344 lines
11 KiB
Bash
344 lines
11 KiB
Bash
#!/bin/bash
|
||
|
||
# ================================
|
||
# Skript zur Konfiguration von Ubuntu 24.04 (Noble)
|
||
# Inkl. UCS Join, BricsCAD, SSH/RDP, Bookmarks
|
||
# ================================
|
||
|
||
# Farben
|
||
GREEN='\033[0;32m'
|
||
RED='\033[0;31m'
|
||
YELLOW='\033[1;33m'
|
||
NC='\033[0m' # Keine Farbe
|
||
|
||
# ================================
|
||
# KONFIGURATION & VARIABLEN
|
||
# ================================
|
||
|
||
# UCS / Domain Variablen
|
||
UCS_USER="sebastian.zell"
|
||
SENTINEL="/var/log/ucs_domain_join_done"
|
||
DEFAULT_USER="sebastian.zell"
|
||
DEFAULT_DC_IPS=("192.168.174.101" "192.168.176.101")
|
||
|
||
# ecoDMS Repository
|
||
ECODMS_REPO="deb http://www.ecodms.de/ecodms_250264/noble /"
|
||
ECODMS_LIST="/etc/apt/sources.list.d/ecodms.list"
|
||
|
||
DOWNLOAD_DIR="$HOME/deb_packages"
|
||
|
||
# Erweiterte Paketliste (Alle angeforderten Programme)
|
||
APT_PACKAGES=(
|
||
"curl" "wget" "gpg" "unzip" "xdg-utils" "ca-certificates" "file"
|
||
"software-properties-common"
|
||
"vlc"
|
||
"thunderbird"
|
||
"remmina" "remmina-plugin-rdp" "remmina-plugin-vnc" "remmina-plugin-secret"
|
||
"okular"
|
||
"libreoffice"
|
||
"gimp"
|
||
"nextcloud-desktop"
|
||
"gnucash"
|
||
"chromium-browser"
|
||
"ttf-mscorefonts-installer"
|
||
"ecodmsclient"
|
||
"ecodmsprinter"
|
||
"wine64"
|
||
"terminator"
|
||
"gedit"
|
||
"kate"
|
||
"git"
|
||
"filezilla"
|
||
"network-manager"
|
||
"gnome-shell-extension-gsconnect"
|
||
"autofs"
|
||
"openssh-server"
|
||
"xrdp"
|
||
"xorgxrdp"
|
||
"realmd"
|
||
)
|
||
|
||
SNAP_PACKAGES=(
|
||
"spotify"
|
||
"bitwarden"
|
||
"whatsapp-linux-app"
|
||
"notes"
|
||
"chatgpt-desktop"
|
||
"bw"
|
||
)
|
||
|
||
FLATPAK_PACKAGES=()
|
||
|
||
# ================================
|
||
# FUNKTIONEN
|
||
# ================================
|
||
|
||
# 1. Quellenliste aktualisieren & ecoDMS
|
||
update_sources() {
|
||
echo -e "${GREEN}System wird aktualisiert...${NC}"
|
||
sudo apt update && sudo apt upgrade -y
|
||
|
||
echo -e "${GREEN}Füge ecoDMS Repository (Noble) hinzu...${NC}"
|
||
wget -qO - http://www.ecodms.de/gpg/ecodms.key | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/ecodms.gpg
|
||
echo "$ECODMS_REPO" | sudo tee "$ECODMS_LIST" > /dev/null
|
||
|
||
sudo apt update
|
||
}
|
||
|
||
# 2. APT Pakete installieren
|
||
install_apt_packages() {
|
||
echo -e "${GREEN}Installiere APT-Pakete...${NC}"
|
||
for PACKAGE in "${APT_PACKAGES[@]}"; do
|
||
if dpkg -l | grep -q "^ii $PACKAGE "; then
|
||
echo -e "${GREEN}$PACKAGE ist bereits installiert.${NC}"
|
||
else
|
||
sudo apt install -y "$PACKAGE" || echo -e "${RED}Fehler bei $PACKAGE (evtl. existiert es nur als Snap?).${NC}"
|
||
fi
|
||
done
|
||
}
|
||
|
||
# 3. Snap Pakete installieren
|
||
install_snap_packages() {
|
||
if ! command -v snap &> /dev/null; then
|
||
sudo apt install -y snapd
|
||
fi
|
||
echo -e "${GREEN}Installiere Snap-Pakete...${NC}"
|
||
for SNAP in "${SNAP_PACKAGES[@]}"; do
|
||
sudo snap install "$SNAP" || sudo snap install "$SNAP" --classic
|
||
done
|
||
}
|
||
|
||
# 4. Flatpak installieren
|
||
install_flatpak_packages() {
|
||
if ! command -v flatpak &> /dev/null; then
|
||
sudo apt install -y flatpak
|
||
sudo flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
|
||
fi
|
||
}
|
||
|
||
# 5. DEB Pakete installieren (Inkl. BricsCAD & MasterPDF)
|
||
install_deb_packages() {
|
||
echo -e "${GREEN}Lade zusätzliche .deb-Pakete herunter...${NC}"
|
||
mkdir -p "$DOWNLOAD_DIR"
|
||
|
||
declare -A DEB_URLS=(
|
||
["shadow-amd64.deb"]="https://update.shadow.tech/launcher/prod/linux/x86_64/shadow-amd64.deb"
|
||
["nomachine.deb"]="https://web9001.nomachine.com/download/9.3/Linux/nomachine_9.3.7_1_amd64.deb"
|
||
["xpipe.deb"]="https://github.com/xpipe-io/xpipe/releases/latest/download/xpipe-installer-linux-x86_64.deb"
|
||
["rustdesk.deb"]="https://github.com/rustdesk/rustdesk/releases/download/1.4.4/rustdesk-1.4.4-x86_64.deb"
|
||
["bricscad.deb"]="https://next.zell-cloud.de/nextcloud/s/AyoAbKWoaciXtP9/download"
|
||
["master-pdf-editor.deb"]="https://code-industry.net/public/master-pdf-editor-5.9.82.qt5.amd64.deb"
|
||
)
|
||
|
||
for FILE in "${!DEB_URLS[@]}"; do
|
||
echo -e "Lade herunter: $FILE ..."
|
||
wget -O "$DOWNLOAD_DIR/$FILE" "${DEB_URLS[$FILE]}" || echo -e "${RED}Fehler bei Download von $FILE.${NC}"
|
||
done
|
||
|
||
echo -e "${GREEN}Installiere .deb-Pakete...${NC}"
|
||
for DEB_FILE in "$DOWNLOAD_DIR"/*.deb; do
|
||
sudo apt install -y "$DEB_FILE" || sudo apt --fix-broken install -y
|
||
done
|
||
}
|
||
|
||
# 6. Netzwerk konfigurieren
|
||
configure_network() {
|
||
echo -e "${YELLOW}=== Netzwerkkonfiguration ===${NC}"
|
||
INTERFACE=$(ip -o -4 route show to default | awk '{print $5}' | head -n1)
|
||
if [ -z "$INTERFACE" ]; then echo -e "${RED}Kein Interface gefunden.${NC}"; return; fi
|
||
|
||
CON_NAME=$(nmcli -t -f NAME,DEVICE connection show --active | grep ":$INTERFACE" | cut -d: -f1 | head -n1)
|
||
if [ -z "$CON_NAME" ]; then echo -e "${RED}Kein Profil gefunden.${NC}"; return; fi
|
||
|
||
echo -e "Bearbeite Verbindung: ${GREEN}$CON_NAME${NC}"
|
||
|
||
while true; do
|
||
read -p "Bitte die letzte Zahl der IP-Adresse eingeben (192.168.176.XXX): " IP_SUFFIX
|
||
if [[ "$IP_SUFFIX" =~ ^[0-9]+$ ]] && [ "$IP_SUFFIX" -ge 1 ] && [ "$IP_SUFFIX" -le 254 ]; then break; fi
|
||
done
|
||
|
||
NEW_IP="192.168.176.$IP_SUFFIX"
|
||
sudo nmcli con mod "$CON_NAME" ipv4.addresses "$NEW_IP/24" ipv4.gateway "192.168.176.1" ipv4.dns "192.168.176.101 192.168.174.101 1.1.1.1" ipv4.method manual
|
||
echo -e "${GREEN}Netzwerk konfiguriert. Neustart der Verbindung erforderlich.${NC}"
|
||
|
||
read -p "Verbindung jetzt neu starten? (j/n): " RESTART_NET
|
||
if [[ "$RESTART_NET" =~ ^[jJ]$ ]]; then sudo nmcli con up "$CON_NAME"; fi
|
||
}
|
||
|
||
# 7. UCS Domain Join (Automatisch)
|
||
perform_ucs_join() {
|
||
echo -e "${YELLOW}=== UCS Domain Join ===${NC}"
|
||
|
||
if [[ -f "$SENTINEL" ]]; then
|
||
echo -e "${YELLOW}Domänenbeitritt bereits erledigt (${SENTINEL}) – überspringe Join.${NC}"
|
||
else
|
||
echo -e "${GREEN}Installiere Join Tools...${NC}"
|
||
sudo add-apt-repository -y ppa:univention-dev/ppa || true
|
||
sudo apt-get update
|
||
sudo apt-get install -y univention-domain-join-cli realmd || true
|
||
|
||
echo
|
||
read -r -p "FQDN deiner UCS/AD-Domäne (z.B. company.local): " DOMAIN
|
||
while [[ -z "${DOMAIN:-}" ]]; do read -r -p "Bitte Domänen-FQDN angeben: " DOMAIN; done
|
||
|
||
read -r -p "Domänen-Benutzer [${DEFAULT_USER}]: " JOINUSER
|
||
JOINUSER="${JOINUSER:-$DEFAULT_USER}"
|
||
|
||
echo; echo "DC-IP optional (oder leer): ${DEFAULT_DC_IPS[*]}"
|
||
read -r -p "DC-IP (optional): " DCIP
|
||
|
||
echo -e "${GREEN}Domänenbeitritt läuft...${NC}"
|
||
set +e
|
||
|
||
try_join(){
|
||
local ip="${1:-}"
|
||
if [[ -n "$ip" ]]; then
|
||
sudo univention-domain-join-cli --domain "$DOMAIN" --dc-ip "$ip" --username "$JOINUSER"
|
||
else
|
||
sudo univention-domain-join-cli --domain "$DOMAIN" --username "$JOINUSER"
|
||
fi
|
||
}
|
||
|
||
if [[ -n "${DCIP:-}" ]]; then
|
||
try_join "$DCIP"
|
||
rc=$?
|
||
else
|
||
try_join ""
|
||
rc=$?
|
||
if [[ $rc -ne 0 ]]; then
|
||
for ip in "${DEFAULT_DC_IPS[@]}"; do
|
||
echo "Versuche Fallback DC: $ip"
|
||
try_join "$ip"
|
||
rc=$?
|
||
[[ $rc -eq 0 ]] && break
|
||
done
|
||
fi
|
||
fi
|
||
|
||
set -e
|
||
|
||
if [[ $rc -ne 0 ]]; then
|
||
echo -e "${RED}Domänenbeitritt fehlgeschlagen.${NC}"
|
||
return 1
|
||
fi
|
||
|
||
echo -e "${GREEN}Domänenbeitritt erfolgreich.${NC}"
|
||
sudo touch "$SENTINEL"
|
||
|
||
# Realm Permissions
|
||
if command -v realm >/dev/null 2>&1; then
|
||
sudo realm permit -g "Domain Admins" || true
|
||
fi
|
||
|
||
# Sudoers für Domain Admins
|
||
echo -e "${GREEN}Füge Domain Admins zu den Sudoers hinzu...${NC}"
|
||
echo "%Domain\\ Admins ALL=(ALL:ALL) ALL" | sudo tee /etc/sudoers.d/domain-admins > /dev/null
|
||
sudo chmod 440 /etc/sudoers.d/domain-admins
|
||
|
||
if sudo visudo -cf /etc/sudoers.d/domain-admins; then
|
||
echo -e "${GREEN}Sudoers Datei ist gültig.${NC}"
|
||
else
|
||
echo -e "${RED}WARNUNG: Sudoers Datei ist ungültig! Lösche sie zur Sicherheit.${NC}"
|
||
sudo rm /etc/sudoers.d/domain-admins
|
||
fi
|
||
fi
|
||
}
|
||
|
||
# 8. SSH/RDP & Realm Config
|
||
configure_ssh_rdp() {
|
||
echo -e "${YELLOW}=== Konfiguration SSH/RDP & Realm ===${NC}"
|
||
|
||
SSHD="/etc/ssh/sshd_config"
|
||
if [ -f "$SSHD" ]; then
|
||
sudo cp -a "$SSHD" "${SSHD}.bak.$(date +%F_%H%M)" || true
|
||
|
||
if grep -q '^UsePAM' "$SSHD"; then
|
||
sudo sed -i 's/^UsePAM.*/UsePAM yes/' "$SSHD"
|
||
else
|
||
echo 'UsePAM yes' | sudo tee -a "$SSHD"
|
||
fi
|
||
|
||
if grep -q '^PasswordAuthentication' "$SSHD"; then
|
||
sudo sed -i 's/^PasswordAuthentication.*/PasswordAuthentication yes/' "$SSHD"
|
||
else
|
||
echo 'PasswordAuthentication yes' | sudo tee -a "$SSHD"
|
||
fi
|
||
|
||
sudo systemctl enable --now ssh
|
||
sudo systemctl restart ssh || true
|
||
fi
|
||
|
||
if command -v ufw >/dev/null 2>&1 && sudo ufw status | grep -q "Status: active"; then
|
||
sudo ufw allow 22/tcp || true
|
||
sudo ufw allow 3389/tcp || true
|
||
fi
|
||
|
||
if command -v realm >/dev/null 2>&1; then
|
||
sudo realm permit -g "Domain Users" -g "Domain Admins" || true
|
||
fi
|
||
}
|
||
|
||
# 9. GTK Bookmarks einrichten
|
||
setup_bookmarks() {
|
||
echo -e "${GREEN}Richte GTK Bookmarks ein...${NC}"
|
||
BOOKMARKS_FILE="$HOME/.config/gtk-3.0/bookmarks"
|
||
|
||
# Verzeichnis erstellen falls nicht vorhanden
|
||
mkdir -p "$(dirname "$BOOKMARKS_FILE")"
|
||
|
||
declare -a BOOKMARKS=(
|
||
"file:///net/192.168.176.13/srv/fileserver/aufmasse Aufmasse"
|
||
"file:///net/192.168.176.13/srv/fileserver/dokumente Dokumente"
|
||
"file:///net/192.168.176.13/srv/fileserver/hausverwaltung Hausverwaltung"
|
||
"file:///net/192.168.176.13/srv/fileserver/buchhaltung Buchhaltung"
|
||
"file:///net/192.168.176.13/srv/fileserver/feldrechner Feldrechner"
|
||
"file:///net/192.168.176.13/srv/fileserver/scripte Scripte"
|
||
"file:///net/192.168.176.13/srv/fileserver/scandaten Scandaten"
|
||
"file:///net/192.168.176.12/srv/fileserver/aufmasse-archiv Aufmasse Archiv"
|
||
"file:///home/shared Shared"
|
||
)
|
||
|
||
for BM in "${BOOKMARKS[@]}"; do
|
||
# Nur hinzufügen, wenn noch nicht vorhanden (vermeidet Duplikate)
|
||
if ! grep -qF "$BM" "$BOOKMARKS_FILE" 2>/dev/null; then
|
||
echo "$BM" >> "$BOOKMARKS_FILE"
|
||
echo "Bookmark hinzugefügt: $BM"
|
||
else
|
||
echo "Bookmark existiert bereits: $BM"
|
||
fi
|
||
done
|
||
}
|
||
|
||
# 10. Autofs & Shared Dir
|
||
setup_system_extras() {
|
||
echo -e "${GREEN}Richte autofs ein...${NC}"
|
||
if ! grep -q "/net /etc/auto.net" /etc/auto.master; then
|
||
echo "/net /etc/auto.net --timeout=600" | sudo tee -a /etc/auto.master
|
||
fi
|
||
sudo systemctl restart autofs
|
||
sudo systemctl enable autofs
|
||
|
||
SHARED_DIR="/home/shared"
|
||
if [ ! -d "$SHARED_DIR" ]; then
|
||
sudo mkdir -p "$SHARED_DIR"
|
||
sudo chmod 1777 "$SHARED_DIR"
|
||
fi
|
||
}
|
||
|
||
# ================================
|
||
# HAUPTABLAUF
|
||
# ================================
|
||
update_sources
|
||
install_apt_packages
|
||
install_snap_packages
|
||
install_flatpak_packages
|
||
install_deb_packages
|
||
setup_system_extras
|
||
setup_bookmarks
|
||
|
||
# Konfigurationen
|
||
configure_network
|
||
perform_ucs_join
|
||
configure_ssh_rdp
|
||
|
||
echo -e "${GREEN}Skript vollständig abgeschlossen.${NC}" |