diff options
| -rw-r--r-- | files/etc/profile.d/local-homedir.sh.common | 4 | ||||
| -rw-r--r-- | files/usr/local/etc/nginx/vhosts.conf.dav_server | 9 | ||||
| -rw-r--r-- | files/usr/local/etc/poudriere.d/make.conf.pkg_repository | 2 | ||||
| -rw-r--r-- | files/usr/local/etc/poudriere.d/patches/gstreamer1-plugins-good-fix-v4l-einval.patch.pkg_repository | 20 | ||||
| -rw-r--r-- | files/usr/local/etc/poudriere.d/pkglist.pkg_repository | 4 | ||||
| -rw-r--r-- | files/usr/local/etc/xdg/baloofilerc.desktop | 2 | ||||
| l--------- | files/usr/local/etc/xdg/baloofilerc.laptop | 1 | ||||
| l--------- | files/usr/local/etc/xdg/baloofilerc.roadwarrior_laptop | 1 | ||||
| -rw-r--r-- | files/usr/local/lib/thunderbird/distribution/policies.json.desktop | 77 | ||||
| -rw-r--r-- | scripts/hostclass/desktop | 9 | ||||
| -rw-r--r-- | scripts/hostclass/pkg_repository | 10 | ||||
| -rw-r--r-- | vars/hostclass/desktop | 4 | ||||
| -rw-r--r-- | vars/hostclass/pkg_repository | 6 |
13 files changed, 143 insertions, 6 deletions
diff --git a/files/etc/profile.d/local-homedir.sh.common b/files/etc/profile.d/local-homedir.sh.common index d5abb90..683756a 100644 --- a/files/etc/profile.d/local-homedir.sh.common +++ b/files/etc/profile.d/local-homedir.sh.common @@ -18,6 +18,10 @@ export GOPATH="${LOCAL_HOME}/go" mkdir -p "${LOCAL_HOME}/.mozilla" ln -sfn "${LOCAL_HOME}/.mozilla" "${HOME}/.mozilla" +# thunderbird +mkdir -p "${LOCAL_HOME}/.thunderbird" +ln -sfn "${LOCAL_HOME}/.thunderbird" "${HOME}/.thunderbird" + # kwallet # The kwallet PAM module hard-codes ~/.local/share/kwalletd, but kwallet itself # honors XDG_DATA_HOME! So we symlink from the local disk back into NFS. Gross! diff --git a/files/usr/local/etc/nginx/vhosts.conf.dav_server b/files/usr/local/etc/nginx/vhosts.conf.dav_server index 71bbc71..0c6e817 100644 --- a/files/usr/local/etc/nginx/vhosts.conf.dav_server +++ b/files/usr/local/etc/nginx/vhosts.conf.dav_server @@ -17,6 +17,7 @@ server { location / { auth_gss on; satisfy any; + auth_request /authenticate; $(printf ' deny %s;\n' $kerberized_cidrs) allow all; try_files \$uri \$uri/ /caldav.php\$uri?\$query_string; @@ -26,6 +27,13 @@ $(printf ' deny %s;\n' $kerberized_cidrs) try_files \$uri \$uri/ /caldav.php\$uri?\$query_string; } + location /authenticate { + if (\$http_user_agent ~ 'Thunderbird') { + return 200; + } + return 403; + } + location ~ ^/caldav\.php/\.well-known/ { fastcgi_split_path_info ^(.+?\.php)(/.*)$; if (!-f \$document_root\$fastcgi_script_name) { @@ -40,6 +48,7 @@ $(printf ' deny %s;\n' $kerberized_cidrs) location ~ [^/]\.php(/|$) { auth_gss on; satisfy any; + auth_request /authenticate; $(printf ' deny %s;\n' $kerberized_cidrs) allow all; diff --git a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository index a4677f4..a5ff5ef 100644 --- a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository +++ b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository @@ -43,6 +43,7 @@ mail_mutt_UNSET=HTML mail_postfix_SET=LDAP SASL SASLKRB5 mail_rspamd_SET=HYPERSCAN misc_kdeutils_UNSET=KFLOPPY KTEATIME +mail_thunderbird_UNSET=PROFILE multimedia_audacious-plugins_SET=LAME SNDIO multimedia_audacious-plugins_UNSET=OSS multimedia_ffmpeg_SET=OPENSSL @@ -53,7 +54,6 @@ multimedia_qt5-multimedia_SET=PULSEAUDIO ALSA multimedia_qt6-multimedia_SET=PULSEAUDIO ALSA multimedia_vlc_SET=FLAC MPEG2 X264 X265 VPX DCA FAAD AOM multimedia_webcamd_UNSET=DVB INPUT RADIO -net-im_dino_UNSET=RTP net-im_py-matrix-synapse_SET=PGSQL URLPREVIEW LDAP net-mgmt_monitoring-plugins_SET=LDAP SSH_PORTABLE PGSQL RADIUS DNS_BINDTOOLS net-mgmt_monitoring-plugins_UNSET=DNS_BASE diff --git a/files/usr/local/etc/poudriere.d/patches/gstreamer1-plugins-good-fix-v4l-einval.patch.pkg_repository b/files/usr/local/etc/poudriere.d/patches/gstreamer1-plugins-good-fix-v4l-einval.patch.pkg_repository new file mode 100644 index 0000000..503a95d --- /dev/null +++ b/files/usr/local/etc/poudriere.d/patches/gstreamer1-plugins-good-fix-v4l-einval.patch.pkg_repository @@ -0,0 +1,20 @@ +--- multimedia/gstreamer1-plugins-good/files/patch-sys_v4l2_gstv4l2object.c 2024-11-08 16:46:07.003565000 -0500 ++++ multimedia/gstreamer1-plugins-good/files/patch-sys_v4l2_gstv4l2object.c 2024-11-08 16:46:11.030787000 -0500 +@@ -1,6 +1,15 @@ +---- sys/v4l2/gstv4l2object.c.orig 2024-09-19 10:01:21 UTC ++--- sys/v4l2/gstv4l2object.c.orig 2024-11-08 18:59:59 UTC + +++ sys/v4l2/gstv4l2object.c +-@@ -5078,7 +5078,9 @@ gst_v4l2_object_probe_caps (GstV4l2Object * v4l2object ++@@ -3159,7 +3159,7 @@ gst_v4l2_object_is_dmabuf_supported (GstV4l2Object * v ++ ++ /* Expected to fail, but ENOTTY tells us that it is not implemented. */ ++ v4l2object->ioctl (v4l2object->video_fd, VIDIOC_EXPBUF, &expbuf); ++- if (errno == ENOTTY) +++ if (errno == ENOTTY || errno == EINVAL) ++ ret = FALSE; ++ ++ return ret; ++@@ -4886,7 +4886,9 @@ gst_v4l2_object_probe_caps (GstV4l2Object * v4l2object + if (v4l2object->ioctl (v4l2object->video_fd, VIDIOC_CROPCAP, &cropcap) < 0) { + + switch (errno) { diff --git a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository index 248de82..ff700f3 100644 --- a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository +++ b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository @@ -4,6 +4,7 @@ archivers/php${php_version}-zip archivers/unzip archivers/zip audio/elisa +audio/freedesktop-sound-theme audio/gsound audio/kid3@kf5 audio/kmix @@ -18,6 +19,7 @@ databases/php${php_version}-pgsql databases/postgresql${postgresql_version}-client databases/postgresql${postgresql_version}-server databases/redis +deskutils/merkuro deskutils/py-vdirsyncer devel/android-tools devel/ccache @@ -62,6 +64,7 @@ mail/mutt mail/postfix mail/rspamd mail/sieve-connect +mail/thunderbird misc/php${php_version}-calendar multimedia/audacious-plugins@qt5 multimedia/audacious@qt5 @@ -73,6 +76,7 @@ multimedia/v4l-utils multimedia/v4l_compat multimedia/vdpauinfo multimedia/webcamd +net-im/dino net-im/farstream net-im/gajim net-im/prosody diff --git a/files/usr/local/etc/xdg/baloofilerc.desktop b/files/usr/local/etc/xdg/baloofilerc.desktop new file mode 100644 index 0000000..1735f7a --- /dev/null +++ b/files/usr/local/etc/xdg/baloofilerc.desktop @@ -0,0 +1,2 @@ +[Basic Settings] +Indexing-Enabled=false diff --git a/files/usr/local/etc/xdg/baloofilerc.laptop b/files/usr/local/etc/xdg/baloofilerc.laptop new file mode 120000 index 0000000..25d132b --- /dev/null +++ b/files/usr/local/etc/xdg/baloofilerc.laptop @@ -0,0 +1 @@ +baloofilerc.desktop
\ No newline at end of file diff --git a/files/usr/local/etc/xdg/baloofilerc.roadwarrior_laptop b/files/usr/local/etc/xdg/baloofilerc.roadwarrior_laptop new file mode 120000 index 0000000..25d132b --- /dev/null +++ b/files/usr/local/etc/xdg/baloofilerc.roadwarrior_laptop @@ -0,0 +1 @@ +baloofilerc.desktop
\ No newline at end of file diff --git a/files/usr/local/lib/thunderbird/distribution/policies.json.desktop b/files/usr/local/lib/thunderbird/distribution/policies.json.desktop new file mode 100644 index 0000000..517f04d --- /dev/null +++ b/files/usr/local/lib/thunderbird/distribution/policies.json.desktop @@ -0,0 +1,77 @@ +{ + "policies": { + "Cookies": { + "AcceptThirdParty": "never", + "RejectTracker": true + }, + "Authentication": { + "SPNEGO": ["${domain}"], + "AllowNonFQDN": { + "SPNEGO": true + }, + "AllowProxies": { + "SPNEGO": true + } + }, + "AppAutoUpdate": false, + "DisableAppUpdate": true, + "CaptivePortal": false, + "Certificates": { + "Install": [ + "${site_cacert_path}" + ] + }, + "DisableTelemetry": true, + "DNSOverHTTPS": { + "Enabled": false + }, + "ExtensionUpdate": true, + "Preferences": { + "dom.security.https_only_mode": { + "Value": true, + "Status": "locked" + }, + "dom.push.connection.enabled": { + "Value": false, + "Status": "default" + }, + "privacy.trackingprotection.socialtracking.enabled": { + "Value": false, + "Status": "locked" + }, + "browser.safebrowsing.malware.enabled": { + "Value": false, + "Status": "locked" + }, + "browser.safebrowsing.phishing.enabled": { + "Value": false, + "Status": "locked" + }, + "browser.safebrowsing.downloads.enabled": { + "Value": false, + "Status": "locked" + }, + "mail.shell.checkDefaultClient": { + "Value": false, + "Status": "locked" + }, + "mail.phishing.detection.enabled": { + "Value": false, + "Status": "locked" + }, + "font.size.variable.x-unicode": { + "Value": 13, + "Status": "default" + }, + "font.size.variable.x-western": { + "Value": 13, + "Status": "default" + }, + "mail.uifontsize": { + "Value": 13, + "Status": "default" + } + } + } +} + diff --git a/scripts/hostclass/desktop b/scripts/hostclass/desktop index 4f6e31f..79b40f2 100644 --- a/scripts/hostclass/desktop +++ b/scripts/hostclass/desktop @@ -101,6 +101,11 @@ case $desktop_type in /usr/local/etc/xdg/plasma-workspace/shutdown install_file -m 0555 /usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh + # Disable baloo file search. + # Don't know anyone that uses it, and litters $HOME with .nfs files whenever + # any file is deleted. + install_file -m 0644 /usr/local/etc/xdg/baloofilerc + # Disable user switching # Broken with consolekit: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=221452 # VT switch causes loss of graphics acceleration: https://github.com/freebsd/drm-kmod/issues/175 @@ -128,6 +133,10 @@ set_loader_conf \ install_directory -m 0755 /usr/local/lib/firefox/distribution install_template -m 0644 /usr/local/lib/firefox/distribution/policies.json +# Create policy file for thunderbird. +install_directory -m 0755 /usr/local/lib/thunderbird/distribution +install_template -m 0644 /usr/local/lib/thunderbird/distribution/policies.json + # Create policy file for chromium. install_directory -m 0755 \ /usr/local/etc/chromium/policies \ diff --git a/scripts/hostclass/pkg_repository b/scripts/hostclass/pkg_repository index 86e6b2c..800faae 100644 --- a/scripts/hostclass/pkg_repository +++ b/scripts/hostclass/pkg_repository @@ -5,7 +5,7 @@ : ${poudriere_dataset:="${state_dataset:-zroot}"} : ${poudriere_make_jobs_number:='8'} : ${poudriere_priority_boost:='gcc* llvm* rust'} -: ${poudriere_allow_make_jobs_packages:='ImageMagick* bitwarden-cli cargo-c *chromium* cmake cmake-core eclipse electron* ffmpeg firefox gcc* gnutls gtk3* icu libreoffice* llvm* mongodb* mysql*-client mysql*-server node* openjdk* openssl pkg qt*-webengine rust webkit* vaultwarden'} +: ${poudriere_allow_make_jobs_packages:='ImageMagick* bitwarden-cli cargo-c *chromium* cmake cmake-core eclipse electron* ffmpeg firefox thunderbird gcc* gnutls gtk3* icu libreoffice* llvm* mongodb* mysql*-client mysql*-server node* openjdk* openssl pkg qt*-webengine rust webkit* vaultwarden'} : ${poudriere_ccache_size:='50.0G'} : ${poudriere_default_versions:='imagemagick=7-nox11'} @@ -63,14 +63,14 @@ service nginx restart [ -d "${poudriere_data_dir}/ports/latest" ] || poudriere ports -c -v -p latest git -C "${poudriere_data_dir}/ports/latest" restore :/ git -C "${poudriere_data_dir}/ports/latest" clean -f -poudriere ports -v -u -p latest +[ "${poudriere_update:-}" = true ] && poudriere ports -v -u -p latest # Apply custom patches. install_directory -m 0755 "$poudriere_patch_dir" rm -f "${poudriere_patch_dir}/"*.patch -install_file -m 0644 \ - "${poudriere_patch_dir}/postgresql16-gssapi.patch" \ - "${poudriere_patch_dir}/chromium-gssapi.patch" +for patch in $poudriere_patches; do + install_file -m 0644 "${poudriere_patch_dir}/${patch}.patch" +done for patch in "${poudriere_patch_dir}/"*.patch; do [ -f "$patch" ] || continue diff --git a/vars/hostclass/desktop b/vars/hostclass/desktop index 2464a65..d2c9a49 100644 --- a/vars/hostclass/desktop +++ b/vars/hostclass/desktop @@ -58,11 +58,13 @@ python py${python_version}-pip roboto-fonts-ttf rsync +sound-theme-freedesktop signal-desktop sndio stow terminus-font terminus-ttf +thunderbird tmux tree ubuntu-font @@ -79,6 +81,7 @@ android-file-transfer-qt5 audacious-qt5 audacious-plugins-qt5 digikam +dino elisa ${gajim_packages} gtksourceview4 @@ -88,6 +91,7 @@ kid3-kf5 kmix konversation en-hunspell +merkuro sddm" desktop_i3_packages=' diff --git a/vars/hostclass/pkg_repository b/vars/hostclass/pkg_repository index e60a0c4..f50beb3 100644 --- a/vars/hostclass/pkg_repository +++ b/vars/hostclass/pkg_repository @@ -2,3 +2,9 @@ allowed_tcp_ports='ssh http https' nginx_redirect=false + +poudriere_patches=' +chromium-gssapi +postgresql16-gssapi +gstreamer1-plugins-good-fix-v4l-einval +' |