From 60f583462b6ef018b5c30fd6adc0bca4d07c99a7 Mon Sep 17 00:00:00 2001
From: Brian Zalewski <59970525+ProfessorManhattan@users.noreply.github.com>
Date: Thu, 7 Dec 2023 06:00:08 +0000
Subject: [PATCH] Added iTerm2 options and headless macos stuff

---
 .../run_onchange_after_03-macos-headless.sh.tmpl         | 9 +++++++--
 software.yml                                             | 3 +++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/home/.chezmoiscripts/universal/run_onchange_after_03-macos-headless.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_03-macos-headless.sh.tmpl
index c56ce343..2371a0bf 100644
--- a/home/.chezmoiscripts/universal/run_onchange_after_03-macos-headless.sh.tmpl
+++ b/home/.chezmoiscripts/universal/run_onchange_after_03-macos-headless.sh.tmpl
@@ -17,11 +17,16 @@ if [ -n "$HEADLESS_INSTALL" ] && [ -z "$SSH_CONNECTION" ] && [ -d /System ] && [
     # Source: https://developers.cloudflare.com/cloudflare-one/static/documentation/connections/Cloudflare_CA.crt
     # Source: https://developers.cloudflare.com/cloudflare-one/static/documentation/connections/Cloudflare_CA.pem
     ### Ensure certificate installed on macOS
-    logg info '**macOS Manual Security Permission** Requesting security authorization for Cloudflare trusted certificate'
+    logg info 'Downloading Cloudflare_CA.crt from https://developers.cloudflare.com/cloudflare-one/static/documentation/connections/Cloudflare_CA.crt to determine if it is already in the System.keychain'
     CRT_TMP="$(mktemp)"
     curl -sSL https://developers.cloudflare.com/cloudflare-one/static/documentation/connections/Cloudflare_CA.crt > "$CRT_TMP"
-    sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain "$CRT_TMP" && logg success 'Successfully imported Cloudflare_CA.crt into System.keychain'
+    security verify-cert -c "$CRT_TMP" > /dev/null 2>&1
+    if [ $? != 0 ]; then
+        logg info '**macOS Manual Security Permission** Requesting security authorization for Cloudflare trusted certificate'
+        sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain "$CRT_TMP" && logg success 'Successfully imported Cloudflare_CA.crt into System.keychain'
+    fi
     rm -f "$CRT_TMP"
+    
     # Source: https://apple.stackexchange.com/questions/30238/how-to-enable-os-x-screen-sharing-vnc-through-ssh
     # To disable, run: sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -configure -access -off
     # Only enable when computer is not a corporate / work computer
diff --git a/software.yml b/software.yml
index 1439c4b0..c6653c13 100644
--- a/software.yml
+++ b/software.yml
@@ -4933,6 +4933,9 @@ softwarePackages:
     _home: https://iterm2.com/
     _name: iTerm2
     _app: iTerm.app
+    _post:cask: |
+      echo "Setting iTerm2 options location to Install Doctor Chezmoi location" && defaults write com.googlecode.iterm2 PrefsCustomFolder -string "${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi/home/Library/Preferences/com.googlecode.iterm2.plist"
+      echo "Setting iTerm2 to automatically sync with managed options" && defaults write com.googlecode.iterm2 NoSyncNeverRemindPrefsChangesLostForFile_selection -int 2
     ansible:darwin: professormanhattan.iterm2
     cask: iterm2
   nativescript: