From 5ef2aed3f3961b72699d9881ed09560f4d01371a Mon Sep 17 00:00:00 2001 From: Cullum Smith Date: Fri, 18 Oct 2024 16:44:57 -0400 Subject: Tons of desktop fixes --- files/etc/cron.d/unbound.idm_server | 2 + files/etc/exports.common | 2 - files/etc/exports.nfs_server | 2 + files/etc/login.conf.desktop | 2 +- files/etc/pam.d/cups.cups_server | 12 +- files/etc/pam.d/kde.freebsd | 7 +- files/etc/pam.d/login.freebsd | 16 ++ files/etc/pam.d/sddm.freebsd | 23 +-- files/etc/pam.d/sshd.freebsd | 20 +-- files/etc/pam.d/sudo.freebsd | 8 +- files/etc/profile.d/kde.sh.common | 6 - files/etc/profile.d/kde.sh.desktop | 6 + files/etc/profile.d/kde.sh.laptop | 1 + files/etc/profile.d/kde.sh.roadwarrior_laptop | 1 + .../local/etc/X11/xorg.conf.d/terminus.conf.common | 3 - .../etc/X11/xorg.conf.d/terminus.conf.desktop | 3 + .../local/etc/X11/xorg.conf.d/terminus.conf.laptop | 1 + .../xorg.conf.d/terminus.conf.roadwarrior_laptop | 1 + .../chromium/policies/managed/policies.json.common | 96 ------------ .../policies/managed/policies.json.desktop | 99 +++++++++++++ .../chromium/policies/managed/policies.json.laptop | 1 + .../managed/policies.json.roadwarrior_laptop | 1 + files/usr/local/etc/cups/client.conf.desktop | 3 + files/usr/local/etc/cups/client.conf.laptop | 1 + .../local/etc/cups/client.conf.roadwarrior_laptop | 1 + files/usr/local/etc/cups/cupsd.conf.cups_server | 4 - .../local/etc/poudriere.d/make.conf.pkg_repository | 4 + .../local/etc/poudriere.d/pkglist.pkg_repository | 11 +- files/usr/local/etc/sddm.conf.common | 9 -- files/usr/local/etc/sddm.conf.desktop | 9 ++ files/usr/local/etc/sddm.conf.laptop | 1 + files/usr/local/etc/sddm.conf.roadwarrior_laptop | 1 + .../autostart/nss-trust-root-ca.desktop.desktop | 6 + .../xdg/autostart/nss-trust-root-ca.desktop.laptop | 1 + .../nss-trust-root-ca.desktop.roadwarrior_laptop | 1 + .../plasma-workspace/shutdown/cleanup.sh.common | 4 - .../plasma-workspace/shutdown/cleanup.sh.desktop | 7 + .../plasma-workspace/shutdown/cleanup.sh.laptop | 1 + .../shutdown/cleanup.sh.roadwarrior_laptop | 1 + .../lib/firefox/distribution/policies.json.common | 159 -------------------- .../lib/firefox/distribution/policies.json.desktop | 162 +++++++++++++++++++++ .../lib/firefox/distribution/policies.json.laptop | 1 + .../distribution/policies.json.roadwarrior_laptop | 1 + .../local/lib/libreoffice/program/sofficerc.common | 18 --- .../lib/libreoffice/program/sofficerc.desktop | 18 +++ .../local/lib/libreoffice/program/sofficerc.laptop | 1 + .../program/sofficerc.roadwarrior_laptop | 1 + .../idm-update-unbound-blocklists.idm_server | 41 ++++-- files/usr/local/libexec/nss-trust-root-ca.common | 16 ++ .../local/libexec/pam-create-local-homedir.common | 9 +- .../applications/signal-desktop.desktop.common | 12 -- .../applications/chromium-browser.desktop.desktop | 11 ++ .../applications/chromium-browser.desktop.laptop | 1 + .../chromium-browser.desktop.roadwarrior_laptop | 1 + .../applications/signal-desktop.desktop.desktop | 12 ++ .../applications/signal-desktop.desktop.laptop | 1 + .../signal-desktop.desktop.roadwarrior_laptop | 1 + 57 files changed, 476 insertions(+), 368 deletions(-) create mode 100644 files/etc/cron.d/unbound.idm_server delete mode 100644 files/etc/exports.common create mode 100644 files/etc/exports.nfs_server create mode 100644 files/etc/pam.d/login.freebsd delete mode 100644 files/etc/profile.d/kde.sh.common create mode 100644 files/etc/profile.d/kde.sh.desktop create mode 120000 files/etc/profile.d/kde.sh.laptop create mode 120000 files/etc/profile.d/kde.sh.roadwarrior_laptop delete mode 100644 files/usr/local/etc/X11/xorg.conf.d/terminus.conf.common create mode 100644 files/usr/local/etc/X11/xorg.conf.d/terminus.conf.desktop create mode 120000 files/usr/local/etc/X11/xorg.conf.d/terminus.conf.laptop create mode 120000 files/usr/local/etc/X11/xorg.conf.d/terminus.conf.roadwarrior_laptop delete mode 100644 files/usr/local/etc/chromium/policies/managed/policies.json.common create mode 100644 files/usr/local/etc/chromium/policies/managed/policies.json.desktop create mode 120000 files/usr/local/etc/chromium/policies/managed/policies.json.laptop create mode 120000 files/usr/local/etc/chromium/policies/managed/policies.json.roadwarrior_laptop create mode 100644 files/usr/local/etc/cups/client.conf.desktop create mode 120000 files/usr/local/etc/cups/client.conf.laptop create mode 120000 files/usr/local/etc/cups/client.conf.roadwarrior_laptop delete mode 100644 files/usr/local/etc/sddm.conf.common create mode 100644 files/usr/local/etc/sddm.conf.desktop create mode 120000 files/usr/local/etc/sddm.conf.laptop create mode 120000 files/usr/local/etc/sddm.conf.roadwarrior_laptop create mode 100644 files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.desktop create mode 120000 files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.laptop create mode 120000 files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.roadwarrior_laptop delete mode 100644 files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.common create mode 100644 files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.desktop create mode 120000 files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.laptop create mode 120000 files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.roadwarrior_laptop delete mode 100644 files/usr/local/lib/firefox/distribution/policies.json.common create mode 100644 files/usr/local/lib/firefox/distribution/policies.json.desktop create mode 120000 files/usr/local/lib/firefox/distribution/policies.json.laptop create mode 120000 files/usr/local/lib/firefox/distribution/policies.json.roadwarrior_laptop delete mode 100644 files/usr/local/lib/libreoffice/program/sofficerc.common create mode 100644 files/usr/local/lib/libreoffice/program/sofficerc.desktop create mode 120000 files/usr/local/lib/libreoffice/program/sofficerc.laptop create mode 120000 files/usr/local/lib/libreoffice/program/sofficerc.roadwarrior_laptop create mode 100644 files/usr/local/libexec/nss-trust-root-ca.common delete mode 100644 files/usr/local/override/applications/signal-desktop.desktop.common create mode 100644 files/usr/local/share-override/applications/chromium-browser.desktop.desktop create mode 120000 files/usr/local/share-override/applications/chromium-browser.desktop.laptop create mode 120000 files/usr/local/share-override/applications/chromium-browser.desktop.roadwarrior_laptop create mode 100644 files/usr/local/share-override/applications/signal-desktop.desktop.desktop create mode 120000 files/usr/local/share-override/applications/signal-desktop.desktop.laptop create mode 120000 files/usr/local/share-override/applications/signal-desktop.desktop.roadwarrior_laptop (limited to 'files') diff --git a/files/etc/cron.d/unbound.idm_server b/files/etc/cron.d/unbound.idm_server new file mode 100644 index 0000000..56d8809 --- /dev/null +++ b/files/etc/cron.d/unbound.idm_server @@ -0,0 +1,2 @@ +MAILTO=root +@daily ${unbound_user} /usr/local/libexec/idm-update-unbound-blocklists ${unbound_blocklist_url_file} ${unbound_whitelist_file} ${unbound_blocklist_dir} diff --git a/files/etc/exports.common b/files/etc/exports.common deleted file mode 100644 index 4ea7fd2..0000000 --- a/files/etc/exports.common +++ /dev/null @@ -1,2 +0,0 @@ -V4: ${nfs_root} -# The default is to not export anything. diff --git a/files/etc/exports.nfs_server b/files/etc/exports.nfs_server new file mode 100644 index 0000000..4ea7fd2 --- /dev/null +++ b/files/etc/exports.nfs_server @@ -0,0 +1,2 @@ +V4: ${nfs_root} +# The default is to not export anything. diff --git a/files/etc/login.conf.desktop b/files/etc/login.conf.desktop index 558c80a..919a887 100644 --- a/files/etc/login.conf.desktop +++ b/files/etc/login.conf.desktop @@ -2,7 +2,7 @@ default:\\ :passwd_format=sha512:\\ :copyright=/etc/COPYRIGHT:\\ :welcome=/var/run/motd:\\ - :setenv=BLOCKSIZE=K,XDG_DATA_DIRS=/usr/local/override\\c/usr/local/share,XDG_DATA_HOME=/usr/local/home/\$/.local/share,XDG_STATE_HOME=/usr/local/home/\$/.local/state,XDG_CACHE_HOME=/usr/local/home/\$/.cache,XDG_CONFIG_HOME=/usr/local/home/\$/.config,KDEHOME=/usr/local/home/\$/.kde:\\ + :setenv=BLOCKSIZE=K,XDG_DATA_DIRS=${xdg_override_dir}\\c/usr/local/share,XDG_DATA_HOME=/usr/local/home/\$/.local/share,XDG_STATE_HOME=/usr/local/home/\$/.local/state,XDG_CACHE_HOME=/usr/local/home/\$/.cache,XDG_CONFIG_HOME=/usr/local/home/\$/.config,KDEHOME=/usr/local/home/\$/.kde:\\ :mail=/var/mail/\$:\\ :path=/sbin /bin /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin ~/bin:\\ :nologin=/var/run/nologin:\\ diff --git a/files/etc/pam.d/cups.cups_server b/files/etc/pam.d/cups.cups_server index b61c074..03c2763 100644 --- a/files/etc/pam.d/cups.cups_server +++ b/files/etc/pam.d/cups.cups_server @@ -1,8 +1,6 @@ -# auth -auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass -auth required pam_unix.so no_warn try_first_pass +auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass +auth required pam_unix.so no_warn try_first_pass -# account -account required /usr/local/lib/security/pam_krb5.so -account required pam_login_access.so -account required pam_unix.so +account required /usr/local/lib/security/pam_krb5.so +account required pam_login_access.so +account required pam_unix.so diff --git a/files/etc/pam.d/kde.freebsd b/files/etc/pam.d/kde.freebsd index 2604c78..8f87b98 100644 --- a/files/etc/pam.d/kde.freebsd +++ b/files/etc/pam.d/kde.freebsd @@ -1,2 +1,5 @@ -auth required /usr/local/lib/security/pam_krb5.so try_first_pass -account required /usr/local/lib/security/pam_krb5.so +auth required /usr/local/lib/security/pam_krb5.so try_first_pass + +account required /usr/local/lib/security/pam_krb5.so +account required pam_login_access.so +account required pam_unix.so diff --git a/files/etc/pam.d/login.freebsd b/files/etc/pam.d/login.freebsd new file mode 100644 index 0000000..164fcb0 --- /dev/null +++ b/files/etc/pam.d/login.freebsd @@ -0,0 +1,16 @@ +auth sufficient pam_self.so no_warn +auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass +auth required pam_unix.so no_warn try_first_pass nullok + +account requisite pam_securetty.so +account required pam_nologin.so +account required /usr/local/lib/security/pam_krb5.so +account required pam_login_access.so +account required pam_unix.so + +session required pam_lastlog.so no_fail +session required pam_xdg.so +session required /usr/local/lib/security/pam_krb5.so + +password sufficient /usr/local/lib/security/pam_krb5.so try_first_pass +password required pam_unix.so no_warn try_first_pass diff --git a/files/etc/pam.d/sddm.freebsd b/files/etc/pam.d/sddm.freebsd index ef359ff..6a75823 100644 --- a/files/etc/pam.d/sddm.freebsd +++ b/files/etc/pam.d/sddm.freebsd @@ -2,15 +2,20 @@ # try multiple authentication sources (like krb5 but fall back to pam_unix) # if we want pam_kwallet5 to execute. # Hence, for sddm, we try krb5 only (no local accounts). -auth required /usr/local/lib/security/pam_krb5.so try_first_pass -auth optional pam_exec.so /usr/local/libexec/pam-create-local-homedir -auth optional pam_kwallet5.so +auth sufficient pam_self.so no_warn +auth required /usr/local/lib/security/pam_krb5.so try_first_pass +auth optional pam_exec.so /usr/local/libexec/pam-create-local-homedir +auth optional pam_kwallet5.so -account required /usr/local/lib/security/pam_krb5.so -account required pam_login_access.so -account required pam_unix.so +account requisite pam_securetty.so +account required pam_nologin.so +account required /usr/local/lib/security/pam_krb5.so +account required pam_login_access.so +account required pam_unix.so -session required pam_lastlog.so no_fail -session optional pam_kwallet5.so auto_start +session required pam_lastlog.so no_fail +session required pam_xdg.so no_fail +session required /usr/local/lib/security/pam_krb5.so +session optional pam_kwallet5.so auto_start -password required /usr/local/lib/security/pam_krb5.so try_first_pass +password required /usr/local/lib/security/pam_krb5.so try_first_pass diff --git a/files/etc/pam.d/sshd.freebsd b/files/etc/pam.d/sshd.freebsd index 57b281b..559a980 100644 --- a/files/etc/pam.d/sshd.freebsd +++ b/files/etc/pam.d/sshd.freebsd @@ -1,17 +1,13 @@ -# auth -auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass -auth required pam_unix.so no_warn try_first_pass +auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass +auth required pam_unix.so no_warn try_first_pass -# account -account required pam_nologin.so -account required /usr/local/lib/security/pam_krb5.so -account required pam_login_access.so -account required pam_unix.so +account required pam_nologin.so +account required /usr/local/lib/security/pam_krb5.so +account required pam_login_access.so +account required pam_unix.so -# session -session required /usr/local/lib/security/pam_krb5.so -session required pam_permit.so +session required /usr/local/lib/security/pam_krb5.so +session required pam_permit.so -# password password sufficient /usr/local/lib/security/pam_krb5.so try_first_pass password required pam_unix.so no_warn try_first_pass diff --git a/files/etc/pam.d/sudo.freebsd b/files/etc/pam.d/sudo.freebsd index 425bf4e..6a6b0a4 100644 --- a/files/etc/pam.d/sudo.freebsd +++ b/files/etc/pam.d/sudo.freebsd @@ -1,15 +1,11 @@ -# auth -auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass -auth required pam_unix.so no_warn try_first_pass +auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass +auth required pam_unix.so no_warn try_first_pass -# account account required /usr/local/lib/security/pam_krb5.so account required pam_login_access.so account required pam_unix.so -# session account required pam_permit.so -# password password sufficient /usr/local/lib/security/pam_krb5.so try_first_pass password required pam_unix.so no_warn try_first_pass diff --git a/files/etc/profile.d/kde.sh.common b/files/etc/profile.d/kde.sh.common deleted file mode 100644 index 010d5c1..0000000 --- a/files/etc/profile.d/kde.sh.common +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - -if [ "$XDG_CURRENT_DESKTOP" = KDE ]; then - export SSH_ASKPASS_REQUIRE=prefer - export SSH_ASKPASS=/usr/local/bin/ksshaskpass -fi diff --git a/files/etc/profile.d/kde.sh.desktop b/files/etc/profile.d/kde.sh.desktop new file mode 100644 index 0000000..010d5c1 --- /dev/null +++ b/files/etc/profile.d/kde.sh.desktop @@ -0,0 +1,6 @@ +#!/bin/sh + +if [ "$XDG_CURRENT_DESKTOP" = KDE ]; then + export SSH_ASKPASS_REQUIRE=prefer + export SSH_ASKPASS=/usr/local/bin/ksshaskpass +fi diff --git a/files/etc/profile.d/kde.sh.laptop b/files/etc/profile.d/kde.sh.laptop new file mode 120000 index 0000000..a248985 --- /dev/null +++ b/files/etc/profile.d/kde.sh.laptop @@ -0,0 +1 @@ +kde.sh.desktop \ No newline at end of file diff --git a/files/etc/profile.d/kde.sh.roadwarrior_laptop b/files/etc/profile.d/kde.sh.roadwarrior_laptop new file mode 120000 index 0000000..a248985 --- /dev/null +++ b/files/etc/profile.d/kde.sh.roadwarrior_laptop @@ -0,0 +1 @@ +kde.sh.desktop \ No newline at end of file diff --git a/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.common b/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.common deleted file mode 100644 index d0bb2ae..0000000 --- a/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.common +++ /dev/null @@ -1,3 +0,0 @@ -Section "Files" - FontPath "/usr/local/share/fonts/terminus-font/" -EndSection diff --git a/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.desktop b/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.desktop new file mode 100644 index 0000000..d0bb2ae --- /dev/null +++ b/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.desktop @@ -0,0 +1,3 @@ +Section "Files" + FontPath "/usr/local/share/fonts/terminus-font/" +EndSection diff --git a/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.laptop b/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.laptop new file mode 120000 index 0000000..6c13c1d --- /dev/null +++ b/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.laptop @@ -0,0 +1 @@ +terminus.conf.desktop \ No newline at end of file diff --git a/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.roadwarrior_laptop b/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.roadwarrior_laptop new file mode 120000 index 0000000..6c13c1d --- /dev/null +++ b/files/usr/local/etc/X11/xorg.conf.d/terminus.conf.roadwarrior_laptop @@ -0,0 +1 @@ +terminus.conf.desktop \ No newline at end of file diff --git a/files/usr/local/etc/chromium/policies/managed/policies.json.common b/files/usr/local/etc/chromium/policies/managed/policies.json.common deleted file mode 100644 index 0e57885..0000000 --- a/files/usr/local/etc/chromium/policies/managed/policies.json.common +++ /dev/null @@ -1,96 +0,0 @@ -{ - "AdvancedProtectionAllowed": false, - "AlternateErrorPagesEnabled": false, - "AutofillCreditCardEnabled": false, - "AuthNegotiateDelegateAllowlist": "*.${domain}", - "AuthServerAllowlist": "*.${domain}", - "BackgroundModeEnabled": false, - "BlockThirdPartyCookies": true, - "BrowserGuestModeEnabled": false, - "BrowserLabsEnabled": false, - "BrowserNetworkTimeQueriesEnabled": false, - "BrowserSignin": 0, - "CloudPrintProxyEnabled": false, - "CloudReportingEnabled": false, - "DefaultBrowserSettingEnabled": false, - "DefaultCookiesSetting": 1, - "DefaultSearchProviderEnabled": true, - "DefaultSearchProviderName": "DuckDuckGo", - "DefaultSearchProviderIconURL": "https://duckduckgo.com/favicon.ico", - "DefaultSearchProviderEncodings": [ - "UTF-8" - ], - "DefaultSearchProviderSearchURL": "https://duckduckgo.com/?q={searchTerms}", - "DefaultSearchProviderSuggestURL":"https://duckduckgo.com/ac/?q={searchTerms}&type=list", - "DefaultSearchProviderNewTabURL":"https://duckduckgo.com/chrome_newtab", - "DnsOverHttpsMode": "off", - "EnableAuthNegotiatePort": true, - "EnableMediaRouter": false, - "MetricsReportingEnabled": false, - "NetworkPredictionOptions": 2, - "PasswordManagerEnabled": false, - "PaymentMethodQueryEnabled": false, - "PrivacySandboxAdMeasurementEnabled": false, - "PrivacySandboxAdTopicsEnabled": false, - "PrivacySandboxPromptEnabled": false, - "PrivacySandboxSiteEnabledAdsEnabled": false, - "PromotionalTabsEnabled": false, - "SafeBrowsingProtectionLevel": 0, - "SearchSuggestEnabled": false, - "SyncDisabled": true, - "TranslateEnabled": false, - "UrlKeyedAnonymizedDataCollectionEnabled": false, - "ManagedBookmarks": [ - { - "toplevel_name": "Internal" - }, - { - "name": "Poudriere", - "url": "http://pkg.${domain}/poudriere" - } - ], - "ExtensionSettings": { - "cjpalhdlnbpafiamejdnhcphjbkeiagm": { - "installation_mode": "force_installed", - "update_url": "https://clients2.google.com/service/update2/crx" - }, - "nngceckbapebfimnlniiiahkandclblb": { - "installation_mode": "normal_installed", - "update_url": "https://clients2.google.com/service/update2/crx" - }, - "cimiefiiaegbelhefglklhhakcgmhkai": { - "installation_mode": "$(if [ "${desktop_type:-}" = kde ]; then echo normal_installed; else echo allowed; fi)", - "update_url": "https://clients2.google.com/service/update2/crx" - } - }, - "3rdparty": { - "extensions": { - "cjpalhdlnbpafiamejdnhcphjbkeiagm": { - "toOverwrite": { - "filterLists": [ - "user-filters", - "ublock-filters", - "ublock-badware", - "ublock-privacy", - "ublock-abuse", - "ublock-unbreak", - "ublock-annoyances", - "easylist", - "easyprivacy", - "urlhaus-1", - "plowe-0", - "fanboy-annoyance", - "fanboy-thirdparty_social", - "adguard-spyware-url", - "ublock-quick-fixes" - ] - }, - "toAdd": { - "trustedSiteDirectives": [ - "${domain}" - ] - } - } - } - } -} diff --git a/files/usr/local/etc/chromium/policies/managed/policies.json.desktop b/files/usr/local/etc/chromium/policies/managed/policies.json.desktop new file mode 100644 index 0000000..93544cf --- /dev/null +++ b/files/usr/local/etc/chromium/policies/managed/policies.json.desktop @@ -0,0 +1,99 @@ +{ + "AdvancedProtectionAllowed": false, + "AlternateErrorPagesEnabled": false, + "AutofillCreditCardEnabled": false, + "AuthNegotiateDelegateAllowlist": "*.${domain}", + "AuthServerAllowlist": "*.${domain}", + "BackgroundModeEnabled": false, + "BlockThirdPartyCookies": true, + "BrowserGuestModeEnabled": false, + "BrowserLabsEnabled": false, + "BrowserNetworkTimeQueriesEnabled": false, + "BrowserSignin": 0, + "CloudPrintProxyEnabled": false, + "CloudReportingEnabled": false, + "DefaultBrowserSettingEnabled": false, + "DefaultCookiesSetting": 1, + "DefaultSearchProviderEnabled": true, + "DefaultSearchProviderName": "DuckDuckGo", + "DefaultSearchProviderIconURL": "https://duckduckgo.com/favicon.ico", + "DefaultSearchProviderEncodings": [ + "UTF-8" + ], + "DefaultSearchProviderSearchURL": "https://duckduckgo.com/?q={searchTerms}", + "DefaultSearchProviderSuggestURL":"https://duckduckgo.com/ac/?q={searchTerms}&type=list", + "DefaultSearchProviderNewTabURL":"https://duckduckgo.com/chrome_newtab", + "DnsOverHttpsMode": "off", + "EnableAuthNegotiatePort": true, + "EnableMediaRouter": false, + "MetricsReportingEnabled": false, + "NetworkPredictionOptions": 2, + "PasswordManagerEnabled": false, + "PaymentMethodQueryEnabled": false, + "PrivacySandboxAdMeasurementEnabled": false, + "PrivacySandboxAdTopicsEnabled": false, + "PrivacySandboxPromptEnabled": false, + "PrivacySandboxSiteEnabledAdsEnabled": false, + "PromotionalTabsEnabled": false, + "SafeBrowsingProtectionLevel": 0, + "SearchSuggestEnabled": false, + "SyncDisabled": true, + "TranslateEnabled": false, + "UrlKeyedAnonymizedDataCollectionEnabled": false, + "ManagedBookmarks": [ + { + "toplevel_name": "Internal" + }, + { + "name": "Poudriere", + "url": "http://pkg.${domain}/poudriere" + } + ], + "ExtensionSettings": { + "cjpalhdlnbpafiamejdnhcphjbkeiagm": { + "installation_mode": "force_installed", + "update_url": "https://clients2.google.com/service/update2/crx" + }, + "nngceckbapebfimnlniiiahkandclblb": { + "installation_mode": "normal_installed", + "update_url": "https://clients2.google.com/service/update2/crx" + }, + "cimiefiiaegbelhefglklhhakcgmhkai": { + "installation_mode": "$(if [ "${desktop_type:-}" = kde ]; then echo normal_installed; else echo allowed; fi)", + "update_url": "https://clients2.google.com/service/update2/crx" + } + }, + "3rdparty": { + "extensions": { + "cjpalhdlnbpafiamejdnhcphjbkeiagm": { + "toOverwrite": { + "selectedFilterLists": [ + "user-filters", + "ublock-filters", + "ublock-badware", + "ublock-privacy", + "ublock-abuse", + "ublock-unbreak", + "ublock-annoyances", + "ublock-cookies-easylist", + "fanboy-cookiemonster", + "easylist", + "easyprivacy", + "urlhaus-1", + "plowe-0", + "fanboy-annoyance", + "fanboy-social", + "fanboy-thirdparty_social", + "adguard-spyware-url", + "ublock-quick-fixes" + ] + }, + "toAdd": { + "trustedSiteDirectives": [ + "$(join '","' "$domain" $ublock_whitelist)" + ] + } + } + } + } +} diff --git a/files/usr/local/etc/chromium/policies/managed/policies.json.laptop b/files/usr/local/etc/chromium/policies/managed/policies.json.laptop new file mode 120000 index 0000000..93bcb92 --- /dev/null +++ b/files/usr/local/etc/chromium/policies/managed/policies.json.laptop @@ -0,0 +1 @@ +policies.json.desktop \ No newline at end of file diff --git a/files/usr/local/etc/chromium/policies/managed/policies.json.roadwarrior_laptop b/files/usr/local/etc/chromium/policies/managed/policies.json.roadwarrior_laptop new file mode 120000 index 0000000..93bcb92 --- /dev/null +++ b/files/usr/local/etc/chromium/policies/managed/policies.json.roadwarrior_laptop @@ -0,0 +1 @@ +policies.json.desktop \ No newline at end of file diff --git a/files/usr/local/etc/cups/client.conf.desktop b/files/usr/local/etc/cups/client.conf.desktop new file mode 100644 index 0000000..833b533 --- /dev/null +++ b/files/usr/local/etc/cups/client.conf.desktop @@ -0,0 +1,3 @@ +ServerName ${cups_host}.${domain}:631 +Encryption Required +ValidateCerts Yes diff --git a/files/usr/local/etc/cups/client.conf.laptop b/files/usr/local/etc/cups/client.conf.laptop new file mode 120000 index 0000000..9644ac0 --- /dev/null +++ b/files/usr/local/etc/cups/client.conf.laptop @@ -0,0 +1 @@ +client.conf.desktop \ No newline at end of file diff --git a/files/usr/local/etc/cups/client.conf.roadwarrior_laptop b/files/usr/local/etc/cups/client.conf.roadwarrior_laptop new file mode 120000 index 0000000..9644ac0 --- /dev/null +++ b/files/usr/local/etc/cups/client.conf.roadwarrior_laptop @@ -0,0 +1 @@ +client.conf.desktop \ No newline at end of file diff --git a/files/usr/local/etc/cups/cupsd.conf.cups_server b/files/usr/local/etc/cups/cupsd.conf.cups_server index 25e2107..e5d90c2 100644 --- a/files/usr/local/etc/cups/cupsd.conf.cups_server +++ b/files/usr/local/etc/cups/cupsd.conf.cups_server @@ -11,7 +11,6 @@ MaxLogSize 1m # Default error policy for printers ErrorPolicy retry-job -# Only listen for connections from the local machine. Listen 80 Listen 631 Listen /var/run/cups/cups.sock @@ -29,9 +28,6 @@ DefaultEncryption Required # Web interface setting... WebInterface Yes -# Timeout after cupsd exits if idle (applied only if cupsd runs on-demand - with -l) -IdleExitTimeout 60 - # Restrict access to the server... Order allow,deny diff --git a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository index bc8f89c..3e612a0 100644 --- a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository +++ b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository @@ -14,6 +14,8 @@ databases_luadbi_SET=PGSQL databases_postgresql${postgresql_version}-client_SET=PAM LDAP databases_postgresql${postgresql_version}-server_SET=PAM LDAP devel_apr1_SET=LDAP +devel_electron30_SET=PULSEAUDIO +devel_electron30_UNSET=SNDIO devel_gitolite_SET=GITUSER devel_kio-extras_UNSET=AFC devel_librelp_UNSET=GNUTLS @@ -40,9 +42,11 @@ mail_mutt_UNSET=HTML mail_postfix_SET=LDAP SASL SASLKRB5 mail_rspamd_SET=HYPERSCAN misc_kdeutils_UNSET=KFLOPPY KTEATIME +multimedia_audacious_plugins_SET=LAME multimedia_ffmpeg_SET=OPENSSL multimedia_ffmpeg_UNSET=GNUTLS multimedia_kdemultimedia_UNSET=KDENLIVE +multimedia_pipewire_UNSET=JACK multimedia_qt6-multimedia_SET=ALSA multimedia_vlc_SET=FLAC MPEG2 X264 X265 VPX DCA FAAD AOM multimedia_webcamd_UNSET=DVB INPUT RADIO diff --git a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository index 2740c85..866c358 100644 --- a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository +++ b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository @@ -3,6 +3,7 @@ archivers/php${php_version}-phar archivers/php${php_version}-zip archivers/unzip archivers/zip +audio/elisa audio/juk audio/kid3 audio/kmix @@ -19,6 +20,7 @@ databases/postgresql${postgresql_version}-server databases/redis devel/ccache devel/cgit +devel/electron30 devel/git@lite devel/gitolite devel/php${php_version}-gettext @@ -58,9 +60,13 @@ mail/postfix mail/rspamd mail/sieve-connect misc/php${php_version}-calendar -multimedia/audacious +multimedia/audacious-plugins@qt5 +multimedia/audacious@qt5 multimedia/libva-intel-media-driver +multimedia/libva-utils +multimedia/libvdpau-va-gl multimedia/makemkv +multimedia/vdpauinfo multimedia/v4l-utils multimedia/v4l_compat multimedia/webcamd @@ -96,9 +102,11 @@ security/openssh-portable security/pam_krb5@mit security/pam_mkhomedir security/php${php_version}-filter +security/py-omemo-dr security/sshpass security/sudo security/vaultwarden +sysutils/cpu-microcode sysutils/htop sysutils/k3b sysutils/lsof @@ -138,6 +146,7 @@ x11-fonts/terminus-font x11-fonts/terminus-ttf x11-fonts/ubuntu-font x11-fonts/webfonts +x11-toolkits/gtksourceview4 x11/kde5 x11/sddm x11/xev diff --git a/files/usr/local/etc/sddm.conf.common b/files/usr/local/etc/sddm.conf.common deleted file mode 100644 index 09c2000..0000000 --- a/files/usr/local/etc/sddm.conf.common +++ /dev/null @@ -1,9 +0,0 @@ -[General] -DisplayServer = x11 - -[Wayland] -SessionDir = /dev/null - -[Users] -MinimumUid = ${sddm_min_uid} -MaximumUid = ${sddm_max_uid} diff --git a/files/usr/local/etc/sddm.conf.desktop b/files/usr/local/etc/sddm.conf.desktop new file mode 100644 index 0000000..09c2000 --- /dev/null +++ b/files/usr/local/etc/sddm.conf.desktop @@ -0,0 +1,9 @@ +[General] +DisplayServer = x11 + +[Wayland] +SessionDir = /dev/null + +[Users] +MinimumUid = ${sddm_min_uid} +MaximumUid = ${sddm_max_uid} diff --git a/files/usr/local/etc/sddm.conf.laptop b/files/usr/local/etc/sddm.conf.laptop new file mode 120000 index 0000000..a2aa201 --- /dev/null +++ b/files/usr/local/etc/sddm.conf.laptop @@ -0,0 +1 @@ +sddm.conf.desktop \ No newline at end of file diff --git a/files/usr/local/etc/sddm.conf.roadwarrior_laptop b/files/usr/local/etc/sddm.conf.roadwarrior_laptop new file mode 120000 index 0000000..a2aa201 --- /dev/null +++ b/files/usr/local/etc/sddm.conf.roadwarrior_laptop @@ -0,0 +1 @@ +sddm.conf.desktop \ No newline at end of file diff --git a/files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.desktop b/files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.desktop new file mode 100644 index 0000000..43d85fb --- /dev/null +++ b/files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.desktop @@ -0,0 +1,6 @@ +[Desktop Entry] +Type=Application +Name=Add site root CA to user NSS database. +Exec=/usr/local/libexec/nss-trust-root-ca +StartupNotify=false +NoDisplay=true diff --git a/files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.laptop b/files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.laptop new file mode 120000 index 0000000..8a3cf1a --- /dev/null +++ b/files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.laptop @@ -0,0 +1 @@ +nss-trust-root-ca.desktop.desktop \ No newline at end of file diff --git a/files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.roadwarrior_laptop b/files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.roadwarrior_laptop new file mode 120000 index 0000000..8a3cf1a --- /dev/null +++ b/files/usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop.roadwarrior_laptop @@ -0,0 +1 @@ +nss-trust-root-ca.desktop.desktop \ No newline at end of file diff --git a/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.common b/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.common deleted file mode 100644 index 1808561..0000000 --- a/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.common +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -pkill signal-desktop chrome baloo_file -pkill -f /usr/local/libexec/geoclue-2.0/demos/agent diff --git a/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.desktop b/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.desktop new file mode 100644 index 0000000..3d1e79e --- /dev/null +++ b/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.desktop @@ -0,0 +1,7 @@ +#!/bin/sh + +# Various processes seem to hang around after logging out of KDE sessions. +# Clean them up here. + +pkill signal-desktop chrome baloo_file dirmngr +pkill -f /usr/local/libexec/geoclue-2.0/demos/agent diff --git a/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.laptop b/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.laptop new file mode 120000 index 0000000..e2cb280 --- /dev/null +++ b/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.laptop @@ -0,0 +1 @@ +cleanup.sh.desktop \ No newline at end of file diff --git a/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.roadwarrior_laptop b/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.roadwarrior_laptop new file mode 120000 index 0000000..e2cb280 --- /dev/null +++ b/files/usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh.roadwarrior_laptop @@ -0,0 +1 @@ +cleanup.sh.desktop \ No newline at end of file diff --git a/files/usr/local/lib/firefox/distribution/policies.json.common b/files/usr/local/lib/firefox/distribution/policies.json.common deleted file mode 100644 index 425a6d6..0000000 --- a/files/usr/local/lib/firefox/distribution/policies.json.common +++ /dev/null @@ -1,159 +0,0 @@ -{ - "policies": { - "ExtensionSettings": { - "uBlock0@raymondhill.net": { - "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi", - "installation_mode": "force_installed" - }, - "{446900e4-71c2-419f-a6a7-df9c091e268b}": { - "install_url": "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi", - "installation_mode": "normal_installed" - }, - "{9cbd40c5-5275-443e-811b-dc57d8c7c5d2}": { - "install_url": "https://addons.mozilla.org/firefox/downloads/latest/kde-default-breeze/latest.xpi", - "installation_mode": "$(if [ "${desktop_type:-}" = kde ]; then echo 'normal_installed'; else echo 'allowed'; fi)" - }, - "plasma-browser-integration@kde.org": { - "install_url": "https://addons.mozilla.org/firefox/downloads/latest/plasma-integration/latest.xpi", - "installation_mode": "$(if [ "${desktop_type:-}" = kde ]; then echo normal_installed; else echo allowed; fi)" - } - }, - "3rdparty": { - "Extensions": { - "uBlock0@raymondhill.net": { - "toOverwrite": { - "filterLists": [ - "user-filters", - "ublock-filters", - "ublock-badware", - "ublock-privacy", - "ublock-abuse", - "ublock-unbreak", - "ublock-annoyances", - "easylist", - "easyprivacy", - "urlhaus-1", - "plowe-0", - "fanboy-annoyance", - "fanboy-thirdparty_social", - "adguard-spyware-url", - "ublock-quick-fixes" - ] - }, - "toAdd": { - "trustedSiteDirectives": [ - "${domain}" - ] - } - } - } - }, - "UserMessaging": { - "WhatsNew": false, - "ExtensionRecommendations": false, - "UrlbarInterventions": false, - "SkipOnboarding": true - }, - "OverridePostUpdatePage": "", - "OverrideFirstRunPage": "", - "EnableTrackingProtection": { - "Value": false, - "Cryptomining": false, - "Fingerprinting": false, - "Locked": false - }, - "Cookies": { - "Behavior": "reject-tracker-and-partition-foreign", - "BehaviorPrivateBrowsing": "reject-tracker-and-partition-foreign" - }, - "Authentication": { - "SPNEGO": ["${domain}"], - "AllowNonFQDN": { - "SPNEGO": true - }, - "AllowProxies": { - "SPNEGO": true - } - }, - "NoDefaultBookmarks": true, - "DisablePocket": true, - "DisableAppUpdate": true, - "CaptivePortal": false, - "Certificates": { - "Install": [ - "${site_cacert_path}" - ] - }, - "DisableFeedbackCommands": true, - "DisableFirefoxAccounts": true, - "DisableFirefoxStudies": true, - "DisableTelemetry": true, - "DontCheckDefaultBrowser": true, - "OfferToSaveLoginsDefault": false, - "DNSOverHTTPS": { - "Enabled": false - }, - "SearchSuggestEnabled": false, - "Homepage": { - "URL": "about:home", - "StartPage": "homepage" - }, - "FirefoxHome": { - "Search": true, - "TopSites": false, - "SponsoredTopSites": false, - "Highlights": false, - "Pocket": false, - "SponsoredPocket": false, - "Snippets": false - }, - "ManagedBookmarks": [ - { - "toplevel_name": "Intranet" - }, - { - "url": "http://pkg.${domain}/poudriere/", - "name": "Poudriere" - } - ], - "ExtensionUpdate": true, - "Preferences": { - "dom.security.https_only_mode": { - "Value": true, - "Status": "locked" - }, - "dom.push.connection.enabled": { - "Value": false, - "Status": "default" - }, - "privacy.trackingprotection.socialtracking.enabled": { - "Value": false, - "Status": "locked" - }, - "browser.urlbar.suggest.quicksuggest.nonsponsored": { - "Value": false, - "Status": "locked" - }, - "browser.urlbar.suggest.quicksuggest.sponsored": { - "Value": false, - "Status": "locked" - }, - "browser.toolbars.bookmarks.visibility": { - "Value": "newtab", - "Status": "default" - }, - "browser.safebrowsing.malware.enabled": { - "Value": false, - "Status": "locked" - }, - "browser.safebrowsing.phishing.enabled": { - "Value": false, - "Status": "locked" - }, - "browser.safebrowsing.downloads.enabled": { - "Value": false, - "Status": "locked" - } - } - } -} diff --git a/files/usr/local/lib/firefox/distribution/policies.json.desktop b/files/usr/local/lib/firefox/distribution/policies.json.desktop new file mode 100644 index 0000000..de93355 --- /dev/null +++ b/files/usr/local/lib/firefox/distribution/policies.json.desktop @@ -0,0 +1,162 @@ +{ + "policies": { + "ExtensionSettings": { + "uBlock0@raymondhill.net": { + "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi", + "installation_mode": "force_installed" + }, + "{446900e4-71c2-419f-a6a7-df9c091e268b}": { + "install_url": "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi", + "installation_mode": "normal_installed" + }, + "{9cbd40c5-5275-443e-811b-dc57d8c7c5d2}": { + "install_url": "https://addons.mozilla.org/firefox/downloads/latest/kde-default-breeze/latest.xpi", + "installation_mode": "$(if [ "${desktop_type:-}" = kde ]; then echo 'normal_installed'; else echo 'allowed'; fi)" + }, + "plasma-browser-integration@kde.org": { + "install_url": "https://addons.mozilla.org/firefox/downloads/latest/plasma-integration/latest.xpi", + "installation_mode": "$(if [ "${desktop_type:-}" = kde ]; then echo normal_installed; else echo allowed; fi)" + } + }, + "3rdparty": { + "Extensions": { + "uBlock0@raymondhill.net": { + "toOverwrite": { + "selectedFilterLists": [ + "user-filters", + "ublock-filters", + "ublock-badware", + "ublock-privacy", + "ublock-abuse", + "ublock-unbreak", + "ublock-annoyances", + "ublock-cookies-easylist", + "fanboy-cookiemonster", + "easylist", + "easyprivacy", + "urlhaus-1", + "plowe-0", + "fanboy-annoyance", + "fanboy-social", + "fanboy-thirdparty_social", + "adguard-spyware-url", + "ublock-quick-fixes" + ] + }, + "toAdd": { + "trustedSiteDirectives": [ + "$(join '","' "$domain" $ublock_whitelist)" + ] + } + } + } + }, + "UserMessaging": { + "WhatsNew": false, + "ExtensionRecommendations": false, + "UrlbarInterventions": false, + "SkipOnboarding": true + }, + "OverridePostUpdatePage": "", + "OverrideFirstRunPage": "", + "EnableTrackingProtection": { + "Value": false, + "Cryptomining": false, + "Fingerprinting": false, + "Locked": false + }, + "Cookies": { + "Behavior": "reject-tracker-and-partition-foreign", + "BehaviorPrivateBrowsing": "reject-tracker-and-partition-foreign" + }, + "Authentication": { + "SPNEGO": ["${domain}"], + "AllowNonFQDN": { + "SPNEGO": true + }, + "AllowProxies": { + "SPNEGO": true + } + }, + "NoDefaultBookmarks": true, + "DisablePocket": true, + "DisableAppUpdate": true, + "CaptivePortal": false, + "Certificates": { + "Install": [ + "${site_cacert_path}" + ] + }, + "DisableFeedbackCommands": true, + "DisableFirefoxAccounts": true, + "DisableFirefoxStudies": true, + "DisableTelemetry": true, + "DontCheckDefaultBrowser": true, + "OfferToSaveLoginsDefault": false, + "DNSOverHTTPS": { + "Enabled": false + }, + "SearchSuggestEnabled": false, + "Homepage": { + "URL": "about:home", + "StartPage": "homepage" + }, + "FirefoxHome": { + "Search": true, + "TopSites": false, + "SponsoredTopSites": false, + "Highlights": false, + "Pocket": false, + "SponsoredPocket": false, + "Snippets": false + }, + "ManagedBookmarks": [ + { + "toplevel_name": "Intranet" + }, + { + "url": "http://pkg.${domain}/poudriere/", + "name": "Poudriere" + } + ], + "ExtensionUpdate": true, + "Preferences": { + "dom.security.https_only_mode": { + "Value": true, + "Status": "locked" + }, + "dom.push.connection.enabled": { + "Value": false, + "Status": "default" + }, + "privacy.trackingprotection.socialtracking.enabled": { + "Value": false, + "Status": "locked" + }, + "browser.urlbar.suggest.quicksuggest.nonsponsored": { + "Value": false, + "Status": "locked" + }, + "browser.urlbar.suggest.quicksuggest.sponsored": { + "Value": false, + "Status": "locked" + }, + "browser.toolbars.bookmarks.visibility": { + "Value": "newtab", + "Status": "default" + }, + "browser.safebrowsing.malware.enabled": { + "Value": false, + "Status": "locked" + }, + "browser.safebrowsing.phishing.enabled": { + "Value": false, + "Status": "locked" + }, + "browser.safebrowsing.downloads.enabled": { + "Value": false, + "Status": "locked" + } + } + } +} diff --git a/files/usr/local/lib/firefox/distribution/policies.json.laptop b/files/usr/local/lib/firefox/distribution/policies.json.laptop new file mode 120000 index 0000000..93bcb92 --- /dev/null +++ b/files/usr/local/lib/firefox/distribution/policies.json.laptop @@ -0,0 +1 @@ +policies.json.desktop \ No newline at end of file diff --git a/files/usr/local/lib/firefox/distribution/policies.json.roadwarrior_laptop b/files/usr/local/lib/firefox/distribution/policies.json.roadwarrior_laptop new file mode 120000 index 0000000..93bcb92 --- /dev/null +++ b/files/usr/local/lib/firefox/distribution/policies.json.roadwarrior_laptop @@ -0,0 +1 @@ +policies.json.desktop \ No newline at end of file diff --git a/files/usr/local/lib/libreoffice/program/sofficerc.common b/files/usr/local/lib/libreoffice/program/sofficerc.common deleted file mode 100644 index 77574a4..0000000 --- a/files/usr/local/lib/libreoffice/program/sofficerc.common +++ /dev/null @@ -1,18 +0,0 @@ -[Bootstrap] -CrashDirectory=${$BRAND_BASE_DIR/program/bootstraprc:UserInstallation}/crash -CrashDumpEnable=true -HideEula=1 -Logo=0 -NativeProgress=false -ProgressBarColor=0,0,0 -ProgressFrameColor=102,102,102 -ProgressPosition=30,145 -ProgressSize=385,8 -ProgressTextBaseline=170 -ProgressTextColor=0,0,0 -SecureUserConfig=true -SecureUserConfigCompress=true -SecureUserConfigExtensions=true -SecureUserConfigMode=1 -SecureUserConfigNumCopies=2 -URE_BOOTSTRAP=${ORIGIN}/fundamentalrc diff --git a/files/usr/local/lib/libreoffice/program/sofficerc.desktop b/files/usr/local/lib/libreoffice/program/sofficerc.desktop new file mode 100644 index 0000000..77574a4 --- /dev/null +++ b/files/usr/local/lib/libreoffice/program/sofficerc.desktop @@ -0,0 +1,18 @@ +[Bootstrap] +CrashDirectory=${$BRAND_BASE_DIR/program/bootstraprc:UserInstallation}/crash +CrashDumpEnable=true +HideEula=1 +Logo=0 +NativeProgress=false +ProgressBarColor=0,0,0 +ProgressFrameColor=102,102,102 +ProgressPosition=30,145 +ProgressSize=385,8 +ProgressTextBaseline=170 +ProgressTextColor=0,0,0 +SecureUserConfig=true +SecureUserConfigCompress=true +SecureUserConfigExtensions=true +SecureUserConfigMode=1 +SecureUserConfigNumCopies=2 +URE_BOOTSTRAP=${ORIGIN}/fundamentalrc diff --git a/files/usr/local/lib/libreoffice/program/sofficerc.laptop b/files/usr/local/lib/libreoffice/program/sofficerc.laptop new file mode 120000 index 0000000..0d2b44a --- /dev/null +++ b/files/usr/local/lib/libreoffice/program/sofficerc.laptop @@ -0,0 +1 @@ +sofficerc.desktop \ No newline at end of file diff --git a/files/usr/local/lib/libreoffice/program/sofficerc.roadwarrior_laptop b/files/usr/local/lib/libreoffice/program/sofficerc.roadwarrior_laptop new file mode 120000 index 0000000..0d2b44a --- /dev/null +++ b/files/usr/local/lib/libreoffice/program/sofficerc.roadwarrior_laptop @@ -0,0 +1 @@ +sofficerc.desktop \ No newline at end of file diff --git a/files/usr/local/libexec/idm-update-unbound-blocklists.idm_server b/files/usr/local/libexec/idm-update-unbound-blocklists.idm_server index c33b909..381032d 100644 --- a/files/usr/local/libexec/idm-update-unbound-blocklists.idm_server +++ b/files/usr/local/libexec/idm-update-unbound-blocklists.idm_server @@ -3,8 +3,7 @@ set -eu -o pipefail prog=$(basename "$(readlink -f "$0")") -usage="${prog} BLOCKLIST_DIR - Blocklist URLs are read from stdin." +usage="${prog} URL_FILE WHITELIST_FILE BLOCKLIST_DIR" die() { printf '%s: %s\n' "$prog" "$*" 1>&2 @@ -16,17 +15,41 @@ usage(){ exit 2 } -[ $# -eq 1 ] || usage -case $1 in +case ${1:-} in -h|--help) usage ;; esac -[ -d "$1" ] || die "not a directory: ${1}" +[ $# -eq 3 ] || usage -cd "$1" +url_file=$1 +whitelist_file=$2 +blocklist_dir=$3 +[ -d "$blocklist_dir" ] || die "not a directory: ${blocklist_dir}" + +cd "$blocklist_dir" + +# Delete any existing zone files. find . -maxdepth 1 -type f -exec rm {} + -while read -r name url; do - [ -n "$url" ] && curl -sSfL -o "${name}.zone" "$url" -done +if grep -q '[^[:space:]]' "$whitelist_file"; then + # If the whitelist file is non empty, compute a regex. + while read -r pattern; do + [ -n "$pattern" ] || continue + whitelist_regex="${whitelist_regex:+"${whitelist_regex}|"}${pattern}" + done < "$whitelist_file" + + # For each blocklist url, download the blocklist and filter out the whitelist. + while read -r name url; do + [ -n "$url" ] && curl -sSfL "$url" | grep -Ev "^(.*\\.)?(${whitelist_regex})[[:space:]]" > "${name}.zone" + done < "$url_file" +else + # If no whitelist configured, just download each blocklist. + while read -r name url; do + [ -n "$url" ] && curl -sSfL -o "${name}.zone" "$url" + done < "$url_file" +fi + +# Try to reload unbound. +unbound_pidfile=$(/usr/local/sbin/unbound-checkconf -o pidfile /usr/local/etc/unbound/unbound.conf) +kill -HUP "$(cat "$unbound_pidfile")" ||: diff --git a/files/usr/local/libexec/nss-trust-root-ca.common b/files/usr/local/libexec/nss-trust-root-ca.common new file mode 100644 index 0000000..6a38a86 --- /dev/null +++ b/files/usr/local/libexec/nss-trust-root-ca.common @@ -0,0 +1,16 @@ +#!/bin/sh + +# Chromium no longer trusts the system certificate store. Instead, it uses the +# user's local NSS database, located at ~/.pki. +# +# This script adds our local root CA to the NSS DB, so that Chrome will trust it. + +cert_name="$(hostname -d) Root CA" +cert_path=/usr/local/etc/ssl/certs/ca.crt +nss_db_path="${HOME}/.pki/nssdb" + +mkdir -p "$nss_db_path" + +if ! certutil -d "sql:${nss_db_path}" -L -n "$cert_name" > /dev/null 2>&1; then + certutil -d "sql:${nss_db_path}" -A -t 'C,,' -n "$cert_name" -i "$cert_path" +fi diff --git a/files/usr/local/libexec/pam-create-local-homedir.common b/files/usr/local/libexec/pam-create-local-homedir.common index a956d65..2d30d06 100644 --- a/files/usr/local/libexec/pam-create-local-homedir.common +++ b/files/usr/local/libexec/pam-create-local-homedir.common @@ -1,10 +1,3 @@ #!/bin/sh -set -e - -uid=$(id -u "$PAM_USER") - -if [ "$uid" -ge 1000 ]; then - install -m 0755 -d /usr/local/home - install -o "$uid" -g "$uid" -m 0700 -d "/usr/local/home/${PAM_USER}" -fi +install -o "$PAM_USER" -g "$PAM_USER" -m 0700 -d "/usr/local/home/${PAM_USER}" diff --git a/files/usr/local/override/applications/signal-desktop.desktop.common b/files/usr/local/override/applications/signal-desktop.desktop.common deleted file mode 100644 index d0c9160..0000000 --- a/files/usr/local/override/applications/signal-desktop.desktop.common +++ /dev/null @@ -1,12 +0,0 @@ -[Desktop Entry] -Type=Application -Name=Signal -Comment=Signal - Private Messenger -Icon=signal-desktop -Exec=signal-desktop --use-tray-icon -- %u -Terminal=false -Categories=Network;InstantMessaging; -StartupWMClass=Signal -MimeType=x-scheme-handler/sgnl; -Keywords=sgnl;chat;im;messaging;messenger;sms;security;privat; -X-GNOME-UsesNotifications=true diff --git a/files/usr/local/share-override/applications/chromium-browser.desktop.desktop b/files/usr/local/share-override/applications/chromium-browser.desktop.desktop new file mode 100644 index 0000000..cb5a5bf --- /dev/null +++ b/files/usr/local/share-override/applications/chromium-browser.desktop.desktop @@ -0,0 +1,11 @@ +[Desktop Entry] +Type=Application +Version=1.0 +Encoding=UTF-8 +Name=Chromium +Comment=Google web browser based on WebKit +Icon=chrome +Exec=chrome ${chrome_flags} %U +Categories=Application;Network;WebBrowser; +MimeType=text/html;text/xml;application/xhtml+xml;x-scheme-handler/http;x-scheme-handler/https;x-scheme-handler/ftp; +StartupNotify=true diff --git a/files/usr/local/share-override/applications/chromium-browser.desktop.laptop b/files/usr/local/share-override/applications/chromium-browser.desktop.laptop new file mode 120000 index 0000000..351c67b --- /dev/null +++ b/files/usr/local/share-override/applications/chromium-browser.desktop.laptop @@ -0,0 +1 @@ +chromium-browser.desktop.desktop \ No newline at end of file diff --git a/files/usr/local/share-override/applications/chromium-browser.desktop.roadwarrior_laptop b/files/usr/local/share-override/applications/chromium-browser.desktop.roadwarrior_laptop new file mode 120000 index 0000000..351c67b --- /dev/null +++ b/files/usr/local/share-override/applications/chromium-browser.desktop.roadwarrior_laptop @@ -0,0 +1 @@ +chromium-browser.desktop.desktop \ No newline at end of file diff --git a/files/usr/local/share-override/applications/signal-desktop.desktop.desktop b/files/usr/local/share-override/applications/signal-desktop.desktop.desktop new file mode 100644 index 0000000..d0c9160 --- /dev/null +++ b/files/usr/local/share-override/applications/signal-desktop.desktop.desktop @@ -0,0 +1,12 @@ +[Desktop Entry] +Type=Application +Name=Signal +Comment=Signal - Private Messenger +Icon=signal-desktop +Exec=signal-desktop --use-tray-icon -- %u +Terminal=false +Categories=Network;InstantMessaging; +StartupWMClass=Signal +MimeType=x-scheme-handler/sgnl; +Keywords=sgnl;chat;im;messaging;messenger;sms;security;privat; +X-GNOME-UsesNotifications=true diff --git a/files/usr/local/share-override/applications/signal-desktop.desktop.laptop b/files/usr/local/share-override/applications/signal-desktop.desktop.laptop new file mode 120000 index 0000000..6a702d4 --- /dev/null +++ b/files/usr/local/share-override/applications/signal-desktop.desktop.laptop @@ -0,0 +1 @@ +signal-desktop.desktop.desktop \ No newline at end of file diff --git a/files/usr/local/share-override/applications/signal-desktop.desktop.roadwarrior_laptop b/files/usr/local/share-override/applications/signal-desktop.desktop.roadwarrior_laptop new file mode 120000 index 0000000..6a702d4 --- /dev/null +++ b/files/usr/local/share-override/applications/signal-desktop.desktop.roadwarrior_laptop @@ -0,0 +1 @@ +signal-desktop.desktop.desktop \ No newline at end of file -- cgit v1.2.3