diff --git a/home/.chezmoidata.yaml b/home/.chezmoidata.yaml index e3299254..44f31871 100644 --- a/home/.chezmoidata.yaml +++ b/home/.chezmoidata.yaml @@ -828,6 +828,8 @@ softwareGroups: _Basic-Desktop: &_Basic-Desktop - *_Basic - *Essentials-Desktop + - firewall-applet + - firewall-config - stacer _Standard: &_Standard - *_Basic diff --git a/home/.chezmoiscripts/debian/run_onchange_before_14-warp.tmpl b/home/.chezmoiscripts/debian/run_onchange_before_14-warp.tmpl new file mode 100644 index 00000000..b39e763d --- /dev/null +++ b/home/.chezmoiscripts/debian/run_onchange_before_14-warp.tmpl @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +{{ includeTemplate "universal/logg-before" }} + +### Add CloudFlare WARP desktop app apt-get source +if [ ! -f /etc/apt/sources.list.d/cloudflare-client.list ]; then + logg info 'Adding CloudFlare WARP keyring' + curl https://pkg.cloudflareclient.com/pubkey.gpg | sudo gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg + + logg info 'Adding apt source reference' + echo "deb [arch=amd64 signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflare-client.list + + sudo apt-get update +fi diff --git a/home/.chezmoiscripts/ubuntu/run_onchange_before_14-warp.tmpl b/home/.chezmoiscripts/ubuntu/run_onchange_before_14-warp.tmpl new file mode 100644 index 00000000..b39e763d --- /dev/null +++ b/home/.chezmoiscripts/ubuntu/run_onchange_before_14-warp.tmpl @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +{{ includeTemplate "universal/logg-before" }} + +### Add CloudFlare WARP desktop app apt-get source +if [ ! -f /etc/apt/sources.list.d/cloudflare-client.list ]; then + logg info 'Adding CloudFlare WARP keyring' + curl https://pkg.cloudflareclient.com/pubkey.gpg | sudo gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg + + logg info 'Adding apt source reference' + echo "deb [arch=amd64 signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflare-client.list + + sudo apt-get update +fi diff --git a/home/.chezmoiscripts/universal/run_onchange_after_14-warp.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_14-warp.tmpl new file mode 100644 index 00000000..9ed0f854 --- /dev/null +++ b/home/.chezmoiscripts/universal/run_onchange_after_14-warp.tmpl @@ -0,0 +1,42 @@ +{{- if (ne .host.distro.family "windows") }} +#!/usr/bin/env bash + +### Configure CloudFlare WARP (if not WSL and warp-cli is installed) +if [[ ! "$(grep Microsoft /proc/version)" ]] && command -v warp-cli > /dev/null; then + ### Register CloudFlare WARP + if warp-cli --accept-tos status | grep 'Registration missing' > /dev/null; then + logg info 'Registering CloudFlare WARP' + warp-cli --accept-tos register + else + logg info 'Already registered with CloudFlare WARP' + fi + + ### Connect CloudFlare WARP + if warp-cli --accept-tos status | grep 'Disconnected' > /dev/null; then + logg info 'Connecting to CloudFlare WARP' + warp-cli --accept-tos connect + else + logg info 'Already connected to CloudFlare WARP' + fi + + ### Enable Always-On mode + logg info 'Enabling always-on mode' + warp-cli --accept-tos enable-always-on + + ### Enable Family Mode + # logg info 'Enabling family-mode' + # warp-cli --accept-tos set-families-mode full + + ### Enable WARP+DNS mode + # logg info 'Enabling WARP+DNS mode' + # warp-cli set-mode warp+doh + + # TODO + {{ if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath (.chezmoi.sourceDir ".chezmoitemplates" "secrets" "key-cloudflare-teams-client-id"))) (stat (joinPath (.chezmoi.sourceDir ".chezmoitemplates" "secrets" "key-cloudflare-teams-client-secret"))) -}} + ### Enroll with CloudFlare Teams + logg info 'Enrolling with CloudFlare Teams' + warp-cli teams-enroll '{{- includeTemplate "secrets/key-cloudflare-teams-client-id" | decrypt -}}' '{{- includeTemplate "secrets/key-cloudflare-teams-client-secret" | decrypt -}}' + {{- end }} +fi + +{{ end -}} diff --git a/home/.chezmoiscripts/universal/run_onchange_after_80-bash-completions.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_80-bash-completions.tmpl index 8b7727a6..d6747a8d 100644 --- a/home/.chezmoiscripts/universal/run_onchange_after_80-bash-completions.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_after_80-bash-completions.tmpl @@ -1,3 +1,4 @@ +{{- if (ne .host.distro.family "windows") -}} #!/usr/bin/env bash # .chezmoidata.yml hash: {{ include (joinPath .chezmoi.sourceDir ".chezmoidata.yaml")| sha256sum }} @@ -179,3 +180,5 @@ if command -v zoxide >/dev/null; then elif [ -f "$COMPLETION_DIR/zoxide.bash" ]; then rm "$COMPLETION_DIR/zoxide.bash" fi + +{{ end -}} diff --git a/home/.chezmoiscripts/universal/run_onchange_after_81-kubesphere.yml.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_81-kubesphere.yml.tmpl new file mode 100644 index 00000000..a4928e24 --- /dev/null +++ b/home/.chezmoiscripts/universal/run_onchange_after_81-kubesphere.yml.tmpl @@ -0,0 +1 @@ +{{ if }} \ No newline at end of file diff --git a/home/.chezmoiscripts/universal/run_onchange_before_11-install-docker.tmpl b/home/.chezmoiscripts/universal/run_onchange_before_11-install-docker.tmpl index 838a37ae..faef1299 100644 --- a/home/.chezmoiscripts/universal/run_onchange_before_11-install-docker.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_before_11-install-docker.tmpl @@ -177,7 +177,7 @@ if [ ! -d /Applications ] || [ ! -d /System ]; then fi # Restart / enable Docker - if command -v systemctl > /dev/null; then + if [[ ! "$(grep Microsoft /proc/version)" ]] && command -v systemctl > /dev/null; then logg info 'Restarting Docker service' sudo systemctl restart docker.service sudo systemctl restart containerd.service diff --git a/software.yml b/software.yml index b370c948..c899f413 100644 --- a/software.yml +++ b/software.yml @@ -6013,6 +6013,16 @@ softwarePackages: github: github.com/jessfraz/pony go: github.com/jessfraz/pony@latest _service: false + firewall-applet: + _bin: firewall-applet + apt: firewall-applet + dnf: firewall-applet + pacman: firewall-applet + firewall-config: + _bin: firewall-config + apt: firewall-config + dnf: firewall-config + pacman: firewall-config portmaster: _bin: null _desc: "[Portmaster](https://safing.io/portmaster/) is a free and open-source application that puts you back in charge over all your computer's network connections." @@ -6023,6 +6033,11 @@ softwarePackages: _when:linux: '! test -f /opt/safing/portmaster/portmaster-start' ansible:linux: professormanhattan.portmaster ansible:windows: professormanhattan.portmaster + apt: https://updates.safing.io/latest/linux_amd64/packages/portmaster-installer. + choco: portmaster + dnf: https://updates.safing.io/latest/linux_amd64/packages/portmaster-installer.rpm + exe: https://updates.safing.io/latest/windows_amd64/packages/portmaster-installer. + scoop: portmaster-np _service: true _type: application pake: @@ -8280,7 +8295,9 @@ softwarePackages: _when:darwin: '! test -d "/Applications/Cloudflare WARP.app"' # Needs tuning - possibly unrelated, but internet wasn't working on Ubuntu after installing this and removed it during debugging # ansible: professormanhattan.warp + apt: cloudflare-warp cask: cloudflare-warp + choco: warp _service: false _type: application watchexec: