Mikaela/shell-things
1
0
Fork 0
mirror of https://gitea.blesmrt.net/mikaela/shell-things.git synced 2025-08-19 12:47:27 +02:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: Mikaela:c9cad77caf654c3bd30d22d4e8fe4f666f76c800
Branches Tags
Mikaela:cxefa
...
compare: Mikaela:a7cf71845316037ae80145a844bee71695d84bab
Branches Tags
Mikaela:cxefa

8 Commits
c9cad77caf ... a7cf718453

Author SHA1 Message Date
Aminda Suomalainen
a7cf718453
uncound/well-known-dns.conf: add DNS0 {Zero,Kids,Open} 2024-04-20 17:59:46 +03:00
Aminda Suomalainen
41c65344f1
chromium: add dot-dns0-{kids,open,zero}.json 2024-04-20 17:53:33 +03:00
Aminda Suomalainen
437ec3b49c
chromium/doh-dns0.json: add trailing / as Chromium requires it (or fails every DNS request) 2024-04-20 17:50:57 +03:00
Aminda Suomalainen
422ab0de4e
libreawoo, unbound & resolved: uncomment Quad9 default, comment ECS 2024-04-20 17:50:12 +03:00
Aminda Suomalainen
7be705891f
local/share/applications: treat syncplay as terminal application 2024-04-20 12:39:19 +03:00
Aminda Suomalainen
5f2186c05e
applications/brave-{beta,nightly}: put the channel in front of the name 2024-04-20 12:24:04 +03:00
Aminda Suomalainen
bec7f8bbaa
separate local/share/applications & etc/xdg/autostart 2024-04-20 12:14:02 +03:00
Aminda Suomalainen
ffc4c53615
sudoers/nordvpnd: allow chronyc online 2024-04-20 11:56:14 +03:00
26 changed files with 82 additions and 100 deletions
Show Stats Expand all files Collapse all files

3
conf/.gitignore vendored
View File

@ -1,2 +1,3 @@
librewolf.overrides.cfg librewolf.overrides.cfg.js
wireplumber wireplumber
autostart

1
conf/autostart Symbolic link
View File

@ -0,0 +1 @@
../etc/xdg/autostart

4
conf/librewolf.overrides.cfg
View File

@ -112,8 +112,8 @@ pref("reader.parse-on-load.force-enabled", true);
//pref("network.trr.mode", 2); //pref("network.trr.mode", 2);
defaultPref("network.trr.mode", 3); defaultPref("network.trr.mode", 3);
pref("network.trr.early-AAAA", true); pref("network.trr.early-AAAA", true);
//defaultPref("network.trr.uri", "https://dns0.eu"); defaultPref("network.trr.uri", "https://dns0.eu/");
defaultPref("network.trr.uri"), "https://dns11.quad9.net/dns-query"); //defaultPref("network.trr.uri"), "https://dns11.quad9.net/dns-query");
//defaultPref("network.trr.uri", "https://dns.adguard-dns.com/dns-query"); //defaultPref("network.trr.uri", "https://dns.adguard-dns.com/dns-query");
// NOTE: ECH requires TRR, so mode 2 may not use it. // NOTE: ECH requires TRR, so mode 2 may not use it.
defaultPref("network.trr.disable-ECS", false); defaultPref("network.trr.disable-ECS", false);

2
etc/firefox/policies/policies.json
View File

@ -25,7 +25,7 @@
"DNSOverHTTPS": { "DNSOverHTTPS": {
"Enabled": true, "Enabled": true,
"Locked": false, "Locked": false,
"ProviderURL": "https://dns11.quad9.net/dns-query" "ProviderURL": "https://dns0.eu/"
}, },
"DisablePocket": false, "DisablePocket": false,
"EnableTrackingProtection": { "EnableTrackingProtection": {

3
etc/opt/chromium/policies/managed/doh-dns0-kids.json Normal file
View File

@ -0,0 +1,3 @@
{
"DnsOverHttpsTemplates": "https://kids.dns0.eu/"
}

3
etc/opt/chromium/policies/managed/doh-dns0-open.json Normal file
View File

@ -0,0 +1,3 @@
{
"DnsOverHttpsTemplates": "https://open.dns0.eu/"
}

3
etc/opt/chromium/policies/managed/doh-dns0-zero.json Normal file
View File

@ -0,0 +1,3 @@
{
"DnsOverHttpsTemplates": "https://zero.dns0.eu/"
}

2
etc/opt/chromium/policies/managed/doh-dns0.json
View File

@ -1,3 +1,3 @@
{ {
"DnsOverHttpsTemplates": "https://dns0.eu" "DnsOverHttpsTemplates": "https://dns0.eu/"
} }

2
etc/sudoers.d/nordvpnd
View File

@ -10,3 +10,5 @@
# used in my scripts of disconnecting from nordvpn and restoring IPv6 # used in my scripts of disconnecting from nordvpn and restoring IPv6
%nordvpn ALL=NOPASSWD: /bin/systemctl restart iwd.service %nordvpn ALL=NOPASSWD: /bin/systemctl restart iwd.service
%nordvpn ALL=NOPASSWD: /bin/systemctl restart systemd-networkd.service %nordvpn ALL=NOPASSWD: /bin/systemctl restart systemd-networkd.service
# Tells Chrony we are connected and thus maybe connects to IPv6 NTP servers
%nordvpn ALL=NOPASSWD: /usr/bin/chronyc online

4
etc/systemd/resolved.conf.d/dot-quad9.conf
View File

@ -1,10 +1,10 @@
[Resolve] [Resolve]
# Secure # Secure
#DNS=2620:fe::9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 9.9.9.9#dns.quad9.net DNS=2620:fe::9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 9.9.9.9#dns.quad9.net
# No Threat Blocking # No Threat Blocking
#DNS=2620:fe::10#dns10.quad9.net 149.112.112.10#dns10.quad9.net 2620:fe::fe:10#dns10.quad9.net 9.9.9.10#dns10.quad9.net #DNS=2620:fe::10#dns10.quad9.net 149.112.112.10#dns10.quad9.net 2620:fe::fe:10#dns10.quad9.net 9.9.9.10#dns10.quad9.net
# Secure + ECS # Secure + ECS
DNS=2620:fe::11#dns11.quad9.net 149.112.112.11#dns11.quad9.net 2620:fe::fe:11#dns11.quad9.net 9.9.9.11#dns11.quad9.net #DNS=2620:fe::11#dns11.quad9.net 149.112.112.11#dns11.quad9.net 2620:fe::fe:11#dns11.quad9.net 9.9.9.11#dns11.quad9.net
# No Threat Blocking + ECS # No Threat Blocking + ECS
#DNS=9.9.9.12#dns12.quad9.net 149.112.112.12#dns12.quad9.net 2620:fe::12#dns12.quad9.net 2620:fe::fe:12#dns12.quad9.net #DNS=9.9.9.12#dns12.quad9.net 149.112.112.12#dns12.quad9.net 2620:fe::12#dns12.quad9.net 2620:fe::fe:12#dns12.quad9.net
# Uncomment for port 443 resolver # Uncomment for port 443 resolver

60
etc/unbound/unbound.conf.d/dot-dns0-quad9.conf
View File

@ -1,60 +0,0 @@
# This is merging of dot-dns0.conf & dot-quad9.conf
# Both are filtering DNS servers, so this brings risk of something being
# blocked by only one of them. However both are non-profits and have servers
# in Finland.
# Another issue is DNS0 having private ECS, while Quad9 with ECS enabled is
# not.
server:
# Debian ca-certificates location
#tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# Fedora
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Use system certificates no matter where they are
tls-system-cert: yes
# Quad9 says pointless performance impact on forwarders.
# https://docs.quad9.net/Quad9_For_Organizations/DNS_Forwarder_Best_Practices/#disable-qname-minimization
qname-minimisation: no
forward-zone:
name: "."
forward-tls-upstream: yes
## DNS0.eu
# Default
forward-addr: 2a0f:fc80::@853#dns0.eu
forward-addr: 193.110.81.0@853#dns0.eu
forward-addr: 2a0f:fc81::@853#dns0.eu
forward-addr: 185.253.5.0@853#dns0.eu
## Unfiltered
#forward-addr: 193.110.81.254@853#open.dns0.eu
#forward-addr: 185.253.5.254@853#open.dns0.eu
#forward-addr: 2a0f:fc80::ffff@853#open.dns0.eu
#forward-addr: 2a0f:fc81::ffff@853#open.dns0.eu
## Heavier filtering
#forward-addr: 2a0f:fc80::9@853#zero.dns0.eu
#forward-addr: 193.110.81.9@853#zero.dns0.eu
#forward-addr: 2a0f:fc81::9@853#zero.dns0.eu
#forward-addr: 185.253.5.9@853#zero.dns0.eu
## Quad9
## Secure
#forward-addr: 2620:fe::fe@853#dns.quad9.net
#forward-addr: 9.9.9.9@853#dns.quad9.net
#forward-addr: 2620:fe::9@853#dns.quad9.net
#forward-addr: 149.112.112.112@853#dns.quad9.net
## No Threat Blocking
#forward-addr: 2620:fe::fe:10@853#dns10.quad9.net
#forward-addr: 149.112.112.10@853#dns10.quad9.net
#forward-addr: 2620:fe::10@853#dns10.quad9.net
#forward-addr: 9.9.9.10@853#dns10.quad9.net
## Secure + ECS
forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
forward-addr: 9.9.9.11@853#dns11.quad9.net
forward-addr: 2620:fe::11@853#dns11.quad9.net
forward-addr: 149.112.112.11@853#dns11.quad9.net
## No Threat Blocking + ECS
#forward-addr: 2620:fe::fe:12@853#dns12.quad9.net
#forward-addr: 9.9.9.12@853#dns12.quad9.net
#forward-addr: 2620:fe::12@853#dns12.quad9.net
#forward-addr: 149.112.112.12@853#dns12.quad9.net
# vim: filetype=unbound.conf

16
etc/unbound/unbound.conf.d/dot-quad9.conf
View File

@ -13,20 +13,20 @@ forward-zone:
name: "." name: "."
forward-tls-upstream: yes forward-tls-upstream: yes
## Secure ## Secure
#forward-addr: 2620:fe::fe@853#dns.quad9.net forward-addr: 2620:fe::fe@853#dns.quad9.net
#forward-addr: 9.9.9.9@853#dns.quad9.net forward-addr: 9.9.9.9@853#dns.quad9.net
#forward-addr: 2620:fe::9@853#dns.quad9.net forward-addr: 2620:fe::9@853#dns.quad9.net
#forward-addr: 149.112.112.112@853#dns.quad9.net forward-addr: 149.112.112.112@853#dns.quad9.net
## No Threat Blocking ## No Threat Blocking
#forward-addr: 2620:fe::fe:10@853#dns10.quad9.net #forward-addr: 2620:fe::fe:10@853#dns10.quad9.net
#forward-addr: 149.112.112.10@853#dns10.quad9.net #forward-addr: 149.112.112.10@853#dns10.quad9.net
#forward-addr: 2620:fe::10@853#dns10.quad9.net #forward-addr: 2620:fe::10@853#dns10.quad9.net
#forward-addr: 9.9.9.10@853#dns10.quad9.net #forward-addr: 9.9.9.10@853#dns10.quad9.net
## Secure + ECS ## Secure + ECS
forward-addr: 2620:fe::fe:11@853#dns11.quad9.net #forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
forward-addr: 9.9.9.11@853#dns11.quad9.net #forward-addr: 9.9.9.11@853#dns11.quad9.net
forward-addr: 2620:fe::11@853#dns11.quad9.net #forward-addr: 2620:fe::11@853#dns11.quad9.net
forward-addr: 149.112.112.11@853#dns11.quad9.net #forward-addr: 149.112.112.11@853#dns11.quad9.net
## No Threat Blocking + ECS ## No Threat Blocking + ECS
#forward-addr: 2620:fe::fe:12@853#dns12.quad9.net #forward-addr: 2620:fe::fe:12@853#dns12.quad9.net
#forward-addr: 9.9.9.12@853#dns12.quad9.net #forward-addr: 9.9.9.12@853#dns12.quad9.net

15
etc/unbound/unbound.conf.d/well-known-dns.conf
View File

@ -26,6 +26,21 @@ server:
local-data: "dns0.eu. A 185.253.5.0" local-data: "dns0.eu. A 185.253.5.0"
local-data: "dns0.eu. AAAA 2a0f:fc80::" local-data: "dns0.eu. AAAA 2a0f:fc80::"
local-data: "dns0.eu. AAAA 2a0f:fc81::" local-data: "dns0.eu. AAAA 2a0f:fc81::"
# DNS0 Zero
local-data: "zero.dns0.eu. A 193.110.81.9"
local-data: "zero.dns0.eu. A 185.253.5.9"
local-data: "zero.dns0.eu. AAAA 2a0f:fc80::9"
local-data: "zero.dns0.eu. AAAA 2a0f:fc81::9"
# DNS0 Kids
local-data: "kids.dns0.eu. A 193.110.81.1"
local-data: "kids.dns0.eu. A 185.253.5.1"
local-data: "kids.dns0.eu. AAAA 2a0f:fc80::1"
local-data: "kids.dns0.eu. AAAA 2a0f:fc81::1"
# DNS0 Open
local-data: "open.dns0.eu. A 193.110.81.254"
local-data: "open.dns0.eu. A 185.253.5.254"
local-data: "open.dns0.eu. AAAA 2a0f:fc80::ffff"
local-data: "open.dns0.eu. AAAA 2a0f:fc81::ffff"
# Cloudflare # Cloudflare
local-data: "cloudflare-dns.com. A 1.1.1.1" local-data: "cloudflare-dns.com. A 1.1.1.1"
local-data: "cloudflare-dns.com. A 1.0.0.1" local-data: "cloudflare-dns.com. A 1.0.0.1"

1
etc/xdg/.gitignore vendored
View File

@ -1 +0,0 @@
autostart

1
etc/xdg/autostart
View File

@ -1 +0,0 @@
../../local/share/applications

1
etc/xdg/autostart/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
org.telegram.desktop

3
etc/xdg/autostart/README.md Normal file
View File

@ -0,0 +1,3 @@
# Autostart files for graphical desktop environments
This mostly caters for my family.

2
local/share/applications/com.github.wwmm.easyeffects.desktop → etc/xdg/autostart/easyeffects-service.desktop
View File

@ -1,5 +1,5 @@
[Desktop Entry] [Desktop Entry]
Name=PulseEffects Name=EasyEffects
Exec=/usr/bin/flatpak run com.github.wwmm.easyeffects --gapplication-service Exec=/usr/bin/flatpak run com.github.wwmm.easyeffects --gapplication-service
Type=Application Type=Application
Icon=com.github.wwmm.easyeffects Icon=com.github.wwmm.easyeffects

1
etc/xdg/autostart/org.telegram.desktop Symbolic link
View File

@ -0,0 +1 @@
/var/lib/flatpak/exports/bin/org.telegram.desktop

5
etc/xdg/autostart/wlsunset-kotka.desktop Normal file
View File

@ -0,0 +1,5 @@
[Desktop Entry]
Type=Application
Exec=wlsunset -l 60.46742 -L 26.94508 -t 1000
Name=wlsunset @ Kotka
Icon=wlsunset

33
local/share/applications/README.md
View File

@ -1,21 +1,36 @@
# `.desktop` entries # Custom app menu entries
These can be used for many things such as These can be used for either `~/.local/share/applications` or
`/usr/local/share/applications` which are read by graphical desktop
environments for their app menus and default applications selections.
- `~/.local/share/applications` (graphical desktop environments populate app Additionally `~/.config/autostart` or `/etc/xdg/autostart` could symlink here
menu from here) so graphical desktop environments started the apps on login.
- `~/.config/autostart` (graphical desktop environments read user autostarts
here) <!-- editorconfig-checker-disable -->
- `/usr/local/share/applications` (global version of above) <!-- prettier-ignore-start -->
- `/etc/xdg/autostart` (global version of the above)
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
- [`a-*.desktop`](#a-desktop)
- [Refreshing the menus](#refreshing-the-menus)
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
<!-- prettier-ignore-end -->
<!-- editorconfig-checker-enable -->
## `a-*.desktop` ## `a-*.desktop`
These files are companions to my script repos `bash/usr-local-bin/*` belonging These files are companions to my script repos `bash/usr-local-bin/*` belonging
to `/usr/local/share/applications` and are named so to to `/usr/local/share/applications` and are named so to
avoid masking package manager. They have clearly different names such as using avoid masking package manager. They have clearly different names such as using
all caps. To refresh them: all caps.
## Refreshing the menus
```bash ```bash
update-desktop-database -v ~/.local/share/applications
sudo update-desktop-database -v /usr/local/share/applications sudo update-desktop-database -v /usr/local/share/applications
``` ```

2
local/share/applications/a-brave-beta.desktop
View File

@ -1,7 +1,7 @@
[Desktop Entry] [Desktop Entry]
Version=1.0 Version=1.0
Type=Application Type=Application
Name=BRAVE BETA Name=BETA BRAVE
Exec=/usr/local/bin/brave-beta %U Exec=/usr/local/bin/brave-beta %U
StartupNotify=true StartupNotify=true
Terminal=false Terminal=false

4
local/share/applications/a-brave-nightly.desktop
View File

@ -1,8 +1,8 @@
[Desktop Entry] [Desktop Entry]
Version=1.0 Version=1.0
Type=Application Type=Application
Name=BRAVE NIGHTLY Name=NIGHTLY BRAVE
Name[fi]=BRAVE EPÄVAKAIN Name[fi]=EPÄVAKAIN BRAVE
Exec=/usr/local/bin/brave-nightly %U Exec=/usr/local/bin/brave-nightly %U
StartupNotify=true StartupNotify=true
Terminal=false Terminal=false

5
local/share/applications/a-jami.desktop
View File

@ -1,5 +0,0 @@
[Desktop Entry]
Name=JAMI
Exec=flatpak run --env=TZ=UTC net.jami.Jami
Icon=net.jami.Jami
Type=Application

1
local/share/applications/a-syncplay.desktop
View File

@ -1,6 +1,7 @@
[Desktop Entry] [Desktop Entry]
Name=SYNCPLAY Name=SYNCPLAY
Exec=/usr/local/bin/syncplay %u Exec=/usr/local/bin/syncplay %u
Terminal=true
Type=Application Type=Application
Icon=syncplay Icon=syncplay
Categories=AudioVideo;Audio;Video; Categories=AudioVideo;Audio;Video;

5
local/share/applications/a-telegram.desktop
View File

@ -1,5 +0,0 @@
[Desktop Entry]
Name=TELEGRAM
Exec=/usr/local/bin/telegram-desktop
Icon=telegram
Type=Application