From 2c9845db4bc00221bc3c2343a020208f7f532166 Mon Sep 17 00:00:00 2001
From: Cullum Smith <cullum@sacredheartsc.com>
Date: Thu, 31 Oct 2024 21:36:39 -0400
Subject: many fixes

---
 .../local/etc/asterisk/queues.conf.asterisk_server | 20 +++++---
 .../policies/managed/policies.json.desktop         | 60 +++++++++++++++-------
 .../dovecot-ldap-userdb.conf.ext.imap_server       | 10 ++--
 .../etc/icinga2/conf.d/services.conf.icinga_server | 29 +++++++----
 .../icinga2/conf.d/templates.conf.icinga_server    |  4 +-
 files/usr/local/etc/postfix/main.cf.smtp_server    |  3 +-
 files/usr/local/etc/postfix/master.cf.smtp_server  |  3 +-
 .../local/etc/poudriere.d/make.conf.pkg_repository |  4 +-
 .../local/etc/poudriere.d/pkglist.pkg_repository   |  8 ++-
 .../local/etc/prosody/prosody.cfg.lua.xmpp_server  |  2 +
 .../etc/rspamd/local.d/logging.inc.smtp_server     |  2 +-
 files/usr/local/etc/xdg/kdeglobals.desktop         |  5 ++
 files/usr/local/etc/xdg/kdeglobals.laptop          |  1 +
 .../local/etc/xdg/kdeglobals.roadwarrior_laptop    |  1 +
 14 files changed, 104 insertions(+), 48 deletions(-)
 create mode 100644 files/usr/local/etc/xdg/kdeglobals.desktop
 create mode 120000 files/usr/local/etc/xdg/kdeglobals.laptop
 create mode 120000 files/usr/local/etc/xdg/kdeglobals.roadwarrior_laptop

(limited to 'files/usr/local/etc')

diff --git a/files/usr/local/etc/asterisk/queues.conf.asterisk_server b/files/usr/local/etc/asterisk/queues.conf.asterisk_server
index 87b8ed4..8849690 100644
--- a/files/usr/local/etc/asterisk/queues.conf.asterisk_server
+++ b/files/usr/local/etc/asterisk/queues.conf.asterisk_server
@@ -6,12 +6,12 @@ shared_lastcall         = yes
 log_membername_as_agent = yes
 
 $(for queue in ${asterisk_queues:-}; do
-  eval "queue_strategy=\${asterisk_queue_${queue}_strategy}"
+  eval "queue_strategy=\${asterisk_queue_${queue}_strategy:-ringall}"
   eval "queue_timeout=\${asterisk_queue_${queue}_timeout:-15}"
   eval "queue_retry=\${asterisk_queue_${queue}_retry:-5}"
   eval "queue_ringinuse=\${asterisk_queue_${queue}_ringinuse:-yes}"
-  eval "queue_members=\${asterisk_queue_${queue}_members}"
-  echo "\
+  eval "queue_members=\${asterisk_queue_${queue}_members:-}"
+  cat <<EOF
 [${queue}]
 strategy                    = ${queue_strategy}
 timeout                     = ${queue_timeout}
@@ -24,8 +24,12 @@ periodic-announce-frequency = 0
 joinempty                   = yes
 leavewhenempty              = no
 ringinuse                   = ${queue_ringinuse}
-timeoutrestart              = yes"
-for member in $queue_members; do
-  eval "member_name=\${asterisk_ext_${member}_cid_name}"
-  echo "member => PJSIP/${member},0,${member_name},PJSIP/${member}"
-done; done)
+timeoutrestart              = yes
+EOF
+  for member in $queue_members; do
+    eval "member_name=\${asterisk_ext_${member}_cid_name}"
+    cat <<EOF
+member => PJSIP/${member},0,${member_name},PJSIP/${member}
+EOF
+  done
+done)
diff --git a/files/usr/local/etc/chromium/policies/managed/policies.json.desktop b/files/usr/local/etc/chromium/policies/managed/policies.json.desktop
index 93544cf..1391d09 100644
--- a/files/usr/local/etc/chromium/policies/managed/policies.json.desktop
+++ b/files/usr/local/etc/chromium/policies/managed/policies.json.desktop
@@ -14,15 +14,6 @@
   "CloudReportingEnabled": false,
   "DefaultBrowserSettingEnabled": false,
   "DefaultCookiesSetting": 1,
-  "DefaultSearchProviderEnabled": true,
-  "DefaultSearchProviderName": "DuckDuckGo",
-  "DefaultSearchProviderIconURL": "https://duckduckgo.com/favicon.ico",
-  "DefaultSearchProviderEncodings": [
-    "UTF-8"
-  ],
-  "DefaultSearchProviderSearchURL": "https://duckduckgo.com/?q={searchTerms}",
-  "DefaultSearchProviderSuggestURL":"https://duckduckgo.com/ac/?q={searchTerms}&type=list",
-  "DefaultSearchProviderNewTabURL":"https://duckduckgo.com/chrome_newtab",
   "DnsOverHttpsMode": "off",
   "EnableAuthNegotiatePort": true,
   "EnableMediaRouter": false,
@@ -44,9 +35,45 @@
     {
       "toplevel_name": "Internal"
     },
+    {
+      "name": "Bitwarden",
+      "url": "https://bitwarden.${domain}/"
+    },
+    {
+      "name": "CUPS",
+      "url": "https://cups.${domain}/"
+    },
+    {
+      "name": "DAViCal",
+      "url": "https://dav.${domain}/"
+    },
+    {
+      "name": "Icinga",
+      "url": "https://icinga.${domain}/"
+    },
+    {
+      "name": "Invidious",
+      "url": "https://invidious.${domain}/"
+    },
     {
       "name": "Poudriere",
       "url": "http://pkg.${domain}/poudriere"
+    },
+    {
+      "name": "Rspamd",
+      "url": "https://smtp.${domain}/"
+    },
+    {
+      "name": "Tiny Tiny RSS",
+      "url": "https://ttrss.${domain}/"
+    },
+    {
+      "name": "UniFi Controller",
+      "url": "https://unifi.${domain}/"
+    },
+    {
+      "name": "ZNC",
+      "url": "https://znc.${domain}/"
     }
   ],
   "ExtensionSettings": {
@@ -67,25 +94,22 @@
     "extensions": {
       "cjpalhdlnbpafiamejdnhcphjbkeiagm": {
         "toOverwrite": {
-          "selectedFilterLists": [
+          "filterLists": [
             "user-filters",
             "ublock-filters",
             "ublock-badware",
             "ublock-privacy",
-            "ublock-abuse",
+            "ublock-quick-fixes",
             "ublock-unbreak",
-            "ublock-annoyances",
-            "ublock-cookies-easylist",
-            "fanboy-cookiemonster",
             "easylist",
             "easyprivacy",
+            "adguard-spyware-url",
             "urlhaus-1",
             "plowe-0",
-            "fanboy-annoyance",
-            "fanboy-social",
+            "fanboy-cookiemonster",
+            "ublock-cookies-easylist",
             "fanboy-thirdparty_social",
-            "adguard-spyware-url",
-            "ublock-quick-fixes"
+            "ublock-annoyances"
           ]
         },
         "toAdd": {
diff --git a/files/usr/local/etc/dovecot/dovecot-ldap-userdb.conf.ext.imap_server b/files/usr/local/etc/dovecot/dovecot-ldap-userdb.conf.ext.imap_server
index fc939a6..6a7ce4e 100644
--- a/files/usr/local/etc/dovecot/dovecot-ldap-userdb.conf.ext.imap_server
+++ b/files/usr/local/etc/dovecot/dovecot-ldap-userdb.conf.ext.imap_server
@@ -6,11 +6,11 @@ sasl_realm = ${realm}
 
 base = ${users_basedn}
 user_filter = (|(mailAddress=%u)(uid=%u))
-user_attrs = \
-  =user=%{ldap:uid}, \
-  =uid=${dovecot_vmail_uid}, \
-  =gid=${dovecot_vmail_uid}, \
-  =home=${dovecot_vmail_dir}/%{ldap:uid} \
+user_attrs = \\
+  =user=%{ldap:uid}, \\
+  =uid=${dovecot_vmail_uid}, \\
+  =gid=${dovecot_vmail_uid}, \\
+  =home=${dovecot_vmail_dir}/%{ldap:uid}, \\
   mailQuota=quota_rule=\*:storage=%{ldap:mailQuota}
 
 iterate_attrs = uid=user
diff --git a/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server
index 4340192..116fe44 100644
--- a/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server
+++ b/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server
@@ -219,6 +219,20 @@ apply Service "cups-cert" {
   assign where ("cups-servers" in host.groups)
 }
 
+apply Service for (vhost in host.vars.xmpp_vhosts) {
+  check_command = "tcp"
+  name = vhost + "-xmpp"
+  display_name = vhost + " xmpp"
+  vars.tcp_port = 5223
+  vars.tcp_ssl = true
+  vars.tcp_sni = vhost
+  vars.tcp_certificate = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
+  vars.tcp_wtime = ${icinga_response_time_warn}
+  vars.tcp_ctime = ${icinga_response_time_crit}
+  vars.tcp_send = "<stream:stream to='" + vhost + "' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams'>"
+  vars.tcp_expect = "<?xml version='1.0'"
+}
+
 // Expect HTTP 200
 apply Service "http" {
   check_command = "http"
@@ -289,7 +303,6 @@ apply Service "https" {
   vars.http_warn_time = ${icinga_response_time_warn}
   vars.http_critical_time = ${icinga_response_time_crit}
   assign where ("pkg-repositories"  in host.groups
-             || "xmpp-servers"      in host.groups
              || "znc-servers"       in host.groups
              || "bitwarden-servers" in host.groups)
 }
@@ -331,7 +344,6 @@ apply Service "https-cert" {
              || "pkg-repositories"  in host.groups
              || "unifi-controllers" in host.groups
              || "web-servers"       in host.groups
-             || "xmpp-servers"      in host.groups
              || "znc-servers"       in host.groups
              || "bitwarden-servers" in host.groups
              || "dav-servers"       in host.groups
@@ -342,11 +354,11 @@ apply Service "https-cert" {
              && !host.vars.https_vhosts)
 }
 
-// Expect HTTPS 200
+// Certificate validity
 apply Service for (vhost in host.vars.https_vhosts) {
   check_command = "http"
-  name = vhost + "-cert"
-  display_name = vhost + " certificate"
+  name = vhost + "-https-cert"
+  display_name = vhost + " https certificate"
   vars.http_vhost = vhost
   vars.http_expect = "HTTP/1.1 200 OK"
   vars.http_ssl = true
@@ -354,13 +366,12 @@ apply Service for (vhost in host.vars.https_vhosts) {
   vars.http_certificate = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
 }
 
-// Certificate validity
+// Expect HTTPS 200
 apply Service for (vhost in host.vars.https_vhosts) {
   check_command = "http"
-  name = vhost
-  display_name = vhost
+  name = vhost + "-https-status"
+  display_name = vhost + " https status"
   vars.http_vhost = vhost
-  vars.http_expect = "HTTP/1.1 200 OK"
   vars.http_ssl = true
   vars.http_sni = true
   vars.http_expect = "HTTP/1.1 200 OK"
diff --git a/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server
index 0ebe46e..cd1cda1 100644
--- a/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server
+++ b/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server
@@ -7,8 +7,8 @@ template Host "generic-host" default {
 
 template Service "generic-service" default {
   max_check_attempts = 5
-  check_interval = 1m
-  retry_interval = 30s
+  check_interval = 5m
+  retry_interval = 1m
 }
 
 template User "generic-user" default {
diff --git a/files/usr/local/etc/postfix/main.cf.smtp_server b/files/usr/local/etc/postfix/main.cf.smtp_server
index 155c18c..72c0448 100644
--- a/files/usr/local/etc/postfix/main.cf.smtp_server
+++ b/files/usr/local/etc/postfix/main.cf.smtp_server
@@ -19,7 +19,6 @@ setgid_group      = maildrop
 import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C POSTLOG_SERVICE POSTLOG_HOSTNAME KRB5_KTNAME=${postfix_keytab} KRB5_CLIENT_KTNAME=${postfix_keytab}
 
 myorigin      = ${postfix_myorigin}
-myhostname    = ${postfix_public_fqdn}
 mynetworks    = 127.0.0.0/8 [::1]/128 [fe80::]/64 ${postfix_mynetworks}
 mydestination =
 
@@ -100,6 +99,8 @@ smtpd_relay_restrictions =
   permit_sasl_authenticated,
   reject_unauth_destination
 smtpd_recipient_restrictions =
+  permit_mynetworks,
+  permit_sasl_authenticated,
   reject_unknown_recipient_domain,
   reject_unlisted_recipient,
   reject_unauth_destination,
diff --git a/files/usr/local/etc/postfix/master.cf.smtp_server b/files/usr/local/etc/postfix/master.cf.smtp_server
index e0b5bbb..9dce9be 100644
--- a/files/usr/local/etc/postfix/master.cf.smtp_server
+++ b/files/usr/local/etc/postfix/master.cf.smtp_server
@@ -1,4 +1,5 @@
 smtp      inet  n       -       n       -       -       smtpd
+  -o myhostname=${postfix_public_fqdn}
 submission inet n       -       n       -       -       smtpd
   -o smtpd_tls_security_level=encrypt
   -o smtpd_sasl_auth_enable=yes
@@ -16,7 +17,7 @@ proxymap  unix  -       -       n       -       -       proxymap
 proxywrite unix -       -       n       -       1       proxymap
 smtp      unix  -       -       n       -       -       smtp
 relay     unix  -       -       n       -       -       smtp
-        -o syslog_name=postfix/$service_name
+        -o syslog_name=postfix/\$service_name
 showq     unix  n       -       n       -       -       showq
 error     unix  -       -       n       -       -       error
 retry     unix  -       -       n       -       -       error
diff --git a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository
index 3a80736..a4677f4 100644
--- a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository
+++ b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository
@@ -4,7 +4,7 @@ DEFAULT_VERSIONS+=${poudriere_default_versions:-}
 MAKE_JOBS_NUMBER=${poudriere_make_jobs_number}
 
 # Global port options
-OPTIONS_UNSET=TEST DEBUG GSSAPI_HEIMDAL GSSAPI_BASE GSSAPI_NONE HEIMDAL HEIMDAL_BASE NLS DOCS AVAHI LIBWRAP MYSQL MSQLND ODBC READLINE PULSEAUDIO UPNP BASH ZSH INFO ALSA SAMBA WAYLAND PLATFORM_WAYLAND PIPEWIRE TCP_WRAPPERS COMPAT32
+OPTIONS_UNSET=TEST DEBUG GSSAPI_HEIMDAL GSSAPI_BASE GSSAPI_NONE HEIMDAL HEIMDAL_BASE NLS DOCS AVAHI LIBWRAP MYSQL MSQLND ODBC READLINE PULSEAUDIO UPNP BASH ZSH INFO ALSA SAMBA WAYLAND PLATFORM_WAYLAND PIPEWIRE TCP_WRAPPERS COMPAT32 JACK
 OPTIONS_SET=GSSAPI GSSAPI_MIT MIT NONFREE LIBEDIT
 
 # Per-port options
@@ -87,6 +87,8 @@ sysutils_htop_SET=LSOF
 sysutils_k3b_UNSET=EMOVIX VCDIMAGER
 sysutils_rsyslog8_SET=GSSAPI RELP OPENSSL
 sysutils_rsyslog8_UNSET=GCRYPT
+textproc_en-hunspell_SET=US_LARGE
+textproc_en-hunspell_UNSET=US_STANDARD
 www_chromium_SET=WIDEVINE
 www_firefox_UNSET=PROFILE JACK
 www_nginx_SET=HTTPV3 HTTPV3_QTLS HTTP_AUTH_KRB5 HTTP_AUTH_LDAP
diff --git a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository
index 8542c20..e90bc1b 100644
--- a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository
+++ b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository
@@ -4,7 +4,7 @@ archivers/php${php_version}-zip
 archivers/unzip
 archivers/zip
 audio/elisa
-audio/juk
+audio/gsound
 audio/kid3@kf5
 audio/kmix
 audio/virtual_oss
@@ -18,6 +18,8 @@ databases/php${php_version}-pgsql
 databases/postgresql${postgresql_version}-client
 databases/postgresql${postgresql_version}-server
 databases/redis
+deskutils/py-vdirsyncer
+devel/android-tools
 devel/ccache
 devel/cgit
 devel/electron30
@@ -71,7 +73,7 @@ multimedia/v4l-utils
 multimedia/v4l_compat
 multimedia/vdpauinfo
 multimedia/webcamd
-net-im/dino
+net-im/farstream
 net-im/gajim
 net-im/prosody
 net-im/prosody-modules
@@ -115,6 +117,7 @@ security/sshpass
 security/sudo
 security/vaultwarden
 security/wpa_supplicant
+sysutils/android-file-transfer-qt5
 sysutils/cpu-microcode
 sysutils/htop
 sysutils/k3b
@@ -129,6 +132,7 @@ sysutils/stow
 sysutils/tmux
 sysutils/tree
 sysutils/zfstools
+textproc/en-hunspell
 textproc/hs-pandoc
 textproc/jq
 textproc/p5-YAML
diff --git a/files/usr/local/etc/prosody/prosody.cfg.lua.xmpp_server b/files/usr/local/etc/prosody/prosody.cfg.lua.xmpp_server
index 083a6ce..7936cac 100644
--- a/files/usr/local/etc/prosody/prosody.cfg.lua.xmpp_server
+++ b/files/usr/local/etc/prosody/prosody.cfg.lua.xmpp_server
@@ -47,6 +47,8 @@ reload_modules = { "groups", "tls" }
 groups_file = "${prosody_roster_path}"
 
 s2s_secure_auth = true
+c2s_direct_tls_ports = { ${prosody_c2s_tls_port} }
+s2s_direct_tls_ports = { ${prosody_s2s_tls_port} }
 
 limits = {
   c2s = {
diff --git a/files/usr/local/etc/rspamd/local.d/logging.inc.smtp_server b/files/usr/local/etc/rspamd/local.d/logging.inc.smtp_server
index 7e38af5..da081e0 100644
--- a/files/usr/local/etc/rspamd/local.d/logging.inc.smtp_server
+++ b/files/usr/local/etc/rspamd/local.d/logging.inc.smtp_server
@@ -1,2 +1,2 @@
 type = syslog;
-facility = mail;
+facility = daemon;
diff --git a/files/usr/local/etc/xdg/kdeglobals.desktop b/files/usr/local/etc/xdg/kdeglobals.desktop
new file mode 100644
index 0000000..5d121aa
--- /dev/null
+++ b/files/usr/local/etc/xdg/kdeglobals.desktop
@@ -0,0 +1,5 @@
+# Broken with consolekit: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=221452
+# VT switch causes loss of graphics acceleration: https://github.com/freebsd/drm-kmod/issues/175
+[KDE Action Restrictions]
+action/start_new_session=false
+action/switch_user=false
diff --git a/files/usr/local/etc/xdg/kdeglobals.laptop b/files/usr/local/etc/xdg/kdeglobals.laptop
new file mode 120000
index 0000000..9c8c680
--- /dev/null
+++ b/files/usr/local/etc/xdg/kdeglobals.laptop
@@ -0,0 +1 @@
+kdeglobals.desktop
\ No newline at end of file
diff --git a/files/usr/local/etc/xdg/kdeglobals.roadwarrior_laptop b/files/usr/local/etc/xdg/kdeglobals.roadwarrior_laptop
new file mode 120000
index 0000000..9c8c680
--- /dev/null
+++ b/files/usr/local/etc/xdg/kdeglobals.roadwarrior_laptop
@@ -0,0 +1 @@
+kdeglobals.desktop
\ No newline at end of file
-- 
cgit v1.2.3