Compare commits
10 Commits
82214710c1
...
901dbfe138
Author | SHA1 | Date |
---|---|---|
Aminda Suomalainen | 901dbfe138 | |
Aminda Suomalainen | 21b59adfd2 | |
Aminda Suomalainen | 7c3da50491 | |
Aminda Suomalainen | daae569442 | |
Aminda Suomalainen | fb65f717fc | |
Aminda Suomalainen | 6375d55b8f | |
Aminda Suomalainen | 17e0b68d20 | |
Aminda Suomalainen | a17ff2903a | |
Aminda Suomalainen | bbeb1d3e02 | |
Aminda Suomalainen | 046b9c5f1a |
19
chmod
19
chmod
|
@ -4,28 +4,29 @@
|
|||
# access.
|
||||
set -x
|
||||
|
||||
chmod g-rwx,o-rwx $HOME -R
|
||||
# You don't want to make this verbose.
|
||||
chmod g-rwx,o-rwx "$HOME" -R
|
||||
|
||||
touch ~/.oidentd.conf
|
||||
|
||||
chmod u+rw,g-wx+r,o-wx+r ~/.oidentd.conf
|
||||
chmod -v u+rw,g-wx+r,o-wx+r ~/.oidentd.conf
|
||||
|
||||
touch ~/.ICEauthority
|
||||
chmod o-rw+x,g-rw+x ~
|
||||
chmod -v o-rw+x,g-rw+x ~
|
||||
|
||||
mkdir -p ~/public_html/
|
||||
chmod -R 755 ~/public_html/
|
||||
chmod -v -R 755 ~/public_html/
|
||||
|
||||
touch ~/.face
|
||||
touch ~/.forward
|
||||
touch ~/.netrc
|
||||
chmod a+r-wx,u+rw ~/.face
|
||||
chmod a+r-wx,u+rw ~/.forward
|
||||
chmod 600 ~/.netrc
|
||||
chmod -v a+r-wx,u+rw ~/.face
|
||||
chmod -v a+r-wx,u+rw ~/.forward
|
||||
chmod -v 600 ~/.netrc
|
||||
|
||||
mkdir -p ~/.ssh
|
||||
chmod 700 ~/.ssh
|
||||
chmod -v 700 ~/.ssh
|
||||
touch ~/.ssh/authorized_keys
|
||||
chmod 600 ~/.ssh/authorized_keys
|
||||
chmod -v 600 ~/.ssh/authorized_keys
|
||||
|
||||
set +x
|
||||
|
|
|
@ -1,2 +0,0 @@
|
|||
brave
|
||||
firefox-esr
|
|
@ -1 +0,0 @@
|
|||
managed
|
|
@ -1 +0,0 @@
|
|||
This directory/managed is read by Vivaldi
|
|
@ -1 +0,0 @@
|
|||
../../opt/chromium/policies/managed
|
|
@ -1 +0,0 @@
|
|||
firefox
|
|
@ -10,6 +10,7 @@ This file is DNS before DNS and legacy remain which is still used.
|
|||
|
||||
- [`blocklist`](#blocklist)
|
||||
- [`dns`](#dns)
|
||||
- [`hostname`](#hostname)
|
||||
- [`hosts.arch`](#hostsarch)
|
||||
- [`hosts.fedora`](#hostsfedora)
|
||||
- [`hosts.debian`](#hostsdebian)
|
||||
|
@ -32,6 +33,30 @@ and Unbound, so now it's something I can attempt to `/etc/hosts`.
|
|||
|
||||
**_EXCERCISE CAUTION!_**
|
||||
|
||||
## `hostname`
|
||||
|
||||
As can be seen in `hosts.debian`, Debian specifies hostname in format
|
||||
such as:
|
||||
|
||||
```
|
||||
::1 localhost
|
||||
::1 FQDN UQDN
|
||||
|
||||
127.0.0.1 localhost
|
||||
127.0.1.1 FQDN UQDN
|
||||
```
|
||||
|
||||
where FQDN means _Fully Qualified Domain Name_ and UQDN _Unqualified Domain
|
||||
Name_ (although I don't know if anyone else calls it like that) and I find
|
||||
that a good practice. Additionally I have observed my systems querying their
|
||||
own hostname from global DNS which seems unnecessary and not a great behaviour
|
||||
to me, while this file appended to `/etc/hosts` can tell it immediately all
|
||||
applications and make `resolvectl query hostname.localdomain` find it
|
||||
instantly.
|
||||
|
||||
The `0200:0000:0000:0000:0000:0000:0000:0000`? Replace it with your Yggdrasil
|
||||
address from `yggdrasilctl getself`.
|
||||
|
||||
## `hosts.arch`
|
||||
|
||||
For now this is a symlink to `hosts.steamos` as I am pretty sure they haven't
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
#
|
||||
##### BEGIN AMINDA BLOCKLIST #####
|
||||
|
||||
# Facebook API that a lot of things call, will break things for Facebook
|
||||
|
@ -10,3 +11,4 @@
|
|||
0.0.0.0 matrix.to www.matrix.to
|
||||
|
||||
##### END AMINDA BLOCKLIST #####
|
||||
#
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
#
|
||||
##### BEGIN DNS RESOLVER LIST #####
|
||||
|
||||
# Well known DNS servers to be appended to /etc/hosts
|
||||
|
@ -82,3 +83,4 @@
|
|||
2001:4860:4860::64 dns64.dns.google
|
||||
|
||||
##### END DNS RESOLVER LIST #####
|
||||
#
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
#
|
||||
##### BEGIN HOSTNAME #####
|
||||
|
||||
::1 fully.qualified.hostname.example.net friendlyhostname
|
||||
127.0.1.1 fully.qualified.hostname.example.net friendlyhostname
|
||||
#0200:0000:0000:0000:0000:0000:0000:0000 y.friendlyhostname.example.net
|
||||
|
||||
##### END HOSTNAME #####
|
||||
#
|
|
@ -1,2 +0,0 @@
|
|||
chrome
|
||||
edge
|
|
@ -1 +0,0 @@
|
|||
chromium
|
|
@ -1 +0,0 @@
|
|||
chromium
|
|
@ -1,7 +1,7 @@
|
|||
[Resolve]
|
||||
DNS=2a07:e340::2#dns.mullvad.net 194.242.2.2#dns.mullvad.net
|
||||
#DNS=2a07:e340::2#dns.mullvad.net 194.242.2.2#dns.mullvad.net
|
||||
#DNS=194.242.2.3#adblock.dns.mullvad.net 2a07:e340::3#adblock.dns.mullvad.net
|
||||
#DNS=2a07:e340::4#base.dns.mullvad.net 194.242.2.4#base.dns.mullvad.net
|
||||
DNS=2a07:e340::4#base.dns.mullvad.net 194.242.2.4#base.dns.mullvad.net
|
||||
#DNS=2a07:e340::5#extended.dns.mullvad.net 194.242.2.5#extended.dns.mullvad.net
|
||||
#DNS=2a07:e340::9#all.dns.mullvad.net 194.242.2.9#all.dns.mullvad.net
|
||||
#DNSOverTLS=true
|
||||
|
|
|
@ -1,2 +1,3 @@
|
|||
[Unit]
|
||||
Wants=unbound.service
|
||||
After=unbound.service
|
|
@ -0,0 +1 @@
|
|||
unbound-wanted.conf
|
|
@ -0,0 +1 @@
|
|||
../service.d/unbound-wanted.conf
|
|
@ -0,0 +1,34 @@
|
|||
server:
|
||||
# Debian ca-certificates location
|
||||
#tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||
# ctrl.blog says this is the Fedora location
|
||||
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||
# Use system certificates no matter where they are
|
||||
tls-system-cert: yes
|
||||
# Quad9 says pointless performance impact on forwarders.
|
||||
# https://docs.quad9.net/Quad9_For_Organizations/DNS_Forwarder_Best_Practices/#disable-qname-minimization
|
||||
qname-minimisation: no
|
||||
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-tls-upstream: yes
|
||||
# Unfiltered
|
||||
#forward-addr: 194.242.2.2@853#dns.mullvad.net
|
||||
#forward-addr: 2a07:e340::2@853#dns.mullvad.net
|
||||
# Adblock and tracking protection
|
||||
#forward-addr: 194.242.2.3@853#adblock.dns.mullvad.net
|
||||
#forward-addr: 2a07:e340::3@853#adblock.dns.mullvad.net
|
||||
# Above + malware protection
|
||||
forward-addr: 194.242.2.4@853#base.dns.mullvad.net
|
||||
forward-addr: 2a07:e340::4@853#base.dns.mullvad.net
|
||||
# Above + social media blocking
|
||||
#forward-addr: 194.242.2.5@853#extended.dns.mullvad.net
|
||||
#forward-addr: 2a07:e340::5@853#extended.dns.mullvad.net
|
||||
# Blocking for ads, trackers, malware, adult, gambling
|
||||
#forward-addr: 194.242.2.6@853#family.dns.mullvad.net
|
||||
#forward-addr: 2a07:e340::6@853#family.dns.mullvad.net
|
||||
# Blocking all of the above
|
||||
#forward-addr: 194.242.2.9@853#all.dns.mullvad.net
|
||||
#forward-addr: 2a07:e340::9@853#all.dns.mullvad.net
|
||||
|
||||
# vim: filetype=unbound.conf
|
|
@ -0,0 +1,60 @@
|
|||
server:
|
||||
# Quad9 says pointless performance impact on forwarders.
|
||||
# https://docs.quad9.net/Quad9_For_Organizations/DNS_Forwarder_Best_Practices/#disable-qname-minimization
|
||||
qname-minimisation: no
|
||||
|
||||
# The app needs this, also SOCKS https://support.nordvpn.com/hc/en-us/articles/20195967385745-NordVPN-proxy-setup-for-qBittorrent
|
||||
forward-zone:
|
||||
name: "nordhold.net."
|
||||
forward-tls-upstream: no
|
||||
forward-addr: 2400:bb40:4444::103
|
||||
forward-addr: 2400:bb40:8888::103
|
||||
forward-addr: 103.86.96.100
|
||||
forward-addr: 103.86.99.100
|
||||
|
||||
# Main homepage
|
||||
forward-zone:
|
||||
name: "nordvpn.com."
|
||||
forward-tls-upstream: no
|
||||
forward-addr: 2400:bb40:4444::103
|
||||
forward-addr: 2400:bb40:8888::103
|
||||
forward-addr: 103.86.96.100
|
||||
forward-addr: 103.86.99.100
|
||||
|
||||
# Seen in NoScript on their homepage
|
||||
forward-zone:
|
||||
name: "nordcdn.com."
|
||||
forward-tls-upstream: no
|
||||
forward-addr: 2400:bb40:4444::103
|
||||
forward-addr: 2400:bb40:8888::103
|
||||
forward-addr: 103.86.96.100
|
||||
forward-addr: 103.86.99.100
|
||||
|
||||
# Listed in documentation, https://support.nordvpn.com/hc/en-us/articles/19685519701905-NordVPN-imitation-scams
|
||||
forward-zone:
|
||||
name: "nordvpn.org."
|
||||
forward-tls-upstream: no
|
||||
forward-addr: 2400:bb40:4444::103
|
||||
forward-addr: 2400:bb40:8888::103
|
||||
forward-addr: 103.86.96.100
|
||||
forward-addr: 103.86.99.100
|
||||
|
||||
# Listed in documentation, https://support.nordvpn.com/hc/en-us/articles/19685519701905-NordVPN-imitation-scams
|
||||
forward-zone:
|
||||
name: "nordvpnmedia.com."
|
||||
forward-tls-upstream: no
|
||||
forward-addr: 2400:bb40:4444::103
|
||||
forward-addr: 2400:bb40:8888::103
|
||||
forward-addr: 103.86.96.100
|
||||
forward-addr: 103.86.99.100
|
||||
|
||||
# Listed in documentation, https://support.nordvpn.com/hc/en-us/articles/19685519701905-NordVPN-imitation-scams
|
||||
forward-zone:
|
||||
name: "nordsec.com."
|
||||
forward-tls-upstream: no
|
||||
forward-addr: 2400:bb40:4444::103
|
||||
forward-addr: 2400:bb40:8888::103
|
||||
forward-addr: 103.86.96.100
|
||||
forward-addr: 103.86.99.100
|
||||
|
||||
# vim: filetype=unbound.conf
|
|
@ -1,20 +0,0 @@
|
|||
server:
|
||||
# Quad9 says pointless performance impact on forwarders.
|
||||
# https://docs.quad9.net/Quad9_For_Organizations/DNS_Forwarder_Best_Practices/#disable-qname-minimization
|
||||
qname-minimisation: no
|
||||
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-tls-upstream: no
|
||||
forward-addr: 2400:bb40:4444::103
|
||||
forward-addr: 2400:bb40:8888::103
|
||||
forward-addr: 103.86.96.100
|
||||
forward-addr: 103.86.99.100
|
||||
# DNS0.eu/open since I am unsure of whether the above works outside of NordVPN
|
||||
# connection and I seem to have issues with automatic connection.
|
||||
forward-addr: 2a0f:fc80::ffff
|
||||
forward-addr: 2a0f:fc81::ffff
|
||||
forward-addr: 193.110.81.254
|
||||
forward-addr: 185.253.5.254
|
||||
|
||||
# vim: filetype=unbound.conf
|
|
@ -416,8 +416,8 @@ alias defaulttarget="systemctl enable "
|
|||
alias cwho="who -H -w -u"
|
||||
|
||||
# inxi - https://smxi.org/docs/inxi.htm
|
||||
#alias inxi-install="mkdir -p ~/.local/bin && cd ~/.local/bin && \wget -Nc https://github.com/smxi/inxi/raw/master/inxi && chmod +x inxi && cd"
|
||||
#alias inxi-install-root="cd /usr/local/bin;\wget -Nc https://github.com/smxi/inxi/raw/master/inxi;chmod +x inxi;./inxi -U;cd"
|
||||
#alias inxi-install="mkdir -p ~/.local/bin && cd ~/.local/bin && \wget -Nc https://github.com/smxi/inxi/raw/master/inxi && \chmod -v +x inxi && cd"
|
||||
#alias inxi-install-root="cd /usr/local/bin;\wget -Nc https://github.com/smxi/inxi/raw/master/inxi;\chmod -v +x inxi;./inxi -U;cd"
|
||||
#alias inxi-update="inxi -U"
|
||||
|
||||
# FINEID to ssh-agent
|
||||
|
@ -425,9 +425,9 @@ alias fineid="ssh-add -s /usr/lib64/libcryptoki.so"
|
|||
|
||||
# Homebrew
|
||||
#alias homebrew-install="cd ~;git clone https://github.com/Homebrew/homebrew.git --depth=1;mkdir -p .local;rsync -aP homebrew/* .local;rsync -aP homebrew/.* .local;rm -rf homebrew"
|
||||
#alias homebrew-install-root="cd /usr;git clone https://github.com/Homebrew/homebrew.git --depth=1;mkdir -p local;rsync -aP homebrew/* local;rsync -aP homebrew/.* local/;chmod -R 755 local;chown -R root:wheel local;rm -rf homebrew"
|
||||
#alias homebrew-install-root="cd /usr;git clone https://github.com/Homebrew/homebrew.git --depth=1;mkdir -p local;rsync -aP homebrew/* local;rsync -aP homebrew/.* local/;\chmod -v -R 755 local;chown -R root:wheel local;rm -rf homebrew"
|
||||
#alias linuxbrew-install="cd ~;git clone https://github.com/Homebrew/linuxbrew.git --depth=1;mkdir -p .local;rsync -aP linuxbrew/* .local;rsync -aP linuxbrew/.* .local;rm -rf linuxbrew"
|
||||
#alias linuxbrew-install-root="cd /usr;git clone https://github.com/Homebrew/linuxbrew.git --depth=1;mkdir -p local;rsync -aP linuxbrew/* local;rsync -aP linuxbrew/.* local/;chmod -R 755 local;chown -R root:wheel local;rm -rf linuxbrew"
|
||||
#alias linuxbrew-install-root="cd /usr;git clone https://github.com/Homebrew/linuxbrew.git --depth=1;mkdir -p local;rsync -aP linuxbrew/* local;rsync -aP linuxbrew/.* local/;\chmod -v -R 755 local;chown -R root:wheel local;rm -rf linuxbrew"
|
||||
#export HOMEBREW_LOGS=$HOME/.cache/Homebrew/Logs
|
||||
|
||||
# OS X
|
||||
|
|
8
rc/zshrc
8
rc/zshrc
|
@ -396,8 +396,8 @@ alias suu="su -"
|
|||
alias cwho="who -H -w -u"
|
||||
|
||||
# inxi - https://smxi.org/docs/inxi.htm
|
||||
#alias inxi-install="mkdir -p ~/.local/bin && cd ~/.local/bin && \wget -Nc https://github.com/smxi/inxi/raw/master/inxi && chmod +x inxi && cd"
|
||||
#alias inxi-install-root="cd /usr/local/bin;\wget -Nc https://github.com/smxi/inxi/raw/master/inxi;chmod +x inxi;./inxi -U;cd"
|
||||
#alias inxi-install="mkdir -p ~/.local/bin && cd ~/.local/bin && \wget -Nc https://github.com/smxi/inxi/raw/master/inxi && \chmod -v +x inxi && cd"
|
||||
#alias inxi-install-root="cd /usr/local/bin;\wget -Nc https://github.com/smxi/inxi/raw/master/inxi;\chmod -v +x inxi;./inxi -U;cd"
|
||||
#alias inxi-update="inxi -U"
|
||||
|
||||
# FINEID to ssh-agent
|
||||
|
@ -405,9 +405,9 @@ alias fineid="ssh-add -s /usr/lib64/libcryptoki.so"
|
|||
|
||||
# Homebrew
|
||||
#alias homebrew-install="cd ~;git clone https://github.com/Homebrew/homebrew.git --depth=1;mkdir -p .local;rsync -aP homebrew/* .local;rsync -aP homebrew/.* .local;rm -rf homebrew"
|
||||
#alias homebrew-install-root="cd /usr;git clone https://github.com/Homebrew/homebrew.git --depth=1;mkdir -p local;rsync -aP homebrew/* local;rsync -aP homebrew/.* local/;chmod -R 755 local;chown -R root:wheel local;rm -rf homebrew"
|
||||
#alias homebrew-install-root="cd /usr;git clone https://github.com/Homebrew/homebrew.git --depth=1;mkdir -p local;rsync -aP homebrew/* local;rsync -aP homebrew/.* local/;chmod -v -R 755 local;chown -R root:wheel local;rm -rf homebrew"
|
||||
#alias linuxbrew-install="cd ~;git clone https://github.com/Homebrew/linuxbrew.git --depth=1;mkdir -p .local;rsync -aP linuxbrew/* .local;rsync -aP linuxbrew/.* .local;rm -rf linuxbrew"
|
||||
#alias linuxbrew-install-root="cd /usr;git clone https://github.com/Homebrew/linuxbrew.git --depth=1;mkdir -p local;rsync -aP linuxbrew/* local;rsync -aP linuxbrew/.* local/;chmod -R 755 local;chown -R root:wheel local;rm -rf linuxbrew"
|
||||
#alias linuxbrew-install-root="cd /usr;git clone https://github.com/Homebrew/linuxbrew.git --depth=1;mkdir -p local;rsync -aP linuxbrew/* local;rsync -aP linuxbrew/.* local/;chmod -v -R 755 local;chown -R root:wheel local;rm -rf linuxbrew"
|
||||
#export HOMEBREW_LOGS=$HOME/.cache/Homebrew/Logs
|
||||
|
||||
# OS X
|
||||
|
|
Loading…
Reference in New Issue