Tons of desktop fixes

6 files changed, 32 insertions, 12 deletions

diff --git a/scripts/hostclass/cups_server b/scripts/hostclass/cups_server
index 6667829..d9b6e66 100644
--- a/scripts/hostclass/cups_server
+++ b/scripts/hostclass/cups_server
@@ -9,6 +9,9 @@ cups_tls_dir=${cups_conf_dir}/ssl
 cups_tls_cert="${cups_tls_dir}/${fqdn}.crt"
 cups_tls_key="${cups_tls_dir}/${fqdn}.key"
 
+# Create dataset for persistent CUPS configuration.
+create_dataset -o "mountpoint=${cups_conf_dir}" "${state_dataset}/cups"
+
 # Install required packages.
 pkg install -y cups cups-filters
 
diff --git a/scripts/hostclass/desktop b/scripts/hostclass/desktop
index f9e7e94..148b596 100644
--- a/scripts/hostclass/desktop
+++ b/scripts/hostclass/desktop
@@ -4,10 +4,13 @@
 : ${desktop_access_gid:='40000'}
 : ${sddm_min_uid:='10000'}
 : ${sddm_max_uid:='19999'}
+: ${cups_host:='cups'}
+: ${ublock_whitelist:=''}
+: ${chrome_flags:=''}
 
 sddm_user=sddm
-
-# TODO: kill lingering processes after logout (chrome, baloo-search, etc).
+cups_conf_dir=/usr/local/etc/cups
+xdg_override_dir=/usr/local/share-override
 
 if [ "${enable_idm:-}" = false ]; then
   desktop_access_role=operator
@@ -33,7 +36,9 @@ pkg install -y $desktop_common_packages
 install_file -m 0555 \
   /usr/local/libexec/pam-create-local-homedir \
   /etc/profile.d/local-homedir.sh
-install_directory -m 0755 /usr/local/home
+
+# Create ZFS dataset for local homedirs.
+create_dataset -o mountpoint=/usr/local/home "${state_dataset}/home"
 
 # Enable sndio.
 sysrc -v sndiod_enable=YES
@@ -54,6 +59,10 @@ set_loader_conf cuse_load=YES
 sysrc -v webcamd_enable=YES
 service webcamd status || service webcamd start
 
+# Create xdg autostart entry to add our Root CA to Chrome's certificate store.
+install_file -m 0644 /usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop
+install_file -m 0555 /usr/local/libexec/nss-trust-root-ca
+
 case $desktop_type in
   i3)
     pkg install -y $desktop_i3_packages
@@ -121,12 +130,13 @@ install_file -m 0644 /usr/local/etc/X11/xorg.conf.d/terminus.conf
 
 # Create xdg override directory.
 install_directory -m 0755 \
-  /usr/local/override \
-  /usr/local/override/applications
+  "${xdg_override_dir}" \
+  "${xdg_override_dir}/applications"
 
 # Create xdg application overrides.
-install_file -m 0644 \
-  /usr/local/override/applications/signal-desktop.desktop
+install_template -m 0644 \
+  "${xdg_override_dir}/applications/signal-desktop.desktop" \
+  "${xdg_override_dir}/applications/chromium-browser.desktop"
 
 # Create polkit rules for shutdown/reboot/suspend
 install_template -m 0644 /usr/local/etc/polkit-1/rules.d/51-desktop.rules
@@ -135,10 +145,14 @@ install_template -m 0644 /usr/local/etc/polkit-1/rules.d/51-desktop.rules
 sysrc -v dbus_enable=YES
 service dbus status || service dbus start
 
+# Configure CUPS.
+pkg install -y cups
+install_template -m 0644 "${cups_conf_dir}/client.conf"
+
 # Configure graphics drivers.
 case $graphics_type in
   intel)
-    pkg install -y drm-kmod
+    pkg install -y drm-kmod libva-intel-media-driver
     sysrc -v kld_list+=i915kms
     load_kernel_module i915kms
     set_loader_conf \
diff --git a/scripts/hostclass/idm_server/40-unbound b/scripts/hostclass/idm_server/40-unbound
index 01c1c70..d38194f 100644
--- a/scripts/hostclass/idm_server/40-unbound
+++ b/scripts/hostclass/idm_server/40-unbound
@@ -4,8 +4,10 @@ unbound_user=unbound
 unbound_conf_dir=/usr/local/etc/unbound
 unbound_blocklist_dir="${unbound_conf_dir}/blocklists"
 unbound_blocklist_url_file="${unbound_conf_dir}/blocklist_urls"
+unbound_whitelist_file="${unbound_conf_dir}/whitelist"
 
 : ${unbound_blocklist_urls:=''}
+: ${unbound_whitelist:=''}
 : ${unbound_cache_max_negative_ttl:='60'}
 : ${unbound_rrset_cache_size:='104857600'} # 100 MB
 : ${unbound_msg_cache_size:='52428800'} # 50 MB
@@ -24,9 +26,10 @@ install_directory -m 0755 -o "$unbound_user" "$unbound_blocklist_dir"
 install_template -m 0644 "${unbound_conf_dir}/unbound.conf"
 
 # Download blocklists.
+echo "$unbound_whitelist"  | tee "$unbound_whitelist_file"
 echo "$unbound_blocklists" | tee "$unbound_blocklist_url_file"
 install_file -m 0755 /usr/local/libexec/idm-update-unbound-blocklists
-su -m "$unbound_user" -c "/usr/local/libexec/idm-update-unbound-blocklists ${unbound_blocklist_dir} < ${unbound_blocklist_url_file}"
+su -m "$unbound_user" -c "/usr/local/libexec/idm-update-unbound-blocklists ${unbound_blocklist_url_file} ${unbound_whitelist_file} ${unbound_blocklist_dir}"
 
 # Enable and start unbound.
 sysrc -v unbound_enable=YES
@@ -36,5 +39,4 @@ service unbound restart
 install_template -m 0644 /etc/resolv.conf
 
 # Update blocklists with a cron job.
-echo "@daily root su -m ${unbound_user} -c \"/usr/local/libexec/idm-update-unbound-blocklists ${unbound_blocklist_dir} < ${unbound_blocklist_url_file}\" && service unbound reload" \
-  | tee /etc/cron.d/idm-update-unbound-blocklists
+install_template -m 0644 /etc/cron.d/unbound
diff --git a/scripts/hostclass/laptop/10-desktop b/scripts/hostclass/laptop/10-desktop
new file mode 120000
index 0000000..2c7c348
--- /dev/null
+++ b/scripts/hostclass/laptop/10-desktop
@@ -0,0 +1 @@
+../desktop
\ No newline at end of file
diff --git a/scripts/hostclass/laptop b/scripts/hostclass/laptop/20-laptop
index dba2c5f..dba2c5f 100644
--- a/scripts/hostclass/laptop
+++ b/scripts/hostclass/laptop/20-laptop
diff --git a/scripts/hostclass/roadwarrior_laptop/20-laptop b/scripts/hostclass/roadwarrior_laptop/20-laptop
index 874f665..981e450 120000
--- a/scripts/hostclass/roadwarrior_laptop/20-laptop
+++ b/scripts/hostclass/roadwarrior_laptop/20-laptop
@@ -1 +1 @@
-../laptop
\ No newline at end of file
+../laptop/20-laptop
\ No newline at end of file