too, but in practice I am unsure and I have previously only used always_reject for google-analytics & subdomains blocking. It at least isn't causing warnings or errors.
 2024-04-22 07:42:53 +03:00
Aminda Suomalainen 579e98f27c
unbound/well-known-dns.conf: use typetransparent so non-local queries won't get NODATA 2024-04-22 07:28:55 +03:00
Aminda Suomalainen 623a9150fd
unbound: merge 00-insecure-domains.conf into blocklist.conf 2024-04-22 07:10:18 +03:00
Aminda Suomalainen 892feb3c1b
unbound/blocklist: add fritz.box. 2024-04-22 07:06:21 +03:00
Aminda Suomalainen c90b551ac4
chromium: merge doh-forced to the doh files due to it being required anyway, update documentation, rename doh-allowed → doh-unlocked-unset 2024-04-21 14:00:39 +03:00
Aminda Suomalainen 4a47d14069
resolved.conf.d: add dot-trex.conf symlink and explaining comments like in unbound 2024-04-21 13:14:53 +03:00
Aminda Suomalainen ce9159e756
unbound/dot-quad9.conf: prettier sorting 2024-04-21 13:13:41 +03:00
Aminda Suomalainen 7379241a20
chromium: add the rest of Quad9 & update README.md 2024-04-21 11:35:28 +03:00
Aminda Suomalainen 3540f2442e
chromium/doh-quad9*: add alternative port as Chromium allows multiple 2024-04-21 11:28:07 +03:00
Aminda Suomalainen eb47fac4cb
systemd-resolved: add vim modelines 2024-04-21 10:58:45 +03:00
Aminda Suomalainen f126e681a2
systemd-resolved: split applied-privacy#443 to its own file as resolved configs don't exclude each other 2024-04-21 10:57:25 +03:00
Aminda Suomalainen a0ccd790ab
unbound & systemd-resolved: add Quad9 alternative port 2024-04-21 10:54:22 +03:00
Aminda Suomalainen e64e4e7fd0
firefox: DisableEncryptedClientHello: false 
I am not sure if this does anything, I just saw a message in logs and it didn't trigger an error
 2024-04-21 10:13:29 +03:00
Aminda Suomalainen 6a97040386
firefox: add IPvFoo* 2024-04-21 10:08:43 +03:00
Aminda Suomalainen 069da00a38
Chromium: add IPvFoo* and note that users should go through extensions 2024-04-21 09:58:30 +03:00
Aminda Suomalainen e6bd2b13ad
unbound: add TREX upstream configuration 2024-04-20 20:25:48 +03:00
Aminda Suomalainen a7cf718453
uncound/well-known-dns.conf: add DNS0 {Zero,Kids,Open} 2024-04-20 17:59:46 +03:00
Aminda Suomalainen 41c65344f1
chromium: add dot-dns0-{kids,open,zero}.json 2024-04-20 17:53:33 +03:00
Aminda Suomalainen 437ec3b49c
chromium/doh-dns0.json: add trailing / as Chromium requires it (or fails every DNS request) 2024-04-20 17:50:57 +03:00
Aminda Suomalainen 422ab0de4e
libreawoo, unbound & resolved: uncomment Quad9 default, comment ECS 2024-04-20 17:50:12 +03:00
Aminda Suomalainen bec7f8bbaa
separate local/share/applications & etc/xdg/autostart 2024-04-20 12:14:02 +03:00
Aminda Suomalainen ffc4c53615
sudoers/nordvpnd: allow chronyc online 2024-04-20 11:56:14 +03:00
Aminda Suomalainen c9cad77caf
move etc/xdg/autostart to more descriptive location of local/share/applications 2024-04-20 11:18:33 +03:00
Aminda Suomalainen 9bd3a05d5b
clean up old desktop entries I cannot see myself using 2024-04-20 11:13:02 +03:00
Aminda Suomalainen cebcec5792
add syncplay.desktop 2024-04-20 11:07:03 +03:00
Aminda Suomalainen 8e296b5a25
add mpv.desktop that avoids pseudo-gui 2024-04-20 11:04:30 +03:00
Aminda Suomalainen 24c9209cbe
add/fix desktop entries for wrappers firefox, steam, thunderbird 2024-04-20 10:58:09 +03:00
Aminda Suomalainen 4c841781b3
add/fix libreawoo & firefox desktop entries 2024-04-20 10:50:09 +03:00