shell-things

mirror of https://gitea.blesmrt.net/mikaela/shell-things.git synced 2024-11-06 01:19:23 +01:00

Author	SHA1	Message	Date
Aminda Suomalainen	2ff416d880	{firefox,chromium}: also enable curben-phishing	2024-05-18 14:04:43 +03:00
Aminda Suomalainen	20679e705d	{firefox,chromium}: enable AdNauseam ublock-annoyances & adguard-mobile-app-banners	2024-05-18 13:55:18 +03:00
Aminda Suomalainen	c68e3f66ab	firefox: attempt to enable http for esr	2024-05-18 10:21:44 +03:00
Aminda Suomalainen	5a88836d59	firefox: Comment/clear network.dns.native_https_query_win10	2024-05-18 09:44:25 +03:00
Aminda Suomalainen	5995ef8f32	firefox/policies.json: attempt to autoconfig, but again not allowed	2024-05-18 09:24:25 +03:00
Aminda Suomalainen	1290db73f5	firefox/policies.json: import more disallowed things from autoconfig, comment disallowed ones, clear location provider	2024-05-18 09:15:10 +03:00
Aminda Suomalainen	c05eedbb78	chromium README: note Bitwarden management options for self-hosters	2024-05-18 08:03:29 +03:00
Aminda Suomalainen	df1458af1f	firefox: use system DNS for ECH (and prefer IPv6 and try image.animation.mode) The last is not allowed for stability reasons apparently.	2024-05-18 07:33:10 +03:00
Aminda Suomalainen	38c331494c	chromium/managed: merge enable-ech-ocsp.json into https-everywhere.json This will not appear on my blog post. ECH is enough offtopic and OCSP would only bring argument on whether it's useful and is that usefulness more important than privacy leakage to non-ocsp-stapling websites.	2024-05-17 16:15:34 +03:00
Aminda Suomalainen	fb57ae0ea5	firefox & chromium: accidentally silence DuckDuckGo post-install	2024-05-17 14:28:33 +03:00
Aminda Suomalainen	c92ded3ad3	firefox & chromium: add Ruffle.rs	2024-05-17 11:05:31 +03:00
Aminda Suomalainen	9f8eaab73d	init-browser-policies.bash: why am I creating managed & recommended separately? Let's not	2024-05-17 08:31:13 +03:00
Aminda Suomalainen	344caa700d	Init-browser-policies.bash: how about not making recursive symlinks in the first place? Properly resolves: `0ce24f54d9`	2024-05-16 21:04:01 +03:00
Aminda Suomalainen	05a3cb6c08	firefox: allow private ECS	2024-05-16 19:48:39 +03:00
Aminda Suomalainen	38710540f2	firefox & chromium: add missing favicons for DDG & Brave	2024-05-16 19:12:10 +03:00
Aminda Suomalainen	6a916ed3b9	chromium/recommended/{duckduckgo,ecosia}.json: also restore forgotten HomepageIsNewTabPage	2024-05-16 18:51:51 +03:00
Aminda Suomalainen	7bab72fb3c	chromium/recommended/{duckduckgo,ecosia}.json: trick Brave & Edge into complying by NewTabPageLocation	2024-05-16 18:47:22 +03:00
Aminda Suomalainen	006ed65597	Re-integrate Edge policies into Chromium by removing apps-as-homepage.json	2024-05-16 18:35:48 +03:00
Aminda Suomalainen	859f2a9f1d	chromium/duckduckgo.json: fill in DefaultSearchProviderNewTabURL	2024-05-16 18:29:54 +03:00
Aminda Suomalainen	729013c3c1	firefox: install user-agent-string-switcher automatically so I don't have to worry about that for Microsoft Teams TODO: proper automagic deployment	2024-05-16 15:37:59 +03:00
Aminda Suomalainen	e6f4bd72ba	firefox: explicitly enable FirefoxAccounts & Screenshots I have a feeling I might sometime have a situation where I want to disable at least accounts	2024-05-16 15:16:25 +03:00
Aminda Suomalainen	b36f37196f	firefox: lock DoH again since I don't want to worry about multiple places where to edit it when I inevitably do	2024-05-16 15:13:11 +03:00
Aminda Suomalainen	34799d0776	firefox & curl: default to dns0.eu, but have comment on unfiltered.adguard-dns.con available as well	2024-05-16 15:12:12 +03:00
Aminda Suomalainen	23803ad433	firefox: restore privacy.userContext Reverts: `4b7eff36b2`	2024-05-16 15:06:04 +03:00
Aminda Suomalainen	5158b52da4	firefox: apparently HTTPS Only mode can be set here contrary to the documentation Also generic hardening(?)	2024-05-16 15:03:01 +03:00
Aminda Suomalainen	83d53b8c17	systemd-resolved/10-dot-cloudflare.conf: add malicious domain filtering and alternative SNI	2024-05-15 20:38:49 +03:00
Aminda Suomalainen	ef7584566f	systemd/resolved/10-dot-{443,adguard,dns0}.conf: fix server order	2024-05-15 20:33:23 +03:00
Aminda Suomalainen	7f918cc797	systemd/resolved.conf.d/README: note my scripts existing	2024-05-15 20:29:59 +03:00
Aminda Suomalainen	cb3c944d47	systemd-resolved: note server priority	2024-05-15 20:23:27 +03:00
Aminda Suomalainen	1f5815b54e	hosts/dns: comment the IPv4-as-IPv6 hack, uncomment proper IPv6	2024-05-15 17:44:50 +03:00
Aminda Suomalainen	4b7eff36b2	firefox: remove privacy.userContext policies for stability reasons (Firefox ESR is upset by them)	2024-05-14 15:40:37 +03:00
Aminda Suomalainen	8d34384c78	unbound: mark dot-flushable-cache.conf as .badidea	2024-05-14 15:08:26 +03:00
Aminda Suomalainen	901c634424	unbound: I have been using Fedora for a couple of years, I know where the ca bundle is without attributing to ctrl.blog	2024-05-14 15:07:11 +03:00
Aminda Suomalainen	78fa2b7b9c	unbound/dns-over-tls.conf: remove ECS and private ECS	2024-05-14 15:01:41 +03:00
Aminda Suomalainen	8d3609f171	firefox: lock ecs to disabled	2024-05-14 15:01:14 +03:00
Aminda Suomalainen	5672e14c89	Revert "Stop pretending issues of ECS weight more than pros of it after GApple upgrades delayed my going to bed." This reverts commit `afe50117fe`.	2024-05-14 14:47:09 +03:00
Aminda Suomalainen	c1b1eaa040	unbound/dot-dns0-quad9.conf: add forgotten ports	2024-05-14 12:23:09 +03:00
Aminda Suomalainen	fb6a44d264	firefox: on second thoughts, let the user have some control	2024-05-14 11:51:22 +03:00
Aminda Suomalainen	ae0e3beb9a	firefox: fix pdf dark mode	2024-05-14 11:49:17 +03:00
Aminda Suomalainen	0a9767bf38	etc/samba/playstation2.conf: hide the share from sight	2024-05-14 11:32:46 +03:00
Aminda Suomalainen	b60bc9f1b8	firefox: switch to AMO version of Privacy Badger	2024-05-14 11:18:26 +03:00
Aminda Suomalainen	afe50117fe	Stop pretending issues of ECS weight more than pros of it after GApple upgrades delayed my going to bed.	2024-05-14 11:06:01 +03:00
Aminda Suomalainen	5d46d529bb	firefox: new tab page crashes? No problem, we can disable it.	2024-05-14 11:01:28 +03:00
Aminda Suomalainen	c23e857c91	firefox: confusing user and default means I can use dark theme here	2024-05-14 10:44:14 +03:00
Aminda Suomalainen	7b22530eb9	policies.json: seems like I confused default and user	2024-05-14 10:38:39 +03:00
Aminda Suomalainen	a0795908b2	init-browser-policies.bash: this script requires root by the way	2024-05-14 10:25:49 +03:00
Aminda Suomalainen	0ce24f54d9	init-browser-policies.bash: rm recursive symlinks caused by multiple runs	2024-05-14 10:20:55 +03:00
Aminda Suomalainen	303af92a6a	firefox/libreawoo: remove wrong warning	2024-05-14 10:17:22 +03:00
Aminda Suomalainen	372a032a18	firefox: actually trr.mode 3 may be nice for the ECH	2024-05-14 10:10:50 +03:00
Aminda Suomalainen	583cc6a8a3	firefox: please do warn if TRR isn't working	2024-05-14 10:08:19 +03:00
Aminda Suomalainen	7c867e1329	firefox: explicitly allow about:{addons,config,profiles,support}	2024-05-14 09:57:52 +03:00
Aminda Suomalainen	fb73f8e5d3	firefox: maybe be done with preferences?	2024-05-14 09:55:24 +03:00
Aminda Suomalainen	5cc2e5d720	firefox: the end of preferences additions is approaching	2024-05-14 09:43:17 +03:00
Aminda Suomalainen	89dd05c882	firefox: set user policies of hiding Mozilla ads	2024-05-14 09:38:12 +03:00
Aminda Suomalainen	cb5c844e1c	firefox: TRR IPv6 preference & reading /etc/hosts	2024-05-14 09:34:01 +03:00
Aminda Suomalainen	82bcaa0d80	firefox: disable prediction/prefetching Interestingly the policy didn't seem to touch the two preferences	2024-05-14 09:25:17 +03:00
Aminda Suomalainen	88c391fd04	firefox: don't protect any domains from extensions OK, so this simultaneously hurts security as extensions could modify the page, but it may improve privacy by blocking analytics and it can improve accessibility for any accessibility extensions.	2024-05-14 09:18:26 +03:00
Aminda Suomalainen	fd22af5142	firefox: move DoH excluded domains here	2024-05-14 09:12:21 +03:00
Aminda Suomalainen	beee380a30	firefox: begin adding security preferences	2024-05-14 09:04:56 +03:00
Aminda Suomalainen	7f653b52e3	firefox/policies/README: note WebsiteFilter as not that useful for me	2024-05-14 08:49:45 +03:00
Aminda Suomalainen	7a68117198	firefox policies: go wild	2024-05-13 21:54:05 +03:00
Aminda Suomalainen	0a0fe39076	note to self: firefox TRR policy lock locks trr.mode to 2 (TRR first)	2024-05-13 19:33:30 +03:00
Aminda Suomalainen	95d59857eb	policies.json: lock DoH provider so I only have to configure it at one place	2024-05-13 18:07:22 +03:00
Aminda Suomalainen	9b4cc804e5	browsers: expose to Ecosia that we are using gpo (or policies), remove extraneous PostData from Firefox The logic here is hope that it will stop offering the addon if I am following their instructions and sending them the information. Oh and I added icons	2024-05-13 17:56:41 +03:00
Aminda Suomalainen	d93b8eb3d5	firefox policy: disable bookmarks toolbar, default browser checking & add tracking protection exceptions	2024-05-13 06:29:17 +03:00
Aminda Suomalainen	575332b4ce	firefox: return to Quad9 ECS, disable Pocket (I don't actually use it), fix search engine typo	2024-05-12 21:43:33 +03:00
Aminda Suomalainen	f6e8c3fb45	chromium/managed: remember I have a README.md and update it	2024-05-12 18:42:50 +03:00
Aminda Suomalainen	bb84a4ed65	chromium/managed: add generative-ai.json	2024-05-12 18:40:48 +03:00
Aminda Suomalainen	4a642d3dea	chromium/managed: add amber-theme-colour.json.sample It looks fancy, while not exactly for me.	2024-05-12 18:34:10 +03:00
Aminda Suomalainen	87f5c78298	chromium: move safe browsings from managed to recommended I just don't feel right with them being in managed	2024-05-12 18:27:18 +03:00
Aminda Suomalainen	e5fc9bfbaf	{firefox,chromium}: add Plasma Integration mainly for family	2024-05-12 15:49:12 +03:00
Aminda Suomalainen	5ea86f54a7	etc/hosts/dns: add the two other adguard options	2024-05-12 15:36:05 +03:00
Aminda Suomalainen	c9a4a1c7cc	chromium: add doh-adguard policies	2024-05-12 15:30:52 +03:00
Aminda Suomalainen	dceb88b272	Revert "chromium/recommended/ecosia: trick Brave into using it as well" This reverts commit `4835a8c89d`. It's too annoying and impractical compared to my apps page.	2024-05-12 09:26:05 +03:00
Aminda Suomalainen	4835a8c89d	chromium/recommended/ecosia: trick Brave into using it as well	2024-05-11 22:31:26 +03:00
Aminda Suomalainen	ef00ae4d90	chromium: set Ecosia's DefaultSearchProviderNewTabURL	2024-05-11 22:24:56 +03:00
Aminda Suomalainen	a4c35994e8	chromium: rename black-theme-colour.json -> black-theme-colour.json.sample to stop me accidentally applying it	2024-05-11 20:36:08 +03:00
Aminda Suomalainen	4743efb556	chromium: add enable-google-safebrowsing-less-private.json.sample	2024-05-11 20:34:36 +03:00
Aminda Suomalainen	e2dd25113a	chromium: ExtensionManifestV2Availability expects 2, not true	2024-05-11 19:49:04 +03:00
Aminda Suomalainen	0ad28afe47	chromium: allow manifestv2, enable chromecast, safebrowsing, passwordleakdetection, efficiencymode, suggest disabling bookmarks bar and document previously forgotten policies	2024-05-11 19:44:16 +03:00
Aminda Suomalainen	d6aae8fb9a	browsers: add OISD (big) to AdNauseam	2024-05-11 18:01:05 +03:00
Aminda Suomalainen	7430dd9e99	{firefox,chromium}: add HTTP Indicator	2024-05-11 17:35:37 +03:00
Aminda Suomalainen	28542ca06a	firefox policy: clean-up attempt	2024-05-11 17:28:29 +03:00
Aminda Suomalainen	ba4fb50c76	firefox: set DoH to Quad9 DNS as a more international option, Ecosia Search Engine	2024-05-11 17:26:33 +03:00
Aminda Suomalainen	fef359500f	firefox: add AdNauseam configuration	2024-05-11 17:24:44 +03:00
Aminda Suomalainen	ec40dd0250	chromium: initial commit of AdNauseam managed configuration	2024-05-11 17:22:26 +03:00
Aminda Suomalainen	972c866541	chromium/aminda-extensions cleanup	2024-05-11 16:46:20 +03:00
Aminda Suomalainen	9a974e7bca	{firefox,chromium,edge}: add Ecosia	2024-05-11 16:16:12 +03:00
Aminda Suomalainen	97bbaa09a1	dracut.conf.d: fix name recovery to rescue, add yes_rescue counterpart	2024-05-11 10:41:41 +03:00
Aminda Suomalainen	9fcb0aa289	dnf.conf: note install_only_limit and kernel updates	2024-05-10 19:27:32 +03:00
Aminda Suomalainen	0cb5b0992b	sudoers.d/nordvpnd: instead of restarting DNS, allow reloading it. Also IPv6 enabling	2024-05-10 18:27:06 +03:00
Aminda Suomalainen	c81c1dd7d0	unbound: restore dot-dns0-quad9.conf with IPv4 for DNS0 & IPv6 for Quad9 ECS This partially reverts commit `422ab0de4e`	2024-05-09 20:02:23 +03:00
Aminda Suomalainen	93e2ab81dd	chromium policy: fix doh-cloudflare-secure.json name inconsistency	2024-05-09 17:11:17 +03:00
Aminda Suomalainen	764073e241	etc/hosts/blocklist: use only ::1, systemd-resolved will fix it automatically to 127.0.0.1 too	2024-05-09 12:05:37 +03:00
Aminda Suomalainen	dff016aa45	hosts/dns: IPv4 represented as IPv6 is technically valid, but this feels so wrong...	2024-05-09 10:21:23 +03:00
Aminda Suomalainen	f5223b871f	etc/hosts/dns: attempt to block private ECS providers on IPv6	2024-05-09 09:48:00 +03:00
Aminda Suomalainen	9f2b75368d	etc/hosts/dns: add dns9.quad9.net alias (note the first 9)	2024-05-09 09:41:03 +03:00
Aminda Suomalainen	1e807e888c	etc: add NetworkManager-resolv.conf-restore.bash	2024-05-09 09:38:25 +03:00
Aminda Suomalainen	6567488801	NetworkManager: also add explicit no-systemd-resolved.conf	2024-05-09 09:31:39 +03:00
Aminda Suomalainen	0566ebbbc2	NetworkManager: add comments on {dns-none,paws-off-my-resolv,systemd-resolved}.conf	2024-05-09 09:29:53 +03:00
Aminda Suomalainen	8f11f1a512	NetworkManager: fix dns-none.conf (no longer symlink)	2024-05-09 09:26:29 +03:00
Aminda Suomalainen	c751a61146	NetworkManager: fix no-search-domains.conf & systemd-resolved.conf Although in systemd-resolved.conf everything is already implied	2024-05-09 09:25:20 +03:00
Aminda Suomalainen	71582a9b95	NetworkManager/conf.d: add vim modelines	2024-05-09 09:21:21 +03:00
Aminda Suomalainen	6900a44b4a	NetworkManager/paws-off-my-resolv.conf: actually use rc-manager instead of dns=none (commented)	2024-05-09 09:19:22 +03:00
Aminda Suomalainen	d7703b6b63	dnf.conf: comment fastestmirror and explain it in a comment	2024-05-08 19:38:00 +03:00
Aminda Suomalainen	3b5434eb1d	etc: add traditional-resolv.conf-generate.bash which takes three arguments and has no trust-ad	2024-05-07 19:29:05 +03:00
Aminda Suomalainen	8fe31b9e64	fix edge paths	2024-05-07 11:29:37 +03:00
Aminda Suomalainen	e7b26cd343	chromium/policies/managed: add non-functional Edge policies	2024-05-07 11:23:30 +03:00
Aminda Suomalainen	e4d691f2b1	unbound: prefer IPv4 with private ECS using DoT servers	2024-05-07 08:26:20 +03:00
Aminda Suomalainen	afb0801430	unbound: add doh-local.sample Works otherwise, but self-signed cert didn't satisfy Chromium I wanted to point at it	2024-05-06 18:55:00 +03:00
Aminda Suomalainen	10bec4c782	resolv.tsv: use more appropiate link for AdGuard prvate ECS	2024-05-06 09:05:00 +03:00
Aminda Suomalainen	f5b76c1341	unbound: add .sample to threads.conf, comment to question it's necessity and usage	2024-05-05 11:08:52 +03:00
Aminda Suomalainen	b18df5462c	unbound: add/rename/fix prefer-ip{4,6}.conf	2024-05-04 09:05:16 +03:00
Aminda Suomalainen	0063e2409b	etc/dracut.conf.d: add sedric configs	2024-05-03 21:19:32 +03:00
Aminda Suomalainen	175256d8e4	etc/dnf/protected.d: add systemd-ukify.conf although not yet in use	2024-05-03 20:48:14 +03:00
Aminda Suomalainen	252f77ab0c	systemd-resolved & unbound: comment ECS servers again. This partially reverts `85c7fedcb2` and will be explained at https://aminda.eu/n/dns soon	2024-05-03 18:07:51 +03:00
Aminda Suomalainen	aa865106db	unbound: correct ecs.conf.sample	2024-05-03 17:35:15 +03:00
Aminda Suomalainen	962817874e	etc/dracut.conf.d: add UKI generation & Lumina cmdline	2024-05-03 16:24:03 +03:00
Aminda Suomalainen	85c7fedcb2	systemd-resolved, unbound: only ECS IPv6	2024-05-03 06:23:37 +03:00
Aminda Suomalainen	6cae19ba4f	unbound: more ecs.conf.sample experimentation	2024-05-02 21:32:39 +03:00
Aminda Suomalainen	32c99a2d43	etc/resolv.conf: fix comment explaining rotate	2024-05-01 13:08:06 +03:00
Aminda Suomalainen	1aca183f92	aminda-nocron-reboot.service: fix conflict with systemd-zram-setup@zram0.service	2024-05-01 10:38:54 +03:00
Aminda Suomalainen	6e0f72c7b1	aminda-nocron-reboot.service: split duperemove and sysctl -p --system to aminda-duperemove.service & sysctl-p--system.service	2024-05-01 10:22:57 +03:00
Aminda Suomalainen	aa6aad28ba	resolv: follow the same order as man resolv.conf	2024-05-01 10:13:30 +03:00
Aminda Suomalainen	ba298f94a5	resolv: increase timeout to 2 (match unbound/RFC 8767), decrease attempts to 2, rotate	2024-05-01 09:54:07 +03:00
Aminda Suomalainen	447385fdb8	chrony: rename ntppool.sources -> ntp-pool.sources	2024-04-30 21:02:28 +03:00
Aminda Suomalainen	78136f7437	systemd/timesyncd.conf.d: don't only use ntp pool as a fallback	2024-04-30 21:01:46 +03:00
Aminda Suomalainen	f6e9aa58da	unbound: add replace-systemd-resolved.conf.sample for listening on systemd-resolved ports	2024-04-30 20:30:15 +03:00
Aminda Suomalainen	4882cb66be	systemd-resolv.conf-generate.bash: who is going to stop me from specifying the same resolver thrice?	2024-04-30 20:21:12 +03:00
Aminda Suomalainen	b9daad6a2f	resolv.conf: explain 127.0.0.54	2024-04-30 20:16:46 +03:00
Aminda Suomalainen	d6e4fd1be7	etc: create systemd-resolv.conf-generate.bash & systemd-resolv.conf-restore.bash, mention them in resolv.conf	2024-04-30 20:05:53 +03:00
Aminda Suomalainen	fa5462212d	aminda-nocron-reboot.service: add zram-generator just in case	2024-04-30 19:10:28 +03:00
Aminda Suomalainen	72ea5ca51e	unbound: fix typo in (1)5 minutes cache, apparently a commit once removed the 1	2024-04-30 17:34:01 +03:00
Aminda Suomalainen	5d4e0e10dd	unbound/min-ttl-hour.conf: also print the stats hourly, not every 15 minutes	2024-04-30 17:26:14 +03:00
Aminda Suomalainen	437b69bd6e	unbound: apparently rename min-ttl.conf.sample to min-ttl-five-min.conf	2024-04-30 17:17:46 +03:00
Aminda Suomalainen	9671adf293	unbound: break statistics interval from logging.conf to min-ttl*	2024-04-30 17:11:32 +03:00
Aminda Suomalainen	819d6a782e	unbound: add mixed-case-queries.conf	2024-04-30 17:11:09 +03:00
Aminda Suomalainen	08de11b594	unbound/min-ttl-hour.conf: fix comment	2024-04-30 06:52:46 +03:00
Aminda Suomalainen	87bedac239	unbound: cut cache.conf.SAMPLE into more descriptive files	2024-04-30 06:45:53 +03:00
Aminda Suomalainen	531cdd82c5	unbound/cache.conf.SAMPLE: fix oversight, logging.conf: reducei nterval to quaterly	2024-04-29 20:48:51 +03:00
Aminda Suomalainen	0d0be5f9bc	unbound/cache.conf: rename to cache.conf.SAMPLE and add scary warnings there	2024-04-29 20:46:00 +03:00
Aminda Suomalainen	b54f55a1bc	document Microsoft Edge recommended policy	2024-04-29 12:39:58 +03:00
Aminda Suomalainen	788143ec01	init-browser-policies.bash: touch Firefox, break LibreWolf, verbose, handle Edge Recommended separately, warn about that too, etc.?	2024-04-29 12:25:17 +03:00
Aminda Suomalainen	d377157b46	init-browser-policies.bash: manage Edge recommended profiles separately	2024-04-29 12:15:26 +03:00
Aminda Suomalainen	a14446ed71	unbound/dns-over-tls.conf: add Cloudflare, Mullvad & Control D This is now practically https://www.privacyguides.org/en/dns/ plus Appliedprivacy	2024-04-29 08:29:07 +03:00
Aminda Suomalainen	0ee83e9a90	chrony/sources: enable xleave with ~everything I was unable to find much information about this, but see the previous commit and Brave Leo said > Yes, it's generally acceptable to use interleaved mode with a public NTP (Network Time Protocol) server, as long as you comply with the server's usage policies. This mode allows for time synchronization while also providing a fallback if the primary time source fails. However, keep in mind that public NTP servers are often subject to heavy traffic, so they may not provide the most accurate or timely synchronization.	2024-04-29 06:55:16 +03:00
Aminda Suomalainen	6f0184b519	chrony/sources/ntppool: enable xleave From https://community.ntppool.org/t/chrony-conf-noclientlog-vs-clientloglimit/2263/4 I got the impression it's fine to do and the manual says it's compatible with the basic mode and xleave supporting servers may still reply in basic mode sometimes so this shouldn't break anything	2024-04-29 06:51:27 +03:00
Aminda Suomalainen	0f66e552c1	Revert "nts-servers.sources: no preferring non-ISP servers" This reverts commit `ff1bc7b3ba`.	2024-04-28 20:08:42 +03:00
Aminda Suomalainen	4081c974bb	unbound/cache.conf: make the min ttl an hour in my quest to break DNS	2024-04-28 19:15:42 +03:00
Aminda Suomalainen	23672028d5	unbound/ecs.conf: attempt to send larger subnets than default around	2024-04-28 18:02:18 +03:00
Aminda Suomalainen	d64b4f2001	systemd-resolved: add DNA/Moi & Elisa DNS servers I was unable to find authoritative source for what is Telia's DNS	2024-04-28 16:14:30 +03:00
Aminda Suomalainen	44e22716f9	chrony sources: make add .sample to local-servers.sources, make it more useful for me	2024-04-28 10:02:31 +03:00
Aminda Suomalainen	18a04b1351	{firefox,chromium}: disable protections for one.one.one.one For some reason they make connection to 1.1.1.1 appear as no or unreachable.	2024-04-28 09:21:29 +03:00
Aminda Suomalainen	55dcb2f2cd	systemd-resolved/98-local-resolver.conf: fix comment talking about alphabet while everything is now numerals	2024-04-28 09:17:07 +03:00
Aminda Suomalainen	35b99a6bc0	systemd-resolved: add 99-lan-resolver.conf.sample for trusted LANs	2024-04-28 09:13:46 +03:00
Aminda Suomalainen	5ab33c154e	systemd-resolved: rename conf files to have a number prefix	2024-04-28 09:13:20 +03:00
Aminda Suomalainen	9375b3c2b2	unbound: add dot-cloudflare.conf	2024-04-27 21:22:28 +03:00
Aminda Suomalainen	2aa221b77f	unbound/cache: take the cache-min-ttl: 3000 challenge It will not affect web browsers which are using DoH for ECH eliminating most of breakage and I am just curious on will anything outside of web browser suffer that.	2024-04-27 18:35:22 +03:00
Aminda Suomalainen	652c11391f	unbound/cache.conf: explicitly set serve-expired-reply-ttl to 30	2024-04-27 16:52:39 +03:00
Aminda Suomalainen	d3773468fa	chromium/policies: add doh-{disabled,google}.json	2024-04-27 16:18:40 +03:00
Aminda Suomalainen	a083a9d704	unbound/cache: comment cache-min-ttl=900, add commented 3000	2024-04-27 15:42:29 +03:00
Aminda Suomalainen	30a27f980d	unbound/cache.conf: RFC 8767ish configuration	2024-04-27 15:00:12 +03:00
Aminda Suomalainen	813878a4de	systemd/{iwd,systemd-networkd}.service.d: add appropiate symlinks	2024-04-27 12:25:00 +03:00
Aminda Suomalainen	c59fe1ae53	sudoers.d/nordvpnd: also allow restarting tor-client.service I have a suspicion I am adding it to the script sooner or later	2024-04-27 12:21:07 +03:00
Aminda Suomalainen	ef9c4acfc3	sudoers.d/nordvpnd: also allow restarting Tor	2024-04-27 12:10:15 +03:00
Aminda Suomalainen	955e52f5af	yum.repos.d: add google-Chrome.repo to workaround their crontab disliking my system	2024-04-27 10:21:20 +03:00
Aminda Suomalainen	8fe7ff55e6	chromium: add managed black-theme-colour & recommended apps-as-homepage, disable-default-browser-check	2024-04-27 10:08:43 +03:00
Aminda Suomalainen	b76b7cac5c	systemd/user: review vpn wants, rm transmission-daemon copy-paste	2024-04-27 08:34:46 +03:00
Aminda Suomalainen	2113b593e7	Chromium & Firefox: force Bitwarden (for passkeys)	2024-04-27 08:32:39 +03:00
Aminda Suomalainen	da85d0d9c7	firefox & chromium: allow PrivacyPass attestor & Keyoxide.org	2024-04-27 08:31:05 +03:00
Aminda Suomalainen	61dc3706ab	systemd/{chrony,i2pd,yggdrasil}.service.d/mullvad-exclude.conf: fix mistakes and Requires=	2024-04-26 17:43:37 +03:00
Aminda Suomalainen	1b64bc5e13	systemd/service.d: fix typo & use Requires= where appropiate	2024-04-26 17:38:33 +03:00
Aminda Suomalainen	db7de1c3e4	systemd/service.d/unbound-wanted.conf: break circular skipping by removing After=	2024-04-26 17:35:31 +03:00
Aminda Suomalainen	7f410148e3	aminda-nocron-rebootish.service: repeat that dns should be running	2024-04-26 16:13:39 +03:00
Aminda Suomalainen	1d7308e74e	unbound: explicitly enable ede and it's log	2024-04-26 13:53:50 +03:00
Aminda Suomalainen	2f585209e7	matterbridge-cleanup.timer: use more human friendly term minutely on OnCalendar=	2024-04-26 13:21:20 +03:00
Aminda Suomalainen	65f58dc224	systemd: aminda-nocron-rebootish.{service,timer} is a delayed variant of -ish	2024-04-26 13:16:33 +03:00
Aminda Suomalainen	c55b20a89a	move systemd user units from conf/systemd/user to etc/systemd/user symlink remains to show what is the correct location	2024-04-26 13:05:08 +03:00
Aminda Suomalainen	b36fe67bc3	systemd/user: attempt to flatpak-update-user.{service,timer}	2024-04-26 13:03:05 +03:00
Aminda Suomalainen	b8f720fa7f	aminda-nocron-reboot.timer: fix typo in comment	2024-04-26 12:48:47 +03:00
Aminda Suomalainen	9e38fdf223	aminda-nocron-reboot.timer: add RemainAfterElapse=false	2024-04-26 12:37:55 +03:00
Aminda Suomalainen	90b64c9543	systemd: rename aminda-nocron -> aminda-nocron-reboot for clarity also opens up aminda-nocron-hourly etc.	2024-04-26 12:30:58 +03:00
Aminda Suomalainen	b0ec7cffde	chromium/README: EnableOnlineRevocationChecks does also enable CRL	2024-04-26 11:27:11 +03:00
Aminda Suomalainen	16d2f74135	systemd/aminda-nocron.service: explicitly start DNS too	2024-04-26 11:08:15 +03:00
Aminda Suomalainen	def77bc4c3	systemd: add aminmda-nocron.{service,timer} for my @reboot crontabs for cronless systems (SteamOS)	2024-04-26 10:43:08 +03:00
Aminda Suomalainen	901dbfe138	etc/hosts: attempt to increase legibility by adding leading and trailing #	2024-04-25 19:45:11 +03:00
Aminda Suomalainen	21b59adfd2	etc/hosts/hostname: copy Debian behaviour as a good practice	2024-04-25 19:40:56 +03:00
Aminda Suomalainen	fb65f717fc	etc: cleanup symlinks/files handled by init-browser-policies.bash They brought no value to me, just confused me in git forges by clicktrapping me and not following the symlinks	2024-04-25 17:31:09 +03:00
Aminda Suomalainen	6375d55b8f	systemd-resolved/mullvad: default to base for consistency with unbound	2024-04-25 17:27:55 +03:00
Aminda Suomalainen	17e0b68d20	unbound: add dot-mullvad.conf defalting on base I found myself missing this on an old family PC that has limited resources and as I didn't have this file at hand, I just went with AdGuard which will work too.	2024-04-25 17:24:41 +03:00
Aminda Suomalainen	a17ff2903a	unbound/nordvpn-domains.conf: add comments/sources, fix duplicate zone, add missing domains	2024-04-25 15:07:37 +03:00
Aminda Suomalainen	bbeb1d3e02	unbound/nordvpn: rename, send only their domains to them	2024-04-25 14:34:47 +03:00
Aminda Suomalainen	046b9c5f1a	systemd: use more descriptive drop-in name unbound-wanted.conf instead of unbound.conf	2024-04-25 14:10:26 +03:00
Aminda Suomalainen	1ea9fff29a	chromium: declare more things as .badidea	2024-04-25 14:01:54 +03:00
Aminda Suomalainen	f87c4899b6	chromium: add dns-over-https.json.badidea and declare it as a bad idea	2024-04-25 13:57:01 +03:00
Aminda Suomalainen	861b35c25f	systemd-resolved: add the other applied-privacy.net port too	2024-04-25 13:47:18 +03:00
Aminda Suomalainen	342e3116a6	systemd-resolved: another attempt at local resolvers	2024-04-25 13:45:37 +03:00
Aminda Suomalainen	d17ad34650	unbound/dns-over-tls.conf: note Applied Privacy does no ECS, add 853, add Quad9 unfiltered (ECS commented)	2024-04-25 13:26:01 +03:00
Aminda Suomalainen	52b0807fcb	systemd/yggdrasil.service.d: rename nordvpnd to restore-ipv6.conf	2024-04-25 12:52:30 +03:00
Aminda Suomalainen	520470e3dd	systemd: add firewalld-icmpv6.conf as drop-in	2024-04-25 12:51:03 +03:00
Aminda Suomalainen	45cf5ecf61	opt/chromium/policies/managed: update documentation about working preferred over ECH enforced	2024-04-25 11:00:40 +03:00
Aminda Suomalainen	32883d5c73	chromium: allow DoH downgrade to at least work. Breaks ECH :(	2024-04-25 08:15:28 +03:00
Aminda Suomalainen	7c80e2c329	NetworkManager: paws-off-my-resolv.conf	2024-04-24 18:21:33 +03:00
Aminda Suomalainen	38152ab152	etc/sudoers.d: add vim modelines just in case I think it autodetected them correctly though	2024-04-24 18:16:42 +03:00
Aminda Suomalainen	505c6ec74a	etc/hosts: add hosts.steamos	2024-04-24 18:15:50 +03:00
Aminda Suomalainen	7113fda702	sudoers.d/nordvpnd: add restarting unbound & systemd-resolved	2024-04-24 18:00:00 +03:00
Aminda Suomalainen	32c5da4422	etc/resolv.conf-generate.bash: also be verbose with chattr & chmod	2024-04-24 12:09:15 +03:00
Aminda Suomalainen	9b01bc5260	etc/hosts/README.md: add forgotten blocklist and formatting	2024-04-24 11:55:35 +03:00
Aminda Suomalainen	c00f750d96	etc/resolv.conf-generate.bash: simple resolv.conf writer the way I want	2024-04-24 11:06:35 +03:00
Aminda Suomalainen	fa9da0901d	etc/hosts/blocklist: initial commit	2024-04-24 09:21:42 +03:00
Aminda Suomalainen	b36ba70a70	systemd/service.d: add resolv.conf example with warnings	2024-04-24 07:31:10 +03:00
Aminda Suomalainen	bdcd7249c3	etc/resolv.conf: fix comment	2024-04-23 16:47:03 +03:00
Aminda Suomalainen	95e17d0a49	resolv.conf: remove rotate comments, attempt to explain the logic behind timeout & attempts	2024-04-23 16:23:36 +03:00
Aminda Suomalainen	425af3eabf	etc/resolv.conf: specify timeout 1 and attempts 5	2024-04-23 16:03:49 +03:00
Aminda Suomalainen	70ed890742	dnf/protected.d: add README.md, aminda-{desktop,essentials}.conf	2024-04-23 07:51:29 +03:00
Aminda Suomalainen	4dac26e46e	dnf: also protect unbound	2024-04-23 07:41:49 +03:00
Aminda Suomalainen	b0f7876436	etc/dnf/protected.d: add systemd-{networkd,resolved}.conf	2024-04-23 07:29:18 +03:00
Aminda Suomalainen	f41e80d66a	hosts/dns: comment where it begins and where it ends	2024-04-22 17:11:03 +03:00
Aminda Suomalainen	97c2e74220	etc/hosts: attempt to perform the bad idea of well-known DNS servers here instead	2024-04-22 16:24:51 +03:00
Aminda Suomalainen	4560e776df	systemd-{resolved,networkd}: just break things	2024-04-22 15:43:50 +03:00
Aminda Suomalainen	886b8dbfbd	unbound.conf.d: well-known-dns.conf -> well-known-dns.conf.badidea This will break DNSSEC and a lot of things.	2024-04-22 15:39:47 +03:00
Aminda Suomalainen	4acd22dc37	systemd-networkd: add untested none (Yggdrasil) & wireguard configuration	2024-04-22 15:17:14 +03:00
Aminda Suomalainen	6ea0a570dd	systemd-networkd: match systemd-resolved configuration	2024-04-22 15:12:07 +03:00
Aminda Suomalainen	dea732d15b	systemd-resolved: attempt to simplify configuration	2024-04-22 15:08:03 +03:00
Aminda Suomalainen	f976c9a530	etc/resolv.conf: comment rotate, remove bad search domain comment	2024-04-22 14:51:58 +03:00
Aminda Suomalainen	895359ff67	etc/resolv.conf: add warning about mixing systemd-resolved & unbound	2024-04-22 14:50:37 +03:00
Aminda Suomalainen	903e38f307	systemd-networkd: unset other DNS	2024-04-22 13:32:12 +03:00
Aminda Suomalainen	7be1800002	systemd-networkd: disable DNSSEC/DNSOverTLS by default as localhost	2024-04-22 13:16:14 +03:00
Aminda Suomalainen	3d58aee508	systemd-networkd/10-ether.network: mention unmanaged/NetworkManager	2024-04-22 13:09:28 +03:00
Aminda Suomalainen	e56e5e1909	systemd-networkd: remove comment I don't stand behind	2024-04-22 13:05:58 +03:00
Aminda Suomalainen	02c434b81b	systemd-networkd: list local DNS resolvers	2024-04-22 12:59:38 +03:00
Aminda Suomalainen	44b6e5b618	systemd-networkd: add DNSSEC & DNSOverTLS & search domains	2024-04-22 12:25:25 +03:00
Aminda Suomalainen	945ca0462d	Revert "systemd-networkd: attempt to deduplicate by cutting into 10-global.network" This reverts commit `19b6fbef3c`.	2024-04-22 12:21:56 +03:00
Aminda Suomalainen	06787a38de	resolved/00-no-local-resolver.conf: comment local resolver since I break DNSSEC	2024-04-22 12:14:34 +03:00
Aminda Suomalainen	19b6fbef3c	systemd-networkd: attempt to deduplicate by cutting into 10-global.network	2024-04-22 12:07:39 +03:00
Aminda Suomalainen	aac3ccdec3	unbound/well-known-dns.conf: add CNAMEs one.one.one.one & dns.google.com	2024-04-22 11:26:46 +03:00
Aminda Suomalainen	dc6fc85174	chromium: exclude bittimittari.fi	2024-04-22 10:09:28 +03:00
Aminda Suomalainen	fe1970cfd9	chromium: add brave IPFS disabling policy IPFS is known for killing routers and having it on two machines while trying to VoIP with a lot of people, it gets a bit too heavy	2024-04-22 10:03:53 +03:00
Aminda Suomalainen	abd21e008a	well-known-dns.conf: typetransparent subdomains just in case Theoretically the higher level domain affects them too, but in practice I am unsure and I have previously only used always_reject for google-analytics & subdomains blocking. It at least isn't causing warnings or errors.	2024-04-22 07:42:53 +03:00
Aminda Suomalainen	579e98f27c	unbound/well-known-dns.conf: use typetransparent so non-local queries won't get NODATA	2024-04-22 07:28:55 +03:00
Aminda Suomalainen	623a9150fd	unbound: merge 00-insecure-domains.conf into blocklist.conf	2024-04-22 07:10:18 +03:00
Aminda Suomalainen	892feb3c1b	unbound/blocklist: add fritz.box.	2024-04-22 07:06:21 +03:00
Aminda Suomalainen	c90b551ac4	chromium: merge doh-forced to the doh files due to it being required anyway, update documentation, rename doh-allowed → doh-unlocked-unset	2024-04-21 14:00:39 +03:00
Aminda Suomalainen	4a47d14069	resolved.conf.d: add dot-trex.conf symlink and explaining comments like in unbound	2024-04-21 13:14:53 +03:00
Aminda Suomalainen	ce9159e756	unbound/dot-quad9.conf: prettier sorting	2024-04-21 13:13:41 +03:00
Aminda Suomalainen	7379241a20	chromium: add the rest of Quad9 & update README.md	2024-04-21 11:35:28 +03:00
Aminda Suomalainen	3540f2442e	chromium/doh-quad9*: add alternative port as Chromium allows multiple	2024-04-21 11:28:07 +03:00
Aminda Suomalainen	eb47fac4cb	systemd-resolved: add vim modelines	2024-04-21 10:58:45 +03:00
Aminda Suomalainen	f126e681a2	systemd-resolved: split applied-privacy#443 to its own file as resolved configs don't exclude each other	2024-04-21 10:57:25 +03:00
Aminda Suomalainen	a0ccd790ab	unbound & systemd-resolved: add Quad9 alternative port	2024-04-21 10:54:22 +03:00
Aminda Suomalainen	e64e4e7fd0	firefox: DisableEncryptedClientHello: false I am not sure if this does anything, I just saw a message in logs and it didn't trigger an error	2024-04-21 10:13:29 +03:00
Aminda Suomalainen	6a97040386	firefox: add IPvFoo*	2024-04-21 10:08:43 +03:00
Aminda Suomalainen	069da00a38	Chromium: add IPvFoo* and note that users should go through extensions	2024-04-21 09:58:30 +03:00
Aminda Suomalainen	e6bd2b13ad	unbound: add TREX upstream configuration	2024-04-20 20:25:48 +03:00
Aminda Suomalainen	a7cf718453	uncound/well-known-dns.conf: add DNS0 {Zero,Kids,Open}	2024-04-20 17:59:46 +03:00
Aminda Suomalainen	41c65344f1	chromium: add dot-dns0-{kids,open,zero}.json	2024-04-20 17:53:33 +03:00
Aminda Suomalainen	437ec3b49c	chromium/doh-dns0.json: add trailing / as Chromium requires it (or fails every DNS request)	2024-04-20 17:50:57 +03:00
Aminda Suomalainen	422ab0de4e	libreawoo, unbound & resolved: uncomment Quad9 default, comment ECS	2024-04-20 17:50:12 +03:00
Aminda Suomalainen	bec7f8bbaa	separate local/share/applications & etc/xdg/autostart	2024-04-20 12:14:02 +03:00
Aminda Suomalainen	ffc4c53615	sudoers/nordvpnd: allow chronyc online	2024-04-20 11:56:14 +03:00
Aminda Suomalainen	c9cad77caf	move etc/xdg/autostart to more descriptive location of local/share/applications	2024-04-20 11:18:33 +03:00
Aminda Suomalainen	9bd3a05d5b	clean up old desktop entries I cannot see myself using	2024-04-20 11:13:02 +03:00
Aminda Suomalainen	cebcec5792	add syncplay.desktop	2024-04-20 11:07:03 +03:00
Aminda Suomalainen	8e296b5a25	add mpv.desktop that avoids pseudo-gui	2024-04-20 11:04:30 +03:00
Aminda Suomalainen	24c9209cbe	add/fix desktop entries for wrappers firefox, steam, thunderbird	2024-04-20 10:58:09 +03:00
Aminda Suomalainen	4c841781b3	add/fix libreawoo & firefox desktop entries	2024-04-20 10:50:09 +03:00
Aminda Suomalainen	93c60b21b2	finish chromium desktop files?	2024-04-20 10:43:17 +03:00
Aminda Suomalainen	bbcb37c334	add libreawoo.desktop	2024-04-20 10:32:55 +03:00
Aminda Suomalainen	816157fc25	add initial desktop files for the scripts wrappers	2024-04-20 10:23:15 +03:00
Aminda Suomalainen	45f1c1078f	unbound/well-known-dns.conf: add Google DNS	2024-04-20 09:10:36 +03:00
Aminda Suomalainen	134622edad	unbound/well-known-dns.conf: add missing dots	2024-04-20 09:00:44 +03:00
Aminda Suomalainen	e319c8aacf	unbound: restore and update blocklist.conf This reverts commit `fe8ac1bbb7`.	2024-04-20 08:57:26 +03:00
Aminda Suomalainen	c7633838de	unbound: fill well-known-dns.conf some more	2024-04-20 08:52:49 +03:00
Aminda Suomalainen	dda5f2c110	chromium/enable-ech-ocsp.json: remove not strictly releated policies	2024-04-20 07:47:31 +03:00
Aminda Suomalainen	4a889dd9b4	sudoers.d/nordvpnd: add restarting of iwd & systemd-networkd	2024-04-20 07:42:40 +03:00
Aminda Suomalainen	6a87111f8b	unbound/well-known-dns.conf: initial commit	2024-04-19 19:58:23 +03:00
Aminda Suomalainen	1e22108950	unbound/00-insecure-domains.conf: qname minimization is not relevant here	2024-04-19 09:17:01 +03:00
Aminda Suomalainen	1a1bf9adb9	unbound/conf.d: add vim modelines/filetypes	2024-04-19 09:14:32 +03:00
Aminda Suomalainen	b3eb6e06e7	unbound: add symlink for the Fedora name as I keep tab failing	2024-04-19 09:09:36 +03:00
Aminda Suomalainen	47e51ee38b	firefox policy: use Quad9 ECS as TRR	2024-04-19 08:48:57 +03:00
Aminda Suomalainen	39f2eb4f0f	chromium: add doh-cloudflare-secure.json, ECH notes	2024-04-19 08:24:29 +03:00
Aminda Suomalainen	b248392e8a	systemd-resolved: think more on local resolvers or not	2024-04-18 14:31:56 +03:00
Aminda Suomalainen	4c4508ba36	unbound/dot-*quad9.conf: add DNS10 & DNS12 (commented), remove extra spaces	2024-04-18 11:16:20 +03:00
Aminda Suomalainen	9aa71de638	systemd-resolved/dot-quad9.conf: add commented DNS10 & DNS12	2024-04-18 11:08:23 +03:00
Aminda Suomalainen	5097076daf	unbound: also disable qname-minimization for DNSo53 forwarders	2024-04-17 16:03:23 +03:00
Aminda Suomalainen	363be56010	unbound: move to tls-ystem-cert from tls-cert-bundle & disable qname minimization for DoT forward-zones	2024-04-17 16:01:38 +03:00
Aminda Suomalainen	bbab2f335d	resolv.tsv: sort	2024-04-17 15:42:34 +03:00
Aminda Suomalainen	9ba083f81f	resolv.tsv: add Quad9 unfiltered variants	2024-04-17 15:42:08 +03:00
Aminda Suomalainen	c18fe92ad8	etc/resolv.tsv: add Quad9 Apple Mobileconfigs	2024-04-17 15:34:43 +03:00
Aminda Suomalainen	f10b151a3b	systemd: add firewalld.service.d/never-fail.conf due to failing to timeout on sedric	2024-04-17 11:38:43 +03:00
Aminda Suomalainen	75c39ddb0d	sudoers.d/nordvpnd: include nordvpnd.socket	2024-04-16 08:39:16 +03:00
Aminda Suomalainen	419805bc91	chromium/README: add forgotten files, fix description for those moved from recommended	2024-04-16 07:15:30 +03:00
Aminda Suomalainen	a0456269a1	chromium: move brave feature disabling from recommended to managed for actual effect	2024-04-16 07:11:55 +03:00
Aminda Suomalainen	36f433f35b	chromium/managed: add enable-labs.json I have decided that I want it anyway and unlike before, now it has its own file so I can decide to leave it alone on shared devices	2024-04-15 21:08:56 +03:00
Aminda Suomalainen	8c748dd2d6	unbound/dot-dns0-quad9.conf: fix duplicate forward zone	2024-04-14 14:23:58 +03:00
Aminda Suomalainen	ac922aea86	{firefox,chromium}: add Floccus bookmarks sync so I will remember its existence	2024-04-14 14:10:39 +03:00
Aminda Suomalainen	cd2ae2c852	etc/resolv.tsv: add Google DNS & DNS64 as they too are Android hard-coded for DoH3	2024-04-14 09:18:05 +03:00
Aminda Suomalainen	cc25967b22	etc/resolv.tsv: note Cloudflare being DoH3 on Android, add Cloudflare antimalware/family DoT addresses	2024-04-14 09:10:06 +03:00
Aminda Suomalainen	44c3168a39	chromium policy: strip DnsOverHttpsMode to two different files, rename automatic to allowed for clarity & update README.md on these	2024-04-13 18:38:26 +03:00
Aminda Suomalainen	46ac8aefd8	unbound: add dot-dns0-quad9.conf	2024-04-12 17:01:32 +03:00
Aminda Suomalainen	ab74e45a9f	chromium policy/brave-shields-disabled.json: add glowing-bear	2024-04-12 14:29:49 +03:00
Aminda Suomalainen	b9d8da4df4	chromium policy. add brave-shields-disabled.json based on Privacy Badger	2024-04-12 14:26:31 +03:00
Aminda Suomalainen	bf1fdc4cff	{firefox,chromium} policy: PB exclude Disroot Mvim, Microsoft {Teams,Learn}	2024-04-12 14:24:31 +03:00
Aminda Suomalainen	b1a0125674	unbound: add local-tlds.conf	2024-04-12 14:16:10 +03:00
Aminda Suomalainen	0d4c40ba16	systemd: mark systemd-resolved.conf to be conflicting with avahi-daemon	2024-04-12 10:58:15 +03:00
Aminda Suomalainen	73865c747d	root-auto-trust-anchor-file.conf -> debian-root-auto-trust-anchor-file.conf Let's not overwrite files accidentally	2024-04-12 10:56:51 +03:00
Aminda Suomalainen	0bac3a8ab0	chromium: add doh-quad9.json	2024-04-12 10:42:51 +03:00
Aminda Suomalainen	e88c2a8067	etc: attempt to enable mDNS/LLMNR for systemd-{networkd,resolved} & NetworkManager Some boolean fixing slipped in as well	2024-04-12 09:52:32 +03:00
Aminda Suomalainen	4d4dc026fd	unbound: ipv6.conf -> prefer-ipv6.conf more descriptive name	2024-04-12 09:19:02 +03:00
Aminda Suomalainen	a7bb2f5ec8	etc/iwd/main.conf: update comments on DNS	2024-04-11 10:16:21 +03:00
Aminda Suomalainen	80ac65acd1	systemd-resolved/README.md: enable doctoc	2024-04-11 10:06:18 +03:00
Aminda Suomalainen	cce932960e	systemd-resolved/README.md: mention nordvpn.conf	2024-04-11 10:05:18 +03:00
Aminda Suomalainen	a2e36f2a3b	systemd-resolved/README.md: remove EOL Ubuntu, fix booleans, note my actual DNS config	2024-04-11 10:03:53 +03:00
Aminda Suomalainen	da6eab8dfc	systemd-resolved: use true/false as booleans (not yes/no) & remove repeated localhost	2024-04-11 10:02:49 +03:00
Aminda Suomalainen	3009af55a6	resolved.conf.d/README.md: mention 00-defaults and dot-something being supposed to be used together	2024-04-10 15:09:31 +03:00
Aminda Suomalainen	9a210c4bba	systemd-resolved: further decrease repeating, comment DNS-Over-TLS since it's in 00-defaults.conf already (+ local resolver)	2024-04-10 15:06:14 +03:00
Aminda Suomalainen	f12d0ceb8a	systemd-resolved: don't repeat cache	2024-04-10 15:02:30 +03:00
Aminda Suomalainen	241405c776	systemd-resolved: merge unbound.conf into 00-defaults.conf	2024-04-10 11:59:36 +03:00
Aminda Suomalainen	f885dcd73a	chromium/recommended: disable Tor in Brave	2024-04-10 11:21:52 +03:00
Aminda Suomalainen	4cfd7ab75f	chromium: add recommendation of disabling Brave rewards & wallet	2024-04-10 11:18:42 +03:00
Aminda Suomalainen	2282429f94	brave: use boolean for disabling vpn	2024-04-10 11:16:55 +03:00
Aminda Suomalainen	149cadfa41	firefox & chromium: add IPFS Companion	2024-04-10 11:03:19 +03:00
Aminda Suomalainen	d7879eeb6b	chromium: update README with the two new files	2024-04-10 10:53:37 +03:00
Aminda Suomalainen	450aac4c32	chromium: add disable-brave-vpn.json	2024-04-10 10:51:38 +03:00
Aminda Suomalainen	35e1faaabc	chromium: add doh-quad9-ecs.json	2024-04-10 10:51:15 +03:00
Aminda Suomalainen	4a08068634	unbound/cache: serve-expired: yes I am unsure on whether this actually affects anything without setting the other expired options too	2024-04-07 19:44:10 +03:00
Aminda Suomalainen	b03218c78b	unbound/cache.conf: add prefetch & prefetch-key	2024-04-07 17:34:36 +03:00
Aminda Suomalainen	c034e016e8	firefox policy: add search engine suggestion urls	2024-04-05 14:04:14 +03:00
Aminda Suomalainen	99c63d25fe	{firefox,chromium} policy: add OpenDyslexic	2024-04-04 14:27:43 +03:00
Aminda Suomalainen	08ae59ed99	firefox policy: configure Homepage	2024-03-31 08:46:12 +03:00
Aminda Suomalainen	a581ee2dd5	rm etc/sysctl.d/99-enable-ipv6.conf Refer to crontab, yggdrasil.service.d and nordvpn.service.d	2024-03-29 08:57:35 +02:00
Aminda Suomalainen	323dde1545	{firefox, chromium}: force install privacy pass This is in hopes of reducing family member frustation with captchas should they happen	2024-03-29 08:32:44 +02:00
Aminda Suomalainen	1d05061bb4	hack nordvpnd to work with yggdrasil	2024-03-29 07:58:44 +02:00
Aminda Suomalainen	9fb90d4b30	chromium/README: mention fix-edge-search.json	2024-03-28 18:57:29 +02:00
Aminda Suomalainen	80df53aa6a	chromium: move edge policy from recommended searches to managed/fix-edge-search.json	2024-03-28 18:53:15 +02:00
Aminda Suomalainen	c5dd75077d	chromium: throw home enabling & search engines into recommended policy instead	2024-03-27 16:51:29 +02:00
Aminda Suomalainen	860970df78	etc/init-browser-policies.bash: note recommended policies	2024-03-27 16:43:17 +02:00
Aminda Suomalainen	58df0709f4	firefox policy README.md: note that search engines also work on nightly	2024-03-24 08:17:31 +02:00
Aminda Suomalainen	e823810723	firefox: add search engine aliases	2024-03-24 08:16:20 +02:00
Aminda Suomalainen	4bab0cbb6a	firefox: default to Brave Search	2024-03-24 08:15:43 +02:00
Aminda Suomalainen	7b80c2bbc2	chromium/aminda-extensions.json: remove DuckDuckGo Privacy Essentials	2024-03-23 12:46:49 +02:00
Aminda Suomalainen	d241993c0a	chromium/aminda-extensions.json: remove blank new tab	2024-03-23 12:40:23 +02:00
Aminda Suomalainen	4a2fc137db	chromium: handle Microsoft Edge new tab page Bing search	2024-03-23 12:36:30 +02:00
Aminda Suomalainen	3d038bf826	chromium policy README.md: add missing/renamed files	2024-03-23 12:15:21 +02:00
Aminda Suomalainen	b7acf2daaa	chromium policy: add brave-search.json	2024-03-23 12:08:07 +02:00
Aminda Suomalainen	c8ece6032a	chromium/duckduckgo.json: policy for using start.duckduckgo.com for searching	2024-03-23 11:55:06 +02:00
Aminda Suomalainen	405d407c2a	firefox: add Brave Search Goggles	2024-03-21 17:21:30 +02:00
Aminda Suomalainen	3e56346be0	firefox: add Brave Search	2024-03-20 18:53:18 +02:00
Aminda Suomalainen	cc6dbceaff	{firefox,chromium} policy: add UpdateSWH	2024-03-14 20:25:06 +02:00
Aminda Suomalainen	39b0f1d19a	{firefox,chromium} policy: disable PrivacyBadger on Element Web instances	2024-03-13 11:45:19 +02:00

... 5 6 7 8 9 ...

1556 Commits