mirror of
https://gitea.blesmrt.net/mikaela/shell-things.git
synced 2024-11-29 14:49:31 +01:00
Compare commits
6 Commits
556f431f01
...
8586fd7dc1
Author | SHA1 | Date | |
---|---|---|---|
8586fd7dc1 | |||
d8dcf38094 | |||
1fc8bcd7bc | |||
4c9caf7235 | |||
d08c511875 | |||
44a2f4b482 |
@ -199,6 +199,10 @@
|
|||||||
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/offline-qr-code-generator/latest.xpi",
|
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/offline-qr-code-generator/latest.xpi",
|
||||||
"installation_mode": "force_installed"
|
"installation_mode": "force_installed"
|
||||||
},
|
},
|
||||||
|
"optout@google.com": {
|
||||||
|
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/interest-advertising-opt-out/latest.xpi",
|
||||||
|
"installation_mode": "force_installed"
|
||||||
|
},
|
||||||
"plasma-browser-integration@kde.org": {
|
"plasma-browser-integration@kde.org": {
|
||||||
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/plasma-integration/latest.xpi",
|
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/plasma-integration/latest.xpi",
|
||||||
"installation_mode": "force_installed"
|
"installation_mode": "force_installed"
|
||||||
@ -215,6 +219,10 @@
|
|||||||
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi",
|
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi",
|
||||||
"installation_mode": "force_installed"
|
"installation_mode": "force_installed"
|
||||||
},
|
},
|
||||||
|
"{2f182d41-fd03-4a6d-938d-081419586c37}": {
|
||||||
|
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/google-analytics-opt-out/latest.xpi",
|
||||||
|
"installation_mode": "force_installed"
|
||||||
|
},
|
||||||
"{3c078156-979c-498b-8990-85f7987dd929}": {
|
"{3c078156-979c-498b-8990-85f7987dd929}": {
|
||||||
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/sidebery/latest.xpi",
|
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/sidebery/latest.xpi",
|
||||||
"installation_mode": "normal_installed"
|
"installation_mode": "normal_installed"
|
||||||
|
@ -8,11 +8,11 @@
|
|||||||
# To check/refresh regdomain, `iw wlan0 scan | egrep -e "SSID:|Country:"`
|
# To check/refresh regdomain, `iw wlan0 scan | egrep -e "SSID:|Country:"`
|
||||||
Country=FI
|
Country=FI
|
||||||
|
|
||||||
# legacy compatibility, at least on Lumina?
|
# Legacy compatibility. Doesn't seem necessary on Lumina.
|
||||||
use_default_interface=true
|
#use_default_interface=true
|
||||||
|
|
||||||
# build-in network configuration including DHCP client
|
# Build-in network configuration including DHCP client (and server when
|
||||||
# true if not using systemd-networkd!
|
# tethering), true if not using systemd-networkd!
|
||||||
#EnableNetworkConfiguration=false
|
#EnableNetworkConfiguration=false
|
||||||
|
|
||||||
# NOTE! Disable this in case of trouble connecting to network entirely, e.g.
|
# NOTE! Disable this in case of trouble connecting to network entirely, e.g.
|
||||||
@ -28,12 +28,18 @@ AddressRandomization=network
|
|||||||
# Helsinki City WLAN (and variations) doesn't seem to like "full" (default)
|
# Helsinki City WLAN (and variations) doesn't seem to like "full" (default)
|
||||||
AddressRandomizationRange=nic
|
AddressRandomizationRange=nic
|
||||||
|
|
||||||
|
# Always require management frame protection. May break things especially with
|
||||||
|
# legacy networks and hardware! Switch to 1 (default) for only when supported
|
||||||
|
# by both sides (downgrade attack possible?).
|
||||||
|
ManagementFrameProtection=2
|
||||||
|
|
||||||
[Network]
|
[Network]
|
||||||
EnableIPv6=true
|
EnableIPv6=true
|
||||||
# My /etc/resolf.conf is generally ::1 127.0.0.1 127.0.0.53 and I am not
|
# My /etc/resolf.conf is generally ::1 127.0.0.1 127.0.0.53 and I am not
|
||||||
# entirely opposed to local servers. The two first are unbound, the third/this
|
# entirely opposed to local servers. The two first are unbound, the third/this
|
||||||
# systemd-resolved
|
# systemd-resolved. NOTE! Must be used in conjunction with
|
||||||
NameResolvingService=systemd
|
# EnableNetworkConfiguration!
|
||||||
|
#NameResolvingService=systemd
|
||||||
#NameResolvingService=none
|
#NameResolvingService=none
|
||||||
# Default 300, lower preferred by system. Useful when WiFi is known faster
|
# Default 300, lower preferred by system. Useful when WiFi is known faster
|
||||||
# than ethernet like having 10 Mbps switch from time before the building had
|
# than ethernet like having 10 Mbps switch from time before the building had
|
||||||
|
35
etc/systemd/network/00-family-visit.network.sample
Normal file
35
etc/systemd/network/00-family-visit.network.sample
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
[Match]
|
||||||
|
Type=ether
|
||||||
|
|
||||||
|
[Link]
|
||||||
|
RequiredForOnline=false
|
||||||
|
#ActivationPolicy=always-up
|
||||||
|
|
||||||
|
[Network]
|
||||||
|
DHCP=false
|
||||||
|
Address=192.168.0.2/24
|
||||||
|
Gateway=192.168.8.1
|
||||||
|
IPv6PrivacyExtensions=true
|
||||||
|
IPv6LinkLocalAddressGenerationMode=stable-privacy
|
||||||
|
DNS=
|
||||||
|
DNS=::1
|
||||||
|
DNS=127.0.0.1
|
||||||
|
Domains=.
|
||||||
|
|
||||||
|
[Match]
|
||||||
|
Type=wlan
|
||||||
|
|
||||||
|
[Link]
|
||||||
|
ActivationPolicy=always-up
|
||||||
|
|
||||||
|
[Network]
|
||||||
|
DHCP=false
|
||||||
|
Address=192.168.0.3/24
|
||||||
|
Gateway=192.168.8.1
|
||||||
|
IPv6PrivacyExtensions=true
|
||||||
|
IPv6LinkLocalAddressGenerationMode=stable-privacy
|
||||||
|
DNS=
|
||||||
|
DNS=::1
|
||||||
|
DNS=127.0.0.1
|
||||||
|
DNS=127.0.0.53
|
||||||
|
Domains=.
|
@ -1,12 +1,8 @@
|
|||||||
[Match]
|
[Match]
|
||||||
#Name=*
|
|
||||||
# Can be {colon,hyphen,dot}-delimited hexadecimal or IPv{4,6} address
|
|
||||||
#MACAddress=
|
#MACAddress=
|
||||||
Type=ether
|
Type=ether
|
||||||
|
|
||||||
[Link]
|
[Link]
|
||||||
# My devices generally also have WiFi so lack of ethernet is not a reason
|
|
||||||
# to wait for systemd-networkd-wait-online.service
|
|
||||||
RequiredForOnline=false
|
RequiredForOnline=false
|
||||||
# Takes "ipv4", "ipv6", "both", or "any" (default).
|
# Takes "ipv4", "ipv6", "both", or "any" (default).
|
||||||
RequiredFamilyForOnline=both
|
RequiredFamilyForOnline=both
|
||||||
@ -15,7 +11,7 @@ RequiredFamilyForOnline=both
|
|||||||
# Always set administrative state to up. Implies RequiredForOnline=true
|
# Always set administrative state to up. Implies RequiredForOnline=true
|
||||||
#ActivationPolicy=always-up
|
#ActivationPolicy=always-up
|
||||||
# Required for mDNS
|
# Required for mDNS
|
||||||
Multicast=true
|
#Multicast=true
|
||||||
|
|
||||||
[Network]
|
[Network]
|
||||||
#DHCP=true
|
#DHCP=true
|
||||||
|
@ -4,7 +4,7 @@ Type=none
|
|||||||
|
|
||||||
[Link]
|
[Link]
|
||||||
Unmanaged=true
|
Unmanaged=true
|
||||||
Multicast=false
|
#Multicast=false
|
||||||
|
|
||||||
[Network]
|
[Network]
|
||||||
IPv6PrivacyExtensions=true
|
IPv6PrivacyExtensions=true
|
||||||
|
@ -3,7 +3,7 @@ Type=wireguard
|
|||||||
|
|
||||||
[Link]
|
[Link]
|
||||||
Unmanaged=true
|
Unmanaged=true
|
||||||
Multicast=false
|
#Multicast=false
|
||||||
|
|
||||||
[Network]
|
[Network]
|
||||||
IPv6PrivacyExtensions=true
|
IPv6PrivacyExtensions=true
|
||||||
|
@ -6,14 +6,14 @@ Type=wlan
|
|||||||
|
|
||||||
[Link]
|
[Link]
|
||||||
# Takes "ipv4", "ipv6", "both", or "any" (default).
|
# Takes "ipv4", "ipv6", "both", or "any" (default).
|
||||||
RequiredFamilyForOnline=both
|
#RequiredFamilyForOnline=both
|
||||||
# Always set administrative state to up. Implies RequiredForOnline=true
|
# Always set administrative state to up. Implies RequiredForOnline=true
|
||||||
ActivationPolicy=always-up
|
ActivationPolicy=always-up
|
||||||
# If something else (like iwd EnableNetworkConfiguration=true) manages network,
|
# If something else (like iwd EnableNetworkConfiguration=true) manages network,
|
||||||
# uncomment
|
# uncomment
|
||||||
#Unmanaged=true
|
#Unmanaged=true
|
||||||
# Required for mDNS
|
# Required for mDNS
|
||||||
Multicast=true
|
#Multicast=true
|
||||||
|
|
||||||
[Network]
|
[Network]
|
||||||
DHCP=true
|
DHCP=true
|
||||||
|
@ -29,7 +29,12 @@ ExecStart=-/usr/bin/firewall-cmd --permanent --add-port=6771/udp
|
|||||||
#ExecStart=-/root/fixcontroller.py
|
#ExecStart=-/root/fixcontroller.py
|
||||||
# This is actually in the delayed variant of this service, but anyway
|
# This is actually in the delayed variant of this service, but anyway
|
||||||
ExecStart=-/usr/bin/systemctl enable --now yggdrasil.service
|
ExecStart=-/usr/bin/systemctl enable --now yggdrasil.service
|
||||||
|
ExecStart=-/usr/bin/systemctl enable --now ssh.service
|
||||||
|
ExecStart=-/usr/bin/systemctl enable --now sshd.service
|
||||||
ExecStart=-/usr/bin/systemctl enable --now sshguard.service
|
ExecStart=-/usr/bin/systemctl enable --now sshguard.service
|
||||||
|
ExecStart=-/usr/bin/systemctl enable --now unbound.service
|
||||||
|
ExecStart=-/usr/bin/systemctl enable --now chrony.service
|
||||||
|
ExecStart=-/usr/bin/systemctl enable --now chronyd.service
|
||||||
User=root
|
User=root
|
||||||
StandardOutput=journal
|
StandardOutput=journal
|
||||||
StandardError=journal
|
StandardError=journal
|
||||||
|
@ -7,6 +7,7 @@ TimeoutStartSec=infinity
|
|||||||
# - means it can fail, without failing those after it
|
# - means it can fail, without failing those after it
|
||||||
# Another attempt at ensuring Yggdrasil works with nordvpnd
|
# Another attempt at ensuring Yggdrasil works with nordvpnd
|
||||||
ExecStartPre=-/usr/sbin/sysctl net.ipv6.conf.all.disable_ipv6=0
|
ExecStartPre=-/usr/sbin/sysctl net.ipv6.conf.all.disable_ipv6=0
|
||||||
|
ExecStartPre=-/usr/bin/systemctl enable --now tlp
|
||||||
ExecStart=-/usr/bin/systemctl restart yggdrasil.service
|
ExecStart=-/usr/bin/systemctl restart yggdrasil.service
|
||||||
ExecStart=-/bin/firewall-cmd --reload
|
ExecStart=-/bin/firewall-cmd --reload
|
||||||
# If they somehow managed to not start already
|
# If they somehow managed to not start already
|
||||||
|
@ -1,9 +0,0 @@
|
|||||||
[Unit]
|
|
||||||
Description=poke unbound as a stupid workaround for it not wanting to start with wireless devices
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=oneshot
|
|
||||||
ExecStart=/usr/bin/systemctl start unbound --quiet
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
Loading…
Reference in New Issue
Block a user