diff --git a/home/.chezmoiscripts/universal/run_onchange_after_11-set-wallpaper.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_11-set-wallpaper.sh.tmpl index 153ad712..9fc1f69d 100644 --- a/home/.chezmoiscripts/universal/run_onchange_after_11-set-wallpaper.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_after_11-set-wallpaper.sh.tmpl @@ -6,5 +6,9 @@ # This script ensures the Qubes desktop wallpaper is set to the Qubes Betelgeuse wallpaper on KDE by # using the `ksetwallpaper` script found in `~/.local/bin/ksetwallpaper`. +{{ includeTemplate "universal/profile" }} +{{ includeTemplate "universal/logg" }} + +logg info 'Setting wallpaper to /usr/local/share/wallpapers/Betelgeuse/contents/images/3440x1440.jpg' ksetwallpaper --file /usr/local/share/wallpapers/Betelgeuse/contents/images/3440x1440.jpg {{ end -}} diff --git a/home/.chezmoiscripts/universal/run_onchange_after_12-install-packages.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_12-install-packages.sh.tmpl index 63b6b693..4be9a65d 100644 --- a/home/.chezmoiscripts/universal/run_onchange_after_12-install-packages.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_after_12-install-packages.sh.tmpl @@ -6,6 +6,7 @@ {{ includeTemplate "universal/profile" }} {{ includeTemplate "universal/logg" }} + {{- $softwareGroup := nospace (cat "_" .host.softwareGroup) }} {{- $softwareList := list (index .softwareGroups $softwareGroup | toString | replace "[" "" | replace "]" "") | uniq | join " " }} diff --git a/home/.chezmoiscripts/universal/run_onchange_after_18-configure-firewall.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_18-configure-firewall.sh.tmpl index 72343342..8ea1dc55 100644 --- a/home/.chezmoiscripts/universal/run_onchange_after_18-configure-firewall.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_after_18-configure-firewall.sh.tmpl @@ -1,7 +1,19 @@ #!/usr/bin/env bash +# @file Firewall Configuration +# @brief Configures the firewall (built-in for macOS and firewall-cmd / ufw for Linux) +# @description +# This script configures the firewall for macOS / Linux. + +{{- includeTemplate "universal/profile" }} +{{- includeTemplate "universal/logg" }} if [ -d /Applications ] && [ -d /System ]; then # System is macOS logg info 'Enabling macOS firewall' - -fi \ No newline at end of file +elif command -v firewall-cmd > /dev/null; then + # System is Linux and has firewall-cmd present in PATH + logg info 'Setting up firewall using firewall-cmd' +elif command -v ufw > /dev/null; then + # System is Linux and has ufw present in PATH + logg info 'Setting up firewall using ufw' +fi diff --git a/home/.chezmoiscripts/universal/run_onchange_after_21-set-wallpaper.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_21-set-wallpaper.sh.tmpl index d7a87160..570d61a6 100644 --- a/home/.chezmoiscripts/universal/run_onchange_after_21-set-wallpaper.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_after_21-set-wallpaper.sh.tmpl @@ -6,10 +6,14 @@ # This script ensures the macOS desktop wallpaper is set to the macOS Betelgeuse wallpaper. It uses the # `m` CLI to apply the change. +{{ includeTemplate "universal/profile" }} +{{ includeTemplate "universal/logg" }} + # Betelgeuse-macOS wallpaper hash: {{ include (joinPath .chezmoi.homeDir ".local" "src" "betelgeuse" "share" "wallpapers" "Betelgeuse-macOS" "contents" "source.png") | sha256sum }} ### Set macOS wallpaper if command -v m > /dev/null && [ -f "${XDG_DATA_HOME:-$HOME/.local/share}/betelgeuse/share/wallpapers/Betelgeuse-macOS/contents/source.png" ]; then + logg info 'Setting macOS wallpaper with m' m wallpaper "${XDG_DATA_HOME:-$HOME/.local/share}/betelgeuse/share/wallpapers/Betelgeuse-macOS/contents/source.png" else logg warn 'Either m or the macOS default wallpaper is missing.' diff --git a/home/.chezmoiscripts/universal/run_onchange_after_45-default-browser.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_45-default-browser.sh.tmpl index ab1abf38..ff6d26ae 100644 --- a/home/.chezmoiscripts/universal/run_onchange_after_45-default-browser.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_after_45-default-browser.sh.tmpl @@ -13,6 +13,9 @@ # defined at the end of the [`exports.sh.tmpl`](https://github.com/megabyte-labs/install.doctor/tree/master/home/dot_config/shell/exports.sh.tmpl) # file. This value is also populated from the `.chezmoi.yaml.tmpl` value. +{{ includeTemplate "universal/profile" }} +{{ includeTemplate "universal/logg" }} + if [ -d /Applications ] && [ -d /System ]; then if ! command -v defaultbrowser > /dev/null; then logg info 'Installing defaultbrowser via Homebrew which is the preferred way of configuring the default browser' diff --git a/home/.chezmoiscripts/universal/run_onchange_after_50-rclone.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_50-rclone.sh.tmpl index b0ba423d..ae1fbb9f 100644 --- a/home/.chezmoiscripts/universal/run_onchange_after_50-rclone.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_after_50-rclone.sh.tmpl @@ -23,7 +23,7 @@ # | `/mnt/Public` | Public system-wide bucket that can be accessed by anyone over HTTPS with the bucket's URL (provided by CloudFlare R2) | # | N/A | Private system-wide bucket used for storing Docker-related backups / files | # | N/A | Private system-wide bucket similar to `/mnt/Private` but intended for system file backups | -# | `$HOME/.local/mnt/s3` | Private user-specific bucket (used for backing up application settings) | +# | `$HOME/Public` | Private user-specific bucket (used for backing up application settings) | # # ## Permissions # diff --git a/home/.chezmoiscripts/universal/run_onchange_after_51-samba.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_51-samba.sh.tmpl index bae9c93e..7cc0304f 100644 --- a/home/.chezmoiscripts/universal/run_onchange_after_51-samba.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_after_51-samba.sh.tmpl @@ -76,17 +76,17 @@ if command -v smbd > /dev/null; then logg info "Ensuring $PRIVATE_SHARE is created" sudo mkdir -p "$PRIVATE_SHARE" sudo chmod 770 "$PRIVATE_SHARE" - sudo chown -Rf rclone:rclone "$PRIVATE_SHARE" + sudo chown -Rf rclone:$(id -g -n) "$PRIVATE_SHARE" logg info "Ensuring $PUBLIC_SHARE is created" sudo mkdir -p "$PUBLIC_SHARE" sudo chmod 775 "$PUBLIC_SHARE" - sudo chown -Rf rclone:rclone "$PUBLIC_SHARE" + sudo chown -Rf rclone:$(id -g -n) "$PUBLIC_SHARE" logg info "Ensuring $HOME/Public is created" mkdir -p "$HOME/Public" chmod 775 "$HOME/Public" - chown -Rf {{ .user.username }}:rclone "$HOME/Public" + chown -Rf {{ .user.username }}:$(id -g -n) "$HOME/Public" sudo sharing -a "$PRIVATE_SHARE" -S "Private (System)" -n "Private (System)" -g 000 -s 001 -E 1 -R 1 && logg success "Configured $PRIVATE_SHARE as a private Samba share" || logg info 'sharing command failed - it is likely that the share was already set up' sudo sharing -a "$PUBLIC_SHARE" -S "Public (System)" -n "Public (System)" -g 001 -s 001 -E 1 -R 0 && logg success "Configured $PUBLIC_SHARE as a public Samba share" || logg info 'sharing command failed - it is likely that the share was already set up' diff --git a/home/.chezmoiscripts/universal/run_onchange_after_69-emsdk.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_69-emsdk.sh.tmpl index 958fa273..a7862ec0 100644 --- a/home/.chezmoiscripts/universal/run_onchange_after_69-emsdk.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_after_69-emsdk.sh.tmpl @@ -8,6 +8,9 @@ # This script will only run when `${XDG_DATA_HOME:-$HOME/.local/share}/emsdk` is present on the system. This folder # is populated via the definition in `home/.chezmoiexternal.toml.tmpl`. +{{ includeTemplate "universal/profile" }} +{{ includeTemplate "universal/logg" }} + if [ -d "${XDG_DATA_HOME:-$HOME/.local/share}/emsdk" ]; then cd "${XDG_DATA_HOME:-$HOME/.local/share}/emsdk" logg info 'Pulling latest changes for Emscripten source code' diff --git a/home/.chezmoiscripts/universal/run_onchange_after_85-remove-shortcuts.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_85-remove-shortcuts.sh.tmpl index f21ff46c..82332e00 100644 --- a/home/.chezmoiscripts/universal/run_onchange_after_85-remove-shortcuts.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_after_85-remove-shortcuts.sh.tmpl @@ -6,6 +6,9 @@ # This script loops through the `.removeLinuxShortcuts` value in `home/.chezmoidata.yaml` and removes # desktop shortcuts that have been deemed to be unnecessary or obtrusive. +{{ includeTemplate "universal/profile" }} +{{ includeTemplate "universal/logg" }} + {{ $removeShortcuts := join " " .removeLinuxShortcuts }} # shortcuts to remove: {{ $removeShortcuts }} diff --git a/home/.chezmoiscripts/universal/run_onchange_after_98-cleanup.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_98-cleanup.sh.tmpl index aa0e1e25..62e7ada0 100644 --- a/home/.chezmoiscripts/universal/run_onchange_after_98-cleanup.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_after_98-cleanup.sh.tmpl @@ -5,6 +5,9 @@ # This script removes various files in the `HOME` directory that are either no longer necessary # or cluttery. +{{ includeTemplate "universal/profile" }} +{{ includeTemplate "universal/logg" }} + ### Remove meta sudo file if [ -f "$HOME/.sudo_as_admin_successful" ]; then rm -f "$HOME/.sudo_as_admin_successful" diff --git a/home/.chezmoiscripts/universal/run_onchange_after_99-restart-gnome.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_99-restart-gnome.sh.tmpl index b9066b6f..d998c953 100644 --- a/home/.chezmoiscripts/universal/run_onchange_after_99-restart-gnome.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_after_99-restart-gnome.sh.tmpl @@ -13,6 +13,9 @@ # Regardless of whether or not this script runs, you can access the provisioning logs by browsing through # `${XDG_DATA_HOME:-$HOME/.local/share}/megabyte-labs/betelgeuse.$(date +%s).log` +{{ includeTemplate "universal/profile" }} +{{ includeTemplate "universal/logg" }} + ### Restart GNOME if `HEADLESS_INSTALL` is defined and `gnome-shell` is available if [ -n "$HEADLESS_INSTALL" ] && command -v gnome-shell > /dev/null; then logg info 'Reloading gnome-shell' diff --git a/home/.chezmoiscripts/universal/run_onchange_before_12-update-dom0.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_before_12-update-dom0.sh.tmpl index e120b17f..37424260 100644 --- a/home/.chezmoiscripts/universal/run_onchange_before_12-update-dom0.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_before_12-update-dom0.sh.tmpl @@ -12,6 +12,9 @@ # qubes-dom0.repo hash: {{ include (joinPath .chezmoi.homeDir ".config" "qubes" "qubes-dom0.repo") | sha256sum }} # qubes packages: {{ .qubes.dom0Packages | toString | replace "[" "" | replace "]" "" }} +{{ includeTemplate "universal/profile-before" }} +{{ includeTemplate "universal/logg-before" }} + ### Configure dom0 repos logg info 'Updating dom0 repos to include auxilary branches' sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/qubes/qubes-templates.repo" /etc/qubes/repo-templates/qubes-templates.repo diff --git a/home/.chezmoiscripts/universal/run_onchange_before_13-install-official-templates.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_before_13-install-official-templates.sh.tmpl index 41fd77f8..ef7362ca 100644 --- a/home/.chezmoiscripts/universal/run_onchange_before_13-install-official-templates.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_before_13-install-official-templates.sh.tmpl @@ -5,6 +5,9 @@ # @description # This script runs in dom0 and ensures the templates defined in `home/.chezmoidata.yaml` are all installed. +{{ includeTemplate "universal/profile-before" }} +{{ includeTemplate "universal/logg-before" }} + ### Ensure Qubes templates exist and download if they are not present for TEMPLATE of {{ .qubes.templates | toString | replace "[" "" | replace "]" "" }}; do if [ ! -f "/var/lib/qubes/vm-templates/$TEMPLATE" ]; then diff --git a/home/.chezmoiscripts/universal/run_onchange_before_14-ensure-minimal-vms-passwordless.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_before_14-ensure-minimal-vms-passwordless.sh.tmpl index 0c3d342c..f8ab515a 100644 --- a/home/.chezmoiscripts/universal/run_onchange_before_14-ensure-minimal-vms-passwordless.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_before_14-ensure-minimal-vms-passwordless.sh.tmpl @@ -6,6 +6,9 @@ # This script runs in dom0 and ensures the templates defined in the `.qubes.templates` data key of `home/.chezmoidata.yaml` all have # the `qubes-core-agent-passwordless-root` package installed so that they can be provisioned headlessly. +{{ includeTemplate "universal/profile-before" }} +{{ includeTemplate "universal/logg-before" }} + ### Ensure Qubes minimal templates have passwordless sudo for TEMPLATE of {{ .qubes.templates | toString | replace "[" "" | replace "]" "" }}; do if [[ "$TEMPLATE" == *'-minimal' ]]; then diff --git a/home/.chezmoiscripts/universal/run_onchange_before_15-install-unofficial-templates.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_before_15-install-unofficial-templates.sh.tmpl index 95b37395..851cfb28 100644 --- a/home/.chezmoiscripts/universal/run_onchange_before_15-install-unofficial-templates.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_before_15-install-unofficial-templates.sh.tmpl @@ -6,6 +6,9 @@ # This script downloads unofficial templates defined in the `.qubes.templatesUnofficial` data key of `home/.chezmoidata.yaml` and then # installs them in dom0 after transferring the downloads from a temporary Qube used for downloading the templates. +{{ includeTemplate "universal/profile-before" }} +{{ includeTemplate "universal/logg-before" }} + ### Ensure unofficial templates are installed for TEMPLATE_URL of {{ .qubes.templatesUnofficial | toString | replace "[" "" | replace "]" "" }}; do logg info "Template URL: $TEMPLATE_URL" diff --git a/home/.chezmoiscripts/universal/run_onchange_before_16-update-template-vms.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_before_16-update-template-vms.sh.tmpl index 08323fe1..3b75d676 100644 --- a/home/.chezmoiscripts/universal/run_onchange_before_16-update-template-vms.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_before_16-update-template-vms.sh.tmpl @@ -7,6 +7,9 @@ # Due to issues with the Whonix Qubes, the update process will timeout after 15 minutes which should be enough time # for the updates to finish. +{{ includeTemplate "universal/profile-before" }} +{{ includeTemplate "universal/logg-before" }} + ### Update TemplateVMs logg info 'Updating TemplateVMs via qubesctl' timeout 900 qubesctl --show-output --skip-dom0 --templates state.sls update.qubes-vm diff --git a/home/.chezmoiscripts/universal/run_onchange_before_17-install-mirage-firewall.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_before_17-install-mirage-firewall.sh.tmpl index e2df3979..c3101eee 100644 --- a/home/.chezmoiscripts/universal/run_onchange_before_17-install-mirage-firewall.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_before_17-install-mirage-firewall.sh.tmpl @@ -6,6 +6,9 @@ # This script first ensures the TemplateVMs are updated and then downloads the Mirage firewall. It configures # Mirage firewall so it can be used as a unikernel firewall VM. +{{ includeTemplate "universal/profile-before" }} +{{ includeTemplate "universal/logg-before" }} + ### Update TemplateVMs logg info 'Updating TemplateVMs via qubesctl' timeout 900 qubesctl --show-output --skip-dom0 --templates state.sls update.qubes-vm diff --git a/home/.chezmoiscripts/universal/run_onchange_before_18-configure-sys-usb.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_before_18-configure-sys-usb.sh.tmpl index 26d68570..cba70334 100644 --- a/home/.chezmoiscripts/universal/run_onchange_before_18-configure-sys-usb.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_before_18-configure-sys-usb.sh.tmpl @@ -6,6 +6,9 @@ # This script ensures that Qubes uses `sys-usb` for USB connections. It also optimizes the configuration # by applying security configurations that the Qubes documentation recommends. +{{ includeTemplate "universal/profile-before" }} +{{ includeTemplate "universal/logg-before" }} + ### Enable sys-usb logg info 'Modifying Salt configuration to be able to enable sys-usb' qubesctl top.enabled pillar=True || EXIT_CODE=$? diff --git a/home/.chezmoiscripts/universal/run_onchange_before_19-setup-sys-gui.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_before_19-setup-sys-gui.sh.tmpl index bab3f544..721faed7 100644 --- a/home/.chezmoiscripts/universal/run_onchange_before_19-setup-sys-gui.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_before_19-setup-sys-gui.sh.tmpl @@ -6,6 +6,9 @@ # This script enables `sys-gui-gpu` which allows you to secure dom0 even more by seperating the GUI # management from dom0 and into a seperate Qube. +{{ includeTemplate "universal/profile-before" }} +{{ includeTemplate "universal/logg-before" }} + ### Enables sys-gui-gpu enableSysGUIGPU() { logg info 'Enabling sys-gui-gpu' diff --git a/home/dot_local/bin/executable_install-program b/home/dot_local/bin/executable_install-program index 948222e9..ff2d75dd 100644 --- a/home/dot_local/bin/executable_install-program +++ b/home/dot_local/bin/executable_install-program @@ -134,20 +134,23 @@ const osPlatform = osPlatformData === 'win32' ? 'windows' : osPlatformData async function downloadInstallData() { const response = await fetch('https://github.com/megabyte-labs/install.doctor/raw/master/software.yml') if (response.ok) { + log('info', 'Catalog Download', `Received ok response from download`) const text = await response.text() - return YAML.parse(text) + log('info', 'Catalog Download', `Parsing software.yml`) + return YAML.parse(text, { maxAliasCount: -1 }) } else { log('error', 'Catalog Download', `Failed to download the installation map`) log('info', 'Catalog Download', `Falling back to local version of software.yml`) const text = fs.readFileSync(process.env.HOME + '/.local/share/chezmoi/software.yml').toString() - return YAML.parse(text) + log('info', 'Catalog Download', `Parsing local software.yml file`) + return YAML.parse(text, { maxAliasCount: -1 }) } } // Download the installation map async function getChezmoiData() { const text = fs.readFileSync(process.env.HOME + '/.local/share/chezmoi/home/.chezmoidata.yaml').toString() - return YAML.parse(text) + return YAML.parse(text, { maxAliasCount: -1 }) } // Creates the installOrders object which maps package managers to arrays of packages to install