From 6102deaa337d085338d79d5eb920194f1eb8a39d Mon Sep 17 00:00:00 2001 From: Brian Zalewski <59970525+ProfessorManhattan@users.noreply.github.com> Date: Wed, 28 Jun 2023 02:53:52 +0000 Subject: [PATCH] Latest --- docs/INSPIRATION.md | 1 + docs/TODO.md | 19 ++++++- home/.chezmoidata.yaml | 2 + .../run_onchange_after_16-vnc.sh.tmpl | 4 +- ...change_after_18-configure-firewall.sh.tmpl | 7 +++ .../secrets/GOOGLE_SEARCH_API_KEY | 7 +++ .../secrets/GOOGLE_SEARCH_ID | 7 +++ home/dot_config/firewall/applet.conf | 3 ++ .../firewall/etc/firewalld/services/ftp.xml | 7 +++ .../etc/firewalld/services/ipfs-api.xml | 6 +++ .../etc/firewalld/services/ipfs-swarm.xml | 7 +++ .../etc/firewalld/services/ipfs-websocket.xml | 6 +++ .../etc/firewalld/services/jellyfin.xml | 9 ++++ .../etc/firewalld/services/k8s-master.xml | 10 ++++ .../etc/firewalld/services/k8s-worker.xml | 8 +++ .../firewall/etc/firewalld/services/mdns.xml | 7 +++ .../services/openvpn-access-server.xml | 8 +++ .../firewall/etc/firewalld/services/plex.xml | 12 +++++ .../firewalld/services/unifi-controller.xml | 13 +++++ .../etc/firewalld/services/unifi-video.xml | 15 ++++++ .../firewall/etc/firewalld/services/xrdp.xml | 0 .../firewall/etc/ufw/applications.d/README.md | 1 + .../firewall/etc/ufw/applications.d/cups | 4 ++ .../firewall/etc/ufw/applications.d/maas | 4 ++ .../etc/ufw/applications.d/netbootxyz | 4 ++ .../firewall/etc/ufw/applications.d/nginx | 19 +++++++ .../firewall/etc/ufw/applications.d/plex | 14 +++++ .../firewall/etc/ufw/applications.d/rdp | 4 ++ .../firewall/etc/ufw/applications.d/unifi | 4 ++ home/dot_config/shell/private_private.sh.tmpl | 5 ++ home/dot_local/bin/executable_install-program | 44 ++++++++++++++++ software.yml | 52 +++++++++++++++---- 32 files changed, 300 insertions(+), 13 deletions(-) create mode 100644 home/.chezmoiscripts/universal/run_onchange_after_18-configure-firewall.sh.tmpl create mode 100644 home/.chezmoitemplates/secrets/GOOGLE_SEARCH_API_KEY create mode 100644 home/.chezmoitemplates/secrets/GOOGLE_SEARCH_ID create mode 100644 home/dot_config/firewall/applet.conf create mode 100644 home/dot_config/firewall/etc/firewalld/services/ftp.xml create mode 100644 home/dot_config/firewall/etc/firewalld/services/ipfs-api.xml create mode 100644 home/dot_config/firewall/etc/firewalld/services/ipfs-swarm.xml create mode 100644 home/dot_config/firewall/etc/firewalld/services/ipfs-websocket.xml create mode 100644 home/dot_config/firewall/etc/firewalld/services/jellyfin.xml create mode 100644 home/dot_config/firewall/etc/firewalld/services/k8s-master.xml create mode 100644 home/dot_config/firewall/etc/firewalld/services/k8s-worker.xml create mode 100644 home/dot_config/firewall/etc/firewalld/services/mdns.xml create mode 100644 home/dot_config/firewall/etc/firewalld/services/openvpn-access-server.xml create mode 100644 home/dot_config/firewall/etc/firewalld/services/plex.xml create mode 100644 home/dot_config/firewall/etc/firewalld/services/unifi-controller.xml create mode 100644 home/dot_config/firewall/etc/firewalld/services/unifi-video.xml create mode 100644 home/dot_config/firewall/etc/firewalld/services/xrdp.xml create mode 100644 home/dot_config/firewall/etc/ufw/applications.d/README.md create mode 100644 home/dot_config/firewall/etc/ufw/applications.d/cups create mode 100644 home/dot_config/firewall/etc/ufw/applications.d/maas create mode 100644 home/dot_config/firewall/etc/ufw/applications.d/netbootxyz create mode 100644 home/dot_config/firewall/etc/ufw/applications.d/nginx create mode 100644 home/dot_config/firewall/etc/ufw/applications.d/plex create mode 100644 home/dot_config/firewall/etc/ufw/applications.d/rdp create mode 100644 home/dot_config/firewall/etc/ufw/applications.d/unifi diff --git a/docs/INSPIRATION.md b/docs/INSPIRATION.md index 74f3087a..139a7a73 100644 --- a/docs/INSPIRATION.md +++ b/docs/INSPIRATION.md @@ -60,6 +60,7 @@ * https://github.com/pouchdb/pouchdb * https://uppy.io/docs/dashboard/ * https://unkey.dev/ +* [Title](https://github.com/vercel-labs/ai-chatbot) ## Serverless diff --git a/docs/TODO.md b/docs/TODO.md index 124d0e04..40a2e7d6 100644 --- a/docs/TODO.md +++ b/docs/TODO.md @@ -2,6 +2,7 @@ This page outlines various projects and tasks that we are currently working on. Creating a GitHub issue for each of these items would be overkill. +* [Title](https://github.com/KnowledgeCanvas/knowledge) * Configure Navi to automatically download and use the best cheat repositories * Finish TS from 1400 stars * Python @@ -14,7 +15,14 @@ This page outlines various projects and tasks that we are currently working on. * JavaScript start at 10k * Go through https://github.com/jaywcjlove/awesome-mac * https://codesandbox.io/ https://github.com/firecracker-microvm/firecracker - +* (https://www.kolide.com/features/checks/mac-firewall) +* (https://github.com/tobiasbueschel/search-gpt) +* Create IP set for CloudFlare [Title](https://firewalld.org/documentation/man-pages/firewalld.ipset.html) +* https://chainner.app/ +* https://github.com/kyrolabs/awesome-langchain) +( [Title](https://github.com/StanGirard/quivr)) +* [Title](https://github.com/PromtEngineer/localGPT) +* [Title](https://github.com/reworkd/AgentGPT) ## Upstream The following items are things we would like to include into the Install Doctor system but are waiting on upstream changes. @@ -182,6 +190,15 @@ The following items have been reviewed but need to be revisited due to complexit * https://github.com/OpenNebula/one /. https://github.com/OpenNebula/minione * https://github.com/ConvoyPanel/panel * https://github.com/hashicorp/nomad +* [Title](https://github.com/Soft/xcolor) +* [Title](https://github.com/Xpra-org/xpra) +* [Title](https://github.com/ksnip/ksnip) +* [Title](https://github.com/leftwm/leftwm) +* [Title](https://github.com/polybar/polybar) +* [Title](https://github.com/kingToolbox/WindTerm) +* [Title](https://github.com/hyprwm/Hypr) +* [Title](https://github.com/Sygil-Dev/sygil-webui) +* [Title](https://github.com/psychic-api/psychic) ## Docker Issue diff --git a/home/.chezmoidata.yaml b/home/.chezmoidata.yaml index 6761f05c..96b3fc68 100644 --- a/home/.chezmoidata.yaml +++ b/home/.chezmoidata.yaml @@ -360,6 +360,7 @@ softwareGroups: - resume - s-search - sad + - search-gpt - slack-term - slides - social-analyzer @@ -916,6 +917,7 @@ softwareGroups: - cookiecutter - gomplate Terraform: &Terraform + - aiac - terraform - tfenv - tflint diff --git a/home/.chezmoiscripts/universal/run_onchange_after_16-vnc.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_16-vnc.sh.tmpl index 140fbc37..2b27f984 100644 --- a/home/.chezmoiscripts/universal/run_onchange_after_16-vnc.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_after_16-vnc.sh.tmpl @@ -24,15 +24,15 @@ if [ -d /Applications ] && [ -d /System ]; then # Only enable when computer is not a corporate / work computer {{ if (ne .host.work true) -}} logg info 'Enabling VNC using the `VNC_PASSWORD` variable which is `vncpass` when nothing is specified' - sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -clientopts -setvnclegacy -vnclegacy yes -clientopts -setvncpw -vncpw {{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VNC_PASSWORD")) }}{{ includeTemplate "secrets/VNC_PASSWORD" | decrypt | trim }}{{ else }}{{ default "vncpass" (env "VNC_PASSWORD") }}{{ end }} -restart -agent -privs -all + sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -allowAccessFor -specifiedUsers -clientopts -setreqperm -reqperm yes -setvnclegacy -vnclegacy yes -setvncpw -vncpw {{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VNC_PASSWORD")) }}{{ includeTemplate "secrets/VNC_PASSWORD" | decrypt | trim }}{{ else }}{{ default "vncpass" (env "VNC_PASSWORD") }}{{ end }} -restart -agent -privs -all -users {{ .user.name }} {{- end }} else # System is Linux + ### VNC set-up / configuration if command -v vncpasswd > /dev/null; then # TigerVNC (or alternative VNC program) is installed logg info 'Copying VNC configuration files from ~/.config/vnc/etc to /' sudo cp -Rf "${XDG_CONFIG_HOME:-$HOME/.config}/vnc/etc" / - sudo systemctl if [ ! -d "${XDG_CONFIG_HOME:-$HOME/.config}/vnc" ]; then mkdir -p "${XDG_CONFIG_HOME:-$HOME/.config}/vnc" fi diff --git a/home/.chezmoiscripts/universal/run_onchange_after_18-configure-firewall.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_18-configure-firewall.sh.tmpl new file mode 100644 index 00000000..72343342 --- /dev/null +++ b/home/.chezmoiscripts/universal/run_onchange_after_18-configure-firewall.sh.tmpl @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +if [ -d /Applications ] && [ -d /System ]; then + # System is macOS + logg info 'Enabling macOS firewall' + +fi \ No newline at end of file diff --git a/home/.chezmoitemplates/secrets/GOOGLE_SEARCH_API_KEY b/home/.chezmoitemplates/secrets/GOOGLE_SEARCH_API_KEY new file mode 100644 index 00000000..fbc54b50 --- /dev/null +++ b/home/.chezmoitemplates/secrets/GOOGLE_SEARCH_API_KEY @@ -0,0 +1,7 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVNHB0YXhyR3NEQVZMaEw5 +RjRSbE56Vk9VU2lZTWo2NHNoSXhjZUZYYVNzClh3ay9ZdStiWUlLMnNXT1RmT3Vw +aVRtNHAvR2xSdmRMQW1LYkR5MlRjbmMKLS0tIFJDcEphZUZZc0RjYmUwRTlkZDFh +SXlFSXErOEdHZHJkVmlDWHJvWDJjSnMKTZuglTRlnTiU/YMzQjNUZY3stUz8ujwP +FsyjC/1mp3eYNr5jEnRH1ACSpTesYZ/jgl0b/B3z2eGPN2ButzjAbQ62+0kDuTo= +-----END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/.chezmoitemplates/secrets/GOOGLE_SEARCH_ID b/home/.chezmoitemplates/secrets/GOOGLE_SEARCH_ID new file mode 100644 index 00000000..eda2ef93 --- /dev/null +++ b/home/.chezmoitemplates/secrets/GOOGLE_SEARCH_ID @@ -0,0 +1,7 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUZjBDMy9yQW9LZTBQWFUr +SklhbWtWUVpzZDc3TkhzRkxydmppSmc2NkVZCkVyK1BWQ3UxQTE1OC8vL1VVVStz +Z2t1ckNhWDlPd1BuNXNLakNRZWpVSGMKLS0tIE5mdi9RaWhWUWtwcTZTeW9xWFgy +OUNpQWxnRnBpb1JXbU42SHhaa2Z5UFkKDrEwiM7oz62yvE72M87gABy+6ZWqyR95 +DGFBDzXJqNtk7tyLHwkh7cZFd4MHKIL7sA== +-----END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/dot_config/firewall/applet.conf b/home/dot_config/firewall/applet.conf new file mode 100644 index 00000000..b3541bde --- /dev/null +++ b/home/dot_config/firewall/applet.conf @@ -0,0 +1,3 @@ +[General] +notifications=true +show-inactive=true diff --git a/home/dot_config/firewall/etc/firewalld/services/ftp.xml b/home/dot_config/firewall/etc/firewalld/services/ftp.xml new file mode 100644 index 00000000..e33bac5f --- /dev/null +++ b/home/dot_config/firewall/etc/firewalld/services/ftp.xml @@ -0,0 +1,7 @@ + + + FTP + FTP is a protocol used for remote file transfer. If you plan to make your FTP server publicly available, enable this option. You need the vsftpd package installed for this option to be useful. + + + \ No newline at end of file diff --git a/home/dot_config/firewall/etc/firewalld/services/ipfs-api.xml b/home/dot_config/firewall/etc/firewalld/services/ipfs-api.xml new file mode 100644 index 00000000..1db4604a --- /dev/null +++ b/home/dot_config/firewall/etc/firewalld/services/ipfs-api.xml @@ -0,0 +1,6 @@ + + + IPFS Daemon API + InterPlanetary File System (IPFS) is a protocol and peer-to-peer network for storing and sharing data in a distributed file system. + + \ No newline at end of file diff --git a/home/dot_config/firewall/etc/firewalld/services/ipfs-swarm.xml b/home/dot_config/firewall/etc/firewalld/services/ipfs-swarm.xml new file mode 100644 index 00000000..4189b816 --- /dev/null +++ b/home/dot_config/firewall/etc/firewalld/services/ipfs-swarm.xml @@ -0,0 +1,7 @@ + + + IPFS Swarm + InterPlanetary File System (IPFS) is a protocol and peer-to-peer network for storing and sharing data in a distributed file system. + + + \ No newline at end of file diff --git a/home/dot_config/firewall/etc/firewalld/services/ipfs-websocket.xml b/home/dot_config/firewall/etc/firewalld/services/ipfs-websocket.xml new file mode 100644 index 00000000..b417eadc --- /dev/null +++ b/home/dot_config/firewall/etc/firewalld/services/ipfs-websocket.xml @@ -0,0 +1,6 @@ + + + IPFS Swarm Websockets + InterPlanetary File System (IPFS) is a protocol and peer-to-peer network for storing and sharing data in a distributed file system. + + \ No newline at end of file diff --git a/home/dot_config/firewall/etc/firewalld/services/jellyfin.xml b/home/dot_config/firewall/etc/firewalld/services/jellyfin.xml new file mode 100644 index 00000000..450493f8 --- /dev/null +++ b/home/dot_config/firewall/etc/firewalld/services/jellyfin.xml @@ -0,0 +1,9 @@ + + + jellyfin + ellyfin is the volunteer-built media solution that puts you in control of your media. Stream to any device from your own server, with no strings attached. Your media, your server, your way. + + + + + \ No newline at end of file diff --git a/home/dot_config/firewall/etc/firewalld/services/k8s-master.xml b/home/dot_config/firewall/etc/firewalld/services/k8s-master.xml new file mode 100644 index 00000000..b6a3e249 --- /dev/null +++ b/home/dot_config/firewall/etc/firewalld/services/k8s-master.xml @@ -0,0 +1,10 @@ + + + Kubernetes Master + Ports required for a Kubernetes Master node per https://kubernetes.io/docs/setup/independent/install-kubeadm/. + + + + + + \ No newline at end of file diff --git a/home/dot_config/firewall/etc/firewalld/services/k8s-worker.xml b/home/dot_config/firewall/etc/firewalld/services/k8s-worker.xml new file mode 100644 index 00000000..2576947c --- /dev/null +++ b/home/dot_config/firewall/etc/firewalld/services/k8s-worker.xml @@ -0,0 +1,8 @@ + + + Kubernetes Worker + Ports required for a Kubernetes Worker node per https://kubernetes.io/docs/setup/independent/install-kubeadm/. + + + + \ No newline at end of file diff --git a/home/dot_config/firewall/etc/firewalld/services/mdns.xml b/home/dot_config/firewall/etc/firewalld/services/mdns.xml new file mode 100644 index 00000000..cde96c3e --- /dev/null +++ b/home/dot_config/firewall/etc/firewalld/services/mdns.xml @@ -0,0 +1,7 @@ + + + Multicast DNS (mDNS) + mDNS provides the ability to use DNS programming interfaces, packet formats and operating semantics in a small network without a conventional DNS server. If you plan to use Avahi, do not disable this option. + + + \ No newline at end of file diff --git a/home/dot_config/firewall/etc/firewalld/services/openvpn-access-server.xml b/home/dot_config/firewall/etc/firewalld/services/openvpn-access-server.xml new file mode 100644 index 00000000..29d71589 --- /dev/null +++ b/home/dot_config/firewall/etc/firewalld/services/openvpn-access-server.xml @@ -0,0 +1,8 @@ + + + OpenVPN Access Server + OpenVPN Access Server is a set of installation and configuration tools that come in one package that simplifies the rapid deployment of a VPN remote access solution. + + + + \ No newline at end of file diff --git a/home/dot_config/firewall/etc/firewalld/services/plex.xml b/home/dot_config/firewall/etc/firewalld/services/plex.xml new file mode 100644 index 00000000..de3a6e5a --- /dev/null +++ b/home/dot_config/firewall/etc/firewalld/services/plex.xml @@ -0,0 +1,12 @@ + + + Plex + . + # Plex Media Server + # Plex DLNA Server + # Plex DLNA Server + # GDM Network Discovery + # GDM Network Discovery + # GDM Network Discovery + # GDM Network Discovery + \ No newline at end of file diff --git a/home/dot_config/firewall/etc/firewalld/services/unifi-controller.xml b/home/dot_config/firewall/etc/firewalld/services/unifi-controller.xml new file mode 100644 index 00000000..03ac6129 --- /dev/null +++ b/home/dot_config/firewall/etc/firewalld/services/unifi-controller.xml @@ -0,0 +1,13 @@ + + + UniFi Controller + . + + + + + + + + + \ No newline at end of file diff --git a/home/dot_config/firewall/etc/firewalld/services/unifi-video.xml b/home/dot_config/firewall/etc/firewalld/services/unifi-video.xml new file mode 100644 index 00000000..5fac1d98 --- /dev/null +++ b/home/dot_config/firewall/etc/firewalld/services/unifi-video.xml @@ -0,0 +1,15 @@ + + + unifi-video + . + + + + + + + + + + + \ No newline at end of file diff --git a/home/dot_config/firewall/etc/firewalld/services/xrdp.xml b/home/dot_config/firewall/etc/firewalld/services/xrdp.xml new file mode 100644 index 00000000..e69de29b diff --git a/home/dot_config/firewall/etc/ufw/applications.d/README.md b/home/dot_config/firewall/etc/ufw/applications.d/README.md new file mode 100644 index 00000000..122177cf --- /dev/null +++ b/home/dot_config/firewall/etc/ufw/applications.d/README.md @@ -0,0 +1 @@ +These profiles are unused but are left here as an example should we decide to support `ufw` as well. \ No newline at end of file diff --git a/home/dot_config/firewall/etc/ufw/applications.d/cups b/home/dot_config/firewall/etc/ufw/applications.d/cups new file mode 100644 index 00000000..81191ba7 --- /dev/null +++ b/home/dot_config/firewall/etc/ufw/applications.d/cups @@ -0,0 +1,4 @@ +[CUPS] +title=CUPS +description=CUPS printer server +ports=631/tcp diff --git a/home/dot_config/firewall/etc/ufw/applications.d/maas b/home/dot_config/firewall/etc/ufw/applications.d/maas new file mode 100644 index 00000000..c157cd14 --- /dev/null +++ b/home/dot_config/firewall/etc/ufw/applications.d/maas @@ -0,0 +1,4 @@ +[MAAS] +title=MAAS +description=Ubuntu management software for equipment that is controlled by LPMI +ports=5240|5248|5241:5247/tcp|5241:5247/udp|5250:5270/tcp|5250:5270/udp diff --git a/home/dot_config/firewall/etc/ufw/applications.d/netbootxyz b/home/dot_config/firewall/etc/ufw/applications.d/netbootxyz new file mode 100644 index 00000000..54da9302 --- /dev/null +++ b/home/dot_config/firewall/etc/ufw/applications.d/netbootxyz @@ -0,0 +1,4 @@ +[NetbootXYZ] +title=NetbootXYZ +description=Boot over LAN +ports=69/udp diff --git a/home/dot_config/firewall/etc/ufw/applications.d/nginx b/home/dot_config/firewall/etc/ufw/applications.d/nginx new file mode 100644 index 00000000..ee2efd08 --- /dev/null +++ b/home/dot_config/firewall/etc/ufw/applications.d/nginx @@ -0,0 +1,19 @@ +[Nginx] +title=Nginx Server +description=Nginx server +ports=80/tcp + +[Nginx Secure] +title=Nginx Server (HTTPS) +description=Nginx server (HTTPS) +ports=443/tcp + +[Nginx Full] +title=Nginx Server (HTTP,HTTPS) +description=Nginx server (HTTP,HTTPS) +ports=80,443/tcp + +[Nginx Cache] +title=Nginx Server (8080) +description=Nginx server (8080) +ports=8080/tcp diff --git a/home/dot_config/firewall/etc/ufw/applications.d/plex b/home/dot_config/firewall/etc/ufw/applications.d/plex new file mode 100644 index 00000000..0615b29b --- /dev/null +++ b/home/dot_config/firewall/etc/ufw/applications.d/plex @@ -0,0 +1,14 @@ +[PlexMediaServer] +title=Plex Media Server (Standard) +description=The Plex Media Server +ports=32400/tcp|3005/tcp|5353/udp|8324/tcp|32410:32414/udp + +[PlexMediaServer DLNA] +title=Plex Media Server (DLNA) +description=The Plex Media Server (additional DLNA capability only) +ports=1900/udp|32469/tcp + +[PlexMediaServer Full] +title=Plex Media Server (Standard + DLNA) +description=The Plex Media Server (with additional DLNA capability) +ports=32400/tcp|3005/tcp|5353/udp|8324/tcp|32410:32414/udp|1900/udp|32469/tcp diff --git a/home/dot_config/firewall/etc/ufw/applications.d/rdp b/home/dot_config/firewall/etc/ufw/applications.d/rdp new file mode 100644 index 00000000..0d88da0f --- /dev/null +++ b/home/dot_config/firewall/etc/ufw/applications.d/rdp @@ -0,0 +1,4 @@ +[RDP] +title=RDP +description=Remotely sign into a desktop computer +ports=3389/tcp diff --git a/home/dot_config/firewall/etc/ufw/applications.d/unifi b/home/dot_config/firewall/etc/ufw/applications.d/unifi new file mode 100644 index 00000000..5d0d4be0 --- /dev/null +++ b/home/dot_config/firewall/etc/ufw/applications.d/unifi @@ -0,0 +1,4 @@ +[UniFi] +title=UniFi controller +description=All ports available for UniFi inform, guest portal, speed testing, and access to admin GUI +ports=5514,6789,8080,8843,8880/tcp|1900,3478,10001/udp diff --git a/home/dot_config/shell/private_private.sh.tmpl b/home/dot_config/shell/private_private.sh.tmpl index d970635f..8dba229c 100644 --- a/home/dot_config/shell/private_private.sh.tmpl +++ b/home/dot_config/shell/private_private.sh.tmpl @@ -74,6 +74,11 @@ export OPENAI_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplat ### PyPi export PYPI_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "PYPI_TOKEN")) }}{{ includeTemplate "secrets/PYPI_TOKEN" | decrypt | trim }}{{ else }}{{ env "PYPI_TOKEN" }}{{ end }}" +### Search GPT +# Also relies on `OPENAI_API_KEY` +export GOOGLE_SEARCH_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "GOOGLE_SEARCH_API_KEY")) }}{{ includeTemplate "secrets/GOOGLE_SEARCH_API_KEY" | decrypt | trim }}{{ else }}{{ env "GOOGLE_SEARCH_API_KEY" }}{{ end }}" +export GOOGLE_SEARCH_ID="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "GOOGLE_SEARCH_ID")) }}{{ includeTemplate "secrets/GOOGLE_SEARCH_ID" | decrypt | trim }}{{ else }}{{ env "GOOGLE_SEARCH_ID" }}{{ end }}" + ### Snapcraft export SNAPCRAFT_EMAIL="{{ .user.snapcraft.username }}" export SNAPCRAFT_MACAROON="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "SNAPCRAFT_MACAROON")) }}{{ includeTemplate "secrets/SNAPCRAFT_MACAROON" | decrypt | trim }}{{ else }}{{ env "SNAPCRAFT_MACAROON" }}{{ end }}" diff --git a/home/dot_local/bin/executable_install-program b/home/dot_local/bin/executable_install-program index b60b1465..60fe9e49 100644 --- a/home/dot_local/bin/executable_install-program +++ b/home/dot_local/bin/executable_install-program @@ -113,6 +113,7 @@ let installOrdersPre = [] let installOrdersPost = [] let installOrdersService = [] let installOrdersGroups = [] +let installOrdersPorts = [] let installOrdersPlugins = [] let installOrdersBinLink = [] let brewUpdated, osType, osID, snapRefreshed @@ -446,6 +447,10 @@ async function updateInstallMaps(preference, packages, scopedPreference, pkg, pa if (groupsHook) { installOrdersGroups = installOrdersGroups.concat(typeof groupsHook === 'string' ? [groupsHook] : groupsHook) } + const portsHook = getHook(packages, 'ports', scopedPreference, preference) + if (portsHook) { + installOrdersPorts = installOrdersPorts.concat(typeof portsHook === 'string' ? [portsHook] : portsHook) + } processPluginOrders(pkg) if (!installOrders[preference]) { installOrders[preference] = [] @@ -1543,6 +1548,41 @@ async function addUserGroup(group) { } } +/** + * Adds the rules specified in the `_ports` key of each entry in the `software.yml` file. + * + * @param rule Firewall rule in the form of 8888/tcp or 9999/udp. Can also be the XML file name stored in ~/.config/firewall/etc/firewalld/services. + */ +async function addFirewallRule(rule) { + const logStage = 'Firewall' + log('info', logStage, `Ensuring the ${rule} rule is added`) + if (osType === 'linux') { + const firewallCmd = which.sync('firewall-cmd', { nothrow: true }) + // const ufw = which.sync('ufw', { nothrow: true }) + if (firewallCmd) { + if (typeof rule.substring(0, 1) === 'number') { + runCommand(`Adding the ${rule} to the firewall configuration`, `sudo firewall-cmd --add-port=${rule} --permanent`) + } else { + runCommand(`Adding the ${rule} user / group`, `sudo firewall-cmd --add-service=${rule} --permanent`) + } + } else { + log('error', logStage, `The firewall-cmd executable is not present on the system so the firewall cannot be configured`) + } + } else if (osType === 'darwin') { + runCommand(`Creating the ${rule} group`, `sudo dscl . create /Groups/${rule}`) + runCommand(`Ensuring the ${rule} group has a GID`, `bash -c 'if [[ "$(sudo dscl . read /Groups/$GROUP gid 2>&1)" == *"No such key"* ]]; then MAX_ID_GROUP="$(dscl . -list /Groups gid | awk "{print $2}" | sort -ug | tail -1)"; GROUP_ID="$((MAX_ID_GROUP+1))"; sudo dscl . create /Groups/${rule} gid "$GROUP_ID"; fi'`) + runCommand(`Adding the ${rule} user`, `sudo dscl . create /Users/${rule}`) + runCommand(`Ensuring the ${rule} user has a PrimaryGroupID`, `bash -c 'if [[ "$(sudo dscl . read /Users/${rule} PrimaryGroupID 2>&1)" == *"No such key"* ]]; then sudo dscl . create /Users/${rule} PrimaryGroupID 20; fi'`) + runCommand(`Ensuring the ${rule} user has a UniqueID`, `bash -c 'if [[ "$(sudo dscl . read /Users/${rule} UniqueID 2>&1)" == *"No such key"* ]]; then MAX_ID_USER="$(dscl . -list /Users UniqueID | sort -nr -k 2 | head -1 | grep -oE "[0-9]+$")"; USER_ID="$((MAX_ID_USER+1))"; sudo dscl . create /Users/${rule} UniqueID "$USERID"; fi'`) + runCommand(`Adding the ${rule} user to the ${rule} group`, `sudo dseditgroup -o edit -t user -a ${rule} ${rule}`) + runCommand(`Adding the ${process.env.USER} user to the ${rule} group`, `sudo dseditgroup -o edit -t user -a ${process.env.USER} ${rule}`) + } else if (osType === 'windows') { + log('warn', logStage, `Windows support not yet added`) + } else { + log('warn', logStage, `Unknown operating system type`) + } +} + async function updateService(service) { const logStage = 'Service Service' if (osType === 'linux') { @@ -1805,6 +1845,10 @@ async function installSoftware(pkgsToInstall) { asyncOrders.push(installPackageList(packageManager, installOrders[packageManager])) await Promise.all(asyncOrders) } + installOrdersPorts.length && log('info', 'Firewall', 'Configuring firewall exceptions') + for (const firewallRule of installOrdersPorts) { + await addFirewallRule(firewallRule) + } installOrdersService.length && log('info', 'Post-Install', `Running package-specific post-installation steps`) for (const service of installOrdersService) { await updateService(service) diff --git a/software.yml b/software.yml index c328fbf4..8d2ec738 100644 --- a/software.yml +++ b/software.yml @@ -2820,14 +2820,6 @@ softwarePackages: dnf: firefox flatpak: org.mozilla.firefox pacman: firefox - firewall: - _bin: null - _desc: This role is intended to be used with the ProfessorManhattan playbook. It integrates tightly with the other roles included with the playbook. - _docs: null - _github: null - _home: null - _name: Firewall - ansible: professormanhattan.firewall fission: _bin: fission _desc: Fast and Simple Serverless Functions for Kubernetes @@ -5795,6 +5787,11 @@ softwarePackages: _github: https://github.com/nginx/nginx _home: https://nginx.org/ _name: NGINX + _ports: + - port: 80 + proto: udp + - port: 443 + proto: udp ansible: professormanhattan.nginx apt: nginx brew: nginx @@ -7099,13 +7096,37 @@ softwarePackages: _name: Microsoft Remote Desktop _when:cask: '! test -d "/Applications/Microsoft Remote Desktop.app"' cask: microsoft-remote-desktop + aiac: + _bin: aiac + _github: https://github.com/gofireflyio/aiac + _name: AIAC + brew: gofireflyio/aiac/aiac + go: github.com/gofireflyio/aiac/v3@latest + firewalld: + _bin: firewall-cmd + _github: https://github.com/firewalld/firewalld + _name: FirewallD + _service: firewalld + _pre: if command -v ufw > /dev/null; then sudo ufw disable; fi + _service: firewalld + _notes: https://computingforgeeks.com/install-and-use-firewalld-on-ubuntu/ + apt: firewalld + dnf: firewalld + emerge: net-firewall/firewalld + pacman: firewalld + script:darwin: sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on + zypper: firewalld xrdp: _bin: xrdp _desc: null _docs: null - _github: null - _home: null + _github: https://github.com/neutrinolabs/xrdp + _home: http://www.xrdp.org/ _name: xrdp + _ports: + - port: 3389 + proto: tcp + _post: sudo adduser xrdp ssl-cert _service: xrdp _service:yay: - xrdp @@ -7113,6 +7134,8 @@ softwarePackages: _note: Should work like professormanhattan.remotedesktop apt: xrdp dnf: xrdp + pacman: xrdp + zypper: xrdp yay: xrdp responsively: _bin: null @@ -9566,6 +9589,11 @@ softwarePackages: _home: null _name: Yarnhook npm: yarnhook + search-gpt: + _bin: searchgpt + _github: https://github.com/tobiasbueschel/search-gpt + _name: Search GPT + npm: search-gpt yj: _bin: yj _desc: CLI program that allows you to convert between YAML, TOML, JSON, and HCL. @@ -9687,6 +9715,9 @@ softwarePackages: _bin: tigervncpasswd _github: https://github.com/DukeyToo/tightvnc-server _name: TightVNC Server + _ports: + - port: 5900-5909 + proto: tcp apt: tigervnc-standalone-server dnf: tigervnc-server pacman: tigervnc @@ -9830,6 +9861,7 @@ softwarePlugins: raycast: cmd: null plugins: + - https://www.raycast.com/abielzulio/chatgpt - https://www.raycast.com/BalliAsghar/mailsy steampipe: cmd: steampipe plugin install {PLUGIN}