etc/dracut.conf.d: add sedric configs

etc/dnf/protected.d: add systemd-ukify.conf although not yet in use
systemd-resolved & unbound: comment ECS servers again.
2025-08-19 12:47:27 +02:00 · 2024-05-03 21:19:32 +03:00 · 2024-05-03 20:48:14 +03:00 · 2024-05-03 18:07:51 +03:00
10 changed files with 36 additions and 20 deletions
--- a/etc/dnf/protected.d/systemd-ukify.conf
+++ b/etc/dnf/protected.d/systemd-ukify.conf
@ -0,0 +1 @@
+systemd-ukify
--- a/etc/dracut.conf.d/99-cmdline.conf.sedric
+++ b/etc/dracut.conf.d/99-cmdline.conf.sedric
@ -0,0 +1 @@
+kernel_cmdline="root=UUID=c3df30ca-878b-4125-bcb4-ba3ba4398efd ro rd.lvm.lv=fedora_localhost-live/root rd.luks.uuid=luks-f9a33e19-4176-44b3-8e06-2ee7fb70f3d0 quiet mitigations=auto noresume hibernate=no nohibernate quiet random.trust_cpu=on btusb.force_scofix=1 btusb.enable_autosuspend=0 initcall_blacklist=simpledrm_platform_driver_init cpufreq.default_governor=schedutil nvidia-drm.modeset=1 rw rd.driver.blacklist=nouveau modprobe.blacklist=nouveau lockdown=confidentiality"
--- a/etc/dracut.conf.d/README.md
+++ b/etc/dracut.conf.d/README.md
@ -0,0 +1,10 @@
+My dracut configuratino files mainly for generating unified kerneil images
+(uki).
+
+# WARNING!
+
+Sedric has a 96M EFI partition courtesy of Windows and thus it has a lot of
+attempts for decreasing the kernel size. Since moving it to UKI, I am yet to
+go through what of it is actually useful and worth keeping around and at least
+disabling recovery seems dangerous if I can save space by omitting somnething
+else.
--- a/etc/dracut.conf.d/compress.conf.sedric
+++ b/etc/dracut.conf.d/compress.conf.sedric
@ -0,0 +1 @@
+comress="lz4"
--- a/etc/dracut.conf.d/hostonly.conf.sedric
+++ b/etc/dracut.conf.d/hostonly.conf.sedric
@ -0,0 +1 @@
+hostonly="yes"
--- a/etc/dracut.conf.d/no_recovery.conf.sedric
+++ b/etc/dracut.conf.d/no_recovery.conf.sedric
@ -0,0 +1 @@
+dracut_rescue_image="no"
--- a/etc/dracut.conf.d/omit_modules.conf.sedric
+++ b/etc/dracut.conf.d/omit_modules.conf.sedric
@ -0,0 +1 @@
+omit_dracutmodules+=" plymouth tpm2-tss kernel-modules-extra network-manager network-legacy connman "
--- a/etc/systemd/resolved.conf.d/10-dot-quad9.conf
+++ b/etc/systemd/resolved.conf.d/10-dot-quad9.conf
@ -3,17 +3,17 @@
 # encryption, but host a Quad9 node and giving these addresses instead.
 [Resolve]
 # Secure
-#DNS=2620:fe::9#dns.quad9.net 2620:fe::fe#dns.quad9.net [2620:fe::9]:8853#dns.quad9.net [2620:fe::fe]:8853#dns.quad9.net
+DNS=2620:fe::9#dns.quad9.net 2620:fe::fe#dns.quad9.net [2620:fe::9]:8853#dns.quad9.net [2620:fe::fe]:8853#dns.quad9.net
 DNS=149.112.112.112#dns.quad9.net 9.9.9.9#dns.quad9.net 149.112.112.112:8853#dns.quad9.net 9.9.9.9:8853#dns.quad9.net
 # No Threat Blocking
 #DNS=2620:fe::10#dns10.quad9.net 2620:fe::fe:10#dns10.quad9.net [2620:fe::10]:8853#dns10.quad9.net [2620:fe::fe:10]:8853#dns10.quad9.net
 #DNS=149.112.112.10#dns10.quad9.net 9.9.9.10#dns10.quad9.net 149.112.112.10:8853#dns10.quad9.net 9.9.9.10:8853#dns10.quad9.net
 # Secure + ECS
-DNS=2620:fe::11#dns11.quad9.net 2620:fe::fe:11#dns11.quad9.net [2620:fe::11]:8853#dns11.quad9.net [2620:fe::fe:11]:8853#dns11.quad9.net
+#DNS=2620:fe::11#dns11.quad9.net 2620:fe::fe:11#dns11.quad9.net [2620:fe::11]:8853#dns11.quad9.net [2620:fe::fe:11]:8853#dns11.quad9.net
 #DNS=149.112.112.11#dns11.quad9.net 9.9.9.11#dns11.quad9.net 149.112.112.11:8853#dns11.quad9.net 9.9.9.11:8853#dns11.quad9.net
 # No Threat Blocking + ECS
-DNS=2620:fe::12#dns12.quad9.net 2620:fe::fe:12#dns12.quad9.net [2620:fe::12]:8853#dns12.quad9.net [2620:fe::fe:12]:8853#dns12.quad9.net
-DNS=9.9.9.12#dns12.quad9.net 149.112.112.12#dns12.quad9.net 9.9.9.12:8853#dns12.quad9.net 149.112.112.12:8853#dns12.quad9.net
+#DNS=2620:fe::12#dns12.quad9.net 2620:fe::fe:12#dns12.quad9.net [2620:fe::12]:8853#dns12.quad9.net [2620:fe::fe:12]:8853#dns12.quad9.net
+#DNS=9.9.9.12#dns12.quad9.net 149.112.112.12#dns12.quad9.net 9.9.9.12:8853#dns12.quad9.net 149.112.112.12:8853#dns12.quad9.net
 #DNSOverTLS=true

 # vim: filetype=systemd
--- a/etc/unbound/unbound.conf.d/dns-over-tls.conf
+++ b/etc/unbound/unbound.conf.d/dns-over-tls.conf
@ -42,21 +42,21 @@ forward-zone:
 	forward-addr: 2606:1a40:1::@853#s0.freedns.controld.com

 	# Quad9 unfiltered, anycast, no ECS, no DNSSEC (Unbound does that)
-	#forward-addr: 2620:fe::fe:10@853#dns10.quad9.net
-	#forward-addr: 2620:fe::fe:10@8853#dns10.quad9.net
+	forward-addr: 2620:fe::fe:10@853#dns10.quad9.net
+	forward-addr: 2620:fe::fe:10@8853#dns10.quad9.net
 	forward-addr: 149.112.112.10@853#dns10.quad9.net
 	forward-addr: 149.112.112.10@8853#dns10.quad9.net
-	#forward-addr: 2620:fe::10@853#dns10.quad9.net
-	#forward-addr: 2620:fe::10@8853#dns10.quad9.net
+	forward-addr: 2620:fe::10@853#dns10.quad9.net
+	forward-addr: 2620:fe::10@8853#dns10.quad9.net
 	forward-addr: 9.9.9.10@853#dns10.quad9.net
 	forward-addr: 9.9.9.10@8853#dns10.quad9.net
 	# Quad9 unfiltered, anycast, ECS, no DNSSEC (Unbound does that)
-	forward-addr: 2620:fe::fe:12@853#dns12.quad9.net
-	forward-addr: 2620:fe::fe:12@8853#dns12.quad9.net
+	#forward-addr: 2620:fe::fe:12@853#dns12.quad9.net
+	#forward-addr: 2620:fe::fe:12@8853#dns12.quad9.net
 	#forward-addr: 9.9.9.12@853#dns12.quad9.net
 	#forward-addr: 9.9.9.12@8853#dns12.quad9.net
-	forward-addr: 2620:fe::12@853#dns12.quad9.net
-	forward-addr: 2620:fe::12@8853#dns12.quad9.net
+	#forward-addr: 2620:fe::12@853#dns12.quad9.net
+	#forward-addr: 2620:fe::12@8853#dns12.quad9.net
 	#forward-addr: 149.112.112.12@853#dns12.quad9.net
 	#forward-addr: 149.112.112.12@8853#dns12.quad9.net

--- a/etc/unbound/unbound.conf.d/dot-quad9.conf
+++ b/etc/unbound/unbound.conf.d/dot-quad9.conf
@ -17,10 +17,10 @@ forward-zone:
 	name: "."
 	forward-tls-upstream: yes
 	## Secure
-	#forward-addr: 2620:fe::fe@853#dns.quad9.net
-	#forward-addr: 2620:fe::fe@8853#dns.quad9.net
-	#forward-addr: 2620:fe::9@853#dns.quad9.net
-	#forward-addr: 2620:fe::9@8853#dns.quad9.net
+	forward-addr: 2620:fe::fe@853#dns.quad9.net
+	forward-addr: 2620:fe::fe@8853#dns.quad9.net
+	forward-addr: 2620:fe::9@853#dns.quad9.net
+	forward-addr: 2620:fe::9@8853#dns.quad9.net
 	forward-addr: 9.9.9.9@853#dns.quad9.net
 	forward-addr: 9.9.9.9@8853#dns.quad9.net
 	forward-addr: 149.112.112.112@853#dns.quad9.net
@ -35,12 +35,12 @@ forward-zone:
 	#forward-addr: 9.9.9.10@853#dns10.quad9.net
 	#forward-addr: 9.9.9.10@8853#dns10.quad9.net
 	## Secure + ECS
-	forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
-	forward-addr: 2620:fe::fe:11@8853#dns11.quad9.net
+	#forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
+	#forward-addr: 2620:fe::fe:11@8853#dns11.quad9.net
 	#forward-addr: 9.9.9.11@853#dns11.quad9.net
 	#forward-addr: 9.9.9.11@8853#dns11.quad9.net
-	forward-addr: 2620:fe::11@853#dns11.quad9.net
-	forward-addr: 2620:fe::11@8853#dns11.quad9.net
+	#forward-addr: 2620:fe::11@853#dns11.quad9.net
+	#forward-addr: 2620:fe::11@8853#dns11.quad9.net
 	#forward-addr: 149.112.112.11@853#dns11.quad9.net
 	#forward-addr: 149.112.112.11@8853#dns11.quad9.net
 	## No Threat Blocking + ECS
Author	SHA1	Message	Date
Aminda Suomalainen	0063e2409b	etc/dracut.conf.d: add sedric configs	2024-05-03 21:19:32 +03:00
Aminda Suomalainen	175256d8e4	etc/dnf/protected.d: add systemd-ukify.conf although not yet in use	2024-05-03 20:48:14 +03:00
Aminda Suomalainen	252f77ab0c	systemd-resolved & unbound: comment ECS servers again. This partially reverts 85c7fedcb21cfa3a173f7ff3d1a9e35d1f449086 and will be explained at https://aminda.eu/n/dns soon	2024-05-03 18:07:51 +03:00
				`@ -0,0 +1 @@`
				`kernel_cmdline="root=UUID=c3df30ca-878b-4125-bcb4-ba3ba4398efd ro rd.lvm.lv=fedora_localhost-live/root rd.luks.uuid=luks-f9a33e19-4176-44b3-8e06-2ee7fb70f3d0 quiet mitigations=auto noresume hibernate=no nohibernate quiet random.trust_cpu=on btusb.force_scofix=1 btusb.enable_autosuspend=0 initcall_blacklist=simpledrm_platform_driver_init cpufreq.default_governor=schedutil nvidia-drm.modeset=1 rw rd.driver.blacklist=nouveau modprobe.blacklist=nouveau lockdown=confidentiality"`
				`@ -0,0 +1 @@`
				`omit_dracutmodules+=" plymouth tpm2-tss kernel-modules-extra network-manager network-legacy connman "`