diff options
| author | Cullum Smith <cullum@sacredheartsc.com> | 2024-10-31 21:36:39 -0400 |
|---|---|---|
| committer | Cullum Smith <cullum@sacredheartsc.com> | 2024-10-31 21:36:39 -0400 |
| commit | 2c9845db4bc00221bc3c2343a020208f7f532166 (patch) | |
| tree | 843bc24a1bbf2cad33c4bdc8a17c3d0d838fceb4 /files | |
| parent | 7eb111136453d0e8d8451d7dd85ba9892318f294 (diff) | |
| download | infrastructure-2c9845db4bc00221bc3c2343a020208f7f532166.tar.gz | |
many fixes
Diffstat (limited to 'files')
30 files changed, 210 insertions, 82 deletions
diff --git a/files/etc/auto_master.common b/files/etc/auto_master.common index 37f3e34..d82114c 100644 --- a/files/etc/auto_master.common +++ b/files/etc/auto_master.common @@ -1,2 +1 @@ -/net -hosts -nobrowse,nosuid,intr +auto_master diff --git a/files/etc/cron.d/freeradius.radius_server b/files/etc/cron.d/freeradius.radius_server index 20f3ada..2081fbd 100644 --- a/files/etc/cron.d/freeradius.radius_server +++ b/files/etc/cron.d/freeradius.radius_server @@ -1,2 +1,2 @@ MAILTO=root -@daily ${freeradius_user} find ${freeradius_tlscache_dir} -mindepth 1 -mtime +2 -exec rm -vf {} + +@daily ${freeradius_user} find ${freeradius_tlscache_dir} -mindepth 1 -mtime +2 -exec rm -f {} + diff --git a/files/etc/cron.d/prosody.xmpp_server b/files/etc/cron.d/prosody.xmpp_server index b95f010..a73153a 100644 --- a/files/etc/cron.d/prosody.xmpp_server +++ b/files/etc/cron.d/prosody.xmpp_server @@ -1,3 +1,3 @@ MAILTO=root -0 0 * * * * ${prosody_local_user} /usr/local/libexec/prosody-acme-proxy -q ${prosody_user}@${prosody_acme_host} ${prosody_domains} -0 0 * * * * ${prosody_local_user} /usr/local/libexec/prosody-update-roster ${prosody_access_role} > ${prosody_roster_path} +0 0 * * * * ${prosody_local_user} /usr/local/libexec/prosody-acme-proxy -q ${prosody_username}@${prosody_acme_host} ${prosody_domains} +0 0 * * * * ${prosody_local_user} /usr/local/libexec/prosody-update-roster ${prosody_access_role} ${prosody_roster_path} diff --git a/files/etc/devfs.rules.desktop b/files/etc/devfs.rules.desktop index 4c10d43..ec38210 100644 --- a/files/etc/devfs.rules.desktop +++ b/files/etc/devfs.rules.desktop @@ -2,3 +2,4 @@ add path 'drm/*' mode 0660 group ${desktop_access_role} add path 'backlight/*' mode 0660 group ${desktop_access_role} add path 'video*' mode 0660 group ${desktop_access_role} +add path 'usb/*' mode 0660 group ${desktop_access_role} diff --git a/files/etc/login.access.freebsd b/files/etc/login.access.freebsd index c2d6fc1..ee83dd5 100644 --- a/files/etc/login.access.freebsd +++ b/files/etc/login.access.freebsd @@ -2,7 +2,10 @@ +:root:ALL +:${icinga_local_user}:ALL -$(if [ -n "${login_access_groups:-}" ] || [ -n "${login_access_users:-}" ]; then +$(if [ -n "${acmeproxy_client_group:-}" ]; then + echo "+:(${acmeproxy_client_group}):ALL" +fi +if [ -n "${login_access_groups:-}" ] || [ -n "${login_access_users:-}" ]; then printf -- '-:ALL EXCEPT ' if [ -n "${login_access_groups:-}" ]; then printf '(%s) ' ${login_access_groups} diff --git a/files/etc/pam.d/login.freebsd b/files/etc/pam.d/login.freebsd index ae50bbe..bb215ec 100644 --- a/files/etc/pam.d/login.freebsd +++ b/files/etc/pam.d/login.freebsd @@ -12,6 +12,11 @@ session required pam_lastlog.so no_fail session required pam_xdg.so session required /usr/local/lib/security/pam_krb5.so session optional /usr/local/lib/pam_mkhomedir.so mode=0700 +$(if [ "$BOXCONF_VIRTUALIZATION_TYPE" != jail ] && [ "${enable_autofs:-}" != false ]; then +cat <<EOF +session optional pam_exec.so /usr/local/libexec/pam-create-local-homedir +EOF +fi) password sufficient /usr/local/lib/security/pam_krb5.so try_first_pass password required pam_unix.so no_warn try_first_pass diff --git a/files/etc/pam.d/sshd.freebsd b/files/etc/pam.d/sshd.freebsd index 1f81b48..e00fb13 100644 --- a/files/etc/pam.d/sshd.freebsd +++ b/files/etc/pam.d/sshd.freebsd @@ -8,6 +8,11 @@ account required pam_unix.so session required /usr/local/lib/security/pam_krb5.so session required /usr/local/lib/pam_mkhomedir.so mode=0700 +$(if [ "$BOXCONF_VIRTUALIZATION_TYPE" != jail ] && [ "${enable_autofs:-}" != false ]; then +cat <<EOF +session optional pam_exec.so /usr/local/libexec/pam-create-local-homedir +EOF +fi) password sufficient /usr/local/lib/security/pam_krb5.so try_first_pass password required pam_unix.so no_warn try_first_pass diff --git a/files/usr/local/etc/asterisk/queues.conf.asterisk_server b/files/usr/local/etc/asterisk/queues.conf.asterisk_server index 87b8ed4..8849690 100644 --- a/files/usr/local/etc/asterisk/queues.conf.asterisk_server +++ b/files/usr/local/etc/asterisk/queues.conf.asterisk_server @@ -6,12 +6,12 @@ shared_lastcall = yes log_membername_as_agent = yes $(for queue in ${asterisk_queues:-}; do - eval "queue_strategy=\${asterisk_queue_${queue}_strategy}" + eval "queue_strategy=\${asterisk_queue_${queue}_strategy:-ringall}" eval "queue_timeout=\${asterisk_queue_${queue}_timeout:-15}" eval "queue_retry=\${asterisk_queue_${queue}_retry:-5}" eval "queue_ringinuse=\${asterisk_queue_${queue}_ringinuse:-yes}" - eval "queue_members=\${asterisk_queue_${queue}_members}" - echo "\ + eval "queue_members=\${asterisk_queue_${queue}_members:-}" + cat <<EOF [${queue}] strategy = ${queue_strategy} timeout = ${queue_timeout} @@ -24,8 +24,12 @@ periodic-announce-frequency = 0 joinempty = yes leavewhenempty = no ringinuse = ${queue_ringinuse} -timeoutrestart = yes" -for member in $queue_members; do - eval "member_name=\${asterisk_ext_${member}_cid_name}" - echo "member => PJSIP/${member},0,${member_name},PJSIP/${member}" -done; done) +timeoutrestart = yes +EOF + for member in $queue_members; do + eval "member_name=\${asterisk_ext_${member}_cid_name}" + cat <<EOF +member => PJSIP/${member},0,${member_name},PJSIP/${member} +EOF + done +done) diff --git a/files/usr/local/etc/chromium/policies/managed/policies.json.desktop b/files/usr/local/etc/chromium/policies/managed/policies.json.desktop index 93544cf..1391d09 100644 --- a/files/usr/local/etc/chromium/policies/managed/policies.json.desktop +++ b/files/usr/local/etc/chromium/policies/managed/policies.json.desktop @@ -14,15 +14,6 @@ "CloudReportingEnabled": false, "DefaultBrowserSettingEnabled": false, "DefaultCookiesSetting": 1, - "DefaultSearchProviderEnabled": true, - "DefaultSearchProviderName": "DuckDuckGo", - "DefaultSearchProviderIconURL": "https://duckduckgo.com/favicon.ico", - "DefaultSearchProviderEncodings": [ - "UTF-8" - ], - "DefaultSearchProviderSearchURL": "https://duckduckgo.com/?q={searchTerms}", - "DefaultSearchProviderSuggestURL":"https://duckduckgo.com/ac/?q={searchTerms}&type=list", - "DefaultSearchProviderNewTabURL":"https://duckduckgo.com/chrome_newtab", "DnsOverHttpsMode": "off", "EnableAuthNegotiatePort": true, "EnableMediaRouter": false, @@ -45,8 +36,44 @@ "toplevel_name": "Internal" }, { + "name": "Bitwarden", + "url": "https://bitwarden.${domain}/" + }, + { + "name": "CUPS", + "url": "https://cups.${domain}/" + }, + { + "name": "DAViCal", + "url": "https://dav.${domain}/" + }, + { + "name": "Icinga", + "url": "https://icinga.${domain}/" + }, + { + "name": "Invidious", + "url": "https://invidious.${domain}/" + }, + { "name": "Poudriere", "url": "http://pkg.${domain}/poudriere" + }, + { + "name": "Rspamd", + "url": "https://smtp.${domain}/" + }, + { + "name": "Tiny Tiny RSS", + "url": "https://ttrss.${domain}/" + }, + { + "name": "UniFi Controller", + "url": "https://unifi.${domain}/" + }, + { + "name": "ZNC", + "url": "https://znc.${domain}/" } ], "ExtensionSettings": { @@ -67,25 +94,22 @@ "extensions": { "cjpalhdlnbpafiamejdnhcphjbkeiagm": { "toOverwrite": { - "selectedFilterLists": [ + "filterLists": [ "user-filters", "ublock-filters", "ublock-badware", "ublock-privacy", - "ublock-abuse", + "ublock-quick-fixes", "ublock-unbreak", - "ublock-annoyances", - "ublock-cookies-easylist", - "fanboy-cookiemonster", "easylist", "easyprivacy", + "adguard-spyware-url", "urlhaus-1", "plowe-0", - "fanboy-annoyance", - "fanboy-social", + "fanboy-cookiemonster", + "ublock-cookies-easylist", "fanboy-thirdparty_social", - "adguard-spyware-url", - "ublock-quick-fixes" + "ublock-annoyances" ] }, "toAdd": { diff --git a/files/usr/local/etc/dovecot/dovecot-ldap-userdb.conf.ext.imap_server b/files/usr/local/etc/dovecot/dovecot-ldap-userdb.conf.ext.imap_server index fc939a6..6a7ce4e 100644 --- a/files/usr/local/etc/dovecot/dovecot-ldap-userdb.conf.ext.imap_server +++ b/files/usr/local/etc/dovecot/dovecot-ldap-userdb.conf.ext.imap_server @@ -6,11 +6,11 @@ sasl_realm = ${realm} base = ${users_basedn} user_filter = (|(mailAddress=%u)(uid=%u)) -user_attrs = \ - =user=%{ldap:uid}, \ - =uid=${dovecot_vmail_uid}, \ - =gid=${dovecot_vmail_uid}, \ - =home=${dovecot_vmail_dir}/%{ldap:uid} \ +user_attrs = \\ + =user=%{ldap:uid}, \\ + =uid=${dovecot_vmail_uid}, \\ + =gid=${dovecot_vmail_uid}, \\ + =home=${dovecot_vmail_dir}/%{ldap:uid}, \\ mailQuota=quota_rule=\*:storage=%{ldap:mailQuota} iterate_attrs = uid=user diff --git a/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server index 4340192..116fe44 100644 --- a/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server +++ b/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server @@ -219,6 +219,20 @@ apply Service "cups-cert" { assign where ("cups-servers" in host.groups) } +apply Service for (vhost in host.vars.xmpp_vhosts) { + check_command = "tcp" + name = vhost + "-xmpp" + display_name = vhost + " xmpp" + vars.tcp_port = 5223 + vars.tcp_ssl = true + vars.tcp_sni = vhost + vars.tcp_certificate = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit} + vars.tcp_wtime = ${icinga_response_time_warn} + vars.tcp_ctime = ${icinga_response_time_crit} + vars.tcp_send = "<stream:stream to='" + vhost + "' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams'>" + vars.tcp_expect = "<?xml version='1.0'" +} + // Expect HTTP 200 apply Service "http" { check_command = "http" @@ -289,7 +303,6 @@ apply Service "https" { vars.http_warn_time = ${icinga_response_time_warn} vars.http_critical_time = ${icinga_response_time_crit} assign where ("pkg-repositories" in host.groups - || "xmpp-servers" in host.groups || "znc-servers" in host.groups || "bitwarden-servers" in host.groups) } @@ -331,7 +344,6 @@ apply Service "https-cert" { || "pkg-repositories" in host.groups || "unifi-controllers" in host.groups || "web-servers" in host.groups - || "xmpp-servers" in host.groups || "znc-servers" in host.groups || "bitwarden-servers" in host.groups || "dav-servers" in host.groups @@ -342,11 +354,11 @@ apply Service "https-cert" { && !host.vars.https_vhosts) } -// Expect HTTPS 200 +// Certificate validity apply Service for (vhost in host.vars.https_vhosts) { check_command = "http" - name = vhost + "-cert" - display_name = vhost + " certificate" + name = vhost + "-https-cert" + display_name = vhost + " https certificate" vars.http_vhost = vhost vars.http_expect = "HTTP/1.1 200 OK" vars.http_ssl = true @@ -354,13 +366,12 @@ apply Service for (vhost in host.vars.https_vhosts) { vars.http_certificate = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit} } -// Certificate validity +// Expect HTTPS 200 apply Service for (vhost in host.vars.https_vhosts) { check_command = "http" - name = vhost - display_name = vhost + name = vhost + "-https-status" + display_name = vhost + " https status" vars.http_vhost = vhost - vars.http_expect = "HTTP/1.1 200 OK" vars.http_ssl = true vars.http_sni = true vars.http_expect = "HTTP/1.1 200 OK" diff --git a/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server index 0ebe46e..cd1cda1 100644 --- a/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server +++ b/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server @@ -7,8 +7,8 @@ template Host "generic-host" default { template Service "generic-service" default { max_check_attempts = 5 - check_interval = 1m - retry_interval = 30s + check_interval = 5m + retry_interval = 1m } template User "generic-user" default { diff --git a/files/usr/local/etc/postfix/main.cf.smtp_server b/files/usr/local/etc/postfix/main.cf.smtp_server index 155c18c..72c0448 100644 --- a/files/usr/local/etc/postfix/main.cf.smtp_server +++ b/files/usr/local/etc/postfix/main.cf.smtp_server @@ -19,7 +19,6 @@ setgid_group = maildrop import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C POSTLOG_SERVICE POSTLOG_HOSTNAME KRB5_KTNAME=${postfix_keytab} KRB5_CLIENT_KTNAME=${postfix_keytab} myorigin = ${postfix_myorigin} -myhostname = ${postfix_public_fqdn} mynetworks = 127.0.0.0/8 [::1]/128 [fe80::]/64 ${postfix_mynetworks} mydestination = @@ -100,6 +99,8 @@ smtpd_relay_restrictions = permit_sasl_authenticated, reject_unauth_destination smtpd_recipient_restrictions = + permit_mynetworks, + permit_sasl_authenticated, reject_unknown_recipient_domain, reject_unlisted_recipient, reject_unauth_destination, diff --git a/files/usr/local/etc/postfix/master.cf.smtp_server b/files/usr/local/etc/postfix/master.cf.smtp_server index e0b5bbb..9dce9be 100644 --- a/files/usr/local/etc/postfix/master.cf.smtp_server +++ b/files/usr/local/etc/postfix/master.cf.smtp_server @@ -1,4 +1,5 @@ smtp inet n - n - - smtpd + -o myhostname=${postfix_public_fqdn} submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes @@ -16,7 +17,7 @@ proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp - -o syslog_name=postfix/$service_name + -o syslog_name=postfix/\$service_name showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error diff --git a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository index 3a80736..a4677f4 100644 --- a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository +++ b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository @@ -4,7 +4,7 @@ DEFAULT_VERSIONS+=${poudriere_default_versions:-} MAKE_JOBS_NUMBER=${poudriere_make_jobs_number} # Global port options -OPTIONS_UNSET=TEST DEBUG GSSAPI_HEIMDAL GSSAPI_BASE GSSAPI_NONE HEIMDAL HEIMDAL_BASE NLS DOCS AVAHI LIBWRAP MYSQL MSQLND ODBC READLINE PULSEAUDIO UPNP BASH ZSH INFO ALSA SAMBA WAYLAND PLATFORM_WAYLAND PIPEWIRE TCP_WRAPPERS COMPAT32 +OPTIONS_UNSET=TEST DEBUG GSSAPI_HEIMDAL GSSAPI_BASE GSSAPI_NONE HEIMDAL HEIMDAL_BASE NLS DOCS AVAHI LIBWRAP MYSQL MSQLND ODBC READLINE PULSEAUDIO UPNP BASH ZSH INFO ALSA SAMBA WAYLAND PLATFORM_WAYLAND PIPEWIRE TCP_WRAPPERS COMPAT32 JACK OPTIONS_SET=GSSAPI GSSAPI_MIT MIT NONFREE LIBEDIT # Per-port options @@ -87,6 +87,8 @@ sysutils_htop_SET=LSOF sysutils_k3b_UNSET=EMOVIX VCDIMAGER sysutils_rsyslog8_SET=GSSAPI RELP OPENSSL sysutils_rsyslog8_UNSET=GCRYPT +textproc_en-hunspell_SET=US_LARGE +textproc_en-hunspell_UNSET=US_STANDARD www_chromium_SET=WIDEVINE www_firefox_UNSET=PROFILE JACK www_nginx_SET=HTTPV3 HTTPV3_QTLS HTTP_AUTH_KRB5 HTTP_AUTH_LDAP diff --git a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository index 8542c20..e90bc1b 100644 --- a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository +++ b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository @@ -4,7 +4,7 @@ archivers/php${php_version}-zip archivers/unzip archivers/zip audio/elisa -audio/juk +audio/gsound audio/kid3@kf5 audio/kmix audio/virtual_oss @@ -18,6 +18,8 @@ databases/php${php_version}-pgsql databases/postgresql${postgresql_version}-client databases/postgresql${postgresql_version}-server databases/redis +deskutils/py-vdirsyncer +devel/android-tools devel/ccache devel/cgit devel/electron30 @@ -71,7 +73,7 @@ multimedia/v4l-utils multimedia/v4l_compat multimedia/vdpauinfo multimedia/webcamd -net-im/dino +net-im/farstream net-im/gajim net-im/prosody net-im/prosody-modules @@ -115,6 +117,7 @@ security/sshpass security/sudo security/vaultwarden security/wpa_supplicant +sysutils/android-file-transfer-qt5 sysutils/cpu-microcode sysutils/htop sysutils/k3b @@ -129,6 +132,7 @@ sysutils/stow sysutils/tmux sysutils/tree sysutils/zfstools +textproc/en-hunspell textproc/hs-pandoc textproc/jq textproc/p5-YAML diff --git a/files/usr/local/etc/prosody/prosody.cfg.lua.xmpp_server b/files/usr/local/etc/prosody/prosody.cfg.lua.xmpp_server index 083a6ce..7936cac 100644 --- a/files/usr/local/etc/prosody/prosody.cfg.lua.xmpp_server +++ b/files/usr/local/etc/prosody/prosody.cfg.lua.xmpp_server @@ -47,6 +47,8 @@ reload_modules = { "groups", "tls" } groups_file = "${prosody_roster_path}" s2s_secure_auth = true +c2s_direct_tls_ports = { ${prosody_c2s_tls_port} } +s2s_direct_tls_ports = { ${prosody_s2s_tls_port} } limits = { c2s = { diff --git a/files/usr/local/etc/rspamd/local.d/logging.inc.smtp_server b/files/usr/local/etc/rspamd/local.d/logging.inc.smtp_server index 7e38af5..da081e0 100644 --- a/files/usr/local/etc/rspamd/local.d/logging.inc.smtp_server +++ b/files/usr/local/etc/rspamd/local.d/logging.inc.smtp_server @@ -1,2 +1,2 @@ type = syslog; -facility = mail; +facility = daemon; diff --git a/files/usr/local/etc/xdg/kdeglobals.desktop b/files/usr/local/etc/xdg/kdeglobals.desktop new file mode 100644 index 0000000..5d121aa --- /dev/null +++ b/files/usr/local/etc/xdg/kdeglobals.desktop @@ -0,0 +1,5 @@ +# Broken with consolekit: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=221452 +# VT switch causes loss of graphics acceleration: https://github.com/freebsd/drm-kmod/issues/175 +[KDE Action Restrictions] +action/start_new_session=false +action/switch_user=false diff --git a/files/usr/local/etc/xdg/kdeglobals.laptop b/files/usr/local/etc/xdg/kdeglobals.laptop new file mode 120000 index 0000000..9c8c680 --- /dev/null +++ b/files/usr/local/etc/xdg/kdeglobals.laptop @@ -0,0 +1 @@ +kdeglobals.desktop
\ No newline at end of file diff --git a/files/usr/local/etc/xdg/kdeglobals.roadwarrior_laptop b/files/usr/local/etc/xdg/kdeglobals.roadwarrior_laptop new file mode 120000 index 0000000..9c8c680 --- /dev/null +++ b/files/usr/local/etc/xdg/kdeglobals.roadwarrior_laptop @@ -0,0 +1 @@ +kdeglobals.desktop
\ No newline at end of file diff --git a/files/usr/local/lib/firefox/distribution/policies.json.desktop b/files/usr/local/lib/firefox/distribution/policies.json.desktop index de93355..aa2de1b 100644 --- a/files/usr/local/lib/firefox/distribution/policies.json.desktop +++ b/files/usr/local/lib/firefox/distribution/policies.json.desktop @@ -22,25 +22,22 @@ "Extensions": { "uBlock0@raymondhill.net": { "toOverwrite": { - "selectedFilterLists": [ + "filterLists": [ "user-filters", "ublock-filters", "ublock-badware", "ublock-privacy", - "ublock-abuse", + "ublock-quick-fixes", "ublock-unbreak", - "ublock-annoyances", - "ublock-cookies-easylist", - "fanboy-cookiemonster", "easylist", "easyprivacy", + "adguard-spyware-url", "urlhaus-1", "plowe-0", - "fanboy-annoyance", - "fanboy-social", + "fanboy-cookiemonster", + "ublock-cookies-easylist", "fanboy-thirdparty_social", - "adguard-spyware-url", - "ublock-quick-fixes" + "ublock-annoyances" ] }, "toAdd": { @@ -115,8 +112,44 @@ "toplevel_name": "Intranet" }, { - "url": "http://pkg.${domain}/poudriere/", - "name": "Poudriere" + "name": "Bitwarden", + "url": "https://bitwarden.${domain}/" + }, + { + "name": "CUPS", + "url": "https://cups.${domain}/" + }, + { + "name": "DAViCal", + "url": "https://dav.${domain}/" + }, + { + "name": "Icinga", + "url": "https://icinga.${domain}/" + }, + { + "name": "Invidious", + "url": "https://invidious.${domain}/" + }, + { + "name": "Poudriere", + "url": "http://pkg.${domain}/poudriere" + }, + { + "name": "Rspamd", + "url": "https://smtp.${domain}/" + }, + { + "name": "Tiny Tiny RSS", + "url": "https://ttrss.${domain}/" + }, + { + "name": "UniFi Controller", + "url": "https://unifi.${domain}/" + }, + { + "name": "ZNC", + "url": "https://znc.${domain}/" } ], "ExtensionUpdate": true, diff --git a/files/usr/local/lib/libreoffice/program/sofficerc.desktop b/files/usr/local/lib/libreoffice/program/sofficerc.desktop index 77574a4..2a600b0 100644 --- a/files/usr/local/lib/libreoffice/program/sofficerc.desktop +++ b/files/usr/local/lib/libreoffice/program/sofficerc.desktop @@ -1,8 +1,8 @@ [Bootstrap] CrashDirectory=${$BRAND_BASE_DIR/program/bootstraprc:UserInstallation}/crash -CrashDumpEnable=true +CrashDumpEnable=false HideEula=1 -Logo=0 +Logo=1 NativeProgress=false ProgressBarColor=0,0,0 ProgressFrameColor=102,102,102 diff --git a/files/usr/local/libexec/poudriere-cron.pkg_repository b/files/usr/local/libexec/poudriere-cron.pkg_repository index f7a5c1c..dce1830 100644 --- a/files/usr/local/libexec/poudriere-cron.pkg_repository +++ b/files/usr/local/libexec/poudriere-cron.pkg_repository @@ -15,9 +15,11 @@ for patch in /usr/local/etc/poudriere.d/patches/*.patch; do done for jail in "$@"; do - poudriere jail -u -j "$jail" > /dev/null - poudriere bulk -j "$jail" -f /usr/local/etc/poudriere.d/idm-pkglist -p "$ports_tree" -z idm > /dev/null - poudriere bulk -j "$jail" -f /usr/local/etc/poudriere.d/pkglist -p "$ports_tree" > /dev/null + poudriere jail -u -j "$jail" > /dev/null + poudriere bulk -j "$jail" -f /usr/local/etc/poudriere.d/idm-pkglist -p "$ports_tree" -z idm > /dev/null + poudriere pkgclean -j "$jail" -f /usr/local/etc/poudriere.d/idm-pkglist -p "$ports_tree" -z idm -y > /dev/null + poudriere bulk -j "$jail" -f /usr/local/etc/poudriere.d/pkglist -p "$ports_tree" > /dev/null + poudriere pkgclean -j "$jail" -f /usr/local/etc/poudriere.d/pkglist -p "$ports_tree" -y > /dev/null done poudriere distclean -p "$ports_tree" -a -y > /dev/null diff --git a/files/usr/local/libexec/prosody-acme-proxy.xmpp_server b/files/usr/local/libexec/prosody-acme-proxy.xmpp_server index d69017b..70faddd 100644 --- a/files/usr/local/libexec/prosody-acme-proxy.xmpp_server +++ b/files/usr/local/libexec/prosody-acme-proxy.xmpp_server @@ -37,7 +37,7 @@ md5_old=$(cat "$CHECKSUM_FILE") printf 'get certs/%s.crt\n' "$@" printf 'get certs/%s.key\n' "$@" printf 'quit\n' -} | sftp -b - "$acmeproxy_target" +} | /usr/local/bin/sftp -b - "$acmeproxy_target" # Get md5 of the new certificates. md5_new=$(md5sum "$CERT_DIR"/*.crt "$CERT_DIR"/*.key | tee "$CHECKSUM_FILE") diff --git a/files/usr/local/libexec/prosody-update-roster.xmpp_server b/files/usr/local/libexec/prosody-update-roster.xmpp_server index 1b79747..84c0c6e 100644 --- a/files/usr/local/libexec/prosody-update-roster.xmpp_server +++ b/files/usr/local/libexec/prosody-update-roster.xmpp_server @@ -6,8 +6,9 @@ use warnings; use Net::LDAP; use Authen::SASL; -@ARGV == 1 or die "usage: $0 ROLE_NAME\n"; +@ARGV == 2 or die "usage: $0 ROLE_NAME ROSTER_FILE\n"; my $role = $ARGV[0]; +my $roster = $ARGV[1]; open my $fh, '<', '/usr/local/etc/openldap/ldap.conf' or quit($!); my %config; @@ -25,7 +26,7 @@ my $uri = $config{URI} // die("URI not specified\n"); my $users_basedn = $config{USERS_BASE} // die("USERS_BASE not specified\n"); my $roles_basedn = $config{ROLES_BASE} // die("ROLES_BASE not specified\n"); -my $conn = Net::LDAP->new($ldap_uris, version => '3') or die "$@"; +my $conn = Net::LDAP->new($uri, version => '3') or die "$@"; my $sasl = Authen::SASL->new($mech); my $status = $conn->bind(sasl => $sasl); $status->code and die $status->error; @@ -36,12 +37,13 @@ my $search = $conn->search( filter => "(&(memberOf=cn=$role,$roles_basedn)(mailAddress=*))", attrs => ['mailAddress', 'cn']); -print "[Internal]\n"; - +open $fh, '>', $roster or die "failed to open file for writing: $roster\n"; +print $fh "[Internal]\n"; foreach my $entry ($search->entries) { my $jid = ($entry->get_value('mailAddress'))[0]; my $cn = ($entry->get_value('cn'))[0] // $jid; - print "$jid=$cn\n"; + print $fh "$jid=$cn\n"; } +close $fh; system('prosodyctl reload'); diff --git a/files/usr/local/sbin/jailctl.freebsd_hypervisor b/files/usr/local/sbin/jailctl.freebsd_hypervisor index df48f57..8719297 100644 --- a/files/usr/local/sbin/jailctl.freebsd_hypervisor +++ b/files/usr/local/sbin/jailctl.freebsd_hypervisor @@ -193,14 +193,14 @@ Options: zfs create -v "${JAIL_DATASET}/${name}" zfs clone \ $ZFS_OPTS \ - -o quota="$os_quota" \ + -o refquota="$os_quota" \ "$snapshot" "${JAIL_DATASET}/${name}/os" # Create delegated 'data' dataset. zfs create -v \ $ZFS_OPTS \ -o mountpoint=none \ - -o quota="$data_quota" \ + -o refquota="$data_quota" \ "${JAIL_DATASET}/${name}/data" # Copy timezone configuration from host. @@ -761,7 +761,7 @@ cmd::reprovision(){ zfs::ensure_snapshot snapshot "${JAIL_DATASET}/templates/${template}" # Stash old configuration data. - old_quota=$(zfs get -Hp -o value quota "${JAIL_DATASET}/${jail}/os") + old_quota=$(zfs get -Hp -o value refquota "${JAIL_DATASET}/${jail}/os") old_hostname=$(sysrc -f "${JAIL_HOME}/${jail}/os/etc/rc.conf" -qn hostname) old_ifconfig=$(sysrc -f "${JAIL_HOME}/${jail}/os/etc/rc.conf" -qn ifconfig_jail0) old_defaultrouter=$(sysrc -f "${JAIL_HOME}/${jail}/os/etc/rc.conf" -qn defaultrouter) ||: @@ -773,7 +773,7 @@ cmd::reprovision(){ zfs destroy -v -f -r "${JAIL_DATASET}/${jail}/os" zfs clone \ $ZFS_OPTS \ - -o quota="$old_quota" \ + -o refquota="$old_quota" \ "$snapshot" "${JAIL_DATASET}/${jail}/os" # Copy timezone configuration from host. @@ -839,7 +839,7 @@ cmd::shell(){ jail::exists "$jail" || die "no such jail: ${jail}" jail::running "$jail" || die "jail not running: ${jail}" - jail::exec "$jail" /bin/csh + jail::exec "$jail" /bin/sh } cmd::show(){ @@ -857,7 +857,7 @@ cmd::show(){ printf -- '------------------------- JAIL CONFIGURATION -------------------------\n' cat "${JAIL_HOME}/${jail}/jail.conf" printf -- '\n---------------------------- ZFS DATASET -----------------------------\n' - zfs list -o name,quota,used,avail,mountpoint -S name \ + zfs list -o name,refquota,used,avail,mountpoint -S name \ "${JAIL_DATASET}/${jail}/os" \ "${JAIL_DATASET}/${jail}/data" } @@ -878,7 +878,7 @@ cmd::status(){ printf -- '---------------------------- JAIL STATUS -----------------------------\n' jls -j "$jail" -h jid name path osrelease host.hostname 2>/dev/null | column -t printf -- '\n---------------------------- ZFS DATASET -----------------------------\n' - zfs list -o name,quota,used,avail,mountpoint -S name \ + zfs list -o name,refquota,used,avail,mountpoint -S name \ "${JAIL_DATASET}/${jail}/os" \ "${JAIL_DATASET}/${jail}/data" \ | sed "s|^${JAIL_DATASET}/${jail}/||" \ diff --git a/files/usr/local/share/applications/gajim.desktop.desktop b/files/usr/local/share/applications/gajim.desktop.desktop new file mode 100644 index 0000000..ef5a3c9 --- /dev/null +++ b/files/usr/local/share/applications/gajim.desktop.desktop @@ -0,0 +1,20 @@ +[Desktop Entry] +Categories=Network;InstantMessaging;GTK;Chat; +Name=Gajim +GenericName=XMPP Chat Client +Comment=A fully-featured XMPP chat client +Keywords=chat;messaging;im;xmpp;voip; +Exec=gajim %u +Icon=org.gajim.Gajim +StartupNotify=false +X-GNOME-SingleWindow=true +X-GNOME-UsesNotifications=true +Terminal=false +Type=Application +MimeType=x-scheme-handler/xmpp; +Actions=StartChat; + +[Desktop Action StartChat] +Exec=gajim --start-chat +Name=Start a new chat +Icon=org.gajim.Gajim diff --git a/files/usr/local/share/applications/gajim.desktop.laptop b/files/usr/local/share/applications/gajim.desktop.laptop new file mode 120000 index 0000000..f1edc09 --- /dev/null +++ b/files/usr/local/share/applications/gajim.desktop.laptop @@ -0,0 +1 @@ +gajim.desktop.desktop
\ No newline at end of file diff --git a/files/usr/local/share/applications/gajim.desktop.roadwarrior_laptop b/files/usr/local/share/applications/gajim.desktop.roadwarrior_laptop new file mode 120000 index 0000000..f1edc09 --- /dev/null +++ b/files/usr/local/share/applications/gajim.desktop.roadwarrior_laptop @@ -0,0 +1 @@ +gajim.desktop.desktop
\ No newline at end of file |