From 2c9845db4bc00221bc3c2343a020208f7f532166 Mon Sep 17 00:00:00 2001
From: Cullum Smith <cullum@sacredheartsc.com>
Date: Thu, 31 Oct 2024 21:36:39 -0400
Subject: many fixes
---
.../local/etc/asterisk/queues.conf.asterisk_server | 20 +++++---
.../policies/managed/policies.json.desktop | 60 +++++++++++++++-------
.../dovecot-ldap-userdb.conf.ext.imap_server | 10 ++--
.../etc/icinga2/conf.d/services.conf.icinga_server | 29 +++++++----
.../icinga2/conf.d/templates.conf.icinga_server | 4 +-
files/usr/local/etc/postfix/main.cf.smtp_server | 3 +-
files/usr/local/etc/postfix/master.cf.smtp_server | 3 +-
.../local/etc/poudriere.d/make.conf.pkg_repository | 4 +-
.../local/etc/poudriere.d/pkglist.pkg_repository | 8 ++-
.../local/etc/prosody/prosody.cfg.lua.xmpp_server | 2 +
.../etc/rspamd/local.d/logging.inc.smtp_server | 2 +-
files/usr/local/etc/xdg/kdeglobals.desktop | 5 ++
files/usr/local/etc/xdg/kdeglobals.laptop | 1 +
.../local/etc/xdg/kdeglobals.roadwarrior_laptop | 1 +
14 files changed, 104 insertions(+), 48 deletions(-)
create mode 100644 files/usr/local/etc/xdg/kdeglobals.desktop
create mode 120000 files/usr/local/etc/xdg/kdeglobals.laptop
create mode 120000 files/usr/local/etc/xdg/kdeglobals.roadwarrior_laptop
(limited to 'files/usr/local/etc')
diff --git a/files/usr/local/etc/asterisk/queues.conf.asterisk_server b/files/usr/local/etc/asterisk/queues.conf.asterisk_server
index 87b8ed4..8849690 100644
--- a/files/usr/local/etc/asterisk/queues.conf.asterisk_server
+++ b/files/usr/local/etc/asterisk/queues.conf.asterisk_server
@@ -6,12 +6,12 @@ shared_lastcall = yes
log_membername_as_agent = yes
$(for queue in ${asterisk_queues:-}; do
- eval "queue_strategy=\${asterisk_queue_${queue}_strategy}"
+ eval "queue_strategy=\${asterisk_queue_${queue}_strategy:-ringall}"
eval "queue_timeout=\${asterisk_queue_${queue}_timeout:-15}"
eval "queue_retry=\${asterisk_queue_${queue}_retry:-5}"
eval "queue_ringinuse=\${asterisk_queue_${queue}_ringinuse:-yes}"
- eval "queue_members=\${asterisk_queue_${queue}_members}"
- echo "\
+ eval "queue_members=\${asterisk_queue_${queue}_members:-}"
+ cat <<EOF
[${queue}]
strategy = ${queue_strategy}
timeout = ${queue_timeout}
@@ -24,8 +24,12 @@ periodic-announce-frequency = 0
joinempty = yes
leavewhenempty = no
ringinuse = ${queue_ringinuse}
-timeoutrestart = yes"
-for member in $queue_members; do
- eval "member_name=\${asterisk_ext_${member}_cid_name}"
- echo "member => PJSIP/${member},0,${member_name},PJSIP/${member}"
-done; done)
+timeoutrestart = yes
+EOF
+ for member in $queue_members; do
+ eval "member_name=\${asterisk_ext_${member}_cid_name}"
+ cat <<EOF
+member => PJSIP/${member},0,${member_name},PJSIP/${member}
+EOF
+ done
+done)
diff --git a/files/usr/local/etc/chromium/policies/managed/policies.json.desktop b/files/usr/local/etc/chromium/policies/managed/policies.json.desktop
index 93544cf..1391d09 100644
--- a/files/usr/local/etc/chromium/policies/managed/policies.json.desktop
+++ b/files/usr/local/etc/chromium/policies/managed/policies.json.desktop
@@ -14,15 +14,6 @@
"CloudReportingEnabled": false,
"DefaultBrowserSettingEnabled": false,
"DefaultCookiesSetting": 1,
- "DefaultSearchProviderEnabled": true,
- "DefaultSearchProviderName": "DuckDuckGo",
- "DefaultSearchProviderIconURL": "https://duckduckgo.com/favicon.ico",
- "DefaultSearchProviderEncodings": [
- "UTF-8"
- ],
- "DefaultSearchProviderSearchURL": "https://duckduckgo.com/?q={searchTerms}",
- "DefaultSearchProviderSuggestURL":"https://duckduckgo.com/ac/?q={searchTerms}&type=list",
- "DefaultSearchProviderNewTabURL":"https://duckduckgo.com/chrome_newtab",
"DnsOverHttpsMode": "off",
"EnableAuthNegotiatePort": true,
"EnableMediaRouter": false,
@@ -44,9 +35,45 @@
{
"toplevel_name": "Internal"
},
+ {
+ "name": "Bitwarden",
+ "url": "https://bitwarden.${domain}/"
+ },
+ {
+ "name": "CUPS",
+ "url": "https://cups.${domain}/"
+ },
+ {
+ "name": "DAViCal",
+ "url": "https://dav.${domain}/"
+ },
+ {
+ "name": "Icinga",
+ "url": "https://icinga.${domain}/"
+ },
+ {
+ "name": "Invidious",
+ "url": "https://invidious.${domain}/"
+ },
{
"name": "Poudriere",
"url": "http://pkg.${domain}/poudriere"
+ },
+ {
+ "name": "Rspamd",
+ "url": "https://smtp.${domain}/"
+ },
+ {
+ "name": "Tiny Tiny RSS",
+ "url": "https://ttrss.${domain}/"
+ },
+ {
+ "name": "UniFi Controller",
+ "url": "https://unifi.${domain}/"
+ },
+ {
+ "name": "ZNC",
+ "url": "https://znc.${domain}/"
}
],
"ExtensionSettings": {
@@ -67,25 +94,22 @@
"extensions": {
"cjpalhdlnbpafiamejdnhcphjbkeiagm": {
"toOverwrite": {
- "selectedFilterLists": [
+ "filterLists": [
"user-filters",
"ublock-filters",
"ublock-badware",
"ublock-privacy",
- "ublock-abuse",
+ "ublock-quick-fixes",
"ublock-unbreak",
- "ublock-annoyances",
- "ublock-cookies-easylist",
- "fanboy-cookiemonster",
"easylist",
"easyprivacy",
+ "adguard-spyware-url",
"urlhaus-1",
"plowe-0",
- "fanboy-annoyance",
- "fanboy-social",
+ "fanboy-cookiemonster",
+ "ublock-cookies-easylist",
"fanboy-thirdparty_social",
- "adguard-spyware-url",
- "ublock-quick-fixes"
+ "ublock-annoyances"
]
},
"toAdd": {
diff --git a/files/usr/local/etc/dovecot/dovecot-ldap-userdb.conf.ext.imap_server b/files/usr/local/etc/dovecot/dovecot-ldap-userdb.conf.ext.imap_server
index fc939a6..6a7ce4e 100644
--- a/files/usr/local/etc/dovecot/dovecot-ldap-userdb.conf.ext.imap_server
+++ b/files/usr/local/etc/dovecot/dovecot-ldap-userdb.conf.ext.imap_server
@@ -6,11 +6,11 @@ sasl_realm = ${realm}
base = ${users_basedn}
user_filter = (|(mailAddress=%u)(uid=%u))
-user_attrs = \
- =user=%{ldap:uid}, \
- =uid=${dovecot_vmail_uid}, \
- =gid=${dovecot_vmail_uid}, \
- =home=${dovecot_vmail_dir}/%{ldap:uid} \
+user_attrs = \\
+ =user=%{ldap:uid}, \\
+ =uid=${dovecot_vmail_uid}, \\
+ =gid=${dovecot_vmail_uid}, \\
+ =home=${dovecot_vmail_dir}/%{ldap:uid}, \\
mailQuota=quota_rule=\*:storage=%{ldap:mailQuota}
iterate_attrs = uid=user
diff --git a/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server
index 4340192..116fe44 100644
--- a/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server
+++ b/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server
@@ -219,6 +219,20 @@ apply Service "cups-cert" {
assign where ("cups-servers" in host.groups)
}
+apply Service for (vhost in host.vars.xmpp_vhosts) {
+ check_command = "tcp"
+ name = vhost + "-xmpp"
+ display_name = vhost + " xmpp"
+ vars.tcp_port = 5223
+ vars.tcp_ssl = true
+ vars.tcp_sni = vhost
+ vars.tcp_certificate = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
+ vars.tcp_wtime = ${icinga_response_time_warn}
+ vars.tcp_ctime = ${icinga_response_time_crit}
+ vars.tcp_send = "<stream:stream to='" + vhost + "' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams'>"
+ vars.tcp_expect = "<?xml version='1.0'"
+}
+
// Expect HTTP 200
apply Service "http" {
check_command = "http"
@@ -289,7 +303,6 @@ apply Service "https" {
vars.http_warn_time = ${icinga_response_time_warn}
vars.http_critical_time = ${icinga_response_time_crit}
assign where ("pkg-repositories" in host.groups
- || "xmpp-servers" in host.groups
|| "znc-servers" in host.groups
|| "bitwarden-servers" in host.groups)
}
@@ -331,7 +344,6 @@ apply Service "https-cert" {
|| "pkg-repositories" in host.groups
|| "unifi-controllers" in host.groups
|| "web-servers" in host.groups
- || "xmpp-servers" in host.groups
|| "znc-servers" in host.groups
|| "bitwarden-servers" in host.groups
|| "dav-servers" in host.groups
@@ -342,11 +354,11 @@ apply Service "https-cert" {
&& !host.vars.https_vhosts)
}
-// Expect HTTPS 200
+// Certificate validity
apply Service for (vhost in host.vars.https_vhosts) {
check_command = "http"
- name = vhost + "-cert"
- display_name = vhost + " certificate"
+ name = vhost + "-https-cert"
+ display_name = vhost + " https certificate"
vars.http_vhost = vhost
vars.http_expect = "HTTP/1.1 200 OK"
vars.http_ssl = true
@@ -354,13 +366,12 @@ apply Service for (vhost in host.vars.https_vhosts) {
vars.http_certificate = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
}
-// Certificate validity
+// Expect HTTPS 200
apply Service for (vhost in host.vars.https_vhosts) {
check_command = "http"
- name = vhost
- display_name = vhost
+ name = vhost + "-https-status"
+ display_name = vhost + " https status"
vars.http_vhost = vhost
- vars.http_expect = "HTTP/1.1 200 OK"
vars.http_ssl = true
vars.http_sni = true
vars.http_expect = "HTTP/1.1 200 OK"
diff --git a/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server
index 0ebe46e..cd1cda1 100644
--- a/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server
+++ b/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server
@@ -7,8 +7,8 @@ template Host "generic-host" default {
template Service "generic-service" default {
max_check_attempts = 5
- check_interval = 1m
- retry_interval = 30s
+ check_interval = 5m
+ retry_interval = 1m
}
template User "generic-user" default {
diff --git a/files/usr/local/etc/postfix/main.cf.smtp_server b/files/usr/local/etc/postfix/main.cf.smtp_server
index 155c18c..72c0448 100644
--- a/files/usr/local/etc/postfix/main.cf.smtp_server
+++ b/files/usr/local/etc/postfix/main.cf.smtp_server
@@ -19,7 +19,6 @@ setgid_group = maildrop
import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C POSTLOG_SERVICE POSTLOG_HOSTNAME KRB5_KTNAME=${postfix_keytab} KRB5_CLIENT_KTNAME=${postfix_keytab}
myorigin = ${postfix_myorigin}
-myhostname = ${postfix_public_fqdn}
mynetworks = 127.0.0.0/8 [::1]/128 [fe80::]/64 ${postfix_mynetworks}
mydestination =
@@ -100,6 +99,8 @@ smtpd_relay_restrictions =
permit_sasl_authenticated,
reject_unauth_destination
smtpd_recipient_restrictions =
+ permit_mynetworks,
+ permit_sasl_authenticated,
reject_unknown_recipient_domain,
reject_unlisted_recipient,
reject_unauth_destination,
diff --git a/files/usr/local/etc/postfix/master.cf.smtp_server b/files/usr/local/etc/postfix/master.cf.smtp_server
index e0b5bbb..9dce9be 100644
--- a/files/usr/local/etc/postfix/master.cf.smtp_server
+++ b/files/usr/local/etc/postfix/master.cf.smtp_server
@@ -1,4 +1,5 @@
smtp inet n - n - - smtpd
+ -o myhostname=${postfix_public_fqdn}
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
@@ -16,7 +17,7 @@ proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
- -o syslog_name=postfix/$service_name
+ -o syslog_name=postfix/\$service_name
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
diff --git a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository
index 3a80736..a4677f4 100644
--- a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository
+++ b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository
@@ -4,7 +4,7 @@ DEFAULT_VERSIONS+=${poudriere_default_versions:-}
MAKE_JOBS_NUMBER=${poudriere_make_jobs_number}
# Global port options
-OPTIONS_UNSET=TEST DEBUG GSSAPI_HEIMDAL GSSAPI_BASE GSSAPI_NONE HEIMDAL HEIMDAL_BASE NLS DOCS AVAHI LIBWRAP MYSQL MSQLND ODBC READLINE PULSEAUDIO UPNP BASH ZSH INFO ALSA SAMBA WAYLAND PLATFORM_WAYLAND PIPEWIRE TCP_WRAPPERS COMPAT32
+OPTIONS_UNSET=TEST DEBUG GSSAPI_HEIMDAL GSSAPI_BASE GSSAPI_NONE HEIMDAL HEIMDAL_BASE NLS DOCS AVAHI LIBWRAP MYSQL MSQLND ODBC READLINE PULSEAUDIO UPNP BASH ZSH INFO ALSA SAMBA WAYLAND PLATFORM_WAYLAND PIPEWIRE TCP_WRAPPERS COMPAT32 JACK
OPTIONS_SET=GSSAPI GSSAPI_MIT MIT NONFREE LIBEDIT
# Per-port options
@@ -87,6 +87,8 @@ sysutils_htop_SET=LSOF
sysutils_k3b_UNSET=EMOVIX VCDIMAGER
sysutils_rsyslog8_SET=GSSAPI RELP OPENSSL
sysutils_rsyslog8_UNSET=GCRYPT
+textproc_en-hunspell_SET=US_LARGE
+textproc_en-hunspell_UNSET=US_STANDARD
www_chromium_SET=WIDEVINE
www_firefox_UNSET=PROFILE JACK
www_nginx_SET=HTTPV3 HTTPV3_QTLS HTTP_AUTH_KRB5 HTTP_AUTH_LDAP
diff --git a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository
index 8542c20..e90bc1b 100644
--- a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository
+++ b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository
@@ -4,7 +4,7 @@ archivers/php${php_version}-zip
archivers/unzip
archivers/zip
audio/elisa
-audio/juk
+audio/gsound
audio/kid3@kf5
audio/kmix
audio/virtual_oss
@@ -18,6 +18,8 @@ databases/php${php_version}-pgsql
databases/postgresql${postgresql_version}-client
databases/postgresql${postgresql_version}-server
databases/redis
+deskutils/py-vdirsyncer
+devel/android-tools
devel/ccache
devel/cgit
devel/electron30
@@ -71,7 +73,7 @@ multimedia/v4l-utils
multimedia/v4l_compat
multimedia/vdpauinfo
multimedia/webcamd
-net-im/dino
+net-im/farstream
net-im/gajim
net-im/prosody
net-im/prosody-modules
@@ -115,6 +117,7 @@ security/sshpass
security/sudo
security/vaultwarden
security/wpa_supplicant
+sysutils/android-file-transfer-qt5
sysutils/cpu-microcode
sysutils/htop
sysutils/k3b
@@ -129,6 +132,7 @@ sysutils/stow
sysutils/tmux
sysutils/tree
sysutils/zfstools
+textproc/en-hunspell
textproc/hs-pandoc
textproc/jq
textproc/p5-YAML
diff --git a/files/usr/local/etc/prosody/prosody.cfg.lua.xmpp_server b/files/usr/local/etc/prosody/prosody.cfg.lua.xmpp_server
index 083a6ce..7936cac 100644
--- a/files/usr/local/etc/prosody/prosody.cfg.lua.xmpp_server
+++ b/files/usr/local/etc/prosody/prosody.cfg.lua.xmpp_server
@@ -47,6 +47,8 @@ reload_modules = { "groups", "tls" }
groups_file = "${prosody_roster_path}"
s2s_secure_auth = true
+c2s_direct_tls_ports = { ${prosody_c2s_tls_port} }
+s2s_direct_tls_ports = { ${prosody_s2s_tls_port} }
limits = {
c2s = {
diff --git a/files/usr/local/etc/rspamd/local.d/logging.inc.smtp_server b/files/usr/local/etc/rspamd/local.d/logging.inc.smtp_server
index 7e38af5..da081e0 100644
--- a/files/usr/local/etc/rspamd/local.d/logging.inc.smtp_server
+++ b/files/usr/local/etc/rspamd/local.d/logging.inc.smtp_server
@@ -1,2 +1,2 @@
type = syslog;
-facility = mail;
+facility = daemon;
diff --git a/files/usr/local/etc/xdg/kdeglobals.desktop b/files/usr/local/etc/xdg/kdeglobals.desktop
new file mode 100644
index 0000000..5d121aa
--- /dev/null
+++ b/files/usr/local/etc/xdg/kdeglobals.desktop
@@ -0,0 +1,5 @@
+# Broken with consolekit: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=221452
+# VT switch causes loss of graphics acceleration: https://github.com/freebsd/drm-kmod/issues/175
+[KDE Action Restrictions]
+action/start_new_session=false
+action/switch_user=false
diff --git a/files/usr/local/etc/xdg/kdeglobals.laptop b/files/usr/local/etc/xdg/kdeglobals.laptop
new file mode 120000
index 0000000..9c8c680
--- /dev/null
+++ b/files/usr/local/etc/xdg/kdeglobals.laptop
@@ -0,0 +1 @@
+kdeglobals.desktop
\ No newline at end of file
diff --git a/files/usr/local/etc/xdg/kdeglobals.roadwarrior_laptop b/files/usr/local/etc/xdg/kdeglobals.roadwarrior_laptop
new file mode 120000
index 0000000..9c8c680
--- /dev/null
+++ b/files/usr/local/etc/xdg/kdeglobals.roadwarrior_laptop
@@ -0,0 +1 @@
+kdeglobals.desktop
\ No newline at end of file
--
cgit v1.2.3