conf/sway/config.d/autostart-p2p-communication.conf

@@ -1,3 +1,3 @@
 # Very Important Communication Programs, P2P, not expected to get sold
 exec --no-startup-id flatpak run --env=TZ=UTC net.jami.Jami
-exec --no-startup-id /usr/local/bin/briar
+exec --no-startup-id flatpak run org.briarproject.Briar//stable

etc/chrony/sources.d/.gitignore

@@ -1,3 +1,2 @@
 jauderho-nts.sources
 jauderho-nts-servers
-local-servers.sources

etc/chrony/sources.d/local-servers.sources

@@ -0,0 +1,11 @@
+# xleave probably won't be on local router
+#server LOCALMACHINE.local iburst auto_offline xleave prefer
+
+# Or alternatively reciprocally TODO: how do `key` options work? This
+#  apparently should only be done in trusted LAN.
+# xleave is probably best to be used with other local Chronys, I somehow
+#  doubt potential router NTP might have it.
+#   A lot of reading say that it's better to use "server" on both sides
+#   rather than peer, I think even Chrony manual and that is where I took
+#   trusted LAN
+#peer LOCALMACHINE.local auto_offline xleave prefer

etc/chrony/sources.d/local-servers.sources.sample

@@ -1,20 +0,0 @@
-# In my experience local routers are unlikely to support xleave
-# I don't remember if this does NTP, probably not, but auto_offline.
-server 192.168.8.1 iburst auto_offline prefer
-# Local router, MikroTik
-server 192.168.88.1 iburst auto_offline prefer
-
-# Local machines/Chronys
-server sedric.local iburst auto_offline xleave prefer
-server lumina.local iburst auto_offline xleave prefer
-server rbtpzn.local iburst auto_offline xleave prefer
-server zaldaryn.local iburst auto_offline xleave prefer
-
-# Or alternatively reciprocally TODO: how do `key` options work? This
-#  apparently should only be done in trusted LAN.
-# xleave is probably best to be used with other local Chronys, I somehow
-#  doubt potential router NTP might have it.
-#   A lot of reading say that it's better to use "server" on both sides
-#   rather than peer, I think even Chrony manual and that is where I took
-#   trusted LAN
-#peer LOCALMACHINE.local auto_offline xleave prefer

etc/firefox/policies/policies.json

@@ -14,8 +14,7 @@
             "teams.microsoft.com",
             "bittimittari.fi",
             "pp-attester-turnstile.research.cloudflare.com",
-            "keyoxide.org",
+            "keyoxide.org"
-            "one.one.one.one"
           ],
           "learnInIncognito": true,
           "learnLocally": true,

etc/opt/chromium/policies/managed/aminda-extensions.json

@@ -13,8 +13,7 @@
           "teams.microsoft.com",
           "bittimittari.fi",
           "pp-attester-turnstile.research.cloudflare.com",
-          "keyoxide.org",
+          "keyoxide.org"
-          "one.one.one.one"
         ],
         "learnInIncognito": true,
         "learnLocally": true,

etc/opt/chromium/policies/managed/brave-shields-disabled.json

@@ -10,8 +10,7 @@
     "https://glowing-bear.org",
     "https://latest.glowing-bear.org",
     "https://bittimittari.fi",
-    "https://pp-attester-turnstile.research.cloudflare.com",
+    "pp-attester-turnstile.research.cloudflare.com",
-    "https://keyoxide.org",
+    "keyoxide.org"
-    "https://one.one.one.one"
   ]
 }

etc/systemd/resolved.conf.d/.gitignore

@@ -1,2 +1 @@
-10-dot-trex.conf
+dot-trex.conf
-99-lan-resolver.conf

etc/systemd/resolved.conf.d/99-lan-resolver.conf.sample

@@ -1,12 +0,0 @@
-[Resolve]
-# These could be used in some business
-#DNS=10.0.0.1
-#DNS=172.16.0.1
-# Average router
-#DNS=192.168.0.1
-# Huawei?
-#DNS=192.168.8.1
-# Mikrotik
-#DNS=192.168.88.1
-
-# vim: filetype=systemd

etc/systemd/resolved.conf.d/README.md

@@ -32,14 +32,9 @@ sudo systemctl restart systemd-resolved
   should exist anyway as I don't trust systemd-resolved entirely. Anyway if
   there truly is no local resolver, systemd-resolved will detect that and act accordingly.)
   - To rephrase, this is to be used together with other files, especially
-    some of those beginning with `10-dot-`.
+    some of those beginning with `dot-`.
-- `10-dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS.
+- `dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS.
   At least one of these should be used in addition to `00-defaults.conf`
-- `98-local-resolver.conf` attempts to configure localhost resolver and
-  disables unnecessary features for that scenario.
-- `99-lan-resolver.conf.sample` when renamed would allow enabling resolvers on
-  LAN assuming they are trusted. Note that if used together with
-  `98-local-resolver.conf`, DNSSEC would be disabled.
 - `README.md` - you are reading it right now.
 
 ## General commentary

etc/systemd/resolved.conf.d/dot-trex.conf

@@ -0,0 +1 @@
+dot-quad9.conf

etc/systemd/resolved.conf.d/zz-local-resolver.conf

@@ -1,6 +1,5 @@
-# Being at the higher end of numbers, this file will take priority assuming
+# Being at the end of the English alphabet, this file will take priority
-# nothing else uses the prefix 99- and override values of others with the
+# and override values of others with the unsets.
-# unsets.
 [Resolve]
 DNSSEC=false
 DNSOverTLS=false

local/share/applications/briar.desktop

@@ -1,5 +0,0 @@
-[Desktop Entry]
-Name=BRIAR
-Exec=/usr/local/bin/briar
-Type=Application
-Icon=org.briarproject.Briar