#!/bin/sh
: ${desktop_access_gid:='40000'}
: ${sddm_min_uid:='10000'}
: ${sddm_max_uid:='19999'}
: ${cups_host:='cups'}
: ${ublock_whitelist:=''}
: ${chrome_flags:=''}
sddm_user=sddm
cups_conf_dir=/usr/local/etc/cups
if [ "${enable_idm:-}" = false ]; then
desktop_access_role=operator
else
ldap_add "cn=${desktop_access_role},${roles_basedn}" <<EOF
objectClass: groupOfMembers
objectClass: posixGroup
cn: ${desktop_access_role}
gidNumber: ${desktop_access_gid}
EOF
fi
# Load linux kernel modules.
load_kernel_module linux linux64
set_loader_conf \
linux_load=YES \
linux64_load=YES
# Install packages common to all DEs.
pkg install -y $desktop_common_packages
# Install scripts for creating local (non-NFS) home directories.
install_file -m 0555 \
/usr/local/libexec/pam-create-local-homedir \
/etc/profile.d/local-homedir.sh
# Create ZFS dataset for local homedirs.
create_dataset -o mountpoint=/usr/local/home "${state_dataset}/home"
zfs set \
com.sun:auto-snapshot:hourly=true \
com.sun:auto-snapshot:daily=true \
com.sun:auto-snapshot:weekly=true \
"${state_dataset}/home"
# Enable sndio.
sysrc -v sndiod_enable=YES
service sndiod status || service sndiod start
# Create local group for desktop-access.
# This is for *local* users that need access to the drm device.
add_group -g "$desktop_access_gid" "$desktop_access_role"
# Create desktop devfs ruleset.
install_template -m 0644 /etc/devfs.rules
sysrc -v "devfs_system_ruleset=${devfs_local_ruleset_name}"
service devd restart
# Enable webcamd.
load_kernel_module cuse
set_loader_conf cuse_load=YES
sysrc -v webcamd_enable=YES
service webcamd status || service webcamd start
# Create xdg autostart entry to add our Root CA to Chrome's certificate store.
install_file -m 0644 /usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop
install_file -m 0555 /usr/local/libexec/nss-trust-root-ca
case $desktop_type in
i3)
pkg install -y $desktop_i3_packages
;;
kde)
# Install KDE packages.
pkg install -y $desktop_kde_packages
# Add sddm user to drm access group.
pw groupmod "$desktop_access_role" -m "$sddm_user"
# Configure pam services.
install_file -m 0644 \
/etc/pam.d/sddm \
/etc/pam.d/kde
# Copy SDDM config file.
install_template -m 0644 /usr/local/etc/sddm.conf
# Create profile script for KDE environment variables.
install_file -m 0644 /etc/profile.d/kde.sh
# Create SDDM local homedir.
install_directory -o sddm -g sddm -m 0700 /usr/local/home/sddm
# Create shutdown script to cleanup lingering processes.
install_directory -m 0755 \
/usr/local/etc/xdg/plasma-workspace \
/usr/local/etc/xdg/plasma-workspace/shutdown
install_file -m 0555 /usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh
# Enable sddm.
sysrc -v sddm_enable=YES
;;
esac
# Tune sysctls for desktop usage.
set_sysctl \
net.local.stream.recvspace=65536 \
net.local.stream.sendspace=65536 \
kern.sched.preempt_thresh=224 \
vfs.usermount=1
set_loader_conf \
kern.ipc.shmseg=1024 \
kern.ipc.shmmni=1024 \
kern.maxproc=100000 \
hw.pci.do_power_nodriver=3
# Create policy file for firefox.
install_directory -m 0755 /usr/local/lib/firefox/distribution
install_template -m 0644 /usr/local/lib/firefox/distribution/policies.json
# Create policy file for chromium.
install_directory -m 0755 \
/usr/local/etc/chromium/policies \
/usr/local/etc/chromium/policies/managed
install_template -m 0644 /usr/local/etc/chromium/policies/managed/policies.json
# Configure libreoffice
install_file -m 0644 /usr/local/lib/libreoffice/program/sofficerc
# Add terminus font to X11
install_file -m 0644 /usr/local/etc/X11/xorg.conf.d/terminus.conf
# Create xdg override directory.
install_directory -m 0755 \
"${xdg_override_dir}" \
"${xdg_override_dir}/applications"
# Create xdg application overrides.
install_template -m 0644 \
"${xdg_override_dir}/applications/signal-desktop.desktop" \
"${xdg_override_dir}/applications/chromium-browser.desktop"
# Create polkit rules for shutdown/reboot/suspend
install_template -m 0644 /usr/local/etc/polkit-1/rules.d/51-desktop.rules
# Enable dbus.
sysrc -v dbus_enable=YES
service dbus status || service dbus start
# Configure CUPS.
pkg install -y cups
install_template -m 0644 "${cups_conf_dir}/client.conf"
# Configure graphics drivers.
case $graphics_type in
intel)
pkg install -y drm-kmod libva-intel-media-driver
sysrc -v kld_list+=i915kms
load_kernel_module i915kms
set_loader_conf \
compat.linuxkpi.i915_enable_fbc=1 \
compat.linuxkpi.i915_fastboot=1
;;
esac
# On some graphics cards, kern.vt.suspendswitch=1 (the default) breaks graphics
# acceleration after resuming from sleep.
set_sysctl kern.vt.suspendswitch="${vt_suspendswitch:-1}"
# Fix xterm-256color termcap
# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280679
cat <<'EOF' | tic -o /usr/local/share/site-terminfo -
xterm-256color|xterm with 256 colors,
am, bce, ccc, km, mc5i, mir, msgr, npc, xenl,
colors#0x100, cols#80, it#8, lines#24, pairs#0x10000,
acsc=``aaffggiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~,
bel=^G, blink=\E[5m, bold=\E[1m, cbt=\E[Z, civis=\E[?25l,
clear=\E[H\E[2J, cnorm=\E[?12l\E[?25h, cr=\r,
csr=\E[%i%p1%d;%p2%dr, cub=\E[%p1%dD, cub1=^H,
cud=\E[%p1%dB, cud1=\n, cuf=\E[%p1%dC, cuf1=\E[C,
cup=\E[%i%p1%d;%p2%dH, cuu=\E[%p1%dA, cuu1=\E[A,
cvvis=\E[?12;25h, dch=\E[%p1%dP, dch1=\E[P, dim=\E[2m,
dl=\E[%p1%dM, dl1=\E[M, ech=\E[%p1%dX, ed=\E[J, el=\E[K,
el1=\E[1K, flash=\E[?5h$<100/>\E[?5l, home=\E[H,
hpa=\E[%i%p1%dG, ht=^I, hts=\EH, ich=\E[%p1%d@,
il=\E[%p1%dL, il1=\E[L, ind=\n, indn=\E[%p1%dS,
initc=\E]4;%p1%d;rgb:%p2%{255}%*%{1000}%/%2.2X/%p3%{255}%*%{1000}%/%2.2X/%p4%{255}%*%{1000}%/%2.2X\E\\,
invis=\E[8m, is2=\E[!p\E[?3;4l\E[4l\E>, kDC=\E[3;2~,
kEND=\E[1;2F, kHOM=\E[1;2H, kIC=\E[2;2~, kLFT=\E[1;2D,
kNXT=\E[6;2~, kPRV=\E[5;2~, kRIT=\E[1;2C, ka1=\EOw,
ka3=\EOy, kb2=\EOu, kbs=^?, kc1=\EOq, kc3=\EOs, kcbt=\E[Z,
kcub1=\EOD, kcud1=\EOB, kcuf1=\EOC, kcuu1=\EOA,
kdch1=\E[3~, kend=\EOF, kent=\EOM, kf1=\EOP, kf10=\E[21~,
kf11=\E[23~, kf12=\E[24~, kf13=\E[1;2P, kf14=\E[1;2Q,
kf15=\E[1;2R, kf16=\E[1;2S, kf17=\E[15;2~, kf18=\E[17;2~,
kf19=\E[18;2~, kf2=\EOQ, kf20=\E[19;2~, kf21=\E[20;2~,
kf22=\E[21;2~, kf23=\E[23;2~, kf24=\E[24;2~,
kf25=\E[1;5P, kf26=\E[1;5Q, kf27=\E[1;5R, kf28=\E[1;5S,
kf29=\E[15;5~, kf3=\EOR, kf30=\E[17;5~, kf31=\E[18;5~,
kf32=\E[19;5~, kf33=\E[20;5~, kf34=\E[21;5~,
kf35=\E[23;5~, kf36=\E[24;5~, kf37=\E[1;6P, kf38=\E[1;6Q,
kf39=\E[1;6R, kf4=\EOS, kf40=\E[1;6S, kf41=\E[15;6~,
kf42=\E[17;6~, kf43=\E[18;6~, kf44=\E[19;6~,
kf45=\E[20;6~, kf46=\E[21;6~, kf47=\E[23;6~,
kf48=\E[24;6~, kf49=\E[1;3P, kf5=\E[15~, kf50=\E[1;3Q,
kf51=\E[1;3R, kf52=\E[1;3S, kf53=\E[15;3~, kf54=\E[17;3~,
kf55=\E[18;3~, kf56=\E[19;3~, kf57=\E[20;3~,
kf58=\E[21;3~, kf59=\E[23;3~, kf6=\E[17~, kf60=\E[24;3~,
kf61=\E[1;4P, kf62=\E[1;4Q, kf63=\E[1;4R, kf7=\E[18~,
kf8=\E[19~, kf9=\E[20~, khome=\EOH, kich1=\E[2~,
kind=\E[1;2B, kmous=\E[<, knp=\E[6~, kpp=\E[5~,
kri=\E[1;2A, mc0=\E[i, mc4=\E[4i, mc5=\E[5i, meml=\El,
memu=\Em, mgc=\E[?69l, nel=\EE, oc=\E]104\007,
op=\E[39;49m, rc=\E8, rep=%p1%c\E[%p2%{1}%-%db,
rev=\E[7m, ri=\EM, rin=\E[%p1%dT, ritm=\E[23m, rmacs=\E(B,
rmam=\E[?7l, rmcup=\E[?1049l\E[23;0;0t, rmir=\E[4l,
rmkx=\E[?1l\E>, rmm=\E[?1034l, rmso=\E[27m, rmul=\E[24m,
rs1=\Ec\E]104\007, rs2=\E[!p\E[?3;4l\E[4l\E>, sc=\E7,
setab=\E[%?%p1%{8}%<%t4%p1%d%e%p1%{16}%<%t10%p1%{8}%-%d%e48;5;%p1%d%;m,
setaf=\E[%?%p1%{8}%<%t3%p1%d%e%p1%{16}%<%t9%p1%{8}%-%d%e38;5;%p1%d%;m,
sgr=%?%p9%t\E(0%e\E(B%;\E[0%?%p6%t;1%;%?%p5%t;2%;%?%p2%t;4%;%?%p1%p3%|%t;7%;%?%p4%t;5%;%?%p7%t;8%;m,
sgr0=\E(B\E[m, sitm=\E[3m, smacs=\E(0, smam=\E[?7h,
smcup=\E[?1049h\E[22;0;0t,
smglr=\E[?69h\E[%i%p1%d;%p2%ds, smir=\E[4h,
smkx=\E[?1h\E=, smm=\E[?1034h, smso=\E[7m, smul=\E[4m,
tbc=\E[3g, u6=\E[%i%d;%dR, u7=\E[6n,
u8=\E[?%[;0123456789]c, u9=\E[c, vpa=\E[%i%p1%dd,
EOF
# Start login manager.
case $desktop_type in
kde)
# We have to redirect the output here because sddm holds FDs open :(
service sddm status || service sddm start > /dev/null 2>&1 < /dev/null || die 'failed to start sddm'
;;
esac
