diff options
| author | Cullum Smith <cullum@sacredheartsc.com> | 2024-12-07 09:46:11 -0500 |
|---|---|---|
| committer | Cullum Smith <cullum@sacredheartsc.com> | 2024-12-07 09:46:11 -0500 |
| commit | 3bf88b434d231231bbbcb9a9d34eae91778016cf (patch) | |
| tree | 903af25abd49155841decab469876ee19b2e53fa | |
| parent | 3d89a01c4b1cf1aa1815e8c46d5d6b74b0f9f374 (diff) | |
| download | infrastructure-3bf88b434d231231bbbcb9a9d34eae91778016cf.tar.gz | |
fixes for laptops
27 files changed, 173 insertions, 101 deletions
diff --git a/files/etc/devd/lid-close.conf.laptop b/files/etc/devd/lid-close.conf.laptop deleted file mode 100644 index 751c546..0000000 --- a/files/etc/devd/lid-close.conf.laptop +++ /dev/null @@ -1,6 +0,0 @@ -notify 20 { - match "system" "ACPI"; - match "subsystem" "Lid"; - match "notify" "0x00"; - action "/usr/local/libexec/lid-close"; -}; diff --git a/files/etc/devd/lid-close.conf.roadwarrior_laptop b/files/etc/devd/lid-close.conf.roadwarrior_laptop deleted file mode 120000 index b6dd50e..0000000 --- a/files/etc/devd/lid-close.conf.roadwarrior_laptop +++ /dev/null @@ -1 +0,0 @@ -lid-close.conf.laptop
\ No newline at end of file diff --git a/files/etc/devfs.rules.roadwarrior_laptop b/files/etc/devfs.rules.roadwarrior_laptop new file mode 120000 index 0000000..62718d0 --- /dev/null +++ b/files/etc/devfs.rules.roadwarrior_laptop @@ -0,0 +1 @@ +devfs.rules.desktop
\ No newline at end of file diff --git a/files/etc/login.conf.roadwarrior_laptop b/files/etc/login.conf.roadwarrior_laptop index 2dde3a4..0ac24a1 120000..100644 --- a/files/etc/login.conf.roadwarrior_laptop +++ b/files/etc/login.conf.roadwarrior_laptop @@ -1 +1,65 @@ -login.conf.desktop
\ No newline at end of file +default:\\ + :passwd_format=sha512:\\ + :copyright=/etc/COPYRIGHT:\\ + :welcome=/var/run/motd:\\ + :setenv=BLOCKSIZE=K,XDG_DATA_DIRS=${xdg_override_dir}\\c/usr/local/share:\\ + :mail=/var/mail/\$:\\ + :path=/sbin /bin /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin ~/bin:\\ + :nologin=/var/run/nologin:\\ + :cputime=unlimited:\\ + :datasize=unlimited:\\ + :stacksize=unlimited:\\ + :memorylocked=64M:\\ + :memoryuse=unlimited:\\ + :filesize=unlimited:\\ + :coredumpsize=unlimited:\\ + :openfiles=unlimited:\\ + :maxproc=unlimited:\\ + :sbsize=unlimited:\\ + :vmemoryuse=unlimited:\\ + :swapuse=unlimited:\\ + :pseudoterminals=unlimited:\\ + :kqueues=unlimited:\\ + :umtxp=unlimited:\\ + :pipebuf=unlimited:\\ + :priority=0:\\ + :ignoretime@:\\ + :umask=022:\\ + :charset=UTF-8:\\ + :lang=${locale}: + +# +# A collection of common class names - forward them all to 'default' +# (login would normally do this anyway, but having a class name +# here suppresses the diagnostic) +# +standard:\\ + :tc=default: +xuser:\\ + :tc=default: +staff:\\ + :tc=default: + +# This PATH may be clobbered by individual applications. Notably, by default, +# rc(8), service(8), and cron(8) will all override it with a default PATH that +# may not include /usr/local/sbin and /usr/local/bin when starting services or +# jobs. +daemon:\\ + :path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin:\\ + :mail@:\\ + :memorylocked=128M:\\ + :tc=default: +news:\\ + :tc=default: +dialer:\\ + :tc=default: + +# +# Root can always login +# +# N.B. login_getpwclass(3) will use this entry for the root account, +# in preference to 'default'. +root:\\ + :ignorenologin:\\ + :memorylocked=unlimited:\\ + :tc=default: diff --git a/files/etc/pam.d/kde.roadwarrior_laptop b/files/etc/pam.d/kde.roadwarrior_laptop new file mode 100644 index 0000000..f28d9e1 --- /dev/null +++ b/files/etc/pam.d/kde.roadwarrior_laptop @@ -0,0 +1,6 @@ +auth optional /usr/local/lib/security/pam_krb5.so try_first_pass +auth required pam_exec.so return_prog_exit_status expose_authtok use_first_pass /usr/local/libexec/unix-selfauth-helper + +account required /usr/local/lib/security/pam_krb5.so +account required pam_login_access.so nodefgroup +account required pam_unix.so diff --git a/files/etc/pam.d/sddm.freebsd b/files/etc/pam.d/sddm.freebsd index c222750..cebac04 100644 --- a/files/etc/pam.d/sddm.freebsd +++ b/files/etc/pam.d/sddm.freebsd @@ -3,6 +3,7 @@ # if we want pam_kwallet5 to execute. # Hence, for sddm, we try krb5 only (no local accounts). auth sufficient pam_self.so no_warn +auth required pam_unix.so auth required /usr/local/lib/security/pam_krb5.so try_first_pass auth optional pam_exec.so /usr/local/libexec/pam-create-local-homedir auth optional pam_kwallet5.so diff --git a/files/etc/pam.d/sddm.roadwarrior_laptop b/files/etc/pam.d/sddm.roadwarrior_laptop new file mode 100644 index 0000000..0922e95 --- /dev/null +++ b/files/etc/pam.d/sddm.roadwarrior_laptop @@ -0,0 +1,19 @@ +auth sufficient pam_self.so no_warn +auth optional /usr/local/lib/security/pam_krb5.so try_first_pass +auth required pam_unix.so try_first_pass +auth optional pam_kwallet5.so + +account requisite pam_securetty.so +account required pam_nologin.so +account required /usr/local/lib/security/pam_krb5.so +account required pam_login_access.so nodefgroup +account required pam_unix.so + +session required pam_lastlog.so no_fail +session required pam_xdg.so no_fail +session required /usr/local/lib/security/pam_krb5.so +session optional /usr/local/lib/pam_mkhomedir.so mode=0700 +session optional pam_kwallet5.so auto_start + +password required pam_unix.so no_warn try_first_pass +password optional /usr/local/lib/security/pam_krb5.so try_first_pass diff --git a/files/usr/local/etc/chromium/policies/managed/policies.json.desktop b/files/usr/local/etc/chromium/policies/managed/policies.json.desktop index 1391d09..e6ef0b7 100644 --- a/files/usr/local/etc/chromium/policies/managed/policies.json.desktop +++ b/files/usr/local/etc/chromium/policies/managed/policies.json.desktop @@ -86,7 +86,7 @@ "update_url": "https://clients2.google.com/service/update2/crx" }, "cimiefiiaegbelhefglklhhakcgmhkai": { - "installation_mode": "$(if [ "${desktop_type:-}" = kde ]; then echo normal_installed; else echo allowed; fi)", + "installation_mode": "normal_installed", "update_url": "https://clients2.google.com/service/update2/crx" } }, diff --git a/files/usr/local/etc/polkit-1/rules.d/51-desktop.rules.laptop b/files/usr/local/etc/polkit-1/rules.d/51-desktop.rules.laptop new file mode 120000 index 0000000..d524580 --- /dev/null +++ b/files/usr/local/etc/polkit-1/rules.d/51-desktop.rules.laptop @@ -0,0 +1 @@ +51-desktop.rules.desktop
\ No newline at end of file diff --git a/files/usr/local/etc/polkit-1/rules.d/51-desktop.rules.roadwarrior_laptop b/files/usr/local/etc/polkit-1/rules.d/51-desktop.rules.roadwarrior_laptop new file mode 120000 index 0000000..d524580 --- /dev/null +++ b/files/usr/local/etc/polkit-1/rules.d/51-desktop.rules.roadwarrior_laptop @@ -0,0 +1 @@ +51-desktop.rules.desktop
\ No newline at end of file diff --git a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository index 3ee3437..a2027db 100644 --- a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository +++ b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository @@ -93,6 +93,7 @@ net-mgmt/icingadb net-mgmt/icingaweb2 net-mgmt/icingaweb2-module-icingadb net-mgmt/monitoring-plugins +net-mgmt/networkmgr net-mgmt/unifi8 net/asterisk18 net/freeradius3 diff --git a/files/usr/local/etc/ssh/sshd_config.roadwarrior_laptop b/files/usr/local/etc/ssh/sshd_config.roadwarrior_laptop new file mode 120000 index 0000000..355377d --- /dev/null +++ b/files/usr/local/etc/ssh/sshd_config.roadwarrior_laptop @@ -0,0 +1 @@ +sshd_config.no_idm
\ No newline at end of file diff --git a/files/usr/local/lib/firefox/distribution/policies.json.desktop b/files/usr/local/lib/firefox/distribution/policies.json.desktop index aa2de1b..79625fe 100644 --- a/files/usr/local/lib/firefox/distribution/policies.json.desktop +++ b/files/usr/local/lib/firefox/distribution/policies.json.desktop @@ -11,11 +11,11 @@ }, "{9cbd40c5-5275-443e-811b-dc57d8c7c5d2}": { "install_url": "https://addons.mozilla.org/firefox/downloads/latest/kde-default-breeze/latest.xpi", - "installation_mode": "$(if [ "${desktop_type:-}" = kde ]; then echo 'normal_installed'; else echo 'allowed'; fi)" + "installation_mode": "normal_installed" }, "plasma-browser-integration@kde.org": { "install_url": "https://addons.mozilla.org/firefox/downloads/latest/plasma-integration/latest.xpi", - "installation_mode": "$(if [ "${desktop_type:-}" = kde ]; then echo normal_installed; else echo allowed; fi)" + "installation_mode": "normal_installed" } }, "3rdparty": { diff --git a/files/usr/local/lib/thunderbird/distribution/policies.json.laptop b/files/usr/local/lib/thunderbird/distribution/policies.json.laptop new file mode 120000 index 0000000..93bcb92 --- /dev/null +++ b/files/usr/local/lib/thunderbird/distribution/policies.json.laptop @@ -0,0 +1 @@ +policies.json.desktop
\ No newline at end of file diff --git a/files/usr/local/lib/thunderbird/distribution/policies.json.roadwarrior_laptop b/files/usr/local/lib/thunderbird/distribution/policies.json.roadwarrior_laptop new file mode 120000 index 0000000..93bcb92 --- /dev/null +++ b/files/usr/local/lib/thunderbird/distribution/policies.json.roadwarrior_laptop @@ -0,0 +1 @@ +policies.json.desktop
\ No newline at end of file diff --git a/scripts/hostclass/desktop b/scripts/hostclass/desktop index e6ddd86..8fdfca4 100644 --- a/scripts/hostclass/desktop +++ b/scripts/hostclass/desktop @@ -23,15 +23,19 @@ fi # Load linux kernel modules. sysrc -v linux_enable=YES +service linux start # Enable FUSE. sysrc -v kld_list+=fusefs +load_kernel_module fusefs # Install packages common to all DEs. -pkg install -y $desktop_common_packages +pkg install -y $desktop_packages # Install profile script for improving experience on NFS homedirs. -install_file -m 0555 /etc/profile.d/local-homedir.sh +if [ "${enable_idm:-}" != false ]; then + install_file -m 0555 /etc/profile.d/local-homedir.sh +fi # Create ZFS dataset for local homedirs. create_dataset -o mountpoint=/usr/local/home "${state_dataset}/home" @@ -65,51 +69,41 @@ install_file -m 0555 /usr/local/libexec/nss-trust-root-ca # Install gajim desktop file. install_file -m 0644 /usr/local/share/applications/gajim.desktop -case $desktop_type in - i3) - pkg install -y $desktop_i3_packages - ;; - kde) - # Install KDE packages. - pkg install -y $desktop_kde_packages - - # Add sddm user to drm access group. - pw groupmod "$desktop_access_role" -m "$sddm_user" +# Add sddm user to drm access group. +pw groupmod "$desktop_access_role" -m "$sddm_user" - # Configure pam services. - install_file -m 0644 \ - /etc/pam.d/sddm \ - /etc/pam.d/kde +# Configure pam services. +install_file -m 0644 \ + /etc/pam.d/sddm \ + /etc/pam.d/kde - # Copy SDDM config file. - install_template -m 0644 /usr/local/etc/sddm.conf +# Copy SDDM config file. +install_template -m 0644 /usr/local/etc/sddm.conf - # Create profile script for KDE environment variables. - install_file -m 0644 /etc/profile.d/kde.sh +# Create profile script for KDE environment variables. +install_file -m 0644 /etc/profile.d/kde.sh - # Create SDDM local homedir. - install_directory -o sddm -g sddm -m 0700 /usr/local/home/sddm +# Create SDDM local homedir. +install_directory -o sddm -g sddm -m 0700 /usr/local/home/sddm - # Create shutdown script to cleanup lingering processes. - install_directory -m 0755 \ - /usr/local/etc/xdg/plasma-workspace \ - /usr/local/etc/xdg/plasma-workspace/shutdown - install_file -m 0555 /usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh +# Create shutdown script to cleanup lingering processes. +install_directory -m 0755 \ + /usr/local/etc/xdg/plasma-workspace \ + /usr/local/etc/xdg/plasma-workspace/shutdown +install_file -m 0555 /usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh - # Disable baloo file search. - # Don't know anyone that uses it, and litters $HOME with .nfs files whenever - # any file is deleted. - install_file -m 0644 /usr/local/etc/xdg/baloofilerc +# Disable baloo file search. +# Don't know anyone that uses it, and litters $HOME with .nfs files whenever +# any file is deleted. +install_file -m 0644 /usr/local/etc/xdg/baloofilerc - # Disable user switching - # Broken with consolekit: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=221452 - # VT switch causes loss of graphics acceleration: https://github.com/freebsd/drm-kmod/issues/175 - install_file -m 0644 /usr/local/etc/xdg/kdeglobals +# Disable user switching +# Broken with consolekit: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=221452 +# VT switch causes loss of graphics acceleration: https://github.com/freebsd/drm-kmod/issues/175 +install_file -m 0644 /usr/local/etc/xdg/kdeglobals - # Enable sddm. - sysrc -v sddm_enable=YES - ;; -esac +# Enable sddm. +sysrc -v sddm_enable=YES # Tune sysctls for desktop usage. set_sysctl \ @@ -186,9 +180,4 @@ set_sysctl kern.vt.suspendswitch="${vt_suspendswitch:-1}" install_template -m 0644 /usr/local/etc/mpv/mpv.conf # Start login manager. -case $desktop_type in - kde) - # We have to redirect the output here because sddm holds FDs open :( - service sddm status || service sddm start > /dev/null 2>&1 < /dev/null || die 'failed to start sddm' - ;; -esac +service sddm status || service sddm start > /dev/null 2>&1 < /dev/null || die 'failed to start sddm' diff --git a/scripts/hostclass/laptop/20-laptop b/scripts/hostclass/laptop/20-laptop index 5c9cfd0..5a26b4c 100644 --- a/scripts/hostclass/laptop/20-laptop +++ b/scripts/hostclass/laptop/20-laptop @@ -4,11 +4,6 @@ usbconfig | awk -F: '{ print $1 }' | xargs -rtn1 -I% usbconfig -d % power_save ||: install_file /etc/rc.local -# Create devd rule for lid close. -install_file -m 0555 /usr/local/libexec/lid-close -install_file -m 0644 /etc/devd/lid-close.conf -service devd restart - # Enable kernel module for Android USB tethering. load_kernel_module if_urndis set_loader_conf if_urndis_load=YES diff --git a/scripts/hostclass/roadwarrior_laptop/30-roadwarrior b/scripts/hostclass/roadwarrior_laptop/30-roadwarrior index f75685a..cf3219d 100644 --- a/scripts/hostclass/roadwarrior_laptop/30-roadwarrior +++ b/scripts/hostclass/roadwarrior_laptop/30-roadwarrior @@ -8,3 +8,13 @@ install_file -m 0600 \ # Configure devd for Android USB tethering. install_file -m 0644 /etc/devd/usb-tether.conf service devd restart + +# Configure KRB5/LDAP. But only for manual use, not for NSS/PAM. +pkg install -y \ + krb5 \ + cyrus-sasl-gssapi \ + openldap26-client + +install_template -m 0644 \ + /etc/krb5.conf \ + /usr/local/etc/openldap/ldap.conf diff --git a/scripts/os/freebsd/40-pkg b/scripts/os/freebsd/40-pkg index 46adc66..7c1c828 100644 --- a/scripts/os/freebsd/40-pkg +++ b/scripts/os/freebsd/40-pkg @@ -4,7 +4,7 @@ case $BOXCONF_HOSTCLASS in pkg_repository) return # Do nothing. ;; - freebsd_hypervisor|roadwarrior_laptop) + freebsd_hypervisor) ;; # Keep default FreeBSD pkg repository. *) # Configure on-prem pkg repository. diff --git a/vars/common b/vars/common index ff62fc1..be8e34a 100644 --- a/vars/common +++ b/vars/common @@ -40,7 +40,6 @@ nproc=$(nproc) allowed_tcp_ports=ssh bootstrap_resolvers='1.1.1.1' -desktop_type=kde enable_serial_console=true graphics_type=intel boxconf_username='s-boxconf' diff --git a/vars/hostclass/desktop b/vars/hostclass/desktop index 0e708f2..f56a5ae 100644 --- a/vars/hostclass/desktop +++ b/vars/hostclass/desktop @@ -38,38 +38,55 @@ gsound" # signal-desktop requires pulseaudio for audio/video chat. SAD! # Also, freedesktop-sound-theme is required for notification sounds in Dino -desktop_common_packages=" +desktop_packages=" +${gajim_packages} +android-file-transfer-qt5 android-tools +audacious-plugins-qt5 +audacious-qt5 bind-tools ca_root_nss cantarell-fonts chromium +digikam +dino droid-fonts-ttf eclipse +elisa +en-hunspell ffmpeg firefox +freedesktop-sound-theme git gnupg +gtksourceview4 hs-pandoc inconsolata-ttf jq +k3b +kde5 +kid3-kf5 +kmix +konversation krb5 libreoffice libva-utils libvdpau-va-gl +merkuro mpv neofetch noto-basic noto-emoji password-store pdftk +pim-sieve-editor postgresql16-client pulseaudio -python py${python_version}-pip +python roboto-fonts-ttf rsync -freedesktop-sound-theme +sddm signal-desktop sndio stow @@ -79,41 +96,10 @@ thunderbird tmux tree ubuntu-font -vdpauinfo v4l-utils v4l_compat +vdpauinfo webcamd webfonts wireguard-tools xorg" - -desktop_kde_packages=" -android-file-transfer-qt5 -audacious-qt5 -audacious-plugins-qt5 -digikam -dino -elisa -${gajim_packages} -gtksourceview4 -k3b -kde5 -kid3-kf5 -kmix -konversation -pim-sieve-editor -en-hunspell -merkuro -sddm" - -desktop_i3_packages=' -compton -dunst -dmenu -i3 -i3lock -i3status -profanity -xfontsel -xidle -xterm' diff --git a/vars/hostclass/laptop b/vars/hostclass/laptop deleted file mode 120000 index 8714ca2..0000000 --- a/vars/hostclass/laptop +++ /dev/null @@ -1 +0,0 @@ -desktop
\ No newline at end of file diff --git a/vars/hostclass/roadwarrior_laptop/desktop b/vars/hostclass/laptop/10-desktop index 2c7c348..2c7c348 120000 --- a/vars/hostclass/roadwarrior_laptop/desktop +++ b/vars/hostclass/laptop/10-desktop diff --git a/vars/hostclass/laptop/20-vars b/vars/hostclass/laptop/20-vars new file mode 100644 index 0000000..c9f82d9 --- /dev/null +++ b/vars/hostclass/laptop/20-vars @@ -0,0 +1,3 @@ +#!/bin/sh + +polkit_disable_suspend=false diff --git a/vars/hostclass/roadwarrior_laptop/10-desktop b/vars/hostclass/roadwarrior_laptop/10-desktop new file mode 120000 index 0000000..2c7c348 --- /dev/null +++ b/vars/hostclass/roadwarrior_laptop/10-desktop @@ -0,0 +1 @@ +../desktop
\ No newline at end of file diff --git a/vars/hostclass/roadwarrior_laptop/vars b/vars/hostclass/roadwarrior_laptop/20-vars index 712d724..b7896f4 100644 --- a/vars/hostclass/roadwarrior_laptop/vars +++ b/vars/hostclass/roadwarrior_laptop/20-vars @@ -1,6 +1,7 @@ #!/bin/sh -resolvers=$bootstrap_resolvers pf_skip_interfaces=wg see_other_uids=1 enable_idm=false + +polkit_disable_suspend=false diff --git a/vars/hostname/rlaptop1 b/vars/hostname/rlaptop1 index 7c8df01..b9bef40 100644 --- a/vars/hostname/rlaptop1 +++ b/vars/hostname/rlaptop1 @@ -1,7 +1,6 @@ #!/bin/sh pf_egress_interfaces='wlan0 em0 ue0' -desktop_type=i3 wireless_type=iwm8265 console_font=spleen-12x24 laptop_type=thinkpad |