local/share/applications: add a desktop entry for briar

For some reason they make connection to 1.1.1.1 appear as no or unreachable.

conf/sway/config.d/autostart-p2p-communication.conf

@@ -1,3 +1,3 @@
 # Very Important Communication Programs, P2P, not expected to get sold
 exec --no-startup-id flatpak run --env=TZ=UTC net.jami.Jami
-exec --no-startup-id flatpak run org.briarproject.Briar//stable
+exec --no-startup-id /usr/local/bin/briar

etc/chrony/sources.d/.gitignore

@@ -1,2 +1,3 @@
 jauderho-nts.sources
 jauderho-nts-servers
+local-servers.sources

etc/chrony/sources.d/local-servers.sources

@@ -1,11 +0,0 @@
-# xleave probably won't be on local router
-#server LOCALMACHINE.local iburst auto_offline xleave prefer
-
-# Or alternatively reciprocally TODO: how do `key` options work? This
-#  apparently should only be done in trusted LAN.
-# xleave is probably best to be used with other local Chronys, I somehow
-#  doubt potential router NTP might have it.
-#   A lot of reading say that it's better to use "server" on both sides
-#   rather than peer, I think even Chrony manual and that is where I took
-#   trusted LAN
-#peer LOCALMACHINE.local auto_offline xleave prefer

etc/chrony/sources.d/local-servers.sources.sample

@@ -0,0 +1,20 @@
+# In my experience local routers are unlikely to support xleave
+# I don't remember if this does NTP, probably not, but auto_offline.
+server 192.168.8.1 iburst auto_offline prefer
+# Local router, MikroTik
+server 192.168.88.1 iburst auto_offline prefer
+
+# Local machines/Chronys
+server sedric.local iburst auto_offline xleave prefer
+server lumina.local iburst auto_offline xleave prefer
+server rbtpzn.local iburst auto_offline xleave prefer
+server zaldaryn.local iburst auto_offline xleave prefer
+
+# Or alternatively reciprocally TODO: how do `key` options work? This
+#  apparently should only be done in trusted LAN.
+# xleave is probably best to be used with other local Chronys, I somehow
+#  doubt potential router NTP might have it.
+#   A lot of reading say that it's better to use "server" on both sides
+#   rather than peer, I think even Chrony manual and that is where I took
+#   trusted LAN
+#peer LOCALMACHINE.local auto_offline xleave prefer

etc/firefox/policies/policies.json

@@ -14,7 +14,8 @@
             "teams.microsoft.com",
             "bittimittari.fi",
             "pp-attester-turnstile.research.cloudflare.com",
-            "keyoxide.org"
+            "keyoxide.org",
+            "one.one.one.one"
           ],
           "learnInIncognito": true,
           "learnLocally": true,

etc/opt/chromium/policies/managed/aminda-extensions.json

@@ -13,7 +13,8 @@
           "teams.microsoft.com",
           "bittimittari.fi",
           "pp-attester-turnstile.research.cloudflare.com",
-          "keyoxide.org"
+          "keyoxide.org",
+          "one.one.one.one"
         ],
         "learnInIncognito": true,
         "learnLocally": true,

etc/opt/chromium/policies/managed/brave-shields-disabled.json

@@ -10,7 +10,8 @@
     "https://glowing-bear.org",
     "https://latest.glowing-bear.org",
     "https://bittimittari.fi",
-    "pp-attester-turnstile.research.cloudflare.com",
+    "https://pp-attester-turnstile.research.cloudflare.com",
-    "keyoxide.org"
+    "https://keyoxide.org",
+    "https://one.one.one.one"
   ]
 }

etc/systemd/resolved.conf.d/.gitignore

@@ -1 +1,2 @@
-dot-trex.conf
+10-dot-trex.conf
+99-lan-resolver.conf

etc/systemd/resolved.conf.d/98-local-resolver.conf

@@ -1,5 +1,6 @@
-# Being at the end of the English alphabet, this file will take priority
+# Being at the higher end of numbers, this file will take priority assuming
-# and override values of others with the unsets.
+# nothing else uses the prefix 99- and override values of others with the
+# unsets.
 [Resolve]
 DNSSEC=false
 DNSOverTLS=false

etc/systemd/resolved.conf.d/99-lan-resolver.conf.sample

@@ -0,0 +1,12 @@
+[Resolve]
+# These could be used in some business
+#DNS=10.0.0.1
+#DNS=172.16.0.1
+# Average router
+#DNS=192.168.0.1
+# Huawei?
+#DNS=192.168.8.1
+# Mikrotik
+#DNS=192.168.88.1
+
+# vim: filetype=systemd

etc/systemd/resolved.conf.d/README.md

@@ -32,9 +32,14 @@ sudo systemctl restart systemd-resolved
   should exist anyway as I don't trust systemd-resolved entirely. Anyway if
   there truly is no local resolver, systemd-resolved will detect that and act accordingly.)
   - To rephrase, this is to be used together with other files, especially
-    some of those beginning with `dot-`.
+    some of those beginning with `10-dot-`.
-- `dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS.
+- `10-dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS.
   At least one of these should be used in addition to `00-defaults.conf`
+- `98-local-resolver.conf` attempts to configure localhost resolver and
+  disables unnecessary features for that scenario.
+- `99-lan-resolver.conf.sample` when renamed would allow enabling resolvers on
+  LAN assuming they are trusted. Note that if used together with
+  `98-local-resolver.conf`, DNSSEC would be disabled.
 - `README.md` - you are reading it right now.
 
 ## General commentary

etc/systemd/resolved.conf.d/dot-trex.conf

@@ -1 +0,0 @@
-dot-quad9.conf

local/share/applications/briar.desktop

@@ -0,0 +1,5 @@
+[Desktop Entry]
+Name=BRIAR
+Exec=/usr/local/bin/briar
+Type=Application
+Icon=org.briarproject.Briar