diff --git a/home/.chezmoiscripts/universal/run_after_01-pre-install.sh.tmpl b/home/.chezmoiscripts/universal/run_after_01-pre-install.sh.tmpl index 18530895..cb1ffa1e 100644 --- a/home/.chezmoiscripts/universal/run_after_01-pre-install.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_after_01-pre-install.sh.tmpl @@ -201,11 +201,11 @@ ensureNetworkConfigs() { # 4. Bypasses the OpenVPN connection for all the networks defined in `.host.vpn.excludedSubnets` (in the `home/.chezmoi.yaml.tmpl` file) # 5. Repeats the process for WireGuard by looping through all the `*.nmconnection` files stored in `${XDG_CONFIG_HOME:-$HOME/.config}/vpn` (username and password should already be stored in the encrypted files) # -# ## Creating VPN Profiles +# #### Creating VPN Profiles # # More details on embedding your VPN profiles into your Install Doctor fork can be found by reading the [Secrets documentation](https://install.doctor/docs/customization/secrets#vpn-profiles). # -# ## Links +# #### Links # # * [VPN profile folder](https://github.com/megabyte-labs/install.doctor/blob/master/home/dot_config/vpn) # * [VPN profile documentation](https://install.doctor/docs/customization/secrets#vpn-profiles) @@ -305,7 +305,7 @@ configureNetworkManagerVPNProfiles() { # This script applies the SSH server MOTD banner and `sshd_config` (which are housed in the `home/private_dot_ssh/system` location) # to the system by copying the files to the system location and then restarting / enabling the system SSH server. # -# ## Links +# #### Links # # * [System SSHD configurations](https://github.com/megabyte-labs/install.doctor/tree/master/home/private_dot_ssh/system) configureSSHD() { @@ -811,7 +811,7 @@ grubSettings() { # @description # This script sets the [Docker Rclone plugin](https://rclone.org/docker/) which allows you to mount Rclone mounts as Docker volumes # -# ## Docker Rclone +# #### Docker Rclone # # The Docker Rclone installation ensures necessary system directories are initialized / created. It also copies the [Docker Rclone configuration](https://github.com/megabyte-labs/install.doctor/blob/master/home/dot_config/rclone/private_docker-rclone.conf.tmpl) # to the proper system location. @@ -888,12 +888,12 @@ makeLocalBinExecutable() { # Some of the roles that Gas Station provides are not available via Ansible Galaxy yet. This script symlinks Gas Station # roles to an Ansible Galaxy / Ansible friendly location. # -# ## Ansible Installation +# #### Ansible Installation # # If Ansible is not already installed, this script will also install Ansible and all the necessary requirements using `pipx`. # This script must run before the `install-packages` script because some of the Ansible roles might be leveraged by it. # -# ## TODO +# #### TODO # # * Move installation logic into the ZX installer so that Ansible and its dependencies are only installed when required # * Remove Ansible dependency completely diff --git a/home/.chezmoiscripts/universal/run_before_01-prepare.sh.tmpl b/home/.chezmoiscripts/universal/run_before_01-prepare.sh.tmpl index e484f596..babefccd 100644 --- a/home/.chezmoiscripts/universal/run_before_01-prepare.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_before_01-prepare.sh.tmpl @@ -53,7 +53,7 @@ printFullDiskAccessNotice() { # by attempting to read a file that requires full disk access. If it does not, the program opens the preferences # pane where the user can grant access so that the script can continue. # -# ## Sources +# #### Links # # * [Detecting Full Disk Access permission on macOS](https://www.dzombak.com/blog/2021/11/macOS-Scripting-How-to-tell-if-the-Terminal-app-has-Full-Disk-Access.html) ensureFullDiskAccess() { diff --git a/home/.chezmoiscripts/universal/run_before_05-system.sh.tmpl b/home/.chezmoiscripts/universal/run_before_05-system.sh.tmpl index 1fb544e6..90fa2004 100644 --- a/home/.chezmoiscripts/universal/run_before_05-system.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_before_05-system.sh.tmpl @@ -17,7 +17,7 @@ export PATH="$VOLTA_HOME/bin:$PATH" # # After the `/swapfile` is created, it is enabled and assigned the appropriate permissions. # -# ## TODO +# #### TODO # # * Add logic that creates a swapfile for ZFS-based systems # * Integrate logic from https://gitlab.com/megabyte-labs/gas-station/-/blob/master/roles/system/common/tasks/linux/swap.yml @@ -308,7 +308,7 @@ function installCredentialSecretService() { # This script ensures Docker is installed and then adds the provisioning user to the `docker` group so that they can # access Docker without `sudo`. It also installs and configures gVisor for use with Docker. # -# ## gVisor +# #### gVisor # # gVisor is included with our Docker setup because it improves the security of Docker. gVisor is an application kernel, written in Go, # that implements a substantial portion of the Linux system call interface. It provides an additional layer of isolation between running @@ -474,7 +474,7 @@ installDocker() { # # *Note: You should check out the supported systems before trying to enroll devices.* # -# ## JumpCloud on macOS +# #### JumpCloud on macOS # # macOS offers a native device management feature offered through Apple Business. It is the preferred # method since it offers most of the desirable features (like remote wipe). The [JumpCloud MDM documentation](https://support.jumpcloud.com/support/s/article/Getting-Started-MDM) @@ -562,7 +562,7 @@ removeLinuxBloatware() { # are set equal to the value stored in `.host.hostname` (in `.chezmoi.yaml.tmpl`) but with the `.host.domain` stripped off. On Linux, the same is done # but only the hostname is set. On Linux, the hostname is set with the `hostname` command and then also with the `hostnamectl` command if it is available. # -# ## Sources +# #### Sources # # * [Changing Linux hostname permanently](https://www.tecmint.com/set-hostname-permanently-in-linux/) setHostname() { diff --git a/home/dot_local/bin/executable_provision.tmpl b/home/dot_local/bin/executable_provision.tmpl index 2a36a961..a7188dd8 100644 --- a/home/dot_local/bin/executable_provision.tmpl +++ b/home/dot_local/bin/executable_provision.tmpl @@ -127,7 +127,6 @@ if ! sudo cat /etc/sudoers | grep '# TEMPORARY FOR INSTALL DOCTOR' > /dev/null; fi fi -# @section Qubes dom0 Bootstrap # @description Perform Qubes dom0 specific logic like updating system packages, setting up the Tor VM, updating TemplateVMs, and # beginning the provisioning process using Ansible and an AppVM used to handle the provisioning process if command -v qubesctl > /dev/null; then diff --git a/local/provision.sh b/local/provision.sh index be617ca1..a7f5a5c0 100644 --- a/local/provision.sh +++ b/local/provision.sh @@ -124,7 +124,6 @@ logg() { fi } -# @section Environment variables and system dependencies # @description Ensure Ubuntu / Debian run in `noninteractive` mode. Detect `START_REPO` format and determine appropriate git address, # otherwise use the master Install Doctor branch setEnvironmentVariables() { @@ -347,7 +346,7 @@ printFullDiskAccessNotice() { # by attempting to read a file that requires full disk access. If it does not, the program opens the preferences # pane where the user can grant access so that the script can continue. # -# ## Sources +# #### Links # # * [Detecting Full Disk Access permission on macOS](https://www.dzombak.com/blog/2021/11/macOS-Scripting-How-to-tell-if-the-Terminal-app-has-Full-Disk-Access.html) ensureFullDiskAccess() { @@ -451,7 +450,6 @@ setupPasswordlessSudo() { fi } -# @section Qubes dom0 # @description Ensure sys-whonix is configured (for Qubes dom0) ensureSysWhonix() { CONFIG_WIZARD_COUNT=0 @@ -553,7 +551,6 @@ handleQubesDom0() { fi } -# @section Homebrew dependencies # @description Helper function used by [[ensureHomebrewDeps]] to ensure a Homebrew package is installed after # first checking if it is already available on the system. installBrewPackage() { @@ -594,7 +591,6 @@ ensureHomebrewDeps() { fi } -# @section Chezmoi # @description Ensure the `${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi` directory is cloned and up-to-date using the previously # set `START_REPO` as the source repository. cloneChezmoiSourceRepo() { @@ -714,7 +710,6 @@ runChezmoi() { fi } -# @section Post-provision logic # @description Ensure temporary passwordless sudo privileges are removed from `/etc/sudoers` removePasswordlessSudo() { if command -v gsed > /dev/null; then @@ -732,7 +727,6 @@ postProvision() { fi } -# @section Execution order # @description The `provisionLogic` function is used to define the order of the script. All of the functions it relies on are defined # above. provisionLogic() { diff --git a/scripts/partials/full-disk-access b/scripts/partials/full-disk-access index f61c18bb..88c6ce4c 100644 --- a/scripts/partials/full-disk-access +++ b/scripts/partials/full-disk-access @@ -15,7 +15,7 @@ printFullDiskAccessNotice() { # by attempting to read a file that requires full disk access. If it does not, the program opens the preferences # pane where the user can grant access so that the script can continue. # -# ## Sources +# #### Links # # * [Detecting Full Disk Access permission on macOS](https://www.dzombak.com/blog/2021/11/macOS-Scripting-How-to-tell-if-the-Terminal-app-has-Full-Disk-Access.html) ensureFullDiskAccess() { diff --git a/scripts/provision.sh b/scripts/provision.sh index b3163efc..c40e539c 100644 --- a/scripts/provision.sh +++ b/scripts/provision.sh @@ -124,7 +124,6 @@ logg() { fi } -# @section Environment variables and system dependencies # @description Ensure Ubuntu / Debian run in `noninteractive` mode. Detect `START_REPO` format and determine appropriate git address, # otherwise use the master Install Doctor branch setEnvironmentVariables() { @@ -347,7 +346,7 @@ printFullDiskAccessNotice() { # by attempting to read a file that requires full disk access. If it does not, the program opens the preferences # pane where the user can grant access so that the script can continue. # -# ## Sources +# #### Links # # * [Detecting Full Disk Access permission on macOS](https://www.dzombak.com/blog/2021/11/macOS-Scripting-How-to-tell-if-the-Terminal-app-has-Full-Disk-Access.html) ensureFullDiskAccess() { @@ -451,7 +450,6 @@ setupPasswordlessSudo() { fi } -# @section Qubes dom0 # @description Ensure sys-whonix is configured (for Qubes dom0) ensureSysWhonix() { CONFIG_WIZARD_COUNT=0 @@ -553,7 +551,6 @@ handleQubesDom0() { fi } -# @section Homebrew dependencies # @description Helper function used by [[ensureHomebrewDeps]] to ensure a Homebrew package is installed after # first checking if it is already available on the system. installBrewPackage() { @@ -594,7 +591,6 @@ ensureHomebrewDeps() { fi } -# @section Chezmoi # @description Ensure the `${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi` directory is cloned and up-to-date using the previously # set `START_REPO` as the source repository. cloneChezmoiSourceRepo() { @@ -714,7 +710,6 @@ runChezmoi() { fi } -# @section Post-provision logic # @description Ensure temporary passwordless sudo privileges are removed from `/etc/sudoers` removePasswordlessSudo() { if command -v gsed > /dev/null; then @@ -732,7 +727,6 @@ postProvision() { fi } -# @section Execution order # @description The `provisionLogic` function is used to define the order of the script. All of the functions it relies on are defined # above. provisionLogic() { diff --git a/scripts/src/provision.sh.tmpl b/scripts/src/provision.sh.tmpl index 00f8f654..f35bdb94 100644 --- a/scripts/src/provision.sh.tmpl +++ b/scripts/src/provision.sh.tmpl @@ -52,7 +52,6 @@ # [Install Doctor documentation portal](https://install.doctor/docs) (includes tips, tricks, and guides on how to customize the system to your liking) {{ include "partials" "logg" }} -# @section Environment variables and system dependencies # @description Ensure Ubuntu / Debian run in `noninteractive` mode. Detect `START_REPO` format and determine appropriate git address, # otherwise use the master Install Doctor branch setEnvironmentVariables() { @@ -131,7 +130,6 @@ setupPasswordlessSudo() { fi } -# @section Qubes dom0 # @description Ensure sys-whonix is configured (for Qubes dom0) ensureSysWhonix() { CONFIG_WIZARD_COUNT=0 @@ -233,7 +231,6 @@ handleQubesDom0() { fi } -# @section Homebrew dependencies # @description Helper function used by [[ensureHomebrewDeps]] to ensure a Homebrew package is installed after # first checking if it is already available on the system. installBrewPackage() { @@ -274,7 +271,6 @@ ensureHomebrewDeps() { fi } -# @section Chezmoi # @description Ensure the `${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi` directory is cloned and up-to-date using the previously # set `START_REPO` as the source repository. cloneChezmoiSourceRepo() { @@ -394,7 +390,6 @@ runChezmoi() { fi } -# @section Post-provision logic # @description Ensure temporary passwordless sudo privileges are removed from `/etc/sudoers` removePasswordlessSudo() { if command -v gsed > /dev/null; then @@ -412,7 +407,6 @@ postProvision() { fi } -# @section Execution order # @description The `provisionLogic` function is used to define the order of the script. All of the functions it relies on are defined # above. provisionLogic() {