Various tweaks

This commit is contained in:
Brian Zalewski 2023-08-09 00:54:49 -04:00 committed by GitHub
parent b4c15784d8
commit 59e2e956a8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
24 changed files with 871 additions and 22535 deletions

View file

@ -1,67 +1,67 @@
xattr -d com.apple.quarantine rclone
Create issue about setting up completions - https://github.com/rsteube/lazycomplete
# TODOs
This page outlines various projects and tasks that we are currently working on. Creating a GitHub issue for each of these items would be overkill.
* https://containertoolbx.org/install/
* https://github.com/todotxt/todo.txt-cli
* https://github.com/PromtEngineer/localGPT
* https://github.com/StanGirard/quivr
* https://github.com/containers/toolbox
* [IP Fire](https://www.ipfire.org/) - Consider as alternative to pfSense on Qubes.
* `git-credential-manager configure`
* [`git-credential-manager` for WSL](https://github.com/git-ecosystem/git-credential-manager/blob/release/docs/wsl.md)
* Configure Navi to automatically download and use the best cheat repositories
* Google Drive index on Cloudflare https://github.com/menukaonline/goindex-extended
* Go through https://github.com/jaywcjlove/awesome-mac
* https://codesandbox.io/ https://github.com/firecracker-microvm/firecracker
* (https://www.kolide.com/features/checks/mac-firewall)
* Create IP set for CloudFlare [Title](https://firewalld.org/documentation/man-pages/firewalld.ipset.html)
* https://chainner.app/
* https://github.com/kyrolabs/awesome-langchain
* Create seed for Lulu
* https://github.com/essandess/macOS-Fortress
* https://wakatime.com/plugins
* https://github.com/containers/toolbox consider for p10k.zsh file
* Figure out where Vector service fits in
* Figure out if Squid can be used to improve web surfing speed
* https://github.com/mumoshu/variant (With Task)
* https://github.com/marshyski/quick-secure
* https://www.haskell.org/ghcup/install/#how-to-install
* https://github.com/material-shell/material-shell
* https://github.com/arxanas/git-branchless
* https://github.com/mumoshu/variant2
* https://github.com/burnison/tasksync
* https://github.com/Infisical/infisical
* https://github.com/xwmx/nb
* https://github.com/psychic-api/psychic
* https://github.com/pimutils/vdirsyncer
* https://github.com/librevault/librevault
- Add Mamba
- https://containertoolbx.org/install/
- https://github.com/todotxt/todo.txt-cli
- https://github.com/PromtEngineer/localGPT
- https://github.com/StanGirard/quivr
- https://github.com/containers/toolbox
- [IP Fire](https://www.ipfire.org/) - Consider as alternative to pfSense on Qubes.
- `git-credential-manager configure`
- [`git-credential-manager` for WSL](https://github.com/git-ecosystem/git-credential-manager/blob/release/docs/wsl.md)
- Configure Navi to automatically download and use the best cheat repositories
- Google Drive index on Cloudflare https://github.com/menukaonline/goindex-extended
- Go through https://github.com/jaywcjlove/awesome-mac
- https://codesandbox.io/ https://github.com/firecracker-microvm/firecracker
- (https://www.kolide.com/features/checks/mac-firewall)
- Create IP set for CloudFlare [Title](https://firewalld.org/documentation/man-pages/firewalld.ipset.html)
- https://chainner.app/
- https://github.com/kyrolabs/awesome-langchain
- Create seed for Lulu
- https://github.com/essandess/macOS-Fortress
- https://wakatime.com/plugins
- https://github.com/containers/toolbox consider for p10k.zsh file
- Figure out where Vector service fits in
- Figure out if Squid can be used to improve web surfing speed
- https://github.com/mumoshu/variant (With Task)
- https://github.com/marshyski/quick-secure
- https://www.haskell.org/ghcup/install/#how-to-install
- https://github.com/material-shell/material-shell
- https://github.com/arxanas/git-branchless
- https://github.com/mumoshu/variant2
- https://github.com/burnison/tasksync
- https://github.com/Infisical/infisical
- https://github.com/xwmx/nb
- https://github.com/psychic-api/psychic
- https://github.com/pimutils/vdirsyncer
- https://github.com/librevault/librevault
## Upstream
The following items are things we would like to include into the Install Doctor system but are waiting on upstream changes.
* [Actions](https://github.com/sindresorhus/Actions) adds a wide-variety of actions that you can utilize with the macOS Shortcuts app. It is currently only available via the macOS app store. Requested a Homebrew Cask [here](https://github.com/sindresorhus/Actions/issues/127).
* [Color Picker](https://github.com/sindresorhus/System-Color-Picker) is an improved color picker app available on macOS. It is currently only available via the macOS app store. Requested Homebrew Cask [here](https://github.com/sindresorhus/System-Color-Picker/issues/32).
* Consider integrating [LocalAI](https://github.com/go-skynet/LocalAI) which can be used in combination with mods to generate ChatGPT responses locally
* Wait for Homebrew install option for [Warpgate](https://github.com/warp-tech/warpgate)
* Wait for https://github.com/hocus-dev/hocus to get out of alpha for VM management
* Revisit https://github.com/rome/tools when project matures
* Revisit https://github.com/Disassembler0/Win10-Initial-Setup-Script for initial setup of Windows
* Revisit Resilio - seems like they have tools useful for synchronizing VMs
* Consider switching license to [Polyform License Example](https://github.com/dosyago/DiskerNet/blob/fun/LICENSE.md)
* Look into tile managers
* https://github.com/joelbarmettlerUZH/auto-tinder
* https://github.com/hfreire/get-me-a-date
* Keep eye on fig.io for release to Linux and new AI features
* Monitor https://moonrepo.dev/moon as possible mono-repo manager
* Determine whether or not https://webinstall.dev/vim-gui/ will add value to the VIM experience
* Wait for packages to be available for GitHub Actions https://github.com/actions/runner
* Find best Figma plugins here: https://www.figma.com/community/popular
- [Actions](https://github.com/sindresorhus/Actions) adds a wide-variety of actions that you can utilize with the macOS Shortcuts app. It is currently only available via the macOS app store. Requested a Homebrew Cask [here](https://github.com/sindresorhus/Actions/issues/127).
- [Color Picker](https://github.com/sindresorhus/System-Color-Picker) is an improved color picker app available on macOS. It is currently only available via the macOS app store. Requested Homebrew Cask [here](https://github.com/sindresorhus/System-Color-Picker/issues/32).
- Consider integrating [LocalAI](https://github.com/go-skynet/LocalAI) which can be used in combination with mods to generate ChatGPT responses locally
- Wait for Homebrew install option for [Warpgate](https://github.com/warp-tech/warpgate)
- Wait for https://github.com/hocus-dev/hocus to get out of alpha for VM management
- Revisit https://github.com/rome/tools when project matures
- Revisit https://github.com/Disassembler0/Win10-Initial-Setup-Script for initial setup of Windows
- Revisit Resilio - seems like they have tools useful for synchronizing VMs
- Consider switching license to [Polyform License Example](https://github.com/dosyago/DiskerNet/blob/fun/LICENSE.md)
- Look into tile managers
- https://github.com/joelbarmettlerUZH/auto-tinder
- https://github.com/hfreire/get-me-a-date
- Keep eye on fig.io for release to Linux and new AI features
- Monitor https://moonrepo.dev/moon as possible mono-repo manager
- Determine whether or not https://webinstall.dev/vim-gui/ will add value to the VIM experience
- Wait for packages to be available for GitHub Actions https://github.com/actions/runner
- Find best Figma plugins here: https://www.figma.com/community/popular
## Review
@ -69,201 +69,185 @@ The following links include software that need to be reviewed before including t
### Caddy
* https://authp.github.io/
* https://github.com/caddy-dns/cloudflare
* https://github.com/caddyserver/xcaddy
* https://github.com/luisfarzati/localdots
* https://github.com/mholt/caddy-dynamicdns
* https://github.com/caddyserver/cache-handler
* https://github.com/tailscale/caddy-tailscale
* https://github.com/caddyserver/replace-response
* https://github.com/lindenlab/caddy-s3-proxy
* https://github.com/greenpau/caddy-git
* https://github.com/mholt/caddy-embed
* https://github.com/nathan-osman/caddy-docker
- https://authp.github.io/
- https://github.com/caddy-dns/cloudflare
- https://github.com/caddyserver/xcaddy
- https://github.com/luisfarzati/localdots
- https://github.com/mholt/caddy-dynamicdns
- https://github.com/caddyserver/cache-handler
- https://github.com/tailscale/caddy-tailscale
- https://github.com/caddyserver/replace-response
- https://github.com/lindenlab/caddy-s3-proxy
- https://github.com/greenpau/caddy-git
- https://github.com/mholt/caddy-embed
- https://github.com/nathan-osman/caddy-docker
## Docker
The following items are Docker containers that we may want to include as default containers deployed in our system.
* https://github.com/highlight/highlight
* https://github.com/jitsi/jitsi-videobridge
* https://github.com/gitlabhq/gitlabhq
* https://github.com/opf/openproject
* https://github.com/mastodon/mastodon
* https://github.com/huginn/huginn
* https://github.com/chatwoot/chatwoot
* https://github.com/discourse/discourse
* [Title](https://github.com/sipt/shuttle)
* https://github.com/erxes/erxes - CRM
* https://github.com/pawelmalak/flame - Homepage
* https://github.com/thelounge/thelounge - IRC
* https://github.com/vector-im/element-web - Matrix
* https://github.com/outline/outline - Collaborative MD
* https://github.com/nocodb/nocodb - MySQL Spreadsheet
* https://github.com/excalidraw/excalidraw - Hand-drawn Diagrams
* https://github.com/ansible/awx - AWX Ansible Management
* https://github.com/mergestat/mergestat - Git SQL Queries
* https://docs.rundeck.com/docs/administration/install/installing-rundeck.html - Rundeck (Self-Service Desk)
* https://easypanel.io/ - App deployments
* https://www.activepieces.com/docs/install/docker
* https://github.com/activepieces/activepieces - SaaS Automations
* https://github.com/diced/zipline - ShareX / File uploads
* https://github.com/anse-app/anse - ChatGPT interface
* https://github.com/wireapp/wire-webapp - Internal Slack
* https://github.com/jhaals/yopass - OTS web app https://github.com/algolia/sup3rS3cretMes5age
* https://github.com/aschzero/hera - CloudFlare tunnel proxy
* https://supabase.com/ - Firebase alternative
* https://github.com/tiredofit/docker-traefik-cloudflare-companion - Traefik CloudFlare integration
* https://github.com/erxes/erxes - HubSpot alternative
* https://github.com/pawelmalak/flame - Start page
* https://github.com/m1k1o/neko - Docker browser instance
* https://github.com/gristlabs/grist-core - Modern spreadsheet
* https://maddy.email/ / https://github.com/haraka/Haraka
* https://github.com/umputun/remark42 - Comments
* https://github.com/meienberger/runtipi - Home server
* https://github.com/bytebase/bytebase
* https://github.com/IceWhaleTech/CasaOS - Home page https://github.com/ajnart/homarr https://github.com/phntxx/dashboard
* https://github.com/usememos/memos - Memo page
* https://github.com/outline/outline - Team notes
* https://github.com/directus/directus - SQL
* https://github.com/photoprism/photoprism - AI photo manager
* https://github.com/louislam/uptime-kuma - Uptime monitor
* https://github.com/nocodb/nocodb - Airtable alternative
* https://github.com/timvisee/send
* https://github.com/TechnitiumSoftware/DnsServer - DNS proxy server
* https://github.com/lukevella/rallly - Schedule meetings
* https://github.com/chiefonboarding/ChiefOnboarding - Onboarding
* Microserver status page - https://github.com/valeriansaliou/vigil
* https://github.com/pydio/cells - document sharing
* ticket management - https://github.com/Peppermint-Lab/peppermint
* https://github.com/statping-ng/statping-ng
* https://github.com/cortezaproject/corteza - Low-code block workflows
* https://github.com/mirego/accent#-getting-started - Translation tool
* https://github.com/muety/wakapi - Coding time tracking
* https://github.com/subnub/myDrive - Google Drive interface
* https://github.com/Forceu/Gokapi - share files
* https://github.com/gerbera/gerbera - UPnP
* Forward server SSH - https://github.com/warp-tech/warpgate
* https://github.com/hadmean/hadmean - Revisit
* https://spaceb.in/ - Pastebin https://github.com/WantGuns/bin
* https://github.com/AlexSciFier/neonlink - bookmarks
* https://github.com/josdejong/jsoneditor - JSON editor
* https://github.com/AppFlowy-IO/AppFlowy - Notion alternative
* https://github.com/apitable/apitable
* https://github.com/mattermost/mattermost
* https://github.com/duolingo/metasearch
* https://github.com/withspectrum/spectrum
* https://github.com/NginxProxyManager/nginx-proxy-manager
* https://github.com/node-red/node-red
* https://www.overleaf.com/
* https://github.com/caprover/caprover
* [Title](https://github.com/xemle/home-gallery)
* [Title](https://github.com/chartbrew/chartbrew)
* [Title](https://github.com/AlexSciFier/neonlink)
* [Title](https://github.com/ForestAdmin/lumber)
* [Title](https://github.com/subnub/myDrive)
* [Title](https://github.com/mickael-kerjean/filestash)
* [Title](https://github.com/GetStream/Winds)
* [Title](https://github.com/GladysAssistant/Gladys)
- https://github.com/highlight/highlight
- https://github.com/jitsi/jitsi-videobridge
- https://github.com/gitlabhq/gitlabhq
- https://github.com/opf/openproject
- https://github.com/mastodon/mastodon
- https://github.com/huginn/huginn
- https://github.com/chatwoot/chatwoot
- https://github.com/discourse/discourse
- [Title](https://github.com/sipt/shuttle)
- https://github.com/erxes/erxes - CRM
- https://github.com/pawelmalak/flame - Homepage
- https://github.com/thelounge/thelounge - IRC
- https://github.com/vector-im/element-web - Matrix
- https://github.com/outline/outline - Collaborative MD
- https://github.com/nocodb/nocodb - MySQL Spreadsheet
- https://github.com/excalidraw/excalidraw - Hand-drawn Diagrams
- https://github.com/ansible/awx - AWX Ansible Management
- https://github.com/mergestat/mergestat - Git SQL Queries
- https://docs.rundeck.com/docs/administration/install/installing-rundeck.html - Rundeck (Self-Service Desk)
- https://easypanel.io/ - App deployments
- https://www.activepieces.com/docs/install/docker
- https://github.com/activepieces/activepieces - SaaS Automations
- https://github.com/diced/zipline - ShareX / File uploads
- https://github.com/anse-app/anse - ChatGPT interface
- https://github.com/wireapp/wire-webapp - Internal Slack
- https://github.com/jhaals/yopass - OTS web app https://github.com/algolia/sup3rS3cretMes5age
- https://github.com/aschzero/hera - CloudFlare tunnel proxy
- https://supabase.com/ - Firebase alternative
- https://github.com/tiredofit/docker-traefik-cloudflare-companion - Traefik CloudFlare integration
- https://github.com/erxes/erxes - HubSpot alternative
- https://github.com/pawelmalak/flame - Start page
- https://github.com/m1k1o/neko - Docker browser instance
- https://github.com/gristlabs/grist-core - Modern spreadsheet
- https://maddy.email/ / https://github.com/haraka/Haraka
- https://github.com/umputun/remark42 - Comments
- https://github.com/meienberger/runtipi - Home server
- https://github.com/bytebase/bytebase
- https://github.com/IceWhaleTech/CasaOS - Home page https://github.com/ajnart/homarr https://github.com/phntxx/dashboard
- https://github.com/usememos/memos - Memo page
- https://github.com/outline/outline - Team notes
- https://github.com/directus/directus - SQL
- https://github.com/photoprism/photoprism - AI photo manager
- https://github.com/louislam/uptime-kuma - Uptime monitor
- https://github.com/nocodb/nocodb - Airtable alternative
- https://github.com/timvisee/send
- https://github.com/TechnitiumSoftware/DnsServer - DNS proxy server
- https://github.com/lukevella/rallly - Schedule meetings
- https://github.com/chiefonboarding/ChiefOnboarding - Onboarding
- Microserver status page - https://github.com/valeriansaliou/vigil
- https://github.com/pydio/cells - document sharing
- ticket management - https://github.com/Peppermint-Lab/peppermint
- https://github.com/statping-ng/statping-ng
- https://github.com/cortezaproject/corteza - Low-code block workflows
- https://github.com/mirego/accent#-getting-started - Translation tool
- https://github.com/muety/wakapi - Coding time tracking
- https://github.com/subnub/myDrive - Google Drive interface
- https://github.com/Forceu/Gokapi - share files
- https://github.com/gerbera/gerbera - UPnP
- Forward server SSH - https://github.com/warp-tech/warpgate
- https://github.com/hadmean/hadmean - Revisit
- https://spaceb.in/ - Pastebin https://github.com/WantGuns/bin
- https://github.com/AlexSciFier/neonlink - bookmarks
- https://github.com/josdejong/jsoneditor - JSON editor
- https://github.com/AppFlowy-IO/AppFlowy - Notion alternative
- https://github.com/apitable/apitable
- https://github.com/mattermost/mattermost
- https://github.com/duolingo/metasearch
- https://github.com/withspectrum/spectrum
- https://github.com/NginxProxyManager/nginx-proxy-manager
- https://github.com/node-red/node-red
- https://www.overleaf.com/
- https://github.com/caprover/caprover
- [Title](https://github.com/xemle/home-gallery)
- [Title](https://github.com/chartbrew/chartbrew)
- [Title](https://github.com/AlexSciFier/neonlink)
- [Title](https://github.com/ForestAdmin/lumber)
- [Title](https://github.com/subnub/myDrive)
- [Title](https://github.com/mickael-kerjean/filestash)
- [Title](https://github.com/GetStream/Winds)
- [Title](https://github.com/GladysAssistant/Gladys)
## AI
* https://github.com/hwchase17/langchain
* https://github.com/facebookresearch/ImageBind
* https://github.com/nomic-ai/gpt4all
- https://github.com/hwchase17/langchain
- https://github.com/facebookresearch/ImageBind
- https://github.com/nomic-ai/gpt4all
### Kubernetes
The following items may be incorporated into our Kubernetes stack:
* https://github.com/kubevirt/kubevirt
* https://atuin.sh/docs/self-hosting/k8s
* https://github.com/gimlet-io/gimlet
* https://github.com/porter-dev/porter
* https://github.com/spacecloud-io/space-cloud
* https://github.com/meilisearch/meilisearch
- https://github.com/kubevirt/kubevirt
- https://atuin.sh/docs/self-hosting/k8s
- https://github.com/gimlet-io/gimlet
- https://github.com/porter-dev/porter
- https://github.com/spacecloud-io/space-cloud
- https://github.com/meilisearch/meilisearch
## Bare Metal
The projects below are software systems that might be incorporated to handle bare-metal operations or virtual machine management.
* https://theforeman.org/ (VM management)
* https://fogproject.org/ (Backup solution)
* https://github.com/apache/cloudstack (VM management)
* https://www.ovirt.org/ (VM management)
* https://opennebula.io/ (Hybrid-cloud management)
* https://github.com/cloud-hypervisor/cloud-hypervisor (Cloud hypervisor)
- https://theforeman.org/ (VM management)
- https://fogproject.org/ (Backup solution)
- https://github.com/apache/cloudstack (VM management)
- https://www.ovirt.org/ (VM management)
- https://opennebula.io/ (Hybrid-cloud management)
- https://github.com/cloud-hypervisor/cloud-hypervisor (Cloud hypervisor)
## Revisit
The following items have been reviewed but need to be revisited due to complexity or other reasons.
* https://github.com/AmruthPillai/Reactive-Resume
* https://github.com/kubeflow/kubeflow
* https://github.com/leon-ai/leon
* https://github.com/teambit/bit
* https://github.com/Budibase/budibase
* https://github.com/appsmithorg/appsmith
* https://github.com/refined-github/refined-github
* https://github.com/reworkd/AgentGPT
* https://github.com/appwrite/appwrite
* https://github.com/hoppscotch/hoppscotch
* builder.io
* https://github.com/hocus-dev/hocus
* https://github.com/Kanaries/Rath
* cvat.io
* https://github.com/illacloud/illa-builder
* https://github.com/KnowledgeCanvas/knowledge
* https://github.com/siyuan-note/siyuan
* https://github.com/shuttle-hq/shuttle
* https://github.com/open-hand/choerodon
* https://github.com/1backend/1backend
* https://github.com/redkubes/otomi-core
* https://github.com/yunionio/cloudpods
* https://github.com/tkestack/tke
* https://www.rancher.com/
* https://github.com/OpenNebula/one /. https://github.com/OpenNebula/minione
* https://github.com/ConvoyPanel/panel
* https://github.com/hashicorp/nomad
* [Title](https://github.com/Soft/xcolor)
* [Title](https://github.com/Xpra-org/xpra)
* [Title](https://github.com/ksnip/ksnip)
* [Title](https://github.com/leftwm/leftwm)
* [Title](https://github.com/polybar/polybar)
* [Title](https://github.com/kingToolbox/WindTerm)
* [Title](https://github.com/hyprwm/Hypr)
* [Title](https://github.com/Sygil-Dev/sygil-webui)
* [Title](https://github.com/psychic-api/psychic)
* [Title](https://github.com/telekom-security/tpotce)
* [Title](https://flathub.org/apps/com.airtame.Client)
* [Title](https://github.com/Aloxaf/fzf-tab)
- https://github.com/AmruthPillai/Reactive-Resume
- https://github.com/kubeflow/kubeflow
- https://github.com/leon-ai/leon
- https://github.com/teambit/bit
- https://github.com/Budibase/budibase
- https://github.com/appsmithorg/appsmith
- https://github.com/refined-github/refined-github
- https://github.com/reworkd/AgentGPT
- https://github.com/appwrite/appwrite
- https://github.com/hoppscotch/hoppscotch
- builder.io
- https://github.com/hocus-dev/hocus
- https://github.com/Kanaries/Rath
- cvat.io
- https://github.com/illacloud/illa-builder
- https://github.com/KnowledgeCanvas/knowledge
- https://github.com/siyuan-note/siyuan
- https://github.com/shuttle-hq/shuttle
- https://github.com/open-hand/choerodon
- https://github.com/1backend/1backend
- https://github.com/redkubes/otomi-core
- https://github.com/yunionio/cloudpods
- https://github.com/tkestack/tke
- https://www.rancher.com/
- https://github.com/OpenNebula/one /. https://github.com/OpenNebula/minione
- https://github.com/ConvoyPanel/panel
- https://github.com/hashicorp/nomad
- [Title](https://github.com/Soft/xcolor)
- [Title](https://github.com/Xpra-org/xpra)
- [Title](https://github.com/ksnip/ksnip)
- [Title](https://github.com/leftwm/leftwm)
- [Title](https://github.com/polybar/polybar)
- [Title](https://github.com/kingToolbox/WindTerm)
- [Title](https://github.com/hyprwm/Hypr)
- [Title](https://github.com/Sygil-Dev/sygil-webui)
- [Title](https://github.com/psychic-api/psychic)
- [Title](https://github.com/telekom-security/tpotce)
- [Title](https://flathub.org/apps/com.airtame.Client)
- [Title](https://github.com/Aloxaf/fzf-tab)
[Title](https://github.com/haproxy/haproxy)
* [Title](https://frappeframework.com/docs/v14/user/en/installation)
* [
- [Title](https://frappeframework.com/docs/v14/user/en/installation)
- [
](https://github.com/stringer-rss/stringer)
## Sources
* [Title](https://gist.github.com/pmkay/e09034971b6f23214fd9f95a3e6d1c44)
## Bash
* https://github.com/shellfire-dev/shellfire
* https://github.com/joehillen/sysz
* https://github.com/eth-p/bat-extras
* https://github.com/ddworken/hishtory
* https://github.com/sloria/doitlive
* https://github.com/ncarlier/webhookd
* https://github.com/0xacx/chatGPT-shell-cli
* https://github.com/hectorm/hblock https://github.com/tanrax/maza-ad-blocking
* https://github.com/rossmacarthur/sheldon
## Bookmarks
* https://cheatsheets.zip/
- https://cheatsheets.zip/
## Windows
* https://github.com/DDoSolitary/LxRunOffline
- https://github.com/DDoSolitary/LxRunOffline

View file

@ -7,6 +7,7 @@ githubLocation: https://github.com/megabyte-labs/install.doctor/blob/master/home
scriptLocation: https://github.com/megabyte-labs/install.doctor/raw/master/home/.chezmoiscripts/universal/run_onchange_after_14-warp.sh.tmpl
repoLocation: home/.chezmoiscripts/universal/run_onchange_after_14-warp.sh.tmpl
---
# CloudFlare WARP
Installs CloudFlare WARP, ensures proper security certificates are in place, and connects the device to CloudFlare WARP.
@ -41,10 +42,8 @@ an MDM SaaS provider like JumpCloud.
## Links
* [Linux managed configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/dot_config/warp/private_mdm.xml.tmpl)
* [macOS managed configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/Library/Managed%20Preferences/private_com.cloudflare.warp.plist.tmpl)
- [Linux managed configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/dot_config/warp/private_mdm.xml.tmpl)
- [macOS managed configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/Library/Managed%20Preferences/private_com.cloudflare.warp.plist.tmpl)
## Source Code
@ -136,9 +135,9 @@ fi
# Source: https://developers.cloudflare.com/cloudflare-one/static/documentation/connections/Cloudflare_CA.pem
if [ -d /System ] && [ -d /Applications ] && command -v warp-cli > /dev/null; then
### Ensure certificate installed on macOS
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.crt"
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.crt"
if [ -f /usr/local/etc/ca-certificates/cert.pem ]; then
echo | sudo cat - "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" >> /usr/local/etc/ca-certificates/cert.pem
echo | sudo cat - "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem" >> /usr/local/etc/ca-certificates/cert.pem
else
logg error 'Unable to add `Cloudflare_CA.pem` because `/usr/local/etc/ca-certificates/cert.pem` does not exist!' && exit 1
fi

View file

@ -7,6 +7,7 @@ githubLocation: https://github.com/megabyte-labs/install.doctor/blob/master/home
scriptLocation: https://github.com/megabyte-labs/install.doctor/raw/master/home/dot_config/shell/motd.sh.tmpl
repoLocation: home/dot_config/shell/motd.sh.tmpl
---
# MOTD
Incorporates the MOTD functionality that is leveraged by the `~/.bashrc` and `~/.zshrc` files
@ -16,8 +17,6 @@ Incorporates the MOTD functionality that is leveraged by the `~/.bashrc` and `~/
This script is included by `~/.bashrc` and `~/.zshrc` to print a MOTD whenever a terminal session
is invoked.
## Source Code
```
@ -31,9 +30,9 @@ is invoked.
### MOTD
# Add file named .hushlogin in the user's home directory to disable the MOTD
if [ "$BASH_SUPPORT" = 'true' ] && [ ! -f ~/.hushlogin ] && [ "$SHLVL" -eq 1 ]; then
if [ -f "$HOME/.local/scripts/motd.bash" ] && { [ -n "$SSH_CONNECTION" ] && [[ $- == *i* ]]; } || command -v qubes-vmexec > /dev/null || command -v qubes-dom0-update > /dev/null || { [ -d /Applications ] && [ -d /System ]; }; then
if [ -f "${XDG_CONFIG_HOME:-$HOME/.config/shell/bash/motd.bash" ] && { [ -n "$SSH_CONNECTION" ] && [[ $- == *i* ]]; } || command -v qubes-vmexec > /dev/null || command -v qubes-dom0-update > /dev/null || { [ -d /Applications ] && [ -d /System ]; }; then
if { [ -z "$MOTD" ] || [ "$MOTD" -ne 0 ]; } && [[ "$(hostname)" != *'-minimal' ]]; then
. "$HOME/.local/scripts/motd.bash"
. "${XDG_CONFIG_HOME:-$HOME/.config/shell/bash/motd.bash"
# TODO - -- services
if [ -n "$SSH_CONNECTION" ]; then
# SSH

View file

@ -255,6 +255,7 @@ softwareGroups:
- bash-completion
- bandwhich
- bat
- bat-extras
- bottom
- broot
- carapace
@ -316,6 +317,7 @@ softwareGroups:
- rm-improved
- rsync
- sd
- sheldon
- solargraph
- sql-language-server
- task
@ -351,6 +353,7 @@ softwareGroups:
- desed
- difftastic
- dockutil
- doitlive
- duti
- emplace
- emoj
@ -469,6 +472,7 @@ softwareGroups:
- ledger-live
- onlykey
DNS: &DNS
- blocky
- hostctl
- iodine
- switchhosts

View file

@ -1,36 +1,33 @@
{{- $refreshPeriod := "240h" }}
### VIM Plugins
{{- $vimPlugins := .softwarePlugins.vim.plugins }}
{{- range $vimPlugin := $vimPlugins }}
{{- $folderName := trimSuffix ".git" (last (splitList "/" $vimPlugin)) }}
[".local/share/vim/plugged/{{ $folderName }}"]
type = "git-repo"
url = "{{ $vimPlugin }}"
refreshPeriod = "{{ $refreshPeriod }}"
clone.args = ["--depth", "1"]
pull.args = ["--ff-only"]
{{- end }}
### coc.nvim VIM plugin requires custom branch "release"
[".local/share/vim/plugged/coc.nvim"]
type = "git-repo"
url = "https://github.com/neoclide/coc.nvim.git"
refreshPeriod = "{{ $refreshPeriod }}"
clone.args = ["--branch", "release", "--depth", "1"]
pull.args = ["--ff-only"]
### CloudFlare WARP Certificates
[".local/share/warp/Cloudflare_CA.crt"]
######################################
### Security Certificates ############
######################################
### CloudFlare
[".local/etc/ssl/cloudflare/cloudflare/Cloudflare_CA.crt"]
type = "file"
url = "https://developers.cloudflare.com/cloudflare-one/static/documentation/connections/Cloudflare_CA.crt"
[".local/share/warp/Cloudflare_CA.pem"]
[".local/etc/ssl/cloudflare/cloudflare/Cloudflare_CA.pem"]
type = "file"
url = "https://developers.cloudflare.com/cloudflare-one/static/documentation/connections/Cloudflare_CA.pem"
### Curl / Google Cloud SDK
[".local/share/curl/cacert.pem"]
### cURL / Google Cloud SDK
[".local/etc/ssl/curl/cacert.pem"]
type = "file"
url = "https://curl.se/ca/cacert.pem"
### GPG
[".gnupg/gpg.conf"]
type = "file"
url = "https://raw.githubusercontent.com/drduh/config/master/gpg.conf"
### Vagrant
[".ssh/authorized_keys.vagrant"]
type = "file"
url = "https://raw.githubusercontent.com/hashicorp/vagrant/main/keys/vagrant.pub"
refreshPeriod = "{{ $refreshPeriod }}"
### Update scripts
[".local/bin/update"]
type = "git-repo"
@ -63,7 +60,14 @@
clone.args = ["--depth", "1"]
pull.args = ["--ff-only"]
### Shell
### Shellfire
[".local/src/shellfire"]
type = "git-repo"
url = "https://github.com/shellfire-dev/shellfire.git"
refreshPeriod = "{{ $refreshPeriod }}"
clone.args = ["--depth", "1"]
pull.args = ["--ff-only"]
[".config/desktop/gnome.yml"]
type = "file"
url = "https://gitlab.com/megabyte-labs/gas-station/-/raw/master/environments/prod/group_vars/all/defaults.yml"
@ -244,12 +248,6 @@
# url = "https://github.com/typicode/husky/raw/main/husky.sh"
# refreshPeriod = "{{ $refreshPeriod }}"
### GPG
[".gnupg/gpg.conf"]
type = "file"
url = "https://raw.githubusercontent.com/drduh/config/master/gpg.conf"
refreshPeriod = "{{ $refreshPeriod }}"
### Taskfiles
[".local/share/shared-common"]
type = "git-repo"
@ -403,55 +401,14 @@
clone.args = ["--depth", "1"]
pull.args = ["--ff-only"]
### Vagrant
[".ssh/authorized_keys.vagrant"]
type = "file"
url = "https://raw.githubusercontent.com/hashicorp/vagrant/main/keys/vagrant.pub"
refreshPeriod = "{{ $refreshPeriod }}"
### Neovim
[".config/nvim"]
type = "git-repo"
url = "https://github.com/AstroNvim/AstroNvim.git"
refreshPeriod = "{{ $refreshPeriod }}"
clone.args = ["--depth", "1"]
pull.args = ["--ff-only"]
[".config/nvim/lua/user"]
type = "git-repo"
url = "https://github.com/megabyte-labs/AstronVim.git"
refreshPeriod = "{{ $refreshPeriod }}"
clone.args = ["--depth", "1"]
pull.args = ["--ff-only"]
{{- if and (eq .chezmoi.os "linux") (not .host.headless) }}
### Rofi
[".local/share/fonts/GrapeNuts-Regular.ttf"]
type = "file"
url = "https://github.com/adi1090x/rofi/raw/master/fonts/GrapeNuts-Regular.ttf"
refreshPeriod = "{{ $refreshPeriod }}"
[".local/share/fonts/Icomoon-Feather.ttf"]
type = "file"
url = "https://github.com/adi1090x/rofi/raw/master/fonts/Icomoon-Feather.ttf"
refreshPeriod = "{{ $refreshPeriod }}"
[".local/share/fonts/Iosevka-Nerd-Font-Complete.ttf"]
type = "file"
url = "https://github.com/adi1090x/rofi/raw/master/fonts/Iosevka-Nerd-Font-Complete.ttf"
refreshPeriod = "{{ $refreshPeriod }}"
[".local/share/fonts/JetBrains-Mono-Nerd-Font-Complete.ttf"]
type = "file"
url = "https://github.com/adi1090x/rofi/raw/master/fonts/JetBrains-Mono-Nerd-Font-Complete.ttf"
refreshPeriod = "{{ $refreshPeriod }}"
[".config/rofi"]
type = "archive"
url = "https://github.com/adi1090x/rofi/archive/refs/heads/master.tar.gz"
exact = true
stripComponents = 2
refreshPeriod = "{{ $refreshPeriod }}"
include = ["applets/**", "colors/**", "images/**", "launchers/**", "powermenu/**", "scripts/**", "config.rasi"]
{{- end }}
######################################
### Fonts ############################
######################################
### Hack Nerd Font
{{- if not .host.headless }}
### Hack Nerd Font Download
{{- $refreshPeriod := "4800h" }}
{{- $fontDir := "" }}
{{- $fontUrlBase := "https://github.com/ryanoasis/nerd-fonts/raw/master/patched-fonts/Hack"}}
@ -479,7 +436,7 @@
url = "{{ $fontUrlBase }}/BoldItalic/HackNerdFont-BoldItalic.ttf"
refreshPeriod = "{{ $refreshPeriod }}"
### Montserrat Font Download
### Montserrat Font
{{- $fontUrlBase := "https://github.com/JulietaUla/Montserrat/raw/master/fonts/ttf/Montserrat-"}}
{{- $fonts := list "Black" "BlackItalic" "Bold" "BoldItalic" "ExtraBold" "ExtraBoldItalic" "ExtraLight" "ExtraLightItalic" "Italic" "Light" "LightItalic" "Medium" "MediumItalic" "Regular" "SemiBold" "SemiBoldItalic" "Thin" "ThinItalic" }}
{{- range $font := $fonts }}
@ -489,7 +446,7 @@
refreshPeriod = "{{ $refreshPeriod }}"
{{- end }}
### ZillaSlab Font Download
### ZillaSlab Font
{{- $fontUrlBase := "https://github.com/typotheque/zilla-slab/raw/master/fonts_TTF/ZillaSlab"}}
{{- $fonts := list "-Bold" "-BoldItalic" "-Italic" "-Light" "-LightItalic" "-Medium" "-MediumItalic" "-Regular" "-SemiBold" "-SemiBoldItalic" "Highlight-Bold" "Highlight-Regular" }}
{{- range $font := $fonts }}
@ -499,3 +456,70 @@
refreshPeriod = "{{ $refreshPeriod }}"
{{- end }}
{{- end }}
######################################
### Rofi #############################
######################################
{{- if and (eq .chezmoi.os "linux") (not .host.headless) }}
[".local/share/fonts/GrapeNuts-Regular.ttf"]
type = "file"
url = "https://github.com/adi1090x/rofi/raw/master/fonts/GrapeNuts-Regular.ttf"
refreshPeriod = "{{ $refreshPeriod }}"
[".local/share/fonts/Icomoon-Feather.ttf"]
type = "file"
url = "https://github.com/adi1090x/rofi/raw/master/fonts/Icomoon-Feather.ttf"
refreshPeriod = "{{ $refreshPeriod }}"
[".local/share/fonts/Iosevka-Nerd-Font-Complete.ttf"]
type = "file"
url = "https://github.com/adi1090x/rofi/raw/master/fonts/Iosevka-Nerd-Font-Complete.ttf"
refreshPeriod = "{{ $refreshPeriod }}"
[".local/share/fonts/JetBrains-Mono-Nerd-Font-Complete.ttf"]
type = "file"
url = "https://github.com/adi1090x/rofi/raw/master/fonts/JetBrains-Mono-Nerd-Font-Complete.ttf"
refreshPeriod = "{{ $refreshPeriod }}"
[".config/rofi"]
type = "archive"
url = "https://github.com/adi1090x/rofi/archive/refs/heads/master.tar.gz"
exact = true
stripComponents = 2
refreshPeriod = "{{ $refreshPeriod }}"
include = ["applets/**", "colors/**", "images/**", "launchers/**", "powermenu/**", "scripts/**", "config.rasi"]
{{- end }}
######################################
### VIM / NVIM #######################
######################################
### VIM
{{- $vimPlugins := .softwarePlugins.vim.plugins }}
{{- range $vimPlugin := $vimPlugins }}
{{- $folderName := trimSuffix ".git" (last (splitList "/" $vimPlugin)) }}
[".local/share/vim/plugged/{{ $folderName }}"]
type = "git-repo"
url = "{{ $vimPlugin }}"
refreshPeriod = "{{ $refreshPeriod }}"
clone.args = ["--depth", "1"]
pull.args = ["--ff-only"]
{{- end }}
# coc.nvim VIM plugin requires custom branch "release"
[".local/share/vim/plugged/coc.nvim"]
type = "git-repo"
url = "https://github.com/neoclide/coc.nvim.git"
refreshPeriod = "{{ $refreshPeriod }}"
clone.args = ["--branch", "release", "--depth", "1"]
pull.args = ["--ff-only"]
### NVIM
[".config/nvim"]
type = "git-repo"
url = "https://github.com/AstroNvim/AstroNvim.git"
refreshPeriod = "{{ $refreshPeriod }}"
clone.args = ["--depth", "1"]
pull.args = ["--ff-only"]
[".config/nvim/lua/user"]
type = "git-repo"
url = "https://github.com/megabyte-labs/AstronVim.git"
refreshPeriod = "{{ $refreshPeriod }}"
clone.args = ["--depth", "1"]
pull.args = ["--ff-only"]

View file

@ -107,22 +107,23 @@ if [ -d /System ] && [ -d /Applications ] && command -v warp-cli > /dev/null; th
### Ensure certificate installed on macOS
if [ ! -n "$SSH_CONNECTION" ]; then
logg info 'Requesting security authorization for Cloudflare trusted certificate'
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.crt"
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.crt"
logg info 'Updating the OpenSSL CA Store to include the Cloudflare certificate'
echo | sudo tee -a /etc/ssl/cert.pem < "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" > /dev/null
echo | sudo tee -a /etc/ssl/cert.pem < "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem" > /dev/null
echo "" | sudo tee -a /etc/ssl/cert.pem
else
logg warn 'Session is SSH so adding Cloudflare encryption key to trusted certificates via the security program is being bypassed since it requires Touch ID / Password verification.'
fi
if [ -d "/usr/local/etc/openssl@3/certs" ]; then
# Location on Intel macOS
logg info 'Adding Cloudflare certificate to `/usr/local/etc/openssl@3/certs/Cloudflare_CA.pem`'
echo | sudo cat - "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" >> /usr/local/etc/openssl@3/certs/Cloudflare_CA.pem
echo | sudo cat - "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem" >> /usr/local/etc/openssl@3/certs/Cloudflare_CA.pem
logg info 'Running `/usr/local/opt/openssl@3/bin/c_rehash`'
/usr/local/opt/openssl@3/bin/c_rehash > /dev/null && logg success 'OpenSSL certificate rehash successful'
elif [ -d "/opt/homebrew/etc/openssl@3/certs" ]; then
# Location on arm64 macOS
logg info 'Adding Cloudflare certificate to `/opt/homebrew/etc/openssl@3/certs/Cloudflare_CA.pem`'
echo | sudo cat - "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" >> /opt/homebrew/etc/openssl@3/certs/Cloudflare_CA.pem
echo | sudo cat - "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem" >> /opt/homebrew/etc/openssl@3/certs/Cloudflare_CA.pem
logg info 'Running `/opt/homebrew/opt/openssl@3/bin/c_rehash`'
/opt/homebrew/opt/openssl@3/bin/c_rehash > /dev/null && logg success 'OpenSSL certificate rehash successful'
else
@ -133,7 +134,7 @@ elif command -v warp-cli > /dev/null; then
if command -v dpkg-reconfigure > /dev/null; then
if [ -d /usr/local/share/ca-certificates ]; then
logg info 'Copying CloudFlare Teams PEM file to /usr/local/share/ca-certificates/Cloudflare_CA.crt'
sudo cp -f "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" /usr/local/share/ca-certificates/Cloudflare_CA.crt
sudo cp -f "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem" /usr/local/share/ca-certificates/Cloudflare_CA.crt
logg info '`dpkg-reconfigure` executable detected so using Debian/Ubuntu method of updating system trusted certificates to include CloudFlare Teams certificate'
sudo dpkg-reconfigure ca-certificates
else
@ -142,7 +143,7 @@ elif command -v warp-cli > /dev/null; then
elif command -v update-ca-trust > /dev/null; then
if [ -d /etc/pki/ca-trust/source/anchors ]; then
logg info 'Copying CloudFlare Teams certificates to /etc/pki/ca-trust/source/anchors'
sudo cp -f "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.crt" "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" /etc/pki/ca-trust/source/anchors
sudo cp -f "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.crt" "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem" /etc/pki/ca-trust/source/anchors
logg info '`update-ca-trust` executable detected so using CentOS/Fedora method of updating system trusted certificates to include CloudFlare Teams certificate'
sudo update-ca-trust
else
@ -158,27 +159,27 @@ if command -v warp-cli > /dev/null; then
# certificate and the WARP client is not running.
### Git
if command -v git > /dev/null; then
logg info "Configuring git to use "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem""
git config --global http.sslcainfo "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem"
logg info "Configuring git to use "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem""
git config --global http.sslcainfo "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem"
fi
### NPM
if command -v npm > /dev/null; then
logg info "Configuring npm to use "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem""
npm config set cafile "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem"
logg info "Configuring npm to use "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem""
npm config set cafile "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem"
fi
### Python
if command -v python3 > /dev/null; then
logg info "Configuring python3 / python to use "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem""
echo | cat - "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" >> $(python3 -m certifi)
logg info "Configuring python3 / python to use "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem""
echo | cat - "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem" >> $(python3 -m certifi)
fi
### Google Cloud SDK
if command -v gcloud > /dev/null; then
logg info "Configuring gcloud to use "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" and "${XDG_DATA_HOME:-$HOME/.local/share}/curl/cacert.pem""
mkdir -p "${XDG_DATA_HOME:-$HOME/.local/share}/gcloud"
cat "${XDG_DATA_HOME:-$HOME/.local/share}/curl/cacert.pem" "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" > "${XDG_DATA_HOME:-$HOME/.local/share}/gcloud/ca.pem"
logg info "Configuring gcloud to use "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem" and "${XDG_DATA_HOME:-$HOME/.local/share}/curl/cacert.pem""
mkdir -p "$HOME/.local/etc/ssl/gcloud"
cat "$HOME/.local/etc/ssl/curl/cacert.pem" "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem" > "$HOME/.local/etc/ssl/gcloud/ca.pem"
gcloud config set core/custom_ca_certs_file "${XDG_DATA_HOME:-$HOME/.local/share}/gcloud/ca.pem"
fi
@ -187,7 +188,7 @@ if command -v warp-cli > /dev/null; then
if [ -d "/Applications/Google Drive.app/Contents/Resources" ]; then
logg info "Combining Google Drive roots.pem with CloudFlare certificate"
mkdir -p "${XDG_DATA_HOME:-$HOME/.local/share}/google-drive"
cat "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" "/Applications/Google Drive.app/Contents/Resources/roots.pem" >> "${XDG_DATA_HOME:-$HOME/.local/share}/google-drive/roots.pem"
cat "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem" "/Applications/Google Drive.app/Contents/Resources/roots.pem" >> "${XDG_DATA_HOME:-$HOME/.local/share}/google-drive/roots.pem"
sudo defaults write /Library/Preferences/com.google.drivefs.settings TrustedRootsCertsFile -string "${XDG_DATA_HOME:-$HOME/.local/share}/google-drive/roots.pem"
else
logg warn 'Google Drive.app installed but roots.pem is not available yet'

View file

@ -0,0 +1,7 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRaEoxNFRxb015U0d0R05Z
WGZGSVgyeDJ2QUtDR2VxanRWTE1COVlJRUdzCjNuc3R1MytaQUN5cjlJVXpSNkpj
c05Ta3NHb2ZpMlJhQ3h6K2E5bHFleU0KLS0tIEFhcURJUGRZeW9TNjVNY21QYTBG
TnIvR0ptVXo5YmlTZFBFclZLK0tLWE0KCTd/BG2CGNx6gaQJ3xeP5MkuGjyom9C3
udQnA+qcd07fgL49FVFXIMT1Wod7XQcZjin2aCH6hHBtVOysRim0YRSyEpm+o/wD
-----END AGE ENCRYPTED FILE-----

View file

@ -18,10 +18,14 @@ if [ -t 1 ]; then
### Pre-exec
# Source: https://github.com/rcaloras/bash-preexec
if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/shell/bash/pre-exec.bash" ]; then
export __bp_enable_subshells="true"
# export __bp_enable_subshells="true"
. "${XDG_CONFIG_HOME:-$HOME/.config}/shell/bash/pre-exec.bash"
preexec() { echo "just typed $1"; }
precmd() { echo "printing the prompt"; }
preexec() {
true
}
precmd() {
true
}
fi
### Java (asdf)
@ -79,7 +83,6 @@ if [ "$BASH_SUPPORT" = 'true' ]; then
fi
### Bash Completion (Homebrew)
autoload -U +X bashcompinit && bashcompinit
if command -v brew > /dev/null; then
if [[ -r "${HOMEBREW_PREFIX}/etc/profile.d/bash_completion.sh" ]]; then
source "${HOMEBREW_PREFIX}/etc/profile.d/bash_completion.sh"
@ -125,43 +128,6 @@ if [ "$BASH_SUPPORT" = 'true' ]; then
### Fig
[ ! -f "$HOME/.fig/shell/bashrc.post.bash" ] || . "$HOME/.fig/shell/bashrc.post.bash"
### Mamba Forge (Faster Conda Drop-In Replacement)
# TODO: Add logic for Linux
if [ -f /usr/local/Caskroom/mambaforge/base/bin/conda ]; then
# >>> conda initialize >>>
# !! Contents within this block are managed by 'conda init' !!
__conda_setup="$('/usr/local/Caskroom/mambaforge/base/bin/conda' 'shell.bash' 'hook' 2> /dev/null)"
if [ $? -eq 0 ]; then
eval "$__conda_setup"
else
if [ -f "/usr/local/Caskroom/mambaforge/base/etc/profile.d/conda.sh" ]; then
. "/usr/local/Caskroom/mambaforge/base/etc/profile.d/conda.sh"
else
export PATH="/usr/local/Caskroom/mambaforge/base/bin:$PATH"
fi
fi
unset __conda_setup
# <<< conda initialize <<<
fi
### Micro-Mamba
# Generate command: micromamba shell init -s bash -p "${XDG_DATA_HOME:-$HOME/.local/share}/micromamba"
# TODO: Ensure Linux support
if [ -f /usr/local/bin/micromamba ]; then
# >>> mamba initialize >>>
# !! Contents within this block are managed by 'mamba init' !!
export MAMBA_EXE='/usr/local/bin/micromamba';
export MAMBA_ROOT_PREFIX="${XDG_DATA_HOME:-$HOME/.local/share}/micromamba";
__mamba_setup="$("$MAMBA_EXE" shell hook --shell bash --root-prefix "$MAMBA_ROOT_PREFIX" 2> /dev/null)"
if [ $? -eq 0 ]; then
eval "$__mamba_setup"
else
alias micromamba="$MAMBA_EXE" # Fallback on help from mamba activate
fi
unset __mamba_setup
# <<< mamba initialize <<<
fi
### Navi (Ctrl+G)
! command -v navi > /dev/null || eval "$(navi widget bash)"
@ -174,6 +140,10 @@ if [ "$BASH_SUPPORT" = 'true' ]; then
source "$SDKMAN_DIR/bin/sdkman-init.sh"
fi
### Sheldon
export SHELDON_CONFIG_FILE="$SHELDON_CONFIG_DIR/plugins.bash.toml"
! command -v sheldon > /dev/null || eval "$(sheldon source)"
### Up
[ ! -f "${XDG_DATA_HOME:-$HOME/.local/share}/up/up.sh" ] || source "${XDG_DATA_HOME:-$HOME/.local/share}/up/up.sh"

View file

@ -0,0 +1,336 @@
{{- if (ne .host.distro.family "windows") -}}
#!/usr/bin/env bash
# @file CloudFlare WARP and CloudFlare Argo Tunnels
# @brief Installs CloudFlare WARP, ensures proper security certificates are in place, and connects the device to CloudFlare WARP. Also sets up Argo Tunnels.
# @description
# This script is intended to connect the device to CloudFlare's Zero Trust network with nearly all of its features unlocked.
# Homebrew is used to install the `warp-cli` on macOS. On Linux, it can install `warp-cli` on most Debian systems and some RedHat
# systems. CloudFlare WARP's [download page](https://pkg.cloudflareclient.com/packages/cloudflare-warp) is somewhat barren.
#
# ## MDM Configuration
#
# If CloudFlare WARP successfully installs, it first applies MDM configurations (managed configurations). If you would like CloudFlare
# WARP to connect completely headlessly (while losing some "user-posture" settings), then you can populate the following three secrets:
#
# 1. `CLOUDFLARE_TEAMS_CLIENT_ID` - The ID from a CloudFlare Teams service token. See [this article](https://developers.cloudflare.com/cloudflare-one/identity/service-tokens/).
# 2. `CLOUDFLARE_TEAMS_CLIENT_SECRET` - The secret from a CloudFlare Teams service token.
# 3. `CLOUDFLARE_TEAMS_ORG` - The ID of your Zero Trust organization. This variable must be passed in as an environment variable and is housed in the `home/.chezmoi.yaml.tmpl` file. If you do not want to pass an environment variable, you can change the default value in `home/.chezmoi.yaml.tmpl` on your own fork.
#
# The two variables above can be passed in using either of the methods described in the [Secrets documentation](https://install.doctor/docs/customization/secrets).
#
# ## Headless CloudFlare WARP Connection
#
# Even if you do not provide the two variables mentioned above, the script will still headlessly connect your device to the public CloudFlare WARP
# network, where you will get some of the benefits of a VPN for free. Otherwise, if they were passed in, then the script
# finishes by connecting to CloudFlare Teams.
#
# ## Application Certificates
#
# This script applies the techniques described on the [CloudFlare Zero Trust Install certificate manually page](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/user-side-certificates/install-cloudflare-cert/)
# to configure the following utilities that leverage seperate certificate authorities:
#
# * Python
# * NPM
# * Git
# * Google Cloud SDK
# * AWS CLI
# * Google Drive for desktop
#
# Settings used to configure Firefox are housed inside of the Firefox configuration files stored as seperate configuration files
# outside of this script. **Note: The scripts that enable CloudFlare certificates for all these programs are currently commented out
# in this script.**
#
# ## Notes
#
# According to CloudFlare Teams [documentation on MDM deployment](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/),
# on macOS the `com.cloudflare.warp.plist` file gets erased on reboot. Also, according to the documentation, the only way around this is to leverage
# an MDM SaaS provider like JumpCloud.
#
# ## Links
#
# * [Linux managed configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/dot_config/warp/private_mdm.xml.tmpl)
# * [macOS managed configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/Library/Managed%20Preferences/private_com.cloudflare.warp.plist.tmpl)
{{ includeTemplate "universal/profile" }}
{{ includeTemplate "universal/logg" }}
### Install CloudFlare WARP (on non-WSL *nix systems)
if [[ ! "$(test -d /proc && grep Microsoft /proc/version > /dev/null)" ]]; then
if [ -d /System ] && [ -d /Applications ]; then
### Install on macOS
if [ ! -d "/Applications/Cloudflare WARP.app" ]; then
brew install --cask cloudflare-warp
else
logg info 'Cloudflare WARP already installed'
fi
elif [ '{{ .host.distro.id }}' = 'debian' ]; then
### Add CloudFlare WARP desktop app apt-get source
if [ ! -f /etc/apt/sources.list.d/cloudflare-client.list ]; then
logg info 'Adding CloudFlare WARP keyring'
curl https://pkg.cloudflareclient.com/pubkey.gpg | sudo gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg
logg info 'Adding apt source reference'
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflare-client.list
fi
### Update apt-get and install the CloudFlare WARP CLI
sudo apt-get update && sudo apt-get install -y cloudflare-warp
elif [ '{{ .host.distro.id }}' = 'ubuntu' ]; then
### Add CloudFlare WARP desktop app apt-get source
if [ ! -f /etc/apt/sources.list.d/cloudflare-client.list ]; then
logg info 'Adding CloudFlare WARP keyring'
curl https://pkg.cloudflareclient.com/pubkey.gpg | sudo gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg
logg info 'Adding apt source reference'
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflare-client.list
fi
### Update apt-get and install the CloudFlare WARP CLI
sudo apt-get update && sudo apt-get install -y cloudflare-warp
elif command -v dnf > /dev/null && command -v rpm > /dev/null; then
### This is made for CentOS 8 and works on Fedora 36 (hopefully 36+ as well) with `nss-tools` as a dependency
sudo dnf instal -y nss-tools || NSS_TOOL_EXIT=$?
if [ -n "$NSS_TOOL_EXIT" ]; then
logg warn 'Unable to install `nss-tools` which was a requirement on Fedora 36 and assumed to be one on other systems as well.'
fi
### According to the download site, this is the only version available for RedHat-based systems
sudo rpm -ivh https://pkg.cloudflareclient.com/cloudflare-release-el8.rpm || RPM_EXIT_CODE=$?
if [ -n "$RPM_EXIT_CODE" ]; then
logg error 'Unable to install CloudFlare WARP using RedHat 8 RPM package'
fi
fi
fi
### Ensure certificate is installed
# Source: https://developers.cloudflare.com/cloudflare-one/static/documentation/connections/Cloudflare_CA.crt
# Source: https://developers.cloudflare.com/cloudflare-one/static/documentation/connections/Cloudflare_CA.pem
if [ -d /System ] && [ -d /Applications ] && command -v warp-cli > /dev/null; then
### Ensure certificate installed on macOS
if [ ! -n "$SSH_CONNECTION" ]; then
logg info 'Requesting security authorization for Cloudflare trusted certificate'
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.crt"
logg info 'Updating the OpenSSL CA Store to include the Cloudflare certificate'
echo | sudo tee -a /etc/ssl/cert.pem < "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem" > /dev/null
echo "" | sudo tee -a /etc/ssl/cert.pem
else
logg warn 'Session is SSH so adding Cloudflare encryption key to trusted certificates via the security program is being bypassed since it requires Touch ID / Password verification.'
fi
if [ -d "/usr/local/etc/openssl@3/certs" ]; then
# Location on Intel macOS
logg info 'Adding Cloudflare certificate to `/usr/local/etc/openssl@3/certs/Cloudflare_CA.pem`'
echo | sudo cat - "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem" >> /usr/local/etc/openssl@3/certs/Cloudflare_CA.pem
logg info 'Running `/usr/local/opt/openssl@3/bin/c_rehash`'
/usr/local/opt/openssl@3/bin/c_rehash > /dev/null && logg success 'OpenSSL certificate rehash successful'
elif [ -d "/opt/homebrew/etc/openssl@3/certs" ]; then
# Location on arm64 macOS
logg info 'Adding Cloudflare certificate to `/opt/homebrew/etc/openssl@3/certs/Cloudflare_CA.pem`'
echo | sudo cat - "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem" >> /opt/homebrew/etc/openssl@3/certs/Cloudflare_CA.pem
logg info 'Running `/opt/homebrew/opt/openssl@3/bin/c_rehash`'
/opt/homebrew/opt/openssl@3/bin/c_rehash > /dev/null && logg success 'OpenSSL certificate rehash successful'
else
logg warn 'Unable to add `Cloudflare_CA.pem` because `/usr/local/etc/openssl@3/certs` and `/opt/homebrew/etc/openssl@3/certs` do not exist!'
fi
elif command -v warp-cli > /dev/null; then
# System is Linux
if command -v dpkg-reconfigure > /dev/null; then
if [ -d /usr/local/share/ca-certificates ]; then
logg info 'Copying CloudFlare Teams PEM file to /usr/local/share/ca-certificates/Cloudflare_CA.crt'
sudo cp -f "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem" /usr/local/share/ca-certificates/Cloudflare_CA.crt
logg info '`dpkg-reconfigure` executable detected so using Debian/Ubuntu method of updating system trusted certificates to include CloudFlare Teams certificate'
sudo dpkg-reconfigure ca-certificates
else
logg warn
fi
elif command -v update-ca-trust > /dev/null; then
if [ -d /etc/pki/ca-trust/source/anchors ]; then
logg info 'Copying CloudFlare Teams certificates to /etc/pki/ca-trust/source/anchors'
sudo cp -f "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.crt" "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem" /etc/pki/ca-trust/source/anchors
logg info '`update-ca-trust` executable detected so using CentOS/Fedora method of updating system trusted certificates to include CloudFlare Teams certificate'
sudo update-ca-trust
else
logg warn '/etc/pki/ca-trust/source/anchors does not exist so skipping the system certificate update process'
fi
fi
fi
if command -v warp-cli > /dev/null; then
### Application certificate configuration
# Application-specific certificate authority modification is currently commented out because
# it is merely for traffic inspection and `npm install` fails when configured to use the CloudFlare
# certificate and the WARP client is not running.
### Git
if command -v git > /dev/null; then
logg info "Configuring git to use "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem""
git config --global http.sslcainfo "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem"
fi
### NPM
if command -v npm > /dev/null; then
logg info "Configuring npm to use "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem""
npm config set cafile "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem"
fi
### Python
if command -v python3 > /dev/null; then
logg info "Configuring python3 / python to use "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem""
echo | cat - "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem" >> $(python3 -m certifi)
fi
### Google Cloud SDK
if command -v gcloud > /dev/null; then
logg info "Configuring gcloud to use "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem" and "${XDG_DATA_HOME:-$HOME/.local/share}/curl/.local/etc/ssl/cloudflare""
mkdir -p "$HOME/.local/etc/ssl/gcloud"
cat "$HOME/.local/etc/ssl/curl/.local/etc/ssl/cloudflare" "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem" > "$HOME/.local/etc/ssl/gcloud/ca.pem"
gcloud config set core/custom_ca_certs_file "${XDG_DATA_HOME:-$HOME/.local/share}/gcloud/ca.pem"
fi
### Google Drive for desktop (macOS)
if [ -d "/Applications/Google Drive.app" ]; then
if [ -d "/Applications/Google Drive.app/Contents/Resources" ]; then
logg info "Combining Google Drive roots.pem with CloudFlare certificate"
mkdir -p "${XDG_DATA_HOME:-$HOME/.local/share}/google-drive"
cat "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem" "/Applications/Google Drive.app/Contents/Resources/roots.pem" >> "${XDG_DATA_HOME:-$HOME/.local/share}/google-drive/roots.pem"
sudo defaults write /Library/Preferences/com.google.drivefs.settings TrustedRootsCertsFile -string "${XDG_DATA_HOME:-$HOME/.local/share}/google-drive/roots.pem"
else
logg warn 'Google Drive.app installed but roots.pem is not available yet'
fi
fi
### Ensure MDM settings are applied (deletes after reboot on macOS)
### TODO: Ensure `.plist` can be added to `~/Library/Managed Preferences` and not just `/Library/Managed Preferences`
# Source: https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/
# Source for JumpCloud: https://developers.cloudflare.com/cloudflare-one/static/documentation/connections/CloudflareWARP.mobileconfig
if [ -d /System ] && [ -d /Applications ]; then
sudo cp -f "$HOME/Library/Managed Preferences/com.cloudflare.warp.plist" '/Library/Managed Preferences/com.cloudflare.warp.plist'
sudo plutil -convert binary1 '/Library/Managed Preferences/com.cloudflare.warp.plist'
### Enable CloudFlare WARP credentials auto-populate (since file is deleted when not managed with MDM)
if [ -f "$HOME/Library/LaunchDaemons/com.cloudflare.warp.plist" ] && [ ! -f "/Library/LaunchDaemons/com.cloudflare.warp.plist" ]; then
sudo mkdir -p /Library/LaunchDaemons
sudo cp -f "$HOME/Library/LaunchDaemons/com.cloudflare.warp.plist" '/Library/LaunchDaemons/com.cloudflare.warp.plist'
sudo launchctl load "/Library/LaunchDaemons/com.cloudflare.warp.plist"
fi
elif [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/warp/mdm.xml" ]; then
sudo mkdir -p /var/lib/cloudflare-warp
sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/warp/mdm.xml" /var/lib/cloudflare-warp/mdm.xml
fi
### Register CloudFlare WARP
if warp-cli --accept-tos status | grep 'Registration missing' > /dev/null; then
logg info 'Registering CloudFlare WARP'
warp-cli --accept-tos register
else
logg info 'Either there is a misconfiguration or the device is already registered with CloudFlare WARP'
fi
### Connect CloudFlare WARP
if warp-cli --accept-tos status | grep 'Disconnected' > /dev/null; then
logg info 'Connecting to CloudFlare WARP'
warp-cli --accept-tos connect > /dev/null && logg success 'Connected to CloudFlare WARP'
else
logg info 'Either there is a misconfiguration or the device is already connected with CloudFlare WARP'
fi
else
logg warn '`warp-cli` was not installed so CloudFlare WARP cannot be joined'
fi
{{- $registrationToken := "" }}
echo "{{ .host.hostname }}"
echo "{{ joinPath .host.home ".config" "age" "chezmoi.txt" }}"
echo "{{ joinPath .chezmoi.sourceDir ".chezmoitemplates" "cloudflared" .host.hostname }}"
echo "{{ stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "cloudflared" .host.hostname) }}"
{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "cloudflared" .host.hostname)) -}}
echo "IN HEREEE"
{{- $registrationToken = (includeTemplate (print "cloudflared/" .host.hostname) | decrypt) -}}
{{- end }}
### Set up CloudFlare tunnels
echo 'Registration token debug:'
echo -n '{{ includeTemplate (print "cloudflared/" .host.hostname) | decrypt }}'
echo "ZZZZZZZZZZZZ"
echo ""
echo ""
echo -n '{{ $registrationToken }}'
echo ""
echo "OOOOOOOOOOOOO"
echo ""
echo '{{ $registrationToken }}'
echo ""
echo '555555'
set -ex
echo '{{ stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "cloudflared" .host.hostname) }}
if command -v cloudflared > /dev/null && [ -d "$HOME/.local/etc/cloudflared" ]; then
# Show warning message about ~/.cloudflared already existing
if [ -d "$HOME/.cloudflared" ]; then
logg warn '~/.cloudflared is already in the home directory - to ensure proper deployment, remove previous tunnel configuration folders'
fi
# Copy over configuration files
logg info 'Copying over configuration files from ~/.local/etc/cloudflared to /usr/local/etc/cloudflared'
sudo cp -f "$HOME/.local/etc/cloudflared/cert.pem" /usr/local/etc/cloudflared/cert.pem
sudo cp -f "$HOME/.local/etc/cloudflared/config.yml" /usr/local/etc/cloudflared/config.yml
# Register tunnel (if not already registered)
if sudo cloudflared tunnel list | grep "host-{{ .host.hostname }}" > /dev/null; then
logg info 'CloudFlare tunnel is already registered'
else
logg info 'Creating a CloudFlare tunnel to this host'
sudo cloudflared tunnel create "host-{{ .host.hostname }}"
fi
TUNNEL_ID="$(sudo cloudflared tunnel list | grep "host-{{ .host.hostname }}" | sed 's/ .*//')"
logg info "Tunnel ID: $TUNNEL_ID"
if [ -f "/usr/local/etc/cloudflared/${TUNNEL_ID}.json" ]; then
logg info 'Symlinking tunnel configuration to /usr/local/etc/cloudflared/credentials.json'
rm -f /usr/local/etc/cloudflared/credentials.json
sudo ln -s "/usr/local/etc/cloudflared/${TUNNEL_ID}.json" /usr/local/etc/cloudflared/credentials.json
else
logg info 'Handling case where the tunnel registration is not present in /usr/local/etc/cloudflared'
{{ if eq $registrationToken "" -}}
logg warn 'Registration token is unavailable - you might have to delete the pre-existing tunnel or set up secrets properly'
{{- else -}}
logg info 'Registration token retrieved from encrypted blob stored at `home/.chezmoitemplates/cloudflared/{{ .host.hostname }}`'
{{ if eq (substr 0 1 $registrationToken) "{" -}}
logg info 'Registration token stored in credential file form'
echo -n '{{ $registrationToken }}' | sudo tee /usr/local/etc/cloudflared/credentials.json > /dev/null
{{ else }}
logg info 'Registration token is in token form - it will be used in conjunction with `sudo cloudflared service install`'
{{- end }}
{{- end }}
fi
# Set up service
if [ -d /Applications ] && [ -d /System ]; then
# System is macOS
if [ -f /Library/LaunchDaemons/com.cloudflare.cloudflared.plist ]; then
logg info '`cloudflared` service is already installed'
else
logg info 'Running `sudo cloudflared service install`'
sudo cloudflared service install{{ if and (ne $registrationToken "") (eq (substr 0 1 $registrationToken) "{") -}} {{ $registrationToken }}{{ end }}
fi
logg info 'Ensuring cloudflared service is installed'
sudo launchctl start com.cloudflare.cloudflared
elif [ -f /etc/os-release ]; then
# System is Linux
logg info 'Copying over configuration files from ~/.local/etc/cloudflared to /usr/local/etc/cloudflared'
sudo cp -rf "$HOME/.local/etc/cloudflared" /usr/local/etc/cloudflared
if systemctl --all --type service | grep -q "cloudflared" > /dev/null; then
logg info '`cloudflared` service is already available as a service'
else
logg info 'Running `sudo cloudflared service install`'
sudo cloudflared service install{{ if and (ne $registrationToken "") (eq (substr 0 1 $registrationToken) "{") -}} {{ $registrationToken }}{{ end }}
fi
logg info 'Ensuring cloudflared service is started'
sudo systemctl start cloudflared
logg info 'Enabling cloudflared as a boot systemctl service'
sudo systemctl enable cloudflared
else
# System is Windows
cloudflared service install
mkdir C:\Windows\System32\config\systemprofile\.cloudflared
# Copy same cert.pem as being used above
# copy C:\Users\%USERNAME%\.cloudflared\cert.pem C:\Windows\System32\config\systemprofile\.cloudflared\cert.pem
# https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/local/as-a-service/windows/
fi
else
logg info 'cloudflared was not installed so CloudFlare Tunnels cannot be enabled. (Or the ~/.local/etc/cloudflared folder is not present)'
fi
{{ end -}}

View file

@ -0,0 +1,21 @@
# `sheldon` configuration file
# ----------------------------
#
# You can modify this file directly or you can use one of the following
# `sheldon` commands which are provided to assist in editing the config file:
#
# - `sheldon add` to add a new plugin to the config file
# - `sheldon edit` to open up the config file in the default editor
# - `sheldon remove` to remove a plugin from the config file
#
# See the documentation for more https://github.com/rossmacarthur/sheldon#readme
shell = "bash"
[plugins]
[plugins.sheldon]
inline = 'sheldon() { sheldon completions --shell bash }'
[plugins.wp]
remote = "https://raw.githubusercontent.com/wp-cli/wp-cli/v2.7.1/utils/wp-completion.bash"

View file

@ -0,0 +1,18 @@
# `sheldon` configuration file
# ----------------------------
#
# You can modify this file directly or you can use one of the following
# `sheldon` commands which are provided to assist in editing the config file:
#
# - `sheldon add` to add a new plugin to the config file
# - `sheldon edit` to open up the config file in the default editor
# - `sheldon remove` to remove a plugin from the config file
#
# See the documentation for more https://github.com/rossmacarthur/sheldon#readme
shell = "fish"
[plugins]
[plugins.sheldon]
inline = 'sheldon() { sheldon completions --shell fish }'

View file

@ -0,0 +1,18 @@
# `sheldon` configuration file
# ----------------------------
#
# You can modify this file directly or you can use one of the following
# `sheldon` commands which are provided to assist in editing the config file:
#
# - `sheldon add` to add a new plugin to the config file
# - `sheldon edit` to open up the config file in the default editor
# - `sheldon remove` to remove a plugin from the config file
#
# See the documentation for more https://github.com/rossmacarthur/sheldon#readme
shell = "zsh"
[plugins]
[plugins.sheldon]
inline = 'sheldon() { sheldon completions --shell zsh }'

View file

@ -47,6 +47,10 @@ if command -v bat > /dev/null; then
}
fi
### curl-impersonate
# https://github.com/lwthiker/curl-impersonate
alias curl-impersonate='docker run --rm lwthiker/curl-impersonate:0.5-chrome curl_chrome110'
### curlie
if command -v curlie > /dev/null; then
alias curl='curlie'

View file

@ -0,0 +1,4 @@
#!/usr/bin/env bash
# https://github.com/ncarlier/webhookd
alias webhookd='docker run -d --name=webhookd -v ${PWD}/scripts:/scripts -p 8080:8080 ncarlier/webhookd'

View file

@ -117,8 +117,8 @@ export ASDF_PYTHON_DEFAULT_PACKAGES_FILE="${XDG_CONFIG_HOME:-$HOME/.config}/asdf
### AWS CLI
export AWS_SHARED_CREDENTIALS_FILE="${XDG_CONFIG_HOME:-$HOME/.config}/aws/credentials"
export AWS_CONFIG_FILE="${XDG_CONFIG_HOME:-$HOME/.config}/aws/config"
if [ -f "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.crt" ]; then
export AWS_CA_BUNDLE="${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.crt"
if [ -f "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.crt" ]; then
export AWS_CA_BUNDLE="$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.crt"
fi
### Azure CLI
@ -298,7 +298,7 @@ export NETRC="${XDG_CONFIG_HOME:-$HOME/.config}/netrc"
export NAVI_CONFIG="${XDG_CONFIG_HOME:-$HOME/.config}/navi/config.yaml"
### Nix
export NIX_SSL_CERT_FILE="${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.crt"
export NIX_SSL_CERT_FILE="$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.crt"
### nnn
if command -v nnn > /dev/null; then
@ -311,8 +311,8 @@ fi
### Node.js
export NODE_REPL_HISTORY="${XDG_DATA_HOME:-$HOME/.local/share}/node_repl_history"
if [ -f "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" ]; then
export NODE_EXTRA_CA_CERTS="${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem"
if [ -f "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem" ]; then
export NODE_EXTRA_CA_CERTS="$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem"
fi
### NPM
@ -384,6 +384,10 @@ export RUSTUP_HOME="${XDG_DATA_HOME:-$HOME/.local/share}/rustup"
### SDKMan
export SDKMAN_DIR="${XDG_DATA_HOME:-$HOME/.local/share}/sdkman"
### Sheldon
export SHELDON_CONFIG_DIR="${XDG_CONFIG_HOME:-$HOME/.config}/sheldon"
export SHELDON_DATA_DIR="${XDG_DATA_HOME:-$HOME/.local/share}/sheldon"
### Steampipe
export STEAMPIPE_INSTALL_DIR="${XDG_DATA_HOME:-$HOME/.local/share}/steampipe"
export STEAMPIPE_TELEMETRY=none

View file

@ -0,0 +1,39 @@
#!/usr/bin/env node
import task from 'tasuku'
task('Task 1', async ({ setTitle }) => {
console.log('hey')
setTitle('Task 1 finished')
})
task('Task 2', async () => {
console.log('yo')
const nestedTask = await task('Do another task', async ({ task }) => {
await someAsyncTask()
})
nestedTask.clear()
})
task('Task 3', async () => {
console.log('sup')
})
const api = await task.group(task => [
task(
'Task 1',
async () => await someAsyncTask()
),
task(
'Task 2',
async () => await someAsyncTask()
)
// ...
], {
concurrency: 2 // Number of tasks to run at a time
})
api.clear() // Clear output

View file

@ -0,0 +1,35 @@
#!/usr/bin/env bash
# @file Configure HTTPS certificates via Certbot
# @brief Acquires initial Certbot Let's Encrypt certificates and adds a cronjob for certificate renewal
# @description
# This script ensures the system has Let's Encrypt SSL certificates loaded. It leverages the CloudFlare DNS method.
# So long as your `.user.cloudflare.username` value in `home/.chezmoi.yaml.tmpl`, your `CLOUDFLARE_API_TOKEN` variable,
# and your `.host.domain` value in `home/.chezmoi.yaml.tmpl` are available, then this process should work. The API token
# only needs access to `DNS:Zone:Edit` for your `.host.domain` on CloudFlare.
#
# ## Links
#
# * [certbot-dns-cloudflare](https://certbot-dns-cloudflare.readthedocs.io/en/stable/)
# * [CloudFlare API Tokens](https://dash.cloudflare.com/profile/api-tokens)
# TODO: Integrate this into flow
if command -v certbot > /dev/null; then
if [ -f '/etc/letsencrypt/live/{{ .host.domain }}/cert.pem' ]; then
logg info 'LetsEncrypt SSL certificate is already available'
else
logg info 'Acquiring certbot LetsEncrypt SSL certificates'
certbot certonly --noninteractive --dns-cloudflare --agree-tos --email '{{ .user.cloudflare.username }}' --dns-cloudflare-propagation-seconds 14 -d '*.{{ .host.domain }},*.lab.{{ .host.domain }},*.{{ .host.hostname | replace .host.domain "" | replace "." "" }}.{{ .host.domain }}'
fi
### Setup cronjob
if ! sudo crontab -l | grep "$(which certbot) renew --quiet" > /dev/null; then
TMP="$(mktemp)"
echo "30 3 * * * $(which certbot) renew --quiet" > "$TMP"
logg info 'Adding certbot renew entry to crontab'
sudo crontab < "$TMP"
fi
else
logg warn 'certbot is not available. SSL certificate issuance cannot be run without it.'
fi

View file

@ -0,0 +1,3 @@
{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (or (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_API_TOKEN")) (env "CLOUDFLARE_API_TOKEN")) -}}
dns_cloudflare_api_token = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_API_TOKEN")) }}{{- includeTemplate "secrets/CLOUDFLARE_API_TOKEN" | decrypt | trim -}}{{ else }}{{- env "CLOUDFLARE_API_TOKEN" -}}{{ end }}
{{- end -}}

View file

@ -0,0 +1,2 @@
dns-cloudflare-credentials = /etc/letsencrypt/dns-cloudflare.ini
server = https://acme-v02.api.letsencrypt.org/directory

View file

@ -1,24 +0,0 @@
# Source: https://raw.githubusercontent.com/wp-cli/wp-cli/v2.7.1/utils/wp-completion.bash
# bash completion for the `wp` command
_wp_complete() {
local OLD_IFS="$IFS"
local cur=${COMP_WORDS[COMP_CWORD]}
IFS=$'\n'; # want to preserve spaces at the end
local opts="$(wp cli completions --line="$COMP_LINE" --point="$COMP_POINT")"
if [[ "$opts" =~ \<file\>\s* ]]
then
COMPREPLY=( $(compgen -f -- $cur) )
elif [[ $opts = "" ]]
then
COMPREPLY=( $(compgen -f -- $cur) )
else
COMPREPLY=( ${opts[*]} )
fi
IFS="$OLD_IFS"
return 0
}
complete -o nospace -F _wp_complete wp

View file

@ -265,8 +265,7 @@ if command -v antigen > /dev/null; then
# Official Oh-My-ZSH plugins
antigen use oh-my-zsh
antigen bundle adb
antigen bundle bazel
antigen bundle codeclimatefd
# antigen bundle bazel # Unused
# antigen bundle colored-man-pages
antigen bundle command-not-found
antigen bundle copybuffer
@ -428,43 +427,6 @@ fi
### Java (asdf)
[ ! -f "$ASDF_DATA_DIR/plugins/java/set-java-home.zsh" ] || source "$ASDF_DATA_DIR/plugins/java/set-java-home.zsh"
### Mamba Forge (Faster Conda Drop-In Replacement)
# TODO: Add support for Linux
if [ -f /usr/local/Caskroom/mambaforge/base/bin/conda ]; then
# >>> conda initialize >>>
# !! Contents within this block are managed by 'conda init' !!
__conda_setup="$('/usr/local/Caskroom/mambaforge/base/bin/conda' 'shell.zsh' 'hook' 2> /dev/null)"
if [ $? -eq 0 ]; then
eval "$__conda_setup"
else
if [ -f "/usr/local/Caskroom/mambaforge/base/etc/profile.d/conda.sh" ]; then
. "/usr/local/Caskroom/mambaforge/base/etc/profile.d/conda.sh"
else
export PATH="/usr/local/Caskroom/mambaforge/base/bin:$PATH"
fi
fi
unset __conda_setup
# <<< conda initialize <<<
fi
### Micro-Mamba
# Generate command: micromamba shell init -s zsh -p "${XDG_DATA_HOME:-$HOME/.local/share}/micromamba"
# TODO: Ensure Linux support
if [ -f /usr/local/bin/micromamba ]; then
# >>> mamba initialize >>>
# !! Contents within this block are managed by 'mamba init' !!
export MAMBA_EXE='/usr/local/bin/micromamba';
export MAMBA_ROOT_PREFIX="${XDG_DATA_HOME:-$HOME/.local/share}/micromamba";
__mamba_setup="$("$MAMBA_EXE" shell hook --shell zsh --root-prefix "$MAMBA_ROOT_PREFIX" 2> /dev/null)"
if [ $? -eq 0 ]; then
eval "$__mamba_setup"
else
alias micromamba="$MAMBA_EXE" # Fallback on help from mamba activate
fi
unset __mamba_setup
# <<< mamba initialize <<<
fi
### Navi (Ctrl+G)
! command -v navi > /dev/null || eval "$(navi widget zsh)"
@ -472,7 +434,7 @@ fi
[ ! -f "$HOME/.fig/shell/zshrc.post.zsh" ] || source "$HOME/.fig/shell/zshrc.post.zsh"
### Powerline
[ ! -f "${XDG_CONFIG_HOME:-$HOME.config}/scripts/p10k.zsh" ] || source "$HOME/.local/scripts/p10k.zsh"
[ ! -f "${XDG_CONFIG_HOME:-$HOME/.config}/shell/p10k.zsh" ] || source "${XDG_CONFIG_HOME:-$HOME/.config}/shell/p10k.zsh"
### SDKMan
if command -v brew > /dev/null && command -v sdkman-cli > /dev/null; then
@ -483,6 +445,10 @@ elif [ -f "$SDKMAN_DIR/bin/sdkman-init.sh" ]; then
. "$SDKMAN_DIR/bin/sdkman-init.sh"
fi
### Sheldon
export SHELDON_CONFIG_FILE="$SHELDON_CONFIG_DIR/plugins.zsh.toml"
! command -v sheldon > /dev/null || eval "$(sheldon source)"
### Up
[ ! -f "${XDG_DATA_HOME:-$HOME/.local/share}/up/up.sh" ] || source "${XDG_DATA_HOME:-$HOME/.local/share}/up/up.sh"

22099
local/package-lock.json generated

File diff suppressed because it is too large Load diff

View file

@ -646,7 +646,8 @@ softwarePackages:
_home: https://github.com/joehillen/sysz
_name: syz
nix-env: nixpkgs.sysz
paru: sysz
bin: https://github.com/joehillen/sysz
pacman: sysz
script:linux: cd /tmp && git clone https://github.com/joehillen/sysz.git && cd sysz && sudo make install && cd /tmp && rm -rf sysz
appium:
_bin: appium
@ -1266,6 +1267,13 @@ softwarePackages:
port: bat
scoop: bat
zypper: bat
bat-extras:
_bin: batman
_github: https://github.com/eth-p/bat-extras
_name: Bat Extras
brew: bat-extras
pacman: bat-extras
emerge: sys-apps/bat-extras
beets:
_bin: beet
_desc: 'The purpose of [Beets](https://beets.io/) is to get your music collection right once and for all. It catalogs your collection, automatically improving its metadata as it goes using the MusicBrainz database. Then it provides a bouquet of tools for manipulating and accessing your music.'
@ -9397,6 +9405,12 @@ softwarePackages:
brew: tig
nix: tig
pkg: tig
doitlive:
_bin: doitlive
_github: https://github.com/sloria/doitlive
_name: Do It Live!
brew: doitlive
pipx: doitlive
howdoi:
_bin: howdoi
_github: https://github.com/gleitz/howdoi
@ -9524,6 +9538,13 @@ softwarePackages:
dnf: tor
pacman: tor
port: tor
sheldon:
_bin: sheldon
_github: https://github.com/rossmacarthur/sheldon
_name: Sheldon
_completions: sheldon completions --shell {SHELL}
brew: sheldon
cargo: sheldon
translate:
_bin: trans
_desc: '[Translate Shell](https://github.com/soimort/translate-shell) (formerly Google Translate CLI) is a command-line translator powered by Google Translate (default), Bing Translator, Yandex.Translate, and Apertium. It gives you easy access to these translation engines in your terminal. It is feature-rich and, although there is some overlap, it complements [Normit](https://gitlab.com/megabyte-labs/ansible-roles/normit) well.'