From 55417196dd24b9d2ba2ac9fda5efd553ff8e04a8 Mon Sep 17 00:00:00 2001 From: Brian Zalewski <59970525+ProfessorManhattan@users.noreply.github.com> Date: Wed, 6 Dec 2023 06:58:56 +0000 Subject: [PATCH] Latest --- .../run_before_01-system-homebrew.sh.tmpl | 13 +- home/dot_local/etc/sftpgo/sftpgo.json.tmpl | 796 +++++++++--------- local/provision.sh | 1 + scripts/src/provision.sh.tmpl | 2 +- 4 files changed, 410 insertions(+), 402 deletions(-) diff --git a/home/.chezmoiscripts/universal/run_before_01-system-homebrew.sh.tmpl b/home/.chezmoiscripts/universal/run_before_01-system-homebrew.sh.tmpl index 5bd3afdd..86afb0f0 100644 --- a/home/.chezmoiscripts/universal/run_before_01-system-homebrew.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_before_01-system-homebrew.sh.tmpl @@ -35,12 +35,17 @@ # Running sudo softwareupdate -i -a -R --agree-to-license reboots just not in the script due to the running processes perhaps # Check for pending reboot by checking if [ -d /Applications ] && [ -d /Library ] && [ -z "$NO_RESTART" ]; then - if [ ! -f "$HOME/.zshrc" ] || ! cat "$HOME/.zshrc" | grep '# TEMPORARY FOR INSTALL DOCTOR MACOS' > /dev/null; then - echo 'bash <(curl -sSL https://install.doctor/start) # TEMPORARY FOR INSTALL DOCTOR MACOS' >> "$HOME/.zshrc" - fi logg info 'Applying OS upgrades (if available)' - sudo softwareupdate -i -a --agree-to-license --background || logg error 'Failed to trigger a system update via sudo softwareupdate -i -a --agree-to-license --background' + sudo softwareupdate -i -a --agree-to-license || logg error 'Failed to trigger a system update via sudo softwareupdate -i -a --agree-to-license --background' logg info 'If system updates are downloaded / installed, a reboot might be required.' + ### Source: https://community.jamf.com/t5/jamf-pro/determine-if-update-requires-restart/m-p/11682 + if softwareupdate -l | grep restart > /dev/null; then + if [ ! -f "$HOME/.zshrc" ] || ! cat "$HOME/.zshrc" | grep '# TEMPORARY FOR INSTALL DOCTOR MACOS' > /dev/null; then + echo 'bash <(curl -sSL https://install.doctor/start) # TEMPORARY FOR INSTALL DOCTOR MACOS' >> "$HOME/.zshrc" + fi + logg info 'Reboot required - shutting down immediately' && sudo shutdown -r now + # TODO - Automatically log in after reboot + fi if command -v gsed > /dev/null; then sudo gsed -i '/# TEMPORARY FOR INSTALL DOCTOR MACOS/d' "$HOME/.zshrc" || logg warn "Failed to remove kickstart script from .zshrc" else diff --git a/home/dot_local/etc/sftpgo/sftpgo.json.tmpl b/home/dot_local/etc/sftpgo/sftpgo.json.tmpl index 0aa10e2a..feaaf0b2 100644 --- a/home/dot_local/etc/sftpgo/sftpgo.json.tmpl +++ b/home/dot_local/etc/sftpgo/sftpgo.json.tmpl @@ -3,414 +3,416 @@ {{- $baseDomain := (join (join .host.hostname "-qube.") .host.domain) -}} {{- end -}} { - "common": { - "idle_timeout": 15, - "upload_mode": 0, - "actions": { - "execute_on": [], - "execute_sync": [], - "hook": "" - }, - "setstat_mode": 0, - "temp_path": "", - "proxy_protocol": 0, - "proxy_allowed": [], - "startup_hook": "", - "post_connect_hook": "", - "post_disconnect_hook": "", - "data_retention_hook": "", - "max_total_connections": 0, - "max_per_host_connections": 20, - "whitelist_file": "", - "allow_self_connections": 0, - "defender": { - "enabled": true, - "driver": "memory", - "ban_time": 30, - "ban_time_increment": 50, - "threshold": 15, - "score_invalid": 2, - "score_valid": 1, - "score_limit_exceeded": 3, - "observation_time": 30, + "common": { + "idle_timeout": 15, + "upload_mode": 0, + "actions": { + "execute_on": [], + "execute_sync": [], + "hook": "" + }, + "setstat_mode": 0, + "temp_path": "", + "proxy_protocol": 0, + "proxy_allowed": [], + "startup_hook": "", + "post_connect_hook": "", + "post_disconnect_hook": "", + "data_retention_hook": "", + "max_total_connections": 0, + "max_per_host_connections": 20, + "whitelist_file": "", + "allow_self_connections": 0, + "defender": { + "enabled": true, + "driver": "memory", + "ban_time": 30, + "ban_time_increment": 50, + "threshold": 15, + "score_invalid": 2, + "score_valid": 1, + "score_limit_exceeded": 3, + "observation_time": 30, + "entries_soft_limit": 100, + "entries_hard_limit": 150, + "safelist_file": "", + "blocklist_file": "", + "safelist": [], + "blocklist": [] + }, + "rate_limiters": [ + { + "average": 0, + "period": 1000, + "burst": 1, + "type": 2, + "protocols": [ + "SSH", + "FTP", + "DAV", + "HTTP" + ], + "allow_list": [], + "generate_defender_events": false, "entries_soft_limit": 100, - "entries_hard_limit": 150, - "safelist_file": "", - "blocklist_file": "", - "safelist": [], - "blocklist": [] - }, - "rate_limiters": [ - { - "average": 0, - "period": 1000, - "burst": 1, - "type": 2, - "protocols": [ - "SSH", - "FTP", - "DAV", - "HTTP" - ], - "allow_list": [], - "generate_defender_events": false, - "entries_soft_limit": 100, - "entries_hard_limit": 150 - } - ] + "entries_hard_limit": 150 + } + ] + }, + "acme": { + "domains": [ + "sftp.{{- $baseDomain -}}" + ], + "email": "{{- .user.cloudflare.username -}}", + "key_type": "4096", + "certs_path": "certs", + "ca_endpoint": "https://acme-v02.api.letsencrypt.org/directory", + "renew_days": 30, + "http01_challenge": { + "port": 80, + "proxy_header": "", + "webroot": "" }, - "acme": { - "domains": ["sftp.{{ $baseDomain }}"], - "email": "{{ .user.cloudflare.username }}", - "key_type": "4096", - "certs_path": "certs", - "ca_endpoint": "https://acme-v02.api.letsencrypt.org/directory", - "renew_days": 30, - "http01_challenge": { - "port": 80, - "proxy_header": "", - "webroot": "" + "tls_alpn01_challenge": { + "port": 0 + } + }, + "sftpd": { + "bindings": [ + { + "port": 2022, + "address": "", + "apply_proxy_config": true + } + ], + "max_auth_tries": 0, + "banner": "", + "host_keys": [], + "host_certificates": [], + "host_key_algorithms": [], + "moduli": [], + "kex_algorithms": [], + "ciphers": [], + "macs": [], + "trusted_user_ca_keys": [], + "revoked_user_certs_file": "", + "login_banner_file": "", + "enabled_ssh_commands": [ + "md5sum", + "sha1sum", + "sha256sum", + "cd", + "pwd", + "scp" + ], + "keyboard_interactive_authentication": false, + "keyboard_interactive_auth_hook": "", + "password_authentication": true, + "folder_prefix": "" + }, + "ftpd": { + "bindings": [ + { + "port": 0, + "address": "", + "apply_proxy_config": true, + "tls_mode": 0, + "certificate_file": "", + "certificate_key_file": "", + "min_tls_version": 12, + "force_passive_ip": "", + "passive_ip_overrides": [], + "client_auth_type": 0, + "tls_cipher_suites": [], + "passive_connections_security": 0, + "active_connections_security": 0, + "debug": false + } + ], + "banner": "", + "banner_file": "", + "active_transfers_port_non_20": true, + "passive_port_range": { + "start": 50000, + "end": 50100 + }, + "disable_active_mode": false, + "enable_site": false, + "hash_support": 0, + "combine_support": 0, + "certificate_file": "", + "certificate_key_file": "", + "ca_certificates": [], + "ca_revocation_lists": [] + }, + "webdavd": { + "bindings": [ + { + "port": 0, + "address": "", + "enable_https": false, + "certificate_file": "", + "certificate_key_file": "", + "min_tls_version": 12, + "client_auth_type": 0, + "tls_cipher_suites": [], + "prefix": "", + "proxy_allowed": [], + "client_ip_proxy_header": "", + "client_ip_header_depth": 0, + "disable_www_auth_header": false + } + ], + "certificate_file": "", + "certificate_key_file": "", + "ca_certificates": [], + "ca_revocation_lists": [], + "cors": { + "enabled": false, + "allowed_origins": [], + "allowed_methods": [], + "allowed_headers": [], + "exposed_headers": [], + "allow_credentials": false, + "max_age": 0, + "options_passthrough": false, + "options_success_status": 0, + "allow_private_network": false + }, + "cache": { + "users": { + "expiration_time": 0, + "max_size": 50 }, - "tls_alpn01_challenge": { - "port": 0 + "mime_types": { + "enabled": true, + "max_size": 1000 + } + } + }, + "data_provider": { + "driver": "sqlite", + "name": "sftpgo.db", + "host": "", + "port": 0, + "username": "", + "password": "", + "sslmode": 0, + "disable_sni": false, + "target_session_attrs": "", + "root_cert": "", + "client_cert": "", + "client_key": "", + "connection_string": "", + "sql_tables_prefix": "", + "track_quota": 2, + "delayed_quota_update": 0, + "pool_size": 0, + "users_base_dir": "/usr/local/var/sftpgo/data", + "actions": { + "execute_on": [], + "execute_for": [], + "hook": "" + }, + "external_auth_hook": "", + "external_auth_scope": 0, + "pre_login_hook": "", + "post_login_hook": "", + "post_login_scope": 0, + "check_password_hook": "", + "check_password_scope": 0, + "password_hashing": { + "bcrypt_options": { + "cost": 10 + }, + "argon2_options": { + "memory": 65536, + "iterations": 1, + "parallelism": 2 + }, + "algo": "bcrypt" + }, + "password_validation": { + "admins": { + "min_entropy": 0 + }, + "users": { + "min_entropy": 0 } }, - "sftpd": { - "bindings": [ - { - "port": 2022, - "address": "", - "apply_proxy_config": true - } - ], - "max_auth_tries": 0, - "banner": "", - "host_keys": [], - "host_certificates": [], - "host_key_algorithms": [], - "moduli": [], - "kex_algorithms": [], - "ciphers": [], - "macs": [], - "trusted_user_ca_keys": [], - "revoked_user_certs_file": "", - "login_banner_file": "", - "enabled_ssh_commands": [ - "md5sum", - "sha1sum", - "sha256sum", - "cd", - "pwd", - "scp" - ], - "keyboard_interactive_authentication": false, - "keyboard_interactive_auth_hook": "", - "password_authentication": true, - "folder_prefix": "" - }, - "ftpd": { - "bindings": [ - { - "port": 0, - "address": "", - "apply_proxy_config": true, - "tls_mode": 0, - "certificate_file": "", - "certificate_key_file": "", - "min_tls_version": 12, - "force_passive_ip": "", - "passive_ip_overrides": [], - "client_auth_type": 0, - "tls_cipher_suites": [], - "passive_connections_security": 0, - "active_connections_security": 0, - "debug": false - } - ], - "banner": "", - "banner_file": "", - "active_transfers_port_non_20": true, - "passive_port_range": { - "start": 50000, - "end": 50100 - }, - "disable_active_mode": false, - "enable_site": false, - "hash_support": 0, - "combine_support": 0, - "certificate_file": "", - "certificate_key_file": "", - "ca_certificates": [], - "ca_revocation_lists": [] - }, - "webdavd": { - "bindings": [ - { - "port": 0, - "address": "", - "enable_https": false, - "certificate_file": "", - "certificate_key_file": "", - "min_tls_version": 12, - "client_auth_type": 0, - "tls_cipher_suites": [], - "prefix": "", - "proxy_allowed": [], - "client_ip_proxy_header": "", - "client_ip_header_depth": 0, - "disable_www_auth_header": false - } - ], - "certificate_file": "", - "certificate_key_file": "", - "ca_certificates": [], - "ca_revocation_lists": [], - "cors": { - "enabled": false, - "allowed_origins": [], - "allowed_methods": [], - "allowed_headers": [], - "exposed_headers": [], - "allow_credentials": false, - "max_age": 0, - "options_passthrough": false, - "options_success_status": 0, - "allow_private_network": false - }, - "cache": { - "users": { - "expiration_time": 0, - "max_size": 50 - }, - "mime_types": { - "enabled": true, - "max_size": 1000 - } - } - }, - "data_provider": { - "driver": "sqlite", - "name": "sftpgo.db", + "password_caching": true, + "update_mode": 0, + "create_default_admin": true, + "naming_rules": 1, + "is_shared": 0, + "node": { "host": "", "port": 0, - "username": "", - "password": "", - "sslmode": 0, - "disable_sni": false, - "target_session_attrs": "", - "root_cert": "", - "client_cert": "", - "client_key": "", - "connection_string": "", - "sql_tables_prefix": "", - "track_quota": 2, - "delayed_quota_update": 0, - "pool_size": 0, - "users_base_dir": "/usr/local/var/sftpgo/data", - "actions": { - "execute_on": [], - "execute_for": [], - "hook": "" - }, - "external_auth_hook": "", - "external_auth_scope": 0, - "pre_login_hook": "", - "post_login_hook": "", - "post_login_scope": 0, - "check_password_hook": "", - "check_password_scope": 0, - "password_hashing": { - "bcrypt_options": { - "cost": 10 - }, - "argon2_options": { - "memory": 65536, - "iterations": 1, - "parallelism": 2 - }, - "algo": "bcrypt" - }, - "password_validation": { - "admins": { - "min_entropy": 0 - }, - "users": { - "min_entropy": 0 - } - }, - "password_caching": true, - "update_mode": 0, - "create_default_admin": true, - "naming_rules": 1, - "is_shared": 0, - "node": { - "host": "", - "port": 0, - "proto": "http" - }, - "backups_path": "backups" + "proto": "http" }, - "httpd": { - "bindings": [ - { - "port": 11101, - "address": "", - "enable_web_admin": true, - "enable_web_client": true, - "enable_rest_api": true, - "enabled_login_methods": 0, - "enable_https": false, - "certificate_file": "", - "certificate_key_file": "", - "min_tls_version": 12, - "client_auth_type": 0, - "tls_cipher_suites": [], - "proxy_allowed": [], - "client_ip_proxy_header": "", - "client_ip_header_depth": 0, - "hide_login_url": 0, - "render_openapi": true, - "web_client_integrations": [], - "oidc": { - "client_id": "", - "client_secret": "", - "config_url": "", - "redirect_base_url": "", - "scopes": [ - "openid", - "profile", - "email" - ], - "username_field": "", - "role_field": "", - "implicit_roles": false, - "custom_fields": [], - "insecure_skip_signature_check": false, - "debug": false + "backups_path": "backups" + }, + "httpd": { + "bindings": [ + { + "port": 11101, + "address": "", + "enable_web_admin": true, + "enable_web_client": true, + "enable_rest_api": true, + "enabled_login_methods": 0, + "enable_https": false, + "certificate_file": "", + "certificate_key_file": "", + "min_tls_version": 12, + "client_auth_type": 0, + "tls_cipher_suites": [], + "proxy_allowed": [], + "client_ip_proxy_header": "", + "client_ip_header_depth": 0, + "hide_login_url": 0, + "render_openapi": true, + "web_client_integrations": [], + "oidc": { + "client_id": "", + "client_secret": "", + "config_url": "", + "redirect_base_url": "", + "scopes": [ + "openid", + "profile", + "email" + ], + "username_field": "", + "role_field": "", + "implicit_roles": false, + "custom_fields": [], + "insecure_skip_signature_check": false, + "debug": false + }, + "security": { + "enabled": false, + "allowed_hosts": [], + "allowed_hosts_are_regex": false, + "hosts_proxy_headers": [], + "https_redirect": false, + "https_host": "", + "https_proxy_headers": [], + "sts_seconds": 0, + "sts_include_subdomains": false, + "sts_preload": false, + "content_type_nosniff": false, + "content_security_policy": "", + "permissions_policy": "", + "cross_origin_opener_policy": "", + "expect_ct_header": "" + }, + "branding": { + "web_admin": { + "name": "", + "short_name": "", + "favicon_path": "", + "logo_path": "", + "login_image_path": "", + "disclaimer_name": "", + "disclaimer_path": "", + "default_css": "", + "extra_css": [] }, - "security": { - "enabled": false, - "allowed_hosts": [], - "allowed_hosts_are_regex": false, - "hosts_proxy_headers": [], - "https_redirect": false, - "https_host": "", - "https_proxy_headers": [], - "sts_seconds": 0, - "sts_include_subdomains": false, - "sts_preload": false, - "content_type_nosniff": false, - "content_security_policy": "", - "permissions_policy": "", - "cross_origin_opener_policy": "", - "expect_ct_header": "" - }, - "branding": { - "web_admin": { - "name": "", - "short_name": "", - "favicon_path": "", - "logo_path": "", - "login_image_path": "", - "disclaimer_name": "", - "disclaimer_path": "", - "default_css": "", - "extra_css": [] - }, - "web_client": { - "name": "", - "short_name": "", - "favicon_path": "", - "logo_path": "", - "login_image_path": "", - "disclaimer_name": "", - "disclaimer_path": "", - "default_css": "", - "extra_css": [] - } + "web_client": { + "name": "", + "short_name": "", + "favicon_path": "", + "logo_path": "", + "login_image_path": "", + "disclaimer_name": "", + "disclaimer_path": "", + "default_css": "", + "extra_css": [] } } - ], - "templates_path": "templates", - "static_files_path": "static", - "openapi_path": "openapi", - "web_root": "", - "certificate_file": "", - "certificate_key_file": "", - "ca_certificates": [], - "ca_revocation_lists": [], - "signing_passphrase": "", - "token_validation": 0, - "max_upload_file_size": 1048576000, - "cors": { - "enabled": false, - "allowed_origins": [], - "allowed_methods": [], - "allowed_headers": [], - "exposed_headers": [], - "allow_credentials": false, - "max_age": 0, - "options_passthrough": false, - "options_success_status": 0, - "allow_private_network": false - }, - "setup": { - "installation_code": "", - "installation_code_hint": "Installation code" - }, - "hide_support_link": true - }, - "telemetry": { - "bind_port": 0, - "bind_address": "127.0.0.1", - "enable_profiler": false, - "auth_user_file": "", - "certificate_file": "", - "certificate_key_file": "", - "min_tls_version": 12, - "tls_cipher_suites": [] - }, - "http": { - "timeout": 20, - "retry_wait_min": 2, - "retry_wait_max": 30, - "retry_max": 3, - "ca_certificates": [], - "certificates": [], - "skip_tls_verify": false, - "headers": [] - }, - "command": { - "timeout": 30, - "env": [], - "commands": [] - }, - "kms": { - "secrets": { - "url": "", - "master_key": "", - "master_key_path": "" } + ], + "templates_path": "templates", + "static_files_path": "static", + "openapi_path": "openapi", + "web_root": "", + "certificate_file": "", + "certificate_key_file": "", + "ca_certificates": [], + "ca_revocation_lists": [], + "signing_passphrase": "", + "token_validation": 0, + "max_upload_file_size": 1048576000, + "cors": { + "enabled": false, + "allowed_origins": [], + "allowed_methods": [], + "allowed_headers": [], + "exposed_headers": [], + "allow_credentials": false, + "max_age": 0, + "options_passthrough": false, + "options_success_status": 0, + "allow_private_network": false }, - "mfa": { - "totp": [ - { - "name": "Install Doctor", - "issuer": "SFTPGo - Install Doctor", - "algo": "sha1" - } - ] + "setup": { + "installation_code": "", + "installation_code_hint": "Installation code" }, - "smtp": { - "host": "smtp.sendgrid.net", - "port": 587, - "from": "LitOS SFTPGo /dev/null; then installBrewPackage gum installBrewPackage node installBrewPackage zx + installBrewPackage expect fi ### Clones the source repository diff --git a/scripts/src/provision.sh.tmpl b/scripts/src/provision.sh.tmpl index 7457bcd1..1ce1be00 100644 --- a/scripts/src/provision.sh.tmpl +++ b/scripts/src/provision.sh.tmpl @@ -89,7 +89,7 @@ setCIEnvironmentVariables() { logg info "Setting HEADLESS_INSTALL to true " && export HEADLESS_INSTALL=true logg info "Setting SOFTWARE_GROUP to Full-Desktop" && export SOFTWARE_GROUP="Full-Desktop" logg info "Setting FULL_NAME to Brian Zalewski" && export FULL_NAME="Brian Zalewski" - logg info "Setting PRIMARY_EMAIL to help@megabyte.space" && export PRIMARY_EMAIL="help@megabyte.space" + logg info "Setting PRIMARY_EMAIL to brian@megabyte.space" && export PRIMARY_EMAIL="brian@megabyte.space" logg info "Setting PUBLIC_SERVICES_DOMAIN to lab.megabyte.space" && export PUBLIC_SERVICES_DOMAIN="lab.megabyte.space" logg info "Setting RESTRICTED_ENVIRONMENT to false" && export RESTRICTED_ENVIRONMENT=false logg info "Setting WORK_ENVIRONMENT to false" && export WORK_ENVIRONMENT=false