diff options
Diffstat (limited to 'files')
49 files changed, 175 insertions, 67 deletions
diff --git a/files/etc/cron.d/unbound.idm_server b/files/etc/cron.d/unbound.idm_server new file mode 100644 index 0000000..56d8809 --- /dev/null +++ b/files/etc/cron.d/unbound.idm_server @@ -0,0 +1,2 @@ +MAILTO=root +@daily ${unbound_user} /usr/local/libexec/idm-update-unbound-blocklists ${unbound_blocklist_url_file} ${unbound_whitelist_file} ${unbound_blocklist_dir} diff --git a/files/etc/exports.common b/files/etc/exports.nfs_server index 4ea7fd2..4ea7fd2 100644 --- a/files/etc/exports.common +++ b/files/etc/exports.nfs_server diff --git a/files/etc/login.conf.desktop b/files/etc/login.conf.desktop index 558c80a..919a887 100644 --- a/files/etc/login.conf.desktop +++ b/files/etc/login.conf.desktop @@ -2,7 +2,7 @@ default:\\ :passwd_format=sha512:\\ :copyright=/etc/COPYRIGHT:\\ :welcome=/var/run/motd:\\ - :setenv=BLOCKSIZE=K,XDG_DATA_DIRS=/usr/local/override\\c/usr/local/share,XDG_DATA_HOME=/usr/local/home/\$/.local/share,XDG_STATE_HOME=/usr/local/home/\$/.local/state,XDG_CACHE_HOME=/usr/local/home/\$/.cache,XDG_CONFIG_HOME=/usr/local/home/\$/.config,KDEHOME=/usr/local/home/\$/.kde:\\ + :setenv=BLOCKSIZE=K,XDG_DATA_DIRS=${xdg_override_dir}\\c/usr/local/share,XDG_DATA_HOME=/usr/local/home/\$/.local/share,XDG_STATE_HOME=/usr/local/home/\$/.local/state,XDG_CACHE_HOME=/usr/local/home/\$/.cache,XDG_CONFIG_HOME=/usr/local/home/\$/.config,KDEHOME=/usr/local/home/\$/.kde:\\ :mail=/var/mail/\$:\\ :path=/sbin /bin /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin ~/bin:\\ :nologin=/var/run/nologin:\\ diff --git a/files/etc/pam.d/cups.cups_server b/files/etc/pam.d/cups.cups_server index b61c074..03c2763 100644 --- a/files/etc/pam.d/cups.cups_server +++ b/files/etc/pam.d/cups.cups_server @@ -1,8 +1,6 @@ -# auth -auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass -auth required pam_unix.so no_warn try_first_pass +auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass +auth required pam_unix.so no_warn try_first_pass -# account -account required /usr/local/lib/security/pam_krb5.so -account required pam_login_access.so -account required pam_unix.so +account required /usr/local/lib/security/pam_krb5.so +account required pam_login_access.so +account required pam_unix.so diff --git a/files/etc/pam.d/kde.freebsd b/files/etc/pam.d/kde.freebsd index 2604c78..8f87b98 100644 --- a/files/etc/pam.d/kde.freebsd +++ b/files/etc/pam.d/kde.freebsd @@ -1,2 +1,5 @@ -auth required /usr/local/lib/security/pam_krb5.so try_first_pass -account required /usr/local/lib/security/pam_krb5.so +auth required /usr/local/lib/security/pam_krb5.so try_first_pass + +account required /usr/local/lib/security/pam_krb5.so +account required pam_login_access.so +account required pam_unix.so diff --git a/files/etc/pam.d/login.freebsd b/files/etc/pam.d/login.freebsd new file mode 100644 index 0000000..164fcb0 --- /dev/null +++ b/files/etc/pam.d/login.freebsd @@ -0,0 +1,16 @@ +auth sufficient pam_self.so no_warn +auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass +auth required pam_unix.so no_warn try_first_pass nullok + +account requisite pam_securetty.so +account required pam_nologin.so +account required /usr/local/lib/security/pam_krb5.so +account required pam_login_access.so +account required pam_unix.so + +session required pam_lastlog.so no_fail +session required pam_xdg.so +session required /usr/local/lib/security/pam_krb5.so + +password sufficient /usr/local/lib/security/pam_krb5.so try_first_pass +password required pam_unix.so no_warn try_first_pass diff --git a/files/etc/pam.d/sddm.freebsd b/files/etc/pam.d/sddm.freebsd index ef359ff..6a75823 100644 --- a/files/etc/pam.d/sddm.freebsd +++ b/files/etc/pam.d/sddm.freebsd @@ -2,15 +2,20 @@ # try multiple authentication sources (like krb5 but fall back to pam_unix) # if we want pam_kwallet5 to execute. # Hence, for sddm, we try krb5 only (no local accounts). -auth required /usr/local/lib/security/pam_krb5.so try_first_pass -auth optional pam_exec.so /usr/local/libexec/pam-create-local-homedir -auth optional pam_kwallet5.so +auth sufficient pam_self.so no_warn +auth required /usr/local/lib/security/pam_krb5.so try_first_pass +auth optional pam_exec.so /usr/local/libexec/pam-create-local-homedir +auth optional pam_kwallet5.so -account required /usr/local/lib/security/pam_krb5.so -account required pam_login_access.so -account required pam_unix.so +account requisite pam_securetty.so +account required pam_nologin.so +account required /usr/local/lib/security/pam_krb5.so +account required pam_login_access.so +account required pam_unix.so -session required pam_lastlog.so no_fail -session optional pam_kwallet5.so auto_start +session required pam_lastlog.so no_fail +session required pam_xdg.so no_fail +session required /usr/local/lib/security/pam_krb5.so +session optional pam_kwallet5.so auto_start -password required /usr/local/lib/security/pam_krb5.so try_first_pass +password required /usr/local/lib/security/pam_krb5.so try_first_pass diff --git a/files/etc/pam.d/sshd.freebsd b/files/etc/pam.d/sshd.freebsd index 57b281b..559a980 100644 --- a/files/etc/pam.d/sshd.freebsd +++ b/files/etc/pam.d/sshd.freebsd @@ -1,17 +1,13 @@ -# auth -auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass -auth required pam_unix.so no_warn try_first_pass +auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass +auth required pam_unix.so no_warn try_first_pass -# account -account required pam_nologin.so -account required /usr/local/lib/security/pam_krb5.so -account required pam_login_access.so -account required pam_unix.so +account required pam_nologin.so +account required /usr/local/lib/security/pam_krb5.so +account required pam_login_access.so +account required pam_unix.so -# session -session required /usr/local/lib/security/pam_krb5.so -session required pam_permit.so +session required /usr/local/lib/security/pam_krb5.so +session required pam_permit.so -# password password sufficient /usr/local/lib/security/pam_krb5.so try_first_pass password required pam_unix.so no_warn try_first_pass diff --git a/files/etc/pam.d/sudo.freebsd b/files/etc/pam.d/sudo.freebsd index 425bf4e..6a6b0a4 100644 --- a/files/etc/pam.d/sudo.freebsd +++ b/files/etc/pam.d/sudo.freebsd @@ -1,15 +1,11 @@ -# auth -auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass -auth required pam_unix.so no_warn try_first_pass +auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass +auth required pam_unix.so no_warn try_first_pass -# account account required /usr/local/lib/security/pam_krb5.so account required pam_login_access.so account required pam_unix.so -# session account required pam_permit.so -# password password sufficient /usr/local/lib/security/pam_krb5.so try_first_pass password required pam_unix.so no_warn try_first_pass diff --git a/files/etc/profile.d/kde.sh.common b/files/etc/profile.d/kde.sh.desktop index 010d5c1..010d5c1 100644 --- a/files/etc/profile.d/kde.sh.common +++ b/files/etc/profile.d/kde.sh.desktop diff --git a/files/etc/profile.d/kde.sh.laptop b/files/etc/profile.d/kde.sh.laptop new file mode 120000 index 0000000..a248985 --- /dev/null +++ b/files/etc/profile.d/kde.sh.laptop @@ -0,0 +1 @@ +kde.sh.desktop
\ No newline at end of file diff --git a/files/etc/profile.d/kde.sh.roadwarrior_laptop b/files/etc/profile.d/kde.sh.roadwarrior_laptop new file mode 120000 index 0000000..a248985 --- /dev/null +++ b/files/etc/profile.d/kde.sh.roadwarrior_laptop @@ -0,0 +1 @@ +kde.sh.desktop
\ No newline at end of file diff --git a/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.common b/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.desktop index d0bb2ae..d0bb2ae 100644 --- a/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.common +++ b/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.desktop diff --git a/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.laptop b/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.laptop new file mode 120000 index 0000000..6c13c1d --- /dev/null +++ b/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.laptop @@ -0,0 +1 @@ +terminus.conf.desktop
\ No newline at end of file diff --git a/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.roadwarrior_laptop b/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.roadwarrior_laptop new file mode 120000 index 0000000..6c13c1d --- /dev/null +++ b/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.roadwarrior_laptop @@ -0,0 +1 @@ +terminus.conf.desktop
\ No newline at end of file diff --git a/files/usr/local/etc/chromium/policies/managed/policies.json.common b/files/usr/local/etc/chromium/policies/managed/policies.json.desktop index 0e57885..93544cf 100644 --- a/files/usr/local/etc/chromium/policies/managed/policies.json.common +++ b/files/usr/local/etc/chromium/policies/managed/policies.json.desktop @@ -67,7 +67,7 @@ "extensions": { "cjpalhdlnbpafiamejdnhcphjbkeiagm": { "toOverwrite": { - "filterLists": [ + "selectedFilterLists": [ "user-filters", "ublock-filters", "ublock-badware", @@ -75,11 +75,14 @@ "ublock-abuse", "ublock-unbreak", "ublock-annoyances", + "ublock-cookies-easylist", + "fanboy-cookiemonster", "easylist", "easyprivacy", "urlhaus-1", "plowe-0", "fanboy-annoyance", + "fanboy-social", "fanboy-thirdparty_social", "adguard-spyware-url", "ublock-quick-fixes" @@ -87,7 +90,7 @@ }, "toAdd": { "trustedSiteDirectives": [ - "${domain}" + "$(join '","' "$domain" $ublock_whitelist)" ] } } diff --git a/files/usr/local/etc/chromium/policies/managed/policies.json.laptop b/files/usr/local/etc/chromium/policies/managed/policies.json.laptop new file mode 120000 index 0000000..93bcb92 --- /dev/null +++ b/files/usr/local/etc/chromium/policies/managed/policies.json.laptop @@ -0,0 +1 @@ +policies.json.desktop
\ No newline at end of file diff --git a/files/usr/local/etc/chromium/policies/managed/policies.json.roadwarrior_laptop b/files/usr/local/etc/chromium/policies/managed/policies.json.roadwarrior_laptop new file mode 120000 index 0000000..93bcb92 --- /dev/null +++ b/files/usr/local/etc/chromium/policies/managed/policies.json.roadwarrior_laptop @@ -0,0 +1 @@ +policies.json.desktop
\ No newline at end of file diff --git a/files/usr/local/etc/cups/client.conf.desktop b/files/usr/local/etc/cups/client.conf.desktop new file mode 100644 index 0000000..833b533 --- /dev/null +++ b/files/usr/local/etc/cups/client.conf.desktop @@ -0,0 +1,3 @@ +ServerName ${cups_host}.${domain}:631 +Encryption Required +ValidateCerts Yes diff --git a/files/usr/local/etc/cups/client.conf.laptop b/files/usr/local/etc/cups/client.conf.laptop new file mode 120000 index 0000000..9644ac0 --- /dev/null +++ b/files/usr/local/etc/cups/client.conf.laptop @@ -0,0 +1 @@ +client.conf.desktop
\ No newline at end of file diff --git a/files/usr/local/etc/cups/client.conf.roadwarrior_laptop b/files/usr/local/etc/cups/client.conf.roadwarrior_laptop new file mode 120000 index 0000000..9644ac0 --- /dev/null +++ b/files/usr/local/etc/cups/client.conf.roadwarrior_laptop @@ -0,0 +1 @@ +client.conf.desktop
\ No newline at end of file diff --git a/files/usr/local/etc/cups/cupsd.conf.cups_server b/files/usr/local/etc/cups/cupsd.conf.cups_server index 25e2107..e5d90c2 100644 --- a/files/usr/local/etc/cups/cupsd.conf.cups_server +++ b/files/usr/local/etc/cups/cupsd.conf.cups_server @@ -11,7 +11,6 @@ MaxLogSize 1m # Default error policy for printers ErrorPolicy retry-job -# Only listen for connections from the local machine. Listen 80 Listen 631 Listen /var/run/cups/cups.sock @@ -29,9 +28,6 @@ DefaultEncryption Required # Web interface setting... WebInterface Yes -# Timeout after cupsd exits if idle (applied only if cupsd runs on-demand - with -l) -IdleExitTimeout 60 - # Restrict access to the server... <Location /> Order allow,deny diff --git a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository index bc8f89c..3e612a0 100644 --- a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository +++ b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository @@ -14,6 +14,8 @@ databases_luadbi_SET=PGSQL databases_postgresql${postgresql_version}-client_SET=PAM LDAP databases_postgresql${postgresql_version}-server_SET=PAM LDAP devel_apr1_SET=LDAP +devel_electron30_SET=PULSEAUDIO +devel_electron30_UNSET=SNDIO devel_gitolite_SET=GITUSER devel_kio-extras_UNSET=AFC devel_librelp_UNSET=GNUTLS @@ -40,9 +42,11 @@ mail_mutt_UNSET=HTML mail_postfix_SET=LDAP SASL SASLKRB5 mail_rspamd_SET=HYPERSCAN misc_kdeutils_UNSET=KFLOPPY KTEATIME +multimedia_audacious_plugins_SET=LAME multimedia_ffmpeg_SET=OPENSSL multimedia_ffmpeg_UNSET=GNUTLS multimedia_kdemultimedia_UNSET=KDENLIVE +multimedia_pipewire_UNSET=JACK multimedia_qt6-multimedia_SET=ALSA multimedia_vlc_SET=FLAC MPEG2 X264 X265 VPX DCA FAAD AOM multimedia_webcamd_UNSET=DVB INPUT RADIO diff --git a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository index 2740c85..866c358 100644 --- a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository +++ b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository @@ -3,6 +3,7 @@ archivers/php${php_version}-phar archivers/php${php_version}-zip archivers/unzip archivers/zip +audio/elisa audio/juk audio/kid3 audio/kmix @@ -19,6 +20,7 @@ databases/postgresql${postgresql_version}-server databases/redis devel/ccache devel/cgit +devel/electron30 devel/git@lite devel/gitolite devel/php${php_version}-gettext @@ -58,9 +60,13 @@ mail/postfix mail/rspamd mail/sieve-connect misc/php${php_version}-calendar -multimedia/audacious +multimedia/audacious-plugins@qt5 +multimedia/audacious@qt5 multimedia/libva-intel-media-driver +multimedia/libva-utils +multimedia/libvdpau-va-gl multimedia/makemkv +multimedia/vdpauinfo multimedia/v4l-utils multimedia/v4l_compat multimedia/webcamd @@ -96,9 +102,11 @@ security/openssh-portable security/pam_krb5@mit security/pam_mkhomedir security/php${php_version}-filter +security/py-omemo-dr security/sshpass security/sudo security/vaultwarden +sysutils/cpu-microcode sysutils/htop sysutils/k3b sysutils/lsof @@ -138,6 +146,7 @@ x11-fonts/terminus-font x11-fonts/terminus-ttf x11-fonts/ubuntu-font x11-fonts/webfonts +x11-toolkits/gtksourceview4 x11/kde5 x11/sddm x11/xev diff --git a/files/usr/local/etc/sddm.conf.common b/files/usr/local/etc/sddm.conf.desktop index 09c2000..09c2000 100644 --- a/files/usr/local/etc/sddm.conf.common +++ b/files/usr/local/etc/sddm.conf.desktop diff --git a/files/usr/local/etc/sddm.conf.laptop b/files/usr/local/etc/sddm.conf.laptop new file mode 120000 index 0000000..a2aa201 --- /dev/null +++ b/files/usr/local/etc/sddm.conf.laptop @@ -0,0 +1 @@ +sddm.conf.desktop
\ No newline at end of file diff --git a/files/usr/local/etc/sddm.conf.roadwarrior_laptop b/files/usr/local/etc/sddm.conf.roadwarrior_laptop new file mode 120000 index 0000000..a2aa201 --- /dev/null +++ b/files/usr/local/etc/sddm.conf.roadwarrior_laptop @@ -0,0 +1 @@ +sddm.conf.desktop
\ No newline at end of file diff --git a/files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.desktop b/files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.desktop new file mode 100644 index 0000000..43d85fb --- /dev/null +++ b/files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.desktop @@ -0,0 +1,6 @@ +[Desktop Entry] +Type=Application +Name=Add site root CA to user NSS database. +Exec=/usr/local/libexec/nss-trust-root-ca +StartupNotify=false +NoDisplay=true diff --git a/files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.laptop b/files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.laptop new file mode 120000 index 0000000..8a3cf1a --- /dev/null +++ b/files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.laptop @@ -0,0 +1 @@ +nss-trust-root-ca.desktop.desktop
\ No newline at end of file diff --git a/files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.roadwarrior_laptop b/files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.roadwarrior_laptop new file mode 120000 index 0000000..8a3cf1a --- /dev/null +++ b/files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.roadwarrior_laptop @@ -0,0 +1 @@ +nss-trust-root-ca.desktop.desktop
\ No newline at end of file diff --git a/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.common b/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.common deleted file mode 100644 index 1808561..0000000 --- a/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.common +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -pkill signal-desktop chrome baloo_file -pkill -f /usr/local/libexec/geoclue-2.0/demos/agent diff --git a/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.desktop b/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.desktop new file mode 100644 index 0000000..3d1e79e --- /dev/null +++ b/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.desktop @@ -0,0 +1,7 @@ +#!/bin/sh + +# Various processes seem to hang around after logging out of KDE sessions. +# Clean them up here. + +pkill signal-desktop chrome baloo_file dirmngr +pkill -f /usr/local/libexec/geoclue-2.0/demos/agent diff --git a/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.laptop b/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.laptop new file mode 120000 index 0000000..e2cb280 --- /dev/null +++ b/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.laptop @@ -0,0 +1 @@ +cleanup.sh.desktop
\ No newline at end of file diff --git a/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.roadwarrior_laptop b/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.roadwarrior_laptop new file mode 120000 index 0000000..e2cb280 --- /dev/null +++ b/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.roadwarrior_laptop @@ -0,0 +1 @@ +cleanup.sh.desktop
\ No newline at end of file diff --git a/files/usr/local/lib/firefox/distribution/policies.json.common b/files/usr/local/lib/firefox/distribution/policies.json.desktop index 425a6d6..de93355 100644 --- a/files/usr/local/lib/firefox/distribution/policies.json.common +++ b/files/usr/local/lib/firefox/distribution/policies.json.desktop @@ -22,7 +22,7 @@ "Extensions": { "uBlock0@raymondhill.net": { "toOverwrite": { - "filterLists": [ + "selectedFilterLists": [ "user-filters", "ublock-filters", "ublock-badware", @@ -30,11 +30,14 @@ "ublock-abuse", "ublock-unbreak", "ublock-annoyances", + "ublock-cookies-easylist", + "fanboy-cookiemonster", "easylist", "easyprivacy", "urlhaus-1", "plowe-0", "fanboy-annoyance", + "fanboy-social", "fanboy-thirdparty_social", "adguard-spyware-url", "ublock-quick-fixes" @@ -42,7 +45,7 @@ }, "toAdd": { "trustedSiteDirectives": [ - "${domain}" + "$(join '","' "$domain" $ublock_whitelist)" ] } } diff --git a/files/usr/local/lib/firefox/distribution/policies.json.laptop b/files/usr/local/lib/firefox/distribution/policies.json.laptop new file mode 120000 index 0000000..93bcb92 --- /dev/null +++ b/files/usr/local/lib/firefox/distribution/policies.json.laptop @@ -0,0 +1 @@ +policies.json.desktop
\ No newline at end of file diff --git a/files/usr/local/lib/firefox/distribution/policies.json.roadwarrior_laptop b/files/usr/local/lib/firefox/distribution/policies.json.roadwarrior_laptop new file mode 120000 index 0000000..93bcb92 --- /dev/null +++ b/files/usr/local/lib/firefox/distribution/policies.json.roadwarrior_laptop @@ -0,0 +1 @@ +policies.json.desktop
\ No newline at end of file diff --git a/files/usr/local/lib/libreoffice/program/sofficerc.common b/files/usr/local/lib/libreoffice/program/sofficerc.desktop index 77574a4..77574a4 100644 --- a/files/usr/local/lib/libreoffice/program/sofficerc.common +++ b/files/usr/local/lib/libreoffice/program/sofficerc.desktop diff --git a/files/usr/local/lib/libreoffice/program/sofficerc.laptop b/files/usr/local/lib/libreoffice/program/sofficerc.laptop new file mode 120000 index 0000000..0d2b44a --- /dev/null +++ b/files/usr/local/lib/libreoffice/program/sofficerc.laptop @@ -0,0 +1 @@ +sofficerc.desktop
\ No newline at end of file diff --git a/files/usr/local/lib/libreoffice/program/sofficerc.roadwarrior_laptop b/files/usr/local/lib/libreoffice/program/sofficerc.roadwarrior_laptop new file mode 120000 index 0000000..0d2b44a --- /dev/null +++ b/files/usr/local/lib/libreoffice/program/sofficerc.roadwarrior_laptop @@ -0,0 +1 @@ +sofficerc.desktop
\ No newline at end of file diff --git a/files/usr/local/libexec/idm-update-unbound-blocklists.idm_server b/files/usr/local/libexec/idm-update-unbound-blocklists.idm_server index c33b909..381032d 100644 --- a/files/usr/local/libexec/idm-update-unbound-blocklists.idm_server +++ b/files/usr/local/libexec/idm-update-unbound-blocklists.idm_server @@ -3,8 +3,7 @@ set -eu -o pipefail prog=$(basename "$(readlink -f "$0")") -usage="${prog} BLOCKLIST_DIR - Blocklist URLs are read from stdin." +usage="${prog} URL_FILE WHITELIST_FILE BLOCKLIST_DIR" die() { printf '%s: %s\n' "$prog" "$*" 1>&2 @@ -16,17 +15,41 @@ usage(){ exit 2 } -[ $# -eq 1 ] || usage -case $1 in +case ${1:-} in -h|--help) usage ;; esac -[ -d "$1" ] || die "not a directory: ${1}" +[ $# -eq 3 ] || usage -cd "$1" +url_file=$1 +whitelist_file=$2 +blocklist_dir=$3 +[ -d "$blocklist_dir" ] || die "not a directory: ${blocklist_dir}" + +cd "$blocklist_dir" + +# Delete any existing zone files. find . -maxdepth 1 -type f -exec rm {} + -while read -r name url; do - [ -n "$url" ] && curl -sSfL -o "${name}.zone" "$url" -done +if grep -q '[^[:space:]]' "$whitelist_file"; then + # If the whitelist file is non empty, compute a regex. + while read -r pattern; do + [ -n "$pattern" ] || continue + whitelist_regex="${whitelist_regex:+"${whitelist_regex}|"}${pattern}" + done < "$whitelist_file" + + # For each blocklist url, download the blocklist and filter out the whitelist. + while read -r name url; do + [ -n "$url" ] && curl -sSfL "$url" | grep -Ev "^(.*\\.)?(${whitelist_regex})[[:space:]]" > "${name}.zone" + done < "$url_file" +else + # If no whitelist configured, just download each blocklist. + while read -r name url; do + [ -n "$url" ] && curl -sSfL -o "${name}.zone" "$url" + done < "$url_file" +fi + +# Try to reload unbound. +unbound_pidfile=$(/usr/local/sbin/unbound-checkconf -o pidfile /usr/local/etc/unbound/unbound.conf) +kill -HUP "$(cat "$unbound_pidfile")" ||: diff --git a/files/usr/local/libexec/nss-trust-root-ca.common b/files/usr/local/libexec/nss-trust-root-ca.common new file mode 100644 index 0000000..6a38a86 --- /dev/null +++ b/files/usr/local/libexec/nss-trust-root-ca.common @@ -0,0 +1,16 @@ +#!/bin/sh + +# Chromium no longer trusts the system certificate store. Instead, it uses the +# user's local NSS database, located at ~/.pki. +# +# This script adds our local root CA to the NSS DB, so that Chrome will trust it. + +cert_name="$(hostname -d) Root CA" +cert_path=/usr/local/etc/ssl/certs/ca.crt +nss_db_path="${HOME}/.pki/nssdb" + +mkdir -p "$nss_db_path" + +if ! certutil -d "sql:${nss_db_path}" -L -n "$cert_name" > /dev/null 2>&1; then + certutil -d "sql:${nss_db_path}" -A -t 'C,,' -n "$cert_name" -i "$cert_path" +fi diff --git a/files/usr/local/libexec/pam-create-local-homedir.common b/files/usr/local/libexec/pam-create-local-homedir.common index a956d65..2d30d06 100644 --- a/files/usr/local/libexec/pam-create-local-homedir.common +++ b/files/usr/local/libexec/pam-create-local-homedir.common @@ -1,10 +1,3 @@ #!/bin/sh -set -e - -uid=$(id -u "$PAM_USER") - -if [ "$uid" -ge 1000 ]; then - install -m 0755 -d /usr/local/home - install -o "$uid" -g "$uid" -m 0700 -d "/usr/local/home/${PAM_USER}" -fi +install -o "$PAM_USER" -g "$PAM_USER" -m 0700 -d "/usr/local/home/${PAM_USER}" diff --git a/files/usr/local/share-override/applications/chromium-browser.desktop.desktop b/files/usr/local/share-override/applications/chromium-browser.desktop.desktop new file mode 100644 index 0000000..cb5a5bf --- /dev/null +++ b/files/usr/local/share-override/applications/chromium-browser.desktop.desktop @@ -0,0 +1,11 @@ +[Desktop Entry] +Type=Application +Version=1.0 +Encoding=UTF-8 +Name=Chromium +Comment=Google web browser based on WebKit +Icon=chrome +Exec=chrome ${chrome_flags} %U +Categories=Application;Network;WebBrowser; +MimeType=text/html;text/xml;application/xhtml+xml;x-scheme-handler/http;x-scheme-handler/https;x-scheme-handler/ftp; +StartupNotify=true diff --git a/files/usr/local/share-override/applications/chromium-browser.desktop.laptop b/files/usr/local/share-override/applications/chromium-browser.desktop.laptop new file mode 120000 index 0000000..351c67b --- /dev/null +++ b/files/usr/local/share-override/applications/chromium-browser.desktop.laptop @@ -0,0 +1 @@ +chromium-browser.desktop.desktop
\ No newline at end of file diff --git a/files/usr/local/share-override/applications/chromium-browser.desktop.roadwarrior_laptop b/files/usr/local/share-override/applications/chromium-browser.desktop.roadwarrior_laptop new file mode 120000 index 0000000..351c67b --- /dev/null +++ b/files/usr/local/share-override/applications/chromium-browser.desktop.roadwarrior_laptop @@ -0,0 +1 @@ +chromium-browser.desktop.desktop
\ No newline at end of file diff --git a/files/usr/local/override/applications/signal-desktop.desktop.common b/files/usr/local/share-override/applications/signal-desktop.desktop.desktop index d0c9160..d0c9160 100644 --- a/files/usr/local/override/applications/signal-desktop.desktop.common +++ b/files/usr/local/share-override/applications/signal-desktop.desktop.desktop diff --git a/files/usr/local/share-override/applications/signal-desktop.desktop.laptop b/files/usr/local/share-override/applications/signal-desktop.desktop.laptop new file mode 120000 index 0000000..6a702d4 --- /dev/null +++ b/files/usr/local/share-override/applications/signal-desktop.desktop.laptop @@ -0,0 +1 @@ +signal-desktop.desktop.desktop
\ No newline at end of file diff --git a/files/usr/local/share-override/applications/signal-desktop.desktop.roadwarrior_laptop b/files/usr/local/share-override/applications/signal-desktop.desktop.roadwarrior_laptop new file mode 120000 index 0000000..6a702d4 --- /dev/null +++ b/files/usr/local/share-override/applications/signal-desktop.desktop.roadwarrior_laptop @@ -0,0 +1 @@ +signal-desktop.desktop.desktop
\ No newline at end of file |