punkfairie/install.fairie
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Various script fixes

Browse source
This commit is contained in:
Brian Zalewski 2024-05-10 02:53:38 +00:00
parent b2a8acfca7
commit 80e7fce908
18 changed files with 120 additions and 76 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
home/.chezmoi.yaml.tmpl
View file

@ -144,10 +144,10 @@ data:
headless: {{ $headless }} headless: {{ $headless }}
home: "{{ .chezmoi.homeDir }}" home: "{{ .chezmoi.homeDir }}"
homeParentFolder: "{{ if eq .chezmoi.os "linux" }}/home{{ else if eq .chezmoi.os "darwin" }}/Users{{ else }}C:\Users{{ end }}" homeParentFolder: "{{ if eq .chezmoi.os "linux" }}/home{{ else if eq .chezmoi.os "darwin" }}/Users{{ else }}C:\Users{{ end }}"
hostname: "{{ $hostname }}" hostname: "{{ $hostname -}}"
noReplyEmail: no-reply@megabyte.space noReplyEmail: no-reply@megabyte.space
samba: samba:
netbiosName: "{{ $sambaNetBiosName }}" netbiosName: "{{ $sambaNetBiosName -}}"
workgroup: "{{ $sambaWorkGroupName }}" workgroup: "{{ $sambaWorkGroupName }}"
smtp: smtp:
from: CombineOS <no-reply@megabyte.space> from: CombineOS <no-reply@megabyte.space>

4
home/dot_local/bin/post-installx/executable_post-atuin.sh
View file

@ -4,9 +4,13 @@
if command -v atuin > /dev/null; then if command -v atuin > /dev/null; then
source "${XDG_CONFIG_HOME:-$HOME/.config}/shell/private.sh" source "${XDG_CONFIG_HOME:-$HOME/.config}/shell/private.sh"
logg info 'Registering Atuin account'
atuin register -u "$ATUIN_USERNAME" -e "$ATUIN_EMAIL" -p "$ATUIN_PASSWORD" atuin register -u "$ATUIN_USERNAME" -e "$ATUIN_EMAIL" -p "$ATUIN_PASSWORD"
logg info 'Logging into Atuin account'
atuin login -u "$ATUIN_USERNAME" -p "$ATUIN_PASSWORD" -k "$ATUIN_KEY" atuin login -u "$ATUIN_USERNAME" -p "$ATUIN_PASSWORD" -k "$ATUIN_KEY"
logg info 'Running atuin import auto'
atuin import auto atuin import auto
logg info 'Running atuin sync'
atuin sync atuin sync
else else
logg info 'atuin is not available in the PATH' logg info 'atuin is not available in the PATH'

15
home/dot_local/bin/post-installx/executable_post-blocky.sh
View file

@ -5,12 +5,23 @@
if command -v blocky > /dev/null; then if command -v blocky > /dev/null; then
if [ -d /Applications ] && [ -d /System ]; then if [ -d /Applications ] && [ -d /System ]; then
### macOS ### macOS
cp -f "$HOME/.local/etc/blocky/config.yaml" "$(brew --prefix)/etc/blocky/config.yaml" if [ -f "$HOME/.local/etc/blocky/config.yaml" ]; then
logg info 'Ensuring /usr/local/etc/blocky directory is present'
sudo mkdir -p /usr/local/etc/blocky
logg info "Copying $HOME/.local/etc/blocky/config.yaml to /usr/local/etc/blocky/config.yaml"
sudo cp -f "$HOME/.local/etc/blocky/config.yaml" /usr/local/etc/blocky/config.yaml
if [ -d "${HOMEBREW_PREFIX:-/opt/homebrew}/etc/blocky" ] && [ ! -f "${HOMEBREW_PREFIX:-/opt/homebrew}/etc/blocky/config.yaml" ]; then
logg info "Symlinking $HOME/.local/etc/blocky/config.yaml to ${HOMEBREW_PREFIX:-/opt/homebrew}/etc/blocky/config.yaml"
ln -s /usr/local/etc/blocky/config.yaml "${HOMEBREW_PREFIX:-/opt/homebrew}/etc/blocky/config.yaml"
fi
fi
else else
### Linux ### Linux
logg info 'Ensuring /usr/local/etc/blocky is created'
sudo mkdir -p /usr/local/etc/blocky sudo mkdir -p /usr/local/etc/blocky
if [ -d /usr/lib/systemd/system ]; then
sudo cp -f "$HOME/.local/etc/blocky/config.yaml" /usr/local/etc/blocky/config.yaml sudo cp -f "$HOME/.local/etc/blocky/config.yaml" /usr/local/etc/blocky/config.yaml
if [ -d /usr/lib/systemd/system ]; then
logg info 'Copying blocky service file to system locations'
sudo cp -f "$HOME/.local/etc/blocky/blocky.service" /usr/lib/systemd/system/blocky.service sudo cp -f "$HOME/.local/etc/blocky/blocky.service" /usr/lib/systemd/system/blocky.service
else else
logg "/usr/lib/systemd/system is missing from the file system" logg "/usr/lib/systemd/system is missing from the file system"

10
home/dot_local/bin/post-installx/executable_post-clamav.sh
View file

@ -11,6 +11,7 @@ if command -v freshclam > /dev/null; then
ln -s /usr/local/etc/clamav/freshclam.conf "${HOMEBREW_PREFIX:-/opt/homebrew}/etc/clamav/freshclam.conf" ln -s /usr/local/etc/clamav/freshclam.conf "${HOMEBREW_PREFIX:-/opt/homebrew}/etc/clamav/freshclam.conf"
fi fi
fi fi
### Add clamd.conf ### Add clamd.conf
if [ -f "$HOME/.local/etc/clamav/clamd.conf" ]; then if [ -f "$HOME/.local/etc/clamav/clamd.conf" ]; then
sudo mkdir -p /usr/local/etc/clamav sudo mkdir -p /usr/local/etc/clamav
@ -26,7 +27,16 @@ if command -v freshclam > /dev/null; then
# sudo chown $USER /var/log/clamav # sudo chown $USER /var/log/clamav
sudo cp -f "$HOME/.local/etc/clamav/clamdscan.plist" /Library/LaunchDaemons/clamdscan.plist sudo cp -f "$HOME/.local/etc/clamav/clamdscan.plist" /Library/LaunchDaemons/clamdscan.plist
sudo cp -f "$HOME/.local/etc/clamav/freshclam.plist" /Library/LaunchDaemons/freshclam.plist sudo cp -f "$HOME/.local/etc/clamav/freshclam.plist" /Library/LaunchDaemons/freshclam.plist
if sudo launchctl list | grep 'clamav.clamdscan' > /dev/null; then
logg info 'Unloading previous ClamAV clamdscan configuration'
sudo launchctl unload /Library/LaunchDaemons/clamdscan.plist
fi
sudo launchctl load -w /Library/LaunchDaemons/clamdscan.plist sudo launchctl load -w /Library/LaunchDaemons/clamdscan.plist
if sudo launchctl list | grep 'clamav.freshclam' > /dev/null; then
logg info 'Unloading previous ClamAV freshclam configuration'
sudo launchctl unload /Library/LaunchDaemons/freshclam.plist
fi
logg info 'Running sudo launchctl load -w /Library/LaunchDaemons/freshclam.plist'
sudo launchctl load -w /Library/LaunchDaemons/freshclam.plist sudo launchctl load -w /Library/LaunchDaemons/freshclam.plist
fi fi

66
home/dot_local/bin/post-installx/executable_post-cloudflared.sh
View file

@ -2,77 +2,53 @@
# @file Cloudflared Configuration # @file Cloudflared Configuration
# @brief Applies cloudflared configuration, connects to Argo tunnel with managed configuration, and enables it on system start # @brief Applies cloudflared configuration, connects to Argo tunnel with managed configuration, and enables it on system start
{{- $registrationToken := "" }} if command -v cloudflared > /dev/null; then
{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "cloudflared" .host.hostname)) -}}
{{- $registrationToken = (includeTemplate (print "cloudflared/" .host.hostname) | decrypt) -}}
{{- end }}
### Set up CloudFlare tunnels
if command -v cloudflared > /dev/null && [ -d "$HOME/.local/etc/cloudflared" ]; then
# Show warning message about ~/.cloudflared already existing # Show warning message about ~/.cloudflared already existing
if [ -d "$HOME/.cloudflared" ]; then if [ -d "$HOME/.cloudflared" ]; then
logg warn '~/.cloudflared is already in the home directory - to ensure proper deployment, remove previous tunnel configuration folders' logg warn '~/.cloudflared is already in the home directory - to ensure proper deployment, remove previous tunnel configuration folders'
fi fi
### Ensure /usr/local/etc/cloudflared exists
if [ -d /usr/local/etc/cloudflared ]; then
logg info 'Creating folder /usr/local/etc/cloudflared'
sudo mkdir -p /usr/local/etc/cloudflared
fi
# Copy over configuration files # Copy over configuration files
logg info 'Ensuring /usr/local/etc/cloudflared exists' && sudo mkdir -p /usr/local/etc/cloudflared logg info 'Ensuring /usr/local/etc/cloudflared exists' && sudo mkdir -p /usr/local/etc/cloudflared
logg info 'Copying over configuration files from ~/.local/etc/cloudflared to /usr/local/etc/cloudflared' logg info 'Copying over configuration files from ~/.local/etc/cloudflared to /usr/local/etc/cloudflared'
sudo cp -f "$HOME/.local/etc/cloudflared/cert.pem" /usr/local/etc/cloudflared/cert.pem sudo cp -f "$HOME/.local/etc/cloudflared/cert.pem" /usr/local/etc/cloudflared/cert.pem
sudo cp -f "$HOME/.local/etc/cloudflared/config.yml" /usr/local/etc/cloudflared/config.yml sudo cp -f "$HOME/.local/etc/cloudflared/config.yml" /usr/local/etc/cloudflared/config.yml
### Register tunnel (if not already registered) ### Remove previous tunnels connected to host
if sudo cloudflared tunnel list | grep "host-{{ .host.hostname }}" > /dev/null; then while read TUNNEL_ID; do
logg info 'CloudFlare tunnel is already registered' logg info "Deleteing CloudFlared tunnel ID $TUNNEL_ID"
else sudo cloudflared tunnel delete "$TUNNEL_ID"
logg info 'Creating a CloudFlare tunnel to this host' sudo rm -f "/usr/local/etc/cloudflared/${TUNNEL_ID}.json"
sudo cloudflared tunnel create "host-{{ .host.hostname }}" done< <(sudo cloudflared tunnel list | grep "host-$HOSTNAME" | sed 's/ .*//')
fi
TUNNEL_ID="$(sudo cloudflared tunnel list | grep 'host-{{ .host.hostname }}' | sed 's/ .*//')" ### Register tunnel (if not already registered)
logg info "Creating CloudFlared tunnel named host-$HOSTNAME"
sudo cloudflared tunnel create "host-$HOSTNAME"
TUNNEL_ID="$(sudo cloudflared tunnel list | grep "host-$HOSTNAME" | sed 's/ .*//')"
logg info "Tunnel ID: $TUNNEL_ID" logg info "Tunnel ID: $TUNNEL_ID"
if [ -f "/usr/local/etc/cloudflared/${TUNNEL_ID}.json" ]; then logg info "Symlinking /usr/local/etc/cloudflared/$TUNNEL_ID.json to /usr/local/etc/cloudflared/credentials.json"
logg info 'Symlinking tunnel configuration to /usr/local/etc/cloudflared/credentials.json' sudo rm -f /usr/local/etc/cloudflared/credentials.json
rm -f /usr/local/etc/cloudflared/credentials.json sudo ln -s /usr/local/etc/cloudflared/$TUNNEL_ID.json /usr/local/etc/cloudflared/credentials.json
sudo ln -s "/usr/local/etc/cloudflared/${TUNNEL_ID}.json" /usr/local/etc/cloudflared/credentials.json
else
logg info 'Handling case where the tunnel registration is not present in /usr/local/etc/cloudflared'
{{ if eq $registrationToken "" -}}
logg warn 'Registration token is unavailable - you might have to delete the pre-existing tunnel or set up secrets properly'
{{- else -}}
logg info 'Registration token retrieved from encrypted blob stored at home/.chezmoitemplates/cloudflared/{{ .host.hostname }}'
{{ if eq (substr 0 1 $registrationToken) "{" -}}
logg info 'Registration token stored in credential file form'
echo -n '{{ $registrationToken }}' | sudo tee /usr/local/etc/cloudflared/credentials.json > /dev/null
{{ else }}
logg info 'Registration token is in token form - it will be used in conjunction with sudo cloudflared service install'
{{- end }}
{{- end }}
fi
### Set up service ### Set up service
if [ -d /Applications ] && [ -d /System ]; then if [ -d /Applications ] && [ -d /System ]; then
# System is macOS ### macOS
if [ -f /Library/LaunchDaemons/com.cloudflare.cloudflared.plist ]; then if [ -f /Library/LaunchDaemons/com.cloudflare.cloudflared.plist ]; then
logg info 'cloudflared service is already installed' logg info 'cloudflared service is already installed'
else else
logg info 'Running sudo cloudflared service install' logg info 'Running sudo cloudflared service install'
sudo cloudflared service install{{ if and (ne $registrationToken "") (eq (substr 0 1 $registrationToken) "{") -}} {{ $registrationToken }}{{ end }} sudo cloudflared service install
fi fi
logg info 'Ensuring cloudflared service is installed' logg info 'Ensuring cloudflared service is started'
sudo launchctl start com.cloudflare.cloudflared sudo launchctl start com.cloudflare.cloudflared
elif [ -f /etc/os-release ]; then elif [ -f /etc/os-release ]; then
# System is Linux ### Linux
if systemctl --all --type service | grep -q "cloudflared" > /dev/null; then if systemctl --all --type service | grep -q "cloudflared" > /dev/null; then
logg info 'cloudflared service is already available as a service' logg info 'cloudflared service is already available as a service'
else else
logg info 'Running sudo cloudflared service install' logg info 'Running sudo cloudflared service install'
sudo cloudflared service install{{ if and (ne $registrationToken "") (eq (substr 0 1 $registrationToken) "{") -}} {{ $registrationToken }}{{ end }} sudo cloudflared service install
fi fi
logg info 'Ensuring cloudflared service is started' logg info 'Ensuring cloudflared service is started'
sudo systemctl start cloudflared sudo systemctl start cloudflared
@ -87,5 +63,5 @@ if command -v cloudflared > /dev/null && [ -d "$HOME/.local/etc/cloudflared" ];
# https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/local/as-a-service/windows/ # https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/local/as-a-service/windows/
fi fi
else else
logg info 'cloudflared was not installed so CloudFlare Tunnels cannot be enabled. (Or the ~/.local/etc/cloudflared folder is not present)' logg info 'cloudflared was not installed so CloudFlare Tunnels cannot be enabled'
fi fi

34
home/dot_local/bin/post-installx/executable_post-docker-desktop.sh
View file

@ -9,15 +9,43 @@
# variable). # variable).
if command -v docker > /dev/null; then if command -v docker > /dev/null; then
DOCKERHUB_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "DOCKERHUB_TOKEN")) }}{{- includeTemplate "secrets/DOCKERHUB_TOKEN" | decrypt | trim -}}{{ else }}{{- env "DOCKERHUB_TOKEN" -}}{{ end }}" ### Acquire DOCKERHUB_TOKEN
DOCKERHUB_USER="{{ .user.docker.username }}" DOCKERHUB_TOKEN_FILE="${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi/home/.chezmoitemplates/secrets/DOCKERHUB_TOKEN"
if [ -f "$DOCKERHUB_TOKEN_FILE" ]; then
logg info "Found DOCKERHUB_TOKEN in ${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi/home/.chezmoitemplates/secrets"
if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/age/chezmoi.txt" ]; then
logg info 'Decrypting DOCKERHUB_TOKEN token with Age encryption key'
DOCKERHUB_TOKEN="$(cat "$CLOUDFLARED_CERT" | chezmoi decrypt)"
else
logg warn 'Age encryption key is missing from ~/.config/age/chezmoi.txt'
fi
else
logg warn "DOCKERHUB_TOKEN is missing from ${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi/home/.chezmoitemplates/secrets"
fi
### Acquire DOCKERHUB_USER
if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/chezmoi/chezmoi.yaml" ]; then
DOCKERHUB_USER="$(yq '.data.user.docker.username' ~/.config/chezmoi/chezmoi.yaml)"
else
logg info "${XDG_CONFIG_HOME:-$HOME/.config}/chezmoi/chezmoi.yaml is missing which is required for populating the DOCKERHUB_USER"
fi
### Launch Docker.app
if [ -d "/Applications/Docker.app" ] || [ -d "$HOME/Applications/Docker.app" ]; then if [ -d "/Applications/Docker.app" ] || [ -d "$HOME/Applications/Docker.app" ]; then
logg info 'Ensuring Docker.app is open' && open --background -a Docker --args --accept-license --unattended logg info 'Ensuring Docker.app is open' && open --background -a Docker --args --accept-license --unattended
fi fi
### Pre-authenticate with DockerHub
if [ -n "$DOCKERHUB_TOKEN" ] && [ -n "$DOCKERHUB_USER" ]; then
logg info 'Headlessly authenticating with DockerHub registry' && echo "$DOCKERHUB_TOKEN" | docker login -u "$DOCKERHUB_USER" --password-stdin > /dev/null && logg success 'Successfully authenticated with DockerHub registry' logg info 'Headlessly authenticating with DockerHub registry' && echo "$DOCKERHUB_TOKEN" | docker login -u "$DOCKERHUB_USER" --password-stdin > /dev/null && logg success 'Successfully authenticated with DockerHub registry'
fi
fi fi
### Symlink on macOS ### Symlink on macOS
if [ -f "$HOME/Library/Containers/com.docker.docker/Data/docker.raw.sock" ]; then if [ -d /Applications ] && [ -d /System ]; then
if [ -f "$HOME/Library/Containers/com.docker.docker/Data/docker.raw.sock" ]; then
logg info 'Symlinking /var/run/docker.sock to macOS Library location' && sudo ln -s "$HOME/Library/Containers/com.docker.docker/Data/docker.raw.sock" /var/run/docker.sock logg info 'Symlinking /var/run/docker.sock to macOS Library location' && sudo ln -s "$HOME/Library/Containers/com.docker.docker/Data/docker.raw.sock" /var/run/docker.sock
else
logg info "Skipping symlinking /var/run/docker.sock since $HOME/Library/Containers/com.docker.docker/Data/docker.raw.sock is missing"
fi
fi fi

4
home/dot_local/bin/post-installx/executable_post-nginx.sh
View file

@ -12,9 +12,13 @@
# * [NGINX Amplify documentation](https://docs.nginx.com/nginx-amplify/#) # * [NGINX Amplify documentation](https://docs.nginx.com/nginx-amplify/#)
if command -v nginx > /dev/null; then if command -v nginx > /dev/null; then
if [ -d Applications ] && [ -d /System ]; then
logg info 'Skipping installation of NGINX Amplify because macOS is not supported'
else
logg info 'Downloading the NGINX Amplify installer script' logg info 'Downloading the NGINX Amplify installer script'
TMP="$(mktemp)" TMP="$(mktemp)"
curl -sSL https://github.com/nginxinc/nginx-amplify-agent/raw/master/packages/install.sh > "$TMP" curl -sSL https://github.com/nginxinc/nginx-amplify-agent/raw/master/packages/install.sh > "$TMP"
logg info 'Running the NGINX Amplify setup script' logg info 'Running the NGINX Amplify setup script'
API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "NGINX_AMPLIFY_API_KEY")) }}{{- includeTemplate "secrets/NGINX_AMPLIFY_API_KEY" | decrypt | trim -}}{{ else }}{{- env "NGINX_AMPLIFY_API_KEY" -}}{{ end }}" sh "$TMP" API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "NGINX_AMPLIFY_API_KEY")) }}{{- includeTemplate "secrets/NGINX_AMPLIFY_API_KEY" | decrypt | trim -}}{{ else }}{{- env "NGINX_AMPLIFY_API_KEY" -}}{{ end }}" sh "$TMP"
fi
fi fi

2
home/dot_local/bin/post-installx/executable_post-rkhunter.sh
View file

@ -11,7 +11,7 @@ if command -v rkhunter > /dev/null; then
logg info 'Updating file /etc/rkhunter.conf' && sed -i "s/^#WEB_CMD.*$/WEB_CMD=curl\ -L/" /etc/rkhunter.conf logg info 'Updating file /etc/rkhunter.conf' && sed -i "s/^#WEB_CMD.*$/WEB_CMD=curl\ -L/" /etc/rkhunter.conf
fi fi
export PATH="$(echo "$PATH" | sed 's/VMware Fusion.app/VMwareFusion.app/')" export PATH="$(echo "$PATH" | sed 's/VMware Fusion.app/VMwareFusion.app/')"
export PATH="$(echo "$PATH" | sed 's/IntelliJ IDEA CE.app/IntelliJIDEACE.map/')" export PATH="$(echo "$PATH" | sed 's/IntelliJ IDEA CE.app/IntelliJIDEACE.app/')"
sudo rkhunter --propupd || RK_PROPUPD_EXIT_CODE=$? sudo rkhunter --propupd || RK_PROPUPD_EXIT_CODE=$?
if [ -n "$RK_PROPUPD_EXIT_CODE" ]; then if [ -n "$RK_PROPUPD_EXIT_CODE" ]; then
logg error "sudo rkhunter --propupd returned non-zero exit code" logg error "sudo rkhunter --propupd returned non-zero exit code"

3
home/dot_local/bin/post-installx/executable_post-tfenv.sh
View file

@ -3,5 +3,8 @@
# @brief Configures tfenv to use the latest version of Terraform # @brief Configures tfenv to use the latest version of Terraform
if command -v tfenv > /dev/null; then if command -v tfenv > /dev/null; then
logg info 'Configuring tfenv to use latest version of Terraform'
tfenv use latest tfenv use latest
else
logg warn 'tfenv is not available in the PATH'
fi fi

1
home/dot_local/bin/post-installx/executable_post-tor.sh
View file

@ -18,6 +18,7 @@
if [ -d /Applications ] && [ -d /System ]; then if [ -d /Applications ] && [ -d /System ]; then
### macOS ### macOS
TORRC_CONFIG_DIR=/usr/local/etc/tor TORRC_CONFIG_DIR=/usr/local/etc/tor
sudo mkdir -p "$TORRC_CONFIG_DIR"
else else
### Linux ### Linux
TORRC_CONFIG_DIR=/etc/tor TORRC_CONFIG_DIR=/etc/tor

8
home/dot_local/bin/post-installx/executable_post-vmware.sh
View file

@ -116,7 +116,13 @@ if command -v vmware > /dev/null; then
logg info 'VMware host modules are present' logg info 'VMware host modules are present'
fi fi
else else
if [ -d /Applications ] && [ -d /System ]; then
### macOS
logg info 'System is macOS so there is no unlocker or modules that need to be enabled'
else
### Linux and VMWare not installed
logg warn 'VMware Workstation is not installed so the VMware Unlocker will not be installed' logg warn 'VMware Workstation is not installed so the VMware Unlocker will not be installed'
fi
fi fi
# @description Only run logic if both Vagrant and VMWare are installed # @description Only run logic if both Vagrant and VMWare are installed
@ -133,7 +139,7 @@ if command -v vagrant > /dev/null && command -v vmware-id > /dev/null; then
logg info 'Ensuring the Vagrant VMWare Utility service is enabled' logg info 'Ensuring the Vagrant VMWare Utility service is enabled'
sudo vagrant-vmware-utility service install || EXIT_CODE=$? sudo vagrant-vmware-utility service install || EXIT_CODE=$?
if [ -n "$EXIT_CODE" ]; then if [ -n "$EXIT_CODE" ]; then
logg info 'The Vagrant VMWare Utility command vagrant-vmware-utility service install failed. It is probably already setup.' logg info 'The Vagrant VMWare Utility command vagrant-vmware-utility service. If it was already set up, there should be a notice above.'
fi fi
fi fi
else else

3
home/dot_local/bin/post-installx/executable_post-volta.sh
View file

@ -6,8 +6,11 @@ export VOLTA_HOME="${XDG_DATA_HOME:-$HOME/.local/share}/volta"
export PATH="$VOLTA_HOME/bin:$PATH" export PATH="$VOLTA_HOME/bin:$PATH"
if command -v volta > /dev/null; then if command -v volta > /dev/null; then
logg info 'Running volta setup'
volta setup volta setup
logg info 'Installing latest version of Node.js via Volta'
volta install node@latest volta install node@latest
logg info 'Installing latest version of Yarn via Volta'
volta install yarn@latest volta install yarn@latest
else else
logg info 'Volta is not installed' logg info 'Volta is not installed'

5
home/dot_local/bin/post-installx/executable_post-wazuh.sh
View file

@ -12,9 +12,10 @@ if [ -d /Applications ] && [ -d /System ]; then
PKG_URL="https://packages.wazuh.com/4.x/macos/wazuh-agent-4.7.4-1.intel64.pkg" PKG_URL="https://packages.wazuh.com/4.x/macos/wazuh-agent-4.7.4-1.intel64.pkg"
fi fi
curl -sSL "$PKG_URL" > wazuh-agent.pkg curl -sSL "$PKG_URL" > wazuh-agent.pkg
log info 'Setting Wazuh launch parameters in /tmp/wazuh_envs' logg info 'Setting Wazuh launch parameters in /tmp/wazuh_envs'
# https://documentation.wazuh.com/current/user-manual/agent/deployment-variables/deployment-variables-macos.html # https://documentation.wazuh.com/current/user-manual/agent/deployment-variables/deployment-variables-macos.html
echo "WAZUH_MANAGER='$WAZUH_MANAGER'" > /tmp/wazuh_envs echo "WAZUH_MANAGER='$WAZUH_MANAGER' && WAZUH_REGISTRATION_SERVER='$WAZUH_MANAGER' && WAZUH_REGISTRATION_PASSWORD='WazuhRegister' && \
WAZUH_AGENT_NAME='$WAZUH_AGENT_NAME'" > /tmp/wazuh_envs
logg info 'Installing the Wazuh agent pkg' logg info 'Installing the Wazuh agent pkg'
sudo installer -pkg wazuh-agent.pkg -target / sudo installer -pkg wazuh-agent.pkg -target /
sudo chmod 755 /Library/Ossec sudo chmod 755 /Library/Ossec

9
home/dot_local/bin/post-installx/executable_post-wireguard-tools.sh
View file

@ -22,13 +22,10 @@
# TODO - Populate Tunnelblick on macOS using the .ovpn profiles located in $HOME/.config/vpn (execpt in the `openvpn` entry of software.yml) # TODO - Populate Tunnelblick on macOS using the .ovpn profiles located in $HOME/.config/vpn (execpt in the `openvpn` entry of software.yml)
# along with the secrets for the protonVPN OpenVPN (check vpn-linux.tmpl) # along with the secrets for the protonVPN OpenVPN (check vpn-linux.tmpl)
### Backs up previous network settings to `/Library/Preferences/com.apple.networkextension.plist.old` before applying new VPN profiles ### Backs up previous network settings to `/Library/Preferences/com.apple.networkextension.plist.old` before applying new VPN profiles
if [ -f /Library/Preferences/com.apple.networkextension.plist ] && [ ! -f "/Library/Preferences/com.apple.networkextension.plist.old" ]; then logg info 'Backing up /Library/Preferences/com.apple.networkextension.plist to /Library/Preferences/com.apple.networkextension.plist.old'
logg info 'Backing up /Library/Preferences/com.apple.networkextension.plist to /Library/Preferences/com.apple.networkextension.plist.old' sudo cp -f /Library/Preferences/com.apple.networkextension.plist /Library/Preferences/com.apple.networkextension.plist.old
sudo cp -f /Library/Preferences/com.apple.networkextension.plist /Library/Preferences/com.apple.networkextension.plist.old
else
logg info 'The /Library/Preferences/com.apple.networkextension.plist does not exist or is already backed up to com.apple.networkextension.plist.old'
fi
### Ensures the `/etc/wireguard` directory exists and has the lowest possible permission-level ### Ensures the `/etc/wireguard` directory exists and has the lowest possible permission-level
if [ ! -d /etc/wireguard ]; then if [ ! -d /etc/wireguard ]; then

2
home/dot_local/etc/clamav/clamd-freshclam.service → home/dot_local/etc/clamav/clamd-freshclam.service.tmpl
View file

@ -5,7 +5,7 @@ After = network.target
[Service] [Service]
Type = forking Type = forking
ExecStart = /usr/bin/freshclam --daemon --checks 2 ExecStart = {{ lookPath "freshclam" }} --daemon --checks 2
Restart = on-failure Restart = on-failure
PrivateTmp = true PrivateTmp = true

2
home/dot_local/etc/clamav/clamscan.plist.tmpl → home/dot_local/etc/clamav/clamdscan.plist.tmpl
View file

@ -7,7 +7,7 @@
<string>clamav.clamdscan</string> <string>clamav.clamdscan</string>
<key>ProgramArguments</key> <key>ProgramArguments</key>
<array> <array>
<string>/usr/local/bin/clamdscan</string> <string> {{ lookPath "clamdscan" }}</string>
<string>/</string> <string>/</string>
</array> </array>
<key>StartCalendarInterval</key> <key>StartCalendarInterval</key>

2
home/dot_local/etc/clamav/freshclam.plist.tmpl
View file

@ -7,7 +7,7 @@
<string>clamav.freshclam</string> <string>clamav.freshclam</string>
<key>ProgramArguments</key> <key>ProgramArguments</key>
<array> <array>
<string>/usr/local/bin/freshclam</string> <string> {{ lookPath "freshclam" }}</string>
<string>-v</string> <string>-v</string>
</array> </array>
<key>StartCalendarInterval</key> <key>StartCalendarInterval</key>

6
home/dot_local/etc/cloudflared/config.yml.tmpl
View file

@ -1,6 +1,6 @@
{{- $baseDomain := (join (join .host.hostname ".") .host.domain) -}} {{- $baseDomain := printf "%s%s%s" .host.hostname "." .host.domain -}}
{{- if eq .host.qubes true -}} {{- if eq .host.qubes true -}}
{{- $baseDomain := (join (join .host.hostname "-qube.") .host.domain) -}} {{- $baseDomain := printf "%s%s%s" .host.hostname "-qube." .host.domain -}}
{{- end -}} {{- end -}}
--- ---
tunnel: {{ if eq .host.qubes true }}qube{{ else }}host{{ end }}-{{ .host.hostname }} tunnel: {{ if eq .host.qubes true }}qube{{ else }}host{{ end }}-{{ .host.hostname }}
@ -31,7 +31,7 @@ ingress:
- hostname: rsyslog.{{ $baseDomain }} - hostname: rsyslog.{{ $baseDomain }}
service: tcp://localhost:514 service: tcp://localhost:514
- hostname: netdata.{{ $baseDomain }} - hostname: netdata.{{ $baseDomain }}
service: https://localhost:19999 service: http://localhost:19999
- hostname: rundeck.{{ $baseDomain }} - hostname: rundeck.{{ $baseDomain }}
service: https://localhost:4440 service: https://localhost:4440
- hostname: portainer.{{ .host.domain }} - hostname: portainer.{{ .host.domain }}