diff options
Diffstat (limited to 'files/usr/local/etc')
14 files changed, 104 insertions, 48 deletions
diff --git a/files/usr/local/etc/asterisk/queues.conf.asterisk_server b/files/usr/local/etc/asterisk/queues.conf.asterisk_server index 87b8ed4..8849690 100644 --- a/files/usr/local/etc/asterisk/queues.conf.asterisk_server +++ b/files/usr/local/etc/asterisk/queues.conf.asterisk_server @@ -6,12 +6,12 @@ shared_lastcall = yes log_membername_as_agent = yes $(for queue in ${asterisk_queues:-}; do - eval "queue_strategy=\${asterisk_queue_${queue}_strategy}" + eval "queue_strategy=\${asterisk_queue_${queue}_strategy:-ringall}" eval "queue_timeout=\${asterisk_queue_${queue}_timeout:-15}" eval "queue_retry=\${asterisk_queue_${queue}_retry:-5}" eval "queue_ringinuse=\${asterisk_queue_${queue}_ringinuse:-yes}" - eval "queue_members=\${asterisk_queue_${queue}_members}" - echo "\ + eval "queue_members=\${asterisk_queue_${queue}_members:-}" + cat <<EOF [${queue}] strategy = ${queue_strategy} timeout = ${queue_timeout} @@ -24,8 +24,12 @@ periodic-announce-frequency = 0 joinempty = yes leavewhenempty = no ringinuse = ${queue_ringinuse} -timeoutrestart = yes" -for member in $queue_members; do - eval "member_name=\${asterisk_ext_${member}_cid_name}" - echo "member => PJSIP/${member},0,${member_name},PJSIP/${member}" -done; done) +timeoutrestart = yes +EOF + for member in $queue_members; do + eval "member_name=\${asterisk_ext_${member}_cid_name}" + cat <<EOF +member => PJSIP/${member},0,${member_name},PJSIP/${member} +EOF + done +done) diff --git a/files/usr/local/etc/chromium/policies/managed/policies.json.desktop b/files/usr/local/etc/chromium/policies/managed/policies.json.desktop index 93544cf..1391d09 100644 --- a/files/usr/local/etc/chromium/policies/managed/policies.json.desktop +++ b/files/usr/local/etc/chromium/policies/managed/policies.json.desktop @@ -14,15 +14,6 @@ "CloudReportingEnabled": false, "DefaultBrowserSettingEnabled": false, "DefaultCookiesSetting": 1, - "DefaultSearchProviderEnabled": true, - "DefaultSearchProviderName": "DuckDuckGo", - "DefaultSearchProviderIconURL": "https://duckduckgo.com/favicon.ico", - "DefaultSearchProviderEncodings": [ - "UTF-8" - ], - "DefaultSearchProviderSearchURL": "https://duckduckgo.com/?q={searchTerms}", - "DefaultSearchProviderSuggestURL":"https://duckduckgo.com/ac/?q={searchTerms}&type=list", - "DefaultSearchProviderNewTabURL":"https://duckduckgo.com/chrome_newtab", "DnsOverHttpsMode": "off", "EnableAuthNegotiatePort": true, "EnableMediaRouter": false, @@ -45,8 +36,44 @@ "toplevel_name": "Internal" }, { + "name": "Bitwarden", + "url": "https://bitwarden.${domain}/" + }, + { + "name": "CUPS", + "url": "https://cups.${domain}/" + }, + { + "name": "DAViCal", + "url": "https://dav.${domain}/" + }, + { + "name": "Icinga", + "url": "https://icinga.${domain}/" + }, + { + "name": "Invidious", + "url": "https://invidious.${domain}/" + }, + { "name": "Poudriere", "url": "http://pkg.${domain}/poudriere" + }, + { + "name": "Rspamd", + "url": "https://smtp.${domain}/" + }, + { + "name": "Tiny Tiny RSS", + "url": "https://ttrss.${domain}/" + }, + { + "name": "UniFi Controller", + "url": "https://unifi.${domain}/" + }, + { + "name": "ZNC", + "url": "https://znc.${domain}/" } ], "ExtensionSettings": { @@ -67,25 +94,22 @@ "extensions": { "cjpalhdlnbpafiamejdnhcphjbkeiagm": { "toOverwrite": { - "selectedFilterLists": [ + "filterLists": [ "user-filters", "ublock-filters", "ublock-badware", "ublock-privacy", - "ublock-abuse", + "ublock-quick-fixes", "ublock-unbreak", - "ublock-annoyances", - "ublock-cookies-easylist", - "fanboy-cookiemonster", "easylist", "easyprivacy", + "adguard-spyware-url", "urlhaus-1", "plowe-0", - "fanboy-annoyance", - "fanboy-social", + "fanboy-cookiemonster", + "ublock-cookies-easylist", "fanboy-thirdparty_social", - "adguard-spyware-url", - "ublock-quick-fixes" + "ublock-annoyances" ] }, "toAdd": { diff --git a/files/usr/local/etc/dovecot/dovecot-ldap-userdb.conf.ext.imap_server b/files/usr/local/etc/dovecot/dovecot-ldap-userdb.conf.ext.imap_server index fc939a6..6a7ce4e 100644 --- a/files/usr/local/etc/dovecot/dovecot-ldap-userdb.conf.ext.imap_server +++ b/files/usr/local/etc/dovecot/dovecot-ldap-userdb.conf.ext.imap_server @@ -6,11 +6,11 @@ sasl_realm = ${realm} base = ${users_basedn} user_filter = (|(mailAddress=%u)(uid=%u)) -user_attrs = \ - =user=%{ldap:uid}, \ - =uid=${dovecot_vmail_uid}, \ - =gid=${dovecot_vmail_uid}, \ - =home=${dovecot_vmail_dir}/%{ldap:uid} \ +user_attrs = \\ + =user=%{ldap:uid}, \\ + =uid=${dovecot_vmail_uid}, \\ + =gid=${dovecot_vmail_uid}, \\ + =home=${dovecot_vmail_dir}/%{ldap:uid}, \\ mailQuota=quota_rule=\*:storage=%{ldap:mailQuota} iterate_attrs = uid=user diff --git a/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server index 4340192..116fe44 100644 --- a/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server +++ b/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server @@ -219,6 +219,20 @@ apply Service "cups-cert" { assign where ("cups-servers" in host.groups) } +apply Service for (vhost in host.vars.xmpp_vhosts) { + check_command = "tcp" + name = vhost + "-xmpp" + display_name = vhost + " xmpp" + vars.tcp_port = 5223 + vars.tcp_ssl = true + vars.tcp_sni = vhost + vars.tcp_certificate = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit} + vars.tcp_wtime = ${icinga_response_time_warn} + vars.tcp_ctime = ${icinga_response_time_crit} + vars.tcp_send = "<stream:stream to='" + vhost + "' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams'>" + vars.tcp_expect = "<?xml version='1.0'" +} + // Expect HTTP 200 apply Service "http" { check_command = "http" @@ -289,7 +303,6 @@ apply Service "https" { vars.http_warn_time = ${icinga_response_time_warn} vars.http_critical_time = ${icinga_response_time_crit} assign where ("pkg-repositories" in host.groups - || "xmpp-servers" in host.groups || "znc-servers" in host.groups || "bitwarden-servers" in host.groups) } @@ -331,7 +344,6 @@ apply Service "https-cert" { || "pkg-repositories" in host.groups || "unifi-controllers" in host.groups || "web-servers" in host.groups - || "xmpp-servers" in host.groups || "znc-servers" in host.groups || "bitwarden-servers" in host.groups || "dav-servers" in host.groups @@ -342,11 +354,11 @@ apply Service "https-cert" { && !host.vars.https_vhosts) } -// Expect HTTPS 200 +// Certificate validity apply Service for (vhost in host.vars.https_vhosts) { check_command = "http" - name = vhost + "-cert" - display_name = vhost + " certificate" + name = vhost + "-https-cert" + display_name = vhost + " https certificate" vars.http_vhost = vhost vars.http_expect = "HTTP/1.1 200 OK" vars.http_ssl = true @@ -354,13 +366,12 @@ apply Service for (vhost in host.vars.https_vhosts) { vars.http_certificate = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit} } -// Certificate validity +// Expect HTTPS 200 apply Service for (vhost in host.vars.https_vhosts) { check_command = "http" - name = vhost - display_name = vhost + name = vhost + "-https-status" + display_name = vhost + " https status" vars.http_vhost = vhost - vars.http_expect = "HTTP/1.1 200 OK" vars.http_ssl = true vars.http_sni = true vars.http_expect = "HTTP/1.1 200 OK" diff --git a/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server index 0ebe46e..cd1cda1 100644 --- a/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server +++ b/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server @@ -7,8 +7,8 @@ template Host "generic-host" default { template Service "generic-service" default { max_check_attempts = 5 - check_interval = 1m - retry_interval = 30s + check_interval = 5m + retry_interval = 1m } template User "generic-user" default { diff --git a/files/usr/local/etc/postfix/main.cf.smtp_server b/files/usr/local/etc/postfix/main.cf.smtp_server index 155c18c..72c0448 100644 --- a/files/usr/local/etc/postfix/main.cf.smtp_server +++ b/files/usr/local/etc/postfix/main.cf.smtp_server @@ -19,7 +19,6 @@ setgid_group = maildrop import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C POSTLOG_SERVICE POSTLOG_HOSTNAME KRB5_KTNAME=${postfix_keytab} KRB5_CLIENT_KTNAME=${postfix_keytab} myorigin = ${postfix_myorigin} -myhostname = ${postfix_public_fqdn} mynetworks = 127.0.0.0/8 [::1]/128 [fe80::]/64 ${postfix_mynetworks} mydestination = @@ -100,6 +99,8 @@ smtpd_relay_restrictions = permit_sasl_authenticated, reject_unauth_destination smtpd_recipient_restrictions = + permit_mynetworks, + permit_sasl_authenticated, reject_unknown_recipient_domain, reject_unlisted_recipient, reject_unauth_destination, diff --git a/files/usr/local/etc/postfix/master.cf.smtp_server b/files/usr/local/etc/postfix/master.cf.smtp_server index e0b5bbb..9dce9be 100644 --- a/files/usr/local/etc/postfix/master.cf.smtp_server +++ b/files/usr/local/etc/postfix/master.cf.smtp_server @@ -1,4 +1,5 @@ smtp inet n - n - - smtpd + -o myhostname=${postfix_public_fqdn} submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes @@ -16,7 +17,7 @@ proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp - -o syslog_name=postfix/$service_name + -o syslog_name=postfix/\$service_name showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error diff --git a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository index 3a80736..a4677f4 100644 --- a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository +++ b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository @@ -4,7 +4,7 @@ DEFAULT_VERSIONS+=${poudriere_default_versions:-} MAKE_JOBS_NUMBER=${poudriere_make_jobs_number} # Global port options -OPTIONS_UNSET=TEST DEBUG GSSAPI_HEIMDAL GSSAPI_BASE GSSAPI_NONE HEIMDAL HEIMDAL_BASE NLS DOCS AVAHI LIBWRAP MYSQL MSQLND ODBC READLINE PULSEAUDIO UPNP BASH ZSH INFO ALSA SAMBA WAYLAND PLATFORM_WAYLAND PIPEWIRE TCP_WRAPPERS COMPAT32 +OPTIONS_UNSET=TEST DEBUG GSSAPI_HEIMDAL GSSAPI_BASE GSSAPI_NONE HEIMDAL HEIMDAL_BASE NLS DOCS AVAHI LIBWRAP MYSQL MSQLND ODBC READLINE PULSEAUDIO UPNP BASH ZSH INFO ALSA SAMBA WAYLAND PLATFORM_WAYLAND PIPEWIRE TCP_WRAPPERS COMPAT32 JACK OPTIONS_SET=GSSAPI GSSAPI_MIT MIT NONFREE LIBEDIT # Per-port options @@ -87,6 +87,8 @@ sysutils_htop_SET=LSOF sysutils_k3b_UNSET=EMOVIX VCDIMAGER sysutils_rsyslog8_SET=GSSAPI RELP OPENSSL sysutils_rsyslog8_UNSET=GCRYPT +textproc_en-hunspell_SET=US_LARGE +textproc_en-hunspell_UNSET=US_STANDARD www_chromium_SET=WIDEVINE www_firefox_UNSET=PROFILE JACK www_nginx_SET=HTTPV3 HTTPV3_QTLS HTTP_AUTH_KRB5 HTTP_AUTH_LDAP diff --git a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository index 8542c20..e90bc1b 100644 --- a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository +++ b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository @@ -4,7 +4,7 @@ archivers/php${php_version}-zip archivers/unzip archivers/zip audio/elisa -audio/juk +audio/gsound audio/kid3@kf5 audio/kmix audio/virtual_oss @@ -18,6 +18,8 @@ databases/php${php_version}-pgsql databases/postgresql${postgresql_version}-client databases/postgresql${postgresql_version}-server databases/redis +deskutils/py-vdirsyncer +devel/android-tools devel/ccache devel/cgit devel/electron30 @@ -71,7 +73,7 @@ multimedia/v4l-utils multimedia/v4l_compat multimedia/vdpauinfo multimedia/webcamd -net-im/dino +net-im/farstream net-im/gajim net-im/prosody net-im/prosody-modules @@ -115,6 +117,7 @@ security/sshpass security/sudo security/vaultwarden security/wpa_supplicant +sysutils/android-file-transfer-qt5 sysutils/cpu-microcode sysutils/htop sysutils/k3b @@ -129,6 +132,7 @@ sysutils/stow sysutils/tmux sysutils/tree sysutils/zfstools +textproc/en-hunspell textproc/hs-pandoc textproc/jq textproc/p5-YAML diff --git a/files/usr/local/etc/prosody/prosody.cfg.lua.xmpp_server b/files/usr/local/etc/prosody/prosody.cfg.lua.xmpp_server index 083a6ce..7936cac 100644 --- a/files/usr/local/etc/prosody/prosody.cfg.lua.xmpp_server +++ b/files/usr/local/etc/prosody/prosody.cfg.lua.xmpp_server @@ -47,6 +47,8 @@ reload_modules = { "groups", "tls" } groups_file = "${prosody_roster_path}" s2s_secure_auth = true +c2s_direct_tls_ports = { ${prosody_c2s_tls_port} } +s2s_direct_tls_ports = { ${prosody_s2s_tls_port} } limits = { c2s = { diff --git a/files/usr/local/etc/rspamd/local.d/logging.inc.smtp_server b/files/usr/local/etc/rspamd/local.d/logging.inc.smtp_server index 7e38af5..da081e0 100644 --- a/files/usr/local/etc/rspamd/local.d/logging.inc.smtp_server +++ b/files/usr/local/etc/rspamd/local.d/logging.inc.smtp_server @@ -1,2 +1,2 @@ type = syslog; -facility = mail; +facility = daemon; diff --git a/files/usr/local/etc/xdg/kdeglobals.desktop b/files/usr/local/etc/xdg/kdeglobals.desktop new file mode 100644 index 0000000..5d121aa --- /dev/null +++ b/files/usr/local/etc/xdg/kdeglobals.desktop @@ -0,0 +1,5 @@ +# Broken with consolekit: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=221452 +# VT switch causes loss of graphics acceleration: https://github.com/freebsd/drm-kmod/issues/175 +[KDE Action Restrictions] +action/start_new_session=false +action/switch_user=false diff --git a/files/usr/local/etc/xdg/kdeglobals.laptop b/files/usr/local/etc/xdg/kdeglobals.laptop new file mode 120000 index 0000000..9c8c680 --- /dev/null +++ b/files/usr/local/etc/xdg/kdeglobals.laptop @@ -0,0 +1 @@ +kdeglobals.desktop
\ No newline at end of file diff --git a/files/usr/local/etc/xdg/kdeglobals.roadwarrior_laptop b/files/usr/local/etc/xdg/kdeglobals.roadwarrior_laptop new file mode 120000 index 0000000..9c8c680 --- /dev/null +++ b/files/usr/local/etc/xdg/kdeglobals.roadwarrior_laptop @@ -0,0 +1 @@ +kdeglobals.desktop
\ No newline at end of file |