Update 15 files

- /home/.chezmoiscripts/universal/run_onchange_after_30-tor-settings.tmpl
- /home/dot_local/config/privoxy
- /home/dot_local/config/torrc
- /home/.chezmoitemplates/secrets/key-netdata-room-james
- /home/.chezmoiscripts/universal/run_onchange_after_30-samba.tmpl
- /home/.chezmoiscripts/universal/run_onchange_after_27-tor.tmpl
- /home/.chezmoiscripts/universal/run_onchange_after_28-privoxy.tmpl
- /home/.chezmoiscripts/universal/run_onchange_after_57-netdata.tmpl
- /home/dot_config/rkhunter/cron
- /home/dot_config/clamd/clamd-freshclam.service
- /home/dot_config/privoxy/config
- /home/dot_config/tor/torrc
- /home/.chezmoitemplates/secrets/key-netdata-room
- /home/.chezmoidata.yaml
- /software.yml
This commit is contained in:
Brian Zalewski 2023-01-29 04:47:57 +00:00
parent 09c37c0269
commit 7cbc3bc326
11 changed files with 111 additions and 13 deletions

View file

@ -21,6 +21,7 @@ colors:
color16: '#FFFFFF'
macosRemoteLogin: 'on'
themeparkTheme: aquamarine
netdataClaimURL: https://app.netdata.cloud
config:
gpg: https://raw.githubusercontent.com/drduh/config/master/gpg.conf
chromeExtensions:

View file

@ -1,7 +1,7 @@
{{- if (ne .host.distro.family "windows") -}}
{{- if and (ne .host.distro.family "windows") (ne .host.work true) -}}
#!/usr/bin/env bash
# tor config hash: {{ include (joinPath .host.home ".local" "config" "torrc") | sha256sum }}
# tor config hash: {{ include (joinPath .host.home ".config" "tor" "torrc") | sha256sum }}
{{ includeTemplate "universal/profile" }}
{{ includeTemplate "universal/logg" }}
@ -20,7 +20,7 @@ TORRC_CONFIG="$TORRC_CONFIG_DIR/torrc"
if command -v toron > /dev/null; then
if [ -d "$TORRC_CONFIG_DIR" ]; then
# Copy config
sudo cp -f "$HOME/.local/config/torrc" "$TORRC_CONFIG"
sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/tor/torrc" "$TORRC_CONFIG"
sudo chmod 600 "$TORRC_CONFIG"
# Restart / enable Tor
@ -28,9 +28,13 @@ if command -v toron > /dev/null; then
# macOS
brew services restart tor
else
# Linux
sudo systemctl enable tor
sudo systemlctl restart tor
if [[ ! "$(grep Microsoft /proc/version)" ]]; then
# Linux
sudo systemctl enable tor
sudo systemlctl restart tor
else
logg info 'Environment is WSL so the Tor systemd service will not be enabled / restarted'
fi
fi
else
logg warn 'The '"$TORRC_CONFIG_DIR"' directory is missing'

View file

@ -1,7 +1,7 @@
{{- if (ne .host.distro.family "windows") -}}
#!/usr/bin/env bash
# privoxy config hash: {{ include (joinPath .host.home ".local" "config" "privoxy") | sha256sum }}
# privoxy config hash: {{ include (joinPath .host.home ".config" "privoxy" "config") | sha256sum }}
{{ includeTemplate "universal/profile" }}
{{ includeTemplate "universal/logg" }}
@ -19,7 +19,7 @@ PRIVOXY_CONFIG="$PRIVOXY_CONFIG_DIR/config"
### Configure Privoxy
if command -v privoxy > /dev/null; then
if [ -d "$PRIVOXY_CONFIG_DIR" ]; then
sudo cp -f "$HOME/.local/config/privoxy" "$PRIVOXY_CONFIG"
sudo cp -f "${XDG_CONFIG_HOME:-HOME/.config}/privoxy/config" "$PRIVOXY_CONFIG"
sudo chmod 600 "$PRIVOXY_CONFIG"
# Restart / enable Privoxy
@ -27,9 +27,13 @@ if command -v privoxy > /dev/null; then
# macOS
brew services restart privoxy
else
# Linux
sudo systemctl enable privoxy
sudo systemlctl restart privoxy
if [[ ! "$(grep Microsoft /proc/version)" ]]; then
# Linux
sudo systemctl enable privoxy
sudo systemlctl restart privoxy
else
logg info 'The system is a WSL environment so the Privoxy systemd service will not be enabled / restarted'
fi
fi
else
logg warn 'The '"$PRIVOXY_CONFIG_DIR"' directory is missing'

View file

@ -1,8 +1,10 @@
{{- if (ne .host.distro.family "windows") -}}
#!/usr/bin/env bash
{{ includeTemplate "universal/profile" }}
{{ includeTemplate "universal/logg" }}
### TODO - Add logic from Tor / Privoxy role here
### Add config files to system folder if applicable
# Samba logic
echo true
{{ end -}}

View file

@ -0,0 +1,32 @@
{{- if and (ne .host.distro.family "windows") (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "key-netdata-token")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "key-netdata-room")) -}}
#!/usr/bin/env bash
{{ includeTemplate "universal/profile" }}
{{ includeTemplate "universal/logg" }}
### Claim the instance with Netdata Cloud
if command -v netdata-claim.sh > /dev/null; then
NETDATA_TOKEN="$(cat "{{ .chezmoi.sourceDir }}/.chezmoitemplates/secrets/key-netdata-token" | chezmoi decrypt)"
NETDATA_ROOM="$(cat "{{ .chezmoi.sourceDir }}/.chezmoitemplates/secrets/key-netdata-room" | chezmoi decrypt)"
netdata-claim.sh -token="$NETDATA_TOKEN" -rooms="$NETDATA_ROOM" -url={{ .netdataClaimURL }}
# Kernel optimizations
if [ -d /Applications ] && [ -d /System ]; then
# macOS
logg info 'System is macOS so Netdata kernel optimizations are not required'
else
# Linux
if [ -d /sys/kernel/mm/ksm ]; then
logg info 'Adding Netdata kernel optimization for `/sys/kernel/mm/ksm/run`'
echo 1 | sudo tee /sys/kernel/mm/ksm/run
logg info 'Adding Netdata kernel optimization for `/sys/kernel/mm/ksm/sleep_millisecs`'
echo 1000 | sudo tee /sys/kernel/mm/ksm/sleep_millisecs
else
logg info 'The `/sys/kernel/mm/ksm` directory does not exist so Netdata kernel optimizations are not being applied'
fi
fi
else
logg warn '`netdata-claim.sh` is not available in the PATH'
fi
{{ end - }}

View file

@ -0,0 +1,13 @@
# Run freshclam as a daemon.
[Unit]
Description = ClamAV Freshclam service.
After = network.target
[Service]
Type = forking
ExecStart = /usr/bin/freshclam --daemon --checks 2
Restart = on-failure
PrivateTmp = true
[Install]
WantedBy=multi-user.target

View file

@ -0,0 +1,41 @@
#!/bin/sh
RKHUNTER=/usr/bin/rkhunter
test -x $RKHUNTER || exit 0
# source our config
. /etc/rkhunter.conf
if [ -z "$NICE" ]; then
NICE=0
fi
if [ -z "$RUN_CHECK_ON_BATTERY" ]; then
RUN_CHECK_ON_BATTERY="false"
fi
# Do not run daily check if running on battery except if explicitely allowed
if [ -x /usr/bin/on_ac_power >/dev/null 2>&1 ]; then
on_ac_power >/dev/null 2>&1
[ $? -eq 1 -a "$RUN_CHECK_ON_BATTERY" != "true" ] && exit 0
fi
case "$CRON_DAILY_RUN" in
[YyTt]*)
OUTFILE=`mktemp` || exit 1
/usr/bin/nice -n $NICE $RKHUNTER --cronjob --report-warnings-only --appendlog > $OUTFILE
if [ -s "$OUTFILE" -a -n "$REPORT_EMAIL" ]; then
(
echo "Subject: [rkhunter] $(hostname) - Daily report"
echo "To: $REPORT_EMAIL"
echo ""
cat $OUTFILE
) | /usr/sbin/mailx $REPORT_EMAIL
fi
rm -f $OUTFILE
;;
*)
exit 0
;;
esac

View file

@ -5123,6 +5123,7 @@ softwarePackages:
_github: https://github.com/netdata/netdata
_home: https://www.netdata.cloud/
_name: Netdata
_service: netdata
ansible: professormanhattan.netdata
brew: netdata
pacman: netdata