Latest
This commit is contained in:
parent
62193f3c6e
commit
db565ff44f
3 changed files with 43 additions and 40 deletions
|
@ -37,7 +37,8 @@
|
||||||
# * Google Drive for desktop
|
# * Google Drive for desktop
|
||||||
#
|
#
|
||||||
# Settings used to configure Firefox are housed inside of the Firefox configuration files stored as seperate configuration files
|
# Settings used to configure Firefox are housed inside of the Firefox configuration files stored as seperate configuration files
|
||||||
# outside of this script.
|
# outside of this script. **Note: The scripts that enable CloudFlare certificates for all these programs are currently commented out
|
||||||
|
# in this script.**
|
||||||
#
|
#
|
||||||
# ## Notes
|
# ## Notes
|
||||||
#
|
#
|
||||||
|
@ -150,44 +151,46 @@ fi
|
||||||
|
|
||||||
if command -v warp-cli > /dev/null; then
|
if command -v warp-cli > /dev/null; then
|
||||||
### Application certificate configuration
|
### Application certificate configuration
|
||||||
|
# Application-specific certificate authority modification is currently commented out because
|
||||||
|
# it is merely for traffic inspection and `npm install` fails when configured to use the CloudFlare
|
||||||
|
# certificate and the WARP client is not running.
|
||||||
|
# ### Git
|
||||||
|
# if command -v git > /dev/null; then
|
||||||
|
# logg info "Configuring git to use "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem""
|
||||||
|
# git config --global http.sslcainfo "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem"
|
||||||
|
# fi
|
||||||
|
|
||||||
### Git
|
# ### NPM
|
||||||
if command -v git > /dev/null; then
|
# if command -v npm > /dev/null; then
|
||||||
logg info "Configuring git to use "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem""
|
# logg info "Configuring npm to use "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem""
|
||||||
git config --global http.sslcainfo "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem"
|
# npm config set cafile "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem"
|
||||||
fi
|
# fi
|
||||||
|
|
||||||
### NPM
|
# ### Python
|
||||||
if command -v npm > /dev/null; then
|
# if command -v python3 > /dev/null; then
|
||||||
logg info "Configuring npm to use "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem""
|
# logg info "Configuring python3 / python to use "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem""
|
||||||
npm config set cafile "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem"
|
# echo | cat - "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" >> $(python3 -m certifi)
|
||||||
fi
|
# fi
|
||||||
|
|
||||||
### Python
|
# ### Google Cloud SDK
|
||||||
if command -v python3 > /dev/null; then
|
# if command -v gcloud > /dev/null; then
|
||||||
logg info "Configuring python3 / python to use "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem""
|
# logg info "Configuring gcloud to use "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" and "${XDG_DATA_HOME:-$HOME/.local/share}/curl/cacert.pem""
|
||||||
echo | cat - "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" >> $(python3 -m certifi)
|
# mkdir -p "${XDG_DATA_HOME:-$HOME/.local/share}/gcloud"
|
||||||
fi
|
# cat cacert.pem "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" > "${XDG_DATA_HOME:-$HOME/.local/share}/gcloud/ca.pem"
|
||||||
|
# gcloud config set core/custom_ca_certs_file "${XDG_DATA_HOME:-$HOME/.local/share}/gcloud/ca.pem"
|
||||||
### Google Cloud SDK
|
# fi
|
||||||
if command -v gcloud > /dev/null; then
|
|
||||||
logg info "Configuring gcloud to use "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" and "${XDG_DATA_HOME:-$HOME/.local/share}/curl/cacert.pem""
|
|
||||||
mkdir -p "${XDG_DATA_HOME:-$HOME/.local/share}/gcloud"
|
|
||||||
cat cacert.pem "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" > "${XDG_DATA_HOME:-$HOME/.local/share}/gcloud/ca.pem"
|
|
||||||
gcloud config set core/custom_ca_certs_file "${XDG_DATA_HOME:-$HOME/.local/share}/gcloud/ca.pem"
|
|
||||||
fi
|
|
||||||
|
|
||||||
### Google Drive for desktop (macOS)
|
### Google Drive for desktop (macOS)
|
||||||
if [ -d "/Applications/Google Drive.app" ]; then
|
# if [ -d "/Applications/Google Drive.app" ]; then
|
||||||
if [ -d "/Applications/Google Drive.app/Contents/Resources" ]; then
|
# if [ -d "/Applications/Google Drive.app/Contents/Resources" ]; then
|
||||||
logg info "Combining Google Drive roots.pem with CloudFlare certificate"
|
# logg info "Combining Google Drive roots.pem with CloudFlare certificate"
|
||||||
mkdir -p "${XDG_DATA_HOME:-$HOME/.local/share}/google-drive"
|
# mkdir -p "${XDG_DATA_HOME:-$HOME/.local/share}/google-drive"
|
||||||
cat "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" "/Applications/Google Drive.app/Contents/Resources/roots.pem" >> "${XDG_DATA_HOME:-$HOME/.local/share}/google-drive/roots.pem"
|
# cat "${XDG_DATA_HOME:-$HOME/.local/share}/warp/Cloudflare_CA.pem" "/Applications/Google Drive.app/Contents/Resources/roots.pem" >> "${XDG_DATA_HOME:-$HOME/.local/share}/google-drive/roots.pem"
|
||||||
sudo defaults write /Library/Preferences/com.google.drivefs.settings TrustedRootsCertsFile -string "${XDG_DATA_HOME:-$HOME/.local/share}/google-drive/roots.pem"
|
# sudo defaults write /Library/Preferences/com.google.drivefs.settings TrustedRootsCertsFile -string "${XDG_DATA_HOME:-$HOME/.local/share}/google-drive/roots.pem"
|
||||||
else
|
# else
|
||||||
logg warn 'Google Drive.app installed but roots.pem is not available yet'
|
# logg warn 'Google Drive.app installed but roots.pem is not available yet'
|
||||||
fi
|
# fi
|
||||||
fi
|
# fi
|
||||||
|
|
||||||
|
|
||||||
### Ensure MDM settings are applied (deletes after reboot on macOS)
|
### Ensure MDM settings are applied (deletes after reboot on macOS)
|
||||||
|
|
|
@ -23,7 +23,7 @@ if [ -d /Applications ] && [ -d /System ]; then
|
||||||
# To disable, run: sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -configure -access -off
|
# To disable, run: sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -configure -access -off
|
||||||
# Only enable when computer is not a corporate / work computer
|
# Only enable when computer is not a corporate / work computer
|
||||||
logg info 'Enabling VNC using the `VNC_PASSWORD` variable which is `vncpass` when nothing is specified'
|
logg info 'Enabling VNC using the `VNC_PASSWORD` variable which is `vncpass` when nothing is specified'
|
||||||
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -allowAccessFor -specifiedUsers -clientopts -setreqperm -reqperm yes -setvnclegacy -vnclegacy yes -setvncpw -vncpw {{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VNC_PASSWORD")) }}{{ includeTemplate "secrets/VNC_PASSWORD" | decrypt | trim }}{{ else }}{{ default "vncpass" (env "VNC_PASSWORD") }}{{ end }} -restart -agent -privs -all -users {{ .user.name }}
|
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -allowAccessFor -specifiedUsers -clientopts -setreqperm -reqperm yes -setvnclegacy -vnclegacy yes -setvncpw -vncpw "{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VNC_PASSWORD")) }}{{ includeTemplate "secrets/VNC_PASSWORD" | decrypt | trim }}{{ else }}{{ default "vncpass" (env "VNC_PASSWORD") }}{{ end }}" -restart -agent -privs -all -users "$USER"
|
||||||
else
|
else
|
||||||
# System is Linux
|
# System is Linux
|
||||||
### VNC set-up / configuration
|
### VNC set-up / configuration
|
||||||
|
|
|
@ -26,9 +26,9 @@
|
||||||
|
|
||||||
### Clone the repositories
|
### Clone the repositories
|
||||||
logg info 'Cloning the repositories'
|
logg info 'Cloning the repositories'
|
||||||
{{ range .data.user.gitomatic }}
|
{{ range .user.gitomatic }}
|
||||||
if [ ! -d {{ .path }} ] ; then
|
if [ ! -d "{{ .path }}" ]; then
|
||||||
git clone {{ .git }} {{ .path }}
|
git clone "{{ .git }}" "{{ .path }}"
|
||||||
fi
|
fi
|
||||||
{{ end -}}
|
{{ end -}}
|
||||||
|
|
||||||
|
@ -37,7 +37,7 @@ if command -v gitomatic > /dev/null; then
|
||||||
if [ -d /Applications ] && [ -d /System ]; then
|
if [ -d /Applications ] && [ -d /System ]; then
|
||||||
### macOS
|
### macOS
|
||||||
logg info 'Copying `gitomatic` plist file to /Library/LaunchDaemons'
|
logg info 'Copying `gitomatic` plist file to /Library/LaunchDaemons'
|
||||||
sudo cp -f {{ .chezmoi.homeDir }}/.config/gitomatic/gitomatic.plist /Library/LaunchDaemons/gitomatic.plist
|
sudo cp -f "{{ .chezmoi.homeDir }}/.config/gitomatic/gitomatic.plist" /Library/LaunchDaemons/gitomatic.plist
|
||||||
logg info 'Running `sudo launchctl load com.gitomatic`'
|
logg info 'Running `sudo launchctl load com.gitomatic`'
|
||||||
sudo launchctl load com.gitomatic
|
sudo launchctl load com.gitomatic
|
||||||
logg info 'Running `sudo launchctl start com.gitomatic`'
|
logg info 'Running `sudo launchctl start com.gitomatic`'
|
||||||
|
@ -45,7 +45,7 @@ if command -v gitomatic > /dev/null; then
|
||||||
else
|
else
|
||||||
### Linux
|
### Linux
|
||||||
logg info 'Copying `gitomatic` systemd unit file to /etc/systemd/system/'
|
logg info 'Copying `gitomatic` systemd unit file to /etc/systemd/system/'
|
||||||
sudo cp -f {{ .chezmoi.homeDir }}/.config/gitomatic/gitomatic.service /etc/systemd/system/gitomatic.service
|
sudo cp -f "{{ .chezmoi.homeDir }}/.config/gitomatic/gitomatic.service" /etc/systemd/system/gitomatic.service
|
||||||
logg info 'Reloading systemd daemon'
|
logg info 'Reloading systemd daemon'
|
||||||
sudo systemctl daemon-reload
|
sudo systemctl daemon-reload
|
||||||
logg info 'Enabling and starting `gitomatic` service'
|
logg info 'Enabling and starting `gitomatic` service'
|
||||||
|
|
Loading…
Reference in a new issue