Update 16 files

- /home/dot_config/rclone/merge_rclone.conf - /home/dot_config/rclone/s3-public.service.tmpl - /home/dot_config/rclone/s3-private.service.tmpl - /home/dot_config/rclone/s3-docker.service.tmpl - /home/dot_config/gcp/gcp.json.TODO - /home/dot_config/docker/plugins.json - /home/.chezmoitemplates/secrets/key-cloudflare-r2-secret - /home/.chezmoitemplates/secrets/key-cloudflare-r2-id - /home/dot_local/bin/executable_rclone-mount - /home/dot_local/bin/executable_install-program - /home/.chezmoidata.yaml - /home/.chezmoiscripts/_universal/run_onchange_before_11-install-docker.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_07-docker-plugins.tmpl - /home/.chezmoi.yaml.tmpl - /docs/TODO.md - /software.yml
2023-01-30 03:09:02 +00:00 · 2023-01-30 03:09:02 +00:00 · d8769e8ad1
commit d8769e8ad1
parent e43ff06510
16 changed files with 212 additions and 98 deletions
--- a/docs/TODO.md
+++ b/docs/TODO.md
@ -5,6 +5,20 @@ https://github.com/DustinBrett/daedalOS
 https://github.com/ansh/jiffyreader.com
 https://github.com/allinurl/goaccess
 https://github.com/cloudflare/boringtun
+    CLOUDSDK_CORE_PROJECT: "megabyte-labs"
+    GCE_CREDENTIALS_FILE: "{{ joinPath .chezmoi.homeDir ".config" "gcp.json" }}"
+    GCE_SERVICE_ACCOUNT_EMAIL: "molecule@megabyte-labs.iam.gserviceaccount.com"
+
+GITLAB_READ_TOKEN
+GITHUB_READ_TOKEN
+GITHUB_GIST_TOKEN
+CLOUDFLARE_API_TOKEN
+GMAIL_APP_PASSWORD
+NGROK_AUTH_TOKEN
+SLACK_API_TOKEN
+TAILSCALE_AUTH_KEY
+LEXICON_CLOUDFLARE_USERNAME
+LEXICON_CLOUDFLARE_TOKEN
 ### Ensure these PATHs are added on Windows
 add to PATH:
 '%ProgramFiles(x86)%\mitmproxy\bin'
--- a/home/.chezmoi.yaml.tmpl
+++ b/home/.chezmoi.yaml.tmpl
@ -1,28 +1,18 @@
-{{- $name := (default "Brian Zalewski" (env "FULL_NAME")) -}}
-{{- $email := (default "brian@megabyte.space" (env "PRIMARY_EMAIL")) -}}
-{{- $restricted := (default false (env "WORK_ENVIRONMENT")) -}}
-{{- $work := (default false (env "WORK_ENVIRONMENT")) -}}
-{{- $gpgKeyId := (default "0xF0A300E4199A1C33" (env "KEYID")) -}}
-{{- $gmailAddress := (default "blzalewski@gmail.com" (env "GMAIL_ADDRESS")) -}}
-{{- $gmailAddressAppPassword := (default "" (env "GMAIL_APP_PASSWORD")) -}}
-{{- $surgeshUsername := (default "brian@megabyte.space" (env "SURGESH_USERNAME")) -}}
-{{- $domain := (default "megabyte.space" (env "PUBLIC_SERVICES_DOMAIN")) -}}
 {{- $cloudflareUsername := (default "brian@megabyte.space" (env "CLOUDFLARE_USERNAME")) -}}
-{{- $cloudflareToken := (default "" (env "CLOUDFLARE_API_TOKEN")) -}}
-{{- $cloudflareAccessKeyId := "" -}}
-{{- $cloudflareSecretAccessKey := "" -}}
-{{- $cloudflareR2AccountId := "" -}}
+{{- $desktopSession := true -}}
+{{- $domain := (default "megabyte.space" (env "PUBLIC_SERVICES_DOMAIN")) -}}
+{{- $email := (default "brian@megabyte.space" (env "PRIMARY_EMAIL")) -}}
 {{- $githubUsername := (default "ProfessorManhattan" (env "GITHUB_USERNAME")) -}}
-{{- $githubGistToken := (default "" (env "GITHUB_GIST_TOKEN")) -}}
-{{- $githubReadToken := (env "GITHUB_READ_TOKEN") -}}
-{{- $gitlabReadToken := (env "GITLAB_READ_TOKEN") -}}
+{{- $gmailAddress := (default "blzalewski@gmail.com" (env "GMAIL_ADDRESS")) -}}
+{{- $gpgKeyId := (default "0xF0A300E4199A1C33" (env "KEYID")) -}}
+{{- $hostname := (default "alpha" (env "HOSTNAME")) -}}
 {{- $locale := (output "echo" "$LANG") }}
-{{- $ngrokAuthToken := (default "" (env "NGROK_AUTH_TOKEN")) -}}
-{{- $slackApiToken := (default "" (env "SLACK_API_TOKEN")) -}}
-{{- $tailscaleAuthKey := (default "" (env "TAILSCALE_AUTH_KEY")) -}}
+{{- $name := (default "Brian Zalewski" (env "FULL_NAME")) -}}
+{{- $restricted := (default false (env "WORK_ENVIRONMENT")) -}}
+{{- $surgeshUsername := (default "brian@megabyte.space" (env "SURGESH_USERNAME")) -}}
 {{- $timezone := (default "America/New_York" (env "TIMEZONE")) -}}
 {{- $toolchains := list "CLI-Extras" "Docker" "Go" "Kubernetes" "Web-Development" -}}
-{{- $desktopSession := true -}}
+{{- $work := (default false (env "WORK_ENVIRONMENT")) -}}
 {{- if and (ne .chezmoi.os "darwin") (ne .chezmoi.os "windows") (not (env "DISPLAY")) -}}
 {{-   $desktopSession = false -}}
 {{- end -}}
@ -112,6 +102,9 @@
 {{- if not (env "PUBLIC_SERVICES_DOMAIN") -}}
 {{-   $domain = promptStringOnce $data.user "domain" "Domain name" $domain -}}
 {{- end -}}
+{{- if not (env "HOSTNAME") -}}
+{{-   $hostname = promptStringOnce $data.host "hostname" "Hostname ID" $hostname -}}
+{{- end -}}

 {{- else -}}
 {{-   $headless = true -}}
@ -137,6 +130,12 @@ data:
    dns:
      primary: 10.0.0.1#dns.megabyte.space
      secondary: 1.1.1.1#cloudflare-dns.com
+    docker:
+      doRegion: nyc1
+    headless: {{ $headless }}
+    home: "{{ .chezmoi.homeDir }}"
+    homeParentFolder: "{{ if eq .chezmoi.os "linux" }}/home{{ else if eq .chezmoi.os "darwin" }}/Users{{ else }}C:\Users{{ end }}"
+    hostname: "{{ $hostname }}"
    ssh:
      allowTCPForwarding: no
      allowUsers: {{ output "echo" "$USER" }}
@ -146,59 +145,42 @@ data:
      excludedSubnets:
        - 10.0.0.0/24
        - 10.14.50.0/24
-    home: "{{ .chezmoi.homeDir }}"
-    homeParentFolder: "{{ if eq .chezmoi.os "linux" }}/home{{ else if eq .chezmoi.os "darwin" }}/Users{{ else }}C:\Users{{ end }}"
-    hostname: "Betelgeuse"
    qubes: {{ ne (stat (joinPath "usr" "bin" "qubes-session")) false }}
+    restricted: {{ $restricted }}
    softwareGroup: "{{ $softwareGroup }}"
    type: "{{ $chassisType }}"
    work: {{ $work }}
-    restricted: {{ $restricted }}
-    headless: {{ $headless }}
  toolchains:
  {{- range $toolchain, $enabled := $toolchainsEnabled }}
    {{ $toolchain}}: {{ $enabled }}
  {{- end }}
  user:
-    email: "{{ $email }}"
-    name: "{{ $name }}"
-    username: "{{ output "echo" "$USER" }}"
+    cloudflare:
+      r2: "{{ $cloudflareR2AccountId }}"
+      username: "{{ $cloudflareUsername }}"
    defaultBrowser: firefox
    domain: "{{ $domain }}"
+    email: "{{ $email }}"
+    github:
+      username: "{{ $githubUsername }}"
+    gmail:
+      username: "{{ $gmailAddress }}"
    gpg:
      id: "{{ $gpgKeyId }}"
-    gmail:
-      email: "{{ $gmailAddress }}"
-      password: "{{ $gmailAddressAppPassword }}"
-    surgeshUsername: "{{ $surgeshUsername }}"
-    githubUsername: "{{ $githubUsername }}"
-    locale: "{{ $locale }}"
-    timezone: "{{ $timezone }}"
    holdSudoPrivileges: true
-    CLOUDFLARE_USERNAME: "{{ $cloudflareUsername }}"
-    CLOUDFLARE_ACCESS_KEY_ID: "{{ $cloudflareAccessKeyId }}"
-    CLOUDFLARE_SECRET_ACCESS_KEY: "{{ $cloudflareSecretAccessKey }}"
-    CLOUDFLARE_R2_ACCOUNT_ID: "{{ $cloudflareR2AccountId }}"
-    CLOUDSDK_CORE_PROJECT: "megabyte-labs"
-    GCE_CREDENTIALS_FILE: "{{ joinPath .chezmoi.homeDir ".config" "gcp.json" }}"
-    GCE_SERVICE_ACCOUNT_EMAIL: "molecule@megabyte-labs.iam.gserviceaccount.com"
-    GITHUB_GIST_TOKEN: "{{ $githubGistToken }}"
-    GITHUB_READ_TOKEN: "{{ $githubReadToken }}"
-    GITLAB_READ_TOKEN: "{{ $gitlabReadToken }}"
-    NGROK_AUTH_TOKEN: "{{ $ngrokAuthToken }}"
-    SLACK_API_TOKEN: "{{ $slackApiToken }}"
-    SNAPCRAFT_EMAIL: "{{ $email }}"
-    TAILSCALE_AUTH_KEY: "{{ $tailscaleAuthKey }}"
-    TINYPNG_API_KEY: "g355tx7dxG5yJfl0RXJnpQlQqk88dJBv"
+    locale: "{{ $locale }}"
+    name: "{{ $name }}"
+    surgesh:
+      username: "{{ $surgeshUsername }}"
+    timezone: "{{ $timezone }}"
+    tinypngKey: "g355tx7dxG5yJfl0RXJnpQlQqk88dJBv"
+    username: "{{ output "echo" "$USER" }}"
 diff:
  format: "git"
  pager: "delta"
 git:
  autoCommit: true
  autoPush: true
-scriptEnv:
-  LEXICON_CLOUDFLARE_USERNAME: "{{ $cloudflareUsername }}"
-  LEXICON_CLOUDFLARE_TOKEN: "{{ $cloudflareToken }}"
 textconv:
  - pattern: "**/*.plist"
    command: "plutil"
--- a/home/.chezmoidata.yaml
+++ b/home/.chezmoidata.yaml
@ -19,11 +19,11 @@ colors:
  color14: '#EB71AD'
  color15: '#24E5FF'
  color16: '#FFFFFF'
-macosRemoteLogin: 'on'
-themeparkTheme: aquamarine
-netdataClaimURL: https://app.netdata.cloud
 config:
  gpg: https://raw.githubusercontent.com/drduh/config/master/gpg.conf
+macosRemoteLogin: 'on'
+netdataClaimURL: https://app.netdata.cloud
+themeparkTheme: aquamarine
 chromeExtensions:
  - https://chrome.google.com/webstore/detail/automa/infppggnoaenmfagbfknfkancpbljcca
  - https://chrome.google.com/webstore/detail/bitly-powerful-short-link/iabeihobmhlgpkcgjiloemdbofjbdcic
@ -1007,6 +1007,9 @@ softwareGroups:
    - termius
    - ulauncher
 softwarePlugins:
+  docker:
+    plugins:
+      - sapk/plugin-rclone
  vim:
    plugins:
      - https://github.com/dense-analysis/ale.git
--- a/home/.chezmoiscripts/_universal/run_onchange_before_11-install-docker.tmpl
+++ b/home/.chezmoiscripts/_universal/run_onchange_before_11-install-docker.tmpl
@ -114,4 +114,7 @@ if [ ! -d /Applications ] || [ ! -d /System ]; then
    fi
 fi

+### Install Docker plugins
+for PLUGIN in 
+
 {{ end -}}
--- a/home/.chezmoiscripts/universal/run_onchange_after_07-docker-plugins.tmpl
+++ b/home/.chezmoiscripts/universal/run_onchange_after_07-docker-plugins.tmpl
@ -1,6 +1,8 @@
 {{- if (eq .host.distro.family "linux") -}}
 #!/usr/bin/env bash

+# Docker plugins.json hash: {{ include (joinPath .chezmoi.homeDir ".config" "docker" "plugins.json") | sha256sum }}
+
 {{ includeTemplate "universal/profile" }}
 {{ includeTemplate "universal/logg" }}

@ -30,13 +32,24 @@ fi
 if [ ! -f "${XDG_CONFIG_HOME:-$HOME/.docker}/cli-plugins/docker-pushrm" ]; then
    logg info 'Acquiring release information for Docker push-rm'
    RELEASE_TAG="$(curl -sSL https://api.github.com/repos/christian-korneck/docker-pushrm/releases/latest | jq -r '.tag_name')"
-    mkdir -p "${XDG_CONFIG_HOME:-$HOME/.docker}/cli-plugins"
+    mkdir -p "${XDG_CONFIG_HOME:-$HOME/.config}/docker/cli-plugins"
    logg info 'Downloading Docker push-rm'
-    curl https://github.com/christian-korneck/docker-pushrm/releases/download/$RELEASE_TAG/docker-pushrm_darwin_amd64 -o "${XDG_CONFIG_HOME:-$HOME/.docker}/cli-plugins/docker-pushrm"
-    chmod +x "${XDG_CONFIG_HOME:-$HOME/.docker}/cli-plugins/docker-pushrm"
+    curl https://github.com/christian-korneck/docker-pushrm/releases/download/$RELEASE_TAG/docker-pushrm_darwin_amd64 -o "${XDG_CONFIG_HOME:-$HOME/.config}/docker/cli-plugins/docker-pushrm"
+    chmod +x "${XDG_CONFIG_HOME:-$HOME/.config}/docker/cli-plugins/docker-pushrm"
    logg success 'Added Docker push-rm'
 else
    logg info 'Docker push-rm already added'
 fi

+{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "key-digitalocean-pat")) -}}
+### Docker DigitalOcean Block Storage
+docker plugin install --grant-all-permissions rexray/dobs DOBS_TOKEN={{ includeTemplate "secrets/key-digitalocean-pat" | decrypt -}} DOBS_REGION={{ .host.docker.doRegion }} LINUX_VOLUME_FILEMODE=0775
+{{ end -}}
+
+### Docker plugins (defined in ~/.config/docker/plugins.json)
+jq -r '.plugins[]' "${XDG_CONFIG_HOME:-$HOME/.config}/docker/plugins.json" | while read PLUGIN; do
+    logg info 'Installing the `'"$PLUGIN"'` Docker plugin'
+    docker plugin install --grant-all-permissions "$PLUGIN"
+done
+
 {{ end -}}
--- a/home/.chezmoitemplates/secrets/key-cloudflare-r2-id
+++ b/home/.chezmoitemplates/secrets/key-cloudflare-r2-id
@ -0,0 +1,7 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUa0ZtTm9PbE03R1RReDJZ
+NUdueXVZSk1WY2RxMkpyM1VVL2t2ZlBobGxJCmRyWEtSYVMxU1VCL01hRXk5ODdR
+MTJPZFVYbEEzeStBT3JLRWdoNUg0Z2MKLS0tIGhHdzExOEU1NmJkNHBFUW5DbXFs
+S25MNHFGV01GYjkrYm0zVmhrVEFvd2sKQr2yI5Zlx+yEWa4igHFy2z1FpmEw6tux
+M9i/y2J+Da15jAZgndmc1iWNBVDKVfROon4S60P99djZi/trWcy0jA==
+-----END AGE ENCRYPTED FILE-----
--- a/home/.chezmoitemplates/secrets/key-cloudflare-r2-secret
+++ b/home/.chezmoitemplates/secrets/key-cloudflare-r2-secret
@ -0,0 +1,8 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFYnBRTkRVZ2hGTkZ4NUdQ
+UWZBWmFxQkFXTUhESzhaaFJWMlpQSmh5cldjCjN0c0dScXQ1d0ZoalF1WXN3VG5h
+WC9wQ0pQSmYyU29nN1YwOUNFSHgyRkEKLS0tIG5lOTRhamhySm5iN1V1d0haWFRo
+VVZaczNScHd0ZHZRWmd4TFVRQWVaZzAKqbgfmbnHB5QbO0Z1JMgjNawfAD40Hzru
+kVNSyh/zgIRlwuSzwlENDgrdGXaRjDj7jtchaWe/xPX88Ba5cFe9LC7eXJP1mU2U
+l+nk1LFKSp24PZskcLzw4rxCsLap82KV
+-----END AGE ENCRYPTED FILE-----
--- a/home/dot_config/docker/plugins.json
+++ b/home/dot_config/docker/plugins.json
@ -0,0 +1,6 @@
+{
+    "plugins" [
+        "sapk/plugin-rclone",
+        "vieux/sshfs"
+    ]
+}
--- a/home/dot_config/gcp/gcp.json.TODO
+++ b/home/dot_config/gcp/gcp.json.TODO
--- a/home/dot_config/rclone/merge_rclone.conf
+++ b/home/dot_config/rclone/merge_rclone.conf
@ -1,4 +1,4 @@
-{{- if and (ne .user.CLOUDFLARE_ACCESS_KEY_ID "") (ne .user.CLOUDFLARE_SECRET_ACCESS_KEY "") (ne .user.CLOUDFLARE_R2_ACCOUNT_ID "") }}
+{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "key-cloudflare-r2-id")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "key-cloudflare-r2-secret")) (ne .user.cloudflare.r2 "") -}}
 #!/usr/bin/env bash

 CONFIG_FILE="$HOME/.config/rclone/rclone.conf"
@ -18,27 +18,43 @@ tee -a "$CONFIG_FILE" > /dev/null <<EOT
 [{{ .user.username}}-s3]
 type = s3
 provider = Cloudflare
-access_key_id = {{ .user.CLOUDFLARE_ACCESS_KEY_ID }}
-secret_access_key = {{ .user.CLOUDFLARE_SECRET_ACCESS_KEY }}
+access_key_id = {{ includeTemplate "secrets/key-cloudflare-r2-id" | decrypt -}}
+secret_access_key = {{ includeTemplate "secrets/key-cloudflare-r2-secret" | decrypt -}}
 region = auto
-endpoint = https://{{ .user.CLOUDFLARE_R2_ACCOUNT_ID }}.r2.cloudflarestorage.com
+endpoint = https://{{ .user.cloudflare.r2 }}.r2.cloudflarestorage.com/user
 acl = private
-[do-private]
+[docker]
 type = s3
-provider = DigitalOcean
+provider = Cloudflare
 env_auth = false
-access_key_id = your_spaces_access_key
-secret_access_key = your_spaces_secret_key
-endpoint = private.nyc3.digitaloceanspaces.com
+access_key_id = {{ includeTemplate "secrets/key-cloudflare-r2-id" | decrypt -}}
+secret_access_key = {{ includeTemplate "secrets/key-cloudflare-r2-secret" | decrypt -}}
+endpoint = open.nyc3.digitaloceanspaces.com
 acl = private
-[do-open]
+[private]
 type = s3
-provider = DigitalOcean
+provider = Cloudflare
 env_auth = false
-access_key_id = your_spaces_access_key
-secret_access_key = your_spaces_secret_key
+access_key_id = {{ includeTemplate "secrets/key-cloudflare-r2-id" | decrypt -}}
+secret_access_key = {{ includeTemplate "secrets/key-cloudflare-r2-secret" | decrypt -}}
+endpoint = {{ }}
+acl = private
+[public]
+type = s3
+provider = Cloudflare
+env_auth = false
+access_key_id = {{ includeTemplate "secrets/key-cloudflare-r2-id" | decrypt -}}
+secret_access_key = {{ includeTemplate "secrets/key-cloudflare-r2-secret" | decrypt -}}
 endpoint = open.nyc3.digitaloceanspaces.com
 acl = public-read
+[system]
+type = s3
+provider = Cloudflare
+env_auth = false
+access_key_id = {{ includeTemplate "secrets/key-cloudflare-r2-id" | decrypt -}}
+secret_access_key = {{ includeTemplate "secrets/key-cloudflare-r2-secret" | decrypt -}}
+endpoint = open.nyc3.digitaloceanspaces.com
+acl = private
 # MEGABYTE LABS MANAGED S3
 EOT
 {{- end }}
--- a/home/dot_config/rclone/s3-docker.service.tmpl
+++ b/home/dot_config/rclone/s3-docker.service.tmpl
@ -4,9 +4,9 @@ After=network-online.target

 [Service]
 Type=simple
-User=root
-ExecStart=/usr/local/bin/rclone-mount "docker" "docker" "docker-s3"
-ExecStop=/bin/fusermount -u /mnt/docker-s3
+User=rclone
+ExecStart=/usr/local/bin/rclone-mount "docker" "docker" "s3-docker"
+ExecStop=/bin/fusermount -u /mnt/s3-docker
 Restart=always
 RestartSec=10

--- a/home/dot_config/rclone/s3-private.service.tmpl
+++ b/home/dot_config/rclone/s3-private.service.tmpl
@ -0,0 +1,14 @@
+[Unit]
+Description=rclone S3 system service (private)
+After=network-online.target
+
+[Service]
+Type=simple
+User=rclone
+ExecStart=/usr/local/bin/rclone-mount "rclone" "rclone" "s3-private"
+ExecStop=/bin/fusermount -u /mnt/s3-private
+Restart=always
+RestartSec=10
+
+[Install]
+WantedBy=default.target
--- a/home/dot_config/rclone/s3-public.service.tmpl
+++ b/home/dot_config/rclone/s3-public.service.tmpl
@ -0,0 +1,14 @@
+[Unit]
+Description=rclone S3 system service (public)
+After=network-online.target
+
+[Service]
+Type=simple
+User=rclone
+ExecStart=/usr/local/bin/rclone-mount "rclone" "rclone" "s3-public"
+ExecStop=/bin/fusermount -u /mnt/s3-public
+Restart=always
+RestartSec=10
+
+[Install]
+WantedBy=default.target
--- a/home/dot_local/bin/executable_install-program
+++ b/home/dot_local/bin/executable_install-program
@ -110,6 +110,7 @@ let binLinkRan = false
 const installOrdersPre = []
 const installOrdersPost = []
 const installOrdersService = []
+const installOrdersGroups = []
 const installOrdersPlugins = []
 const installOrdersBinLink = []
 let brewUpdated, osType, osID, snapRefreshed
@ -433,6 +434,10 @@ async function updateInstallMaps(preference, packages, scopedPreference, pkg, pa
  if (serviceHook) {
    installOrdersService.concat(typeof serviceHook === 'string' ? [serviceHook] : serviceHook)
  }
+  const groupsHook = getHook(packages, 'groups', scopedPreference, preference)
+  if (groupsHook) {
+    installOrdersGroups.concat(typeof groupsHook === 'string' ? [groupsHook] : groupsHook)
+  }
  processPluginOrders(pkg)
  if (!installOrders[preference]) {
    installOrders[preference] = []
@ -1471,17 +1476,49 @@ async function installPackageList(packageManager, packages) {
  }
 }

+async function addUserGroup(group) {
+  const logStage = 'Users / Groups'
+  log('info', logStage, `Ensuring the ${group} group / user is added`)
+  if (osType === 'linux') {
+    const useradd = which.sync('useradd', { nothrow: true })
+    if (useradd) {
+      runCommand(`Adding the ${group} user / group`, `sudo useradd ${group}`)
+    } else {
+      log('error', logStage, `The useradd command is unavailable`)
+    }
+  } else if (osType === 'darwin') {
+  } else if (osType === 'windows') {
+    log('warn', logStage, `Windows support not yet added`)
+  } else {
+    log('warn', logStage, `Unknown operating system type`)
+  }
+}
+
 async function updateService(service) {
  const logStage = 'Service Service'
  if (osType === 'linux') {
    const systemctl = which.sync('systemctl', { nothrow: true })
+    const brew = which.sync('brew', { nothrow: true })
    if (systemctl) {
      try {
        runCommand(`Starting / enabling ${service} with systemctl`, `sudo systemctl enable --now ${service}`)
        log('success', logStage, `Started / enabled the ${service} service`)
      } catch (e) {
-        log('error', logStage, `There was an error starting / enabling the ${service} service`)
-        console.error(e)
+        log('info', logStage, `There was an error starting / enabling the ${service} service with systemd`)
+        try {
+          if (brew) {
+            runCommand(`Starting / enabling ${service} with Homebrew`, `brew services start ${service}`)
+            log('success', logStage, `Started / enabled the ${service} service with Homebrew`)
+          } else {
+            log('error', logStage, `Unable to start service with systemd and Homebrew is not available`)
+          }
+        } catch (err) {
+          log('error', logStage, `Unable to start service with both systemd and Homebrew`)
+          log('info', logStage, `systemd error`)
+          console.error(e)
+          log('info', logStage, `brew services error`)
+          console.error(e)
+        }
      }
    } else {
      log(
@ -1711,6 +1748,10 @@ async function installSoftware(pkgsToInstall) {
    asyncOrders.push(installPackageList(packageManager, installOrders[packageManager]))
    await Promise.all(asyncOrders)
  }
+  log('info', 'Users / Groups', `Adding groups / users`)
+  for (const group of installOrdersGroups) {
+    await addUserGroup(group)
+  }
  log('info', 'Post-Install', `Running package-specific post-installation steps`)
  for (const service of installOrdersService) {
    await updateService(service)
--- a/home/dot_local/bin/executable_rclone-mount
+++ b/home/dot_local/bin/executable_rclone-mount
@ -4,46 +4,37 @@
 TYPE="$1"
 USER="$2"
 MOUNT="$3"
+
+### Path definitions
 if [ "$TYPE" = 'user' ]; then
  CACHE_FOLDER="/home/$USER/.cache/rclone"
  CONFIG_FOLDER="/home/$USER/.config/rclone"
  LOG_FOLDER="/home/$USER/.local/log"
  LOG_FILE="$LOG_FOLDER/$MOUNT.log"
  MOUNT_PATH="/home/{{ .user.username }}/.local/mnt/$MOUNT"
-elif [ "$TYPE" = 'docker' ]; then
-  CACHE_FOLDER="/var/cache/rclone/$MOUNT"
-  CONFIG_FOLDER="/etc"
-  LOG_FOLDER="/var/log/rclone"
-  LOG_FILE="$LOG_FOLDER/$MOUNT.log"
-  MOUNT_PATH="/mnt/$MOUNT"
 else
-  CACHE_FOLDER="/var/cache/rclone"
+  CACHE_FOLDER="/var/cache/rclone/$MOUNT"
  CONFIG_FOLDER="/etc"
  LOG_FOLDER="/var/log/rclone"
  LOG_FILE="$LOG_FOLDER/$MOUNT.log"
  MOUNT_PATH="/mnt/$MOUNT"
 fi

-### Ensure directories created
-if [ ! -d "$CACHE_FOLDER" ]; then
-  mkdir -p "$CACHE_FOLDER"
-fi
-if [ ! -d "$CONFIG_FOLDER" ]; then
-  mkdir -p "$CONFIG_FOLDER"
-fi
-if [ ! -d "$LOG_FOLDER" ]; then
-  mkdir -p "$LOG_FOLDER"
-fi
-if [ ! -d "$MOUNT_PATH" ]; then
-  mkdir -p "$MOUNT_PATH"
-fi
+### Ensure folders exist
+for FOLDER in "$CACHE_FOLDER" "$CONFIG_FOLDER" "$LOG_FOLDER" "$MOUNT_PATH"; do
+    if [ ! -d "$FOLDER" ]; then
+        mkdir -p "$FOLDER" || echo "ERROR: Need permissions for $FOLDER"
+    fi
+done
+
+### Define rcloneignore location
 RCLONE_IGNORE="$CONFIG_FOLDER/rcloneignore"
 if [ ! -f "$RCLONE_IGNORE" ] && [ -f "/etc/rcloneignore" ]; then
  RCLONE_IGNORE='etc/rcloneignore'
 fi

 ### Mount
- /usr/bin/rclone --config="$CONFIG_FOLDER/rclone.conf" \
+/usr/bin/rclone --config="$CONFIG_FOLDER/rclone.conf" \
  mount \
  --cache-tmp-upload-path="$CACHE_FOLDER/$MOUNT-upload" \
  --cache-chunk-path="$CACHE_FOLDER/$MOUNT-chunks" \
--- a/software.yml
+++ b/software.yml
@ -6137,6 +6137,8 @@ softwarePackages:
    _desc: '[Rclone](https://rclone.org/) is an open source, multi threaded, command line computer program to manage content on cloud and other high latency storage. Its capabilities include sync, transfer, crypt, cache, union, compress and mount. The rclone website lists [fifty supported backends](https://rclone.org/overview/) including S3 services and Google Drive.'
    _docs: https://rclone.org/docs/
    _github: https://github.com/rclone/rclone
+    _groups:
+      - rclone
    _home: https://rclone.org/
    _name: Rclone
    ansible: professormanhattan.rclone