Update 5 files
- /home/dot_ssh/system/run_onchanges_after_sshd.tmpl - /home/dot_ssh/fail2ban/run_onchanges_after_fail2ban.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_13-post-install-packages.tmpl - /home/.chezmoidata.yaml - /software.yml
This commit is contained in:
parent
45355db9c5
commit
17f6d81423
5 changed files with 64 additions and 4 deletions
|
@ -247,7 +247,8 @@ softwareGroups:
|
||||||
- rm-improved
|
- rm-improved
|
||||||
- rsync
|
- rsync
|
||||||
- sd
|
- sd
|
||||||
- snapd
|
# Bundled into installer
|
||||||
|
# - snapd
|
||||||
- task
|
- task
|
||||||
- tmux
|
- tmux
|
||||||
- tor
|
- tor
|
||||||
|
|
|
@ -4,7 +4,6 @@
|
||||||
{{ includeTemplate "universal/profile" }}
|
{{ includeTemplate "universal/profile" }}
|
||||||
{{ includeTemplate "universal/logg" }}
|
{{ includeTemplate "universal/logg" }}
|
||||||
|
|
||||||
|
|
||||||
### Remove Firefox snap if Flatpak is installed
|
### Remove Firefox snap if Flatpak is installed
|
||||||
if command -v org.mozilla.firefox > /dev/null && command -v snap > /dev/null && snap list firefox | grep firefox > /dev/null; then
|
if command -v org.mozilla.firefox > /dev/null && command -v snap > /dev/null && snap list firefox | grep firefox > /dev/null; then
|
||||||
logg info 'Removing snap version of Firefox because Flatpak version is already installed'
|
logg info 'Removing snap version of Firefox because Flatpak version is already installed'
|
||||||
|
|
41
home/dot_ssh/fail2ban/run_onchanges_after_fail2ban.tmpl
Normal file
41
home/dot_ssh/fail2ban/run_onchanges_after_fail2ban.tmpl
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
{{- if ne .host.distro.family "windows" }}
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
# jail.local hash: {{ include (joinPath .host.home ".ssh" "fail2ban" "jail.local") | sha256sum }}
|
||||||
|
|
||||||
|
{{ includeTemplate "universal/profile" }}
|
||||||
|
{{ includeTemplate "universal/logg" }}
|
||||||
|
|
||||||
|
### Restart fail2ban
|
||||||
|
function restartFail2Ban() {
|
||||||
|
if [ -d /Applications ] && [ -d /System ]; then
|
||||||
|
# macOS
|
||||||
|
logg info 'Enabling the `fail2ban` Homebrew service'
|
||||||
|
brew services start fail2ban
|
||||||
|
else
|
||||||
|
# Linux
|
||||||
|
logg info 'Enabling the `fail2ban` service'
|
||||||
|
sudo systemctl enable fail2ban
|
||||||
|
logg info 'Restarting the `fail2ban` service'
|
||||||
|
sudo systemctl restart fail2ban
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
### Update the jail.local file if environment is not WSL
|
||||||
|
if [[ ! "$(grep Microsoft /proc/version)" ]]; then
|
||||||
|
if [ -d /etc/fail2ban ]; then
|
||||||
|
logg info 'Copying ~/.ssh/fail2ban/jail.local to /etc/fail2ban/jail.local'
|
||||||
|
sudo cp -f "$HOME/.ssh/fail2ban/jail.local" /etc/fail2ban/jail.local
|
||||||
|
restartFail2Ban
|
||||||
|
elif [ -d /usr/local/etc/fail2ban ]; then
|
||||||
|
logg info 'Copying ~/.ssh/fail2ban/jail.local to /usr/local/etc/fail2ban/jail.local'
|
||||||
|
sudo cp -f "$HOME/.ssh/fail2ban/jail.local" /usr/local/etc/fail2ban/jail.local
|
||||||
|
restartFail2Ban
|
||||||
|
else
|
||||||
|
logg warn 'Both the /etc/fail2ban (Linux) and the /usr/local/etc/fail2ban (macOS) folder do not exist'
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
logg info 'Skipping sshd_config application since environment is WSL'
|
||||||
|
fi
|
||||||
|
|
||||||
|
{{ end -}}
|
|
@ -1,6 +1,12 @@
|
||||||
{{- if ne .host.distro.family "windows" }}
|
{{- if ne .host.distro.family "windows" }}
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
# sshd_config hash: {{ include (joinPath .host.home ".ssh" "system" "sshd_config") | sha256sum }}
|
||||||
|
# banner hash: {{ include (joinPath .host.home ".ssh" "system" "banner") | sha256sum }}
|
||||||
|
|
||||||
|
{{ includeTemplate "universal/profile" }}
|
||||||
|
{{ includeTemplate "universal/logg" }}
|
||||||
|
|
||||||
### Update /etc/ssh/sshd_config if environment is not WSL
|
### Update /etc/ssh/sshd_config if environment is not WSL
|
||||||
if [[ ! "$(grep Microsoft /proc/version)" ]]; then
|
if [[ ! "$(grep Microsoft /proc/version)" ]]; then
|
||||||
if [ -d /etc/ssh ]; then
|
if [ -d /etc/ssh ]; then
|
||||||
|
@ -22,8 +28,7 @@ if [[ ! "$(grep Microsoft /proc/version)" ]]; then
|
||||||
logg info 'Enabling the `sshd` service'
|
logg info 'Enabling the `sshd` service'
|
||||||
sudo systemctl enable sshd
|
sudo systemctl enable sshd
|
||||||
logg info 'Restarting the `sshd` service'
|
logg info 'Restarting the `sshd` service'
|
||||||
|
sudo systemctl restart sshd
|
||||||
sudo service sshd restart
|
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
logg warn 'The /etc/ssh folder does not exist'
|
logg warn 'The /etc/ssh folder does not exist'
|
||||||
|
|
14
software.yml
14
software.yml
|
@ -5198,7 +5198,16 @@ softwarePackages:
|
||||||
_github: https://github.com/nmap/nmap
|
_github: https://github.com/nmap/nmap
|
||||||
_home: https://nmap.org/
|
_home: https://nmap.org/
|
||||||
_name: Nmap
|
_name: Nmap
|
||||||
|
_post:snap: sudo snap connect nmap:network-control
|
||||||
ansible: professormanhattan.nmap
|
ansible: professormanhattan.nmap
|
||||||
|
apt: nmap
|
||||||
|
brew: nmap
|
||||||
|
choco: nmap
|
||||||
|
dnf: nmap
|
||||||
|
pacman: nmap
|
||||||
|
port: nmap
|
||||||
|
scoop: nmap
|
||||||
|
snap: nmap
|
||||||
_service: false
|
_service: false
|
||||||
_type: cli
|
_type: cli
|
||||||
nnn:
|
nnn:
|
||||||
|
@ -7650,6 +7659,11 @@ softwarePackages:
|
||||||
_home: null
|
_home: null
|
||||||
_name: tree-cli
|
_name: tree-cli
|
||||||
ansible: professormanhattan.tree
|
ansible: professormanhattan.tree
|
||||||
|
apt: tree
|
||||||
|
brew: tree
|
||||||
|
choco: tree
|
||||||
|
dnf: tree
|
||||||
|
pacman: tree
|
||||||
_service: false
|
_service: false
|
||||||
_type: cli
|
_type: cli
|
||||||
tree-sitter:
|
tree-sitter:
|
||||||
|
|
Loading…
Reference in a new issue