From 695ffbb95e63f7ba4ea63110e9f3ca45895cee7b Mon Sep 17 00:00:00 2001 From: Brian Zalewski <59970525+ProfessorManhattan@users.noreply.github.com> Date: Mon, 1 Apr 2024 10:04:23 +0000 Subject: [PATCH] Latest --- software.yml | 363 +++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 310 insertions(+), 53 deletions(-) diff --git a/software.yml b/software.yml index 5547c21e..50c8ce55 100644 --- a/software.yml +++ b/software.yml @@ -296,7 +296,7 @@ softwarePackages: _post:binary:darwin: | #!/usr/bin/env bash echo "TODO" - _post:binary:linux: > + _post:binary:linux: | #!/usr/bin/env bash # TODO How to pass the path of the file downloaded in `binary` step? That can replace the `wget` command below mkdir -p /usr/local/share/allure @@ -397,7 +397,7 @@ softwarePackages: _github: https://github.com/ansible/ansible _home: https://www.ansible.com/ _name: Ansible - _post:pipx: > + _post:pipx: | #!/usr/bin/env bash if [ ! -f "${XDG_CACHE_HOME:-$HOME/.cache}/installx/ansible-post" ]; then pipx inject ansible PyObjC PyObjC-core docker lxml netaddr pexpect python-vagrant pywinrm requests-credssp watchdog @@ -520,7 +520,7 @@ softwarePackages: _github: https://github.com/aquaproj/aqua _home: https://aquaproj.github.io _name: aqua - _post: > + _post: | #!/usr/bin/env bash # @file Aqua Initialization # @brief Updates and installs any Aqua dependencies that are defined in Aqua's configuration file. @@ -1078,10 +1078,10 @@ softwarePackages: _desc: "Blocky is a tool available on GitHub at https://github.com/0xERR0R/blocky. It is a Python script designed for managing DNS blacklists. Blocky allows users to easily add, remove, and update domains in \nvarious blocklists. This tool can be useful for system administrators and network security professionals to control access to specific domains by blocking them at the DNS level. It provides a simple and\nefficient way to manage blacklists for enhanced security and control over network traffic. " _github: https://github.com/0xERR0R/blocky _name: Blocky - _post:brew: > + _post:brew: | #!/usr/bin/env bash cp -f "$HOME/.local/etc/blocky/config.yaml" "$(brew --prefix)/etc/blocky/config.yaml" - _post:linux: > + _post:linux: | #!/usr/bin/env bash sudo mkdir -p /usr/local/etc/blocky if [ -d /usr/lib/systemd/system ]; then @@ -1166,7 +1166,7 @@ softwarePackages: _github: https://github.com/brave/brave-browser _home: https://brave.com/ _name: Brave Browser - _post: > + _post: | #!/usr/bin/env bash # @brief See `google-chrome` `_post` script for more details function chromeSetUp() { @@ -1565,7 +1565,7 @@ softwarePackages: _desc: "Chromium is an open-source web browser project that serves as the foundation for Google Chrome. It provides the source code for the Chromium browser, allowing developers to contribute to its development\nand customize it for their own purposes. The project is maintained by the Chromium team at Google and is known for its speed, stability, and support for modern web standards. Developers can access the \ncode, report issues, and contribute to the project's ongoing development on GitHub. " _github: https://github.com/chromium/chromium _name: "chromium " - _post: > + _post: | #!/usr/bin/env bash function chromeSetUp() { ### Ensure Chrome policies directory is present @@ -1646,7 +1646,7 @@ softwarePackages: _github: https://github.com/Cisco-Talos/clamav _home: https://www.clamav.net/ _name: ClamAV - _post: > + _post: | #!/usr/bin/env bash ### Add freshclam.conf if [ -f "$HOME/.local/etc/clamav/freshclam.conf" ]; then @@ -1758,7 +1758,7 @@ softwarePackages: _desc: "[CloudFlare Argo Tunnel Client](https://developers.cloudflare.com/argo-tunnel/) contains the command-line client for CloudFlare Argo Tunnel, a tunneling daemon that proxies any local webserver through the Cloudflare network." _github: https://github.com/cloudflare/cloudflared _name: CloudFlared - _post: > + _post: | #!/usr/bin/env bash {{- $registrationToken := "" }} {{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "cloudflared" .host.hostname)) -}} @@ -2590,7 +2590,28 @@ softwarePackages: _github: https://github.com/docker/compose _home: https://www.docker.com/ _name: Docker Desktop - _post: "#!/usr/bin/env bash\n# @file DockerHub Login\n# @brief Logs into DockerHub for Docker Desktop\n# @description\n# This script logs into DockerHub so that Docker Desktop is pre-authenticated. This\n# functionality requires that the `DOCKERHUB_USER` be passed in as an environment variable (or \n# directly editted in the `~/.config/chezmoi/chezmoi.yaml` file) and that the `DOCKERHUB_TOKEN`\n# be passed in as a secret (either via the encrypted secret method or passed in as an environment\n# variable).\n\n### Login to DockerHub\nif command -v docker > /dev/null; then\n DOCKERHUB_TOKEN=\"{{ if (stat (joinPath .chezmoi.sourceDir \".chezmoitemplates\" \"secrets\" \"DOCKERHUB_TOKEN\")) }}{{- includeTemplate \"secrets/DOCKERHUB_TOKEN\" | decrypt | trim -}}{{ else }}{{- env \"DOCKERHUB_TOKEN\" -}}{{ end }}\"\n DOCKERHUB_USER=\"{{ .user.docker.username }}\"\n if [ -d \"/Applications/Docker.app\" ] || [ -d \"$HOME/Applications/Docker.app\" ]; then\n logg info 'Ensuring Docker.app is open' && open --background -a Docker --args --accept-license --unattended\n fi\n logg info 'Headlessly authenticating with DockerHub registry' && echo \"$DOCKERHUB_TOKEN\" | docker login -u \"$DOCKERHUB_USER\" --password-stdin > /dev/null && logg success 'Successfully authenticated with DockerHub registry'\nfi\n\n### Symlink on macOS\nif [ -f \"$HOME/Library/Containers/com.docker.docker/Data/docker.raw.sock\" ]; then\n logg info 'Symlinking /var/run/docker.sock to macOS Library location' && sudo ln -s \"$HOME/Library/Containers/com.docker.docker/Data/docker.raw.sock\" /var/run/docker.sock\nfi\n" + _post: | + #!/usr/bin/env bash + # @file DockerHub Login + # @brief Logs into DockerHub for Docker Desktop + # @description + # This script logs into DockerHub so that Docker Desktop is pre-authenticated. This + # functionality requires that the `DOCKERHUB_USER` be passed in as an environment variable (or + # directly editted in the `~/.config/chezmoi/chezmoi.yaml` file) and that the `DOCKERHUB_TOKEN` + # be passed in as a secret (either via the encrypted secret method or passed in as an environment + # variable). + if command -v docker > /dev/null; then + DOCKERHUB_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "DOCKERHUB_TOKEN")) }}{{- includeTemplate "secrets/DOCKERHUB_TOKEN" | decrypt | trim -}}{{ else }}{{- env "DOCKERHUB_TOKEN" -}}{{ end }}" + DOCKERHUB_USER="{{ .user.docker.username }}" + if [ -d "/Applications/Docker.app" ] || [ -d "$HOME/Applications/Docker.app" ]; then + logg info 'Ensuring Docker.app is open' && open --background -a Docker --args --accept-license --unattended + fi + logg info 'Headlessly authenticating with DockerHub registry' && echo "$DOCKERHUB_TOKEN" | docker login -u "$DOCKERHUB_USER" --password-stdin > /dev/null && logg success 'Successfully authenticated with DockerHub registry' + fi + ### Symlink on macOS + if [ -f "$HOME/Library/Containers/com.docker.docker/Data/docker.raw.sock" ]; then + logg info 'Symlinking /var/run/docker.sock to macOS Library location' && sudo ln -s "$HOME/Library/Containers/com.docker.docker/Data/docker.raw.sock" /var/run/docker.sock + fi _short: "Docker Compose is a tool for defining and running multi-container Docker applications. " apt: https://desktop.docker.com/linux/main/amd64/docker-desktop-4.16.2-amd64.deb cask: docker @@ -2962,7 +2983,50 @@ softwarePackages: _github: https://github.com/skeeto/endlessh _home: https://github.com/skeeto/endlessh _name: Endlessh - _post: "#!/usr/bin/env bash\n# @file Endlessh Configuration\n# @brief Applies the Endlessh configuration and starts the service on Linux systems\n# @description\n# Endlessh is a endless SSH tarpit that slowly shows an infinitely long SSH welcome banner on the default\n# SSH port. It is intended to break unsophisticated malware that targets SSH.\n# \n# If the `endlessh` program is installed, this script applies the configuration stored in `home/private_dot_ssh/endlessh/config.tmpl`\n# (that unpacks with Chezmoi to `~/.ssh/endlessh/config`) to the system location and then starts the service.\n# \n# **Note:** _This script runs under the assumption that the actual SSH port which is defined in `home/.chezmoidata.yaml`\n# is assigned to a non-standard port like 2214. This allows the default port to be used for `endlessh`._\n# \n# ## Links\n#\n# * [Endlessh GitHub repository](https://github.com/skeeto/endlessh)\n# * [Endlessh configuration](https://github.com/megabyte-labs/install.doctor/blob/master/home/private_dot_ssh/endlessh/config.tmpl)\n\n### Configures endlessh service\nfunction configureEndlessh() {\n\n ### Update the service configuration file\n logg info 'Updating endlessh service configuration file'\n sudo sed -i 's/^.*#AmbientCapabilities=CAP_NET_BIND_SERVICE/AmbientCapabilities=CAP_NET_BIND_SERVICE/' /usr/lib/systemd/system/endlessh.service\n sudo sed -i 's/^.*PrivateUsers=true/#PrivateUsers=true/' /usr/lib/systemd/system/endlessh.service\n logg info 'Reloading systemd' && sudo systemctl daemon-reload\n\n ### Update capabilities of `endlessh`\n logg info 'Updating capabilities of endlessh' && sudo setcap 'cap_net_bind_service=+ep' /usr/bin/endlessh\n\n ### Restart / enable Endlessh\n logg info 'Enabling the endlessh service' && sudo systemctl enable endlessh\n logg info 'Restarting the endlessh service' && sudo systemctl restart endlessh\n}\n\n### Update /etc/endlessh/config if environment is not WSL\nif [[ ! \"$(test -d proc && grep Microsoft /proc/version > /dev/null)\" ]]; then\n\n if command -v endlessh > /dev/null; then\n if [ -d /etc/endlessh ]; then\n logg info 'Copying ~/.ssh/endlessh/config to /etc/endlessh/config' && sudo cp -f \"$HOME/.ssh/endlessh/config\" /etc/endlessh/config\n\n configureEndlessh || CONFIGURE_EXIT_CODE=$?\n if [ -n \"$CONFIGURE_EXIT_CODE\" ]; then\n logg error 'Configuring endlessh service failed' && exit 1\n else\n logg success 'Successfully configured endlessh service'\n fi\n elif [ -f /etc/endlessh.conf ]; then\n logg info 'Copying ~/.ssh/endlessh/config to /etc/endlessh.conf' && sudo cp -f \"$HOME/.ssh/endlessh/config\" /etc/endlessh.conf\n\n configureEndlessh || CONFIGURE_EXIT_CODE=$?\n if [ -n \"$CONFIGURE_EXIT_CODE\" ]; then\n logg error 'Configuring endlessh service failed' && exit 1\n else\n logg success 'Successfully configured endlessh service'\n fi\n else\n logg warn 'Neither the /etc/endlessh folder nor the /etc/endlessh.conf file exist'\n fi\n else\n logg info 'Skipping Endlessh configuration because the endlessh executable is not available in the PATH'\n fi\nelse\n\n logg info 'Skipping Endlessh configuration since environment is WSL'\nfi\n" + _post: | + #!/usr/bin/env bash + # @file Endlessh Configuration + # @brief Applies the Endlessh configuration and starts the service on Linux systems + function configureEndlessh() { + ### Update the service configuration file + logg info 'Updating endlessh service configuration file' + sudo sed -i 's/^.*#AmbientCapabilities=CAP_NET_BIND_SERVICE/AmbientCapabilities=CAP_NET_BIND_SERVICE/' /usr/lib/systemd/system/endlessh.service + sudo sed -i 's/^.*PrivateUsers=true/#PrivateUsers=true/' /usr/lib/systemd/system/endlessh.service + logg info 'Reloading systemd' && sudo systemctl daemon-reload + ### Update capabilities of `endlessh` + logg info 'Updating capabilities of endlessh' && sudo setcap 'cap_net_bind_service=+ep' /usr/bin/endlessh + ### Restart / enable Endlessh + logg info 'Enabling the endlessh service' && sudo systemctl enable endlessh + logg info 'Restarting the endlessh service' && sudo systemctl restart endlessh + } + ### Update /etc/endlessh/config if environment is not WSL + if [[ ! "$(test -d proc && grep Microsoft /proc/version > /dev/null)" ]]; then + if command -v endlessh > /dev/null; then + if [ -d /etc/endlessh ]; then + logg info 'Copying ~/.ssh/endlessh/config to /etc/endlessh/config' && sudo cp -f "$HOME/.ssh/endlessh/config" /etc/endlessh/config + configureEndlessh || CONFIGURE_EXIT_CODE=$? + if [ -n "$CONFIGURE_EXIT_CODE" ]; then + logg error 'Configuring endlessh service failed' && exit 1 + else + logg success 'Successfully configured endlessh service' + fi + elif [ -f /etc/endlessh.conf ]; then + logg info 'Copying ~/.ssh/endlessh/config to /etc/endlessh.conf' && sudo cp -f "$HOME/.ssh/endlessh/config" /etc/endlessh.conf + configureEndlessh || CONFIGURE_EXIT_CODE=$? + if [ -n "$CONFIGURE_EXIT_CODE" ]; then + logg error 'Configuring endlessh service failed' && exit 1 + else + logg success 'Successfully configured endlessh service' + fi + else + logg warn 'Neither the /etc/endlessh folder nor the /etc/endlessh.conf file exist' + fi + else + logg info 'Skipping Endlessh configuration because the endlessh executable is not available in the PATH' + fi + else + logg info 'Skipping Endlessh configuration since environment is WSL' + fi _service: endlessh _short: "endlessh is a tool that generates endless SSH honeypot noise to frustrate and slow down attackers. " apt: endlessh @@ -2986,7 +3050,7 @@ softwarePackages: _github: https://github.com/sorah/envchain _home: https://github.com/sorah/envchain _name: envchain - _post: > + _post: | #!/usr/bin/env bash # @file Store Secrets in Keyring # @brief Stores secret environment variables into the System keyring @@ -3200,7 +3264,7 @@ softwarePackages: _name: "fail2ban " _notes: > fail2ban cannot be installed on Qubes Fedora 36 without messing with the qubes-firewall since firewalld is required. - _post: > + _post: | #!/usr/bin/env bash # @file Fail2ban Configuration # @brief Applies the system `fail2ban` jail configuration and then restarts the service @@ -3479,7 +3543,7 @@ softwarePackages: _github: false _home: https://www.mozilla.org/en-US/firefox/new/ _name: Mozilla Firefox - _post: > + _post: | #!/usr/bin/env bash # @file Firefox Settings / Add-Ons / Profiles # @brief This script configures system-wide settings, sets up Firefox Profile Switcher, creates various profiles from different sources, and installs a configurable list of Firefox Add-Ons. @@ -4480,7 +4544,7 @@ softwarePackages: _home: https://docs.github.com/en/actions/hosting-your-own-runners _name: GitHub Runner _when: '! test -d "${XDG_DATA_HOME:-$HOME/.local/share}/github-runner"' - _post: > + _post: | #!/usr/bin/env bash # @file GitHub Runner Registration # @brief Registers a GitHub action runner with GitHub @@ -4596,7 +4660,120 @@ softwarePackages: _github: https://github.com/gitlabhq/gitlab-runner _home: https://gitlab.com/gitlab-org/gitlab-runner _name: Gitlab Runner - _post: "#!/usr/bin/env bash\n# @file GitLab Runner Configuration\n# @brief Registers GitLab Runner(s) with the given GitLab instance\n# @description\n# This script registers the runner(s) with the given GitLab instance. SaaS GitLab can also be provided as the GitLab instance to register\n# the runners with. The script configures the runners to use either Docker or VirtualBox Executor. Refer to\n# [this page](https://docs.gitlab.com/runner/executors/docker.html) and [this page](https://docs.gitlab.com/runner/executors/virtualbox.html)\n# for details about the available configuration settings.\n#\n# Runners are always tagged with these 2 values: `hostname` and `docker`/`virtualbox` depending on the type of executor. If a list of tags is provided,\n# the runner is tagged with these values in addition to the above mentioned values. If the list of tags is empty, no additonal tags are added and the\n# runner is configured to pickup `untagged` jobs.\n#\n# Configuring other type of executors is not supported by this script.\n#\n# ## Secrets\n#\n# The following chart details the secret(s) that are needed to configure the runner:\n#\n# | Secret | Description |\n# |------------------------|------------------------------------------------------------|\n# | `GITLAB_RUNNER_TOKEN` | The token generated when the runner was created in GitLab |\n#\n# For more information about storing secrets like SSH keys and API keys, refer to our Secrets documentation provided below\n#\n# ## Configuration Variables\n#\n# The following chart details the input variable(s) that are used to determine the configuration of the runner:\n#\n# | Variable | Description |\n# |---------------------|----------------------------------------------------------------------------------------------------------|\n# | `glurl` | The URL of the Gitlab instance to associate the Runner with |\n# | `runnerImage` | Docker image to use to configure the runner. Needed only when configuring `Docker` executor |\n# | `runnerDescription` | Description of this runner |\n# | `runnerTags` | Comma separated list of tags for this runner. See details in the description for more info |\n# | `baseVM` | Name of the VirtualBox VM to use for creating runner. Needed only when configuring `VirtualBox` executor |\n#\n# ## Links\n#\n# * [Secrets / Environment variables documentation](https://install.doctor/docs/customization/secrets)\n\n### Check if Docker is installed and operational so Docker executor(s) can be registered\nif command -v docker > /dev/null && docker run --rm hello-world > /dev/null; then\n HAS_DOCKER=1\nelse\n HAS_DOCKER=0\n logg warn 'Docker is not installed or it is not operational'\nfi\n\n### Check if VirtualBox is installed and operational so VirtualBox executor(s) can be registered\nif command -v VirtualBox > /dev/null; then\n HAS_VIRTUALBOX=1\nelse\n HAS_VIRTUALBOX=0\n logg warn 'VirtualBox is not installed'\nfi\n\n### Configure runners if Docker or VirtualBox is installed\nif [ $HAS_DOCKER -eq 0 ] && [ $HAS_VIRTUALBOX -eq 0 ]; then\n logg warn 'Docker and VirtualBox are not installed. Not registering runner(s).'\nelse\n ### Run logic if gitlab-runner is installed\n if command -v gitlab-runner > /dev/null; then\n ### Populate appropriate token\n case \"$OSTYPE\" in\n solaris*) echo \"TODO\" ;;\n darwin*) GITLAB_RUNNER_TOKEN=\"{{ if (stat (joinPath .chezmoi.sourceDir \".chezmoitemplates\" \"secrets\" \"GITLAB_RUNNER_TOKEN_DARWIN\")) }}{{ includeTemplate \"secrets/GITLAB_RUNNER_TOKEN_DARWIN\" | decrypt | trim }}{{ else }}{{ env \"GITLAB_RUNNER_TOKEN_DARWIN\" }}{{ end }}\" ;; \n linux*) GITLAB_RUNNER_TOKEN=\"{{ if (stat (joinPath .chezmoi.sourceDir \".chezmoitemplates\" \"secrets\" \"GITLAB_RUNNER_TOKEN_LINUX\")) }}{{ includeTemplate \"secrets/GITLAB_RUNNER_TOKEN_LINUX\" | decrypt | trim }}{{ else }}{{ env \"GITLAB_RUNNER_TOKEN_LINUX\" }}{{ end }}\" ;;\n bsd*) echo \"TODO\" ;;\n msys*) GITLAB_RUNNER_TOKEN=\"{{ if (stat (joinPath .chezmoi.sourceDir \".chezmoitemplates\" \"secrets\" \"GITLAB_RUNNER_TOKEN_WINDOWS\")) }}{{ includeTemplate \"secrets/GITLAB_RUNNER_TOKEN_WINDOWS\" | decrypt | trim }}{{ else }}{{ env \"GITLAB_RUNNER_TOKEN_WINDOWS\" }}{{ end }}\" ;;\n cygwin*) GITLAB_RUNNER_TOKEN=\"{{ if (stat (joinPath .chezmoi.sourceDir \".chezmoitemplates\" \"secrets\" \"GITLAB_RUNNER_TOKEN_WINDOWS\")) }}{{ includeTemplate \"secrets/GITLAB_RUNNER_TOKEN_WINDOWS\" | decrypt | trim }}{{ else }}{{ env \"GITLAB_RUNNER_TOKEN_WINDOWS\" }}{{ end }}\" ;;\n *) echo \"unknown: $OSTYPE\" ;;\n esac\n\n ### Check if Runner Token value is present before attempting to register runner(s)\n if [ $GITLAB_RUNNER_TOKEN != \"\" ]; then\n ### Registering runners\n {{ $cmd := `gitlab-runner register \\\n --non-interactive \\\n --token $GITLAB_RUNNER_TOKEN \\` }}\n ### Register Docker based runners if Docker is installed and operational\n if [ $HAS_DOCKER -eq 1 ]; then\n logg info 'Registering GitLab Runner(s) that use Docker executor'\n {{- range .host.gitlabRunners }}\n {{- if index . \"runnerImage\" }}\n {{- $cmd }}\n --url {{ .glurl }} \\\n --executor \"docker\" \\\n --description \"{{ .runnerDescription }} - on {{ $.chezmoi.hostname }}\" \\\n --docker-image {{ .runnerImage }} \\\n {{ if and .runnerTags (gt (len .runnerTags) 0) }}--tag-list \"{{ .runnerTags }},{{ $.chezmoi.hostname }},docker\"\n {{- else }}--tag-list \"{{ $.chezmoi.hostname }},docker\" --run-untagged{{ end }} || echo 'Runner registration failed\"\n {{ end -}}\n {{ end }}\n fi\n \n ### Register VirtualBox based runners if VirtualBox is installed\n if [ $HAS_VIRTUALBOX -eq 1 ]; then\n logg info 'Registering GitLab Runner(s) that use VirtualBox executor'\n {{- range .host.gitlabRunners }}\n {{- if index . \"baseVM\" }}\n {{- $cmd }}\n --url {{ .glurl }} \\\n --executor \"virtualbox\" \\\n --description \"{{ .runnerDescription }} - on {{ $.chezmoi.hostname }}\" \\\n --virtualbox-base-name \"{{ .baseVM }}\" \\\n {{ if and .runnerTags (gt (len .runnerTags) 0) }}--tag-list \"{{ .runnerTags }},{{ $.chezmoi.hostname }},virtualbox\"\n {{- else }}--tag-list \"{{ $.chezmoi.hostname }},virtualbox\" --run-untagged{{ end }} || echo 'Runner registration failed\"\n {{ end -}}\n {{ end }}\n fi\n else\n logg warn 'GITLAB_RUNNER_TOKEN is not set. Not registering runner(s)'\n fi\n else\n logg warn 'gitlab-runner is not installed or is not available in PATH'\n fi\nfi\n" + _post: | + #!/usr/bin/env bash + # @file GitLab Runner Configuration + # @brief Registers GitLab Runner(s) with the given GitLab instance + # @description + # This script registers the runner(s) with the given GitLab instance. SaaS GitLab can also be provided as the GitLab instance to register + # the runners with. The script configures the runners to use either Docker or VirtualBox Executor. Refer to + # [this page](https://docs.gitlab.com/runner/executors/docker.html) and [this page](https://docs.gitlab.com/runner/executors/virtualbox.html) + # for details about the available configuration settings. + # + # Runners are always tagged with these 2 values: `hostname` and `docker`/`virtualbox` depending on the type of executor. If a list of tags is provided, + # the runner is tagged with these values in addition to the above mentioned values. If the list of tags is empty, no additonal tags are added and the + # runner is configured to pickup `untagged` jobs. + # + # Configuring other type of executors is not supported by this script. + # + # ## Secrets + # + # The following chart details the secret(s) that are needed to configure the runner: + # + # | Secret | Description | + # |------------------------|------------------------------------------------------------| + # | `GITLAB_RUNNER_TOKEN` | The token generated when the runner was created in GitLab | + # + # For more information about storing secrets like SSH keys and API keys, refer to our Secrets documentation provided below + # + # ## Configuration Variables + # + # The following chart details the input variable(s) that are used to determine the configuration of the runner: + # + # | Variable | Description | + # |---------------------|----------------------------------------------------------------------------------------------------------| + # | `glurl` | The URL of the Gitlab instance to associate the Runner with | + # | `runnerImage` | Docker image to use to configure the runner. Needed only when configuring `Docker` executor | + # | `runnerDescription` | Description of this runner | + # | `runnerTags` | Comma separated list of tags for this runner. See details in the description for more info | + # | `baseVM` | Name of the VirtualBox VM to use for creating runner. Needed only when configuring `VirtualBox` executor | + # + # ## Links + # + # * [Secrets / Environment variables documentation](https://install.doctor/docs/customization/secrets) + ### Check if Docker is installed and operational so Docker executor(s) can be registered + if command -v docker > /dev/null && docker run --rm hello-world > /dev/null; then + HAS_DOCKER=1 + else + HAS_DOCKER=0 + logg warn 'Docker is not installed or it is not operational' + fi + ### Check if VirtualBox is installed and operational so VirtualBox executor(s) can be registered + if command -v VirtualBox > /dev/null; then + HAS_VIRTUALBOX=1 + else + HAS_VIRTUALBOX=0 + logg warn 'VirtualBox is not installed' + fi + ### Configure runners if Docker or VirtualBox is installed + if [ $HAS_DOCKER -eq 0 ] && [ $HAS_VIRTUALBOX -eq 0 ]; then + logg warn 'Docker and VirtualBox are not installed. Not registering runner(s).' + else + ### Run logic if gitlab-runner is installed + if command -v gitlab-runner > /dev/null; then + ### Populate appropriate token + case "$OSTYPE" in + solaris*) echo "TODO" ;; + darwin*) GITLAB_RUNNER_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "GITLAB_RUNNER_TOKEN_DARWIN")) }}{{ includeTemplate "secrets/GITLAB_RUNNER_TOKEN_DARWIN" | decrypt | trim }}{{ else }}{{ env "GITLAB_RUNNER_TOKEN_DARWIN" }}{{ end }}" ;; + linux*) GITLAB_RUNNER_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "GITLAB_RUNNER_TOKEN_LINUX")) }}{{ includeTemplate "secrets/GITLAB_RUNNER_TOKEN_LINUX" | decrypt | trim }}{{ else }}{{ env "GITLAB_RUNNER_TOKEN_LINUX" }}{{ end }}" ;; + bsd*) echo "TODO" ;; + msys*) GITLAB_RUNNER_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "GITLAB_RUNNER_TOKEN_WINDOWS")) }}{{ includeTemplate "secrets/GITLAB_RUNNER_TOKEN_WINDOWS" | decrypt | trim }}{{ else }}{{ env "GITLAB_RUNNER_TOKEN_WINDOWS" }}{{ end }}" ;; + cygwin*) GITLAB_RUNNER_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "GITLAB_RUNNER_TOKEN_WINDOWS")) }}{{ includeTemplate "secrets/GITLAB_RUNNER_TOKEN_WINDOWS" | decrypt | trim }}{{ else }}{{ env "GITLAB_RUNNER_TOKEN_WINDOWS" }}{{ end }}" ;; + *) echo "unknown: $OSTYPE" ;; + esac + ### Check if Runner Token value is present before attempting to register runner(s) + if [ $GITLAB_RUNNER_TOKEN != "" ]; then + ### Registering runners + {{ $cmd := `gitlab-runner register \ + --non-interactive \ + --token $GITLAB_RUNNER_TOKEN \` }} + ### Register Docker based runners if Docker is installed and operational + if [ $HAS_DOCKER -eq 1 ]; then + logg info 'Registering GitLab Runner(s) that use Docker executor' + {{- range .host.gitlabRunners }} + {{- if index . "runnerImage" }} + {{- $cmd }} + --url {{ .glurl }} \ + --executor "docker" \ + --description "{{ .runnerDescription }} - on {{ $.chezmoi.hostname }}" \ + --docker-image {{ .runnerImage }} \ + {{ if and .runnerTags (gt (len .runnerTags) 0) }}--tag-list "{{ .runnerTags }},{{ $.chezmoi.hostname }},docker" + {{- else }}--tag-list "{{ $.chezmoi.hostname }},docker" --run-untagged{{ end }} || echo 'Runner registration failed" + {{ end -}} + {{ end }} + fi + ### Register VirtualBox based runners if VirtualBox is installed + if [ $HAS_VIRTUALBOX -eq 1 ]; then + logg info 'Registering GitLab Runner(s) that use VirtualBox executor' + {{- range .host.gitlabRunners }} + {{- if index . "baseVM" }} + {{- $cmd }} + --url {{ .glurl }} \ + --executor "virtualbox" \ + --description "{{ .runnerDescription }} - on {{ $.chezmoi.hostname }}" \ + --virtualbox-base-name "{{ .baseVM }}" \ + {{ if and .runnerTags (gt (len .runnerTags) 0) }}--tag-list "{{ .runnerTags }},{{ $.chezmoi.hostname }},virtualbox" + {{- else }}--tag-list "{{ $.chezmoi.hostname }},virtualbox" --run-untagged{{ end }} || echo 'Runner registration failed" + {{ end -}} + {{ end }} + fi + else + logg warn 'GITLAB_RUNNER_TOKEN is not set. Not registering runner(s)' + fi + else + logg warn 'gitlab-runner is not installed or is not available in PATH' + fi + fi _service: gitlab-runner _serviceEnabled: true _short: "GitLab Runner is an open-source project that works with GitLab CI/CD to run jobs and send the results back to GitLab. " @@ -4638,7 +4815,23 @@ softwarePackages: _desc: "[git-o-matic](https://github.com/muesli/gitomatic) is a tool to monitor git repositories and automatically pull & push changes" _github: https://github.com/muesli/gitomatic _name: git-o-matic - _post: "#!/usr/bin/env bash\n# @file git-o-matic Configuration\n# @brief Starts service on Linux systems to monitor Git repositories\n# @description\n# git-o-matic is a tool to monitor git repositories and automatically pull/push changes. Multiple repositories can be\n# monitored by running multiple instances of `gitomatic`. This script supports SSH Key based authentication only.\n#\n# If the `gitomatic` program is installed, this script creates and starts a Systemd service to monitor the repositories.\n# The repositories are cloned if they are not available at the path.\n#\n# ## Notes\n# * The author name and email address for commits are the same as `.user.name` and `.user.email` (configured in the `home/.chezmoi.yaml.tmpl` file)\n# * `gitomatic` automatically pushes and pulls changes. The script does not change this behavior\n# * `gitomatic` checks for changes every minute. This setting is not changed by this script\n# * The User's default SSH Key is used for authentication\n#\n# ## Links\n#\n# * [gitomatic GitHub repository](https://github.com/muesli/gitomatic/)\n# * [Systemd Unit file](https://github.com/megabyte-labs/install.doctor/blob/master/home/dot_config/gitomatic/gitomatic.service.tmpl)\n# * [Helper script](https://github.com/megabyte-labs/install.doctor/blob/master/home/dot_local/bin/executable_gitomatic_service.tmpl)\n\nif command -v gitomatic > /dev/null; then\n ### Copy bin to /usr/local/bin\n logg info \"Copying $HOME/.local/bin/gitomatic-service to /usr/local/bin/gitomatic-service\" && sudo cp -f \"$HOME/.local/bin/gitomatic-service\" /usr/local/bin/gitomatic-service\n \n ### Copy gitomatic to global directory\n if [ ! -f /usr/local/bin/gitomatic ]; then\n logg info 'Copying gitomatic executable to /usr/local/bin/gitomatic' && sudo cp -f \"$(which gitomatic)\" /usr/local/bin/gitomatic\n fi\n\n if [ -d /Applications ] && [ -d /System ]; then\n ### macOS\n logg info 'Copying gitomatic plist file to /Library/LaunchDaemons' && sudo cp -f \"${XDG_CONFIG_HOME:-$HOME/.config}/gitomatic/com.github.muesli.gitomatic.plist\" /Library/LaunchDaemons/com.github.muesli.gitomatic.plist\n if ! sudo launchctl list | grep 'gitomatic' > /dev/null; then\n logg info 'Running sudo launchctl load /Library/LaunchDaemons/com.github.muesli.gitomatic.plist' && sudo launchctl load /Library/LaunchDaemons/com.github.muesli.gitomatic.plist\n logg info 'Running sudo launchctl start /Library/LaunchDaemons/com.github.muesli.gitomatic.plist' && sudo launchctl start /Library/LaunchDaemons/com.github.muesli.gitomatic.plist\n else\n logg info \"gitomatic services appear to already be loaded\"\n fi\n else\n ### Linux\n logg info 'Copying gitomatic systemd unit file to /etc/systemd/system/' && sudo cp -f \"${XDG_CONFIG_HOME:-$HOME/.config}/gitomatic/gitomatic.service\" /etc/systemd/system/gitomatic.service\n logg info 'Reloading systemd daemon' && sudo systemctl daemon-reload\n logg info 'Enabling and starting gitomatic service' && sudo systemctl enable --now gitomatic\n fi\nelse\n logg info 'gitomatic is not installed or it is not available in PATH'\nfi\n" + _post: "#!/usr/bin/env bash +# @file git-o-matic Configuration +# @brief Starts service on Linux systems to monitor Git repositories +# @description +# git-o-matic is a tool to monitor git repositories and automatically pull/push changes. Multiple repositories can be +# monitored by running multiple instances of `gitomatic`. This script supports SSH Key based authentication only.\n# +# If the `gitomatic` program is installed, this script creates and starts a Systemd service to monitor the repositories. +# The repositories are cloned if they are not available at the path.\n# +# ## Notes +# * The author name and email address for commits are the same as `.user.name` and `.user.email` (configured in the `home/.chezmoi.yaml.tmpl` file) +# * `gitomatic` automatically pushes and pulls changes. The script does not change this behavior +# * `gitomatic` checks for changes every minute. This setting is not changed by this script +# * The User's default SSH Key is used for authentication\n# +# ## Links\n# +# * [gitomatic GitHub repository](https://github.com/muesli/gitomatic/) +# * [Systemd Unit file](https://github.com/megabyte-labs/install.doctor/blob/master/home/dot_config/gitomatic/gitomatic.service.tmpl) +# * [Helper script](https://github.com/megabyte-labs/install.doctor/blob/master/home/dot_local/bin/executable_gitomatic_service.tmpl)\n\nif command -v gitomatic > /dev/null; then\n ### Copy bin to /usr/local/bin\n logg info \"Copying $HOME/.local/bin/gitomatic-service to /usr/local/bin/gitomatic-service\" && sudo cp -f \"$HOME/.local/bin/gitomatic-service\" /usr/local/bin/gitomatic-service\n \n ### Copy gitomatic to global directory\n if [ ! -f /usr/local/bin/gitomatic ]; then\n logg info 'Copying gitomatic executable to /usr/local/bin/gitomatic' && sudo cp -f \"$(which gitomatic)\" /usr/local/bin/gitomatic\n fi\n\n if [ -d /Applications ] && [ -d /System ]; then\n ### macOS\n logg info 'Copying gitomatic plist file to /Library/LaunchDaemons' && sudo cp -f \"${XDG_CONFIG_HOME:-$HOME/.config}/gitomatic/com.github.muesli.gitomatic.plist\" /Library/LaunchDaemons/com.github.muesli.gitomatic.plist\n if ! sudo launchctl list | grep 'gitomatic' > /dev/null; then\n logg info 'Running sudo launchctl load /Library/LaunchDaemons/com.github.muesli.gitomatic.plist' && sudo launchctl load /Library/LaunchDaemons/com.github.muesli.gitomatic.plist\n logg info 'Running sudo launchctl start /Library/LaunchDaemons/com.github.muesli.gitomatic.plist' && sudo launchctl start /Library/LaunchDaemons/com.github.muesli.gitomatic.plist\n else\n logg info \"gitomatic services appear to already be loaded\"\n fi\n else\n ### Linux\n logg info 'Copying gitomatic systemd unit file to /etc/systemd/system/' && sudo cp -f \"${XDG_CONFIG_HOME:-$HOME/.config}/gitomatic/gitomatic.service\" /etc/systemd/system/gitomatic.service\n logg info 'Reloading systemd daemon' && sudo systemctl daemon-reload\n logg info 'Enabling and starting gitomatic service' && sudo systemctl enable --now gitomatic\n fi\nelse\n logg info 'gitomatic is not installed or it is not available in PATH'\nfi\n" _short: "gitomatic is a tool for automatic syncing of Git repositories. " ansible: professormanhattan.gitomatic github: github.com/muesli/gitomatic @@ -5022,7 +5215,7 @@ softwarePackages: _github: Not open-source _home: https://www.google.com/chrome/ _name: Google Chrome - _post: > + _post: | #!/usr/bin/env bash # @file Chrome Settings / Extensions # @brief This script configures Chrome, Brave, and Chromium system-wide managed / recommended policies settings. It also pre-loads a configurable list of Chrome extensions to Chrome, Brave, Chromium, and Edge (if they are installed). @@ -6011,7 +6204,7 @@ softwarePackages: _github: https://github.com/gnachman/iTerm2 _home: https://iterm2.com/ _name: iTerm2 - _post:cask: > + _post:cask: | #!/usr/bin/env bash logg info "Setting iTerm2 options location to Install Doctor Chezmoi location" && defaults write com.googlecode.iterm2 PrefsCustomFolder -string "${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi/home/Library/Preferences/com.googlecode.iterm2.plist" logg info "Setting iTerm2 to automatically sync with managed options" && defaults write com.googlecode.iterm2 NoSyncNeverRemindPrefsChangesLostForFile_selection -int 2 @@ -6368,7 +6561,7 @@ softwarePackages: _github: https://github.com/keybase/client _home: https://keybase.io/ _name: Keybase - _post: > + _post: | #!/usr/bin/env bash # @file Keybase Configuration # @brief Updates Keybase's system configuration with the Keybase configuration stored in the `home/dot_config/keybase/config.json` location. @@ -6385,7 +6578,7 @@ softwarePackages: else logg info 'The keybase executable is not available' fi - _post:cask: > + _post:cask: | #!/usr/bin/env bash if [ ! -f /usr/local/bin/keybase ] && [ -f /Applications/Keybase.app/Contents/SharedSupport/bin/keybase ]; then echo "Fixing missing keybase executable symlink permission issue" && sudo ln -s /Applications/Keybase.app/Contents/SharedSupport/bin/keybase /usr/local/bin/keybase; fi _short: "Keybase Client is an open-source security app that offers encrypted messaging, file sharing, and identity verification services. " @@ -6489,7 +6682,7 @@ softwarePackages: _desc: "ksnip is a feature-rich screenshot tool for macOS that allows users to capture screenshots, annotate them with various tools like arrows, text, and shapes, and easily share or save the edited \nscreenshots. It supports capturing full screen, specific windows, or custom regions. Users can also upload screenshots directly to services like Imgur. ksnip is open-source and actively maintained, \nmaking it a popular choice for users looking for a versatile screenshot tool on macOS. " _github: https://github.com/ksnip/ksnip _name: kSnip - _post:snap: > + _post:snap: | #!/usr/bin/env bash sudo snap connect ksnip:network-observe && sudo snap connect ksnip:network-manager-observe && sudo snap connect ksnip:removable-media _short: "ksnip is a feature-rich screenshot tool for MacOS. " @@ -7401,7 +7594,7 @@ softwarePackages: _github: false _home: https://www.microsoft.com/en-us/edge _name: Microsoft Edge - _post: > + _post: | #!/usr/bin/env bash # @brief See `google-chrome` `_post` script for more details function chromeSetUp() { @@ -7544,7 +7737,7 @@ softwarePackages: _docs: https://minikube.sigs.k8s.io/docs/ _github: https://github.com/kubernetes/minikube _name: minikube - _post: > + _post: | #!/usr/bin/env bash if command -v hyperkit > /dev/null; then minikube config set driver hyperkit; elif command -v docker > /dev/null; then minikube config set driver docker; elif command -v VBoxManage > /dev/null; then minikube config set driver virtualbox; fi _short: "Minikube is a tool that enables you to run Kubernetes clusters locally for development and testing purposes. " @@ -7556,7 +7749,7 @@ softwarePackages: _desc: "Mise is a tool created by jdx available on GitHub at https://github.com/jdx/mise. It is a simple script that helps in managing macOS system preferences from the command line. With Mise, you can easily \nset and get various system preferences like dark mode, accent color, wallpaper, and more. It provides a convenient way to automate the customization of macOS settings, making it useful for system \nadministrators and power users who prefer working with the command line interface. " _github: https://github.com/jdx/mise _name: mise - _post: > + _post: | #!/usr/bin/env bash mise install if [ -d "${XDG_DATA_HOME:-$HOME/.local/share}/mise/installs/java/openjdk-20/Contents" ]; then @@ -7658,7 +7851,7 @@ softwarePackages: _github: https://github.com/ansible-community/molecule _home: https://molecule.readthedocs.io/en/latest/ _name: Ansible Molecule - _post:pipx: > + _post:pipx: | #!/usr/bin/env bash pipx inject molecule ansible PyObjC PyObjC-core docker lxml netaddr pexpect python-vagrant pywinrm requests-credssp watchdog apache-libcloud gcloud junit-xml molecule-docker molecule-gce molecule-vagrant pycrypto _short: "Molecule is a tool for testing Ansible roles in multiple scenarios. " @@ -8149,7 +8342,15 @@ softwarePackages: - netdata _home: https://www.netdata.cloud/ _name: Netdata - _post: "#!/usr/bin/env bash\n# @file Netdata\n# @brief Connects Netdata with Netdata's free cloud dashboard and applies some system optimizations, if necessary\n# @description\n# This script connects Netdata with Netdata Cloud if Netdata is installed, the `NETDATA_TOKEN` is provided, and the\n# `NETDATA_ROOM` is defined. This allows you to graphically browse through system metrics on all your connected devices\n# from a single free web application.\n#\n# This script installs additional alerts and enables notifications if Netdata is installed. Email notifications are configured\n# using the provided primary email address. If the OS is Debian based, Netdata shows the number of CVEs in currently installed packages.\n\nensureNetdataOwnership() {\n ### Ensure /usr/local/var/lib/netdata/cloud.d is owned by user\n if [ -d /usr/local/var/lib/netdata ]; then\n logg info 'Ensuring permissions are correct on /usr/local/var/lib/netdata' && sudo chown -Rf netdata:netdata /usr/local/var/lib/netdata 2> /dev/null || sudo chown -Rf netdata:$(id -g -n) /usr/local/var/lib/netdata\n elif [ -d /var/lib/netdata ]; then\n logg info 'Ensuring permissions are correct on /var/lib/netdata' && sudo chown -Rf netdata:netdata /var/lib/netdata 2> /dev/null || sudo chown -Rf netdata:$(id -g -n) /var/lib/netdata\n elif [ -d \"${HOMEBREW_PREFIX:-/opt/homebrew}/var/lib/netdata\" ]; then\n logg info \"Ensuring permissions are correct on ${HOMEBREW_PREFIX:-/opt/homebrew}/var/lib/netdata\" && sudo chown -Rf netdata:netdata \"${HOMEBREW_PREFIX:-/opt/homebrew}/var/lib/netdata\" 2> /dev/null || sudo chown -Rf netdata:$(id -g -n) \"${HOMEBREW_PREFIX:-/opt/homebrew}/var/lib/netdata\"\n else\n logg warn 'No /var/lib/netdata folder found'\n fi\n}\n\n### Claim the instance with Netdata Cloud\nif command -v netdata-claim.sh > /dev/null; then\n ### Add user / group with script in ~/.local/bin/add-usergroup, if it is available\n if command -v add-usergroup > /dev/null; then\n sudo add-usergroup \"$USER\" netdata\n fi\n\n ### Ensure ownership\n ensureNetdataOwnership\n\n ### netdata-claim.sh must be run as netdata user\n sudo -H -u netdata bash -c 'export NETDATA_ROOM=\"{{- if (stat (joinPath .chezmoi.sourceDir \".chezmoitemplates\" \"secrets\" \"NETDATA_ROOM\")) -}}{{- includeTemplate \"secrets/NETDATA_ROOM\" | decrypt | trim -}}{{- else -}}{{- env \"NETDATA_ROOM\" -}}{{- end -}}\" && export NETDATA_TOKEN=\"{{- if (stat (joinPath .chezmoi.sourceDir \".chezmoitemplates\" \"secrets\" \"NETDATA_TOKEN\")) -}}{{- includeTemplate \"secrets/NETDATA_TOKEN\" | decrypt | trim -}}{{- else -}}{{- env \"NETDATA_TOKEN\" -}}{{- end -}}\" && yes | netdata-claim.sh -token=\"$NETDATA_TOKEN\" -rooms=\"$NETDATA_ROOM\" -url=\"https://app.netdata.cloud\"'\n \n ### Kernel optimizations\n # These are mentioned while installing via the kickstart.sh script method. We are using Homebrew for the installation though.\n # Assuming these optimizations do not cause any harm.\n if [ -d /Applications ] && [ -d /System ]; then\n ### macOS\n logg info 'System is macOS so Netdata kernel optimizations are not required'\n else\n ### Linux\n if [ -d /sys/kernel/mm/ksm ]; then\n logg info 'Adding Netdata kernel optimization for /sys/kernel/mm/ksm/run'\n echo 1 | sudo tee /sys/kernel/mm/ksm/run\n logg info 'Adding Netdata kernel optimization for /sys/kernel/mm/ksm/sleep_millisecs'\n echo 1000 | sudo tee /sys/kernel/mm/ksm/sleep_millisecs\n else\n logg info 'The /sys/kernel/mm/ksm directory does not exist so Netdata kernel optimizations are not being applied'\n fi\n fi\n\n ### Install additional alerts and enable notifications\n if command -v netdata > /dev/null; then\n ### Copy the additional alert definitions\n if [ -d /usr/local/etc/netdata ]; then\n NETDATA_ETC='/usr/local/etc/netdata/'\n elif [ -d /etc/netdata ]; then\n NETDATA_ETC='/etc/netdata'\n elif [ -d \"${HOMEBREW_PREFIX:-/opt/homebrew}/etc/netdata\" ]; then\n NETDATA_ETC=\"${HOMEBREW_PREFIX:-/opt/homebrew}/etc/netdata\"\n else\n logg error 'No etc location found for netdata' && exit 1\n fi\n logg info \"Copying ${XDG_CONFIG_HOME:-$HOME/.config}/netdata/health.d/ to $NETDATA_ETC\" && sudo cp -rf \"${XDG_CONFIG_HOME:-$HOME/.config}/netdata/health.d/\" \"$NETDATA_ETC\"\n \n if command -v gsed > /dev/null; then\n SED_UTIL=\"gsed\"\n else\n SED_UTIL=\"sed\"\n fi\n\n ### Blocky\n logg info \"Adding Blocky metrics collection to $NETDATA_ETC/go.d/prometheus.conf\"\n sudo \"$SED_UTIL\" -i \"/jobs:/a\\ - name: blocky_local \\n url: 'http://127.0.0.1:4000/metrics'\" \"$NETDATA_ETC/go.d/prometheus.conf\"\n \n ### SFTPGo\n logg info \"Adding SFTPGo metrics collection to $NETDATA_ETC/go.d/prometheus.conf\"\n sudo \"$SED_UTIL\" -i \"/jobs:/a\\ - name: sftpgo_local \\n url: 'http://127.0.0.1:57500/metrics'\" \"$NETDATA_ETC/go.d/prometheus.conf\"\n\n # Backup current health alarm configuration and apply new one\n if [ -d /usr/local/lib/netdata ]; then\n NETDATA_LIB='/usr/local/lib/netdata'\n elif [ -d /usr/lib/netdata ]; then\n NETDATA_LIB='/usr/lib/netdata'\n elif [ -d \"${HOMEBREW_PREFIX:-/opt/homebrew}/lib/netdata\" ]; then\n NETDATA_LIB=\"${HOMEBREW_PREFIX:-/opt/homebrew}/lib/netdata\"\n else\n logg error 'No lib location found for netdata' && exit 1\n fi\n logg info \"Copying ${XDG_CONFIG_HOME:-$HOME/.config}/netdata/health_alarm_notify.conf to $NETDATA_LIB/conf.d/health_alarm_notify.conf\" && sudo cp -f \"${XDG_CONFIG_HOME:-$HOME/.config}/netdata/health_alarm_notify.conf\" \"$NETDATA_LIB/conf.d/health_alarm_notify.conf\"\n else\n logg warn 'netdata is not available in the PATH or is not installed'\n fi\n\n ### Ensure the apt command is available before running `debsecan` logic\n if command -v apt-get > /dev/null; then\n ### Configure Netdata to gather information about CVEs in the installed packages\n if command -v debsecan > /dev/null; then\n DEBSECAN_GIT=\"${XDG_DATA_HOME:-$HOME/.local/share}/netdata-debsecan\"\n ### Installing the script to generate report on CVEs in installed packages\n logg info 'Installing script to generate report on CVEs in installed packages' && sudo cp -f \"$DEBSECAN_GIT/usr_local_bin_debsecan-by-type\" \"/usr/local/bin/debsecan-by-type\"\n ### Generate initial debsecan reports in /var/log/debsecan/\n logg info 'Generating initial debsecan reports in /var/log/debsecan/' && debsecan-by-type\n ### Configure dpkg to refresh the file after each run\n logg info 'Configuring dpkg to refresh the file after each run' && sudo cp -f \"$DEBSECAN_GIT/etc_apt_apt.conf.d_99debsecan\" /etc/apt/apt.conf.d/99-debsecan\n ### Add a cron job to refresh the file every hour\n logg info 'Adding a cron job to refresh the file every hour' && sudo cp -f \"$DEBSECAN_GIT/etc_cron.d_debsecan\" /etc/cron.d/debsecan\n ### Install the module/configuration file\n logg info 'Installing the module and configuration file'\n sudo \"$DEBSECAN_GIT/debsecan.chart.py\" /usr/libexec/netdata/python.d/debsecan.chart.py\n sudo \"$DEBSECAN_GIT/debsecan.conf\" /etc/netdata/python.d/debsecan.conf\n else\n logg warn 'apt-get is available but debsecan is not available in the PATH or is not installed'\n fi\n fi\n\n ### Ensure / report whether speedtest-cli is installed\n if ! command -v speedtest-cli > /dev/null; then\n if command -v pipx > /dev/null; then\n pipx install speedtest-cli\n else\n logg warn 'speedtest-cli not installed and pipx is not available'\n fi\n fi\n\n ### Configure Netdata to gather information about Internet connection speed\n if command -v speedtest-cli > /dev/null; then\n ### Installing the script to generate report on Internet connection speed\n logg info 'Installing script to generate report on Internet connection speed'\n LIBEXEC_PATH=\"$(netdata -W buildinfo | grep 'Configure' | sed \"s/.*--libexecdir=\\([^ \\']*\\).*/\\1/\")\"\n if [ -d /usr/libexec/netdata/charts.d ]; then\n sudo cp -f \"${XDG_DATA_HOME:-$HOME/.local/share}/netdata-speedtest/speedtest.chart.sh\" \"/usr/libexec/netdata/charts.d/speedtest.chart.sh\"\n elif [ -d \"$LIBEXEC_PATH/netdata/charts.d\" ]; then\n logg info \"$LIBEXEC_PATH/netdata/charts.d present on system\"\n cp -f \"${XDG_DATA_HOME:-$HOME/.local/share}/netdata-speedtest/speedtest.chart.sh\" \"$LIBEXEC_PATH/netdata/charts.d/speedtest.chart.sh\"\n else\n logg warn \"Failed to find appropriate directory to add Netdata speedtest chart script\"\n fi\n else\n logg warn 'speedtest-cli is not available in the PATH or is not installed'\n fi\n\n ### Ensure ownership again\n ensureNetdataOwnership\n\n ### Restart Netdata service\n if command -v systemctl > /dev/null; then\n logg info 'Enabling netdata service' && sudo systemctl enable netdata\n logg info 'Restarting netdata service' && sudo systemctl restart netdata\n elif [ -d /Applications ] && [ -d /System ]; then\n logg info 'Starting / enabling netdata service' && brew services restart netdata\n else\n logg warn 'systemctl is not available'\n fi\nelse\n logg info 'netdata-claim.sh is not available in the PATH'\nfi\n" + _post: "#!/usr/bin/env bash +# @file Netdata +# @brief Connects Netdata with Netdata's free cloud dashboard and applies some system optimizations, if necessary +# @description +# This script connects Netdata with Netdata Cloud if Netdata is installed, the `NETDATA_TOKEN` is provided, and the +# `NETDATA_ROOM` is defined. This allows you to graphically browse through system metrics on all your connected devices +# from a single free web application.\n# +# This script installs additional alerts and enables notifications if Netdata is installed. Email notifications are configured +# using the provided primary email address. If the OS is Debian based, Netdata shows the number of CVEs in currently installed packages.\n\nensureNetdataOwnership() {\n ### Ensure /usr/local/var/lib/netdata/cloud.d is owned by user\n if [ -d /usr/local/var/lib/netdata ]; then\n logg info 'Ensuring permissions are correct on /usr/local/var/lib/netdata' && sudo chown -Rf netdata:netdata /usr/local/var/lib/netdata 2> /dev/null || sudo chown -Rf netdata:$(id -g -n) /usr/local/var/lib/netdata\n elif [ -d /var/lib/netdata ]; then\n logg info 'Ensuring permissions are correct on /var/lib/netdata' && sudo chown -Rf netdata:netdata /var/lib/netdata 2> /dev/null || sudo chown -Rf netdata:$(id -g -n) /var/lib/netdata\n elif [ -d \"${HOMEBREW_PREFIX:-/opt/homebrew}/var/lib/netdata\" ]; then\n logg info \"Ensuring permissions are correct on ${HOMEBREW_PREFIX:-/opt/homebrew}/var/lib/netdata\" && sudo chown -Rf netdata:netdata \"${HOMEBREW_PREFIX:-/opt/homebrew}/var/lib/netdata\" 2> /dev/null || sudo chown -Rf netdata:$(id -g -n) \"${HOMEBREW_PREFIX:-/opt/homebrew}/var/lib/netdata\"\n else\n logg warn 'No /var/lib/netdata folder found'\n fi\n}\n\n### Claim the instance with Netdata Cloud\nif command -v netdata-claim.sh > /dev/null; then\n ### Add user / group with script in ~/.local/bin/add-usergroup, if it is available\n if command -v add-usergroup > /dev/null; then\n sudo add-usergroup \"$USER\" netdata\n fi\n\n ### Ensure ownership\n ensureNetdataOwnership\n\n ### netdata-claim.sh must be run as netdata user\n sudo -H -u netdata bash -c 'export NETDATA_ROOM=\"{{- if (stat (joinPath .chezmoi.sourceDir \".chezmoitemplates\" \"secrets\" \"NETDATA_ROOM\")) -}}{{- includeTemplate \"secrets/NETDATA_ROOM\" | decrypt | trim -}}{{- else -}}{{- env \"NETDATA_ROOM\" -}}{{- end -}}\" && export NETDATA_TOKEN=\"{{- if (stat (joinPath .chezmoi.sourceDir \".chezmoitemplates\" \"secrets\" \"NETDATA_TOKEN\")) -}}{{- includeTemplate \"secrets/NETDATA_TOKEN\" | decrypt | trim -}}{{- else -}}{{- env \"NETDATA_TOKEN\" -}}{{- end -}}\" && yes | netdata-claim.sh -token=\"$NETDATA_TOKEN\" -rooms=\"$NETDATA_ROOM\" -url=\"https://app.netdata.cloud\"'\n \n ### Kernel optimizations\n # These are mentioned while installing via the kickstart.sh script method. We are using Homebrew for the installation though.\n # Assuming these optimizations do not cause any harm.\n if [ -d /Applications ] && [ -d /System ]; then\n ### macOS\n logg info 'System is macOS so Netdata kernel optimizations are not required'\n else\n ### Linux\n if [ -d /sys/kernel/mm/ksm ]; then\n logg info 'Adding Netdata kernel optimization for /sys/kernel/mm/ksm/run'\n echo 1 | sudo tee /sys/kernel/mm/ksm/run\n logg info 'Adding Netdata kernel optimization for /sys/kernel/mm/ksm/sleep_millisecs'\n echo 1000 | sudo tee /sys/kernel/mm/ksm/sleep_millisecs\n else\n logg info 'The /sys/kernel/mm/ksm directory does not exist so Netdata kernel optimizations are not being applied'\n fi\n fi\n\n ### Install additional alerts and enable notifications\n if command -v netdata > /dev/null; then\n ### Copy the additional alert definitions\n if [ -d /usr/local/etc/netdata ]; then\n NETDATA_ETC='/usr/local/etc/netdata/'\n elif [ -d /etc/netdata ]; then\n NETDATA_ETC='/etc/netdata'\n elif [ -d \"${HOMEBREW_PREFIX:-/opt/homebrew}/etc/netdata\" ]; then\n NETDATA_ETC=\"${HOMEBREW_PREFIX:-/opt/homebrew}/etc/netdata\"\n else\n logg error 'No etc location found for netdata' && exit 1\n fi\n logg info \"Copying ${XDG_CONFIG_HOME:-$HOME/.config}/netdata/health.d/ to $NETDATA_ETC\" && sudo cp -rf \"${XDG_CONFIG_HOME:-$HOME/.config}/netdata/health.d/\" \"$NETDATA_ETC\"\n \n if command -v gsed > /dev/null; then\n SED_UTIL=\"gsed\"\n else\n SED_UTIL=\"sed\"\n fi\n\n ### Blocky\n logg info \"Adding Blocky metrics collection to $NETDATA_ETC/go.d/prometheus.conf\"\n sudo \"$SED_UTIL\" -i \"/jobs:/a\\ - name: blocky_local \\n url: 'http://127.0.0.1:4000/metrics'\" \"$NETDATA_ETC/go.d/prometheus.conf\"\n \n ### SFTPGo\n logg info \"Adding SFTPGo metrics collection to $NETDATA_ETC/go.d/prometheus.conf\"\n sudo \"$SED_UTIL\" -i \"/jobs:/a\\ - name: sftpgo_local \\n url: 'http://127.0.0.1:57500/metrics'\" \"$NETDATA_ETC/go.d/prometheus.conf\"\n\n # Backup current health alarm configuration and apply new one\n if [ -d /usr/local/lib/netdata ]; then\n NETDATA_LIB='/usr/local/lib/netdata'\n elif [ -d /usr/lib/netdata ]; then\n NETDATA_LIB='/usr/lib/netdata'\n elif [ -d \"${HOMEBREW_PREFIX:-/opt/homebrew}/lib/netdata\" ]; then\n NETDATA_LIB=\"${HOMEBREW_PREFIX:-/opt/homebrew}/lib/netdata\"\n else\n logg error 'No lib location found for netdata' && exit 1\n fi\n logg info \"Copying ${XDG_CONFIG_HOME:-$HOME/.config}/netdata/health_alarm_notify.conf to $NETDATA_LIB/conf.d/health_alarm_notify.conf\" && sudo cp -f \"${XDG_CONFIG_HOME:-$HOME/.config}/netdata/health_alarm_notify.conf\" \"$NETDATA_LIB/conf.d/health_alarm_notify.conf\"\n else\n logg warn 'netdata is not available in the PATH or is not installed'\n fi\n\n ### Ensure the apt command is available before running `debsecan` logic\n if command -v apt-get > /dev/null; then\n ### Configure Netdata to gather information about CVEs in the installed packages\n if command -v debsecan > /dev/null; then\n DEBSECAN_GIT=\"${XDG_DATA_HOME:-$HOME/.local/share}/netdata-debsecan\"\n ### Installing the script to generate report on CVEs in installed packages\n logg info 'Installing script to generate report on CVEs in installed packages' && sudo cp -f \"$DEBSECAN_GIT/usr_local_bin_debsecan-by-type\" \"/usr/local/bin/debsecan-by-type\"\n ### Generate initial debsecan reports in /var/log/debsecan/\n logg info 'Generating initial debsecan reports in /var/log/debsecan/' && debsecan-by-type\n ### Configure dpkg to refresh the file after each run\n logg info 'Configuring dpkg to refresh the file after each run' && sudo cp -f \"$DEBSECAN_GIT/etc_apt_apt.conf.d_99debsecan\" /etc/apt/apt.conf.d/99-debsecan\n ### Add a cron job to refresh the file every hour\n logg info 'Adding a cron job to refresh the file every hour' && sudo cp -f \"$DEBSECAN_GIT/etc_cron.d_debsecan\" /etc/cron.d/debsecan\n ### Install the module/configuration file\n logg info 'Installing the module and configuration file'\n sudo \"$DEBSECAN_GIT/debsecan.chart.py\" /usr/libexec/netdata/python.d/debsecan.chart.py\n sudo \"$DEBSECAN_GIT/debsecan.conf\" /etc/netdata/python.d/debsecan.conf\n else\n logg warn 'apt-get is available but debsecan is not available in the PATH or is not installed'\n fi\n fi\n\n ### Ensure / report whether speedtest-cli is installed\n if ! command -v speedtest-cli > /dev/null; then\n if command -v pipx > /dev/null; then\n pipx install speedtest-cli\n else\n logg warn 'speedtest-cli not installed and pipx is not available'\n fi\n fi\n\n ### Configure Netdata to gather information about Internet connection speed\n if command -v speedtest-cli > /dev/null; then\n ### Installing the script to generate report on Internet connection speed\n logg info 'Installing script to generate report on Internet connection speed'\n LIBEXEC_PATH=\"$(netdata -W buildinfo | grep 'Configure' | sed \"s/.*--libexecdir=\\([^ \\']*\\).*/\\1/\")\"\n if [ -d /usr/libexec/netdata/charts.d ]; then\n sudo cp -f \"${XDG_DATA_HOME:-$HOME/.local/share}/netdata-speedtest/speedtest.chart.sh\" \"/usr/libexec/netdata/charts.d/speedtest.chart.sh\"\n elif [ -d \"$LIBEXEC_PATH/netdata/charts.d\" ]; then\n logg info \"$LIBEXEC_PATH/netdata/charts.d present on system\"\n cp -f \"${XDG_DATA_HOME:-$HOME/.local/share}/netdata-speedtest/speedtest.chart.sh\" \"$LIBEXEC_PATH/netdata/charts.d/speedtest.chart.sh\"\n else\n logg warn \"Failed to find appropriate directory to add Netdata speedtest chart script\"\n fi\n else\n logg warn 'speedtest-cli is not available in the PATH or is not installed'\n fi\n\n ### Ensure ownership again\n ensureNetdataOwnership\n\n ### Restart Netdata service\n if command -v systemctl > /dev/null; then\n logg info 'Enabling netdata service' && sudo systemctl enable netdata\n logg info 'Restarting netdata service' && sudo systemctl restart netdata\n elif [ -d /Applications ] && [ -d /System ]; then\n logg info 'Starting / enabling netdata service' && brew services restart netdata\n else\n logg warn 'systemctl is not available'\n fi\nelse\n logg info 'netdata-claim.sh is not available in the PATH'\nfi\n" _service: netdata _service:brew: - name: netdata @@ -8207,7 +8408,7 @@ softwarePackages: proto: tcp - port: 443 proto: tcp - _post: > + _post: | #!/usr/bin/env bash # @file NGINX Amplify Join # @brief Set up NGINX Amplify and joins the cloud monitoring service dashboard @@ -8438,7 +8639,7 @@ softwarePackages: _desc: "ntfy is a command-line utility that sends desktop notifications when a command finishes. It supports various notification backends like Pushbullet, Pushover, Slack, Telegram, and more. It can be used to\nkeep track of long-running commands or scripts without having to constantly check the terminal. It's easy to install and configure, making it a handy tool for system administrators and developers who \nwant to stay updated on their command executions. " _github: https://github.com/dschep/ntfy _name: NFTY - _post: > + _post: | #!/usr/bin/env bash sudo mkdir -p /usr/local/etc/branding sudo cp -f "$HOME/.local/etc/branding/logo-color-256x256.png" /usr/local/etc/branding/logo-color-256x256.png @@ -8598,7 +8799,7 @@ softwarePackages: _desc: "OnlyKey-App is a GitHub repository that contains the source code for the OnlyKey desktop application. This application is designed to work with the OnlyKey hardware device, which is a secure USB \npassword manager and two-factor authentication device. The OnlyKey-App repository likely includes code for managing passwords, generating two-factor authentication codes, and configuring the OnlyKey \ndevice. It's a tool that enhances security by providing a convenient and secure way to manage passwords and authentication. " _github: https://github.com/trustcrypto/OnlyKey-App _name: onlykey - _post:snap: > + _post:snap: | #!/usr/bin/env bash sudo curl -sSL https://raw.githubusercontent.com/trustcrypto/trustcrypto.github.io/pages/49-onlykey.rules -o /etc/udev/rules.d/49-onlykey.rules sudo chmod 644 /etc/udev/rules.d/49-onlykey.rules @@ -8630,7 +8831,7 @@ softwarePackages: pipx: onlykey onlykey-cli-deps: _github: false - _post:linux: > + _post:linux: | #!/usr/bin/env bash sudo curl -sSL https://raw.githubusercontent.com/trustcrypto/trustcrypto.github.io/pages/49-onlykey.rules -o /etc/udev/rules.d/49-onlykey.rules sudo chmod 644 /etc/udev/rules.d/49-onlykey.rules @@ -9346,7 +9547,7 @@ softwarePackages: exe: https://github.com/streamdal/plumber/releases/latest/download/plumber-windows.exe plymouth: _github: false - _post: > + _post: | #!/usr/bin/env bash # @file Plymouth Theme / Configuration # @brief Configures Plymouth to use a custom theme @@ -9580,7 +9781,7 @@ softwarePackages: _github: https://github.com/vdukhovni/postfix _home: https://www.postfix.org/ _name: Postfix - _post: > + _post: | #!/usr/bin/env bash # @file SendGrid Postfix Configuration # @brief Configures Postfix to use SendGrid as a relay host so you can use the `mail` program to send e-mail from the command-line @@ -9874,7 +10075,63 @@ softwarePackages: - privoxy _home: https://www.privoxy.org/ _name: Privoxy - _post: "#!/usr/bin/env bash\n# @file Privoxy Configuration\n# @brief This script applies the Privoxy configuration stored at `${XDG_CONFIG_HOME:-HOME/.config}/privoxy/config` to the system and then restarts Privoxy\n# @description\n# Privoxy is a web proxy that can be combined with Tor to provide an HTTPS / HTTP proxy that can funnel all traffic\n# through Tor. This script:\n#\n# 1. Determines the system configuration file location\n# 2. Applies the configuration stored at `${XDG_CONFIG_HOME:-HOME/.config}/privoxy/config`\n# 3. Enables and restarts the Privoxy service with the new configuration\n#\n# ## Links\n#\n# * [Privoxy configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/dot_config/privoxy/config)\n\n### Define the Privoxy configuration location based on whether system is macOS or Linux\nif [ -d /Applications ] && [ -d /System ]; then\n ### macOS\n if [ -d \"/usr/local/etc/privoxy\" ]; then\n PRIVOXY_CONFIG_DIR=/usr/local/etc/privoxy\n elif [ -d \"${HOMEBREW_PREFIX:-/opt/homebrew}/etc/privoxy\" ]; then\n PRIVOXY_CONFIG_DIR=\"${HOMEBREW_PREFIX:-/opt/homebrew}/etc/privoxy\"\n else\n logg warn 'Unable to detect Privoxy configuration directory'\n fi\nelse\n ### Linux\n PRIVOXY_CONFIG_DIR=/etc/privoxy\nfi\nPRIVOXY_CONFIG=\"$PRIVOXY_CONFIG_DIR/config\"\n\n### Copy Privoxy configuration stored at `${XDG_CONFIG_HOME:-HOME/.config}/privoxy/config` to the system location\nif command -v privoxy > /dev/null; then\n if [ -d \"$PRIVOXY_CONFIG_DIR\" ]; then\n sudo cp -f \"${XDG_CONFIG_HOME:-HOME/.config}/privoxy/config\" \"$PRIVOXY_CONFIG\"\n sudo chmod 600 \"$PRIVOXY_CONFIG\"\n if command -v add-usergroup > /dev/null; then\n sudo add-usergroup \"$USER\" privoxy\n fi\n sudo chown privoxy:privoxy \"$PRIVOXY_CONFIG\" 2> /dev/null || sudo chown privoxy:$(id -g -n) \"$PRIVOXY_CONFIG\"\n \n ### Restart Privoxy after configuration is applied\n if [ -d /Applications ] && [ -d /System ]; then\n ### macOS\n brew services restart privoxy\n else\n if [[ ! \"$(test -d /proc && grep Microsoft /proc/version > /dev/null)\" ]]; then\n ### Linux\n sudo systemctl enable privoxy\n sudo systemctl restart privoxy\n else\n logg info 'The system is a WSL environment so the Privoxy systemd service will not be enabled / restarted'\n fi\n fi\n else\n logg warn 'The '\"$PRIVOXY_CONFIG_DIR\"' directory is missing'\n fi\nelse\n logg logg 'privoxy is missing from the PATH - skipping configuration'\nfi\n" + _post: | + #!/usr/bin/env bash + # @file Privoxy Configuration + # @brief This script applies the Privoxy configuration stored at `${XDG_CONFIG_HOME:-HOME/.config}/privoxy/config` to the system and then restarts Privoxy + # @description + # Privoxy is a web proxy that can be combined with Tor to provide an HTTPS / HTTP proxy that can funnel all traffic + # through Tor. This script: + # + # 1. Determines the system configuration file location + # 2. Applies the configuration stored at `${XDG_CONFIG_HOME:-HOME/.config}/privoxy/config` + # 3. Enables and restarts the Privoxy service with the new configuration + # + # ## Links + # + # * [Privoxy configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/dot_config/privoxy/config) + if [ -d /Applications ] && [ -d /System ]; then + ### macOS + if [ -d "/usr/local/etc/privoxy" ]; then + PRIVOXY_CONFIG_DIR=/usr/local/etc/privoxy + elif [ -d "${HOMEBREW_PREFIX:-/opt/homebrew}/etc/privoxy" ]; then + PRIVOXY_CONFIG_DIR="${HOMEBREW_PREFIX:-/opt/homebrew}/etc/privoxy" + else + logg warn 'Unable to detect Privoxy configuration directory' + fi + else + ### Linux + PRIVOXY_CONFIG_DIR=/etc/privoxy + fi + PRIVOXY_CONFIG="$PRIVOXY_CONFIG_DIR/config" + ### Copy Privoxy configuration stored at `${XDG_CONFIG_HOME:-HOME/.config}/privoxy/config` to the system location + if command -v privoxy > /dev/null; then + if [ -d "$PRIVOXY_CONFIG_DIR" ]; then + sudo cp -f "${XDG_CONFIG_HOME:-HOME/.config}/privoxy/config" "$PRIVOXY_CONFIG" + sudo chmod 600 "$PRIVOXY_CONFIG" + if command -v add-usergroup > /dev/null; then + sudo add-usergroup "$USER" privoxy + fi + sudo chown privoxy:privoxy "$PRIVOXY_CONFIG" 2> /dev/null || sudo chown privoxy:$(id -g -n) "$PRIVOXY_CONFIG" + ### Restart Privoxy after configuration is applied + if [ -d /Applications ] && [ -d /System ]; then + ### macOS + brew services restart privoxy + else + if [[ ! "$(test -d /proc && grep Microsoft /proc/version > /dev/null)" ]]; then + ### Linux + sudo systemctl enable privoxy + sudo systemctl restart privoxy + else + logg info 'The system is a WSL environment so the Privoxy systemd service will not be enabled / restarted' + fi + fi + else + logg warn 'The '"$PRIVOXY_CONFIG_DIR"' directory is missing' + fi + else + logg logg 'privoxy is missing from the PATH - skipping configuration' + fi _service: privoxy _serviceEnabled: true _short: "Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data, and controlling access. " @@ -10304,7 +10561,7 @@ softwarePackages: - rclone _home: https://rclone.org/ _name: Rclone - _post: > + _post: | #!/usr/bin/env bash # @file Rclone S3 Mounts # @brief This script configures Rclone to provide several S3-compliant mounts by leveraging CloudFlare R2 @@ -10633,7 +10890,7 @@ softwarePackages: _home: https://rkhunter.sourceforge.net/ _name: rkhunter _notes: The _post script removes an entry for VMware with a space in it that causes rkhunter to hiccup - _post: > + _post: | #!/usr/bin/env bash if [ -d /Applications ] && [ -d /System ]; then ### macOS @@ -10893,7 +11150,7 @@ softwarePackages: - sambausers _home: https://www.samba.org/ _name: Samba - _post: > + _post: | #!/usr/bin/env bash # @file Samba Configuration # @brief This script configures Samba by applying the configuration stored in `${XDG_DATA_HOME:-$HOME/.config}/samba/config` if the `smbd` application is available @@ -11223,7 +11480,7 @@ softwarePackages: _desc: Fully featured and highly configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support - S3, Google Cloud Storage, Azure Blob _github: https://github.com/drakkan/sftpgo _name: sftpgo - _post: > + _post: | #!/usr/bin/env bash sudo mkdir -p /usr/local/etc/sftpgo sudo cp -f "$HOME/.local/etc/sftpgo/sftpgo.json" /usr/local/etc/sftpgo/sftpgo.json @@ -12095,7 +12352,7 @@ softwarePackages: _home: https://tabby.sh/ _name: Tabby _notes: TODO Update the direct links periodically and keep eye out for Snap / Flatpak - _post: > + _post: | #!/usr/bin/env bash # @file Tabby Plugins # @brief This script installs the default Tabby plugins which are defined in `${XDG_CONFIG_HOME:-$HOME/.config}/tabby/plugins/package.json` @@ -12166,7 +12423,7 @@ softwarePackages: _github: https://github.com/tailscale/tailscale _home: https://tailscale.com/ _name: Tailscale - _post: > + _post: | #!/usr/bin/env bash # @file Tailscale # @brief Connects the Tailscale client with the Tailscale network @@ -12478,7 +12735,7 @@ softwarePackages: _github: https://github.com/teejee2008/timeshift _home: https://teejeetech.com/timeshift/ _name: Timeshift - _post: > + _post: | #!/usr/bin/env bash # @file Timeshift Configuration # @brief Updates the Timeshift system configuration with the Timeshift configuration stored in the `home/dot_config/timeshift/timeshift.json` location. @@ -12583,10 +12840,10 @@ softwarePackages: _desc: "Apache Tomcat is an open-source implementation of the Java Servlet, JavaServer Pages, Java Expression Language, and WebSocket technologies. It provides a web server environment for Java code to run in, \nallowing developers to serve Java-based web applications. Tomcat is widely used for deploying Java web applications and is known for its reliability and scalability. It is maintained by the Apache \nSoftware Foundation and is available for free under the Apache License. You can find more information about Apache Tomcat on its GitHub repository: https://github.com/apache/tomcat. " _github: https://github.com/apache/tomcat _name: Tomcat - _post:darwin: > + _post:darwin: | #!/usr/bin/env bash sed 's/8080/8180/g' /usr/local/etc/tomcat/server.xml > /usr/local/etc/tomcat/server.xml - _post:linux: > + _post:linux: | #!/usr/bin/env bash sed 's/8080/8180/g' /usr/local/etc/tomcat/server.xml > /usr/local/etc/tomcat/server.xml _service: tomcat @@ -12612,7 +12869,7 @@ softwarePackages: _github: https://github.com/TheTorProject _home: https://www.torproject.org/ _name: TOR - _post: > + _post: | #!/usr/bin/env bash # @file Tor Configuration # @brief This script applies the Tor configuration stored at `${XDG_CONFIG_HOME:-HOME/.config}/tor/torrc` to the system and then restarts Tor @@ -12968,7 +13225,7 @@ softwarePackages: _desc: "vagrant-vmware-desktop \n\nThis is a plugin for Vagrant, a tool for building and managing virtual machine environments. The vagrant-vmware-desktop plugin allows Vagrant to work with VMware Fusion and VMware Workstation on macOS. \nIt provides additional functionality and compatibility for using VMware products with Vagrant, enhancing the virtualization capabilities for developers and system administrators working on macOS \nsystems. This plugin enables users to create and manage VMware virtual machines seamlessly within Vagrant workflows. " _github: https://github.com/hashicorp/vagrant-vmware-desktop _name: Vagrant VMWare Utility - _post:cask: > + _post:cask: | #!/usr/bin/env bash if [ ! -f /usr/local/bin/vagrant-vmware-utility ] && [ -f /opt/vagrant-vmware-desktop/bin/vagrant-vmware-utility ]; then sudo ln -s /opt/vagrant-vmware-desktop/bin/vagrant-vmware-utility /usr/local/bin/vagrant-vmware-utility @@ -13076,7 +13333,7 @@ softwarePackages: _github: https://github.com/vim/vim _home: https://www.vim.org/ _name: VIM - _post: > + _post: | #!/usr/bin/env bash logg info "Installing VIM plugins" && vim +'PlugInstall --sync' +qall # @description This script installs the extensions defined in `${XDG_CONFIG_HOME:-$HOME/.config}/coc/extensions/package.json` @@ -13108,7 +13365,7 @@ softwarePackages: _github: https://github.com/mirror/vbox _home: https://www.virtualbox.org/ _name: VirtualBox - _post: > + _post: | #!/usr/bin/env bash # @file VirtualBox Extension Pack # @brief Ensures the VirtualBox extension pack is installed. @@ -13143,7 +13400,7 @@ softwarePackages: else logg info 'VirtualBox is not installed so VirtualBox Extension pack will not be installed' fi - _post:choco: > + _post:choco: | # TODO # TODO # TODO @@ -13219,7 +13476,7 @@ softwarePackages: _github: false _home: https://www.vmware.com/ _name: VMWare - _post: > + _post: | #!/usr/bin/env bash # @file VMWare Configuration # @brief Installs VMWare Workstation Pro on Linux devices, applies a "publicly-retrieved" license key (see disclaimer), and automatically accepts the terms and conditions @@ -13407,7 +13664,7 @@ softwarePackages: _github: https://github.com/microsoft/vscode _home: https://code.visualstudio.com/ _name: Visual Studio Code - _post: > + _post: | #!/usr/bin/env bash # @file VSCode Extensions / Global NPM Modules Fallback # @brief Installs all of the Visual Studio Code extensions specified in the [`home/dot_config/Code/User/extensions.json`](https://github.com/megabyte-labs/install.doctor/blob/master/home/dot_config/Code/User/extensions.json) file and installs NPM packages to the system `/` directory as a catch-all for tools that recursively search upwards for shared NPM configurations. @@ -13535,7 +13792,7 @@ softwarePackages: _desc: "VSCodium is a community-driven, freely-licensed binary distribution of Microsoft's Visual Studio Code. It is essentially Visual Studio Code without Microsoft branding, telemetry, and licensing. VSCodium\nprovides a more open-source alternative for developers who prefer a version of Visual Studio Code that is free from Microsoft's proprietary features. Users can find the source code, releases, and \ndocumentation on the GitHub repository at https://github.com/VSCodium/vscodium. " _github: https://github.com/VSCodium/vscodium _name: "VSCodium " - _post: > + _post: | #!/usr/bin/env bash # @brief See `_post` entry for `vscode` for a description export NODE_OPTIONS=--throw-deprecation @@ -13605,7 +13862,7 @@ softwarePackages: _github: false _home: https://cloudflarewarp.com/ _name: Cloudflare WARP Client - _post: > + _post: | #!/usr/bin/env bash # @file CloudFlare WARP # @brief Installs CloudFlare WARP, ensures proper security certificates are in place, and connects the device to CloudFlare WARP. @@ -14094,7 +14351,7 @@ softwarePackages: _desc: "WireGuard Tools Repository \n\nThe WireGuard Tools repository is the official collection of tools for the WireGuard VPN protocol. It includes utilities for configuring and managing WireGuard tunnels on various platforms. The tools \nare designed to be lightweight, secure, and easy to use, making them popular for setting up secure VPN connections. The repository is actively maintained by the WireGuard development team and is open \nsource, allowing users to contribute, report issues, and stay up to date with the latest developments in the WireGuard ecosystem. " _github: https://github.com/WireGuard/wireguard-tools _name: WireGuard Tools - _post: > + _post: | #!/usr/bin/env bash # @file macOS WireGuard Profiles # @brief Installs WireGuard VPN profiles on macOS devices