.pre-commit-config.yaml

@@ -130,9 +130,8 @@ repos:
   # ensure nothing breaks the rules.
 
   # prettier, opinionated code formatter
-  #- repo: https://github.com/pre-commit/mirrors-prettier
+  - repo: https://github.com/pre-commit/mirrors-prettier
-  - repo: https://github.com/rbubley/mirrors-prettier
+    rev: "v4.0.0-alpha.8"
-    rev: "v3.2.5"
     hooks:
       - id: prettier
         # These are handled by Black below or pretty-format-json above

conf/systemd/.gitignore

@@ -1 +0,0 @@
-user

conf/systemd/user

@@ -1 +0,0 @@
-../../etc/systemd/user

etc/opt/chromium/policies/managed/README.md

@@ -297,8 +297,7 @@ their alternative port.
 
 ## `enable-ech-ocsp.json`
 
-Enables encrypted client hello (ECH) and Online Certificate Status Protocol
+Enables encrypted client hello (ECH) and Online Certificate Status Protocol (OCSP) (or Certificate Revocation List (CRL)?) checks.
-(OCSP)/Certificate Revocation List (CRL) checks.
 
 However ECH requires `"DnsOverHttpsMode": "secure"` which will break things
 (and thus my files don't enable it),

etc/systemd/system/aminda-nocron-reboot.service

@@ -1,31 +0,0 @@
-[Unit]
-Description=Aminda's cronless boot tasks
-
-[Service]
-Type=oneshot
-TimeoutStartSec=infinity
-# - means it can fail, without failing those after it
-# I always want DNS.
-ExecStartPre=-/usr/bin/systemctl enable --now unbound.service
-ExecStartPre=-/usr/bin/systemctl enable --now systemd-resolved.service
-ExecStartPre=-/usr/sbin/sysctl net.ipv6.conf.all.disable_ipv6=0
-# These services are called here, so
-ExecStartPre=-/usr/bin/systemctl start firewalld.service
-# Ensure /etc/sysctl.d/ gets read
-ExecStart=-/usr/sbin/sysctl -p --system
-# Ensure we really allow ICMPv6 on FEDORA (or firewalld)
-ExecStart=-/usr/bin/firewall-cmd --add-protocol=ipv6-icmp
-# 3rd party Xbox controller initialization. See Mikaela/gist/gayming/
-#ExecStart=-/root/fixcontroller.py
-# This is actually in the delayed variant of this service, but anyway
-ExecStart=-/usr/bin/systemctl start yggdrasil.service
-# BTRFS deduplication
-#ExecStart=-/usr/sbin/duperemove -rdhq --hashfile=/root/home.hash /home
-#ExecStart=-/usr/sbin/duperemove -rdhq --hashfile=/root/flatpak.hash /var/lib/flatpak
-#ExecStart=-/usr/sbin/duperemove -rdhq --hashfile=/root/snap.hash /var/lib/snapd
-User=root
-StandardOutput=journal
-StandardError=journal
-
-[Install]
-WantedBy=multi-user.target

etc/systemd/system/aminda-nocron-reboot.timer

@@ -1,13 +0,0 @@
-[Unit]
-Description=Run Aminda's crontab boot tasks for when there is no cron
-
-[Timer]
-OnBootSec=0
-# User services
-#OnStartupSec=5
-Persistent=true
-# There is no need to stay loaded after the boot and first run.
-RemainAfterElapse=false
-
-[Install]
-WantedBy=timers.target

etc/systemd/system/aminda-nocron-rebootish.service

@@ -1,16 +0,0 @@
-[Unit]
-Description=Aminda's cronless tasks to do a bit after booting
-
-[Service]
-Type=oneshot
-TimeoutStartSec=infinity
-# - means it can fail, without failing those after it
-# Another attempt at ensuring Yggdrasil works with nordvpnd
-ExecStartPre=-/usr/sbin/sysctl net.ipv6.conf.all.disable_ipv6=0
-ExecStart=-/usr/bin/systemctl restart yggdrasil.service
-User=root
-StandardOutput=journal
-StandardError=journal
-
-[Install]
-WantedBy=multi-user.target

etc/systemd/system/aminda-nocron-rebootish.timer

@@ -1,14 +0,0 @@
-[Unit]
-Description=Run Aminda's crontab delayed boot tasks for when there is no cron
-
-[Timer]
-OnBootSec=3min
-RandomizedDelaySec=2min
-# User services
-#OnStartupSec=5min
-Persistent=true
-# There is no need to stay loaded after the boot and first run.
-RemainAfterElapse=false
-
-[Install]
-WantedBy=timers.target

etc/systemd/system/matterbridge-cleanup.timer

@@ -2,7 +2,7 @@
 Description=Run matterbridge cleanup every minute
 
 [Timer]
-OnCalendar=minutely
+OnCalendar=*-*-* *:*:00
 OnBootSec=0
 Persistent=true
 

etc/systemd/user/flatpak-update-user.service

@@ -1,7 +0,0 @@
-[Unit]
-Description=Install user level flatpak updates and uninstall unused flatpaks
-
-[Service]
-Type=oneshot
-ExecStart=/usr/bin/flatpak update --user --assumeyes --noninteractive
-ExecStartPost=/usr/bin/flatpak uninstall --user --unused --assumeyes --noninteractive

etc/systemd/user/flatpak-update-user.timer

@@ -1,15 +0,0 @@
-[Unit]
-Description=Install user level flatpak updates and uninstall unused flatpaks regularly
-
-[Timer]
-#OnCalendar=*-*-* 19:00:00
-# Executed every 4 hours
-OnUnitActiveSec=4h
-# Executed 5 minutes from boot
-OnBootSec=300
-# Delay execution by something between 0 seconds and 3 hours
-RandomizedDelaySec=3h
-Persistent=true
-
-[Install]
-WantedBy=timers.target

etc/unbound/unbound.conf.d/cache.conf

@@ -23,8 +23,5 @@ server:
 	# Allow expired results to be served if they are in cache. The cache will
 	# get updated the next time.
 	serve-expired: yes
-	# DNSSEC errors for valid and expired records
-	ede: yes
-	ede-serve-expired: yes
 
 # vim: filetype=unbound.conf

etc/unbound/unbound.conf.d/logging.conf

@@ -6,9 +6,6 @@ server:
 	# gives query level information, output per query.  Level  4  gives
 	# algorithm  level  information.
 	verbosity: 2
-	# Gives validation EDEs more comprehensive human-readable errors
-	# https://blog.nlnetlabs.nl/extended-dns-error-support-for-unbound/
-	val-log-level: 2
 	# Print statistics to the log hourly
 	statistics-interval: 3600