Compare commits

..

6 Commits

10 changed files with 66 additions and 24 deletions

View File

@ -199,6 +199,10 @@
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/offline-qr-code-generator/latest.xpi", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/offline-qr-code-generator/latest.xpi",
"installation_mode": "force_installed" "installation_mode": "force_installed"
}, },
"optout@google.com": {
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/interest-advertising-opt-out/latest.xpi",
"installation_mode": "force_installed"
},
"plasma-browser-integration@kde.org": { "plasma-browser-integration@kde.org": {
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/plasma-integration/latest.xpi", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/plasma-integration/latest.xpi",
"installation_mode": "force_installed" "installation_mode": "force_installed"
@ -215,6 +219,10 @@
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi",
"installation_mode": "force_installed" "installation_mode": "force_installed"
}, },
"{2f182d41-fd03-4a6d-938d-081419586c37}": {
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/google-analytics-opt-out/latest.xpi",
"installation_mode": "force_installed"
},
"{3c078156-979c-498b-8990-85f7987dd929}": { "{3c078156-979c-498b-8990-85f7987dd929}": {
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/sidebery/latest.xpi", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/sidebery/latest.xpi",
"installation_mode": "normal_installed" "installation_mode": "normal_installed"

View File

@ -8,11 +8,11 @@
# To check/refresh regdomain, `iw wlan0 scan | egrep -e "SSID:|Country:"` # To check/refresh regdomain, `iw wlan0 scan | egrep -e "SSID:|Country:"`
Country=FI Country=FI
# legacy compatibility, at least on Lumina? # Legacy compatibility. Doesn't seem necessary on Lumina.
use_default_interface=true #use_default_interface=true
# build-in network configuration including DHCP client # Build-in network configuration including DHCP client (and server when
# true if not using systemd-networkd! # tethering), true if not using systemd-networkd!
#EnableNetworkConfiguration=false #EnableNetworkConfiguration=false
# NOTE! Disable this in case of trouble connecting to network entirely, e.g. # NOTE! Disable this in case of trouble connecting to network entirely, e.g.
@ -28,12 +28,18 @@ AddressRandomization=network
# Helsinki City WLAN (and variations) doesn't seem to like "full" (default) # Helsinki City WLAN (and variations) doesn't seem to like "full" (default)
AddressRandomizationRange=nic AddressRandomizationRange=nic
# Always require management frame protection. May break things especially with
# legacy networks and hardware! Switch to 1 (default) for only when supported
# by both sides (downgrade attack possible?).
ManagementFrameProtection=2
[Network] [Network]
EnableIPv6=true EnableIPv6=true
# My /etc/resolf.conf is generally ::1 127.0.0.1 127.0.0.53 and I am not # My /etc/resolf.conf is generally ::1 127.0.0.1 127.0.0.53 and I am not
# entirely opposed to local servers. The two first are unbound, the third/this # entirely opposed to local servers. The two first are unbound, the third/this
# systemd-resolved # systemd-resolved. NOTE! Must be used in conjunction with
NameResolvingService=systemd # EnableNetworkConfiguration!
#NameResolvingService=systemd
#NameResolvingService=none #NameResolvingService=none
# Default 300, lower preferred by system. Useful when WiFi is known faster # Default 300, lower preferred by system. Useful when WiFi is known faster
# than ethernet like having 10 Mbps switch from time before the building had # than ethernet like having 10 Mbps switch from time before the building had

View File

@ -0,0 +1,35 @@
[Match]
Type=ether
[Link]
RequiredForOnline=false
#ActivationPolicy=always-up
[Network]
DHCP=false
Address=192.168.0.2/24
Gateway=192.168.8.1
IPv6PrivacyExtensions=true
IPv6LinkLocalAddressGenerationMode=stable-privacy
DNS=
DNS=::1
DNS=127.0.0.1
Domains=.
[Match]
Type=wlan
[Link]
ActivationPolicy=always-up
[Network]
DHCP=false
Address=192.168.0.3/24
Gateway=192.168.8.1
IPv6PrivacyExtensions=true
IPv6LinkLocalAddressGenerationMode=stable-privacy
DNS=
DNS=::1
DNS=127.0.0.1
DNS=127.0.0.53
Domains=.

View File

@ -1,12 +1,8 @@
[Match] [Match]
#Name=*
# Can be {colon,hyphen,dot}-delimited hexadecimal or IPv{4,6} address
#MACAddress= #MACAddress=
Type=ether Type=ether
[Link] [Link]
# My devices generally also have WiFi so lack of ethernet is not a reason
# to wait for systemd-networkd-wait-online.service
RequiredForOnline=false RequiredForOnline=false
# Takes "ipv4", "ipv6", "both", or "any" (default). # Takes "ipv4", "ipv6", "both", or "any" (default).
RequiredFamilyForOnline=both RequiredFamilyForOnline=both
@ -15,7 +11,7 @@ RequiredFamilyForOnline=both
# Always set administrative state to up. Implies RequiredForOnline=true # Always set administrative state to up. Implies RequiredForOnline=true
#ActivationPolicy=always-up #ActivationPolicy=always-up
# Required for mDNS # Required for mDNS
Multicast=true #Multicast=true
[Network] [Network]
#DHCP=true #DHCP=true

View File

@ -4,7 +4,7 @@ Type=none
[Link] [Link]
Unmanaged=true Unmanaged=true
Multicast=false #Multicast=false
[Network] [Network]
IPv6PrivacyExtensions=true IPv6PrivacyExtensions=true

View File

@ -3,7 +3,7 @@ Type=wireguard
[Link] [Link]
Unmanaged=true Unmanaged=true
Multicast=false #Multicast=false
[Network] [Network]
IPv6PrivacyExtensions=true IPv6PrivacyExtensions=true

View File

@ -6,14 +6,14 @@ Type=wlan
[Link] [Link]
# Takes "ipv4", "ipv6", "both", or "any" (default). # Takes "ipv4", "ipv6", "both", or "any" (default).
RequiredFamilyForOnline=both #RequiredFamilyForOnline=both
# Always set administrative state to up. Implies RequiredForOnline=true # Always set administrative state to up. Implies RequiredForOnline=true
ActivationPolicy=always-up ActivationPolicy=always-up
# If something else (like iwd EnableNetworkConfiguration=true) manages network, # If something else (like iwd EnableNetworkConfiguration=true) manages network,
# uncomment # uncomment
#Unmanaged=true #Unmanaged=true
# Required for mDNS # Required for mDNS
Multicast=true #Multicast=true
[Network] [Network]
DHCP=true DHCP=true

View File

@ -29,7 +29,12 @@ ExecStart=-/usr/bin/firewall-cmd --permanent --add-port=6771/udp
#ExecStart=-/root/fixcontroller.py #ExecStart=-/root/fixcontroller.py
# This is actually in the delayed variant of this service, but anyway # This is actually in the delayed variant of this service, but anyway
ExecStart=-/usr/bin/systemctl enable --now yggdrasil.service ExecStart=-/usr/bin/systemctl enable --now yggdrasil.service
ExecStart=-/usr/bin/systemctl enable --now ssh.service
ExecStart=-/usr/bin/systemctl enable --now sshd.service
ExecStart=-/usr/bin/systemctl enable --now sshguard.service ExecStart=-/usr/bin/systemctl enable --now sshguard.service
ExecStart=-/usr/bin/systemctl enable --now unbound.service
ExecStart=-/usr/bin/systemctl enable --now chrony.service
ExecStart=-/usr/bin/systemctl enable --now chronyd.service
User=root User=root
StandardOutput=journal StandardOutput=journal
StandardError=journal StandardError=journal

View File

@ -7,6 +7,7 @@ TimeoutStartSec=infinity
# - means it can fail, without failing those after it # - means it can fail, without failing those after it
# Another attempt at ensuring Yggdrasil works with nordvpnd # Another attempt at ensuring Yggdrasil works with nordvpnd
ExecStartPre=-/usr/sbin/sysctl net.ipv6.conf.all.disable_ipv6=0 ExecStartPre=-/usr/sbin/sysctl net.ipv6.conf.all.disable_ipv6=0
ExecStartPre=-/usr/bin/systemctl enable --now tlp
ExecStart=-/usr/bin/systemctl restart yggdrasil.service ExecStart=-/usr/bin/systemctl restart yggdrasil.service
ExecStart=-/bin/firewall-cmd --reload ExecStart=-/bin/firewall-cmd --reload
# If they somehow managed to not start already # If they somehow managed to not start already

View File

@ -1,9 +0,0 @@
[Unit]
Description=poke unbound as a stupid workaround for it not wanting to start with wireless devices
[Service]
Type=oneshot
ExecStart=/usr/bin/systemctl start unbound --quiet
[Install]
WantedBy=multi-user.target