erin
/
misc
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2022-05-11. You can view files and clone it, but cannot push or open issues or pull requests.
misc/docs/knowledge.md

297 lines
6.8 KiB
Markdown
Raw Blame History

# Router
https://store.ui.com/collections/operator-edgemax-routers/products/edgerouter-x
https://en.wikipedia.org/wiki/Category_6_cable
https://umhau.github.io/openbsd-router/
https://www.openbsdhandbook.com/howto/simple_router/
# Rust Raspi 3
Install `cross-aarch64-linux-gnu`
`rustup target add aarch64-unknown-linux-gnu`
`.cargo/config.toml` <<
```
[target.aarch64-unknown-linux-gnu]
linker = "aarch64-linux-gnu-gcc"
```
`cargo build --target=aarch64-unknown-linux-gnu`
# Keyrings
Install KeePassXC
Create a new group for keyring stuff
`Setting > Secret Service Integration`
Enable it
Click the icon next to the database in the list, go to SSI
Click "Expose entries under this group" and select the group you made
Install `pinentry-gtk`
In `.gnupg/gpg-agent.conf`: `pinentry-program /usr/bin/pinentry-gtk-2`
## SSH
Add to `.zshrc`:
```
if ! pgrep -u "$USER" ssh-agent > /dev/null; then
ssh-agent -t 5h > "$XDG_RUNTIME_DIR/ssh-agent.env"
fi
if [[ ! "$SSH_AUTH_SOCK" ]]; then
source "$XDG_RUNTIME_DIR/ssh-agent.env" >/dev/null
fi
```
Run `ssh-add ~/.ssh/id_ed25519`
# VPS
## Services
- Website
- Writefreely
- Gitea
- Matrix
- go-ssb-room
- Agate (Gemini Server)
- mastodon-ebooks
- mail server
# OS Setup
## Software
- Void Linux
- polybar
- bspwm
- sxhkd
- pipewire
- kitty
- btrfs
- Full encryption
- [Ventoy](https://www.ventoy.net/en/index.html)
- LibreSprite
- Manyverse
- Rust tools: `zoxide, lsd, bat, pier, ouch, kalker, lethe, fd, ripgrep, procs, xh, kondo, sniffglue, ttyper`
## Games
- Dwarf Fortress
- Veloren
- [Cataclysm DDA](https://github.com/CleverRaven/Cataclysm-DDA)
- [Mindustry](https://anuke.itch.io/mindustry)
# Software
[PrismBreak](https://prism-break.org/en/)
[switching.software](https://switching.software/)
[Ethical Tech](https://ethical.net/)
[Surveillance Self-Defense](https://ssd.eff.org/en)
# DNS-over-TLS
Install `unbound`
Disable `systemd-resolved`, etc.
`sudo chattr -i /etc/resolv.conf`
```
/etc/resolv.conf <<
nameserver 127.0.0.1
nameserver ::1
options trust-ad
```
`sudo chattr +i /etc/resolv.conf`
Add basic unbound config to `/etc/unbound/unbound.conf`
`unbound-checkconf`
Enable & test
```
sudo unbound-control-setup
sudo unbound-anchor
```
Add tls config to `/etc/unbound/unbound.conf`
Restart & test again.
```
sudo tcpdump -v -i enp0s31f6 -s 65535 -w dns.pcap dst port 53 or 853
dig example.com
tshark -r dns.pcap
```
# SSH
## Generate new key
ed25519 algorithm
`ssh-keygen -t <algorithm> -b <size> -f <file name>`
`ssh-copy-id -i <priv-key file> user@host.name`
## Configure
in `~/.ssh/config`:
```
Host <alias-name>
HostName <domain/ip>
User <username>
Port <port>
IdentityFile ~/.ssh/<privkey file>
```
then `ssh <alias>`
## SSH over tor
On host:
```
HiddenServiceDir /home/tor/ssh
HiddenServicePort 22 127.0.0.1:22
```
On client:
Uninstall `gnu-netcat`, install `openbsd-netcat`
In ssh config:
```
Host onion-ssh
HostName <onion address>
ProxyCommand nc -X 5 -x 127.0.0.1:9050 %h %p
```
# Browser Security
## about:config tweaks
```
// Isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains.
privacy.firstparty.isolate = true
// makes Firefox more resistant to browser fingerprinting.
privacy.resistFingerprinting = true
// Blocks Fingerprinting
privacy.trackingprotection.fingerprinting.enabled = true
// Blocks cryptomining
privacy.trackingprotection.cryptomining.enabled = true
// Tracking protection
privacy.trackingprotection.enabled = true
// The attribute would be useful for letting websites track visitors' clicks.
browser.send_pings = false
// Disable preloading of autocomplete URLs.
browser.urlbar.speculativeConnect.enabled = false
// Disable that websites can get notifications if you copy, paste, or cut something
dom.event.clipboardevents.enabled = false
// Disables playback of DRM-controlled HTML5 content
media.eme.enabled = false
// Disables the Widevine Content Decryption Module provided by Google
media.gmp-widevinecdm.enabled = false
// Websites can track the microphone and camera status of your device.
media.navigator.enabled = false
// Disable cookies
network.cookie.cookieBehavior = 1
// Only send Referer header when the full hostnames match.
network.http.referer.XOriginPolicy = 2
// When sending Referer across origins, only send scheme, host, and port
network.http.referer.XOriginTrimmingPolicy = 2
// WebGL bad for security
webgl.disabled = true
// This preference controls when to store extra information about a session
browser.sessionstore.privacy_level = 2
// Disables sending additional analytics to web servers
beacon.enabled = false
// Prevents Firefox from sending information about downloaded executable files to Google Safe Browsing
browser.safebrowsing.downloads.remote.enabled = false
// Disable Firefox prefetching pages it thinks you will visit next
network.dns.disablePrefetch = true
network.dns.disablePrefetchFromHTTPS = true
network.predictor.enabled = false
network.predictor.enable-prefetch = false
network.prefetch-next = false
// Not rendering IDNs as their Punycode equivalent leaves you open to phishing attacks
network.IDN_show_punycode = true
```
## Addons
[uBlock Origin](https://addons.mozilla.org/en-CA/firefox/addon/ublock-origin/)
[Facebook Container](https://addons.mozilla.org/en-CA/firefox/addon/facebook-container/)
[ClearURLs](https://addons.mozilla.org/en-CA/firefox/addon/clearurls/)
[TOS;DR](https://addons.mozilla.org/en-CA/firefox/addon/terms-of-service-didnt-read/)
[Decentraleyes](https://addons.mozilla.org/en-CA/firefox/addon/decentraleyes/)
[Bypass Paywalls](https://addons.mozilla.org/en-CA/firefox/addon/bypass-paywalls-firefox/)
[Deadname Remover](https://addons.mozilla.org/en-CA/firefox/addon/deadname-remover/)
[Snowflake](https://addons.mozilla.org/en-CA/firefox/addon/torproject-snowflake/)
[Skip Redirect](https://addons.mozilla.org/en-CA/firefox/addon/skip-redirect/)
[Site Bleacher](https://addons.mozilla.org/en-CA/firefox/addon/site-bleacher/)
[Privacy Redirect](https://addons.mozilla.org/en-CA/firefox/addon/privacy-redirect/)
[NoScript](https://addons.mozilla.org/en-CA/firefox/addon/noscript/)
[CSS Exfil Protection](https://addons.mozilla.org/en-CA/firefox/addon/css-exfil-protection/)
[Chameleon](https://addons.mozilla.org/en-CA/firefox/addon/chameleon-ext/)
[Multi-Account Containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/)
[HTTPZ](https://addons.mozilla.org/firefox/addon/httpz/)
[RTFM](https://addons.mozilla.org/en-US/firefox/addon/read-the-feminist-manual/)
[Refined Github](https://addons.mozilla.org/firefox/addon/refined-github-/)
## Misc Settings
- [x] Confirm before quitting with Ctrl+Q
- [ ] Play DRM-controlled content
- [x] Proxy DNS when using SOCKS v5
- Search engine: http://pvlm2b54e6z7zzb3l5c5ninikhbm2xwq7fvstg7jfcr7fu4ulp5cthqd.onion
Reference in New Issue View Git Blame Copy Permalink