Update 12 files

- /home/dot_config/rclone/system/s3-system.service.tmpl
- /home/dot_config/rclone/private_docker-rclone.conf.tmpl
- /home/.chezmoidata.yaml
- /home/.chezmoiscripts/universal/run_onchange_after_95-bootstrap-zsh-plugins.sh.tmpl
- /home/.chezmoiscripts/universal/run_onchange_after_51-samba.sh.tmpl
- /home/dot_local/bin/executable_rclone-mount
- /home/dot_config/rclone/system/s3-public.service.tmpl
- /home/dot_config/rclone/system/s3-private.service.tmpl
- /home/dot_config/rclone/private_system-rclone.conf.tmpl
- /home/dot_config/rclone/merge_private_rclone.conf.tmpl
- /home/dot_config/rclone/s3-user.service.tmpl
- /scripts/src/provision.sh.tmpl
This commit is contained in:
Brian Zalewski 2023-04-19 05:15:21 +00:00
parent 28d6f80855
commit 5f30821078
12 changed files with 165 additions and 75 deletions

View file

@ -860,6 +860,85 @@ softwareGroups:
- endlessh
- fail2ban
- openssh-server
_General-Purpose-Server: &_General-Purpose-Server
- *CLI
- *Database
- *Essentials
- *File-System
- *NGINX
- *PHP
- *Python
- *Ruby
- *SSH
- *Sys-Admin
- *Transfer
- *Virtualization
- ansifilter
- aqua
- astronvim
- automake
- autorestic
- bat
- bfg
- boringtun
- clamav
- cloudflared
- cmake
- cockpit
- docker
- dotnet
- elastic-agent
- envchain
- etcd
- exiftool
- expect
- ffmpeg
- fury
- git
- git-extras
- git-filter-repo
- git-fuzzy
- git-lfs
- git-secret
- git-subrepo
- gitlab-runner
- gitomatic
- glusterfs
- glusterfs
- go
- gomplate
- goofys
- gradle
- imagemagick
- java
- libimobiledevice
- nebula
- netdata
- openssh-server
- pm2
- rclone
- restic
- rkhunter
- rust
- sake
- samba
- sftpgo
- sharp
- skate
- snapcraft
- solidity
- sqlite
- ssh-vault
- sshfs
- tailscale-client
- teller
- tinypng
- upx
- warp
- wazuh
- windows-adk
- windows-admin-center
- windows-power-toys
_Basic-Desktop: &_Basic-Desktop
- *_Basic
- *Essentials-Desktop

View file

@ -18,7 +18,7 @@
#
# If CloudFlare R2 credentials are provided, Samba is configured to store its shared files in the Rclone mounts so that your
# Samba shares are synchronized to the S3 buckets. If not, new folders are created. Either way, the folder / symlink that the
# shares host data from are stored at `/mnt/samba-private` and `/mnt/samba-public`.
# shares host data from are stored at `/mnt/share-private` and `/mnt/share-public` (*Note: Different paths are used on macOS*).
#
# 1. The **public** share (named "Public") can be accessed by anyone (including write permissions with the default settings)
# 2. The **private** share (named "Private") can be accessed by specifying the PAM credentials of anyone who has an account that is included in the `sambausers` group
@ -54,26 +54,43 @@
### Configure Samba server
if command -v smbd > /dev/null; then
### Ensure private Samba directory / symlink exists
if [ -d /mnt/s3-private ] && [ ! -d /mnt/samba-private ]; then
sudo ln -s /mnt/s3-private /mnt/samba-private
### Define share locations
if [ -d /Applications ] && [ -d /System ]; then
### macOS does not have `/mnt` folder so use `/Volumes` location
MNT_FOLDER='Volumes'
else
sudo mkdir -p /mnt/samba-private
MNT_FOLDER='mnt'
fi
PRIVATE_CLOUD="/$MNT_FOLDER/Cloud (Private)"
PUBLIC_CLOUD="/$MNT_FOLDER/Cloud (Public)"
PRIVATE_SHARE="/$MNT_FOLDER/Network Share (Private)"
PUBLIC_SHARE="/$MNT_FOLDER/Network Share (Public)"
### Ensure private Samba directory / symlink exists
if [ -d "$PRIVATE_CLOUD" ] && [ ! -d "$PRIVATE_SHARE" ]; then
sudo ln -s "$PRIVATE_CLOUD" "$PRIVATE_SHARE"
else
sudo mkdir -p "$PRIVATE_SHARE"
fi
### Ensure public Samba directory / symlink exists
if [ -d /mnt/s3-public ] && [ ! -d /mnt/samba-public ]; then
sudo ln -s /mnt/s3-public /mnt/samba-public
if [ -d "$PUBLIC_CLOUD" ] && [ ! -d "$PUBLIC_SHARE" ]; then
sudo ln -s "$PUBLIC_CLOUD" "$PUBLIC_SHARE"
else
sudo mkdir -p /mnt/samba-public
sudo mkdir -p "$PUBLIC_SHARE"
fi
### Copy the Samba server configuration file
if [ -d /Applications ] && [ -d /System ]; then
logg warn 'TODO Add logic that applies the Samba configuration for macOS'
else
logg info "Copying Samba server configuration to /etc/samba/smb.conf"
sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/samba/config" "/etc/samba/smb.conf"
### Reload configuration file changes
logg info 'Reloading the `smbd` config'
smbcontrol smbd reload-config
fi
else
logg info "Samba server is not installed"
fi

View file

@ -7,7 +7,7 @@
# It does this by invoking ZSH in the background during the provisioning process so that "first-run" tasks such
# as cache-building are handled ahead of time.
# .zshrc hash: {{ include (joinPath .chezmoi.homeDir ".zshrc")| sha256sum }}
# .zshrc hash: {{ include (joinPath .chezmoi.homeDir ".zshrc") | sha256sum }}
{{ includeTemplate "universal/profile" }}
{{ includeTemplate "universal/logg" }}

View file

@ -16,13 +16,13 @@ fi
tee -a "$CONFIG_FILE" > /dev/null <<EOT
# MEGABYTE LABS MANAGED S3
[{{ .user.username}}-s3]
type = s3
provider = Cloudflare
access_key_id = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID")) }}{{ includeTemplate "secrets/CLOUDFLARE_R2_ID" | decrypt }}{{ else }}{{ env "CLOUDFLARE_R2_ID" }}{{ end }}
secret_access_key = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET")) }}{{ includeTemplate "secrets/CLOUDFLARE_R2_SECRET" | decrypt }}{{ else }}{{ env "CLOUDFLARE_R2_SECRET" }}{{ end }}
region = auto
endpoint = {{ .user.cloudflare.r2 }}.r2.cloudflarestorage.com/user
access_key_id = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID")) }}{{- includeTemplate "secrets/CLOUDFLARE_R2_ID" | decrypt -}}{{ else }}{{- env "CLOUDFLARE_R2_ID" -}}{{ end }}
acl = private
endpoint = {{ .user.cloudflare.r2 }}.r2.cloudflarestorage.com/user
provider = Cloudflare
region = auto
secret_access_key = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET")) }}{{- includeTemplate "secrets/CLOUDFLARE_R2_SECRET" | decrypt -}}{{ else }}{{- env "CLOUDFLARE_R2_SECRET" -}}{{ end }}
type = s3
# MEGABYTE LABS MANAGED S3
EOT
{{- end -}}

View file

@ -1,11 +0,0 @@
{{- if and (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID"))) (env "CLOUDFLARE_R2_ID")) (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET"))) (env "CLOUDFLARE_R2_SECRET")) (ne .user.cloudflare.r2 "") -}}
[docker]
access_key_id = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID")) }}{{ includeTemplate "secrets/CLOUDFLARE_R2_ID" | decrypt }}{{ else }}{{ env "CLOUDFLARE_R2_ID" }}{{ end }}
acl = private
endpoint = {{ .user.cloudflare.r2 }}.r2.cloudflarestorage.com/docker
env_auth = false
provider = Cloudflare
region = auto
secret_access_key = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET")) }}{{ includeTemplate "secrets/CLOUDFLARE_R2_SECRET" | decrypt }}{{ else }}{{ env "CLOUDFLARE_R2_SECRET" }}{{ end }}
type = s3
{{ end -}}

View file

@ -1,28 +1,37 @@
{{- if and (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID"))) (env "CLOUDFLARE_R2_ID")) (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET"))) (env "CLOUDFLARE_R2_SECRET")) (ne .user.cloudflare.r2 "") -}}
[private]
type = s3
provider = Cloudflare
env_auth = false
access_key_id = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID")) }}{{ includeTemplate "secrets/CLOUDFLARE_R2_ID" | decrypt }}{{ else }}{{ env "CLOUDFLARE_R2_ID" }}{{ end }}
secret_access_key = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET")) }}{{ includeTemplate "secrets/CLOUDFLARE_R2_SECRET" | decrypt }}{{ else }}{{ env "CLOUDFLARE_R2_SECRET" }}{{ end }}
endpoint = {{ .user.cloudflare.r2 }}.r2.cloudflarestorage.com/private
[docker]
access_key_id = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID")) }}{{- includeTemplate "secrets/CLOUDFLARE_R2_ID" | decrypt -}}{{ else }}{{- env "CLOUDFLARE_R2_ID" -}}{{ end }}
acl = private
endpoint = {{ .user.cloudflare.r2 }}.r2.cloudflarestorage.com/docker
env_auth = false
provider = Cloudflare
secret_access_key = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET")) }}{{- includeTemplate "secrets/CLOUDFLARE_R2_SECRET" | decrypt -}}{{ else }}{{- env "CLOUDFLARE_R2_SECRET" -}}{{ end }}
type = s3
[private]
access_key_id = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID")) }}{{- includeTemplate "secrets/CLOUDFLARE_R2_ID" | decrypt -}}{{ else }}{{- env "CLOUDFLARE_R2_ID" -}}{{ end }}
acl = private
endpoint = {{ .user.cloudflare.r2 }}.r2.cloudflarestorage.com/private
env_auth = false
provider = Cloudflare
secret_access_key = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET")) }}{{- includeTemplate "secrets/CLOUDFLARE_R2_SECRET" | decrypt -}}{{ else }}{{- env "CLOUDFLARE_R2_SECRET" -}}{{ end }}
type = s3
[public]
type = s3
provider = Cloudflare
env_auth = false
access_key_id = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID")) }}{{ includeTemplate "secrets/CLOUDFLARE_R2_ID" | decrypt }}{{ else }}{{ env "CLOUDFLARE_R2_ID" }}{{ end }}
secret_access_key = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET")) }}{{ includeTemplate "secrets/CLOUDFLARE_R2_SECRET" | decrypt }}{{ else }}{{ env "CLOUDFLARE_R2_SECRET" }}{{ end }}
endpoint = {{ .user.cloudflare.r2 }}.r2.cloudflarestorage.com/public
access_key_id = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID")) }}{{- includeTemplate "secrets/CLOUDFLARE_R2_ID" | decrypt -}}{{ else }}{{- env "CLOUDFLARE_R2_ID" -}}{{ end }}
acl = public-read
endpoint = {{ .user.cloudflare.r2 }}.r2.cloudflarestorage.com/public
env_auth = false
provider = Cloudflare
secret_access_key = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET")) }}{{- includeTemplate "secrets/CLOUDFLARE_R2_SECRET" | decrypt -}}{{ else }}{{- env "CLOUDFLARE_R2_SECRET" -}}{{ end }}
type = s3
[system]
type = s3
provider = Cloudflare
env_auth = false
access_key_id = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID")) }}{{ includeTemplate "secrets/CLOUDFLARE_R2_ID" | decrypt }}{{ else }}{{ env "CLOUDFLARE_R2_ID" }}{{ end }}
secret_access_key = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET")) }}{{ includeTemplate "secrets/CLOUDFLARE_R2_SECRET" | decrypt }}{{ else }}{{ env "CLOUDFLARE_R2_SECRET" }}{{ end }}
endpoint = {{ .user.cloudflare.r2 }}.r2.cloudflarestorage.com/system
access_key_id = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID")) }}{{- includeTemplate "secrets/CLOUDFLARE_R2_ID" | decrypt -}}{{ else }}{{- env "CLOUDFLARE_R2_ID" -}}{{ end }}
acl = private
endpoint = {{ .user.cloudflare.r2 }}.r2.cloudflarestorage.com/system
env_auth = false
provider = Cloudflare
secret_access_key = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET")) }}{{- includeTemplate "secrets/CLOUDFLARE_R2_SECRET" | decrypt -}}{{ else }}{{- env "CLOUDFLARE_R2_SECRET" -}}{{ end }}
type = s3
{{ end -}}

View file

@ -7,7 +7,7 @@ Type=simple
User={{ .user.username }}
ExecStartPre=/usr/bin/mkdir -p /home/{{ .user.username }}/.local/mnt/s3
ExecStart=/usr/local/bin/rclone-mount "user" "{{ .user.username }}" "s3"
ExecStop=/bin/fusermount -u /home/{{ .user.username }}/.local/mnt/s3
ExecStop=/bin/fusermount -u "/home/{{ .user.username }}/.local/mnt/s3"
Restart=always
RestartSec=10

View file

@ -5,8 +5,8 @@ After=network-online.target
[Service]
Type=simple
User=rclone
ExecStart=/usr/local/bin/rclone-mount "rclone" "rclone" "s3-private"
ExecStop=/bin/fusermount -u /mnt/s3-private
ExecStart=/usr/local/bin/rclone-mount "rclone" "rclone" "Cloud (Private)"
ExecStop=/bin/fusermount -u "/mnt/Cloud (Private)"
Restart=always
RestartSec=10

View file

@ -5,8 +5,8 @@ After=network-online.target
[Service]
Type=simple
User=rclone
ExecStart=/usr/local/bin/rclone-mount "rclone" "rclone" "s3-public"
ExecStop=/bin/fusermount -u /mnt/s3-public
ExecStart=/usr/local/bin/rclone-mount "rclone" "rclone" "Cloud (Public)"
ExecStop=/bin/fusermount -u "/mnt/Cloud (Public)"
Restart=always
RestartSec=10

View file

@ -1,14 +0,0 @@
[Unit]
Description=rclone S3 service (system)
After=network-online.target
[Service]
Type=simple
User=rclone
ExecStart=/usr/local/bin/rclone-mount "rclone" "rclone" "s3-system"
ExecStop=/bin/fusermount -u /mnt/s3-system
Restart=always
RestartSec=10
[Install]
WantedBy=default.target

View file

@ -7,17 +7,27 @@ MOUNT="$3"
### Path definitions
if [ "$TYPE" = 'user' ]; then
CACHE_FOLDER="/home/$USER/.cache/rclone"
CONFIG_FOLDER="/home/$USER/.config/rclone"
LOG_FOLDER="/home/$USER/.local/log"
if [ -d /Applications ] && [ -d /System ]; then
USER_FOLDER='Users'
else
USER_FOLDER='home'
fi
CACHE_FOLDER="/$USER_FOLDER/$USER/.cache/rclone"
CONFIG_FOLDER="/$USER_FOLDER/$USER/.config/rclone"
LOG_FOLDER="/$USER_FOLDER/$USER/.local/log"
LOG_FILE="$LOG_FOLDER/$MOUNT.log"
MOUNT_PATH="/home/{{ .user.username }}/.local/mnt/$MOUNT"
MOUNT_PATH="/$USER_FOLDER/$USER/.local/mnt/$MOUNT"
else
CACHE_FOLDER="/var/cache/rclone/$MOUNT"
CONFIG_FOLDER="/etc"
LOG_FOLDER="/var/log/rclone"
LOG_FILE="$LOG_FOLDER/$MOUNT.log"
MOUNT_PATH="/mnt/$MOUNT"
if [ -d /Applications ] && [ -d /System ]; then
MNT_FOLDER='Volumes'
else
MNT_FOLDER='mnt'
fi
MOUNT_PATH="/$MNT_FOLDER/$MOUNT"
fi
### Ensure folders exist
@ -30,7 +40,7 @@ done
### Define rcloneignore location
RCLONE_IGNORE="$CONFIG_FOLDER/rcloneignore"
if [ ! -f "$RCLONE_IGNORE" ] && [ -f "/etc/rcloneignore" ]; then
RCLONE_IGNORE='etc/rcloneignore'
RCLONE_IGNORE='/etc/rcloneignore'
fi
### Mount

View file

@ -220,7 +220,7 @@ if [ ! -f "${XDG_CONFIG_HOME:-$HOME/.config}/chezmoi/chezmoi.yaml" ]; then
if command -v gum > /dev/null; then
if [ -z "$SOFTWARE_GROUP" ]; then
logg prompt 'Select the software group you would like to install. If your environment is a macOS, Windows, or environment with the DISPLAY environment variable then desktop software will be installed too. The software groups are in the '"${XDG_CONFIG_HOME:-$HOME/.config}/chezmoi/chezmoi.yaml"' file.'
SOFTWARE_GROUP="$(gum choose "Basic" "Standard" "Full")"
SOFTWARE_GROUP="$(gum choose "General-Purpose-Server" "Basic" "Standard" "Full")"
export SOFTWARE_GROUP
fi
else