diff --git a/home/.chezmoiexternal.toml.tmpl b/home/.chezmoiexternal.toml.tmpl
index 8227441b..bf715e25 100644
--- a/home/.chezmoiexternal.toml.tmpl
+++ b/home/.chezmoiexternal.toml.tmpl
@@ -18,6 +18,14 @@
clone.args = ["--branch", "release", "--depth", "1"]
pull.args = ["--ff-only"]
+### CloudFlare WARP Certificates
+[".local/share/warp/Cloudflare_CA.crt"]
+ type = "file"
+ url = "https://developers.cloudflare.com/cloudflare-one/static/documentation/connections/Cloudflare_CA.crt"
+[".local/share/warp/Cloudflare_CA.pem"]
+ type = "file"
+ url = "https://developers.cloudflare.com/cloudflare-one/static/documentation/connections/Cloudflare_CA.pem"
+
### Betelgeuse Theme
[".local/src/betelgeuse"]
type = "git-repo"
diff --git a/home/.chezmoiscripts/universal/run_onchange_after_14-warp.sh.tmpl b/home/.chezmoiscripts/disabled/run_onchange_after_14-warp.tmpl
similarity index 100%
rename from home/.chezmoiscripts/universal/run_onchange_after_14-warp.sh.tmpl
rename to home/.chezmoiscripts/disabled/run_onchange_after_14-warp.tmpl
diff --git a/home/.chezmoiscripts/universal/run_onchange_before_14-warp.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_before_14-warp.sh.tmpl
index fcf6f044..c8316de7 100644
--- a/home/.chezmoiscripts/universal/run_onchange_before_14-warp.sh.tmpl
+++ b/home/.chezmoiscripts/universal/run_onchange_before_14-warp.sh.tmpl
@@ -1,34 +1,120 @@
-{{- if (eq .host.distro.family "linux") -}}
+{{- if (ne .host.distro.family "windows") -}}
#!/usr/bin/env bash
-# @file CloudFlare WARP Repository
-# @brief Adds the CloudFlare WARP `apt-get` repository to Debian and Ubuntu systems
+# @file CloudFlare WARP
+# @brief Installs CloudFlare WARP, ensures proper security certificates are in place, and connects the device to CloudFlare WARP.
# @description
-# This script adds the CloudFlare WARP `apt-get` repository to Debian and Ubuntu systems. It currently does not support adding
-# repositories for other systems because they are not provided by CloudFlare.
+# This script is intended to connect the device to CloudFlare's Zero Trust network with nearly all of its features unlocked.
+# Homebrew is used to install the `warp-cli` on macOS. On Linux, it can install `warp-cli` on most Debian systems and some RedHat
+# systems. CloudFlare WARP's [download page](https://pkg.cloudflareclient.com/packages/cloudflare-warp) is somewhat barren.
+#
+# ## MDM Configuration
+#
+# If CloudFlare WARP successfully installs, it first applies MDM configurations (managed configurations). If you would like CloudFlare
+# WARP to connect completely headlessly (while losing some "user-posture" settings), then you can populate the following two secrets:
+#
+# 1. `CLOUDFLARE_TEAMS_CLIENT_ID` - The ID from a CloudFlare Teams service token. See [this article](https://developers.cloudflare.com/cloudflare-one/identity/service-tokens/).
+# 2. `CLOUDFLARE_TEAMS_CLIENT_SECRET` - The secret from a CloudFlare Teams service token.
+#
+# The two variables above can be passed in using either of the methods described in the [Secrets documentation](https://install.doctor/docs/customization/secrets).
+#
+# ## Headless CloudFlare WARP Connection
+#
+# Even if you do not provide the two variables mentioned above, the script will still headlessly connect your device to the public CloudFlare WARP
+# network, where you will get some of the benefits of a VPN for free. Otherwise, if they were passed in, then the script
+# finishes by connecting to CloudFlare Teams.
+#
+# ## Notes
+#
+# According to CloudFlare Teams [documentation on MDM deployment](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/),
+# on macOS the `com.cloudflare.warp.plist` file gets erased on reboot. Also, according to the documentation, the only way around this is to leverage
+# an MDM SaaS provider like JumpCloud.
+#
+# ## Links
+#
+# * [Linux managed configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/dot_config/warp/private_mdm.xml.tmpl)
+# * [macOS managed configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/Library/Managed%20Preferences/private_com.cloudflare.warp.plist.tmpl)
{{ includeTemplate "universal/logg-before" }}
-if [ '{{ .host.distro.id }}' = 'debian' ]; then
- ### Add CloudFlare WARP desktop app apt-get source
- if [ ! -f /etc/apt/sources.list.d/cloudflare-client.list ]; then
- logg info 'Adding CloudFlare WARP keyring'
- curl https://pkg.cloudflareclient.com/pubkey.gpg | sudo gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg
+### Install CloudFlare WARP (on non-WSL *nix systems)
+if [[ ! "$(test -d /proc && grep Microsoft /proc/version > /dev/null)" ]]; then
+ if [ -d /System ] && [ -d /Applications ]; then
+ ### Install on macOS
+ brew install --cask cloudflare-warp
+ elif [ '{{ .host.distro.id }}' = 'debian' ]; then
+ ### Add CloudFlare WARP desktop app apt-get source
+ if [ ! -f /etc/apt/sources.list.d/cloudflare-client.list ]; then
+ logg info 'Adding CloudFlare WARP keyring'
+ curl https://pkg.cloudflareclient.com/pubkey.gpg | sudo gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg
+ logg info 'Adding apt source reference'
+ echo "deb [arch=amd64 signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflare-client.list
+ fi
- logg info 'Adding apt source reference'
- echo "deb [arch=amd64 signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflare-client.list
+ ### Update apt-get and install the CloudFlare WARP CLI
+ sudo apt-get update && sudo apt-get install -y cloudflare-warp
+ elif [ '{{ .host.distro.id }}' = 'ubuntu' ]; then
+ ### Add CloudFlare WARP desktop app apt-get source
+ if [ ! -f /etc/apt/sources.list.d/cloudflare-client.list ]; then
+ logg info 'Adding CloudFlare WARP keyring'
+ curl https://pkg.cloudflareclient.com/pubkey.gpg | sudo gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg
+ logg info 'Adding apt source reference'
+ echo "deb [arch=amd64 signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflare-client.list
+ fi
- sudo apt-get update
- fi
-elif [ '{{ .host.distro.id }}' = 'ubuntu' ]; then
- ### Add CloudFlare WARP desktop app apt-get source
- if [ ! -f /etc/apt/sources.list.d/cloudflare-client.list ]; then
- logg info 'Adding CloudFlare WARP keyring'
- curl https://pkg.cloudflareclient.com/pubkey.gpg | sudo gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg
-
- logg info 'Adding apt source reference'
- echo "deb [arch=amd64 signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflare-client.list
-
- sudo apt-get update
+ ### Update apt-get and install the CloudFlare WARP CLI
+ sudo apt-get update && sudo apt-get install -y cloudflare-warp
+ elif command -v dnf > /dev/null && command -v rpm > /dev/null; then
+ ### This is made for CentOS 8 and works on Fedora 36 (hopefully 36+ as well) with `nss-tools` as a dependency
+ sudo dnf instal -y nss-tools
+ ### According to the download site, this is the only version available for RedHat-based systems
+ sudo rpm -ivh https://pkg.cloudflareclient.com/cloudflare-release-el8.rpm
fi
fi
+
+
+### Ensure certificate is installed
+### TODO: Ensure duplicate certificates are not stored in these files below
+# Source: https://developers.cloudflare.com/cloudflare-one/static/documentation/connections/Cloudflare_CA.crt
+# Source: https://developers.cloudflare.com/cloudflare-one/static/documentation/connections/Cloudflare_CA.pem
+if [ -d /System ] && [ -d /Applications ] && command -v warp-cli > /dev/null; then
+ ### Ensure certificate installed on macOS
+ sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.crt"
+ if [ -f /usr/local/etc/ca-certificates/cert.pem ]; then
+ echo | sudo cat - "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" >> /usr/local/etc/ca-certificates/cert.pem
+ else
+ logg error 'Unable to add `Cloudflare_CA.pem` because `/usr/local/etc/ca-certificates/cert.pem` does not exist!' && exit 1
+ fi
+fi
+
+if command -v warp-cli > /dev/null; then
+ ### Ensure MDM settings are applied (deletes after reboot on macOS)
+ ### TODO: Ensure `.plist` can be added to `~/Library/Managed Preferences` and not just `/Library/Managed Preferences`
+ # Source: https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/
+ # Source for JumpCloud: https://developers.cloudflare.com/cloudflare-one/static/documentation/connections/CloudflareWARP.mobileconfig
+ if [ -d /System ] && [ -d /Applications ]; then
+ sudo cp -f "$HOME/Library/Managed Preferences/com.cloudflare.warp.plist" '/Library/Managed Preferences/com.cloudflare.warp.plist'
+ sudo plutil -convert binary1 '/Library/Managed Preferences/com.cloudflare.warp.plist'
+ elif [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/warp/mdm.xml" ]; then
+ sudo mkdir -p /var/lib/cloudflare-warp
+ sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/warp/mdm.xml" /var/lib/cloudflare-warp/mdm.xml
+ fi
+
+ ### Register CloudFlare WARP
+ if warp-cli --accept-tos status | grep 'Registration missing' > /dev/null; then
+ logg info 'Registering CloudFlare WARP'
+ warp-cli --accept-tos register
+ else
+ logg info 'Already registered with CloudFlare WARP'
+ fi
+
+ ### Connect CloudFlare WARP
+ if warp-cli --accept-tos status | grep 'Disconnected' > /dev/null; then
+ logg info 'Connecting to CloudFlare WARP'
+ warp-cli --accept-tos connect
+ else
+ logg info 'Already connected to CloudFlare WARP'
+ fi
+else
+ logg warn '`warp-cli` was not installed so CloudFlare Zero Trust cannot be joined'
+fi
{{ end -}}
diff --git a/home/.chezmoitemplates/secrets/CLOUDFLARE_R2_ID b/home/.chezmoitemplates/secrets/CLOUDFLARE_R2_ID
new file mode 100644
index 00000000..fafd62b3
--- /dev/null
+++ b/home/.chezmoitemplates/secrets/CLOUDFLARE_R2_ID
@@ -0,0 +1,7 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2bFM5VUFoTDlxb2NjV2RV
+d0UvM2pPYWZMeDRZeDZKYmZ3YlhwNlBsYlRvCmVTcEVzUndwSG1lQ3pKTFpxZ1Bs
+NGtXcksrNnRmR1UxOXR2UGpiNHplOHcKLS0tIFBEZHBibnEzSnBxTUlxcHdQQmhT
+MlUyZnRHWHY5UE43OXV1cFJjUnJGRHcK9s3V7BN+uHHJt8ekqFpP0XYaa+WwanmW
+qQ7rr6AB5ZT7z8y9vpQNK+mzuB49zL87AiNspAacKP/RtKNUPmdEzpY=
+-----END AGE ENCRYPTED FILE-----
\ No newline at end of file
diff --git a/home/.chezmoitemplates/secrets/CLOUDFLARE_R2_SECRET b/home/.chezmoitemplates/secrets/CLOUDFLARE_R2_SECRET
new file mode 100644
index 00000000..63648b7f
--- /dev/null
+++ b/home/.chezmoitemplates/secrets/CLOUDFLARE_R2_SECRET
@@ -0,0 +1,8 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpdjhHNWJEMlJjNTlCUmJv
+RzRvUzRhUmR6OWpxWTVudDJ0NnVqbklqQmlrClhyNWpSZEZ1SHpEU0FROWZFYzlL
+RmhEbmJ1ZWJtS2xjNmRsaVhZb3ExK0UKLS0tIE90dzZ5T0liQitNV0hQTHNmcFlj
+eEdKZWdvK0NOdU1PK3I1NGxmTEVtQWsKJWhE2Q5wCLtvy7ZrrPwNvceLWEp7rV9I
+YEVpLY6lWuHWIbg6h8GkwlrbP/e3evFpZ7T9eLmhsMIfYm7hPtYV3BkASNqpWRh/
+o94FfrDqtg7Nu1/pZO8o/dt7QnVh0lMPYw==
+-----END AGE ENCRYPTED FILE-----
\ No newline at end of file
diff --git a/home/.chezmoitemplates/secrets/CLOUDFLARE_TEAMS_CLIENT_ID b/home/.chezmoitemplates/secrets/CLOUDFLARE_TEAMS_CLIENT_ID
new file mode 100644
index 00000000..818c403d
--- /dev/null
+++ b/home/.chezmoitemplates/secrets/CLOUDFLARE_TEAMS_CLIENT_ID
@@ -0,0 +1,7 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzV0lySnFOemZKdGo4ZEdB
+a1lRMVJJZWorU1RaL2M4M25pSTl4UHlKUFYwClhJOU54bkNmTXcvcFZWVVVCTDhv
+T0ZJSHVwcUhKZVVDVmdrSGZ6K0dwV3MKLS0tIFRTQ3BEeFFjL1BCVWMxS1RIR28y
+WEhlblBmUWJYeDhIS1FJYXY1OEVQdmcKSAKdvbqBpY3s4oYUuiTDBT5K4Fpeo3bi
+LsjWK64f48oGfxoNmsdXXVbu82jO8TmecwNgUOoLC1UQxy/xkymMPosOse8nIwhx
+-----END AGE ENCRYPTED FILE-----
\ No newline at end of file
diff --git a/home/.chezmoitemplates/secrets/CLOUDFLARE_TEAMS_CLIENT_SECRET b/home/.chezmoitemplates/secrets/CLOUDFLARE_TEAMS_CLIENT_SECRET
new file mode 100644
index 00000000..ff6f2157
--- /dev/null
+++ b/home/.chezmoitemplates/secrets/CLOUDFLARE_TEAMS_CLIENT_SECRET
@@ -0,0 +1,8 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwbnREOXUxazRlWDZtM0lm
+ZVc2UnlPVFlGM1N6czFnTDYzWmQ4YldqTmhrCnI3U2FLUytDamZDZ0dTT0V2M3ds
+VGNFbTVLRDZteTErMFpaUlpqakp4T1UKLS0tIGErNkowbFBkWldjNHdhNnVjdGM4
+REhXUW5Md21JSkhSMWxVN08rZFNGYjQKDuim4gInqRt4jagEQjo6+rtQ0Esrtkg5
+nVo8R3P0gCd7r8BbYxmVy+ez9bVVetJcyr7m0rpderOVb9fy/AGRQT0ccD8KQ76N
+ytpGa+AsMH/T8ExjRTgxKF1I2RF9yG29ig==
+-----END AGE ENCRYPTED FILE-----
\ No newline at end of file
diff --git a/home/.chezmoitemplates/secrets/key-cloudflare-r2-id b/home/.chezmoitemplates/secrets/key-cloudflare-r2-id
deleted file mode 100644
index 772fbb89..00000000
--- a/home/.chezmoitemplates/secrets/key-cloudflare-r2-id
+++ /dev/null
@@ -1,7 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUa0ZtTm9PbE03R1RReDJZ
-NUdueXVZSk1WY2RxMkpyM1VVL2t2ZlBobGxJCmRyWEtSYVMxU1VCL01hRXk5ODdR
-MTJPZFVYbEEzeStBT3JLRWdoNUg0Z2MKLS0tIGhHdzExOEU1NmJkNHBFUW5DbXFs
-S25MNHFGV01GYjkrYm0zVmhrVEFvd2sKQr2yI5Zlx+yEWa4igHFy2z1FpmEw6tux
-M9i/y2J+Da15jAZgndmc1iWNBVDKVfROon4S60P99djZi/trWcy0jA==
------END AGE ENCRYPTED FILE-----
\ No newline at end of file
diff --git a/home/.chezmoitemplates/secrets/key-cloudflare-r2-secret b/home/.chezmoitemplates/secrets/key-cloudflare-r2-secret
deleted file mode 100644
index ae0c4dbb..00000000
--- a/home/.chezmoitemplates/secrets/key-cloudflare-r2-secret
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFYnBRTkRVZ2hGTkZ4NUdQ
-UWZBWmFxQkFXTUhESzhaaFJWMlpQSmh5cldjCjN0c0dScXQ1d0ZoalF1WXN3VG5h
-WC9wQ0pQSmYyU29nN1YwOUNFSHgyRkEKLS0tIG5lOTRhamhySm5iN1V1d0haWFRo
-VVZaczNScHd0ZHZRWmd4TFVRQWVaZzAKqbgfmbnHB5QbO0Z1JMgjNawfAD40Hzru
-kVNSyh/zgIRlwuSzwlENDgrdGXaRjDj7jtchaWe/xPX88Ba5cFe9LC7eXJP1mU2U
-l+nk1LFKSp24PZskcLzw4rxCsLap82KV
------END AGE ENCRYPTED FILE-----
\ No newline at end of file
diff --git a/home/.chezmoitemplates/secrets/key-digitalocean-spaces-bucket b/home/.chezmoitemplates/secrets/key-digitalocean-spaces-bucket
deleted file mode 100644
index 935bfdaf..00000000
--- a/home/.chezmoitemplates/secrets/key-digitalocean-spaces-bucket
+++ /dev/null
@@ -1,7 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0K2lrQmh2RDhjUTBId1Ew
-UWp5UGp6Uk5NeEd0UjhwaUtrZWlzempVbUVNCkM5Y3F2aUZadFdTK2V6aHJ0TWVI
-RHltdXhYNGhlV0xSVVg0MGxhMUZITlkKLS0tIEEzTGpYZU9ScStKeVhRNkowVzlv
-dG9jSWNDUzNZa0VLVDFYai9BS2VYVWcKyPT0jUzNIL1UXJfwJlq+W3BvjdJ+Nw3B
-moY5Cz1fohjmKgOfVLYS+02yN3KwMsehTchZphIseCt8Qrh/CimJOpo0z48=
------END AGE ENCRYPTED FILE-----
\ No newline at end of file
diff --git a/home/.chezmoitemplates/secrets/key-digitalocean-spaces-key b/home/.chezmoitemplates/secrets/key-digitalocean-spaces-key
deleted file mode 100644
index feb9db81..00000000
--- a/home/.chezmoitemplates/secrets/key-digitalocean-spaces-key
+++ /dev/null
@@ -1,7 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtS1oxQktQaDZIVHVIVEl0
-YUxQNVhKbENHMG5WcHdRTys3UjFBa1JLejJrCnh2RElic0UrL0VoeFJmNDBvNzZP
-bVJKQ2sxdE1EUnBlTG9nQjcrZmJRMk0KLS0tIHRldFpoQ2tPeU1OcU9TYzJIWk1M
-UDFyVTdmY2JDN2ZEUlVWVHZIVG9adnMKIa/ISs/CRnXNct6eNcgpEPu8jfPTvRfF
-M90QY4oha2Gnu2hN5UVz9Yk60IzE2OsyUmKChA==
------END AGE ENCRYPTED FILE-----
\ No newline at end of file
diff --git a/home/.chezmoitemplates/secrets/key-digitalocean-spaces-secret b/home/.chezmoitemplates/secrets/key-digitalocean-spaces-secret
deleted file mode 100644
index 8a3df774..00000000
--- a/home/.chezmoitemplates/secrets/key-digitalocean-spaces-secret
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvN0dyS2UrUGdDU0lSeTJ6
-QUlHdFBabWNPaFNIQ0pxTE1ENThoMTRZNkNrCmtiaVJkUXZoU2ptN0xDcGk0SThQ
-VWRYdVd0Y2szUGd4Y0E5bFRkY0xkR0UKLS0tIFJhbVRWSzllaldLaWVZWU0xMlNv
-Y3JINkZLanFmK243UjBTOGRUVld3RUkKZgW5yOuUwwagazY4tzI4ofpKh4b9GCzW
-G3tMyTR2CGBKThQgh2ibGtPMgMC2i6lSD3JuNug0B1gL1yWM8g3bhuo0b3KO6pSH
-LLs3
------END AGE ENCRYPTED FILE-----
\ No newline at end of file
diff --git a/home/Library/Managed Preferences/private_com.cloudflare.warp.plist.tmpl b/home/Library/Managed Preferences/private_com.cloudflare.warp.plist.tmpl
new file mode 100644
index 00000000..0adcf6f3
--- /dev/null
+++ b/home/Library/Managed Preferences/private_com.cloudflare.warp.plist.tmpl
@@ -0,0 +1,22 @@
+
+
+
+
+ enable
+
+ onboarding
+
+ auto_connect
+ 60
+ organization
+ manhattan
+ service_mode
+ warp
+ support_url
+ https://megabyte.space
+ auth_client_id
+ {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_TEAMS_CLIENT_ID")) }}{{ includeTemplate "secrets/CLOUDFLARE_TEAMS_CLIENT_ID" | decrypt }}{{ else }}{{ env "CLOUDFLARE_TEAMS_CLIENT_ID" }}{{ end }}
+ auth_client_secret
+ {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_TEAMS_CLIENT_SECRET")) }}{{ includeTemplate "secrets/CLOUDFLARE_TEAMS_CLIENT_SECRET" | decrypt }}{{ else }}{{ env "CLOUDFLARE_TEAMS_CLIENT_SECRET" }}{{ end }}
+
+
diff --git a/home/dot_config/warp/private_mdm.xml.tmpl b/home/dot_config/warp/private_mdm.xml.tmpl
new file mode 100644
index 00000000..4597aef5
--- /dev/null
+++ b/home/dot_config/warp/private_mdm.xml.tmpl
@@ -0,0 +1,20 @@
+{{ if eq .host.distro.family "linux" -}}
+
+ enable
+
+ onboarding
+
+ auto_connect
+ 60
+ organization
+ manhattan
+ service_mode
+ warp
+ support_url
+ https://megabyte.space
+ auth_client_id
+ {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_TEAMS_CLIENT_ID")) }}{{ includeTemplate "secrets/CLOUDFLARE_TEAMS_CLIENT_ID" | decrypt }}{{ else }}{{ env "CLOUDFLARE_TEAMS_CLIENT_ID" }}{{ end }}
+ auth_client_secret
+ {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_TEAMS_CLIENT_SECRET")) }}{{ includeTemplate "secrets/CLOUDFLARE_TEAMS_CLIENT_SECRET" | decrypt }}{{ else }}{{ env "CLOUDFLARE_TEAMS_CLIENT_SECRET" }}{{ end }}
+
+{{ end -}}