From a5b42034969481600805c33a113a599f2e3854e0 Mon Sep 17 00:00:00 2001 From: Brian Zalewski Date: Sat, 15 Apr 2023 23:18:34 +0000 Subject: [PATCH] Update 19 files - /home/.chezmoiscripts/darwin/run_onchange_after_10-configure-macos.sh.tmpl - /home/.chezmoiscripts/darwin/run_onchange_after_20-ensure-zsh-macos.sh.tmpl - /home/.chezmoiscripts/darwin/run_onchange_after_21-set-wallpaper.sh.tmpl - /home/.chezmoiscripts/darwin/run_onchange_before_10-install-darwin-dependencies.sh.tmpl - /home/.chezmoiscripts/darwin/run_onchange_before_20-ensure-user-group.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_10-configure-macos.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_20-ensure-zsh-macos.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_21-set-wallpaper.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_before_10-install-darwin-dependencies.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_before_20-ensure-user-group.sh.tmpl - /home/.chezmoiscripts/qubes/run_onchange_after_11-set-wallpaper.sh.tmpl - /home/.chezmoiscripts/qubes/run_onchange_before_19-setup-sys-gui.sh.tmpl - /home/.chezmoiscripts/qubes/run_onchange_before_18-configure-sys-usb.sh.tmpl - /home/.chezmoiscripts/qubes/run_onchange_before_17-install-mirage-firewall.sh.tmpl - /home/.chezmoiscripts/qubes/run_onchange_before_16-update-template-vms.sh.tmpl - /home/.chezmoiscripts/qubes/run_onchange_before_15-install-unofficial-templates.sh.tmpl - /home/.chezmoiscripts/qubes/run_onchange_before_14-ensure-minimal-vms-passwordless.sh.tmpl - /home/.chezmoiscripts/qubes/run_onchange_before_13-install-official-templates.sh.tmpl - /home/.chezmoiscripts/qubes/run_onchange_before_12-update-dom0.sh.tmpl --- .../qubes/run_onchange_after_11-set-wallpaper.sh.tmpl | 2 ++ .../qubes/run_onchange_before_12-update-dom0.sh.tmpl | 2 ++ .../run_onchange_before_13-install-official-templates.sh.tmpl | 2 ++ ...n_onchange_before_14-ensure-minimal-vms-passwordless.sh.tmpl | 2 ++ .../run_onchange_before_15-install-unofficial-templates.sh.tmpl | 2 ++ .../qubes/run_onchange_before_16-update-template-vms.sh.tmpl | 2 ++ .../run_onchange_before_17-install-mirage-firewall.sh.tmpl | 2 ++ .../qubes/run_onchange_before_18-configure-sys-usb.sh.tmpl | 2 ++ .../qubes/run_onchange_before_19-setup-sys-gui.sh.tmpl | 2 ++ .../run_onchange_after_10-configure-macos.sh.tmpl | 0 .../run_onchange_after_20-ensure-zsh-macos.sh.tmpl | 0 .../run_onchange_after_21-set-wallpaper.sh.tmpl | 0 .../run_onchange_before_10-install-darwin-dependencies.sh.tmpl | 0 .../run_onchange_before_20-ensure-user-group.sh.tmpl | 0 14 files changed, 18 insertions(+) rename home/.chezmoiscripts/{darwin => universal}/run_onchange_after_10-configure-macos.sh.tmpl (100%) rename home/.chezmoiscripts/{darwin => universal}/run_onchange_after_20-ensure-zsh-macos.sh.tmpl (100%) rename home/.chezmoiscripts/{darwin => universal}/run_onchange_after_21-set-wallpaper.sh.tmpl (100%) rename home/.chezmoiscripts/{darwin => universal}/run_onchange_before_10-install-darwin-dependencies.sh.tmpl (100%) rename home/.chezmoiscripts/{darwin => universal}/run_onchange_before_20-ensure-user-group.sh.tmpl (100%) diff --git a/home/.chezmoiscripts/qubes/run_onchange_after_11-set-wallpaper.sh.tmpl b/home/.chezmoiscripts/qubes/run_onchange_after_11-set-wallpaper.sh.tmpl index f3bc8e92..153ad712 100644 --- a/home/.chezmoiscripts/qubes/run_onchange_after_11-set-wallpaper.sh.tmpl +++ b/home/.chezmoiscripts/qubes/run_onchange_after_11-set-wallpaper.sh.tmpl @@ -1,3 +1,4 @@ +{{- if (eq .host.distro.id "qubes") -}} #!/usr/bin/env bash # @file Qubes Set Wallpaper # @brief Ensures the Qubes wallpaper is set to the Betelgeuse wallpaper for Qubes. @@ -6,3 +7,4 @@ # using the `ksetwallpaper` script found in `~/.local/bin/ksetwallpaper`. ksetwallpaper --file /usr/local/share/wallpapers/Betelgeuse/contents/images/3440x1440.jpg +{{ end -}} diff --git a/home/.chezmoiscripts/qubes/run_onchange_before_12-update-dom0.sh.tmpl b/home/.chezmoiscripts/qubes/run_onchange_before_12-update-dom0.sh.tmpl index 428a575f..af04394a 100644 --- a/home/.chezmoiscripts/qubes/run_onchange_before_12-update-dom0.sh.tmpl +++ b/home/.chezmoiscripts/qubes/run_onchange_before_12-update-dom0.sh.tmpl @@ -1,3 +1,4 @@ +{{- if (eq .host.distro.id "qubes") -}} #!/usr/bin/env bash # @file Qubes Update dom0 # @brief Ensures Qubes dom0 is up-to-date, includes all the Qubes repository definitions, and that `sys-whonix` is running @@ -35,3 +36,4 @@ done ### Ensure sys-whonix is running logg info 'Ensuring `sys-whonix` is running' qvm-start sys-whonix --skip-if-running +{{ end -}} diff --git a/home/.chezmoiscripts/qubes/run_onchange_before_13-install-official-templates.sh.tmpl b/home/.chezmoiscripts/qubes/run_onchange_before_13-install-official-templates.sh.tmpl index 74c00976..41fd77f8 100644 --- a/home/.chezmoiscripts/qubes/run_onchange_before_13-install-official-templates.sh.tmpl +++ b/home/.chezmoiscripts/qubes/run_onchange_before_13-install-official-templates.sh.tmpl @@ -1,3 +1,4 @@ +{{- if (eq .host.distro.id "qubes") -}} #!/usr/bin/env bash # @file Qubes Install Templates # @brief Ensures the templates defined in `.qubes.templates` in the `home/.chezmoidata.yaml` file are installed @@ -11,3 +12,4 @@ for TEMPLATE of {{ .qubes.templates | toString | replace "[" "" | replace "]" "" sudo qubes-dom0-update "qubes-template-$TEMPLATE" fi done +{{ end -}} diff --git a/home/.chezmoiscripts/qubes/run_onchange_before_14-ensure-minimal-vms-passwordless.sh.tmpl b/home/.chezmoiscripts/qubes/run_onchange_before_14-ensure-minimal-vms-passwordless.sh.tmpl index 23f34d22..0c3d342c 100644 --- a/home/.chezmoiscripts/qubes/run_onchange_before_14-ensure-minimal-vms-passwordless.sh.tmpl +++ b/home/.chezmoiscripts/qubes/run_onchange_before_14-ensure-minimal-vms-passwordless.sh.tmpl @@ -1,3 +1,4 @@ +{{- if (eq .host.distro.id "qubes") -}} #!/usr/bin/env bash # @file Qubes Passwordless Templates # @brief Ensures the minimal templates defined in `.qubes.templates` in the `home/.chezmoidata.yaml` file are configured to be passwordless @@ -18,3 +19,4 @@ for TEMPLATE of {{ .qubes.templates | toString | replace "[" "" | replace "]" "" fi fi done +{{ end -}} diff --git a/home/.chezmoiscripts/qubes/run_onchange_before_15-install-unofficial-templates.sh.tmpl b/home/.chezmoiscripts/qubes/run_onchange_before_15-install-unofficial-templates.sh.tmpl index e3d4e1cb..95b37395 100644 --- a/home/.chezmoiscripts/qubes/run_onchange_before_15-install-unofficial-templates.sh.tmpl +++ b/home/.chezmoiscripts/qubes/run_onchange_before_15-install-unofficial-templates.sh.tmpl @@ -1,3 +1,4 @@ +{{- if (eq .host.distro.id "qubes") -}} #!/usr/bin/env bash # @file Qubes Passwordless Templates # @brief Ensures unofficial templates defined in `.qubes.templatesUnofficial` in the `home/.chezmoidata.yaml` file are made available to dom0 @@ -24,3 +25,4 @@ for TEMPLATE_URL of {{ .qubes.templatesUnofficial | toString | replace "[" "" | logg info "$TEMPLATE is already installed" fi done +{{ end -}} diff --git a/home/.chezmoiscripts/qubes/run_onchange_before_16-update-template-vms.sh.tmpl b/home/.chezmoiscripts/qubes/run_onchange_before_16-update-template-vms.sh.tmpl index 4cf65b89..dde56fb5 100644 --- a/home/.chezmoiscripts/qubes/run_onchange_before_16-update-template-vms.sh.tmpl +++ b/home/.chezmoiscripts/qubes/run_onchange_before_16-update-template-vms.sh.tmpl @@ -1,3 +1,4 @@ +{{- if (eq .host.distro.id "qubes") -}} #!/usr/bin/env bash # @file Qubes Update TemplateVMs # @brief Ensures the templates available in dom0 are all up-to-date @@ -9,3 +10,4 @@ ### Update TemplateVMs logg info 'Updating TemplateVMs via `qubesctl`' timeout 900 qubesctl --show-output --skip-dom0 --templates state.sls update.qubes-vm +{{ end -}} diff --git a/home/.chezmoiscripts/qubes/run_onchange_before_17-install-mirage-firewall.sh.tmpl b/home/.chezmoiscripts/qubes/run_onchange_before_17-install-mirage-firewall.sh.tmpl index d39916d4..b6fed7c5 100644 --- a/home/.chezmoiscripts/qubes/run_onchange_before_17-install-mirage-firewall.sh.tmpl +++ b/home/.chezmoiscripts/qubes/run_onchange_before_17-install-mirage-firewall.sh.tmpl @@ -1,3 +1,4 @@ +{{- if (eq .host.distro.id "qubes") -}} #!/usr/bin/env bash # @file Qubes Mirage Firewall # @brief Ensures the Mirage firewall kernel VM is installed in dom0 @@ -28,3 +29,4 @@ if [ ! -f/var/lib/qubes/vm-kernels/mirage-firewall/initramfs ]; then logg info 'Adding dummy initrmfs file to the mirage-firewall kernel folder' gzip -n9 < /dev/null > /var/lib/qubes/vm-kernels/mirage-firewall/initramfs fi +{{ end -}} diff --git a/home/.chezmoiscripts/qubes/run_onchange_before_18-configure-sys-usb.sh.tmpl b/home/.chezmoiscripts/qubes/run_onchange_before_18-configure-sys-usb.sh.tmpl index 578f5af8..26d68570 100644 --- a/home/.chezmoiscripts/qubes/run_onchange_before_18-configure-sys-usb.sh.tmpl +++ b/home/.chezmoiscripts/qubes/run_onchange_before_18-configure-sys-usb.sh.tmpl @@ -1,3 +1,4 @@ +{{- if (eq .host.distro.id "qubes") -}} #!/usr/bin/env bash # @file Qubes `sys-usb` # @brief Enables `sys-usb` and configures it with ideal security settings @@ -27,3 +28,4 @@ fi ### Configure USB mouse settings logg info 'Ensuring newly connected USB mouse devices are only allowed to connect after a prompt is accepted' echo "sys-usb dom0 ask,default_target=dom0" | sudo tee /etc/qubes-rpc/policy/qubes.InputMouse +{{ end -}} diff --git a/home/.chezmoiscripts/qubes/run_onchange_before_19-setup-sys-gui.sh.tmpl b/home/.chezmoiscripts/qubes/run_onchange_before_19-setup-sys-gui.sh.tmpl index 4187fcc6..ce166582 100644 --- a/home/.chezmoiscripts/qubes/run_onchange_before_19-setup-sys-gui.sh.tmpl +++ b/home/.chezmoiscripts/qubes/run_onchange_before_19-setup-sys-gui.sh.tmpl @@ -1,3 +1,4 @@ +{{- if (eq .host.distro.id "qubes") -}} #!/usr/bin/env bash # @file Qubes `sys-gui-gpu` # @brief Enables `sys-gui-gpu` if a compatible GPU controller is found on Qubes dom0 @@ -29,3 +30,4 @@ elif qvm-pci list | grep 'VGA compatible controller' | grep 'NVIDIA'; then qvm-pci attach sys-gui-gpu "$ID" --persistent -o permissive=true done fi +{{ end -}} diff --git a/home/.chezmoiscripts/darwin/run_onchange_after_10-configure-macos.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_10-configure-macos.sh.tmpl similarity index 100% rename from home/.chezmoiscripts/darwin/run_onchange_after_10-configure-macos.sh.tmpl rename to home/.chezmoiscripts/universal/run_onchange_after_10-configure-macos.sh.tmpl diff --git a/home/.chezmoiscripts/darwin/run_onchange_after_20-ensure-zsh-macos.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_20-ensure-zsh-macos.sh.tmpl similarity index 100% rename from home/.chezmoiscripts/darwin/run_onchange_after_20-ensure-zsh-macos.sh.tmpl rename to home/.chezmoiscripts/universal/run_onchange_after_20-ensure-zsh-macos.sh.tmpl diff --git a/home/.chezmoiscripts/darwin/run_onchange_after_21-set-wallpaper.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_21-set-wallpaper.sh.tmpl similarity index 100% rename from home/.chezmoiscripts/darwin/run_onchange_after_21-set-wallpaper.sh.tmpl rename to home/.chezmoiscripts/universal/run_onchange_after_21-set-wallpaper.sh.tmpl diff --git a/home/.chezmoiscripts/darwin/run_onchange_before_10-install-darwin-dependencies.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_before_10-install-darwin-dependencies.sh.tmpl similarity index 100% rename from home/.chezmoiscripts/darwin/run_onchange_before_10-install-darwin-dependencies.sh.tmpl rename to home/.chezmoiscripts/universal/run_onchange_before_10-install-darwin-dependencies.sh.tmpl diff --git a/home/.chezmoiscripts/darwin/run_onchange_before_20-ensure-user-group.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_before_20-ensure-user-group.sh.tmpl similarity index 100% rename from home/.chezmoiscripts/darwin/run_onchange_before_20-ensure-user-group.sh.tmpl rename to home/.chezmoiscripts/universal/run_onchange_before_20-ensure-user-group.sh.tmpl