/
run_after_01-pre-install.sh.tmpl
1060 lines (970 loc) · 50.6 KB
/
run_after_01-pre-install.sh.tmpl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
#!/usr/bin/env bash
# @file Pre-Install Routine
# @brief Runs various scripts that can be safely run early in the bootstrapping process
{{ includeTemplate "universal/profile" }}
{{ includeTemplate "universal/logg" }}
# @description Copies the `~/.config/shell/exports.sh` file to `/etc/zshenv` so that non-interactive ZSH sessions have all of the same
# environment PATH variables as interactive sessions. This was initially required to make Cakebrew work on macOS.
addZshEnv() {
### Ensure /etc/zshenv is populated
# No equivalent type of file for Bash
logg info "Copying ${XDG_CONFIG_HOME:-$HOME/.config}/shell/exports.sh to /etc/zshenv" && sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/shell/exports.sh" /etc/zshenv
}
# @description Ensures fonts are available at the system level and, on Linux, it configures the system font settings.
applyFontsToSystem() {
### Sync user fonts with system fonts
if [ -d /Applications ] && [ -d /System ]; then
### macOS
logg info 'Copying fonts from ~/Library/Fonts and ~/.local/share/fonts to /Library/Fonts to make them available globally'
FONT_DIR='/Library/Fonts'
### ~/Library/Fonts
if [ -d "$HOME/Library/Fonts" ]; then
logg info "Syncing $HOME/Library/Fonts to $FONT_DIR" && sudo rsync -av "$HOME/Library/Fonts" "$FONT_DIR"
fi
### ~/.local/share/fonts
if [ -d "${XDG_DATA_HOME:-$HOME/.local/share}/fonts" ]; then
logg info "Syncing ${XDG_DATA_HOME:-$HOME/.local/share}/fonts to $FONT_DIR" && sudo rsync -av "${XDG_DATA_HOME:-$HOME/.local/share}/fonts" "$FONT_DIR"
fi
else
### Linux
### Copy fonts
logg info 'Copying fonts from ~/.local/share/fonts to /usr/local/share/fonts to make them available globally'
FONT_DIR='/usr/local/share/fonts'
sudo rsync -av "${XDG_DATA_HOME:-$HOME/.local/share}/fonts" "$FONT_DIR"
### Configure system font properties
if [ -d /etc/fonts ]; then
logg info 'Copying ~/.config/fontconfig/fonts.conf to /etc/fonts/local.conf'
sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/fontconfig/fonts.conf" /etc/fonts/local.conf
else
logg warn 'The /etc/fonts directory is missing'
fi
fi
}
# @description Applies various `dconf`, `xconf`, etc. settings to Linux systems
applyLinuxConfSettings() {
if [ "{{ .host.distro.family }}" = "linux" ] && command -v apply-linux-conf-settings > /dev/null; then
apply-linux-conf-settings
fi
}
# @description
# This script applies various themes to Linux systems that use GNOME or KDE.
applyLinuxThemeFiles() {
if [ "{{ .host.distro.family }}" = "linux" ]; then
### Ensure /usr/local/bin/squash-symlink is present
if [ ! -f /usr/local/bin/squash-symlink ] && [ -f "$HOME/.local/bin/squash-symlink" ]; then
logg info 'Copying ~/.local/bin/squash-symlink to /usr/local/bin/squash-symlink'
sudo cp -f "$HOME/.local/bin/squash-symlink" /usr/local/bin/squash-symlink
sudo chmod +x /usr/local/bin/squash-symlink
fi
### Clean up system theme settings
for ITEM_TO_BE_REMOVED in "/usr/share/backgrounds/images" "/usr/share/backgrounds/f32" "/usr/share/backgrounds/qubes" "/usr/share/wallpapers"; do
if [ -d "$ITEM_TO_BE_REMOVED" ] || [ -f "$ITEM_TO_BE_REMOVED" ]; then
sudo rm -rf "$ITEM_TO_BE_REMOVED"
logg success "Removed $ITEM_TO_BE_REMOVED"
fi
done
### Ensure /usr/local/share exists
if [ ! -d /usr/local/share ]; then
sudo mkdir -p /usr/local/share
logg success 'Created /usr/local/share'
fi
### Copy theme files over to /usr/local/share
if [ -d "$HOME/.local/src/{{ .theme | lower }}/share" ]; then
logg info 'Copying ~/.local/src/{{ .theme | lower }}/share to /usr/local/share'
sudo rsync --chown=root:root --chmod=Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r -artvu --inplace "${XDG_DATA_HOME:-$HOME/.local/share}/betelgeuse/share/" "/usr/local/share/" > /dev/null
else
logg warn '~/.local/share/betelgeuse/share is missing'
fi
### Flatten GRUB theme files (i.e. convert symlinks to regular files)
if command -v squash-symlink > /dev/null; then
logg info 'Converting /usr/local/share/grub symlinks to equivalent regular files'
sudo find /usr/local/share/grub -type l -exec squash-symlink {} +
else
logg warn 'squash-symlink is not a script in the PATH'
fi
### Ensure /usr/share/backgrounds/default.png is deleted
if [ -f /usr/share/backgrounds/default.png ]; then
sudo rm -f /usr/share/backgrounds/default.png
fi
### Add the default image symlink based on the OS
if [ '{{ .host.distro.id }}' == 'archlinux' ]; then
sudo ln -s /usr/local/share/wallpapers/Betelgeuse-Archlinux/contents/source.png /usr/share/backgrounds/default.png
elif [ '{{ .host.distro.id }}' == 'centos' ]; then
sudo ln -s /usr/local/share/wallpapers/Betelgeuse-CentOS/contents/source.png /usr/share/backgrounds/default.png
elif [ '{{ .host.distro.id }}' == 'darwin' ]; then
sudo ln -s /usr/local/share/wallpapers/Betelgeuse-macOS/contents/source.png /usr/share/backgrounds/default.png
elif [ '{{ .host.distro.id }}' == 'debian' ]; then
sudo ln -s /usr/local/share/wallpapers/Betelgeuse-Debian/contents/source.png /usr/share/backgrounds/default.png
elif [ '{{ .host.distro.id }}' == 'fedora' ]; then
sudo ln -s /usr/local/share/wallpapers/Betelgeuse-Fedora/contents/source.png /usr/share/backgrounds/default.png
elif [ '{{ .host.distro.id }}' == 'ubuntu' ]; then
sudo ln -s /usr/local/share/wallpapers/Betelgeuse-Ubuntu/contents/source.png /usr/share/backgrounds/default.png
elif [ '{{ .host.distro.id }}' == 'windows' ]; then
sudo ln -s /usr/local/share/wallpapers/Betelgeuse-Windows/contents/source.png /usr/share/backgrounds/default.png
else
sudo ln -s /usr/local/share/wallpapers/Betelgeuse/contents/source.png /usr/share/backgrounds/default.png
fi
### Note: ubuntu-default-greyscale-wallpaper.png symlink to whiteish gray background
### Set appropriate platform-specific icon in plymouth theme
if [ -f '/usr/local/share/plymouth/themes/{{ .theme }}/icons/{{ .host.distro.id }}.png' ]; then
sudo cp -f '/usr/local/share/plymouth/themes/{{ .theme }}/icons/{{ .host.distro.id }}.png' '/usr/local/share/plymouth/themes/{{ .theme }}/icon.png'
logg success 'Added platform-specific icon to {{ .theme }} Plymouth theme'
else
logg warn 'The {{ .host.distro.id }}.png icon is not available in the icons folder insider the {{ .theme }} Plymouth theme'
fi
fi
}
# @description
# This script configures the root user's folder so that scripts running as the root user can:
#
# 1. Access binaries installed by the provisioning user (by setting the appropriate `~/.bashrc` and `~/.zshrc` symlinks)
# 2. Use the same shell profile rules that the provisioning user uses (by symlinking the `~/.config/shell`, `~/.bashrc`, and `~/.zshrc` locations)
applyRootConfig() {
### Detect root folder
if [ -d /var/root ]; then
ROOT_FOLDER="/var/root"
elif [ -d /root ]; then
ROOT_FOLDER="/root"
else
logg warn 'Unable to find root user folder location'
fi
if [ -n "$ROOT_FOLDER" ]; then
### Copy minimal set of profile configuration files
logg info "Copying ~/.bashrc to $ROOT_FOLDER/.bashrc" && sudo cp -f "$HOME/.bashrc" "$ROOT_FOLDER/.bashrc"
logg info "Copying ~/.zshrc to $ROOT_FOLDER/.zshrc" && sudo cp -f "$HOME/.zshrc" "$ROOT_FOLDER/.zshrc"
logg info "Ensuring ~/.config folder exists" && sudo mkdir -p "$ROOT_FOLDER/.config"
logg info "Copying ~/.config/shell to $ROOT_FOLDER/.config/shell" && sudo mkdir -p "$ROOT_FOLDER/.config" && sudo rm -rf "$ROOT_FOLDER/.config/shell" && sudo cp -rf "$HOME/.config/shell" "$ROOT_FOLDER/.config/shell"
### Copy Autorestic configurations
logg info "Copying ${XDG_CONFIG_HOME:-$HOME/.config}/autorestic/autorestic-system.yml file to $ROOT_FOLDER/.autorestic.yml" && sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/autorestic/autorestic-system.yml" "$ROOT_FOLDER/.autorestic.yml"
logg info "Applying proper permissions to $ROOT_FOLDER/.autorestic.yml" && sudo chmod 600 "$ROOT_FOLDER/.autorestic.yml"
fi
}
# @description
# This function ensures the macOS desktop wallpaper is set to the macOS Betelgeuse wallpaper. It uses the
# `m` CLI to apply the change.
#
# This function ensures the Qubes desktop wallpaper is set to the Qubes Betelgeuse wallpaper on KDE by
# using the `ksetwallpaper` script found in `~/.local/bin/ksetwallpaper`.
applyWallpaper() {
{{ if (eq .host.distro.id "qubes") -}}
logg info 'Setting wallpaper to /usr/local/share/wallpapers/Betelgeuse/contents/images/3440x1440.jpg'
ksetwallpaper --file /usr/local/share/wallpapers/Betelgeuse/contents/images/3440x1440.jpg
{{ else -}}
### Set macOS wallpaper
if command -v m > /dev/null && [ -f "${XDG_DATA_HOME:-$HOME/.local/share}/betelgeuse/share/wallpapers/Betelgeuse-macOS/contents/source.png" ]; then
logg info 'Setting macOS wallpaper with m'
m wallpaper "${XDG_DATA_HOME:-$HOME/.local/share}/betelgeuse/share/wallpapers/Betelgeuse-macOS/contents/source.png"
else
logg warn 'Either m or the macOS default wallpaper is missing.'
fi
{{ end -}}
}
### Helper function for configureNetworkManager
ensureNetworkConfigs() {
if [ ! -d /etc/network/if-up.d ]; then
logg info 'Creating /etc/network/if-up.d folder'
sudo mkdir -p /etc/network/if-up.d
fi
if [ ! -d /etc/network/if-post-down.d ]; then
logg info 'Creating /etc/network/if-post.d folder'
sudo mkdir -p /etc/network/if-post.d
fi
}
# @description
# This script installs OpenVPN and WireGuard VPN profiles. It does a few things to install the profiles and make sure
# they are usable by desktop users:
#
# 1. It ensures OpenVPN and `NetworkManager-*` plugins are installed (this allows you to see all the different VPN profile types available when you try to import a VPN profile on Linux devices)
# 2. Imports the OpenVPN profiles stored in `${XDG_CONFIG_HOME:-$HOME/.config}/vpn`
# 3. Applies the OpenVPN username and password to all the OpenVPN profiles (which can be passed in as `OVPN_USERNAME` and `OVPN_PASSWORD` if you use the environment variable method)
# 4. Bypasses the OpenVPN connection for all the networks defined in `.host.vpn.excludedSubnets` (in the `home/.chezmoi.yaml.tmpl` file)
# 5. Repeats the process for WireGuard by looping through all the `*.nmconnection` files stored in `${XDG_CONFIG_HOME:-$HOME/.config}/vpn` (username and password should already be stored in the encrypted files)
#
# #### Creating VPN Profiles
#
# More details on embedding your VPN profiles into your Install Doctor fork can be found by reading the [Secrets documentation](https://install.doctor/docs/customization/secrets#vpn-profiles).
#
# #### Links
#
# * [VPN profile folder](https://github.com/megabyte-labs/install.doctor/blob/master/home/dot_config/vpn)
# * [VPN profile documentation](https://install.doctor/docs/customization/secrets#vpn-profiles)
configureNetworkManagerVPNProfiles() {
if [ "{{ .host.distro.family }}" = "linux" ]; then
{{ $ovpnUsername := (env "OVPN_USERNAME") }}
{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "OVPN_USERNAME")) }}
{{ $ovpnUsername := (includeTemplate "secrets/OVPN_USERNAME" | decrypt | trim) }}
{{ end }}
{{ $ovpnPassword := (env "OVPN_PASSWORD") }}
{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "OVPN_PASSWORD")) }}
{{ $ovpnPassword := (includeTemplate "secrets/OVPN_PASSWORD" | decrypt | trim) }}
{{ end }}
RESTART_NM=false
### Ensure `NetworkManager` plugins are
# NOTE: By default, all the NetworkManager plugins are installed.
if command -v apt-get > /dev/null; then
sudo apt-get install -y network-manager*
elif command -v dnf > /dev/null; then
sudo dnf install -y openvpn NetworkManager*
elif command -v pacman > /dev/null; then
sudo pacman -Syu openvpn networkmanager*
else
logg warn 'Unknown package manager - install OpenVPN / WireGuard / NetworkManager plugins individually'
fi
### Ensures `nmcli` (the CLI for NetworkManager) is available in the `PATH`
if command -v nmcli > /dev/null; then
### Sets up OpenVPN profiles
if [ '{{ $ovpnUsername }}' != '' ] && [ '{{ $ovpnPassword }}' != '' ]; then
find "${XDG_CONFIG_HOME:-$HOME/.config}/vpn" -type f -name "*.ovpn" | while read OVPN_FILE; do
### Adds the OpenVPN profiles by importing the `*.ovpn` files in `${XDG_CONFIG_HOME:-$HOME/.config}/vpn` and then applying the OpenVPN username and password
logg info "Adding $OVPN_FILE to NetworkManager OpenVPN profiles"
OVPN_NAME="$(basename "$OVPN_FILE" | sed 's/.ovpn$//')"
nmcli connection import type openvpn file "$OVPN_FILE"
nmcli connection modify "$OVPN_NAME" +vpn.data 'username={{- $ovpnUsername }}'
nmcli connection modify "$OVPN_NAME" vpn.secrets 'password={{- $ovpnPassword }}'
nmcli connection modify "$OVPN_NAME" +vpn.data password-flags=0
### Register the excluded subnets in the routeadd / routedel files
for EXCLUDED_SUBNET in '{{ join "' '" .host.vpn.excludedSubnets }}'; do
ensureNetworkConfigs
nmcli connection modify "$OVPN_NAME" +ipv4.routes "$EXCLUDED_SUBNET" | sudo tee -a /etc/network/if-up.d/routeadd
nmcli connection modify "$OVPN_NAME" -ipv4.routes "$EXCLUDED_SUBNET" | sudo tee -a /etc/network/if-post-down.d/routedel
done
RESTART_NM=true
done
else
logg info 'Either the OpenVPN username or password is undefined.'
logg info 'See the docs/VARIABLES.md file for details.'
fi
{{ if (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) }}
### Setup WireGuard profiles
if [ -d /etc/NetworkManager/system-connections ]; then
find "${XDG_CONFIG_HOME:-$HOME/.config}/vpn" -type f -name "*.nmconnection" | while read WG_FILE; do
### Ensure the WireGuard NetworkManager plugin is available
if [ ! -d /usr/lib/NetworkManager/nm-wireguard-service ]; then
logg info 'The nm-wireguard-service is not present'
logg info 'Installing the nm-wireguard-service'
fi
### Add the WireGuard profiles
logg info "Adding $WG_FILE to /etc/NetworkManager/system-connections"
WG_FILENAME="$(basename "$WG_FILE")"
chezmoi decrypt "$WG_FILE" | sudo tee "/etc/NetworkManager/system-connections/$WG_FILENAME"
### Register the excluded subnets in the routeadd / routedel files
for EXCLUDED_SUBNET in '{{ join "' '" .host.vpn.excludedSubnets }}'; do
ensureNetworkConfigs
WG_PROFILE_NAME="$(echo "$WG_FILENAME" | sed 's/.nmconnection$//')"
nmcli connection modify "$WG_PROFILE_NAME" +ipv4.routes "$EXCLUDED_SUBNET" | sudo tee -a /etc/network/if-up.d/routeadd
nmcli connection modify "$WG_PROFILE_NAME" -ipv4.routes "$EXCLUDED_SUBNET" | sudo tee -a /etc/network/if-post-down.d/routedel
done
RESTART_NM=true
done
else
logg warn '/etc/NetworkManager/system-connections is not a directory!'
fi
{{ end -}}
### Restart NetworkManager if changes were made and environment is not WSL
if [ "$RESTART_NM" == 'true' ] && [[ ! "$(test -d proc && grep Microsoft /proc/version > /dev/null)" ]]; then
logg info 'Restarting NetworkManager since VPN profiles were updated'
sudo service NetworkManager restart
fi
else
logg warn 'nmcli is unavailable'
fi
fi
}
# @description
# This script applies the SSH server MOTD banner and `sshd_config` (which are housed in the `home/private_dot_ssh/system` location)
# to the system by copying the files to the system location and then restarting / enabling the system SSH server.
#
# #### Links
#
# * [System SSHD configurations](https://github.com/megabyte-labs/install.doctor/tree/master/home/private_dot_ssh/system)
configureSSHD() {
### Update /etc/ssh/sshd_config if environment is not WSL
if [[ ! "$(test -d /proc && grep Microsoft /proc/version > /dev/null)" ]]; then
if [ -d /etc/ssh ]; then
logg info 'Copying ~/.ssh/system/banner to /etc/ssh/banner' && sudo cp -f "$HOME/.ssh/system/banner" /etc/ssh/banner
logg info 'Copying ~/.ssh/system/sshd_config to /etc/ssh/sshd_config' && sudo cp -f "$HOME/.ssh/system/sshd_config" /etc/ssh/sshd_config
if command -v semanage > /dev/null; then
logg info 'Apply SELinux configuration addressing custom SSH port' && sudo semanage port -a -t ssh_port_t -p tcp {{ .host.ssh.port }}
logg info 'Allow NIS SSHD' && sudo setsebool -P nis_enabled 1
fi
### Ensure keys are created
logg info 'Running sudo ssh-keygen -A' && sudo ssh-keygen -A
### Restart SSH server
if [ -d /Applications ] && [ -d /System ]; then
### macOS
logg info 'Running sudo systemsetup -setremotelogin on' && sudo systemsetup -setremotelogin on > /dev/null
logg info 'Running sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist' && sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist 2> /dev/null
logg info 'Running sudo launchctl stop com.openssh.sshd' && sudo launchctl stop com.openssh.sshd
logg info 'Running sudo launchctl start com.openssh.sshd' && sudo launchctl start com.openssh.sshd && logg info 'Successfully ran launchctl start com.openssh.sshd'
else
### Linux
logg info 'Enabling the sshd service'
sudo systemctl enable sshd
logg info 'Restarting the sshd service'
sudo systemctl restart sshd && logg info 'Successfully ran sudo systemctl restart sshd'
fi
else
logg warn 'The /etc/ssh folder does not exist'
fi
else
logg info 'Skipping sshd_config application since environment is WSL'
fi
}
# @description
# This script allows you to apply `dconf` settings that you can store in your fork of Install Doctor. By default,
# it makes a handful of `dconf` settings optimizations.
dconfSettings() {
if command -v dconf > /dev/null; then
### Update background to be OS-specific
if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/dconf/settings/org.gnome.desktop.background" ]; then
logg info 'Checking for presence of /usr/local/share/wallpapers/Betelgeuse-{{ title .host.distro.id }}/contents/source.jpg'
if [ -f /usr/local/share/wallpapers/Betelgeuse-{{ title .host.distro.id }}/contents/source.jpg ]; then
logg info "Updating ${XDG_CONFIG_HOME:-$HOME/.config}/dconf/settings/org.gnome.desktop.background to point to OS-specific background"
TMP="$(mktemp)"
sed 's/Betelgeuse/Betelgeuse-{{ title .host.distro.id }}/g' < "${XDG_CONFIG_HOME:-$HOME/.config}/dconf/settings/org.gnome.desktop.background" > "$TMP"
mv "$TMP" "${XDG_CONFIG_HOME:-$HOME/.config}/dconf/settings/org.gnome.desktop.background"
else
logg info 'OS-specific background not found'
fi
fi
### Backup system settings
DCONF_TMP="$(mktemp)"
dconf dump / > "$DCONF_TMP"
logg info 'Backed up system dconf settings to '"$DCONF_TMP"
### Reset system settings / load saved configurations from ~/.config/dconf/settings
if [ -d "${XDG_CONFIG_HOME:-$HOME/.config}/dconf/settings" ]; then
find "${XDG_CONFIG_HOME:-$HOME/.config}/dconf/settings" -mindepth 1 -maxdepth 1 -type f | while read DCONF_CONFIG_FILE; do
if [ "$DEBUG_MODE" == 'true' ]; then
logg info 'Dconf configuration file:'
echo "$DCONF_CONFIG_FILE"
fi
DCONF_SETTINGS_ID="/$(basename "$DCONF_CONFIG_FILE" | sed 's/\./\//g')/"
if [ "$DEBUG_MODE" == 'true' ]; then
logg info 'Dconf settings ID:'
echo "$DCONF_SETTINGS_ID"
fi
### Reset dconf settings if environment variable RESET_DCONF is set to true
if [ "$RESET_DCONF" == 'true' ]; then
logg info 'Resetting dconf settings for '"$DCONF_SETTINGS_ID"''
dconf reset -f "$DCONF_SETTINGS_ID"
fi
logg info 'Loading versioned dconf settings for '"$DCONF_SETTINGS_ID"''
dconf load "$DCONF_SETTINGS_ID" < "$DCONF_CONFIG_FILE"
logg success 'Finished applying dconf settings for '"$DCONF_SETTINGS_ID"''
done
else
logg warn '~/.config/dconf/settings does not exist!'
fi
fi
}
# @description
# This script decrypts the SSH key files that are housed in the `home/.chezmoitemplates/ssh` section of the repository.
# It loops through all the files in `home/.chezmoitemplates/ssh` and stores them to the `~/.ssh` folder
# when they are successfully decrypted.
#
# This script generates a pair of default `id_rsa` and `id_rsa.pub` keys if one is not already present
# on the system after the Install Doctor provisioning process completes. It also ensures the private
# key is only readable and writable the provisioning user.
decryptSSHKeys() {
### Unpack existing encrypted keys
logg info 'Decrypting SSH keys stored in the home/.chezmoitemplates/ssh folder of the Install Doctor repo / fork.'
find "{{ .chezmoi.sourceDir }}/.chezmoitemplates/ssh" -type f | while read SSH_FILE; do
### Decrypt SSH file with Chezmoi
logg info "Decrypting the $(basename "$SSH_FILE") encrypted SSH file"
chezmoi decrypt "$SSH_FILE" > "$HOME/.ssh/$(basename "$SSH_FILE")" || EXIT_CODE=$?
### Handle failed decryption with warning log message
if [ -n "$EXIT_CODE" ]; then
logg warn "Unable to decrypt the file stored in $SSH_FILE"
fi
### Apply appropriate permission to decrypted ~/.ssh file
if [ -f "$HOME/.ssh/$(basename "$SSH_FILE")" ]; then
logg info "Applying appropriate permissions on $HOME/.ssh/$(basename "$SSH_FILE")"
chmod 600 "$HOME/.ssh/$(basename "$SSH_FILE")"
fi
done
### Ensure id_rsa is present and create one if it does not exist
if [ ! -f "$HOME/.ssh/id_rsa" ]; then
logg 'Generating missing default private key / public key (~/.ssh/id_rsa)'
ssh-keygen -b 4096 -t rsa -f "$HOME/.ssh/id_rsa" -q -N ""
chmod 600 "$HOME/.ssh/id_rsa"
fi
}
# @description
# This script installs and activates the latest version of Emscripten. This script
# implements the [instructions outlined on Emscripten's website](https://emscripten.org/docs/getting_started/downloads.html#installation-instructions-using-the-emsdk-recommended).
#
# This script will only run when `${XDG_DATA_HOME:-$HOME/.local/share}/emsdk` is present on the system. This folder
# is populated via the definition in `home/.chezmoiexternal.toml.tmpl`.
emscriptenInstall() {
if [ -d "${XDG_DATA_HOME:-$HOME/.local/share}/emsdk" ]; then
logg info 'Pulling latest changes for Emscripten source code' && cd "${XDG_DATA_HOME:-$HOME/.local/share}/emsdk" && git pull
logg info "Running emsdk install latest" && emsdk install latest > /dev/null
logg info "Running emsdk activate latest" && emsdk activate latest > /dev/null
logg info 'Profile source inclusions are already implemented in Bash / ZSH profile'
fi
}
# @description
# Adds auto-update feature to macOS that automatically downloads and installs updates. Also enables
# an auto-update feature for Homebrew on macOS.
enableAutoUpdateDarwin() {
if [ -d /Applications ] && [ -d /System ]; then
### Enable automated system updates on macOS
if [ -f "$HOME/Library/LaunchDaemons/com.apple.automatedupdates.plist" ] && [ ! -f "/Library/LaunchDaemons/com.apple.automatedupdates.plist" ]; then
logg info 'Configuring macOS to automatically apply system updates'
sudo mkdir -p /Library/LaunchDaemons
sudo cp -f "$HOME/Library/LaunchDaemons/com.apple.automatedupdates.plist" "/Library/LaunchDaemons/com.apple.automatedupdates.plist"
logg info 'Loading /Library/LaunchDaemons/com.apple.automatedupdates.plist'
sudo launchctl load "/Library/LaunchDaemons/com.apple.automatedupdates.plist" && logg success 'launchctl load successful'
fi
### Enable Homebrew auto-update service
if brew autoupdate status | grep 'Autoupdate is not configured.' > /dev/null; then
logg info 'Enabling Homebrew auto-update service (every 24 hours)'
brew autoupdate start --cleanup --greedy --upgrade
fi
fi
}
ensurePipUpdated() {
### python3.10 pip update
if command -v python3.10 > /dev/null; then
logg info 'Ensuring python3.10 pip is updated' && python3.10 -m pip install --upgrade pip > /dev/null &
logg info 'Ensuring python3.10 setuptools is updated' && python3.10 -m pip install --upgrade setuptools > /dev/null &
fi
### python3.11 pip update
if command -v python3.11 > /dev/null; then
logg info 'Ensuring python3.11 pip is updated' && python3.11 -m pip install --upgrade pip > /dev/null &
logg info 'Ensuring python3.11 setuptools is updated' && python3.11 -m pip install --upgrade setuptools > /dev/null &
fi
### python3.12 pip update
# if command -v python3.12 > /dev/null; then
# logg info 'Ensuring python3.12 pip is updated' && python3.12 -m pip install --upgrade pip > /dev/null &
# fi
wait
}
# @description
# This script modifies the `/etc/environment` file on Linux devices to include:
#
# * `export QT_STYLE_OVERRIDE=kvantum-dark` which is required for the Linux GNOME / KDE themeing that relies on Kvantum.
ensureQtStyleOverride() {
if [ ! -d /Applications ] || [ ! -d /System ]; then
### Linux
### Ensure QT_STYLE_OVERRIDE is set in /etc/environment
logg info 'Ensuring QT_STYLE_OVERRIDE is set in /etc/environment'
if cat /etc/environment | grep QT_STYLE_OVERRIDE > /dev/null; then
sudo sed -i 's/.*QT_STYLE_OVERRIDE.*/export QT_STYLE_OVERRIDE=kvantum-dark/' /etc/environment
logg info 'Updated QT_STYLE_OVERRIDE in /etc/environment'
else
echo 'export QT_STYLE_OVERRIDE=kvantum-dark' | sudo tee -a /etc/environment
logg info 'Added QT_STYLE_OVERRIDE to /etc/environment'
fi
fi
}
# @description Run `gem update --system` if `gem` is available
ensureSystemGemUpdated() {
### Ensure gem is updated
if command -v gem > /dev/null; then
logg info 'Ensuring system gem is updated' && gem update --system > /dev/null
else
logg info 'Could not find gem in PATH so skipping gem system update'
fi
}
# @description
# This script ensures ZSH is used as the default shell by ensuring it is added to `/etc/shells`. The script
# also ensures ZSH is available at `/usr/local/bin/zsh` on ARM64 systems by symlinking the Homebrew ZSH shell
# to `/usr/local/bin/zsh` if it is missing.
ensureZshShell() {
logg 'Ensuring ZSH is set as the default shell'
if ! grep -qc "/usr/local/bin/zsh" /etc/shells; then
echo "/usr/local/bin/zsh" | sudo tee -a /etc/shells > /dev/null
fi
if [ ! -f /usr/local/bin/zsh ] && [ -f "${HOMEBREW_PREFIX:-/opt/homebrew}/bin/zsh" ]; then
sudo ln -sf "${HOMEBREW_PREFIX:-/opt/homebrew}/bin/zsh" /usr/local/bin/zsh
fi
}
# @description
# This script ensures your GNOME extensions come pre-configured to your liking. It provides the ability
# to automatically install a configurable list of GNOME extensions as well as apply your preferred settings.
gnomeExtensionSettings() {
if command -v gnome-shell > /dev/null; then
### Ensure /tmp/install-gnome-extensions.txt is not present on the system
if [ -f /tmp/install-gnome-extensions.txt ]; then
rm -f /tmp/install-gnome-extensions.txt
fi
### Register temporary file for gnome.yml JSON
if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/desktop/gnome.yml" ]; then
TMP_YQ="$(mktemp)"
cat "${XDG_CONFIG_HOME:-$HOME/.config}/desktop/gnome.yml" | yq e -o=j '.' > "$TMP_YQ"
fi
### Populate /tmp/install-gnome-extensions.txt with GNOME extensions that need to be installed
if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/desktop/gnome.yml" ]; then
cat "$TMP_YQ" | jq -c '.default_gnome_extensions[] | tojson' | while read EXT; do
TMP="$(mktemp)"
echo "$EXT" | sed 's/^.\(.*\).$/\1/' > "$TMP"
EXT_URL="$(cat "$TMP" | jq -r '.url')"
EXT_ID="$(cat "$TMP" | jq -r '.regex')"
echo "$EXT_URL" >> /tmp/install-gnome-extensions.txt
if [ ! -d "${XDG_DATA_HOME:-$HOME/.local/share}/gnome-shell/extensions" ]; then
mkdir -p "${XDG_DATA_HOME:-$HOME/.local/share}/gnome-shell/extensions"
fi
find "${XDG_DATA_HOME:-$HOME/.local/share}/gnome-shell/extensions" -mindepth 1 -maxdepth 1 -type d | while read EXT_FOLDER; do
if [[ "$EXT_FOLDER" == *"$EXT_ID"* ]] && [ -f /tmp/install-gnome-extensions.txt ]; then
TMP_EXT="$(mktemp)"
head -n -1 /tmp/install-gnome-extensions.txt > "$TMP_EXT"
mv -f "$TMP_EXT" /tmp/install-gnome-extensions.txt > /dev/null
fi
done
done
else
logg warn 'The ~/.config/desktop/gnome.yml file is missing so GNOME extension install orders cannot be calculated'
fi
### Remove /tmp/install-gnome-extensions.txt if it is empty
if [ "$(cat /tmp/install-gnome-extensions.txt)" == "" ]; then
rm -f /tmp/install-gnome-extensions.txt > /dev/null
fi
### Install the GNOME extensions using the `install-gnome-extensions` script
if command -v install-gnome-extensions > /dev/null; then
if [ -f /tmp/install-gnome-extensions.txt ]; then
logg info 'Running the install-gnome-extensions script'
cd /tmp
install-gnome-extensions --enable --overwrite --file /tmp/install-gnome-extensions.txt
rm -f /tmp/install-gnome-extensions.txt
logg success 'Finished installing the GNOME extensions'
else
logg info 'No new GNOME extensions to install'
fi
else
logg warn 'Cannot install GNOME extensions because the install-gnome-extensions script is missing from ~/.local/bin'
fi
### Apply plugin gsettings
if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/desktop/gnome.yml" ]; then
cat "$TMP_YQ" | jq -c '.default_gnome_extensions[] | tojson' | while read EXT; do
if [ "$DEBUG_MODE" == 'true' ]; then
logg info 'Extension data:'
echo "$EXT"
fi
TMP="$(mktemp)"
echo "$EXT" | sed 's/^.\(.*\).$/\1/' > "$TMP"
EXT_URL="$(cat "$TMP" | jq -r '.url')"
EXT_ID="$(cat "$TMP" | jq -r '.regex')"
if [ "$DEBUG_MODE" == 'true' ]; then
logg info 'Extension ID:'
echo "$EXT_ID"
fi
EXT_SETTINGS_TYPE="$(cat "$TMP" | jq -r '.settings | type')"
EXT_SETTINGS="$(cat "$TMP" | jq -r '.settings')"
if [ "$EXT_SETTINGS" != 'null' ]; then
logg info 'Evaluating extension settings for '"$EXT_ID"''
if [ "$EXT_SETTINGS_TYPE" == 'array' ]; then
cat "$TMP" | jq -r '.settings[]' | while read EXT_SETTING; do
logg info 'Applying following extension setting:'
echo "$EXT_SETTING"
eval "$EXT_SETTING"
done
else
logg info 'Applying following extension setting:'
echo "$EXT_SETTINGS"
eval "$EXT_SETTINGS"
fi
logg success 'Applied gsettings configuration for the '"$EXT_ID"' GNOME extension'
fi
done
fi
fi
}
# @description
# This script configures GRUB2 with a custom theme on Linux systems.
grubSettings() {
if [ "{{ .host.distro.family }}" = "linux" ]; then
### Fix Qubes issue
if command -v qubesctl > /dev/null && [ -f /boot/grub2/grubenv ] && [ -d /boot/efi/EFI/qubes ]; then
sudo cp -f /boot/grub2/grubenv /boot/efi/EFI/qubes/grubenv
logg success 'Copied /boot/grub2/grubenv to /boot/efi/EFI/qubes/grubenv'
fi
### Ensure /boot/grub2/themes is directory
if [ ! -d /boot/grub2/themes ]; then
sudo mkdir -p /boot/grub2/themes
logg success 'Created /boot/grub2/themes'
fi
### Copy GRUB theme to /boot/grub2/themes
if [ -d /usr/local/share/grub/themes ]; then
sudo cp -rf /usr/local/share/grub/themes /boot/grub2/
logg success 'Copied GRUB themes in /usr/local/share/grub/themes to /boot/grub2/themes'
else
logg warn '/usr/local/share/grub/themes is missing'
fi
### Set default GRUB screen resolution variables
SCREEN_RATIO_ULTRAWIDE="2100"
GRUB_RESOLUTION_TYPE="1080p"
### Determine screen size ratio (used for picking GRUB2 theme resolution)
if command -v xrandr > /dev/null && command -v uniq > /dev/null; then
SCREEN_WIDTH="$(xrandr --current | grep '*' | uniq | awk '{print $1}' | cut -d 'x' -f1)"
SCREEN_HEIGHT="$(xrandr --current | grep '*' | uniq | awk '{print $1}' | cut -d 'x' -f2)"
SCREEN_RATIO="$(awk -v height="$SCREEN_HEIGHT" -v width="$SCREEN_WIDTH" 'BEGIN { print ((height / width) * 1000) }')"
SCREEN_RATIO="${SCREEN_RATIO%.*}"
logg success "Screen detected as $SCREEN_WIDTH x $SCREEN_HEIGHT (ratio of $SCREEN_RATIO)"
if (( $(echo "$SCREEN_RATIO $SCREEN_RATIO_ULTRAWIDE" | awk '{print ($1 > $2)}') )); then
GRUB_RESOLUTION_TYPE="ultrawide"
logg info 'GRUB resolution registered as ultrawide'
fi
else
logg warn 'Missing either xrandr or uniq (required for calculating screen size ratio)'
fi
### Optimize the GRUB resolution
if [ -f /etc/default/grub ]; then
### GRUB_GFXMODE
logg info 'Setting GRUB_GFXMODE=auto in /etc/default/grub'
if cat /etc/default/grub | grep GRUB_GFX_MODE > /dev/null; then
sudo sed -i 's/.*GRUB_GFXMODE.*/GRUB_GFXMODE=auto/' /etc/default/grub
else
echo "GRUB_GFXMODE=auto" | sudo tee -a /etc/default/grub > /dev/null
fi
### GRUB_GFXPAYLOAD_LINUX
logg info 'Setting GRUB_GFXPAYLOAD_LINUX=keep in /etc/default/grub'
if cat /etc/default/grub | grep GRUB_GFXPAYLOAD_LINUX > /dev/null; then
sudo sed -i 's/.*GRUB_GFXPAYLOAD_LINUX.*/GRUB_GFXPAYLOAD_LINUX="keep"/' /etc/default/grub
else
echo 'GRUB_GFXPAYLOAD_LINUX="keep"' | sudo tee -a /etc/default/grub > /dev/null
fi
### GRUB_THEME
logg info 'Setting GRUB_THEME={{ .theme }} in /etc/default/grub'
if cat /etc/default/grub | grep GRUB_THEME > /dev/null; then
sudo sed -i 's/.*GRUB_THEME.*/GRUB_THEME="{{ .theme }}-'"$GRUB_RESOLUTION_TYPE"'"/' /etc/default/grub
else
echo 'GRUB_THEME="{{ .theme }}-'"$GRUB_RESOLUTION_TYPE"'"' | sudo tee -a /etc/default/grub > /dev/null
fi
### GRUB_BACKGROUND
# Removed since the background should be flat black which is configurable
# Leaving this code here in case we need to add a flat black image background for some reason
# logg info 'Setting GRUB_BACKGROUND=/usr/local/share/grub/{{ .theme }}-blue.png in /etc/default/grub'
# if cat /etc/default/grub | grep GRUB_BACKGROUND > /dev/null; then
# sudo sed -i 's/.*GRUB_BACKGROUND.*/GRUB_BACKGROUND="\/usr\/local\/share\/grub\/{{ .theme }}-blue.png"/' /etc/default/grub
# else
# echo 'GRUB_BACKGROUND="/usr/local/share/grub/{{ .theme }}-blue.png"' | sudo tee -a /etc/default/grub > /dev/null
# fi
### GRUB_TIMEOUT
logg info 'Setting GRUB_TIMEOUT={{ .grub.timeout }} in /etc/default/grub'
if cat /etc/default/grub | grep GRUB_TIMEOUT > /dev/null; then
sudo sed -i 's/.*GRUB_TIMEOUT.*/GRUB_TIMEOUT="{{ .grub.timeout }}"/' /etc/default/grub
else
echo 'GRUB_TIMEOUT="{{ .grub.timeout }}"' | sudo tee -a /etc/default/grub > /dev/null
fi
### GRUB_FORCE_HIDDEN_MENU
logg info 'Setting GRUB_FORCE_HIDDEN_MENU={{ .grub.shiftToSee }} in /etc/default/grub'
sudo sed -i '/GRUB_FORCE_HIDDEN_MENU/d' /etc/default/grub
echo "GRUB_FORCE_HIDDEN_MENU={{ .grub.shiftToSee }}" | sudo tee -a /etc/default/grub > /dev/null
### Remove duplicate lines in /etc/default/grub
logg info 'Ensuring there are no duplicate entries in /etc/default/grub'
cat /etc/default/grub | uniq | sudo tee /etc/default/grub > /dev/null
else
logg warn '/etc/default/grub is missing'
fi
### Determine platform-specific icon to use
if command -v qubesctl > /dev/null; then
GRUB_ICON='qubes'
elif [ -f "/usr/local/share/grub/themes/{{ .theme }}-$GRUB_RESOLUTION_TYPE/icons/{{ .host.distro.id }}.png" ]; then
GRUB_ICON='{{ .host.distro.id }}'
elif [ -f "/usr/local/share/grub/themes/{{ .theme }}-$GRUB_RESOLUTION_TYPE/icons/{{ .host.distro.family }}.png" ]; then
GRUB_ICON='{{ .host.distro.family }}'
else
GRUB_ICON='linux'
fi
### Copy icon to GRUB2 theme folder
# Check looks in /usr/local/share/grub because on some systems the /boot folder is behind permissions for non-root users
if [ -f "/usr/local/share/grub/themes/{{ .theme }}-$GRUB_RESOLUTION_TYPE/icons/$GRUB_ICON.png" ]; then
sudo cp -f /boot/grub2/themes/{{ .theme }}-$GRUB_RESOLUTION_TYPE/icons/$GRUB_ICON.png /boot/grub2/themes/{{ .theme }}-$GRUB_RESOLUTION_TYPE/icon.png
logg success 'Copied platform-specific icon to GRUB2 theme folder'
else
logg warn "/boot/grub2/themes/{{ .theme }}-$GRUB_RESOLUTION_TYPE/icons/$GRUB_ICON.png is missing"
fi
### Hide unnecessary Boot messages and Bliking cursor
GRUB_DEFAULT_CMDLINE=$(grep 'GRUB_CMDLINE_LINUX_DEFAULT' /etc/default/grub)
if [[ -n $GRUB_DEFAULT_CMDLINE ]]; then
KERNEL_PARAMS_QUIET=$(echo "$GRUB_DEFAULT_CMDLINE" | grep 'quiet')
logg info 'Updating GRUB_CMDLINE_LINUX_DEFAULT to hide log messages'
if [[ -z $KERNEL_PARAMS_QUIET ]]; then
sudo sed -i 's/^GRUB_CMDLINE_LINUX_DEFAULT="/GRUB_CMDLINE_LINUX_DEFAULT="quiet loglevel=3 systemd.show_status=auto rd.udev.log_level=3 vt.global_cursor_default=0 /' /etc/default/grub
else
NEW_KERNEL_PARAMS=$(echo $KERNEL_PARAMS_QUIET | sed -e "s/quiet/quiet loglevel=3 systemd.show_status=auto rd.udev.log_level=3 vt.global_cursor_default=0/")
sudo sed -i "s/^GRUB_CMDLINE_LINUX_DEFAULT.*/${NEW_KERNEL_PARAMS}/" /etc/default/grub
fi
else
logg info 'GRUB_CMDLINE_LINUX_DEFAULT was not present, adding one with parameters to hide log messages'
echo 'GRUB_CMDLINE_LINUX_DEFAULT="quiet loglevel=3 systemd.show_status=auto rd.udev.log_level=3 vt.global_cursor_default=0"' | sudo tee -a /etc/default/grub > /dev/null
fi
### Ensure grub2-mkconfig is available
if ! command -v grub2-mkconfig > /dev/null; then
if command -v grub-mkconfig > /dev/null; then
sudo ln -s "$(which grub-mkconfig)" /usr/bin/grub2-mkconfig
elif sudo which grub-mkconfig > /dev/null; then
sudo ln -s "$(sudo which grub-mkconfig)" /usr/bin/grub2-mkconfig
else
logg warn 'Neither grub2-mkconfig or grub-mkconfig are available'
fi
fi
### Apply GRUB2 theme
# Set export DEBUG_MODE=true to bypass GRUB2 / Plymouth application
if [ "$DEBUG_MODE" != 'true' ]; then
if command -v grub2-mkconfig > /dev/null; then
if [ -d /sys/firmware/efi ]; then
logg info 'Assuming system is UEFI-enabled since /sys/firmware/efi is present'
if [ -f /boot/efi/EFI/qubes/grub.cfg ]; then
logg info 'Running sudo grub2-mkconfig -o /boot/efi/EFI/qubes/grub.cfg'
sudo grub2-mkconfig -o /boot/efi/EFI/qubes/grub.cfg
logg success 'Applied GRUB2 theme'
elif [ -f /boot/efi/EFI/grub.cfg ]; then
logg info 'Running sudo grub2-mkconfig -o /boot/efi/EFI/grub.cfg'
sudo grub2-mkconfig -o /boot/efi/EFI/grub.cfg
logg success 'Applied GRUB2 theme'
else
logg warn 'Unknown GRUB2 configuration - not applying GRUB2 theme'
fi
else
logg info 'Assuming system is non-UEFI since /sys/firmware/efi is not present'
logg info 'Running sudo grub2-mkconfig -o /boot/grub2/grub.cfg'
sudo grub2-mkconfig -o /boot/grub2/grub.cfg
logg success 'Applied GRUB2 theme'
fi
elif [ -f /usr/sbin/update-grub ]; then
logg info 'Running sudo update-grub'
sudo update-grub
else
logg warn 'Unable to find appropriate GRUB mkconfig command'
fi
else
logg info 'Skipping GRUB2 theme application because DEBUG_MODE is set to true'
fi
fi
}
# @description
# This script sets the [Docker Rclone plugin](https://rclone.org/docker/) which allows you to mount Rclone mounts as Docker volumes
#
# #### Docker Rclone
#
# The Docker Rclone installation ensures necessary system directories are initialized / created. It also copies the [Docker Rclone configuration](https://github.com/megabyte-labs/install.doctor/blob/master/home/dot_config/rclone/private_docker-rclone.conf.tmpl)
# to the proper system location.
installDockerRclonePlugin() {
### Docker Rclone plugin
# Source: https://rclone.org/docker/
# First, ensure Docker Rclone configuration exists (which only happens when the Chezmoi Age decryption key is present as well as keys for Rclone)
if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/rclone/docker-rclone.conf" ]; then
### Ensure Docker Rclone plugin system folders exist
logg info 'Ensure Docker Rclone plugin system folders exist'
logg info 'Ensuring directory /var/lib/docker-plugins/rclone/config is created' && sudo mkdir -p /var/lib/docker-plugins/rclone/config
logg info 'Ensuring directory /var/lib/docker-plugins/rclone/cache is created' && sudo mkdir -p /var/lib/docker-plugins/rclone/cache
### Copy Rclone configuration
logg info "Copy the Rclone configuration from ${XDG_CONFIG_HOME:-$HOME/.config}/rclone/docker-rclone.conf to /var/lib/docker-plugins/rclone/config/rclone.conf"
sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/rclone/docker-rclone.conf" /var/lib/docker-plugins/rclone/config/rclone.conf
### Install the Rclone Docker plugin (if not already installed)
if ! sudo su -c 'docker plugin ls' - "$USER" | grep 'rclone:latest' > /dev/null; then
sudo su -c 'docker plugin install rclone/docker-volume-rclone:amd64 args="-v" --alias rclone --grant-all-permissions' - "$USER"
fi
fi
}
installLocalBinPackageJson() {
if [ -f "$HOME/.local/bin/package.json" ]; then
logg info 'Installing NPM packages in ~/.local/bin/package.json'
cd "$HOME/.local/bin" && npm i --force
logg info 'Installed NPM packages in ~/.local/bin'
fi
}
# @description Installs a terminal theme that matches across various terminals by utilizing the `~/.local/bin/install-terminal-theme` script
installTerminalTheme() {
if command -v install-terminal-theme > /dev/null; then
install-terminal-theme
else
logg warn 'install-terminal-theme is not available'
fi
}
# @description
# This script loads crontab jobs that are defined and housed in your Install Doctor fork.
loadCronjobs() {
logg info 'Installing user crontab jobs'
crontab < "${XDG_CONFIG_HOME:-$HOME/.config}/crontab/config-user" || EXIT_CODE=$?
if [ -n "$EXIT_CODE" ]; then
logg error 'Failed to load cronjobs for user'
fi
logg info 'Installing system crontab jobs'
sudo crontab < "${XDG_CONFIG_HOME:-$HOME/.config}/crontab/config-system" || EXIT_CODE=$?
if [ -n "$EXIT_CODE" ]; then
logg error 'Failed to load cronjobs for system'
fi
}
# @description
# This script houses a wide range of macOS system tweaks that are intended to improve the developer experience on macOS,
# as well as improve security. Some of the tweaks include modifying default settings for various applications.
macOSSettings() {
if [ -d /System ] && [ -d /Applications ] && [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/shell/macos.sh" ]; then
bash "${XDG_CONFIG_HOME:-$HOME/.config}/shell/macos.sh"
fi
}
# @description Ensures all files in `~/.local/bin` are executable
makeLocalBinExecutable() {
logg info 'Ensuring all files in ~/.local/bin are executable'
find "$HOME/.local/bin" -mindepth 1 -maxdepth 2 -type f | while read EXE_FILE; do
if [ "$(echo -n "$EXE_FILE" | tail -c 3)" != ".md" ]; then
chmod +x "$EXE_FILE"
fi
done
}
# @description
# Install Doctor was previously called Gas Station. It was also Ansible based. Some of the features that Install Doctor
# provides are made available via Ansible roles that Gas Station provides. This script symlinks Gas Station's roles
# so that they can be leveraged by Install Doctor.
#
# Some of the roles that Gas Station provides are not available via Ansible Galaxy yet. This script symlinks Gas Station
# roles to an Ansible Galaxy / Ansible friendly location.
#
# #### Ansible Installation
#
# If Ansible is not already installed, this script will also install Ansible and all the necessary requirements using `pipx`.
# This script must run before the `install-packages` script because some of the Ansible roles might be leveraged by it.
#
# #### TODO
#
# * Move installation logic into the ZX installer so that Ansible and its dependencies are only installed when required
# * Remove Ansible dependency completely
symlinkAnsibleRoles() {
logg info 'Ensuring Gas Station roles are symlinked to ~/.local/share/ansible/roles'
mkdir -p "${XDG_DATA_HOME:-$HOME/.local/share}/ansible/roles"
find "${XDG_DATA_HOME:-$HOME/.local/share}/gas-station/roles" -mindepth 2 -maxdepth 2 -type d | while read ROLE_PATH; do
ROLE_FOLDER="professormanhattan.$(echo "$ROLE_PATH" | sed 's/.*\/\([^\/]*\)$/\1/')"
ALT_ROLE_FOLDER="$(echo "$ROLE_PATH" | sed 's/.*\/\([^\/]*\)$/\1/')"
if [ ! -d "${XDG_DATA_HOME:-$HOME/.local/share}/ansible/roles/$ROLE_FOLDER" ] || [ "$(readlink -f "${XDG_DATA_HOME:-$HOME/.local/share}/ansible/roles/$ROLE_FOLDER")" != "$ROLE_PATH" ]; then
logg info 'Symlinking '"$ROLE_FOLDER"''
rm -f "${XDG_DATA_HOME:-$HOME/.local/share}/ansible/roles/$ROLE_FOLDER"
ln -s "$ROLE_PATH" "${XDG_DATA_HOME:-$HOME/.local/share}/ansible/roles/$ROLE_FOLDER"
fi
if [ ! -d "${XDG_DATA_HOME:-$HOME/.local/share}/ansible/roles/$ALT_ROLE_FOLDER" ] || [ "$(readlink -f "${XDG_DATA_HOME:-$HOME/.local/share}/ansible/roles/$ALT_ROLE_FOLDER")" != "$ROLE_PATH" ]; then
rm -f "${XDG_DATA_HOME:-$HOME/.local/share}/ansible/roles/$ALT_ROLE_FOLDER"
ln -s "$ROLE_PATH" "${XDG_DATA_HOME:-$HOME/.local/share}/ansible/roles/$ALT_ROLE_FOLDER"
fi
done
if [ -f "${XDG_DATA_HOME:-$HOME/.local/share}/gas-station/requirements.yml" ]; then
### Install Ansible Galaxy and dependencies if missing
if ! command -v ansible-galaxy > /dev/null; then
if ! command -v pipx > /dev/null; then
logg info 'Installing pipx via Homebrew'
brew install --quiet pipx
logg info 'Running pipx ensurepath'
pipx ensurepath
fi
logg info 'Installing ansible-core via pipx'
pipx install ansible
if [ -d /Applications ] && [ -d /System ]; then
logg info 'Injecting macOS-specific pipx dependencies via pipx'
pipx inject ansible PyObjC PyObjC-core
fi
logg info 'Injecting Ansible dependencies via pipx'
pipx inject ansible docker lxml netaddr pexpect python-vagrant pywinrm requests-credssp watchdog
mkdir -p "${XDG_CACHE_HOME:-$HOME/.cache}/megabyte-labs"
touch "${XDG_CACHE_HOME:-$HOME/.cache}/megabyte-labs/ansible-installed"
fi
### Ensure Ansible Galaxy was successfully loaded and then install the Ansible Galaxy requirements
if command -v ansible-galaxy > /dev/null; then
logg info 'Ensuring Ansible Galaxy collections are installed'
export ANSIBLE_CONFIG="${XDG_DATA_HOME:-$HOME/.local/share}/ansible/ansible.cfg"
ansible-galaxy install -r "${XDG_DATA_HOME:-$HOME/.local/share}/ansible/requirements.yml" > /dev/null || EXIT_CODE=$?
if [ -n "$EXIT_CODE" ]; then
logg error 'Failed to install Ansible requirements from Ansible Galaxy'
if [ -d "${XDG_DATA_HOME:-$HOME/.local/share}/gas-station/collections" ]; then
logg info 'Attempting to use locally stored Ansible requirements'
cd "${XDG_DATA_HOME:-$HOME/.local/share}/gas-station/collections"
ansible-galaxy install -r requirements.yml || SECOND_EXIT_CODE=$?
if [ -n "$SECOND_EXIT_CODE" ]; then
logg error 'Failed to install requirements from both the cloud and the local copy' && exit 1
fi
else
logg warn "${XDG_DATA_HOME:-$HOME/.local/share}/gas-station/collections is missing"
fi
fi
else
logg warn 'Unable to install the Ansible Galaxy requirements.yml since the ansible-galaxy executable is missing from the PATH'
fi
else
logg warn '~/.local/share/ansible/requirements.yml is missing'
fi
}
# @description
# This script checks if `python3` is available and if `python` is not available. If both are true, then the script
# symlinks `python` to `python3` so that the `python` command uses `python3`.
#
# This is useful if you do not want to install Python 2.7 and would like Python 3 to be used in all scenarios where Python is
# invoked with the `python` command.
symlinkPython() {
### Symlink python3 to python if it is unavailable
if ! command -v python > /dev/null && command -v python3 > /dev/null; then
logg info 'Symlinking python3 to python since the latter is unavailable'
sudo ln -s "$(which python3)" /usr/local/bin/python
fi
}
# @description
# This script creates an empty directory with each user's name in `/var/log/user`. It initializes the folder in hopes
# that we can eventually store all user logs in a single directory alongside the system logs folder.
userLogFolders() {
find '{{ .host.homeParentFolder }}' -mindepth 1 -maxdepth 1 -type d | while read HOME_DIR; do
USER_FOLDER="$(echo "$HOME_DIR" | sed 's/.*\/\([^\/]*\)$/\1/')"
if [ -d "$HOME_DIR/.local" ]; then
if [ ! -d "/var/log/user/$USER_FOLDER" ]; then
logg info 'Creating /var/log/user/'"$USER_FOLDER"'' && sudo mkdir -p "/var/log/user/$USER_FOLDER"
fi
logg info "Applying user permissions to /var/log/user/$USER_FOLDER" && sudo chown -Rf "$USER_FOLDER" "/var/log/user/$USER_FOLDER"
fi
done
}