etc/NetworkManager-resolv.conf-restore.bash

@@ -1,39 +0,0 @@
-#!/usr/bin/env bash
-set -x
-
-# I learned that not only systemd-resolved does this, but NetworkManager as
-# well. I think it's even less likely I use this than the systemd-resolved
-# one, but anyway
-
-# I know there are old versions that used something else, but I don't remember
-# that name and they are ancient.
-if ! hash nmcli 2>/dev/null; then
-	echo "You don't seem to have NetworkManager (or nmcli) installed." 1>&2
-	exit 1
-fi
-
-# Require root or exit
-if [ "$(id -u)" != "0" ]; then
-	echo "This script requires root." 1>&2
-	exit 1
-fi
-
-# It's pointless to make a dead symlink as it must be running
-systemctl enable --now NetworkManager.service
-
-# In case I am behind the /etc/resolv.conf, it's immutable and read-only,
-# which won't allow it to be rewritten.
-chattr -V -i /etc/resolv.conf
-chmod -v +w /etc/resolv.conf
-
-# It must be removed if it's not a symlink
-rm -v /etc/resolv.conf
-
-# and finally making the symlink
-ln -sfv /var/run/NetworkManager/resolv.conf /etc/resolv.conf
-
-# Let's just see it's ok
-ls -l /etc/resolv.conf
-cat /etc/resolv.conf
-
-set +x

etc/NetworkManager/conf.d/.gitignore

@@ -1 +1,2 @@
+dns-none.conf
 no-resolvconf.conf

etc/NetworkManager/conf.d/connectivity.conf

@@ -8,5 +8,3 @@ interval=100
 # sudo apt install network-manager-config-connectivity-debian
 # for /usr/lib/NetworkManager/conf.d/20-connectivity-debian.conf
 # (http://network-test.debian.org/nm without interval)
-
-# vim: filetype=NetworkManager.conf

etc/NetworkManager/conf.d/dns-none.conf

@@ -1,8 +0,0 @@
-[main]
-# No managing DNS, no managing resolv.conf (implied made explicit here) and
-# don't push data to systemd-resolved either.
-dns=none
-rc-manager=unmanaged
-systemd-resolved=false
-
-# vim: filetype=NetworkManager.conf

etc/NetworkManager/conf.d/dns-none.conf

@@ -0,0 +1 @@
+paws-off-my-resolv.conf

etc/NetworkManager/conf.d/ipv6privacy.conf

@@ -2,5 +2,3 @@
 [connection]
 # Enable IPv6 privacy extensions, but this doesn't seem to work.
 ipv6.ip6-privacy=2
-
-# vim: filetype=NetworkManager.conf

etc/NetworkManager/conf.d/iwd.conf

@@ -9,5 +9,3 @@
 [device]
 wifi.backend=iwd
 wifi.iwd.autoconnect=true
-
-# vim: filetype=NetworkManager.conf

etc/NetworkManager/conf.d/keyfile.conf

@@ -2,5 +2,3 @@
 # Disable misbehaving NIC
 #unmanaged-devices=mac:xx:xx:xx:xx:xx:xx
 #hostname=HOSTNAME_TO_SEND_TO_DHCPD
-
-# vim: filetype=NetworkManager.conf

etc/NetworkManager/conf.d/manage-ifupdown.conf

@@ -1,5 +1,3 @@
 # Brings /etc/network/interfaces(.d/*) under control of NetworkManager
 [ifupdown]
 managed=true
-
-# vim: filetype=NetworkManager.conf

etc/NetworkManager/conf.d/mdns.conf

@@ -2,5 +2,3 @@
 [connection]
 connection.mdns=2
 connection.llmnr=2
-
-# vim: filetype=NetworkManager.conf

etc/NetworkManager/conf.d/no-mac-randomizing.conf

@@ -2,5 +2,3 @@
 # network.
 [device]
 wifi.scan-rand-mac-address=no
-
-# vim: filetype=NetworkManager.conf

etc/NetworkManager/conf.d/no-search-domains.conf

@@ -1,8 +1,4 @@
 # This should stop search domains from being used and potentially leaking
 # queries to search domain DNS server when they fail
 [global-dns]
-#searches=
-# I am doubtful of the above being enough
-searches=.
-
-# vim: filetype=NetworkManager.conf
+searches=

etc/NetworkManager/conf.d/no-systemd-resolved.conf

@@ -1,6 +0,0 @@
-[main]
-# Don't tell systemd-resolved DNS information aquired from DHCP.
-systemd-resolved=false
-# NOTE! This file doesn't comment on how resolv.conf (rc) is managed
-
-# vim: filetype=NetworkManager.conf

etc/NetworkManager/conf.d/paws-off-my-resolv.conf

@@ -1,8 +1,2 @@
 [main]
-# dns=none would disable all DNS management by NetworkManager, while the goal
-# here is to just not touch my resolv.conf. This implies NetworkManager may
-# still send data to systemd-resolved.
-#dns=none
-rc-manager=unmanaged
-
-# vim: filetype=NetworkManager.conf
+dns=none

etc/NetworkManager/conf.d/systemd-resolved.conf

@@ -1,10 +1,2 @@
 [main]
-# Send data to systemd-resolved
 dns=systemd-resolved
-# Even if I use systemd-resolved, I don't want NetworkManager to touch my
-# resolv.conf
-rc-manager=none
-# Implied, but made explicit
-systemd-resolved=true
-
-# vim: filetype=NetworkManager.conf

etc/NetworkManager/conf.d/unbound.conf

@@ -3,5 +3,3 @@
 # again seems to expect unbound-control-setup to be done/enabled
 [main]
 dns=unbound
-
-# vim: filetype=NetworkManager.conf

etc/hosts/blocklist

@@ -1,14 +1,14 @@
 #
 ##### BEGIN AMINDA BLOCKLIST #####
 
-# NOTE! systemd-resolved will automatically make ::1 also 127.0.0.1
-
 # Facebook API that a lot of things call, will break things for Facebook
 # users, so don't apply on hosts those use
-::1 graph.facebook.com
+:: graph.facebook.com
+0.0.0.0 graph.facebook.com
 
 # Unnecessary service for Matrix rooms. I was dared to block it.
-::1 matrix.to www.matrix.to
+:: matrix.to www.matrix.to
+0.0.0.0 matrix.to www.matrix.to
 
 ##### END AMINDA BLOCKLIST #####
 #

etc/hosts/dns

@@ -3,11 +3,11 @@
 
 # Well known DNS servers to be appended to /etc/hosts
 
-# Quad 9 Recommended (Secure)
-9.9.9.9 dns.quad9.net dns9.quad9.net
-149.112.112.112 dns.quad9.net dns9.quad9.net
-2620:fe::fe dns.quad9.net dns9.quad9.net
-2620:fe::9 dns.quad9.net dns9.quad9.net
+# Quad 9 Secure
+9.9.9.9 dns.quad9.net
+149.112.112.112 dns.quad9.net
+2620:fe::fe dns.quad9.net
+2620:fe::9 dns.quad9.net
 
 # Quad9 No Threat Blocking
 9.9.9.10 dns10.quad9.net
@@ -30,50 +30,26 @@
 # DNS0 default
 193.110.81.0 dns0.eu
 185.253.5.0 dns0.eu
-# Uses private ECS, which gets inaccurate with IPv6 directing traffic to
-# other side of the country at best and different country at worst. Thus
-# attempt to make everything only use it for IPv4 (browser fallback is system
-# resolver which does IPv6 if IPv4 breaks, even if ECH will break).
-#2a0f:fc80:: dns0.eu
-#2a0f:fc81:: dns0.eu
-::ffff:193.110.81.0 dns0.eu
-::ffff:185.253.5.0 dns0.eu
+2a0f:fc80:: dns0.eu
+2a0f:fc81:: dns0.eu
 
 # DNS0 Zero
 193.110.81.9 zero.dns0.eu
 185.253.5.9 zero.dns0.eu
-# Uses private ECS, which gets inaccurate with IPv6 directing traffic to
-# other side of the country at best and different country at worst. Thus
-# attempt to make everything only use it for IPv4 (browser fallback is system
-# resolver which does IPv6 if IPv4 breaks, even if ECH will break).
-#2a0f:fc80::9 zero.dns0.eu
-#2a0f:fc81::9 zero.dns0.eu
-::ffff:193.110.81.9 zero.dns0.eu
-::ffff:185.253.5.9 zero.dns0.eu
+2a0f:fc80::9 zero.dns0.eu
+2a0f:fc81::9 zero.dns0.eu
 
 # DNS0 Kids
 193.110.81.1 kids.dns0.eu
 185.253.5.1 kids.dns0.eu
-# Uses private ECS, which gets inaccurate with IPv6 directing traffic to
-# other side of the country at best and different country at worst. Thus
-# attempt to make everything only use it for IPv4 (browser fallback is system
-# resolver which does IPv6 if IPv4 breaks, even if ECH will break).
-#2a0f:fc80::1 kids.dns0.eu
-#2a0f:fc81::1 kids.dns0.eu
-::ffff:193.110.81.1 kids.dns0.eu
-::ffff:185.253.5.1 kids.dns0.eu
+2a0f:fc80::1 kids.dns0.eu
+2a0f:fc81::1 kids.dns0.eu
 
 # DNS0 Open
 193.110.81.254 open.dns0.eu
 185.253.5.254 open.dns0.eu
-# Uses private ECS, which gets inaccurate with IPv6 directing traffic to
-# other side of the country at best and different country at worst. Thus
-# attempt to make everything only use it for IPv4 (browser fallback is system
-# resolver which does IPv6 if IPv4 breaks, even if ECH will break).
-#2a0f:fc80::ffff open.dns0.eu
-#2a0f:fc81::ffff open.dns0.eu
-::ffff:193.110.81.254 open.dns0.eu
-::ffff:185.253.5.254 open.dns0.eu
+2a0f:fc80::ffff open.dns0.eu
+2a0f:fc81::ffff open.dns0.eu
 
 # Cloudflare
 1.1.1.1 cloudflare-dns.com one.one.one.one
@@ -93,14 +69,8 @@
 # AdGuard Default
 94.140.14.14 dns.adguard-dns.com
 94.140.15.15 dns.adguard-dns.com
-# Uses private ECS, which gets inaccurate with IPv6 directing traffic to
-# other side of the country at best and different country at worst. Thus
-# attempt to make everything only use it for IPv4 (browser fallback is system
-# resolver which does IPv6 if IPv4 breaks, even if ECH will break).
-#2a10:50c0::ad1:ff dns.adguard-dns.com
-#2a10:50c0::ad2:ff dns.adguard-dns.com
-::ffff:94.140.14.14 dns.adguard-dns.com
-::ffff:94.140.15.15 dns.adguard-dns.com
+2a10:50c0::ad1:ff dns.adguard-dns.com
+2a10:50c0::ad2:ff dns.adguard-dns.com
 
 # Google DNS
 8.8.8.8 dns.google dns.google.com