Commit Graph

848 Commits

Author SHA1 Message Date
9d5db7ee3c ssh_config: add "UseRoaming no"
https://twitter.com/msfriedl/status/687635945642967040
2016-01-14 16:47:30 +02:00
e80dbd29fe etc/nginx/host: enable http2 2016-01-13 12:05:35 +02:00
d903ba5985 sshd_config: no instead of No
Permitrootlogin had it for some reason and Jolla's sshd didn't like it.
2016-01-06 10:17:33 +02:00
f1817f4014 sources.list: I don't maintain devel 2015-12-28 14:50:21 +02:00
c0503fab51 sources.list/ubuntu: fix apt-key command 2015-12-28 14:48:31 +02:00
fb9961be7b unbound.d/logging.conf: I need verbosity 2
1 doesn't seem to tell me when things start randomly failing.
2015-12-18 11:37:47 +02:00
8804f7e9f6 etc/unbound/unbound.conf.d: logging.conf
Logging to systemd-journald (journalct) with verbosity 1.
2015-12-18 09:52:18 +02:00
a187ae584d profile: numlockx on 2015-12-15 20:06:23 +02:00
2dce923a56 etc/apt/sources.list: commented Ubuntu MATE 2015-12-15 18:11:50 +02:00
8342c97bc2 git rm 15.04 2015-12-15 18:07:34 +02:00
9431381b93 sources.list: add Ubuntu 16.04 2015-11-06 09:14:27 +02:00
f58977d151 unbound forwards.conf: add commented trex dns64 2015-10-26 08:58:36 +02:00
50d27ca7b6 etc/xdg/autostart: add clipit 2015-10-25 14:30:42 +02:00
4257dcfb37 etc/xdg/autostart/redshift: add comment on Kotka 2015-10-25 14:27:06 +02:00
2154ee9b01 etx/xdg/autostart: cleaning 2015-10-25 14:26:24 +02:00
a5ca47e88d nginx: X-Xss-Protectio & -Content-Type-Options
via https://securityheaders.io/ via znc/znc#1168
2015-10-25 09:18:34 +02:00
47eac3b6eb sources.list README: add wget method 2015-10-17 14:31:48 +03:00
650829aea9 nginx: add Upgrade Insecure Requests
http://caniuse.com/#feat=upgradeinsecurerequests
2015-09-23 17:50:11 +03:00
02f4f2f0d4 profile.d/mikaela.sh: set TZ to $(date +%Z)
Also remove the commented Steam thing as it's Antergos-only issue.
2015-09-13 10:46:38 +03:00
c42ae8eb43 ssh: also send EDITOR 2015-09-12 11:45:42 +03:00
fdf8255372 ssh: send/accept also TZ TERM 2015-09-12 11:42:44 +03:00
0f00443a7b sshd_config: mention the LC_ALL anyway
my config files are horrible, too many comments.
2015-09-06 18:42:36 +03:00
96ca38818f sshd_config: don't talk so much about locales 2015-09-06 18:40:02 +03:00
801e3e0941 sshd_config: AcceptEnv LANG, LANGUAGE LC_*
but not LC_ALL and there is no asterisk, the varibles are allowed
separately. It's very unlikely that someone invents a new locale type.
2015-09-06 18:36:48 +03:00
a3d5fbd9d7 sshd_config: http://serverfault.com/a/660325 2015-09-06 18:27:50 +03:00
a0352630fd sshd_config: verbose logging of sftp 2015-09-06 17:37:34 +03:00
8d55bc53db sshd_config: use internal sftp & fixes
thanks again @grawity
2015-09-06 17:20:12 +03:00
c82b706942 fix 7470403158
thanks @DarthGandalf and @grawity on #znc
2015-09-06 17:13:21 +03:00
7470403158 sshd_config: add Fedora & Gentoo sftp-server
thanks Conjuro and @DarthGandalf on #znc
2015-09-06 17:09:55 +03:00
774346c8d0 fix sshd_config 2015-09-06 08:42:29 +03:00
68c6da5aec ssh_config: fix comments 2015-09-06 08:15:17 +03:00
dc9f8b0ab5 sort sshd_config 2015-09-06 08:12:41 +03:00
c3f351d21f sshd_config: add commented AcceptEnv
and reason why it's commented, security, ShellShock worked with remotely
sent environent variables even with restricted accounts.
2015-09-06 07:33:32 +03:00
90c86466dd ssh_config: also sendenv LANGUAGE 2015-09-06 07:30:41 +03:00
6fc4b6a29b ssh_config: add missing dot 2015-09-05 23:50:31 +03:00
28c2f0b8d8 ssh_config: SendEnv LANG LC_* 2015-09-05 23:46:00 +03:00
c50516ced3 etc/xdg/autostart: add redshift-gtk 2015-09-05 22:57:45 +03:00
c2b93abe27 relevant systemd services: after network-online 2015-09-05 09:07:41 +03:00
bd3ee60e61 ssh_config: fix paste fail 2015-09-02 08:33:02 +03:00
66f604a6dd ssh_config: add UpdateHostKeys yes 2015-09-02 08:15:16 +03:00
c05b52354f sshd_config: restore Client*
I am sure I committed them already, but they have disappeared somewhere.
Maybe I accidentally overwrote them.
2015-09-01 17:37:33 +03:00
888686ef48 etc/ssh/copy: add verbosity 2015-09-01 17:32:56 +03:00
c2c0c4fa08 etc/ssh: add copy script 2015-09-01 17:31:42 +03:00
25bf96e30a ssh_config: my ssh key is not system-wide 2015-09-01 17:16:37 +03:00
96dfc06668 ssh_config: remove unrelated comments 2015-09-01 17:06:33 +03:00
defa0b9df1 etc/ssh: add ssh_config 2015-09-01 16:48:27 +03:00
4cdf8dfe71 sshd_config: add ClientAliveCountMax ClientAliveInterval 2015-09-01 16:40:56 +03:00
73e9e99d9c sshd_config: cleaning up 2015-08-30 16:54:21 +03:00
c922d0aa37 etc/ssh/sshd_config: fix banner 2015-08-28 19:25:26 +03:00
7e4bbfba5a sshd_config: also remove ecdsa keys 2015-08-28 14:29:34 +03:00
04df2e532b update sshd_config from Arch
OpenSSH 7.1p1-1

Note the sftp subsystem which differs between at least Debian and Arch.
2015-08-28 14:00:25 +03:00
f69a361ed1 sshd_config: deprecate dsa 2015-08-28 13:54:36 +03:00
ae6651cd47 systemd: add reflector.service 2015-08-25 14:13:44 +03:00
7ff510b42b add etc/install
Closes #74
2015-08-22 15:10:01 +03:00
bec7aced22 etc/systemd/system: README updates 2015-08-21 19:27:40 +03:00
76633ba61d add etc/unbound/dnscrypt-proxy.conf 2015-08-21 19:16:12 +03:00
18931c320a add dnscrypt proxy services
Thanks @Fusl

Fixes #63
2015-08-21 19:09:39 +03:00
dc5531dfcd cleaning etc/systemd/system 2015-08-21 19:06:11 +03:00
c4dcb39b8c nginx: remove the neverused vhost 2015-08-20 20:47:18 +03:00
3a32185433 etc/nginx/sites-availble: add X-Frame-Options 2015-08-20 20:36:32 +03:00
a06465d161 unbound: move forwards.conf under unbound.conf.d 2015-08-20 18:39:40 +03:00
2ab0601c8d systemd: remove dnscrypt-proxy & add miredo 2015-08-20 18:29:00 +03:00
3065c552da resolv.conf: add ::1 anyway 2015-08-20 15:24:57 +03:00
c8dcba24a3 major cleaning 2015-08-20 15:22:22 +03:00
baff3f7dd1 clean resolv.conf 2015-08-20 15:09:13 +03:00
e3b067cf5d etc/resolv.conf: swap Google DNS
I prefer them to be in order primary and seconary if I use both and as
IPv6 is above it should be the primary making IPv4 below secondary.
2015-08-16 12:07:59 +03:00
a55ab90ca3 resolv.conf: replace OpenDNS with Google
If both Google servers go down, there are still the others which unbound
that I run on all devices is using.
2015-08-16 12:05:50 +03:00
f6b562f517 comment on etc/resolv.conf 2015-08-16 11:30:06 +03:00
518a5c2a17 sources.list: add (Ubuntu) devel 2015-08-06 12:01:21 +03:00
93d775c3a5 fix etc/profile.d/mikaela.sh 2015-07-29 10:16:30 +03:00
632f2f2b6b sources.list: clean Ubuntu ones 2015-07-29 10:04:54 +03:00
741c6a8571 sources.list/ubuntu: add commented proposed
Closes #79
2015-07-28 19:23:48 +03:00
aeeed423df sources.list/ubuntu: coment ddebs 2015-07-28 19:09:26 +03:00
95dc6cfa17 sources.list: ubuntu: add ddebs.ubuntu.com
https://wiki.ubuntu.com/DebuggingProgramCrash
2015-07-28 19:06:38 +03:00
fa44f85e48 sources.list: chmod +x install* 2015-07-28 18:59:03 +03:00
6b527a87cb sources.list: 14.10 is EOL 2015-07-24 09:06:19 +03:00
2ba606cce6 nginx: HSTS: subdomains & preload 2015-07-22 12:55:51 +03:00
ff94369b6d sources.list/README: add missing rm 2015-07-12 11:52:28 +03:00
93e5eab3f5 sources.list: fix install scripts 2015-07-12 11:39:41 +03:00
b4f3ac370e sources.list/install: add missing shebang 2015-07-12 11:36:38 +03:00
87ffc8515e sources.list: improve README 2015-07-12 11:35:53 +03:00
8783d0d5b7 sources.list: add install scripts
Closes #78
2015-07-12 11:26:47 +03:00
2fd3c3986b sources.list: add README & touch scripts
ref: #78
2015-07-12 11:21:38 +03:00
60402c6999 sources.list: add forgotten stretch 2015-07-12 11:06:03 +03:00
abc4060a3a sources.list: add sid so both scripts work 2015-07-12 11:03:51 +03:00
6400fd909e sources.list: rename debian* to codenames
So they are compatible with the function which uses `lsb_release -sr`.
2015-07-12 10:51:19 +03:00
f98e2a4375 somewhat rewrite etc/oidentd.conf 2015-07-09 10:48:28 +03:00
cf13b0faaf sources.list/squeeze: add squeeze-lts 2015-07-07 17:10:43 +03:00
b16ae44601 Revert "services: remove unneeded pidfiles"
This reverts commit 98093edc99.

* * * * *

They aren't needed if systemd starts the service, but what if user
services are used together with cron and liching isn't allowed?
2015-07-07 10:10:10 +03:00
b6969cd7fe rm debianu as git didn't like it 2015-07-06 15:22:23 +03:00
0a8c630265 http.debian.net --> httpredir.debian.org
I was told that it moved and moving to debian.org means that it's now
officially supported :)
2015-07-06 15:18:25 +03:00
fe1890ea34 debianu --> sid & ln -s sid debianu
sid makes more sense and as it has static codename, why to not use it?
2015-07-06 15:08:42 +03:00
805f669954 sources.list: add supported Debians
also remove the top line and add debianu for unstable.
2015-07-06 15:05:31 +03:00
6cb22a6de2 sysctl/60-mikaela.conf: mention systemd-networkd 2015-06-24 16:09:05 +03:00
a5de194c6f fix sysctl.d/60-mikaela.conf
EUI-64, not SLAAC & privacy extensions for all
2015-06-24 15:12:11 +03:00
1f1d071e5e systemd/network: rename enp… eth0 & timesyncd 2015-06-07 19:12:15 +03:00
47b05e1bd9 fix aliendalvik-stopper.service 2015-05-27 12:09:31 +03:00
4391fb5c19 systemd: aliendalvik-stopper 2015-05-27 12:00:35 +03:00
bf03a22823 systemd/system: update README
https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme
2015-05-23 11:29:18 +03:00
3370327db0 ydns-simple service & timer 2015-05-22 20:15:23 +03:00
9ac3c776d7 sysctl.d: net.ipv6.conf.default.use_tempaddr 2015-05-14 19:04:35 +03:00
e512759368 fix resolv.conf 2015-05-14 00:16:49 +03:00
e660ec9b21 resolv.conf: use IPv4 localhost
because of the other files I added maybe in previous commit
2015-05-13 22:27:22 +03:00
17b5596d80 etc: dnscrypt 2015-05-13 22:20:28 +03:00
8e952350e7 etc/resolv.conf: don't be so verbose 2015-05-13 20:52:48 +03:00
b761f8f5ed add etc/resolv.conf 2015-05-13 20:49:35 +03:00
cbbd9dcf2c nginx/host: enable HSTS 2015-05-12 18:41:24 +03:00
8e433e3660 etc/xdg/autostart: README, linphone, redshift§ 2015-05-08 09:08:30 +03:00
43af7aef52 sources.list: rm ubuntu 2015-05-05 07:56:39 +03:00
adb361bc0e sources.list: 15.10 2015-05-05 07:56:11 +03:00
a9eaecf61c unbound: add dns.watch & puntcat 2015-05-01 17:05:58 +03:00
0510858a0d etc/unbound: remove non-DNSSEC resolvers 2015-05-01 15:10:49 +03:00
e9ad27c7ff etc/systemd/network: add enp0s18.network
from Rbtpzn
2015-04-29 10:41:42 +03:00
9e37b3b2d8 etc: nsswitch.conf, not fully 2015-04-28 13:14:25 +03:00
27d24a81b1 copy ipv6 services 2015-04-23 22:38:30 +03:00
3d54d51c24 rm dnsmasq & fedora
I am not using either. The only Fedora here was Pidora and it has died
some time ago and the project is a little slow.

I am currently wondering whether to start learning FreeBSD by putting it
on the Pi.
2015-04-22 22:50:54 +03:00
f74a76250b Rename Manjaro --> Arch
I didn't ever try Manjaro outside of Virtualbox and I have learned that
Manjaro is not good. I am currently using Antergos which is Arch + one
custom repo, so I feel I can rename to Arch.
2015-04-22 22:42:01 +03:00
146738e147 etc: add oidentd.conf
This file is not shipped on Arch.
2015-04-22 22:27:24 +03:00
3b976e3cd4 move sysctl from \*rc functions to etc/sysctl.p/ 2015-04-22 22:20:30 +03:00
9d5721899e systemd units: add oidentd.socket
With my sysctl config oidentd is IPv6 only unless `BindIPv6Only=both`
is added.
2015-04-22 22:12:06 +03:00
bb8d854150 NO MORE UNBREAKABLE SPACE! :D
(Serious commit messages™)
2015-04-10 18:36:06 +03:00
55e4921e64 etc/profile.d: copy from Antergos just in case 2015-04-08 20:08:07 +03:00
a5c9156eb4 sources.list/15.04: drop extras.ubuntu.com
It's dead
https://bugs.launchpad.net/ubuntu/+source/apt-setup/+bug/1409555
2015-04-05 23:21:44 +03:00
ca7f295036 map compose to left super 2015-03-23 09:17:02 +02:00
a2712ca422 etc: add x keyboard 2015-03-23 09:15:52 +02:00
8729f1cb37 Ubuntu 14.10 sources.list: fix Ubuntu MATE PPA
Ubuntu MATE decided to change their PPA and the install image most
likely will be missing this change, so I must add it here.

https://ubuntu-mate.org/blog/ubuntu-mate-utopic-ppa/
2015-03-19 21:54:35 +02:00
bf5409616a etc/nginx readme: add manjaro other than php 2015-03-13 15:40:24 +02:00
b1e1581fe3 unbound: add manjaro
closes #69
2015-03-13 15:08:19 +02:00
6457bc4361 unbound: add config for Pidora
ref: #69
2015-03-12 11:46:37 +02:00
6820fa23d7 fix unbound config files 2015-03-12 11:44:03 +02:00
d2e8d49ec2 unbound: disable OpenDNS
Missing DNSSEC causes my Pidora to SERVFAIL. Now checking if this is
cause of #69...
2015-03-12 11:33:52 +02:00
73ffff658c mysql: fix unicode.cnf
https://mathiasbynens.be/notes/mysql-utf8mb4
2015-02-27 11:12:04 +02:00
c391357cf7 sources.list: add security.ubuntu.com & rm MATE
For some reason I had thought that the default installation uses local
mirror instead of the main repo so I used that.

I also removed MATE now as it causes dupliate warnings with Ubuntu MATE
and it's not needed starting from 15.04. It's also not difficult to
find.
2015-02-27 10:10:58 +02:00
de26949c16 unbound: uncomment the dnssec line
it seems that I am accidentally removing the trust anchor includer file…
2015-02-19 18:43:08 +02:00
98093edc99 services: remove unneeded pidfiles 2015-02-19 14:30:49 +02:00
ca71eef52e fix supybot.service
ref: #63
2015-02-19 14:16:15 +02:00
766a756914 add untested supybot.service 2015-02-19 14:06:53 +02:00
f54bc8d573 add znc.service
Ref: #63 - based on the included unit file and znc/znc#647
2015-02-19 12:42:45 +02:00
44b2b2ada9 etc: import mariadb conf.d 2015-02-16 13:58:37 +02:00
fc35481c8d unbound: fix access-control.conf
* .conf was missing from the end
* comment access allowing
* fix wrong CIDR
2015-02-12 08:22:02 +02:00
Mikaela Suomalainen
6c06e01f0f etc/resolv.conf.d/head: remove commented DNS servers
they are in etc/unbound/unbound.conf.d/forwards.conf
2014-12-31 16:55:26 +02:00
Mikaela Suomalainen
a45d82b0b0 unbound: rm dnsmasq.conf 2014-12-29 16:04:24 +02:00
Mikaela Suomalainen
04ccc1ba14 unbound: fix interfaces 2014-12-29 12:55:37 +02:00
Mikaela Suomalainen
c22386c5d4 unbound: add access-control 2014-12-29 12:28:06 +02:00
Mikaela Suomalainen
76d4ed352f make unbound files more clear 2014-12-29 12:10:20 +02:00
Mikaela Suomalainen
e628c006b3 etc/apt/preferences.d: add no-dnsmasq
This is yet another template. I ended up adding this to one host as
dnsmasq was dying by itself and it didn't want to leave peacefully.
2014-12-28 18:36:29 +02:00
Mikaela Suomalainen
c0a9ecf7a1 etc/<dns servers>: increase cache size 2014-12-27 12:28:03 +02:00
Mikaela Suomalainen
938247e19f etc: import from gh-pages 2014-12-27 11:09:00 +02:00