home/.chezmoiscripts/universal/run_after_01-pre-install.sh.tmpl

#!/usr/bin/env bash
# @file Pre-Install Routine
# @brief Runs various scripts that can be safely run early in the bootstrapping process

{{ includeTemplate "universal/profile" }}
{{ includeTemplate "universal/logg" }}

# @description Copies the `~/.config/shell/exports.sh` file to `/etc/zshenv` so that non-interactive ZSH sessions have all of the same
#     environment PATH variables as interactive sessions. This was initially required to make Cakebrew work on macOS.
addZshEnv() {
  ### Ensure /etc/zshenv is populated
  # No equivalent type of file for Bash
  logg info "Copying ${XDG_CONFIG_HOME:-$HOME/.config}/shell/exports.sh to /etc/zshenv" && sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/shell/exports.sh" /etc/zshenv
}

# @description Ensures fonts are available at the system level and, on Linux, it configures the system font settings.
applyFontsToSystem() {
  ### Sync user fonts with system fonts
  if [ -d /Applications ] && [ -d /System ]; then
    ### macOS
    logg info 'Copying fonts from ~/Library/Fonts and ~/.local/share/fonts to /Library/Fonts to make them available globally'
    FONT_DIR='/Library/Fonts'
    ### ~/Library/Fonts
    if [ -d "$HOME/Library/Fonts" ]; then
      logg info "Syncing $HOME/Library/Fonts to $FONT_DIR" && sudo rsync -av "$HOME/Library/Fonts" "$FONT_DIR"
    fi
    ### ~/.local/share/fonts
    if [ -d "${XDG_DATA_HOME:-$HOME/.local/share}/fonts" ]; then
      logg info "Syncing ${XDG_DATA_HOME:-$HOME/.local/share}/fonts to $FONT_DIR" && sudo rsync -av "${XDG_DATA_HOME:-$HOME/.local/share}/fonts" "$FONT_DIR"
    fi
  else
    ### Linux
    ### Copy fonts
    logg info 'Copying fonts from ~/.local/share/fonts to /usr/local/share/fonts to make them available globally'
    FONT_DIR='/usr/local/share/fonts'
    sudo rsync -av "${XDG_DATA_HOME:-$HOME/.local/share}/fonts" "$FONT_DIR"

    ### Configure system font properties
    if [ -d /etc/fonts ]; then
      logg info 'Copying ~/.config/fontconfig/fonts.conf to /etc/fonts/local.conf'
      sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/fontconfig/fonts.conf" /etc/fonts/local.conf
    else
      logg warn 'The /etc/fonts directory is missing'
    fi
  fi
}

# @description Applies various `dconf`, `xconf`, etc. settings to Linux systems
applyLinuxConfSettings() {
  if [ "{{ .host.distro.family }}" = "linux" ] && command -v apply-linux-conf-settings > /dev/null; then
    apply-linux-conf-settings
  fi
}

# @description
#     This script applies various themes to Linux systems that use GNOME or KDE.
applyLinuxThemeFiles() {
  if [ "{{ .host.distro.family }}" = "linux" ]; then
    ### Ensure /usr/local/bin/squash-symlink is present
    if [ ! -f /usr/local/bin/squash-symlink ] && [ -f "$HOME/.local/bin/squash-symlink" ]; then
      logg info 'Copying ~/.local/bin/squash-symlink to /usr/local/bin/squash-symlink'
      sudo cp -f "$HOME/.local/bin/squash-symlink" /usr/local/bin/squash-symlink
      sudo chmod +x /usr/local/bin/squash-symlink
    fi

    ### Clean up system theme settings
    for ITEM_TO_BE_REMOVED in "/usr/share/backgrounds/images" "/usr/share/backgrounds/f32" "/usr/share/backgrounds/qubes" "/usr/share/wallpapers"; do
      if [ -d "$ITEM_TO_BE_REMOVED" ] || [ -f "$ITEM_TO_BE_REMOVED" ]; then
        sudo rm -rf "$ITEM_TO_BE_REMOVED"
        logg success "Removed $ITEM_TO_BE_REMOVED"
      fi
    done

    ### Ensure /usr/local/share exists
    if [ ! -d /usr/local/share ]; then
      sudo mkdir -p /usr/local/share
      logg success 'Created /usr/local/share'
    fi

    ### Copy theme files over to /usr/local/share
    if [ -d "$HOME/.local/src/{{ .theme | lower }}/share" ]; then
      logg info 'Copying ~/.local/src/{{ .theme | lower }}/share to /usr/local/share'
      sudo rsync --chown=root:root --chmod=Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r -artvu --inplace "${XDG_DATA_HOME:-$HOME/.local/share}/betelgeuse/share/" "/usr/local/share/" > /dev/null
    else
      logg warn '~/.local/share/betelgeuse/share is missing'
    fi

    ### Flatten GRUB theme files (i.e. convert symlinks to regular files)
    if command -v squash-symlink > /dev/null; then
      logg info 'Converting /usr/local/share/grub symlinks to equivalent regular files'
      sudo find /usr/local/share/grub -type l -exec squash-symlink {} +
    else
      logg warn 'squash-symlink is not a script in the PATH'
    fi

    ### Ensure /usr/share/backgrounds/default.png is deleted
    if [ -f /usr/share/backgrounds/default.png ]; then
      sudo rm -f /usr/share/backgrounds/default.png
    fi

    ### Add the default image symlink based on the OS
    if [ '{{ .host.distro.id }}' == 'archlinux' ]; then
      sudo ln -s /usr/local/share/wallpapers/Betelgeuse-Archlinux/contents/source.png /usr/share/backgrounds/default.png
    elif [ '{{ .host.distro.id }}' == 'centos' ]; then
      sudo ln -s /usr/local/share/wallpapers/Betelgeuse-CentOS/contents/source.png /usr/share/backgrounds/default.png
    elif [ '{{ .host.distro.id }}' == 'darwin' ]; then
      sudo ln -s /usr/local/share/wallpapers/Betelgeuse-macOS/contents/source.png /usr/share/backgrounds/default.png
    elif [ '{{ .host.distro.id }}' == 'debian' ]; then
      sudo ln -s /usr/local/share/wallpapers/Betelgeuse-Debian/contents/source.png /usr/share/backgrounds/default.png
    elif [ '{{ .host.distro.id }}' == 'fedora' ]; then
      sudo ln -s /usr/local/share/wallpapers/Betelgeuse-Fedora/contents/source.png /usr/share/backgrounds/default.png
    elif [ '{{ .host.distro.id }}' == 'ubuntu' ]; then
      sudo ln -s /usr/local/share/wallpapers/Betelgeuse-Ubuntu/contents/source.png /usr/share/backgrounds/default.png
    elif [ '{{ .host.distro.id }}' == 'windows' ]; then
      sudo ln -s /usr/local/share/wallpapers/Betelgeuse-Windows/contents/source.png /usr/share/backgrounds/default.png
    else
      sudo ln -s /usr/local/share/wallpapers/Betelgeuse/contents/source.png /usr/share/backgrounds/default.png
    fi

    ### Note: ubuntu-default-greyscale-wallpaper.png symlink to whiteish gray background

    ### Set appropriate platform-specific icon in plymouth theme
    if [ -f '/usr/local/share/plymouth/themes/{{ .theme }}/icons/{{ .host.distro.id }}.png' ]; then
      sudo cp -f '/usr/local/share/plymouth/themes/{{ .theme }}/icons/{{ .host.distro.id }}.png' '/usr/local/share/plymouth/themes/{{ .theme }}/icon.png'
      logg success 'Added platform-specific icon to {{ .theme }} Plymouth theme'
    else
      logg warn 'The {{ .host.distro.id }}.png icon is not available in the icons folder insider the {{ .theme }} Plymouth theme'
    fi
  fi
}

# @description
#     This script configures the root user's folder so that scripts running as the root user can:
#
#     1. Access binaries installed by the provisioning user (by setting the appropriate `~/.bashrc` and `~/.zshrc` symlinks)
#     2. Use the same shell profile rules that the provisioning user uses (by symlinking the `~/.config/shell`, `~/.bashrc`, and `~/.zshrc` locations)
applyRootConfig() {
  ### Detect root folder
  if [ -d /var/root ]; then
    ROOT_FOLDER="/var/root"
  elif [ -d /root ]; then
    ROOT_FOLDER="/root"
  else
    logg warn 'Unable to find root user folder location'
  fi

  if [ -n "$ROOT_FOLDER" ]; then
    ### Copy minimal set of profile configuration files
    logg info "Copying ~/.bashrc to $ROOT_FOLDER/.bashrc" && sudo cp -f "$HOME/.bashrc" "$ROOT_FOLDER/.bashrc"
    logg info "Copying ~/.zshrc to $ROOT_FOLDER/.zshrc" && sudo cp -f "$HOME/.zshrc" "$ROOT_FOLDER/.zshrc"
    logg info "Ensuring ~/.config folder exists" && sudo mkdir -p "$ROOT_FOLDER/.config"
    logg info "Copying ~/.config/shell to $ROOT_FOLDER/.config/shell" && sudo mkdir -p "$ROOT_FOLDER/.config" && sudo rm -rf "$ROOT_FOLDER/.config/shell" && sudo cp -rf "$HOME/.config/shell" "$ROOT_FOLDER/.config/shell"
    
    ### Copy Autorestic configurations
    logg info "Copying ${XDG_CONFIG_HOME:-$HOME/.config}/autorestic/autorestic-system.yml file to $ROOT_FOLDER/.autorestic.yml" && sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/autorestic/autorestic-system.yml" "$ROOT_FOLDER/.autorestic.yml"
    logg info "Applying proper permissions to $ROOT_FOLDER/.autorestic.yml" && sudo chmod 600 "$ROOT_FOLDER/.autorestic.yml"
  fi
}

# @description
#     This function ensures the macOS desktop wallpaper is set to the macOS Betelgeuse wallpaper. It uses the
#     `m` CLI to apply the change.
#
#     This function ensures the Qubes desktop wallpaper is set to the Qubes Betelgeuse wallpaper on KDE by
#     using the `ksetwallpaper` script found in `~/.local/bin/ksetwallpaper`.
applyWallpaper() {
  {{ if (eq .host.distro.id "qubes") -}}
  logg info 'Setting wallpaper to /usr/local/share/wallpapers/Betelgeuse/contents/images/3440x1440.jpg'
  ksetwallpaper --file /usr/local/share/wallpapers/Betelgeuse/contents/images/3440x1440.jpg
  {{ else -}}
  ### Set macOS wallpaper
  if command -v m > /dev/null && [ -f "${XDG_DATA_HOME:-$HOME/.local/share}/betelgeuse/share/wallpapers/Betelgeuse-macOS/contents/source.png" ]; then
    logg info 'Setting macOS wallpaper with m'
    m wallpaper "${XDG_DATA_HOME:-$HOME/.local/share}/betelgeuse/share/wallpapers/Betelgeuse-macOS/contents/source.png"
  else
    logg warn 'Either m or the macOS default wallpaper is missing.'
  fi
  {{ end -}}
}

### Helper function for configureNetworkManager
ensureNetworkConfigs() {
  if [ ! -d /etc/network/if-up.d ]; then
    logg info 'Creating /etc/network/if-up.d folder'
    sudo mkdir -p /etc/network/if-up.d
  fi
  if [ ! -d /etc/network/if-post-down.d ]; then
    logg info 'Creating /etc/network/if-post.d folder'
    sudo mkdir -p /etc/network/if-post.d
  fi
}

# @description
#     This script installs OpenVPN and WireGuard VPN profiles. It does a few things to install the profiles and make sure
#     they are usable by desktop users:
#
#     1. It ensures OpenVPN and `NetworkManager-*` plugins are installed (this allows you to see all the different VPN profile types available when you try to import a VPN profile on Linux devices)
#     2. Imports the OpenVPN profiles stored in `${XDG_CONFIG_HOME:-$HOME/.config}/vpn`
#     3. Applies the OpenVPN username and password to all the OpenVPN profiles (which can be passed in as `OVPN_USERNAME` and `OVPN_PASSWORD` if you use the environment variable method)
#     4. Bypasses the OpenVPN connection for all the networks defined in `.host.vpn.excludedSubnets` (in the `home/.chezmoi.yaml.tmpl` file)
#     5. Repeats the process for WireGuard by looping through all the `*.nmconnection` files stored in `${XDG_CONFIG_HOME:-$HOME/.config}/vpn` (username and password should already be stored in the encrypted files)
#
#     #### Creating VPN Profiles
#
#     More details on embedding your VPN profiles into your Install Doctor fork can be found by reading the [Secrets documentation](https://install.doctor/docs/customization/secrets#vpn-profiles).
#
#     #### Links
#
#     * [VPN profile folder](https://github.com/megabyte-labs/install.doctor/blob/master/home/dot_config/vpn)
#     * [VPN profile documentation](https://install.doctor/docs/customization/secrets#vpn-profiles)
configureNetworkManagerVPNProfiles() {
  if [ "{{ .host.distro.family }}" = "linux" ]; then
    {{ $ovpnUsername := (env "OVPN_USERNAME") }}
    {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "OVPN_USERNAME")) }}
    {{   $ovpnUsername := (includeTemplate "secrets/OVPN_USERNAME" | decrypt | trim) }}
    {{ end }}

    {{ $ovpnPassword := (env "OVPN_PASSWORD") }}
    {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "OVPN_PASSWORD")) }}
    {{   $ovpnPassword := (includeTemplate "secrets/OVPN_PASSWORD" | decrypt | trim) }}
    {{ end }}

    RESTART_NM=false

    ### Ensure `NetworkManager` plugins are
    # NOTE: By default, all the NetworkManager plugins are installed.
    if command -v apt-get > /dev/null; then
      sudo apt-get install -y network-manager*
    elif command -v dnf > /dev/null; then
      sudo dnf install -y openvpn NetworkManager*
    elif command -v pacman > /dev/null; then
      sudo pacman -Syu openvpn networkmanager*
    else
      logg warn 'Unknown package manager - install OpenVPN / WireGuard / NetworkManager plugins individually'
    fi

    ### Ensures `nmcli` (the CLI for NetworkManager) is available in the `PATH`
    if command -v nmcli > /dev/null; then
      ### Sets up OpenVPN profiles
      if [ '{{ $ovpnUsername }}' != '' ] && [ '{{ $ovpnPassword }}' != '' ]; then
        find "${XDG_CONFIG_HOME:-$HOME/.config}/vpn" -type f -name "*.ovpn" | while read OVPN_FILE; do
          ### Adds the OpenVPN profiles by importing the `*.ovpn` files in `${XDG_CONFIG_HOME:-$HOME/.config}/vpn` and then applying the OpenVPN username and password
          logg info "Adding $OVPN_FILE to NetworkManager OpenVPN profiles"
          OVPN_NAME="$(basename "$OVPN_FILE" | sed 's/.ovpn$//')"
          nmcli connection import type openvpn file "$OVPN_FILE"
          nmcli connection modify "$OVPN_NAME" +vpn.data 'username={{- $ovpnUsername }}'
          nmcli connection modify "$OVPN_NAME" vpn.secrets 'password={{- $ovpnPassword }}'
          nmcli connection modify "$OVPN_NAME" +vpn.data password-flags=0

          ### Register the excluded subnets in the routeadd / routedel files
          for EXCLUDED_SUBNET in '{{ join "' '" .host.vpn.excludedSubnets }}'; do
            ensureNetworkConfigs
            nmcli connection modify "$OVPN_NAME" +ipv4.routes "$EXCLUDED_SUBNET" | sudo tee -a /etc/network/if-up.d/routeadd
            nmcli connection modify "$OVPN_NAME" -ipv4.routes "$EXCLUDED_SUBNET" | sudo tee -a /etc/network/if-post-down.d/routedel
          done
          RESTART_NM=true
        done
      else
        logg info 'Either the OpenVPN username or password is undefined.'
        logg info 'See the docs/VARIABLES.md file for details.'
      fi

      {{ if (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) }}
      ### Setup WireGuard profiles
      if [ -d /etc/NetworkManager/system-connections ]; then
        find "${XDG_CONFIG_HOME:-$HOME/.config}/vpn" -type f -name "*.nmconnection" | while read WG_FILE; do
          ### Ensure the WireGuard NetworkManager plugin is available
          if [ ! -d /usr/lib/NetworkManager/nm-wireguard-service ]; then
            logg info 'The nm-wireguard-service is not present'
            logg info 'Installing the nm-wireguard-service'
          fi

          ### Add the WireGuard profiles
          logg info "Adding $WG_FILE to /etc/NetworkManager/system-connections"
          WG_FILENAME="$(basename "$WG_FILE")"
          chezmoi decrypt "$WG_FILE" | sudo tee "/etc/NetworkManager/system-connections/$WG_FILENAME"

          ### Register the excluded subnets in the routeadd / routedel files
          for EXCLUDED_SUBNET in '{{ join "' '" .host.vpn.excludedSubnets }}'; do
            ensureNetworkConfigs
            WG_PROFILE_NAME="$(echo "$WG_FILENAME" | sed 's/.nmconnection$//')"
            nmcli connection modify "$WG_PROFILE_NAME" +ipv4.routes "$EXCLUDED_SUBNET" | sudo tee -a /etc/network/if-up.d/routeadd
            nmcli connection modify "$WG_PROFILE_NAME" -ipv4.routes "$EXCLUDED_SUBNET" | sudo tee -a /etc/network/if-post-down.d/routedel
          done
          RESTART_NM=true
        done
      else
        logg warn '/etc/NetworkManager/system-connections is not a directory!'
      fi
      {{ end -}}

      ### Restart NetworkManager if changes were made and environment is not WSL
      if [ "$RESTART_NM" == 'true' ] && [[ ! "$(test -d proc && grep Microsoft /proc/version > /dev/null)" ]]; then
        logg info 'Restarting NetworkManager since VPN profiles were updated'
        sudo service NetworkManager restart
      fi
    else
      logg warn 'nmcli is unavailable'
    fi
  fi
}

# @description
#     This script applies the SSH server MOTD banner and `sshd_config` (which are housed in the `home/private_dot_ssh/system` location)
#     to the system by copying the files to the system location and then restarting / enabling the system SSH server.
#
#     #### Links
#
#     * [System SSHD configurations](https://github.com/megabyte-labs/install.doctor/tree/master/home/private_dot_ssh/system)
configureSSHD() {
  ### Update /etc/ssh/sshd_config if environment is not WSL
  if [[ ! "$(test -d /proc && grep Microsoft /proc/version > /dev/null)" ]]; then
    if [ -d /etc/ssh ]; then
      logg info 'Copying ~/.ssh/system/banner to /etc/ssh/banner' && sudo cp -f "$HOME/.ssh/system/banner" /etc/ssh/banner
      logg info 'Copying ~/.ssh/system/sshd_config to /etc/ssh/sshd_config' && sudo cp -f "$HOME/.ssh/system/sshd_config" /etc/ssh/sshd_config

      if command -v semanage > /dev/null; then
        logg info 'Apply SELinux configuration addressing custom SSH port' && sudo semanage port -a -t ssh_port_t -p tcp {{ .host.ssh.port }}
        logg info 'Allow NIS SSHD' && sudo setsebool -P nis_enabled 1
      fi

      ### Ensure keys are created
      logg info 'Running sudo ssh-keygen -A' && sudo ssh-keygen -A

      ### Restart SSH server
      if [ -d /Applications ] && [ -d /System ]; then
        ### macOS
        logg info 'Running sudo systemsetup -setremotelogin on' && sudo systemsetup -setremotelogin on > /dev/null
        logg info 'Running sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist' && sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist 2> /dev/null
        logg info 'Running sudo launchctl stop com.openssh.sshd' && sudo launchctl stop com.openssh.sshd
        logg info 'Running sudo launchctl start com.openssh.sshd' && sudo launchctl start com.openssh.sshd && logg info 'Successfully ran launchctl start com.openssh.sshd'
      else
        ### Linux
        logg info 'Enabling the sshd service'
        sudo systemctl enable sshd
        logg info 'Restarting the sshd service'
        sudo systemctl restart sshd && logg info 'Successfully ran sudo systemctl restart sshd'
      fi
    else
      logg warn 'The /etc/ssh folder does not exist'
    fi
  else
    logg info 'Skipping sshd_config application since environment is WSL'
  fi
}

# @description
#     This script allows you to apply `dconf` settings that you can store in your fork of Install Doctor. By default,
#     it makes a handful of `dconf` settings optimizations.
dconfSettings() {
  if command -v dconf > /dev/null; then
    ### Update background to be OS-specific
    if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/dconf/settings/org.gnome.desktop.background" ]; then
      logg info 'Checking for presence of /usr/local/share/wallpapers/Betelgeuse-{{ title .host.distro.id }}/contents/source.jpg'
      if [ -f /usr/local/share/wallpapers/Betelgeuse-{{ title .host.distro.id }}/contents/source.jpg ]; then
        logg info "Updating ${XDG_CONFIG_HOME:-$HOME/.config}/dconf/settings/org.gnome.desktop.background to point to OS-specific background"
        TMP="$(mktemp)"
        sed 's/Betelgeuse/Betelgeuse-{{ title .host.distro.id }}/g' < "${XDG_CONFIG_HOME:-$HOME/.config}/dconf/settings/org.gnome.desktop.background" > "$TMP"
        mv "$TMP" "${XDG_CONFIG_HOME:-$HOME/.config}/dconf/settings/org.gnome.desktop.background"
      else
        logg info 'OS-specific background not found'
      fi
    fi

    ### Backup system settings
    DCONF_TMP="$(mktemp)"
    dconf dump / > "$DCONF_TMP"
    logg info 'Backed up system dconf settings to '"$DCONF_TMP"

    ### Reset system settings / load saved configurations from ~/.config/dconf/settings
    if [ -d "${XDG_CONFIG_HOME:-$HOME/.config}/dconf/settings" ]; then
      find "${XDG_CONFIG_HOME:-$HOME/.config}/dconf/settings" -mindepth 1 -maxdepth 1 -type f | while read DCONF_CONFIG_FILE; do
        if [ "$DEBUG_MODE" == 'true' ]; then
          logg info 'Dconf configuration file:'
          echo "$DCONF_CONFIG_FILE"
        fi
        DCONF_SETTINGS_ID="/$(basename "$DCONF_CONFIG_FILE" | sed 's/\./\//g')/"
        if [ "$DEBUG_MODE" == 'true' ]; then
          logg info 'Dconf settings ID:'
          echo "$DCONF_SETTINGS_ID"
        fi
        ### Reset dconf settings if environment variable RESET_DCONF is set to true
        if [ "$RESET_DCONF" == 'true' ]; then
          logg info 'Resetting dconf settings for '"$DCONF_SETTINGS_ID"''
          dconf reset -f "$DCONF_SETTINGS_ID"
        fi
        logg info 'Loading versioned dconf settings for '"$DCONF_SETTINGS_ID"''
        dconf load "$DCONF_SETTINGS_ID" < "$DCONF_CONFIG_FILE"
        logg success 'Finished applying dconf settings for '"$DCONF_SETTINGS_ID"''
      done
    else
      logg warn '~/.config/dconf/settings does not exist!'
    fi
  fi
}

# @description
#     This script decrypts the SSH key files that are housed in the `home/.chezmoitemplates/ssh` section of the repository.
#     It loops through all the files in `home/.chezmoitemplates/ssh` and stores them to the `~/.ssh` folder
#     when they are successfully decrypted.
#
#     This script generates a pair of default `id_rsa` and `id_rsa.pub` keys if one is not already present
#     on the system after the Install Doctor provisioning process completes. It also ensures the private
#     key is only readable and writable the provisioning user.
decryptSSHKeys() {
  ### Unpack existing encrypted keys
  logg info 'Decrypting SSH keys stored in the home/.chezmoitemplates/ssh folder of the Install Doctor repo / fork.'
  find "{{ .chezmoi.sourceDir }}/.chezmoitemplates/ssh" -type f | while read SSH_FILE; do
    ### Decrypt SSH file with Chezmoi
    logg info "Decrypting the $(basename "$SSH_FILE") encrypted SSH file"
    chezmoi decrypt "$SSH_FILE" > "$HOME/.ssh/$(basename "$SSH_FILE")" || EXIT_CODE=$?

    ### Handle failed decryption with warning log message
    if [ -n "$EXIT_CODE" ]; then
      logg warn "Unable to decrypt the file stored in $SSH_FILE"
    fi

    ### Apply appropriate permission to decrypted ~/.ssh file
    if [ -f "$HOME/.ssh/$(basename "$SSH_FILE")" ]; then
      logg info "Applying appropriate permissions on $HOME/.ssh/$(basename "$SSH_FILE")"
      chmod 600 "$HOME/.ssh/$(basename "$SSH_FILE")"
    fi
  done

  ### Ensure id_rsa is present and create one if it does not exist
  if [ ! -f "$HOME/.ssh/id_rsa" ]; then
    logg 'Generating missing default private key / public key (~/.ssh/id_rsa)'
    ssh-keygen -b 4096 -t rsa -f "$HOME/.ssh/id_rsa" -q -N ""
    chmod 600 "$HOME/.ssh/id_rsa"
  fi
}

# @description
#     This script installs and activates the latest version of Emscripten. This script
#     implements the [instructions outlined on Emscripten's website](https://emscripten.org/docs/getting_started/downloads.html#installation-instructions-using-the-emsdk-recommended).
#
#     This script will only run when `${XDG_DATA_HOME:-$HOME/.local/share}/emsdk` is present on the system. This folder
#     is populated via the definition in `home/.chezmoiexternal.toml.tmpl`.
emscriptenInstall() {
  if [ -d "${XDG_DATA_HOME:-$HOME/.local/share}/emsdk" ]; then
    logg info 'Pulling latest changes for Emscripten source code' && cd "${XDG_DATA_HOME:-$HOME/.local/share}/emsdk" && git pull
    logg info "Running emsdk install latest" && emsdk install latest > /dev/null
    logg info "Running emsdk activate latest" && emsdk activate latest > /dev/null
    logg info 'Profile source inclusions are already implemented in Bash / ZSH profile'
  fi
}

# @description
#     Adds auto-update feature to macOS that automatically downloads and installs updates. Also enables
#     an auto-update feature for Homebrew on macOS.
enableAutoUpdateDarwin() {
  if [ -d /Applications ] && [ -d /System ]; then
    ### Enable automated system updates on macOS
    if [ -f "$HOME/Library/LaunchDaemons/com.apple.automatedupdates.plist" ] && [ ! -f "/Library/LaunchDaemons/com.apple.automatedupdates.plist" ]; then
      logg info 'Configuring macOS to automatically apply system updates'
      sudo mkdir -p /Library/LaunchDaemons
      sudo cp -f "$HOME/Library/LaunchDaemons/com.apple.automatedupdates.plist" "/Library/LaunchDaemons/com.apple.automatedupdates.plist"
      logg info 'Loading /Library/LaunchDaemons/com.apple.automatedupdates.plist'
      sudo launchctl load "/Library/LaunchDaemons/com.apple.automatedupdates.plist" && logg success 'launchctl load successful'
    fi

    ### Enable Homebrew auto-update service
    if brew autoupdate status | grep 'Autoupdate is not configured.' > /dev/null; then
      logg info 'Enabling Homebrew auto-update service (every 24 hours)'
      brew autoupdate start --cleanup --greedy --upgrade
    fi
  fi
}

ensurePipUpdated() {
  ### python3.10 pip update
  if command -v python3.10 > /dev/null; then
    logg info 'Ensuring python3.10 pip is updated' && python3.10 -m pip install --upgrade pip > /dev/null &
    logg info 'Ensuring python3.10 setuptools is updated' && python3.10 -m pip install --upgrade setuptools > /dev/null &
  fi

  ### python3.11 pip update
  if command -v python3.11 > /dev/null; then
    logg info 'Ensuring python3.11 pip is updated' && python3.11 -m pip install --upgrade pip > /dev/null &
    logg info 'Ensuring python3.11 setuptools is updated' && python3.11 -m pip install --upgrade setuptools > /dev/null &
  fi

  ### python3.12 pip update
  # if command -v python3.12 > /dev/null; then
  #   logg info 'Ensuring python3.12 pip is updated' && python3.12 -m pip install --upgrade pip > /dev/null &
  # fi
  wait
}

# @description
#     This script modifies the `/etc/environment` file on Linux devices to include:
#
#     * `export QT_STYLE_OVERRIDE=kvantum-dark` which is required for the Linux GNOME / KDE themeing that relies on Kvantum.
ensureQtStyleOverride() {
  if [ ! -d /Applications ] || [ ! -d /System ]; then
    ### Linux
    ### Ensure QT_STYLE_OVERRIDE is set in /etc/environment
    logg info 'Ensuring QT_STYLE_OVERRIDE is set in /etc/environment'
    if cat /etc/environment | grep QT_STYLE_OVERRIDE > /dev/null; then
      sudo sed -i 's/.*QT_STYLE_OVERRIDE.*/export QT_STYLE_OVERRIDE=kvantum-dark/' /etc/environment
      logg info 'Updated QT_STYLE_OVERRIDE in /etc/environment'
    else
      echo 'export QT_STYLE_OVERRIDE=kvantum-dark' | sudo tee -a /etc/environment
      logg info 'Added QT_STYLE_OVERRIDE to /etc/environment'
    fi
  fi
}

# @description Run `gem update --system` if `gem` is available
ensureSystemGemUpdated() {
  ### Ensure gem is updated
  if command -v gem > /dev/null; then
    logg info 'Ensuring system gem is updated' && gem update --system > /dev/null
  else
    logg info 'Could not find gem in PATH so skipping gem system update'
  fi
}

# @description
#     This script ensures ZSH is used as the default shell by ensuring it is added to `/etc/shells`. The script
#     also ensures ZSH is available at `/usr/local/bin/zsh` on ARM64 systems by symlinking the Homebrew ZSH shell
#     to `/usr/local/bin/zsh` if it is missing.
ensureZshShell() {
  logg 'Ensuring ZSH is set as the default shell'
  if ! grep -qc "/usr/local/bin/zsh" /etc/shells; then
    echo "/usr/local/bin/zsh" | sudo tee -a /etc/shells > /dev/null
  fi

  if [ ! -f /usr/local/bin/zsh ] && [ -f "${HOMEBREW_PREFIX:-/opt/homebrew}/bin/zsh" ]; then
    sudo ln -sf "${HOMEBREW_PREFIX:-/opt/homebrew}/bin/zsh" /usr/local/bin/zsh
  fi
}

# @description
#     This script ensures your GNOME extensions come pre-configured to your liking. It provides the ability
#     to automatically install a configurable list of GNOME extensions as well as apply your preferred settings.
gnomeExtensionSettings() {
  if command -v gnome-shell > /dev/null; then
    ### Ensure /tmp/install-gnome-extensions.txt is not present on the system
    if [ -f /tmp/install-gnome-extensions.txt ]; then
      rm -f /tmp/install-gnome-extensions.txt
    fi

    ### Register temporary file for gnome.yml JSON
    if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/desktop/gnome.yml" ]; then
      TMP_YQ="$(mktemp)"
      cat "${XDG_CONFIG_HOME:-$HOME/.config}/desktop/gnome.yml" | yq e -o=j '.' > "$TMP_YQ"
    fi

    ### Populate /tmp/install-gnome-extensions.txt with GNOME extensions that need to be installed
    if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/desktop/gnome.yml" ]; then
      cat "$TMP_YQ" | jq -c '.default_gnome_extensions[] | tojson' | while read EXT; do
        TMP="$(mktemp)"
        echo "$EXT" | sed 's/^.\(.*\).$/\1/' > "$TMP"
        EXT_URL="$(cat "$TMP" | jq -r '.url')"
        EXT_ID="$(cat "$TMP" | jq -r '.regex')"
        echo "$EXT_URL" >> /tmp/install-gnome-extensions.txt
        if [ ! -d "${XDG_DATA_HOME:-$HOME/.local/share}/gnome-shell/extensions" ]; then
          mkdir -p "${XDG_DATA_HOME:-$HOME/.local/share}/gnome-shell/extensions"
        fi
        find "${XDG_DATA_HOME:-$HOME/.local/share}/gnome-shell/extensions" -mindepth 1 -maxdepth 1 -type d | while read EXT_FOLDER; do
          if [[ "$EXT_FOLDER" == *"$EXT_ID"* ]] && [ -f /tmp/install-gnome-extensions.txt ]; then
            TMP_EXT="$(mktemp)"
            head -n -1 /tmp/install-gnome-extensions.txt > "$TMP_EXT"
            mv -f "$TMP_EXT" /tmp/install-gnome-extensions.txt > /dev/null
          fi
        done
      done
    else
      logg warn 'The ~/.config/desktop/gnome.yml file is missing so GNOME extension install orders cannot be calculated'
    fi

    ### Remove /tmp/install-gnome-extensions.txt if it is empty
    if [ "$(cat /tmp/install-gnome-extensions.txt)" == "" ]; then
      rm -f /tmp/install-gnome-extensions.txt > /dev/null
    fi

    ### Install the GNOME extensions using the `install-gnome-extensions` script
    if command -v install-gnome-extensions > /dev/null; then
      if [ -f /tmp/install-gnome-extensions.txt ]; then
        logg info 'Running the install-gnome-extensions script'
        cd /tmp
        install-gnome-extensions --enable --overwrite --file /tmp/install-gnome-extensions.txt
        rm -f /tmp/install-gnome-extensions.txt
        logg success 'Finished installing the GNOME extensions'
      else
        logg info 'No new GNOME extensions to install'
      fi
    else
      logg warn 'Cannot install GNOME extensions because the install-gnome-extensions script is missing from ~/.local/bin'
    fi

    ### Apply plugin gsettings
    if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/desktop/gnome.yml" ]; then
      cat "$TMP_YQ" | jq -c '.default_gnome_extensions[] | tojson' | while read EXT; do
        if [ "$DEBUG_MODE" == 'true' ]; then
          logg info 'Extension data:'
          echo "$EXT"
        fi
        TMP="$(mktemp)"
        echo "$EXT" | sed 's/^.\(.*\).$/\1/' > "$TMP"
        EXT_URL="$(cat "$TMP" | jq -r '.url')"
        EXT_ID="$(cat "$TMP" | jq -r '.regex')"
        if [ "$DEBUG_MODE" == 'true' ]; then
          logg info 'Extension ID:'
          echo "$EXT_ID"
        fi
        EXT_SETTINGS_TYPE="$(cat "$TMP" | jq -r '.settings | type')"
        EXT_SETTINGS="$(cat "$TMP" | jq -r '.settings')"
        if [ "$EXT_SETTINGS" != 'null' ]; then
          logg info 'Evaluating extension settings for '"$EXT_ID"''
          if [ "$EXT_SETTINGS_TYPE" == 'array' ]; then
            cat "$TMP" | jq -r '.settings[]' | while read EXT_SETTING; do
              logg info 'Applying following extension setting:'
              echo "$EXT_SETTING"
              eval "$EXT_SETTING"
            done
          else
            logg info 'Applying following extension setting:'
            echo "$EXT_SETTINGS"
            eval "$EXT_SETTINGS"
          fi
          logg success 'Applied gsettings configuration for the '"$EXT_ID"' GNOME extension'
        fi
      done
    fi
  fi
}

# @description
#     This script configures GRUB2 with a custom theme on Linux systems.
grubSettings() {
  if [ "{{ .host.distro.family }}" = "linux" ]; then
    ### Fix Qubes issue
    if command -v qubesctl > /dev/null && [ -f /boot/grub2/grubenv ] && [ -d /boot/efi/EFI/qubes ]; then
      sudo cp -f /boot/grub2/grubenv /boot/efi/EFI/qubes/grubenv
      logg success 'Copied /boot/grub2/grubenv to /boot/efi/EFI/qubes/grubenv'
    fi

    ### Ensure /boot/grub2/themes is directory
    if [ ! -d /boot/grub2/themes ]; then
      sudo mkdir -p /boot/grub2/themes
      logg success 'Created /boot/grub2/themes'
    fi

    ### Copy GRUB theme to /boot/grub2/themes
    if [ -d /usr/local/share/grub/themes ]; then
      sudo cp -rf /usr/local/share/grub/themes /boot/grub2/
      logg success 'Copied GRUB themes in /usr/local/share/grub/themes to /boot/grub2/themes'
    else
      logg warn '/usr/local/share/grub/themes is missing'
    fi

    ### Set default GRUB screen resolution variables
    SCREEN_RATIO_ULTRAWIDE="2100"
    GRUB_RESOLUTION_TYPE="1080p"

    ### Determine screen size ratio (used for picking GRUB2 theme resolution)
    if command -v xrandr > /dev/null && command -v uniq > /dev/null; then
      SCREEN_WIDTH="$(xrandr --current | grep '*' | uniq | awk '{print $1}' | cut -d 'x' -f1)"
      SCREEN_HEIGHT="$(xrandr --current | grep '*' | uniq | awk '{print $1}' | cut -d 'x' -f2)"
      SCREEN_RATIO="$(awk -v height="$SCREEN_HEIGHT" -v width="$SCREEN_WIDTH" 'BEGIN { print ((height / width) * 1000) }')"
      SCREEN_RATIO="${SCREEN_RATIO%.*}"
      logg success "Screen detected as $SCREEN_WIDTH x $SCREEN_HEIGHT (ratio of $SCREEN_RATIO)"
      if (( $(echo "$SCREEN_RATIO $SCREEN_RATIO_ULTRAWIDE" | awk '{print ($1 > $2)}') )); then
        GRUB_RESOLUTION_TYPE="ultrawide"
        logg info 'GRUB resolution registered as ultrawide'
      fi
    else
      logg warn 'Missing either xrandr or uniq (required for calculating screen size ratio)'
    fi

    ### Optimize the GRUB resolution
    if [ -f /etc/default/grub ]; then
      ### GRUB_GFXMODE
      logg info 'Setting GRUB_GFXMODE=auto in /etc/default/grub'
      if cat /etc/default/grub | grep GRUB_GFX_MODE > /dev/null; then
        sudo sed -i 's/.*GRUB_GFXMODE.*/GRUB_GFXMODE=auto/' /etc/default/grub
      else
        echo "GRUB_GFXMODE=auto" | sudo tee -a /etc/default/grub > /dev/null
      fi

      ### GRUB_GFXPAYLOAD_LINUX
      logg info 'Setting GRUB_GFXPAYLOAD_LINUX=keep in /etc/default/grub'
      if cat /etc/default/grub | grep GRUB_GFXPAYLOAD_LINUX > /dev/null; then
        sudo sed -i 's/.*GRUB_GFXPAYLOAD_LINUX.*/GRUB_GFXPAYLOAD_LINUX="keep"/' /etc/default/grub
      else
        echo 'GRUB_GFXPAYLOAD_LINUX="keep"' | sudo tee -a /etc/default/grub > /dev/null
      fi

      ### GRUB_THEME
      logg info 'Setting GRUB_THEME={{ .theme }} in /etc/default/grub'
      if cat /etc/default/grub | grep GRUB_THEME > /dev/null; then
        sudo sed -i 's/.*GRUB_THEME.*/GRUB_THEME="{{ .theme }}-'"$GRUB_RESOLUTION_TYPE"'"/' /etc/default/grub
      else
        echo 'GRUB_THEME="{{ .theme }}-'"$GRUB_RESOLUTION_TYPE"'"' | sudo tee -a /etc/default/grub > /dev/null
      fi

      ### GRUB_BACKGROUND
      # Removed since the background should be flat black which is configurable
      # Leaving this code here in case we need to add a flat black image background for some reason
      # logg info 'Setting GRUB_BACKGROUND=/usr/local/share/grub/{{ .theme }}-blue.png in /etc/default/grub'
      # if cat /etc/default/grub | grep GRUB_BACKGROUND > /dev/null; then
      #     sudo sed -i 's/.*GRUB_BACKGROUND.*/GRUB_BACKGROUND="\/usr\/local\/share\/grub\/{{ .theme }}-blue.png"/' /etc/default/grub
      # else
      #     echo 'GRUB_BACKGROUND="/usr/local/share/grub/{{ .theme }}-blue.png"' | sudo tee -a /etc/default/grub > /dev/null
      # fi

      ### GRUB_TIMEOUT
      logg info 'Setting GRUB_TIMEOUT={{ .grub.timeout }} in /etc/default/grub'
      if cat /etc/default/grub | grep GRUB_TIMEOUT > /dev/null; then
        sudo sed -i 's/.*GRUB_TIMEOUT.*/GRUB_TIMEOUT="{{ .grub.timeout }}"/' /etc/default/grub
      else
        echo 'GRUB_TIMEOUT="{{ .grub.timeout }}"' | sudo tee -a /etc/default/grub > /dev/null
      fi

      ### GRUB_FORCE_HIDDEN_MENU
      logg info 'Setting GRUB_FORCE_HIDDEN_MENU={{ .grub.shiftToSee }} in /etc/default/grub'
      sudo sed -i '/GRUB_FORCE_HIDDEN_MENU/d' /etc/default/grub
      echo "GRUB_FORCE_HIDDEN_MENU={{ .grub.shiftToSee }}" | sudo tee -a /etc/default/grub > /dev/null

      ### Remove duplicate lines in /etc/default/grub
      logg info 'Ensuring there are no duplicate entries in /etc/default/grub'
      cat /etc/default/grub | uniq | sudo tee /etc/default/grub > /dev/null
    else
      logg warn '/etc/default/grub is missing'
    fi

    ### Determine platform-specific icon to use
    if command -v qubesctl > /dev/null; then
      GRUB_ICON='qubes'
    elif [ -f "/usr/local/share/grub/themes/{{ .theme }}-$GRUB_RESOLUTION_TYPE/icons/{{ .host.distro.id }}.png" ]; then
      GRUB_ICON='{{ .host.distro.id }}'
    elif [ -f "/usr/local/share/grub/themes/{{ .theme }}-$GRUB_RESOLUTION_TYPE/icons/{{ .host.distro.family }}.png" ]; then
      GRUB_ICON='{{ .host.distro.family }}'
    else
      GRUB_ICON='linux'
    fi

    ### Copy icon to GRUB2 theme folder
    # Check looks in /usr/local/share/grub because on some systems the /boot folder is behind permissions for non-root users
    if [ -f "/usr/local/share/grub/themes/{{ .theme }}-$GRUB_RESOLUTION_TYPE/icons/$GRUB_ICON.png" ]; then
      sudo cp -f /boot/grub2/themes/{{ .theme }}-$GRUB_RESOLUTION_TYPE/icons/$GRUB_ICON.png /boot/grub2/themes/{{ .theme }}-$GRUB_RESOLUTION_TYPE/icon.png
      logg success 'Copied platform-specific icon to GRUB2 theme folder'
    else
      logg warn "/boot/grub2/themes/{{ .theme }}-$GRUB_RESOLUTION_TYPE/icons/$GRUB_ICON.png is missing"
    fi

    ### Hide unnecessary Boot messages and Bliking cursor
    GRUB_DEFAULT_CMDLINE=$(grep 'GRUB_CMDLINE_LINUX_DEFAULT' /etc/default/grub)
    if [[ -n $GRUB_DEFAULT_CMDLINE ]]; then
      KERNEL_PARAMS_QUIET=$(echo "$GRUB_DEFAULT_CMDLINE" | grep 'quiet')
      logg info 'Updating GRUB_CMDLINE_LINUX_DEFAULT to hide log messages'
      if [[ -z $KERNEL_PARAMS_QUIET ]]; then
        sudo sed -i 's/^GRUB_CMDLINE_LINUX_DEFAULT="/GRUB_CMDLINE_LINUX_DEFAULT="quiet loglevel=3 systemd.show_status=auto rd.udev.log_level=3 vt.global_cursor_default=0 /' /etc/default/grub
      else
        NEW_KERNEL_PARAMS=$(echo $KERNEL_PARAMS_QUIET | sed -e "s/quiet/quiet loglevel=3 systemd.show_status=auto rd.udev.log_level=3 vt.global_cursor_default=0/")
        sudo sed -i "s/^GRUB_CMDLINE_LINUX_DEFAULT.*/${NEW_KERNEL_PARAMS}/" /etc/default/grub
      fi
    else
      logg info 'GRUB_CMDLINE_LINUX_DEFAULT was not present, adding one with parameters to hide log messages'
      echo 'GRUB_CMDLINE_LINUX_DEFAULT="quiet loglevel=3 systemd.show_status=auto rd.udev.log_level=3 vt.global_cursor_default=0"' | sudo tee -a /etc/default/grub > /dev/null
    fi


    ### Ensure grub2-mkconfig is available
    if ! command -v grub2-mkconfig > /dev/null; then
      if command -v grub-mkconfig > /dev/null; then
        sudo ln -s "$(which grub-mkconfig)" /usr/bin/grub2-mkconfig
      elif sudo which grub-mkconfig > /dev/null; then
        sudo ln -s "$(sudo which grub-mkconfig)" /usr/bin/grub2-mkconfig
      else
        logg warn 'Neither grub2-mkconfig or grub-mkconfig are available'
      fi
    fi

    ### Apply GRUB2 theme
    # Set export DEBUG_MODE=true to bypass GRUB2 / Plymouth application
    if [ "$DEBUG_MODE" != 'true' ]; then
      if command -v grub2-mkconfig > /dev/null; then
        if [ -d /sys/firmware/efi ]; then
          logg info 'Assuming system is UEFI-enabled since /sys/firmware/efi is present'
          if [ -f /boot/efi/EFI/qubes/grub.cfg ]; then
            logg info 'Running sudo grub2-mkconfig -o /boot/efi/EFI/qubes/grub.cfg'
            sudo grub2-mkconfig -o /boot/efi/EFI/qubes/grub.cfg
            logg success 'Applied GRUB2 theme'
          elif [ -f /boot/efi/EFI/grub.cfg ]; then
            logg info 'Running sudo grub2-mkconfig -o /boot/efi/EFI/grub.cfg'
            sudo grub2-mkconfig -o /boot/efi/EFI/grub.cfg
            logg success 'Applied GRUB2 theme'
          else
            logg warn 'Unknown GRUB2 configuration - not applying GRUB2 theme'
          fi
        else
          logg info 'Assuming system is non-UEFI since /sys/firmware/efi is not present'
          logg info 'Running sudo grub2-mkconfig -o /boot/grub2/grub.cfg'
          sudo grub2-mkconfig -o /boot/grub2/grub.cfg
          logg success 'Applied GRUB2 theme'
        fi
      elif [ -f /usr/sbin/update-grub ]; then
        logg info 'Running sudo update-grub'
        sudo update-grub
      else
        logg warn 'Unable to find appropriate GRUB mkconfig command'
      fi
    else
      logg info 'Skipping GRUB2 theme application because DEBUG_MODE is set to true'
    fi
  fi
}

# @description
#     This script sets the [Docker Rclone plugin](https://rclone.org/docker/) which allows you to mount Rclone mounts as Docker volumes
#
#     #### Docker Rclone
#
#     The Docker Rclone installation ensures necessary system directories are initialized / created. It also copies the [Docker Rclone configuration](https://github.com/megabyte-labs/install.doctor/blob/master/home/dot_config/rclone/private_docker-rclone.conf.tmpl)
#     to the proper system location.
installDockerRclonePlugin() {
  ### Docker Rclone plugin
  # Source: https://rclone.org/docker/
  # First, ensure Docker Rclone configuration exists (which only happens when the Chezmoi Age decryption key is present as well as keys for Rclone)
  if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/rclone/docker-rclone.conf" ]; then
    ### Ensure Docker Rclone plugin system folders exist
    logg info 'Ensure Docker Rclone plugin system folders exist'
    logg info 'Ensuring directory /var/lib/docker-plugins/rclone/config is created' && sudo mkdir -p /var/lib/docker-plugins/rclone/config
    logg info 'Ensuring directory /var/lib/docker-plugins/rclone/cache is created' && sudo mkdir -p /var/lib/docker-plugins/rclone/cache

    ### Copy Rclone configuration
    logg info "Copy the Rclone configuration from ${XDG_CONFIG_HOME:-$HOME/.config}/rclone/docker-rclone.conf to /var/lib/docker-plugins/rclone/config/rclone.conf"
    sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/rclone/docker-rclone.conf" /var/lib/docker-plugins/rclone/config/rclone.conf

    ### Install the Rclone Docker plugin (if not already installed)
    if ! sudo su -c 'docker plugin ls' - "$USER" | grep 'rclone:latest' > /dev/null; then
      sudo su -c 'docker plugin install rclone/docker-volume-rclone:amd64 args="-v" --alias rclone --grant-all-permissions' - "$USER"
    fi
  fi
}

installLocalBinPackageJson() {
  if [ -f "$HOME/.local/bin/package.json" ]; then
    logg info 'Installing NPM packages in ~/.local/bin/package.json'
    cd "$HOME/.local/bin" && npm i --force
    logg info 'Installed NPM packages in ~/.local/bin'
  fi
}

# @description Installs a terminal theme that matches across various terminals by utilizing the `~/.local/bin/install-terminal-theme` script
installTerminalTheme() {
  if command -v install-terminal-theme > /dev/null; then
    install-terminal-theme
  else
    logg warn 'install-terminal-theme is not available'
  fi
}

# @description
#     This script loads crontab jobs that are defined and housed in your Install Doctor fork.
loadCronjobs() {
  logg info 'Installing user crontab jobs'
  crontab < "${XDG_CONFIG_HOME:-$HOME/.config}/crontab/config-user" || EXIT_CODE=$?
  if [ -n "$EXIT_CODE" ]; then
    logg error 'Failed to load cronjobs for user'
  fi

  logg info 'Installing system crontab jobs'
  sudo crontab < "${XDG_CONFIG_HOME:-$HOME/.config}/crontab/config-system" || EXIT_CODE=$?
  if [ -n "$EXIT_CODE" ]; then
    logg error 'Failed to load cronjobs for system'
  fi
}

# @description
#     This script houses a wide range of macOS system tweaks that are intended to improve the developer experience on macOS,
#     as well as improve security. Some of the tweaks include modifying default settings for various applications.
macOSSettings() {
  if [ -d /System ] && [ -d /Applications ] && [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/shell/macos.sh" ]; then
    bash "${XDG_CONFIG_HOME:-$HOME/.config}/shell/macos.sh"
  fi
}

# @description Ensures all files in `~/.local/bin` are executable
makeLocalBinExecutable() {
  logg info 'Ensuring all files in ~/.local/bin are executable'
  find "$HOME/.local/bin" -mindepth 1 -maxdepth 2 -type f | while read EXE_FILE; do
    if [ "$(echo -n "$EXE_FILE" | tail -c 3)" != ".md" ]; then
      chmod +x "$EXE_FILE"
    fi
  done
}

# @description
#     Install Doctor was previously called Gas Station. It was also Ansible based. Some of the features that Install Doctor
#     provides are made available via Ansible roles that Gas Station provides. This script symlinks Gas Station's roles
#     so that they can be leveraged by Install Doctor.
#
#     Some of the roles that Gas Station provides are not available via Ansible Galaxy yet. This script symlinks Gas Station
#     roles to an Ansible Galaxy / Ansible friendly location.
#
#     #### Ansible Installation
#
#     If Ansible is not already installed, this script will also install Ansible and all the necessary requirements using `pipx`.
#     This script must run before the `install-packages` script because some of the Ansible roles might be leveraged by it.
#
#     #### TODO
#
#     * Move installation logic into the ZX installer so that Ansible and its dependencies are only installed when required
#     * Remove Ansible dependency completely
symlinkAnsibleRoles() {
  logg info 'Ensuring Gas Station roles are symlinked to ~/.local/share/ansible/roles'
  mkdir -p "${XDG_DATA_HOME:-$HOME/.local/share}/ansible/roles"
  find "${XDG_DATA_HOME:-$HOME/.local/share}/gas-station/roles" -mindepth 2 -maxdepth 2 -type d | while read ROLE_PATH; do
    ROLE_FOLDER="professormanhattan.$(echo "$ROLE_PATH" | sed 's/.*\/\([^\/]*\)$/\1/')"
    ALT_ROLE_FOLDER="$(echo "$ROLE_PATH" | sed 's/.*\/\([^\/]*\)$/\1/')"
    if [ ! -d "${XDG_DATA_HOME:-$HOME/.local/share}/ansible/roles/$ROLE_FOLDER" ] || [ "$(readlink -f "${XDG_DATA_HOME:-$HOME/.local/share}/ansible/roles/$ROLE_FOLDER")" != "$ROLE_PATH" ]; then
      logg info 'Symlinking '"$ROLE_FOLDER"''
      rm -f "${XDG_DATA_HOME:-$HOME/.local/share}/ansible/roles/$ROLE_FOLDER"
      ln -s "$ROLE_PATH" "${XDG_DATA_HOME:-$HOME/.local/share}/ansible/roles/$ROLE_FOLDER"
    fi
    if [ ! -d "${XDG_DATA_HOME:-$HOME/.local/share}/ansible/roles/$ALT_ROLE_FOLDER" ] || [ "$(readlink -f "${XDG_DATA_HOME:-$HOME/.local/share}/ansible/roles/$ALT_ROLE_FOLDER")" != "$ROLE_PATH" ]; then
      rm -f "${XDG_DATA_HOME:-$HOME/.local/share}/ansible/roles/$ALT_ROLE_FOLDER"
      ln -s "$ROLE_PATH" "${XDG_DATA_HOME:-$HOME/.local/share}/ansible/roles/$ALT_ROLE_FOLDER"
    fi
  done

  if [ -f "${XDG_DATA_HOME:-$HOME/.local/share}/gas-station/requirements.yml" ]; then
    ### Install Ansible Galaxy and dependencies if missing
    if ! command -v ansible-galaxy > /dev/null; then
      if ! command -v pipx > /dev/null; then
        logg info 'Installing pipx via Homebrew'
        brew install --quiet pipx
        logg info 'Running pipx ensurepath'
        pipx ensurepath
      fi
      logg info 'Installing ansible-core via pipx'
      pipx install ansible
      if [ -d /Applications ] && [ -d /System ]; then
        logg info 'Injecting macOS-specific pipx dependencies via pipx'
        pipx inject ansible PyObjC PyObjC-core
      fi
      logg info 'Injecting Ansible dependencies via pipx'
      pipx inject ansible docker lxml netaddr pexpect python-vagrant pywinrm requests-credssp watchdog
      mkdir -p "${XDG_CACHE_HOME:-$HOME/.cache}/megabyte-labs"
      touch "${XDG_CACHE_HOME:-$HOME/.cache}/megabyte-labs/ansible-installed"
    fi

    ### Ensure Ansible Galaxy was successfully loaded and then install the Ansible Galaxy requirements
    if command -v ansible-galaxy > /dev/null; then
      logg info 'Ensuring Ansible Galaxy collections are installed'
      export ANSIBLE_CONFIG="${XDG_DATA_HOME:-$HOME/.local/share}/ansible/ansible.cfg"
      ansible-galaxy install -r "${XDG_DATA_HOME:-$HOME/.local/share}/ansible/requirements.yml" > /dev/null || EXIT_CODE=$?
      if [ -n "$EXIT_CODE" ]; then
        logg error 'Failed to install Ansible requirements from Ansible Galaxy'
        if [ -d "${XDG_DATA_HOME:-$HOME/.local/share}/gas-station/collections" ]; then
          logg info 'Attempting to use locally stored Ansible requirements'
          cd "${XDG_DATA_HOME:-$HOME/.local/share}/gas-station/collections"
          ansible-galaxy install -r requirements.yml || SECOND_EXIT_CODE=$?
          if [ -n "$SECOND_EXIT_CODE" ]; then
            logg error 'Failed to install requirements from both the cloud and the local copy' && exit 1
          fi
        else
          logg warn "${XDG_DATA_HOME:-$HOME/.local/share}/gas-station/collections is missing"
        fi
      fi
    else
      logg warn 'Unable to install the Ansible Galaxy requirements.yml since the ansible-galaxy executable is missing from the PATH'
    fi
  else
    logg warn '~/.local/share/ansible/requirements.yml is missing'
  fi
}

# @description
#     This script checks if `python3` is available and if `python` is not available. If both are true, then the script
#     symlinks `python` to `python3` so that the `python` command uses `python3`.
#
#     This is useful if you do not want to install Python 2.7 and would like Python 3 to be used in all scenarios where Python is
#     invoked with the `python` command.
symlinkPython() {
  ### Symlink python3 to python if it is unavailable
  if ! command -v python > /dev/null && command -v python3 > /dev/null; then
    logg info 'Symlinking python3 to python since the latter is unavailable'
    sudo ln -s "$(which python3)" /usr/local/bin/python
  fi
}

# @description
#     This script creates an empty directory with each user's name in `/var/log/user`. It initializes the folder in hopes
#     that we can eventually store all user logs in a single directory alongside the system logs folder.
userLogFolders() {
  find '{{ .host.homeParentFolder }}' -mindepth 1 -maxdepth 1 -type d | while read HOME_DIR; do
    USER_FOLDER="$(echo "$HOME_DIR" | sed 's/.*\/\([^\/]*\)$/\1/')"
    if [ -d "$HOME_DIR/.local" ]; then
      if [ ! -d "/var/log/user/$USER_FOLDER" ]; then
        logg info 'Creating /var/log/user/'"$USER_FOLDER"'' && sudo mkdir -p "/var/log/user/$USER_FOLDER"
      fi
      logg info "Applying user permissions to /var/log/user/$USER_FOLDER" && sudo chown -Rf "$USER_FOLDER" "/var/log/user/$USER_FOLDER"
    fi
  done
}

if [ -n "$DEBUG" ] || [ -n "$DEBUG_MODE" ]; then
  logg info 'The DEBUG or DEBUG_MODE environment variable is set so the post-dotfile-application routine tasks will be run synchronously'
  addZshEnv
  applyFontsToSystem
  applyLinuxConfSettings
  applyLinuxThemeFiles
  applyRootConfig
  applyWallpaper
  configureNetworkManagerVPNProfiles
  configureSSHD
  dconfSettings
  decryptSSHKeys
  emscriptenInstall
  enableAutoUpdateDarwin
  ensureQtStyleOverride
  ensurePipUpdated
  ensureSystemGemUpdated
  ensureZshShell
  gnomeExtensionSettings
  grubSettings
  installDockerRclonePlugin
  installLocalBinPackageJson
  installTerminalTheme
  loadCronjobs
  macOSSettings
  symlinkAnsibleRoles
  symlinkPython
  userLogFolders
else
  addZshEnv &
  applyFontsToSystem &
  applyLinuxConfSettings &
  applyLinuxThemeFiles &
  applyRootConfig &
  applyWallpaper &
  configureNetworkManagerVPNProfiles &
  configureSSHD &
  dconfSettings &
  decryptSSHKeys &
  emscriptenInstall &
  enableAutoUpdateDarwin &
  ensureQtStyleOverride &
  ensurePipUpdated &
  ensureSystemGemUpdated &
  ensureZshShell &
  gnomeExtensionSettings &
  grubSettings &
  installDockerRclonePlugin &
  installLocalBinPackageJson &
  installTerminalTheme &
  loadCronjobs &
  macOSSettings &
  symlinkAnsibleRoles &
  symlinkPython &
  userLogFolders &
  wait
fi

logg info 'Completed post-dotfile-application routine'