diff --git a/home/.chezmoiscripts/universal/run_onchange_after_14-warp.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_14-warp.sh.tmpl index 49024ec7..273b0a46 100644 --- a/home/.chezmoiscripts/universal/run_onchange_after_14-warp.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_after_14-warp.sh.tmpl @@ -37,7 +37,8 @@ # * Google Drive for desktop # # Settings used to configure Firefox are housed inside of the Firefox configuration files stored as seperate configuration files -# outside of this script. +# outside of this script. **Note: The scripts that enable CloudFlare certificates for all these programs are currently commented out +# in this script.** # # ## Notes # @@ -150,44 +151,46 @@ fi if command -v warp-cli > /dev/null; then ### Application certificate configuration - - ### Git - if command -v git > /dev/null; then - logg info "Configuring git to use "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem"" - git config --global http.sslcainfo "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" - fi + # Application-specific certificate authority modification is currently commented out because + # it is merely for traffic inspection and `npm install` fails when configured to use the CloudFlare + # certificate and the WARP client is not running. + # ### Git + # if command -v git > /dev/null; then + # logg info "Configuring git to use "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem"" + # git config --global http.sslcainfo "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" + # fi - ### NPM - if command -v npm > /dev/null; then - logg info "Configuring npm to use "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem"" - npm config set cafile "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" - fi + # ### NPM + # if command -v npm > /dev/null; then + # logg info "Configuring npm to use "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem"" + # npm config set cafile "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" + # fi - ### Python - if command -v python3 > /dev/null; then - logg info "Configuring python3 / python to use "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem"" - echo | cat - "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" >> $(python3 -m certifi) - fi + # ### Python + # if command -v python3 > /dev/null; then + # logg info "Configuring python3 / python to use "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem"" + # echo | cat - "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" >> $(python3 -m certifi) + # fi - ### Google Cloud SDK - if command -v gcloud > /dev/null; then - logg info "Configuring gcloud to use "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" and "${XDG_DATA_HOME:-$HOME/.local/share}/curl/cacert.pem"" - mkdir -p "${XDG_DATA_HOME:-$HOME/.local/share}/gcloud" - cat cacert.pem "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" > "${XDG_DATA_HOME:-$HOME/.local/share}/gcloud/ca.pem" - gcloud config set core/custom_ca_certs_file "${XDG_DATA_HOME:-$HOME/.local/share}/gcloud/ca.pem" - fi + # ### Google Cloud SDK + # if command -v gcloud > /dev/null; then + # logg info "Configuring gcloud to use "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" and "${XDG_DATA_HOME:-$HOME/.local/share}/curl/cacert.pem"" + # mkdir -p "${XDG_DATA_HOME:-$HOME/.local/share}/gcloud" + # cat cacert.pem "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" > "${XDG_DATA_HOME:-$HOME/.local/share}/gcloud/ca.pem" + # gcloud config set core/custom_ca_certs_file "${XDG_DATA_HOME:-$HOME/.local/share}/gcloud/ca.pem" + # fi ### Google Drive for desktop (macOS) - if [ -d "/Applications/Google Drive.app" ]; then - if [ -d "/Applications/Google Drive.app/Contents/Resources" ]; then - logg info "Combining Google Drive roots.pem with CloudFlare certificate" - mkdir -p "${XDG_DATA_HOME:-$HOME/.local/share}/google-drive" - cat "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" "/Applications/Google Drive.app/Contents/Resources/roots.pem" >> "${XDG_DATA_HOME:-$HOME/.local/share}/google-drive/roots.pem" - sudo defaults write /Library/Preferences/com.google.drivefs.settings TrustedRootsCertsFile -string "${XDG_DATA_HOME:-$HOME/.local/share}/google-drive/roots.pem" - else - logg warn 'Google Drive.app installed but roots.pem is not available yet' - fi - fi + # if [ -d "/Applications/Google Drive.app" ]; then + # if [ -d "/Applications/Google Drive.app/Contents/Resources" ]; then + # logg info "Combining Google Drive roots.pem with CloudFlare certificate" + # mkdir -p "${XDG_DATA_HOME:-$HOME/.local/share}/google-drive" + # cat "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" "/Applications/Google Drive.app/Contents/Resources/roots.pem" >> "${XDG_DATA_HOME:-$HOME/.local/share}/google-drive/roots.pem" + # sudo defaults write /Library/Preferences/com.google.drivefs.settings TrustedRootsCertsFile -string "${XDG_DATA_HOME:-$HOME/.local/share}/google-drive/roots.pem" + # else + # logg warn 'Google Drive.app installed but roots.pem is not available yet' + # fi + # fi ### Ensure MDM settings are applied (deletes after reboot on macOS) diff --git a/home/.chezmoiscripts/universal/run_onchange_after_16-vnc.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_16-vnc.sh.tmpl index 53424895..806d5054 100644 --- a/home/.chezmoiscripts/universal/run_onchange_after_16-vnc.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_after_16-vnc.sh.tmpl @@ -23,7 +23,7 @@ if [ -d /Applications ] && [ -d /System ]; then # To disable, run: sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -configure -access -off # Only enable when computer is not a corporate / work computer logg info 'Enabling VNC using the `VNC_PASSWORD` variable which is `vncpass` when nothing is specified' - sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -allowAccessFor -specifiedUsers -clientopts -setreqperm -reqperm yes -setvnclegacy -vnclegacy yes -setvncpw -vncpw {{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VNC_PASSWORD")) }}{{ includeTemplate "secrets/VNC_PASSWORD" | decrypt | trim }}{{ else }}{{ default "vncpass" (env "VNC_PASSWORD") }}{{ end }} -restart -agent -privs -all -users {{ .user.name }} + sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -allowAccessFor -specifiedUsers -clientopts -setreqperm -reqperm yes -setvnclegacy -vnclegacy yes -setvncpw -vncpw "{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VNC_PASSWORD")) }}{{ includeTemplate "secrets/VNC_PASSWORD" | decrypt | trim }}{{ else }}{{ default "vncpass" (env "VNC_PASSWORD") }}{{ end }}" -restart -agent -privs -all -users "$USER" else # System is Linux ### VNC set-up / configuration diff --git a/home/.chezmoiscripts/universal/run_onchange_after_32-gitomatic.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_32-gitomatic.sh.tmpl index 9dedb67f..f52e0286 100644 --- a/home/.chezmoiscripts/universal/run_onchange_after_32-gitomatic.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_after_32-gitomatic.sh.tmpl @@ -26,9 +26,9 @@ ### Clone the repositories logg info 'Cloning the repositories' -{{ range .data.user.gitomatic }} -if [ ! -d {{ .path }} ] ; then - git clone {{ .git }} {{ .path }} +{{ range .user.gitomatic }} +if [ ! -d "{{ .path }}" ]; then + git clone "{{ .git }}" "{{ .path }}" fi {{ end -}} @@ -37,7 +37,7 @@ if command -v gitomatic > /dev/null; then if [ -d /Applications ] && [ -d /System ]; then ### macOS logg info 'Copying `gitomatic` plist file to /Library/LaunchDaemons' - sudo cp -f {{ .chezmoi.homeDir }}/.config/gitomatic/gitomatic.plist /Library/LaunchDaemons/gitomatic.plist + sudo cp -f "{{ .chezmoi.homeDir }}/.config/gitomatic/gitomatic.plist" /Library/LaunchDaemons/gitomatic.plist logg info 'Running `sudo launchctl load com.gitomatic`' sudo launchctl load com.gitomatic logg info 'Running `sudo launchctl start com.gitomatic`' @@ -45,7 +45,7 @@ if command -v gitomatic > /dev/null; then else ### Linux logg info 'Copying `gitomatic` systemd unit file to /etc/systemd/system/' - sudo cp -f {{ .chezmoi.homeDir }}/.config/gitomatic/gitomatic.service /etc/systemd/system/gitomatic.service + sudo cp -f "{{ .chezmoi.homeDir }}/.config/gitomatic/gitomatic.service" /etc/systemd/system/gitomatic.service logg info 'Reloading systemd daemon' sudo systemctl daemon-reload logg info 'Enabling and starting `gitomatic` service'