shell-things

mirror of https://gitea.blesmrt.net/mikaela/shell-things.git synced 2024-11-06 09:29:22 +01:00

Author	SHA1	Message	Date
Aminda Suomalainen	d377157b46	init-browser-policies.bash: manage Edge recommended profiles separately	2024-04-29 12:15:26 +03:00
Aminda Suomalainen	a14446ed71	unbound/dns-over-tls.conf: add Cloudflare, Mullvad & Control D This is now practically https://www.privacyguides.org/en/dns/ plus Appliedprivacy	2024-04-29 08:29:07 +03:00
Aminda Suomalainen	0ee83e9a90	chrony/sources: enable xleave with ~everything I was unable to find much information about this, but see the previous commit and Brave Leo said > Yes, it's generally acceptable to use interleaved mode with a public NTP (Network Time Protocol) server, as long as you comply with the server's usage policies. This mode allows for time synchronization while also providing a fallback if the primary time source fails. However, keep in mind that public NTP servers are often subject to heavy traffic, so they may not provide the most accurate or timely synchronization.	2024-04-29 06:55:16 +03:00
Aminda Suomalainen	6f0184b519	chrony/sources/ntppool: enable xleave From https://community.ntppool.org/t/chrony-conf-noclientlog-vs-clientloglimit/2263/4 I got the impression it's fine to do and the manual says it's compatible with the basic mode and xleave supporting servers may still reply in basic mode sometimes so this shouldn't break anything	2024-04-29 06:51:27 +03:00
Aminda Suomalainen	0f66e552c1	Revert "nts-servers.sources: no preferring non-ISP servers" This reverts commit `ff1bc7b3ba`.	2024-04-28 20:08:42 +03:00
Aminda Suomalainen	4081c974bb	unbound/cache.conf: make the min ttl an hour in my quest to break DNS	2024-04-28 19:15:42 +03:00
Aminda Suomalainen	23672028d5	unbound/ecs.conf: attempt to send larger subnets than default around	2024-04-28 18:02:18 +03:00
Aminda Suomalainen	d64b4f2001	systemd-resolved: add DNA/Moi & Elisa DNS servers I was unable to find authoritative source for what is Telia's DNS	2024-04-28 16:14:30 +03:00
Aminda Suomalainen	44e22716f9	chrony sources: make add .sample to local-servers.sources, make it more useful for me	2024-04-28 10:02:31 +03:00
Aminda Suomalainen	18a04b1351	{firefox,chromium}: disable protections for one.one.one.one For some reason they make connection to 1.1.1.1 appear as no or unreachable.	2024-04-28 09:21:29 +03:00
Aminda Suomalainen	55dcb2f2cd	systemd-resolved/98-local-resolver.conf: fix comment talking about alphabet while everything is now numerals	2024-04-28 09:17:07 +03:00
Aminda Suomalainen	35b99a6bc0	systemd-resolved: add 99-lan-resolver.conf.sample for trusted LANs	2024-04-28 09:13:46 +03:00
Aminda Suomalainen	5ab33c154e	systemd-resolved: rename conf files to have a number prefix	2024-04-28 09:13:20 +03:00
Aminda Suomalainen	9375b3c2b2	unbound: add dot-cloudflare.conf	2024-04-27 21:22:28 +03:00
Aminda Suomalainen	2aa221b77f	unbound/cache: take the cache-min-ttl: 3000 challenge It will not affect web browsers which are using DoH for ECH eliminating most of breakage and I am just curious on will anything outside of web browser suffer that.	2024-04-27 18:35:22 +03:00
Aminda Suomalainen	652c11391f	unbound/cache.conf: explicitly set serve-expired-reply-ttl to 30	2024-04-27 16:52:39 +03:00
Aminda Suomalainen	d3773468fa	chromium/policies: add doh-{disabled,google}.json	2024-04-27 16:18:40 +03:00
Aminda Suomalainen	a083a9d704	unbound/cache: comment cache-min-ttl=900, add commented 3000	2024-04-27 15:42:29 +03:00
Aminda Suomalainen	30a27f980d	unbound/cache.conf: RFC 8767ish configuration	2024-04-27 15:00:12 +03:00
Aminda Suomalainen	813878a4de	systemd/{iwd,systemd-networkd}.service.d: add appropiate symlinks	2024-04-27 12:25:00 +03:00
Aminda Suomalainen	c59fe1ae53	sudoers.d/nordvpnd: also allow restarting tor-client.service I have a suspicion I am adding it to the script sooner or later	2024-04-27 12:21:07 +03:00
Aminda Suomalainen	ef9c4acfc3	sudoers.d/nordvpnd: also allow restarting Tor	2024-04-27 12:10:15 +03:00
Aminda Suomalainen	955e52f5af	yum.repos.d: add google-Chrome.repo to workaround their crontab disliking my system	2024-04-27 10:21:20 +03:00
Aminda Suomalainen	8fe7ff55e6	chromium: add managed black-theme-colour & recommended apps-as-homepage, disable-default-browser-check	2024-04-27 10:08:43 +03:00
Aminda Suomalainen	b76b7cac5c	systemd/user: review vpn wants, rm transmission-daemon copy-paste	2024-04-27 08:34:46 +03:00
Aminda Suomalainen	2113b593e7	Chromium & Firefox: force Bitwarden (for passkeys)	2024-04-27 08:32:39 +03:00
Aminda Suomalainen	da85d0d9c7	firefox & chromium: allow PrivacyPass attestor & Keyoxide.org	2024-04-27 08:31:05 +03:00
Aminda Suomalainen	61dc3706ab	systemd/{chrony,i2pd,yggdrasil}.service.d/mullvad-exclude.conf: fix mistakes and Requires=	2024-04-26 17:43:37 +03:00
Aminda Suomalainen	1b64bc5e13	systemd/service.d: fix typo & use Requires= where appropiate	2024-04-26 17:38:33 +03:00
Aminda Suomalainen	db7de1c3e4	systemd/service.d/unbound-wanted.conf: break circular skipping by removing After=	2024-04-26 17:35:31 +03:00
Aminda Suomalainen	7f410148e3	aminda-nocron-rebootish.service: repeat that dns should be running	2024-04-26 16:13:39 +03:00
Aminda Suomalainen	1d7308e74e	unbound: explicitly enable ede and it's log	2024-04-26 13:53:50 +03:00
Aminda Suomalainen	2f585209e7	matterbridge-cleanup.timer: use more human friendly term minutely on OnCalendar=	2024-04-26 13:21:20 +03:00
Aminda Suomalainen	65f58dc224	systemd: aminda-nocron-rebootish.{service,timer} is a delayed variant of -ish	2024-04-26 13:16:33 +03:00
Aminda Suomalainen	c55b20a89a	move systemd user units from conf/systemd/user to etc/systemd/user symlink remains to show what is the correct location	2024-04-26 13:05:08 +03:00
Aminda Suomalainen	b36fe67bc3	systemd/user: attempt to flatpak-update-user.{service,timer}	2024-04-26 13:03:05 +03:00
Aminda Suomalainen	b8f720fa7f	aminda-nocron-reboot.timer: fix typo in comment	2024-04-26 12:48:47 +03:00
Aminda Suomalainen	9e38fdf223	aminda-nocron-reboot.timer: add RemainAfterElapse=false	2024-04-26 12:37:55 +03:00
Aminda Suomalainen	90b64c9543	systemd: rename aminda-nocron -> aminda-nocron-reboot for clarity also opens up aminda-nocron-hourly etc.	2024-04-26 12:30:58 +03:00
Aminda Suomalainen	b0ec7cffde	chromium/README: EnableOnlineRevocationChecks does also enable CRL	2024-04-26 11:27:11 +03:00
Aminda Suomalainen	16d2f74135	systemd/aminda-nocron.service: explicitly start DNS too	2024-04-26 11:08:15 +03:00
Aminda Suomalainen	def77bc4c3	systemd: add aminmda-nocron.{service,timer} for my @reboot crontabs for cronless systems (SteamOS)	2024-04-26 10:43:08 +03:00
Aminda Suomalainen	901dbfe138	etc/hosts: attempt to increase legibility by adding leading and trailing #	2024-04-25 19:45:11 +03:00
Aminda Suomalainen	21b59adfd2	etc/hosts/hostname: copy Debian behaviour as a good practice	2024-04-25 19:40:56 +03:00
Aminda Suomalainen	fb65f717fc	etc: cleanup symlinks/files handled by init-browser-policies.bash They brought no value to me, just confused me in git forges by clicktrapping me and not following the symlinks	2024-04-25 17:31:09 +03:00
Aminda Suomalainen	6375d55b8f	systemd-resolved/mullvad: default to base for consistency with unbound	2024-04-25 17:27:55 +03:00
Aminda Suomalainen	17e0b68d20	unbound: add dot-mullvad.conf defalting on base I found myself missing this on an old family PC that has limited resources and as I didn't have this file at hand, I just went with AdGuard which will work too.	2024-04-25 17:24:41 +03:00
Aminda Suomalainen	a17ff2903a	unbound/nordvpn-domains.conf: add comments/sources, fix duplicate zone, add missing domains	2024-04-25 15:07:37 +03:00
Aminda Suomalainen	bbeb1d3e02	unbound/nordvpn: rename, send only their domains to them	2024-04-25 14:34:47 +03:00
Aminda Suomalainen	046b9c5f1a	systemd: use more descriptive drop-in name unbound-wanted.conf instead of unbound.conf	2024-04-25 14:10:26 +03:00
Aminda Suomalainen	1ea9fff29a	chromium: declare more things as .badidea	2024-04-25 14:01:54 +03:00
Aminda Suomalainen	f87c4899b6	chromium: add dns-over-https.json.badidea and declare it as a bad idea	2024-04-25 13:57:01 +03:00
Aminda Suomalainen	861b35c25f	systemd-resolved: add the other applied-privacy.net port too	2024-04-25 13:47:18 +03:00
Aminda Suomalainen	342e3116a6	systemd-resolved: another attempt at local resolvers	2024-04-25 13:45:37 +03:00
Aminda Suomalainen	d17ad34650	unbound/dns-over-tls.conf: note Applied Privacy does no ECS, add 853, add Quad9 unfiltered (ECS commented)	2024-04-25 13:26:01 +03:00
Aminda Suomalainen	52b0807fcb	systemd/yggdrasil.service.d: rename nordvpnd to restore-ipv6.conf	2024-04-25 12:52:30 +03:00
Aminda Suomalainen	520470e3dd	systemd: add firewalld-icmpv6.conf as drop-in	2024-04-25 12:51:03 +03:00
Aminda Suomalainen	45cf5ecf61	opt/chromium/policies/managed: update documentation about working preferred over ECH enforced	2024-04-25 11:00:40 +03:00
Aminda Suomalainen	32883d5c73	chromium: allow DoH downgrade to at least work. Breaks ECH :(	2024-04-25 08:15:28 +03:00
Aminda Suomalainen	7c80e2c329	NetworkManager: paws-off-my-resolv.conf	2024-04-24 18:21:33 +03:00
Aminda Suomalainen	38152ab152	etc/sudoers.d: add vim modelines just in case I think it autodetected them correctly though	2024-04-24 18:16:42 +03:00
Aminda Suomalainen	505c6ec74a	etc/hosts: add hosts.steamos	2024-04-24 18:15:50 +03:00
Aminda Suomalainen	7113fda702	sudoers.d/nordvpnd: add restarting unbound & systemd-resolved	2024-04-24 18:00:00 +03:00
Aminda Suomalainen	32c5da4422	etc/resolv.conf-generate.bash: also be verbose with chattr & chmod	2024-04-24 12:09:15 +03:00
Aminda Suomalainen	9b01bc5260	etc/hosts/README.md: add forgotten blocklist and formatting	2024-04-24 11:55:35 +03:00
Aminda Suomalainen	c00f750d96	etc/resolv.conf-generate.bash: simple resolv.conf writer the way I want	2024-04-24 11:06:35 +03:00
Aminda Suomalainen	fa9da0901d	etc/hosts/blocklist: initial commit	2024-04-24 09:21:42 +03:00
Aminda Suomalainen	b36ba70a70	systemd/service.d: add resolv.conf example with warnings	2024-04-24 07:31:10 +03:00
Aminda Suomalainen	bdcd7249c3	etc/resolv.conf: fix comment	2024-04-23 16:47:03 +03:00
Aminda Suomalainen	95e17d0a49	resolv.conf: remove rotate comments, attempt to explain the logic behind timeout & attempts	2024-04-23 16:23:36 +03:00
Aminda Suomalainen	425af3eabf	etc/resolv.conf: specify timeout 1 and attempts 5	2024-04-23 16:03:49 +03:00
Aminda Suomalainen	70ed890742	dnf/protected.d: add README.md, aminda-{desktop,essentials}.conf	2024-04-23 07:51:29 +03:00
Aminda Suomalainen	4dac26e46e	dnf: also protect unbound	2024-04-23 07:41:49 +03:00
Aminda Suomalainen	b0f7876436	etc/dnf/protected.d: add systemd-{networkd,resolved}.conf	2024-04-23 07:29:18 +03:00
Aminda Suomalainen	f41e80d66a	hosts/dns: comment where it begins and where it ends	2024-04-22 17:11:03 +03:00
Aminda Suomalainen	97c2e74220	etc/hosts: attempt to perform the bad idea of well-known DNS servers here instead	2024-04-22 16:24:51 +03:00
Aminda Suomalainen	4560e776df	systemd-{resolved,networkd}: just break things	2024-04-22 15:43:50 +03:00
Aminda Suomalainen	886b8dbfbd	unbound.conf.d: well-known-dns.conf -> well-known-dns.conf.badidea This will break DNSSEC and a lot of things.	2024-04-22 15:39:47 +03:00
Aminda Suomalainen	4acd22dc37	systemd-networkd: add untested none (Yggdrasil) & wireguard configuration	2024-04-22 15:17:14 +03:00
Aminda Suomalainen	6ea0a570dd	systemd-networkd: match systemd-resolved configuration	2024-04-22 15:12:07 +03:00
Aminda Suomalainen	dea732d15b	systemd-resolved: attempt to simplify configuration	2024-04-22 15:08:03 +03:00
Aminda Suomalainen	f976c9a530	etc/resolv.conf: comment rotate, remove bad search domain comment	2024-04-22 14:51:58 +03:00
Aminda Suomalainen	895359ff67	etc/resolv.conf: add warning about mixing systemd-resolved & unbound	2024-04-22 14:50:37 +03:00
Aminda Suomalainen	903e38f307	systemd-networkd: unset other DNS	2024-04-22 13:32:12 +03:00
Aminda Suomalainen	7be1800002	systemd-networkd: disable DNSSEC/DNSOverTLS by default as localhost	2024-04-22 13:16:14 +03:00
Aminda Suomalainen	3d58aee508	systemd-networkd/10-ether.network: mention unmanaged/NetworkManager	2024-04-22 13:09:28 +03:00
Aminda Suomalainen	e56e5e1909	systemd-networkd: remove comment I don't stand behind	2024-04-22 13:05:58 +03:00
Aminda Suomalainen	02c434b81b	systemd-networkd: list local DNS resolvers	2024-04-22 12:59:38 +03:00
Aminda Suomalainen	44b6e5b618	systemd-networkd: add DNSSEC & DNSOverTLS & search domains	2024-04-22 12:25:25 +03:00
Aminda Suomalainen	945ca0462d	Revert "systemd-networkd: attempt to deduplicate by cutting into 10-global.network" This reverts commit `19b6fbef3c`.	2024-04-22 12:21:56 +03:00
Aminda Suomalainen	06787a38de	resolved/00-no-local-resolver.conf: comment local resolver since I break DNSSEC	2024-04-22 12:14:34 +03:00
Aminda Suomalainen	19b6fbef3c	systemd-networkd: attempt to deduplicate by cutting into 10-global.network	2024-04-22 12:07:39 +03:00
Aminda Suomalainen	aac3ccdec3	unbound/well-known-dns.conf: add CNAMEs one.one.one.one & dns.google.com	2024-04-22 11:26:46 +03:00
Aminda Suomalainen	dc6fc85174	chromium: exclude bittimittari.fi	2024-04-22 10:09:28 +03:00
Aminda Suomalainen	fe1970cfd9	chromium: add brave IPFS disabling policy IPFS is known for killing routers and having it on two machines while trying to VoIP with a lot of people, it gets a bit too heavy	2024-04-22 10:03:53 +03:00
Aminda Suomalainen	abd21e008a	well-known-dns.conf: typetransparent subdomains just in case Theoretically the higher level domain affects them too, but in practice I am unsure and I have previously only used always_reject for google-analytics & subdomains blocking. It at least isn't causing warnings or errors.	2024-04-22 07:42:53 +03:00
Aminda Suomalainen	579e98f27c	unbound/well-known-dns.conf: use typetransparent so non-local queries won't get NODATA	2024-04-22 07:28:55 +03:00
Aminda Suomalainen	623a9150fd	unbound: merge 00-insecure-domains.conf into blocklist.conf	2024-04-22 07:10:18 +03:00
Aminda Suomalainen	892feb3c1b	unbound/blocklist: add fritz.box.	2024-04-22 07:06:21 +03:00
Aminda Suomalainen	c90b551ac4	chromium: merge doh-forced to the doh files due to it being required anyway, update documentation, rename doh-allowed → doh-unlocked-unset	2024-04-21 14:00:39 +03:00
Aminda Suomalainen	4a47d14069	resolved.conf.d: add dot-trex.conf symlink and explaining comments like in unbound	2024-04-21 13:14:53 +03:00
Aminda Suomalainen	ce9159e756	unbound/dot-quad9.conf: prettier sorting	2024-04-21 13:13:41 +03:00
Aminda Suomalainen	7379241a20	chromium: add the rest of Quad9 & update README.md	2024-04-21 11:35:28 +03:00
Aminda Suomalainen	3540f2442e	chromium/doh-quad9*: add alternative port as Chromium allows multiple	2024-04-21 11:28:07 +03:00
Aminda Suomalainen	eb47fac4cb	systemd-resolved: add vim modelines	2024-04-21 10:58:45 +03:00
Aminda Suomalainen	f126e681a2	systemd-resolved: split applied-privacy#443 to its own file as resolved configs don't exclude each other	2024-04-21 10:57:25 +03:00
Aminda Suomalainen	a0ccd790ab	unbound & systemd-resolved: add Quad9 alternative port	2024-04-21 10:54:22 +03:00
Aminda Suomalainen	e64e4e7fd0	firefox: DisableEncryptedClientHello: false I am not sure if this does anything, I just saw a message in logs and it didn't trigger an error	2024-04-21 10:13:29 +03:00
Aminda Suomalainen	6a97040386	firefox: add IPvFoo*	2024-04-21 10:08:43 +03:00
Aminda Suomalainen	069da00a38	Chromium: add IPvFoo* and note that users should go through extensions	2024-04-21 09:58:30 +03:00
Aminda Suomalainen	e6bd2b13ad	unbound: add TREX upstream configuration	2024-04-20 20:25:48 +03:00
Aminda Suomalainen	a7cf718453	uncound/well-known-dns.conf: add DNS0 {Zero,Kids,Open}	2024-04-20 17:59:46 +03:00
Aminda Suomalainen	41c65344f1	chromium: add dot-dns0-{kids,open,zero}.json	2024-04-20 17:53:33 +03:00
Aminda Suomalainen	437ec3b49c	chromium/doh-dns0.json: add trailing / as Chromium requires it (or fails every DNS request)	2024-04-20 17:50:57 +03:00
Aminda Suomalainen	422ab0de4e	libreawoo, unbound & resolved: uncomment Quad9 default, comment ECS	2024-04-20 17:50:12 +03:00
Aminda Suomalainen	bec7f8bbaa	separate local/share/applications & etc/xdg/autostart	2024-04-20 12:14:02 +03:00
Aminda Suomalainen	ffc4c53615	sudoers/nordvpnd: allow chronyc online	2024-04-20 11:56:14 +03:00
Aminda Suomalainen	c9cad77caf	move etc/xdg/autostart to more descriptive location of local/share/applications	2024-04-20 11:18:33 +03:00
Aminda Suomalainen	9bd3a05d5b	clean up old desktop entries I cannot see myself using	2024-04-20 11:13:02 +03:00
Aminda Suomalainen	cebcec5792	add syncplay.desktop	2024-04-20 11:07:03 +03:00
Aminda Suomalainen	8e296b5a25	add mpv.desktop that avoids pseudo-gui	2024-04-20 11:04:30 +03:00
Aminda Suomalainen	24c9209cbe	add/fix desktop entries for wrappers firefox, steam, thunderbird	2024-04-20 10:58:09 +03:00
Aminda Suomalainen	4c841781b3	add/fix libreawoo & firefox desktop entries	2024-04-20 10:50:09 +03:00
Aminda Suomalainen	93c60b21b2	finish chromium desktop files?	2024-04-20 10:43:17 +03:00
Aminda Suomalainen	bbcb37c334	add libreawoo.desktop	2024-04-20 10:32:55 +03:00
Aminda Suomalainen	816157fc25	add initial desktop files for the scripts wrappers	2024-04-20 10:23:15 +03:00
Aminda Suomalainen	45f1c1078f	unbound/well-known-dns.conf: add Google DNS	2024-04-20 09:10:36 +03:00
Aminda Suomalainen	134622edad	unbound/well-known-dns.conf: add missing dots	2024-04-20 09:00:44 +03:00
Aminda Suomalainen	e319c8aacf	unbound: restore and update blocklist.conf This reverts commit `fe8ac1bbb7`.	2024-04-20 08:57:26 +03:00
Aminda Suomalainen	c7633838de	unbound: fill well-known-dns.conf some more	2024-04-20 08:52:49 +03:00
Aminda Suomalainen	dda5f2c110	chromium/enable-ech-ocsp.json: remove not strictly releated policies	2024-04-20 07:47:31 +03:00
Aminda Suomalainen	4a889dd9b4	sudoers.d/nordvpnd: add restarting of iwd & systemd-networkd	2024-04-20 07:42:40 +03:00
Aminda Suomalainen	6a87111f8b	unbound/well-known-dns.conf: initial commit	2024-04-19 19:58:23 +03:00
Aminda Suomalainen	1e22108950	unbound/00-insecure-domains.conf: qname minimization is not relevant here	2024-04-19 09:17:01 +03:00
Aminda Suomalainen	1a1bf9adb9	unbound/conf.d: add vim modelines/filetypes	2024-04-19 09:14:32 +03:00
Aminda Suomalainen	b3eb6e06e7	unbound: add symlink for the Fedora name as I keep tab failing	2024-04-19 09:09:36 +03:00
Aminda Suomalainen	47e51ee38b	firefox policy: use Quad9 ECS as TRR	2024-04-19 08:48:57 +03:00
Aminda Suomalainen	39f2eb4f0f	chromium: add doh-cloudflare-secure.json, ECH notes	2024-04-19 08:24:29 +03:00
Aminda Suomalainen	b248392e8a	systemd-resolved: think more on local resolvers or not	2024-04-18 14:31:56 +03:00
Aminda Suomalainen	4c4508ba36	unbound/dot-*quad9.conf: add DNS10 & DNS12 (commented), remove extra spaces	2024-04-18 11:16:20 +03:00
Aminda Suomalainen	9aa71de638	systemd-resolved/dot-quad9.conf: add commented DNS10 & DNS12	2024-04-18 11:08:23 +03:00
Aminda Suomalainen	5097076daf	unbound: also disable qname-minimization for DNSo53 forwarders	2024-04-17 16:03:23 +03:00
Aminda Suomalainen	363be56010	unbound: move to tls-ystem-cert from tls-cert-bundle & disable qname minimization for DoT forward-zones	2024-04-17 16:01:38 +03:00
Aminda Suomalainen	bbab2f335d	resolv.tsv: sort	2024-04-17 15:42:34 +03:00
Aminda Suomalainen	9ba083f81f	resolv.tsv: add Quad9 unfiltered variants	2024-04-17 15:42:08 +03:00
Aminda Suomalainen	c18fe92ad8	etc/resolv.tsv: add Quad9 Apple Mobileconfigs	2024-04-17 15:34:43 +03:00
Aminda Suomalainen	f10b151a3b	systemd: add firewalld.service.d/never-fail.conf due to failing to timeout on sedric	2024-04-17 11:38:43 +03:00
Aminda Suomalainen	75c39ddb0d	sudoers.d/nordvpnd: include nordvpnd.socket	2024-04-16 08:39:16 +03:00
Aminda Suomalainen	419805bc91	chromium/README: add forgotten files, fix description for those moved from recommended	2024-04-16 07:15:30 +03:00
Aminda Suomalainen	a0456269a1	chromium: move brave feature disabling from recommended to managed for actual effect	2024-04-16 07:11:55 +03:00

1 2 3 4 5 ...

1213 Commits