Update 8 files

- /home/.chezmoiscripts/universal/run_onchange_after_81-kubesphere.yml.tmpl
- /home/.chezmoiscripts/universal/run_onchange_after_80-bash-completions.tmpl
- /home/.chezmoiscripts/universal/run_onchange_before_11-install-docker.tmpl
- /home/.chezmoiscripts/universal/run_onchange_after_14-warp.tmpl
- /home/.chezmoiscripts/debian/run_onchange_before_14-warp.tmpl
- /home/.chezmoiscripts/ubuntu/run_onchange_before_14-warp.tmpl
- /home/.chezmoidata.yaml
- /software.yml

home/.chezmoidata.yaml

@@ -828,6 +828,8 @@ softwareGroups:
   _Basic-Desktop: &_Basic-Desktop
     - *_Basic
     - *Essentials-Desktop
+    - firewall-applet
+    - firewall-config
     - stacer
   _Standard: &_Standard
     - *_Basic

home/.chezmoiscripts/debian/run_onchange_before_14-warp.tmpl

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+{{ includeTemplate "universal/logg-before" }}
+
+### Add CloudFlare WARP desktop app apt-get source
+if [ ! -f /etc/apt/sources.list.d/cloudflare-client.list ]; then
+    logg info 'Adding CloudFlare WARP keyring'
+    curl https://pkg.cloudflareclient.com/pubkey.gpg | sudo gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg
+
+    logg info 'Adding apt source reference'
+    echo "deb [arch=amd64 signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflare-client.list
+
+    sudo apt-get update
+fi

home/.chezmoiscripts/ubuntu/run_onchange_before_14-warp.tmpl

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+{{ includeTemplate "universal/logg-before" }}
+
+### Add CloudFlare WARP desktop app apt-get source
+if [ ! -f /etc/apt/sources.list.d/cloudflare-client.list ]; then
+    logg info 'Adding CloudFlare WARP keyring'
+    curl https://pkg.cloudflareclient.com/pubkey.gpg | sudo gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg
+
+    logg info 'Adding apt source reference'
+    echo "deb [arch=amd64 signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflare-client.list
+
+    sudo apt-get update
+fi

home/.chezmoiscripts/universal/run_onchange_after_14-warp.tmpl

@@ -0,0 +1,42 @@
+{{- if (ne .host.distro.family "windows") }}
+#!/usr/bin/env bash
+
+### Configure CloudFlare WARP (if not WSL and warp-cli is installed)
+if [[ ! "$(grep Microsoft /proc/version)" ]] && command -v warp-cli > /dev/null; then
+    ### Register CloudFlare WARP
+    if warp-cli --accept-tos status | grep 'Registration missing' > /dev/null; then
+        logg info 'Registering CloudFlare WARP'
+        warp-cli --accept-tos register
+    else
+        logg info 'Already registered with CloudFlare WARP'
+    fi
+
+    ### Connect CloudFlare WARP
+    if warp-cli --accept-tos status | grep 'Disconnected' > /dev/null; then
+        logg info 'Connecting to CloudFlare WARP'
+        warp-cli --accept-tos connect
+    else
+        logg info 'Already connected to CloudFlare WARP'
+    fi
+
+    ### Enable Always-On mode
+    logg info 'Enabling always-on mode'
+    warp-cli --accept-tos enable-always-on
+
+    ### Enable Family Mode
+    # logg info 'Enabling family-mode'
+    # warp-cli --accept-tos set-families-mode full
+
+    ### Enable WARP+DNS mode
+    # logg info 'Enabling WARP+DNS mode'
+    # warp-cli set-mode warp+doh
+
+    # TODO
+    {{ if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath (.chezmoi.sourceDir ".chezmoitemplates" "secrets" "key-cloudflare-teams-client-id"))) (stat (joinPath (.chezmoi.sourceDir ".chezmoitemplates" "secrets" "key-cloudflare-teams-client-secret"))) -}}
+    ### Enroll with CloudFlare Teams
+    logg info 'Enrolling with CloudFlare Teams'
+    warp-cli teams-enroll '{{- includeTemplate "secrets/key-cloudflare-teams-client-id" | decrypt -}}' '{{- includeTemplate "secrets/key-cloudflare-teams-client-secret" | decrypt -}}'
+    {{- end }}
+fi
+
+{{ end -}}

home/.chezmoiscripts/universal/run_onchange_after_80-bash-completions.tmpl

@@ -1,3 +1,4 @@
+{{- if (ne .host.distro.family "windows") -}}
 #!/usr/bin/env bash
 
 # .chezmoidata.yml hash: {{ include (joinPath .chezmoi.sourceDir ".chezmoidata.yaml")| sha256sum }}
@@ -179,3 +180,5 @@ if command -v zoxide >/dev/null; then
 elif [ -f "$COMPLETION_DIR/zoxide.bash" ]; then
   rm "$COMPLETION_DIR/zoxide.bash"
 fi
+
+{{ end -}}

home/.chezmoiscripts/universal/run_onchange_after_81-kubesphere.yml.tmpl

@@ -0,0 +1 @@
+{{ if }}

home/.chezmoiscripts/universal/run_onchange_before_11-install-docker.tmpl

@@ -177,7 +177,7 @@ if [ ! -d /Applications ] || [ ! -d /System ]; then
         fi
 
         # Restart / enable Docker
-        if command -v systemctl > /dev/null; then
+        if [[ ! "$(grep Microsoft /proc/version)" ]] && command -v systemctl > /dev/null; then
             logg info 'Restarting Docker service'
             sudo systemctl restart docker.service
             sudo systemctl restart containerd.service

software.yml

@@ -6013,6 +6013,16 @@ softwarePackages:
     github: github.com/jessfraz/pony
     go: github.com/jessfraz/pony@latest
     _service: false
+  firewall-applet:
+    _bin: firewall-applet
+    apt: firewall-applet
+    dnf: firewall-applet
+    pacman: firewall-applet
+  firewall-config:
+    _bin: firewall-config
+    apt: firewall-config
+    dnf: firewall-config
+    pacman: firewall-config
   portmaster:
     _bin: null
     _desc: "[Portmaster](https://safing.io/portmaster/) is a free and open-source application that puts you back in charge over all your computer's network connections."
@@ -6023,6 +6033,11 @@ softwarePackages:
     _when:linux: '! test -f /opt/safing/portmaster/portmaster-start'
     ansible:linux: professormanhattan.portmaster
     ansible:windows: professormanhattan.portmaster
+    apt: https://updates.safing.io/latest/linux_amd64/packages/portmaster-installer.
+    choco: portmaster
+    dnf: https://updates.safing.io/latest/linux_amd64/packages/portmaster-installer.rpm
+    exe: https://updates.safing.io/latest/windows_amd64/packages/portmaster-installer.
+    scoop: portmaster-np
     _service: true
     _type: application
   pake:
@@ -8280,7 +8295,9 @@ softwarePackages:
     _when:darwin: '! test -d "/Applications/Cloudflare WARP.app"'
     # Needs tuning - possibly unrelated, but internet wasn't working on Ubuntu after installing this and removed it during debugging
     # ansible: professormanhattan.warp
+    apt: cloudflare-warp
     cask: cloudflare-warp
+    choco: warp
     _service: false
     _type: application
   watchexec: