Update 29 files

- /system/Applications/Firefox.app/Contents/Resources/distribution/policies.json
- /system/etc/cups/cupsd.conf
- /system/etc/cups/modify_cupsd.conf
- /system/etc/fonts/local.conf
- /system/etc/grub.d/31-hold-shift
- /system/etc/opt/chrome/policies/managed/policies.json
- /system/etc/qubes/repo-templates/qubes-templates.repo
- /system/etc/yum.repos.d/qubes-dom0.repo
- /system/etc/timeshift/timeshift.json
- /system/usr/lib/firefox-esr/distribution/policies.json
- /system/usr/lib/firefox/distribution/policies.json
- /system/var/cache/rclone/remove_dot_gitkeep
- /system/mnt/private_r2-docker/remove_dot_gitkeep
- /system/etc/sddm.conf
- /home/.chezmoiscripts/universal/run_onchange_after_57-netdata.tmpl
- /home/.chezmoiscripts/universal/run_onchange_after_20-font.tmpl
- /home/.chezmoiscripts/universal/run_onchange_after_14-timeshift.tmpl
- /home/.chezmoiscripts/universal/run_onchange_after_50-rclone.tmpl
- /home/.chezmoiscripts/qubes/run_onchange_before_12-update-dom0.tmpl
- /home/dot_config/rclone/merge_rclone.conf
- /home/dot_config/cups/cupsd.conf
- /home/dot_config/qubes/qubes-templates.repo
- /home/dot_config/qubes/qubes-dom0.repo
- /home/dot_config/timeshift/timeshift.json
- /home/Cloud/Private/remove_dot_gitkeep
- /home/Cloud/Public/remove_dot_gitkeep
- /home/dot_local/share/firefox/distribution/policies.json
- /home/dot_local/bin/executable_rclone-mount
- /home/dot_local/grub.d/31-hold-shift
This commit is contained in:
Brian Zalewski 2023-01-29 06:07:01 +00:00
parent 7cbc3bc326
commit 9037474d22
24 changed files with 170 additions and 198 deletions

View file

@ -1,5 +1,14 @@
#!/usr/bin/env bash
# qubes-templates.repo hash: {{ include (joinPath .chezmoi.homeDir ".config" "qubes" "qubes-templates.repo") | sha256sum }}
# qubes-dom0.repo hash: {{ include (joinPath .chezmoi.homeDir ".config" "qubes" "qubes-dom0.repo") | sha256sum }}
# qubes packages: {{ .qubes.dom0Packages | toString | replace "[" "" | replace "]" "" }}
### Configure dom0 repos
logg info 'Updating dom0 repos to include auxilary branches'
sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/qubes/qubes-templates.repo" /etc/qubes/repo-templates/qubes-templates.repo
sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/qubes/qubes-dom0.repo" /etc/yum.repos.d/qubes-dom0.repo
### Update dom0
logg info 'Updating dom0 via `qubesctl`'
sudo qubesctl --show-output state.sls update.qubes-dom0

View file

@ -0,0 +1,21 @@
{{- if eq .host.distro.family "linux" -}}
#!/usr/bin/env bash
# timeshift.json hash: {{ include (joinPath .chezmoi.homeDir ".config" "timeshift" "timeshift.json") | sha256sum }}
{{ includeTemplate "universal/profile" }}
{{ includeTemplate "universal/logg" }}
if command -v timeshift > /dev/null; then
if [ -d /etc/timeshift ]; then
TIMESHIFT_CONFIG="${XDG_CONFIG_HOME}:-$HOME/.config}/timeshift/timeshift.json"
logg info "Copying $TIMESHIFT_CONFIG to /etc/timeshift/timeshift.json"
sudo cp -f "$TIMESHIFT_CONFIG" /etc/timeshift/timeshift.json
else
logg info '`/etc/timeshift` is not a directory'
fi
else
logg info 'The `timeshift` executable is not available'
fi
{{ end -}}

View file

@ -0,0 +1,14 @@
{{- if (eq .host.distro.family "linux") -}}
#!/usr/bin/env bash
{{ includeTemplate "universal/profile" }}
{{ includeTemplate "universal/logg" }}
if [ -d /etc/fonts ]; then
logg info 'Copying ~/.config/fontconfig/fonts.conf to /etc/fonts/local.conf'
sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/fontconfig/fonts.conf" /etc/fonts/local.conf
else
logg warn 'The `/etc/fonts` directory is missing'
fi
{{ end -}}

View file

@ -0,0 +1,25 @@
{{- if ne .host.distro.family "windows" -}}
#!/usr/bin/env bash
{{ includeTemplate "universal/profile" }}
{{ includeTemplate "universal/logg" }}
if rclone -v rclone > /dev/null; then
logg info 'Ensuring /var/cache/rclone exists'
sudo mkdir -p /var/cache/rclone
sudo chmod 700 /var/cache/rclone
logg info 'Ensuring /mnt/s3-docker exists'
sudo mkdir -p /mnt/s3-docker
sudo chmod 700 /mnt/s3-docker
logg info 'Adding ~/.local/bin/rclone-mount to /usr/local/bin'
sudo cp -f "$HOME/.local/bin/rclone-mount" /usr/local/bin/rclone-mount
sudo chmod +x /usr/local/bin/rclone-mount
else
logg info '`rclone` is not available'
fi
{{ end -}}

View file

@ -8,9 +8,11 @@
if command -v netdata-claim.sh > /dev/null; then
NETDATA_TOKEN="$(cat "{{ .chezmoi.sourceDir }}/.chezmoitemplates/secrets/key-netdata-token" | chezmoi decrypt)"
NETDATA_ROOM="$(cat "{{ .chezmoi.sourceDir }}/.chezmoitemplates/secrets/key-netdata-room" | chezmoi decrypt)"
netdata-claim.sh -token="$NETDATA_TOKEN" -rooms="$NETDATA_ROOM" -url={{ .netdataClaimURL }}
netdata-claim.sh -token="$NETDATA_TOKEN" -rooms="$NETDATA_ROOM" -url="{{ .netdataClaimURL }}"
# Kernel optimizations
# These are mentioned while installing via the kickstart.sh script method. We are using Homebrew for the installation though.
# Assuming these optimizations do not cause any harm.
if [ -d /Applications ] && [ -d /System ]; then
# macOS
logg info 'System is macOS so Netdata kernel optimizations are not required'

View file

View file

@ -25,5 +25,15 @@ region = auto
endpoint = https://{{ .user.CLOUDFLARE_R2_ACCOUNT_ID }}.r2.cloudflarestorage.com
acl = private
# MEGABYTE LABS MANAGED r2-user
[do-private]
type = s3
provider = DigitalOcean
endpoint = private.nyc3.digitaloceanspaces.com
acl = private
[do-open]
type = s3
provider = DigitalOcean
endpoint = open.nyc3.digitaloceanspaces.com
acl = public-read
EOT
{{- end }}

View file

@ -0,0 +1,23 @@
{
"backup_device_uuid": "",
"btrfs_mode": "true",
"count_boot": "0",
"count_daily": "4",
"count_hourly": "8",
"count_monthly": "0",
"count_weekly": "2",
"do_first_run": "true",
"exclude": [],
"exclude-apps": [],
"include_btrfs_home": "false",
"parent_device_uuid": "",
"schedule_boot": "false",
"schedule_daily": "false",
"schedule_hourly": "false",
"schedule_monthly": "false",
"schedule_weekly": "false",
"snapshot_count": "0",
"snapshot_size": "0",
"stop_cron_emails": "true"
}

View file

@ -0,0 +1,64 @@
#!/usr/bin/env sh
### Variables
TYPE="$1"
USER="$2"
MOUNT="$3"
if [ "$TYPE" = 'user' ]; then
CACHE_FOLDER="/home/$USER/.cache/rclone"
CONFIG_FOLDER="/home/$USER/.config/rclone"
LOG_FOLDER="/home/$USER/.local/log"
LOG_FILE="$LOG_FOLDER/$MOUNT.log"
MOUNT_PATH="/home/{{ .user.username }}/.local/mnt/$MOUNT"
elif [ "$TYPE" = 'docker' ]; then
CACHE_FOLDER="/var/cache/rclone/$MOUNT"
CONFIG_FOLDER="/etc"
LOG_FOLDER="/var/log/rclone"
LOG_FILE="$LOG_FOLDER/$MOUNT.log"
MOUNT_PATH="/mnt/$MOUNT"
else
CACHE_FOLDER="/var/cache/rclone"
CONFIG_FOLDER="/etc"
LOG_FOLDER="/var/log/rclone"
LOG_FILE="$LOG_FOLDER/$MOUNT.log"
MOUNT_PATH="/mnt/$MOUNT"
fi
### Ensure directories created
if [ ! -d "$CACHE_FOLDER" ]; then
mkdir -p "$CACHE_FOLDER"
fi
if [ ! -d "$CONFIG_FOLDER" ]; then
mkdir -p "$CONFIG_FOLDER"
fi
if [ ! -d "$LOG_FOLDER" ]; then
mkdir -p "$LOG_FOLDER"
fi
if [ ! -d "$MOUNT_PATH" ]; then
mkdir -p "$MOUNT_PATH"
fi
RCLONE_IGNORE="$CONFIG_FOLDER/rcloneignore"
if [ ! -f "$RCLONE_IGNORE" ] && [ -f "/etc/rcloneignore" ]; then
RCLONE_IGNORE='etc/rcloneignore'
fi
### Mount
/usr/bin/rclone --config="$CONFIG_FOLDER/rclone.conf" \
mount \
--cache-tmp-upload-path="$CACHE_FOLDER/$MOUNT-upload" \
--cache-chunk-path="$CACHE_FOLDER/$MOUNT-chunks" \
--cache-workers=8 \
--cache-writes \
--cache-dir="$CACHE_FOLDER/$MOUNT-vfs" \
--cache-db-path="$CACHE_FOLDER/$MOUNT-db" \
--log-file="$LOG_FILE" \
--no-modtime \
--drive-use-trash \
--stats=0 \
--checkers=16 \
--bwlimit=40M \
--dir-cache-time=60m \
--vfs-cache-mode full \
--cache-info-age=60m \
--filter-from="$RCLONE_IGNORE"
"$MOUNT":/ "$MOUNT_PATH"

View file

@ -1,21 +0,0 @@
{
"policies": {
"DisableTelemetry": true,
"DontCheckDefaultBrowser": true,
"EnableTrackingProtection": {
"Cryptomining": true,
"Fingerprinting": true,
"Locked": false,
"Value": true
},
"Homepage": {
"Locked": false,
"StartPage": "previous-session",
"URL": "http://betelgeuse.home"
},
"NoDefaultBookmarks": true,
"OfferToSaveLogins": false,
"OverrideFirstRunPage": "",
"PasswordManagerEnabled": false
}
}

View file

@ -1,3 +0,0 @@
#!/usr/bin/env bash
sudo chmod 644 cupsd.conf

View file

@ -1,41 +0,0 @@
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM "urn:fontconfig:fonts.dtd">
<fontconfig>
<alias>
<family>sans-serif</family>
<prefer>
<family>Montserrat</family>
<family>Noto Sans</family>
<family>Open Sans</family>
<family>Droid Sans</family>
<family>Roboto</family>
<family>Tholoth</family>
<family>Noto Sans Arabic</family>
</prefer>
</alias>
<alias>
<family>serif</family>
<prefer>
<family>Zilla Slab</family>
<family>Noto Serif</family>
<family>Droid Serif</family>
<family>Roboto Slab</family>
<family>Tholoth</family>
<family>Noto Sans Arabic</family>
</prefer>
</alias>
<alias>
<family>monospace</family>
<prefer>
<family>Hack Nerd Font</family>
<family>Hack</family>
<family>Hack Regular</family>
<family>Noto Sans Mono</family>
<family>Inconsolata</family>
<family>Droid Sans Mono</family>
<family>Roboto Mono</family>
</prefer>
</alias>
</fontconfig>

View file

@ -1,3 +0,0 @@
{
"PasswordManagerEnabled": false
}

View file

@ -1,22 +0,0 @@
{
"backup_device_uuid": "",
"btrfs_mode": "true",
"count_boot": "0",
"count_daily": "4",
"count_hourly": "8",
"count_monthly": "0",
"count_weekly": "2",
"do_first_run": "true",
"exclude": [],
"exclude-apps": [],
"include_btrfs_home": "false",
"parent_device_uuid": "",
"schedule_boot": "false",
"schedule_daily": "false",
"schedule_hourly": "false",
"schedule_monthly": "false",
"schedule_weekly": "false",
"snapshot_count": "0",
"snapshot_size": "0",
"stop_cron_emails": "true"
}

View file

@ -1,21 +0,0 @@
{
"policies": {
"DisableTelemetry": true,
"DontCheckDefaultBrowser": true,
"EnableTrackingProtection": {
"Cryptomining": true,
"Fingerprinting": true,
"Locked": false,
"Value": true
},
"Homepage": {
"Locked": false,
"StartPage": "previous-session",
"URL": "http://betelgeuse.home"
},
"NoDefaultBookmarks": true,
"OfferToSaveLogins": false,
"OverrideFirstRunPage": "",
"PasswordManagerEnabled": false
}
}

View file

@ -1,83 +0,0 @@
{
"policies": {
"CaptivePortal": false,
"DNSOverHTTPS": {
"Enabled": false
},
"DisableBuiltinPDFViewer": false,
"DisableFirefoxAccounts": false,
"DisableFirefoxStudies": true,
"DisableFormHistory": true,
"DisablePocket": false,
"DisableTelemetry": true,
"DisplayMenuBar": true,
"DontCheckDefaultBrowser": true,
"EnableTrackingProtection": {
"Cryptomining": true,
"Fingerprinting": true,
"Locked": false,
"Value": true
},
"ExtensionSettings": {
"CanvasBlocker@kkapsner.net": {
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/canvasblocker/latest.xpi",
"installation_mode": "normal_installed"
},
"ClearURLs@kevinr": {
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/clearurls/latest.xpi",
"installation_mode": "normal_installed"
},
"CookieAutoDelete@kennydo.com": {
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/cookie-autodelete/latest.xpi",
"installation_mode": "normal_installed"
},
"Decentraleyes@ThomasRientjes": {
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/decentraleyes/latest.xpi",
"installation_mode": "normal_installed"
},
"FirefoxMulti-AccountContainers@mozilla.org": {
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/multi-account-containers/latest.xpi",
"installation_mode": "normal_installed"
},
"TemporaryContainers@stoically": {
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/temporary-containers/latest.xpi",
"installation_mode": "normal_installed"
},
"https-everywhere@eff.org": {
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/https-everywhere/latest.xpi",
"installation_mode": "normal_installed"
},
"jid1-MnnxcxisBPnSXQ@jetpack": {
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/privacy-badger17/latest.xpi",
"installation_mode": "normal_installed"
},
"uBlock0@raymondhill.net": {
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi",
"installation_mode": "normal_installed"
},
"uMatrix@raymondhill.net": {
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/umatrix/latest.xpi",
"installation_mode": "normal_installed"
}
},
"Homepage": {
"Locked": false,
"StartPage": "previous-session",
"URL": "http://install.doctor"
},
"NetworkPrediction": false,
"NoDefaultBookmarks": true,
"OfferToSaveLogins": false,
"OverrideFirstRunPage": "",
"PasswordManagerEnabled": false
}
}
{
"policies": {
}
}

View file

@ -1 +0,0 @@