Latest
This commit is contained in:
parent
25027816b6
commit
6102deaa33
32 changed files with 300 additions and 13 deletions
|
@ -60,6 +60,7 @@
|
|||
* https://github.com/pouchdb/pouchdb
|
||||
* https://uppy.io/docs/dashboard/
|
||||
* https://unkey.dev/
|
||||
* [Title](https://github.com/vercel-labs/ai-chatbot)
|
||||
|
||||
## Serverless
|
||||
|
||||
|
|
19
docs/TODO.md
19
docs/TODO.md
|
@ -2,6 +2,7 @@
|
|||
|
||||
This page outlines various projects and tasks that we are currently working on. Creating a GitHub issue for each of these items would be overkill.
|
||||
|
||||
* [Title](https://github.com/KnowledgeCanvas/knowledge)
|
||||
* Configure Navi to automatically download and use the best cheat repositories
|
||||
* Finish TS from 1400 stars
|
||||
* Python
|
||||
|
@ -14,7 +15,14 @@ This page outlines various projects and tasks that we are currently working on.
|
|||
* JavaScript start at 10k
|
||||
* Go through https://github.com/jaywcjlove/awesome-mac
|
||||
* https://codesandbox.io/ https://github.com/firecracker-microvm/firecracker
|
||||
|
||||
* (https://www.kolide.com/features/checks/mac-firewall)
|
||||
* (https://github.com/tobiasbueschel/search-gpt)
|
||||
* Create IP set for CloudFlare [Title](https://firewalld.org/documentation/man-pages/firewalld.ipset.html)
|
||||
* https://chainner.app/
|
||||
* https://github.com/kyrolabs/awesome-langchain)
|
||||
( [Title](https://github.com/StanGirard/quivr))
|
||||
* [Title](https://github.com/PromtEngineer/localGPT)
|
||||
* [Title](https://github.com/reworkd/AgentGPT)
|
||||
## Upstream
|
||||
|
||||
The following items are things we would like to include into the Install Doctor system but are waiting on upstream changes.
|
||||
|
@ -182,6 +190,15 @@ The following items have been reviewed but need to be revisited due to complexit
|
|||
* https://github.com/OpenNebula/one /. https://github.com/OpenNebula/minione
|
||||
* https://github.com/ConvoyPanel/panel
|
||||
* https://github.com/hashicorp/nomad
|
||||
* [Title](https://github.com/Soft/xcolor)
|
||||
* [Title](https://github.com/Xpra-org/xpra)
|
||||
* [Title](https://github.com/ksnip/ksnip)
|
||||
* [Title](https://github.com/leftwm/leftwm)
|
||||
* [Title](https://github.com/polybar/polybar)
|
||||
* [Title](https://github.com/kingToolbox/WindTerm)
|
||||
* [Title](https://github.com/hyprwm/Hypr)
|
||||
* [Title](https://github.com/Sygil-Dev/sygil-webui)
|
||||
* [Title](https://github.com/psychic-api/psychic)
|
||||
|
||||
## Docker Issue
|
||||
|
||||
|
|
|
@ -360,6 +360,7 @@ softwareGroups:
|
|||
- resume
|
||||
- s-search
|
||||
- sad
|
||||
- search-gpt
|
||||
- slack-term
|
||||
- slides
|
||||
- social-analyzer
|
||||
|
@ -916,6 +917,7 @@ softwareGroups:
|
|||
- cookiecutter
|
||||
- gomplate
|
||||
Terraform: &Terraform
|
||||
- aiac
|
||||
- terraform
|
||||
- tfenv
|
||||
- tflint
|
||||
|
|
|
@ -24,15 +24,15 @@ if [ -d /Applications ] && [ -d /System ]; then
|
|||
# Only enable when computer is not a corporate / work computer
|
||||
{{ if (ne .host.work true) -}}
|
||||
logg info 'Enabling VNC using the `VNC_PASSWORD` variable which is `vncpass` when nothing is specified'
|
||||
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -clientopts -setvnclegacy -vnclegacy yes -clientopts -setvncpw -vncpw {{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VNC_PASSWORD")) }}{{ includeTemplate "secrets/VNC_PASSWORD" | decrypt | trim }}{{ else }}{{ default "vncpass" (env "VNC_PASSWORD") }}{{ end }} -restart -agent -privs -all
|
||||
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -allowAccessFor -specifiedUsers -clientopts -setreqperm -reqperm yes -setvnclegacy -vnclegacy yes -setvncpw -vncpw {{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VNC_PASSWORD")) }}{{ includeTemplate "secrets/VNC_PASSWORD" | decrypt | trim }}{{ else }}{{ default "vncpass" (env "VNC_PASSWORD") }}{{ end }} -restart -agent -privs -all -users {{ .user.name }}
|
||||
{{- end }}
|
||||
else
|
||||
# System is Linux
|
||||
### VNC set-up / configuration
|
||||
if command -v vncpasswd > /dev/null; then
|
||||
# TigerVNC (or alternative VNC program) is installed
|
||||
logg info 'Copying VNC configuration files from ~/.config/vnc/etc to /'
|
||||
sudo cp -Rf "${XDG_CONFIG_HOME:-$HOME/.config}/vnc/etc" /
|
||||
sudo systemctl
|
||||
if [ ! -d "${XDG_CONFIG_HOME:-$HOME/.config}/vnc" ]; then
|
||||
mkdir -p "${XDG_CONFIG_HOME:-$HOME/.config}/vnc"
|
||||
fi
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
if [ -d /Applications ] && [ -d /System ]; then
|
||||
# System is macOS
|
||||
logg info 'Enabling macOS firewall'
|
||||
|
||||
fi
|
7
home/.chezmoitemplates/secrets/GOOGLE_SEARCH_API_KEY
Normal file
7
home/.chezmoitemplates/secrets/GOOGLE_SEARCH_API_KEY
Normal file
|
@ -0,0 +1,7 @@
|
|||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVNHB0YXhyR3NEQVZMaEw5
|
||||
RjRSbE56Vk9VU2lZTWo2NHNoSXhjZUZYYVNzClh3ay9ZdStiWUlLMnNXT1RmT3Vw
|
||||
aVRtNHAvR2xSdmRMQW1LYkR5MlRjbmMKLS0tIFJDcEphZUZZc0RjYmUwRTlkZDFh
|
||||
SXlFSXErOEdHZHJkVmlDWHJvWDJjSnMKTZuglTRlnTiU/YMzQjNUZY3stUz8ujwP
|
||||
FsyjC/1mp3eYNr5jEnRH1ACSpTesYZ/jgl0b/B3z2eGPN2ButzjAbQ62+0kDuTo=
|
||||
-----END AGE ENCRYPTED FILE-----
|
7
home/.chezmoitemplates/secrets/GOOGLE_SEARCH_ID
Normal file
7
home/.chezmoitemplates/secrets/GOOGLE_SEARCH_ID
Normal file
|
@ -0,0 +1,7 @@
|
|||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUZjBDMy9yQW9LZTBQWFUr
|
||||
SklhbWtWUVpzZDc3TkhzRkxydmppSmc2NkVZCkVyK1BWQ3UxQTE1OC8vL1VVVStz
|
||||
Z2t1ckNhWDlPd1BuNXNLakNRZWpVSGMKLS0tIE5mdi9RaWhWUWtwcTZTeW9xWFgy
|
||||
OUNpQWxnRnBpb1JXbU42SHhaa2Z5UFkKDrEwiM7oz62yvE72M87gABy+6ZWqyR95
|
||||
DGFBDzXJqNtk7tyLHwkh7cZFd4MHKIL7sA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
3
home/dot_config/firewall/applet.conf
Normal file
3
home/dot_config/firewall/applet.conf
Normal file
|
@ -0,0 +1,3 @@
|
|||
[General]
|
||||
notifications=true
|
||||
show-inactive=true
|
7
home/dot_config/firewall/etc/firewalld/services/ftp.xml
Normal file
7
home/dot_config/firewall/etc/firewalld/services/ftp.xml
Normal file
|
@ -0,0 +1,7 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<service>
|
||||
<short>FTP</short>
|
||||
<description>FTP is a protocol used for remote file transfer. If you plan to make your FTP server publicly available, enable this option. You need the vsftpd package installed for this option to be useful.</description>
|
||||
<port protocol="tcp" port="21"/>
|
||||
<module name="nf_conntrack_ftp"/>
|
||||
</service>
|
|
@ -0,0 +1,6 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<service>
|
||||
<short>IPFS Daemon API</short>
|
||||
<description>InterPlanetary File System (IPFS) is a protocol and peer-to-peer network for storing and sharing data in a distributed file system.</description>
|
||||
<port protocol="tcp" port="5001"/>
|
||||
</service>
|
|
@ -0,0 +1,7 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<service>
|
||||
<short>IPFS Swarm</short>
|
||||
<description>InterPlanetary File System (IPFS) is a protocol and peer-to-peer network for storing and sharing data in a distributed file system.</description>
|
||||
<port protocol="tcp" port="4001"/>
|
||||
<port protocol="udp" port="4001"/>
|
||||
</service>
|
|
@ -0,0 +1,6 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<service>
|
||||
<short>IPFS Swarm Websockets</short>
|
||||
<description>InterPlanetary File System (IPFS) is a protocol and peer-to-peer network for storing and sharing data in a distributed file system.</description>
|
||||
<port protocol="tcp" port="8081"/>
|
||||
</service>
|
|
@ -0,0 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<service>
|
||||
<short>jellyfin</short>
|
||||
<description>ellyfin is the volunteer-built media solution that puts you in control of your media. Stream to any device from your own server, with no strings attached. Your media, your server, your way.</description>
|
||||
<port protocol="tcp" port="8096"/>
|
||||
<port protocol="tcp" port="8920"/>
|
||||
<port protocol="udp" port="1900"/>
|
||||
<port protocol="udp" port="7359"/>
|
||||
</service>
|
|
@ -0,0 +1,10 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<service>
|
||||
<short>Kubernetes Master</short>
|
||||
<description>Ports required for a Kubernetes Master node per https://kubernetes.io/docs/setup/independent/install-kubeadm/.</description>
|
||||
<port port="6443" protocol="tcp"/>
|
||||
<port port="2379" protocol="tcp"/>
|
||||
<port port="2380" protocol="tcp"/>
|
||||
<port port="10250-10252" protocol="tcp"/>
|
||||
<port port="10255" protocol="tcp"/>
|
||||
</service>
|
|
@ -0,0 +1,8 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<service>
|
||||
<short>Kubernetes Worker</short>
|
||||
<description>Ports required for a Kubernetes Worker node per https://kubernetes.io/docs/setup/independent/install-kubeadm/.</description>
|
||||
<port port="10250" protocol="tcp"/>
|
||||
<port port="10255" protocol="tcp"/>
|
||||
<port port="30000-32767" protocol="tcp"/>
|
||||
</service>
|
7
home/dot_config/firewall/etc/firewalld/services/mdns.xml
Normal file
7
home/dot_config/firewall/etc/firewalld/services/mdns.xml
Normal file
|
@ -0,0 +1,7 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<service>
|
||||
<short>Multicast DNS (mDNS)</short>
|
||||
<description>mDNS provides the ability to use DNS programming interfaces, packet formats and operating semantics in a small network without a conventional DNS server. If you plan to use Avahi, do not disable this option.</description>
|
||||
<port protocol="udp" port="5353"/>
|
||||
<destination ipv4="224.0.0.251" ipv6="ff02::fb"/>
|
||||
</service>
|
|
@ -0,0 +1,8 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<service>
|
||||
<short>OpenVPN Access Server</short>
|
||||
<description>OpenVPN Access Server is a set of installation and configuration tools that come in one package that simplifies the rapid deployment of a VPN remote access solution.</description>
|
||||
<port protocol="udp" port="1194"/>
|
||||
<port protocol="tcp" port="9443"/>
|
||||
<port protocol="tcp" port="943"/>
|
||||
</service>
|
12
home/dot_config/firewall/etc/firewalld/services/plex.xml
Normal file
12
home/dot_config/firewall/etc/firewalld/services/plex.xml
Normal file
|
@ -0,0 +1,12 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<service>
|
||||
<short>Plex</short>
|
||||
<description>.</description>
|
||||
<port protocol="tcp" port="32400"/> # Plex Media Server
|
||||
<port protocol="udp" port="1900"/> # Plex DLNA Server
|
||||
<port protocol="tcp" port="32469"/> # Plex DLNA Server
|
||||
<port protocol="udp" port="32410"/> # GDM Network Discovery
|
||||
<port protocol="udp" port="32412"/> # GDM Network Discovery
|
||||
<port protocol="udp" port="32413"/> # GDM Network Discovery
|
||||
<port protocol="udp" port="32414"/> # GDM Network Discovery
|
||||
</service>
|
|
@ -0,0 +1,13 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<service>
|
||||
<short>UniFi Controller</short>
|
||||
<description>.</description>
|
||||
<port protocol="udp" port="10001"/>
|
||||
<port protocol="udp" port="3478"/>
|
||||
<port protocol="tcp" port="8080"/>
|
||||
<port protocol="tcp" port="8081"/>
|
||||
<port protocol="tcp" port="8443"/>
|
||||
<port protocol="tcp" port="8843"/>
|
||||
<port protocol="tcp" port="8880"/>
|
||||
<port protocol="tcp" port="6789"/>
|
||||
</service>
|
|
@ -0,0 +1,15 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<service>
|
||||
<short>unifi-video</short>
|
||||
<description>.</description>
|
||||
<port protocol="tcp" port="10001"/>
|
||||
<port protocol="tcp" port="1935"/>
|
||||
<port protocol="tcp" port="6666"/>
|
||||
<port protocol="tcp" port="7080"/>
|
||||
<port protocol="tcp" port="7442"/>
|
||||
<port protocol="tcp" port="7443"/>
|
||||
<port protocol="tcp" port="7444"/>
|
||||
<port protocol="tcp" port="7445"/>
|
||||
<port protocol="tcp" port="7446"/>
|
||||
<port protocol="tcp" port="7447"/>
|
||||
</service>
|
0
home/dot_config/firewall/etc/firewalld/services/xrdp.xml
Normal file
0
home/dot_config/firewall/etc/firewalld/services/xrdp.xml
Normal file
|
@ -0,0 +1 @@
|
|||
These profiles are unused but are left here as an example should we decide to support `ufw` as well.
|
4
home/dot_config/firewall/etc/ufw/applications.d/cups
Normal file
4
home/dot_config/firewall/etc/ufw/applications.d/cups
Normal file
|
@ -0,0 +1,4 @@
|
|||
[CUPS]
|
||||
title=CUPS
|
||||
description=CUPS printer server
|
||||
ports=631/tcp
|
4
home/dot_config/firewall/etc/ufw/applications.d/maas
Normal file
4
home/dot_config/firewall/etc/ufw/applications.d/maas
Normal file
|
@ -0,0 +1,4 @@
|
|||
[MAAS]
|
||||
title=MAAS
|
||||
description=Ubuntu management software for equipment that is controlled by LPMI
|
||||
ports=5240|5248|5241:5247/tcp|5241:5247/udp|5250:5270/tcp|5250:5270/udp
|
|
@ -0,0 +1,4 @@
|
|||
[NetbootXYZ]
|
||||
title=NetbootXYZ
|
||||
description=Boot over LAN
|
||||
ports=69/udp
|
19
home/dot_config/firewall/etc/ufw/applications.d/nginx
Normal file
19
home/dot_config/firewall/etc/ufw/applications.d/nginx
Normal file
|
@ -0,0 +1,19 @@
|
|||
[Nginx]
|
||||
title=Nginx Server
|
||||
description=Nginx server
|
||||
ports=80/tcp
|
||||
|
||||
[Nginx Secure]
|
||||
title=Nginx Server (HTTPS)
|
||||
description=Nginx server (HTTPS)
|
||||
ports=443/tcp
|
||||
|
||||
[Nginx Full]
|
||||
title=Nginx Server (HTTP,HTTPS)
|
||||
description=Nginx server (HTTP,HTTPS)
|
||||
ports=80,443/tcp
|
||||
|
||||
[Nginx Cache]
|
||||
title=Nginx Server (8080)
|
||||
description=Nginx server (8080)
|
||||
ports=8080/tcp
|
14
home/dot_config/firewall/etc/ufw/applications.d/plex
Normal file
14
home/dot_config/firewall/etc/ufw/applications.d/plex
Normal file
|
@ -0,0 +1,14 @@
|
|||
[PlexMediaServer]
|
||||
title=Plex Media Server (Standard)
|
||||
description=The Plex Media Server
|
||||
ports=32400/tcp|3005/tcp|5353/udp|8324/tcp|32410:32414/udp
|
||||
|
||||
[PlexMediaServer DLNA]
|
||||
title=Plex Media Server (DLNA)
|
||||
description=The Plex Media Server (additional DLNA capability only)
|
||||
ports=1900/udp|32469/tcp
|
||||
|
||||
[PlexMediaServer Full]
|
||||
title=Plex Media Server (Standard + DLNA)
|
||||
description=The Plex Media Server (with additional DLNA capability)
|
||||
ports=32400/tcp|3005/tcp|5353/udp|8324/tcp|32410:32414/udp|1900/udp|32469/tcp
|
4
home/dot_config/firewall/etc/ufw/applications.d/rdp
Normal file
4
home/dot_config/firewall/etc/ufw/applications.d/rdp
Normal file
|
@ -0,0 +1,4 @@
|
|||
[RDP]
|
||||
title=RDP
|
||||
description=Remotely sign into a desktop computer
|
||||
ports=3389/tcp
|
4
home/dot_config/firewall/etc/ufw/applications.d/unifi
Normal file
4
home/dot_config/firewall/etc/ufw/applications.d/unifi
Normal file
|
@ -0,0 +1,4 @@
|
|||
[UniFi]
|
||||
title=UniFi controller
|
||||
description=All ports available for UniFi inform, guest portal, speed testing, and access to admin GUI
|
||||
ports=5514,6789,8080,8843,8880/tcp|1900,3478,10001/udp
|
|
@ -74,6 +74,11 @@ export OPENAI_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplat
|
|||
### PyPi
|
||||
export PYPI_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "PYPI_TOKEN")) }}{{ includeTemplate "secrets/PYPI_TOKEN" | decrypt | trim }}{{ else }}{{ env "PYPI_TOKEN" }}{{ end }}"
|
||||
|
||||
### Search GPT
|
||||
# Also relies on `OPENAI_API_KEY`
|
||||
export GOOGLE_SEARCH_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "GOOGLE_SEARCH_API_KEY")) }}{{ includeTemplate "secrets/GOOGLE_SEARCH_API_KEY" | decrypt | trim }}{{ else }}{{ env "GOOGLE_SEARCH_API_KEY" }}{{ end }}"
|
||||
export GOOGLE_SEARCH_ID="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "GOOGLE_SEARCH_ID")) }}{{ includeTemplate "secrets/GOOGLE_SEARCH_ID" | decrypt | trim }}{{ else }}{{ env "GOOGLE_SEARCH_ID" }}{{ end }}"
|
||||
|
||||
### Snapcraft
|
||||
export SNAPCRAFT_EMAIL="{{ .user.snapcraft.username }}"
|
||||
export SNAPCRAFT_MACAROON="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "SNAPCRAFT_MACAROON")) }}{{ includeTemplate "secrets/SNAPCRAFT_MACAROON" | decrypt | trim }}{{ else }}{{ env "SNAPCRAFT_MACAROON" }}{{ end }}"
|
||||
|
|
|
@ -113,6 +113,7 @@ let installOrdersPre = []
|
|||
let installOrdersPost = []
|
||||
let installOrdersService = []
|
||||
let installOrdersGroups = []
|
||||
let installOrdersPorts = []
|
||||
let installOrdersPlugins = []
|
||||
let installOrdersBinLink = []
|
||||
let brewUpdated, osType, osID, snapRefreshed
|
||||
|
@ -446,6 +447,10 @@ async function updateInstallMaps(preference, packages, scopedPreference, pkg, pa
|
|||
if (groupsHook) {
|
||||
installOrdersGroups = installOrdersGroups.concat(typeof groupsHook === 'string' ? [groupsHook] : groupsHook)
|
||||
}
|
||||
const portsHook = getHook(packages, 'ports', scopedPreference, preference)
|
||||
if (portsHook) {
|
||||
installOrdersPorts = installOrdersPorts.concat(typeof portsHook === 'string' ? [portsHook] : portsHook)
|
||||
}
|
||||
processPluginOrders(pkg)
|
||||
if (!installOrders[preference]) {
|
||||
installOrders[preference] = []
|
||||
|
@ -1543,6 +1548,41 @@ async function addUserGroup(group) {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Adds the rules specified in the `_ports` key of each entry in the `software.yml` file.
|
||||
*
|
||||
* @param rule Firewall rule in the form of 8888/tcp or 9999/udp. Can also be the XML file name stored in ~/.config/firewall/etc/firewalld/services.
|
||||
*/
|
||||
async function addFirewallRule(rule) {
|
||||
const logStage = 'Firewall'
|
||||
log('info', logStage, `Ensuring the ${rule} rule is added`)
|
||||
if (osType === 'linux') {
|
||||
const firewallCmd = which.sync('firewall-cmd', { nothrow: true })
|
||||
// const ufw = which.sync('ufw', { nothrow: true })
|
||||
if (firewallCmd) {
|
||||
if (typeof rule.substring(0, 1) === 'number') {
|
||||
runCommand(`Adding the ${rule} to the firewall configuration`, `sudo firewall-cmd --add-port=${rule} --permanent`)
|
||||
} else {
|
||||
runCommand(`Adding the ${rule} user / group`, `sudo firewall-cmd --add-service=${rule} --permanent`)
|
||||
}
|
||||
} else {
|
||||
log('error', logStage, `The firewall-cmd executable is not present on the system so the firewall cannot be configured`)
|
||||
}
|
||||
} else if (osType === 'darwin') {
|
||||
runCommand(`Creating the ${rule} group`, `sudo dscl . create /Groups/${rule}`)
|
||||
runCommand(`Ensuring the ${rule} group has a GID`, `bash -c 'if [[ "$(sudo dscl . read /Groups/$GROUP gid 2>&1)" == *"No such key"* ]]; then MAX_ID_GROUP="$(dscl . -list /Groups gid | awk "{print $2}" | sort -ug | tail -1)"; GROUP_ID="$((MAX_ID_GROUP+1))"; sudo dscl . create /Groups/${rule} gid "$GROUP_ID"; fi'`)
|
||||
runCommand(`Adding the ${rule} user`, `sudo dscl . create /Users/${rule}`)
|
||||
runCommand(`Ensuring the ${rule} user has a PrimaryGroupID`, `bash -c 'if [[ "$(sudo dscl . read /Users/${rule} PrimaryGroupID 2>&1)" == *"No such key"* ]]; then sudo dscl . create /Users/${rule} PrimaryGroupID 20; fi'`)
|
||||
runCommand(`Ensuring the ${rule} user has a UniqueID`, `bash -c 'if [[ "$(sudo dscl . read /Users/${rule} UniqueID 2>&1)" == *"No such key"* ]]; then MAX_ID_USER="$(dscl . -list /Users UniqueID | sort -nr -k 2 | head -1 | grep -oE "[0-9]+$")"; USER_ID="$((MAX_ID_USER+1))"; sudo dscl . create /Users/${rule} UniqueID "$USERID"; fi'`)
|
||||
runCommand(`Adding the ${rule} user to the ${rule} group`, `sudo dseditgroup -o edit -t user -a ${rule} ${rule}`)
|
||||
runCommand(`Adding the ${process.env.USER} user to the ${rule} group`, `sudo dseditgroup -o edit -t user -a ${process.env.USER} ${rule}`)
|
||||
} else if (osType === 'windows') {
|
||||
log('warn', logStage, `Windows support not yet added`)
|
||||
} else {
|
||||
log('warn', logStage, `Unknown operating system type`)
|
||||
}
|
||||
}
|
||||
|
||||
async function updateService(service) {
|
||||
const logStage = 'Service Service'
|
||||
if (osType === 'linux') {
|
||||
|
@ -1805,6 +1845,10 @@ async function installSoftware(pkgsToInstall) {
|
|||
asyncOrders.push(installPackageList(packageManager, installOrders[packageManager]))
|
||||
await Promise.all(asyncOrders)
|
||||
}
|
||||
installOrdersPorts.length && log('info', 'Firewall', 'Configuring firewall exceptions')
|
||||
for (const firewallRule of installOrdersPorts) {
|
||||
await addFirewallRule(firewallRule)
|
||||
}
|
||||
installOrdersService.length && log('info', 'Post-Install', `Running package-specific post-installation steps`)
|
||||
for (const service of installOrdersService) {
|
||||
await updateService(service)
|
||||
|
|
52
software.yml
52
software.yml
|
@ -2820,14 +2820,6 @@ softwarePackages:
|
|||
dnf: firefox
|
||||
flatpak: org.mozilla.firefox
|
||||
pacman: firefox
|
||||
firewall:
|
||||
_bin: null
|
||||
_desc: This role is intended to be used with the ProfessorManhattan playbook. It integrates tightly with the other roles included with the playbook.
|
||||
_docs: null
|
||||
_github: null
|
||||
_home: null
|
||||
_name: Firewall
|
||||
ansible: professormanhattan.firewall
|
||||
fission:
|
||||
_bin: fission
|
||||
_desc: Fast and Simple Serverless Functions for Kubernetes
|
||||
|
@ -5795,6 +5787,11 @@ softwarePackages:
|
|||
_github: https://github.com/nginx/nginx
|
||||
_home: https://nginx.org/
|
||||
_name: NGINX
|
||||
_ports:
|
||||
- port: 80
|
||||
proto: udp
|
||||
- port: 443
|
||||
proto: udp
|
||||
ansible: professormanhattan.nginx
|
||||
apt: nginx
|
||||
brew: nginx
|
||||
|
@ -7099,13 +7096,37 @@ softwarePackages:
|
|||
_name: Microsoft Remote Desktop
|
||||
_when:cask: '! test -d "/Applications/Microsoft Remote Desktop.app"'
|
||||
cask: microsoft-remote-desktop
|
||||
aiac:
|
||||
_bin: aiac
|
||||
_github: https://github.com/gofireflyio/aiac
|
||||
_name: AIAC
|
||||
brew: gofireflyio/aiac/aiac
|
||||
go: github.com/gofireflyio/aiac/v3@latest
|
||||
firewalld:
|
||||
_bin: firewall-cmd
|
||||
_github: https://github.com/firewalld/firewalld
|
||||
_name: FirewallD
|
||||
_service: firewalld
|
||||
_pre: if command -v ufw > /dev/null; then sudo ufw disable; fi
|
||||
_service: firewalld
|
||||
_notes: https://computingforgeeks.com/install-and-use-firewalld-on-ubuntu/
|
||||
apt: firewalld
|
||||
dnf: firewalld
|
||||
emerge: net-firewall/firewalld
|
||||
pacman: firewalld
|
||||
script:darwin: sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on
|
||||
zypper: firewalld
|
||||
xrdp:
|
||||
_bin: xrdp
|
||||
_desc: null
|
||||
_docs: null
|
||||
_github: null
|
||||
_home: null
|
||||
_github: https://github.com/neutrinolabs/xrdp
|
||||
_home: http://www.xrdp.org/
|
||||
_name: xrdp
|
||||
_ports:
|
||||
- port: 3389
|
||||
proto: tcp
|
||||
_post: sudo adduser xrdp ssl-cert
|
||||
_service: xrdp
|
||||
_service:yay:
|
||||
- xrdp
|
||||
|
@ -7113,6 +7134,8 @@ softwarePackages:
|
|||
_note: Should work like professormanhattan.remotedesktop
|
||||
apt: xrdp
|
||||
dnf: xrdp
|
||||
pacman: xrdp
|
||||
zypper: xrdp
|
||||
yay: xrdp
|
||||
responsively:
|
||||
_bin: null
|
||||
|
@ -9566,6 +9589,11 @@ softwarePackages:
|
|||
_home: null
|
||||
_name: Yarnhook
|
||||
npm: yarnhook
|
||||
search-gpt:
|
||||
_bin: searchgpt
|
||||
_github: https://github.com/tobiasbueschel/search-gpt
|
||||
_name: Search GPT
|
||||
npm: search-gpt
|
||||
yj:
|
||||
_bin: yj
|
||||
_desc: CLI program that allows you to convert between YAML, TOML, JSON, and HCL.
|
||||
|
@ -9687,6 +9715,9 @@ softwarePackages:
|
|||
_bin: tigervncpasswd
|
||||
_github: https://github.com/DukeyToo/tightvnc-server
|
||||
_name: TightVNC Server
|
||||
_ports:
|
||||
- port: 5900-5909
|
||||
proto: tcp
|
||||
apt: tigervnc-standalone-server
|
||||
dnf: tigervnc-server
|
||||
pacman: tigervnc
|
||||
|
@ -9830,6 +9861,7 @@ softwarePlugins:
|
|||
raycast:
|
||||
cmd: null
|
||||
plugins:
|
||||
- https://www.raycast.com/abielzulio/chatgpt
|
||||
- https://www.raycast.com/BalliAsghar/mailsy
|
||||
steampipe:
|
||||
cmd: steampipe plugin install {PLUGIN}
|
||||
|
|
Loading…
Reference in a new issue