Toolkit compatible with multiple Linux distros that allows for installation of handpicked applications, along with corresponding configs that have been tuned for reasonable privacy and security.
Find a file
Tavi e6768d430d
Fix bluetooth on F42
this is in addition to the unrelated bluez regression in 5.80

Signed-off-by: Tavi <tavi@divested.dev>
2025-04-04 01:54:28 -04:00
brace Fix bluetooth on F42 2025-04-04 01:54:28 -04:00
unused Fixup 2024-07-27 18:26:25 -04:00
.gitignore Update .gitignore 2021-07-05 16:22:31 -04:00
.gitlab-ci.yml Fix the CI build for Arch 2023-03-24 08:23:22 -04:00
brace.install Tweaks 2023-05-26 21:09:26 -04:00
brace.spec Fix bluetooth on F42 2025-04-04 01:54:28 -04:00
LICENSE Going the distance... [pt3] 2024-07-27 17:45:40 -04:00
permissions.facl Workaround broken TRIM support on USB junk 2024-11-15 08:52:47 -05:00
PKGBUILD Fix bluetooth on F42 2025-04-04 01:54:28 -04:00
README.md DNF5 support 2024-11-08 07:55:53 -05:00
TODO Add some goodies 2023-12-04 20:23:33 -05:00

brace

Overview

Brace is a toolkit compatible with multiple existing Linux distributions that allows for a rapid installation of handpicked applications, along with corresponding configurations that have been fine-tuned for reasonable privacy and security.

Compatibility

  • Arch Linux
  • CentOS 9/Stream
  • Debian 12
  • Fedora 39/40/41 (preferred)
  • openSUSE Tumbleweed

License

AGPL-3.0-or-later where applicable

Prebuilts

Building

  • git clone [THIS REPO]
  • Arch Linux: makepkg
  • CentOS: rpmbuild -ba brace.spec
  • Debian: dpkg-deb --root-owner-group --build brace
  • Fedora: rpmbuild -ba brace.spec

Contents

  • /etc/apt/apt.conf.d/90-brace = apt: enable seccomp filter during package install
  • /etc/dconf/db/local.d/00-brace-* = GNOME/Cinnamon/MATE: change default settings
  • /etc/dconf/profile/user = Fixup dconf overrides on select distros
  • /etc/profile.d/brace-env-overrides.sh = profile: sets some environment overrides (eg. umask)
  • /etc/profile.d/brace-helpers.sh = profile: adds helper aliases (eg. cleaning functions)
  • /etc/tlp.d/00-brace.conf = TLP: allow for better power savings on AC too
  • /usr/lib64/firefox/browser/defaults/preferences/userjs-*.js = Firefox: change default settings
    • /usr/lib64/firefox/distribution/policies.json
    • /usr/lib64/thunderbird/defaults/pref/userjs-*.js
  • /etc/chromium/policies/managed/brace.json = Chromium: change default settings
    • /etc/opt/chrome/policies/managed/brace.json
  • /usr/lib/modprobe.d/brace.conf = kernel: disable/block unsafe modules
  • /usr/lib/modprobe.d/wireless-perf.conf = kernel: increase Wi-Fi performance for b43 and iwlwifi
  • /usr/lib/NetworkManager/conf.d/30-nm-privacy.conf = NetworkManager: enables MAC randomization and IPv6 privacy extensions and disables connectivity checks
  • /usr/lib/sysctl.d/60-restrict.conf = sysctl: set more restrictive defaults (dmesg, ptrace)
  • /usr/lib/systemd/system/*.service.d/99-brace.conf = systemd service unit sandboxing
  • /usr/lib/systemd/user/restic-backup@.* = systemd user unit for restic backups
  • /usr/lib/tmpfiles.d/99-brace-proc.conf = /proc: harden permissions
  • /usr/lib/tmpfiles.d/99-brace-sys.conf = /sys: harden permissions
  • /usr/bin/brace-supplemental-changes = change extra default settings
  • /usr/sbin/brace-enable-auto-updates = Fedora: automatic system updates using dnf-plugin-system-upgrade
  • /usr/sbin/brace-enable-rpmfusion = Fedora: enable RPM Fusion 'free' repos
  • /usr/sbin/brace-update-system = Fedora: helper to update to the next release
  • /usr/sbin/brace-installer = unified recommended package installer
  • /usr/sbin/brace-rpm-verify = RPM: verifies installed packages for corruption

Known Issues

  • A reboot is required on openSUSE after install for dconf changes to take effect.
  • Compatibility is best with Fedora, and that is the primary test-bed.
  • Restrictions on /sys/bus/scsi in 99-brace-sys.conf can break disc drive access by some programs.

Credits

Donate