Latest

home/dot_local/bin/post-installx/executable_post-cloudflared.sh

@@ -1,6 +1,8 @@
 #!/usr/bin/env bash
 # @file Cloudflared Configuration
 # @brief Applies cloudflared configuration, connects to Argo tunnel with managed configuration, and enables it on system start
+# @description
+#     1. Skips the deletion of a tunnel when it is currently in use
 
 if command -v cloudflared > /dev/null; then
   # Show warning message about ~/.cloudflared already existing
@@ -17,20 +19,35 @@ if command -v cloudflared > /dev/null; then
   ### Remove previous tunnels connected to host
   while read TUNNEL_ID; do
     logg info "Deleteing CloudFlared tunnel ID $TUNNEL_ID"
-    sudo cloudflared tunnel delete "$TUNNEL_ID"
-    sudo rm -f "/usr/local/etc/cloudflared/${TUNNEL_ID}.json"
+    unset TUNNEL_EXIT_CODE
+    sudo cloudflared tunnel delete "$TUNNEL_ID" || TUNNEL_EXIT_CODE=$?
+    if [ -z "$TUNNEL_EXIT_CODE" ]; then
+      logg info "Removing credentials for $TUNNEL_ID which is not in use"
+      sudo rm -f "/usr/local/etc/cloudflared/${TUNNEL_ID}.json"
+    else
+      logg success "Skipping deletion of $TUNNEL_ID credentials since it is in use"
+    fi
   done< <(sudo cloudflared tunnel list | grep "host-$HOSTNAME" | sed 's/ .*//')
 
   ### Register tunnel (if not already registered)
   logg info "Creating CloudFlared tunnel named host-$HOSTNAME"
   sudo cloudflared tunnel create "host-$HOSTNAME"
 
+  ### Acquire TUNNEL_ID and symlink credentials.json
   TUNNEL_ID="$(sudo cloudflared tunnel list | grep "host-$HOSTNAME" | sed 's/ .*//')"
   logg info "Tunnel ID: $TUNNEL_ID"
   logg info "Symlinking /usr/local/etc/cloudflared/$TUNNEL_ID.json to /usr/local/etc/cloudflared/credentials.json"
   sudo rm -f /usr/local/etc/cloudflared/credentials.json
   sudo ln -s /usr/local/etc/cloudflared/$TUNNEL_ID.json /usr/local/etc/cloudflared/credentials.json
 
+  ### Configure DNS
+  # Must be deleted manually if no longer used
+  logg info 'Setting up DNS records for CloudFlare Argo tunnels'
+  while read DOMAIN; do
+    logg info "Setting up $DOMAIN for access through cloudflared"
+    sudo cloudflared tunnel route dns "$TUNNEL_ID" "$DOMAIN" && logg success "Successfully routed $DOMAIN to this machine's cloudflared Argo tunnel"
+  done< <(yq '.ingress[].hostname' config.yml)
+
   ### Set up service
   if [ -d /Applications ] && [ -d /System ]; then
     ### macOS

home/dot_local/bin/post-installx/executable_post-tor.sh

@@ -29,17 +29,25 @@ TORRC_CONFIG="$TORRC_CONFIG_DIR/torrc"
 if command -v torify > /dev/null; then
   if [ -d  "$TORRC_CONFIG_DIR" ]; then
     ### Copy the configuration from `${XDG_CONFIG_HOME:-$HOME/.config}/tor/torrc` to the system configuration file location
+    logg info "Copying ${XDG_CONFIG_HOME:-$HOME/.config}/tor/torrc to $TORRC_CONFIG"
     sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/tor/torrc" "$TORRC_CONFIG"
     sudo chmod 600 "$TORRC_CONFIG"
     ### Enable and restart the Tor service
     if [ -d /Applications ] && [ -d /System ]; then
       ### macOS
-      brew services restart tor
+      if [ -d "${HOMEBREW_PREFIX:-/opt/homebrew}/etc/tor" ] && [ ! -f "${HOMEBREW_PREFIX:-/opt/homebrew}/etc/tor/torrc" ]; then
+        logg info "Symlinking /usr/local/etc/tor/torrc to ${HOMEBREW_PREFIX:-/opt/homebrew}/etc/tor/torrc"
+        ln -s /usr/local/etc/tor/torrc "${HOMEBREW_PREFIX:-/opt/homebrew}/etc/tor/torrc"
+      fi
+      logg info 'Running brew services restart tor'
+      brew services restart tor && logg success 'Tor successfully restarted'
     else
       if [[ ! "$(test -d /proc && grep Microsoft /proc/version > /dev/null)" ]]; then
         ### Linux
+        logg info 'Running sudo systemctl enable / restart tor'
         sudo systemctl enable tor
         sudo systemctl restart tor
+        logg success 'Tor service enabled and restarted'
       else
         logg info 'Environment is WSL so the Tor systemd service will not be enabled / restarted'
       fi

home/dot_local/bin/post-installx/executable_post-wazuh.sh

@@ -4,26 +4,24 @@
 
 if [ -d /Applications ] && [ -d /System ]; then
     ### macOS
-    cd /tmp
     logg info 'Downloading the macOS Wazuh agent pkg'
     if [[ $(uname -m) == 'arm64' ]]; then
         PKG_URL="https://packages.wazuh.com/4.x/macos/wazuh-agent-4.7.4-1.arm64.pkg"
     else
         PKG_URL="https://packages.wazuh.com/4.x/macos/wazuh-agent-4.7.4-1.intel64.pkg"
     fi
-    curl -sSL "$PKG_URL" > wazuh-agent.pkg
+    wget -q "$PKG_URL" -O /tmp/wazuh-agent.pkg &> /dev/null
     logg info 'Setting Wazuh launch parameters in /tmp/wazuh_envs'
     # https://documentation.wazuh.com/current/user-manual/agent/deployment-variables/deployment-variables-macos.html
-    echo "WAZUH_MANAGER='$WAZUH_MANAGER' && WAZUH_REGISTRATION_SERVER='$WAZUH_MANAGER' && WAZUH_REGISTRATION_PASSWORD='WazuhRegister' && \
-WAZUH_AGENT_NAME='$WAZUH_AGENT_NAME'" > /tmp/wazuh_envs
+    echo "WAZUH_MANAGER="$WAZUH_MANAGER" && WAZUH_REGISTRATION_SERVER="$WAZUH_MANAGER" && WAZUH_REGISTRATION_PASSWORD="WazuhRegister" && WAZUH_AGENT_NAME="$WAZUH_AGENT_NAME"" > /tmp/wazuh_envs
     logg info 'Installing the Wazuh agent pkg'
-    sudo installer -pkg wazuh-agent.pkg -target /
+    sudo installer -pkg /tmp/wazuh-agent.pkg -target /
     sudo chmod 755 /Library/Ossec
     sudo chmod 755 /Library/Ossec/bin
     find "/Library/Ossec/bin" -mindepth 1 -maxdepth 1 -type f | while read BIN_FILE; do
         sudo chmod +x "$BIN_FILE"
     done
-    rm /tmp/wazuh-agent.pkg
+    rm -f /tmp/wazuh-agent.pkg
     logg info 'Running sudo wazuh-control start'
     sudo wazuh-control start
 else