Mikaela
/
shell-things
mirror of https://gitea.blesmrt.net/mikaela/shell-things.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
3,056 Commits 1 Branch 0 Tags 5.8 MiB
Commit Graph

1140 Commits

Author SHA1 Message Date
Aminda Suomalainen b0f7876436
etc/dnf/protected.d: add systemd-{networkd,resolved}.conf 2024-04-23 07:29:18 +03:00
Aminda Suomalainen f41e80d66a
hosts/dns: comment where it begins and where it ends 2024-04-22 17:11:03 +03:00
Aminda Suomalainen 97c2e74220
etc/hosts: attempt to perform the bad idea of well-known DNS servers here instead 2024-04-22 16:24:51 +03:00
Aminda Suomalainen 4560e776df
systemd-{resolved,networkd}: just break things 2024-04-22 15:43:50 +03:00
Aminda Suomalainen 886b8dbfbd
unbound.conf.d: well-known-dns.conf -> well-known-dns.conf.badidea 
This will break DNSSEC and a lot of things.
 2024-04-22 15:39:47 +03:00
Aminda Suomalainen 4acd22dc37
systemd-networkd: add untested none (Yggdrasil) & wireguard configuration 2024-04-22 15:17:14 +03:00
Aminda Suomalainen 6ea0a570dd
systemd-networkd: match systemd-resolved configuration 2024-04-22 15:12:07 +03:00
Aminda Suomalainen dea732d15b
systemd-resolved: attempt to simplify configuration 2024-04-22 15:08:03 +03:00
Aminda Suomalainen f976c9a530
etc/resolv.conf: comment rotate, remove bad search domain comment 2024-04-22 14:51:58 +03:00
Aminda Suomalainen 895359ff67
etc/resolv.conf: add warning about mixing systemd-resolved & unbound 2024-04-22 14:50:37 +03:00
Aminda Suomalainen 903e38f307
systemd-networkd: unset other DNS 2024-04-22 13:32:12 +03:00
Aminda Suomalainen 7be1800002
systemd-networkd: disable DNSSEC/DNSOverTLS by default as localhost 2024-04-22 13:16:14 +03:00
Aminda Suomalainen 3d58aee508
systemd-networkd/10-ether.network: mention unmanaged/NetworkManager 2024-04-22 13:09:28 +03:00
Aminda Suomalainen e56e5e1909
systemd-networkd: remove comment I don't stand behind 2024-04-22 13:05:58 +03:00
Aminda Suomalainen 02c434b81b
systemd-networkd: list local DNS resolvers 2024-04-22 12:59:38 +03:00
Aminda Suomalainen 44b6e5b618
systemd-networkd: add DNSSEC & DNSOverTLS & search domains 2024-04-22 12:25:25 +03:00
Aminda Suomalainen 945ca0462d
Revert "systemd-networkd: attempt to deduplicate by cutting into 10-global.network" 
This reverts commit 19b6fbef3c.
 2024-04-22 12:21:56 +03:00
Aminda Suomalainen 06787a38de
resolved/00-no-local-resolver.conf: comment local resolver since I break DNSSEC 2024-04-22 12:14:34 +03:00
Aminda Suomalainen 19b6fbef3c
systemd-networkd: attempt to deduplicate by cutting into 10-global.network 2024-04-22 12:07:39 +03:00
Aminda Suomalainen aac3ccdec3
unbound/well-known-dns.conf: add CNAMEs one.one.one.one & dns.google.com 2024-04-22 11:26:46 +03:00
Aminda Suomalainen dc6fc85174
chromium: exclude bittimittari.fi 2024-04-22 10:09:28 +03:00
Aminda Suomalainen fe1970cfd9
chromium: add brave IPFS disabling policy 
IPFS is known for killing routers and having it on two machines while trying to VoIP with a lot of people, it gets a bit too heavy
 2024-04-22 10:03:53 +03:00
Aminda Suomalainen abd21e008a
well-known-dns.conf: typetransparent subdomains just in case 
Theoretically the higher level domain affects them too, but in practice I am unsure and I have previously only used always_reject for google-analytics & subdomains blocking. It at least isn't causing warnings or errors.
 2024-04-22 07:42:53 +03:00
Aminda Suomalainen 579e98f27c
unbound/well-known-dns.conf: use typetransparent so non-local queries won't get NODATA 2024-04-22 07:28:55 +03:00
Aminda Suomalainen 623a9150fd
unbound: merge 00-insecure-domains.conf into blocklist.conf 2024-04-22 07:10:18 +03:00
Aminda Suomalainen 892feb3c1b
unbound/blocklist: add fritz.box. 2024-04-22 07:06:21 +03:00
Aminda Suomalainen c90b551ac4
chromium: merge doh-forced to the doh files due to it being required anyway, update documentation, rename doh-allowed → doh-unlocked-unset 2024-04-21 14:00:39 +03:00
Aminda Suomalainen 4a47d14069
resolved.conf.d: add dot-trex.conf symlink and explaining comments like in unbound 2024-04-21 13:14:53 +03:00
Aminda Suomalainen ce9159e756
unbound/dot-quad9.conf: prettier sorting 2024-04-21 13:13:41 +03:00
Aminda Suomalainen 7379241a20
chromium: add the rest of Quad9 & update README.md 2024-04-21 11:35:28 +03:00
Aminda Suomalainen 3540f2442e
chromium/doh-quad9*: add alternative port as Chromium allows multiple 2024-04-21 11:28:07 +03:00
Aminda Suomalainen eb47fac4cb
systemd-resolved: add vim modelines 2024-04-21 10:58:45 +03:00
Aminda Suomalainen f126e681a2
systemd-resolved: split applied-privacy#443 to its own file as resolved configs don't exclude each other 2024-04-21 10:57:25 +03:00
Aminda Suomalainen a0ccd790ab
unbound & systemd-resolved: add Quad9 alternative port 2024-04-21 10:54:22 +03:00
Aminda Suomalainen e64e4e7fd0
firefox: DisableEncryptedClientHello: false 
I am not sure if this does anything, I just saw a message in logs and it didn't trigger an error
 2024-04-21 10:13:29 +03:00
Aminda Suomalainen 6a97040386
firefox: add IPvFoo* 2024-04-21 10:08:43 +03:00
Aminda Suomalainen 069da00a38
Chromium: add IPvFoo* and note that users should go through extensions 2024-04-21 09:58:30 +03:00
Aminda Suomalainen e6bd2b13ad
unbound: add TREX upstream configuration 2024-04-20 20:25:48 +03:00
Aminda Suomalainen a7cf718453
uncound/well-known-dns.conf: add DNS0 {Zero,Kids,Open} 2024-04-20 17:59:46 +03:00
Aminda Suomalainen 41c65344f1
chromium: add dot-dns0-{kids,open,zero}.json 2024-04-20 17:53:33 +03:00
Aminda Suomalainen 437ec3b49c
chromium/doh-dns0.json: add trailing / as Chromium requires it (or fails every DNS request) 2024-04-20 17:50:57 +03:00
Aminda Suomalainen 422ab0de4e
libreawoo, unbound & resolved: uncomment Quad9 default, comment ECS 2024-04-20 17:50:12 +03:00
Aminda Suomalainen bec7f8bbaa
separate local/share/applications & etc/xdg/autostart 2024-04-20 12:14:02 +03:00
Aminda Suomalainen ffc4c53615
sudoers/nordvpnd: allow chronyc online 2024-04-20 11:56:14 +03:00
Aminda Suomalainen c9cad77caf
move etc/xdg/autostart to more descriptive location of local/share/applications 2024-04-20 11:18:33 +03:00
Aminda Suomalainen 9bd3a05d5b
clean up old desktop entries I cannot see myself using 2024-04-20 11:13:02 +03:00
Aminda Suomalainen cebcec5792
add syncplay.desktop 2024-04-20 11:07:03 +03:00
Aminda Suomalainen 8e296b5a25
add mpv.desktop that avoids pseudo-gui 2024-04-20 11:04:30 +03:00
Aminda Suomalainen 24c9209cbe
add/fix desktop entries for wrappers firefox, steam, thunderbird 2024-04-20 10:58:09 +03:00
Aminda Suomalainen 4c841781b3
add/fix libreawoo & firefox desktop entries 2024-04-20 10:50:09 +03:00
Aminda Suomalainen 93c60b21b2
finish chromium desktop files? 2024-04-20 10:43:17 +03:00
Aminda Suomalainen bbcb37c334
add libreawoo.desktop 2024-04-20 10:32:55 +03:00
Aminda Suomalainen 816157fc25
add initial desktop files for the scripts wrappers 2024-04-20 10:23:15 +03:00
Aminda Suomalainen 45f1c1078f
unbound/well-known-dns.conf: add Google DNS 2024-04-20 09:10:36 +03:00
Aminda Suomalainen 134622edad
unbound/well-known-dns.conf: add missing dots 2024-04-20 09:00:44 +03:00
Aminda Suomalainen e319c8aacf
unbound: restore and update blocklist.conf 
This reverts commit fe8ac1bbb7.
 2024-04-20 08:57:26 +03:00
Aminda Suomalainen c7633838de
unbound: fill well-known-dns.conf some more 2024-04-20 08:52:49 +03:00
Aminda Suomalainen dda5f2c110
chromium/enable-ech-ocsp.json: remove not strictly releated policies 2024-04-20 07:47:31 +03:00
Aminda Suomalainen 4a889dd9b4
sudoers.d/nordvpnd: add restarting of iwd & systemd-networkd 2024-04-20 07:42:40 +03:00
Aminda Suomalainen 6a87111f8b
unbound/well-known-dns.conf: initial commit 2024-04-19 19:58:23 +03:00
Aminda Suomalainen 1e22108950
unbound/00-insecure-domains.conf: qname minimization is not relevant here 2024-04-19 09:17:01 +03:00
Aminda Suomalainen 1a1bf9adb9
unbound/conf.d: add vim modelines/filetypes 2024-04-19 09:14:32 +03:00
Aminda Suomalainen b3eb6e06e7
unbound: add symlink for the Fedora name as I keep tab failing 2024-04-19 09:09:36 +03:00
Aminda Suomalainen 47e51ee38b
firefox policy: use Quad9 ECS as TRR 2024-04-19 08:48:57 +03:00
Aminda Suomalainen 39f2eb4f0f
chromium: add doh-cloudflare-secure.json, ECH notes 2024-04-19 08:24:29 +03:00
Aminda Suomalainen b248392e8a
systemd-resolved: think more on local resolvers or not 2024-04-18 14:31:56 +03:00
Aminda Suomalainen 4c4508ba36
unbound/dot-*quad9.conf: add DNS10 & DNS12 (commented), remove extra spaces 2024-04-18 11:16:20 +03:00
Aminda Suomalainen 9aa71de638
systemd-resolved/dot-quad9.conf: add commented DNS10 & DNS12 2024-04-18 11:08:23 +03:00
Aminda Suomalainen 5097076daf
unbound: also disable qname-minimization for DNSo53 forwarders 2024-04-17 16:03:23 +03:00
Aminda Suomalainen 363be56010
unbound: move to tls-ystem-cert from tls-cert-bundle & disable qname minimization for DoT forward-zones 2024-04-17 16:01:38 +03:00
Aminda Suomalainen bbab2f335d
resolv.tsv: sort 2024-04-17 15:42:34 +03:00
Aminda Suomalainen 9ba083f81f
resolv.tsv: add Quad9 unfiltered variants 2024-04-17 15:42:08 +03:00
Aminda Suomalainen c18fe92ad8
etc/resolv.tsv: add Quad9 Apple Mobileconfigs 2024-04-17 15:34:43 +03:00
Aminda Suomalainen f10b151a3b
systemd: add firewalld.service.d/never-fail.conf due to failing to timeout on sedric 2024-04-17 11:38:43 +03:00
Aminda Suomalainen 75c39ddb0d
sudoers.d/nordvpnd: include nordvpnd.socket 2024-04-16 08:39:16 +03:00
Aminda Suomalainen 419805bc91
chromium/README: add forgotten files, fix description for those moved from recommended 2024-04-16 07:15:30 +03:00
Aminda Suomalainen a0456269a1
chromium: move brave feature disabling from recommended to managed for actual effect 2024-04-16 07:11:55 +03:00
Aminda Suomalainen 36f433f35b
chromium/managed: add enable-labs.json 
I have decided that I want it anyway and unlike before, now it has its own file so I can decide to leave it alone on shared devices
 2024-04-15 21:08:56 +03:00
Aminda Suomalainen 8c748dd2d6
unbound/dot-dns0-quad9.conf: fix duplicate forward zone 2024-04-14 14:23:58 +03:00
Aminda Suomalainen ac922aea86
{firefox,chromium}: add Floccus bookmarks sync so I will remember its existence 2024-04-14 14:10:39 +03:00
Aminda Suomalainen cd2ae2c852
etc/resolv.tsv: add Google DNS & DNS64 as they too are Android hard-coded for DoH3 2024-04-14 09:18:05 +03:00
Aminda Suomalainen cc25967b22
etc/resolv.tsv: note Cloudflare being DoH3 on Android, add Cloudflare antimalware/family DoT addresses 2024-04-14 09:10:06 +03:00
Aminda Suomalainen 44c3168a39
chromium policy: strip DnsOverHttpsMode to two different files, rename automatic to allowed for clarity & update README.md on these 2024-04-13 18:38:26 +03:00
Aminda Suomalainen 46ac8aefd8
unbound: add dot-dns0-quad9.conf 2024-04-12 17:01:32 +03:00
Aminda Suomalainen ab74e45a9f
chromium policy/brave-shields-disabled.json: add glowing-bear 2024-04-12 14:29:49 +03:00
Aminda Suomalainen b9d8da4df4
chromium policy. add brave-shields-disabled.json based on Privacy Badger 2024-04-12 14:26:31 +03:00
Aminda Suomalainen bf1fdc4cff
{firefox,chromium} policy: PB exclude Disroot Mvim, Microsoft {Teams,Learn} 2024-04-12 14:24:31 +03:00
Aminda Suomalainen b1a0125674
unbound: add local-tlds.conf 2024-04-12 14:16:10 +03:00
Aminda Suomalainen 0d4c40ba16
systemd: mark systemd-resolved.conf to be conflicting with avahi-daemon 2024-04-12 10:58:15 +03:00
Aminda Suomalainen 73865c747d
root-auto-trust-anchor-file.conf -> debian-root-auto-trust-anchor-file.conf 
Let's not overwrite files accidentally
 2024-04-12 10:56:51 +03:00
Aminda Suomalainen 0bac3a8ab0
chromium: add doh-quad9.json 2024-04-12 10:42:51 +03:00
Aminda Suomalainen e88c2a8067
etc: attempt to enable mDNS/LLMNR for systemd-{networkd,resolved} & NetworkManager 
Some boolean fixing slipped in as well
 2024-04-12 09:52:32 +03:00
Aminda Suomalainen 4d4dc026fd
unbound: ipv6.conf -> prefer-ipv6.conf 
more descriptive name
 2024-04-12 09:19:02 +03:00
Aminda Suomalainen a7bb2f5ec8
etc/iwd/main.conf: update comments on DNS 2024-04-11 10:16:21 +03:00
Aminda Suomalainen 80ac65acd1
systemd-resolved/README.md: enable doctoc 2024-04-11 10:06:18 +03:00
Aminda Suomalainen cce932960e
systemd-resolved/README.md: mention nordvpn.conf 2024-04-11 10:05:18 +03:00
Aminda Suomalainen a2e36f2a3b
systemd-resolved/README.md: remove EOL Ubuntu, fix booleans, note my actual DNS config 2024-04-11 10:03:53 +03:00
Aminda Suomalainen da6eab8dfc
systemd-resolved: use true/false as booleans (not yes/no) & remove repeated localhost 2024-04-11 10:02:49 +03:00
Aminda Suomalainen 3009af55a6
resolved.conf.d/README.md: mention 00-defaults and dot-something being supposed to be used together 2024-04-10 15:09:31 +03:00
Aminda Suomalainen 9a210c4bba
systemd-resolved: further decrease repeating, comment DNS-Over-TLS since it's in 00-defaults.conf already (+ local resolver) 2024-04-10 15:06:14 +03:00
Aminda Suomalainen f12d0ceb8a
systemd-resolved: don't repeat cache 2024-04-10 15:02:30 +03:00
Aminda Suomalainen 241405c776
systemd-resolved: merge unbound.conf into 00-defaults.conf 2024-04-10 11:59:36 +03:00
Aminda Suomalainen f885dcd73a
chromium/recommended: disable Tor in Brave 2024-04-10 11:21:52 +03:00
Aminda Suomalainen 4cfd7ab75f
chromium: add recommendation of disabling Brave rewards & wallet 2024-04-10 11:18:42 +03:00
Aminda Suomalainen 2282429f94
brave: use boolean for disabling vpn 2024-04-10 11:16:55 +03:00
Aminda Suomalainen 149cadfa41
firefox & chromium: add IPFS Companion 2024-04-10 11:03:19 +03:00
Aminda Suomalainen d7879eeb6b
chromium: update README with the two new files 2024-04-10 10:53:37 +03:00
Aminda Suomalainen 450aac4c32
chromium: add disable-brave-vpn.json 2024-04-10 10:51:38 +03:00
Aminda Suomalainen 35e1faaabc
chromium: add doh-quad9-ecs.json 2024-04-10 10:51:15 +03:00
Aminda Suomalainen 4a08068634
unbound/cache: serve-expired: yes 
I am unsure on whether this actually affects anything without setting the other expired options too
 2024-04-07 19:44:10 +03:00
Aminda Suomalainen b03218c78b
unbound/cache.conf: add prefetch & prefetch-key 2024-04-07 17:34:36 +03:00
Aminda Suomalainen c034e016e8
firefox policy: add search engine suggestion urls 2024-04-05 14:04:14 +03:00
Aminda Suomalainen 99c63d25fe
{firefox,chromium} policy: add OpenDyslexic 2024-04-04 14:27:43 +03:00
Aminda Suomalainen 08ae59ed99
firefox policy: configure Homepage 2024-03-31 08:46:12 +03:00
Aminda Suomalainen a581ee2dd5
rm etc/sysctl.d/99-enable-ipv6.conf 
Refer to crontab, yggdrasil.service.d and nordvpn.service.d
 2024-03-29 08:57:35 +02:00
Aminda Suomalainen 323dde1545
{firefox, chromium}: force install privacy pass 
This is in hopes of reducing family member frustation with captchas should they happen
 2024-03-29 08:32:44 +02:00
Aminda Suomalainen 1d05061bb4
hack nordvpnd to work with yggdrasil 2024-03-29 07:58:44 +02:00
Aminda Suomalainen 9fb90d4b30
chromium/README: mention fix-edge-search.json 2024-03-28 18:57:29 +02:00
Aminda Suomalainen 80df53aa6a
chromium: move edge policy from recommended searches to managed/fix-edge-search.json 2024-03-28 18:53:15 +02:00
Aminda Suomalainen c5dd75077d
chromium: throw home enabling & search engines into recommended policy instead 2024-03-27 16:51:29 +02:00
Aminda Suomalainen 860970df78
etc/init-browser-policies.bash: note recommended policies 2024-03-27 16:43:17 +02:00
Aminda Suomalainen 58df0709f4
firefox policy README.md: note that search engines also work on nightly 2024-03-24 08:17:31 +02:00
Aminda Suomalainen e823810723
firefox: add search engine aliases 2024-03-24 08:16:20 +02:00
Aminda Suomalainen 4bab0cbb6a
firefox: default to Brave Search 2024-03-24 08:15:43 +02:00
Aminda Suomalainen 7b80c2bbc2
chromium/aminda-extensions.json: remove DuckDuckGo Privacy Essentials 2024-03-23 12:46:49 +02:00
Aminda Suomalainen d241993c0a
chromium/aminda-extensions.json: remove blank new tab 2024-03-23 12:40:23 +02:00
Aminda Suomalainen 4a2fc137db
chromium: handle Microsoft Edge new tab page Bing search 2024-03-23 12:36:30 +02:00
Aminda Suomalainen 3d038bf826
chromium policy README.md: add missing/renamed files 2024-03-23 12:15:21 +02:00
Aminda Suomalainen b7acf2daaa
chromium policy: add brave-search.json 2024-03-23 12:08:07 +02:00
Aminda Suomalainen c8ece6032a
chromium/duckduckgo.json: policy for using start.duckduckgo.com for searching 2024-03-23 11:55:06 +02:00
Aminda Suomalainen 405d407c2a
firefox: add Brave Search Goggles 2024-03-21 17:21:30 +02:00
Aminda Suomalainen 3e56346be0
firefox: add Brave Search 2024-03-20 18:53:18 +02:00
Aminda Suomalainen cc6dbceaff
{firefox,chromium} policy: add UpdateSWH 2024-03-14 20:25:06 +02:00
Aminda Suomalainen 39b0f1d19a
{firefox,chromium} policy: disable PrivacyBadger on Element Web instances 2024-03-13 11:45:19 +02:00
Aminda Suomalainen c2c7d401dd
sudoers.d: add teamviewerd 2024-03-13 09:07:25 +02:00
Aminda Suomalainen a6c2c28727
etc/yum.repos.d: add teamviewer.repo 2024-03-13 09:02:40 +02:00
Aminda Suomalainen 0729b8b681
chromium policy: add Chrome Remote Desktop 2024-03-13 08:46:10 +02:00
Aminda Suomalainen be8e2d655e
aminda-extensions.json: fix allowed_url paths (paths unsupported, must not contain /* 2024-03-13 08:45:30 +02:00
Aminda Suomalainen 7d48ac8a1a
sysctl.d/99-enable-ipv6.conf: workaround NordVPN 2024-03-12 17:55:32 +02:00
Aminda Suomalainen 5c1dce8d36
{firefox,chromium} policy: explicitly configure PrivacyBadger 
I think all of these default to true anyway, but explicit is better than implicit is what they say
 2024-03-12 10:15:15 +02:00
Aminda Suomalainen cfe02d26be
chromiun: allow wayback machine to function on archive.org by default 2024-03-10 07:59:27 +02:00
Aminda Suomalainen e4304fd641
chromium: block uBlock Origin from Chrome/Edge stores to avoid conflict with AdNauseam force_install 2024-03-09 15:54:13 +02:00
Aminda Suomalainen e35c477a71
firefox policy: block uBlock & uMatrix to avoid conflict with force_install AdNauseam 2024-03-09 15:45:02 +02:00
Aminda Suomalainen 685b14c2f6
firefox policy: block wayback machine 2024-03-09 15:41:39 +02:00
Aminda Suomalainen 26ecc69156
chromium policy: add doh-mullvad-base.json 2024-03-09 10:52:54 +02:00
Aminda Suomalainen ee36e24997
Chromium policy: add blank new tab 2024-03-09 10:52:31 +02:00
Aminda Suomalainen 3eb921f212
chromium: adjust runtime_allowed_hosts for DDG as per Edge's behaviour 2024-03-09 10:30:22 +02:00
Aminda Suomalainen d7244eefc5
aminda-extensions.json: click to run wbm 2024-03-08 11:19:07 +02:00
Aminda Suomalainen 5149b23598
browser policies: add wayback machine 2024-03-08 08:41:41 +02:00
Aminda Suomalainen 16d6a3df09
browser policies: install Bias Finder 2024-03-08 08:29:54 +02:00