diff --git a/.local/share/chezmoi/home/.chezmoiscripts/windows/run_onchange_after_14-cleanup-windows b/.local/share/chezmoi/home/.chezmoiscripts/windows/run_onchange_after_14-cleanup-windows
index d8eeecca..028dd63f 100644
--- a/.local/share/chezmoi/home/.chezmoiscripts/windows/run_onchange_after_14-cleanup-windows
+++ b/.local/share/chezmoi/home/.chezmoiscripts/windows/run_onchange_after_14-cleanup-windows
@@ -1,3 +1,4 @@
+Remove-Item -Recurse -Force C:\Malwarebytes
Remove-Item -Recurse -Force C:\PerfLogs
Remove-Item -Recurse -Force C:\$WinREAgent
Remove-Item C:\Users\*\Desktop\*lnk -Force
diff --git a/.local/share/chezmoi/software.yml b/.local/share/chezmoi/software.yml
index a19a2bf3..11916c5b 100644
--- a/.local/share/chezmoi/software.yml
+++ b/.local/share/chezmoi/software.yml
@@ -901,6 +901,26 @@ softwarePackages:
_type: cli
brew: clair
github: github.com/quay/clair
+ clamav:
+ _bin: null
+ _desc: null
+ _docs: null
+ _github: null
+ _home: null
+ _name: ClamAV
+ _post: freshclam
+ _service: true
+ _systemd: clamav-freshclam
+ _systemd:dnf: clamd-freshclam
+ _type: cli
+ apt:
+ - clamav
+ - clamdscan
+ brew: clamav
+ dnf:
+ - clamav
+ - clamav-update
+ pacman: clamav
clocker:
_when: '! test -d /Applications/Clocker.app'
_bin: null
@@ -1144,7 +1164,16 @@ softwarePackages:
_home: null
_name: CUPS
_service: null
+ _systemd: smbd
ansible: professormanhattan.cups
+ apt:
+ - avahi-daemon
+ - cups
+ brew: cups
+ dnf: cups
+ pacman:
+ - avahi-daemon
+ - cups
curator:
_bin: null
_desc: Elasticsearch Curator helps you curate, or manage, your Elasticsearch indices and snapshots
@@ -3680,6 +3709,16 @@ softwarePackages:
_name: mackup
_service: null
ansible: professormanhattan.mackup
+ malwarebytes:
+ _bin: null
+ _desc: null
+ _docs: null
+ _github: null
+ _home: null
+ _name: Malwarebytes
+ _service: true
+ cask: malwarebytes
+ choco: malwarebytes
mailspring:
_bin: null
_desc: '[Mailspring](https://getmailspring.com/) comes packed with powerful features like Unified Inbox, Snooze, Send Later, Mail Rules, Templates and more. Mailspring Pro, which you can unlock with a monthly subscription, adds even more features for people who send a ton of email: link tracking, read receipts, mailbox analytics, contact and company profiles. All of these features run in the client - Mailspring does not send your email credentials to the cloud.'
@@ -5136,6 +5175,24 @@ softwarePackages:
choco: ripgrep-all
nix: ripgrep-all
pacman: ripgrep-all
+ rkhunter:
+ _bin: rkhunter
+ _desc: null
+ _docs: null
+ _github: null
+ _home: null
+ _name: rkhunter
+ _post: rkhunter --propupd && rkhunter --update
+ _service: true
+ _systemd:pacman: cronie
+ _type: cli
+ apt: rkhunter
+ brew: rkhunter
+ dnf: rkhunter
+ pacman:
+ - cronie
+ - rkhunter
+ - s-nail
rm-improved:
_bin: rip
_desc: A safe and ergonomic alternative to rm
diff --git a/.local/share/chezmoi/system/etc/cups/cupsd.conf b/.local/share/chezmoi/system/etc/cups/cupsd.conf
new file mode 100644
index 00000000..2d68db85
--- /dev/null
+++ b/.local/share/chezmoi/system/etc/cups/cupsd.conf
@@ -0,0 +1,190 @@
+#
+# Configuration file for the CUPS scheduler. See "man cupsd.conf" for a
+# complete description of this file.
+#
+
+# Log general information in error_log - change "warn" to "debug"
+# for troubleshooting...
+LogLevel warn
+PageLogFormat
+
+# Deactivate CUPS' internal logrotating, as we provide a better one, especially
+# LogLevel debug2 gets usable now
+MaxLogSize 0
+
+# Only listen for connections from the local machine.
+Port 631
+Listen /run/cups/cups.sock
+
+# Show shared printers on the local network.
+Browsing On
+BrowseLocalProtocols dnssd
+
+# Default authentication type, when authentication is required...
+DefaultAuthType Basic
+
+# Web interface setting...
+WebInterface Yes
+
+# Restrict access to the server...
+
+ Order allow,deny
+ Allow @LOCAL
+
+
+# Restrict access to the admin pages...
+
+ AuthType Default
+ Require user @SYSTEM
+ Order allow,deny
+ Allow @LOCAL
+
+
+# Restrict access to configuration files...
+
+ AuthType Default
+ Require user @SYSTEM
+ Order allow,deny
+
+
+# Restrict access to log files...
+
+ AuthType Default
+ Require user @SYSTEM
+ Order allow,deny
+
+
+# Set the default printer/job policies...
+
+ # Job/subscription privacy...
+ JobPrivateAccess default
+ JobPrivateValues default
+ SubscriptionPrivateAccess default
+ SubscriptionPrivateValues default
+
+ # Job-related operations must be done by the owner or an administrator...
+
+ Order deny,allow
+
+
+
+ Require user @OWNER @SYSTEM
+ Order deny,allow
+
+
+ # All administration operations require an administrator to authenticate...
+
+ AuthType Default
+ Require user @SYSTEM
+ Order deny,allow
+
+
+ # All printer operations require a printer operator to authenticate...
+
+ AuthType Default
+ Require user @SYSTEM
+ Order deny,allow
+
+
+ # Only the owner or an administrator can cancel or authenticate a job...
+
+ Require user @OWNER @SYSTEM
+ Order deny,allow
+
+
+
+ Order deny,allow
+
+
+
+# Set the authenticated printer/job policies...
+
+ # Job/subscription privacy...
+ JobPrivateAccess default
+ JobPrivateValues default
+ SubscriptionPrivateAccess default
+ SubscriptionPrivateValues default
+
+ # Job-related operations must be done by the owner or an administrator...
+
+ AuthType Default
+ Order deny,allow
+
+
+
+ AuthType Default
+ Require user @OWNER @SYSTEM
+ Order deny,allow
+
+
+ # All administration operations require an administrator to authenticate...
+
+ AuthType Default
+ Require user @SYSTEM
+ Order deny,allow
+
+
+ # All printer operations require a printer operator to authenticate...
+
+ AuthType Default
+ Require user @SYSTEM
+ Order deny,allow
+
+
+ # Only the owner or an administrator can cancel or authenticate a job...
+
+ AuthType Default
+ Require user @OWNER @SYSTEM
+ Order deny,allow
+
+
+
+ Order deny,allow
+
+
+
+# Set the kerberized printer/job policies...
+
+ # Job/subscription privacy...
+ JobPrivateAccess default
+ JobPrivateValues default
+ SubscriptionPrivateAccess default
+ SubscriptionPrivateValues default
+
+ # Job-related operations must be done by the owner or an administrator...
+
+ AuthType Negotiate
+ Order deny,allow
+
+
+
+ AuthType Negotiate
+ Require user @OWNER @SYSTEM
+ Order deny,allow
+
+
+ # All administration operations require an administrator to authenticate...
+
+ AuthType Default
+ Require user @SYSTEM
+ Order deny,allow
+
+
+ # All printer operations require a printer operator to authenticate...
+
+ AuthType Default
+ Require user @SYSTEM
+ Order deny,allow
+
+
+ # Only the owner or an administrator can cancel or authenticate a job...
+
+ AuthType Negotiate
+ Require user @OWNER @SYSTEM
+ Order deny,allow
+
+
+
+ Order deny,allow
+
+
diff --git a/.local/share/chezmoi/system/etc/cups/modify_cupsd.conf b/.local/share/chezmoi/system/etc/cups/modify_cupsd.conf
new file mode 100644
index 00000000..8ec91ec6
--- /dev/null
+++ b/.local/share/chezmoi/system/etc/cups/modify_cupsd.conf
@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+sudo chmod 644 cupsd.conf