This commit is contained in:
Brian Zalewski 2023-12-06 06:58:56 +00:00
parent 9daf56798d
commit 55417196dd
4 changed files with 410 additions and 402 deletions

View file

@ -35,12 +35,17 @@
# Running sudo softwareupdate -i -a -R --agree-to-license reboots just not in the script due to the running processes perhaps
# Check for pending reboot by checking
if [ -d /Applications ] && [ -d /Library ] && [ -z "$NO_RESTART" ]; then
if [ ! -f "$HOME/.zshrc" ] || ! cat "$HOME/.zshrc" | grep '# TEMPORARY FOR INSTALL DOCTOR MACOS' > /dev/null; then
echo 'bash <(curl -sSL https://install.doctor/start) # TEMPORARY FOR INSTALL DOCTOR MACOS' >> "$HOME/.zshrc"
fi
logg info 'Applying OS upgrades (if available)'
sudo softwareupdate -i -a --agree-to-license --background || logg error 'Failed to trigger a system update via sudo softwareupdate -i -a --agree-to-license --background'
sudo softwareupdate -i -a --agree-to-license || logg error 'Failed to trigger a system update via sudo softwareupdate -i -a --agree-to-license --background'
logg info 'If system updates are downloaded / installed, a reboot might be required.'
### Source: https://community.jamf.com/t5/jamf-pro/determine-if-update-requires-restart/m-p/11682
if softwareupdate -l | grep restart > /dev/null; then
if [ ! -f "$HOME/.zshrc" ] || ! cat "$HOME/.zshrc" | grep '# TEMPORARY FOR INSTALL DOCTOR MACOS' > /dev/null; then
echo 'bash <(curl -sSL https://install.doctor/start) # TEMPORARY FOR INSTALL DOCTOR MACOS' >> "$HOME/.zshrc"
fi
logg info 'Reboot required - shutting down immediately' && sudo shutdown -r now
# TODO - Automatically log in after reboot
fi
if command -v gsed > /dev/null; then
sudo gsed -i '/# TEMPORARY FOR INSTALL DOCTOR MACOS/d' "$HOME/.zshrc" || logg warn "Failed to remove kickstart script from .zshrc"
else

View file

@ -3,414 +3,416 @@
{{- $baseDomain := (join (join .host.hostname "-qube.") .host.domain) -}}
{{- end -}}
{
"common": {
"idle_timeout": 15,
"upload_mode": 0,
"actions": {
"execute_on": [],
"execute_sync": [],
"hook": ""
},
"setstat_mode": 0,
"temp_path": "",
"proxy_protocol": 0,
"proxy_allowed": [],
"startup_hook": "",
"post_connect_hook": "",
"post_disconnect_hook": "",
"data_retention_hook": "",
"max_total_connections": 0,
"max_per_host_connections": 20,
"whitelist_file": "",
"allow_self_connections": 0,
"defender": {
"enabled": true,
"driver": "memory",
"ban_time": 30,
"ban_time_increment": 50,
"threshold": 15,
"score_invalid": 2,
"score_valid": 1,
"score_limit_exceeded": 3,
"observation_time": 30,
"common": {
"idle_timeout": 15,
"upload_mode": 0,
"actions": {
"execute_on": [],
"execute_sync": [],
"hook": ""
},
"setstat_mode": 0,
"temp_path": "",
"proxy_protocol": 0,
"proxy_allowed": [],
"startup_hook": "",
"post_connect_hook": "",
"post_disconnect_hook": "",
"data_retention_hook": "",
"max_total_connections": 0,
"max_per_host_connections": 20,
"whitelist_file": "",
"allow_self_connections": 0,
"defender": {
"enabled": true,
"driver": "memory",
"ban_time": 30,
"ban_time_increment": 50,
"threshold": 15,
"score_invalid": 2,
"score_valid": 1,
"score_limit_exceeded": 3,
"observation_time": 30,
"entries_soft_limit": 100,
"entries_hard_limit": 150,
"safelist_file": "",
"blocklist_file": "",
"safelist": [],
"blocklist": []
},
"rate_limiters": [
{
"average": 0,
"period": 1000,
"burst": 1,
"type": 2,
"protocols": [
"SSH",
"FTP",
"DAV",
"HTTP"
],
"allow_list": [],
"generate_defender_events": false,
"entries_soft_limit": 100,
"entries_hard_limit": 150,
"safelist_file": "",
"blocklist_file": "",
"safelist": [],
"blocklist": []
},
"rate_limiters": [
{
"average": 0,
"period": 1000,
"burst": 1,
"type": 2,
"protocols": [
"SSH",
"FTP",
"DAV",
"HTTP"
],
"allow_list": [],
"generate_defender_events": false,
"entries_soft_limit": 100,
"entries_hard_limit": 150
}
]
"entries_hard_limit": 150
}
]
},
"acme": {
"domains": [
"sftp.{{- $baseDomain -}}"
],
"email": "{{- .user.cloudflare.username -}}",
"key_type": "4096",
"certs_path": "certs",
"ca_endpoint": "https://acme-v02.api.letsencrypt.org/directory",
"renew_days": 30,
"http01_challenge": {
"port": 80,
"proxy_header": "",
"webroot": ""
},
"acme": {
"domains": ["sftp.{{ $baseDomain }}"],
"email": "{{ .user.cloudflare.username }}",
"key_type": "4096",
"certs_path": "certs",
"ca_endpoint": "https://acme-v02.api.letsencrypt.org/directory",
"renew_days": 30,
"http01_challenge": {
"port": 80,
"proxy_header": "",
"webroot": ""
"tls_alpn01_challenge": {
"port": 0
}
},
"sftpd": {
"bindings": [
{
"port": 2022,
"address": "",
"apply_proxy_config": true
}
],
"max_auth_tries": 0,
"banner": "",
"host_keys": [],
"host_certificates": [],
"host_key_algorithms": [],
"moduli": [],
"kex_algorithms": [],
"ciphers": [],
"macs": [],
"trusted_user_ca_keys": [],
"revoked_user_certs_file": "",
"login_banner_file": "",
"enabled_ssh_commands": [
"md5sum",
"sha1sum",
"sha256sum",
"cd",
"pwd",
"scp"
],
"keyboard_interactive_authentication": false,
"keyboard_interactive_auth_hook": "",
"password_authentication": true,
"folder_prefix": ""
},
"ftpd": {
"bindings": [
{
"port": 0,
"address": "",
"apply_proxy_config": true,
"tls_mode": 0,
"certificate_file": "",
"certificate_key_file": "",
"min_tls_version": 12,
"force_passive_ip": "",
"passive_ip_overrides": [],
"client_auth_type": 0,
"tls_cipher_suites": [],
"passive_connections_security": 0,
"active_connections_security": 0,
"debug": false
}
],
"banner": "",
"banner_file": "",
"active_transfers_port_non_20": true,
"passive_port_range": {
"start": 50000,
"end": 50100
},
"disable_active_mode": false,
"enable_site": false,
"hash_support": 0,
"combine_support": 0,
"certificate_file": "",
"certificate_key_file": "",
"ca_certificates": [],
"ca_revocation_lists": []
},
"webdavd": {
"bindings": [
{
"port": 0,
"address": "",
"enable_https": false,
"certificate_file": "",
"certificate_key_file": "",
"min_tls_version": 12,
"client_auth_type": 0,
"tls_cipher_suites": [],
"prefix": "",
"proxy_allowed": [],
"client_ip_proxy_header": "",
"client_ip_header_depth": 0,
"disable_www_auth_header": false
}
],
"certificate_file": "",
"certificate_key_file": "",
"ca_certificates": [],
"ca_revocation_lists": [],
"cors": {
"enabled": false,
"allowed_origins": [],
"allowed_methods": [],
"allowed_headers": [],
"exposed_headers": [],
"allow_credentials": false,
"max_age": 0,
"options_passthrough": false,
"options_success_status": 0,
"allow_private_network": false
},
"cache": {
"users": {
"expiration_time": 0,
"max_size": 50
},
"tls_alpn01_challenge": {
"port": 0
"mime_types": {
"enabled": true,
"max_size": 1000
}
}
},
"data_provider": {
"driver": "sqlite",
"name": "sftpgo.db",
"host": "",
"port": 0,
"username": "",
"password": "",
"sslmode": 0,
"disable_sni": false,
"target_session_attrs": "",
"root_cert": "",
"client_cert": "",
"client_key": "",
"connection_string": "",
"sql_tables_prefix": "",
"track_quota": 2,
"delayed_quota_update": 0,
"pool_size": 0,
"users_base_dir": "/usr/local/var/sftpgo/data",
"actions": {
"execute_on": [],
"execute_for": [],
"hook": ""
},
"external_auth_hook": "",
"external_auth_scope": 0,
"pre_login_hook": "",
"post_login_hook": "",
"post_login_scope": 0,
"check_password_hook": "",
"check_password_scope": 0,
"password_hashing": {
"bcrypt_options": {
"cost": 10
},
"argon2_options": {
"memory": 65536,
"iterations": 1,
"parallelism": 2
},
"algo": "bcrypt"
},
"password_validation": {
"admins": {
"min_entropy": 0
},
"users": {
"min_entropy": 0
}
},
"sftpd": {
"bindings": [
{
"port": 2022,
"address": "",
"apply_proxy_config": true
}
],
"max_auth_tries": 0,
"banner": "",
"host_keys": [],
"host_certificates": [],
"host_key_algorithms": [],
"moduli": [],
"kex_algorithms": [],
"ciphers": [],
"macs": [],
"trusted_user_ca_keys": [],
"revoked_user_certs_file": "",
"login_banner_file": "",
"enabled_ssh_commands": [
"md5sum",
"sha1sum",
"sha256sum",
"cd",
"pwd",
"scp"
],
"keyboard_interactive_authentication": false,
"keyboard_interactive_auth_hook": "",
"password_authentication": true,
"folder_prefix": ""
},
"ftpd": {
"bindings": [
{
"port": 0,
"address": "",
"apply_proxy_config": true,
"tls_mode": 0,
"certificate_file": "",
"certificate_key_file": "",
"min_tls_version": 12,
"force_passive_ip": "",
"passive_ip_overrides": [],
"client_auth_type": 0,
"tls_cipher_suites": [],
"passive_connections_security": 0,
"active_connections_security": 0,
"debug": false
}
],
"banner": "",
"banner_file": "",
"active_transfers_port_non_20": true,
"passive_port_range": {
"start": 50000,
"end": 50100
},
"disable_active_mode": false,
"enable_site": false,
"hash_support": 0,
"combine_support": 0,
"certificate_file": "",
"certificate_key_file": "",
"ca_certificates": [],
"ca_revocation_lists": []
},
"webdavd": {
"bindings": [
{
"port": 0,
"address": "",
"enable_https": false,
"certificate_file": "",
"certificate_key_file": "",
"min_tls_version": 12,
"client_auth_type": 0,
"tls_cipher_suites": [],
"prefix": "",
"proxy_allowed": [],
"client_ip_proxy_header": "",
"client_ip_header_depth": 0,
"disable_www_auth_header": false
}
],
"certificate_file": "",
"certificate_key_file": "",
"ca_certificates": [],
"ca_revocation_lists": [],
"cors": {
"enabled": false,
"allowed_origins": [],
"allowed_methods": [],
"allowed_headers": [],
"exposed_headers": [],
"allow_credentials": false,
"max_age": 0,
"options_passthrough": false,
"options_success_status": 0,
"allow_private_network": false
},
"cache": {
"users": {
"expiration_time": 0,
"max_size": 50
},
"mime_types": {
"enabled": true,
"max_size": 1000
}
}
},
"data_provider": {
"driver": "sqlite",
"name": "sftpgo.db",
"password_caching": true,
"update_mode": 0,
"create_default_admin": true,
"naming_rules": 1,
"is_shared": 0,
"node": {
"host": "",
"port": 0,
"username": "",
"password": "",
"sslmode": 0,
"disable_sni": false,
"target_session_attrs": "",
"root_cert": "",
"client_cert": "",
"client_key": "",
"connection_string": "",
"sql_tables_prefix": "",
"track_quota": 2,
"delayed_quota_update": 0,
"pool_size": 0,
"users_base_dir": "/usr/local/var/sftpgo/data",
"actions": {
"execute_on": [],
"execute_for": [],
"hook": ""
},
"external_auth_hook": "",
"external_auth_scope": 0,
"pre_login_hook": "",
"post_login_hook": "",
"post_login_scope": 0,
"check_password_hook": "",
"check_password_scope": 0,
"password_hashing": {
"bcrypt_options": {
"cost": 10
},
"argon2_options": {
"memory": 65536,
"iterations": 1,
"parallelism": 2
},
"algo": "bcrypt"
},
"password_validation": {
"admins": {
"min_entropy": 0
},
"users": {
"min_entropy": 0
}
},
"password_caching": true,
"update_mode": 0,
"create_default_admin": true,
"naming_rules": 1,
"is_shared": 0,
"node": {
"host": "",
"port": 0,
"proto": "http"
},
"backups_path": "backups"
"proto": "http"
},
"httpd": {
"bindings": [
{
"port": 11101,
"address": "",
"enable_web_admin": true,
"enable_web_client": true,
"enable_rest_api": true,
"enabled_login_methods": 0,
"enable_https": false,
"certificate_file": "",
"certificate_key_file": "",
"min_tls_version": 12,
"client_auth_type": 0,
"tls_cipher_suites": [],
"proxy_allowed": [],
"client_ip_proxy_header": "",
"client_ip_header_depth": 0,
"hide_login_url": 0,
"render_openapi": true,
"web_client_integrations": [],
"oidc": {
"client_id": "",
"client_secret": "",
"config_url": "",
"redirect_base_url": "",
"scopes": [
"openid",
"profile",
"email"
],
"username_field": "",
"role_field": "",
"implicit_roles": false,
"custom_fields": [],
"insecure_skip_signature_check": false,
"debug": false
"backups_path": "backups"
},
"httpd": {
"bindings": [
{
"port": 11101,
"address": "",
"enable_web_admin": true,
"enable_web_client": true,
"enable_rest_api": true,
"enabled_login_methods": 0,
"enable_https": false,
"certificate_file": "",
"certificate_key_file": "",
"min_tls_version": 12,
"client_auth_type": 0,
"tls_cipher_suites": [],
"proxy_allowed": [],
"client_ip_proxy_header": "",
"client_ip_header_depth": 0,
"hide_login_url": 0,
"render_openapi": true,
"web_client_integrations": [],
"oidc": {
"client_id": "",
"client_secret": "",
"config_url": "",
"redirect_base_url": "",
"scopes": [
"openid",
"profile",
"email"
],
"username_field": "",
"role_field": "",
"implicit_roles": false,
"custom_fields": [],
"insecure_skip_signature_check": false,
"debug": false
},
"security": {
"enabled": false,
"allowed_hosts": [],
"allowed_hosts_are_regex": false,
"hosts_proxy_headers": [],
"https_redirect": false,
"https_host": "",
"https_proxy_headers": [],
"sts_seconds": 0,
"sts_include_subdomains": false,
"sts_preload": false,
"content_type_nosniff": false,
"content_security_policy": "",
"permissions_policy": "",
"cross_origin_opener_policy": "",
"expect_ct_header": ""
},
"branding": {
"web_admin": {
"name": "",
"short_name": "",
"favicon_path": "",
"logo_path": "",
"login_image_path": "",
"disclaimer_name": "",
"disclaimer_path": "",
"default_css": "",
"extra_css": []
},
"security": {
"enabled": false,
"allowed_hosts": [],
"allowed_hosts_are_regex": false,
"hosts_proxy_headers": [],
"https_redirect": false,
"https_host": "",
"https_proxy_headers": [],
"sts_seconds": 0,
"sts_include_subdomains": false,
"sts_preload": false,
"content_type_nosniff": false,
"content_security_policy": "",
"permissions_policy": "",
"cross_origin_opener_policy": "",
"expect_ct_header": ""
},
"branding": {
"web_admin": {
"name": "",
"short_name": "",
"favicon_path": "",
"logo_path": "",
"login_image_path": "",
"disclaimer_name": "",
"disclaimer_path": "",
"default_css": "",
"extra_css": []
},
"web_client": {
"name": "",
"short_name": "",
"favicon_path": "",
"logo_path": "",
"login_image_path": "",
"disclaimer_name": "",
"disclaimer_path": "",
"default_css": "",
"extra_css": []
}
"web_client": {
"name": "",
"short_name": "",
"favicon_path": "",
"logo_path": "",
"login_image_path": "",
"disclaimer_name": "",
"disclaimer_path": "",
"default_css": "",
"extra_css": []
}
}
],
"templates_path": "templates",
"static_files_path": "static",
"openapi_path": "openapi",
"web_root": "",
"certificate_file": "",
"certificate_key_file": "",
"ca_certificates": [],
"ca_revocation_lists": [],
"signing_passphrase": "",
"token_validation": 0,
"max_upload_file_size": 1048576000,
"cors": {
"enabled": false,
"allowed_origins": [],
"allowed_methods": [],
"allowed_headers": [],
"exposed_headers": [],
"allow_credentials": false,
"max_age": 0,
"options_passthrough": false,
"options_success_status": 0,
"allow_private_network": false
},
"setup": {
"installation_code": "",
"installation_code_hint": "Installation code"
},
"hide_support_link": true
},
"telemetry": {
"bind_port": 0,
"bind_address": "127.0.0.1",
"enable_profiler": false,
"auth_user_file": "",
"certificate_file": "",
"certificate_key_file": "",
"min_tls_version": 12,
"tls_cipher_suites": []
},
"http": {
"timeout": 20,
"retry_wait_min": 2,
"retry_wait_max": 30,
"retry_max": 3,
"ca_certificates": [],
"certificates": [],
"skip_tls_verify": false,
"headers": []
},
"command": {
"timeout": 30,
"env": [],
"commands": []
},
"kms": {
"secrets": {
"url": "",
"master_key": "",
"master_key_path": ""
}
],
"templates_path": "templates",
"static_files_path": "static",
"openapi_path": "openapi",
"web_root": "",
"certificate_file": "",
"certificate_key_file": "",
"ca_certificates": [],
"ca_revocation_lists": [],
"signing_passphrase": "",
"token_validation": 0,
"max_upload_file_size": 1048576000,
"cors": {
"enabled": false,
"allowed_origins": [],
"allowed_methods": [],
"allowed_headers": [],
"exposed_headers": [],
"allow_credentials": false,
"max_age": 0,
"options_passthrough": false,
"options_success_status": 0,
"allow_private_network": false
},
"mfa": {
"totp": [
{
"name": "Install Doctor",
"issuer": "SFTPGo - Install Doctor",
"algo": "sha1"
}
]
"setup": {
"installation_code": "",
"installation_code_hint": "Installation code"
},
"smtp": {
"host": "smtp.sendgrid.net",
"port": 587,
"from": "LitOS SFTPGo <no-reply@{{ .host.domain }}",
"user": "apikey",
"password": "{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "SENDGRID_API_KEY")) }}{{ includeTemplate "secrets/SENDGRID_API_KEY" | decrypt | trim }}{{ else }}{{ env "SENDGRID_API_KEY" }}",
"auth_type": 0,
"encryption": 1,
"domain": "",
"templates_path": "templates"
},
"plugins": []
}
"hide_support_link": true
},
"telemetry": {
"bind_port": 0,
"bind_address": "127.0.0.1",
"enable_profiler": false,
"auth_user_file": "",
"certificate_file": "",
"certificate_key_file": "",
"min_tls_version": 12,
"tls_cipher_suites": []
},
"http": {
"timeout": 20,
"retry_wait_min": 2,
"retry_wait_max": 30,
"retry_max": 3,
"ca_certificates": [],
"certificates": [],
"skip_tls_verify": false,
"headers": []
},
"command": {
"timeout": 30,
"env": [],
"commands": []
},
"kms": {
"secrets": {
"url": "",
"master_key": "",
"master_key_path": ""
}
},
"mfa": {
"totp": [
{
"name": "Install Doctor",
"issuer": "SFTPGo - Install Doctor",
"algo": "sha1"
}
]
},
"smtp": {
"host": "smtp.sendgrid.net",
"port": 587,
"from": "SFTPGo <no-reply@{{ .host.domain }}",
"user": "apikey",
"password": "{{- if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "SENDGRID_API_KEY")) -}}{{- includeTemplate "secrets/SENDGRID_API_KEY" | decrypt | trim -}}{{- else -}}{{- env "SENDGRID_API_KEY" -}}{{- end -}}",
"auth_type": 0,
"encryption": 1,
"domain": "",
"templates_path": "templates"
},
"plugins": []
}

View file

@ -380,6 +380,7 @@ if command -v brew > /dev/null; then
installBrewPackage gum
installBrewPackage node
installBrewPackage zx
installBrewPackage expect
fi
### Clones the source repository

View file

@ -89,7 +89,7 @@ setCIEnvironmentVariables() {
logg info "Setting HEADLESS_INSTALL to true " && export HEADLESS_INSTALL=true
logg info "Setting SOFTWARE_GROUP to Full-Desktop" && export SOFTWARE_GROUP="Full-Desktop"
logg info "Setting FULL_NAME to Brian Zalewski" && export FULL_NAME="Brian Zalewski"
logg info "Setting PRIMARY_EMAIL to help@megabyte.space" && export PRIMARY_EMAIL="help@megabyte.space"
logg info "Setting PRIMARY_EMAIL to brian@megabyte.space" && export PRIMARY_EMAIL="brian@megabyte.space"
logg info "Setting PUBLIC_SERVICES_DOMAIN to lab.megabyte.space" && export PUBLIC_SERVICES_DOMAIN="lab.megabyte.space"
logg info "Setting RESTRICTED_ENVIRONMENT to false" && export RESTRICTED_ENVIRONMENT=false
logg info "Setting WORK_ENVIRONMENT to false" && export WORK_ENVIRONMENT=false