mike/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: mike:1202b49cb5f0987fc7131f145029b050b9ad3782
Branches Tags
mike:master
...
compare: mike:07813d80b68bf7086bb16dcb9be99c926e7800af
Branches Tags
mike:master

2 Commits
1202b49cb5 ... 07813d80b6

Author SHA1 Message Date
Mike Wilson
07813d80b6 Add Arkenfox config 2025-06-16 13:46:22 -04:00
Mike Wilson
4f1db7d2a8 Initial ansible configuration 2025-06-16 13:46:01 -04:00
8 changed files with 1915 additions and 0 deletions
Expand all files Collapse all files

8
ansible.cfg Normal file
View File

@@ -0,0 +1,8 @@
[defaults]
remote_user = mike
inventory = ./hosts.yml
interpreter_python = auto_silent
[privilege_escalation]
become_ask_pass = True
become_method: doas

4
hosts.yml Normal file
View File

@@ -0,0 +1,4 @@
arch:
hosts:
thonx:
become_method: doas

185
roles/arkenfox/files/prefsCleaner.sh Normal file
View File

@@ -0,0 +1,185 @@
#!/usr/bin/env bash
## prefs.js cleaner for Linux/Mac
## author: @claustromaniac
## version: 2.1
## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh
## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_prefsCleaner() )
readonly CURRDIR=$(pwd)
## get the full path of this script (readlink for Linux, greadlink for Mac with coreutils installed)
SCRIPT_FILE=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null)
## fallback for Macs without coreutils
[ -z "$SCRIPT_FILE" ] && SCRIPT_FILE=${BASH_SOURCE[0]}
AUTOUPDATE=true
QUICKSTART=false
## download method priority: curl -> wget
DOWNLOAD_METHOD=''
if command -v curl >/dev/null; then
DOWNLOAD_METHOD='curl --max-redirs 3 -so'
elif command -v wget >/dev/null; then
DOWNLOAD_METHOD='wget --max-redirect 3 --quiet -O'
else
AUTOUPDATE=false
echo -e "No curl or wget detected.\nAutomatic self-update disabled!"
fi
fQuit() {
## change directory back to the original working directory
cd "${CURRDIR}"
[ "$1" -eq 0 ] && echo -e "\n$2" || echo -e "\n$2" >&2
exit $1
}
fUsage() {
echo -e "\nUsage: $0 [-ds]"
echo -e "
Optional Arguments:
-s Start immediately
-d Don't auto-update prefsCleaner.sh"
}
download_file() { # expects URL as argument ($1)
declare -r tf=$(mktemp)
$DOWNLOAD_METHOD "${tf}" "$1" &>/dev/null && echo "$tf" || echo '' # return the temp-filename or empty string on error
}
fFF_check() {
# there are many ways to see if firefox is running or not, some more reliable than others
# this isn't elegant and might not be future-proof but should at least be compatible with any environment
while [ -e lock ]; do
echo -e "\nThis Firefox profile seems to be in use. Close Firefox and try again.\n" >&2
read -r -p "Press any key to continue."
done
}
## returns the version number of a prefsCleaner.sh file
get_prefsCleaner_version() {
echo "$(sed -n '5 s/.*[[:blank:]]\([[:digit:]]*\.[[:digit:]]*\)/\1/p' "$1")"
}
## updates the prefsCleaner.sh file based on the latest public version
update_prefsCleaner() {
declare -r tmpfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/prefsCleaner.sh')"
[ -z "$tmpfile" ] && echo -e "Error! Could not download prefsCleaner.sh" && return 1 # check if download failed
[[ $(get_prefsCleaner_version "$SCRIPT_FILE") == $(get_prefsCleaner_version "$tmpfile") ]] && return 0
mv "$tmpfile" "$SCRIPT_FILE"
chmod u+x "$SCRIPT_FILE"
"$SCRIPT_FILE" "$@" -d
exit 0
}
fClean() {
# the magic happens here
prefs="@@"
prefexp="user_pref[ ]*\([ ]*[\"']([^\"']+)[\"'][ ]*,"
while read -r line; do
if [[ "$line" =~ $prefexp && $prefs != *"@@${BASH_REMATCH[1]}@@"* ]]; then
prefs="${prefs}${BASH_REMATCH[1]}@@"
fi
done <<< "$(grep -E "$prefexp" user.js)"
while IFS='' read -r line || [[ -n "$line" ]]; do
if [[ "$line" =~ ^$prefexp ]]; then
if [[ $prefs != *"@@${BASH_REMATCH[1]}@@"* ]]; then
echo "$line"
fi
else
echo "$line"
fi
done < "$1" > prefs.js
}
fStart() {
if [ ! -e user.js ]; then
fQuit 1 "user.js not found in the current directory."
elif [ ! -e prefs.js ]; then
fQuit 1 "prefs.js not found in the current directory."
fi
fFF_check
mkdir -p prefsjs_backups
bakfile="prefsjs_backups/prefs.js.backup.$(date +"%Y-%m-%d_%H%M")"
mv prefs.js "${bakfile}" || fQuit 1 "Operation aborted.\nReason: Could not create backup file $bakfile"
echo -e "\nprefs.js backed up: $bakfile"
echo "Cleaning prefs.js..."
fClean "$bakfile"
fQuit 0 "All done!"
}
while getopts "sd" opt; do
case $opt in
s)
QUICKSTART=true
;;
d)
AUTOUPDATE=false
;;
esac
done
## change directory to the Firefox profile directory
cd "$(dirname "${SCRIPT_FILE}")"
# Check if running as root and if any files have the owner as root/wheel.
if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then
fQuit 1 "You shouldn't run this with elevated privileges (such as with doas/sudo)."
elif [ -n "$(find ./ -user 0)" ]; then
printf 'It looks like this script was previously run with elevated privileges,
you will need to change ownership of the following files to your user:\n'
find . -user 0
fQuit 1
fi
[ "$AUTOUPDATE" = true ] && update_prefsCleaner "$@"
echo -e "\n\n"
echo " ╔══════════════════════════╗"
echo " ║ prefs.js cleaner ║"
echo " ║ by claustromaniac ║"
echo " ║ v2.1 ║"
echo " ╚══════════════════════════╝"
echo -e "\nThis script should be run from your Firefox profile directory.\n"
echo "It will remove any entries from prefs.js that also exist in user.js."
echo "This will allow inactive preferences to be reset to their default values."
echo -e "\nThis Firefox profile shouldn't be in use during the process.\n"
[ "$QUICKSTART" = true ] && fStart
echo -e "\nIn order to proceed, select a command below by entering its corresponding number.\n"
select option in Start Help Exit; do
case $option in
Start)
fStart
;;
Help)
fUsage
echo -e "\nThis script creates a backup of your prefs.js file before doing anything."
echo -e "It should be safe, but you can follow these steps if something goes wrong:\n"
echo "1. Make sure Firefox is closed."
echo "2. Delete prefs.js in your profile folder."
echo "3. Delete Invalidprefs.js if you have one in the same folder."
echo "4. Rename or copy your latest backup to prefs.js."
echo "5. Run Firefox and see if you notice anything wrong with it."
echo "6. If you do notice something wrong, especially with your extensions, and/or with the UI, go to about:support, and restart Firefox with add-ons disabled. Then, restart it again normally, and see if the problems were solved."
echo -e "If you are able to identify the cause of your issues, please bring it up on the arkenfox user.js GitHub repository.\n"
;;
Exit)
fQuit 0
;;
esac
done
fQuit 0

407
roles/arkenfox/files/updater.sh Normal file
View File

@@ -0,0 +1,407 @@
#!/usr/bin/env bash
## arkenfox user.js updater for macOS and Linux
## version: 4.0
## Author: Pat Johnson (@overdodactyl)
## Additional contributors: @earthlng, @ema-pe, @claustromaniac, @infinitewarp
## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_updater() )
# Check if running as root
if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then
printf "You shouldn't run this with elevated privileges (such as with doas/sudo).\n"
exit 1
fi
readonly CURRDIR=$(pwd)
SCRIPT_FILE=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null)
[ -z "$SCRIPT_FILE" ] && SCRIPT_FILE=${BASH_SOURCE[0]}
readonly SCRIPT_DIR=$(dirname "${SCRIPT_FILE}")
#########################
# Base variables #
#########################
# Colors used for printing
RED='\033[0;31m'
BLUE='\033[0;34m'
BBLUE='\033[1;34m'
GREEN='\033[0;32m'
ORANGE='\033[0;33m'
CYAN='\033[0;36m'
NC='\033[0m' # No Color
# Argument defaults
UPDATE='check'
CONFIRM='yes'
OVERRIDE='user-overrides.js'
BACKUP='multiple'
COMPARE=false
SKIPOVERRIDE=false
VIEW=false
PROFILE_PATH=false
ESR=false
# Download method priority: curl -> wget
DOWNLOAD_METHOD=''
if command -v curl >/dev/null; then
DOWNLOAD_METHOD='curl --max-redirs 3 -so'
elif command -v wget >/dev/null; then
DOWNLOAD_METHOD='wget --max-redirect 3 --quiet -O'
else
echo -e "${RED}This script requires curl or wget.\nProcess aborted${NC}"
exit 1
fi
show_banner() {
echo -e "${BBLUE}
############################################################################
#### ####
#### arkenfox user.js ####
#### Hardening the Privacy and Security Settings of Firefox ####
#### Maintained by @Thorin-Oakenpants and @earthlng ####
#### Updater for macOS and Linux by @overdodactyl ####
#### ####
############################################################################"
echo -e "${NC}\n"
echo -e "Documentation for this script is available here: ${CYAN}https://github.com/arkenfox/user.js/wiki/5.1-Updater-[Options]#-maclinux${NC}\n"
}
#########################
# Arguments #
#########################
usage() {
echo
echo -e "${BLUE}Usage: $0 [-bcdehlnrsuv] [-p PROFILE] [-o OVERRIDE]${NC}" 1>&2 # Echo usage string to standard error
echo -e "
Optional Arguments:
-h Show this help message and exit.
-p PROFILE Path to your Firefox profile (if different than the dir of this script)
IMPORTANT: If the path contains spaces, wrap the entire argument in quotes.
-l Choose your Firefox profile from a list
-u Update updater.sh and execute silently. Do not seek confirmation.
-d Do not look for updates to updater.sh.
-s Silently update user.js. Do not seek confirmation.
-b Only keep one backup of each file.
-c Create a diff file comparing old and new user.js within userjs_diffs.
-o OVERRIDE Filename or path to overrides file (if different than user-overrides.js).
If used with -p, paths should be relative to PROFILE or absolute paths
If given a directory, all files inside will be appended recursively.
You can pass multiple files or directories by passing a comma separated list.
Note: If a directory is given, only files inside ending in the extension .js are appended
IMPORTANT: Do not add spaces between files/paths. Ex: -o file1.js,file2.js,dir1
IMPORTANT: If any file/path contains spaces, wrap the entire argument in quotes.
Ex: -o \"override folder\"
-n Do not append any overrides, even if user-overrides.js exists.
-v Open the resulting user.js file.
-r Only download user.js to a temporary file and open it.
-e Activate ESR related preferences."
echo
exit 1
}
#########################
# File Handling #
#########################
download_file() { # expects URL as argument ($1)
declare -r tf=$(mktemp)
$DOWNLOAD_METHOD "${tf}" "$1" &>/dev/null && echo "$tf" || echo '' # return the temp-filename or empty string on error
}
open_file() { # expects one argument: file_path
if [ "$(uname)" == 'Darwin' ]; then
open "$1"
elif [ "$(uname -s | cut -c -5)" == "Linux" ]; then
xdg-open "$1"
else
echo -e "${RED}Error: Sorry, opening files is not supported for your OS.${NC}"
fi
}
readIniFile() { # expects one argument: absolute path of profiles.ini
declare -r inifile="$1"
# tempIni will contain: [ProfileX], Name=, IsRelative= and Path= (and Default= if present) of the only (if) or the selected (else) profile
if [ "$(grep -c '^\[Profile' "${inifile}")" -eq "1" ]; then ### only 1 profile found
tempIni="$(grep '^\[Profile' -A 4 "${inifile}")"
else
echo -e "Profiles found:\n"
## cmd-substitution to strip trailing newlines and in quotes to keep internal ones:
echo "$(grep --color=never -E 'Default=[^1]|\[Profile[0-9]*\]|Name=|Path=|^$' "${inifile}")"
echo ''
read -p 'Select the profile number ( 0 for Profile0, 1 for Profile1, etc ) : ' -r
echo -e "\n"
if [[ $REPLY =~ ^(0|[1-9][0-9]*)$ ]]; then
tempIni="$(grep "^\[Profile${REPLY}" -A 4 "${inifile}")" || {
echo -e "${RED}Profile${REPLY} does not exist!${NC}" && exit 1
}
else
echo -e "${RED}Invalid selection!${NC}" && exit 1
fi
fi
# extracting 0 or 1 from the "IsRelative=" line
declare -r pathisrel=$(sed -n 's/^IsRelative=\([01]\)$/\1/p' <<< "${tempIni}")
# extracting only the path itself, excluding "Path="
PROFILE_PATH=$(sed -n 's/^Path=\(.*\)$/\1/p' <<< "${tempIni}")
# update global variable if path is relative
[[ ${pathisrel} == "1" ]] && PROFILE_PATH="$(dirname "${inifile}")/${PROFILE_PATH}"
}
getProfilePath() {
declare -r f1=~/Library/Application\ Support/Firefox/profiles.ini
declare -r f2=~/.mozilla/firefox/profiles.ini
if [ "$PROFILE_PATH" = false ]; then
PROFILE_PATH="$SCRIPT_DIR"
elif [ "$PROFILE_PATH" = 'list' ]; then
if [[ -f "$f1" ]]; then
readIniFile "$f1" # updates PROFILE_PATH or exits on error
elif [[ -f "$f2" ]]; then
readIniFile "$f2"
else
echo -e "${RED}Error: Sorry, -l is not supported for your OS${NC}"
exit 1
fi
#else
# PROFILE_PATH already set by user with -p
fi
}
#########################
# Update updater.sh #
#########################
# Returns the version number of a updater.sh file
get_updater_version() {
echo "$(sed -n '5 s/.*[[:blank:]]\([[:digit:]]*\.[[:digit:]]*\)/\1/p' "$1")"
}
# Update updater.sh
# Default: Check for update, if available, ask user if they want to execute it
# Args:
# -d: New version will not be looked for and update will not occur
# -u: Check for update, if available, execute without asking
update_updater() {
[ "$UPDATE" = 'no' ] && return 0 # User signified not to check for updates
declare -r tmpfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/updater.sh')"
[ -z "${tmpfile}" ] && echo -e "${RED}Error! Could not download updater.sh${NC}" && return 1 # check if download failed
if [[ $(get_updater_version "$SCRIPT_FILE") < $(get_updater_version "${tmpfile}") ]]; then
if [ "$UPDATE" = 'check' ]; then
echo -e "There is a newer version of updater.sh available. ${RED}Update and execute Y/N?${NC}"
read -p "" -n 1 -r
echo -e "\n\n"
[[ $REPLY =~ ^[Yy]$ ]] || return 0 # Update available, but user chooses not to update
fi
else
return 0 # No update available
fi
mv "${tmpfile}" "$SCRIPT_FILE"
chmod u+x "$SCRIPT_FILE"
"$SCRIPT_FILE" "$@" -d
exit 0
}
#########################
# Update user.js #
#########################
# Returns version number of a user.js file
get_userjs_version() {
[ -e "$1" ] && echo "$(sed -n '4p' "$1")" || echo "Not detected."
}
add_override() {
input=$1
if [ -f "$input" ]; then
echo "" >> user.js
cat "$input" >> user.js
echo -e "Status: ${GREEN}Override file appended:${NC} ${input}"
elif [ -d "$input" ]; then
SAVEIFS=$IFS
IFS=$'\n\b' # Set IFS
FILES="${input}"/*.js
for f in $FILES
do
add_override "$f"
done
IFS=$SAVEIFS # restore $IFS
else
echo -e "${ORANGE}Warning: Could not find override file:${NC} ${input}"
fi
}
remove_comments() { # expects 2 arguments: from-file and to-file
sed -e '/^\/\*.*\*\/[[:space:]]*$/d' -e '/^\/\*/,/\*\//d' -e 's|^[[:space:]]*//.*$||' -e '/^[[:space:]]*$/d' -e 's|);[[:space:]]*//.*|);|' "$1" > "$2"
}
# Applies latest version of user.js and any custom overrides
update_userjs() {
declare -r newfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/user.js')"
[ -z "${newfile}" ] && echo -e "${RED}Error! Could not download user.js${NC}" && return 1 # check if download failed
echo -e "Please observe the following information:
Firefox profile: ${ORANGE}$(pwd)${NC}
Available online: ${ORANGE}$(get_userjs_version "$newfile")${NC}
Currently using: ${ORANGE}$(get_userjs_version user.js)${NC}\n\n"
if [ "$CONFIRM" = 'yes' ]; then
echo -e "This script will update to the latest user.js file and append any custom configurations from user-overrides.js. ${RED}Continue Y/N? ${NC}"
read -p "" -n 1 -r
echo -e "\n"
if ! [[ $REPLY =~ ^[Yy]$ ]]; then
echo -e "${RED}Process aborted${NC}"
rm "$newfile"
return 1
fi
fi
# Copy a version of user.js to diffs folder for later comparison
if [ "$COMPARE" = true ]; then
mkdir -p userjs_diffs
cp user.js userjs_diffs/past_user.js &>/dev/null
fi
# backup user.js
mkdir -p userjs_backups
local bakname="userjs_backups/user.js.backup.$(date +"%Y-%m-%d_%H%M")"
[ "$BACKUP" = 'single' ] && bakname='userjs_backups/user.js.backup'
cp user.js "$bakname" &>/dev/null
mv "${newfile}" user.js
echo -e "Status: ${GREEN}user.js has been backed up and replaced with the latest version!${NC}"
if [ "$ESR" = true ]; then
sed -e 's/\/\* \(ESR[0-9]\{2,\}\.x still uses all.*\)/\/\/ \1/' user.js > user.js.tmp && mv user.js.tmp user.js
echo -e "Status: ${GREEN}ESR related preferences have been activated!${NC}"
fi
# apply overrides
if [ "$SKIPOVERRIDE" = false ]; then
while IFS=',' read -ra FILES; do
for FILE in "${FILES[@]}"; do
add_override "$FILE"
done
done <<< "$OVERRIDE"
fi
# create diff
if [ "$COMPARE" = true ]; then
pastuserjs='userjs_diffs/past_user.js'
past_nocomments='userjs_diffs/past_userjs.txt'
current_nocomments='userjs_diffs/current_userjs.txt'
remove_comments "$pastuserjs" "$past_nocomments"
remove_comments user.js "$current_nocomments"
diffname="userjs_diffs/diff_$(date +"%Y-%m-%d_%H%M").txt"
diff=$(diff -w -B -U 0 "$past_nocomments" "$current_nocomments")
if [ -n "$diff" ]; then
echo "$diff" > "$diffname"
echo -e "Status: ${GREEN}A diff file was created:${NC} ${PWD}/${diffname}"
else
echo -e "Warning: ${ORANGE}Your new user.js file appears to be identical. No diff file was created.${NC}"
[ "$BACKUP" = 'multiple' ] && rm "$bakname" &>/dev/null
fi
rm "$past_nocomments" "$current_nocomments" "$pastuserjs" &>/dev/null
fi
[ "$VIEW" = true ] && open_file "${PWD}/user.js"
}
#########################
# Execute #
#########################
if [ $# != 0 ]; then
# Display usage if first argument is -help or --help
if [ "$1" = '--help' ] || [ "$1" = '-help' ]; then
usage
else
while getopts ":hp:ludsno:bcvre" opt; do
case $opt in
h)
usage
;;
p)
PROFILE_PATH=${OPTARG}
;;
l)
PROFILE_PATH='list'
;;
u)
UPDATE='yes'
;;
d)
UPDATE='no'
;;
s)
CONFIRM='no'
;;
n)
SKIPOVERRIDE=true
;;
o)
OVERRIDE=${OPTARG}
;;
b)
BACKUP='single'
;;
c)
COMPARE=true
;;
v)
VIEW=true
;;
e)
ESR=true
;;
r)
tfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/user.js')"
[ -z "${tfile}" ] && echo -e "${RED}Error! Could not download user.js${NC}" && exit 1 # check if download failed
mv "$tfile" "${tfile}.js"
echo -e "${ORANGE}Warning: user.js was saved to temporary file ${tfile}.js${NC}"
open_file "${tfile}.js"
exit 0
;;
\?)
echo -e "${RED}\n Error! Invalid option: -$OPTARG${NC}" >&2
usage
;;
:)
echo -e "${RED}Error! Option -$OPTARG requires an argument.${NC}" >&2
exit 2
;;
esac
done
fi
fi
show_banner
update_updater "$@"
getProfilePath # updates PROFILE_PATH or exits on error
cd "$PROFILE_PATH" || exit 1
# Check if any files have the owner as root/wheel.
if [ -n "$(find ./ -user 0)" ]; then
printf 'It looks like this script was previously run with elevated privileges,
you will need to change ownership of the following files to your user:\n'
find . -user 0
cd "$CURRDIR"
exit 1
fi
update_userjs
cd "$CURRDIR"

9
roles/arkenfox/files/user-overrides.js Normal file
View File

@@ -0,0 +1,9 @@
// RFP
user_pref("privacy.resistFingerprinting", true);
user_pref("privacy.resistFingerprinting.letterboxing", true)
// DNS
user_pref("network.trr.mode", 0); // Disable DoH to use network resolver

1249
roles/arkenfox/files/user.js Normal file
View File

File diff suppressed because it is too large Load Diff

48
roles/arkenfox/tasks/main.yml Normal file
View File

@@ -0,0 +1,48 @@
- name: Install firefox
ansible.builtin.package:
name: firefox
state: present
become: true
- name: Ensure firefox is not running
ansible.builtin.command: pkill firefox
ignore_errors: yes
- name: Get path of default firefox profile
ansible.builtin.find:
paths: "/home/mike/.mozilla/firefox"
file_type: directory
patterns: "*default-release"
register: profile_dir
- name: Install user.js
ansible.builtin.copy:
src: user.js
dest: "{{ profile_dir.files[0].path }}"
mode: "0664"
- name: Install user-overrides.js
ansible.builtin.copy:
src: user-overrides.js
dest: "{{ profile_dir.files[0].path }}"
mode: "0664"
- name: Install prefsCleaner.sh
ansible.builtin.copy:
src: prefsCleaner.sh
dest: "{{ profile_dir.files[0].path }}"
- name: Install updater.sh
ansible.builtin.copy:
src: updater.sh
dest: "{{ profile_dir.files[0].path }}"
- name: Run Updater
ansible.builtin.script:
chdir: "{{ profile_dir.files[0].path }}"
cmd: "updater.sh -s"
- name: Run prefsCleaner
ansible.builtin.script:
chdir: "{{ profile_dir.files[0].path }}"
cmd: "{{ profile_dir.files[0].path }}/prefsCleaner.sh -s"

5
vault-pass.sh Executable file
View File

@@ -0,0 +1,5 @@
#!/bin/sh
set -e
keepassxc-cli show -s -a password ~/vault/Passwords.kdbx 'Ansible Vault'