Editted headers in notes

This commit is contained in:
Brian Zalewski 2024-03-01 08:26:04 +00:00
parent 1ec309c7b3
commit 31e911f326
8 changed files with 14 additions and 33 deletions

View file

@ -201,11 +201,11 @@ ensureNetworkConfigs() {
# 4. Bypasses the OpenVPN connection for all the networks defined in `.host.vpn.excludedSubnets` (in the `home/.chezmoi.yaml.tmpl` file) # 4. Bypasses the OpenVPN connection for all the networks defined in `.host.vpn.excludedSubnets` (in the `home/.chezmoi.yaml.tmpl` file)
# 5. Repeats the process for WireGuard by looping through all the `*.nmconnection` files stored in `${XDG_CONFIG_HOME:-$HOME/.config}/vpn` (username and password should already be stored in the encrypted files) # 5. Repeats the process for WireGuard by looping through all the `*.nmconnection` files stored in `${XDG_CONFIG_HOME:-$HOME/.config}/vpn` (username and password should already be stored in the encrypted files)
# #
# ## Creating VPN Profiles # #### Creating VPN Profiles
# #
# More details on embedding your VPN profiles into your Install Doctor fork can be found by reading the [Secrets documentation](https://install.doctor/docs/customization/secrets#vpn-profiles). # More details on embedding your VPN profiles into your Install Doctor fork can be found by reading the [Secrets documentation](https://install.doctor/docs/customization/secrets#vpn-profiles).
# #
# ## Links # #### Links
# #
# * [VPN profile folder](https://github.com/megabyte-labs/install.doctor/blob/master/home/dot_config/vpn) # * [VPN profile folder](https://github.com/megabyte-labs/install.doctor/blob/master/home/dot_config/vpn)
# * [VPN profile documentation](https://install.doctor/docs/customization/secrets#vpn-profiles) # * [VPN profile documentation](https://install.doctor/docs/customization/secrets#vpn-profiles)
@ -305,7 +305,7 @@ configureNetworkManagerVPNProfiles() {
# This script applies the SSH server MOTD banner and `sshd_config` (which are housed in the `home/private_dot_ssh/system` location) # This script applies the SSH server MOTD banner and `sshd_config` (which are housed in the `home/private_dot_ssh/system` location)
# to the system by copying the files to the system location and then restarting / enabling the system SSH server. # to the system by copying the files to the system location and then restarting / enabling the system SSH server.
# #
# ## Links # #### Links
# #
# * [System SSHD configurations](https://github.com/megabyte-labs/install.doctor/tree/master/home/private_dot_ssh/system) # * [System SSHD configurations](https://github.com/megabyte-labs/install.doctor/tree/master/home/private_dot_ssh/system)
configureSSHD() { configureSSHD() {
@ -811,7 +811,7 @@ grubSettings() {
# @description # @description
# This script sets the [Docker Rclone plugin](https://rclone.org/docker/) which allows you to mount Rclone mounts as Docker volumes # This script sets the [Docker Rclone plugin](https://rclone.org/docker/) which allows you to mount Rclone mounts as Docker volumes
# #
# ## Docker Rclone # #### Docker Rclone
# #
# The Docker Rclone installation ensures necessary system directories are initialized / created. It also copies the [Docker Rclone configuration](https://github.com/megabyte-labs/install.doctor/blob/master/home/dot_config/rclone/private_docker-rclone.conf.tmpl) # The Docker Rclone installation ensures necessary system directories are initialized / created. It also copies the [Docker Rclone configuration](https://github.com/megabyte-labs/install.doctor/blob/master/home/dot_config/rclone/private_docker-rclone.conf.tmpl)
# to the proper system location. # to the proper system location.
@ -888,12 +888,12 @@ makeLocalBinExecutable() {
# Some of the roles that Gas Station provides are not available via Ansible Galaxy yet. This script symlinks Gas Station # Some of the roles that Gas Station provides are not available via Ansible Galaxy yet. This script symlinks Gas Station
# roles to an Ansible Galaxy / Ansible friendly location. # roles to an Ansible Galaxy / Ansible friendly location.
# #
# ## Ansible Installation # #### Ansible Installation
# #
# If Ansible is not already installed, this script will also install Ansible and all the necessary requirements using `pipx`. # If Ansible is not already installed, this script will also install Ansible and all the necessary requirements using `pipx`.
# This script must run before the `install-packages` script because some of the Ansible roles might be leveraged by it. # This script must run before the `install-packages` script because some of the Ansible roles might be leveraged by it.
# #
# ## TODO # #### TODO
# #
# * Move installation logic into the ZX installer so that Ansible and its dependencies are only installed when required # * Move installation logic into the ZX installer so that Ansible and its dependencies are only installed when required
# * Remove Ansible dependency completely # * Remove Ansible dependency completely

View file

@ -53,7 +53,7 @@ printFullDiskAccessNotice() {
# by attempting to read a file that requires full disk access. If it does not, the program opens the preferences # by attempting to read a file that requires full disk access. If it does not, the program opens the preferences
# pane where the user can grant access so that the script can continue. # pane where the user can grant access so that the script can continue.
# #
# ## Sources # #### Links
# #
# * [Detecting Full Disk Access permission on macOS](https://www.dzombak.com/blog/2021/11/macOS-Scripting-How-to-tell-if-the-Terminal-app-has-Full-Disk-Access.html) # * [Detecting Full Disk Access permission on macOS](https://www.dzombak.com/blog/2021/11/macOS-Scripting-How-to-tell-if-the-Terminal-app-has-Full-Disk-Access.html)
ensureFullDiskAccess() { ensureFullDiskAccess() {

View file

@ -17,7 +17,7 @@ export PATH="$VOLTA_HOME/bin:$PATH"
# #
# After the `/swapfile` is created, it is enabled and assigned the appropriate permissions. # After the `/swapfile` is created, it is enabled and assigned the appropriate permissions.
# #
# ## TODO # #### TODO
# #
# * Add logic that creates a swapfile for ZFS-based systems # * Add logic that creates a swapfile for ZFS-based systems
# * Integrate logic from https://gitlab.com/megabyte-labs/gas-station/-/blob/master/roles/system/common/tasks/linux/swap.yml # * Integrate logic from https://gitlab.com/megabyte-labs/gas-station/-/blob/master/roles/system/common/tasks/linux/swap.yml
@ -308,7 +308,7 @@ function installCredentialSecretService() {
# This script ensures Docker is installed and then adds the provisioning user to the `docker` group so that they can # This script ensures Docker is installed and then adds the provisioning user to the `docker` group so that they can
# access Docker without `sudo`. It also installs and configures gVisor for use with Docker. # access Docker without `sudo`. It also installs and configures gVisor for use with Docker.
# #
# ## gVisor # #### gVisor
# #
# gVisor is included with our Docker setup because it improves the security of Docker. gVisor is an application kernel, written in Go, # gVisor is included with our Docker setup because it improves the security of Docker. gVisor is an application kernel, written in Go,
# that implements a substantial portion of the Linux system call interface. It provides an additional layer of isolation between running # that implements a substantial portion of the Linux system call interface. It provides an additional layer of isolation between running
@ -474,7 +474,7 @@ installDocker() {
# #
# *Note: You should check out the supported systems before trying to enroll devices.* # *Note: You should check out the supported systems before trying to enroll devices.*
# #
# ## JumpCloud on macOS # #### JumpCloud on macOS
# #
# macOS offers a native device management feature offered through Apple Business. It is the preferred # macOS offers a native device management feature offered through Apple Business. It is the preferred
# method since it offers most of the desirable features (like remote wipe). The [JumpCloud MDM documentation](https://support.jumpcloud.com/support/s/article/Getting-Started-MDM) # method since it offers most of the desirable features (like remote wipe). The [JumpCloud MDM documentation](https://support.jumpcloud.com/support/s/article/Getting-Started-MDM)
@ -562,7 +562,7 @@ removeLinuxBloatware() {
# are set equal to the value stored in `.host.hostname` (in `.chezmoi.yaml.tmpl`) but with the `.host.domain` stripped off. On Linux, the same is done # are set equal to the value stored in `.host.hostname` (in `.chezmoi.yaml.tmpl`) but with the `.host.domain` stripped off. On Linux, the same is done
# but only the hostname is set. On Linux, the hostname is set with the `hostname` command and then also with the `hostnamectl` command if it is available. # but only the hostname is set. On Linux, the hostname is set with the `hostname` command and then also with the `hostnamectl` command if it is available.
# #
# ## Sources # #### Sources
# #
# * [Changing Linux hostname permanently](https://www.tecmint.com/set-hostname-permanently-in-linux/) # * [Changing Linux hostname permanently](https://www.tecmint.com/set-hostname-permanently-in-linux/)
setHostname() { setHostname() {

View file

@ -127,7 +127,6 @@ if ! sudo cat /etc/sudoers | grep '# TEMPORARY FOR INSTALL DOCTOR' > /dev/null;
fi fi
fi fi
# @section Qubes dom0 Bootstrap
# @description Perform Qubes dom0 specific logic like updating system packages, setting up the Tor VM, updating TemplateVMs, and # @description Perform Qubes dom0 specific logic like updating system packages, setting up the Tor VM, updating TemplateVMs, and
# beginning the provisioning process using Ansible and an AppVM used to handle the provisioning process # beginning the provisioning process using Ansible and an AppVM used to handle the provisioning process
if command -v qubesctl > /dev/null; then if command -v qubesctl > /dev/null; then

View file

@ -124,7 +124,6 @@ logg() {
fi fi
} }
# @section Environment variables and system dependencies
# @description Ensure Ubuntu / Debian run in `noninteractive` mode. Detect `START_REPO` format and determine appropriate git address, # @description Ensure Ubuntu / Debian run in `noninteractive` mode. Detect `START_REPO` format and determine appropriate git address,
# otherwise use the master Install Doctor branch # otherwise use the master Install Doctor branch
setEnvironmentVariables() { setEnvironmentVariables() {
@ -347,7 +346,7 @@ printFullDiskAccessNotice() {
# by attempting to read a file that requires full disk access. If it does not, the program opens the preferences # by attempting to read a file that requires full disk access. If it does not, the program opens the preferences
# pane where the user can grant access so that the script can continue. # pane where the user can grant access so that the script can continue.
# #
# ## Sources # #### Links
# #
# * [Detecting Full Disk Access permission on macOS](https://www.dzombak.com/blog/2021/11/macOS-Scripting-How-to-tell-if-the-Terminal-app-has-Full-Disk-Access.html) # * [Detecting Full Disk Access permission on macOS](https://www.dzombak.com/blog/2021/11/macOS-Scripting-How-to-tell-if-the-Terminal-app-has-Full-Disk-Access.html)
ensureFullDiskAccess() { ensureFullDiskAccess() {
@ -451,7 +450,6 @@ setupPasswordlessSudo() {
fi fi
} }
# @section Qubes dom0
# @description Ensure sys-whonix is configured (for Qubes dom0) # @description Ensure sys-whonix is configured (for Qubes dom0)
ensureSysWhonix() { ensureSysWhonix() {
CONFIG_WIZARD_COUNT=0 CONFIG_WIZARD_COUNT=0
@ -553,7 +551,6 @@ handleQubesDom0() {
fi fi
} }
# @section Homebrew dependencies
# @description Helper function used by [[ensureHomebrewDeps]] to ensure a Homebrew package is installed after # @description Helper function used by [[ensureHomebrewDeps]] to ensure a Homebrew package is installed after
# first checking if it is already available on the system. # first checking if it is already available on the system.
installBrewPackage() { installBrewPackage() {
@ -594,7 +591,6 @@ ensureHomebrewDeps() {
fi fi
} }
# @section Chezmoi
# @description Ensure the `${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi` directory is cloned and up-to-date using the previously # @description Ensure the `${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi` directory is cloned and up-to-date using the previously
# set `START_REPO` as the source repository. # set `START_REPO` as the source repository.
cloneChezmoiSourceRepo() { cloneChezmoiSourceRepo() {
@ -714,7 +710,6 @@ runChezmoi() {
fi fi
} }
# @section Post-provision logic
# @description Ensure temporary passwordless sudo privileges are removed from `/etc/sudoers` # @description Ensure temporary passwordless sudo privileges are removed from `/etc/sudoers`
removePasswordlessSudo() { removePasswordlessSudo() {
if command -v gsed > /dev/null; then if command -v gsed > /dev/null; then
@ -732,7 +727,6 @@ postProvision() {
fi fi
} }
# @section Execution order
# @description The `provisionLogic` function is used to define the order of the script. All of the functions it relies on are defined # @description The `provisionLogic` function is used to define the order of the script. All of the functions it relies on are defined
# above. # above.
provisionLogic() { provisionLogic() {

View file

@ -15,7 +15,7 @@ printFullDiskAccessNotice() {
# by attempting to read a file that requires full disk access. If it does not, the program opens the preferences # by attempting to read a file that requires full disk access. If it does not, the program opens the preferences
# pane where the user can grant access so that the script can continue. # pane where the user can grant access so that the script can continue.
# #
# ## Sources # #### Links
# #
# * [Detecting Full Disk Access permission on macOS](https://www.dzombak.com/blog/2021/11/macOS-Scripting-How-to-tell-if-the-Terminal-app-has-Full-Disk-Access.html) # * [Detecting Full Disk Access permission on macOS](https://www.dzombak.com/blog/2021/11/macOS-Scripting-How-to-tell-if-the-Terminal-app-has-Full-Disk-Access.html)
ensureFullDiskAccess() { ensureFullDiskAccess() {

View file

@ -124,7 +124,6 @@ logg() {
fi fi
} }
# @section Environment variables and system dependencies
# @description Ensure Ubuntu / Debian run in `noninteractive` mode. Detect `START_REPO` format and determine appropriate git address, # @description Ensure Ubuntu / Debian run in `noninteractive` mode. Detect `START_REPO` format and determine appropriate git address,
# otherwise use the master Install Doctor branch # otherwise use the master Install Doctor branch
setEnvironmentVariables() { setEnvironmentVariables() {
@ -347,7 +346,7 @@ printFullDiskAccessNotice() {
# by attempting to read a file that requires full disk access. If it does not, the program opens the preferences # by attempting to read a file that requires full disk access. If it does not, the program opens the preferences
# pane where the user can grant access so that the script can continue. # pane where the user can grant access so that the script can continue.
# #
# ## Sources # #### Links
# #
# * [Detecting Full Disk Access permission on macOS](https://www.dzombak.com/blog/2021/11/macOS-Scripting-How-to-tell-if-the-Terminal-app-has-Full-Disk-Access.html) # * [Detecting Full Disk Access permission on macOS](https://www.dzombak.com/blog/2021/11/macOS-Scripting-How-to-tell-if-the-Terminal-app-has-Full-Disk-Access.html)
ensureFullDiskAccess() { ensureFullDiskAccess() {
@ -451,7 +450,6 @@ setupPasswordlessSudo() {
fi fi
} }
# @section Qubes dom0
# @description Ensure sys-whonix is configured (for Qubes dom0) # @description Ensure sys-whonix is configured (for Qubes dom0)
ensureSysWhonix() { ensureSysWhonix() {
CONFIG_WIZARD_COUNT=0 CONFIG_WIZARD_COUNT=0
@ -553,7 +551,6 @@ handleQubesDom0() {
fi fi
} }
# @section Homebrew dependencies
# @description Helper function used by [[ensureHomebrewDeps]] to ensure a Homebrew package is installed after # @description Helper function used by [[ensureHomebrewDeps]] to ensure a Homebrew package is installed after
# first checking if it is already available on the system. # first checking if it is already available on the system.
installBrewPackage() { installBrewPackage() {
@ -594,7 +591,6 @@ ensureHomebrewDeps() {
fi fi
} }
# @section Chezmoi
# @description Ensure the `${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi` directory is cloned and up-to-date using the previously # @description Ensure the `${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi` directory is cloned and up-to-date using the previously
# set `START_REPO` as the source repository. # set `START_REPO` as the source repository.
cloneChezmoiSourceRepo() { cloneChezmoiSourceRepo() {
@ -714,7 +710,6 @@ runChezmoi() {
fi fi
} }
# @section Post-provision logic
# @description Ensure temporary passwordless sudo privileges are removed from `/etc/sudoers` # @description Ensure temporary passwordless sudo privileges are removed from `/etc/sudoers`
removePasswordlessSudo() { removePasswordlessSudo() {
if command -v gsed > /dev/null; then if command -v gsed > /dev/null; then
@ -732,7 +727,6 @@ postProvision() {
fi fi
} }
# @section Execution order
# @description The `provisionLogic` function is used to define the order of the script. All of the functions it relies on are defined # @description The `provisionLogic` function is used to define the order of the script. All of the functions it relies on are defined
# above. # above.
provisionLogic() { provisionLogic() {

View file

@ -52,7 +52,6 @@
# [Install Doctor documentation portal](https://install.doctor/docs) (includes tips, tricks, and guides on how to customize the system to your liking) # [Install Doctor documentation portal](https://install.doctor/docs) (includes tips, tricks, and guides on how to customize the system to your liking)
{{ include "partials" "logg" }} {{ include "partials" "logg" }}
# @section Environment variables and system dependencies
# @description Ensure Ubuntu / Debian run in `noninteractive` mode. Detect `START_REPO` format and determine appropriate git address, # @description Ensure Ubuntu / Debian run in `noninteractive` mode. Detect `START_REPO` format and determine appropriate git address,
# otherwise use the master Install Doctor branch # otherwise use the master Install Doctor branch
setEnvironmentVariables() { setEnvironmentVariables() {
@ -131,7 +130,6 @@ setupPasswordlessSudo() {
fi fi
} }
# @section Qubes dom0
# @description Ensure sys-whonix is configured (for Qubes dom0) # @description Ensure sys-whonix is configured (for Qubes dom0)
ensureSysWhonix() { ensureSysWhonix() {
CONFIG_WIZARD_COUNT=0 CONFIG_WIZARD_COUNT=0
@ -233,7 +231,6 @@ handleQubesDom0() {
fi fi
} }
# @section Homebrew dependencies
# @description Helper function used by [[ensureHomebrewDeps]] to ensure a Homebrew package is installed after # @description Helper function used by [[ensureHomebrewDeps]] to ensure a Homebrew package is installed after
# first checking if it is already available on the system. # first checking if it is already available on the system.
installBrewPackage() { installBrewPackage() {
@ -274,7 +271,6 @@ ensureHomebrewDeps() {
fi fi
} }
# @section Chezmoi
# @description Ensure the `${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi` directory is cloned and up-to-date using the previously # @description Ensure the `${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi` directory is cloned and up-to-date using the previously
# set `START_REPO` as the source repository. # set `START_REPO` as the source repository.
cloneChezmoiSourceRepo() { cloneChezmoiSourceRepo() {
@ -394,7 +390,6 @@ runChezmoi() {
fi fi
} }
# @section Post-provision logic
# @description Ensure temporary passwordless sudo privileges are removed from `/etc/sudoers` # @description Ensure temporary passwordless sudo privileges are removed from `/etc/sudoers`
removePasswordlessSudo() { removePasswordlessSudo() {
if command -v gsed > /dev/null; then if command -v gsed > /dev/null; then
@ -412,7 +407,6 @@ postProvision() {
fi fi
} }
# @section Execution order
# @description The `provisionLogic` function is used to define the order of the script. All of the functions it relies on are defined # @description The `provisionLogic` function is used to define the order of the script. All of the functions it relies on are defined
# above. # above.
provisionLogic() { provisionLogic() {