From 80e7fce9084419ff944da524cabe40fe1910e91a Mon Sep 17 00:00:00 2001 From: Brian Zalewski <59970525+ProfessorManhattan@users.noreply.github.com> Date: Fri, 10 May 2024 02:53:38 +0000 Subject: [PATCH] Various script fixes --- home/.chezmoi.yaml.tmpl | 4 +- .../post-installx/executable_post-atuin.sh | 4 ++ .../post-installx/executable_post-blocky.sh | 15 ++++- .../post-installx/executable_post-clamav.sh | 10 +++ .../executable_post-cloudflared.sh | 66 ++++++------------- .../executable_post-docker-desktop.sh | 38 +++++++++-- .../post-installx/executable_post-nginx.sh | 14 ++-- .../post-installx/executable_post-rkhunter.sh | 2 +- .../post-installx/executable_post-tfenv.sh | 3 + .../bin/post-installx/executable_post-tor.sh | 1 + .../post-installx/executable_post-vmware.sh | 10 ++- .../post-installx/executable_post-volta.sh | 3 + .../post-installx/executable_post-wazuh.sh | 5 +- .../executable_post-wireguard-tools.sh | 9 +-- ...m.service => clamd-freshclam.service.tmpl} | 2 +- ...amscan.plist.tmpl => clamdscan.plist.tmpl} | 2 +- .../dot_local/etc/clamav/freshclam.plist.tmpl | 2 +- .../dot_local/etc/cloudflared/config.yml.tmpl | 6 +- 18 files changed, 120 insertions(+), 76 deletions(-) rename home/dot_local/etc/clamav/{clamd-freshclam.service => clamd-freshclam.service.tmpl} (77%) rename home/dot_local/etc/clamav/{clamscan.plist.tmpl => clamdscan.plist.tmpl} (94%) diff --git a/home/.chezmoi.yaml.tmpl b/home/.chezmoi.yaml.tmpl index 8f83277c..351fe36d 100644 --- a/home/.chezmoi.yaml.tmpl +++ b/home/.chezmoi.yaml.tmpl @@ -144,10 +144,10 @@ data: headless: {{ $headless }} home: "{{ .chezmoi.homeDir }}" homeParentFolder: "{{ if eq .chezmoi.os "linux" }}/home{{ else if eq .chezmoi.os "darwin" }}/Users{{ else }}C:\Users{{ end }}" - hostname: "{{ $hostname }}" + hostname: "{{ $hostname -}}" noReplyEmail: no-reply@megabyte.space samba: - netbiosName: "{{ $sambaNetBiosName }}" + netbiosName: "{{ $sambaNetBiosName -}}" workgroup: "{{ $sambaWorkGroupName }}" smtp: from: CombineOS diff --git a/home/dot_local/bin/post-installx/executable_post-atuin.sh b/home/dot_local/bin/post-installx/executable_post-atuin.sh index abd5d00a..f30542b1 100644 --- a/home/dot_local/bin/post-installx/executable_post-atuin.sh +++ b/home/dot_local/bin/post-installx/executable_post-atuin.sh @@ -4,9 +4,13 @@ if command -v atuin > /dev/null; then source "${XDG_CONFIG_HOME:-$HOME/.config}/shell/private.sh" + logg info 'Registering Atuin account' atuin register -u "$ATUIN_USERNAME" -e "$ATUIN_EMAIL" -p "$ATUIN_PASSWORD" + logg info 'Logging into Atuin account' atuin login -u "$ATUIN_USERNAME" -p "$ATUIN_PASSWORD" -k "$ATUIN_KEY" + logg info 'Running atuin import auto' atuin import auto + logg info 'Running atuin sync' atuin sync else logg info 'atuin is not available in the PATH' diff --git a/home/dot_local/bin/post-installx/executable_post-blocky.sh b/home/dot_local/bin/post-installx/executable_post-blocky.sh index 1caf8e7a..07dea9e1 100644 --- a/home/dot_local/bin/post-installx/executable_post-blocky.sh +++ b/home/dot_local/bin/post-installx/executable_post-blocky.sh @@ -5,12 +5,23 @@ if command -v blocky > /dev/null; then if [ -d /Applications ] && [ -d /System ]; then ### macOS - cp -f "$HOME/.local/etc/blocky/config.yaml" "$(brew --prefix)/etc/blocky/config.yaml" + if [ -f "$HOME/.local/etc/blocky/config.yaml" ]; then + logg info 'Ensuring /usr/local/etc/blocky directory is present' + sudo mkdir -p /usr/local/etc/blocky + logg info "Copying $HOME/.local/etc/blocky/config.yaml to /usr/local/etc/blocky/config.yaml" + sudo cp -f "$HOME/.local/etc/blocky/config.yaml" /usr/local/etc/blocky/config.yaml + if [ -d "${HOMEBREW_PREFIX:-/opt/homebrew}/etc/blocky" ] && [ ! -f "${HOMEBREW_PREFIX:-/opt/homebrew}/etc/blocky/config.yaml" ]; then + logg info "Symlinking $HOME/.local/etc/blocky/config.yaml to ${HOMEBREW_PREFIX:-/opt/homebrew}/etc/blocky/config.yaml" + ln -s /usr/local/etc/blocky/config.yaml "${HOMEBREW_PREFIX:-/opt/homebrew}/etc/blocky/config.yaml" + fi + fi else ### Linux + logg info 'Ensuring /usr/local/etc/blocky is created' sudo mkdir -p /usr/local/etc/blocky + sudo cp -f "$HOME/.local/etc/blocky/config.yaml" /usr/local/etc/blocky/config.yaml if [ -d /usr/lib/systemd/system ]; then - sudo cp -f "$HOME/.local/etc/blocky/config.yaml" /usr/local/etc/blocky/config.yaml + logg info 'Copying blocky service file to system locations' sudo cp -f "$HOME/.local/etc/blocky/blocky.service" /usr/lib/systemd/system/blocky.service else logg "/usr/lib/systemd/system is missing from the file system" diff --git a/home/dot_local/bin/post-installx/executable_post-clamav.sh b/home/dot_local/bin/post-installx/executable_post-clamav.sh index 68aba899..3fa785ca 100644 --- a/home/dot_local/bin/post-installx/executable_post-clamav.sh +++ b/home/dot_local/bin/post-installx/executable_post-clamav.sh @@ -11,6 +11,7 @@ if command -v freshclam > /dev/null; then ln -s /usr/local/etc/clamav/freshclam.conf "${HOMEBREW_PREFIX:-/opt/homebrew}/etc/clamav/freshclam.conf" fi fi + ### Add clamd.conf if [ -f "$HOME/.local/etc/clamav/clamd.conf" ]; then sudo mkdir -p /usr/local/etc/clamav @@ -26,7 +27,16 @@ if command -v freshclam > /dev/null; then # sudo chown $USER /var/log/clamav sudo cp -f "$HOME/.local/etc/clamav/clamdscan.plist" /Library/LaunchDaemons/clamdscan.plist sudo cp -f "$HOME/.local/etc/clamav/freshclam.plist" /Library/LaunchDaemons/freshclam.plist + if sudo launchctl list | grep 'clamav.clamdscan' > /dev/null; then + logg info 'Unloading previous ClamAV clamdscan configuration' + sudo launchctl unload /Library/LaunchDaemons/clamdscan.plist + fi sudo launchctl load -w /Library/LaunchDaemons/clamdscan.plist + if sudo launchctl list | grep 'clamav.freshclam' > /dev/null; then + logg info 'Unloading previous ClamAV freshclam configuration' + sudo launchctl unload /Library/LaunchDaemons/freshclam.plist + fi + logg info 'Running sudo launchctl load -w /Library/LaunchDaemons/freshclam.plist' sudo launchctl load -w /Library/LaunchDaemons/freshclam.plist fi diff --git a/home/dot_local/bin/post-installx/executable_post-cloudflared.sh b/home/dot_local/bin/post-installx/executable_post-cloudflared.sh index 46090d13..db7ffec2 100644 --- a/home/dot_local/bin/post-installx/executable_post-cloudflared.sh +++ b/home/dot_local/bin/post-installx/executable_post-cloudflared.sh @@ -2,77 +2,53 @@ # @file Cloudflared Configuration # @brief Applies cloudflared configuration, connects to Argo tunnel with managed configuration, and enables it on system start -{{- $registrationToken := "" }} -{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "cloudflared" .host.hostname)) -}} -{{- $registrationToken = (includeTemplate (print "cloudflared/" .host.hostname) | decrypt) -}} -{{- end }} - -### Set up CloudFlare tunnels -if command -v cloudflared > /dev/null && [ -d "$HOME/.local/etc/cloudflared" ]; then +if command -v cloudflared > /dev/null; then # Show warning message about ~/.cloudflared already existing if [ -d "$HOME/.cloudflared" ]; then logg warn '~/.cloudflared is already in the home directory - to ensure proper deployment, remove previous tunnel configuration folders' fi - ### Ensure /usr/local/etc/cloudflared exists - if [ -d /usr/local/etc/cloudflared ]; then - logg info 'Creating folder /usr/local/etc/cloudflared' - sudo mkdir -p /usr/local/etc/cloudflared - fi - # Copy over configuration files logg info 'Ensuring /usr/local/etc/cloudflared exists' && sudo mkdir -p /usr/local/etc/cloudflared logg info 'Copying over configuration files from ~/.local/etc/cloudflared to /usr/local/etc/cloudflared' sudo cp -f "$HOME/.local/etc/cloudflared/cert.pem" /usr/local/etc/cloudflared/cert.pem sudo cp -f "$HOME/.local/etc/cloudflared/config.yml" /usr/local/etc/cloudflared/config.yml - ### Register tunnel (if not already registered) - if sudo cloudflared tunnel list | grep "host-{{ .host.hostname }}" > /dev/null; then - logg info 'CloudFlare tunnel is already registered' - else - logg info 'Creating a CloudFlare tunnel to this host' - sudo cloudflared tunnel create "host-{{ .host.hostname }}" - fi + ### Remove previous tunnels connected to host + while read TUNNEL_ID; do + logg info "Deleteing CloudFlared tunnel ID $TUNNEL_ID" + sudo cloudflared tunnel delete "$TUNNEL_ID" + sudo rm -f "/usr/local/etc/cloudflared/${TUNNEL_ID}.json" + done< <(sudo cloudflared tunnel list | grep "host-$HOSTNAME" | sed 's/ .*//') - TUNNEL_ID="$(sudo cloudflared tunnel list | grep 'host-{{ .host.hostname }}' | sed 's/ .*//')" + ### Register tunnel (if not already registered) + logg info "Creating CloudFlared tunnel named host-$HOSTNAME" + sudo cloudflared tunnel create "host-$HOSTNAME" + + TUNNEL_ID="$(sudo cloudflared tunnel list | grep "host-$HOSTNAME" | sed 's/ .*//')" logg info "Tunnel ID: $TUNNEL_ID" - if [ -f "/usr/local/etc/cloudflared/${TUNNEL_ID}.json" ]; then - logg info 'Symlinking tunnel configuration to /usr/local/etc/cloudflared/credentials.json' - rm -f /usr/local/etc/cloudflared/credentials.json - sudo ln -s "/usr/local/etc/cloudflared/${TUNNEL_ID}.json" /usr/local/etc/cloudflared/credentials.json - else - logg info 'Handling case where the tunnel registration is not present in /usr/local/etc/cloudflared' - {{ if eq $registrationToken "" -}} - logg warn 'Registration token is unavailable - you might have to delete the pre-existing tunnel or set up secrets properly' - {{- else -}} - logg info 'Registration token retrieved from encrypted blob stored at home/.chezmoitemplates/cloudflared/{{ .host.hostname }}' - {{ if eq (substr 0 1 $registrationToken) "{" -}} - logg info 'Registration token stored in credential file form' - echo -n '{{ $registrationToken }}' | sudo tee /usr/local/etc/cloudflared/credentials.json > /dev/null - {{ else }} - logg info 'Registration token is in token form - it will be used in conjunction with sudo cloudflared service install' - {{- end }} - {{- end }} - fi + logg info "Symlinking /usr/local/etc/cloudflared/$TUNNEL_ID.json to /usr/local/etc/cloudflared/credentials.json" + sudo rm -f /usr/local/etc/cloudflared/credentials.json + sudo ln -s /usr/local/etc/cloudflared/$TUNNEL_ID.json /usr/local/etc/cloudflared/credentials.json ### Set up service if [ -d /Applications ] && [ -d /System ]; then - # System is macOS + ### macOS if [ -f /Library/LaunchDaemons/com.cloudflare.cloudflared.plist ]; then logg info 'cloudflared service is already installed' else logg info 'Running sudo cloudflared service install' - sudo cloudflared service install{{ if and (ne $registrationToken "") (eq (substr 0 1 $registrationToken) "{") -}} {{ $registrationToken }}{{ end }} + sudo cloudflared service install fi - logg info 'Ensuring cloudflared service is installed' + logg info 'Ensuring cloudflared service is started' sudo launchctl start com.cloudflare.cloudflared elif [ -f /etc/os-release ]; then - # System is Linux + ### Linux if systemctl --all --type service | grep -q "cloudflared" > /dev/null; then logg info 'cloudflared service is already available as a service' else logg info 'Running sudo cloudflared service install' - sudo cloudflared service install{{ if and (ne $registrationToken "") (eq (substr 0 1 $registrationToken) "{") -}} {{ $registrationToken }}{{ end }} + sudo cloudflared service install fi logg info 'Ensuring cloudflared service is started' sudo systemctl start cloudflared @@ -87,5 +63,5 @@ if command -v cloudflared > /dev/null && [ -d "$HOME/.local/etc/cloudflared" ]; # https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/local/as-a-service/windows/ fi else - logg info 'cloudflared was not installed so CloudFlare Tunnels cannot be enabled. (Or the ~/.local/etc/cloudflared folder is not present)' + logg info 'cloudflared was not installed so CloudFlare Tunnels cannot be enabled' fi diff --git a/home/dot_local/bin/post-installx/executable_post-docker-desktop.sh b/home/dot_local/bin/post-installx/executable_post-docker-desktop.sh index 7ea7a80c..70ee4d83 100644 --- a/home/dot_local/bin/post-installx/executable_post-docker-desktop.sh +++ b/home/dot_local/bin/post-installx/executable_post-docker-desktop.sh @@ -9,15 +9,43 @@ # variable). if command -v docker > /dev/null; then - DOCKERHUB_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "DOCKERHUB_TOKEN")) }}{{- includeTemplate "secrets/DOCKERHUB_TOKEN" | decrypt | trim -}}{{ else }}{{- env "DOCKERHUB_TOKEN" -}}{{ end }}" - DOCKERHUB_USER="{{ .user.docker.username }}" + ### Acquire DOCKERHUB_TOKEN + DOCKERHUB_TOKEN_FILE="${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi/home/.chezmoitemplates/secrets/DOCKERHUB_TOKEN" + if [ -f "$DOCKERHUB_TOKEN_FILE" ]; then + logg info "Found DOCKERHUB_TOKEN in ${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi/home/.chezmoitemplates/secrets" + if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/age/chezmoi.txt" ]; then + logg info 'Decrypting DOCKERHUB_TOKEN token with Age encryption key' + DOCKERHUB_TOKEN="$(cat "$CLOUDFLARED_CERT" | chezmoi decrypt)" + else + logg warn 'Age encryption key is missing from ~/.config/age/chezmoi.txt' + fi + else + logg warn "DOCKERHUB_TOKEN is missing from ${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi/home/.chezmoitemplates/secrets" + fi + + ### Acquire DOCKERHUB_USER + if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/chezmoi/chezmoi.yaml" ]; then + DOCKERHUB_USER="$(yq '.data.user.docker.username' ~/.config/chezmoi/chezmoi.yaml)" + else + logg info "${XDG_CONFIG_HOME:-$HOME/.config}/chezmoi/chezmoi.yaml is missing which is required for populating the DOCKERHUB_USER" + fi + + ### Launch Docker.app if [ -d "/Applications/Docker.app" ] || [ -d "$HOME/Applications/Docker.app" ]; then logg info 'Ensuring Docker.app is open' && open --background -a Docker --args --accept-license --unattended fi - logg info 'Headlessly authenticating with DockerHub registry' && echo "$DOCKERHUB_TOKEN" | docker login -u "$DOCKERHUB_USER" --password-stdin > /dev/null && logg success 'Successfully authenticated with DockerHub registry' + + ### Pre-authenticate with DockerHub + if [ -n "$DOCKERHUB_TOKEN" ] && [ -n "$DOCKERHUB_USER" ]; then + logg info 'Headlessly authenticating with DockerHub registry' && echo "$DOCKERHUB_TOKEN" | docker login -u "$DOCKERHUB_USER" --password-stdin > /dev/null && logg success 'Successfully authenticated with DockerHub registry' + fi fi ### Symlink on macOS -if [ -f "$HOME/Library/Containers/com.docker.docker/Data/docker.raw.sock" ]; then - logg info 'Symlinking /var/run/docker.sock to macOS Library location' && sudo ln -s "$HOME/Library/Containers/com.docker.docker/Data/docker.raw.sock" /var/run/docker.sock +if [ -d /Applications ] && [ -d /System ]; then + if [ -f "$HOME/Library/Containers/com.docker.docker/Data/docker.raw.sock" ]; then + logg info 'Symlinking /var/run/docker.sock to macOS Library location' && sudo ln -s "$HOME/Library/Containers/com.docker.docker/Data/docker.raw.sock" /var/run/docker.sock + else + logg info "Skipping symlinking /var/run/docker.sock since $HOME/Library/Containers/com.docker.docker/Data/docker.raw.sock is missing" + fi fi diff --git a/home/dot_local/bin/post-installx/executable_post-nginx.sh b/home/dot_local/bin/post-installx/executable_post-nginx.sh index 28b0b1ce..38b62033 100644 --- a/home/dot_local/bin/post-installx/executable_post-nginx.sh +++ b/home/dot_local/bin/post-installx/executable_post-nginx.sh @@ -12,9 +12,13 @@ # * [NGINX Amplify documentation](https://docs.nginx.com/nginx-amplify/#) if command -v nginx > /dev/null; then - logg info 'Downloading the NGINX Amplify installer script' - TMP="$(mktemp)" - curl -sSL https://github.com/nginxinc/nginx-amplify-agent/raw/master/packages/install.sh > "$TMP" - logg info 'Running the NGINX Amplify setup script' - API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "NGINX_AMPLIFY_API_KEY")) }}{{- includeTemplate "secrets/NGINX_AMPLIFY_API_KEY" | decrypt | trim -}}{{ else }}{{- env "NGINX_AMPLIFY_API_KEY" -}}{{ end }}" sh "$TMP" + if [ -d Applications ] && [ -d /System ]; then + logg info 'Skipping installation of NGINX Amplify because macOS is not supported' + else + logg info 'Downloading the NGINX Amplify installer script' + TMP="$(mktemp)" + curl -sSL https://github.com/nginxinc/nginx-amplify-agent/raw/master/packages/install.sh > "$TMP" + logg info 'Running the NGINX Amplify setup script' + API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "NGINX_AMPLIFY_API_KEY")) }}{{- includeTemplate "secrets/NGINX_AMPLIFY_API_KEY" | decrypt | trim -}}{{ else }}{{- env "NGINX_AMPLIFY_API_KEY" -}}{{ end }}" sh "$TMP" + fi fi diff --git a/home/dot_local/bin/post-installx/executable_post-rkhunter.sh b/home/dot_local/bin/post-installx/executable_post-rkhunter.sh index bc6b8adc..515ee3ee 100644 --- a/home/dot_local/bin/post-installx/executable_post-rkhunter.sh +++ b/home/dot_local/bin/post-installx/executable_post-rkhunter.sh @@ -11,7 +11,7 @@ if command -v rkhunter > /dev/null; then logg info 'Updating file /etc/rkhunter.conf' && sed -i "s/^#WEB_CMD.*$/WEB_CMD=curl\ -L/" /etc/rkhunter.conf fi export PATH="$(echo "$PATH" | sed 's/VMware Fusion.app/VMwareFusion.app/')" - export PATH="$(echo "$PATH" | sed 's/IntelliJ IDEA CE.app/IntelliJIDEACE.map/')" + export PATH="$(echo "$PATH" | sed 's/IntelliJ IDEA CE.app/IntelliJIDEACE.app/')" sudo rkhunter --propupd || RK_PROPUPD_EXIT_CODE=$? if [ -n "$RK_PROPUPD_EXIT_CODE" ]; then logg error "sudo rkhunter --propupd returned non-zero exit code" diff --git a/home/dot_local/bin/post-installx/executable_post-tfenv.sh b/home/dot_local/bin/post-installx/executable_post-tfenv.sh index 0a295a3b..66aae7b4 100644 --- a/home/dot_local/bin/post-installx/executable_post-tfenv.sh +++ b/home/dot_local/bin/post-installx/executable_post-tfenv.sh @@ -3,5 +3,8 @@ # @brief Configures tfenv to use the latest version of Terraform if command -v tfenv > /dev/null; then + logg info 'Configuring tfenv to use latest version of Terraform' tfenv use latest +else + logg warn 'tfenv is not available in the PATH' fi diff --git a/home/dot_local/bin/post-installx/executable_post-tor.sh b/home/dot_local/bin/post-installx/executable_post-tor.sh index 1c1c7043..5c837996 100644 --- a/home/dot_local/bin/post-installx/executable_post-tor.sh +++ b/home/dot_local/bin/post-installx/executable_post-tor.sh @@ -18,6 +18,7 @@ if [ -d /Applications ] && [ -d /System ]; then ### macOS TORRC_CONFIG_DIR=/usr/local/etc/tor + sudo mkdir -p "$TORRC_CONFIG_DIR" else ### Linux TORRC_CONFIG_DIR=/etc/tor diff --git a/home/dot_local/bin/post-installx/executable_post-vmware.sh b/home/dot_local/bin/post-installx/executable_post-vmware.sh index 78be44e9..5f354ab4 100644 --- a/home/dot_local/bin/post-installx/executable_post-vmware.sh +++ b/home/dot_local/bin/post-installx/executable_post-vmware.sh @@ -116,7 +116,13 @@ if command -v vmware > /dev/null; then logg info 'VMware host modules are present' fi else - logg warn 'VMware Workstation is not installed so the VMware Unlocker will not be installed' + if [ -d /Applications ] && [ -d /System ]; then + ### macOS + logg info 'System is macOS so there is no unlocker or modules that need to be enabled' + else + ### Linux and VMWare not installed + logg warn 'VMware Workstation is not installed so the VMware Unlocker will not be installed' + fi fi # @description Only run logic if both Vagrant and VMWare are installed @@ -133,7 +139,7 @@ if command -v vagrant > /dev/null && command -v vmware-id > /dev/null; then logg info 'Ensuring the Vagrant VMWare Utility service is enabled' sudo vagrant-vmware-utility service install || EXIT_CODE=$? if [ -n "$EXIT_CODE" ]; then - logg info 'The Vagrant VMWare Utility command vagrant-vmware-utility service install failed. It is probably already setup.' + logg info 'The Vagrant VMWare Utility command vagrant-vmware-utility service. If it was already set up, there should be a notice above.' fi fi else diff --git a/home/dot_local/bin/post-installx/executable_post-volta.sh b/home/dot_local/bin/post-installx/executable_post-volta.sh index f6025805..eb76ff52 100644 --- a/home/dot_local/bin/post-installx/executable_post-volta.sh +++ b/home/dot_local/bin/post-installx/executable_post-volta.sh @@ -6,8 +6,11 @@ export VOLTA_HOME="${XDG_DATA_HOME:-$HOME/.local/share}/volta" export PATH="$VOLTA_HOME/bin:$PATH" if command -v volta > /dev/null; then + logg info 'Running volta setup' volta setup + logg info 'Installing latest version of Node.js via Volta' volta install node@latest + logg info 'Installing latest version of Yarn via Volta' volta install yarn@latest else logg info 'Volta is not installed' diff --git a/home/dot_local/bin/post-installx/executable_post-wazuh.sh b/home/dot_local/bin/post-installx/executable_post-wazuh.sh index 5fb6038f..51a009ca 100644 --- a/home/dot_local/bin/post-installx/executable_post-wazuh.sh +++ b/home/dot_local/bin/post-installx/executable_post-wazuh.sh @@ -12,9 +12,10 @@ if [ -d /Applications ] && [ -d /System ]; then PKG_URL="https://packages.wazuh.com/4.x/macos/wazuh-agent-4.7.4-1.intel64.pkg" fi curl -sSL "$PKG_URL" > wazuh-agent.pkg - log info 'Setting Wazuh launch parameters in /tmp/wazuh_envs' + logg info 'Setting Wazuh launch parameters in /tmp/wazuh_envs' # https://documentation.wazuh.com/current/user-manual/agent/deployment-variables/deployment-variables-macos.html - echo "WAZUH_MANAGER='$WAZUH_MANAGER'" > /tmp/wazuh_envs + echo "WAZUH_MANAGER='$WAZUH_MANAGER' && WAZUH_REGISTRATION_SERVER='$WAZUH_MANAGER' && WAZUH_REGISTRATION_PASSWORD='WazuhRegister' && \ +WAZUH_AGENT_NAME='$WAZUH_AGENT_NAME'" > /tmp/wazuh_envs logg info 'Installing the Wazuh agent pkg' sudo installer -pkg wazuh-agent.pkg -target / sudo chmod 755 /Library/Ossec diff --git a/home/dot_local/bin/post-installx/executable_post-wireguard-tools.sh b/home/dot_local/bin/post-installx/executable_post-wireguard-tools.sh index 791e36b0..a702cb4d 100644 --- a/home/dot_local/bin/post-installx/executable_post-wireguard-tools.sh +++ b/home/dot_local/bin/post-installx/executable_post-wireguard-tools.sh @@ -22,13 +22,10 @@ # TODO - Populate Tunnelblick on macOS using the .ovpn profiles located in $HOME/.config/vpn (execpt in the `openvpn` entry of software.yml) # along with the secrets for the protonVPN OpenVPN (check vpn-linux.tmpl) + ### Backs up previous network settings to `/Library/Preferences/com.apple.networkextension.plist.old` before applying new VPN profiles -if [ -f /Library/Preferences/com.apple.networkextension.plist ] && [ ! -f "/Library/Preferences/com.apple.networkextension.plist.old" ]; then - logg info 'Backing up /Library/Preferences/com.apple.networkextension.plist to /Library/Preferences/com.apple.networkextension.plist.old' - sudo cp -f /Library/Preferences/com.apple.networkextension.plist /Library/Preferences/com.apple.networkextension.plist.old -else - logg info 'The /Library/Preferences/com.apple.networkextension.plist does not exist or is already backed up to com.apple.networkextension.plist.old' -fi +logg info 'Backing up /Library/Preferences/com.apple.networkextension.plist to /Library/Preferences/com.apple.networkextension.plist.old' +sudo cp -f /Library/Preferences/com.apple.networkextension.plist /Library/Preferences/com.apple.networkextension.plist.old ### Ensures the `/etc/wireguard` directory exists and has the lowest possible permission-level if [ ! -d /etc/wireguard ]; then diff --git a/home/dot_local/etc/clamav/clamd-freshclam.service b/home/dot_local/etc/clamav/clamd-freshclam.service.tmpl similarity index 77% rename from home/dot_local/etc/clamav/clamd-freshclam.service rename to home/dot_local/etc/clamav/clamd-freshclam.service.tmpl index 489457a4..dbc8907d 100644 --- a/home/dot_local/etc/clamav/clamd-freshclam.service +++ b/home/dot_local/etc/clamav/clamd-freshclam.service.tmpl @@ -5,7 +5,7 @@ After = network.target [Service] Type = forking -ExecStart = /usr/bin/freshclam --daemon --checks 2 +ExecStart = {{ lookPath "freshclam" }} --daemon --checks 2 Restart = on-failure PrivateTmp = true diff --git a/home/dot_local/etc/clamav/clamscan.plist.tmpl b/home/dot_local/etc/clamav/clamdscan.plist.tmpl similarity index 94% rename from home/dot_local/etc/clamav/clamscan.plist.tmpl rename to home/dot_local/etc/clamav/clamdscan.plist.tmpl index 3cdffd3e..42db2f2f 100644 --- a/home/dot_local/etc/clamav/clamscan.plist.tmpl +++ b/home/dot_local/etc/clamav/clamdscan.plist.tmpl @@ -7,7 +7,7 @@ clamav.clamdscan ProgramArguments - /usr/local/bin/clamdscan + {{ lookPath "clamdscan" }} / StartCalendarInterval diff --git a/home/dot_local/etc/clamav/freshclam.plist.tmpl b/home/dot_local/etc/clamav/freshclam.plist.tmpl index be6a67a7..632ae7b4 100644 --- a/home/dot_local/etc/clamav/freshclam.plist.tmpl +++ b/home/dot_local/etc/clamav/freshclam.plist.tmpl @@ -7,7 +7,7 @@ clamav.freshclam ProgramArguments - /usr/local/bin/freshclam + {{ lookPath "freshclam" }} -v StartCalendarInterval diff --git a/home/dot_local/etc/cloudflared/config.yml.tmpl b/home/dot_local/etc/cloudflared/config.yml.tmpl index 64a24287..4734b868 100644 --- a/home/dot_local/etc/cloudflared/config.yml.tmpl +++ b/home/dot_local/etc/cloudflared/config.yml.tmpl @@ -1,6 +1,6 @@ -{{- $baseDomain := (join (join .host.hostname ".") .host.domain) -}} +{{- $baseDomain := printf "%s%s%s" .host.hostname "." .host.domain -}} {{- if eq .host.qubes true -}} -{{- $baseDomain := (join (join .host.hostname "-qube.") .host.domain) -}} +{{- $baseDomain := printf "%s%s%s" .host.hostname "-qube." .host.domain -}} {{- end -}} --- tunnel: {{ if eq .host.qubes true }}qube{{ else }}host{{ end }}-{{ .host.hostname }} @@ -31,7 +31,7 @@ ingress: - hostname: rsyslog.{{ $baseDomain }} service: tcp://localhost:514 - hostname: netdata.{{ $baseDomain }} - service: https://localhost:19999 + service: http://localhost:19999 - hostname: rundeck.{{ $baseDomain }} service: https://localhost:4440 - hostname: portainer.{{ .host.domain }}