diff options
| -rw-r--r-- | files/etc/devfs.rules.desktop | 5 | ||||
| -rw-r--r-- | files/etc/pf.conf.freebsd | 2 | ||||
| -rw-r--r-- | files/etc/pf.conf.nfs_server | 2 | ||||
| -rw-r--r-- | files/usr/local/etc/poudriere.d/pkglist.pkg_repository | 2 | ||||
| -rw-r--r-- | scripts/hostclass/desktop | 2 | ||||
| -rw-r--r-- | scripts/hostclass/freebsd_hypervisor | 1 | ||||
| -rw-r--r-- | vars/hostclass/desktop | 5 | ||||
| -rw-r--r-- | vars/hostname/desktop1 | 4 |
8 files changed, 20 insertions, 3 deletions
diff --git a/files/etc/devfs.rules.desktop b/files/etc/devfs.rules.desktop index ec38210..e614ab2 100644 --- a/files/etc/devfs.rules.desktop +++ b/files/etc/devfs.rules.desktop @@ -3,3 +3,8 @@ add path 'drm/*' mode 0660 group ${desktop_access_role} add path 'backlight/*' mode 0660 group ${desktop_access_role} add path 'video*' mode 0660 group ${desktop_access_role} add path 'usb/*' mode 0660 group ${desktop_access_role} +add path 'xpt*' mode 0660 group ${desktop_access_role} +add path 'cd*' mode 0660 group ${desktop_access_role} +$(if [ -n "${desktop_rw_devices:-}" ]; then +printf "add path '%s' mode 0660 group ${desktop_access_role}\n" $desktop_rw_devices +fi) diff --git a/files/etc/pf.conf.freebsd b/files/etc/pf.conf.freebsd index 881fcea..d9fc236 100644 --- a/files/etc/pf.conf.freebsd +++ b/files/etc/pf.conf.freebsd @@ -18,7 +18,7 @@ set skip on lo $([ -n "${pf_skip_interfaces:-}" ] && printf \ 'set skip on %s\n' $pf_skip_interfaces) -scrub in on \$egress all fragment reassemble no-df +scrub in on \$egress all fragment reassemble $([ "${acme_standalone:-}" = true ] && echo \ 'rdr on $egress inet proto tcp to port http -> ($egress) port $acme_standalone_port' diff --git a/files/etc/pf.conf.nfs_server b/files/etc/pf.conf.nfs_server index 628ed7c..f9e83cc 100644 --- a/files/etc/pf.conf.nfs_server +++ b/files/etc/pf.conf.nfs_server @@ -18,7 +18,7 @@ set skip on lo $([ -n "${pf_skip_interfaces:-}" ] && printf \ 'set skip on %s\n' $pf_skip_interfaces) -scrub in on \$egress all fragment reassemble no-df +scrub in on \$egress all fragment reassemble $([ "${acme_standalone:-}" = true ] && echo \ 'rdr on $egress inet proto tcp to port http -> ($egress) port $acme_standalone_port' diff --git a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository index e90bc1b..248de82 100644 --- a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository +++ b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository @@ -101,6 +101,7 @@ net/wireguard-tools ports-mgmt/poudriere print/cups print/cups-filters +print/pdftk security/acme.sh security/bitwarden-cli security/cyrus-sasl2-saslauthd @@ -157,6 +158,7 @@ x11-fonts/droid-fonts-ttf x11-fonts/inconsolata-ttf x11-fonts/noto-basic x11-fonts/noto-emoji +x11-fonts/roboto-fonts-ttf x11-fonts/terminus-font x11-fonts/terminus-ttf x11-fonts/ubuntu-font diff --git a/scripts/hostclass/desktop b/scripts/hostclass/desktop index 629ebc0..4f6e31f 100644 --- a/scripts/hostclass/desktop +++ b/scripts/hostclass/desktop @@ -55,7 +55,7 @@ add_group -g "$desktop_access_gid" "$desktop_access_role" # Create desktop devfs ruleset. install_template -m 0644 /etc/devfs.rules sysrc -v "devfs_system_ruleset=${devfs_local_ruleset_name}" -service devd restart +service devfs restart # Enable webcamd. load_kernel_module cuse diff --git a/scripts/hostclass/freebsd_hypervisor b/scripts/hostclass/freebsd_hypervisor index 24c1da5..cbd9c92 100644 --- a/scripts/hostclass/freebsd_hypervisor +++ b/scripts/hostclass/freebsd_hypervisor @@ -76,6 +76,7 @@ install_template -m 0644 \ /usr/local/etc/vmctl.conf install_template -m 0644 /etc/devfs.rules +service devfs restart # Enable jails/bhyve to start on boot. sysrc -v \ diff --git a/vars/hostclass/desktop b/vars/hostclass/desktop index 0b5e8f5..2464a65 100644 --- a/vars/hostclass/desktop +++ b/vars/hostclass/desktop @@ -3,6 +3,9 @@ desktop_access_role='desktop-access' login_access_groups="${login_access_groups:-} ${desktop_access_role}" +# I don't want desktops to suspend or hibernate. +polkit_disable_suspend=true + # Let users run gdb/truss. allow_proc_debug=1 @@ -48,10 +51,12 @@ neofetch noto-basic noto-emoji password-store +pdftk postgresql16-client pulseaudio python py${python_version}-pip +roboto-fonts-ttf rsync signal-desktop sndio diff --git a/vars/hostname/desktop1 b/vars/hostname/desktop1 new file mode 100644 index 0000000..b8809d7 --- /dev/null +++ b/vars/hostname/desktop1 @@ -0,0 +1,4 @@ +#!/bin/sh + +# Needed to burn CDs without root. +desktop_rw_devices='pass2' |