mirror of
https://git.disroot.org/FollieHiyuki/dotfiles.git
synced 2024-11-28 18:28:35 -05:00
system: add configurations
This commit is contained in:
parent
4a8718a544
commit
4e108abbbd
@ -37,19 +37,13 @@
|
||||
### :star2: Credits
|
||||
|
||||
- [@ChristianChiarulli](https://github.com/ChristianChiarulli)'s Neovim config
|
||||
|
||||
- [@hlissner](https://github.com/hlissner)'s zsh config
|
||||
|
||||
- [@daviwil](https://github.com/daviwil)'s Emacs streams
|
||||
|
||||
- [@tecosaur](https://tecosaur.github.io/emacs-config/config.html)'s Emacs configuration
|
||||
|
||||
- [@begs](https://git.sr.ht/~begs/dotfiles)'s Waybar config
|
||||
|
||||
- [@nathanielevan](https://github.com/nathanielevan/dotfiles)'s weechat config
|
||||
|
||||
- [some fzf scripts](https://github.com/DanielFGray/fzf-scripts)
|
||||
|
||||
- [sysctl.conf template](https://github.com/k4yt3x/sysctl). And also check out [this article](https://madaidans-insecurities.github.io/guides/linux-hardening.html)
|
||||
- Artists for **kawaii** wallpapers: [@rimuu](https://rimuu.com/), [@hiten](https://www.pixiv.net/users/490219/artworks), [@Tiv](https://www.pixiv.net/en/users/35081), [@mery](https://www.pixiv.net/en/users/2750098), [@Mashima_saki](https://www.pixiv.net/en/users/18403608), [@Yuuki_Tatsuya](https://www.pixiv.net/en/users/27691), [@Bison倉鼠](https://www.pixiv.net/en/users/333556/artworks), [@Dana](https://twitter.com/hapong07), [@gomzi](https://twitter.com/gcmzi), [@Rella](https://twitter.com/Rellakinoko), [@dnwls3010](https://twitter.com/dnwls3010), [@Shigure_Ui](https://www.pixiv.net/en/users/431873), [@QuAn_](https://www.pixiv.net/en/users/6657532/artworks), [@杉87](https://twitter.com/k_su_keke1121), [@fuzichoco](https://twitter.com/fuzichoco), [@Astero](https://twitter.com/asteroid_ill), [@shin556](https://www.pixiv.net/en/users/642762), [@kaynimatic](https://twitter.com/kaynimatic)
|
||||
|
||||
### :label: License
|
||||
|
@ -14,6 +14,9 @@ export HISTFILE="$BASH_COMPLETION_USER_DIR/bash_history"
|
||||
# vi mode
|
||||
set -o vi
|
||||
|
||||
# Better default modes
|
||||
umask 0027
|
||||
|
||||
# ignore upper and lowercase when TAB completion
|
||||
bind "set completion-ignore-case on"
|
||||
|
||||
|
@ -649,6 +649,9 @@ bind 'set vi-ins-mode-string "\e[01;32mI "'
|
||||
# ignore upper and lowercase when TAB completion
|
||||
bind "set completion-ignore-case on"
|
||||
|
||||
# Better default modes
|
||||
umask 0027
|
||||
|
||||
# Shell options
|
||||
shopt -s autocd
|
||||
shopt -s cdspell
|
||||
|
@ -314,7 +314,7 @@ bottombar_bg = "#3b4252"
|
||||
|
||||
hdg_1 = "#5e81ac"
|
||||
hdg_2 = "#81a1c1"
|
||||
hdg_3 = "#8fbcbb"
|
||||
hdg_3 = "#ebcb8b"
|
||||
amfora_link = "#88c0d0"
|
||||
foreign_link = "#b48ead"
|
||||
link_number = "#a3be8c"
|
||||
@ -367,7 +367,7 @@ bkmk_modal_field_text = "#eceff4"
|
||||
# bottombar_label = "#282c34"
|
||||
|
||||
# hdg_1 = "#e06c75"
|
||||
# hdg_2 = "#c678dd"
|
||||
# hdg_2 = "#d19a66"
|
||||
# hdg_3 = "#c678dd"
|
||||
# amfora_link = "#61afef"
|
||||
# foreign_link = "#56b6c2"
|
||||
|
1
home/.config/fish/conf.d/umask.fish
Normal file
1
home/.config/fish/conf.d/umask.fish
Normal file
@ -0,0 +1 @@
|
||||
umask 0027
|
@ -158,3 +158,4 @@ zinit light olets/zsh-abbr
|
||||
source $ZDOTDIR/plugins.zsh
|
||||
|
||||
$HOME/.local/bin/bunny
|
||||
umask 0027
|
||||
|
@ -1,3 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
curl -s "https://api.exchangeratesapi.io/latest?base=$1" | jq .
|
12
system/etc/cron.weekly/btrfs-scrub
Executable file
12
system/etc/cron.weekly/btrfs-scrub
Executable file
@ -0,0 +1,12 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Repeate with btrfs-balance if using RAID
|
||||
|
||||
btrfs scrub start /
|
||||
|
||||
# Scrub 1 disk at a time
|
||||
while btrfs scrub status / | grep running; do
|
||||
sleep 20
|
||||
done
|
||||
|
||||
btrfs scrub start /media
|
3
system/etc/cron.weekly/fstrim
Executable file
3
system/etc/cron.weekly/fstrim
Executable file
@ -0,0 +1,3 @@
|
||||
#!/bin/sh
|
||||
|
||||
fstrim /
|
28
system/etc/default/grub
Normal file
28
system/etc/default/grub
Normal file
@ -0,0 +1,28 @@
|
||||
#
|
||||
# Configuration file for GRUB.
|
||||
#
|
||||
GRUB_DEFAULT=0
|
||||
#GRUB_HIDDEN_TIMEOUT=0
|
||||
#GRUB_HIDDEN_TIMEOUT_QUIET=false
|
||||
GRUB_TIMEOUT=10
|
||||
GRUB_DISTRIBUTOR="Void"
|
||||
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=4 init_on_free=1 page_alloc.shuffle=1 apparmor=1 security=apparmor"
|
||||
# Uncomment to use basic console
|
||||
#GRUB_TERMINAL_INPUT="console"
|
||||
# Uncomment to disable graphical terminal
|
||||
#GRUB_TERMINAL_OUTPUT=console
|
||||
GRUB_BACKGROUND=/usr/share/grub/background.png
|
||||
GRUB_GFXMODE=1920x1080x32,1280x720x32,auto
|
||||
GRUB_GFXPAYLOAD_LINUX=keep
|
||||
GRUB_FONT=/boot/grub/fonts/hack.pf2
|
||||
#GRUB_DISABLE_LINUX_UUID=true
|
||||
#GRUB_DISABLE_RECOVERY=true
|
||||
# Uncomment and set to the desired menu colors. Used by normal and wallpaper
|
||||
# modes only. Entries specified as foreground/background.
|
||||
GRUB_COLOR_NORMAL="white/black"
|
||||
GRUB_COLOR_HIGHLIGHT="black/white"
|
||||
#GRUB_DISABLE_OS_PROBER=true
|
||||
GRUB_ENABLE_CRYPTODISK=y
|
||||
|
||||
# To generate new font:
|
||||
# grub-mkfont -s 24 -o /boot/grub/fonts/hack.pf2 ~/Hack-Regular.ttf
|
3
system/etc/dracut.conf.d/flags.conf
Normal file
3
system/etc/dracut.conf.d/flags.conf
Normal file
@ -0,0 +1,3 @@
|
||||
hostonly=yes
|
||||
compress=zstd
|
||||
install_items+=" /etc/cryptsetup-keys.d/root-crypt.key /etc/crypttab "
|
4
system/etc/modprobe.d/blacklist.conf
Normal file
4
system/etc/modprobe.d/blacklist.conf
Normal file
@ -0,0 +1,4 @@
|
||||
# Blacklist modules you don't want
|
||||
blacklist vivid
|
||||
blacklist bluetooth
|
||||
blacklist btusb
|
81
system/etc/nftables.conf
Normal file
81
system/etc/nftables.conf
Normal file
@ -0,0 +1,81 @@
|
||||
#!/sbin/nft -f
|
||||
|
||||
# References
|
||||
# https://wiki.gentoo.org/wiki/Nftables/Examples
|
||||
# https://wiki.archlinux.org/title/Nftables
|
||||
# https://github.com/krabelize/nftables-firewall-config/blob/master/nftables.conf
|
||||
# https://github.com/atweiden/archvault/blob/master/resources/etc/nftables.conf
|
||||
|
||||
flush ruleset
|
||||
|
||||
# TCP ports to accept (both IPv4 and IPv6)
|
||||
#define ACCEPT_TCP_PORTS = {}
|
||||
|
||||
# UDP ports to accept (both IPv4 and IPv6)
|
||||
#define ACCEPT_UDP_PORTS = {}
|
||||
|
||||
table inet filter {
|
||||
# Default to drop all inbound traffic, unless they meet our criteria
|
||||
chain input {
|
||||
type filter hook input priority 0; policy drop;
|
||||
|
||||
ct state invalid counter drop
|
||||
ct state {established,related} counter accept
|
||||
|
||||
iif lo accept
|
||||
iif != lo ip daddr 127.0.0.1/8 counter drop
|
||||
iif != lo ip6 daddr ::1/128 counter drop
|
||||
|
||||
# Accept user-defined ports
|
||||
#tcp dport $ACCEPT_TCP_PORTS counter accept
|
||||
#udp dport $ACCEPT_UDP_PORTS counter accept
|
||||
|
||||
# Rate limit on SSH port
|
||||
#tcp dport ssh ct state new limit rate 6/minute accept
|
||||
|
||||
# Mitigate ping floods
|
||||
ip protocol icmp icmp type {echo-reply, echo-request} limit rate over 6/second burst 4 packets drop
|
||||
ip6 nexthdr icmpv6 icmpv6 type {echo-reply, echo-request} limit rate over 6/second burst 4 packets drop
|
||||
|
||||
ip protocol icmp icmp type {
|
||||
echo-reply,
|
||||
echo-request,
|
||||
destination-unreachable,
|
||||
time-exceeded,
|
||||
parameter-problem,
|
||||
router-advertisement,
|
||||
router-solicitation
|
||||
} counter accept
|
||||
|
||||
ip6 nexthdr icmpv6 icmpv6 type {
|
||||
echo-reply,
|
||||
echo-request,
|
||||
destination-unreachable,
|
||||
mld-listener-query,
|
||||
mld-listener-reduction,
|
||||
mld-listener-report,
|
||||
mld2-listener-report,
|
||||
packet-too-big,
|
||||
time-exceeded,
|
||||
parameter-problem
|
||||
} counter accept
|
||||
|
||||
counter comment "Count dropped packets"
|
||||
#log prefix "[nftables] Inbound Denied: " flags all counter drop
|
||||
}
|
||||
|
||||
# Route your own packets! I'm not your router.
|
||||
# Can be enabled while using VPN (for tunneling)
|
||||
chain forward {
|
||||
type filter hook forward priority 0; policy drop;
|
||||
counter comment "Count dropped packets"
|
||||
#log prefix "[nftables] Forward Denied: " flags all counter drop
|
||||
}
|
||||
|
||||
# Accept all outbound traffic
|
||||
chain output {
|
||||
type filter hook output priority 0; policy accept;
|
||||
counter comment "Count accepted packets"
|
||||
#log prefix "[nftables] Outbound Accepted: " flags all counter accpet
|
||||
}
|
||||
}
|
1
system/etc/sysctl.d/50-coredump.conf
Normal file
1
system/etc/sysctl.d/50-coredump.conf
Normal file
@ -0,0 +1 @@
|
||||
kernel.core_pattern=|/bin/false
|
264
system/etc/sysctl.d/harden.conf
Normal file
264
system/etc/sysctl.d/harden.conf
Normal file
@ -0,0 +1,264 @@
|
||||
# NOTE: THIS IS ONLY A TEMPLATE. CHANGE IT BEFORE APPLYING IT
|
||||
|
||||
########## Kernel ##########
|
||||
|
||||
# enable ExecShield protection
|
||||
# 2 enables ExecShield by default unless applications bits are set to disabled
|
||||
# uncomment on systems without NX/XD protections
|
||||
# check with: dmesg | grep --color '[NX|DX]*protection'
|
||||
#kernel.exec-shield = 2
|
||||
|
||||
# enable ASLR
|
||||
# turn on protection and randomize stack, vdso page and mmap + randomize brk base address
|
||||
kernel.randomize_va_space = 2
|
||||
|
||||
# controls the System Request debugging functionality of the kernel
|
||||
kernel.sysrq = 0
|
||||
|
||||
# controls whether core dumps will append the PID to the core filename
|
||||
# useful for debugging multi-threaded applications
|
||||
kernel.core_uses_pid = 1
|
||||
|
||||
# restrict access to kernel address
|
||||
# kernel pointers printed using %pK will be replaced with 0’s regardless of privileges
|
||||
kernel.kptr_restrict = 2
|
||||
|
||||
# Ptrace protection using Yama
|
||||
# - 1: only a parent process can be debugged
|
||||
# - 2: only admins canuse ptrace (CAP_SYS_PTRACE capability required)
|
||||
# - 3: disables ptrace completely, reboot is required to re-enable ptrace
|
||||
kernel.yama.ptrace_scope = 3
|
||||
|
||||
# restrict kernel logs to root only
|
||||
kernel.dmesg_restrict = 1
|
||||
|
||||
# restrict BPF JIT compiler to root only
|
||||
kernel.unprivileged_bpf_disabled = 1
|
||||
|
||||
# disables kexec as it can be used to livepatch the running kernel
|
||||
kernel.kexec_load_disabled = 1
|
||||
|
||||
# disable unprivileged user namespaces to decrease attack surface
|
||||
kernel.unprivileged_userns_clone = 0
|
||||
|
||||
# allow for more PIDs
|
||||
# this value can be up to:
|
||||
# - 32768 (2^15) on a 32-bit system
|
||||
# - 4194304 (2^22) on a 64-bit system
|
||||
kernel.pid_max = 4194304
|
||||
|
||||
# reboot machine after kernel panic
|
||||
#kernel.panic = 10
|
||||
|
||||
# restrict perf subsystem usage
|
||||
kernel.perf_event_paranoid = 3
|
||||
kernel.perf_cpu_time_max_percent = 1
|
||||
kernel.perf_event_max_sample_rate = 1
|
||||
|
||||
########## File System ##########
|
||||
|
||||
# disallow core dumping by SUID/SGID programs
|
||||
fs.suid_dumpable = 0
|
||||
|
||||
# protect the creation of hard links
|
||||
# one of the following conditions must be fulfilled
|
||||
# - the user can only link to files that he or she owns
|
||||
# - the user must first have read and write access to a file, that he/she wants to link to
|
||||
fs.protected_hardlinks = 1
|
||||
|
||||
# protect the creation of symbolic links
|
||||
# one of the following conditions must be fulfilled
|
||||
# - the process following the symbolic link is the owner of the symbolic link
|
||||
# - the owner of the directory is also the owner of the symbolic link
|
||||
fs.protected_symlinks = 1
|
||||
|
||||
# enable extended FIFO protection
|
||||
fs.protected_fifos = 2
|
||||
|
||||
# similar to protected_fifos, but it avoids writes to an attacker-controlled regular file
|
||||
fs.protected_regular = 2
|
||||
|
||||
# increase system file descriptor limit
|
||||
# this value can be up to:
|
||||
# - 2147483647 (0x7fffffff) on a 32-bit system
|
||||
# - 9223372036854775807 (0x7fffffffffffffff) on a 64-bit system
|
||||
# be aware that the Linux kernel documentation suggests that inode-max should be 3-4 times
|
||||
# larger than this value
|
||||
fs.file-max = 9223372036854775807
|
||||
|
||||
# increase the amount of files that can be watched
|
||||
# each file watch handle takes 1080 bytes
|
||||
# up to 540 MiB of memory will be consumed if all 524288 handles are used
|
||||
fs.inotify.max_user_watches = 524288
|
||||
|
||||
########## Virtualization ##########
|
||||
|
||||
# do not allow mmap in lower addresses
|
||||
vm.mmap_min_addr = 65536
|
||||
|
||||
# improve mmap ASLR effectness
|
||||
vm.mmap_rnd_bits=32
|
||||
vm.mmap_rnd_compat_bits=16
|
||||
|
||||
########## Networking ##########
|
||||
|
||||
# increase the maximum length of processor input queues
|
||||
net.core.netdev_max_backlog = 250000
|
||||
|
||||
# enable BPF JIT hardening for all users
|
||||
# this trades off performance, but can mitigate JIT spraying
|
||||
net.core.bpf_jit_harden = 2
|
||||
|
||||
# increase TCP max buffer size setable using setsockopt()
|
||||
#net.core.rmem_max = 8388608
|
||||
#net.core.wmem_max = 8388608
|
||||
#net.core.rmem_default = 8388608
|
||||
#net.core.wmem_default = 8388608
|
||||
#net.core.optmem_max = 8388608
|
||||
|
||||
########## IPv4 Networking ##########
|
||||
|
||||
# enable BBR congestion control
|
||||
net.ipv4.tcp_congestion_control = bbr
|
||||
|
||||
# disallow IPv4 packet forwarding
|
||||
net.ipv4.ip_forward = 0
|
||||
|
||||
# enable SYN cookies for SYN flooding protection
|
||||
net.ipv4.tcp_syncookies = 1
|
||||
|
||||
# number of times SYNACKs for a passive TCP connection attempt will be retransmitted
|
||||
net.ipv4.tcp_synack_retries = 5
|
||||
|
||||
# do not send redirects
|
||||
net.ipv4.conf.default.send_redirects = 0
|
||||
net.ipv4.conf.all.send_redirects = 0
|
||||
|
||||
# do not accept packets with SRR option
|
||||
net.ipv4.conf.default.accept_source_route = 0
|
||||
net.ipv4.conf.all.accept_source_route = 0
|
||||
|
||||
# enable reverse path source validation (BCP38)
|
||||
# refer to RFC1812, RFC2827, and BCP38 (http://www.bcp38.info)
|
||||
net.ipv4.conf.default.rp_filter = 1
|
||||
net.ipv4.conf.all.rp_filter = 1
|
||||
|
||||
# log packets with impossible addresses to kernel log
|
||||
net.ipv4.conf.default.log_martians = 1
|
||||
net.ipv4.conf.all.log_martians = 1
|
||||
|
||||
# do not accept ICMP redirect messages
|
||||
net.ipv4.conf.default.accept_redirects = 0
|
||||
net.ipv4.conf.default.secure_redirects = 0
|
||||
net.ipv4.conf.all.accept_redirects = 0
|
||||
net.ipv4.conf.all.secure_redirects = 0
|
||||
|
||||
# disable sending and receiving of shared media redirects
|
||||
# this setting overwrites net.ipv4.conf.all.secure_redirects
|
||||
# refer to RFC1620
|
||||
net.ipv4.conf.default.shared_media = 0
|
||||
net.ipv4.conf.all.shared_media = 0
|
||||
|
||||
# always use the best local address for announcing local IP via ARP
|
||||
net.ipv4.conf.default.arp_announce = 2
|
||||
net.ipv4.conf.all.arp_announce = 2
|
||||
|
||||
# reply only if the target IP address is local address configured on the incoming interface
|
||||
net.ipv4.conf.default.arp_ignore = 1
|
||||
net.ipv4.conf.all.arp_ignore = 1
|
||||
|
||||
# drop Gratuitous ARP frames to prevent ARP poisoning
|
||||
# this can cause issues when ARP proxies are used in the network
|
||||
net.ipv4.conf.default.drop_gratuitous_arp = 1
|
||||
net.ipv4.conf.all.drop_gratuitous_arp = 1
|
||||
|
||||
# ignore all ICMP echo requests
|
||||
#net.ipv4.icmp_echo_ignore_all = 1
|
||||
|
||||
# ignore all ICMP echo and timestamp requests sent to broadcast/multicast
|
||||
net.ipv4.icmp_echo_ignore_broadcasts = 1
|
||||
|
||||
# ignore bad ICMP errors
|
||||
net.ipv4.icmp_ignore_bogus_error_responses = 1
|
||||
|
||||
# mitigate TIME-WAIT Assassination hazards in TCP
|
||||
# refer to RFC1337
|
||||
net.ipv4.tcp_rfc1337 = 1
|
||||
|
||||
# disable TCP window scaling
|
||||
# this makes the host less susceptible to TCP RST DoS attacks
|
||||
net.ipv4.tcp_window_scaling = 0
|
||||
|
||||
# increase system IP port limits
|
||||
net.ipv4.ip_local_port_range = 1024 65535
|
||||
|
||||
# TCP timestamps could provide protection against wrapped sequence numbers,
|
||||
# but the host's uptime can be calculated precisely from its timestamps
|
||||
# it is also possible to differentiate operating systems based on their use of timestamps
|
||||
# - 0: disable TCP timestamps
|
||||
# - 1: enable timestamps as defined in RFC1323 and use random offset for
|
||||
# each connection rather than only using the current time
|
||||
# - 2: enable timestamps without random offsets
|
||||
net.ipv4.tcp_timestamps = 0
|
||||
|
||||
# enabling SACK can increase the throughput
|
||||
# but SACK is commonly exploited and rarely used
|
||||
net.ipv4.tcp_sack = 0
|
||||
|
||||
# divide socket buffer evenly between TCP window size and application
|
||||
net.ipv4.tcp_adv_win_scale = 1
|
||||
|
||||
# increase memory thresholds to prevent packet dropping
|
||||
#net.ipv4.tcp_rmem = 4096 87380 8388608
|
||||
#net.ipv4.tcp_wmem = 4096 87380 8388608
|
||||
|
||||
########## IPv6 Networking ##########
|
||||
|
||||
# disallow IPv6 packet forwarding
|
||||
net.ipv6.conf.default.forwarding = 0
|
||||
net.ipv6.conf.all.forwarding = 0
|
||||
|
||||
# number of Router Solicitations to send until assuming no routers are present
|
||||
net.ipv6.conf.default.router_solicitations = 0
|
||||
net.ipv6.conf.all.router_solicitations = 0
|
||||
|
||||
# do not accept Router Preference from RA
|
||||
net.ipv6.conf.default.accept_ra_rtr_pref = 0
|
||||
net.ipv6.conf.all.accept_ra_rtr_pref = 0
|
||||
|
||||
# learn prefix information in router advertisement
|
||||
net.ipv6.conf.default.accept_ra_pinfo = 0
|
||||
net.ipv6.conf.all.accept_ra_pinfo = 0
|
||||
|
||||
# setting controls whether the system will accept Hop Limit settings from a router advertisement
|
||||
net.ipv6.conf.default.accept_ra_defrtr = 0
|
||||
net.ipv6.conf.all.accept_ra_defrtr = 0
|
||||
|
||||
# router advertisements can cause the system to assign a global unicast address to an interface
|
||||
net.ipv6.conf.default.autoconf = 0
|
||||
net.ipv6.conf.all.autoconf = 0
|
||||
|
||||
# number of neighbor solicitations to send out per address
|
||||
net.ipv6.conf.default.dad_transmits = 0
|
||||
net.ipv6.conf.all.dad_transmits = 0
|
||||
|
||||
# number of global unicast IPv6 addresses can be assigned to each interface
|
||||
net.ipv6.conf.default.max_addresses = 1
|
||||
net.ipv6.conf.all.max_addresses = 1
|
||||
|
||||
# enable IPv6 Privacy Extensions (RFC3041) and prefer the temporary address
|
||||
net.ipv6.conf.default.use_tempaddr = 2
|
||||
net.ipv6.conf.all.use_tempaddr = 2
|
||||
|
||||
# ignore IPv6 ICMP redirect messages
|
||||
net.ipv6.conf.default.accept_redirects = 0
|
||||
net.ipv6.conf.all.accept_redirects = 0
|
||||
|
||||
# do not accept packets with SRR option
|
||||
net.ipv6.conf.default.accept_source_route = 0
|
||||
net.ipv6.conf.all.accept_source_route = 0
|
||||
|
||||
# ignore all ICMPv6 echo requests
|
||||
#net.ipv6.icmp.echo_ignore_all = 1
|
||||
#net.ipv6.icmp.echo_ignore_anycast = 1
|
||||
#net.ipv6.icmp.echo_ignore_multicast = 1
|
1
system/etc/udev/rules.d/51-android.rules
Normal file
1
system/etc/udev/rules.d/51-android.rules
Normal file
@ -0,0 +1 @@
|
||||
SUBSYSTEM=="usb", ATTR{idVendor}=="04e8", ATTR{idProduct}=="6860", MODE="0666", OWNER="users", ENV{ID_MTP_DEVICE}="1", SYMLINK+="libmtp"
|
Loading…
Reference in New Issue
Block a user