Compare commits
30 Commits
7a68117198
...
8d34384c78
Author | SHA1 | Date |
---|---|---|
Aminda Suomalainen | 8d34384c78 | |
Aminda Suomalainen | 901c634424 | |
Aminda Suomalainen | 78fa2b7b9c | |
Aminda Suomalainen | 8d3609f171 | |
Aminda Suomalainen | 5672e14c89 | |
Aminda Suomalainen | c1b1eaa040 | |
Aminda Suomalainen | fb6a44d264 | |
Aminda Suomalainen | ae0e3beb9a | |
Aminda Suomalainen | 0a9767bf38 | |
Aminda Suomalainen | b60bc9f1b8 | |
Aminda Suomalainen | afe50117fe | |
Aminda Suomalainen | 5d46d529bb | |
Aminda Suomalainen | c23e857c91 | |
Aminda Suomalainen | 7b22530eb9 | |
Aminda Suomalainen | 7b09a7ca1f | |
Aminda Suomalainen | a0795908b2 | |
Aminda Suomalainen | 0ce24f54d9 | |
Aminda Suomalainen | 303af92a6a | |
Aminda Suomalainen | 372a032a18 | |
Aminda Suomalainen | 583cc6a8a3 | |
Aminda Suomalainen | 7c867e1329 | |
Aminda Suomalainen | fb73f8e5d3 | |
Aminda Suomalainen | 5cc2e5d720 | |
Aminda Suomalainen | 89dd05c882 | |
Aminda Suomalainen | cb5c844e1c | |
Aminda Suomalainen | 82bcaa0d80 | |
Aminda Suomalainen | 88c391fd04 | |
Aminda Suomalainen | fd22af5142 | |
Aminda Suomalainen | beee380a30 | |
Aminda Suomalainen | 7f653b52e3 |
|
@ -8,6 +8,8 @@
|
|||
// and finally becoming Firefox autoconfig file copied from
|
||||
// https://codeberg.org/librewolf/settings/src/branch/master/librewolf.cfg
|
||||
|
||||
// NOTE! A lot is commented either for being a note, wrong, TODO, whatever, or most likely in my /etc/firefox/policies/policies.json
|
||||
|
||||
// Firefox autoconfig
|
||||
pref("autoadmin.global_config_url", "https://gitea.blesmrt.net/mikaela/shell-things/raw/branch/master/conf/librewolf.overrides.cfg");
|
||||
pref("general.config.obscure_value", 0);
|
||||
|
@ -20,7 +22,7 @@ pref("autoadmin.failover_to_cached", true);
|
|||
//pref("intl.regional_prefs.use_os_locales", false);
|
||||
|
||||
// via https://www.ghacks.net/2017/10/27/how-to-enable-firefox-webextensions-on-mozilla-websites/
|
||||
pref("extensions.webextensions.restrictedDomains", "");
|
||||
//pref("extensions.webextensions.restrictedDomains", "");
|
||||
//pref("privacy.resistFingerprinting.block_mozAddonManage", true);
|
||||
// Block cookie banners. Warning: may result to auto-accepting cookies.
|
||||
// https://www.ghacks.net/2022/12/24/configure-firefox-to-reject-cookie-banners-automatically/
|
||||
|
@ -69,12 +71,12 @@ defaultPref("intl.accept_languages", "fi, en");
|
|||
//pref("intl.accept_languages", "eo, fi");
|
||||
|
||||
// No JavaScript allowed in internal pdf viewer
|
||||
pref("pdfjs.enableScripting", false);
|
||||
//pref("pdfjs.enableScripting", false);
|
||||
|
||||
// Dark mode
|
||||
pref("ui.systemUsesDarkTheme", 1);
|
||||
//pref("ui.systemUsesDarkTheme", 1);
|
||||
pref("prefers-color-scheme", "dark");
|
||||
pref("pdfjs.viewerCssTheme", 2);
|
||||
//pref("pdfjs.viewerCssTheme", 2);
|
||||
|
||||
// Enable Firefox accounts
|
||||
pref("identity.fxaccounts.enabled", true);
|
||||
|
@ -93,36 +95,34 @@ pref("privacy.clearOnShutdown.siteSettings", false);
|
|||
defaultPref("browser.sessionstore.resume_from_crash", false);
|
||||
|
||||
// Click to play. https://wiki.mozilla.org/Media/block-autoplay
|
||||
pref("media.autoplay.blocking_policy", 2);
|
||||
//pref("media.autoplay.blocking_policy", 2);
|
||||
|
||||
// No corporate CA MITM
|
||||
defaultPref("security.certerrors.mitm.auto_enable_enterprise_roots", false);
|
||||
//defaultPref("security.certerrors.mitm.auto_enable_enterprise_roots", false);
|
||||
|
||||
// Decrease animations
|
||||
pref("image.animation_mode", "once");
|
||||
|
||||
// Punycode
|
||||
pref("network.IDN_show_punycode", true);
|
||||
//pref("network.IDN_show_punycode", true);
|
||||
|
||||
// Enforce reader mode enabling?
|
||||
pref("reader.parse-on-load.force-enabled", true);
|
||||
|
||||
// TRR & ECH
|
||||
// WARNING: policies.json lock enforces mode 2. However it won't matter
|
||||
// since the system resolver is encrypted, right?
|
||||
// Mode 2 allows fallback to system resolver, 3 is TTR-only.
|
||||
//pref("network.trr.mode", 2);
|
||||
defaultPref("network.trr.mode", 3);
|
||||
pref("network.trr.early-AAAA", true);
|
||||
//defaultPref("network.trr.mode", 3);
|
||||
//pref("network.trr.early-AAAA", true);
|
||||
//defaultPref("network.trr.uri", "https://dns0.eu/");
|
||||
defaultPref("network.trr.uri", "https://dns11.quad9.net/dns-query");
|
||||
//defaultPref("network.trr.uri", "https://dns11.quad9.net/dns-query");
|
||||
//defaultPref("network.trr.uri", "https://dns.adguard-dns.com/dns-query");
|
||||
// NOTE: ECH requires TRR, so mode 2 may not use it.
|
||||
defaultPref("network.trr.disable-ECS", false);
|
||||
pref("network.dns.echconfig.enabled", true);
|
||||
pref("network.dns.use_https_rr_as_altsvc", true);
|
||||
pref("network.trr.exclude-etc-hosts", false);
|
||||
pref("network.trr.excluded-domains", "http.badssl.com,norwegianwifi.com,mywifiext.net,tplinkrepeater.net,router.asus.com");
|
||||
//defaultPref("network.trr.disable-ECS", false);
|
||||
//pref("network.dns.echconfig.enabled", true);
|
||||
//pref("network.dns.use_https_rr_as_altsvc", true);
|
||||
//pref("network.trr.exclude-etc-hosts", false);
|
||||
//pref("network.trr.excluded-domains", "http.badssl.com,norwegianwifi.com,mywifiext.net,tplinkrepeater.net,router.asus.com");
|
||||
|
||||
// Default UI scale
|
||||
defaultPref("layout.css.devPixelsPerPx", "1.5");
|
||||
|
@ -136,7 +136,7 @@ pref("browser.cache.memory.enable", true);
|
|||
//pref("browser.startup.page", 1);
|
||||
// Simplified DDG experience without prompts for extension and all
|
||||
//pref("browser.startup.homepage", "https://start.duckduckgo.com");
|
||||
defaultPref("browser.startup.homepage", "about:mozilla");
|
||||
//defaultPref("browser.startup.homepage", "about:mozilla");
|
||||
|
||||
// https://codeberg.org/librewolf/settings/src/branch/master/librewolf.cfg begins
|
||||
|
||||
|
@ -146,7 +146,7 @@ defaultPref("browser.startup.homepage", "about:mozilla");
|
|||
pref("privacy.userContext.enabled", true);
|
||||
pref("privacy.userContext.ui.enabled", true);
|
||||
|
||||
pref("browser.contentblocking.category", "strict");
|
||||
//pref("browser.contentblocking.category", "strict");
|
||||
pref("privacy.partition.always_partition_third_party_non_cookie_storage", true);
|
||||
pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", false);
|
||||
|
||||
|
@ -173,7 +173,7 @@ pref("network.auth.subresource-http-auth-allow", 1); // block HTTP authenticatio
|
|||
* as a general rule, the behavior of referes which are not cross-origin should not
|
||||
* be changed.
|
||||
*/
|
||||
pref("network.http.referer.XOriginTrimmingPolicy", 2);
|
||||
//pref("network.http.referer.XOriginTrimmingPolicy", 2);
|
||||
|
||||
/** [SECTION] WEBRTC
|
||||
* there is no point in disabling webrtc as mDNS protects the private IP on linux, osx and win10+.
|
||||
|
@ -188,16 +188,16 @@ pref("network.proxy.socks_remote_dns", true); // forces dns query through the pr
|
|||
pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // force webrtc inside proxy when one is used
|
||||
|
||||
/** [SECTION] DNS */
|
||||
pref("network.dns.disablePrefetch", true); // disable dns prefetching
|
||||
//pref("network.dns.disablePrefetch", true); // disable dns prefetching
|
||||
pref("network.dns.skipTRR-when-parental-control-enabled", false); // Arkenfox user.js v117
|
||||
|
||||
/** [SECTION] PREFETCHING AND SPECULATIVE CONNECTIONS
|
||||
* disable prefecthing for different things such as links, bookmarks and predictions.
|
||||
*/
|
||||
pref("network.predictor.enabled", false);
|
||||
pref("network.prefetch-next", false);
|
||||
pref("network.http.speculative-parallel-limit", 0);
|
||||
pref("browser.places.speculativeConnect.enabled", false);
|
||||
//pref("network.predictor.enabled", false);
|
||||
//pref("network.prefetch-next", false);
|
||||
//pref("network.http.speculative-parallel-limit", 0);
|
||||
//pref("browser.places.speculativeConnect.enabled", false);
|
||||
// disable speculative connections and domain guessing from the urlbar
|
||||
pref("browser.urlbar.speculativeConnect.enabled", false);
|
||||
|
||||
|
@ -226,7 +226,7 @@ pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
|
|||
* in v103, when crlite is fully mature, it will switch to mode 2 and no longer double-check.
|
||||
*/
|
||||
pref("security.remote_settings.crlite_filters.enabled", true);
|
||||
pref("security.OCSP.require", true); // set to hard-fail, might cause SEC_ERROR_OCSP_SERVER_ERROR
|
||||
//pref("security.OCSP.require", true); // set to hard-fail, might cause SEC_ERROR_OCSP_SERVER_ERROR
|
||||
|
||||
/** [SECTION] TLS/SSL */
|
||||
pref("security.tls.enable_0rtt_data", false); // disable 0 RTT to improve tls 1.3 security
|
||||
|
@ -294,7 +294,7 @@ pref("browser.download.alwaysOpenPanel", false); // do not expand toolbar menu f
|
|||
* or media opened while other media is played will not start automatically.
|
||||
* thumbnails will not autoplay unless hovered. exceptions can be set from the UI.
|
||||
*/
|
||||
pref("media.autoplay.default", 5);
|
||||
//pref("media.autoplay.default", 5);
|
||||
|
||||
/** [SECTION] POP-UPS AND WINDOWS
|
||||
* prevent scripts from resizing existing windows and opening new ones, by forcing them into
|
||||
|
@ -386,11 +386,11 @@ pref("browser.newtabpage.activity-stream.default.sites", "");
|
|||
/** [SECTION] ABOUT
|
||||
* remove annoying ui elements from the about pages, including about:protections
|
||||
*/
|
||||
pref("browser.contentblocking.report.lockwise.enabled", false);
|
||||
pref("browser.contentblocking.report.hide_vpn_banner", true);
|
||||
pref("browser.contentblocking.report.vpn.enabled", false);
|
||||
pref("browser.contentblocking.report.show_mobile_app", false);
|
||||
pref("browser.vpn_promo.enabled", false);
|
||||
//pref("browser.contentblocking.report.lockwise.enabled", false);
|
||||
//pref("browser.contentblocking.report.hide_vpn_banner", true);
|
||||
//pref("browser.contentblocking.report.vpn.enabled", false);
|
||||
//pref("browser.contentblocking.report.show_mobile_app", false);
|
||||
//pref("browser.vpn_promo.enabled", false);
|
||||
pref("browser.promo.focus.enabled", false);
|
||||
// ...about:addons recommendations sections and more
|
||||
pref("extensions.htmlaboutaddons.recommendations.enabled", false);
|
||||
|
@ -399,7 +399,7 @@ pref("lightweightThemes.getMoreURL", ""); // disable button to get more themes
|
|||
// ...about:preferences#home
|
||||
pref("browser.topsites.useRemoteSetting", false); // hide sponsored shortcuts button
|
||||
// ...and about:config
|
||||
pref("browser.aboutConfig.showWarning", false);
|
||||
//pref("browser.aboutConfig.showWarning", false);
|
||||
// hide about:preferences#moreFromMozilla
|
||||
pref("browser.preferences.moreFromMozilla", false);
|
||||
|
||||
|
|
|
@ -13,12 +13,14 @@ per whatever I am doing.
|
|||
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
|
||||
|
||||
- [WARNING TO LIBREWOLF USERS](#warning-to-librewolf-users)
|
||||
- [WARNING TO TRR/ENCRYPTED DNS USERS!](#warning-to-trrencrypted-dns-users)
|
||||
- [Extensions](#extensions)
|
||||
- [Privacy Badger](#privacy-badger)
|
||||
- [Duplicate](#duplicate)
|
||||
- [Search engines](#search-engines)
|
||||
- [Useful looking things for the future](#useful-looking-things-for-the-future)
|
||||
- [Certificate installations](#certificate-installations)
|
||||
- [Things that look useful, but aren't](#things-that-look-useful-but-arent)
|
||||
- [WebSiteFilter](#websitefilter)
|
||||
|
||||
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
|
||||
|
||||
|
@ -31,11 +33,6 @@ This file takes priority over
|
|||
`/usr/share/librewolf/distribution/policies.json` so don't apply this or
|
||||
a lot of LibreWolf specific customizations stops being in force.
|
||||
|
||||
## WARNING TO TRR/ENCRYPTED DNS USERS!
|
||||
|
||||
If `policies.json` locks DNS over HTTPS, `trr.mode` gets locked into `2` which
|
||||
means fallback to system resolver.
|
||||
|
||||
## Extensions
|
||||
|
||||
They are mostly self-explanatory.
|
||||
|
@ -52,6 +49,18 @@ See also:
|
|||
- https://github.com/EFForg/privacybadger/blob/master/doc/admin-deployment.md
|
||||
- https://github.com/EFForg/privacybadger/blob/master/src/data/schema.json
|
||||
|
||||
#### Duplicate
|
||||
|
||||
```diff
|
||||
- "jid1-MnnxcxisBPnSXQ-eff@jetpack": {
|
||||
- "install_url": "https://www.eff.org/files/privacy-badger-latest.xpi",
|
||||
+ "jid1-MnnxcxisBPnSXQ@jetpack": {
|
||||
+ "install_url": "https://addons.mozilla.org/firefox/downloads/latest/privacy-badger17/latest.xpi",
|
||||
```
|
||||
|
||||
The EFF.org version won't sync and if you sync with unmanaged computer, you
|
||||
will have two PrivacyBadgers. Congratulations?
|
||||
|
||||
## Search engines
|
||||
|
||||
> Policy SearchEngines is only allowed on ESR.
|
||||
|
@ -73,3 +82,24 @@ In the `certificates` section
|
|||
"Install": ["my_certificate_here.pem"]
|
||||
}
|
||||
```
|
||||
|
||||
## Things that look useful, but aren't
|
||||
|
||||
### WebSiteFilter
|
||||
|
||||
```json
|
||||
{
|
||||
"policies": {
|
||||
"WebsiteFilter": {
|
||||
"Block": ["<all_urls>"],
|
||||
"Exceptions": ["http://example.org/*"]
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
Ok, nice, but my policy is already forcing AdNauseam which enforces my
|
||||
blocklist which is more practical.
|
||||
|
||||
Granted users can use private browsing mode to get past it, but I am not
|
||||
blocking actively malicious domains.
|
||||
|
|
|
@ -41,7 +41,7 @@
|
|||
]
|
||||
}
|
||||
},
|
||||
"jid1-MnnxcxisBPnSXQ-eff@jetpack": {
|
||||
"jid1-MnnxcxisBPnSXQ@jetpack": {
|
||||
"checkForDNTPolicy": true,
|
||||
"disabledSites": [
|
||||
"app.element.io",
|
||||
|
@ -67,6 +67,10 @@
|
|||
}
|
||||
}
|
||||
},
|
||||
"BlockAboutAddons": false,
|
||||
"BlockAboutConfig": false,
|
||||
"BlockAboutProfiles": false,
|
||||
"BlockAboutSupport": false,
|
||||
"Certificates": {
|
||||
"ImportEnterpriseRoots": false
|
||||
},
|
||||
|
@ -81,8 +85,13 @@
|
|||
},
|
||||
"DNSOverHTTPS": {
|
||||
"Enabled": true,
|
||||
"Locked": true,
|
||||
"ProviderURL": "https://dns11.quad9.net/dns-query"
|
||||
"ExcludedDomains": [
|
||||
"http.badssl.com",
|
||||
"norwegianwifi.com"
|
||||
],
|
||||
"Fallback": false,
|
||||
"Locked": false,
|
||||
"ProviderURL": "https://dns.quad9.net/dns-query"
|
||||
},
|
||||
"DisableEncryptedClientHello": false,
|
||||
"DisablePocket": true,
|
||||
|
@ -130,7 +139,11 @@
|
|||
"installation_mode": "normal_installed"
|
||||
},
|
||||
"jid1-MnnxcxisBPnSXQ-eff@jetpack": {
|
||||
"install_url": "https://www.eff.org/files/privacy-badger-latest.xpi",
|
||||
"blocked_install_message": "Kaksoiskappale samasta lisäosasta.",
|
||||
"installation_mode": "blocked"
|
||||
},
|
||||
"jid1-MnnxcxisBPnSXQ@jetpack": {
|
||||
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/privacy-badger17/latest.xpi",
|
||||
"installation_mode": "force_installed"
|
||||
},
|
||||
"peertube-companion@booteille": {
|
||||
|
@ -200,15 +213,178 @@
|
|||
"StartPage": "previous-session",
|
||||
"URL": "about:mozilla"
|
||||
},
|
||||
"NetworkPrediction": false,
|
||||
"NewTabPage": false,
|
||||
"OverrideFirstRunPage": "about:mozilla",
|
||||
"PDFjs": {
|
||||
"EnablePermissions": false,
|
||||
"Enabled": true
|
||||
},
|
||||
"Preferences": {
|
||||
"browser.aboutConfig.showWarning": {
|
||||
"Status": "locked",
|
||||
"Type": "boolean",
|
||||
"Value": false
|
||||
},
|
||||
"browser.contentblocking.category": {
|
||||
"Status": "locked",
|
||||
"Type": "string",
|
||||
"Value": "strict"
|
||||
},
|
||||
"browser.contentblocking.report.hide_vpn_banner": {
|
||||
"Status": "default",
|
||||
"Type": "boolean",
|
||||
"Value": true
|
||||
},
|
||||
"browser.contentblocking.report.lockwise.enabled": {
|
||||
"Status": "default",
|
||||
"Type": "boolean",
|
||||
"Value": false
|
||||
},
|
||||
"browser.contentblocking.report.show_mobile_app": {
|
||||
"Status": "default",
|
||||
"Type": "boolean",
|
||||
"Value": false
|
||||
},
|
||||
"browser.contentblocking.report.vpn.enabled": {
|
||||
"Status": "default",
|
||||
"Type": "boolean",
|
||||
"Value": false
|
||||
},
|
||||
"extensions.webextensions.restrictedDomains": {
|
||||
"Status": "locked",
|
||||
"Type": "string",
|
||||
"Value": ""
|
||||
},
|
||||
"intl.accept_languages": {
|
||||
"Status": "default",
|
||||
"Type": "string",
|
||||
"Value": "fi, en"
|
||||
},
|
||||
"layout.css.devPixelsPerPx": {
|
||||
"Status": "default",
|
||||
"Type": "string",
|
||||
"Value": "1.5"
|
||||
},
|
||||
"media.autoplay.default": {
|
||||
"Status": "default",
|
||||
"Type": "number",
|
||||
"Value": 5
|
||||
},
|
||||
"network.IDN_show_punycode": {
|
||||
"Status": "locked",
|
||||
"Type": "boolean",
|
||||
"Value": true
|
||||
},
|
||||
"network.dns.echconfig.enabled": {
|
||||
"Status": "locked",
|
||||
"Type": "boolean",
|
||||
"Value": true
|
||||
},
|
||||
"network.dns.use_https_rr_as_altsvc": {
|
||||
"Status": "locked",
|
||||
"Type": "boolean",
|
||||
"Value": true
|
||||
},
|
||||
"network.http.referer.XOriginTrimmingPolicy": {
|
||||
"Status": "default",
|
||||
"Type": "number",
|
||||
"Value": 2
|
||||
},
|
||||
"network.http.referer.defaultPolicy": {
|
||||
"Status": "default",
|
||||
"Type": "number",
|
||||
"Value": 1
|
||||
},
|
||||
"network.http.speculative-parallel-limit": {
|
||||
"Status": "locked",
|
||||
"Type": "number",
|
||||
"Value": 0
|
||||
},
|
||||
"network.predictor.enabled": {
|
||||
"Status": "locked",
|
||||
"Type": "boolean",
|
||||
"Value": false
|
||||
},
|
||||
"network.prefetch-next": {
|
||||
"Status": "locked",
|
||||
"Type": "boolean",
|
||||
"Value": false
|
||||
},
|
||||
"network.trr.disable-ECS": {
|
||||
"Status": "locked",
|
||||
"Type": "boolean",
|
||||
"Value": true
|
||||
},
|
||||
"network.trr.display_fallback_warning": {
|
||||
"Status": "locked",
|
||||
"Type": "boolean",
|
||||
"Value": true
|
||||
},
|
||||
"network.trr.early-AAAA": {
|
||||
"Status": "locked",
|
||||
"Type": "boolean",
|
||||
"Value": true
|
||||
},
|
||||
"network.trr.exclude-etc-hosts": {
|
||||
"Status": "locked",
|
||||
"Type": "boolean",
|
||||
"Value": false
|
||||
},
|
||||
"pdfjs.enableScripting": {
|
||||
"Status": "locked",
|
||||
"Type": "boolean",
|
||||
"Value": false
|
||||
},
|
||||
"pdfjs.forcePageColors": {
|
||||
"Status": "default",
|
||||
"Type": "boolean",
|
||||
"Value": true
|
||||
},
|
||||
"pdfjs.pageColorsBackground": {
|
||||
"Status": "default",
|
||||
"Type": "string",
|
||||
"Value": "#000000"
|
||||
},
|
||||
"pdfjs.pageColorsForeground": {
|
||||
"Status": "default",
|
||||
"Type": "string",
|
||||
"Value": "#ffb700"
|
||||
},
|
||||
"privacy.userContext.enabled": {
|
||||
"Status": "locked",
|
||||
"Type": "boolean",
|
||||
"Value": true
|
||||
},
|
||||
"privacy.userContext.ui.enabled": {
|
||||
"Status": "locked",
|
||||
"Type": "boolean",
|
||||
"Value": true
|
||||
},
|
||||
"security.OCSP.require": {
|
||||
"Status": "locked",
|
||||
"Type": "boolean",
|
||||
"Value": true
|
||||
},
|
||||
"security.insecure_connection_text.enabled": {
|
||||
"Status": "locked",
|
||||
"Type": "boolean",
|
||||
"Value": true
|
||||
},
|
||||
"security.insecure_connection_text.pbmode.enabled": {
|
||||
"Status": "locked",
|
||||
"Type": "boolean",
|
||||
"Value": true
|
||||
},
|
||||
"security.ssl.enable_ocsp_stapling": {
|
||||
"Status": "locked",
|
||||
"Type": "boolean",
|
||||
"Value": true
|
||||
},
|
||||
"ui.systemUsesDarkTheme": {
|
||||
"Status": "default",
|
||||
"Type": "number",
|
||||
"Value": 1
|
||||
}
|
||||
},
|
||||
"SearchEngines": {
|
||||
|
|
|
@ -3,6 +3,12 @@
|
|||
# their policies. The user is trusted to setup those manually.
|
||||
set -x
|
||||
|
||||
# Require root or exit
|
||||
if [ "$(id -u)" != "0" ]; then
|
||||
echo "This script requires root for managing /etc/" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Firefox and LibreWolf (caution! https://codeberg.org/librewolf/issues/issues/1767)
|
||||
mkdir -vp /etc/firefox/policies
|
||||
chmod -v a+rx /etc/firefox/
|
||||
|
@ -13,6 +19,7 @@ printf "WARNING! LibreWolf default profile may be masked!\nhttps://codeberg.org/
|
|||
|
||||
# Firefox ESR
|
||||
ln -sfv /etc/firefox /etc/firefox-esr
|
||||
rm -fv /etc/firefox-esr/firefox-esr
|
||||
|
||||
# Chromium
|
||||
mkdir -vp /etc/opt/chromium/policies/managed
|
||||
|
@ -22,12 +29,15 @@ chmod -v a+rx /etc/opt/chromium/policies/{managed,recommended}/
|
|||
|
||||
# Brave
|
||||
ln -sfv /etc/opt/chromium /etc/brave
|
||||
rm -fv /etc/brave/brave
|
||||
|
||||
# Vivaldi
|
||||
ln -sfv /etc/opt/chromium /etc/chromium
|
||||
rm -fv /etc/chromium/chromium
|
||||
|
||||
# Google Chrome
|
||||
ln -sfv /etc/opt/chromium /etc/opt/chrome
|
||||
rm -fv /etc/etc/opt/chrome/chrome
|
||||
|
||||
# Microsoft Edge
|
||||
# NOTE! It breaks chrome:// URLs so the recommended policy apps as new tab page
|
||||
|
@ -36,6 +46,7 @@ ln -sfv /etc/opt/chromium /etc/opt/chrome
|
|||
#ln -sfv /etc/opt/chromium /etc/opt/edge
|
||||
mkdir -vp /etc/opt/edge/policies/recommended
|
||||
ln -sfv /etc/opt/chromium/policies/managed /etc/opt/edge/policies/managed
|
||||
rm -fv /etc/opt/edge/policies/managed/managed
|
||||
printf "WARNING! Edge recommended profiles are managed separately.\n"
|
||||
|
||||
set +x
|
||||
|
|
|
@ -27,8 +27,10 @@ deadtime = 0
|
|||
keepalive = 60
|
||||
|
||||
# All guides seem to use the name PS2SMB, and it may require manual typing
|
||||
# on the console
|
||||
[PS2SMB]
|
||||
# on the console.
|
||||
# REMEMBER! Like with Windows, the trailing $ makes the share unlisted, you
|
||||
# will need to enter it on the PS2 and other devices though!
|
||||
[PS2SMB$]
|
||||
Comment = PlayStation2 images
|
||||
# PS2 IP
|
||||
#hosts allow = 192.168.88.5
|
||||
|
|
|
@ -12,8 +12,6 @@ server:
|
|||
# This list is for my travel laptop to have at least one DoT443 server
|
||||
# which seems to be applied-privacy.net. They advice having multiple DoT servers
|
||||
# for redundancy and as they don't filter, it's best I use other non-filtering ones.
|
||||
# Since then this expanded to include <https://www.privacyguides.org/en/dns/>.
|
||||
# just look at git blame...
|
||||
|
||||
forward-zone:
|
||||
name: "."
|
||||
|
@ -50,26 +48,5 @@ forward-zone:
|
|||
forward-addr: 2620:fe::10@8853#dns10.quad9.net
|
||||
forward-addr: 9.9.9.10@853#dns10.quad9.net
|
||||
forward-addr: 9.9.9.10@8853#dns10.quad9.net
|
||||
# Quad9 unfiltered, anycast, ECS, no DNSSEC (Unbound does that)
|
||||
#forward-addr: 2620:fe::fe:12@853#dns12.quad9.net
|
||||
#forward-addr: 2620:fe::fe:12@8853#dns12.quad9.net
|
||||
#forward-addr: 9.9.9.12@853#dns12.quad9.net
|
||||
#forward-addr: 9.9.9.12@8853#dns12.quad9.net
|
||||
#forward-addr: 2620:fe::12@853#dns12.quad9.net
|
||||
#forward-addr: 2620:fe::12@8853#dns12.quad9.net
|
||||
#forward-addr: 149.112.112.12@853#dns12.quad9.net
|
||||
#forward-addr: 149.112.112.12@8853#dns12.quad9.net
|
||||
|
||||
# https://www.dns0.eu/open https://www.dns0.eu/network - French based. Private ECS
|
||||
forward-addr: 193.110.81.254@853#open.dns0.eu
|
||||
forward-addr: 185.253.5.254@853#open.dns0.eu
|
||||
forward-addr: 2a0f:fc80::ffff@853#open.dns0.eu
|
||||
forward-addr: 2a0f:fc81::ffff@853#open.dns0.eu
|
||||
|
||||
# Adguard DNS Unfiltered Anycast. Malta based. Private ECS.
|
||||
forward-addr: 2a10:50c0::1:ff@853#unfiltered.adguard-dns.com
|
||||
forward-addr: 2a10:50c0::2:ff@853#unfiltered.adguard-dns.com
|
||||
forward-addr: 94.140.14.140@853#unfiltered.adguard-dns.com
|
||||
forward-addr: 94.140.14.141@853#unfiltered.adguard-dns.com
|
||||
|
||||
# vim: filetype=unbound.conf
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
server:
|
||||
# Debian ca-certificates location
|
||||
#tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||
# ctrl.blog says this is the Fedora location
|
||||
# Fedora
|
||||
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||
# Use system certificates no matter where they are
|
||||
tls-system-cert: yes
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
server:
|
||||
# Debian ca-certificates location
|
||||
#tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||
# ctrl.blog says this is the Fedora location
|
||||
# Fedora
|
||||
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||
# Use system certificates no matter where they are
|
||||
tls-system-cert: yes
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
server:
|
||||
# Debian ca-certificates location
|
||||
#tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||
# ctrl.blog says this is the Fedora location
|
||||
# Fedora
|
||||
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||
# Use system certificates no matter where they are
|
||||
tls-system-cert: yes
|
||||
|
|
|
@ -28,7 +28,9 @@ forward-zone:
|
|||
forward-addr: 193.110.81.0@853#dns0.eu
|
||||
forward-addr: 185.253.5.0@853#dns0.eu
|
||||
## Quad9 IPv6 Secure + ECS
|
||||
forward-addr: 2620:fe::11@8853#dns11.quad9.net
|
||||
forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
|
||||
forward-addr: 2620:fe::11@853#dns11.quad9.net
|
||||
forward-addr: 2620:fe::fe:11@8853#dns11.quad9.net
|
||||
|
||||
# vim: filetype=unbound.conf
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
server:
|
||||
# Debian ca-certificates location
|
||||
#tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||
# ctrl.blog says this is the Fedora location
|
||||
# Fedora
|
||||
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||
# Use system certificates no matter where they are
|
||||
tls-system-cert: yes
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
server:
|
||||
# Debian ca-certificates location
|
||||
#tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||
# ctrl.blog says this is the Fedora location
|
||||
# Fedora
|
||||
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||
# Use system certificates no matter where they are
|
||||
tls-system-cert: yes
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
server:
|
||||
# Debian ca-certificates location
|
||||
#tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||
# ctrl.blog says this is the Fedora location
|
||||
# Fedora
|
||||
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||
# Use system certificates no matter where they are
|
||||
tls-system-cert: yes
|
||||
|
|
Loading…
Reference in New Issue