diff options
18 files changed, 53 insertions, 50 deletions
diff --git a/files/etc/cron.d/invidious.invidious_server b/files/etc/cron.d/invidious.invidious_server index a270600..ad35f3a 100644 --- a/files/etc/cron.d/invidious.invidious_server +++ b/files/etc/cron.d/invidious.invidious_server @@ -1,4 +1,4 @@ MAILTO=root 0 3 * * * root /usr/local/libexec/invidious-update -q ${invidious_local_username} ${invidious_repo_dir} 30 3 * * * root /usr/local/libexec/invidious-sighelper-update -q ${invidious_local_username} ${invidious_sighelper_repo_dir} -0 4 * * * root /usr/sbin/service invidious restart > /dev/null +0 4 * * * root service invidious status > /dev/null && service invidious restart > /dev/null diff --git a/files/etc/pam.d/sddm.freebsd b/files/etc/pam.d/sddm.freebsd index c222750..f1f61f8 100644 --- a/files/etc/pam.d/sddm.freebsd +++ b/files/etc/pam.d/sddm.freebsd @@ -5,7 +5,7 @@ auth sufficient pam_self.so no_warn auth required /usr/local/lib/security/pam_krb5.so try_first_pass auth optional pam_exec.so /usr/local/libexec/pam-create-local-homedir -auth optional pam_kwallet5.so +auth optional pam_kwallet5.so kdehome=localdisk/.local/share account requisite pam_securetty.so account required pam_nologin.so @@ -17,6 +17,6 @@ session required pam_lastlog.so no_fail session required pam_xdg.so no_fail session required /usr/local/lib/security/pam_krb5.so session optional /usr/local/lib/pam_mkhomedir.so mode=0700 -session optional pam_kwallet5.so auto_start +session optional pam_kwallet5.so kdehome=localdisk/.local/share auto_start password required /usr/local/lib/security/pam_krb5.so try_first_pass diff --git a/files/etc/profile.d/kde.sh.desktop b/files/etc/profile.d/kde.sh.desktop index 010d5c1..55d0065 100644 --- a/files/etc/profile.d/kde.sh.desktop +++ b/files/etc/profile.d/kde.sh.desktop @@ -3,4 +3,6 @@ if [ "$XDG_CURRENT_DESKTOP" = KDE ]; then export SSH_ASKPASS_REQUIRE=prefer export SSH_ASKPASS=/usr/local/bin/ksshaskpass + # https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280638 + export KWIN_SCREENSHOT_NO_PERMISSION_CHECKS=1 fi diff --git a/files/etc/profile.d/local-homedir.sh.common b/files/etc/profile.d/local-homedir.sh.common index 170a966..2310d7c 100644 --- a/files/etc/profile.d/local-homedir.sh.common +++ b/files/etc/profile.d/local-homedir.sh.common @@ -23,9 +23,3 @@ ln -sfn "${LOCAL_HOME}/.mozilla" "${HOME}/.mozilla" # thunderbird mkdir -p "${LOCAL_HOME}/.thunderbird" ln -sfn "${LOCAL_HOME}/.thunderbird" "${HOME}/.thunderbird" - -# kwallet -# The kwallet PAM module hard-codes ~/.local/share/kwalletd, but kwallet itself -# honors XDG_DATA_HOME! So we symlink from the local disk back into NFS. Gross! -mkdir -p "${LOCAL_HOME}/.local/share/kwalletd" -ln -sfn "${HOME}/.local/share/kwalletd/kwallet.salt" "${LOCAL_HOME}/.local/share/kwalletd/kdewallet.salt" diff --git a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository index 43a6760..b90a9bf 100644 --- a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository +++ b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository @@ -4,7 +4,7 @@ DEFAULT_VERSIONS+=${poudriere_default_versions:-} MAKE_JOBS_NUMBER=${poudriere_make_jobs_number} # Global port options -OPTIONS_UNSET=TEST DEBUG GSSAPI_HEIMDAL GSSAPI_BASE GSSAPI_NONE HEIMDAL HEIMDAL_BASE NLS DOCS AVAHI LIBWRAP MYSQL MSQLND ODBC READLINE PULSEAUDIO UPNP BASH ZSH INFO SAMBA WAYLAND PLATFORM_WAYLAND PIPEWIRE TCP_WRAPPERS COMPAT32 JACK KDEPIM +OPTIONS_UNSET=TEST DEBUG GSSAPI_HEIMDAL GSSAPI_BASE GSSAPI_NONE HEIMDAL HEIMDAL_BASE NLS DOCS AVAHI LIBWRAP MYSQL MSQLND ODBC READLINE PULSEAUDIO UPNP BASH ZSH INFO SAMBA TCP_WRAPPERS COMPAT32 JACK KDEPIM WAYLAND PLATFORM_WAYLAND PIPEWIRE OPTIONS_SET=GSSAPI GSSAPI_MIT MIT NONFREE LIBEDIT WINE_CROSS_BUILD=yes @@ -46,16 +46,12 @@ mail_rspamd_SET=HYPERSCAN misc_kdeutils_UNSET=KFLOPPY KTEATIME misc_kdeedu_UNSET=KITEN mail_thunderbird_UNSET=PROFILE - -# With using virutal_oss, the OSS plugin causes a red error bar every -# time the music is stopped paused. SNDIO seems fine. -multimedia_audacious-plugins_SET=LAME SNDIO - multimedia_ffmpeg_SET=OPENSSL multimedia_ffmpeg_UNSET=GNUTLS multimedia_kdemultimedia_UNSET=KDENLIVE multimedia_mpv_SET=CDIO LIBBLURAY multimedia_mpv_UNSET=NVDEC +multimedia_qt6-multimedia_SET=ALSA multimedia_vlc_SET=FLAC MPEG2 X264 X265 VPX DCA FAAD AOM multimedia_webcamd_UNSET=DVB INPUT RADIO net-im_py-matrix-synapse_SET=PGSQL URLPREVIEW LDAP @@ -79,8 +75,11 @@ security_heimdal_SET=LDAP security_heimdal_UNSET=BDB security_kf5-kdesu_SET=SUDO security_kf5-kdesu_UNSET=SU +security_kf6-kdesu_SET=SUDO +security_kf6-kdesu_UNSET=SU security_krb5_SET=DNS_FOR_REALM security_krb5_UNSET=KRB5_HTML KRB5_PDF +security_p5-Authen-SASL_SET=KERBEROS security_pinentry-qt5_SET=LIBSECRET security_sudo_SET=LDAP security_sudo_UNSET=GSSAPI_MIT @@ -98,5 +97,5 @@ www_firefox_UNSET=PROFILE www_nginx_SET=HTTPV3 HTTPV3_QTLS HTTP_AUTH_KRB5 HTTP_AUTH_LDAP HTTP_DAV_EXT www_nginx_UNSET=MAIL x11-toolkits_gtk30_UNSET=COLORD BROADWAY -x11_kde5_UNSET=KDEADMIN +x11_kde_UNSET=KDEADMIN x11_libinput_UNSET=LIBWACOM diff --git a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository index fa56e43..db86bc5 100644 --- a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository +++ b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository @@ -4,9 +4,10 @@ archivers/php${php_version}-zip archivers/unzip archivers/zip audio/elisa +audio/fooyin audio/freedesktop-sound-theme audio/gsound -audio/kid3@kf5 +audio/kid3@kf6 audio/kmix audio/musescore audio/pulseaudio @@ -22,7 +23,7 @@ databases/postgresql${postgresql_version}-client databases/postgresql${postgresql_version}-server databases/redis deskutils/pim-sieve-editor -deskutils/plasma5-sddm-kcm +deskutils/plasma6-sddm-kcm deskutils/py-vdirsyncer devel/android-tools devel/ccache @@ -72,8 +73,6 @@ mail/sieve-connect mail/thunderbird misc/php${php_version}-calendar misc/terminfo-db -multimedia/audacious-plugins@qt5 -multimedia/audacious@qt5 multimedia/handbrake multimedia/libdvdcss multimedia/libva-intel-media-driver @@ -111,6 +110,7 @@ net/php${php_version}-sockets net/py-matrix-synapse-ldap3 net/py-python-ldap net/rsync +net/socat net/syncthing net/turnserver net/wireguard-tools @@ -174,6 +174,7 @@ www/w3m x11-fonts/cantarell-fonts x11-fonts/droid-fonts-ttf x11-fonts/inconsolata-ttf +x11-fonts/montserrat x11-fonts/noto-basic x11-fonts/noto-emoji x11-fonts/roboto-fonts-ttf @@ -181,8 +182,9 @@ x11-fonts/terminus-font x11-fonts/terminus-ttf x11-fonts/ubuntu-font x11-fonts/webfonts +x11-themes/sddm-freebsd-black-theme x11-toolkits/gtksourceview4 -x11/kde5 +x11/kde x11/sddm x11/xev x11/xorg diff --git a/files/usr/local/etc/prosody/prosody.cfg.lua.xmpp_server b/files/usr/local/etc/prosody/prosody.cfg.lua.xmpp_server index 7936cac..e628db8 100644 --- a/files/usr/local/etc/prosody/prosody.cfg.lua.xmpp_server +++ b/files/usr/local/etc/prosody/prosody.cfg.lua.xmpp_server @@ -92,10 +92,11 @@ https_external_url = "https://${prosody_public_fqdn}/" trusted_proxies = { "127.0.0.1" } http_max_content_size = ${prosody_upload_sizelimit} -Component "${prosody_public_fqdn}" "http_upload" -http_upload_file_size_limit = ${prosody_upload_sizelimit} -http_upload_expire_after = ${prosody_upload_expiration} -http_upload_quota = ${prosody_upload_quota} +Component "${prosody_public_fqdn}" "http_file_share" +http_file_share_size_limit = ${prosody_upload_sizelimit} +http_file_share_expires_after = ${prosody_upload_expiration} +http_file_share_daily_quota = ${prosody_upload_quota} +http_file_share_global_quota = ${prosody_upload_quota} $(for vhost in $prosody_domains; do cat <<EOF VirtualHost "${vhost}" diff --git a/files/usr/local/etc/sddm.conf.desktop b/files/usr/local/etc/sddm.conf.desktop index 09c2000..fd4f227 100644 --- a/files/usr/local/etc/sddm.conf.desktop +++ b/files/usr/local/etc/sddm.conf.desktop @@ -7,3 +7,6 @@ SessionDir = /dev/null [Users] MinimumUid = ${sddm_min_uid} MaximumUid = ${sddm_max_uid} + +[Theme] +Current=sddm-freebsd-black-theme diff --git a/files/usr/local/libexec/invidious-sighelper-update.invidious_server b/files/usr/local/libexec/invidious-sighelper-update.invidious_server index 3f928aa..99b305a 100644 --- a/files/usr/local/libexec/invidious-sighelper-update.invidious_server +++ b/files/usr/local/libexec/invidious-sighelper-update.invidious_server @@ -40,7 +40,8 @@ upstream_rev=$(as_invidious 'git rev-parse "@{u}"') if [ "$local_rev" != "$upstream_rev" ]; then echo "updating inv_sig_helper to rev ${upstream_rev}" - as_invidious 'git pull --ff-only && cargo build --release' + as_invidious 'git pull --ff-only' + as_invidious 'cargo build --release' service inv_sig_helper status 2>/dev/null && service inv_sig_helper restart service invidious status 2>/dev/null && service invidious restart else diff --git a/files/usr/local/libexec/invidious-update.invidious_server b/files/usr/local/libexec/invidious-update.invidious_server index eb6fcbd..3a444ad 100644 --- a/files/usr/local/libexec/invidious-update.invidious_server +++ b/files/usr/local/libexec/invidious-update.invidious_server @@ -40,7 +40,9 @@ upstream_rev=$(as_invidious 'git rev-parse "@{u}"') if [ "$local_rev" != "$upstream_rev" ]; then echo "updating invidious to rev ${upstream_rev}" - as_invidious 'git pull --ff-only && shards install --production && crystal build src/invidious.cr --release' + as_invidious 'git pull --ff-only' + as_invidious 'shards install --production' + as_invidious 'crystal build src/invidious.cr --release' service invidious status 2>/dev/null && service invidious restart else echo "invidious already up to date at rev ${local_rev}" diff --git a/files/usr/local/libexec/pam-create-local-homedir.common b/files/usr/local/libexec/pam-create-local-homedir.common index 2d30d06..b1ecef5 100644 --- a/files/usr/local/libexec/pam-create-local-homedir.common +++ b/files/usr/local/libexec/pam-create-local-homedir.common @@ -1,3 +1,4 @@ #!/bin/sh install -o "$PAM_USER" -g "$PAM_USER" -m 0700 -d "/usr/local/home/${PAM_USER}" +install -o "$PAM_USER" -g "$PAM_USER" -l s "/usr/local/home/${PAM_USER}" "/home/${PAM_USER}/localdisk" diff --git a/files/usr/local/libexec/poudriere-cron.pkg_repository b/files/usr/local/libexec/poudriere-cron.pkg_repository index 8f3dff7..e0dee52 100644 --- a/files/usr/local/libexec/poudriere-cron.pkg_repository +++ b/files/usr/local/libexec/poudriere-cron.pkg_repository @@ -16,11 +16,11 @@ done for jail in "$@"; do poudriere jail -u -j "$jail" > /dev/null - poudriere bulk -j "$jail" -f /usr/local/etc/poudriere.d/idm-pkglist -p "$ports_tree" -z idm > /dev/null + poudriere bulk -j "$jail" -f /usr/local/etc/poudriere.d/idm-pkglist -p "$ports_tree" -z idm poudriere pkgclean -j "$jail" -f /usr/local/etc/poudriere.d/idm-pkglist -p "$ports_tree" -z idm -y > /dev/null 2>&1 - poudriere bulk -j "$jail" -f /usr/local/etc/poudriere.d/pkglist -p "$ports_tree" > /dev/null + poudriere bulk -j "$jail" -f /usr/local/etc/poudriere.d/pkglist -p "$ports_tree" poudriere pkgclean -j "$jail" -f /usr/local/etc/poudriere.d/pkglist -p "$ports_tree" -y > /dev/null 2>&1 - poudriere bulk -j "${jail}-i386" -f /usr/local/etc/poudriere.d/i386-pkglist -p "$ports_tree" > /dev/null + poudriere bulk -j "${jail}-i386" -f /usr/local/etc/poudriere.d/i386-pkglist -p "$ports_tree" poudriere pkgclean -j "${jail}-i386" -f /usr/local/etc/poudriere.d/i386-pkglist -p "$ports_tree" -y > /dev/null 2>&1 done diff --git a/files/usr/local/libexec/prosody-acme-proxy.xmpp_server b/files/usr/local/libexec/prosody-acme-proxy.xmpp_server index 70faddd..776aae8 100644 --- a/files/usr/local/libexec/prosody-acme-proxy.xmpp_server +++ b/files/usr/local/libexec/prosody-acme-proxy.xmpp_server @@ -44,8 +44,8 @@ md5_new=$(md5sum "$CERT_DIR"/*.crt "$CERT_DIR"/*.key | tee "$CHECKSUM_FILE") # If any certificates differ, reload prosody. if [ "$md5_old" != "$md5_new" ]; then - if prosodyctl status >/dev/null 2>&1; then - prosodyctl reload + if service prosody status >/dev/null; then + service prosody reload else echo 'prosody not running, not reloading' fi diff --git a/files/usr/local/libexec/prosody-update-roster.xmpp_server b/files/usr/local/libexec/prosody-update-roster.xmpp_server index 84c0c6e..68ffded 100644 --- a/files/usr/local/libexec/prosody-update-roster.xmpp_server +++ b/files/usr/local/libexec/prosody-update-roster.xmpp_server @@ -46,4 +46,4 @@ foreach my $entry ($search->entries) { } close $fh; -system('prosodyctl reload'); +system('service prosody reload'); diff --git a/scripts/hostclass/desktop b/scripts/hostclass/desktop index 8fdfca4..c85ef28 100644 --- a/scripts/hostclass/desktop +++ b/scripts/hostclass/desktop @@ -45,9 +45,9 @@ zfs set \ com.sun:auto-snapshot:weekly=true \ "${state_dataset}/home" -# Enable sndio. -sysrc -v sndiod_enable=YES -service sndiod status || service sndiod start +# Disable sndiod (not needed). +sysrc -v sndiod_enable=NO +service sndiod status && service sndiod stop # Create local group for desktop-access. # This is for *local* users that need access to the drm device. @@ -66,12 +66,12 @@ service webcamd status || service webcamd start install_file -m 0644 /usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop install_file -m 0555 /usr/local/libexec/nss-trust-root-ca -# Install gajim desktop file. -install_file -m 0644 /usr/local/share/applications/gajim.desktop - # Add sddm user to drm access group. pw groupmod "$desktop_access_role" -m "$sddm_user" +# Install gajim desktop file. +install_file -m 0644 /usr/local/share/applications/gajim.desktop + # Configure pam services. install_file -m 0644 \ /etc/pam.d/sddm \ diff --git a/scripts/hostclass/pkg_repository b/scripts/hostclass/pkg_repository index 5caa69b..24284a5 100644 --- a/scripts/hostclass/pkg_repository +++ b/scripts/hostclass/pkg_repository @@ -5,7 +5,7 @@ : ${poudriere_dataset:="${state_dataset:-zroot}"} : ${poudriere_make_jobs_number:='4'} : ${poudriere_priority_boost:='gcc* llvm* rust'} -: ${poudriere_allow_make_jobs_packages:='ImageMagick* bitwarden-cli cargo-c *chromium* cmake cmake-core digikam eclipse electron* ffmpeg firefox thunderbird gcc* gnutls gtk3* icu libreoffice* llvm* mongodb* mysql*-client mysql*-server node* openjdk* openssl pkg postgresql* qt*-webengine rust webkit* wine vaultwarden'} +: ${poudriere_allow_make_jobs_packages:='ImageMagick* bitwarden-cli cargo-c *chromium* cmake cmake-core digikam eclipse electron* ffmpeg firefox thunderbird gcc* gnutls gtk3* icu libreoffice* llvm* mongodb* mysql*-client mysql*-server node* openjdk* openssl pkg plasma6-plasma-workspace postgresql* qt*-webengine rust webkit* wine vaultwarden'} : ${poudriere_ccache_size:='50.0G'} : ${poudriere_default_versions:='imagemagick=7-nox11'} diff --git a/scripts/hostname/desktop1 b/scripts/hostname/desktop1 index b68cbcc..fc12885 100644 --- a/scripts/hostname/desktop1 +++ b/scripts/hostname/desktop1 @@ -11,7 +11,7 @@ playback_device=1 recording_device=0 samplerate=48000 bits=16 -buffer_ms=100 +buffer_ms=4 microphone_gain=50 max_channels=2 diff --git a/vars/hostclass/desktop b/vars/hostclass/desktop index 64bef68..fafc268 100644 --- a/vars/hostclass/desktop +++ b/vars/hostclass/desktop @@ -18,10 +18,6 @@ enable_serial_console=false # UID/GID hiding breaks consolekit and KDE screen locker. see_other_uids=1 -# sndiod's control socket lives under /tmp, but sndoid starts *before* /tmp is -# cleared out, resulting in the socket being blown away. -clear_tmp_enable=false - # Chromium seems to need this to enable VAAPI video decoding on intel. chrome_flags='--enable-features=Vulkan,VulkanFromANGLE,DefaultANGLEVulkan' @@ -38,17 +34,16 @@ gsound" # signal-desktop requires pulseaudio for audio/video chat. SAD! # Also, freedesktop-sound-theme is required for notification sounds in Dino +# digikam port currently broken +# kwalletd requires socat? desktop_packages=" ${gajim_packages} android-file-transfer-qt5 android-tools -audacious-plugins-qt5 -audacious-qt5 bind-tools ca_root_nss cantarell-fonts chromium -digikam dino droid-fonts-ttf eclipse @@ -56,6 +51,7 @@ elisa en-hunspell ffmpeg firefox +fooyin freedesktop-sound-theme git gnupg @@ -65,8 +61,8 @@ hs-pandoc inconsolata-ttf jq k3b -kde5 -kid3-kf5 +kde +kid3-kf6 kmix kmymoney konversation @@ -89,8 +85,10 @@ python roboto-fonts-ttf rsync sddm +sddm-freebsd-black-theme signal-desktop sndio +socat stow terminus-font terminus-ttf |