#!/bin/bash # ================================ # Skript zur Konfiguration von Ubuntu 24.04 (Noble) # Inkl. UCS Join, BricsCAD, SSH/RDP, Bookmarks # ================================ # Farben GREEN='\033[0;32m' RED='\033[0;31m' YELLOW='\033[1;33m' NC='\033[0m' # Keine Farbe # ================================ # KONFIGURATION & VARIABLEN # ================================ # UCS / Domain Variablen UCS_USER="sebastian.zell" SENTINEL="/var/log/ucs_domain_join_done" DEFAULT_USER="sebastian.zell" DEFAULT_DC_IPS=("192.168.174.101" "192.168.176.101") # ecoDMS Repository ECODMS_REPO="deb http://www.ecodms.de/ecodms_250264/noble /" ECODMS_LIST="/etc/apt/sources.list.d/ecodms.list" DOWNLOAD_DIR="$HOME/deb_packages" # Erweiterte Paketliste (Alle angeforderten Programme) APT_PACKAGES=( "curl" "wget" "gpg" "unzip" "xdg-utils" "ca-certificates" "file" "software-properties-common" "vlc" "thunderbird" "remmina" "remmina-plugin-rdp" "remmina-plugin-vnc" "remmina-plugin-secret" "okular" "libreoffice" "gimp" "nextcloud-desktop" "gnucash" "chromium-browser" "ttf-mscorefonts-installer" "ecodmsclient" "ecodmsprinter" "wine64" "terminator" "gedit" "kate" "git" "filezilla" "network-manager" "gnome-shell-extension-gsconnect" "autofs" "openssh-server" "xrdp" "xorgxrdp" "realmd" ) SNAP_PACKAGES=( "spotify" "bitwarden" "whatsapp-linux-app" "notes" "chatgpt-desktop" "bw" ) FLATPAK_PACKAGES=() # ================================ # FUNKTIONEN # ================================ # 1. Quellenliste aktualisieren & ecoDMS update_sources() { echo -e "${GREEN}System wird aktualisiert...${NC}" sudo apt update && sudo apt upgrade -y echo -e "${GREEN}Füge ecoDMS Repository (Noble) hinzu...${NC}" wget -qO - http://www.ecodms.de/gpg/ecodms.key | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/ecodms.gpg echo "$ECODMS_REPO" | sudo tee "$ECODMS_LIST" > /dev/null sudo apt update } # 2. APT Pakete installieren install_apt_packages() { echo -e "${GREEN}Installiere APT-Pakete...${NC}" for PACKAGE in "${APT_PACKAGES[@]}"; do if dpkg -l | grep -q "^ii $PACKAGE "; then echo -e "${GREEN}$PACKAGE ist bereits installiert.${NC}" else sudo apt install -y "$PACKAGE" || echo -e "${RED}Fehler bei $PACKAGE (evtl. existiert es nur als Snap?).${NC}" fi done } # 3. Snap Pakete installieren install_snap_packages() { if ! command -v snap &> /dev/null; then sudo apt install -y snapd fi echo -e "${GREEN}Installiere Snap-Pakete...${NC}" for SNAP in "${SNAP_PACKAGES[@]}"; do sudo snap install "$SNAP" || sudo snap install "$SNAP" --classic done } # 4. Flatpak installieren install_flatpak_packages() { if ! command -v flatpak &> /dev/null; then sudo apt install -y flatpak sudo flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo fi } # 5. DEB Pakete installieren (Inkl. BricsCAD & MasterPDF) install_deb_packages() { echo -e "${GREEN}Lade zusätzliche .deb-Pakete herunter...${NC}" mkdir -p "$DOWNLOAD_DIR" declare -A DEB_URLS=( ["shadow-amd64.deb"]="https://update.shadow.tech/launcher/prod/linux/x86_64/shadow-amd64.deb" ["nomachine.deb"]="https://web9001.nomachine.com/download/9.3/Linux/nomachine_9.3.7_1_amd64.deb" ["xpipe.deb"]="https://github.com/xpipe-io/xpipe/releases/latest/download/xpipe-installer-linux-x86_64.deb" ["rustdesk.deb"]="https://github.com/rustdesk/rustdesk/releases/download/1.4.4/rustdesk-1.4.4-x86_64.deb" ["bricscad.deb"]="https://next.zell-cloud.de/nextcloud/s/AyoAbKWoaciXtP9/download" ["master-pdf-editor.deb"]="https://code-industry.net/public/master-pdf-editor-5.9.82.qt5.amd64.deb" ) for FILE in "${!DEB_URLS[@]}"; do echo -e "Lade herunter: $FILE ..." wget -O "$DOWNLOAD_DIR/$FILE" "${DEB_URLS[$FILE]}" || echo -e "${RED}Fehler bei Download von $FILE.${NC}" done echo -e "${GREEN}Installiere .deb-Pakete...${NC}" for DEB_FILE in "$DOWNLOAD_DIR"/*.deb; do sudo apt install -y "$DEB_FILE" || sudo apt --fix-broken install -y done } # 6. Netzwerk konfigurieren configure_network() { echo -e "${YELLOW}=== Netzwerkkonfiguration ===${NC}" INTERFACE=$(ip -o -4 route show to default | awk '{print $5}' | head -n1) if [ -z "$INTERFACE" ]; then echo -e "${RED}Kein Interface gefunden.${NC}"; return; fi CON_NAME=$(nmcli -t -f NAME,DEVICE connection show --active | grep ":$INTERFACE" | cut -d: -f1 | head -n1) if [ -z "$CON_NAME" ]; then echo -e "${RED}Kein Profil gefunden.${NC}"; return; fi echo -e "Bearbeite Verbindung: ${GREEN}$CON_NAME${NC}" while true; do read -p "Bitte die letzte Zahl der IP-Adresse eingeben (192.168.176.XXX): " IP_SUFFIX if [[ "$IP_SUFFIX" =~ ^[0-9]+$ ]] && [ "$IP_SUFFIX" -ge 1 ] && [ "$IP_SUFFIX" -le 254 ]; then break; fi done NEW_IP="192.168.176.$IP_SUFFIX" sudo nmcli con mod "$CON_NAME" ipv4.addresses "$NEW_IP/24" ipv4.gateway "192.168.176.1" ipv4.dns "192.168.176.101 192.168.174.101 1.1.1.1" ipv4.method manual echo -e "${GREEN}Netzwerk konfiguriert. Neustart der Verbindung erforderlich.${NC}" read -p "Verbindung jetzt neu starten? (j/n): " RESTART_NET if [[ "$RESTART_NET" =~ ^[jJ]$ ]]; then sudo nmcli con up "$CON_NAME"; fi } # 7. UCS Domain Join (Automatisch) perform_ucs_join() { echo -e "${YELLOW}=== UCS Domain Join ===${NC}" if [[ -f "$SENTINEL" ]]; then echo -e "${YELLOW}Domänenbeitritt bereits erledigt (${SENTINEL}) – überspringe Join.${NC}" else echo -e "${GREEN}Installiere Join Tools...${NC}" sudo add-apt-repository -y ppa:univention-dev/ppa || true sudo apt-get update sudo apt-get install -y univention-domain-join-cli realmd || true echo read -r -p "FQDN deiner UCS/AD-Domäne (z.B. company.local): " DOMAIN while [[ -z "${DOMAIN:-}" ]]; do read -r -p "Bitte Domänen-FQDN angeben: " DOMAIN; done read -r -p "Domänen-Benutzer [${DEFAULT_USER}]: " JOINUSER JOINUSER="${JOINUSER:-$DEFAULT_USER}" echo; echo "DC-IP optional (oder leer): ${DEFAULT_DC_IPS[*]}" read -r -p "DC-IP (optional): " DCIP echo -e "${GREEN}Domänenbeitritt läuft...${NC}" set +e try_join(){ local ip="${1:-}" if [[ -n "$ip" ]]; then sudo univention-domain-join-cli --domain "$DOMAIN" --dc-ip "$ip" --username "$JOINUSER" else sudo univention-domain-join-cli --domain "$DOMAIN" --username "$JOINUSER" fi } if [[ -n "${DCIP:-}" ]]; then try_join "$DCIP" rc=$? else try_join "" rc=$? if [[ $rc -ne 0 ]]; then for ip in "${DEFAULT_DC_IPS[@]}"; do echo "Versuche Fallback DC: $ip" try_join "$ip" rc=$? [[ $rc -eq 0 ]] && break done fi fi set -e if [[ $rc -ne 0 ]]; then echo -e "${RED}Domänenbeitritt fehlgeschlagen.${NC}" return 1 fi echo -e "${GREEN}Domänenbeitritt erfolgreich.${NC}" sudo touch "$SENTINEL" # Realm Permissions if command -v realm >/dev/null 2>&1; then sudo realm permit -g "Domain Admins" || true fi # Sudoers für Domain Admins echo -e "${GREEN}Füge Domain Admins zu den Sudoers hinzu...${NC}" echo "%Domain\\ Admins ALL=(ALL:ALL) ALL" | sudo tee /etc/sudoers.d/domain-admins > /dev/null sudo chmod 440 /etc/sudoers.d/domain-admins if sudo visudo -cf /etc/sudoers.d/domain-admins; then echo -e "${GREEN}Sudoers Datei ist gültig.${NC}" else echo -e "${RED}WARNUNG: Sudoers Datei ist ungültig! Lösche sie zur Sicherheit.${NC}" sudo rm /etc/sudoers.d/domain-admins fi fi } # 8. SSH/RDP & Realm Config configure_ssh_rdp() { echo -e "${YELLOW}=== Konfiguration SSH/RDP & Realm ===${NC}" SSHD="/etc/ssh/sshd_config" if [ -f "$SSHD" ]; then sudo cp -a "$SSHD" "${SSHD}.bak.$(date +%F_%H%M)" || true if grep -q '^UsePAM' "$SSHD"; then sudo sed -i 's/^UsePAM.*/UsePAM yes/' "$SSHD" else echo 'UsePAM yes' | sudo tee -a "$SSHD" fi if grep -q '^PasswordAuthentication' "$SSHD"; then sudo sed -i 's/^PasswordAuthentication.*/PasswordAuthentication yes/' "$SSHD" else echo 'PasswordAuthentication yes' | sudo tee -a "$SSHD" fi sudo systemctl enable --now ssh sudo systemctl restart ssh || true fi if command -v ufw >/dev/null 2>&1 && sudo ufw status | grep -q "Status: active"; then sudo ufw allow 22/tcp || true sudo ufw allow 3389/tcp || true fi if command -v realm >/dev/null 2>&1; then sudo realm permit -g "Domain Users" -g "Domain Admins" || true fi } # 9. GTK Bookmarks einrichten setup_bookmarks() { echo -e "${GREEN}Richte GTK Bookmarks ein...${NC}" BOOKMARKS_FILE="$HOME/.config/gtk-3.0/bookmarks" # Verzeichnis erstellen falls nicht vorhanden mkdir -p "$(dirname "$BOOKMARKS_FILE")" declare -a BOOKMARKS=( "file:///net/192.168.176.13/srv/fileserver/aufmasse Aufmasse" "file:///net/192.168.176.13/srv/fileserver/dokumente Dokumente" "file:///net/192.168.176.13/srv/fileserver/hausverwaltung Hausverwaltung" "file:///net/192.168.176.13/srv/fileserver/buchhaltung Buchhaltung" "file:///net/192.168.176.13/srv/fileserver/feldrechner Feldrechner" "file:///net/192.168.176.13/srv/fileserver/scripte Scripte" "file:///net/192.168.176.13/srv/fileserver/scandaten Scandaten" "file:///net/192.168.176.12/srv/fileserver/aufmasse-archiv Aufmasse Archiv" "file:///home/shared Shared" ) for BM in "${BOOKMARKS[@]}"; do # Nur hinzufügen, wenn noch nicht vorhanden (vermeidet Duplikate) if ! grep -qF "$BM" "$BOOKMARKS_FILE" 2>/dev/null; then echo "$BM" >> "$BOOKMARKS_FILE" echo "Bookmark hinzugefügt: $BM" else echo "Bookmark existiert bereits: $BM" fi done } # 10. Autofs & Shared Dir setup_system_extras() { echo -e "${GREEN}Richte autofs ein...${NC}" if ! grep -q "/net /etc/auto.net" /etc/auto.master; then echo "/net /etc/auto.net --timeout=600" | sudo tee -a /etc/auto.master fi sudo systemctl restart autofs sudo systemctl enable autofs SHARED_DIR="/home/shared" if [ ! -d "$SHARED_DIR" ]; then sudo mkdir -p "$SHARED_DIR" sudo chmod 1777 "$SHARED_DIR" fi } # ================================ # HAUPTABLAUF # ================================ update_sources install_apt_packages install_snap_packages install_flatpak_packages install_deb_packages setup_system_extras setup_bookmarks # Konfigurationen configure_network perform_ucs_join configure_ssh_rdp echo -e "${GREEN}Skript vollständig abgeschlossen.${NC}"