Editted headers in notes

home/.chezmoiscripts/universal/run_after_01-pre-install.sh.tmpl

@@ -201,11 +201,11 @@ ensureNetworkConfigs() {
 #     4. Bypasses the OpenVPN connection for all the networks defined in `.host.vpn.excludedSubnets` (in the `home/.chezmoi.yaml.tmpl` file)
 #     5. Repeats the process for WireGuard by looping through all the `*.nmconnection` files stored in `${XDG_CONFIG_HOME:-$HOME/.config}/vpn` (username and password should already be stored in the encrypted files)
 #
-#     ## Creating VPN Profiles
+#     #### Creating VPN Profiles
 #
 #     More details on embedding your VPN profiles into your Install Doctor fork can be found by reading the [Secrets documentation](https://install.doctor/docs/customization/secrets#vpn-profiles).
 #
-#     ## Links
+#     #### Links
 #
 #     * [VPN profile folder](https://github.com/megabyte-labs/install.doctor/blob/master/home/dot_config/vpn)
 #     * [VPN profile documentation](https://install.doctor/docs/customization/secrets#vpn-profiles)
@@ -305,7 +305,7 @@ configureNetworkManagerVPNProfiles() {
 #     This script applies the SSH server MOTD banner and `sshd_config` (which are housed in the `home/private_dot_ssh/system` location)
 #     to the system by copying the files to the system location and then restarting / enabling the system SSH server.
 #
-#     ## Links
+#     #### Links
 #
 #     * [System SSHD configurations](https://github.com/megabyte-labs/install.doctor/tree/master/home/private_dot_ssh/system)
 configureSSHD() {
@@ -811,7 +811,7 @@ grubSettings() {
 # @description
 #     This script sets the [Docker Rclone plugin](https://rclone.org/docker/) which allows you to mount Rclone mounts as Docker volumes
 #
-#     ## Docker Rclone
+#     #### Docker Rclone
 #
 #     The Docker Rclone installation ensures necessary system directories are initialized / created. It also copies the [Docker Rclone configuration](https://github.com/megabyte-labs/install.doctor/blob/master/home/dot_config/rclone/private_docker-rclone.conf.tmpl)
 #     to the proper system location.
@@ -888,12 +888,12 @@ makeLocalBinExecutable() {
 #     Some of the roles that Gas Station provides are not available via Ansible Galaxy yet. This script symlinks Gas Station
 #     roles to an Ansible Galaxy / Ansible friendly location.
 #
-#     ## Ansible Installation
+#     #### Ansible Installation
 #
 #     If Ansible is not already installed, this script will also install Ansible and all the necessary requirements using `pipx`.
 #     This script must run before the `install-packages` script because some of the Ansible roles might be leveraged by it.
 #
-#     ## TODO
+#     #### TODO
 #
 #     * Move installation logic into the ZX installer so that Ansible and its dependencies are only installed when required
 #     * Remove Ansible dependency completely

home/.chezmoiscripts/universal/run_before_01-prepare.sh.tmpl

@@ -53,7 +53,7 @@ printFullDiskAccessNotice() {
 #     by attempting to read a file that requires full disk access. If it does not, the program opens the preferences
 #     pane where the user can grant access so that the script can continue.
 #
-#     ## Sources
+#     #### Links
 #
 #     * [Detecting Full Disk Access permission on macOS](https://www.dzombak.com/blog/2021/11/macOS-Scripting-How-to-tell-if-the-Terminal-app-has-Full-Disk-Access.html)
 ensureFullDiskAccess() {

home/.chezmoiscripts/universal/run_before_05-system.sh.tmpl

@@ -17,7 +17,7 @@ export PATH="$VOLTA_HOME/bin:$PATH"
 #
 #     After the `/swapfile` is created, it is enabled and assigned the appropriate permissions.
 #
-#     ## TODO
+#     #### TODO
 #
 #     * Add logic that creates a swapfile for ZFS-based systems
 #     * Integrate logic from https://gitlab.com/megabyte-labs/gas-station/-/blob/master/roles/system/common/tasks/linux/swap.yml
@@ -308,7 +308,7 @@ function installCredentialSecretService() {
 #     This script ensures Docker is installed and then adds the provisioning user to the `docker` group so that they can
 #     access Docker without `sudo`. It also installs and configures gVisor for use with Docker.
 #
-#     ## gVisor
+#     #### gVisor
 #
 #     gVisor is included with our Docker setup because it improves the security of Docker. gVisor is an application kernel, written in Go,
 #     that implements a substantial portion of the Linux system call interface. It provides an additional layer of isolation between running
@@ -474,7 +474,7 @@ installDocker() {
 #
 #     *Note: You should check out the supported systems before trying to enroll devices.*
 #
-#     ## JumpCloud on macOS
+#     #### JumpCloud on macOS
 #
 #     macOS offers a native device management feature offered through Apple Business. It is the preferred
 #     method since it offers most of the desirable features (like remote wipe). The [JumpCloud MDM documentation](https://support.jumpcloud.com/support/s/article/Getting-Started-MDM)
@@ -562,7 +562,7 @@ removeLinuxBloatware() {
 #     are set equal to the value stored in `.host.hostname` (in `.chezmoi.yaml.tmpl`) but with the `.host.domain` stripped off. On Linux, the same is done
 #     but only the hostname is set. On Linux, the hostname is set with the `hostname` command and then also with the `hostnamectl` command if it is available.
 #
-#     ## Sources
+#     #### Sources
 #
 #     * [Changing Linux hostname permanently](https://www.tecmint.com/set-hostname-permanently-in-linux/)
 setHostname() {

home/dot_local/bin/executable_provision.tmpl

@@ -127,7 +127,6 @@ if ! sudo cat /etc/sudoers | grep '# TEMPORARY FOR INSTALL DOCTOR' > /dev/null;
   fi
 fi
 
-# @section Qubes dom0 Bootstrap
 # @description Perform Qubes dom0 specific logic like updating system packages, setting up the Tor VM, updating TemplateVMs, and
 # beginning the provisioning process using Ansible and an AppVM used to handle the provisioning process
 if command -v qubesctl > /dev/null; then

local/provision.sh

@@ -124,7 +124,6 @@ logg() {
   fi
 }
 
-# @section Environment variables and system dependencies
 # @description Ensure Ubuntu / Debian run in `noninteractive` mode. Detect `START_REPO` format and determine appropriate git address,
 #     otherwise use the master Install Doctor branch
 setEnvironmentVariables() {
@@ -347,7 +346,7 @@ printFullDiskAccessNotice() {
 #     by attempting to read a file that requires full disk access. If it does not, the program opens the preferences
 #     pane where the user can grant access so that the script can continue.
 #
-#     ## Sources
+#     #### Links
 #
 #     * [Detecting Full Disk Access permission on macOS](https://www.dzombak.com/blog/2021/11/macOS-Scripting-How-to-tell-if-the-Terminal-app-has-Full-Disk-Access.html)
 ensureFullDiskAccess() {
@@ -451,7 +450,6 @@ setupPasswordlessSudo() {
   fi
 }
 
-# @section Qubes dom0
 # @description Ensure sys-whonix is configured (for Qubes dom0)
 ensureSysWhonix() {
   CONFIG_WIZARD_COUNT=0
@@ -553,7 +551,6 @@ handleQubesDom0() {
   fi
 }
 
-# @section Homebrew dependencies
 # @description Helper function used by [[ensureHomebrewDeps]] to ensure a Homebrew package is installed after
 #     first checking if it is already available on the system.
 installBrewPackage() {
@@ -594,7 +591,6 @@ ensureHomebrewDeps() {
   fi
 }
 
-# @section Chezmoi
 # @description Ensure the `${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi` directory is cloned and up-to-date using the previously
 #     set `START_REPO` as the source repository.
 cloneChezmoiSourceRepo() {
@@ -714,7 +710,6 @@ runChezmoi() {
   fi
 }
 
-# @section Post-provision logic
 # @description Ensure temporary passwordless sudo privileges are removed from `/etc/sudoers`
 removePasswordlessSudo() {
   if command -v gsed > /dev/null; then
@@ -732,7 +727,6 @@ postProvision() {
   fi
 }
 
-# @section Execution order
 # @description The `provisionLogic` function is used to define the order of the script. All of the functions it relies on are defined
 #     above.
 provisionLogic() {

scripts/partials/full-disk-access

@@ -15,7 +15,7 @@ printFullDiskAccessNotice() {
 #     by attempting to read a file that requires full disk access. If it does not, the program opens the preferences
 #     pane where the user can grant access so that the script can continue.
 #
-#     ## Sources
+#     #### Links
 #
 #     * [Detecting Full Disk Access permission on macOS](https://www.dzombak.com/blog/2021/11/macOS-Scripting-How-to-tell-if-the-Terminal-app-has-Full-Disk-Access.html)
 ensureFullDiskAccess() {

scripts/provision.sh

@@ -124,7 +124,6 @@ logg() {
   fi
 }
 
-# @section Environment variables and system dependencies
 # @description Ensure Ubuntu / Debian run in `noninteractive` mode. Detect `START_REPO` format and determine appropriate git address,
 #     otherwise use the master Install Doctor branch
 setEnvironmentVariables() {
@@ -347,7 +346,7 @@ printFullDiskAccessNotice() {
 #     by attempting to read a file that requires full disk access. If it does not, the program opens the preferences
 #     pane where the user can grant access so that the script can continue.
 #
-#     ## Sources
+#     #### Links
 #
 #     * [Detecting Full Disk Access permission on macOS](https://www.dzombak.com/blog/2021/11/macOS-Scripting-How-to-tell-if-the-Terminal-app-has-Full-Disk-Access.html)
 ensureFullDiskAccess() {
@@ -451,7 +450,6 @@ setupPasswordlessSudo() {
   fi
 }
 
-# @section Qubes dom0
 # @description Ensure sys-whonix is configured (for Qubes dom0)
 ensureSysWhonix() {
   CONFIG_WIZARD_COUNT=0
@@ -553,7 +551,6 @@ handleQubesDom0() {
   fi
 }
 
-# @section Homebrew dependencies
 # @description Helper function used by [[ensureHomebrewDeps]] to ensure a Homebrew package is installed after
 #     first checking if it is already available on the system.
 installBrewPackage() {
@@ -594,7 +591,6 @@ ensureHomebrewDeps() {
   fi
 }
 
-# @section Chezmoi
 # @description Ensure the `${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi` directory is cloned and up-to-date using the previously
 #     set `START_REPO` as the source repository.
 cloneChezmoiSourceRepo() {
@@ -714,7 +710,6 @@ runChezmoi() {
   fi
 }
 
-# @section Post-provision logic
 # @description Ensure temporary passwordless sudo privileges are removed from `/etc/sudoers`
 removePasswordlessSudo() {
   if command -v gsed > /dev/null; then
@@ -732,7 +727,6 @@ postProvision() {
   fi
 }
 
-# @section Execution order
 # @description The `provisionLogic` function is used to define the order of the script. All of the functions it relies on are defined
 #     above.
 provisionLogic() {

scripts/src/provision.sh.tmpl

@@ -52,7 +52,6 @@
 #     [Install Doctor documentation portal](https://install.doctor/docs) (includes tips, tricks, and guides on how to customize the system to your liking)
 
 {{ include "partials" "logg" }}
-# @section Environment variables and system dependencies
 # @description Ensure Ubuntu / Debian run in `noninteractive` mode. Detect `START_REPO` format and determine appropriate git address,
 #     otherwise use the master Install Doctor branch
 setEnvironmentVariables() {
@@ -131,7 +130,6 @@ setupPasswordlessSudo() {
   fi
 }
 
-# @section Qubes dom0
 # @description Ensure sys-whonix is configured (for Qubes dom0)
 ensureSysWhonix() {
   CONFIG_WIZARD_COUNT=0
@@ -233,7 +231,6 @@ handleQubesDom0() {
   fi
 }
 
-# @section Homebrew dependencies
 # @description Helper function used by [[ensureHomebrewDeps]] to ensure a Homebrew package is installed after
 #     first checking if it is already available on the system.
 installBrewPackage() {
@@ -274,7 +271,6 @@ ensureHomebrewDeps() {
   fi
 }
 
-# @section Chezmoi
 # @description Ensure the `${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi` directory is cloned and up-to-date using the previously
 #     set `START_REPO` as the source repository.
 cloneChezmoiSourceRepo() {
@@ -394,7 +390,6 @@ runChezmoi() {
   fi
 }
 
-# @section Post-provision logic
 # @description Ensure temporary passwordless sudo privileges are removed from `/etc/sudoers`
 removePasswordlessSudo() {
   if command -v gsed > /dev/null; then
@@ -412,7 +407,6 @@ postProvision() {
   fi
 }
 
-# @section Execution order
 # @description The `provisionLogic` function is used to define the order of the script. All of the functions it relies on are defined
 #     above.
 provisionLogic() {