This commit is contained in:
Brian Zalewski 2023-06-28 05:37:45 +00:00
parent 6102deaa33
commit df0f479f94
27 changed files with 238 additions and 125 deletions

View file

@ -23,6 +23,10 @@ This page outlines various projects and tasks that we are currently working on.
( [Title](https://github.com/StanGirard/quivr)) ( [Title](https://github.com/StanGirard/quivr))
* [Title](https://github.com/PromtEngineer/localGPT) * [Title](https://github.com/PromtEngineer/localGPT)
* [Title](https://github.com/reworkd/AgentGPT) * [Title](https://github.com/reworkd/AgentGPT)
* deprecate ansible roles in softwareyml
* Create seed for Lulu
* [Title](https://github.com/essandess/macOS-Fortress)
## Upstream ## Upstream
The following items are things we would like to include into the Install Doctor system but are waiting on upstream changes. The following items are things we would like to include into the Install Doctor system but are waiting on upstream changes.

View file

@ -674,6 +674,7 @@ softwareGroups:
- obs-studio - obs-studio
- plex - plex
- plex-htpc - plex-htpc
- plex-media-server
- prezi-video - prezi-video
- raspberry-pi-imager - raspberry-pi-imager
- shotcut - shotcut
@ -760,6 +761,7 @@ softwareGroups:
- gixy - gixy
- mkcert - mkcert
- nginx - nginx
- nginx-unit
# - maas # - maas
- ngxtop - ngxtop
Network-Enabled: &Network-Enabled Network-Enabled: &Network-Enabled

View file

@ -0,0 +1,20 @@
# macOS Firewall Rules
The macOS firewall rules are derived from the configurations defined in the `etc/firewalld/services/` folder using ChatGPT.
## Example Prompt
```
convert the following FirewallD configuration to commands that can be used to configure the macOS firewall in a similar fashion. Only return a single bash script with no other text and do not enable logging or the firewall. Do not include any text other than the bash script and do not provide instructions or "Here's the bash script" text or "Please note that" text or anything other than script that can be run: <?xml version="1.0" encoding="utf-8"?>
<service>
<short>Plex</short>
<description>.</description>
<port protocol="tcp" port="32400"/> # Plex Media Server
<port protocol="udp" port="1900"/> # Plex DLNA Server
<port protocol="tcp" port="32469"/> # Plex DLNA Server
<port protocol="udp" port="32410"/> # GDM Network Discovery
<port protocol="udp" port="32412"/> # GDM Network Discovery
<port protocol="udp" port="32413"/> # GDM Network Discovery
<port protocol="udp" port="32414"/> # GDM Network Discovery
</service>
```

View file

@ -0,0 +1,11 @@
#!/bin/bash
/usr/libexec/ApplicationFirewall/socketfilterfw --add --service "Plex" --getglobalstate
/usr/libexec/ApplicationFirewall/socketfilterfw --service "Plex" --setglobaldescription "."
/usr/libexec/ApplicationFirewall/socketfilterfw --service "Plex" --add --port 32400 --protocol tcp
/usr/libexec/ApplicationFirewall/socketfilterfw --service "Plex" --add --port 1900 --protocol udp
/usr/libexec/ApplicationFirewall/socketfilterfw --service "Plex" --add --port 32469 --protocol tcp
/usr/libexec/ApplicationFirewall/socketfilterfw --service "Plex" --add --port 32410 --protocol udp
/usr/libexec/ApplicationFirewall/socketfilterfw --service "Plex" --add --port 32412 --protocol udp
/usr/libexec/ApplicationFirewall/socketfilterfw --service "Plex" --add --port 32413 --protocol udp
/usr/libexec/ApplicationFirewall/socketfilterfw --service "Plex" --add --port 32414 --protocol udp

View file

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>CUPS</short>
<description>Network printing service</description>
<port protocol="tcp" port="631"/>
</service>

View file

@ -1,7 +1,7 @@
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<service> <service>
<short>FTP</short> <short>FTP</short>
<description>FTP is a protocol used for remote file transfer. If you plan to make your FTP server publicly available, enable this option. You need the vsftpd package installed for this option to be useful.</description> <description>Remote File Transfer Protocol server</description>
<port protocol="tcp" port="21"/> <port protocol="tcp" port="21"/>
<module name="nf_conntrack_ftp"/> <module name="nf_conntrack_ftp"/>
</service> </service>

View file

@ -1,6 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>IPFS Daemon API</short>
<description>InterPlanetary File System (IPFS) is a protocol and peer-to-peer network for storing and sharing data in a distributed file system.</description>
<port protocol="tcp" port="5001"/>
</service>

View file

@ -1,7 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>IPFS Swarm</short>
<description>InterPlanetary File System (IPFS) is a protocol and peer-to-peer network for storing and sharing data in a distributed file system.</description>
<port protocol="tcp" port="4001"/>
<port protocol="udp" port="4001"/>
</service>

View file

@ -1,6 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>IPFS Swarm Websockets</short>
<description>InterPlanetary File System (IPFS) is a protocol and peer-to-peer network for storing and sharing data in a distributed file system.</description>
<port protocol="tcp" port="8081"/>
</service>

View file

@ -1,7 +1,7 @@
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<service> <service>
<short>jellyfin</short> <short>Jellyfin</short>
<description>ellyfin is the volunteer-built media solution that puts you in control of your media. Stream to any device from your own server, with no strings attached. Your media, your server, your way.</description> <description>Media streaming server</description>
<port protocol="tcp" port="8096"/> <port protocol="tcp" port="8096"/>
<port protocol="tcp" port="8920"/> <port protocol="tcp" port="8920"/>
<port protocol="udp" port="1900"/> <port protocol="udp" port="1900"/>

View file

@ -1,10 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>Kubernetes Master</short>
<description>Ports required for a Kubernetes Master node per https://kubernetes.io/docs/setup/independent/install-kubeadm/.</description>
<port port="6443" protocol="tcp"/>
<port port="2379" protocol="tcp"/>
<port port="2380" protocol="tcp"/>
<port port="10250-10252" protocol="tcp"/>
<port port="10255" protocol="tcp"/>
</service>

View file

@ -1,8 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>Kubernetes Worker</short>
<description>Ports required for a Kubernetes Worker node per https://kubernetes.io/docs/setup/independent/install-kubeadm/.</description>
<port port="10250" protocol="tcp"/>
<port port="10255" protocol="tcp"/>
<port port="30000-32767" protocol="tcp"/>
</service>

View file

@ -0,0 +1,13 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>MAAS</short>
<description>Ubuntu management software for equipment that is controlled by LPMI</description>
<port protocol="tcp" port="5240"/>
<port protocol="udp" port="5240"/>
<port protocol="tcp" port="5248"/>
<port protocol="udp" port="5248"/>
<port protocol="tcp" port="5241-5247"/>
<port protocol="udp" port="5241-5247"/>
<port protocol="tcp" port="5250-5270"/>
<port protocol="udp" port="5250-5270"/>
</service>

View file

@ -1,7 +1,7 @@
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<service> <service>
<short>Multicast DNS (mDNS)</short> <short>Multicast DNS (mDNS)</short>
<description>mDNS provides the ability to use DNS programming interfaces, packet formats and operating semantics in a small network without a conventional DNS server. If you plan to use Avahi, do not disable this option.</description> <description>DNS services without a traditional DNS server</description>
<port protocol="udp" port="5353"/> <port protocol="udp" port="5353"/>
<destination ipv4="224.0.0.251" ipv6="ff02::fb"/> <destination ipv4="224.0.0.251" ipv6="ff02::fb"/>
</service> </service>

View file

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>NetbootXYZ</short>
<description>Boot over LAN service provider</description>
<port protocol="udp" port="69"/>
</service>

View file

@ -0,0 +1,7 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>NGINX</short>
<description>Website and application server / proxy</description>
<port protocol="tcp" port="80"/>
<port protocol="tcp" port="443"/>
</service>

View file

@ -1,8 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>OpenVPN Access Server</short>
<description>OpenVPN Access Server is a set of installation and configuration tools that come in one package that simplifies the rapid deployment of a VPN remote access solution.</description>
<port protocol="udp" port="1194"/>
<port protocol="tcp" port="9443"/>
<port protocol="tcp" port="943"/>
</service>

View file

@ -0,0 +1,12 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>Plex Media Server</short>
<description>Media management and streaming platform</description>
<port protocol="tcp" port="32400"/>
<port protocol="tcp" port="3005"/>
<port protocol="udp" port="5353"/>
<port protocol="tcp" port="8324"/>
<port protocol="udp" port="32410-32414"/>
<port protocol="udp" port="1900"/>
<port protocol="tcp" port="32469"/>
</service>

View file

@ -2,11 +2,7 @@
<service> <service>
<short>Plex</short> <short>Plex</short>
<description>.</description> <description>.</description>
<port protocol="tcp" port="32400"/> # Plex Media Server
<port protocol="udp" port="1900"/> # Plex DLNA Server <port protocol="udp" port="1900"/> # Plex DLNA Server
<port protocol="tcp" port="32469"/> # Plex DLNA Server <port protocol="tcp" port="32469"/> # Plex DLNA Server
<port protocol="udp" port="32410"/> # GDM Network Discovery <port protocol="udp" port="32410-32414"/> # GDM Network Discovery
<port protocol="udp" port="32412"/> # GDM Network Discovery
<port protocol="udp" port="32413"/> # GDM Network Discovery
<port protocol="udp" port="32414"/> # GDM Network Discovery
</service> </service>

View file

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>TigerVNC</short>
<description>High performance, multi-platform VNC server</description>
<port protocol="tcp" port="5900-5904"/>
</service>

View file

@ -1,13 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>UniFi Controller</short>
<description>.</description>
<port protocol="udp" port="10001"/>
<port protocol="udp" port="3478"/>
<port protocol="tcp" port="8080"/>
<port protocol="tcp" port="8081"/>
<port protocol="tcp" port="8443"/>
<port protocol="tcp" port="8843"/>
<port protocol="tcp" port="8880"/>
<port protocol="tcp" port="6789"/>
</service>

View file

@ -1,15 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>unifi-video</short>
<description>.</description>
<port protocol="tcp" port="10001"/>
<port protocol="tcp" port="1935"/>
<port protocol="tcp" port="6666"/>
<port protocol="tcp" port="7080"/>
<port protocol="tcp" port="7442"/>
<port protocol="tcp" port="7443"/>
<port protocol="tcp" port="7444"/>
<port protocol="tcp" port="7445"/>
<port protocol="tcp" port="7446"/>
<port protocol="tcp" port="7447"/>
</service>

View file

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>xRDP</short>
<description>Remote Desktop server</description>
<port protocol="tcp" port="3389"/>
</service>

View file

@ -1,4 +0,0 @@
[UniFi]
title=UniFi controller
description=All ports available for UniFi inform, guest portal, speed testing, and access to admin GUI
ports=5514,6789,8080,8843,8880/tcp|1900,3478,10001/udp

View file

@ -449,7 +449,12 @@ async function updateInstallMaps(preference, packages, scopedPreference, pkg, pa
} }
const portsHook = getHook(packages, 'ports', scopedPreference, preference) const portsHook = getHook(packages, 'ports', scopedPreference, preference)
if (portsHook) { if (portsHook) {
installOrdersPorts = installOrdersPorts.concat(typeof portsHook === 'string' ? [portsHook] : portsHook) installOrdersPorts = installOrdersPorts.concat(typeof portsHook === 'string' ? [{
packageKey,
ports: portsHook
}] : {
packageKey,
ports: portsHook})
} }
processPluginOrders(pkg) processPluginOrders(pkg)
if (!installOrders[preference]) { if (!installOrders[preference]) {
@ -1551,35 +1556,73 @@ async function addUserGroup(group) {
/** /**
* Adds the rules specified in the `_ports` key of each entry in the `software.yml` file. * Adds the rules specified in the `_ports` key of each entry in the `software.yml` file.
* *
* @param rule Firewall rule in the form of 8888/tcp or 9999/udp. Can also be the XML file name stored in ~/.config/firewall/etc/firewalld/services. * @param rule {packageKey: string, ports: any} Firewall rule in the form of 8888/tcp or 9999/udp. Can also be the XML file name stored in ~/.config/firewall/etc/firewalld/services.
*/ */
async function addFirewallRule(rule) { async function addFirewallRule(rule) {
const logStage = 'Firewall' try {
log('info', logStage, `Ensuring the ${rule} rule is added`) const logStage = 'Firewall'
if (osType === 'linux') { const packageName = installData.softwarePackages[rule.packageKey] && installData.softwarePackages[rule.packageKey]._name
const firewallCmd = which.sync('firewall-cmd', { nothrow: true }) const packageDesc = installData.softwarePackages[rule.packageKey] && installData.softwarePackages[rule.packageKey]._desc
// const ufw = which.sync('ufw', { nothrow: true }) log('info', logStage, `Ensuring the ${rule.packageKey} rule is added since the _ports key is defined`)
if (firewallCmd) { if (osType === 'linux') {
if (typeof rule.substring(0, 1) === 'number') { const firewallCmd = which.sync('firewall-cmd', { nothrow: true })
runCommand(`Adding the ${rule} to the firewall configuration`, `sudo firewall-cmd --add-port=${rule} --permanent`) // const ufw = which.sync('ufw', { nothrow: true })
if (firewallCmd) {
const serviceFile = `${process.env.HOME}/.config/firewall/etc/firewalld/services/${rule.packageKey}.xml`
if (fileExists(serviceFile)) {
log('info', logStage, `Service file found at ${serviceFile} - using it to apply firewall-cmd configuration`)
runCommand(`Copying over ${serviceFile} file to /etc/firewalld/services`, `sudo cp -f "${serviceFile}" "/etc/firewalld/services/${rule.packageKey}.xml"`)
runCommand(`Adding the ${rule.packageKey} firewall-cmd service`, `sudo firewall-cmd --add-service=${rule.packageKey} --permanent`)
} else {
if (typeof rule.ports === 'string') {
runCommand(`Adding the ${rule.packageKey} ${rule.ports} rule to the firewall configuration`, `sudo firewall-cmd --add-port=${rule.ports} --permanent`)
} else {
for (const port of rule.ports) {
if (typeof port === 'string') {
runCommand(`Adding the ${rule.packageKey} ${rule.ports} rule to the firewall configuration`, `sudo firewall-cmd --add-port=${rule.ports} --permanent`)
} else if (port.port && port.proto) {
runCommand(`Adding the ${rule.packageKey} ${port.port}/${port.proto} rule to the firewall configuration`, `sudo firewall-cmd --add-port=${port.port}/${port.proto} --permanent`)
} else {
log('error', logStage, `Unable to parse the firewall definition for ${rule.packageKey}`)
}
}
}
}
} else { } else {
runCommand(`Adding the ${rule} user / group`, `sudo firewall-cmd --add-service=${rule} --permanent`) log('error', logStage, `The firewall-cmd executable is not present on the system so the firewall cannot be configured`)
} }
} else if (osType === 'darwin') {
const socketFilterFw = '/usr/libexec/ApplicationFirewall/socketfilterfw'
const serviceFile = `${process.env.HOME}/.config/firewall/darwin/${rule.packageKey}.sh`
if (fileExists(serviceFile)) {
runCommand(`Executing the matching ${serviceFile} service file`, `sudo bash "${serviceFile}"`)
} else {
if (typeof rule.ports === 'string') {
log('error', logStage, `_ports rules that are equal to strings are not yet implemented on macOS (package: ${rule.packageKey})`)
} else {
for (const port of rule.ports) {
if (typeof port === 'string') {
log('error', logStage, `_ports rules that are equal to strings are not yet implemented on macOS (package: ${rule.packageKey})`)
} else if (port.port && port.proto) {
runCommand(`Adding new service for ${rule.packageKey}`, `${socketFilterFw} --add --service "${packageName ? packageName : rule.packageKey}" --getglobalstate`)
if (packageDesc) {
runCommand(`Adding description to service defined for ${rule.packageKey}`, `${socketFilterFw} --service "${packageName ? packageName : rule.packageKey}" --setglobaldescription "${packageDesc}"`)
}
runCommand(`Adding firewall rule for ${rule.packageKey}`, `${socketFilterFw} --service "${packageName ? packageName : rule.packageKey}" --add --port ${port.port} --protocol ${port.proto}`)
} else {
log('error', logStage, `Unable to parse the firewall definition for ${rule.packageKey}`)
}
}
}
}
} else if (osType === 'windows') {
log('warn', logStage, `Windows support not yet added`)
} else { } else {
log('error', logStage, `The firewall-cmd executable is not present on the system so the firewall cannot be configured`) log('warn', logStage, `Unknown operating system type`)
} }
} else if (osType === 'darwin') { } catch (e) {
runCommand(`Creating the ${rule} group`, `sudo dscl . create /Groups/${rule}`) console.log(e)
runCommand(`Ensuring the ${rule} group has a GID`, `bash -c 'if [[ "$(sudo dscl . read /Groups/$GROUP gid 2>&1)" == *"No such key"* ]]; then MAX_ID_GROUP="$(dscl . -list /Groups gid | awk "{print $2}" | sort -ug | tail -1)"; GROUP_ID="$((MAX_ID_GROUP+1))"; sudo dscl . create /Groups/${rule} gid "$GROUP_ID"; fi'`) log('error', 'Bin', `Error configuring firewall settings for ${rule.packageKey}`)
runCommand(`Adding the ${rule} user`, `sudo dscl . create /Users/${rule}`)
runCommand(`Ensuring the ${rule} user has a PrimaryGroupID`, `bash -c 'if [[ "$(sudo dscl . read /Users/${rule} PrimaryGroupID 2>&1)" == *"No such key"* ]]; then sudo dscl . create /Users/${rule} PrimaryGroupID 20; fi'`)
runCommand(`Ensuring the ${rule} user has a UniqueID`, `bash -c 'if [[ "$(sudo dscl . read /Users/${rule} UniqueID 2>&1)" == *"No such key"* ]]; then MAX_ID_USER="$(dscl . -list /Users UniqueID | sort -nr -k 2 | head -1 | grep -oE "[0-9]+$")"; USER_ID="$((MAX_ID_USER+1))"; sudo dscl . create /Users/${rule} UniqueID "$USERID"; fi'`)
runCommand(`Adding the ${rule} user to the ${rule} group`, `sudo dseditgroup -o edit -t user -a ${rule} ${rule}`)
runCommand(`Adding the ${process.env.USER} user to the ${rule} group`, `sudo dseditgroup -o edit -t user -a ${process.env.USER} ${rule}`)
} else if (osType === 'windows') {
log('warn', logStage, `Windows support not yet added`)
} else {
log('warn', logStage, `Unknown operating system type`)
} }
} }

View file

@ -0,0 +1,11 @@
# Firejail
Firejail integration is pending. Firejail will allow us to improve security on Linux platforms by sandboxing executables and programs. Firejail already includes hundreds of definitions for programs. There are also custom lists maintained by the community which can be found on the [Firejail README](https://github.com/netblue30/firejail).
Ideally, we should create a few generic profiles that handle the following cases:
1. CLIs that don't need access to ~/.ssh and ~/.config etc.
2. CLIs that DO need access to specific folders
3. The configurations should be automatically generated from an array of options for each entry in the `software.yml` file
It would also be great if we could have Firejail automatically load anytime executables are called so that we can run `pnpm` instead of `firejail pnpm`, for instance.

View file

@ -1852,6 +1852,9 @@ softwarePackages:
_github: https://github.com/apple/cups _github: https://github.com/apple/cups
_home: null _home: null
_name: CUPS _name: CUPS
_ports:
- port: 631
proto: tcp
ansible: professormanhattan.cups ansible: professormanhattan.cups
apt: apt:
- avahi-daemon - avahi-daemon
@ -5004,6 +5007,23 @@ softwarePackages:
_github: https://github.com/maas/maas _github: https://github.com/maas/maas
_home: https://maas.io/ _home: https://maas.io/
_name: MAAS _name: MAAS
_ports:
- port: 5240
proto: tcp
- port: 5240
proto: udp
- port: 5248
proto: tcp
- port: 5248
proto: udp
- port: 5241-5247
proto: tcp
- port: 5241-5247
proto: udp
- port: 5250-5270
proto: tcp
- port: 5250-5270
proto: udp
ansible:ubuntu: professormanhattan.maas ansible:ubuntu: professormanhattan.maas
snap:ubuntu: maas snap:ubuntu: maas
mackup: mackup:
@ -5789,9 +5809,9 @@ softwarePackages:
_name: NGINX _name: NGINX
_ports: _ports:
- port: 80 - port: 80
proto: udp proto: tcp
- port: 443 - port: 443
proto: udp proto: tcp
ansible: professormanhattan.nginx ansible: professormanhattan.nginx
apt: nginx apt: nginx
brew: nginx brew: nginx
@ -6564,28 +6584,46 @@ softwarePackages:
plex: plex:
_bin: plex _bin: plex
_desc: '[Plex](https://www.plex.tv/) is a global streaming service of free ad-supported video, with TV shows and movies from distributors such as Crackle, Warner Bros., MGM, Endemol Shine Group, Lionsgate, and Legendary. Plex is also a clientserver media player system plus an ancillary software suite.' _desc: '[Plex](https://www.plex.tv/) is a global streaming service of free ad-supported video, with TV shows and movies from distributors such as Crackle, Warner Bros., MGM, Endemol Shine Group, Lionsgate, and Legendary. Plex is also a clientserver media player system plus an ancillary software suite.'
_docs: https://forums.plex.tv/t/introducing-plex-htpc/703075 _github: false
_github: https://github.com/plexinc/plex-media-player
_home: https://www.plex.tv/ _home: https://www.plex.tv/
_name: Plex _name: Plex
_when:cask: '! test -d /Applications/Plex.app' _when:cask: '! test -d /Applications/Plex.app'
ansible: professormanhattan.plex ansible: professormanhattan.plex
cask: cask: plex
- plex choco: plex
- plex-media-player
- plex-media-server
choco:
- plex
- plexmediaplayer
flatpak: tv.plex.PlexDesktop flatpak: tv.plex.PlexDesktop
plex-media-server:
_bin: plex-media-server
_github: false
_name: Plex Media Server
_when:cask: '! test -d "/Applications/Plex Media Server.app"'
_ports:
- port: 32400
proto: tcp
- port: 3005
proto: tcp
- port: 5353
proto: udp
- port: 8324
proto: tcp
- port: 32410-32414
proto: udp
- port: 1900
proto: udp
- port: 32469
proto: tcp
cask: plex-media-server
choco: plexmediaserver
snap: plexmediaserver snap: plexmediaserver
yay: plex-media-server yay: plex-media-server
plex-htpc: plex-htpc:
_bin: plex-htpc _bin: plex-htpc
_github: false
_home: https://www.plex.tv/ _home: https://www.plex.tv/
_name: Plex HTPC _name: Plex HTPC
_when:cask: '! test -d "/Applications/Plex HTPC.app"' _when:cask: '! test -d "/Applications/Plex HTPC.app"'
cask: plex-htpc cask: plex-htpc
choco: plex-home-theater
flatpak: tv.plex.PlexHTPC flatpak: tv.plex.PlexHTPC
snap: plex-htpc snap: plex-htpc
pm2: pm2:
@ -7114,7 +7152,6 @@ softwarePackages:
dnf: firewalld dnf: firewalld
emerge: net-firewall/firewalld emerge: net-firewall/firewalld
pacman: firewalld pacman: firewalld
script:darwin: sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on
zypper: firewalld zypper: firewalld
xrdp: xrdp:
_bin: xrdp _bin: xrdp
@ -9674,6 +9711,12 @@ softwarePackages:
dnf:fedora: yubikey-manager dnf:fedora: yubikey-manager
pacman: yubikey-manager pacman: yubikey-manager
pipx: yubikey-manager pipx: yubikey-manager
nginx-unit:
_bin: unitd
_github: https://github.com/nginx/unit
_name: NGINX Unit
_service:brew: nginx/unit/unit
brew: nginx/unit/unit
yubikey-manager-qt: yubikey-manager-qt:
_bin: yubikey-manager-qt _bin: yubikey-manager-qt
_desc: Cross-platform application for configuring any YubiKey over all USB interfaces. _desc: Cross-platform application for configuring any YubiKey over all USB interfaces.
@ -9713,10 +9756,10 @@ softwarePackages:
pipx: shell-gpt pipx: shell-gpt
tigervnc: tigervnc:
_bin: tigervncpasswd _bin: tigervncpasswd
_github: https://github.com/DukeyToo/tightvnc-server _github: https://github.com/TigerVNC/tigervnc
_name: TightVNC Server _name: TigerVNC Server
_ports: _ports:
- port: 5900-5909 - port: 5900-5904
proto: tcp proto: tcp
apt: tigervnc-standalone-server apt: tigervnc-standalone-server
dnf: tigervnc-server dnf: tigervnc-server
@ -9807,6 +9850,10 @@ softwarePlugins:
- redhatdeveloper/openshift-dd-ext - redhatdeveloper/openshift-dd-ext
- snyk/snyk-docker-desktop-extension - snyk/snyk-docker-desktop-extension
- tailscale/docker-extension - tailscale/docker-extension
dockerImages:
cmd: null
plugins:
- docker.io/nginx/unit
dotnet: dotnet:
cmd: sudo chown -r "$USER" "$HOME/.local/share/NuGet" && dotnet tool install -g {PLUGIN} cmd: sudo chown -r "$USER" "$HOME/.local/share/NuGet" && dotnet tool install -g {PLUGIN}
plugins: plugins: