Moved some scripts to software.yml
This commit is contained in:
parent
cfac1520e9
commit
ee92f3035b
11 changed files with 376 additions and 439 deletions
|
@ -1,27 +1,11 @@
|
||||||
- https://github.com/jhuckaby/Cronicle
|
|
||||||
|
|
||||||
## CLI
|
## CLI
|
||||||
|
|
||||||
- https://github.com/sigoden/argc
|
|
||||||
- https://github.com/r-darwish/idnt
|
|
||||||
- https://github.com/charmbracelet/wish
|
|
||||||
- https://github.com/charmbracelet/skate
|
|
||||||
- https://github.com/console-rs/indicatif
|
|
||||||
- https://github.com/tauri-apps/tauri
|
- https://github.com/tauri-apps/tauri
|
||||||
- https://github.com/emilengler/sysget
|
|
||||||
- https://github.com/pocketbase/pocketbase
|
- https://github.com/pocketbase/pocketbase
|
||||||
- sysget
|
|
||||||
- https://github.com/therootcompany/serviceman
|
|
||||||
- https://github.com/vadimdemedes/ink
|
- https://github.com/vadimdemedes/ink
|
||||||
- https://github.com/ajenti/ajenti
|
|
||||||
- https://github.com/linuxserver/docker-webtop
|
|
||||||
- https://github.com/chocolatey/boxstarter
|
|
||||||
- https://github.com/changkun/occamy
|
|
||||||
- https://cliffy.io/docs@v0.25.7
|
- https://cliffy.io/docs@v0.25.7
|
||||||
- https://github.com/gotify/server
|
|
||||||
- https://github.com/typicode/lowdb
|
- https://github.com/typicode/lowdb
|
||||||
- https://github.com/sindresorhus/execa
|
- https://github.com/sindresorhus/execa
|
||||||
- https://github.com/mde/ejs
|
|
||||||
|
|
||||||
## System
|
## System
|
||||||
|
|
||||||
|
|
10
docs/TODO.md
10
docs/TODO.md
|
@ -10,9 +10,9 @@ adobe-creative-cloud curl: (18) HTTP/2 stream 1 was reset
|
||||||
* NGINX /opt/homebrew/etc/nginx/nginx.conf, on port 8080 so no sudo required, nginx will load all files in /opt/homebrew/etc/nginx/servers/, brew services might require sudo if port 443 is used, Docroot /opt/homebrew/var/www
|
* NGINX /opt/homebrew/etc/nginx/nginx.conf, on port 8080 so no sudo required, nginx will load all files in /opt/homebrew/etc/nginx/servers/, brew services might require sudo if port 443 is used, Docroot /opt/homebrew/var/www
|
||||||
* export PATH="$HOME/.jenv/bin:$PATH"
|
* export PATH="$HOME/.jenv/bin:$PATH"
|
||||||
* eval "$(jenv init -)"
|
* eval "$(jenv init -)"
|
||||||
|
- https://github.com/linuxserver/docker-webtop
|
||||||
|
|
||||||
|
- https://github.com/chocolatey/boxstarter
|
||||||
|
|
||||||
# Create the $HOME/opt destination folder
|
# Create the $HOME/opt destination folder
|
||||||
mkdir -p ~/opt
|
mkdir -p ~/opt
|
||||||
# Download the AppImage inside it
|
# Download the AppImage inside it
|
||||||
|
@ -25,7 +25,7 @@ sudo ~/opt/Espanso.AppImage env-path register
|
||||||
# TODOs
|
# TODOs
|
||||||
|
|
||||||
This page outlines various projects and tasks that we are currently working on. Creating a GitHub issue for each of these items would be overkill.
|
This page outlines various projects and tasks that we are currently working on. Creating a GitHub issue for each of these items would be overkill.
|
||||||
|
- [Push Notification Server](https://github.com/gotify/server)
|
||||||
- https://community.cloudflare.com/t/allowing-either-cloudflare-ca-pem-or-regular-for-npm/578284
|
- https://community.cloudflare.com/t/allowing-either-cloudflare-ca-pem-or-regular-for-npm/578284
|
||||||
- Integrate Sheldon
|
- Integrate Sheldon
|
||||||
- Look at Flipper Zero
|
- Look at Flipper Zero
|
||||||
|
@ -97,7 +97,6 @@ The following items are Docker containers that we may want to include as default
|
||||||
- https://github.com/formbricks/formbricks
|
- https://github.com/formbricks/formbricks
|
||||||
- https://github.com/chatwoot/chatwoot
|
- https://github.com/chatwoot/chatwoot
|
||||||
- https://github.com/discourse/discourse
|
- https://github.com/discourse/discourse
|
||||||
- [Title](https://github.com/sipt/shuttle)
|
|
||||||
- https://github.com/erxes/erxes - CRM
|
- https://github.com/erxes/erxes - CRM
|
||||||
- https://github.com/pawelmalak/flame - Homepage
|
- https://github.com/pawelmalak/flame - Homepage
|
||||||
- https://github.com/thelounge/thelounge - IRC
|
- https://github.com/thelounge/thelounge - IRC
|
||||||
|
@ -165,9 +164,6 @@ The following items are Docker containers that we may want to include as default
|
||||||
- [Title](https://github.com/chartbrew/chartbrew)
|
- [Title](https://github.com/chartbrew/chartbrew)
|
||||||
- [Title](https://github.com/AlexSciFier/neonlink)
|
- [Title](https://github.com/AlexSciFier/neonlink)
|
||||||
- [Title](https://github.com/ForestAdmin/lumber)
|
- [Title](https://github.com/ForestAdmin/lumber)
|
||||||
- [Title](https://github.com/subnub/myDrive)
|
|
||||||
- [Title](https://github.com/mickael-kerjean/filestash)
|
|
||||||
- [Title](https://github.com/GetStream/Winds)
|
|
||||||
- [Title](https://github.com/GladysAssistant/Gladys)
|
- [Title](https://github.com/GladysAssistant/Gladys)
|
||||||
|
|
||||||
## AI
|
## AI
|
||||||
|
|
|
@ -344,6 +344,7 @@ softwareGroups:
|
||||||
- zenity
|
- zenity
|
||||||
CLI-Extras: &CLI-Extras
|
CLI-Extras: &CLI-Extras
|
||||||
- ack
|
- ack
|
||||||
|
- argc
|
||||||
- axel
|
- axel
|
||||||
- bashly
|
- bashly
|
||||||
- bin
|
- bin
|
||||||
|
@ -357,6 +358,7 @@ softwareGroups:
|
||||||
- dockutil
|
- dockutil
|
||||||
- doitlive
|
- doitlive
|
||||||
- duti
|
- duti
|
||||||
|
- ejs
|
||||||
- emplace
|
- emplace
|
||||||
- emoj
|
- emoj
|
||||||
- fdupes
|
- fdupes
|
||||||
|
@ -1022,7 +1024,6 @@ softwareGroups:
|
||||||
- winrm-cli
|
- winrm-cli
|
||||||
# - wireshark-cli
|
# - wireshark-cli
|
||||||
Sys-Admin-Desktop: &Sys-Admin-Desktop
|
Sys-Admin-Desktop: &Sys-Admin-Desktop
|
||||||
- chef-workstation
|
|
||||||
- networkmanager
|
- networkmanager
|
||||||
- pppc-utility
|
- pppc-utility
|
||||||
- quasar
|
- quasar
|
||||||
|
@ -1563,6 +1564,8 @@ softwareGroups:
|
||||||
note: Disabled on Homebrew because it has not been modified for several years and does not build properly
|
note: Disabled on Homebrew because it has not been modified for several years and does not build properly
|
||||||
- pkg: yubikey-agent
|
- pkg: yubikey-agent
|
||||||
note: The OpenSSH library can now create native keys that integrate with the client.
|
note: The OpenSSH library can now create native keys that integrate with the client.
|
||||||
|
- pkg: chef-workstation
|
||||||
|
note: Not utilizing Chef and it automatically adds a top bar menu item that causes load delay
|
||||||
# Files below need to be reviewed before adding them to the stack. They should include all of the
|
# Files below need to be reviewed before adding them to the stack. They should include all of the
|
||||||
# definitions in software.yml that are not included somewhere in the definitions that this file
|
# definitions in software.yml that are not included somewhere in the definitions that this file
|
||||||
# maps out.
|
# maps out.
|
||||||
|
|
|
@ -1,60 +0,0 @@
|
||||||
{{- if and (ne .host.distro.family "windows") (ne .host.work true) -}}
|
|
||||||
#!/usr/bin/env bash
|
|
||||||
# @file Tor Configuration
|
|
||||||
# @brief This script applies the Tor configuration stored at `${XDG_CONFIG_HOME:-HOME/.config}/tor/torrc` to the system and then restarts Tor
|
|
||||||
# @description
|
|
||||||
# Tor is a network that uses onion routing, originally published by the US Navy. It is leveraged by privacy enthusiasts
|
|
||||||
# and other characters that deal with sensitive material, like journalists and people buying drugs on the internet.
|
|
||||||
# This script:
|
|
||||||
#
|
|
||||||
# 1. Determines the system configuration file location
|
|
||||||
# 2. Applies the configuration stored at `${XDG_CONFIG_HOME:-HOME/.config}/tor/torrc`
|
|
||||||
# 3. Enables and restarts the Tor service with the new configuration
|
|
||||||
#
|
|
||||||
# ## Links
|
|
||||||
#
|
|
||||||
# * [Tor configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/dot_config/tor/torrc)
|
|
||||||
|
|
||||||
# tor config hash: {{ include (joinPath .host.home ".config" "tor" "torrc") | sha256sum }}
|
|
||||||
|
|
||||||
{{ includeTemplate "universal/profile" }}
|
|
||||||
{{ includeTemplate "universal/logg" }}
|
|
||||||
|
|
||||||
# @description Determine the Tor configuration location by checking whether the system is macOS or Linux
|
|
||||||
if [ -d /Applications ] && [ -d /System ]; then
|
|
||||||
# macOS
|
|
||||||
TORRC_CONFIG_DIR=/usr/local/etc/tor
|
|
||||||
else
|
|
||||||
# Linux
|
|
||||||
TORRC_CONFIG_DIR=/etc/tor
|
|
||||||
fi
|
|
||||||
TORRC_CONFIG="$TORRC_CONFIG_DIR/torrc"
|
|
||||||
|
|
||||||
# @description Apply the configuration if the `torrc` binary is available in the `PATH`
|
|
||||||
if command -v toron > /dev/null; then
|
|
||||||
if [ -d "$TORRC_CONFIG_DIR" ]; then
|
|
||||||
# @description Copy the configuration from `${XDG_CONFIG_HOME:-$HOME/.config}/tor/torrc` to the system configuration file location
|
|
||||||
sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/tor/torrc" "$TORRC_CONFIG"
|
|
||||||
sudo chmod 600 "$TORRC_CONFIG"
|
|
||||||
|
|
||||||
# @description Enable and restart the Tor service
|
|
||||||
if [ -d /Applications ] && [ -d /System ]; then
|
|
||||||
# macOS
|
|
||||||
brew services restart tor
|
|
||||||
else
|
|
||||||
if [[ ! "$(test -d /proc && grep Microsoft /proc/version > /dev/null)" ]]; then
|
|
||||||
# Linux
|
|
||||||
sudo systemctl enable tor
|
|
||||||
sudo systemctl restart tor
|
|
||||||
else
|
|
||||||
logg info 'Environment is WSL so the Tor systemd service will not be enabled / restarted'
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
logg warn 'The '"$TORRC_CONFIG_DIR"' directory is missing'
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
logg warn 'toron is missing from the PATH'
|
|
||||||
fi
|
|
||||||
|
|
||||||
{{ end -}}
|
|
|
@ -1,68 +0,0 @@
|
||||||
{{- if (ne .host.distro.family "windows") -}}
|
|
||||||
#!/usr/bin/env bash
|
|
||||||
# @file Privoxy Configuration
|
|
||||||
# @brief This script applies the Privoxy configuration stored at `${XDG_CONFIG_HOME:-HOME/.config}/privoxy/config` to the system and then restarts Privoxy
|
|
||||||
# @description
|
|
||||||
# Privoxy is a web proxy that can be combined with Tor to provide an HTTPS / HTTP proxy that can funnel all traffic
|
|
||||||
# through Tor. This script:
|
|
||||||
#
|
|
||||||
# 1. Determines the system configuration file location
|
|
||||||
# 2. Applies the configuration stored at `${XDG_CONFIG_HOME:-HOME/.config}/privoxy/config`
|
|
||||||
# 3. Enables and restarts the Privoxy service with the new configuration
|
|
||||||
#
|
|
||||||
# ## Links
|
|
||||||
#
|
|
||||||
# * [Privoxy configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/dot_config/privoxy/config)
|
|
||||||
|
|
||||||
# privoxy config hash: {{ include (joinPath .host.home ".config" "privoxy" "config") | sha256sum }}
|
|
||||||
|
|
||||||
{{ includeTemplate "universal/profile" }}
|
|
||||||
{{ includeTemplate "universal/logg" }}
|
|
||||||
|
|
||||||
# @description Define the Privoxy configuration location based on whether system is macOS or Linux
|
|
||||||
if [ -d /Applications ] && [ -d /System ]; then
|
|
||||||
# macOS
|
|
||||||
if [ -d "/usr/local/etc/privoxy" ]; then
|
|
||||||
PRIVOXY_CONFIG_DIR=/usr/local/etc/privoxy
|
|
||||||
elif [ -d "$HOMEBREW_PREFIX/etc/privoxy" ]; then
|
|
||||||
PRIVOXY_CONFIG_DIR="$HOMEBREW_PREFIX/etc/privoxy"
|
|
||||||
else
|
|
||||||
logg warn 'Unable to detect Privoxy configuration directory'
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
# Linux
|
|
||||||
PRIVOXY_CONFIG_DIR=/etc/privoxy
|
|
||||||
fi
|
|
||||||
PRIVOXY_CONFIG="$PRIVOXY_CONFIG_DIR/config"
|
|
||||||
|
|
||||||
# @description Copy Privoxy configuration stored at `${XDG_CONFIG_HOME:-HOME/.config}/privoxy/config` to the system location
|
|
||||||
if command -v privoxy > /dev/null; then
|
|
||||||
if [ -d "$PRIVOXY_CONFIG_DIR" ]; then
|
|
||||||
sudo cp -f "${XDG_CONFIG_HOME:-HOME/.config}/privoxy/config" "$PRIVOXY_CONFIG"
|
|
||||||
sudo chmod 600 "$PRIVOXY_CONFIG"
|
|
||||||
if command -v add-user > /dev/null; then
|
|
||||||
sudo add-user privoxy
|
|
||||||
fi
|
|
||||||
sudo chown privoxy:privoxy "$PRIVOXY_CONFIG" 2> /dev/null || sudo chown privoxy:$(id -g -n) "$PRIVOXY_CONFIG"
|
|
||||||
|
|
||||||
# @description Restart Privoxy after configuration is applied
|
|
||||||
if [ -d /Applications ] && [ -d /System ]; then
|
|
||||||
# macOS
|
|
||||||
brew services restart privoxy
|
|
||||||
else
|
|
||||||
if [[ ! "$(test -d /proc && grep Microsoft /proc/version > /dev/null)" ]]; then
|
|
||||||
# Linux
|
|
||||||
sudo systemctl enable privoxy
|
|
||||||
sudo systemctl restart privoxy
|
|
||||||
else
|
|
||||||
logg info 'The system is a WSL environment so the Privoxy systemd service will not be enabled / restarted'
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
logg warn 'The '"$PRIVOXY_CONFIG_DIR"' directory is missing'
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
logg logg 'privoxy is missing from the PATH - skipping configuration'
|
|
||||||
fi
|
|
||||||
|
|
||||||
{{ end -}}
|
|
|
@ -1,98 +0,0 @@
|
||||||
{{- if eq .host.distro.family "linux" -}}
|
|
||||||
#!/usr/bin/env bash
|
|
||||||
# @file Endlessh Configuration
|
|
||||||
# @brief Applies the Endlessh configuration and starts the service on Linux systems
|
|
||||||
# @description
|
|
||||||
# Endlessh is a endless SSH tarpit that slowly shows an infinitely long SSH welcome banner on the default
|
|
||||||
# SSH port. It is intended to break unsophisticated malware that targets SSH.
|
|
||||||
#
|
|
||||||
# If the `endlessh` program is installed, this script applies the configuration stored in `home/private_dot_ssh/endlessh/config.tmpl`
|
|
||||||
# (that unpacks with Chezmoi to `~/.ssh/endlessh/config`) to the system location and then starts the service.
|
|
||||||
#
|
|
||||||
# **Note:** _This script runs under the assumption that the actual SSH port which is defined in `home/.chezmoidata.yaml`
|
|
||||||
# is assigned to a non-standard port like 2214. This allows the default port to be used for `endlessh`._
|
|
||||||
#
|
|
||||||
# ## Links
|
|
||||||
#
|
|
||||||
# * [Endlessh GitHub repository](https://github.com/skeeto/endlessh)
|
|
||||||
# * [Endlessh configuration](https://github.com/megabyte-labs/install.doctor/blob/master/home/private_dot_ssh/endlessh/config.tmpl)
|
|
||||||
|
|
||||||
# @file Endlessh Configuration
|
|
||||||
# @brief This script configures Endlessh by applying the configuration stored in `${XDG_DATA_HOME:-$HOME/.ssh}/endlessh/config` if the `endlessh` application is available
|
|
||||||
# @description
|
|
||||||
# This script applies the Endlessh configuration stored in `${XDG_DATA_HOME:-$HOME/.ssh}/endlessh/config` if endlessh is installed.
|
|
||||||
# Endlessh is and SSH Tarpit configured to listen for incoming connection on the given port and respond slowly with a random, endless SSH banner. To protect the real server,
|
|
||||||
# configure Endlessh to listen on the default SSH port (22), while the real server listens to a different port.
|
|
||||||
#
|
|
||||||
# ## Configuration Variables
|
|
||||||
#
|
|
||||||
# The following chart details the input variable(s) that are used to determine the configuration of the endlessh:
|
|
||||||
#
|
|
||||||
# | Variable | Description |
|
|
||||||
# |-----------------|------------------------------------------------------------|
|
|
||||||
# | `endlesshPort` | The port that endlessh listens to for incoming connections |
|
|
||||||
#
|
|
||||||
# ## Links
|
|
||||||
#
|
|
||||||
# * [Default Endlessh configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/private_dot_ssh/endlessh/config.tmpl)
|
|
||||||
# * [Secrets / Environment variables documentation](https://install.doctor/docs/customization/secrets)
|
|
||||||
|
|
||||||
# endlessh config hash: {{- include (joinPath .host.home ".ssh" "endlessh" "config") | sha256sum -}}
|
|
||||||
|
|
||||||
{{ includeTemplate "universal/profile" }}
|
|
||||||
{{ includeTemplate "universal/logg" }}
|
|
||||||
|
|
||||||
### Configures endlessh service
|
|
||||||
function configureEndlessh() {
|
|
||||||
### Update the service configuration file
|
|
||||||
logg info 'Updating endlessh service configuration file'
|
|
||||||
sudo sed -i 's/^.*#AmbientCapabilities=CAP_NET_BIND_SERVICE/AmbientCapabilities=CAP_NET_BIND_SERVICE/' /usr/lib/systemd/system/endlessh.service
|
|
||||||
sudo sed -i 's/^.*PrivateUsers=true/#PrivateUsers=true/' /usr/lib/systemd/system/endlessh.service
|
|
||||||
logg info 'Reloading systemd'
|
|
||||||
sudo systemctl daemon-reload
|
|
||||||
|
|
||||||
### Update capabilities of `endlessh`
|
|
||||||
logg info 'Updating capabilities of endlessh'
|
|
||||||
sudo setcap 'cap_net_bind_service=+ep' /usr/bin/endlessh
|
|
||||||
|
|
||||||
### Restart / enable Endlessh
|
|
||||||
logg info 'Enabling the endlessh service'
|
|
||||||
sudo systemctl enable endlessh
|
|
||||||
logg info 'Restarting the endlessh service'
|
|
||||||
sudo systemctl restart endlessh
|
|
||||||
}
|
|
||||||
|
|
||||||
### Update /etc/endlessh/config if environment is not WSL
|
|
||||||
if [[ ! "$(test -d proc && grep Microsoft /proc/version > /dev/null)" ]]; then
|
|
||||||
if command -v endlessh > /dev/null; then
|
|
||||||
if [ -d /etc/endlessh ]; then
|
|
||||||
logg info 'Copying ~/.ssh/endlessh/config to /etc/endlessh/config'
|
|
||||||
sudo cp -f "$HOME/.ssh/endlessh/config" /etc/endlessh/config
|
|
||||||
|
|
||||||
configureEndlessh || CONFIGURE_EXIT_CODE=$?
|
|
||||||
if [ -n "$CONFIGURE_EXIT_CODE" ]; then
|
|
||||||
logg error 'Configuring endlessh service failed' && exit 1
|
|
||||||
else
|
|
||||||
logg success 'Successfully configured endlessh service'
|
|
||||||
fi
|
|
||||||
elif [ -f /etc/endlessh.conf ]; then
|
|
||||||
logg info 'Copying ~/.ssh/endlessh/config to /etc/endlessh.conf'
|
|
||||||
sudo cp -f "$HOME/.ssh/endlessh/config" /etc/endlessh.conf
|
|
||||||
|
|
||||||
configureEndlessh || CONFIGURE_EXIT_CODE=$?
|
|
||||||
if [ -n "$CONFIGURE_EXIT_CODE" ]; then
|
|
||||||
logg error 'Configuring endlessh service failed' && exit 1
|
|
||||||
else
|
|
||||||
logg success 'Successfully configured endlessh service'
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
logg warn 'Neither the /etc/endlessh folder nor the /etc/endlessh.conf file exist'
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
logg info 'Skipping Endlessh configuration because the endlessh executable is not available in the PATH'
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
logg info 'Skipping Endlessh configuration since environment is WSL'
|
|
||||||
fi
|
|
||||||
|
|
||||||
{{ end -}}
|
|
|
@ -1,60 +0,0 @@
|
||||||
{{- if eq .host.distro.family "linux" -}}
|
|
||||||
#!/usr/bin/env bash
|
|
||||||
# @file Fail2ban Configuration
|
|
||||||
# @brief Applies the system `fail2ban` jail configuration and then restarts the service
|
|
||||||
# @description
|
|
||||||
# Fail2ban is an SSH security program that temporarily bans IP addresses that could possibly be
|
|
||||||
# attempting to gain unauthorized system access. This script applies the "jail" configuration
|
|
||||||
# located at `home/private_dot_ssh/fail2ban/` to the system location. It then enables and restarts
|
|
||||||
# the `fail2ban` configuration.
|
|
||||||
#
|
|
||||||
# ## Links
|
|
||||||
#
|
|
||||||
# * [`fail2ban` configuration folder](https://github.com/megabyte-labs/install.doctor/tree/master/home/private_dot_ssh/fail2ban)
|
|
||||||
|
|
||||||
# jail.local hash: {{- include (joinPath .host.home ".ssh" "fail2ban" "jail.local") | sha256sum -}}
|
|
||||||
|
|
||||||
{{ includeTemplate "universal/profile" }}
|
|
||||||
{{ includeTemplate "universal/logg" }}
|
|
||||||
|
|
||||||
### Notify of script start
|
|
||||||
logg info 'Configuring fail2ban'
|
|
||||||
|
|
||||||
### Restart fail2ban
|
|
||||||
function restartFailToBan() {
|
|
||||||
if [ -d /Applications ] && [ -d /System ]; then
|
|
||||||
# macOS
|
|
||||||
logg info 'Enabling the fail2ban Homebrew service'
|
|
||||||
brew services restart fail2ban
|
|
||||||
else
|
|
||||||
# Linux
|
|
||||||
logg info 'Enabling the fail2ban service'
|
|
||||||
sudo systemctl enable fail2ban
|
|
||||||
logg info 'Restarting the fail2ban service'
|
|
||||||
sudo systemctl restart fail2ban
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
### Update the jail.local file if environment is not WSL
|
|
||||||
logg info 'Checking if script is being run in WSL environment'
|
|
||||||
if [[ ! "$(test -d /proc && grep Microsoft /proc/version > /dev/null)" ]]; then
|
|
||||||
if [ -d /etc/fail2ban ]; then
|
|
||||||
logg info 'Copying ~/.ssh/fail2ban/jail.local to /etc/fail2ban/jail.local'
|
|
||||||
sudo cp -f "$HOME/.ssh/fail2ban/jail.local" /etc/fail2ban/jail.local
|
|
||||||
restartFailToBan
|
|
||||||
elif [ -d /usr/local/etc/fail2ban ]; then
|
|
||||||
logg info 'Copying ~/.ssh/fail2ban/jail.local to /usr/local/etc/fail2ban/jail.local'
|
|
||||||
sudo cp -f "$HOME/.ssh/fail2ban/jail.local" /usr/local/etc/fail2ban/jail.local
|
|
||||||
restartFailToBan
|
|
||||||
elif [ -d "${HOMEBREW_PREFIX:-/opt/homebrew}/etc/fail2ban" ]; then
|
|
||||||
logg info "Copying ~/.ssh/fail2ban/jail.local to ${HOMEBREW_PREFIX:-/opt/homebrew}/etc/fail2ban/jail.local"
|
|
||||||
sudo cp -f "$HOME/.ssh/fail2ban/jail.local" "${HOMEBREW_PREFIX:-/opt/homebrew}/etc/fail2ban/jail.local"
|
|
||||||
restartFailToBan
|
|
||||||
else
|
|
||||||
logg warn 'The /etc/fail2ban (Linux), the /usr/local/etc/fail2ban, and the ${HOMEBREW_PREFIX:-/opt/homebrew}/etc/fail2ban (macOS) folder do not exist'
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
logg info 'Skipping sshd_config application since environment is WSL'
|
|
||||||
fi
|
|
||||||
|
|
||||||
{{ end -}}
|
|
|
@ -1,65 +0,0 @@
|
||||||
{{- if ne .host.distro.family "windows" -}}
|
|
||||||
#!/usr/bin/env bash
|
|
||||||
# @file git-o-matic Configuration
|
|
||||||
# @brief Starts service on Linux systems to monitor Git repositories
|
|
||||||
# @description
|
|
||||||
# git-o-matic is a tool to monitor git repositories and automatically pull/push changes. Multiple repositories can be
|
|
||||||
# monitored by running multiple instances of `gitomatic`. This script supports SSH Key based authentication only.
|
|
||||||
#
|
|
||||||
# If the `gitomatic` program is installed, this script creates and starts a Systemd service to monitor the repositories.
|
|
||||||
# The repositories are cloned if they are not available at the path.
|
|
||||||
#
|
|
||||||
# ## Notes
|
|
||||||
# * The author name and email address for commits are the same as `.user.name` and `.user.email` (configured in the `home/.chezmoi.yaml.tmpl` file)
|
|
||||||
# * `gitomatic` automatically pushes and pulls changes. The script does not change this behavior
|
|
||||||
# * `gitomatic` checks for changes every minute. This setting is not changed by this script
|
|
||||||
# * The User's default SSH Key is used for authentication
|
|
||||||
#
|
|
||||||
# ## Links
|
|
||||||
#
|
|
||||||
# * [gitomatic GitHub repository](https://github.com/muesli/gitomatic/)
|
|
||||||
# * [Systemd Unit file](https://github.com/megabyte-labs/install.doctor/blob/master/home/dot_config/gitomatic/gitomatic.service.tmpl)
|
|
||||||
# * [Helper script](https://github.com/megabyte-labs/install.doctor/blob/master/home/dot_local/bin/executable_gitomatic_service.tmpl)
|
|
||||||
|
|
||||||
{{ includeTemplate "universal/profile" }}
|
|
||||||
{{ includeTemplate "universal/logg" }}
|
|
||||||
|
|
||||||
function gitomaticSetup() {
|
|
||||||
### Create Systemd service to run gitomatic
|
|
||||||
if command -v gitomatic > /dev/null; then
|
|
||||||
### Copy bin to /usr/local/bin
|
|
||||||
logg info "Copying $HOME/.local/bin/gitomatic-service to /usr/local/bin/gitomatic-service"
|
|
||||||
sudo cp -f "$HOME/.local/bin/gitomatic-service" /usr/local/bin/gitomatic-service
|
|
||||||
|
|
||||||
### Copy gitomatic to global directory
|
|
||||||
if [ ! -f /usr/local/bin/gitomatic ]; then
|
|
||||||
logg info 'Copying gitomatic executable to /usr/local/bin/gitomatic' && sudo cp -f "$(which gitomatic)" /usr/local/bin/gitomatic
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -d /Applications ] && [ -d /System ]; then
|
|
||||||
### macOS
|
|
||||||
logg info 'Copying gitomatic plist file to /Library/LaunchDaemons'
|
|
||||||
sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/gitomatic/com.github.muesli.gitomatic.plist" /Library/LaunchDaemons/com.github.muesli.gitomatic.plist
|
|
||||||
if ! sudo launchctl list | grep 'gitomatic' > /dev/null; then
|
|
||||||
logg info 'Running sudo launchctl load /Library/LaunchDaemons/com.github.muesli.gitomatic.plist'
|
|
||||||
sudo launchctl load /Library/LaunchDaemons/com.github.muesli.gitomatic.plist
|
|
||||||
logg info 'Running sudo launchctl start /Library/LaunchDaemons/com.github.muesli.gitomatic.plist'
|
|
||||||
sudo launchctl start /Library/LaunchDaemons/com.github.muesli.gitomatic.plist
|
|
||||||
else
|
|
||||||
logg info "gitomatic services appear to already be loaded"
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
### Linux
|
|
||||||
logg info 'Copying gitomatic systemd unit file to /etc/systemd/system/'
|
|
||||||
sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/gitomatic/gitomatic.service" /etc/systemd/system/gitomatic.service
|
|
||||||
logg info 'Reloading systemd daemon'
|
|
||||||
sudo systemctl daemon-reload
|
|
||||||
logg info 'Enabling and starting gitomatic service'
|
|
||||||
sudo systemctl enable --now gitomatic
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
logg info 'gitomatic is not installed or it is not available in PATH'
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
gitomaticSetup
|
|
||||||
{{ end -}}
|
|
|
@ -1,63 +0,0 @@
|
||||||
{{- if ne .host.distro.family "windows" -}}
|
|
||||||
#!/usr/bin/env bash
|
|
||||||
# @file Tabby Plugins
|
|
||||||
# @brief This script installs the default Tabby plugins which are defined in `${XDG_CONFIG_HOME:-$HOME/.config}/tabby/plugins/package.json`
|
|
||||||
# @description
|
|
||||||
# This script pre-installs a handful of useful Tabby plugins which are defined in `${XDG_CONFIG_HOME:-$HOME/.config}/tabby/plugins/package.json`.
|
|
||||||
# These default plugins can be customized by editting the `package.json` file stored in your Install Doctor fork in the Tabby `plugins/package.json`
|
|
||||||
# file.
|
|
||||||
#
|
|
||||||
# ## Default Plugins Configuration
|
|
||||||
#
|
|
||||||
# The script will install all the plugins defined in the `package.json` file by navigating to the `~/.config/tabby/plugins` folder
|
|
||||||
# and then run `npm install`. The default configuration will include the following plugins:
|
|
||||||
#
|
|
||||||
# ```json
|
|
||||||
# <!-- AUTO-GENERATED:START (REMOTE:url=https://gitlab.com/megabyte-labs/install.doctor/-/raw/master/home/dot_config/tabby/plugins/package.json) -->
|
|
||||||
# {
|
|
||||||
# ...
|
|
||||||
# // Notable dependencies listed below
|
|
||||||
# "dependencies": {
|
|
||||||
# "tabby-docker": "^0.2.0",
|
|
||||||
# "tabby-save-output": "^3.1.0",
|
|
||||||
# "tabby-search-in-browser": "^0.0.1",
|
|
||||||
# "tabby-workspace-manager": "^0.0.4"
|
|
||||||
# },
|
|
||||||
# ...
|
|
||||||
# }
|
|
||||||
# <!-- AUTO-GENERATED:END -->
|
|
||||||
# ```
|
|
||||||
#
|
|
||||||
# ## Default Plugin Descriptions
|
|
||||||
#
|
|
||||||
# The following chart provides a short description of the default plugins that are pre-installed alongside Tabby:
|
|
||||||
#
|
|
||||||
# | NPM Package | Description |
|
|
||||||
# |---------------------------|---------------------------------------------------------------------|
|
|
||||||
# | `tabby-docker` | Allows you to shell directly into Docker containers |
|
|
||||||
# | `tabby-save-output` | This plugin lets you stream console output into a file. |
|
|
||||||
# | `tabby-search-in-browser` | Allows you to open a internet browser and search for selected text. |
|
|
||||||
# | `tabby-workspace-manager` | Allows you to create multiple workspace profiles. |
|
|
||||||
#
|
|
||||||
# ## Links
|
|
||||||
#
|
|
||||||
# * [Tabby plugins `package.json`](https://github.com/megabyte-labs/install.doctor/tree/master/home/dot_config/tabby/plugins/package.json)
|
|
||||||
# * [Secrets / Environment variables documentation](https://install.doctor/docs/customization/secrets) which details how to store your Tabby configuration in as an encrypted file
|
|
||||||
|
|
||||||
{{ includeTemplate "universal/profile" }}
|
|
||||||
{{ includeTemplate "universal/logg" }}
|
|
||||||
|
|
||||||
if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/tabby/plugins/package.json" ]; then
|
|
||||||
if [ -d "${XDG_CONFIG_HOME:-$HOME/.config}/tabby/plugins/node_modules" ]; then
|
|
||||||
logg info 'Skipping Tabby plugin installation because it looks like the plugins were already installed since node_modules is present in ~/.config/tabby/plugins'
|
|
||||||
else
|
|
||||||
logg info 'Installing Tabby plugins defined in '"${XDG_CONFIG_HOME:-$HOME/.config}/tabby/plugins/package.json"''
|
|
||||||
cd "${XDG_CONFIG_HOME:-$HOME/.config}/tabby/plugins"
|
|
||||||
npm install --quiet
|
|
||||||
logg success 'Finished installing Tabby plugins'
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
logg info 'Skipping Tabby plugin installation because is not present'
|
|
||||||
fi
|
|
||||||
|
|
||||||
{{ end -}}
|
|
|
@ -0,0 +1,26 @@
|
||||||
|
version: '2'
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
container_name: filestash
|
||||||
|
image: machines/filestash
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
- APPLICATION_URL=
|
||||||
|
- GDRIVE_CLIENT_ID=<gdrive_client>
|
||||||
|
- GDRIVE_CLIENT_SECRET=<gdrive_secret>
|
||||||
|
- DROPBOX_CLIENT_ID=<dropbox_key>
|
||||||
|
- ONLYOFFICE_URL=http://onlyoffice
|
||||||
|
ports:
|
||||||
|
- "8334:8334"
|
||||||
|
volumes:
|
||||||
|
- filestash:/app/data/state/
|
||||||
|
|
||||||
|
onlyoffice:
|
||||||
|
container_name: filestash_oods
|
||||||
|
image: onlyoffice/documentserver
|
||||||
|
restart: always
|
||||||
|
security_opt:
|
||||||
|
- seccomp:unconfined
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
filestash: {}
|
344
software.yml
344
software.yml
|
@ -4117,6 +4117,55 @@ softwarePackages:
|
||||||
_github: https://github.com/muesli/gitomatic
|
_github: https://github.com/muesli/gitomatic
|
||||||
_home: null
|
_home: null
|
||||||
_name: git-o-matic
|
_name: git-o-matic
|
||||||
|
_post: |
|
||||||
|
# @file git-o-matic Configuration
|
||||||
|
# @brief Starts service on Linux systems to monitor Git repositories
|
||||||
|
# @description
|
||||||
|
# git-o-matic is a tool to monitor git repositories and automatically pull/push changes. Multiple repositories can be
|
||||||
|
# monitored by running multiple instances of `gitomatic`. This script supports SSH Key based authentication only.
|
||||||
|
#
|
||||||
|
# If the `gitomatic` program is installed, this script creates and starts a Systemd service to monitor the repositories.
|
||||||
|
# The repositories are cloned if they are not available at the path.
|
||||||
|
#
|
||||||
|
# ## Notes
|
||||||
|
# * The author name and email address for commits are the same as `.user.name` and `.user.email` (configured in the `home/.chezmoi.yaml.tmpl` file)
|
||||||
|
# * `gitomatic` automatically pushes and pulls changes. The script does not change this behavior
|
||||||
|
# * `gitomatic` checks for changes every minute. This setting is not changed by this script
|
||||||
|
# * The User's default SSH Key is used for authentication
|
||||||
|
#
|
||||||
|
# ## Links
|
||||||
|
#
|
||||||
|
# * [gitomatic GitHub repository](https://github.com/muesli/gitomatic/)
|
||||||
|
# * [Systemd Unit file](https://github.com/megabyte-labs/install.doctor/blob/master/home/dot_config/gitomatic/gitomatic.service.tmpl)
|
||||||
|
# * [Helper script](https://github.com/megabyte-labs/install.doctor/blob/master/home/dot_local/bin/executable_gitomatic_service.tmpl)
|
||||||
|
|
||||||
|
if command -v gitomatic > /dev/null; then
|
||||||
|
### Copy bin to /usr/local/bin
|
||||||
|
logg info "Copying $HOME/.local/bin/gitomatic-service to /usr/local/bin/gitomatic-service" && sudo cp -f "$HOME/.local/bin/gitomatic-service" /usr/local/bin/gitomatic-service
|
||||||
|
|
||||||
|
### Copy gitomatic to global directory
|
||||||
|
if [ ! -f /usr/local/bin/gitomatic ]; then
|
||||||
|
logg info 'Copying gitomatic executable to /usr/local/bin/gitomatic' && sudo cp -f "$(which gitomatic)" /usr/local/bin/gitomatic
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -d /Applications ] && [ -d /System ]; then
|
||||||
|
### macOS
|
||||||
|
logg info 'Copying gitomatic plist file to /Library/LaunchDaemons' && sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/gitomatic/com.github.muesli.gitomatic.plist" /Library/LaunchDaemons/com.github.muesli.gitomatic.plist
|
||||||
|
if ! sudo launchctl list | grep 'gitomatic' > /dev/null; then
|
||||||
|
logg info 'Running sudo launchctl load /Library/LaunchDaemons/com.github.muesli.gitomatic.plist' && sudo launchctl load /Library/LaunchDaemons/com.github.muesli.gitomatic.plist
|
||||||
|
logg info 'Running sudo launchctl start /Library/LaunchDaemons/com.github.muesli.gitomatic.plist' && sudo launchctl start /Library/LaunchDaemons/com.github.muesli.gitomatic.plist
|
||||||
|
else
|
||||||
|
logg info "gitomatic services appear to already be loaded"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
### Linux
|
||||||
|
logg info 'Copying gitomatic systemd unit file to /etc/systemd/system/' && sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/gitomatic/gitomatic.service" /etc/systemd/system/gitomatic.service
|
||||||
|
logg info 'Reloading systemd daemon' && sudo systemctl daemon-reload
|
||||||
|
logg info 'Enabling and starting gitomatic service' && sudo systemctl enable --now gitomatic
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
logg info 'gitomatic is not installed or it is not available in PATH'
|
||||||
|
fi
|
||||||
ansible: professormanhattan.gitomatic
|
ansible: professormanhattan.gitomatic
|
||||||
github: github.com/muesli/gitomatic
|
github: github.com/muesli/gitomatic
|
||||||
go: github.com/muesli/gitomatic@latest
|
go: github.com/muesli/gitomatic@latest
|
||||||
|
@ -8982,6 +9031,70 @@ softwarePackages:
|
||||||
_home: https://github.com/skeeto/endlessh
|
_home: https://github.com/skeeto/endlessh
|
||||||
_name: Endlessh
|
_name: Endlessh
|
||||||
_service: endlessh
|
_service: endlessh
|
||||||
|
_post: |
|
||||||
|
# @file Endlessh Configuration
|
||||||
|
# @brief Applies the Endlessh configuration and starts the service on Linux systems
|
||||||
|
# @description
|
||||||
|
# Endlessh is a endless SSH tarpit that slowly shows an infinitely long SSH welcome banner on the default
|
||||||
|
# SSH port. It is intended to break unsophisticated malware that targets SSH.
|
||||||
|
#
|
||||||
|
# If the `endlessh` program is installed, this script applies the configuration stored in `home/private_dot_ssh/endlessh/config.tmpl`
|
||||||
|
# (that unpacks with Chezmoi to `~/.ssh/endlessh/config`) to the system location and then starts the service.
|
||||||
|
#
|
||||||
|
# **Note:** _This script runs under the assumption that the actual SSH port which is defined in `home/.chezmoidata.yaml`
|
||||||
|
# is assigned to a non-standard port like 2214. This allows the default port to be used for `endlessh`._
|
||||||
|
#
|
||||||
|
# ## Links
|
||||||
|
#
|
||||||
|
# * [Endlessh GitHub repository](https://github.com/skeeto/endlessh)
|
||||||
|
# * [Endlessh configuration](https://github.com/megabyte-labs/install.doctor/blob/master/home/private_dot_ssh/endlessh/config.tmpl)
|
||||||
|
|
||||||
|
### Configures endlessh service
|
||||||
|
function configureEndlessh() {
|
||||||
|
### Update the service configuration file
|
||||||
|
logg info 'Updating endlessh service configuration file'
|
||||||
|
sudo sed -i 's/^.*#AmbientCapabilities=CAP_NET_BIND_SERVICE/AmbientCapabilities=CAP_NET_BIND_SERVICE/' /usr/lib/systemd/system/endlessh.service
|
||||||
|
sudo sed -i 's/^.*PrivateUsers=true/#PrivateUsers=true/' /usr/lib/systemd/system/endlessh.service
|
||||||
|
logg info 'Reloading systemd' && sudo systemctl daemon-reload
|
||||||
|
|
||||||
|
### Update capabilities of `endlessh`
|
||||||
|
logg info 'Updating capabilities of endlessh' && sudo setcap 'cap_net_bind_service=+ep' /usr/bin/endlessh
|
||||||
|
|
||||||
|
### Restart / enable Endlessh
|
||||||
|
logg info 'Enabling the endlessh service' && sudo systemctl enable endlessh
|
||||||
|
logg info 'Restarting the endlessh service' && sudo systemctl restart endlessh
|
||||||
|
}
|
||||||
|
|
||||||
|
### Update /etc/endlessh/config if environment is not WSL
|
||||||
|
if [[ ! "$(test -d proc && grep Microsoft /proc/version > /dev/null)" ]]; then
|
||||||
|
if command -v endlessh > /dev/null; then
|
||||||
|
if [ -d /etc/endlessh ]; then
|
||||||
|
logg info 'Copying ~/.ssh/endlessh/config to /etc/endlessh/config' && sudo cp -f "$HOME/.ssh/endlessh/config" /etc/endlessh/config
|
||||||
|
|
||||||
|
configureEndlessh || CONFIGURE_EXIT_CODE=$?
|
||||||
|
if [ -n "$CONFIGURE_EXIT_CODE" ]; then
|
||||||
|
logg error 'Configuring endlessh service failed' && exit 1
|
||||||
|
else
|
||||||
|
logg success 'Successfully configured endlessh service'
|
||||||
|
fi
|
||||||
|
elif [ -f /etc/endlessh.conf ]; then
|
||||||
|
logg info 'Copying ~/.ssh/endlessh/config to /etc/endlessh.conf' && sudo cp -f "$HOME/.ssh/endlessh/config" /etc/endlessh.conf
|
||||||
|
|
||||||
|
configureEndlessh || CONFIGURE_EXIT_CODE=$?
|
||||||
|
if [ -n "$CONFIGURE_EXIT_CODE" ]; then
|
||||||
|
logg error 'Configuring endlessh service failed' && exit 1
|
||||||
|
else
|
||||||
|
logg success 'Successfully configured endlessh service'
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
logg warn 'Neither the /etc/endlessh folder nor the /etc/endlessh.conf file exist'
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
logg info 'Skipping Endlessh configuration because the endlessh executable is not available in the PATH'
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
logg info 'Skipping Endlessh configuration since environment is WSL'
|
||||||
|
fi
|
||||||
# CentOS 9 not in EPEL
|
# CentOS 9 not in EPEL
|
||||||
# ansible:linux: professormanhattan.sshtarpit
|
# ansible:linux: professormanhattan.sshtarpit
|
||||||
apt: endlessh
|
apt: endlessh
|
||||||
|
@ -9307,6 +9420,11 @@ softwarePackages:
|
||||||
pacman:
|
pacman:
|
||||||
- sysdig
|
- sysdig
|
||||||
- sysdig-dkms
|
- sysdig-dkms
|
||||||
|
ejs:
|
||||||
|
_bin: ejs
|
||||||
|
_github: https://github.com/mde/ejs
|
||||||
|
_name: EJS
|
||||||
|
npm: ejs
|
||||||
sysget:
|
sysget:
|
||||||
_bin: sysget
|
_bin: sysget
|
||||||
_desc: One package manager to rule them all
|
_desc: One package manager to rule them all
|
||||||
|
@ -9408,6 +9526,61 @@ softwarePackages:
|
||||||
_snapClassic: true
|
_snapClassic: true
|
||||||
_notes: TODO Update the direct links periodically and keep eye out for Snap / Flatpak
|
_notes: TODO Update the direct links periodically and keep eye out for Snap / Flatpak
|
||||||
_app: Tabby.app
|
_app: Tabby.app
|
||||||
|
_post: |
|
||||||
|
# @file Tabby Plugins
|
||||||
|
# @brief This script installs the default Tabby plugins which are defined in `${XDG_CONFIG_HOME:-$HOME/.config}/tabby/plugins/package.json`
|
||||||
|
# @description
|
||||||
|
# This script pre-installs a handful of useful Tabby plugins which are defined in `${XDG_CONFIG_HOME:-$HOME/.config}/tabby/plugins/package.json`.
|
||||||
|
# These default plugins can be customized by editting the `package.json` file stored in your Install Doctor fork in the Tabby `plugins/package.json`
|
||||||
|
# file.
|
||||||
|
#
|
||||||
|
# ## Default Plugins Configuration
|
||||||
|
#
|
||||||
|
# The script will install all the plugins defined in the `package.json` file by navigating to the `~/.config/tabby/plugins` folder
|
||||||
|
# and then run `npm install`. The default configuration will include the following plugins:
|
||||||
|
#
|
||||||
|
# ```json
|
||||||
|
# {
|
||||||
|
# ...
|
||||||
|
# // Notable dependencies listed below
|
||||||
|
# "dependencies": {
|
||||||
|
# "tabby-docker": "^0.2.0",
|
||||||
|
# "tabby-save-output": "^3.1.0",
|
||||||
|
# "tabby-search-in-browser": "^0.0.1",
|
||||||
|
# "tabby-workspace-manager": "^0.0.4"
|
||||||
|
# },
|
||||||
|
# ...
|
||||||
|
# }
|
||||||
|
# ```
|
||||||
|
#
|
||||||
|
# ## Default Plugin Descriptions
|
||||||
|
#
|
||||||
|
# The following chart provides a short description of the default plugins that are pre-installed alongside Tabby:
|
||||||
|
#
|
||||||
|
# | NPM Package | Description |
|
||||||
|
# |---------------------------|---------------------------------------------------------------------|
|
||||||
|
# | `tabby-docker` | Allows you to shell directly into Docker containers |
|
||||||
|
# | `tabby-save-output` | This plugin lets you stream console output into a file. |
|
||||||
|
# | `tabby-search-in-browser` | Allows you to open a internet browser and search for selected text. |
|
||||||
|
# | `tabby-workspace-manager` | Allows you to create multiple workspace profiles. |
|
||||||
|
#
|
||||||
|
# ## Links
|
||||||
|
#
|
||||||
|
# * [Tabby plugins `package.json`](https://github.com/megabyte-labs/install.doctor/tree/master/home/dot_config/tabby/plugins/package.json)
|
||||||
|
# * [Secrets / Environment variables documentation](https://install.doctor/docs/customization/secrets) which details how to store your Tabby configuration in as an encrypted file
|
||||||
|
|
||||||
|
if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/tabby/plugins/package.json" ]; then
|
||||||
|
if [ -d "${XDG_CONFIG_HOME:-$HOME/.config}/tabby/plugins/node_modules" ]; then
|
||||||
|
logg info 'Skipping Tabby plugin installation because it looks like the plugins were already installed since node_modules is present in ~/.config/tabby/plugins'
|
||||||
|
else
|
||||||
|
logg info 'Installing Tabby plugins defined in '"${XDG_CONFIG_HOME:-$HOME/.config}/tabby/plugins/package.json"''
|
||||||
|
cd "${XDG_CONFIG_HOME:-$HOME/.config}/tabby/plugins"
|
||||||
|
npm install --quiet
|
||||||
|
logg success 'Finished installing Tabby plugins'
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
logg info 'Skipping Tabby plugin installation because is not present'
|
||||||
|
fi
|
||||||
ansible:linux: professormanhattan.tabby
|
ansible:linux: professormanhattan.tabby
|
||||||
apt: https://github.com/Eugeny/tabby/releases/download/v1.0.188/tabby-1.0.188-linux-x64.deb
|
apt: https://github.com/Eugeny/tabby/releases/download/v1.0.188/tabby-1.0.188-linux-x64.deb
|
||||||
cask: tabby
|
cask: tabby
|
||||||
|
@ -9844,6 +10017,66 @@ softwarePackages:
|
||||||
_name: Privoxy
|
_name: Privoxy
|
||||||
_service: privoxy
|
_service: privoxy
|
||||||
_serviceEnabled: true
|
_serviceEnabled: true
|
||||||
|
_post: |
|
||||||
|
# @file Privoxy Configuration
|
||||||
|
# @brief This script applies the Privoxy configuration stored at `${XDG_CONFIG_HOME:-HOME/.config}/privoxy/config` to the system and then restarts Privoxy
|
||||||
|
# @description
|
||||||
|
# Privoxy is a web proxy that can be combined with Tor to provide an HTTPS / HTTP proxy that can funnel all traffic
|
||||||
|
# through Tor. This script:
|
||||||
|
#
|
||||||
|
# 1. Determines the system configuration file location
|
||||||
|
# 2. Applies the configuration stored at `${XDG_CONFIG_HOME:-HOME/.config}/privoxy/config`
|
||||||
|
# 3. Enables and restarts the Privoxy service with the new configuration
|
||||||
|
#
|
||||||
|
# ## Links
|
||||||
|
#
|
||||||
|
# * [Privoxy configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/dot_config/privoxy/config)
|
||||||
|
|
||||||
|
### Define the Privoxy configuration location based on whether system is macOS or Linux
|
||||||
|
if [ -d /Applications ] && [ -d /System ]; then
|
||||||
|
### macOS
|
||||||
|
if [ -d "/usr/local/etc/privoxy" ]; then
|
||||||
|
PRIVOXY_CONFIG_DIR=/usr/local/etc/privoxy
|
||||||
|
elif [ -d "${HOMEBREW_PREFIX:-/opt/homebrew}/etc/privoxy" ]; then
|
||||||
|
PRIVOXY_CONFIG_DIR="${HOMEBREW_PREFIX:-/opt/homebrew}/etc/privoxy"
|
||||||
|
else
|
||||||
|
logg warn 'Unable to detect Privoxy configuration directory'
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
### Linux
|
||||||
|
PRIVOXY_CONFIG_DIR=/etc/privoxy
|
||||||
|
fi
|
||||||
|
PRIVOXY_CONFIG="$PRIVOXY_CONFIG_DIR/config"
|
||||||
|
|
||||||
|
### Copy Privoxy configuration stored at `${XDG_CONFIG_HOME:-HOME/.config}/privoxy/config` to the system location
|
||||||
|
if command -v privoxy > /dev/null; then
|
||||||
|
if [ -d "$PRIVOXY_CONFIG_DIR" ]; then
|
||||||
|
sudo cp -f "${XDG_CONFIG_HOME:-HOME/.config}/privoxy/config" "$PRIVOXY_CONFIG"
|
||||||
|
sudo chmod 600 "$PRIVOXY_CONFIG"
|
||||||
|
if command -v add-user > /dev/null; then
|
||||||
|
sudo add-user privoxy
|
||||||
|
fi
|
||||||
|
sudo chown privoxy:privoxy "$PRIVOXY_CONFIG" 2> /dev/null || sudo chown privoxy:$(id -g -n) "$PRIVOXY_CONFIG"
|
||||||
|
|
||||||
|
### Restart Privoxy after configuration is applied
|
||||||
|
if [ -d /Applications ] && [ -d /System ]; then
|
||||||
|
### macOS
|
||||||
|
brew services restart privoxy
|
||||||
|
else
|
||||||
|
if [[ ! "$(test -d /proc && grep Microsoft /proc/version > /dev/null)" ]]; then
|
||||||
|
### Linux
|
||||||
|
sudo systemctl enable privoxy
|
||||||
|
sudo systemctl restart privoxy
|
||||||
|
else
|
||||||
|
logg info 'The system is a WSL environment so the Privoxy systemd service will not be enabled / restarted'
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
logg warn 'The '"$PRIVOXY_CONFIG_DIR"' directory is missing'
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
logg logg 'privoxy is missing from the PATH - skipping configuration'
|
||||||
|
fi
|
||||||
apt: privoxy
|
apt: privoxy
|
||||||
brew: privoxy
|
brew: privoxy
|
||||||
dnf: privoxy
|
dnf: privoxy
|
||||||
|
@ -9859,6 +10092,57 @@ softwarePackages:
|
||||||
_restricted: true
|
_restricted: true
|
||||||
_service: tor
|
_service: tor
|
||||||
_serviceEnabled: true
|
_serviceEnabled: true
|
||||||
|
_post: |
|
||||||
|
# @file Tor Configuration
|
||||||
|
# @brief This script applies the Tor configuration stored at `${XDG_CONFIG_HOME:-HOME/.config}/tor/torrc` to the system and then restarts Tor
|
||||||
|
# @description
|
||||||
|
# Tor is a network that uses onion routing, originally published by the US Navy. It is leveraged by privacy enthusiasts
|
||||||
|
# and other characters that deal with sensitive material, like journalists and people buying drugs on the internet.
|
||||||
|
# This script:
|
||||||
|
#
|
||||||
|
# 1. Determines the system configuration file location
|
||||||
|
# 2. Applies the configuration stored at `${XDG_CONFIG_HOME:-HOME/.config}/tor/torrc`
|
||||||
|
# 3. Enables and restarts the Tor service with the new configuration
|
||||||
|
#
|
||||||
|
# ## Links
|
||||||
|
#
|
||||||
|
# * [Tor configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/dot_config/tor/torrc)
|
||||||
|
|
||||||
|
### Determine the Tor configuration location by checking whether the system is macOS or Linux
|
||||||
|
if [ -d /Applications ] && [ -d /System ]; then
|
||||||
|
### macOS
|
||||||
|
TORRC_CONFIG_DIR=/usr/local/etc/tor
|
||||||
|
else
|
||||||
|
### Linux
|
||||||
|
TORRC_CONFIG_DIR=/etc/tor
|
||||||
|
fi
|
||||||
|
TORRC_CONFIG="$TORRC_CONFIG_DIR/torrc"
|
||||||
|
|
||||||
|
### Apply the configuration if the `torrc` binary is available in the `PATH`
|
||||||
|
if command -v toron > /dev/null; then
|
||||||
|
if [ -d "$TORRC_CONFIG_DIR" ]; then
|
||||||
|
### Copy the configuration from `${XDG_CONFIG_HOME:-$HOME/.config}/tor/torrc` to the system configuration file location
|
||||||
|
sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/tor/torrc" "$TORRC_CONFIG"
|
||||||
|
sudo chmod 600 "$TORRC_CONFIG"
|
||||||
|
### Enable and restart the Tor service
|
||||||
|
if [ -d /Applications ] && [ -d /System ]; then
|
||||||
|
### macOS
|
||||||
|
brew services restart tor
|
||||||
|
else
|
||||||
|
if [[ ! "$(test -d /proc && grep Microsoft /proc/version > /dev/null)" ]]; then
|
||||||
|
### Linux
|
||||||
|
sudo systemctl enable tor
|
||||||
|
sudo systemctl restart tor
|
||||||
|
else
|
||||||
|
logg info 'Environment is WSL so the Tor systemd service will not be enabled / restarted'
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
logg warn 'The '"$TORRC_CONFIG_DIR"' directory is missing'
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
logg warn 'toron is missing from the PATH'
|
||||||
|
fi
|
||||||
ansible:linux: professormanhattan.tor
|
ansible:linux: professormanhattan.tor
|
||||||
apt: tor
|
apt: tor
|
||||||
brew: tor
|
brew: tor
|
||||||
|
@ -10149,6 +10433,11 @@ softwarePackages:
|
||||||
_github: https://github.com/troessner/reek
|
_github: https://github.com/troessner/reek
|
||||||
_name: Reek
|
_name: Reek
|
||||||
gem: reek
|
gem: reek
|
||||||
|
argc:
|
||||||
|
_bin: argc
|
||||||
|
_github: https://github.com/sigoden/argc
|
||||||
|
_name: Argc
|
||||||
|
cargo: argc
|
||||||
rubocop:
|
rubocop:
|
||||||
_bin: rubocop
|
_bin: rubocop
|
||||||
_github: https://github.com/rubocop/rubocop
|
_github: https://github.com/rubocop/rubocop
|
||||||
|
@ -10621,7 +10910,60 @@ softwarePackages:
|
||||||
- name: fail2ban
|
- name: fail2ban
|
||||||
sudo: true
|
sudo: true
|
||||||
_serviceEnabled: true
|
_serviceEnabled: true
|
||||||
# fail2ban cannot be installed on Qubes Fedora 36 without messing with the qubes-firewall since firewalld is required
|
_notes: |
|
||||||
|
fail2ban cannot be installed on Qubes Fedora 36 without messing with the qubes-firewall since firewalld is required.
|
||||||
|
_post: |
|
||||||
|
# @file Fail2ban Configuration
|
||||||
|
# @brief Applies the system `fail2ban` jail configuration and then restarts the service
|
||||||
|
# @description
|
||||||
|
# Fail2ban is an SSH security program that temporarily bans IP addresses that could possibly be
|
||||||
|
# attempting to gain unauthorized system access. This script applies the "jail" configuration
|
||||||
|
# located at `home/private_dot_ssh/fail2ban/` to the system location. It then enables and restarts
|
||||||
|
# the `fail2ban` configuration.
|
||||||
|
#
|
||||||
|
# ## Links
|
||||||
|
#
|
||||||
|
# * [`fail2ban` configuration folder](https://github.com/megabyte-labs/install.doctor/tree/master/home/private_dot_ssh/fail2ban)
|
||||||
|
|
||||||
|
### Notify of script start
|
||||||
|
logg info 'Configuring fail2ban'
|
||||||
|
|
||||||
|
### Restart fail2ban
|
||||||
|
function restartFailToBan() {
|
||||||
|
if [ -d /Applications ] && [ -d /System ]; then
|
||||||
|
### macOS
|
||||||
|
logg info 'Enabling the fail2ban Homebrew service'
|
||||||
|
brew services restart fail2ban
|
||||||
|
else
|
||||||
|
# Linux
|
||||||
|
logg info 'Enabling the fail2ban service'
|
||||||
|
sudo systemctl enable fail2ban
|
||||||
|
logg info 'Restarting the fail2ban service'
|
||||||
|
sudo systemctl restart fail2ban
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
### Update the jail.local file if environment is not WSL
|
||||||
|
logg info 'Checking if script is being run in WSL environment'
|
||||||
|
if [[ ! "$(test -d /proc && grep Microsoft /proc/version > /dev/null)" ]]; then
|
||||||
|
if [ -d /etc/fail2ban ]; then
|
||||||
|
logg info 'Copying ~/.ssh/fail2ban/jail.local to /etc/fail2ban/jail.local'
|
||||||
|
sudo cp -f "$HOME/.ssh/fail2ban/jail.local" /etc/fail2ban/jail.local
|
||||||
|
restartFailToBan
|
||||||
|
elif [ -d /usr/local/etc/fail2ban ]; then
|
||||||
|
logg info 'Copying ~/.ssh/fail2ban/jail.local to /usr/local/etc/fail2ban/jail.local'
|
||||||
|
sudo cp -f "$HOME/.ssh/fail2ban/jail.local" /usr/local/etc/fail2ban/jail.local
|
||||||
|
restartFailToBan
|
||||||
|
elif [ -d "${HOMEBREW_PREFIX:-/opt/homebrew}/etc/fail2ban" ]; then
|
||||||
|
logg info "Copying ~/.ssh/fail2ban/jail.local to ${HOMEBREW_PREFIX:-/opt/homebrew}/etc/fail2ban/jail.local"
|
||||||
|
sudo cp -f "$HOME/.ssh/fail2ban/jail.local" "${HOMEBREW_PREFIX:-/opt/homebrew}/etc/fail2ban/jail.local"
|
||||||
|
restartFailToBan
|
||||||
|
else
|
||||||
|
logg warn 'The /etc/fail2ban (Linux), the /usr/local/etc/fail2ban, and the ${HOMEBREW_PREFIX:-/opt/homebrew}/etc/fail2ban (macOS) folder do not exist'
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
logg info 'Skipping sshd_config application since environment is WSL'
|
||||||
|
fi
|
||||||
_when:linux: '! command -v qubes-firewall > /dev/null && test -f /proc/version && ! grep Microsoft /proc/version > /dev/null'
|
_when:linux: '! command -v qubes-firewall > /dev/null && test -f /proc/version && ! grep Microsoft /proc/version > /dev/null'
|
||||||
apt: fail2ban
|
apt: fail2ban
|
||||||
brew: fail2ban
|
brew: fail2ban
|
||||||
|
|
Loading…
Reference in a new issue