Update 12 files
- /home/dot_config/rclone/system/s3-system.service.tmpl - /home/dot_config/rclone/private_docker-rclone.conf.tmpl - /home/.chezmoidata.yaml - /home/.chezmoiscripts/universal/run_onchange_after_95-bootstrap-zsh-plugins.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_51-samba.sh.tmpl - /home/dot_local/bin/executable_rclone-mount - /home/dot_config/rclone/system/s3-public.service.tmpl - /home/dot_config/rclone/system/s3-private.service.tmpl - /home/dot_config/rclone/private_system-rclone.conf.tmpl - /home/dot_config/rclone/merge_private_rclone.conf.tmpl - /home/dot_config/rclone/s3-user.service.tmpl - /scripts/src/provision.sh.tmpl
This commit is contained in:
parent
28d6f80855
commit
5f30821078
12 changed files with 165 additions and 75 deletions
|
@ -860,6 +860,85 @@ softwareGroups:
|
|||
- endlessh
|
||||
- fail2ban
|
||||
- openssh-server
|
||||
_General-Purpose-Server: &_General-Purpose-Server
|
||||
- *CLI
|
||||
- *Database
|
||||
- *Essentials
|
||||
- *File-System
|
||||
- *NGINX
|
||||
- *PHP
|
||||
- *Python
|
||||
- *Ruby
|
||||
- *SSH
|
||||
- *Sys-Admin
|
||||
- *Transfer
|
||||
- *Virtualization
|
||||
- ansifilter
|
||||
- aqua
|
||||
- astronvim
|
||||
- automake
|
||||
- autorestic
|
||||
- bat
|
||||
- bfg
|
||||
- boringtun
|
||||
- clamav
|
||||
- cloudflared
|
||||
- cmake
|
||||
- cockpit
|
||||
- docker
|
||||
- dotnet
|
||||
- elastic-agent
|
||||
- envchain
|
||||
- etcd
|
||||
- exiftool
|
||||
- expect
|
||||
- ffmpeg
|
||||
- fury
|
||||
- git
|
||||
- git-extras
|
||||
- git-filter-repo
|
||||
- git-fuzzy
|
||||
- git-lfs
|
||||
- git-secret
|
||||
- git-subrepo
|
||||
- gitlab-runner
|
||||
- gitomatic
|
||||
- glusterfs
|
||||
- glusterfs
|
||||
- go
|
||||
- gomplate
|
||||
- goofys
|
||||
- gradle
|
||||
- imagemagick
|
||||
- java
|
||||
- libimobiledevice
|
||||
- nebula
|
||||
- netdata
|
||||
- openssh-server
|
||||
- pm2
|
||||
- rclone
|
||||
- restic
|
||||
- rkhunter
|
||||
- rust
|
||||
- sake
|
||||
- samba
|
||||
- sftpgo
|
||||
- sharp
|
||||
- skate
|
||||
- snapcraft
|
||||
- solidity
|
||||
- sqlite
|
||||
- ssh-vault
|
||||
- sshfs
|
||||
- tailscale-client
|
||||
- teller
|
||||
- tinypng
|
||||
- upx
|
||||
- warp
|
||||
- wazuh
|
||||
- windows-adk
|
||||
- windows-admin-center
|
||||
- windows-power-toys
|
||||
_Basic-Desktop: &_Basic-Desktop
|
||||
- *_Basic
|
||||
- *Essentials-Desktop
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
#
|
||||
# If CloudFlare R2 credentials are provided, Samba is configured to store its shared files in the Rclone mounts so that your
|
||||
# Samba shares are synchronized to the S3 buckets. If not, new folders are created. Either way, the folder / symlink that the
|
||||
# shares host data from are stored at `/mnt/samba-private` and `/mnt/samba-public`.
|
||||
# shares host data from are stored at `/mnt/share-private` and `/mnt/share-public` (*Note: Different paths are used on macOS*).
|
||||
#
|
||||
# 1. The **public** share (named "Public") can be accessed by anyone (including write permissions with the default settings)
|
||||
# 2. The **private** share (named "Private") can be accessed by specifying the PAM credentials of anyone who has an account that is included in the `sambausers` group
|
||||
|
@ -54,26 +54,43 @@
|
|||
|
||||
### Configure Samba server
|
||||
if command -v smbd > /dev/null; then
|
||||
### Ensure private Samba directory / symlink exists
|
||||
if [ -d /mnt/s3-private ] && [ ! -d /mnt/samba-private ]; then
|
||||
sudo ln -s /mnt/s3-private /mnt/samba-private
|
||||
### Define share locations
|
||||
if [ -d /Applications ] && [ -d /System ]; then
|
||||
### macOS does not have `/mnt` folder so use `/Volumes` location
|
||||
MNT_FOLDER='Volumes'
|
||||
else
|
||||
sudo mkdir -p /mnt/samba-private
|
||||
MNT_FOLDER='mnt'
|
||||
fi
|
||||
PRIVATE_CLOUD="/$MNT_FOLDER/Cloud (Private)"
|
||||
PUBLIC_CLOUD="/$MNT_FOLDER/Cloud (Public)"
|
||||
PRIVATE_SHARE="/$MNT_FOLDER/Network Share (Private)"
|
||||
PUBLIC_SHARE="/$MNT_FOLDER/Network Share (Public)"
|
||||
|
||||
### Ensure private Samba directory / symlink exists
|
||||
if [ -d "$PRIVATE_CLOUD" ] && [ ! -d "$PRIVATE_SHARE" ]; then
|
||||
sudo ln -s "$PRIVATE_CLOUD" "$PRIVATE_SHARE"
|
||||
else
|
||||
sudo mkdir -p "$PRIVATE_SHARE"
|
||||
fi
|
||||
|
||||
### Ensure public Samba directory / symlink exists
|
||||
if [ -d /mnt/s3-public ] && [ ! -d /mnt/samba-public ]; then
|
||||
sudo ln -s /mnt/s3-public /mnt/samba-public
|
||||
if [ -d "$PUBLIC_CLOUD" ] && [ ! -d "$PUBLIC_SHARE" ]; then
|
||||
sudo ln -s "$PUBLIC_CLOUD" "$PUBLIC_SHARE"
|
||||
else
|
||||
sudo mkdir -p /mnt/samba-public
|
||||
sudo mkdir -p "$PUBLIC_SHARE"
|
||||
fi
|
||||
|
||||
### Copy the Samba server configuration file
|
||||
if [ -d /Applications ] && [ -d /System ]; then
|
||||
logg warn 'TODO Add logic that applies the Samba configuration for macOS'
|
||||
else
|
||||
logg info "Copying Samba server configuration to /etc/samba/smb.conf"
|
||||
sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/samba/config" "/etc/samba/smb.conf"
|
||||
|
||||
### Reload configuration file changes
|
||||
logg info 'Reloading the `smbd` config'
|
||||
smbcontrol smbd reload-config
|
||||
fi
|
||||
else
|
||||
logg info "Samba server is not installed"
|
||||
fi
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
# It does this by invoking ZSH in the background during the provisioning process so that "first-run" tasks such
|
||||
# as cache-building are handled ahead of time.
|
||||
|
||||
# .zshrc hash: {{ include (joinPath .chezmoi.homeDir ".zshrc")| sha256sum }}
|
||||
# .zshrc hash: {{ include (joinPath .chezmoi.homeDir ".zshrc") | sha256sum }}
|
||||
|
||||
{{ includeTemplate "universal/profile" }}
|
||||
{{ includeTemplate "universal/logg" }}
|
||||
|
|
|
@ -16,13 +16,13 @@ fi
|
|||
tee -a "$CONFIG_FILE" > /dev/null <<EOT
|
||||
# MEGABYTE LABS MANAGED S3
|
||||
[{{ .user.username}}-s3]
|
||||
type = s3
|
||||
provider = Cloudflare
|
||||
access_key_id = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID")) }}{{ includeTemplate "secrets/CLOUDFLARE_R2_ID" | decrypt }}{{ else }}{{ env "CLOUDFLARE_R2_ID" }}{{ end }}
|
||||
secret_access_key = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET")) }}{{ includeTemplate "secrets/CLOUDFLARE_R2_SECRET" | decrypt }}{{ else }}{{ env "CLOUDFLARE_R2_SECRET" }}{{ end }}
|
||||
region = auto
|
||||
endpoint = {{ .user.cloudflare.r2 }}.r2.cloudflarestorage.com/user
|
||||
access_key_id = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID")) }}{{- includeTemplate "secrets/CLOUDFLARE_R2_ID" | decrypt -}}{{ else }}{{- env "CLOUDFLARE_R2_ID" -}}{{ end }}
|
||||
acl = private
|
||||
endpoint = {{ .user.cloudflare.r2 }}.r2.cloudflarestorage.com/user
|
||||
provider = Cloudflare
|
||||
region = auto
|
||||
secret_access_key = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET")) }}{{- includeTemplate "secrets/CLOUDFLARE_R2_SECRET" | decrypt -}}{{ else }}{{- env "CLOUDFLARE_R2_SECRET" -}}{{ end }}
|
||||
type = s3
|
||||
# MEGABYTE LABS MANAGED S3
|
||||
EOT
|
||||
{{- end -}}
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
{{- if and (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID"))) (env "CLOUDFLARE_R2_ID")) (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET"))) (env "CLOUDFLARE_R2_SECRET")) (ne .user.cloudflare.r2 "") -}}
|
||||
[docker]
|
||||
access_key_id = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID")) }}{{ includeTemplate "secrets/CLOUDFLARE_R2_ID" | decrypt }}{{ else }}{{ env "CLOUDFLARE_R2_ID" }}{{ end }}
|
||||
acl = private
|
||||
endpoint = {{ .user.cloudflare.r2 }}.r2.cloudflarestorage.com/docker
|
||||
env_auth = false
|
||||
provider = Cloudflare
|
||||
region = auto
|
||||
secret_access_key = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET")) }}{{ includeTemplate "secrets/CLOUDFLARE_R2_SECRET" | decrypt }}{{ else }}{{ env "CLOUDFLARE_R2_SECRET" }}{{ end }}
|
||||
type = s3
|
||||
{{ end -}}
|
|
@ -1,28 +1,37 @@
|
|||
{{- if and (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID"))) (env "CLOUDFLARE_R2_ID")) (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET"))) (env "CLOUDFLARE_R2_SECRET")) (ne .user.cloudflare.r2 "") -}}
|
||||
[private]
|
||||
type = s3
|
||||
provider = Cloudflare
|
||||
env_auth = false
|
||||
access_key_id = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID")) }}{{ includeTemplate "secrets/CLOUDFLARE_R2_ID" | decrypt }}{{ else }}{{ env "CLOUDFLARE_R2_ID" }}{{ end }}
|
||||
secret_access_key = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET")) }}{{ includeTemplate "secrets/CLOUDFLARE_R2_SECRET" | decrypt }}{{ else }}{{ env "CLOUDFLARE_R2_SECRET" }}{{ end }}
|
||||
endpoint = {{ .user.cloudflare.r2 }}.r2.cloudflarestorage.com/private
|
||||
[docker]
|
||||
access_key_id = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID")) }}{{- includeTemplate "secrets/CLOUDFLARE_R2_ID" | decrypt -}}{{ else }}{{- env "CLOUDFLARE_R2_ID" -}}{{ end }}
|
||||
acl = private
|
||||
endpoint = {{ .user.cloudflare.r2 }}.r2.cloudflarestorage.com/docker
|
||||
env_auth = false
|
||||
provider = Cloudflare
|
||||
secret_access_key = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET")) }}{{- includeTemplate "secrets/CLOUDFLARE_R2_SECRET" | decrypt -}}{{ else }}{{- env "CLOUDFLARE_R2_SECRET" -}}{{ end }}
|
||||
type = s3
|
||||
|
||||
[private]
|
||||
access_key_id = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID")) }}{{- includeTemplate "secrets/CLOUDFLARE_R2_ID" | decrypt -}}{{ else }}{{- env "CLOUDFLARE_R2_ID" -}}{{ end }}
|
||||
acl = private
|
||||
endpoint = {{ .user.cloudflare.r2 }}.r2.cloudflarestorage.com/private
|
||||
env_auth = false
|
||||
provider = Cloudflare
|
||||
secret_access_key = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET")) }}{{- includeTemplate "secrets/CLOUDFLARE_R2_SECRET" | decrypt -}}{{ else }}{{- env "CLOUDFLARE_R2_SECRET" -}}{{ end }}
|
||||
type = s3
|
||||
|
||||
[public]
|
||||
type = s3
|
||||
provider = Cloudflare
|
||||
env_auth = false
|
||||
access_key_id = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID")) }}{{ includeTemplate "secrets/CLOUDFLARE_R2_ID" | decrypt }}{{ else }}{{ env "CLOUDFLARE_R2_ID" }}{{ end }}
|
||||
secret_access_key = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET")) }}{{ includeTemplate "secrets/CLOUDFLARE_R2_SECRET" | decrypt }}{{ else }}{{ env "CLOUDFLARE_R2_SECRET" }}{{ end }}
|
||||
endpoint = {{ .user.cloudflare.r2 }}.r2.cloudflarestorage.com/public
|
||||
access_key_id = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID")) }}{{- includeTemplate "secrets/CLOUDFLARE_R2_ID" | decrypt -}}{{ else }}{{- env "CLOUDFLARE_R2_ID" -}}{{ end }}
|
||||
acl = public-read
|
||||
endpoint = {{ .user.cloudflare.r2 }}.r2.cloudflarestorage.com/public
|
||||
env_auth = false
|
||||
provider = Cloudflare
|
||||
secret_access_key = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET")) }}{{- includeTemplate "secrets/CLOUDFLARE_R2_SECRET" | decrypt -}}{{ else }}{{- env "CLOUDFLARE_R2_SECRET" -}}{{ end }}
|
||||
type = s3
|
||||
|
||||
[system]
|
||||
type = s3
|
||||
provider = Cloudflare
|
||||
env_auth = false
|
||||
access_key_id = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID")) }}{{ includeTemplate "secrets/CLOUDFLARE_R2_ID" | decrypt }}{{ else }}{{ env "CLOUDFLARE_R2_ID" }}{{ end }}
|
||||
secret_access_key = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET")) }}{{ includeTemplate "secrets/CLOUDFLARE_R2_SECRET" | decrypt }}{{ else }}{{ env "CLOUDFLARE_R2_SECRET" }}{{ end }}
|
||||
endpoint = {{ .user.cloudflare.r2 }}.r2.cloudflarestorage.com/system
|
||||
access_key_id = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID")) }}{{- includeTemplate "secrets/CLOUDFLARE_R2_ID" | decrypt -}}{{ else }}{{- env "CLOUDFLARE_R2_ID" -}}{{ end }}
|
||||
acl = private
|
||||
endpoint = {{ .user.cloudflare.r2 }}.r2.cloudflarestorage.com/system
|
||||
env_auth = false
|
||||
provider = Cloudflare
|
||||
secret_access_key = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET")) }}{{- includeTemplate "secrets/CLOUDFLARE_R2_SECRET" | decrypt -}}{{ else }}{{- env "CLOUDFLARE_R2_SECRET" -}}{{ end }}
|
||||
type = s3
|
||||
{{ end -}}
|
||||
|
|
|
@ -7,7 +7,7 @@ Type=simple
|
|||
User={{ .user.username }}
|
||||
ExecStartPre=/usr/bin/mkdir -p /home/{{ .user.username }}/.local/mnt/s3
|
||||
ExecStart=/usr/local/bin/rclone-mount "user" "{{ .user.username }}" "s3"
|
||||
ExecStop=/bin/fusermount -u /home/{{ .user.username }}/.local/mnt/s3
|
||||
ExecStop=/bin/fusermount -u "/home/{{ .user.username }}/.local/mnt/s3"
|
||||
Restart=always
|
||||
RestartSec=10
|
||||
|
||||
|
|
|
@ -5,8 +5,8 @@ After=network-online.target
|
|||
[Service]
|
||||
Type=simple
|
||||
User=rclone
|
||||
ExecStart=/usr/local/bin/rclone-mount "rclone" "rclone" "s3-private"
|
||||
ExecStop=/bin/fusermount -u /mnt/s3-private
|
||||
ExecStart=/usr/local/bin/rclone-mount "rclone" "rclone" "Cloud (Private)"
|
||||
ExecStop=/bin/fusermount -u "/mnt/Cloud (Private)"
|
||||
Restart=always
|
||||
RestartSec=10
|
||||
|
||||
|
|
|
@ -5,8 +5,8 @@ After=network-online.target
|
|||
[Service]
|
||||
Type=simple
|
||||
User=rclone
|
||||
ExecStart=/usr/local/bin/rclone-mount "rclone" "rclone" "s3-public"
|
||||
ExecStop=/bin/fusermount -u /mnt/s3-public
|
||||
ExecStart=/usr/local/bin/rclone-mount "rclone" "rclone" "Cloud (Public)"
|
||||
ExecStop=/bin/fusermount -u "/mnt/Cloud (Public)"
|
||||
Restart=always
|
||||
RestartSec=10
|
||||
|
||||
|
|
|
@ -1,14 +0,0 @@
|
|||
[Unit]
|
||||
Description=rclone S3 service (system)
|
||||
After=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=rclone
|
||||
ExecStart=/usr/local/bin/rclone-mount "rclone" "rclone" "s3-system"
|
||||
ExecStop=/bin/fusermount -u /mnt/s3-system
|
||||
Restart=always
|
||||
RestartSec=10
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
|
@ -7,17 +7,27 @@ MOUNT="$3"
|
|||
|
||||
### Path definitions
|
||||
if [ "$TYPE" = 'user' ]; then
|
||||
CACHE_FOLDER="/home/$USER/.cache/rclone"
|
||||
CONFIG_FOLDER="/home/$USER/.config/rclone"
|
||||
LOG_FOLDER="/home/$USER/.local/log"
|
||||
if [ -d /Applications ] && [ -d /System ]; then
|
||||
USER_FOLDER='Users'
|
||||
else
|
||||
USER_FOLDER='home'
|
||||
fi
|
||||
CACHE_FOLDER="/$USER_FOLDER/$USER/.cache/rclone"
|
||||
CONFIG_FOLDER="/$USER_FOLDER/$USER/.config/rclone"
|
||||
LOG_FOLDER="/$USER_FOLDER/$USER/.local/log"
|
||||
LOG_FILE="$LOG_FOLDER/$MOUNT.log"
|
||||
MOUNT_PATH="/home/{{ .user.username }}/.local/mnt/$MOUNT"
|
||||
MOUNT_PATH="/$USER_FOLDER/$USER/.local/mnt/$MOUNT"
|
||||
else
|
||||
CACHE_FOLDER="/var/cache/rclone/$MOUNT"
|
||||
CONFIG_FOLDER="/etc"
|
||||
LOG_FOLDER="/var/log/rclone"
|
||||
LOG_FILE="$LOG_FOLDER/$MOUNT.log"
|
||||
MOUNT_PATH="/mnt/$MOUNT"
|
||||
if [ -d /Applications ] && [ -d /System ]; then
|
||||
MNT_FOLDER='Volumes'
|
||||
else
|
||||
MNT_FOLDER='mnt'
|
||||
fi
|
||||
MOUNT_PATH="/$MNT_FOLDER/$MOUNT"
|
||||
fi
|
||||
|
||||
### Ensure folders exist
|
||||
|
@ -30,7 +40,7 @@ done
|
|||
### Define rcloneignore location
|
||||
RCLONE_IGNORE="$CONFIG_FOLDER/rcloneignore"
|
||||
if [ ! -f "$RCLONE_IGNORE" ] && [ -f "/etc/rcloneignore" ]; then
|
||||
RCLONE_IGNORE='etc/rcloneignore'
|
||||
RCLONE_IGNORE='/etc/rcloneignore'
|
||||
fi
|
||||
|
||||
### Mount
|
||||
|
|
|
@ -220,7 +220,7 @@ if [ ! -f "${XDG_CONFIG_HOME:-$HOME/.config}/chezmoi/chezmoi.yaml" ]; then
|
|||
if command -v gum > /dev/null; then
|
||||
if [ -z "$SOFTWARE_GROUP" ]; then
|
||||
logg prompt 'Select the software group you would like to install. If your environment is a macOS, Windows, or environment with the DISPLAY environment variable then desktop software will be installed too. The software groups are in the '"${XDG_CONFIG_HOME:-$HOME/.config}/chezmoi/chezmoi.yaml"' file.'
|
||||
SOFTWARE_GROUP="$(gum choose "Basic" "Standard" "Full")"
|
||||
SOFTWARE_GROUP="$(gum choose "General-Purpose-Server" "Basic" "Standard" "Full")"
|
||||
export SOFTWARE_GROUP
|
||||
fi
|
||||
else
|
||||
|
|
Loading…
Reference in a new issue