# Router
https://store.ui.com/collections/operator-edgemax-routers/products/edgerouter-x

https://en.wikipedia.org/wiki/Category_6_cable

https://umhau.github.io/openbsd-router/

https://www.openbsdhandbook.com/howto/simple_router/

# Rust Raspi 3

Install `cross-aarch64-linux-gnu`

`rustup target add aarch64-unknown-linux-gnu`

`.cargo/config.toml` <<

```
[target.aarch64-unknown-linux-gnu]
linker = "aarch64-linux-gnu-gcc"
```

`cargo build --target=aarch64-unknown-linux-gnu`

# Keyrings

Install KeePassXC

Create a new group for keyring stuff

`Setting > Secret Service Integration`

Enable it

Click the icon next to the database in the list, go to SSI

Click "Expose entries under this group" and select the group you made

Install `pinentry-gtk`

In `.gnupg/gpg-agent.conf`: `pinentry-program /usr/bin/pinentry-gtk-2`

## SSH

Add to `.zshrc`:
```
if ! pgrep -u "$USER" ssh-agent > /dev/null; then
    ssh-agent -t 5h > "$XDG_RUNTIME_DIR/ssh-agent.env"
fi
if [[ ! "$SSH_AUTH_SOCK" ]]; then
    source "$XDG_RUNTIME_DIR/ssh-agent.env" >/dev/null
fi
```

Run `ssh-add ~/.ssh/id_ed25519`

# VPS

## Services
- Website
- Writefreely
- Gitea
- Matrix
- go-ssb-room
- Agate (Gemini Server)
- mastodon-ebooks
- mail server

# OS Setup

## Software
- Void Linux
- polybar
- bspwm
- sxhkd
- pipewire
- kitty
- btrfs
- Full encryption
- [Ventoy](https://www.ventoy.net/en/index.html)
- LibreSprite
- Manyverse
- Rust tools: `zoxide, lsd, bat, pier, ouch, kalker, lethe, fd, ripgrep, procs, xh, kondo, sniffglue, ttyper`

## Games
- Dwarf Fortress
- Veloren
- [Cataclysm DDA](https://github.com/CleverRaven/Cataclysm-DDA)
- [Mindustry](https://anuke.itch.io/mindustry)

# Software

[PrismBreak](https://prism-break.org/en/)

[switching.software](https://switching.software/)

[Ethical Tech](https://ethical.net/)

[Surveillance Self-Defense](https://ssd.eff.org/en)

# DNS-over-TLS
Install `unbound`

Disable `systemd-resolved`, etc.

`sudo chattr -i /etc/resolv.conf`

```
/etc/resolv.conf <<

nameserver 127.0.0.1
nameserver ::1
options trust-ad
```

`sudo chattr +i /etc/resolv.conf`

Add basic unbound config to `/etc/unbound/unbound.conf`

`unbound-checkconf`

Enable & test

```
sudo unbound-control-setup
sudo unbound-anchor
```

Add tls config to `/etc/unbound/unbound.conf`

Restart & test again.

```
sudo tcpdump -v -i enp0s31f6 -s 65535 -w dns.pcap dst port 53 or 853
dig example.com
tshark -r dns.pcap
```

# SSH

## Generate new key
ed25519 algorithm

`ssh-keygen -t <algorithm> -b <size> -f <file name>`

`ssh-copy-id -i <priv-key file> user@host.name`

## Configure
in `~/.ssh/config`:

```
Host <alias-name>
    HostName <domain/ip>
    User <username>
    Port <port>
    IdentityFile ~/.ssh/<privkey file>
```

then `ssh <alias>`

## SSH over tor
On host:

```
HiddenServiceDir /home/tor/ssh
HiddenServicePort 22 127.0.0.1:22
```

On client:

Uninstall `gnu-netcat`, install `openbsd-netcat`

In ssh config:

```
Host onion-ssh
	HostName <onion address>
	ProxyCommand nc -X 5 -x 127.0.0.1:9050 %h %p
```

# Browser Security

## about:config tweaks
```
// Isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains.
privacy.firstparty.isolate = true

// makes Firefox more resistant to browser fingerprinting.
privacy.resistFingerprinting = true

// Blocks Fingerprinting
privacy.trackingprotection.fingerprinting.enabled = true

// Blocks cryptomining
privacy.trackingprotection.cryptomining.enabled = true

// Tracking protection
privacy.trackingprotection.enabled = true

// The attribute would be useful for letting websites track visitors' clicks.
browser.send_pings = false

// Disable preloading of autocomplete URLs.
browser.urlbar.speculativeConnect.enabled = false

// Disable that websites can get notifications if you copy, paste, or cut something
dom.event.clipboardevents.enabled = false

// Disables playback of DRM-controlled HTML5 content
media.eme.enabled = false

// Disables the Widevine Content Decryption Module provided by Google
media.gmp-widevinecdm.enabled = false

// Websites can track the microphone and camera status of your device.
media.navigator.enabled = false

// Disable cookies 
network.cookie.cookieBehavior = 1

// Only send Referer header when the full hostnames match.
network.http.referer.XOriginPolicy = 2

// When sending Referer across origins, only send scheme, host, and port
network.http.referer.XOriginTrimmingPolicy = 2

// WebGL bad for security
webgl.disabled = true

// This preference controls when to store extra information about a session
browser.sessionstore.privacy_level = 2

// Disables sending additional analytics to web servers
beacon.enabled = false

// Prevents Firefox from sending information about downloaded executable files to Google Safe Browsing
browser.safebrowsing.downloads.remote.enabled = false

// Disable Firefox prefetching pages it thinks you will visit next
network.dns.disablePrefetch = true
network.dns.disablePrefetchFromHTTPS = true
network.predictor.enabled = false
network.predictor.enable-prefetch = false
network.prefetch-next = false

// Not rendering IDNs as their Punycode equivalent leaves you open to phishing attacks
network.IDN_show_punycode = true
```

## Addons

[uBlock Origin](https://addons.mozilla.org/en-CA/firefox/addon/ublock-origin/)

[Facebook Container](https://addons.mozilla.org/en-CA/firefox/addon/facebook-container/)

[ClearURLs](https://addons.mozilla.org/en-CA/firefox/addon/clearurls/)

[TOS;DR](https://addons.mozilla.org/en-CA/firefox/addon/terms-of-service-didnt-read/)

[Decentraleyes](https://addons.mozilla.org/en-CA/firefox/addon/decentraleyes/)

[Bypass Paywalls](https://addons.mozilla.org/en-CA/firefox/addon/bypass-paywalls-firefox/)

[Deadname Remover](https://addons.mozilla.org/en-CA/firefox/addon/deadname-remover/)

[Snowflake](https://addons.mozilla.org/en-CA/firefox/addon/torproject-snowflake/)

[Skip Redirect](https://addons.mozilla.org/en-CA/firefox/addon/skip-redirect/)

[Site Bleacher](https://addons.mozilla.org/en-CA/firefox/addon/site-bleacher/)

[Privacy Redirect](https://addons.mozilla.org/en-CA/firefox/addon/privacy-redirect/)

[NoScript](https://addons.mozilla.org/en-CA/firefox/addon/noscript/)

[CSS Exfil Protection](https://addons.mozilla.org/en-CA/firefox/addon/css-exfil-protection/)

[Chameleon](https://addons.mozilla.org/en-CA/firefox/addon/chameleon-ext/)

[Multi-Account Containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/)

[HTTPZ](https://addons.mozilla.org/firefox/addon/httpz/)

[RTFM](https://addons.mozilla.org/en-US/firefox/addon/read-the-feminist-manual/)

[Refined Github](https://addons.mozilla.org/firefox/addon/refined-github-/)

## Misc Settings

- [x] Confirm before quitting with Ctrl+Q

- [ ] Play DRM-controlled content

- [x] Proxy DNS when using SOCKS v5

- Search engine: http://pvlm2b54e6z7zzb3l5c5ninikhbm2xwq7fvstg7jfcr7fu4ulp5cthqd.onion