Update 15 files

- /home/.chezmoiscripts/universal/run_onchange_after_30-tor-settings.tmpl
- /home/dot_local/config/privoxy
- /home/dot_local/config/torrc
- /home/.chezmoitemplates/secrets/key-netdata-room-james
- /home/.chezmoiscripts/universal/run_onchange_after_30-samba.tmpl
- /home/.chezmoiscripts/universal/run_onchange_after_27-tor.tmpl
- /home/.chezmoiscripts/universal/run_onchange_after_28-privoxy.tmpl
- /home/.chezmoiscripts/universal/run_onchange_after_57-netdata.tmpl
- /home/dot_config/rkhunter/cron
- /home/dot_config/clamd/clamd-freshclam.service
- /home/dot_config/privoxy/config
- /home/dot_config/tor/torrc
- /home/.chezmoitemplates/secrets/key-netdata-room
- /home/.chezmoidata.yaml
- /software.yml

home/.chezmoidata.yaml

@@ -21,6 +21,7 @@ colors:
   color16: '#FFFFFF'
 macosRemoteLogin: 'on'
 themeparkTheme: aquamarine
+netdataClaimURL: https://app.netdata.cloud
 config:
   gpg: https://raw.githubusercontent.com/drduh/config/master/gpg.conf
 chromeExtensions:

home/.chezmoiscripts/universal/run_onchange_after_27-tor.tmpl

@@ -1,7 +1,7 @@
-{{- if (ne .host.distro.family "windows") -}}
+{{- if and (ne .host.distro.family "windows") (ne .host.work true) -}}
 #!/usr/bin/env bash
 
-# tor config hash: {{ include (joinPath .host.home ".local" "config" "torrc") | sha256sum }}
+# tor config hash: {{ include (joinPath .host.home ".config" "tor" "torrc") | sha256sum }}
 
 {{ includeTemplate "universal/profile" }}
 {{ includeTemplate "universal/logg" }}
@@ -20,7 +20,7 @@ TORRC_CONFIG="$TORRC_CONFIG_DIR/torrc"
 if command -v toron > /dev/null; then
     if [ -d  "$TORRC_CONFIG_DIR" ]; then
         # Copy config
-        sudo cp -f "$HOME/.local/config/torrc" "$TORRC_CONFIG"
+        sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/tor/torrc" "$TORRC_CONFIG"
         sudo chmod 600 "$TORRC_CONFIG"
 
         # Restart / enable Tor
@@ -28,9 +28,13 @@ if command -v toron > /dev/null; then
             # macOS
             brew services restart tor
         else
-            # Linux
+            if [[ ! "$(grep Microsoft /proc/version)" ]]; then
-            sudo systemctl enable tor
+                # Linux
-            sudo systemlctl restart tor
+                sudo systemctl enable tor
+                sudo systemlctl restart tor
+            else
+                logg info 'Environment is WSL so the Tor systemd service will not be enabled / restarted'
+            fi
         fi
     else
         logg warn 'The '"$TORRC_CONFIG_DIR"' directory is missing'

home/.chezmoiscripts/universal/run_onchange_after_28-privoxy.tmpl

@@ -1,7 +1,7 @@
 {{- if (ne .host.distro.family "windows") -}}
 #!/usr/bin/env bash
 
-# privoxy config hash: {{ include (joinPath .host.home ".local" "config" "privoxy") | sha256sum }}
+# privoxy config hash: {{ include (joinPath .host.home ".config" "privoxy" "config") | sha256sum }}
 
 {{ includeTemplate "universal/profile" }}
 {{ includeTemplate "universal/logg" }}
@@ -19,7 +19,7 @@ PRIVOXY_CONFIG="$PRIVOXY_CONFIG_DIR/config"
 ### Configure Privoxy
 if command -v privoxy > /dev/null; then
     if [ -d  "$PRIVOXY_CONFIG_DIR" ]; then
-        sudo cp -f "$HOME/.local/config/privoxy" "$PRIVOXY_CONFIG"
+        sudo cp -f "${XDG_CONFIG_HOME:-HOME/.config}/privoxy/config" "$PRIVOXY_CONFIG"
         sudo chmod 600 "$PRIVOXY_CONFIG"
 
         # Restart / enable Privoxy
@@ -27,9 +27,13 @@ if command -v privoxy > /dev/null; then
             # macOS
             brew services restart privoxy
         else
-            # Linux
+            if [[ ! "$(grep Microsoft /proc/version)" ]]; then
-            sudo systemctl enable privoxy
+                # Linux
-            sudo systemlctl restart privoxy
+                sudo systemctl enable privoxy
+                sudo systemlctl restart privoxy
+            else
+                logg info 'The system is a WSL environment so the Privoxy systemd service will not be enabled / restarted'
+            fi
         fi
     else
         logg warn 'The '"$PRIVOXY_CONFIG_DIR"' directory is missing'

home/.chezmoiscripts/universal/run_onchange_after_30-samba.tmpl

@@ -1,8 +1,10 @@
+{{- if (ne .host.distro.family "windows") -}}
 #!/usr/bin/env bash
 
 {{ includeTemplate "universal/profile" }}
 {{ includeTemplate "universal/logg" }}
 
-### TODO - Add logic from Tor / Privoxy role here
+# Samba logic
-### Add config files to system folder if applicable
 echo true
+
+{{ end -}}

home/.chezmoiscripts/universal/run_onchange_after_57-netdata.tmpl

@@ -0,0 +1,32 @@
+{{- if and (ne .host.distro.family "windows") (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "key-netdata-token")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "key-netdata-room")) -}}
+#!/usr/bin/env bash
+
+{{ includeTemplate "universal/profile" }}
+{{ includeTemplate "universal/logg" }}
+
+### Claim the instance with Netdata Cloud
+if command -v netdata-claim.sh > /dev/null; then
+    NETDATA_TOKEN="$(cat "{{ .chezmoi.sourceDir }}/.chezmoitemplates/secrets/key-netdata-token" | chezmoi decrypt)"
+    NETDATA_ROOM="$(cat "{{ .chezmoi.sourceDir }}/.chezmoitemplates/secrets/key-netdata-room" | chezmoi decrypt)"
+    netdata-claim.sh -token="$NETDATA_TOKEN" -rooms="$NETDATA_ROOM" -url={{ .netdataClaimURL }}
+
+    # Kernel optimizations
+    if [ -d /Applications ] && [ -d /System ]; then
+        # macOS
+        logg info 'System is macOS so Netdata kernel optimizations are not required'
+    else
+        # Linux
+        if [ -d /sys/kernel/mm/ksm ]; then
+            logg info 'Adding Netdata kernel optimization for `/sys/kernel/mm/ksm/run`'
+            echo 1 | sudo tee /sys/kernel/mm/ksm/run
+            logg info 'Adding Netdata kernel optimization for `/sys/kernel/mm/ksm/sleep_millisecs`'
+            echo 1000 | sudo tee /sys/kernel/mm/ksm/sleep_millisecs
+        else
+            logg info 'The `/sys/kernel/mm/ksm` directory does not exist so Netdata kernel optimizations are not being applied'
+        fi
+    fi
+else
+    logg warn '`netdata-claim.sh` is not available in the PATH'
+fi
+
+{{ end - }}

home/dot_config/clamd/clamd-freshclam.service

@@ -0,0 +1,13 @@
+# Run freshclam as a daemon.
+[Unit]
+Description = ClamAV Freshclam service.
+After = network.target
+
+[Service]
+Type = forking
+ExecStart = /usr/bin/freshclam --daemon --checks 2
+Restart = on-failure
+PrivateTmp = true
+
+[Install]
+WantedBy=multi-user.target

home/dot_config/rkhunter/cron

@@ -0,0 +1,41 @@
+#!/bin/sh
+
+RKHUNTER=/usr/bin/rkhunter
+
+test -x $RKHUNTER || exit 0
+
+# source our config
+. /etc/rkhunter.conf
+
+if [ -z "$NICE" ]; then
+    NICE=0
+fi
+
+if [ -z "$RUN_CHECK_ON_BATTERY" ]; then
+    RUN_CHECK_ON_BATTERY="false"
+fi
+
+# Do not run daily check if running on battery except if explicitely allowed
+if [ -x /usr/bin/on_ac_power >/dev/null 2>&1 ]; then
+    on_ac_power >/dev/null 2>&1
+    [ $? -eq 1 -a "$RUN_CHECK_ON_BATTERY" != "true" ] && exit 0
+fi
+
+case "$CRON_DAILY_RUN" in
+     [YyTt]*)
+        OUTFILE=`mktemp` || exit 1
+        /usr/bin/nice -n $NICE $RKHUNTER --cronjob --report-warnings-only --appendlog > $OUTFILE
+        if [ -s "$OUTFILE" -a -n "$REPORT_EMAIL" ]; then
+          (
+            echo "Subject: [rkhunter] $(hostname) - Daily report"
+            echo "To: $REPORT_EMAIL"
+            echo ""
+            cat $OUTFILE
+          ) | /usr/sbin/mailx $REPORT_EMAIL
+        fi
+        rm -f $OUTFILE
+        ;;
+      *)
+       exit 0
+       ;;
+esac

software.yml

@@ -5123,6 +5123,7 @@ softwarePackages:
     _github: https://github.com/netdata/netdata
     _home: https://www.netdata.cloud/
     _name: Netdata
+    _service: netdata
     ansible: professormanhattan.netdata
     brew: netdata
     pacman: netdata