From af14e1efbc12a5e72973f4d58171a30d0105acd0 Mon Sep 17 00:00:00 2001 From: Brian Zalewski Date: Thu, 13 Apr 2023 01:44:59 +0000 Subject: [PATCH] Update 17 files - /home/.chezmoiscripts/qubes/run_onchange_before_16-update-template-vms.tmpl - /home/.chezmoiscripts/qubes/run_onchange_before_17-install-mirage-firewall.tmpl - /home/.chezmoiscripts/qubes/run_onchange_before_18-configure-sys-usb.tmpl - /home/.chezmoiscripts/qubes/run_onchange_before_19-setup-sys-gui - /home/dot_config/shell/functions.sh - /home/dot_config/shell/motd.sh - /home/dot_config/shell/profile.sh - /home/.chezmoiscripts/qubes/run_onchange_before_16-update-template-vms.sh.tmpl - /home/.chezmoiscripts/qubes/run_onchange_before_17-install-mirage-firewall.sh.tmpl - /home/.chezmoiscripts/qubes/run_onchange_before_18-configure-sys-usb.sh.tmpl - /home/.chezmoiscripts/qubes/run_onchange_before_19-setup-sys-gui.sh.tmpl - /home/dot_config/shell/aliases.sh.tmpl - /home/dot_config/shell/exports.sh.tmpl - /home/dot_config/shell/functions.sh.tmpl - /home/dot_config/shell/motd.sh.tmpl - /home/dot_config/shell/private_private.sh.tmpl - /home/dot_config/shell/profile.sh.tmpl --- ...run_onchange_before_16-update-template-vms.sh.tmpl | 11 +++++++++++ .../run_onchange_before_16-update-template-vms.tmpl | 5 ----- ...nchange_before_17-install-mirage-firewall.sh.tmpl} | 9 +++++++++ ... run_onchange_before_18-configure-sys-usb.sh.tmpl} | 5 +++++ ...i => run_onchange_before_19-setup-sys-gui.sh.tmpl} | 5 +++++ home/dot_config/shell/aliases.sh.tmpl | 4 ++++ home/dot_config/shell/exports.sh.tmpl | 5 +++++ .../shell/{functions.sh => functions.sh.tmpl} | 4 ++++ home/dot_config/shell/{motd.sh => motd.sh.tmpl} | 5 +++++ home/dot_config/shell/private_private.sh.tmpl | 5 +++++ home/dot_config/shell/{profile.sh => profile.sh.tmpl} | 5 +++++ 11 files changed, 58 insertions(+), 5 deletions(-) create mode 100644 home/.chezmoiscripts/qubes/run_onchange_before_16-update-template-vms.sh.tmpl delete mode 100644 home/.chezmoiscripts/qubes/run_onchange_before_16-update-template-vms.tmpl rename home/.chezmoiscripts/qubes/{run_onchange_before_17-install-mirage-firewall.tmpl => run_onchange_before_17-install-mirage-firewall.sh.tmpl} (71%) rename home/.chezmoiscripts/qubes/{run_onchange_before_18-configure-sys-usb.tmpl => run_onchange_before_18-configure-sys-usb.sh.tmpl} (79%) rename home/.chezmoiscripts/qubes/{run_onchange_before_19-setup-sys-gui => run_onchange_before_19-setup-sys-gui.sh.tmpl} (76%) rename home/dot_config/shell/{functions.sh => functions.sh.tmpl} (94%) rename home/dot_config/shell/{motd.sh => motd.sh.tmpl} (82%) rename home/dot_config/shell/{profile.sh => profile.sh.tmpl} (91%) diff --git a/home/.chezmoiscripts/qubes/run_onchange_before_16-update-template-vms.sh.tmpl b/home/.chezmoiscripts/qubes/run_onchange_before_16-update-template-vms.sh.tmpl new file mode 100644 index 00000000..4cf65b89 --- /dev/null +++ b/home/.chezmoiscripts/qubes/run_onchange_before_16-update-template-vms.sh.tmpl @@ -0,0 +1,11 @@ +#!/usr/bin/env bash +# @file Qubes Update TemplateVMs +# @brief Ensures the templates available in dom0 are all up-to-date +# @description +# This script ensures the dom0 Qube VM templates are all up-to-date by using the recommended `qubesctl` command. +# Due to issues with the Whonix Qubes, the update process will timeout after 15 minutes which should be enough time +# for the updates to finish. + +### Update TemplateVMs +logg info 'Updating TemplateVMs via `qubesctl`' +timeout 900 qubesctl --show-output --skip-dom0 --templates state.sls update.qubes-vm diff --git a/home/.chezmoiscripts/qubes/run_onchange_before_16-update-template-vms.tmpl b/home/.chezmoiscripts/qubes/run_onchange_before_16-update-template-vms.tmpl deleted file mode 100644 index 5dadc64f..00000000 --- a/home/.chezmoiscripts/qubes/run_onchange_before_16-update-template-vms.tmpl +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/env bash - -### Update TemplateVMs -logg info 'Updating TemplateVMs via `qubesctl`' -timeout 900 qubesctl --show-output --skip-dom0 --templates state.sls update.qubes-vm diff --git a/home/.chezmoiscripts/qubes/run_onchange_before_17-install-mirage-firewall.tmpl b/home/.chezmoiscripts/qubes/run_onchange_before_17-install-mirage-firewall.sh.tmpl similarity index 71% rename from home/.chezmoiscripts/qubes/run_onchange_before_17-install-mirage-firewall.tmpl rename to home/.chezmoiscripts/qubes/run_onchange_before_17-install-mirage-firewall.sh.tmpl index 4fe87b04..d39916d4 100644 --- a/home/.chezmoiscripts/qubes/run_onchange_before_17-install-mirage-firewall.tmpl +++ b/home/.chezmoiscripts/qubes/run_onchange_before_17-install-mirage-firewall.sh.tmpl @@ -1,4 +1,13 @@ #!/usr/bin/env bash +# @file Qubes Mirage Firewall +# @brief Ensures the Mirage firewall kernel VM is installed in dom0 +# @description +# This script first ensures the TemplateVMs are updated and then downloads the Mirage firewall. It configures +# Mirage firewall so it can be used as a unikernel firewall VM. + +### Update TemplateVMs +logg info 'Updating TemplateVMs via `qubesctl`' +timeout 900 qubesctl --show-output --skip-dom0 --templates state.sls update.qubes-vm ### Ensure mirage-firewall kernel folder setup if [ ! -d /var/lib/qubes/vm-kernels/mirage-firewall ]; then diff --git a/home/.chezmoiscripts/qubes/run_onchange_before_18-configure-sys-usb.tmpl b/home/.chezmoiscripts/qubes/run_onchange_before_18-configure-sys-usb.sh.tmpl similarity index 79% rename from home/.chezmoiscripts/qubes/run_onchange_before_18-configure-sys-usb.tmpl rename to home/.chezmoiscripts/qubes/run_onchange_before_18-configure-sys-usb.sh.tmpl index 16ef09c1..578f5af8 100644 --- a/home/.chezmoiscripts/qubes/run_onchange_before_18-configure-sys-usb.tmpl +++ b/home/.chezmoiscripts/qubes/run_onchange_before_18-configure-sys-usb.sh.tmpl @@ -1,4 +1,9 @@ #!/usr/bin/env bash +# @file Qubes `sys-usb` +# @brief Enables `sys-usb` and configures it with ideal security settings +# @description +# This script ensures that Qubes uses `sys-usb` for USB connections. It also optimizes the configuration +# by applying security configurations that the Qubes documentation recommends. ### Enable sys-usb logg info 'Modifying Salt configuration to be able to enable sys-usb' diff --git a/home/.chezmoiscripts/qubes/run_onchange_before_19-setup-sys-gui b/home/.chezmoiscripts/qubes/run_onchange_before_19-setup-sys-gui.sh.tmpl similarity index 76% rename from home/.chezmoiscripts/qubes/run_onchange_before_19-setup-sys-gui rename to home/.chezmoiscripts/qubes/run_onchange_before_19-setup-sys-gui.sh.tmpl index 42dd5ef8..4187fcc6 100644 --- a/home/.chezmoiscripts/qubes/run_onchange_before_19-setup-sys-gui +++ b/home/.chezmoiscripts/qubes/run_onchange_before_19-setup-sys-gui.sh.tmpl @@ -1,4 +1,9 @@ #!/usr/bin/env bash +# @file Qubes `sys-gui-gpu` +# @brief Enables `sys-gui-gpu` if a compatible GPU controller is found on Qubes dom0 +# @description +# This script enables `sys-gui-gpu` which allows you to secure dom0 even more by seperating the GUI +# management from dom0 and into a seperate Qube. ### Enables sys-gui-gpu enableSysGUIGPU() { diff --git a/home/dot_config/shell/aliases.sh.tmpl b/home/dot_config/shell/aliases.sh.tmpl index 738c785d..50060b6c 100644 --- a/home/dot_config/shell/aliases.sh.tmpl +++ b/home/dot_config/shell/aliases.sh.tmpl @@ -1,4 +1,8 @@ #!/usr/bin/env sh +# @file Shell Aliases +# @brief Houses the aliases that are included by `~/.bashrc` and `~/.zshrc` +# @description +# This script is included by `~/.bashrc` and `~/.zshrc` to provide command aliases. {{ if eq .chezmoi.os "darwin" }} ### macOS Polyfills diff --git a/home/dot_config/shell/exports.sh.tmpl b/home/dot_config/shell/exports.sh.tmpl index 28256157..1ae8cda5 100644 --- a/home/dot_config/shell/exports.sh.tmpl +++ b/home/dot_config/shell/exports.sh.tmpl @@ -1,4 +1,9 @@ #!/usr/bin/env sh +# @file Shell Environment Variables +# @brief Houses the environment variables that are included by `~/.bashrc` and `~/.zshrc` +# @description +# This script is included by `~/.bashrc` and `~/.zshrc` to provide environment variables that play harmoniously with +# the default Install Doctor configurations. ### Disable Telemetry export DO_NOT_TRACK=1 diff --git a/home/dot_config/shell/functions.sh b/home/dot_config/shell/functions.sh.tmpl similarity index 94% rename from home/dot_config/shell/functions.sh rename to home/dot_config/shell/functions.sh.tmpl index 0a7f4a69..d698de2f 100644 --- a/home/dot_config/shell/functions.sh +++ b/home/dot_config/shell/functions.sh.tmpl @@ -1,4 +1,8 @@ #!/usr/bin/env sh +# @file Shell Functions +# @brief Houses the functions that are included by `~/.bashrc` and `~/.zshrc` +# @description +# This script is included by `~/.bashrc` and `~/.zshrc` to provide various commands and functions. # Install WebDriverAgent on iOS device appiumwebdriver() { diff --git a/home/dot_config/shell/motd.sh b/home/dot_config/shell/motd.sh.tmpl similarity index 82% rename from home/dot_config/shell/motd.sh rename to home/dot_config/shell/motd.sh.tmpl index 13b950e9..fea5b713 100644 --- a/home/dot_config/shell/motd.sh +++ b/home/dot_config/shell/motd.sh.tmpl @@ -1,4 +1,9 @@ #!/usr/bin/env sh +# @file Shell MOTD +# @brief Incorporates the MOTD functionality that is leveraged by the `~/.bashrc` and `~/.zshrc` files +# @description +# This script is included by `~/.bashrc` and `~/.zshrc` to print a MOTD whenever a terminal session +# is invoked. ### MOTD # Add file named .hushlogin in the user's home directory to disable the MOTD diff --git a/home/dot_config/shell/private_private.sh.tmpl b/home/dot_config/shell/private_private.sh.tmpl index ab31fcef..d643eab0 100644 --- a/home/dot_config/shell/private_private.sh.tmpl +++ b/home/dot_config/shell/private_private.sh.tmpl @@ -1,5 +1,10 @@ {{- if (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) -}} #!/usr/bin/env sh +# @file Shell Secrets +# @brief Seperate environment variables file that, when manually sourced, includes secret environment variables +# @description +# This script can be invoked by running `. ~/.config/shell/private.sh` to include secret environment variables +# that are populated by Install Doctor during the provisioning process (if they are provided). ### Ansible export ANSIBLE_GALAXY_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "ANSIBLE_GALAXY_TOKEN")) }}{{ includeTemplate "secrets/ANSIBLE_GALAXY_TOKEN" | decrypt }}{{ else }}{{ env "ANSIBLE_GALAXY_TOKEN" }}{{ end }}" diff --git a/home/dot_config/shell/profile.sh b/home/dot_config/shell/profile.sh.tmpl similarity index 91% rename from home/dot_config/shell/profile.sh rename to home/dot_config/shell/profile.sh.tmpl index a6fb3a8b..33b05062 100644 --- a/home/dot_config/shell/profile.sh +++ b/home/dot_config/shell/profile.sh.tmpl @@ -1,4 +1,9 @@ #!/usr/bin/env sh +# @file Shell Profile +# @brief Main shell profile that is used to combine the shared profile configurations that are used by both the `~/.bashrc` and `~/.zshrc` files +# @description +# This script is included by `~/.bashrc` and `~/.zshrc` to include imports and settings that are common to both the Bash +# and ZSH shells. # shellcheck disable=SC1090,SC1091