aboutsummaryrefslogtreecommitdiff
path: root/files
diff options
context:
space:
mode:
Diffstat (limited to 'files')
-rw-r--r--files/etc/cron.d/unbound.idm_server2
-rw-r--r--files/etc/exports.nfs_server (renamed from files/etc/exports.common)0
-rw-r--r--files/etc/login.conf.desktop2
-rw-r--r--files/etc/pam.d/cups.cups_server12
-rw-r--r--files/etc/pam.d/kde.freebsd7
-rw-r--r--files/etc/pam.d/login.freebsd16
-rw-r--r--files/etc/pam.d/sddm.freebsd23
-rw-r--r--files/etc/pam.d/sshd.freebsd20
-rw-r--r--files/etc/pam.d/sudo.freebsd8
-rw-r--r--files/etc/profile.d/kde.sh.desktop (renamed from files/etc/profile.d/kde.sh.common)0
l---------files/etc/profile.d/kde.sh.laptop1
l---------files/etc/profile.d/kde.sh.roadwarrior_laptop1
-rw-r--r--files/usr/local/etc/X11/xorg.conf.d/terminus.conf.desktop (renamed from files/usr/local/etc/X11/xorg.conf.d/terminus.conf.common)0
l---------files/usr/local/etc/X11/xorg.conf.d/terminus.conf.laptop1
l---------files/usr/local/etc/X11/xorg.conf.d/terminus.conf.roadwarrior_laptop1
-rw-r--r--files/usr/local/etc/chromium/policies/managed/policies.json.desktop (renamed from files/usr/local/etc/chromium/policies/managed/policies.json.common)7
l---------files/usr/local/etc/chromium/policies/managed/policies.json.laptop1
l---------files/usr/local/etc/chromium/policies/managed/policies.json.roadwarrior_laptop1
-rw-r--r--files/usr/local/etc/cups/client.conf.desktop3
l---------files/usr/local/etc/cups/client.conf.laptop1
l---------files/usr/local/etc/cups/client.conf.roadwarrior_laptop1
-rw-r--r--files/usr/local/etc/cups/cupsd.conf.cups_server4
-rw-r--r--files/usr/local/etc/poudriere.d/make.conf.pkg_repository4
-rw-r--r--files/usr/local/etc/poudriere.d/pkglist.pkg_repository11
-rw-r--r--files/usr/local/etc/sddm.conf.desktop (renamed from files/usr/local/etc/sddm.conf.common)0
l---------files/usr/local/etc/sddm.conf.laptop1
l---------files/usr/local/etc/sddm.conf.roadwarrior_laptop1
-rw-r--r--files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.desktop6
l---------files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.laptop1
l---------files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.roadwarrior_laptop1
-rw-r--r--files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.common4
-rw-r--r--files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.desktop7
l---------files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.laptop1
l---------files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.roadwarrior_laptop1
-rw-r--r--files/usr/local/lib/firefox/distribution/policies.json.desktop (renamed from files/usr/local/lib/firefox/distribution/policies.json.common)7
l---------files/usr/local/lib/firefox/distribution/policies.json.laptop1
l---------files/usr/local/lib/firefox/distribution/policies.json.roadwarrior_laptop1
-rw-r--r--files/usr/local/lib/libreoffice/program/sofficerc.desktop (renamed from files/usr/local/lib/libreoffice/program/sofficerc.common)0
l---------files/usr/local/lib/libreoffice/program/sofficerc.laptop1
l---------files/usr/local/lib/libreoffice/program/sofficerc.roadwarrior_laptop1
-rw-r--r--files/usr/local/libexec/idm-update-unbound-blocklists.idm_server41
-rw-r--r--files/usr/local/libexec/nss-trust-root-ca.common16
-rw-r--r--files/usr/local/libexec/pam-create-local-homedir.common9
-rw-r--r--files/usr/local/share-override/applications/chromium-browser.desktop.desktop11
l---------files/usr/local/share-override/applications/chromium-browser.desktop.laptop1
l---------files/usr/local/share-override/applications/chromium-browser.desktop.roadwarrior_laptop1
-rw-r--r--files/usr/local/share-override/applications/signal-desktop.desktop.desktop (renamed from files/usr/local/override/applications/signal-desktop.desktop.common)0
l---------files/usr/local/share-override/applications/signal-desktop.desktop.laptop1
l---------files/usr/local/share-override/applications/signal-desktop.desktop.roadwarrior_laptop1
49 files changed, 175 insertions, 67 deletions
diff --git a/files/etc/cron.d/unbound.idm_server b/files/etc/cron.d/unbound.idm_server
new file mode 100644
index 0000000..56d8809
--- /dev/null
+++ b/files/etc/cron.d/unbound.idm_server
@@ -0,0 +1,2 @@
+MAILTO=root
+@daily ${unbound_user} /usr/local/libexec/idm-update-unbound-blocklists ${unbound_blocklist_url_file} ${unbound_whitelist_file} ${unbound_blocklist_dir}
diff --git a/files/etc/exports.common b/files/etc/exports.nfs_server
index 4ea7fd2..4ea7fd2 100644
--- a/files/etc/exports.common
+++ b/files/etc/exports.nfs_server
diff --git a/files/etc/login.conf.desktop b/files/etc/login.conf.desktop
index 558c80a..919a887 100644
--- a/files/etc/login.conf.desktop
+++ b/files/etc/login.conf.desktop
@@ -2,7 +2,7 @@ default:\\
:passwd_format=sha512:\\
:copyright=/etc/COPYRIGHT:\\
:welcome=/var/run/motd:\\
- :setenv=BLOCKSIZE=K,XDG_DATA_DIRS=/usr/local/override\\c/usr/local/share,XDG_DATA_HOME=/usr/local/home/\$/.local/share,XDG_STATE_HOME=/usr/local/home/\$/.local/state,XDG_CACHE_HOME=/usr/local/home/\$/.cache,XDG_CONFIG_HOME=/usr/local/home/\$/.config,KDEHOME=/usr/local/home/\$/.kde:\\
+ :setenv=BLOCKSIZE=K,XDG_DATA_DIRS=${xdg_override_dir}\\c/usr/local/share,XDG_DATA_HOME=/usr/local/home/\$/.local/share,XDG_STATE_HOME=/usr/local/home/\$/.local/state,XDG_CACHE_HOME=/usr/local/home/\$/.cache,XDG_CONFIG_HOME=/usr/local/home/\$/.config,KDEHOME=/usr/local/home/\$/.kde:\\
:mail=/var/mail/\$:\\
:path=/sbin /bin /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin ~/bin:\\
:nologin=/var/run/nologin:\\
diff --git a/files/etc/pam.d/cups.cups_server b/files/etc/pam.d/cups.cups_server
index b61c074..03c2763 100644
--- a/files/etc/pam.d/cups.cups_server
+++ b/files/etc/pam.d/cups.cups_server
@@ -1,8 +1,6 @@
-# auth
-auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass
-auth required pam_unix.so no_warn try_first_pass
+auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass
+auth required pam_unix.so no_warn try_first_pass
-# account
-account required /usr/local/lib/security/pam_krb5.so
-account required pam_login_access.so
-account required pam_unix.so
+account required /usr/local/lib/security/pam_krb5.so
+account required pam_login_access.so
+account required pam_unix.so
diff --git a/files/etc/pam.d/kde.freebsd b/files/etc/pam.d/kde.freebsd
index 2604c78..8f87b98 100644
--- a/files/etc/pam.d/kde.freebsd
+++ b/files/etc/pam.d/kde.freebsd
@@ -1,2 +1,5 @@
-auth required /usr/local/lib/security/pam_krb5.so try_first_pass
-account required /usr/local/lib/security/pam_krb5.so
+auth required /usr/local/lib/security/pam_krb5.so try_first_pass
+
+account required /usr/local/lib/security/pam_krb5.so
+account required pam_login_access.so
+account required pam_unix.so
diff --git a/files/etc/pam.d/login.freebsd b/files/etc/pam.d/login.freebsd
new file mode 100644
index 0000000..164fcb0
--- /dev/null
+++ b/files/etc/pam.d/login.freebsd
@@ -0,0 +1,16 @@
+auth sufficient pam_self.so no_warn
+auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass
+auth required pam_unix.so no_warn try_first_pass nullok
+
+account requisite pam_securetty.so
+account required pam_nologin.so
+account required /usr/local/lib/security/pam_krb5.so
+account required pam_login_access.so
+account required pam_unix.so
+
+session required pam_lastlog.so no_fail
+session required pam_xdg.so
+session required /usr/local/lib/security/pam_krb5.so
+
+password sufficient /usr/local/lib/security/pam_krb5.so try_first_pass
+password required pam_unix.so no_warn try_first_pass
diff --git a/files/etc/pam.d/sddm.freebsd b/files/etc/pam.d/sddm.freebsd
index ef359ff..6a75823 100644
--- a/files/etc/pam.d/sddm.freebsd
+++ b/files/etc/pam.d/sddm.freebsd
@@ -2,15 +2,20 @@
# try multiple authentication sources (like krb5 but fall back to pam_unix)
# if we want pam_kwallet5 to execute.
# Hence, for sddm, we try krb5 only (no local accounts).
-auth required /usr/local/lib/security/pam_krb5.so try_first_pass
-auth optional pam_exec.so /usr/local/libexec/pam-create-local-homedir
-auth optional pam_kwallet5.so
+auth sufficient pam_self.so no_warn
+auth required /usr/local/lib/security/pam_krb5.so try_first_pass
+auth optional pam_exec.so /usr/local/libexec/pam-create-local-homedir
+auth optional pam_kwallet5.so
-account required /usr/local/lib/security/pam_krb5.so
-account required pam_login_access.so
-account required pam_unix.so
+account requisite pam_securetty.so
+account required pam_nologin.so
+account required /usr/local/lib/security/pam_krb5.so
+account required pam_login_access.so
+account required pam_unix.so
-session required pam_lastlog.so no_fail
-session optional pam_kwallet5.so auto_start
+session required pam_lastlog.so no_fail
+session required pam_xdg.so no_fail
+session required /usr/local/lib/security/pam_krb5.so
+session optional pam_kwallet5.so auto_start
-password required /usr/local/lib/security/pam_krb5.so try_first_pass
+password required /usr/local/lib/security/pam_krb5.so try_first_pass
diff --git a/files/etc/pam.d/sshd.freebsd b/files/etc/pam.d/sshd.freebsd
index 57b281b..559a980 100644
--- a/files/etc/pam.d/sshd.freebsd
+++ b/files/etc/pam.d/sshd.freebsd
@@ -1,17 +1,13 @@
-# auth
-auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass
-auth required pam_unix.so no_warn try_first_pass
+auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass
+auth required pam_unix.so no_warn try_first_pass
-# account
-account required pam_nologin.so
-account required /usr/local/lib/security/pam_krb5.so
-account required pam_login_access.so
-account required pam_unix.so
+account required pam_nologin.so
+account required /usr/local/lib/security/pam_krb5.so
+account required pam_login_access.so
+account required pam_unix.so
-# session
-session required /usr/local/lib/security/pam_krb5.so
-session required pam_permit.so
+session required /usr/local/lib/security/pam_krb5.so
+session required pam_permit.so
-# password
password sufficient /usr/local/lib/security/pam_krb5.so try_first_pass
password required pam_unix.so no_warn try_first_pass
diff --git a/files/etc/pam.d/sudo.freebsd b/files/etc/pam.d/sudo.freebsd
index 425bf4e..6a6b0a4 100644
--- a/files/etc/pam.d/sudo.freebsd
+++ b/files/etc/pam.d/sudo.freebsd
@@ -1,15 +1,11 @@
-# auth
-auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass
-auth required pam_unix.so no_warn try_first_pass
+auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass
+auth required pam_unix.so no_warn try_first_pass
-# account
account required /usr/local/lib/security/pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
-# session
account required pam_permit.so
-# password
password sufficient /usr/local/lib/security/pam_krb5.so try_first_pass
password required pam_unix.so no_warn try_first_pass
diff --git a/files/etc/profile.d/kde.sh.common b/files/etc/profile.d/kde.sh.desktop
index 010d5c1..010d5c1 100644
--- a/files/etc/profile.d/kde.sh.common
+++ b/files/etc/profile.d/kde.sh.desktop
diff --git a/files/etc/profile.d/kde.sh.laptop b/files/etc/profile.d/kde.sh.laptop
new file mode 120000
index 0000000..a248985
--- /dev/null
+++ b/files/etc/profile.d/kde.sh.laptop
@@ -0,0 +1 @@
+kde.sh.desktop \ No newline at end of file
diff --git a/files/etc/profile.d/kde.sh.roadwarrior_laptop b/files/etc/profile.d/kde.sh.roadwarrior_laptop
new file mode 120000
index 0000000..a248985
--- /dev/null
+++ b/files/etc/profile.d/kde.sh.roadwarrior_laptop
@@ -0,0 +1 @@
+kde.sh.desktop \ No newline at end of file
diff --git a/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.common b/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.desktop
index d0bb2ae..d0bb2ae 100644
--- a/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.common
+++ b/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.desktop
diff --git a/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.laptop b/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.laptop
new file mode 120000
index 0000000..6c13c1d
--- /dev/null
+++ b/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.laptop
@@ -0,0 +1 @@
+terminus.conf.desktop \ No newline at end of file
diff --git a/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.roadwarrior_laptop b/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.roadwarrior_laptop
new file mode 120000
index 0000000..6c13c1d
--- /dev/null
+++ b/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.roadwarrior_laptop
@@ -0,0 +1 @@
+terminus.conf.desktop \ No newline at end of file
diff --git a/files/usr/local/etc/chromium/policies/managed/policies.json.common b/files/usr/local/etc/chromium/policies/managed/policies.json.desktop
index 0e57885..93544cf 100644
--- a/files/usr/local/etc/chromium/policies/managed/policies.json.common
+++ b/files/usr/local/etc/chromium/policies/managed/policies.json.desktop
@@ -67,7 +67,7 @@
"extensions": {
"cjpalhdlnbpafiamejdnhcphjbkeiagm": {
"toOverwrite": {
- "filterLists": [
+ "selectedFilterLists": [
"user-filters",
"ublock-filters",
"ublock-badware",
@@ -75,11 +75,14 @@
"ublock-abuse",
"ublock-unbreak",
"ublock-annoyances",
+ "ublock-cookies-easylist",
+ "fanboy-cookiemonster",
"easylist",
"easyprivacy",
"urlhaus-1",
"plowe-0",
"fanboy-annoyance",
+ "fanboy-social",
"fanboy-thirdparty_social",
"adguard-spyware-url",
"ublock-quick-fixes"
@@ -87,7 +90,7 @@
},
"toAdd": {
"trustedSiteDirectives": [
- "${domain}"
+ "$(join '","' "$domain" $ublock_whitelist)"
]
}
}
diff --git a/files/usr/local/etc/chromium/policies/managed/policies.json.laptop b/files/usr/local/etc/chromium/policies/managed/policies.json.laptop
new file mode 120000
index 0000000..93bcb92
--- /dev/null
+++ b/files/usr/local/etc/chromium/policies/managed/policies.json.laptop
@@ -0,0 +1 @@
+policies.json.desktop \ No newline at end of file
diff --git a/files/usr/local/etc/chromium/policies/managed/policies.json.roadwarrior_laptop b/files/usr/local/etc/chromium/policies/managed/policies.json.roadwarrior_laptop
new file mode 120000
index 0000000..93bcb92
--- /dev/null
+++ b/files/usr/local/etc/chromium/policies/managed/policies.json.roadwarrior_laptop
@@ -0,0 +1 @@
+policies.json.desktop \ No newline at end of file
diff --git a/files/usr/local/etc/cups/client.conf.desktop b/files/usr/local/etc/cups/client.conf.desktop
new file mode 100644
index 0000000..833b533
--- /dev/null
+++ b/files/usr/local/etc/cups/client.conf.desktop
@@ -0,0 +1,3 @@
+ServerName ${cups_host}.${domain}:631
+Encryption Required
+ValidateCerts Yes
diff --git a/files/usr/local/etc/cups/client.conf.laptop b/files/usr/local/etc/cups/client.conf.laptop
new file mode 120000
index 0000000..9644ac0
--- /dev/null
+++ b/files/usr/local/etc/cups/client.conf.laptop
@@ -0,0 +1 @@
+client.conf.desktop \ No newline at end of file
diff --git a/files/usr/local/etc/cups/client.conf.roadwarrior_laptop b/files/usr/local/etc/cups/client.conf.roadwarrior_laptop
new file mode 120000
index 0000000..9644ac0
--- /dev/null
+++ b/files/usr/local/etc/cups/client.conf.roadwarrior_laptop
@@ -0,0 +1 @@
+client.conf.desktop \ No newline at end of file
diff --git a/files/usr/local/etc/cups/cupsd.conf.cups_server b/files/usr/local/etc/cups/cupsd.conf.cups_server
index 25e2107..e5d90c2 100644
--- a/files/usr/local/etc/cups/cupsd.conf.cups_server
+++ b/files/usr/local/etc/cups/cupsd.conf.cups_server
@@ -11,7 +11,6 @@ MaxLogSize 1m
# Default error policy for printers
ErrorPolicy retry-job
-# Only listen for connections from the local machine.
Listen 80
Listen 631
Listen /var/run/cups/cups.sock
@@ -29,9 +28,6 @@ DefaultEncryption Required
# Web interface setting...
WebInterface Yes
-# Timeout after cupsd exits if idle (applied only if cupsd runs on-demand - with -l)
-IdleExitTimeout 60
-
# Restrict access to the server...
<Location />
Order allow,deny
diff --git a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository
index bc8f89c..3e612a0 100644
--- a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository
+++ b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository
@@ -14,6 +14,8 @@ databases_luadbi_SET=PGSQL
databases_postgresql${postgresql_version}-client_SET=PAM LDAP
databases_postgresql${postgresql_version}-server_SET=PAM LDAP
devel_apr1_SET=LDAP
+devel_electron30_SET=PULSEAUDIO
+devel_electron30_UNSET=SNDIO
devel_gitolite_SET=GITUSER
devel_kio-extras_UNSET=AFC
devel_librelp_UNSET=GNUTLS
@@ -40,9 +42,11 @@ mail_mutt_UNSET=HTML
mail_postfix_SET=LDAP SASL SASLKRB5
mail_rspamd_SET=HYPERSCAN
misc_kdeutils_UNSET=KFLOPPY KTEATIME
+multimedia_audacious_plugins_SET=LAME
multimedia_ffmpeg_SET=OPENSSL
multimedia_ffmpeg_UNSET=GNUTLS
multimedia_kdemultimedia_UNSET=KDENLIVE
+multimedia_pipewire_UNSET=JACK
multimedia_qt6-multimedia_SET=ALSA
multimedia_vlc_SET=FLAC MPEG2 X264 X265 VPX DCA FAAD AOM
multimedia_webcamd_UNSET=DVB INPUT RADIO
diff --git a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository
index 2740c85..866c358 100644
--- a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository
+++ b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository
@@ -3,6 +3,7 @@ archivers/php${php_version}-phar
archivers/php${php_version}-zip
archivers/unzip
archivers/zip
+audio/elisa
audio/juk
audio/kid3
audio/kmix
@@ -19,6 +20,7 @@ databases/postgresql${postgresql_version}-server
databases/redis
devel/ccache
devel/cgit
+devel/electron30
devel/git@lite
devel/gitolite
devel/php${php_version}-gettext
@@ -58,9 +60,13 @@ mail/postfix
mail/rspamd
mail/sieve-connect
misc/php${php_version}-calendar
-multimedia/audacious
+multimedia/audacious-plugins@qt5
+multimedia/audacious@qt5
multimedia/libva-intel-media-driver
+multimedia/libva-utils
+multimedia/libvdpau-va-gl
multimedia/makemkv
+multimedia/vdpauinfo
multimedia/v4l-utils
multimedia/v4l_compat
multimedia/webcamd
@@ -96,9 +102,11 @@ security/openssh-portable
security/pam_krb5@mit
security/pam_mkhomedir
security/php${php_version}-filter
+security/py-omemo-dr
security/sshpass
security/sudo
security/vaultwarden
+sysutils/cpu-microcode
sysutils/htop
sysutils/k3b
sysutils/lsof
@@ -138,6 +146,7 @@ x11-fonts/terminus-font
x11-fonts/terminus-ttf
x11-fonts/ubuntu-font
x11-fonts/webfonts
+x11-toolkits/gtksourceview4
x11/kde5
x11/sddm
x11/xev
diff --git a/files/usr/local/etc/sddm.conf.common b/files/usr/local/etc/sddm.conf.desktop
index 09c2000..09c2000 100644
--- a/files/usr/local/etc/sddm.conf.common
+++ b/files/usr/local/etc/sddm.conf.desktop
diff --git a/files/usr/local/etc/sddm.conf.laptop b/files/usr/local/etc/sddm.conf.laptop
new file mode 120000
index 0000000..a2aa201
--- /dev/null
+++ b/files/usr/local/etc/sddm.conf.laptop
@@ -0,0 +1 @@
+sddm.conf.desktop \ No newline at end of file
diff --git a/files/usr/local/etc/sddm.conf.roadwarrior_laptop b/files/usr/local/etc/sddm.conf.roadwarrior_laptop
new file mode 120000
index 0000000..a2aa201
--- /dev/null
+++ b/files/usr/local/etc/sddm.conf.roadwarrior_laptop
@@ -0,0 +1 @@
+sddm.conf.desktop \ No newline at end of file
diff --git a/files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.desktop b/files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.desktop
new file mode 100644
index 0000000..43d85fb
--- /dev/null
+++ b/files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.desktop
@@ -0,0 +1,6 @@
+[Desktop Entry]
+Type=Application
+Name=Add site root CA to user NSS database.
+Exec=/usr/local/libexec/nss-trust-root-ca
+StartupNotify=false
+NoDisplay=true
diff --git a/files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.laptop b/files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.laptop
new file mode 120000
index 0000000..8a3cf1a
--- /dev/null
+++ b/files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.laptop
@@ -0,0 +1 @@
+nss-trust-root-ca.desktop.desktop \ No newline at end of file
diff --git a/files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.roadwarrior_laptop b/files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.roadwarrior_laptop
new file mode 120000
index 0000000..8a3cf1a
--- /dev/null
+++ b/files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.roadwarrior_laptop
@@ -0,0 +1 @@
+nss-trust-root-ca.desktop.desktop \ No newline at end of file
diff --git a/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.common b/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.common
deleted file mode 100644
index 1808561..0000000
--- a/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.common
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-
-pkill signal-desktop chrome baloo_file
-pkill -f /usr/local/libexec/geoclue-2.0/demos/agent
diff --git a/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.desktop b/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.desktop
new file mode 100644
index 0000000..3d1e79e
--- /dev/null
+++ b/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.desktop
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# Various processes seem to hang around after logging out of KDE sessions.
+# Clean them up here.
+
+pkill signal-desktop chrome baloo_file dirmngr
+pkill -f /usr/local/libexec/geoclue-2.0/demos/agent
diff --git a/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.laptop b/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.laptop
new file mode 120000
index 0000000..e2cb280
--- /dev/null
+++ b/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.laptop
@@ -0,0 +1 @@
+cleanup.sh.desktop \ No newline at end of file
diff --git a/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.roadwarrior_laptop b/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.roadwarrior_laptop
new file mode 120000
index 0000000..e2cb280
--- /dev/null
+++ b/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.roadwarrior_laptop
@@ -0,0 +1 @@
+cleanup.sh.desktop \ No newline at end of file
diff --git a/files/usr/local/lib/firefox/distribution/policies.json.common b/files/usr/local/lib/firefox/distribution/policies.json.desktop
index 425a6d6..de93355 100644
--- a/files/usr/local/lib/firefox/distribution/policies.json.common
+++ b/files/usr/local/lib/firefox/distribution/policies.json.desktop
@@ -22,7 +22,7 @@
"Extensions": {
"uBlock0@raymondhill.net": {
"toOverwrite": {
- "filterLists": [
+ "selectedFilterLists": [
"user-filters",
"ublock-filters",
"ublock-badware",
@@ -30,11 +30,14 @@
"ublock-abuse",
"ublock-unbreak",
"ublock-annoyances",
+ "ublock-cookies-easylist",
+ "fanboy-cookiemonster",
"easylist",
"easyprivacy",
"urlhaus-1",
"plowe-0",
"fanboy-annoyance",
+ "fanboy-social",
"fanboy-thirdparty_social",
"adguard-spyware-url",
"ublock-quick-fixes"
@@ -42,7 +45,7 @@
},
"toAdd": {
"trustedSiteDirectives": [
- "${domain}"
+ "$(join '","' "$domain" $ublock_whitelist)"
]
}
}
diff --git a/files/usr/local/lib/firefox/distribution/policies.json.laptop b/files/usr/local/lib/firefox/distribution/policies.json.laptop
new file mode 120000
index 0000000..93bcb92
--- /dev/null
+++ b/files/usr/local/lib/firefox/distribution/policies.json.laptop
@@ -0,0 +1 @@
+policies.json.desktop \ No newline at end of file
diff --git a/files/usr/local/lib/firefox/distribution/policies.json.roadwarrior_laptop b/files/usr/local/lib/firefox/distribution/policies.json.roadwarrior_laptop
new file mode 120000
index 0000000..93bcb92
--- /dev/null
+++ b/files/usr/local/lib/firefox/distribution/policies.json.roadwarrior_laptop
@@ -0,0 +1 @@
+policies.json.desktop \ No newline at end of file
diff --git a/files/usr/local/lib/libreoffice/program/sofficerc.common b/files/usr/local/lib/libreoffice/program/sofficerc.desktop
index 77574a4..77574a4 100644
--- a/files/usr/local/lib/libreoffice/program/sofficerc.common
+++ b/files/usr/local/lib/libreoffice/program/sofficerc.desktop
diff --git a/files/usr/local/lib/libreoffice/program/sofficerc.laptop b/files/usr/local/lib/libreoffice/program/sofficerc.laptop
new file mode 120000
index 0000000..0d2b44a
--- /dev/null
+++ b/files/usr/local/lib/libreoffice/program/sofficerc.laptop
@@ -0,0 +1 @@
+sofficerc.desktop \ No newline at end of file
diff --git a/files/usr/local/lib/libreoffice/program/sofficerc.roadwarrior_laptop b/files/usr/local/lib/libreoffice/program/sofficerc.roadwarrior_laptop
new file mode 120000
index 0000000..0d2b44a
--- /dev/null
+++ b/files/usr/local/lib/libreoffice/program/sofficerc.roadwarrior_laptop
@@ -0,0 +1 @@
+sofficerc.desktop \ No newline at end of file
diff --git a/files/usr/local/libexec/idm-update-unbound-blocklists.idm_server b/files/usr/local/libexec/idm-update-unbound-blocklists.idm_server
index c33b909..381032d 100644
--- a/files/usr/local/libexec/idm-update-unbound-blocklists.idm_server
+++ b/files/usr/local/libexec/idm-update-unbound-blocklists.idm_server
@@ -3,8 +3,7 @@
set -eu -o pipefail
prog=$(basename "$(readlink -f "$0")")
-usage="${prog} BLOCKLIST_DIR
- Blocklist URLs are read from stdin."
+usage="${prog} URL_FILE WHITELIST_FILE BLOCKLIST_DIR"
die() {
printf '%s: %s\n' "$prog" "$*" 1>&2
@@ -16,17 +15,41 @@ usage(){
exit 2
}
-[ $# -eq 1 ] || usage
-case $1 in
+case ${1:-} in
-h|--help) usage ;;
esac
-[ -d "$1" ] || die "not a directory: ${1}"
+[ $# -eq 3 ] || usage
-cd "$1"
+url_file=$1
+whitelist_file=$2
+blocklist_dir=$3
+[ -d "$blocklist_dir" ] || die "not a directory: ${blocklist_dir}"
+
+cd "$blocklist_dir"
+
+# Delete any existing zone files.
find . -maxdepth 1 -type f -exec rm {} +
-while read -r name url; do
- [ -n "$url" ] && curl -sSfL -o "${name}.zone" "$url"
-done
+if grep -q '[^[:space:]]' "$whitelist_file"; then
+ # If the whitelist file is non empty, compute a regex.
+ while read -r pattern; do
+ [ -n "$pattern" ] || continue
+ whitelist_regex="${whitelist_regex:+"${whitelist_regex}|"}${pattern}"
+ done < "$whitelist_file"
+
+ # For each blocklist url, download the blocklist and filter out the whitelist.
+ while read -r name url; do
+ [ -n "$url" ] && curl -sSfL "$url" | grep -Ev "^(.*\\.)?(${whitelist_regex})[[:space:]]" > "${name}.zone"
+ done < "$url_file"
+else
+ # If no whitelist configured, just download each blocklist.
+ while read -r name url; do
+ [ -n "$url" ] && curl -sSfL -o "${name}.zone" "$url"
+ done < "$url_file"
+fi
+
+# Try to reload unbound.
+unbound_pidfile=$(/usr/local/sbin/unbound-checkconf -o pidfile /usr/local/etc/unbound/unbound.conf)
+kill -HUP "$(cat "$unbound_pidfile")" ||:
diff --git a/files/usr/local/libexec/nss-trust-root-ca.common b/files/usr/local/libexec/nss-trust-root-ca.common
new file mode 100644
index 0000000..6a38a86
--- /dev/null
+++ b/files/usr/local/libexec/nss-trust-root-ca.common
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+# Chromium no longer trusts the system certificate store. Instead, it uses the
+# user's local NSS database, located at ~/.pki.
+#
+# This script adds our local root CA to the NSS DB, so that Chrome will trust it.
+
+cert_name="$(hostname -d) Root CA"
+cert_path=/usr/local/etc/ssl/certs/ca.crt
+nss_db_path="${HOME}/.pki/nssdb"
+
+mkdir -p "$nss_db_path"
+
+if ! certutil -d "sql:${nss_db_path}" -L -n "$cert_name" > /dev/null 2>&1; then
+ certutil -d "sql:${nss_db_path}" -A -t 'C,,' -n "$cert_name" -i "$cert_path"
+fi
diff --git a/files/usr/local/libexec/pam-create-local-homedir.common b/files/usr/local/libexec/pam-create-local-homedir.common
index a956d65..2d30d06 100644
--- a/files/usr/local/libexec/pam-create-local-homedir.common
+++ b/files/usr/local/libexec/pam-create-local-homedir.common
@@ -1,10 +1,3 @@
#!/bin/sh
-set -e
-
-uid=$(id -u "$PAM_USER")
-
-if [ "$uid" -ge 1000 ]; then
- install -m 0755 -d /usr/local/home
- install -o "$uid" -g "$uid" -m 0700 -d "/usr/local/home/${PAM_USER}"
-fi
+install -o "$PAM_USER" -g "$PAM_USER" -m 0700 -d "/usr/local/home/${PAM_USER}"
diff --git a/files/usr/local/share-override/applications/chromium-browser.desktop.desktop b/files/usr/local/share-override/applications/chromium-browser.desktop.desktop
new file mode 100644
index 0000000..cb5a5bf
--- /dev/null
+++ b/files/usr/local/share-override/applications/chromium-browser.desktop.desktop
@@ -0,0 +1,11 @@
+[Desktop Entry]
+Type=Application
+Version=1.0
+Encoding=UTF-8
+Name=Chromium
+Comment=Google web browser based on WebKit
+Icon=chrome
+Exec=chrome ${chrome_flags} %U
+Categories=Application;Network;WebBrowser;
+MimeType=text/html;text/xml;application/xhtml+xml;x-scheme-handler/http;x-scheme-handler/https;x-scheme-handler/ftp;
+StartupNotify=true
diff --git a/files/usr/local/share-override/applications/chromium-browser.desktop.laptop b/files/usr/local/share-override/applications/chromium-browser.desktop.laptop
new file mode 120000
index 0000000..351c67b
--- /dev/null
+++ b/files/usr/local/share-override/applications/chromium-browser.desktop.laptop
@@ -0,0 +1 @@
+chromium-browser.desktop.desktop \ No newline at end of file
diff --git a/files/usr/local/share-override/applications/chromium-browser.desktop.roadwarrior_laptop b/files/usr/local/share-override/applications/chromium-browser.desktop.roadwarrior_laptop
new file mode 120000
index 0000000..351c67b
--- /dev/null
+++ b/files/usr/local/share-override/applications/chromium-browser.desktop.roadwarrior_laptop
@@ -0,0 +1 @@
+chromium-browser.desktop.desktop \ No newline at end of file
diff --git a/files/usr/local/override/applications/signal-desktop.desktop.common b/files/usr/local/share-override/applications/signal-desktop.desktop.desktop
index d0c9160..d0c9160 100644
--- a/files/usr/local/override/applications/signal-desktop.desktop.common
+++ b/files/usr/local/share-override/applications/signal-desktop.desktop.desktop
diff --git a/files/usr/local/share-override/applications/signal-desktop.desktop.laptop b/files/usr/local/share-override/applications/signal-desktop.desktop.laptop
new file mode 120000
index 0000000..6a702d4
--- /dev/null
+++ b/files/usr/local/share-override/applications/signal-desktop.desktop.laptop
@@ -0,0 +1 @@
+signal-desktop.desktop.desktop \ No newline at end of file
diff --git a/files/usr/local/share-override/applications/signal-desktop.desktop.roadwarrior_laptop b/files/usr/local/share-override/applications/signal-desktop.desktop.roadwarrior_laptop
new file mode 120000
index 0000000..6a702d4
--- /dev/null
+++ b/files/usr/local/share-override/applications/signal-desktop.desktop.roadwarrior_laptop
@@ -0,0 +1 @@
+signal-desktop.desktop.desktop \ No newline at end of file