From e12fb48312bb934eb085add650d825dbb7054e75 Mon Sep 17 00:00:00 2001
From: Brian Zalewski <59970525+ProfessorManhattan@users.noreply.github.com>
Date: Tue, 5 Dec 2023 19:40:25 +0000
Subject: [PATCH] Latest

---
 scripts/cloudflared-ssh.sh | 14 +++++++-----
 scripts/homebrew.sh        | 12 ++++++----
 scripts/partials/homebrew  | 10 ++++----
 scripts/pfsense.sh         | 32 ++++++++++++++++++++++++++
 scripts/provision.sh       | 47 +++++++++++++++++++++++++++++++-------
 5 files changed, 92 insertions(+), 23 deletions(-)

diff --git a/scripts/cloudflared-ssh.sh b/scripts/cloudflared-ssh.sh
index 5db9f062..afced031 100644
--- a/scripts/cloudflared-ssh.sh
+++ b/scripts/cloudflared-ssh.sh
@@ -201,10 +201,10 @@ ensureHomebrew() {
       ### Installs Homebrew and addresses a couple potential issues
       if command -v sudo > /dev/null && sudo -n true; then
         logg info "Installing Homebrew"
-        echo | /bin/bash -c "$(curl -fsSL --compressed https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
+        echo | /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
       else
         logg info "Homebrew is not installed. The script will attempt to install Homebrew and you might be prompted for your password."
-        /bin/bash -c "$(curl -fsSL --compressed https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" || BREW_EXIT_CODE="$?"
+        /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" || BREW_EXIT_CODE="$?"
         if [ -n "$BREW_EXIT_CODE" ]; then
           if command -v brew > /dev/null; then
             logg warn "Homebrew was installed but part of the installation failed. Trying a few things to fix the installation.."
@@ -222,8 +222,10 @@ ensureHomebrew() {
       ### Ensures the `brew` binary is available on Linux machines. macOS installs `brew` into the default `PATH` so nothing needs to be done for macOS.
       if [ -d /home/linuxbrew/.linuxbrew/bin ]; then
         logg info "Sourcing shellenv from /home/linuxbrew/.linuxbrew/bin/brew" && eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
-      elif [ -f /opt/homebrew/bin/brew ]; then
-        logg info "Sourcing shellenv from /opt/homebrew/bin/brew" && eval "$(/opt/homebrew/bin/brew shellenv)"
+      elif [ -f /usr/local/bin/brew ]; then
+        logg info "Sourcing shellenv from /usr/local/bin/brew" && eval "$(/usr/local/bin/brew shellenv)"
+      elif [ -f "${HOMEBREW_PREFIX:-/opt/homebrew}/bin/brew" ]; then
+        logg info "Sourcing shellenv from "${HOMEBREW_PREFIX:-/opt/homebrew}/bin/brew"" && eval "$("${HOMEBREW_PREFIX:-/opt/homebrew}/bin/brew" shellenv)"
       fi
     fi
   fi
@@ -231,7 +233,7 @@ ensureHomebrew() {
   ### Ensure GCC is installed via Homebrew
   if command -v brew > /dev/null; then
     if ! brew list | grep gcc > /dev/null; then
-      logg info "Installing Homebrew gcc" && brew install gcc
+      logg info "Installing Homebrew gcc" && brew install --quiet gcc
     fi
   else
     logg error "Failed to initialize Homebrew" && exit 2
@@ -241,7 +243,7 @@ ensureHomebrew
 
 # @description Ensures `cloudflared` is installed via Homebrew
 if ! command -v cloudflared > /dev/null; then
-    brew install cloudflared
+    brew install --quiet cloudflared
 fi
 
 # @description Detect the SSH port being used
diff --git a/scripts/homebrew.sh b/scripts/homebrew.sh
index a10d04c2..a25b40aa 100644
--- a/scripts/homebrew.sh
+++ b/scripts/homebrew.sh
@@ -170,10 +170,10 @@ ensureHomebrew() {
       ### Installs Homebrew and addresses a couple potential issues
       if command -v sudo > /dev/null && sudo -n true; then
         logg info "Installing Homebrew"
-        echo | /bin/bash -c "$(curl -fsSL --compressed https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
+        echo | /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
       else
         logg info "Homebrew is not installed. The script will attempt to install Homebrew and you might be prompted for your password."
-        /bin/bash -c "$(curl -fsSL --compressed https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" || BREW_EXIT_CODE="$?"
+        /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" || BREW_EXIT_CODE="$?"
         if [ -n "$BREW_EXIT_CODE" ]; then
           if command -v brew > /dev/null; then
             logg warn "Homebrew was installed but part of the installation failed. Trying a few things to fix the installation.."
@@ -191,8 +191,10 @@ ensureHomebrew() {
       ### Ensures the `brew` binary is available on Linux machines. macOS installs `brew` into the default `PATH` so nothing needs to be done for macOS.
       if [ -d /home/linuxbrew/.linuxbrew/bin ]; then
         logg info "Sourcing shellenv from /home/linuxbrew/.linuxbrew/bin/brew" && eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
-      elif [ -f /opt/homebrew/bin/brew ]; then
-        logg info "Sourcing shellenv from /opt/homebrew/bin/brew" && eval "$(/opt/homebrew/bin/brew shellenv)"
+      elif [ -f /usr/local/bin/brew ]; then
+        logg info "Sourcing shellenv from /usr/local/bin/brew" && eval "$(/usr/local/bin/brew shellenv)"
+      elif [ -f "${HOMEBREW_PREFIX:-/opt/homebrew}/bin/brew" ]; then
+        logg info "Sourcing shellenv from "${HOMEBREW_PREFIX:-/opt/homebrew}/bin/brew"" && eval "$("${HOMEBREW_PREFIX:-/opt/homebrew}/bin/brew" shellenv)"
       fi
     fi
   fi
@@ -200,7 +202,7 @@ ensureHomebrew() {
   ### Ensure GCC is installed via Homebrew
   if command -v brew > /dev/null; then
     if ! brew list | grep gcc > /dev/null; then
-      logg info "Installing Homebrew gcc" && brew install gcc
+      logg info "Installing Homebrew gcc" && brew install --quiet gcc
     fi
   else
     logg error "Failed to initialize Homebrew" && exit 2
diff --git a/scripts/partials/homebrew b/scripts/partials/homebrew
index 2ffbc8a0..0258a25d 100644
--- a/scripts/partials/homebrew
+++ b/scripts/partials/homebrew
@@ -20,10 +20,10 @@ ensureHomebrew() {
       ### Installs Homebrew and addresses a couple potential issues
       if command -v sudo > /dev/null && sudo -n true; then
         logg info "Installing Homebrew"
-        echo | /bin/bash -c "$(curl -fsSL --compressed https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
+        echo | /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
       else
         logg info "Homebrew is not installed. The script will attempt to install Homebrew and you might be prompted for your password."
-        /bin/bash -c "$(curl -fsSL --compressed https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" || BREW_EXIT_CODE="$?"
+        /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" || BREW_EXIT_CODE="$?"
         if [ -n "$BREW_EXIT_CODE" ]; then
           if command -v brew > /dev/null; then
             logg warn "Homebrew was installed but part of the installation failed. Trying a few things to fix the installation.."
@@ -41,8 +41,10 @@ ensureHomebrew() {
       ### Ensures the `brew` binary is available on Linux machines. macOS installs `brew` into the default `PATH` so nothing needs to be done for macOS.
       if [ -d /home/linuxbrew/.linuxbrew/bin ]; then
         logg info "Sourcing shellenv from /home/linuxbrew/.linuxbrew/bin/brew" && eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
-      elif [ -f /opt/homebrew/bin/brew ]; then
-        logg info "Sourcing shellenv from /opt/homebrew/bin/brew" && eval "$(/opt/homebrew/bin/brew shellenv)"
+      elif [ -f /usr/local/bin/brew ]; then
+        logg info "Sourcing shellenv from /usr/local/bin/brew" && eval "$(/usr/local/bin/brew shellenv)"
+      elif [ -f "${HOMEBREW_PREFIX:-/opt/homebrew}/bin/brew" ]; then
+        logg info "Sourcing shellenv from "${HOMEBREW_PREFIX:-/opt/homebrew}/bin/brew"" && eval "$("${HOMEBREW_PREFIX:-/opt/homebrew}/bin/brew" shellenv)"
       fi
     fi
   fi
diff --git a/scripts/pfsense.sh b/scripts/pfsense.sh
index 18816c37..f47f75e0 100644
--- a/scripts/pfsense.sh
+++ b/scripts/pfsense.sh
@@ -5,6 +5,18 @@
 #     This script sets up pfSense with features like:
 #
 #     1. [Netdata Cloud](https://learn.netdata.cloud/docs/installing/pfsense)
+#
+#     ## Considerations
+#
+#     The following items are not included in this script but may be added in the future:
+#
+#     * https://github.com/pfelk/pfelk
+#
+#     ## Useful Links
+#
+#     * [pfSense to OPNSense configuration converter](https://www.pf2opn.com/)
+#     * [pfSense Ansible collection](https://github.com/pfsensible/core)
+#     * [pfSense API](https://github.com/jaredhendrickson13/pfsense-api) (Note: Need CLI or easy way of accessing it)
 
 # @description This function logs with style using Gum if it is installed, otherwise it uses `echo`. It is also capable of leveraging Glow to render markdown.
 #     When Glow is not installed, it uses `cat`. The following sub-commands are available:
@@ -140,3 +152,23 @@ EOF
     service netdata onestart
 }
 enableNetdata
+
+# @description This function installs UniFi onto a pfSense / OPNSense FreeBSD environment. It leverages scripts provided by
+#     the [unofficial pfSense UniFi project on GitHub](https://github.com/unofficial-unifi/unifi-pfsense). The script runs
+#     the script provided by the project and then enables the UniFi service.
+#
+#     If you run into issues, please see the project's GitHub link (referenced above). It may take a couple minutes for the
+#     UniFi service to start up after `service unifi.sh start` is run because the start service exits fast while booting up
+#     the UniFi service in the background.
+enableUniFi() {
+  fetch -o - https://raw.githubusercontent.com/unofficial-unifi/unifi-pfsense/master/install-unifi/install-unifi.sh | sh -s
+  service unifi.sh start
+}
+enableUniFi
+
+# @description This function adds an unofficial package that adds SAML2 support to pfSense for SSO logins over
+#     the web portal. For more information, see the project's [GitHub page](https://github.com/jaredhendrickson13/pfsense-saml2-auth).
+enablePFsenseSAML() {
+  pkg add https://github.com/jaredhendrickson13/pfsense-saml2-auth/releases/latest/download/pfSense-2.7-pkg-saml2-auth.pkg
+}
+enablePFsenseSAML
diff --git a/scripts/provision.sh b/scripts/provision.sh
index 1918c420..aaa7e203 100644
--- a/scripts/provision.sh
+++ b/scripts/provision.sh
@@ -234,10 +234,10 @@ ensureHomebrew() {
       ### Installs Homebrew and addresses a couple potential issues
       if command -v sudo > /dev/null && sudo -n true; then
         logg info "Installing Homebrew"
-        echo | /bin/bash -c "$(curl -fsSL --compressed https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
+        echo | /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
       else
         logg info "Homebrew is not installed. The script will attempt to install Homebrew and you might be prompted for your password."
-        /bin/bash -c "$(curl -fsSL --compressed https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" || BREW_EXIT_CODE="$?"
+        /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" || BREW_EXIT_CODE="$?"
         if [ -n "$BREW_EXIT_CODE" ]; then
           if command -v brew > /dev/null; then
             logg warn "Homebrew was installed but part of the installation failed. Trying a few things to fix the installation.."
@@ -255,8 +255,10 @@ ensureHomebrew() {
       ### Ensures the `brew` binary is available on Linux machines. macOS installs `brew` into the default `PATH` so nothing needs to be done for macOS.
       if [ -d /home/linuxbrew/.linuxbrew/bin ]; then
         logg info "Sourcing shellenv from /home/linuxbrew/.linuxbrew/bin/brew" && eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
-      elif [ -f /opt/homebrew/bin/brew ]; then
-        logg info "Sourcing shellenv from /opt/homebrew/bin/brew" && eval "$(/opt/homebrew/bin/brew shellenv)"
+      elif [ -f /usr/local/bin/brew ]; then
+        logg info "Sourcing shellenv from /usr/local/bin/brew" && eval "$(/usr/local/bin/brew shellenv)"
+      elif [ -f "${HOMEBREW_PREFIX:-/opt/homebrew}/bin/brew" ]; then
+        logg info "Sourcing shellenv from "${HOMEBREW_PREFIX:-/opt/homebrew}/bin/brew"" && eval "$("${HOMEBREW_PREFIX:-/opt/homebrew}/bin/brew" shellenv)"
       fi
     fi
   fi
@@ -264,13 +266,40 @@ ensureHomebrew() {
   ### Ensure GCC is installed via Homebrew
   if command -v brew > /dev/null; then
     if ! brew list | grep gcc > /dev/null; then
-      logg info "Installing Homebrew gcc" && brew install gcc
+      logg info "Installing Homebrew gcc" && brew install --quiet gcc
     fi
   else
     logg error "Failed to initialize Homebrew" && exit 2
   fi
 }
 
+# @description This function determines whether or not a reboot is required on the target system.
+#     On Linux, it will check for the presence of the `/var/run/reboot-required` file to determine
+#     whether or not a reboot is required. On macOS, it will reboot `/Library/Updates/index.plist`
+#     to determine whether or not a reboot is required.
+#
+#     After determining whether or not a reboot is required, the script will attempt to automatically
+#     reboot the machine.
+handleRequiredReboot() {
+    if [ -d /Applications ] && [ -d /System ]; then
+        ### macOS
+        logg info 'Checking if there is a pending update' && defaults read /Library/Updates/index.plist InstallAtLogout
+        # TODO - Uncomment this when we can determine conditions for reboot
+        # sudo shutdown -r now
+    elif [ -f /var/run/reboot-required ]; then
+        ### Linux
+        logg info '/var/run/reboot-required is present so a reboot is required'
+        if command -v systemctl > /dev/null; then
+            logg info 'systemctl present so rebooting with sudo systemctl start reboot.target' && sudo systemctl start reboot.target
+        elif command -v reboot > /dev/null; then
+            logg info 'reboot available as command so rebooting with sudo reboot' && sudo reboot
+        elif command -v shutdown > /dev/null; then
+            logg info 'shutdown command available so rebooting with sudo shutdown -r now' && sudo shutdown -r now
+        else
+            logg warn 'Reboot required but unable to determine appropriate restart command'
+        fi
+    fi
+}
 # @description Load default settings if it is in a CI setting
 setCIEnvironmentVariables() {
   if [ -n "$CI" ]; then
@@ -420,7 +449,7 @@ handleQubesDom0() {
 installBrewPackage() {
   if ! command -v "$1" > /dev/null; then
     logg 'Installing '"$1"''
-    brew install "$1"
+    brew install --quiet "$1"
   fi
 }
 
@@ -443,9 +472,10 @@ ensureHomebrewDeps() {
 
   ### macOS
   if [ -d /Applications ] && [ -d /System ]; then
+    installBrewPackage "expect"
     installBrewPackage "gsed"
     if ! command -v gtimeout > /dev/null; then
-      brew install coreutils
+      brew install --quiet coreutils
     fi
   fi
 }
@@ -512,7 +542,7 @@ runChezmoi() {
     logg info 'Running chezmoi apply forcefully'
     if command -v unbuffer > /dev/null; then
       if command -v caffeinate > /dev/null; then
-        unbuffer -p caffeinate chezmoi apply $DEBUG_MODIFIER -k --force 2>&1 | tee "$LOG_FILE"
+        caffeinate unbuffer -p chezmoi apply $DEBUG_MODIFIER -k --force 2>&1 | tee "$LOG_FILE"
       else
         unbuffer -p chezmoi apply $DEBUG_MODIFIER -k --force 2>&1 | tee "$LOG_FILE"
       fi
@@ -578,5 +608,6 @@ provisionLogic() {
   logg info "Running the Chezmoi provisioning" && runChezmoi
   logg info "Ensuring temporary passwordless sudo is removed" && removePasswordlessSudo
   logg info "Handling post-provision logic" && postProvision
+  logg info "Determing whether or not reboot" && handleRequiredReboot
 }
 provisionLogic