Various script fixes
This commit is contained in:
parent
b2a8acfca7
commit
80e7fce908
18 changed files with 120 additions and 76 deletions
|
@ -144,10 +144,10 @@ data:
|
|||
headless: {{ $headless }}
|
||||
home: "{{ .chezmoi.homeDir }}"
|
||||
homeParentFolder: "{{ if eq .chezmoi.os "linux" }}/home{{ else if eq .chezmoi.os "darwin" }}/Users{{ else }}C:\Users{{ end }}"
|
||||
hostname: "{{ $hostname }}"
|
||||
hostname: "{{ $hostname -}}"
|
||||
noReplyEmail: no-reply@megabyte.space
|
||||
samba:
|
||||
netbiosName: "{{ $sambaNetBiosName }}"
|
||||
netbiosName: "{{ $sambaNetBiosName -}}"
|
||||
workgroup: "{{ $sambaWorkGroupName }}"
|
||||
smtp:
|
||||
from: CombineOS <no-reply@megabyte.space>
|
||||
|
|
|
@ -4,9 +4,13 @@
|
|||
|
||||
if command -v atuin > /dev/null; then
|
||||
source "${XDG_CONFIG_HOME:-$HOME/.config}/shell/private.sh"
|
||||
logg info 'Registering Atuin account'
|
||||
atuin register -u "$ATUIN_USERNAME" -e "$ATUIN_EMAIL" -p "$ATUIN_PASSWORD"
|
||||
logg info 'Logging into Atuin account'
|
||||
atuin login -u "$ATUIN_USERNAME" -p "$ATUIN_PASSWORD" -k "$ATUIN_KEY"
|
||||
logg info 'Running atuin import auto'
|
||||
atuin import auto
|
||||
logg info 'Running atuin sync'
|
||||
atuin sync
|
||||
else
|
||||
logg info 'atuin is not available in the PATH'
|
||||
|
|
|
@ -5,12 +5,23 @@
|
|||
if command -v blocky > /dev/null; then
|
||||
if [ -d /Applications ] && [ -d /System ]; then
|
||||
### macOS
|
||||
cp -f "$HOME/.local/etc/blocky/config.yaml" "$(brew --prefix)/etc/blocky/config.yaml"
|
||||
if [ -f "$HOME/.local/etc/blocky/config.yaml" ]; then
|
||||
logg info 'Ensuring /usr/local/etc/blocky directory is present'
|
||||
sudo mkdir -p /usr/local/etc/blocky
|
||||
logg info "Copying $HOME/.local/etc/blocky/config.yaml to /usr/local/etc/blocky/config.yaml"
|
||||
sudo cp -f "$HOME/.local/etc/blocky/config.yaml" /usr/local/etc/blocky/config.yaml
|
||||
if [ -d "${HOMEBREW_PREFIX:-/opt/homebrew}/etc/blocky" ] && [ ! -f "${HOMEBREW_PREFIX:-/opt/homebrew}/etc/blocky/config.yaml" ]; then
|
||||
logg info "Symlinking $HOME/.local/etc/blocky/config.yaml to ${HOMEBREW_PREFIX:-/opt/homebrew}/etc/blocky/config.yaml"
|
||||
ln -s /usr/local/etc/blocky/config.yaml "${HOMEBREW_PREFIX:-/opt/homebrew}/etc/blocky/config.yaml"
|
||||
fi
|
||||
fi
|
||||
else
|
||||
### Linux
|
||||
logg info 'Ensuring /usr/local/etc/blocky is created'
|
||||
sudo mkdir -p /usr/local/etc/blocky
|
||||
if [ -d /usr/lib/systemd/system ]; then
|
||||
sudo cp -f "$HOME/.local/etc/blocky/config.yaml" /usr/local/etc/blocky/config.yaml
|
||||
if [ -d /usr/lib/systemd/system ]; then
|
||||
logg info 'Copying blocky service file to system locations'
|
||||
sudo cp -f "$HOME/.local/etc/blocky/blocky.service" /usr/lib/systemd/system/blocky.service
|
||||
else
|
||||
logg "/usr/lib/systemd/system is missing from the file system"
|
||||
|
|
|
@ -11,6 +11,7 @@ if command -v freshclam > /dev/null; then
|
|||
ln -s /usr/local/etc/clamav/freshclam.conf "${HOMEBREW_PREFIX:-/opt/homebrew}/etc/clamav/freshclam.conf"
|
||||
fi
|
||||
fi
|
||||
|
||||
### Add clamd.conf
|
||||
if [ -f "$HOME/.local/etc/clamav/clamd.conf" ]; then
|
||||
sudo mkdir -p /usr/local/etc/clamav
|
||||
|
@ -26,7 +27,16 @@ if command -v freshclam > /dev/null; then
|
|||
# sudo chown $USER /var/log/clamav
|
||||
sudo cp -f "$HOME/.local/etc/clamav/clamdscan.plist" /Library/LaunchDaemons/clamdscan.plist
|
||||
sudo cp -f "$HOME/.local/etc/clamav/freshclam.plist" /Library/LaunchDaemons/freshclam.plist
|
||||
if sudo launchctl list | grep 'clamav.clamdscan' > /dev/null; then
|
||||
logg info 'Unloading previous ClamAV clamdscan configuration'
|
||||
sudo launchctl unload /Library/LaunchDaemons/clamdscan.plist
|
||||
fi
|
||||
sudo launchctl load -w /Library/LaunchDaemons/clamdscan.plist
|
||||
if sudo launchctl list | grep 'clamav.freshclam' > /dev/null; then
|
||||
logg info 'Unloading previous ClamAV freshclam configuration'
|
||||
sudo launchctl unload /Library/LaunchDaemons/freshclam.plist
|
||||
fi
|
||||
logg info 'Running sudo launchctl load -w /Library/LaunchDaemons/freshclam.plist'
|
||||
sudo launchctl load -w /Library/LaunchDaemons/freshclam.plist
|
||||
fi
|
||||
|
||||
|
|
|
@ -2,77 +2,53 @@
|
|||
# @file Cloudflared Configuration
|
||||
# @brief Applies cloudflared configuration, connects to Argo tunnel with managed configuration, and enables it on system start
|
||||
|
||||
{{- $registrationToken := "" }}
|
||||
{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "cloudflared" .host.hostname)) -}}
|
||||
{{- $registrationToken = (includeTemplate (print "cloudflared/" .host.hostname) | decrypt) -}}
|
||||
{{- end }}
|
||||
|
||||
### Set up CloudFlare tunnels
|
||||
if command -v cloudflared > /dev/null && [ -d "$HOME/.local/etc/cloudflared" ]; then
|
||||
if command -v cloudflared > /dev/null; then
|
||||
# Show warning message about ~/.cloudflared already existing
|
||||
if [ -d "$HOME/.cloudflared" ]; then
|
||||
logg warn '~/.cloudflared is already in the home directory - to ensure proper deployment, remove previous tunnel configuration folders'
|
||||
fi
|
||||
|
||||
### Ensure /usr/local/etc/cloudflared exists
|
||||
if [ -d /usr/local/etc/cloudflared ]; then
|
||||
logg info 'Creating folder /usr/local/etc/cloudflared'
|
||||
sudo mkdir -p /usr/local/etc/cloudflared
|
||||
fi
|
||||
|
||||
# Copy over configuration files
|
||||
logg info 'Ensuring /usr/local/etc/cloudflared exists' && sudo mkdir -p /usr/local/etc/cloudflared
|
||||
logg info 'Copying over configuration files from ~/.local/etc/cloudflared to /usr/local/etc/cloudflared'
|
||||
sudo cp -f "$HOME/.local/etc/cloudflared/cert.pem" /usr/local/etc/cloudflared/cert.pem
|
||||
sudo cp -f "$HOME/.local/etc/cloudflared/config.yml" /usr/local/etc/cloudflared/config.yml
|
||||
|
||||
### Register tunnel (if not already registered)
|
||||
if sudo cloudflared tunnel list | grep "host-{{ .host.hostname }}" > /dev/null; then
|
||||
logg info 'CloudFlare tunnel is already registered'
|
||||
else
|
||||
logg info 'Creating a CloudFlare tunnel to this host'
|
||||
sudo cloudflared tunnel create "host-{{ .host.hostname }}"
|
||||
fi
|
||||
### Remove previous tunnels connected to host
|
||||
while read TUNNEL_ID; do
|
||||
logg info "Deleteing CloudFlared tunnel ID $TUNNEL_ID"
|
||||
sudo cloudflared tunnel delete "$TUNNEL_ID"
|
||||
sudo rm -f "/usr/local/etc/cloudflared/${TUNNEL_ID}.json"
|
||||
done< <(sudo cloudflared tunnel list | grep "host-$HOSTNAME" | sed 's/ .*//')
|
||||
|
||||
TUNNEL_ID="$(sudo cloudflared tunnel list | grep 'host-{{ .host.hostname }}' | sed 's/ .*//')"
|
||||
### Register tunnel (if not already registered)
|
||||
logg info "Creating CloudFlared tunnel named host-$HOSTNAME"
|
||||
sudo cloudflared tunnel create "host-$HOSTNAME"
|
||||
|
||||
TUNNEL_ID="$(sudo cloudflared tunnel list | grep "host-$HOSTNAME" | sed 's/ .*//')"
|
||||
logg info "Tunnel ID: $TUNNEL_ID"
|
||||
if [ -f "/usr/local/etc/cloudflared/${TUNNEL_ID}.json" ]; then
|
||||
logg info 'Symlinking tunnel configuration to /usr/local/etc/cloudflared/credentials.json'
|
||||
rm -f /usr/local/etc/cloudflared/credentials.json
|
||||
sudo ln -s "/usr/local/etc/cloudflared/${TUNNEL_ID}.json" /usr/local/etc/cloudflared/credentials.json
|
||||
else
|
||||
logg info 'Handling case where the tunnel registration is not present in /usr/local/etc/cloudflared'
|
||||
{{ if eq $registrationToken "" -}}
|
||||
logg warn 'Registration token is unavailable - you might have to delete the pre-existing tunnel or set up secrets properly'
|
||||
{{- else -}}
|
||||
logg info 'Registration token retrieved from encrypted blob stored at home/.chezmoitemplates/cloudflared/{{ .host.hostname }}'
|
||||
{{ if eq (substr 0 1 $registrationToken) "{" -}}
|
||||
logg info 'Registration token stored in credential file form'
|
||||
echo -n '{{ $registrationToken }}' | sudo tee /usr/local/etc/cloudflared/credentials.json > /dev/null
|
||||
{{ else }}
|
||||
logg info 'Registration token is in token form - it will be used in conjunction with sudo cloudflared service install'
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
fi
|
||||
logg info "Symlinking /usr/local/etc/cloudflared/$TUNNEL_ID.json to /usr/local/etc/cloudflared/credentials.json"
|
||||
sudo rm -f /usr/local/etc/cloudflared/credentials.json
|
||||
sudo ln -s /usr/local/etc/cloudflared/$TUNNEL_ID.json /usr/local/etc/cloudflared/credentials.json
|
||||
|
||||
### Set up service
|
||||
if [ -d /Applications ] && [ -d /System ]; then
|
||||
# System is macOS
|
||||
### macOS
|
||||
if [ -f /Library/LaunchDaemons/com.cloudflare.cloudflared.plist ]; then
|
||||
logg info 'cloudflared service is already installed'
|
||||
else
|
||||
logg info 'Running sudo cloudflared service install'
|
||||
sudo cloudflared service install{{ if and (ne $registrationToken "") (eq (substr 0 1 $registrationToken) "{") -}} {{ $registrationToken }}{{ end }}
|
||||
sudo cloudflared service install
|
||||
fi
|
||||
logg info 'Ensuring cloudflared service is installed'
|
||||
logg info 'Ensuring cloudflared service is started'
|
||||
sudo launchctl start com.cloudflare.cloudflared
|
||||
elif [ -f /etc/os-release ]; then
|
||||
# System is Linux
|
||||
### Linux
|
||||
if systemctl --all --type service | grep -q "cloudflared" > /dev/null; then
|
||||
logg info 'cloudflared service is already available as a service'
|
||||
else
|
||||
logg info 'Running sudo cloudflared service install'
|
||||
sudo cloudflared service install{{ if and (ne $registrationToken "") (eq (substr 0 1 $registrationToken) "{") -}} {{ $registrationToken }}{{ end }}
|
||||
sudo cloudflared service install
|
||||
fi
|
||||
logg info 'Ensuring cloudflared service is started'
|
||||
sudo systemctl start cloudflared
|
||||
|
@ -87,5 +63,5 @@ if command -v cloudflared > /dev/null && [ -d "$HOME/.local/etc/cloudflared" ];
|
|||
# https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/local/as-a-service/windows/
|
||||
fi
|
||||
else
|
||||
logg info 'cloudflared was not installed so CloudFlare Tunnels cannot be enabled. (Or the ~/.local/etc/cloudflared folder is not present)'
|
||||
logg info 'cloudflared was not installed so CloudFlare Tunnels cannot be enabled'
|
||||
fi
|
||||
|
|
|
@ -9,15 +9,43 @@
|
|||
# variable).
|
||||
|
||||
if command -v docker > /dev/null; then
|
||||
DOCKERHUB_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "DOCKERHUB_TOKEN")) }}{{- includeTemplate "secrets/DOCKERHUB_TOKEN" | decrypt | trim -}}{{ else }}{{- env "DOCKERHUB_TOKEN" -}}{{ end }}"
|
||||
DOCKERHUB_USER="{{ .user.docker.username }}"
|
||||
### Acquire DOCKERHUB_TOKEN
|
||||
DOCKERHUB_TOKEN_FILE="${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi/home/.chezmoitemplates/secrets/DOCKERHUB_TOKEN"
|
||||
if [ -f "$DOCKERHUB_TOKEN_FILE" ]; then
|
||||
logg info "Found DOCKERHUB_TOKEN in ${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi/home/.chezmoitemplates/secrets"
|
||||
if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/age/chezmoi.txt" ]; then
|
||||
logg info 'Decrypting DOCKERHUB_TOKEN token with Age encryption key'
|
||||
DOCKERHUB_TOKEN="$(cat "$CLOUDFLARED_CERT" | chezmoi decrypt)"
|
||||
else
|
||||
logg warn 'Age encryption key is missing from ~/.config/age/chezmoi.txt'
|
||||
fi
|
||||
else
|
||||
logg warn "DOCKERHUB_TOKEN is missing from ${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi/home/.chezmoitemplates/secrets"
|
||||
fi
|
||||
|
||||
### Acquire DOCKERHUB_USER
|
||||
if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/chezmoi/chezmoi.yaml" ]; then
|
||||
DOCKERHUB_USER="$(yq '.data.user.docker.username' ~/.config/chezmoi/chezmoi.yaml)"
|
||||
else
|
||||
logg info "${XDG_CONFIG_HOME:-$HOME/.config}/chezmoi/chezmoi.yaml is missing which is required for populating the DOCKERHUB_USER"
|
||||
fi
|
||||
|
||||
### Launch Docker.app
|
||||
if [ -d "/Applications/Docker.app" ] || [ -d "$HOME/Applications/Docker.app" ]; then
|
||||
logg info 'Ensuring Docker.app is open' && open --background -a Docker --args --accept-license --unattended
|
||||
fi
|
||||
|
||||
### Pre-authenticate with DockerHub
|
||||
if [ -n "$DOCKERHUB_TOKEN" ] && [ -n "$DOCKERHUB_USER" ]; then
|
||||
logg info 'Headlessly authenticating with DockerHub registry' && echo "$DOCKERHUB_TOKEN" | docker login -u "$DOCKERHUB_USER" --password-stdin > /dev/null && logg success 'Successfully authenticated with DockerHub registry'
|
||||
fi
|
||||
fi
|
||||
|
||||
### Symlink on macOS
|
||||
if [ -f "$HOME/Library/Containers/com.docker.docker/Data/docker.raw.sock" ]; then
|
||||
if [ -d /Applications ] && [ -d /System ]; then
|
||||
if [ -f "$HOME/Library/Containers/com.docker.docker/Data/docker.raw.sock" ]; then
|
||||
logg info 'Symlinking /var/run/docker.sock to macOS Library location' && sudo ln -s "$HOME/Library/Containers/com.docker.docker/Data/docker.raw.sock" /var/run/docker.sock
|
||||
else
|
||||
logg info "Skipping symlinking /var/run/docker.sock since $HOME/Library/Containers/com.docker.docker/Data/docker.raw.sock is missing"
|
||||
fi
|
||||
fi
|
||||
|
|
|
@ -12,9 +12,13 @@
|
|||
# * [NGINX Amplify documentation](https://docs.nginx.com/nginx-amplify/#)
|
||||
|
||||
if command -v nginx > /dev/null; then
|
||||
if [ -d Applications ] && [ -d /System ]; then
|
||||
logg info 'Skipping installation of NGINX Amplify because macOS is not supported'
|
||||
else
|
||||
logg info 'Downloading the NGINX Amplify installer script'
|
||||
TMP="$(mktemp)"
|
||||
curl -sSL https://github.com/nginxinc/nginx-amplify-agent/raw/master/packages/install.sh > "$TMP"
|
||||
logg info 'Running the NGINX Amplify setup script'
|
||||
API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "NGINX_AMPLIFY_API_KEY")) }}{{- includeTemplate "secrets/NGINX_AMPLIFY_API_KEY" | decrypt | trim -}}{{ else }}{{- env "NGINX_AMPLIFY_API_KEY" -}}{{ end }}" sh "$TMP"
|
||||
fi
|
||||
fi
|
||||
|
|
|
@ -11,7 +11,7 @@ if command -v rkhunter > /dev/null; then
|
|||
logg info 'Updating file /etc/rkhunter.conf' && sed -i "s/^#WEB_CMD.*$/WEB_CMD=curl\ -L/" /etc/rkhunter.conf
|
||||
fi
|
||||
export PATH="$(echo "$PATH" | sed 's/VMware Fusion.app/VMwareFusion.app/')"
|
||||
export PATH="$(echo "$PATH" | sed 's/IntelliJ IDEA CE.app/IntelliJIDEACE.map/')"
|
||||
export PATH="$(echo "$PATH" | sed 's/IntelliJ IDEA CE.app/IntelliJIDEACE.app/')"
|
||||
sudo rkhunter --propupd || RK_PROPUPD_EXIT_CODE=$?
|
||||
if [ -n "$RK_PROPUPD_EXIT_CODE" ]; then
|
||||
logg error "sudo rkhunter --propupd returned non-zero exit code"
|
||||
|
|
|
@ -3,5 +3,8 @@
|
|||
# @brief Configures tfenv to use the latest version of Terraform
|
||||
|
||||
if command -v tfenv > /dev/null; then
|
||||
logg info 'Configuring tfenv to use latest version of Terraform'
|
||||
tfenv use latest
|
||||
else
|
||||
logg warn 'tfenv is not available in the PATH'
|
||||
fi
|
||||
|
|
|
@ -18,6 +18,7 @@
|
|||
if [ -d /Applications ] && [ -d /System ]; then
|
||||
### macOS
|
||||
TORRC_CONFIG_DIR=/usr/local/etc/tor
|
||||
sudo mkdir -p "$TORRC_CONFIG_DIR"
|
||||
else
|
||||
### Linux
|
||||
TORRC_CONFIG_DIR=/etc/tor
|
||||
|
|
|
@ -116,7 +116,13 @@ if command -v vmware > /dev/null; then
|
|||
logg info 'VMware host modules are present'
|
||||
fi
|
||||
else
|
||||
if [ -d /Applications ] && [ -d /System ]; then
|
||||
### macOS
|
||||
logg info 'System is macOS so there is no unlocker or modules that need to be enabled'
|
||||
else
|
||||
### Linux and VMWare not installed
|
||||
logg warn 'VMware Workstation is not installed so the VMware Unlocker will not be installed'
|
||||
fi
|
||||
fi
|
||||
|
||||
# @description Only run logic if both Vagrant and VMWare are installed
|
||||
|
@ -133,7 +139,7 @@ if command -v vagrant > /dev/null && command -v vmware-id > /dev/null; then
|
|||
logg info 'Ensuring the Vagrant VMWare Utility service is enabled'
|
||||
sudo vagrant-vmware-utility service install || EXIT_CODE=$?
|
||||
if [ -n "$EXIT_CODE" ]; then
|
||||
logg info 'The Vagrant VMWare Utility command vagrant-vmware-utility service install failed. It is probably already setup.'
|
||||
logg info 'The Vagrant VMWare Utility command vagrant-vmware-utility service. If it was already set up, there should be a notice above.'
|
||||
fi
|
||||
fi
|
||||
else
|
||||
|
|
|
@ -6,8 +6,11 @@ export VOLTA_HOME="${XDG_DATA_HOME:-$HOME/.local/share}/volta"
|
|||
export PATH="$VOLTA_HOME/bin:$PATH"
|
||||
|
||||
if command -v volta > /dev/null; then
|
||||
logg info 'Running volta setup'
|
||||
volta setup
|
||||
logg info 'Installing latest version of Node.js via Volta'
|
||||
volta install node@latest
|
||||
logg info 'Installing latest version of Yarn via Volta'
|
||||
volta install yarn@latest
|
||||
else
|
||||
logg info 'Volta is not installed'
|
||||
|
|
|
@ -12,9 +12,10 @@ if [ -d /Applications ] && [ -d /System ]; then
|
|||
PKG_URL="https://packages.wazuh.com/4.x/macos/wazuh-agent-4.7.4-1.intel64.pkg"
|
||||
fi
|
||||
curl -sSL "$PKG_URL" > wazuh-agent.pkg
|
||||
log info 'Setting Wazuh launch parameters in /tmp/wazuh_envs'
|
||||
logg info 'Setting Wazuh launch parameters in /tmp/wazuh_envs'
|
||||
# https://documentation.wazuh.com/current/user-manual/agent/deployment-variables/deployment-variables-macos.html
|
||||
echo "WAZUH_MANAGER='$WAZUH_MANAGER'" > /tmp/wazuh_envs
|
||||
echo "WAZUH_MANAGER='$WAZUH_MANAGER' && WAZUH_REGISTRATION_SERVER='$WAZUH_MANAGER' && WAZUH_REGISTRATION_PASSWORD='WazuhRegister' && \
|
||||
WAZUH_AGENT_NAME='$WAZUH_AGENT_NAME'" > /tmp/wazuh_envs
|
||||
logg info 'Installing the Wazuh agent pkg'
|
||||
sudo installer -pkg wazuh-agent.pkg -target /
|
||||
sudo chmod 755 /Library/Ossec
|
||||
|
|
|
@ -22,13 +22,10 @@
|
|||
|
||||
# TODO - Populate Tunnelblick on macOS using the .ovpn profiles located in $HOME/.config/vpn (execpt in the `openvpn` entry of software.yml)
|
||||
# along with the secrets for the protonVPN OpenVPN (check vpn-linux.tmpl)
|
||||
|
||||
### Backs up previous network settings to `/Library/Preferences/com.apple.networkextension.plist.old` before applying new VPN profiles
|
||||
if [ -f /Library/Preferences/com.apple.networkextension.plist ] && [ ! -f "/Library/Preferences/com.apple.networkextension.plist.old" ]; then
|
||||
logg info 'Backing up /Library/Preferences/com.apple.networkextension.plist to /Library/Preferences/com.apple.networkextension.plist.old'
|
||||
sudo cp -f /Library/Preferences/com.apple.networkextension.plist /Library/Preferences/com.apple.networkextension.plist.old
|
||||
else
|
||||
logg info 'The /Library/Preferences/com.apple.networkextension.plist does not exist or is already backed up to com.apple.networkextension.plist.old'
|
||||
fi
|
||||
logg info 'Backing up /Library/Preferences/com.apple.networkextension.plist to /Library/Preferences/com.apple.networkextension.plist.old'
|
||||
sudo cp -f /Library/Preferences/com.apple.networkextension.plist /Library/Preferences/com.apple.networkextension.plist.old
|
||||
|
||||
### Ensures the `/etc/wireguard` directory exists and has the lowest possible permission-level
|
||||
if [ ! -d /etc/wireguard ]; then
|
||||
|
|
|
@ -5,7 +5,7 @@ After = network.target
|
|||
|
||||
[Service]
|
||||
Type = forking
|
||||
ExecStart = /usr/bin/freshclam --daemon --checks 2
|
||||
ExecStart = {{ lookPath "freshclam" }} --daemon --checks 2
|
||||
Restart = on-failure
|
||||
PrivateTmp = true
|
||||
|
|
@ -7,7 +7,7 @@
|
|||
<string>clamav.clamdscan</string>
|
||||
<key>ProgramArguments</key>
|
||||
<array>
|
||||
<string>/usr/local/bin/clamdscan</string>
|
||||
<string> {{ lookPath "clamdscan" }}</string>
|
||||
<string>/</string>
|
||||
</array>
|
||||
<key>StartCalendarInterval</key>
|
|
@ -7,7 +7,7 @@
|
|||
<string>clamav.freshclam</string>
|
||||
<key>ProgramArguments</key>
|
||||
<array>
|
||||
<string>/usr/local/bin/freshclam</string>
|
||||
<string> {{ lookPath "freshclam" }}</string>
|
||||
<string>-v</string>
|
||||
</array>
|
||||
<key>StartCalendarInterval</key>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{{- $baseDomain := (join (join .host.hostname ".") .host.domain) -}}
|
||||
{{- $baseDomain := printf "%s%s%s" .host.hostname "." .host.domain -}}
|
||||
{{- if eq .host.qubes true -}}
|
||||
{{- $baseDomain := (join (join .host.hostname "-qube.") .host.domain) -}}
|
||||
{{- $baseDomain := printf "%s%s%s" .host.hostname "-qube." .host.domain -}}
|
||||
{{- end -}}
|
||||
---
|
||||
tunnel: {{ if eq .host.qubes true }}qube{{ else }}host{{ end }}-{{ .host.hostname }}
|
||||
|
@ -31,7 +31,7 @@ ingress:
|
|||
- hostname: rsyslog.{{ $baseDomain }}
|
||||
service: tcp://localhost:514
|
||||
- hostname: netdata.{{ $baseDomain }}
|
||||
service: https://localhost:19999
|
||||
service: http://localhost:19999
|
||||
- hostname: rundeck.{{ $baseDomain }}
|
||||
service: https://localhost:4440
|
||||
- hostname: portainer.{{ .host.domain }}
|
||||
|
|
Loading…
Reference in a new issue