many fixes

7 files changed, 18 insertions, 5 deletions

diff --git a/files/etc/auto_master.common b/files/etc/auto_master.common
index 37f3e34..d82114c 100644
--- a/files/etc/auto_master.common
+++ b/files/etc/auto_master.common
@@ -1,2 +1 @@
-/net -hosts -nobrowse,nosuid,intr
 +auto_master
diff --git a/files/etc/cron.d/freeradius.radius_server b/files/etc/cron.d/freeradius.radius_server
index 20f3ada..2081fbd 100644
--- a/files/etc/cron.d/freeradius.radius_server
+++ b/files/etc/cron.d/freeradius.radius_server
@@ -1,2 +1,2 @@
 MAILTO=root
-@daily ${freeradius_user} find ${freeradius_tlscache_dir} -mindepth 1 -mtime +2 -exec rm -vf {} +
+@daily ${freeradius_user} find ${freeradius_tlscache_dir} -mindepth 1 -mtime +2 -exec rm -f {} +
diff --git a/files/etc/cron.d/prosody.xmpp_server b/files/etc/cron.d/prosody.xmpp_server
index b95f010..a73153a 100644
--- a/files/etc/cron.d/prosody.xmpp_server
+++ b/files/etc/cron.d/prosody.xmpp_server
@@ -1,3 +1,3 @@
 MAILTO=root
-0 0 * * * * ${prosody_local_user} /usr/local/libexec/prosody-acme-proxy -q ${prosody_user}@${prosody_acme_host} ${prosody_domains}
-0 0 * * * * ${prosody_local_user} /usr/local/libexec/prosody-update-roster ${prosody_access_role} > ${prosody_roster_path}
+0 0 * * * * ${prosody_local_user} /usr/local/libexec/prosody-acme-proxy -q ${prosody_username}@${prosody_acme_host} ${prosody_domains}
+0 0 * * * * ${prosody_local_user} /usr/local/libexec/prosody-update-roster ${prosody_access_role} ${prosody_roster_path}
diff --git a/files/etc/devfs.rules.desktop b/files/etc/devfs.rules.desktop
index 4c10d43..ec38210 100644
--- a/files/etc/devfs.rules.desktop
+++ b/files/etc/devfs.rules.desktop
@@ -2,3 +2,4 @@
 add path 'drm/*'       mode 0660 group ${desktop_access_role}
 add path 'backlight/*' mode 0660 group ${desktop_access_role}
 add path 'video*'      mode 0660 group ${desktop_access_role}
+add path 'usb/*'       mode 0660 group ${desktop_access_role}
diff --git a/files/etc/login.access.freebsd b/files/etc/login.access.freebsd
index c2d6fc1..ee83dd5 100644
--- a/files/etc/login.access.freebsd
+++ b/files/etc/login.access.freebsd
@@ -2,7 +2,10 @@
 +:root:ALL
 +:${icinga_local_user}:ALL
 
-$(if [ -n "${login_access_groups:-}" ] || [ -n "${login_access_users:-}" ]; then
+$(if [ -n "${acmeproxy_client_group:-}" ]; then
+  echo "+:(${acmeproxy_client_group}):ALL"
+fi
+if [ -n "${login_access_groups:-}" ] || [ -n "${login_access_users:-}" ]; then
   printf -- '-:ALL EXCEPT '
 if [ -n "${login_access_groups:-}" ]; then
   printf    '(%s) ' ${login_access_groups}
diff --git a/files/etc/pam.d/login.freebsd b/files/etc/pam.d/login.freebsd
index ae50bbe..bb215ec 100644
--- a/files/etc/pam.d/login.freebsd
+++ b/files/etc/pam.d/login.freebsd
@@ -12,6 +12,11 @@ session   required    pam_lastlog.so    no_fail
 session   required    pam_xdg.so
 session   required    /usr/local/lib/security/pam_krb5.so
 session   optional    /usr/local/lib/pam_mkhomedir.so mode=0700
+$(if [ "$BOXCONF_VIRTUALIZATION_TYPE" != jail ] && [ "${enable_autofs:-}" != false ]; then
+cat <<EOF
+session   optional    pam_exec.so /usr/local/libexec/pam-create-local-homedir
+EOF
+fi)
 
 password  sufficient  /usr/local/lib/security/pam_krb5.so try_first_pass
 password  required    pam_unix.so no_warn try_first_pass
diff --git a/files/etc/pam.d/sshd.freebsd b/files/etc/pam.d/sshd.freebsd
index 1f81b48..e00fb13 100644
--- a/files/etc/pam.d/sshd.freebsd
+++ b/files/etc/pam.d/sshd.freebsd
@@ -8,6 +8,11 @@ account   required    pam_unix.so
 
 session   required    /usr/local/lib/security/pam_krb5.so
 session   required    /usr/local/lib/pam_mkhomedir.so mode=0700
+$(if [ "$BOXCONF_VIRTUALIZATION_TYPE" != jail ] && [ "${enable_autofs:-}" != false ]; then
+cat <<EOF
+session   optional    pam_exec.so /usr/local/libexec/pam-create-local-homedir
+EOF
+fi)
 
 password  sufficient  /usr/local/lib/security/pam_krb5.so try_first_pass
 password  required    pam_unix.so no_warn try_first_pass