From 7cbc3bc32676920bff241d22c64af0694cfdf91e Mon Sep 17 00:00:00 2001 From: Brian Zalewski Date: Sun, 29 Jan 2023 04:47:57 +0000 Subject: [PATCH] Update 15 files - /home/.chezmoiscripts/universal/run_onchange_after_30-tor-settings.tmpl - /home/dot_local/config/privoxy - /home/dot_local/config/torrc - /home/.chezmoitemplates/secrets/key-netdata-room-james - /home/.chezmoiscripts/universal/run_onchange_after_30-samba.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_27-tor.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_28-privoxy.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_57-netdata.tmpl - /home/dot_config/rkhunter/cron - /home/dot_config/clamd/clamd-freshclam.service - /home/dot_config/privoxy/config - /home/dot_config/tor/torrc - /home/.chezmoitemplates/secrets/key-netdata-room - /home/.chezmoidata.yaml - /software.yml --- home/.chezmoidata.yaml | 1 + .../universal/run_onchange_after_27-tor.tmpl | 16 +++++--- .../run_onchange_after_28-privoxy.tmpl | 14 ++++--- ....tmpl => run_onchange_after_30-samba.tmpl} | 6 ++- .../run_onchange_after_57-netdata.tmpl | 32 +++++++++++++++ ...ey-netdata-room-james => key-netdata-room} | 0 home/dot_config/clamd/clamd-freshclam.service | 13 ++++++ .../privoxy => dot_config/privoxy/config} | 0 home/dot_config/rkhunter/cron | 41 +++++++++++++++++++ .../config => dot_config/tor}/torrc | 0 software.yml | 1 + 11 files changed, 111 insertions(+), 13 deletions(-) rename home/.chezmoiscripts/universal/{run_onchange_after_30-tor-settings.tmpl => run_onchange_after_30-samba.tmpl} (52%) create mode 100644 home/.chezmoiscripts/universal/run_onchange_after_57-netdata.tmpl rename home/.chezmoitemplates/secrets/{key-netdata-room-james => key-netdata-room} (100%) create mode 100644 home/dot_config/clamd/clamd-freshclam.service rename home/{dot_local/config/privoxy => dot_config/privoxy/config} (100%) create mode 100644 home/dot_config/rkhunter/cron rename home/{dot_local/config => dot_config/tor}/torrc (100%) diff --git a/home/.chezmoidata.yaml b/home/.chezmoidata.yaml index 0758533f..6bcc62b2 100644 --- a/home/.chezmoidata.yaml +++ b/home/.chezmoidata.yaml @@ -21,6 +21,7 @@ colors: color16: '#FFFFFF' macosRemoteLogin: 'on' themeparkTheme: aquamarine +netdataClaimURL: https://app.netdata.cloud config: gpg: https://raw.githubusercontent.com/drduh/config/master/gpg.conf chromeExtensions: diff --git a/home/.chezmoiscripts/universal/run_onchange_after_27-tor.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_27-tor.tmpl index ddce1cfd..4353dfa8 100644 --- a/home/.chezmoiscripts/universal/run_onchange_after_27-tor.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_after_27-tor.tmpl @@ -1,7 +1,7 @@ -{{- if (ne .host.distro.family "windows") -}} +{{- if and (ne .host.distro.family "windows") (ne .host.work true) -}} #!/usr/bin/env bash -# tor config hash: {{ include (joinPath .host.home ".local" "config" "torrc") | sha256sum }} +# tor config hash: {{ include (joinPath .host.home ".config" "tor" "torrc") | sha256sum }} {{ includeTemplate "universal/profile" }} {{ includeTemplate "universal/logg" }} @@ -20,7 +20,7 @@ TORRC_CONFIG="$TORRC_CONFIG_DIR/torrc" if command -v toron > /dev/null; then if [ -d "$TORRC_CONFIG_DIR" ]; then # Copy config - sudo cp -f "$HOME/.local/config/torrc" "$TORRC_CONFIG" + sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/tor/torrc" "$TORRC_CONFIG" sudo chmod 600 "$TORRC_CONFIG" # Restart / enable Tor @@ -28,9 +28,13 @@ if command -v toron > /dev/null; then # macOS brew services restart tor else - # Linux - sudo systemctl enable tor - sudo systemlctl restart tor + if [[ ! "$(grep Microsoft /proc/version)" ]]; then + # Linux + sudo systemctl enable tor + sudo systemlctl restart tor + else + logg info 'Environment is WSL so the Tor systemd service will not be enabled / restarted' + fi fi else logg warn 'The '"$TORRC_CONFIG_DIR"' directory is missing' diff --git a/home/.chezmoiscripts/universal/run_onchange_after_28-privoxy.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_28-privoxy.tmpl index d940fe73..c3bd3936 100644 --- a/home/.chezmoiscripts/universal/run_onchange_after_28-privoxy.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_after_28-privoxy.tmpl @@ -1,7 +1,7 @@ {{- if (ne .host.distro.family "windows") -}} #!/usr/bin/env bash -# privoxy config hash: {{ include (joinPath .host.home ".local" "config" "privoxy") | sha256sum }} +# privoxy config hash: {{ include (joinPath .host.home ".config" "privoxy" "config") | sha256sum }} {{ includeTemplate "universal/profile" }} {{ includeTemplate "universal/logg" }} @@ -19,7 +19,7 @@ PRIVOXY_CONFIG="$PRIVOXY_CONFIG_DIR/config" ### Configure Privoxy if command -v privoxy > /dev/null; then if [ -d "$PRIVOXY_CONFIG_DIR" ]; then - sudo cp -f "$HOME/.local/config/privoxy" "$PRIVOXY_CONFIG" + sudo cp -f "${XDG_CONFIG_HOME:-HOME/.config}/privoxy/config" "$PRIVOXY_CONFIG" sudo chmod 600 "$PRIVOXY_CONFIG" # Restart / enable Privoxy @@ -27,9 +27,13 @@ if command -v privoxy > /dev/null; then # macOS brew services restart privoxy else - # Linux - sudo systemctl enable privoxy - sudo systemlctl restart privoxy + if [[ ! "$(grep Microsoft /proc/version)" ]]; then + # Linux + sudo systemctl enable privoxy + sudo systemlctl restart privoxy + else + logg info 'The system is a WSL environment so the Privoxy systemd service will not be enabled / restarted' + fi fi else logg warn 'The '"$PRIVOXY_CONFIG_DIR"' directory is missing' diff --git a/home/.chezmoiscripts/universal/run_onchange_after_30-tor-settings.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_30-samba.tmpl similarity index 52% rename from home/.chezmoiscripts/universal/run_onchange_after_30-tor-settings.tmpl rename to home/.chezmoiscripts/universal/run_onchange_after_30-samba.tmpl index dea7442e..239e8278 100644 --- a/home/.chezmoiscripts/universal/run_onchange_after_30-tor-settings.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_after_30-samba.tmpl @@ -1,8 +1,10 @@ +{{- if (ne .host.distro.family "windows") -}} #!/usr/bin/env bash {{ includeTemplate "universal/profile" }} {{ includeTemplate "universal/logg" }} -### TODO - Add logic from Tor / Privoxy role here -### Add config files to system folder if applicable +# Samba logic echo true + +{{ end -}} diff --git a/home/.chezmoiscripts/universal/run_onchange_after_57-netdata.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_57-netdata.tmpl new file mode 100644 index 00000000..7ba595b1 --- /dev/null +++ b/home/.chezmoiscripts/universal/run_onchange_after_57-netdata.tmpl @@ -0,0 +1,32 @@ +{{- if and (ne .host.distro.family "windows") (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "key-netdata-token")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "key-netdata-room")) -}} +#!/usr/bin/env bash + +{{ includeTemplate "universal/profile" }} +{{ includeTemplate "universal/logg" }} + +### Claim the instance with Netdata Cloud +if command -v netdata-claim.sh > /dev/null; then + NETDATA_TOKEN="$(cat "{{ .chezmoi.sourceDir }}/.chezmoitemplates/secrets/key-netdata-token" | chezmoi decrypt)" + NETDATA_ROOM="$(cat "{{ .chezmoi.sourceDir }}/.chezmoitemplates/secrets/key-netdata-room" | chezmoi decrypt)" + netdata-claim.sh -token="$NETDATA_TOKEN" -rooms="$NETDATA_ROOM" -url={{ .netdataClaimURL }} + + # Kernel optimizations + if [ -d /Applications ] && [ -d /System ]; then + # macOS + logg info 'System is macOS so Netdata kernel optimizations are not required' + else + # Linux + if [ -d /sys/kernel/mm/ksm ]; then + logg info 'Adding Netdata kernel optimization for `/sys/kernel/mm/ksm/run`' + echo 1 | sudo tee /sys/kernel/mm/ksm/run + logg info 'Adding Netdata kernel optimization for `/sys/kernel/mm/ksm/sleep_millisecs`' + echo 1000 | sudo tee /sys/kernel/mm/ksm/sleep_millisecs + else + logg info 'The `/sys/kernel/mm/ksm` directory does not exist so Netdata kernel optimizations are not being applied' + fi + fi +else + logg warn '`netdata-claim.sh` is not available in the PATH' +fi + +{{ end - }} diff --git a/home/.chezmoitemplates/secrets/key-netdata-room-james b/home/.chezmoitemplates/secrets/key-netdata-room similarity index 100% rename from home/.chezmoitemplates/secrets/key-netdata-room-james rename to home/.chezmoitemplates/secrets/key-netdata-room diff --git a/home/dot_config/clamd/clamd-freshclam.service b/home/dot_config/clamd/clamd-freshclam.service new file mode 100644 index 00000000..489457a4 --- /dev/null +++ b/home/dot_config/clamd/clamd-freshclam.service @@ -0,0 +1,13 @@ +# Run freshclam as a daemon. +[Unit] +Description = ClamAV Freshclam service. +After = network.target + +[Service] +Type = forking +ExecStart = /usr/bin/freshclam --daemon --checks 2 +Restart = on-failure +PrivateTmp = true + +[Install] +WantedBy=multi-user.target diff --git a/home/dot_local/config/privoxy b/home/dot_config/privoxy/config similarity index 100% rename from home/dot_local/config/privoxy rename to home/dot_config/privoxy/config diff --git a/home/dot_config/rkhunter/cron b/home/dot_config/rkhunter/cron new file mode 100644 index 00000000..c1815aba --- /dev/null +++ b/home/dot_config/rkhunter/cron @@ -0,0 +1,41 @@ +#!/bin/sh + +RKHUNTER=/usr/bin/rkhunter + +test -x $RKHUNTER || exit 0 + +# source our config +. /etc/rkhunter.conf + +if [ -z "$NICE" ]; then + NICE=0 +fi + +if [ -z "$RUN_CHECK_ON_BATTERY" ]; then + RUN_CHECK_ON_BATTERY="false" +fi + +# Do not run daily check if running on battery except if explicitely allowed +if [ -x /usr/bin/on_ac_power >/dev/null 2>&1 ]; then + on_ac_power >/dev/null 2>&1 + [ $? -eq 1 -a "$RUN_CHECK_ON_BATTERY" != "true" ] && exit 0 +fi + +case "$CRON_DAILY_RUN" in + [YyTt]*) + OUTFILE=`mktemp` || exit 1 + /usr/bin/nice -n $NICE $RKHUNTER --cronjob --report-warnings-only --appendlog > $OUTFILE + if [ -s "$OUTFILE" -a -n "$REPORT_EMAIL" ]; then + ( + echo "Subject: [rkhunter] $(hostname) - Daily report" + echo "To: $REPORT_EMAIL" + echo "" + cat $OUTFILE + ) | /usr/sbin/mailx $REPORT_EMAIL + fi + rm -f $OUTFILE + ;; + *) + exit 0 + ;; +esac diff --git a/home/dot_local/config/torrc b/home/dot_config/tor/torrc similarity index 100% rename from home/dot_local/config/torrc rename to home/dot_config/tor/torrc diff --git a/software.yml b/software.yml index 23b3e780..8f5b5fc3 100644 --- a/software.yml +++ b/software.yml @@ -5123,6 +5123,7 @@ softwarePackages: _github: https://github.com/netdata/netdata _home: https://www.netdata.cloud/ _name: Netdata + _service: netdata ansible: professormanhattan.netdata brew: netdata pacman: netdata