2f9a236021
- /home/.chezmoiscripts/run_onchange_after_add-fonts.tmpl - /home/.chezmoiscripts/run_onchange_after_endlessh.tmpl - /home/.chezmoiscripts/run_onchange_after_fail2ban.tmpl - /home/.chezmoiscripts/run_onchange_after_symlink-ansible-configs.tmpl - /home/.chezmoiscripts/run_onchange_after_sshd.tmpl - /home/.chezmoiscripts/run_onchanges_after_decrypt-ssh-keys.tmpl - /home/.chezmoiscripts/run_onchange_ensure-executable.tmpl - /home/.chezmoiscripts/run_onchanges_after_ensure-private-key.tmpl - /home/.chezmoiscripts/run_onchanges_after_generate-public-keys.tmpl - /home/.chezmoiscripts/run_onchanges_after_symlink-custom.tmpl - /home/.chezmoitemplates/ssh/authorized-keys.yubikey - /home/.chezmoiscripts/universal/run_onchange_after_24-vpn-darwin.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_20-font.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_02-ensure-executable.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_05-decrypt-ssh-keys.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_07-ensure-private-key.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_08-generate-public-keys.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_08-symlink-custom.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_24-vpn-darwin.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_30-endlessh.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_30-sshd.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_31-fail2ban.sh.tmpl - /home/.chezmoiscripts/disabled/run_onchange_after_symlink-ansible-configs.tmpl - /home/.chezmoiscripts/linux/run_onchange_before_01-requirements.sh.tmpl - /home/.chezmoiscripts/linux/run_onchange_before_10-system-tweaks.sh.tmpl - /home/.chezmoiscripts/linux/run_onchange_before_11-configure-swap.sh.tmpl - /home/.chezmoiscripts/linux/run_onchange_before_14-warp.sh.tmpl - /home/.chezmoitemplates/ssh/encrypted_authorized-keys.yubikey.tmpl
49 lines
No EOL
2.6 KiB
Cheetah
49 lines
No EOL
2.6 KiB
Cheetah
{{- if (eq .host.distro.family "darwin") -}}
|
|
#!/usr/bin/env bash
|
|
# @file home/.chezmoiscripts/universal/run_onchange_after_26-vpn-darwin.sh.tmpl
|
|
# @brief Installs WireGuard VPN profiles on macOS devices
|
|
# @description
|
|
# This script installs WireGuard VPN profiles on macOS. It scans `${XDG_CONFIG_HOME:-$HOME/.config}/vpn` for all the `*.conf` files
|
|
# and then copies those profiles to `/etc/wireguard`. It also performs a couple preparation tasks like ensuring the target
|
|
# WireGuard system configuration file directory exists and is assigned the proper permissions.
|
|
#
|
|
# ## Creating VPN Profiles
|
|
#
|
|
# More details on embedding your VPN profiles into your Install Doctor fork can be found by reading the [Secrets documentation](https://install.doctor/docs/customization/secrets#vpn-profiles).
|
|
#
|
|
# ## TODO
|
|
#
|
|
# * Populate Tunnelblick on macOS using the VPN profiles located in `${XDG_CONFIG_HOME:-$HOME/.config}/vpn`
|
|
# * For the Tunnelblick integration, ensure the username / password is populated from the `OVPN_USERNAME` and `OVPN_PASSWORD` variables
|
|
#
|
|
# ## Links
|
|
#
|
|
# * [VPN profile folder](https://github.com/megabyte-labs/install.doctor/blob/master/home/dot_config/vpn)
|
|
# * [VPN profile documentation](https://install.doctor/docs/customization/secrets#vpn-profiles)
|
|
|
|
{{ includeTemplate "universal/profile" }}
|
|
{{ includeTemplate "universal/logg" }}
|
|
|
|
# @description Backs up previous network settings to `/Library/Preferences/com.apple.networkextension.plist.old` before applying new VPN profiles
|
|
if [ -f /Library/Preferences/com.apple.networkextension.plist ]; then
|
|
logg info 'Backing up /Library/Preferences/com.apple.networkextension.plist to /Library/Preferences/com.apple.networkextension.plist.old'
|
|
sudo cp -f /Library/Preferences/com.apple.networkextension.plist /Library/Preferences/com.apple.networkextension.plist.old
|
|
else
|
|
logg info 'The /Library/Preferences/com.apple.networkextension.plist file does not exist yet'
|
|
fi
|
|
|
|
# @description Ensures the `/etc/wireguard` directory exists and has the lowest possible permission-level
|
|
if [ ! -d /etc/wireguard ]; then
|
|
logg info 'Creating `/etc/wireguard` since it does not exist yet'
|
|
sudo mkdir -p /etc/wireguard
|
|
sudo chmod 600 /etc/wireguard
|
|
fi
|
|
|
|
# @description Cycles through the `*.conf` files in `${XDG_CONFIG_HOME:-$HOME/.config}/vpn` and adds them to the `/etc/wireguard` folder
|
|
find "${XDG_CONFIG_HOME:-$HOME/.config}/vpn" -mindepth 1 -maxdepth 1 -type f -name "*.conf" | while read WG_CONF; do
|
|
WG_FILE="$(basename "$WG_CONF")"
|
|
logg info 'Adding `'"$WG_FILE"'` to /etc/wireguard'
|
|
sudo cp -f "$WG_CONF" "/etc/wireguard/$WG_FILE"
|
|
done
|
|
|
|
{{ end -}} |