From 6102deaa337d085338d79d5eb920194f1eb8a39d Mon Sep 17 00:00:00 2001
From: Brian Zalewski <59970525+ProfessorManhattan@users.noreply.github.com>
Date: Wed, 28 Jun 2023 02:53:52 +0000
Subject: [PATCH] Latest
---
docs/INSPIRATION.md | 1 +
docs/TODO.md | 19 ++++++-
home/.chezmoidata.yaml | 2 +
.../run_onchange_after_16-vnc.sh.tmpl | 4 +-
...change_after_18-configure-firewall.sh.tmpl | 7 +++
.../secrets/GOOGLE_SEARCH_API_KEY | 7 +++
.../secrets/GOOGLE_SEARCH_ID | 7 +++
home/dot_config/firewall/applet.conf | 3 ++
.../firewall/etc/firewalld/services/ftp.xml | 7 +++
.../etc/firewalld/services/ipfs-api.xml | 6 +++
.../etc/firewalld/services/ipfs-swarm.xml | 7 +++
.../etc/firewalld/services/ipfs-websocket.xml | 6 +++
.../etc/firewalld/services/jellyfin.xml | 9 ++++
.../etc/firewalld/services/k8s-master.xml | 10 ++++
.../etc/firewalld/services/k8s-worker.xml | 8 +++
.../firewall/etc/firewalld/services/mdns.xml | 7 +++
.../services/openvpn-access-server.xml | 8 +++
.../firewall/etc/firewalld/services/plex.xml | 12 +++++
.../firewalld/services/unifi-controller.xml | 13 +++++
.../etc/firewalld/services/unifi-video.xml | 15 ++++++
.../firewall/etc/firewalld/services/xrdp.xml | 0
.../firewall/etc/ufw/applications.d/README.md | 1 +
.../firewall/etc/ufw/applications.d/cups | 4 ++
.../firewall/etc/ufw/applications.d/maas | 4 ++
.../etc/ufw/applications.d/netbootxyz | 4 ++
.../firewall/etc/ufw/applications.d/nginx | 19 +++++++
.../firewall/etc/ufw/applications.d/plex | 14 +++++
.../firewall/etc/ufw/applications.d/rdp | 4 ++
.../firewall/etc/ufw/applications.d/unifi | 4 ++
home/dot_config/shell/private_private.sh.tmpl | 5 ++
home/dot_local/bin/executable_install-program | 44 ++++++++++++++++
software.yml | 52 +++++++++++++++----
32 files changed, 300 insertions(+), 13 deletions(-)
create mode 100644 home/.chezmoiscripts/universal/run_onchange_after_18-configure-firewall.sh.tmpl
create mode 100644 home/.chezmoitemplates/secrets/GOOGLE_SEARCH_API_KEY
create mode 100644 home/.chezmoitemplates/secrets/GOOGLE_SEARCH_ID
create mode 100644 home/dot_config/firewall/applet.conf
create mode 100644 home/dot_config/firewall/etc/firewalld/services/ftp.xml
create mode 100644 home/dot_config/firewall/etc/firewalld/services/ipfs-api.xml
create mode 100644 home/dot_config/firewall/etc/firewalld/services/ipfs-swarm.xml
create mode 100644 home/dot_config/firewall/etc/firewalld/services/ipfs-websocket.xml
create mode 100644 home/dot_config/firewall/etc/firewalld/services/jellyfin.xml
create mode 100644 home/dot_config/firewall/etc/firewalld/services/k8s-master.xml
create mode 100644 home/dot_config/firewall/etc/firewalld/services/k8s-worker.xml
create mode 100644 home/dot_config/firewall/etc/firewalld/services/mdns.xml
create mode 100644 home/dot_config/firewall/etc/firewalld/services/openvpn-access-server.xml
create mode 100644 home/dot_config/firewall/etc/firewalld/services/plex.xml
create mode 100644 home/dot_config/firewall/etc/firewalld/services/unifi-controller.xml
create mode 100644 home/dot_config/firewall/etc/firewalld/services/unifi-video.xml
create mode 100644 home/dot_config/firewall/etc/firewalld/services/xrdp.xml
create mode 100644 home/dot_config/firewall/etc/ufw/applications.d/README.md
create mode 100644 home/dot_config/firewall/etc/ufw/applications.d/cups
create mode 100644 home/dot_config/firewall/etc/ufw/applications.d/maas
create mode 100644 home/dot_config/firewall/etc/ufw/applications.d/netbootxyz
create mode 100644 home/dot_config/firewall/etc/ufw/applications.d/nginx
create mode 100644 home/dot_config/firewall/etc/ufw/applications.d/plex
create mode 100644 home/dot_config/firewall/etc/ufw/applications.d/rdp
create mode 100644 home/dot_config/firewall/etc/ufw/applications.d/unifi
diff --git a/docs/INSPIRATION.md b/docs/INSPIRATION.md
index 74f3087a..139a7a73 100644
--- a/docs/INSPIRATION.md
+++ b/docs/INSPIRATION.md
@@ -60,6 +60,7 @@
* https://github.com/pouchdb/pouchdb
* https://uppy.io/docs/dashboard/
* https://unkey.dev/
+* [Title](https://github.com/vercel-labs/ai-chatbot)
## Serverless
diff --git a/docs/TODO.md b/docs/TODO.md
index 124d0e04..40a2e7d6 100644
--- a/docs/TODO.md
+++ b/docs/TODO.md
@@ -2,6 +2,7 @@
This page outlines various projects and tasks that we are currently working on. Creating a GitHub issue for each of these items would be overkill.
+* [Title](https://github.com/KnowledgeCanvas/knowledge)
* Configure Navi to automatically download and use the best cheat repositories
* Finish TS from 1400 stars
* Python
@@ -14,7 +15,14 @@ This page outlines various projects and tasks that we are currently working on.
* JavaScript start at 10k
* Go through https://github.com/jaywcjlove/awesome-mac
* https://codesandbox.io/ https://github.com/firecracker-microvm/firecracker
-
+* (https://www.kolide.com/features/checks/mac-firewall)
+* (https://github.com/tobiasbueschel/search-gpt)
+* Create IP set for CloudFlare [Title](https://firewalld.org/documentation/man-pages/firewalld.ipset.html)
+* https://chainner.app/
+* https://github.com/kyrolabs/awesome-langchain)
+( [Title](https://github.com/StanGirard/quivr))
+* [Title](https://github.com/PromtEngineer/localGPT)
+* [Title](https://github.com/reworkd/AgentGPT)
## Upstream
The following items are things we would like to include into the Install Doctor system but are waiting on upstream changes.
@@ -182,6 +190,15 @@ The following items have been reviewed but need to be revisited due to complexit
* https://github.com/OpenNebula/one /. https://github.com/OpenNebula/minione
* https://github.com/ConvoyPanel/panel
* https://github.com/hashicorp/nomad
+* [Title](https://github.com/Soft/xcolor)
+* [Title](https://github.com/Xpra-org/xpra)
+* [Title](https://github.com/ksnip/ksnip)
+* [Title](https://github.com/leftwm/leftwm)
+* [Title](https://github.com/polybar/polybar)
+* [Title](https://github.com/kingToolbox/WindTerm)
+* [Title](https://github.com/hyprwm/Hypr)
+* [Title](https://github.com/Sygil-Dev/sygil-webui)
+* [Title](https://github.com/psychic-api/psychic)
## Docker Issue
diff --git a/home/.chezmoidata.yaml b/home/.chezmoidata.yaml
index 6761f05c..96b3fc68 100644
--- a/home/.chezmoidata.yaml
+++ b/home/.chezmoidata.yaml
@@ -360,6 +360,7 @@ softwareGroups:
- resume
- s-search
- sad
+ - search-gpt
- slack-term
- slides
- social-analyzer
@@ -916,6 +917,7 @@ softwareGroups:
- cookiecutter
- gomplate
Terraform: &Terraform
+ - aiac
- terraform
- tfenv
- tflint
diff --git a/home/.chezmoiscripts/universal/run_onchange_after_16-vnc.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_16-vnc.sh.tmpl
index 140fbc37..2b27f984 100644
--- a/home/.chezmoiscripts/universal/run_onchange_after_16-vnc.sh.tmpl
+++ b/home/.chezmoiscripts/universal/run_onchange_after_16-vnc.sh.tmpl
@@ -24,15 +24,15 @@ if [ -d /Applications ] && [ -d /System ]; then
# Only enable when computer is not a corporate / work computer
{{ if (ne .host.work true) -}}
logg info 'Enabling VNC using the `VNC_PASSWORD` variable which is `vncpass` when nothing is specified'
- sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -clientopts -setvnclegacy -vnclegacy yes -clientopts -setvncpw -vncpw {{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VNC_PASSWORD")) }}{{ includeTemplate "secrets/VNC_PASSWORD" | decrypt | trim }}{{ else }}{{ default "vncpass" (env "VNC_PASSWORD") }}{{ end }} -restart -agent -privs -all
+ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -allowAccessFor -specifiedUsers -clientopts -setreqperm -reqperm yes -setvnclegacy -vnclegacy yes -setvncpw -vncpw {{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VNC_PASSWORD")) }}{{ includeTemplate "secrets/VNC_PASSWORD" | decrypt | trim }}{{ else }}{{ default "vncpass" (env "VNC_PASSWORD") }}{{ end }} -restart -agent -privs -all -users {{ .user.name }}
{{- end }}
else
# System is Linux
+ ### VNC set-up / configuration
if command -v vncpasswd > /dev/null; then
# TigerVNC (or alternative VNC program) is installed
logg info 'Copying VNC configuration files from ~/.config/vnc/etc to /'
sudo cp -Rf "${XDG_CONFIG_HOME:-$HOME/.config}/vnc/etc" /
- sudo systemctl
if [ ! -d "${XDG_CONFIG_HOME:-$HOME/.config}/vnc" ]; then
mkdir -p "${XDG_CONFIG_HOME:-$HOME/.config}/vnc"
fi
diff --git a/home/.chezmoiscripts/universal/run_onchange_after_18-configure-firewall.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_18-configure-firewall.sh.tmpl
new file mode 100644
index 00000000..72343342
--- /dev/null
+++ b/home/.chezmoiscripts/universal/run_onchange_after_18-configure-firewall.sh.tmpl
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+if [ -d /Applications ] && [ -d /System ]; then
+ # System is macOS
+ logg info 'Enabling macOS firewall'
+
+fi
\ No newline at end of file
diff --git a/home/.chezmoitemplates/secrets/GOOGLE_SEARCH_API_KEY b/home/.chezmoitemplates/secrets/GOOGLE_SEARCH_API_KEY
new file mode 100644
index 00000000..fbc54b50
--- /dev/null
+++ b/home/.chezmoitemplates/secrets/GOOGLE_SEARCH_API_KEY
@@ -0,0 +1,7 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVNHB0YXhyR3NEQVZMaEw5
+RjRSbE56Vk9VU2lZTWo2NHNoSXhjZUZYYVNzClh3ay9ZdStiWUlLMnNXT1RmT3Vw
+aVRtNHAvR2xSdmRMQW1LYkR5MlRjbmMKLS0tIFJDcEphZUZZc0RjYmUwRTlkZDFh
+SXlFSXErOEdHZHJkVmlDWHJvWDJjSnMKTZuglTRlnTiU/YMzQjNUZY3stUz8ujwP
+FsyjC/1mp3eYNr5jEnRH1ACSpTesYZ/jgl0b/B3z2eGPN2ButzjAbQ62+0kDuTo=
+-----END AGE ENCRYPTED FILE-----
\ No newline at end of file
diff --git a/home/.chezmoitemplates/secrets/GOOGLE_SEARCH_ID b/home/.chezmoitemplates/secrets/GOOGLE_SEARCH_ID
new file mode 100644
index 00000000..eda2ef93
--- /dev/null
+++ b/home/.chezmoitemplates/secrets/GOOGLE_SEARCH_ID
@@ -0,0 +1,7 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUZjBDMy9yQW9LZTBQWFUr
+SklhbWtWUVpzZDc3TkhzRkxydmppSmc2NkVZCkVyK1BWQ3UxQTE1OC8vL1VVVStz
+Z2t1ckNhWDlPd1BuNXNLakNRZWpVSGMKLS0tIE5mdi9RaWhWUWtwcTZTeW9xWFgy
+OUNpQWxnRnBpb1JXbU42SHhaa2Z5UFkKDrEwiM7oz62yvE72M87gABy+6ZWqyR95
+DGFBDzXJqNtk7tyLHwkh7cZFd4MHKIL7sA==
+-----END AGE ENCRYPTED FILE-----
\ No newline at end of file
diff --git a/home/dot_config/firewall/applet.conf b/home/dot_config/firewall/applet.conf
new file mode 100644
index 00000000..b3541bde
--- /dev/null
+++ b/home/dot_config/firewall/applet.conf
@@ -0,0 +1,3 @@
+[General]
+notifications=true
+show-inactive=true
diff --git a/home/dot_config/firewall/etc/firewalld/services/ftp.xml b/home/dot_config/firewall/etc/firewalld/services/ftp.xml
new file mode 100644
index 00000000..e33bac5f
--- /dev/null
+++ b/home/dot_config/firewall/etc/firewalld/services/ftp.xml
@@ -0,0 +1,7 @@
+
+
+ FTP
+ FTP is a protocol used for remote file transfer. If you plan to make your FTP server publicly available, enable this option. You need the vsftpd package installed for this option to be useful.
+
+
+
\ No newline at end of file
diff --git a/home/dot_config/firewall/etc/firewalld/services/ipfs-api.xml b/home/dot_config/firewall/etc/firewalld/services/ipfs-api.xml
new file mode 100644
index 00000000..1db4604a
--- /dev/null
+++ b/home/dot_config/firewall/etc/firewalld/services/ipfs-api.xml
@@ -0,0 +1,6 @@
+
+
+ IPFS Daemon API
+ InterPlanetary File System (IPFS) is a protocol and peer-to-peer network for storing and sharing data in a distributed file system.
+
+
\ No newline at end of file
diff --git a/home/dot_config/firewall/etc/firewalld/services/ipfs-swarm.xml b/home/dot_config/firewall/etc/firewalld/services/ipfs-swarm.xml
new file mode 100644
index 00000000..4189b816
--- /dev/null
+++ b/home/dot_config/firewall/etc/firewalld/services/ipfs-swarm.xml
@@ -0,0 +1,7 @@
+
+
+ IPFS Swarm
+ InterPlanetary File System (IPFS) is a protocol and peer-to-peer network for storing and sharing data in a distributed file system.
+
+
+
\ No newline at end of file
diff --git a/home/dot_config/firewall/etc/firewalld/services/ipfs-websocket.xml b/home/dot_config/firewall/etc/firewalld/services/ipfs-websocket.xml
new file mode 100644
index 00000000..b417eadc
--- /dev/null
+++ b/home/dot_config/firewall/etc/firewalld/services/ipfs-websocket.xml
@@ -0,0 +1,6 @@
+
+
+ IPFS Swarm Websockets
+ InterPlanetary File System (IPFS) is a protocol and peer-to-peer network for storing and sharing data in a distributed file system.
+
+
\ No newline at end of file
diff --git a/home/dot_config/firewall/etc/firewalld/services/jellyfin.xml b/home/dot_config/firewall/etc/firewalld/services/jellyfin.xml
new file mode 100644
index 00000000..450493f8
--- /dev/null
+++ b/home/dot_config/firewall/etc/firewalld/services/jellyfin.xml
@@ -0,0 +1,9 @@
+
+
+ jellyfin
+ ellyfin is the volunteer-built media solution that puts you in control of your media. Stream to any device from your own server, with no strings attached. Your media, your server, your way.
+
+
+
+
+
\ No newline at end of file
diff --git a/home/dot_config/firewall/etc/firewalld/services/k8s-master.xml b/home/dot_config/firewall/etc/firewalld/services/k8s-master.xml
new file mode 100644
index 00000000..b6a3e249
--- /dev/null
+++ b/home/dot_config/firewall/etc/firewalld/services/k8s-master.xml
@@ -0,0 +1,10 @@
+
+
+ Kubernetes Master
+ Ports required for a Kubernetes Master node per https://kubernetes.io/docs/setup/independent/install-kubeadm/.
+
+
+
+
+
+
\ No newline at end of file
diff --git a/home/dot_config/firewall/etc/firewalld/services/k8s-worker.xml b/home/dot_config/firewall/etc/firewalld/services/k8s-worker.xml
new file mode 100644
index 00000000..2576947c
--- /dev/null
+++ b/home/dot_config/firewall/etc/firewalld/services/k8s-worker.xml
@@ -0,0 +1,8 @@
+
+
+ Kubernetes Worker
+ Ports required for a Kubernetes Worker node per https://kubernetes.io/docs/setup/independent/install-kubeadm/.
+
+
+
+
\ No newline at end of file
diff --git a/home/dot_config/firewall/etc/firewalld/services/mdns.xml b/home/dot_config/firewall/etc/firewalld/services/mdns.xml
new file mode 100644
index 00000000..cde96c3e
--- /dev/null
+++ b/home/dot_config/firewall/etc/firewalld/services/mdns.xml
@@ -0,0 +1,7 @@
+
+
+ Multicast DNS (mDNS)
+ mDNS provides the ability to use DNS programming interfaces, packet formats and operating semantics in a small network without a conventional DNS server. If you plan to use Avahi, do not disable this option.
+
+
+
\ No newline at end of file
diff --git a/home/dot_config/firewall/etc/firewalld/services/openvpn-access-server.xml b/home/dot_config/firewall/etc/firewalld/services/openvpn-access-server.xml
new file mode 100644
index 00000000..29d71589
--- /dev/null
+++ b/home/dot_config/firewall/etc/firewalld/services/openvpn-access-server.xml
@@ -0,0 +1,8 @@
+
+
+ OpenVPN Access Server
+ OpenVPN Access Server is a set of installation and configuration tools that come in one package that simplifies the rapid deployment of a VPN remote access solution.
+
+
+
+
\ No newline at end of file
diff --git a/home/dot_config/firewall/etc/firewalld/services/plex.xml b/home/dot_config/firewall/etc/firewalld/services/plex.xml
new file mode 100644
index 00000000..de3a6e5a
--- /dev/null
+++ b/home/dot_config/firewall/etc/firewalld/services/plex.xml
@@ -0,0 +1,12 @@
+
+
+ Plex
+ .
+ # Plex Media Server
+ # Plex DLNA Server
+ # Plex DLNA Server
+ # GDM Network Discovery
+ # GDM Network Discovery
+ # GDM Network Discovery
+ # GDM Network Discovery
+
\ No newline at end of file
diff --git a/home/dot_config/firewall/etc/firewalld/services/unifi-controller.xml b/home/dot_config/firewall/etc/firewalld/services/unifi-controller.xml
new file mode 100644
index 00000000..03ac6129
--- /dev/null
+++ b/home/dot_config/firewall/etc/firewalld/services/unifi-controller.xml
@@ -0,0 +1,13 @@
+
+
+ UniFi Controller
+ .
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/home/dot_config/firewall/etc/firewalld/services/unifi-video.xml b/home/dot_config/firewall/etc/firewalld/services/unifi-video.xml
new file mode 100644
index 00000000..5fac1d98
--- /dev/null
+++ b/home/dot_config/firewall/etc/firewalld/services/unifi-video.xml
@@ -0,0 +1,15 @@
+
+
+ unifi-video
+ .
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/home/dot_config/firewall/etc/firewalld/services/xrdp.xml b/home/dot_config/firewall/etc/firewalld/services/xrdp.xml
new file mode 100644
index 00000000..e69de29b
diff --git a/home/dot_config/firewall/etc/ufw/applications.d/README.md b/home/dot_config/firewall/etc/ufw/applications.d/README.md
new file mode 100644
index 00000000..122177cf
--- /dev/null
+++ b/home/dot_config/firewall/etc/ufw/applications.d/README.md
@@ -0,0 +1 @@
+These profiles are unused but are left here as an example should we decide to support `ufw` as well.
\ No newline at end of file
diff --git a/home/dot_config/firewall/etc/ufw/applications.d/cups b/home/dot_config/firewall/etc/ufw/applications.d/cups
new file mode 100644
index 00000000..81191ba7
--- /dev/null
+++ b/home/dot_config/firewall/etc/ufw/applications.d/cups
@@ -0,0 +1,4 @@
+[CUPS]
+title=CUPS
+description=CUPS printer server
+ports=631/tcp
diff --git a/home/dot_config/firewall/etc/ufw/applications.d/maas b/home/dot_config/firewall/etc/ufw/applications.d/maas
new file mode 100644
index 00000000..c157cd14
--- /dev/null
+++ b/home/dot_config/firewall/etc/ufw/applications.d/maas
@@ -0,0 +1,4 @@
+[MAAS]
+title=MAAS
+description=Ubuntu management software for equipment that is controlled by LPMI
+ports=5240|5248|5241:5247/tcp|5241:5247/udp|5250:5270/tcp|5250:5270/udp
diff --git a/home/dot_config/firewall/etc/ufw/applications.d/netbootxyz b/home/dot_config/firewall/etc/ufw/applications.d/netbootxyz
new file mode 100644
index 00000000..54da9302
--- /dev/null
+++ b/home/dot_config/firewall/etc/ufw/applications.d/netbootxyz
@@ -0,0 +1,4 @@
+[NetbootXYZ]
+title=NetbootXYZ
+description=Boot over LAN
+ports=69/udp
diff --git a/home/dot_config/firewall/etc/ufw/applications.d/nginx b/home/dot_config/firewall/etc/ufw/applications.d/nginx
new file mode 100644
index 00000000..ee2efd08
--- /dev/null
+++ b/home/dot_config/firewall/etc/ufw/applications.d/nginx
@@ -0,0 +1,19 @@
+[Nginx]
+title=Nginx Server
+description=Nginx server
+ports=80/tcp
+
+[Nginx Secure]
+title=Nginx Server (HTTPS)
+description=Nginx server (HTTPS)
+ports=443/tcp
+
+[Nginx Full]
+title=Nginx Server (HTTP,HTTPS)
+description=Nginx server (HTTP,HTTPS)
+ports=80,443/tcp
+
+[Nginx Cache]
+title=Nginx Server (8080)
+description=Nginx server (8080)
+ports=8080/tcp
diff --git a/home/dot_config/firewall/etc/ufw/applications.d/plex b/home/dot_config/firewall/etc/ufw/applications.d/plex
new file mode 100644
index 00000000..0615b29b
--- /dev/null
+++ b/home/dot_config/firewall/etc/ufw/applications.d/plex
@@ -0,0 +1,14 @@
+[PlexMediaServer]
+title=Plex Media Server (Standard)
+description=The Plex Media Server
+ports=32400/tcp|3005/tcp|5353/udp|8324/tcp|32410:32414/udp
+
+[PlexMediaServer DLNA]
+title=Plex Media Server (DLNA)
+description=The Plex Media Server (additional DLNA capability only)
+ports=1900/udp|32469/tcp
+
+[PlexMediaServer Full]
+title=Plex Media Server (Standard + DLNA)
+description=The Plex Media Server (with additional DLNA capability)
+ports=32400/tcp|3005/tcp|5353/udp|8324/tcp|32410:32414/udp|1900/udp|32469/tcp
diff --git a/home/dot_config/firewall/etc/ufw/applications.d/rdp b/home/dot_config/firewall/etc/ufw/applications.d/rdp
new file mode 100644
index 00000000..0d88da0f
--- /dev/null
+++ b/home/dot_config/firewall/etc/ufw/applications.d/rdp
@@ -0,0 +1,4 @@
+[RDP]
+title=RDP
+description=Remotely sign into a desktop computer
+ports=3389/tcp
diff --git a/home/dot_config/firewall/etc/ufw/applications.d/unifi b/home/dot_config/firewall/etc/ufw/applications.d/unifi
new file mode 100644
index 00000000..5d0d4be0
--- /dev/null
+++ b/home/dot_config/firewall/etc/ufw/applications.d/unifi
@@ -0,0 +1,4 @@
+[UniFi]
+title=UniFi controller
+description=All ports available for UniFi inform, guest portal, speed testing, and access to admin GUI
+ports=5514,6789,8080,8843,8880/tcp|1900,3478,10001/udp
diff --git a/home/dot_config/shell/private_private.sh.tmpl b/home/dot_config/shell/private_private.sh.tmpl
index d970635f..8dba229c 100644
--- a/home/dot_config/shell/private_private.sh.tmpl
+++ b/home/dot_config/shell/private_private.sh.tmpl
@@ -74,6 +74,11 @@ export OPENAI_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplat
### PyPi
export PYPI_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "PYPI_TOKEN")) }}{{ includeTemplate "secrets/PYPI_TOKEN" | decrypt | trim }}{{ else }}{{ env "PYPI_TOKEN" }}{{ end }}"
+### Search GPT
+# Also relies on `OPENAI_API_KEY`
+export GOOGLE_SEARCH_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "GOOGLE_SEARCH_API_KEY")) }}{{ includeTemplate "secrets/GOOGLE_SEARCH_API_KEY" | decrypt | trim }}{{ else }}{{ env "GOOGLE_SEARCH_API_KEY" }}{{ end }}"
+export GOOGLE_SEARCH_ID="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "GOOGLE_SEARCH_ID")) }}{{ includeTemplate "secrets/GOOGLE_SEARCH_ID" | decrypt | trim }}{{ else }}{{ env "GOOGLE_SEARCH_ID" }}{{ end }}"
+
### Snapcraft
export SNAPCRAFT_EMAIL="{{ .user.snapcraft.username }}"
export SNAPCRAFT_MACAROON="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "SNAPCRAFT_MACAROON")) }}{{ includeTemplate "secrets/SNAPCRAFT_MACAROON" | decrypt | trim }}{{ else }}{{ env "SNAPCRAFT_MACAROON" }}{{ end }}"
diff --git a/home/dot_local/bin/executable_install-program b/home/dot_local/bin/executable_install-program
index b60b1465..60fe9e49 100644
--- a/home/dot_local/bin/executable_install-program
+++ b/home/dot_local/bin/executable_install-program
@@ -113,6 +113,7 @@ let installOrdersPre = []
let installOrdersPost = []
let installOrdersService = []
let installOrdersGroups = []
+let installOrdersPorts = []
let installOrdersPlugins = []
let installOrdersBinLink = []
let brewUpdated, osType, osID, snapRefreshed
@@ -446,6 +447,10 @@ async function updateInstallMaps(preference, packages, scopedPreference, pkg, pa
if (groupsHook) {
installOrdersGroups = installOrdersGroups.concat(typeof groupsHook === 'string' ? [groupsHook] : groupsHook)
}
+ const portsHook = getHook(packages, 'ports', scopedPreference, preference)
+ if (portsHook) {
+ installOrdersPorts = installOrdersPorts.concat(typeof portsHook === 'string' ? [portsHook] : portsHook)
+ }
processPluginOrders(pkg)
if (!installOrders[preference]) {
installOrders[preference] = []
@@ -1543,6 +1548,41 @@ async function addUserGroup(group) {
}
}
+/**
+ * Adds the rules specified in the `_ports` key of each entry in the `software.yml` file.
+ *
+ * @param rule Firewall rule in the form of 8888/tcp or 9999/udp. Can also be the XML file name stored in ~/.config/firewall/etc/firewalld/services.
+ */
+async function addFirewallRule(rule) {
+ const logStage = 'Firewall'
+ log('info', logStage, `Ensuring the ${rule} rule is added`)
+ if (osType === 'linux') {
+ const firewallCmd = which.sync('firewall-cmd', { nothrow: true })
+ // const ufw = which.sync('ufw', { nothrow: true })
+ if (firewallCmd) {
+ if (typeof rule.substring(0, 1) === 'number') {
+ runCommand(`Adding the ${rule} to the firewall configuration`, `sudo firewall-cmd --add-port=${rule} --permanent`)
+ } else {
+ runCommand(`Adding the ${rule} user / group`, `sudo firewall-cmd --add-service=${rule} --permanent`)
+ }
+ } else {
+ log('error', logStage, `The firewall-cmd executable is not present on the system so the firewall cannot be configured`)
+ }
+ } else if (osType === 'darwin') {
+ runCommand(`Creating the ${rule} group`, `sudo dscl . create /Groups/${rule}`)
+ runCommand(`Ensuring the ${rule} group has a GID`, `bash -c 'if [[ "$(sudo dscl . read /Groups/$GROUP gid 2>&1)" == *"No such key"* ]]; then MAX_ID_GROUP="$(dscl . -list /Groups gid | awk "{print $2}" | sort -ug | tail -1)"; GROUP_ID="$((MAX_ID_GROUP+1))"; sudo dscl . create /Groups/${rule} gid "$GROUP_ID"; fi'`)
+ runCommand(`Adding the ${rule} user`, `sudo dscl . create /Users/${rule}`)
+ runCommand(`Ensuring the ${rule} user has a PrimaryGroupID`, `bash -c 'if [[ "$(sudo dscl . read /Users/${rule} PrimaryGroupID 2>&1)" == *"No such key"* ]]; then sudo dscl . create /Users/${rule} PrimaryGroupID 20; fi'`)
+ runCommand(`Ensuring the ${rule} user has a UniqueID`, `bash -c 'if [[ "$(sudo dscl . read /Users/${rule} UniqueID 2>&1)" == *"No such key"* ]]; then MAX_ID_USER="$(dscl . -list /Users UniqueID | sort -nr -k 2 | head -1 | grep -oE "[0-9]+$")"; USER_ID="$((MAX_ID_USER+1))"; sudo dscl . create /Users/${rule} UniqueID "$USERID"; fi'`)
+ runCommand(`Adding the ${rule} user to the ${rule} group`, `sudo dseditgroup -o edit -t user -a ${rule} ${rule}`)
+ runCommand(`Adding the ${process.env.USER} user to the ${rule} group`, `sudo dseditgroup -o edit -t user -a ${process.env.USER} ${rule}`)
+ } else if (osType === 'windows') {
+ log('warn', logStage, `Windows support not yet added`)
+ } else {
+ log('warn', logStage, `Unknown operating system type`)
+ }
+}
+
async function updateService(service) {
const logStage = 'Service Service'
if (osType === 'linux') {
@@ -1805,6 +1845,10 @@ async function installSoftware(pkgsToInstall) {
asyncOrders.push(installPackageList(packageManager, installOrders[packageManager]))
await Promise.all(asyncOrders)
}
+ installOrdersPorts.length && log('info', 'Firewall', 'Configuring firewall exceptions')
+ for (const firewallRule of installOrdersPorts) {
+ await addFirewallRule(firewallRule)
+ }
installOrdersService.length && log('info', 'Post-Install', `Running package-specific post-installation steps`)
for (const service of installOrdersService) {
await updateService(service)
diff --git a/software.yml b/software.yml
index c328fbf4..8d2ec738 100644
--- a/software.yml
+++ b/software.yml
@@ -2820,14 +2820,6 @@ softwarePackages:
dnf: firefox
flatpak: org.mozilla.firefox
pacman: firefox
- firewall:
- _bin: null
- _desc: This role is intended to be used with the ProfessorManhattan playbook. It integrates tightly with the other roles included with the playbook.
- _docs: null
- _github: null
- _home: null
- _name: Firewall
- ansible: professormanhattan.firewall
fission:
_bin: fission
_desc: Fast and Simple Serverless Functions for Kubernetes
@@ -5795,6 +5787,11 @@ softwarePackages:
_github: https://github.com/nginx/nginx
_home: https://nginx.org/
_name: NGINX
+ _ports:
+ - port: 80
+ proto: udp
+ - port: 443
+ proto: udp
ansible: professormanhattan.nginx
apt: nginx
brew: nginx
@@ -7099,13 +7096,37 @@ softwarePackages:
_name: Microsoft Remote Desktop
_when:cask: '! test -d "/Applications/Microsoft Remote Desktop.app"'
cask: microsoft-remote-desktop
+ aiac:
+ _bin: aiac
+ _github: https://github.com/gofireflyio/aiac
+ _name: AIAC
+ brew: gofireflyio/aiac/aiac
+ go: github.com/gofireflyio/aiac/v3@latest
+ firewalld:
+ _bin: firewall-cmd
+ _github: https://github.com/firewalld/firewalld
+ _name: FirewallD
+ _service: firewalld
+ _pre: if command -v ufw > /dev/null; then sudo ufw disable; fi
+ _service: firewalld
+ _notes: https://computingforgeeks.com/install-and-use-firewalld-on-ubuntu/
+ apt: firewalld
+ dnf: firewalld
+ emerge: net-firewall/firewalld
+ pacman: firewalld
+ script:darwin: sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on
+ zypper: firewalld
xrdp:
_bin: xrdp
_desc: null
_docs: null
- _github: null
- _home: null
+ _github: https://github.com/neutrinolabs/xrdp
+ _home: http://www.xrdp.org/
_name: xrdp
+ _ports:
+ - port: 3389
+ proto: tcp
+ _post: sudo adduser xrdp ssl-cert
_service: xrdp
_service:yay:
- xrdp
@@ -7113,6 +7134,8 @@ softwarePackages:
_note: Should work like professormanhattan.remotedesktop
apt: xrdp
dnf: xrdp
+ pacman: xrdp
+ zypper: xrdp
yay: xrdp
responsively:
_bin: null
@@ -9566,6 +9589,11 @@ softwarePackages:
_home: null
_name: Yarnhook
npm: yarnhook
+ search-gpt:
+ _bin: searchgpt
+ _github: https://github.com/tobiasbueschel/search-gpt
+ _name: Search GPT
+ npm: search-gpt
yj:
_bin: yj
_desc: CLI program that allows you to convert between YAML, TOML, JSON, and HCL.
@@ -9687,6 +9715,9 @@ softwarePackages:
_bin: tigervncpasswd
_github: https://github.com/DukeyToo/tightvnc-server
_name: TightVNC Server
+ _ports:
+ - port: 5900-5909
+ proto: tcp
apt: tigervnc-standalone-server
dnf: tigervnc-server
pacman: tigervnc
@@ -9830,6 +9861,7 @@ softwarePlugins:
raycast:
cmd: null
plugins:
+ - https://www.raycast.com/abielzulio/chatgpt
- https://www.raycast.com/BalliAsghar/mailsy
steampipe:
cmd: steampipe plugin install {PLUGIN}