diff options
-rw-r--r-- | files/etc/devfs.rules.desktop | 4 | ||||
l--------- | files/etc/devfs.rules.laptop | 1 | ||||
-rw-r--r-- | files/usr/local/etc/poudriere.d/make.conf.pkg_repository | 4 | ||||
-rw-r--r-- | files/usr/local/etc/poudriere.d/pkglist.pkg_repository | 11 | ||||
-rw-r--r-- | files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.common | 4 | ||||
-rw-r--r-- | files/usr/local/lib/firefox/distribution/policies.json.common | 4 | ||||
-rw-r--r-- | scripts/hostclass/desktop | 31 | ||||
-rw-r--r-- | scripts/hostname/desktop1 | 24 | ||||
-rw-r--r-- | scripts/os/freebsd/10-bootloader | 14 | ||||
-rw-r--r-- | scripts/os/freebsd/10-rc-conf | 7 | ||||
-rw-r--r-- | scripts/os/freebsd/51-autofs | 7 | ||||
-rw-r--r-- | vars/common | 1 | ||||
-rw-r--r-- | vars/hostclass/desktop | 18 | ||||
-rw-r--r-- | vars/hostclass/imap_server | 2 | ||||
-rw-r--r-- | vars/hostname/alcatraz1 | 3 | ||||
-rw-r--r-- | vars/os/freebsd | 2 |
16 files changed, 123 insertions, 14 deletions
diff --git a/files/etc/devfs.rules.desktop b/files/etc/devfs.rules.desktop new file mode 100644 index 0000000..4c10d43 --- /dev/null +++ b/files/etc/devfs.rules.desktop @@ -0,0 +1,4 @@ +[${devfs_local_ruleset_name}=1000] +add path 'drm/*' mode 0660 group ${desktop_access_role} +add path 'backlight/*' mode 0660 group ${desktop_access_role} +add path 'video*' mode 0660 group ${desktop_access_role} diff --git a/files/etc/devfs.rules.laptop b/files/etc/devfs.rules.laptop new file mode 120000 index 0000000..62718d0 --- /dev/null +++ b/files/etc/devfs.rules.laptop @@ -0,0 +1 @@ +devfs.rules.desktop
\ No newline at end of file diff --git a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository index 7c69474..bc8f89c 100644 --- a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository +++ b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository @@ -4,10 +4,11 @@ DEFAULT_VERSIONS+=${poudriere_default_versions:-} MAKE_JOBS_NUMBER=${poudriere_make_jobs_number} # Global port options -OPTIONS_UNSET=TEST DEBUG GSSAPI_HEIMDAL GSSAPI_BASE GSSAPI_NONE HEIMDAL HEIMDAL_BASE NLS DOCS AVAHI LIBWRAP MYSQL MSQLND ODBC READLINE PULSEAUDIO UPNP BASH ZSH INFO ALSA SAMBA WAYLAND PLATFORM_WAYLAND PIPEWIRE TCP_WRAPPERS +OPTIONS_UNSET=TEST DEBUG GSSAPI_HEIMDAL GSSAPI_BASE GSSAPI_NONE HEIMDAL HEIMDAL_BASE NLS DOCS AVAHI LIBWRAP MYSQL MSQLND ODBC READLINE PULSEAUDIO UPNP BASH ZSH INFO ALSA SAMBA WAYLAND PLATFORM_WAYLAND PIPEWIRE TCP_WRAPPERS COMPAT32 OPTIONS_SET=GSSAPI GSSAPI_MIT MIT NONFREE LIBEDIT # Per-port options +audio_virtual_oss_UNSET=BLUETOOTH BT_SPEAKER EQUALIZER databases_akonadi_SET=MYSQL databases_luadbi_SET=PGSQL databases_postgresql${postgresql_version}-client_SET=PAM LDAP @@ -44,6 +45,7 @@ multimedia_ffmpeg_UNSET=GNUTLS multimedia_kdemultimedia_UNSET=KDENLIVE multimedia_qt6-multimedia_SET=ALSA multimedia_vlc_SET=FLAC MPEG2 X264 X265 VPX DCA FAAD AOM +multimedia_webcamd_UNSET=DVB INPUT RADIO net-im_dino_UNSET=RTP net-im_py-matrix-synapse_SET=PGSQL URLPREVIEW LDAP net_asterisk18_SET=NEWG711 G729 NCURSES diff --git a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository index 35b8f9a..2740c85 100644 --- a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository +++ b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository @@ -6,6 +6,7 @@ archivers/zip audio/juk audio/kid3 audio/kmix +audio/virtual_oss converters/php${php_version}-iconv converters/php${php_version}-mbstring databases/luadbi @@ -60,6 +61,9 @@ misc/php${php_version}-calendar multimedia/audacious multimedia/libva-intel-media-driver multimedia/makemkv +multimedia/v4l-utils +multimedia/v4l_compat +multimedia/webcamd net-im/dino net-im/gajim net-im/prosody @@ -125,8 +129,15 @@ www/nginx www/php${php_version}-opcache www/php${php_version}-session www/w3m +x11-fonts/cantarell-fonts +x11-fonts/droid-fonts-ttf +x11-fonts/inconsolata-ttf +x11-fonts/noto-basic +x11-fonts/noto-emoji x11-fonts/terminus-font x11-fonts/terminus-ttf +x11-fonts/ubuntu-font +x11-fonts/webfonts x11/kde5 x11/sddm x11/xev diff --git a/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.common b/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.common new file mode 100644 index 0000000..1808561 --- /dev/null +++ b/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.common @@ -0,0 +1,4 @@ +#!/bin/sh + +pkill signal-desktop chrome baloo_file +pkill -f /usr/local/libexec/geoclue-2.0/demos/agent diff --git a/files/usr/local/lib/firefox/distribution/policies.json.common b/files/usr/local/lib/firefox/distribution/policies.json.common index 96d463c..425a6d6 100644 --- a/files/usr/local/lib/firefox/distribution/policies.json.common +++ b/files/usr/local/lib/firefox/distribution/policies.json.common @@ -9,10 +9,6 @@ "install_url": "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi", "installation_mode": "normal_installed" }, - "7esoorv3@alefvanoon.anonaddy.me": { - "install_url": "https://addons.mozilla.org/firefox/downloads/latest/libredirect/latest.xpi", - "installation_mode": "normal_installed" - }, "{9cbd40c5-5275-443e-811b-dc57d8c7c5d2}": { "install_url": "https://addons.mozilla.org/firefox/downloads/latest/kde-default-breeze/latest.xpi", "installation_mode": "$(if [ "${desktop_type:-}" = kde ]; then echo 'normal_installed'; else echo 'allowed'; fi)" diff --git a/scripts/hostclass/desktop b/scripts/hostclass/desktop index 1fa17cc..f9e7e94 100644 --- a/scripts/hostclass/desktop +++ b/scripts/hostclass/desktop @@ -2,10 +2,11 @@ : ${desktop_access_role:='desktop-access'} : ${desktop_access_gid:='40000'} - : ${sddm_min_uid:='10000'} : ${sddm_max_uid:='19999'} +sddm_user=sddm + # TODO: kill lingering processes after logout (chrome, baloo-search, etc). if [ "${enable_idm:-}" = false ]; then @@ -34,6 +35,25 @@ install_file -m 0555 \ /etc/profile.d/local-homedir.sh install_directory -m 0755 /usr/local/home +# Enable sndio. +sysrc -v sndiod_enable=YES +service sndiod status || service sndiod start + +# Create local group for desktop-access. +# This is for *local* users that need access to the drm device. +add_group -g "$desktop_access_gid" "$desktop_access_role" + +# Create desktop devfs ruleset. +install_template -m 0644 /etc/devfs.rules +sysrc -v "devfs_system_ruleset=${devfs_local_ruleset_name}" +service devd restart + +# Enable webcamd. +load_kernel_module cuse +set_loader_conf cuse_load=YES +sysrc -v webcamd_enable=YES +service webcamd status || service webcamd start + case $desktop_type in i3) pkg install -y $desktop_i3_packages @@ -42,6 +62,9 @@ case $desktop_type in # Install KDE packages. pkg install -y $desktop_kde_packages + # Add sddm user to drm access group. + pw groupmod "$desktop_access_role" -m "$sddm_user" + # Configure pam services. install_file -m 0644 \ /etc/pam.d/sddm \ @@ -56,6 +79,12 @@ case $desktop_type in # Create SDDM local homedir. install_directory -o sddm -g sddm -m 0700 /usr/local/home/sddm + # Create shutdown script to cleanup lingering processes. + install_directory -m 0755 \ + /usr/local/etc/xdg/plasma-workspace \ + /usr/local/etc/xdg/plasma-workspace/shutdown + install_file -m 0555 /usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh + # Enable sddm. sysrc -v sddm_enable=YES ;; diff --git a/scripts/hostname/desktop1 b/scripts/hostname/desktop1 new file mode 100644 index 0000000..0e6e551 --- /dev/null +++ b/scripts/hostname/desktop1 @@ -0,0 +1,24 @@ +#!/bin/sh + +# This desktop has USB speakers and webcam USB microphone, so sndio can't +# use both at the same time. This creates a virtual device combining both +# of them into one virutal sound card. +# +# Because the virtual soundcard is installed to /dev/dsp, it will +# automatically be used as the default. + +playback_device=1 +recording_device=0 +samplerate=48000 +bits=16 +buffer_ms=25 +microphone_gain=50 + +pkg install -y virtual_oss +sysrc -v \ + virtual_oss_enable=YES \ + virtual_oss_dsp="-T /dev/sndstat -C 2 -c 2 -S -r ${samplerate} -b ${bits} -s ${buffer_ms}ms -O /dev/dsp${playback_device} -R /dev/dsp${recording_device} -d dsp -t vsdp.ctl" +service virtual_oss restart + +set_loader_conf "hint.pcm.${recording_device}.mic=${microphone_gain}" +set_loader_conf "hint.pcm.${playback_device}.pcm=100" diff --git a/scripts/os/freebsd/10-bootloader b/scripts/os/freebsd/10-bootloader index 0506606..438acc0 100644 --- a/scripts/os/freebsd/10-bootloader +++ b/scripts/os/freebsd/10-bootloader @@ -13,11 +13,7 @@ kill -HUP 1 set_loader_conf \ autoboot_delay=1 \ beastie_disable=YES \ - boot_multicons=YES \ - boot_serial=YES \ cc_htcp_load=YES \ - console=comconsole,efi \ - comconsole_speed=115200 \ kern.geom.label.disk_ident.enable=0 \ kern.geom.label.gptid.enable=0 \ net.inet.tcp.soreceive_stream=1 \ @@ -27,3 +23,13 @@ set_loader_conf \ pf_load=YES \ pflog_load=YES \ security.bsd.allow_destructive_dtrace=0 + +if [ "${serial_console:-}" = true ]; then + # Don't enable the serial console for all hosts indiscriminately. + # Somehow, having the serial console enabled breaks ConsoleKit. + set_loader_conf \ + boot_multicons=YES \ + boot_serial=YES \ + console=comconsole,efi \ + comconsole_speed=115200 +fi diff --git a/scripts/os/freebsd/10-rc-conf b/scripts/os/freebsd/10-rc-conf index 629c72b..2d91005 100644 --- a/scripts/os/freebsd/10-rc-conf +++ b/scripts/os/freebsd/10-rc-conf @@ -1,11 +1,16 @@ #!/bin/sh sysrc -v \ - clear_tmp_enable=YES \ dumpdev=NO \ ipv6_activate_all_interfaces=NO \ syslogd_flags=-ss +if [ "$clear_tmp_enable" = false ]; then + sysrc -v clear_tmp_enable=NO +else + sysrc -v clear_tmp_enable=YES +fi + if [ -n "${console_font:-}" ]; then sysrc -v allscreens_flags="-f ${console_font}" fi diff --git a/scripts/os/freebsd/51-autofs b/scripts/os/freebsd/51-autofs index a4549c8..0ad814f 100644 --- a/scripts/os/freebsd/51-autofs +++ b/scripts/os/freebsd/51-autofs @@ -17,7 +17,7 @@ sysrc -v \ nfsuserd_flags="-usermax ${nfsuserd_cache_size} -usertimeout ${nfsuserd_cache_timeout} ${nfsuserd_num_servers}" \ gssd_enable=YES \ gssd_flags='-h -s /tmp' \ - gssd_env="KRB5_KTNAME=${keytab_dir}/host.keytab" + gssd_env="KRB5_KTNAME=${keytab_dir}/host.keytab" \ nfs_client_enable=YES \ nfscbd_enable=NO \ nfscbd_flags="-p ${nfscbd_port} -P host" \ @@ -28,6 +28,9 @@ install_file -m 0555 /usr/local/libexec/idm-autofs-map ln -snfv /usr/local/libexec/idm-autofs-map /etc/autofs/include # TODO: nfscbd causes kernel panics on FreeBSD 14.1, disabled for now. -for service in gssd nfsclient nfsuserd automount automountd autounmountd; do +for service in gssd nfsuserd automountd autounmountd; do service "$service" status || service "$service" start done + +service nfsclient start +service automount start diff --git a/vars/common b/vars/common index d072ea8..18df739 100644 --- a/vars/common +++ b/vars/common @@ -55,6 +55,7 @@ rspamd_port=11334 ssh_authzkeys_uid=789 ssh_authzkeys_username=sshkeys tcp_buffer_size=2097152 # suitable for 1 GigE +serial_console=false nginx_nofile=2048 nginx_worker_connections=768 diff --git a/vars/hostclass/desktop b/vars/hostclass/desktop index fe6f4bc..8938965 100644 --- a/vars/hostclass/desktop +++ b/vars/hostclass/desktop @@ -1,23 +1,41 @@ #!/bin/sh +# UID/GID hiding breaks consolekit and KDE screen locker. +see_other_uids=1 + +# sndiod's control socket lives under /tmp, but sndoid starts *before* /tmp is +# cleared out, resulting in the socket being blown away. +clear_tmp_enable=false + desktop_common_packages=" bind-tools +cantarell-fonts chromium +droid-fonts-ttf eclipse firefox git gnupg +inconsolata-ttf krb5 libreoffice libva-intel-media-driver +noto-basic +noto-emoji password-store py${python_version}-pip signal-desktop +sndio stow terminus-font terminus-ttf tmux tree +ubuntu-font +v4l-utils +v4l_compat +webcamd +webfonts wireguard-tools xorg" diff --git a/vars/hostclass/imap_server b/vars/hostclass/imap_server index c1467b2..5b57f53 100644 --- a/vars/hostclass/imap_server +++ b/vars/hostclass/imap_server @@ -1,3 +1,3 @@ #!/bin/sh -allowed_tcp_ports="ssh imaps ${lmtp_port} ${quota_status_port}" +allowed_tcp_ports="ssh imaps sieve ${lmtp_port} ${quota_status_port}" diff --git a/vars/hostname/alcatraz1 b/vars/hostname/alcatraz1 new file mode 100644 index 0000000..9b2021c --- /dev/null +++ b/vars/hostname/alcatraz1 @@ -0,0 +1,3 @@ +#!/bin/sh + +serial_console=true diff --git a/vars/os/freebsd b/vars/os/freebsd index d13c84e..ed4778c 100644 --- a/vars/os/freebsd +++ b/vars/os/freebsd @@ -7,10 +7,12 @@ enable_pf=true install_packages='sudo tmux vim' intel_epp=50 see_other_uids=0 +clear_tmp_enable=true memsize=$(sysctl -n hw.physmem) export ASSUME_ALWAYS_YES=yes +devfs_local_ruleset_name=localrules keytab_dir=/var/db/keytabs nfscbd_port=7745 nginx_user=www |