diff --git a/.chezmoi.yaml.tmpl b/.chezmoi.yaml.tmpl index 505889f..cf1e808 100644 --- a/.chezmoi.yaml.tmpl +++ b/.chezmoi.yaml.tmpl @@ -27,6 +27,8 @@ data: recipient: {{ $recipient | quote }} fullname: {{ $fullname | quote }} ghlogin: {{ $ghlogin | quote }} + caUrl: "https://ca.dnbtech.dev:9443" + caUrlFingerprint: "e0a248cd4ee597d453bfe580b66979ada31a5efbeebdb2ec6e9533074f671efd" gpg: recipient: {{ $recipient | quote }} diff --git a/.chezmoiignore b/.chezmoiignore index 87567fc..d59548a 100644 --- a/.chezmoiignore +++ b/.chezmoiignore @@ -5,3 +5,5 @@ README.md install.sh Pakfile* Rpmfile* +certs/ +yum.repos.d/ diff --git a/README.md b/README.md index 016be81..3da7ab2 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ chezmoi purge - [ ] Import gpg key stubs - [ ] Authorize syncthing - [ ] Sync Brave settings/extensions... -- [ ] Install CA from `certs/` +- [ ] Install CA - [ ] Install VSCode [Sync Settings](https://marketplace.visualstudio.com/items?itemName=zokugun.sync-settings) extension and `download`
diff --git a/Rpmfile b/Rpmfile new file mode 100644 index 0000000..7991005 --- /dev/null +++ b/Rpmfile @@ -0,0 +1,22 @@ +binutils +code +containerd.io +ddccontrol +ddccontrol-gtk +distrobox +docker-buildx-plugin +docker-ce +docker-ce-cli +docker-compose-plugin +etckeeper +ffmpeg-free +gh +pipx +podman-compose +python3-pip +snapper +syncthing +tealdeer +vim +wl-clipboard +zsh diff --git a/Rpmfile.pers.asc b/Rpmfile.pers.asc index 9439248..6b10d7b 100644 --- a/Rpmfile.pers.asc +++ b/Rpmfile.pers.asc @@ -1,10 +1,10 @@ -----BEGIN PGP MESSAGE----- -hF4Da2Cg5+3SSjESAQdAgtEjHS8LZqIgdBIpfBtRHO0QiQ4I/TE00Ea9rhe/ylQw -DGxjmC/zeTXMnwP6w5BIzrI2/n9h5uJG2R1PVA8cGPLx/nLB5U3vMxBS7Hu/CClr -0pgBYdoyilSagAakIDyjxItZ6a+sZ7foMW6dpptWI7MyUxtn2zcTXpKzxaoUSCcp -hb2rtwAEVIFmgGaveu0nYP+8ej3DLLs8evat8ka94BQLE+8lcgs3jjYKUvh8WFBE -zjUGLtg6FWuJkLrA2Of5/58rYTlby/TBQaBqD+vucPW6Pux6I4cIGhWoAIBfrDZG -wmzfPdsvbo/+tw== -=uIMK +hF4Da2Cg5+3SSjESAQdAZLo3o5imTXjMMe4kdeCafEPfR2Ev1Is07DfmWsFF4EUw +QGZvPEMbJenyUpmFjbvLUbgABQyXLEBYgZnqbr6YUmvU5HMYqHrsmB7qzPi0T0Ou +0pYBAq7wbj2mb8ReH18MkJlw0sb9hfgjUD/0yy9g0O3LIhWUgSqEKybVm1dxVRe0 +Ez+ncTqd54CslEWj6tByQqsvk1n/TM7t5Wq2ypcTiyol6Fi8XtdlFDXqykBPzs4Y +jfu6qZmcyMcQ1IODGiMejlLHeEpmV/N2DIun9ANtIhUaxOZxVJhS0TmBe1rBQp7E +oMAKnEpla0w= +=Rbi2 -----END PGP MESSAGE----- diff --git a/dot_local/share/fonts/.keep b/dot_local/share/fonts/.keep deleted file mode 100644 index e69de29..0000000 diff --git a/run_once_after_apps-configuration-linux.sh.tmpl b/run_once_after_apps-configuration-linux.sh.tmpl index 61c532a..140934a 100644 --- a/run_once_after_apps-configuration-linux.sh.tmpl +++ b/run_once_after_apps-configuration-linux.sh.tmpl @@ -11,7 +11,7 @@ fi # switching shell for current user current_shell=$(getent passwd $LOGNAME | cut -d: -f7) -if [[ "$current_shell" != "/bin/zsh" ]]; then +if [[ "$current_shell" != "/usr/bin/zsh" ]]; then chsh -s $(which zsh) fi @@ -31,4 +31,42 @@ if [ ! -d "/etc/.git" ] && [ ! -d "/etc/etckeeper" ] && command -v etckeeper &> sudo etckeeper commit "Initial commit" fi +# --------------------------------------------------------------------------------------------------------------------- +# Podman settings +# --------------------------------------------------------------------------------------------------------------------- +# Backwards compatibility with docker +# Starting rootless podman service +ENABLE_PODMAN_SOCKET=false +if command -v podman &> /dev/null; then + # check if podman service is running + if [[ "$ENABLE_PODMAN_SOCKET" == "true" ]]; then + if ! systemctl --user is-active --quiet podman.socket; then + echo "Starting podman.socket" + systemctl --user enable --now podman.socket + systemctl --user start podman + fi + fi +fi + +# --------------------------------------------------------------------------------------------------------------------- +# chezmoi completion +# --------------------------------------------------------------------------------------------------------------------- +if command -v chezmoi &> /dev/null; then + mkdir -p "${HOME}/.oh-my-zsh/completions" + chezmoi completion zsh > "${HOME}/.oh-my-zsh/completions/_chezmoi" +fi + +# --------------------------------------------------------------------------------------------------------------------- +# Docker settings +# --------------------------------------------------------------------------------------------------------------------- +# check if docker is installed +if command -v docker &> /dev/null; then + # check if user is in docker group + if ! groups | grep -q "\bdocker\b"; then + echo "Adding user to docker group" + # https://docs.fedoraproject.org/en-US/fedora-silverblue/troubleshooting/#_unable_to_add_user_to_group + sudo sh -c "grep -E '^docker:' /usr/lib/group | tee -a /etc/group > /dev/null && usermod -aG docker $USER" + fi +fi + {{ end -}} diff --git a/run_once_before_install-packages-linux.sh.tmpl b/run_once_before_install-packages-linux.sh.tmpl index 09db3e7..3c32219 100644 --- a/run_once_before_install-packages-linux.sh.tmpl +++ b/run_once_before_install-packages-linux.sh.tmpl @@ -10,6 +10,25 @@ RPMS=( # "https://github.com/rpmsphere/noarch/raw/master/r/rpmsphere-release-38-1.noarch.rpm" ) +NERD_FONT_VERSION=3.2.1 + +NERD_FONT_FAMILIES=( + "FiraCode" + "FiraMono" + "Hack" + "Hasklig" + "JetBrainsMono" + "Monoid" + "RobotoMono" + "SpaceMono" +) +NERD_FONT_URL="https://github.com/ryanoasis/nerd-fonts/releases/download/" + +USER_FONT_DIR="$HOME/.local/share/fonts" + +TMP_DIR=$(mktemp -d) +trap 'rm -rf $TMP_DIR' EXIT + install_flatpaks() { echo "Installing flatpaks" flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo @@ -43,33 +62,19 @@ remove_flatpaks() { install_ostree() { echo "Installing ostree packages" + local rpmfile=( + {{ joinPath .chezmoi.sourceDir "Rpmfile.pers.asc" | include | decrypt -}} + {{- joinPath .chezmoi.sourceDir "Rpmfile" | include -}} + ) # setting up non-rh repos + for repo in $(ls {{ .chezmoi.sourceDir }}/yum.repos.d); do + sudo cp "{{ .chezmoi.sourceDir }}/yum.repos.d/$repo" /etc/yum.repos.d/ + done + # https://code.visualstudio.com/docs/setup/linux#_rhel-fedora-and-centos-based-distributions if [ ! -f /etc/pki/rpm-gpg/microsoft.asc ]; then curl -o /etc/pki/rpm-gpg/microsoft.asc https://packages.microsoft.com/keys/microsoft.asc fi - if [ ! -f /etc/yum.repos.d/vscode.repo ]; then - echo -e "[code]\nname=Visual Studio Code\nbaseurl=https://packages.microsoft.com/yumrepos/vscode\nenabled=1\ngpgcheck=1\ngpgkey=https://packages.microsoft.com/keys/microsoft.asc" | sudo tee /etc/yum.repos.d/vscode.repo > /dev/null - fi - - rpm-ostree install --idempotent -y \ - {{- joinPath .chezmoi.sourceDir "Rpmfile.pers.asc" | include | decrypt -}} - binutils \ - code \ - ddccontrol ddccontrol-gtk \ - etckeeper \ - ffmpeg-free \ - gh \ - pipx \ - podman-compose \ - podman-docker \ - python3-pip \ - snapper \ - syncthing \ - tealdeer \ - vim \ - wl-clipboard \ - zsh # TODO: check if packages are already installed if rpm-ostree status -bq; then @@ -81,13 +86,14 @@ install_ostree() { fi done - rpms_files="" + # assemble all rpms plus the downloaded ones + rpms_files="${rpmfile[@]}" for rpm in "${RPMS[@]}"; do rpms_files="$rpms_files $HOME/.cache/chezmoi/rpms/$(basename $rpm)" done + echo "Installing ostree packages: $rpms_files" - rpm-ostree install --idempotent -y \ - $rpms_files + rpm-ostree install --allow-inactive --idempotent -y $rpms_files fi if command -v kdeconnect-cli &> /dev/null; then @@ -112,15 +118,37 @@ setup_toolbx() { fi } +install_nerd_fonts() { + echo "Installing Nerd Fonts" + local nerd_fonts_dir="$USER_FONT_DIR/NerdFonts" + mkdir -p $nerd_fonts_dir + echo "Installing Nerd Fonts: ${NERD_FONT_FAMILIES[@]}" + for family in "${NERD_FONT_FAMILIES[@]}"; do + if [ -f $nerd_fonts_dir/$family ]; then + echo "Nerd Font $family already exists, skipping" + continue + fi + curl -L -o $TMP_DIR/$family.tar.xz $NERD_FONT_URL/v$NERD_FONT_VERSION/$family.tar.xz + mkdir -p $nerd_fonts_dir/$family + tar -xvf $TMP_DIR/$family.tar.xz -C $nerd_fonts_dir/$family + done +} + install_fonts() { - echo "Installing fonts" - mkdir -p $HOME/.local/share/fonts + install_nerd_fonts + echo "Updating fonts cache" + fc-cache -v $HOME/.local/share/fonts || true +} - local fonts=( - {{- joinPath .chezmoi.sourceDir "fonts" | include -}} - ) +install_ca() { + echo "Installing CA certificates" + # if home/.step exists, skip + if [ -d $HOME/.step ]; then + echo ".step exists, skipping CA bootstrap" + return + fi - fc-cache -v $HOME/.local/share/fonts + step ca bootstrap --ca-url {{ .caUrl }} --fingerprint {{ .caUrlFingerprint }} --install } {{ if (eq .chezmoi.osRelease.variantID "kinoite") -}} @@ -129,6 +157,8 @@ install_ostree remove_flatpaks install_flatpaks setup_toolbx +install_ca +install_fonts if [ ! -f ~/bin/git-credential-github ]; then echo "Downloading git-credential-github" diff --git a/yum.repos.d/docker.repo b/yum.repos.d/docker.repo new file mode 100644 index 0000000..6f94e4f --- /dev/null +++ b/yum.repos.d/docker.repo @@ -0,0 +1,62 @@ +[docker-ce-stable] +name=Docker CE Stable - $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/stable +enabled=1 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-stable-debuginfo] +name=Docker CE Stable - Debuginfo $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/stable +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-stable-source] +name=Docker CE Stable - Sources +baseurl=https://download.docker.com/linux/fedora/$releasever/source/stable +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-test] +name=Docker CE Test - $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/test +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-test-debuginfo] +name=Docker CE Test - Debuginfo $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/test +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-test-source] +name=Docker CE Test - Sources +baseurl=https://download.docker.com/linux/fedora/$releasever/source/test +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-nightly] +name=Docker CE Nightly - $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/nightly +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-nightly-debuginfo] +name=Docker CE Nightly - Debuginfo $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/nightly +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-nightly-source] +name=Docker CE Nightly - Sources +baseurl=https://download.docker.com/linux/fedora/$releasever/source/nightly +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg diff --git a/yum.repos.d/vscode.repo b/yum.repos.d/vscode.repo new file mode 100644 index 0000000..086c915 --- /dev/null +++ b/yum.repos.d/vscode.repo @@ -0,0 +1,6 @@ +[code] +name=Visual Studio Code +baseurl=https://packages.microsoft.com/yumrepos/vscode +enabled=1 +gpgcheck=1 +gpgkey=https://packages.microsoft.com/keys/microsoft.asc