summaryrefslogtreecommitdiff
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/.cfgl/config6
-rw-r--r--etc/locale.conf2
-rw-r--r--etc/locale.gen13
-rw-r--r--etc/nftables.conf6
-rw-r--r--etc/pacman.conf10
l---------etc/resolv.conf1
-rw-r--r--etc/services82
-rw-r--r--etc/ssh/sshd_config25
-rw-r--r--etc/sudoers9
9 files changed, 103 insertions, 51 deletions
diff --git a/etc/.cfgl/config b/etc/.cfgl/config
index 905f17be..ca4ebfad 100644
--- a/etc/.cfgl/config
+++ b/etc/.cfgl/config
@@ -11,12 +11,6 @@
fetch = +refs/heads/*:refs/remotes/origin/*
[commit]
gpgsign = false
-[branch "master"]
- remote = origin
- merge = refs/heads/master
-[remote "usb"]
- url = /run/media/xyz/Ventoy/git_bare_repos/config_local_arch
- fetch = +refs/heads/*:refs/remotes/usb/*
[branch "studio"]
remote = origin
merge = refs/heads/studio
diff --git a/etc/locale.conf b/etc/locale.conf
index 6737e875..01ec548f 100644
--- a/etc/locale.conf
+++ b/etc/locale.conf
@@ -1 +1 @@
-LANG=en_US.utf8
+LANG=en_US.UTF-8
diff --git a/etc/locale.gen b/etc/locale.gen
index a094efe7..a4e3c9f3 100644
--- a/etc/locale.gen
+++ b/etc/locale.gen
@@ -9,17 +9,11 @@
# where <locale> is one of the locales given in /usr/share/i18n/locales
# and <charset> is one of the character sets listed in /usr/share/i18n/charmaps
#
-# Examples:
-# en_US ISO-8859-1
-# en_US.UTF-8 UTF-8
-# de_DE ISO-8859-1
-# de_DE@euro ISO-8859-15
-#
# The locale-gen command will generate all the locales,
# placing them in /usr/lib/locale.
#
-# A list of supported locales is included in this file.
-# Uncomment the ones you need.
+# A list of supported locales is given in /usr/share/i18n/SUPPORTED
+# and is included in this file. Uncomment the needed locales below.
#
#aa_DJ.UTF-8 UTF-8
#aa_DJ ISO-8859-1
@@ -99,7 +93,6 @@
#bs_BA.UTF-8 UTF-8
#bs_BA ISO-8859-2
#byn_ER UTF-8
-C.UTF-8 UTF-8
#ca_AD.UTF-8 UTF-8
#ca_AD ISO-8859-15
#ca_ES.UTF-8 UTF-8
@@ -398,6 +391,7 @@ en_US ISO-8859-1
#pt_PT@euro ISO-8859-15
#quz_PE UTF-8
#raj_IN UTF-8
+#rif_MA UTF-8
#ro_RO.UTF-8 UTF-8
#ro_RO ISO-8859-2
#ru_RU.KOI8-R KOI8-R
@@ -446,6 +440,7 @@ en_US ISO-8859-1
#sv_SE ISO-8859-1
#sw_KE UTF-8
#sw_TZ UTF-8
+#syr UTF-8
#szl_PL UTF-8
#ta_IN UTF-8
#ta_LK UTF-8
diff --git a/etc/nftables.conf b/etc/nftables.conf
index 47605bfb..999b91ac 100644
--- a/etc/nftables.conf
+++ b/etc/nftables.conf
@@ -6,8 +6,7 @@
# some codes from https://wiki.archlinux.org/title/Nftables
# needed for reload config using `sudo systemctl restart nftables` or `sudo nft -f /etc/nftables.conf`
-table inet my_table
-delete table inet my_table
+flush ruleset
table inet my_table {
@@ -22,9 +21,8 @@ table inet my_table {
meta l4proto ipv6-icmp accept
tcp dport ssh accept
- #tcp dport searx accept
- tcp dport qrcp accept
udp dport mdns accept
+ #tcp dport iperf3 accept
pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited
counter comment "count any other traffic"
diff --git a/etc/pacman.conf b/etc/pacman.conf
index 49ff54d0..293be916 100644
--- a/etc/pacman.conf
+++ b/etc/pacman.conf
@@ -34,7 +34,7 @@ Color
#NoProgressBar
CheckSpace
#VerbosePkgLists
-ParallelDownloads = 5
+ParallelDownloads = 8
# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
@@ -69,11 +69,11 @@ LocalFileSigLevel = Optional
# repo name header and Include lines. You can add preferred servers immediately
# after the header, and they will be used before the default mirrors.
-[fly]
-Server = file:///home/xyz/programs/repos/fly/$arch
+#[fly]
+#Server = file:///home/xyz/programs/repos/fly/$arch
-#[fly-any]
-#Server = file:///home/xyz/programs/repos/fly/any
+[fly-any]
+Server = file:///home/xyz/programs/repos/fly/any
#[core-testing]
#Include = /etc/pacman.d/mirrorlist
diff --git a/etc/resolv.conf b/etc/resolv.conf
new file mode 120000
index 00000000..36396629
--- /dev/null
+++ b/etc/resolv.conf
@@ -0,0 +1 @@
+/run/systemd/resolve/stub-resolv.conf \ No newline at end of file
diff --git a/etc/services b/etc/services
index 4bbdc73e..32ae60c0 100644
--- a/etc/services
+++ b/etc/services
@@ -1366,6 +1366,8 @@ apex-mesh 912/tcp
apex-mesh 912/udp
apex-edge 913/tcp
apex-edge 913/udp
+rift-lies 914/udp
+rift-ties 915/udp
rndc 953/tcp
ftps-data 989/tcp
ftps-data 989/udp
@@ -3848,6 +3850,8 @@ simple-tx-rx 2257/tcp
simple-tx-rx 2257/udp
rcts 2258/tcp
rcts 2258/udp
+bid-serv 2259/tcp
+bid-serv 2259/udp
apc-2260 2260/tcp
apc-2260 2260/udp
comotionmaster 2261/tcp
@@ -4066,6 +4070,8 @@ service-ctrl 2367/tcp
service-ctrl 2367/udp
opentable 2368/tcp
opentable 2368/udp
+bif-p2p 2369/tcp
+bif-p2p 2369/udp
l3-hbmon 2370/tcp
l3-hbmon 2370/udp
rda 2371/tcp
@@ -5901,6 +5907,8 @@ deskview 3298/udp
pdrncs 3299/tcp
pdrncs 3299/udp
ceph 3300/tcp
+tarantool 3301/tcp
+tarantool 3301/udp
mcs-fastmail 3302/tcp
mcs-fastmail 3302/udp
opsession-clnt 3303/tcp
@@ -7217,8 +7225,8 @@ iconp 3972/tcp
iconp 3972/udp
progistics 3973/tcp
progistics 3973/udp
-citysearch 3974/tcp
-citysearch 3974/udp
+xk22 3974/tcp
+xk22 3974/udp
airshot 3975/tcp
airshot 3975/udp
opswagent 3976/tcp
@@ -7677,7 +7685,7 @@ trim-event 4322/tcp
trim-event 4322/udp
trim-ice 4323/tcp
trim-ice 4323/udp
-geognosisman 4325/tcp
+geognosisadmin 4325/tcp
geognosisman 4325/udp
geognosis 4326/tcp
geognosis 4326/udp
@@ -8084,6 +8092,8 @@ xmcp 4788/tcp
vxlan 4789/udp
vxlan-gpe 4790/udp
roce 4791/udp
+unified-bus 4792/tcp
+unified-bus 4792/udp
iims 4800/tcp
iims 4800/udp
iwec 4801/tcp
@@ -8450,6 +8460,8 @@ padl2sim 5236/tcp
padl2sim 5236/udp
mnet-discovery 5237/tcp
mnet-discovery 5237/udp
+attune 5242/tcp
+xycstatus 5243/tcp
downtools 5245/tcp
downtools-disc 5245/udp
capwap-control 5246/udp
@@ -8890,6 +8902,7 @@ icmpd 5813/tcp
icmpd 5813/udp
spt-automation 5814/tcp
spt-automation 5814/udp
+autopassdaemon 5820/tcp
shiprush-d-ch 5841/tcp
reversion 5842/tcp
wherehoo 5859/tcp
@@ -8901,17 +8914,38 @@ diameters 5868/sctp
jute 5883/tcp
rfb 5900/tcp
rfb 5900/udp
-cm 5910/tcp
-cm 5910/udp
+ff-ice 5903/tcp
+ff-ice 5903/udp
+ff-ice 5903/sctp
+ag-swim 5904/tcp
+ag-swim 5904/udp
+ag-swim 5904/sctp
+asmgcs 5905/tcp
+asmgcs 5905/udp
+asmgcs 5905/sctp
+rpas-c2 5906/tcp
+rpas-c2 5906/udp
+rpas-c2 5906/sctp
+dsd 5907/tcp
+dsd 5907/udp
+dsd 5907/sctp
+ipsma 5908/tcp
+ipsma 5908/udp
+ipsma 5908/sctp
+agma 5909/tcp
+agma 5909/udp
+agma 5909/sctp
+ats-atn 5910/tcp
+ats-atn 5910/udp
cm 5910/sctp
-cpdlc 5911/tcp
-cpdlc 5911/udp
+ats-acars 5911/tcp
+ats-acars 5911/udp
cpdlc 5911/sctp
-fis 5912/tcp
-fis 5912/udp
+ais-met 5912/tcp
+ais-met 5912/udp
fis 5912/sctp
-ads-c 5913/tcp
-ads-c 5913/udp
+aoc-acars 5913/tcp
+aoc-acars 5913/udp
ads-c 5913/sctp
indy 5963/tcp
indy 5963/udp
@@ -9365,6 +9399,7 @@ acmsoda 6969/tcp
acmsoda 6969/udp
conductor 6970/tcp
conductor-mpx 6970/sctp
+qolyester 6980/udp
MobilitySrv 6997/tcp
MobilitySrv 6997/udp
iatp-highpri 6998/tcp
@@ -9640,12 +9675,13 @@ imqbrokerd 7676/tcp
imqbrokerd 7676/udp
sun-user-https 7677/tcp
sun-user-https 7677/udp
-pando-pub 7680/tcp
-pando-pub 7680/udp
+ms-do 7680/tcp
+ms-do 7680/udp
dmt 7683/tcp
bolt 7687/tcp
collaber 7689/tcp
collaber 7689/udp
+sovd 7690/tcp
klio 7697/tcp
klio 7697/udp
em7-secom 7700/tcp
@@ -9822,6 +9858,7 @@ senomix07 8058/udp
senomix08 8059/tcp
senomix08 8059/udp
aero 8060/udp
+nikatron-dev 8061/tcp
toad-bi-appsrvr 8066/tcp
infi-async 8067/tcp
ucs-isc 8070/tcp
@@ -9923,8 +9960,8 @@ synapse-nhttps 8243/tcp
synapse-nhttps 8243/udp
espeasy-p2p 8266/udp
robot-remote 8270/tcp
-pando-sec 8276/tcp
-pando-sec 8276/udp
+ms-mcc 8276/tcp
+ms-mcc 8276/udp
synapse-nhttp 8280/tcp
synapse-nhttp 8280/udp
libelle 8282/tcp
@@ -9977,6 +10014,7 @@ espeech-rtp 8417/tcp
espeech-rtp 8417/udp
aritts 8423/tcp
pgbackrest 8432/tcp
+aws-as2 8433/udp
cybro-a-bus 8442/tcp
cybro-a-bus 8442/udp
pcsync-https 8443/tcp
@@ -9985,6 +10023,7 @@ pcsync-http 8444/tcp
pcsync-http 8444/udp
copy 8445/tcp
copy-disc 8445/udp
+matrix-fed 8448/tcp
npmp 8450/tcp
npmp 8450/udp
nexentamv 8457/tcp
@@ -10289,6 +10328,7 @@ secure-ts 9318/udp
guibase 9321/tcp
guibase 9321/udp
gnmi-gnoi 9339/tcp
+gribi 9340/tcp
mpidcmgr 9343/tcp
mpidcmgr 9343/udp
mphlpdmc 9344/tcp
@@ -10675,6 +10715,7 @@ warehouse 12322/tcp
warehouse 12322/udp
italk 12345/tcp
italk 12345/udp
+carb-repl-ctrl 12546/tcp
tsaf 12753/tcp
tsaf 12753/udp
netperf 12865/tcp
@@ -10719,6 +10760,7 @@ dsmcc-download 13821/udp
dsmcc-ccp 13822/tcp
dsmcc-ccp 13822/udp
bmdss 13823/tcp
+a-trust-rpc 13832/tcp
ucontrol 13894/tcp
ucontrol 13894/udp
dta-systems 13929/tcp
@@ -10817,6 +10859,7 @@ amt-redir-tls 16995/tcp
amt-redir-tls 16995/udp
isode-dua 17007/tcp
isode-dua 17007/udp
+ncpu 17010/tcp
vestasdlp 17184/tcp
soundsvirtual 17185/tcp
soundsvirtual 17185/udp
@@ -10920,8 +10963,10 @@ faircom-db 19790/tcp
iec-104-sec 19998/tcp
dnp-sec 19999/tcp
dnp-sec 19999/udp
+dnp-sec 19999/sctp
dnp 20000/tcp
dnp 20000/udp
+dnp 20000/sctp
microsan 20001/tcp
microsan 20001/udp
commtact-http 20002/tcp
@@ -10970,6 +11015,7 @@ vofr-gateway 21590/tcp
vofr-gateway 21590/udp
tvpm 21800/tcp
tvpm 21800/udp
+sal 21801/tcp
webphone 21845/tcp
webphone 21845/udp
netspeak-is 21846/tcp
@@ -11333,6 +11379,7 @@ ng-control 38412/sctp
xn-control 38422/sctp
e1-interface 38462/sctp
f1-control 38472/sctp
+psqlmws 38638/tcp
sruth 38800/tcp
secrmmsafecopya 38865/tcp
vroa 39063/tcp
@@ -11366,6 +11413,7 @@ candrp 42509/tcp
candrp 42509/udp
caerpc 42510/tcp
caerpc 42510/udp
+curiosity 42999/tcp
recvr-rc 43000/tcp
recvr-rc-disc 43000/udp
reachout 43188/tcp
@@ -11461,6 +11509,4 @@ nusrp 49001/tcp
nusdp-disc 49001/udp
inspider 49150/tcp
# my services
-jackett 9117/tcp
-searx 49152/tcp
-qrcp 49153/tcp
+iperf3 53497/tcp
diff --git a/etc/ssh/sshd_config b/etc/ssh/sshd_config
index ad7e1f20..1438778c 100644
--- a/etc/ssh/sshd_config
+++ b/etc/ssh/sshd_config
@@ -1,4 +1,15 @@
-# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
+# `man sshd_config` says "for each keyword, the first obtained value will be used". So I decided to put my configs before all others to override them all.
+# Based on manpage, setting PasswordAuthentication no, and Arch Linux default KbdInteractiveAuthentication no, with other defaults seems already equivalent to AuthenticationMethods publickey, but I still put it here for redundancy.
+# https://wiki.archlinux.org/title/OpenSSH#Force_public_key_authentication
+AuthenticationMethods publickey
+PermitRootLogin no
+PasswordAuthentication no
+# KbdInteractiveAuthentication no and UsePAM yes are Arch Linux default settings see /etc/ssh/sshd_config.d/00-archlinux.conf, I need these configs, I put them here just in case Arch Linux change the defaults in the future.
+KbdInteractiveAuthentication no
+UsePAM yes
+
+# Include drop-in configurations
+Include /etc/ssh/sshd_config.d/*.conf
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
@@ -29,7 +40,7 @@
# Authentication:
#LoginGraceTime 2m
-PermitRootLogin no
+#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
@@ -54,11 +65,11 @@ AuthorizedKeysFile .ssh/authorized_keys
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
-PasswordAuthentication no
+#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
-KbdInteractiveAuthentication no
+#KbdInteractiveAuthentication yes
# Kerberos options
#KerberosAuthentication no
@@ -75,11 +86,11 @@ KbdInteractiveAuthentication no
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
-# the setting of "PermitRootLogin without-password".
+# the setting of "PermitRootLogin prohibit-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
-UsePAM yes
+#UsePAM no
#AllowAgentForwarding yes
#AllowTcpForwarding yes
@@ -88,7 +99,7 @@ UsePAM yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
-PrintMotd no # pam does that
+#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
diff --git a/etc/sudoers b/etc/sudoers
index 65cd7ca1..cfd22989 100644
--- a/etc/sudoers
+++ b/etc/sudoers
@@ -59,15 +59,22 @@
## Uncomment to use a hard-coded PATH instead of the user's to find commands
# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
##
+## Uncomment to restore the historic behavior where a command is run in
+## the user's own terminal.
+# Defaults !use_pty
+##
## Uncomment to send mail if the user does not enter the correct password.
# Defaults mail_badpass
##
## Uncomment to enable logging of a command's output, except for
## sudoreplay and reboot. Use sudoreplay to play back logged sessions.
+## Sudo will create up to 2,176,782,336 I/O logs before recycling them.
+## Set maxseq to a smaller number if you don't have unlimited disk space.
# Defaults log_output
# Defaults!/usr/bin/sudoreplay !log_output
# Defaults!/usr/local/bin/sudoreplay !log_output
# Defaults!REBOOT !log_output
+# Defaults maxseq = 1000
##
## Runas alias specification
@@ -82,7 +89,7 @@ root ALL=(ALL:ALL) ALL
%wheel ALL=(ALL:ALL) ALL
## Same thing without a password
-#%wheel ALL=(ALL:ALL) NOPASSWD: ALL
+# %wheel ALL=(ALL:ALL) NOPASSWD: ALL
## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL:ALL) ALL
generated by cgit v1.2.3-70-g09d2 (git 2.51.2) at 2025-10-30 01:49:54 +0000