From 5f1dc34fb0cb9fc219eddee315d89260f591ef57 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Sun, 2 Jan 2022 17:25:16 -0300
Subject: Some TPC changes

---
 files/etc/NetworkManager/conf.d/00-macchanger.conf |  6 ++++++
 manifests/base/personal.pp                         |  3 ++-
 manifests/role/tpc.pp                              | 12 ++++++++----
 manifests/subsystem/macchanger.pp                  |  5 -----
 manifests/subsystem/macchanger/wicd.pp             |  9 ---------
 manifests/subsystem/network/macchanger.pp          |  5 +++++
 manifests/subsystem/network/manager.pp             | 15 +++++++++++++++
 manifests/subsystem/network/manager/macchanger.pp  | 18 ++++++++++++++++++
 manifests/subsystem/network/wicd.pp                | 11 +++++++++++
 manifests/subsystem/network/wicd/macchanger.pp     | 11 +++++++++++
 manifests/utils/development/virtual.pp             |  2 +-
 manifests/utils/laptop.pp                          |  2 +-
 manifests/utils/laptop/debian.pp                   |  4 ++--
 manifests/utils/network/wicd.pp                    | 11 -----------
 manifests/utils/personal.pp                        |  2 +-
 15 files changed, 81 insertions(+), 35 deletions(-)
 create mode 100644 files/etc/NetworkManager/conf.d/00-macchanger.conf
 delete mode 100644 manifests/subsystem/macchanger.pp
 delete mode 100644 manifests/subsystem/macchanger/wicd.pp
 create mode 100644 manifests/subsystem/network/macchanger.pp
 create mode 100644 manifests/subsystem/network/manager.pp
 create mode 100644 manifests/subsystem/network/manager/macchanger.pp
 create mode 100644 manifests/subsystem/network/wicd.pp
 create mode 100644 manifests/subsystem/network/wicd/macchanger.pp
 delete mode 100644 manifests/utils/network/wicd.pp

diff --git a/files/etc/NetworkManager/conf.d/00-macchanger.conf b/files/etc/NetworkManager/conf.d/00-macchanger.conf
new file mode 100644
index 0000000..17f6bbb
--- /dev/null
+++ b/files/etc/NetworkManager/conf.d/00-macchanger.conf
@@ -0,0 +1,6 @@
+[device]
+wifi.scan-rand-mac-address=yes
+
+[connection]
+ethernet.cloned-mac-address=random
+wifi.cloned-mac-address=random
diff --git a/manifests/base/personal.pp b/manifests/base/personal.pp
index f4fe3d9..852d023 100644
--- a/manifests/base/personal.pp
+++ b/manifests/base/personal.pp
@@ -23,7 +23,8 @@ class nodo::base::personal {
   #}
 
   # Development
-  file { [ "/var/cache/vagrant", "/var/cache/virtualbox", "/var/cache/qemu" ]:
+  #file { [ "/var/cache/vagrant", "/var/cache/virtualbox", "/var/cache/qemu" ]:
+  file { [ "/var/cache/qemu" ]:
     ensure => directory,
     mode   => '0755',
   }
diff --git a/manifests/role/tpc.pp b/manifests/role/tpc.pp
index cdc46fe..aa37f53 100644
--- a/manifests/role/tpc.pp
+++ b/manifests/role/tpc.pp
@@ -1,8 +1,12 @@
 # Trusted Personal Computer
-class nodo::role::tpc inherits nodo::base::laptop {
+class nodo::role::tpc(
+  $version = '1',
+) {
+  include nodo::base::laptop
   #include nodo::utils::web::hardened
   #include nodo::subsystem::udev::network
-  include nodo::utils::network::wicd
-  include nodo::subsystem::macchanger::wicd
-  include onion::full
+  #include nodo::subsystem::network::wicd::macchanger
+  #include onion::full
+  include nodo::subsystem::network::manager::macchanger
+  include onion
 }
diff --git a/manifests/subsystem/macchanger.pp b/manifests/subsystem/macchanger.pp
deleted file mode 100644
index f5e5438..0000000
--- a/manifests/subsystem/macchanger.pp
+++ /dev/null
@@ -1,5 +0,0 @@
-class nodo::subsystem::macchanger {
-  package { 'macchanger':
-    ensure  => present,
-  }
-}
diff --git a/manifests/subsystem/macchanger/wicd.pp b/manifests/subsystem/macchanger/wicd.pp
deleted file mode 100644
index 414cb78..0000000
--- a/manifests/subsystem/macchanger/wicd.pp
+++ /dev/null
@@ -1,9 +0,0 @@
-class nodo::subsystem::macchanger::wicd inherits nodo::subsystem::macchanger {
-  file { '/etc/wicd/scripts/preconnect/macchanger':
-    ensure => present,
-    owner  => root,
-    group  => root,
-    mode   => '0755',
-    source => 'puppet:///modules/nodo/etc/wicd/macchanger',
-  }
-} 
diff --git a/manifests/subsystem/network/macchanger.pp b/manifests/subsystem/network/macchanger.pp
new file mode 100644
index 0000000..f5e5438
--- /dev/null
+++ b/manifests/subsystem/network/macchanger.pp
@@ -0,0 +1,5 @@
+class nodo::subsystem::macchanger {
+  package { 'macchanger':
+    ensure  => present,
+  }
+}
diff --git a/manifests/subsystem/network/manager.pp b/manifests/subsystem/network/manager.pp
new file mode 100644
index 0000000..3b7a7cf
--- /dev/null
+++ b/manifests/subsystem/network/manager.pp
@@ -0,0 +1,15 @@
+class nodo::subsystem::network::manager (
+  $ensure = 'installed',
+) {
+  package { [
+    'network-manager',
+    'nm-tray',
+  ]:
+    ensure => $ensure,
+  }
+
+  service { 'network-manager':
+    ensure  => running,
+    require => Package['network-manager'],
+  }
+}
diff --git a/manifests/subsystem/network/manager/macchanger.pp b/manifests/subsystem/network/manager/macchanger.pp
new file mode 100644
index 0000000..248ac7f
--- /dev/null
+++ b/manifests/subsystem/network/manager/macchanger.pp
@@ -0,0 +1,18 @@
+# See https://networkmanager.dev/docs/api/latest/NetworkManager.conf.html
+#     https://blogs.gnome.org/thaller/2016/08/26/mac-address-spoofing-in-networkmanager-1-4-0/
+#     https://fedoramagazine.org/randomize-mac-address-nm/
+#     https://ofstack.com/Linux/29692/linux-uses-networkmanager-to-randomly-generate-your-mac-address.html
+#     https://re00.home.blog/2019/10/10/random-mac-nm/
+#     https://forums.kali.org/showthread.php?34221-Turning-off-Mac-address-randomization-in-Network-Manager-one-method
+#     https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879484
+class nodo::subsystem::network::manager::macchanger inherits nodo::subsystem::network::manager {
+  file { '/etc/NetworkManager/conf.d/00-macchanger.conf':
+    ensure  => present,
+    owner   => root,
+    group   => root,
+    mode    => '0644',
+    source  => 'puppet:///modules/nodo/etc/NetworkManager/conf.d/00-macchanger.conf',
+    require => Package['network-manager'],
+    notify  => Service['network-manager'],
+  }
+}
diff --git a/manifests/subsystem/network/wicd.pp b/manifests/subsystem/network/wicd.pp
new file mode 100644
index 0000000..7f221f6
--- /dev/null
+++ b/manifests/subsystem/network/wicd.pp
@@ -0,0 +1,11 @@
+class nodo::subsystem::network::wicd (
+  $ensure = 'installed',
+) {
+  package { [
+    'wicd',
+    'wicd-curses',
+    #'wicd-gtk',
+  ]:
+    ensure => $ensure,
+  }
+}
diff --git a/manifests/subsystem/network/wicd/macchanger.pp b/manifests/subsystem/network/wicd/macchanger.pp
new file mode 100644
index 0000000..c5dafc3
--- /dev/null
+++ b/manifests/subsystem/network/wicd/macchanger.pp
@@ -0,0 +1,11 @@
+class nodo::subsystem::network::wicd::macchanger inherits nodo:subsystem::network::wicd {
+  include nodo::subsystem::macchanger
+
+  file { '/etc/wicd/scripts/preconnect/macchanger':
+    ensure => present,
+    owner  => root,
+    group  => root,
+    mode   => '0755',
+    source => 'puppet:///modules/nodo/etc/wicd/macchanger',
+  }
+}
diff --git a/manifests/utils/development/virtual.pp b/manifests/utils/development/virtual.pp
index dae3525..59f3984 100644
--- a/manifests/utils/development/virtual.pp
+++ b/manifests/utils/development/virtual.pp
@@ -1,7 +1,6 @@
 class nodo::utils::development::virtual inherits nodo::utils::virtual {
   package { [
     # For development with virtual machines and containers
-    'vagrant',
     #'vagrant-libvirt',
     #'docker.io',
     #'packer',
@@ -22,6 +21,7 @@ class nodo::utils::development::virtual inherits nodo::utils::virtual {
   # Discontinued
   # https://lists.debian.org/msgid-search/aeb59515ee63c658e40927a401fd1b200747a168.camel@liw.fi
   package { [
+    'vagrant',
     'vmdebootstrap',
   ]:
     ensure => absent,
diff --git a/manifests/utils/laptop.pp b/manifests/utils/laptop.pp
index 9a27368..3969d89 100644
--- a/manifests/utils/laptop.pp
+++ b/manifests/utils/laptop.pp
@@ -1,7 +1,7 @@
 # Common utilities for laptop
 class nodo::utils::laptop {
   case $::operatingsystem {
-    debian: { 
+    debian: {
       include nodo::utils::laptop::debian
     }
     default: { }
diff --git a/manifests/utils/laptop/debian.pp b/manifests/utils/laptop/debian.pp
index 6688542..bf180c3 100644
--- a/manifests/utils/laptop/debian.pp
+++ b/manifests/utils/laptop/debian.pp
@@ -39,12 +39,12 @@ class nodo::utils::laptop::debian {
 
   # Misc
   #package { [
-  #  'module-assistant', 
+  #  'module-assistant',
   #  'ekiga',
   #  'mumble',
   #  'usb-modeswitch',
   #  'gnokii',
-  #  'sharutils', 
+  #  'sharutils',
   #]:
   #  ensure => installed,
   #}
diff --git a/manifests/utils/network/wicd.pp b/manifests/utils/network/wicd.pp
deleted file mode 100644
index 86af12a..0000000
--- a/manifests/utils/network/wicd.pp
+++ /dev/null
@@ -1,11 +0,0 @@
-class nodo::utils::network::wicd (
-  $ensure = 'installed',
-) {
-  package { [
-    'wicd',
-    'wicd-curses',
-    #'wicd-gtk',
-  ]:
-    ensure => $ensure,
-  }
-}
diff --git a/manifests/utils/personal.pp b/manifests/utils/personal.pp
index 83fa7bc..a7de82c 100644
--- a/manifests/utils/personal.pp
+++ b/manifests/utils/personal.pp
@@ -1,7 +1,7 @@
 # Common utilities for personal computers
 class nodo::utils::personal {
   case $::operatingsystem {
-    debian: { 
+    debian: {
       include nodo::utils::bundle::debian
     }
     default: { }
-- 
cgit v1.2.3