diff --git a/home/.chezmoiexternal.toml.tmpl b/home/.chezmoiexternal.toml.tmpl index f40db7c5..33008ad0 100644 --- a/home/.chezmoiexternal.toml.tmpl +++ b/home/.chezmoiexternal.toml.tmpl @@ -359,11 +359,11 @@ url = "{{ $vimPlugin }}" {{ $gitArgs }} {{- end }} -# coc.nvim VIM plugin requires custom branch "release" [".local/share/vim/plugged/coc.nvim"] type = "git-repo" url = "https://github.com/neoclide/coc.nvim.git" - {{ $gitArgs }} + clone.args = ["--branch", "release", "--depth", "1"] + pull.args = ["--ff-only"] ### NVIM [".config/nvim"] diff --git a/home/.chezmoiscripts/universal/run_after_01-pre-install.sh.tmpl b/home/.chezmoiscripts/universal/run_after_01-pre-install.sh.tmpl index 9e9eb20e..e4ecdd71 100644 --- a/home/.chezmoiscripts/universal/run_after_01-pre-install.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_after_01-pre-install.sh.tmpl @@ -1008,6 +1008,7 @@ if [ -n "$DEBUG" ] || [ -n "$DEBUG_MODE" ]; then ensureZshShell gnomeExtensionSettings grubSettings + installCocExtensions installDockerRclonePlugin installTerminalTheme loadCronjobs @@ -1035,6 +1036,7 @@ else ensureZshShell & gnomeExtensionSettings & grubSettings & + installCocExtensions & installDockerRclonePlugin & installTerminalTheme & loadCronjobs & diff --git a/home/.chezmoiscripts/universal/run_before_02-homebrew.sh.tmpl b/home/.chezmoiscripts/universal/run_before_02-homebrew.sh.tmpl index 10dd28d2..14bfd7f6 100644 --- a/home/.chezmoiscripts/universal/run_before_02-homebrew.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_before_02-homebrew.sh.tmpl @@ -56,14 +56,30 @@ ensureHomebrewDeps() { fi } +# @description This function removes group write permissions from the Homebrew share folder which +# is required for the ZSH configuration. +fixHomebrewPermissions() { + if [ -f /usr/local/bin/brew ]; then + sudo chmod -R g-w /usr/local/share + elif [ -f "${HOMEBREW_PREFIX:-/opt/homebrew}/bin/brew" ]; then + sudo chmod -R g-w "${HOMEBREW_PREFIX:-/opt/homebrew}/share" + elif [ -d "$HOME/.linuxbrew" ]; then + sudo chmod -R g-w "$HOME/.linuxbrew/share" + elif [ -d "/home/linuxbrew/.linuxbrew" ]; then + sudo chmod -R g-w /home/linuxbrew/.linuxbrew/share + fi +} + # @description This script ensures Homebrew is installed. ensurePackageManagerHomebrew() { if ! command -v brew > /dev/null; then if command -v sudo > /dev/null && sudo -n true; then echo | bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" + fixHomebrewPermissions else logg info 'Homebrew is not installed. Password may be required.' bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" || BREW_EXIT_CODE="$?" + fixHomebrewPermissions if [ -n "$BREW_EXIT_CODE" ]; then logg warn 'Homebrew was installed but part of the installation failed to complete successfully.' if command -v brew > /dev/null; then diff --git a/home/.chezmoiscripts/universal/run_before_05-system.sh.tmpl b/home/.chezmoiscripts/universal/run_before_05-system.sh.tmpl index 4ea3e0a5..9e36c46b 100644 --- a/home/.chezmoiscripts/universal/run_before_05-system.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_before_05-system.sh.tmpl @@ -253,7 +253,7 @@ function gVisorPreBuilt() { ARCH=$(uname -m) URL="https://storage.googleapis.com/gvisor/releases/release/latest/${ARCH}" logg info 'Downloading gVisor runsc and containerd-shim-runsc-v1 SHA signatures' - wget "${URL}/runsc ${URL}/runsc.sha512" "${URL}/containerd-shim-runsc-v1 ${URL}/containerd-shim-runsc-v1.sha512" + wget "${URL}/runsc" "${URL}/runsc.sha512" "${URL}/containerd-shim-runsc-v1" "${URL}/containerd-shim-runsc-v1.sha512" sha512sum -c runsc.sha512 -c containerd-shim-runsc-v1.sha512 rm -f *.sha512 chmod a+rx runsc containerd-shim-runsc-v1 @@ -442,11 +442,11 @@ installDocker() { ### Create /etc/docker/daemon.json logg info 'Creating /etc/docker' sudo mkdir -p /etc/docker - if [ -f "${XDG_DATA_HOME:-$HOME/.local/share}/home/dot_config/docker/daemon.json" ]; then + if [ -f "${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi/home/dot_config/docker/daemon.json.tmpl" ]; then logg info 'Creating /etc/docker/daemon.json' - sudo cp -f "${XDG_DATA_HOME:-$HOME/.local/share}/home/dot_config/docker/daemon.json" /etc/docker/daemon.json + chezmoi cat "${XDG_CONFIG_HOME:-$HOME/.config}/docker/config.json" | sudo tee /etc/docker/daemon.json else - logg warn "${XDG_DATA_HOME:-$HOME/.local/share}/home/dot_config/docker/daemon.json is not available so the /etc/docker/daemon.json file cannot be populated" + logg warn "${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi/home/dot_config/docker/daemon.json.tmpl is not available so the /etc/docker/daemon.json file cannot be populated" fi ### Restart / enable Docker diff --git a/home/.chezmoitemplates/darwin/Brewfile b/home/.chezmoitemplates/darwin/Brewfile index a7d9f257..891dc66c 100644 --- a/home/.chezmoitemplates/darwin/Brewfile +++ b/home/.chezmoitemplates/darwin/Brewfile @@ -35,6 +35,7 @@ brew "rust" tap "go-task/tap" brew "go-task/tap/go-task" brew "volta" +brew "yarn" brew "yq" brew "zx" cask "docker" diff --git a/home/dot_config/coc/coc-settings.json b/home/dot_config/coc/coc-settings.json index 9491d657..e1fa77eb 100644 --- a/home/dot_config/coc/coc-settings.json +++ b/home/dot_config/coc/coc-settings.json @@ -1,37 +1,38 @@ { "sh.enable": true, - "dockerfile": { - "command": "docker-langserver", - "filetypes": [ - "Dockerfile" - ], - "args": [ - "--stdio" - ] - }, - "sql": { - "module": "${XDG_DATA_HOME:-$HOME/.local/share}/nvim/lib/node_modules/sql-language-server/npm_bin/cli.js", - "args": [ - "up", - "--method", - "node-ipc" - ], - "filetypes": [ - "sql", - "mysql" - ] - }, - "terraform": { - "command": "terraform-ls", - "args": [ - "serve" - ], - "filetypes": [ - "terraform", - "tf" - ], - "initializationOptions": {}, - "settings": {} + "languageserver": { + "dockerfile": { + "command": "docker-langserver", + "filetypes": [ + "Dockerfile" + ], + "args": [ + "--stdio" + ] + }, + "sql": { + "module": "sql-language-server", + "args": [ + "up", + "--method", + "node-ipc" + ], + "filetypes": [ + "sql", + "mysql" + ] + }, + "terraform": { + "command": "terraform-ls", + "args": [ + "serve" + ], + "filetypes": [ + "terraform", + "tf" + ], + "initializationOptions": {}, + "settings": {} + } } -} } \ No newline at end of file diff --git a/home/dot_config/coc/extensions/package.json b/home/dot_config/coc/extensions/package.json new file mode 100644 index 00000000..ebfae446 --- /dev/null +++ b/home/dot_config/coc/extensions/package.json @@ -0,0 +1,57 @@ +{ + "dependencies": { + "@yaegassy/coc-nginx": ">=0.4.1", + "@yaegassy/coc-ansible": ">=0.14.2", + "coc-angular": ">=17.0.2", + "coc-clangd": ">=0.30.1", + "coc-calc": ">=3.1.0", + "coc-copilot": ">=0.0.6", + "coc-css": ">=2.1.0", + "coc-deno": ">=3.13.0", + "coc-diagnostic": ">=0.24.1", + "coc-docker": ">=1.0.2", + "coc-blade": ">=0.18.7", + "coc-eslint": ">=1.6.0", + "coc-emmet": ">=1.1.6", + "coc-cssmodules": ">=1.1.1", + "coc-flutter": ">=1.9.10", + "coc-git": ">=2.7.0", + "coc-go": ">=1.3.33", + "coc-highlight": ">=2.0.4", + "coc-html-css-support": ">=0.5.1", + "coc-explorer": ">=0.26.6", + "coc-html": ">=1.8.0", + "coc-htmlhint": ">=0.6.1", + "coc-fzf-preview": ">=2.16.6", + "coc-jedi": ">=0.36.1", + "coc-json": ">=1.9.2", + "coc-ltex": ">=13.1.0", + "coc-lua": ">=2.0.6", + "coc-markdownlint": ">=1.32.1", + "coc-java": ">=1.15.2", + "coc-phpls": ">=2.2.3", + "coc-markdown-preview-enhanced": ">=0.5.3", + "coc-prettier": ">=9.3.2", + "coc-markmap": ">=0.7.0", + "coc-powershell": ">=0.1.4", + "coc-rls": ">=1.1.6", + "coc-rust-analyzer": ">=0.75.0", + "coc-sh": ">=1.2.2", + "coc-prisma": ">=0.11.0", + "coc-solargraph": ">=1.2.4", + "coc-pyright": ">=1.1.342", + "coc-solidity": ">=1.4.2", + "coc-sql": ">=0.11.0", + "coc-sqlfluff": ">=0.11.4", + "coc-stylelint": ">=1.2.0", + "coc-swagger": ">=0.0.3", + "coc-svg": ">=0.0.13", + "coc-svelte": ">=0.5.0", + "coc-tsserver": ">=2.1.4", + "coc-xml": ">=1.14.1", + "coc-yank": ">=1.2.3", + "coc-yaml": ">=1.9.0", + "coc-toml": ">=1.2.5" + }, + "lastUpdate": 0 +} \ No newline at end of file diff --git a/home/dot_config/docker/config.json.tmpl b/home/dot_config/docker/config.json.tmpl index 1b382f37..2ed2b386 100644 --- a/home/dot_config/docker/config.json.tmpl +++ b/home/dot_config/docker/config.json.tmpl @@ -2,6 +2,5 @@ "auths": { "https://index.docker.io/v1/": {} }, - "credsStore": "{{ if (eq .host.distro.id "darwin") }}osxkeychain{{ else }}{{ if (eq .host.distro.id "windows") }}wincred{{ else }}secretservice{{ end }}{{ end }}", - "currentContext": "desktop-linux" + "credsStore": "{{ if (eq .host.distro.id "darwin") }}osxkeychain{{ else }}{{ if (eq .host.distro.id "windows") }}wincred{{ else }}secretservice{{ end }}{{ end }}" } \ No newline at end of file diff --git a/home/dot_config/shell/exports.sh.tmpl b/home/dot_config/shell/exports.sh.tmpl index 787ca0e7..855a946b 100644 --- a/home/dot_config/shell/exports.sh.tmpl +++ b/home/dot_config/shell/exports.sh.tmpl @@ -413,7 +413,7 @@ if [ -f "$HOME/.local/etc/ssl/curl/cacert.pem" ]; then export CERT_PATH="$HOME/.local/etc/ssl/curl/cacert.pem" export SSL_CERT_FILE="$CERT_PATH" export REQUESTS_CA_BUNDLE="$CERT_PATH" -elif command -v python3 > /dev/null; then +elif command -v python3 > /dev/null && pip3 list | grep certifi > /dev/null; then export CERT_PATH="$(python3 -m certifi)" || export CERT_PATH="$(python -m certifi)" || export CERT_PATH="$HOME/.local/etc/ssl/curl/cacert.pem" export SSL_CERT_FILE="$CERT_PATH" export REQUESTS_CA_BUNDLE="$CERT_PATH" diff --git a/home/dot_config/vim/vimrc b/home/dot_config/vim/vimrc index 3d354226..bd253144 100644 --- a/home/dot_config/vim/vimrc +++ b/home/dot_config/vim/vimrc @@ -384,15 +384,12 @@ let g:coc_global_extensions = [ \'coc-sh', \'coc-solargraph', \'coc-solidity', - \'coc-spell-checker', \'coc-stylelint', \'coc-sql', \'coc-sqlfluff', \'coc-svelte', \'coc-svg', \'coc-swagger', - \'coc-symbol-line', - \'coc-tailwindcss', \'coc-toml', \'coc-tsserver', \'coc-xml', @@ -454,7 +451,7 @@ endif silent! call plug#begin('~/.local/share/vim/plugged') Plug '~/.local/share/vim/plugged/ale' -Plug '~/.local/share/vim/plugged/coc.nvim', {'branch': 'release', 'do': 'yarn install --frozen-lockfile'} +Plug '~/.local/share/vim/plugged/coc.nvim', {'branch': 'release'} Plug '~/.local/share/vim/plugged/copilot.vim' Plug '~/.local/share/vim/plugged/dockerfile.vim' Plug '~/.local/share/vim/plugged/editorconfig-vim' @@ -476,7 +473,7 @@ Plug '~/.local/share/vim/plugged/vim-jsx' Plug '~/.local/share/vim/plugged/vim-markdown' Plug '~/.local/share/vim/plugged/vim-multiple-cursors' Plug '~/.local/share/vim/plugged/vim-polyglot' -Plug '~/.local/share/vim/plugged/vim-prettier', { 'do': 'yarn install --frozen-lockfile --production' } +Plug '~/.local/share/vim/plugged/vim-prettier', { 'do': 'npm ci' } Plug '~/.local/share/vim/plugged/vim-sensible' Plug '~/.local/share/vim/plugged/vim-surround' Plug '~/.local/share/vim/plugged/vim-sneak' diff --git a/home/dot_local/bin/executable_install-program b/home/dot_local/bin/executable_install-program index 5e21eaa6..4fa2fdf8 100644 --- a/home/dot_local/bin/executable_install-program +++ b/home/dot_local/bin/executable_install-program @@ -767,12 +767,17 @@ async function beforeInstall(packageManager) { brewUpdated = true try { runCommand('Running brew update / upgrade', `brew update && brew upgrade --cask && brew upgrade`) + runCommand('Running brew update', `brew update`) + runCommand('Running brew upgrade', `brew upgrade`) + if (osType === 'darwin'){ + runCommand('Running brew upgrade (Casks)', `brew upgrade --cask`) + } } catch (e) { console.log(e) log('error', 'Homebrew', 'Failed running brew update / upgrade') log('info', 'Homebrew', 'Running brew tap --repair and trying again') try { - runCommand('Repairing taps and retrying brew update / upgrade', 'export HOMEBREW_TEMP=/tmp && sudo rm -rf $(brew --cache) && brew tap --repair && brew update && brew upgrade --cask --greedy && brew upgrade --force --greedy') + runCommand('Repairing taps and retrying brew update / upgrade', 'export HOMEBREW_TEMP=/tmp && sudo rm -rf $(brew --cache) && brew tap --repair && brew update && brew upgrade --force --greedy && [[ $OSTYPE != "darwin"* ]] && brew upgrade --cask --greedy') } catch (e) { console.log(e) log('error', 'Homebrew', 'Failed both attempts to run brew update / upgrade') @@ -957,9 +962,11 @@ async function ensurePackageManager(packageManager) { $` if command -v sudo > /dev/null && sudo -n true; then echo | bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" + sudo chmod -R g-w "$(brew --prefix)/share" else log('info', logStage, 'Homebrew is not installed. Password may be required.') bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" || BREW_EXIT_CODE="$?" + sudo chmod -R g-w "$(brew --prefix)/share" if [ -n "$BREW_EXIT_CODE" ]; then if command -v brew > /dev/null; then log('warn', logStage, 'Homebrew was installed but part of the installation failed. Attempting to fix..') @@ -1264,10 +1271,17 @@ async function installPackageList(packageManager, packages) { } else if (packageManager === 'apt') { for (let pkg of packages) { try { - runCommand( - `Installing ${pkg} via ${packageManager}`, - `sudo apt-get -o DPkg::Options::=--force-confdef install -y ${pkg}` - ) + if (pkg.startsWith('http') && pkg.endsWith('.deb')) { + runCommand( + `Downloading and installing ${pkg}`, + `TMP="$(mktemp)" && curl -sSL ${pkg} -o "$TMP" && sudo dpkg -i "$TMP"` + ) + } else { + runCommand( + `Installing ${pkg} via ${packageManager}`, + `sudo DEBIAN_FRONTEND=noninteractive apt-get -o DPkg::Options::=--force-confdef install -y ${pkg}` + ) + } log('success', 'Install', `${pkg} successfully installed via ${packageManager}`) } catch (e) { log('error', 'Install', `There was an error installing ${pkg} with apt-get`) @@ -1545,7 +1559,7 @@ async function installPackageList(packageManager, packages) { async function addUserGroup(group) { const logStage = 'Users / Groups' log('info', logStage, `Ensuring the ${group} group / user is added`) - runCommand(`Creating the ${group} user / group`, `sudo add-usergroup "${process.env.USER}" "${group}"`) + runCommand(`Creating the ${group} user / group`, `sudo "${process.env.HOME}/.local/bin/add-usergroup" "${process.env.USER}" "${group}"`) } /** diff --git a/home/dot_local/bin/executable_provision.tmpl b/home/dot_local/bin/executable_provision.tmpl index c1d25103..77d7b22a 100644 --- a/home/dot_local/bin/executable_provision.tmpl +++ b/home/dot_local/bin/executable_provision.tmpl @@ -241,6 +241,20 @@ if ! command -v curl > /dev/null || ! command -v git > /dev/null || ! command -v fi fi +# @description This function removes group write permissions from the Homebrew share folder which +# is required for the ZSH configuration. +fixHomebrewPermissions() { + if [ -f /usr/local/bin/brew ]; then + sudo chmod -R g-w /usr/local/share + elif [ -f "${HOMEBREW_PREFIX:-/opt/homebrew}/bin/brew" ]; then + sudo chmod -R g-w "${HOMEBREW_PREFIX:-/opt/homebrew}/share" + elif [ -d "$HOME/.linuxbrew" ]; then + sudo chmod -R g-w "$HOME/.linuxbrew/share" + elif [ -d "/home/linuxbrew/.linuxbrew" ]; then + sudo chmod -R g-w /home/linuxbrew/.linuxbrew/share + fi +} + # @description Ensure Homebrew is installed and available if ! command -v brew > /dev/null; then if [ -d /home/linuxbrew/.linuxbrew/bin ]; then @@ -252,9 +266,11 @@ if ! command -v brew > /dev/null; then # @description Installs Homebrew and addresses a couple potential issues if command -v sudo > /dev/null && sudo -n true; then echo | /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" + fixHomebrewPermissions else echo "Homebrew is not installed. The script will attempt to install Homebrew and you might be prompted for your password." /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" || BREW_EXIT_CODE="$?" + fixHomebrewPermissions if [ -n "$BREW_EXIT_CODE" ]; then if command -v brew > /dev/null; then echo "Homebrew was installed but part of the installation failed. Trying a few things to fix the installation.." diff --git a/local/provision.sh b/local/provision.sh index 4dc85c53..68b2d07f 100644 --- a/local/provision.sh +++ b/local/provision.sh @@ -244,6 +244,20 @@ fixHomebrewPermissions() { fi } +# @description This function removes group write permissions from the Homebrew share folder which +# is required for the ZSH configuration. +fixHomebrewSharePermissions() { + if [ -f /usr/local/bin/brew ]; then + sudo chmod -R g-w /usr/local/share + elif [ -f "${HOMEBREW_PREFIX:-/opt/homebrew}/bin/brew" ]; then + sudo chmod -R g-w "${HOMEBREW_PREFIX:-/opt/homebrew}/share" + elif [ -d "$HOME/.linuxbrew" ]; then + sudo chmod -R g-w "$HOME/.linuxbrew/share" + elif [ -d "/home/linuxbrew/.linuxbrew" ]; then + sudo chmod -R g-w /home/linuxbrew/.linuxbrew/share + fi +} + ### Installs Homebrew ensurePackageManagerHomebrew() { if ! command -v brew > /dev/null; then @@ -251,9 +265,11 @@ ensurePackageManagerHomebrew() { if command -v sudo > /dev/null && sudo -n true; then logg info 'Installing Homebrew. Sudo privileges available.' echo | bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" || BREW_EXIT_CODE="$?" + fixHomebrewSharePermissions else logg info 'Installing Homebrew. Sudo privileges not available. Password may be required.' bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" || BREW_EXIT_CODE="$?" + fixHomebrewSharePermissions fi ### Attempt to fix problematic installs @@ -631,6 +647,12 @@ initChezmoiAndPrompt() { fi } +# @description When a reboot is triggered by softwareupdate on macOS, other utilities that require +# a reboot are also installed to save on reboots. +beforeRebootDarwin() { + logg info "Ensuring macfuse is installed" && brew install --cask --no-quarantine --quiet macfuse +} + # @description Save the log of the provision process to `$HOME/.local/var/log/install.doctor/install.doctor.$(date +%s).log` and add the Chezmoi # `--force` flag if the `HEADLESS_INSTALL` variable is set to `true`. runChezmoi() { @@ -682,6 +704,7 @@ runChezmoi() { ### Handle exit codes in log if cat "$LOG_FILE" | grep 'chezmoi: exit status 140' > /dev/null; then + beforeRebootDarwin logg info "Chezmoi signalled that a reboot is necessary to apply a system update" logg info "Running softwareupdate with the reboot flag" sudo softwareupdate -i -a -R --agree-to-license && exit diff --git a/scripts/cloudflared-ssh.sh b/scripts/cloudflared-ssh.sh index d7fdfa3e..636dc566 100644 --- a/scripts/cloudflared-ssh.sh +++ b/scripts/cloudflared-ssh.sh @@ -211,6 +211,20 @@ fixHomebrewPermissions() { fi } +# @description This function removes group write permissions from the Homebrew share folder which +# is required for the ZSH configuration. +fixHomebrewSharePermissions() { + if [ -f /usr/local/bin/brew ]; then + sudo chmod -R g-w /usr/local/share + elif [ -f "${HOMEBREW_PREFIX:-/opt/homebrew}/bin/brew" ]; then + sudo chmod -R g-w "${HOMEBREW_PREFIX:-/opt/homebrew}/share" + elif [ -d "$HOME/.linuxbrew" ]; then + sudo chmod -R g-w "$HOME/.linuxbrew/share" + elif [ -d "/home/linuxbrew/.linuxbrew" ]; then + sudo chmod -R g-w /home/linuxbrew/.linuxbrew/share + fi +} + ### Installs Homebrew ensurePackageManagerHomebrew() { if ! command -v brew > /dev/null; then @@ -218,9 +232,11 @@ ensurePackageManagerHomebrew() { if command -v sudo > /dev/null && sudo -n true; then logg info 'Installing Homebrew. Sudo privileges available.' echo | bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" || BREW_EXIT_CODE="$?" + fixHomebrewSharePermissions else logg info 'Installing Homebrew. Sudo privileges not available. Password may be required.' bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" || BREW_EXIT_CODE="$?" + fixHomebrewSharePermissions fi ### Attempt to fix problematic installs diff --git a/scripts/homebrew.sh b/scripts/homebrew.sh index 417efc80..50cfc086 100644 --- a/scripts/homebrew.sh +++ b/scripts/homebrew.sh @@ -180,6 +180,20 @@ fixHomebrewPermissions() { fi } +# @description This function removes group write permissions from the Homebrew share folder which +# is required for the ZSH configuration. +fixHomebrewSharePermissions() { + if [ -f /usr/local/bin/brew ]; then + sudo chmod -R g-w /usr/local/share + elif [ -f "${HOMEBREW_PREFIX:-/opt/homebrew}/bin/brew" ]; then + sudo chmod -R g-w "${HOMEBREW_PREFIX:-/opt/homebrew}/share" + elif [ -d "$HOME/.linuxbrew" ]; then + sudo chmod -R g-w "$HOME/.linuxbrew/share" + elif [ -d "/home/linuxbrew/.linuxbrew" ]; then + sudo chmod -R g-w /home/linuxbrew/.linuxbrew/share + fi +} + ### Installs Homebrew ensurePackageManagerHomebrew() { if ! command -v brew > /dev/null; then @@ -187,9 +201,11 @@ ensurePackageManagerHomebrew() { if command -v sudo > /dev/null && sudo -n true; then logg info 'Installing Homebrew. Sudo privileges available.' echo | bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" || BREW_EXIT_CODE="$?" + fixHomebrewSharePermissions else logg info 'Installing Homebrew. Sudo privileges not available. Password may be required.' bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" || BREW_EXIT_CODE="$?" + fixHomebrewSharePermissions fi ### Attempt to fix problematic installs diff --git a/scripts/partials/homebrew b/scripts/partials/homebrew index cf6b57b8..257a4385 100644 --- a/scripts/partials/homebrew +++ b/scripts/partials/homebrew @@ -30,6 +30,20 @@ fixHomebrewPermissions() { fi } +# @description This function removes group write permissions from the Homebrew share folder which +# is required for the ZSH configuration. +fixHomebrewSharePermissions() { + if [ -f /usr/local/bin/brew ]; then + sudo chmod -R g-w /usr/local/share + elif [ -f "${HOMEBREW_PREFIX:-/opt/homebrew}/bin/brew" ]; then + sudo chmod -R g-w "${HOMEBREW_PREFIX:-/opt/homebrew}/share" + elif [ -d "$HOME/.linuxbrew" ]; then + sudo chmod -R g-w "$HOME/.linuxbrew/share" + elif [ -d "/home/linuxbrew/.linuxbrew" ]; then + sudo chmod -R g-w /home/linuxbrew/.linuxbrew/share + fi +} + ### Installs Homebrew ensurePackageManagerHomebrew() { if ! command -v brew > /dev/null; then @@ -37,9 +51,11 @@ ensurePackageManagerHomebrew() { if command -v sudo > /dev/null && sudo -n true; then logg info 'Installing Homebrew. Sudo privileges available.' echo | bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" || BREW_EXIT_CODE="$?" + fixHomebrewSharePermissions else logg info 'Installing Homebrew. Sudo privileges not available. Password may be required.' bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" || BREW_EXIT_CODE="$?" + fixHomebrewSharePermissions fi ### Attempt to fix problematic installs diff --git a/scripts/provision.sh b/scripts/provision.sh index 3be7a726..a55e34c4 100644 --- a/scripts/provision.sh +++ b/scripts/provision.sh @@ -21,7 +21,7 @@ # | **Task** | Task runner used on-device for task parallelization and dependency management | # | **ZX / Node.js** | ZX is a Node.js abstraction that allows for better scripts | # | Gum | Gum is a terminal UI prompt CLI (which allows sweet, interactive prompts) | -# | Glow | Glow is a markdown renderer used for applying terminal-friendly styled to markdown | +# | Glow | Glow is a markdown renderer used for applying terminal-friendly styles to markdown | # # There are also a handful of system packages that are installed like `curl` and `git`. Then, during the Chezmoi provisioning # process, there are a handful of system packages that are installed to ensure things run smoothly. You can find more details @@ -244,6 +244,20 @@ fixHomebrewPermissions() { fi } +# @description This function removes group write permissions from the Homebrew share folder which +# is required for the ZSH configuration. +fixHomebrewSharePermissions() { + if [ -f /usr/local/bin/brew ]; then + sudo chmod -R g-w /usr/local/share + elif [ -f "${HOMEBREW_PREFIX:-/opt/homebrew}/bin/brew" ]; then + sudo chmod -R g-w "${HOMEBREW_PREFIX:-/opt/homebrew}/share" + elif [ -d "$HOME/.linuxbrew" ]; then + sudo chmod -R g-w "$HOME/.linuxbrew/share" + elif [ -d "/home/linuxbrew/.linuxbrew" ]; then + sudo chmod -R g-w /home/linuxbrew/.linuxbrew/share + fi +} + ### Installs Homebrew ensurePackageManagerHomebrew() { if ! command -v brew > /dev/null; then @@ -251,9 +265,11 @@ ensurePackageManagerHomebrew() { if command -v sudo > /dev/null && sudo -n true; then logg info 'Installing Homebrew. Sudo privileges available.' echo | bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" || BREW_EXIT_CODE="$?" + fixHomebrewSharePermissions else logg info 'Installing Homebrew. Sudo privileges not available. Password may be required.' bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" || BREW_EXIT_CODE="$?" + fixHomebrewSharePermissions fi ### Attempt to fix problematic installs diff --git a/software.yml b/software.yml index 1c488dc2..84cfc988 100644 --- a/software.yml +++ b/software.yml @@ -3187,16 +3187,14 @@ softwarePackages: brew: oven-sh/bun/bun npm: bun proto: bun - nfty: + ntfy: _bin: nfty _github: https://github.com/dschep/ntfy _name: NFTY _post: | #!/usr/bin/env bash sudo mkdir -p /usr/local/etc/branding - sudo cp -f "$HOME/.local/etc/branding/favicon.ico" /usr/local/etc/branding/favicon.ico sudo cp -f "$HOME/.local/etc/branding/logo-color-256x256.png" /usr/local/etc/branding/logo-color-256x256.png - sudo cp -f "$HOME/.local/etc/branding/logo-color-900x900.png" /usr/local/etc/branding/logo-color-900x900.png sudo mkdir -p /usr/local/share/sounds rsync -rtvp "${XDG_DATA_HOME:-$HOME/.local/share}/sounds/"* /usr/local/share/sounds if command -v apt-get > /dev/null; then @@ -3205,6 +3203,7 @@ softwarePackages: if command -v termux-setup-storage > /dev/null; then apt install termux-api fi + pip: ntfy[emoji,matrix,pid,slack] script: | #!/usr/bin/env bash pip3 install ntfy[emoji,matrix,pid,slack] @@ -3499,11 +3498,6 @@ softwarePackages: _github: https://github.com/wfxr/forgit _name: forgit brew: forgit - ntfy: - _bin: ntfy - _github: https://github.com/dschep/ntfy - _name: ntfy - pipx: ntfy clipboard: _bin: cb _github: https://github.com/Slackadays/Clipboard.git @@ -5269,6 +5263,7 @@ softwarePackages: if command -v docker > /dev/null && docker run --rm hello-world > /dev/null; then HAS_DOCKER=1 else + HAS_DOCKER=0 logg warn 'Docker is not installed or it is not operational' fi @@ -5276,6 +5271,7 @@ softwarePackages: if command -v VirtualBox > /dev/null; then HAS_VIRTUALBOX=1 else + HAS_VIRTUALBOX=0 logg warn 'VirtualBox is not installed' fi @@ -5306,14 +5302,14 @@ softwarePackages: if [ $HAS_DOCKER -eq 1 ]; then logg info 'Registering GitLab Runner(s) that use Docker executor' {{- range .host.gitlabRunners }} - {{- if .runnerImage }} + {{- if index . "runnerImage" }} {{- $cmd }} --url {{ .glurl }} \ --executor "docker" \ - --description "{{ .runnerDescription }} - on {{ .chezmoi.hostname }}" \ + --description "{{ .runnerDescription }} - on {{ $.chezmoi.hostname }}" \ --docker-image {{ .runnerImage }} \ - {{ if and .runnerTags (gt (len .runnerTags) 0) }}--tag-list "{{ .runnerTags }},{{ .chezmoi.hostname }},docker" - {{ else }}--tag-list "{{ .chezmoi.hostname }},docker" --run-untagged{{ end }} || echo 'Runner registration failed" + {{ if and .runnerTags (gt (len .runnerTags) 0) }}--tag-list "{{ .runnerTags }},{{ $.chezmoi.hostname }},docker" + {{- else }}--tag-list "{{ $.chezmoi.hostname }},docker" --run-untagged{{ end }} || echo 'Runner registration failed" {{ end -}} {{ end }} fi @@ -5322,14 +5318,14 @@ softwarePackages: if [ $HAS_VIRTUALBOX -eq 1 ]; then logg info 'Registering GitLab Runner(s) that use VirtualBox executor' {{- range .host.gitlabRunners }} - {{- if .baseVM }} + {{- if index . "baseVM" }} {{- $cmd }} --url {{ .glurl }} \ --executor "virtualbox" \ - --description "{{ .runnerDescription }} - on {{ .chezmoi.hostname }}" \ + --description "{{ .runnerDescription }} - on {{ $.chezmoi.hostname }}" \ --virtualbox-base-name "{{ .baseVM }}" \ - {{ if and .runnerTags (gt (len .runnerTags) 0) }}--tag-list "{{ .runnerTags }},{{ .chezmoi.hostname }},virtualbox" - {{ else }}--tag-list "{{ .chezmoi.hostname }},virtualbox" --run-untagged{{ end }} || echo 'Runner registration failed" + {{ if and .runnerTags (gt (len .runnerTags) 0) }}--tag-list "{{ .runnerTags }},{{ $.chezmoi.hostname }},virtualbox" + {{- else }}--tag-list "{{ $.chezmoi.hostname }},virtualbox" --run-untagged{{ end }} || echo 'Runner registration failed" {{ end -}} {{ end }} fi @@ -9170,10 +9166,10 @@ softwarePackages: _when:linux: '! test -f /opt/safing/portmaster/portmaster-start' ansible:linux: professormanhattan.portmaster ansible:windows: professormanhattan.portmaster - apt: https://updates.safing.io/latest/linux_amd64/packages/portmaster-installer. + apt: https://updates.safing.io/latest/linux_amd64/packages/portmaster-installer.deb choco: portmaster dnf: https://updates.safing.io/latest/linux_amd64/packages/portmaster-installer.rpm - exe: https://updates.safing.io/latest/windows_amd64/packages/portmaster-installer. + exe: https://updates.safing.io/latest/windows_amd64/packages/portmaster-installer.exe scoop: portmaster-np pake: _bin: pake @@ -12505,8 +12501,19 @@ softwarePackages: _name: VIM _post: | #!/usr/bin/env bash - echo "Installing VIM plugins" && vim +'PlugInstall --sync' +qall - echo "Updating VIM coc extensions" && vim +CocUpdateSync +qall + logg info "Installing VIM plugins" && vim +'PlugInstall --sync' +qall + # @description This script installs the extensions defined in `${XDG_CONFIG_HOME:-$HOME/.config}/coc/extensions/package.json` + # which should correlate to the Coc extensions defined in `${XDG_CONFIG_HOME:-$HOME/.config}/vim/vimrc`. + installCocExtensions() { + if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/coc/extensions/package.json" ]; then + logg info "Running npm i --no-package-lock in ${XDG_CONFIG_HOME:-$HOME/.config}/coc/extensions" + cd "${XDG_CONFIG_HOME:-$HOME/.config}/coc/extensions" && npm i --no-package-lock + logg info "Running vim +CocUpdateSync +qall" && vim +CocUpdateSync +qall + else + logg info "Skipping Coc extension installation because ${XDG_CONFIG_HOME:-$HOME/.config}/coc/extensions/package.json is missing" + fi + } + logg info "Updating VIM coc extensions" && installCocExtensions ansible: professormanhattan.vim apt: vim brew: vim @@ -13221,6 +13228,8 @@ softwarePackages: # * [Linux managed configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/dot_config/warp/private_mdm.xml.tmpl) # * [macOS managed configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/Library/Managed%20Preferences/private_com.cloudflare.warp.plist.tmpl) + SSL_CERT_PATH="/etc/ssl/cert.pem" + ### Install CloudFlare WARP (on non-WSL *nix systems) if [[ ! "$(test -d /proc && grep Microsoft /proc/version > /dev/null)" ]]; then if [ -d /System ] && [ -d /Applications ]; then @@ -13278,8 +13287,8 @@ softwarePackages: # sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.crt" # fi logg info 'Updating the OpenSSL CA Store to include the Cloudflare certificate' - echo | sudo tee -a /etc/ssl/cert.pem < "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem" > /dev/null - echo "" | sudo tee -a /etc/ssl/cert.pem + echo | sudo tee -a "$SSL_CERT_PATH" < "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem" > /dev/null + echo "" | sudo tee -a "$SSL_CERT_PATH" else logg warn 'Session is SSH so adding Cloudflare encryption key to trusted certificates via the security program is being bypassed since it requires Touch ID / Password verification.' fi @@ -13307,7 +13316,8 @@ softwarePackages: logg info 'Copying CloudFlare Teams PEM file to /usr/local/share/ca-certificates/Cloudflare_CA.crt' sudo cp -f "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem" /usr/local/share/ca-certificates/Cloudflare_CA.crt logg info 'dpkg-reconfigure executable detected so using Debian/Ubuntu method of updating system trusted certificates to include CloudFlare Teams certificate' - sudo dpkg-reconfigure ca-certificates + sudo dpkg-reconfigure ca-certificates -p high + SSL_CERT_PATH="/etc/ssl/certs/ca-certificates.crt" else logg warn 'No /usr/local/share/ca-certificates folder present' fi @@ -13317,6 +13327,7 @@ softwarePackages: sudo cp -f "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.crt" "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.pem" /etc/pki/ca-trust/source/anchors logg info 'update-ca-trust executable detected so using CentOS/Fedora method of updating system trusted certificates to include CloudFlare Teams certificate' sudo update-ca-trust + SSL_CERT_PATH="/etc/pki/tls/certs/ca-bundle.crt" else logg warn '/etc/pki/ca-trust/source/anchors does not exist so skipping the system certificate update process' fi @@ -13330,20 +13341,20 @@ softwarePackages: # certificate and the WARP client is not running. ### Git if command -v git > /dev/null; then - logg info "Configuring git to use /etc/ssl/cert.pem" - git config --global http.sslcainfo /etc/ssl/cert.pem + logg info "Configuring git to use $SSL_CERT_PATH" + git config --global http.sslcainfo "$SSL_CERT_PATH" fi ### NPM if command -v npm > /dev/null; then - logg info "Configuring npm to use /etc/ssl/cert.pem" - npm config set cafile /etc/ssl/cert.pem + logg info "Configuring npm to use $SSL_CERT_PATH" + npm config set cafile "$SSL_CERT_PATH" fi ### Python if command -v python3 > /dev/null; then ### Ensure Certifi package is available globally - if ! pip3 list certifi | grep certifi > /dev/null; then + if ! pip3 list | grep certifi > /dev/null; then if command -v brew > /dev/null; then logg info 'Ensuring Python certifi is installed via Homebrew' brew install --quiet python-certifi