diff --git a/docs/TODO.md b/docs/TODO.md index 40a2e7d6..34aa70db 100644 --- a/docs/TODO.md +++ b/docs/TODO.md @@ -23,6 +23,10 @@ This page outlines various projects and tasks that we are currently working on. ( [Title](https://github.com/StanGirard/quivr)) * [Title](https://github.com/PromtEngineer/localGPT) * [Title](https://github.com/reworkd/AgentGPT) +* deprecate ansible roles in softwareyml +* Create seed for Lulu +* [Title](https://github.com/essandess/macOS-Fortress) + ## Upstream The following items are things we would like to include into the Install Doctor system but are waiting on upstream changes. diff --git a/home/.chezmoidata.yaml b/home/.chezmoidata.yaml index 96b3fc68..822ff4d9 100644 --- a/home/.chezmoidata.yaml +++ b/home/.chezmoidata.yaml @@ -674,6 +674,7 @@ softwareGroups: - obs-studio - plex - plex-htpc + - plex-media-server - prezi-video - raspberry-pi-imager - shotcut @@ -760,6 +761,7 @@ softwareGroups: - gixy - mkcert - nginx + - nginx-unit # - maas - ngxtop Network-Enabled: &Network-Enabled diff --git a/home/dot_config/firewall/darwin/README.md b/home/dot_config/firewall/darwin/README.md new file mode 100644 index 00000000..0b023803 --- /dev/null +++ b/home/dot_config/firewall/darwin/README.md @@ -0,0 +1,20 @@ +# macOS Firewall Rules + +The macOS firewall rules are derived from the configurations defined in the `etc/firewalld/services/` folder using ChatGPT. + +## Example Prompt + +``` +convert the following FirewallD configuration to commands that can be used to configure the macOS firewall in a similar fashion. Only return a single bash script with no other text and do not enable logging or the firewall. Do not include any text other than the bash script and do not provide instructions or "Here's the bash script" text or "Please note that" text or anything other than script that can be run: + + Plex + . + # Plex Media Server + # Plex DLNA Server + # Plex DLNA Server + # GDM Network Discovery + # GDM Network Discovery + # GDM Network Discovery + # GDM Network Discovery + +``` \ No newline at end of file diff --git a/home/dot_config/firewall/darwin/plex.sh b/home/dot_config/firewall/darwin/plex.sh new file mode 100644 index 00000000..125d563f --- /dev/null +++ b/home/dot_config/firewall/darwin/plex.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +/usr/libexec/ApplicationFirewall/socketfilterfw --add --service "Plex" --getglobalstate +/usr/libexec/ApplicationFirewall/socketfilterfw --service "Plex" --setglobaldescription "." +/usr/libexec/ApplicationFirewall/socketfilterfw --service "Plex" --add --port 32400 --protocol tcp +/usr/libexec/ApplicationFirewall/socketfilterfw --service "Plex" --add --port 1900 --protocol udp +/usr/libexec/ApplicationFirewall/socketfilterfw --service "Plex" --add --port 32469 --protocol tcp +/usr/libexec/ApplicationFirewall/socketfilterfw --service "Plex" --add --port 32410 --protocol udp +/usr/libexec/ApplicationFirewall/socketfilterfw --service "Plex" --add --port 32412 --protocol udp +/usr/libexec/ApplicationFirewall/socketfilterfw --service "Plex" --add --port 32413 --protocol udp +/usr/libexec/ApplicationFirewall/socketfilterfw --service "Plex" --add --port 32414 --protocol udp diff --git a/home/dot_config/firewall/etc/firewalld/services/cups.xml b/home/dot_config/firewall/etc/firewalld/services/cups.xml new file mode 100644 index 00000000..d0f6c6cf --- /dev/null +++ b/home/dot_config/firewall/etc/firewalld/services/cups.xml @@ -0,0 +1,6 @@ + + + CUPS + Network printing service + + \ No newline at end of file diff --git a/home/dot_config/firewall/etc/firewalld/services/ftp.xml b/home/dot_config/firewall/etc/firewalld/services/ftp.xml index e33bac5f..2cedcd03 100644 --- a/home/dot_config/firewall/etc/firewalld/services/ftp.xml +++ b/home/dot_config/firewall/etc/firewalld/services/ftp.xml @@ -1,7 +1,7 @@ FTP - FTP is a protocol used for remote file transfer. If you plan to make your FTP server publicly available, enable this option. You need the vsftpd package installed for this option to be useful. + Remote File Transfer Protocol server \ No newline at end of file diff --git a/home/dot_config/firewall/etc/firewalld/services/ipfs-api.xml b/home/dot_config/firewall/etc/firewalld/services/ipfs-api.xml deleted file mode 100644 index 1db4604a..00000000 --- a/home/dot_config/firewall/etc/firewalld/services/ipfs-api.xml +++ /dev/null @@ -1,6 +0,0 @@ - - - IPFS Daemon API - InterPlanetary File System (IPFS) is a protocol and peer-to-peer network for storing and sharing data in a distributed file system. - - \ No newline at end of file diff --git a/home/dot_config/firewall/etc/firewalld/services/ipfs-swarm.xml b/home/dot_config/firewall/etc/firewalld/services/ipfs-swarm.xml deleted file mode 100644 index 4189b816..00000000 --- a/home/dot_config/firewall/etc/firewalld/services/ipfs-swarm.xml +++ /dev/null @@ -1,7 +0,0 @@ - - - IPFS Swarm - InterPlanetary File System (IPFS) is a protocol and peer-to-peer network for storing and sharing data in a distributed file system. - - - \ No newline at end of file diff --git a/home/dot_config/firewall/etc/firewalld/services/ipfs-websocket.xml b/home/dot_config/firewall/etc/firewalld/services/ipfs-websocket.xml deleted file mode 100644 index b417eadc..00000000 --- a/home/dot_config/firewall/etc/firewalld/services/ipfs-websocket.xml +++ /dev/null @@ -1,6 +0,0 @@ - - - IPFS Swarm Websockets - InterPlanetary File System (IPFS) is a protocol and peer-to-peer network for storing and sharing data in a distributed file system. - - \ No newline at end of file diff --git a/home/dot_config/firewall/etc/firewalld/services/jellyfin.xml b/home/dot_config/firewall/etc/firewalld/services/jellyfin.xml index 450493f8..d105938e 100644 --- a/home/dot_config/firewall/etc/firewalld/services/jellyfin.xml +++ b/home/dot_config/firewall/etc/firewalld/services/jellyfin.xml @@ -1,7 +1,7 @@ - jellyfin - ellyfin is the volunteer-built media solution that puts you in control of your media. Stream to any device from your own server, with no strings attached. Your media, your server, your way. + Jellyfin + Media streaming server diff --git a/home/dot_config/firewall/etc/firewalld/services/k8s-master.xml b/home/dot_config/firewall/etc/firewalld/services/k8s-master.xml deleted file mode 100644 index b6a3e249..00000000 --- a/home/dot_config/firewall/etc/firewalld/services/k8s-master.xml +++ /dev/null @@ -1,10 +0,0 @@ - - - Kubernetes Master - Ports required for a Kubernetes Master node per https://kubernetes.io/docs/setup/independent/install-kubeadm/. - - - - - - \ No newline at end of file diff --git a/home/dot_config/firewall/etc/firewalld/services/k8s-worker.xml b/home/dot_config/firewall/etc/firewalld/services/k8s-worker.xml deleted file mode 100644 index 2576947c..00000000 --- a/home/dot_config/firewall/etc/firewalld/services/k8s-worker.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - Kubernetes Worker - Ports required for a Kubernetes Worker node per https://kubernetes.io/docs/setup/independent/install-kubeadm/. - - - - \ No newline at end of file diff --git a/home/dot_config/firewall/etc/firewalld/services/maas.xml b/home/dot_config/firewall/etc/firewalld/services/maas.xml new file mode 100644 index 00000000..6c398309 --- /dev/null +++ b/home/dot_config/firewall/etc/firewalld/services/maas.xml @@ -0,0 +1,13 @@ + + + MAAS + Ubuntu management software for equipment that is controlled by LPMI + + + + + + + + + \ No newline at end of file diff --git a/home/dot_config/firewall/etc/firewalld/services/mdns.xml b/home/dot_config/firewall/etc/firewalld/services/mdns.xml index cde96c3e..a5cc4245 100644 --- a/home/dot_config/firewall/etc/firewalld/services/mdns.xml +++ b/home/dot_config/firewall/etc/firewalld/services/mdns.xml @@ -1,7 +1,7 @@ Multicast DNS (mDNS) - mDNS provides the ability to use DNS programming interfaces, packet formats and operating semantics in a small network without a conventional DNS server. If you plan to use Avahi, do not disable this option. + DNS services without a traditional DNS server \ No newline at end of file diff --git a/home/dot_config/firewall/etc/firewalld/services/netbootxyz.xml b/home/dot_config/firewall/etc/firewalld/services/netbootxyz.xml new file mode 100644 index 00000000..95cce7f7 --- /dev/null +++ b/home/dot_config/firewall/etc/firewalld/services/netbootxyz.xml @@ -0,0 +1,6 @@ + + + NetbootXYZ + Boot over LAN service provider + + \ No newline at end of file diff --git a/home/dot_config/firewall/etc/firewalld/services/nginx.xml b/home/dot_config/firewall/etc/firewalld/services/nginx.xml new file mode 100644 index 00000000..b8ab2dde --- /dev/null +++ b/home/dot_config/firewall/etc/firewalld/services/nginx.xml @@ -0,0 +1,7 @@ + + + NGINX + Website and application server / proxy + + + \ No newline at end of file diff --git a/home/dot_config/firewall/etc/firewalld/services/openvpn-access-server.xml b/home/dot_config/firewall/etc/firewalld/services/openvpn-access-server.xml deleted file mode 100644 index 29d71589..00000000 --- a/home/dot_config/firewall/etc/firewalld/services/openvpn-access-server.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - OpenVPN Access Server - OpenVPN Access Server is a set of installation and configuration tools that come in one package that simplifies the rapid deployment of a VPN remote access solution. - - - - \ No newline at end of file diff --git a/home/dot_config/firewall/etc/firewalld/services/plex-media-server.xml b/home/dot_config/firewall/etc/firewalld/services/plex-media-server.xml new file mode 100644 index 00000000..8778af79 --- /dev/null +++ b/home/dot_config/firewall/etc/firewalld/services/plex-media-server.xml @@ -0,0 +1,12 @@ + + + Plex Media Server + Media management and streaming platform + + + + + + + + diff --git a/home/dot_config/firewall/etc/firewalld/services/plex.xml b/home/dot_config/firewall/etc/firewalld/services/plex.xml index de3a6e5a..8193592d 100644 --- a/home/dot_config/firewall/etc/firewalld/services/plex.xml +++ b/home/dot_config/firewall/etc/firewalld/services/plex.xml @@ -2,11 +2,7 @@ Plex . - # Plex Media Server # Plex DLNA Server # Plex DLNA Server - # GDM Network Discovery - # GDM Network Discovery - # GDM Network Discovery - # GDM Network Discovery + # GDM Network Discovery \ No newline at end of file diff --git a/home/dot_config/firewall/etc/firewalld/services/tigervnc.xml b/home/dot_config/firewall/etc/firewalld/services/tigervnc.xml new file mode 100644 index 00000000..2b7aed3d --- /dev/null +++ b/home/dot_config/firewall/etc/firewalld/services/tigervnc.xml @@ -0,0 +1,6 @@ + + + TigerVNC + High performance, multi-platform VNC server + + \ No newline at end of file diff --git a/home/dot_config/firewall/etc/firewalld/services/unifi-controller.xml b/home/dot_config/firewall/etc/firewalld/services/unifi-controller.xml deleted file mode 100644 index 03ac6129..00000000 --- a/home/dot_config/firewall/etc/firewalld/services/unifi-controller.xml +++ /dev/null @@ -1,13 +0,0 @@ - - - UniFi Controller - . - - - - - - - - - \ No newline at end of file diff --git a/home/dot_config/firewall/etc/firewalld/services/unifi-video.xml b/home/dot_config/firewall/etc/firewalld/services/unifi-video.xml deleted file mode 100644 index 5fac1d98..00000000 --- a/home/dot_config/firewall/etc/firewalld/services/unifi-video.xml +++ /dev/null @@ -1,15 +0,0 @@ - - - unifi-video - . - - - - - - - - - - - \ No newline at end of file diff --git a/home/dot_config/firewall/etc/firewalld/services/xrdp.xml b/home/dot_config/firewall/etc/firewalld/services/xrdp.xml index e69de29b..957637ef 100644 --- a/home/dot_config/firewall/etc/firewalld/services/xrdp.xml +++ b/home/dot_config/firewall/etc/firewalld/services/xrdp.xml @@ -0,0 +1,6 @@ + + + xRDP + Remote Desktop server + + \ No newline at end of file diff --git a/home/dot_config/firewall/etc/ufw/applications.d/unifi b/home/dot_config/firewall/etc/ufw/applications.d/unifi deleted file mode 100644 index 5d0d4be0..00000000 --- a/home/dot_config/firewall/etc/ufw/applications.d/unifi +++ /dev/null @@ -1,4 +0,0 @@ -[UniFi] -title=UniFi controller -description=All ports available for UniFi inform, guest portal, speed testing, and access to admin GUI -ports=5514,6789,8080,8843,8880/tcp|1900,3478,10001/udp diff --git a/home/dot_local/bin/executable_install-program b/home/dot_local/bin/executable_install-program index 60fe9e49..13906c49 100644 --- a/home/dot_local/bin/executable_install-program +++ b/home/dot_local/bin/executable_install-program @@ -449,7 +449,12 @@ async function updateInstallMaps(preference, packages, scopedPreference, pkg, pa } const portsHook = getHook(packages, 'ports', scopedPreference, preference) if (portsHook) { - installOrdersPorts = installOrdersPorts.concat(typeof portsHook === 'string' ? [portsHook] : portsHook) + installOrdersPorts = installOrdersPorts.concat(typeof portsHook === 'string' ? [{ + packageKey, + ports: portsHook + }] : { + packageKey, + ports: portsHook}) } processPluginOrders(pkg) if (!installOrders[preference]) { @@ -1551,35 +1556,73 @@ async function addUserGroup(group) { /** * Adds the rules specified in the `_ports` key of each entry in the `software.yml` file. * - * @param rule Firewall rule in the form of 8888/tcp or 9999/udp. Can also be the XML file name stored in ~/.config/firewall/etc/firewalld/services. + * @param rule {packageKey: string, ports: any} Firewall rule in the form of 8888/tcp or 9999/udp. Can also be the XML file name stored in ~/.config/firewall/etc/firewalld/services. */ async function addFirewallRule(rule) { - const logStage = 'Firewall' - log('info', logStage, `Ensuring the ${rule} rule is added`) - if (osType === 'linux') { - const firewallCmd = which.sync('firewall-cmd', { nothrow: true }) - // const ufw = which.sync('ufw', { nothrow: true }) - if (firewallCmd) { - if (typeof rule.substring(0, 1) === 'number') { - runCommand(`Adding the ${rule} to the firewall configuration`, `sudo firewall-cmd --add-port=${rule} --permanent`) + try { + const logStage = 'Firewall' + const packageName = installData.softwarePackages[rule.packageKey] && installData.softwarePackages[rule.packageKey]._name + const packageDesc = installData.softwarePackages[rule.packageKey] && installData.softwarePackages[rule.packageKey]._desc + log('info', logStage, `Ensuring the ${rule.packageKey} rule is added since the _ports key is defined`) + if (osType === 'linux') { + const firewallCmd = which.sync('firewall-cmd', { nothrow: true }) + // const ufw = which.sync('ufw', { nothrow: true }) + if (firewallCmd) { + const serviceFile = `${process.env.HOME}/.config/firewall/etc/firewalld/services/${rule.packageKey}.xml` + if (fileExists(serviceFile)) { + log('info', logStage, `Service file found at ${serviceFile} - using it to apply firewall-cmd configuration`) + runCommand(`Copying over ${serviceFile} file to /etc/firewalld/services`, `sudo cp -f "${serviceFile}" "/etc/firewalld/services/${rule.packageKey}.xml"`) + runCommand(`Adding the ${rule.packageKey} firewall-cmd service`, `sudo firewall-cmd --add-service=${rule.packageKey} --permanent`) + } else { + if (typeof rule.ports === 'string') { + runCommand(`Adding the ${rule.packageKey} ${rule.ports} rule to the firewall configuration`, `sudo firewall-cmd --add-port=${rule.ports} --permanent`) + } else { + for (const port of rule.ports) { + if (typeof port === 'string') { + runCommand(`Adding the ${rule.packageKey} ${rule.ports} rule to the firewall configuration`, `sudo firewall-cmd --add-port=${rule.ports} --permanent`) + } else if (port.port && port.proto) { + runCommand(`Adding the ${rule.packageKey} ${port.port}/${port.proto} rule to the firewall configuration`, `sudo firewall-cmd --add-port=${port.port}/${port.proto} --permanent`) + } else { + log('error', logStage, `Unable to parse the firewall definition for ${rule.packageKey}`) + } + } + } + } } else { - runCommand(`Adding the ${rule} user / group`, `sudo firewall-cmd --add-service=${rule} --permanent`) + log('error', logStage, `The firewall-cmd executable is not present on the system so the firewall cannot be configured`) } + } else if (osType === 'darwin') { + const socketFilterFw = '/usr/libexec/ApplicationFirewall/socketfilterfw' + const serviceFile = `${process.env.HOME}/.config/firewall/darwin/${rule.packageKey}.sh` + if (fileExists(serviceFile)) { + runCommand(`Executing the matching ${serviceFile} service file`, `sudo bash "${serviceFile}"`) + } else { + if (typeof rule.ports === 'string') { + log('error', logStage, `_ports rules that are equal to strings are not yet implemented on macOS (package: ${rule.packageKey})`) + } else { + for (const port of rule.ports) { + if (typeof port === 'string') { + log('error', logStage, `_ports rules that are equal to strings are not yet implemented on macOS (package: ${rule.packageKey})`) + } else if (port.port && port.proto) { + runCommand(`Adding new service for ${rule.packageKey}`, `${socketFilterFw} --add --service "${packageName ? packageName : rule.packageKey}" --getglobalstate`) + if (packageDesc) { + runCommand(`Adding description to service defined for ${rule.packageKey}`, `${socketFilterFw} --service "${packageName ? packageName : rule.packageKey}" --setglobaldescription "${packageDesc}"`) + } + runCommand(`Adding firewall rule for ${rule.packageKey}`, `${socketFilterFw} --service "${packageName ? packageName : rule.packageKey}" --add --port ${port.port} --protocol ${port.proto}`) + } else { + log('error', logStage, `Unable to parse the firewall definition for ${rule.packageKey}`) + } + } + } + } + } else if (osType === 'windows') { + log('warn', logStage, `Windows support not yet added`) } else { - log('error', logStage, `The firewall-cmd executable is not present on the system so the firewall cannot be configured`) + log('warn', logStage, `Unknown operating system type`) } - } else if (osType === 'darwin') { - runCommand(`Creating the ${rule} group`, `sudo dscl . create /Groups/${rule}`) - runCommand(`Ensuring the ${rule} group has a GID`, `bash -c 'if [[ "$(sudo dscl . read /Groups/$GROUP gid 2>&1)" == *"No such key"* ]]; then MAX_ID_GROUP="$(dscl . -list /Groups gid | awk "{print $2}" | sort -ug | tail -1)"; GROUP_ID="$((MAX_ID_GROUP+1))"; sudo dscl . create /Groups/${rule} gid "$GROUP_ID"; fi'`) - runCommand(`Adding the ${rule} user`, `sudo dscl . create /Users/${rule}`) - runCommand(`Ensuring the ${rule} user has a PrimaryGroupID`, `bash -c 'if [[ "$(sudo dscl . read /Users/${rule} PrimaryGroupID 2>&1)" == *"No such key"* ]]; then sudo dscl . create /Users/${rule} PrimaryGroupID 20; fi'`) - runCommand(`Ensuring the ${rule} user has a UniqueID`, `bash -c 'if [[ "$(sudo dscl . read /Users/${rule} UniqueID 2>&1)" == *"No such key"* ]]; then MAX_ID_USER="$(dscl . -list /Users UniqueID | sort -nr -k 2 | head -1 | grep -oE "[0-9]+$")"; USER_ID="$((MAX_ID_USER+1))"; sudo dscl . create /Users/${rule} UniqueID "$USERID"; fi'`) - runCommand(`Adding the ${rule} user to the ${rule} group`, `sudo dseditgroup -o edit -t user -a ${rule} ${rule}`) - runCommand(`Adding the ${process.env.USER} user to the ${rule} group`, `sudo dseditgroup -o edit -t user -a ${process.env.USER} ${rule}`) - } else if (osType === 'windows') { - log('warn', logStage, `Windows support not yet added`) - } else { - log('warn', logStage, `Unknown operating system type`) + } catch (e) { + console.log(e) + log('error', 'Bin', `Error configuring firewall settings for ${rule.packageKey}`) } } diff --git a/home/dot_local/bin/firejail/README.md b/home/dot_local/bin/firejail/README.md new file mode 100644 index 00000000..ca3fabd9 --- /dev/null +++ b/home/dot_local/bin/firejail/README.md @@ -0,0 +1,11 @@ +# Firejail + +Firejail integration is pending. Firejail will allow us to improve security on Linux platforms by sandboxing executables and programs. Firejail already includes hundreds of definitions for programs. There are also custom lists maintained by the community which can be found on the [Firejail README](https://github.com/netblue30/firejail). + +Ideally, we should create a few generic profiles that handle the following cases: + +1. CLIs that don't need access to ~/.ssh and ~/.config etc. +2. CLIs that DO need access to specific folders +3. The configurations should be automatically generated from an array of options for each entry in the `software.yml` file + +It would also be great if we could have Firejail automatically load anytime executables are called so that we can run `pnpm` instead of `firejail pnpm`, for instance. diff --git a/software.yml b/software.yml index 8d2ec738..36217740 100644 --- a/software.yml +++ b/software.yml @@ -1852,6 +1852,9 @@ softwarePackages: _github: https://github.com/apple/cups _home: null _name: CUPS + _ports: + - port: 631 + proto: tcp ansible: professormanhattan.cups apt: - avahi-daemon @@ -5004,6 +5007,23 @@ softwarePackages: _github: https://github.com/maas/maas _home: https://maas.io/ _name: MAAS + _ports: + - port: 5240 + proto: tcp + - port: 5240 + proto: udp + - port: 5248 + proto: tcp + - port: 5248 + proto: udp + - port: 5241-5247 + proto: tcp + - port: 5241-5247 + proto: udp + - port: 5250-5270 + proto: tcp + - port: 5250-5270 + proto: udp ansible:ubuntu: professormanhattan.maas snap:ubuntu: maas mackup: @@ -5789,9 +5809,9 @@ softwarePackages: _name: NGINX _ports: - port: 80 - proto: udp + proto: tcp - port: 443 - proto: udp + proto: tcp ansible: professormanhattan.nginx apt: nginx brew: nginx @@ -6564,28 +6584,46 @@ softwarePackages: plex: _bin: plex _desc: '[Plex](https://www.plex.tv/) is a global streaming service of free ad-supported video, with TV shows and movies from distributors such as Crackle, Warner Bros., MGM, Endemol Shine Group, Lionsgate, and Legendary. Plex is also a client–server media player system plus an ancillary software suite.' - _docs: https://forums.plex.tv/t/introducing-plex-htpc/703075 - _github: https://github.com/plexinc/plex-media-player + _github: false _home: https://www.plex.tv/ _name: Plex _when:cask: '! test -d /Applications/Plex.app' ansible: professormanhattan.plex - cask: - - plex - - plex-media-player - - plex-media-server - choco: - - plex - - plexmediaplayer + cask: plex + choco: plex flatpak: tv.plex.PlexDesktop + plex-media-server: + _bin: plex-media-server + _github: false + _name: Plex Media Server + _when:cask: '! test -d "/Applications/Plex Media Server.app"' + _ports: + - port: 32400 + proto: tcp + - port: 3005 + proto: tcp + - port: 5353 + proto: udp + - port: 8324 + proto: tcp + - port: 32410-32414 + proto: udp + - port: 1900 + proto: udp + - port: 32469 + proto: tcp + cask: plex-media-server + choco: plexmediaserver snap: plexmediaserver yay: plex-media-server plex-htpc: _bin: plex-htpc + _github: false _home: https://www.plex.tv/ _name: Plex HTPC _when:cask: '! test -d "/Applications/Plex HTPC.app"' cask: plex-htpc + choco: plex-home-theater flatpak: tv.plex.PlexHTPC snap: plex-htpc pm2: @@ -7114,7 +7152,6 @@ softwarePackages: dnf: firewalld emerge: net-firewall/firewalld pacman: firewalld - script:darwin: sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on zypper: firewalld xrdp: _bin: xrdp @@ -9674,6 +9711,12 @@ softwarePackages: dnf:fedora: yubikey-manager pacman: yubikey-manager pipx: yubikey-manager + nginx-unit: + _bin: unitd + _github: https://github.com/nginx/unit + _name: NGINX Unit + _service:brew: nginx/unit/unit + brew: nginx/unit/unit yubikey-manager-qt: _bin: yubikey-manager-qt _desc: Cross-platform application for configuring any YubiKey over all USB interfaces. @@ -9713,10 +9756,10 @@ softwarePackages: pipx: shell-gpt tigervnc: _bin: tigervncpasswd - _github: https://github.com/DukeyToo/tightvnc-server - _name: TightVNC Server + _github: https://github.com/TigerVNC/tigervnc + _name: TigerVNC Server _ports: - - port: 5900-5909 + - port: 5900-5904 proto: tcp apt: tigervnc-standalone-server dnf: tigervnc-server @@ -9807,6 +9850,10 @@ softwarePlugins: - redhatdeveloper/openshift-dd-ext - snyk/snyk-docker-desktop-extension - tailscale/docker-extension + dockerImages: + cmd: null + plugins: + - docker.io/nginx/unit dotnet: cmd: sudo chown -r "$USER" "$HOME/.local/share/NuGet" && dotnet tool install -g {PLUGIN} plugins: