etc/hosts: attempt to increase legibility by adding leading and trailing #

etc/hosts/hostname: copy Debian behaviour as a good practice
{bash,zshrc}: prepare for alias
2024-04-25 19:45:11 +03:00 · 2024-04-25 19:40:56 +03:00 · 2024-04-25 17:39:20 +03:00 · 2024-04-25 17:37:26 +03:00 · 2024-04-25 17:31:09 +03:00 · 2024-04-25 17:27:55 +03:00
23 changed files with 155 additions and 50 deletions
--- a/19
+++ b/19
@ -4,28 +4,29 @@
 # access.
 set -x

-chmod g-rwx,o-rwx $HOME -R
+# You don't want to make this verbose.
+chmod g-rwx,o-rwx "$HOME" -R

 touch ~/.oidentd.conf

-chmod u+rw,g-wx+r,o-wx+r ~/.oidentd.conf
+chmod -v u+rw,g-wx+r,o-wx+r ~/.oidentd.conf

 touch ~/.ICEauthority
-chmod o-rw+x,g-rw+x ~
+chmod -v o-rw+x,g-rw+x ~

 mkdir -p ~/public_html/
-chmod -R 755 ~/public_html/
+chmod -v -R 755 ~/public_html/

 touch ~/.face
 touch ~/.forward
 touch ~/.netrc
-chmod a+r-wx,u+rw ~/.face
-chmod a+r-wx,u+rw ~/.forward
-chmod 600 ~/.netrc
+chmod -v a+r-wx,u+rw ~/.face
+chmod -v a+r-wx,u+rw ~/.forward
+chmod -v 600 ~/.netrc

 mkdir -p ~/.ssh
-chmod 700 ~/.ssh
+chmod -v 700 ~/.ssh
 touch ~/.ssh/authorized_keys
-chmod 600 ~/.ssh/authorized_keys
+chmod -v 600 ~/.ssh/authorized_keys

 set +x
--- a/etc/.gitignore
+++ b/etc/.gitignore
@ -1,2 +0,0 @@
-brave
-firefox-esr
--- a/etc/brave
+++ b/etc/brave
@ -1 +0,0 @@
-chromium
--- a/etc/chromium/policies/.gitignore
+++ b/etc/chromium/policies/.gitignore
@ -1 +0,0 @@
-managed
--- a/etc/chromium/policies/README.md
+++ b/etc/chromium/policies/README.md
@ -1 +0,0 @@
-This directory/managed is read by Vivaldi
--- a/etc/chromium/policies/managed
+++ b/etc/chromium/policies/managed
@ -1 +0,0 @@
-../../opt/chromium/policies/managed
--- a/etc/firefox-esr
+++ b/etc/firefox-esr
@ -1 +0,0 @@
-firefox
--- a/etc/hosts/README.md
+++ b/etc/hosts/README.md
@ -10,6 +10,7 @@ This file is DNS before DNS and legacy remain which is still used.

 - [`blocklist`](#blocklist)
 - [`dns`](#dns)
+- [`hostname`](#hostname)
 - [`hosts.arch`](#hostsarch)
 - [`hosts.fedora`](#hostsfedora)
 - [`hosts.debian`](#hostsdebian)
@ -32,6 +33,30 @@ and Unbound, so now it's something I can attempt to `/etc/hosts`.

 **_EXCERCISE CAUTION!_**

+## `hostname`
+
+As can be seen in `hosts.debian`, Debian specifies hostname in format
+such as:
+
+```
+::1 localhost
+::1 FQDN UQDN
+
+127.0.0.1   localhost
+127.0.1.1   FQDN UQDN
+```
+
+where FQDN means _Fully Qualified Domain Name_ and UQDN _Unqualified Domain
+Name_ (although I don't know if anyone else calls it like that) and I find
+that a good practice. Additionally I have observed my systems querying their
+own hostname from global DNS which seems unnecessary and not a great behaviour
+to me, while this file appended to `/etc/hosts` can tell it immediately all
+applications and make `resolvectl query hostname.localdomain` find it
+instantly.
+
+The `0200:0000:0000:0000:0000:0000:0000:0000`? Replace it with your Yggdrasil
+address from `yggdrasilctl getself`.
+
 ## `hosts.arch`

 For now this is a symlink to `hosts.steamos` as I am pretty sure they haven't
--- a/etc/hosts/blocklist
+++ b/etc/hosts/blocklist
@ -1,3 +1,4 @@
+#
 ##### BEGIN AMINDA BLOCKLIST #####

 # Facebook API that a lot of things call, will break things for Facebook
@ -10,3 +11,4 @@
 0.0.0.0 matrix.to www.matrix.to

 ##### END AMINDA BLOCKLIST #####
+#
--- a/etc/hosts/dns
+++ b/etc/hosts/dns
@ -1,3 +1,4 @@
+#
 ##### BEGIN DNS RESOLVER LIST #####

 # Well known DNS servers to be appended to /etc/hosts
@ -82,3 +83,4 @@
 2001:4860:4860::64 dns64.dns.google

 ##### END DNS RESOLVER LIST #####
+#
--- a/etc/hosts/hostname
+++ b/etc/hosts/hostname
@ -0,0 +1,9 @@
+#
+##### BEGIN HOSTNAME #####
+
+::1 fully.qualified.hostname.example.net friendlyhostname
+127.0.1.1 fully.qualified.hostname.example.net friendlyhostname
+#0200:0000:0000:0000:0000:0000:0000:0000 y.friendlyhostname.example.net
+
+##### END HOSTNAME #####
+#
--- a/etc/opt/.gitignore
+++ b/etc/opt/.gitignore
@ -1,2 +0,0 @@
-chrome
-edge
--- a/etc/opt/chrome
+++ b/etc/opt/chrome
@ -1 +0,0 @@
-chromium
--- a/etc/opt/edge
+++ b/etc/opt/edge
@ -1 +0,0 @@
-chromium
--- a/etc/systemd/resolved.conf.d/dot-mullvad.conf
+++ b/etc/systemd/resolved.conf.d/dot-mullvad.conf
@ -1,7 +1,7 @@
 [Resolve]
-DNS=2a07:e340::2#dns.mullvad.net 194.242.2.2#dns.mullvad.net
+#DNS=2a07:e340::2#dns.mullvad.net 194.242.2.2#dns.mullvad.net
 #DNS=194.242.2.3#adblock.dns.mullvad.net 2a07:e340::3#adblock.dns.mullvad.net
-#DNS=2a07:e340::4#base.dns.mullvad.net 194.242.2.4#base.dns.mullvad.net
+DNS=2a07:e340::4#base.dns.mullvad.net 194.242.2.4#base.dns.mullvad.net
 #DNS=2a07:e340::5#extended.dns.mullvad.net 194.242.2.5#extended.dns.mullvad.net
 #DNS=2a07:e340::9#all.dns.mullvad.net 194.242.2.9#all.dns.mullvad.net
 #DNSOverTLS=true
--- a/etc/systemd/system/systemd-resolved.service.d/unbound.conf
+++ b/etc/systemd/system/systemd-resolved.service.d/unbound.conf
@ -1,2 +1,3 @@
 [Unit]
+Wants=unbound.service
 After=unbound.service
--- a/etc/systemd/system/systemd-resolved.service.d/.gitignore
+++ b/etc/systemd/system/systemd-resolved.service.d/.gitignore
@ -0,0 +1 @@
+unbound-wanted.conf
--- a/etc/systemd/system/systemd-resolved.service.d/unbound-wanted.conf
+++ b/etc/systemd/system/systemd-resolved.service.d/unbound-wanted.conf
@ -0,0 +1 @@
+../service.d/unbound-wanted.conf
--- a/etc/unbound/unbound.conf.d/dot-mullvad.conf
+++ b/etc/unbound/unbound.conf.d/dot-mullvad.conf
@ -0,0 +1,34 @@
+server:
+	# Debian ca-certificates location
+	#tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+	# ctrl.blog says this is the Fedora location
+	#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+	# Use system certificates no matter where they are
+	tls-system-cert: yes
+	# Quad9 says pointless performance impact on forwarders.
+	# https://docs.quad9.net/Quad9_For_Organizations/DNS_Forwarder_Best_Practices/#disable-qname-minimization
+	qname-minimisation: no
+
+forward-zone:
+	name: "."
+	forward-tls-upstream: yes
+	# Unfiltered
+	#forward-addr: 194.242.2.2@853#dns.mullvad.net
+	#forward-addr: 2a07:e340::2@853#dns.mullvad.net
+	# Adblock and tracking protection
+	#forward-addr: 194.242.2.3@853#adblock.dns.mullvad.net
+	#forward-addr: 2a07:e340::3@853#adblock.dns.mullvad.net
+	# Above + malware protection
+	forward-addr: 194.242.2.4@853#base.dns.mullvad.net
+	forward-addr: 2a07:e340::4@853#base.dns.mullvad.net
+	# Above + social media blocking
+	#forward-addr: 194.242.2.5@853#extended.dns.mullvad.net
+	#forward-addr: 2a07:e340::5@853#extended.dns.mullvad.net
+	# Blocking for ads, trackers, malware, adult, gambling
+	#forward-addr: 194.242.2.6@853#family.dns.mullvad.net
+	#forward-addr: 2a07:e340::6@853#family.dns.mullvad.net
+	# Blocking all of the above
+	#forward-addr: 194.242.2.9@853#all.dns.mullvad.net
+	#forward-addr: 2a07:e340::9@853#all.dns.mullvad.net
+
+# vim: filetype=unbound.conf
--- a/etc/unbound/unbound.conf.d/nordvpn-domains.conf
+++ b/etc/unbound/unbound.conf.d/nordvpn-domains.conf
@ -0,0 +1,60 @@
+server:
+# Quad9 says pointless performance impact on forwarders.
+# https://docs.quad9.net/Quad9_For_Organizations/DNS_Forwarder_Best_Practices/#disable-qname-minimization
+qname-minimisation: no
+
+# The app needs this, also SOCKS https://support.nordvpn.com/hc/en-us/articles/20195967385745-NordVPN-proxy-setup-for-qBittorrent
+forward-zone:
+	name: "nordhold.net."
+	forward-tls-upstream: no
+	forward-addr: 2400:bb40:4444::103
+	forward-addr: 2400:bb40:8888::103
+	forward-addr: 103.86.96.100
+	forward-addr: 103.86.99.100
+
+# Main homepage
+forward-zone:
+	name: "nordvpn.com."
+	forward-tls-upstream: no
+	forward-addr: 2400:bb40:4444::103
+	forward-addr: 2400:bb40:8888::103
+	forward-addr: 103.86.96.100
+	forward-addr: 103.86.99.100
+
+# Seen in NoScript on their homepage
+forward-zone:
+	name: "nordcdn.com."
+	forward-tls-upstream: no
+	forward-addr: 2400:bb40:4444::103
+	forward-addr: 2400:bb40:8888::103
+	forward-addr: 103.86.96.100
+	forward-addr: 103.86.99.100
+
+# Listed in documentation, https://support.nordvpn.com/hc/en-us/articles/19685519701905-NordVPN-imitation-scams
+forward-zone:
+	name: "nordvpn.org."
+	forward-tls-upstream: no
+	forward-addr: 2400:bb40:4444::103
+	forward-addr: 2400:bb40:8888::103
+	forward-addr: 103.86.96.100
+	forward-addr: 103.86.99.100
+
+# Listed in documentation, https://support.nordvpn.com/hc/en-us/articles/19685519701905-NordVPN-imitation-scams
+forward-zone:
+	name: "nordvpnmedia.com."
+	forward-tls-upstream: no
+	forward-addr: 2400:bb40:4444::103
+	forward-addr: 2400:bb40:8888::103
+	forward-addr: 103.86.96.100
+	forward-addr: 103.86.99.100
+
+# Listed in documentation, https://support.nordvpn.com/hc/en-us/articles/19685519701905-NordVPN-imitation-scams
+forward-zone:
+	name: "nordsec.com."
+	forward-tls-upstream: no
+	forward-addr: 2400:bb40:4444::103
+	forward-addr: 2400:bb40:8888::103
+	forward-addr: 103.86.96.100
+	forward-addr: 103.86.99.100
+
+# vim: filetype=unbound.conf
--- a/etc/unbound/unbound.conf.d/nordvpn.conf
+++ b/etc/unbound/unbound.conf.d/nordvpn.conf
@ -1,20 +0,0 @@
-server:
-# Quad9 says pointless performance impact on forwarders.
-# https://docs.quad9.net/Quad9_For_Organizations/DNS_Forwarder_Best_Practices/#disable-qname-minimization
-qname-minimisation: no
-
-forward-zone:
-	name: "."
-	forward-tls-upstream: no
-	forward-addr: 2400:bb40:4444::103
-	forward-addr: 2400:bb40:8888::103
-	forward-addr: 103.86.96.100
-	forward-addr: 103.86.99.100
-	# DNS0.eu/open since I am unsure of whether the above works outside of NordVPN
-	# connection and I seem to have issues with automatic connection.
-	forward-addr: 2a0f:fc80::ffff
-	forward-addr: 2a0f:fc81::ffff
-	forward-addr: 193.110.81.254
-	forward-addr: 185.253.5.254
-
-# vim: filetype=unbound.conf
--- a/rc/bashrc
+++ b/rc/bashrc
@ -416,8 +416,8 @@ alias defaulttarget="systemctl enable "
 alias cwho="who -H -w -u"

 # inxi - https://smxi.org/docs/inxi.htm
-#alias inxi-install="mkdir -p ~/.local/bin && cd ~/.local/bin && \wget -Nc https://github.com/smxi/inxi/raw/master/inxi && chmod +x inxi && cd"
-#alias inxi-install-root="cd /usr/local/bin;\wget -Nc https://github.com/smxi/inxi/raw/master/inxi;chmod +x inxi;./inxi -U;cd"
+#alias inxi-install="mkdir -p ~/.local/bin && cd ~/.local/bin && \wget -Nc https://github.com/smxi/inxi/raw/master/inxi && \chmod -v +x inxi && cd"
+#alias inxi-install-root="cd /usr/local/bin;\wget -Nc https://github.com/smxi/inxi/raw/master/inxi;\chmod -v +x inxi;./inxi -U;cd"
 #alias inxi-update="inxi -U"

 # FINEID to ssh-agent
@ -425,9 +425,9 @@ alias fineid="ssh-add -s /usr/lib64/libcryptoki.so"

 # Homebrew
 #alias homebrew-install="cd ~;git clone https://github.com/Homebrew/homebrew.git --depth=1;mkdir -p .local;rsync -aP homebrew/* .local;rsync -aP homebrew/.* .local;rm -rf homebrew"
-#alias homebrew-install-root="cd /usr;git clone https://github.com/Homebrew/homebrew.git --depth=1;mkdir -p local;rsync -aP homebrew/* local;rsync -aP homebrew/.* local/;chmod -R 755 local;chown -R root:wheel local;rm -rf homebrew"
+#alias homebrew-install-root="cd /usr;git clone https://github.com/Homebrew/homebrew.git --depth=1;mkdir -p local;rsync -aP homebrew/* local;rsync -aP homebrew/.* local/;\chmod -v -R 755 local;chown -R root:wheel local;rm -rf homebrew"
 #alias linuxbrew-install="cd ~;git clone https://github.com/Homebrew/linuxbrew.git --depth=1;mkdir -p .local;rsync -aP linuxbrew/* .local;rsync -aP linuxbrew/.* .local;rm -rf linuxbrew"
-#alias linuxbrew-install-root="cd /usr;git clone https://github.com/Homebrew/linuxbrew.git --depth=1;mkdir -p local;rsync -aP linuxbrew/* local;rsync -aP linuxbrew/.* local/;chmod -R 755 local;chown -R root:wheel local;rm -rf linuxbrew"
+#alias linuxbrew-install-root="cd /usr;git clone https://github.com/Homebrew/linuxbrew.git --depth=1;mkdir -p local;rsync -aP linuxbrew/* local;rsync -aP linuxbrew/.* local/;\chmod -v -R 755 local;chown -R root:wheel local;rm -rf linuxbrew"
 #export HOMEBREW_LOGS=$HOME/.cache/Homebrew/Logs

 # OS X
--- a/rc/zshrc
+++ b/rc/zshrc
@ -396,8 +396,8 @@ alias suu="su -"
 alias cwho="who -H -w -u"

 # inxi - https://smxi.org/docs/inxi.htm
-#alias inxi-install="mkdir -p ~/.local/bin && cd ~/.local/bin && \wget -Nc https://github.com/smxi/inxi/raw/master/inxi && chmod +x inxi && cd"
-#alias inxi-install-root="cd /usr/local/bin;\wget -Nc https://github.com/smxi/inxi/raw/master/inxi;chmod +x inxi;./inxi -U;cd"
+#alias inxi-install="mkdir -p ~/.local/bin && cd ~/.local/bin && \wget -Nc https://github.com/smxi/inxi/raw/master/inxi && \chmod -v +x inxi && cd"
+#alias inxi-install-root="cd /usr/local/bin;\wget -Nc https://github.com/smxi/inxi/raw/master/inxi;\chmod -v +x inxi;./inxi -U;cd"
 #alias inxi-update="inxi -U"

 # FINEID to ssh-agent
@ -405,9 +405,9 @@ alias fineid="ssh-add -s /usr/lib64/libcryptoki.so"

 # Homebrew
 #alias homebrew-install="cd ~;git clone https://github.com/Homebrew/homebrew.git --depth=1;mkdir -p .local;rsync -aP homebrew/* .local;rsync -aP homebrew/.* .local;rm -rf homebrew"
-#alias homebrew-install-root="cd /usr;git clone https://github.com/Homebrew/homebrew.git --depth=1;mkdir -p local;rsync -aP homebrew/* local;rsync -aP homebrew/.* local/;chmod -R 755 local;chown -R root:wheel local;rm -rf homebrew"
+#alias homebrew-install-root="cd /usr;git clone https://github.com/Homebrew/homebrew.git --depth=1;mkdir -p local;rsync -aP homebrew/* local;rsync -aP homebrew/.* local/;chmod -v -R 755 local;chown -R root:wheel local;rm -rf homebrew"
 #alias linuxbrew-install="cd ~;git clone https://github.com/Homebrew/linuxbrew.git --depth=1;mkdir -p .local;rsync -aP linuxbrew/* .local;rsync -aP linuxbrew/.* .local;rm -rf linuxbrew"
-#alias linuxbrew-install-root="cd /usr;git clone https://github.com/Homebrew/linuxbrew.git --depth=1;mkdir -p local;rsync -aP linuxbrew/* local;rsync -aP linuxbrew/.* local/;chmod -R 755 local;chown -R root:wheel local;rm -rf linuxbrew"
+#alias linuxbrew-install-root="cd /usr;git clone https://github.com/Homebrew/linuxbrew.git --depth=1;mkdir -p local;rsync -aP linuxbrew/* local;rsync -aP linuxbrew/.* local/;chmod -v -R 755 local;chown -R root:wheel local;rm -rf linuxbrew"
 #export HOMEBREW_LOGS=$HOME/.cache/Homebrew/Logs

 # OS X
Author	SHA1	Message	Date
Aminda Suomalainen	901dbfe138	etc/hosts: attempt to increase legibility by adding leading and trailing #	2024-04-25 19:45:11 +03:00
Aminda Suomalainen	21b59adfd2	etc/hosts/hostname: copy Debian behaviour as a good practice	2024-04-25 19:40:56 +03:00
Aminda Suomalainen	7c3da50491	{bash,zshrc}: prepare for alias	2024-04-25 17:39:20 +03:00
Aminda Suomalainen	daae569442	chmod: fix SC quoting, add verbosity for less dangerous things	2024-04-25 17:37:26 +03:00
Aminda Suomalainen	fb65f717fc	etc: cleanup symlinks/files handled by init-browser-policies.bash They brought no value to me, just confused me in git forges by clicktrapping me and not following the symlinks	2024-04-25 17:31:09 +03:00
Aminda Suomalainen	6375d55b8f	systemd-resolved/mullvad: default to base for consistency with unbound	2024-04-25 17:27:55 +03:00
Aminda Suomalainen	17e0b68d20	unbound: add dot-mullvad.conf defalting on base I found myself missing this on an old family PC that has limited resources and as I didn't have this file at hand, I just went with AdGuard which will work too.	2024-04-25 17:24:41 +03:00
Aminda Suomalainen	a17ff2903a	unbound/nordvpn-domains.conf: add comments/sources, fix duplicate zone, add missing domains	2024-04-25 15:07:37 +03:00
Aminda Suomalainen	bbeb1d3e02	unbound/nordvpn: rename, send only their domains to them	2024-04-25 14:34:47 +03:00
Aminda Suomalainen	046b9c5f1a	systemd: use more descriptive drop-in name unbound-wanted.conf instead of unbound.conf	2024-04-25 14:10:26 +03:00