diff --git a/deployment/post-install.sh b/deployment/post-install.sh index 5d08ddf..ed844f8 100755 --- a/deployment/post-install.sh +++ b/deployment/post-install.sh @@ -8,182 +8,199 @@ NC='\033[0m' info() { echo -e "${GREEN}[+]${NC} $*"; } warn() { echo -e "${YELLOW}[!]${NC} $*"; } error() { - echo -e "${RED}[✗]${NC} $*" - exit 1 + echo -e "${RED}[✗]${NC} $*" + exit 1 } function desktop() { - # ─── DESKTOP ───────────────────────────────────────────────────────────────── - info "Installing GNOME desktop (minimal)..." - DEBIAN_FRONTEND=noninteractive apt-get install -y \ - ubuntu-desktop-minimal \ - gnome-tweaks \ - gnome-terminal \ - firefox \ - nautilus - systemctl set-default graphical.target - info "Desktop installed." - echo desktop >>/tmp/installer + # ─── DESKTOP ───────────────────────────────────────────────────────────────── + info "Installing GNOME desktop (minimal)..." + DEBIAN_FRONTEND=noninteractive apt-get install -y \ + ubuntu-desktop-minimal \ + gnome-tweaks \ + gnome-terminal \ + firefox \ + nautilus + systemctl set-default graphical.target + info "Desktop installed." + echo desktop >>/tmp/installer } function docker() { - # ─── DOCKER ────────────────────────────────────────────────────────────────── - info "Installing Docker..." - install -m 0755 -d /etc/apt/keyrings - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | - gpg --dearmor -o /etc/apt/keyrings/docker.gpg - chmod a+r /etc/apt/keyrings/docker.gpg + # ─── DOCKER ────────────────────────────────────────────────────────────────── + info "Installing Docker..." + install -m 0755 -d /etc/apt/keyrings + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | + gpg --dearmor -o /etc/apt/keyrings/docker.gpg + chmod a+r /etc/apt/keyrings/docker.gpg - echo \ - "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \ + echo \ + "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \ https://download.docker.com/linux/ubuntu \ $(. /etc/os-release && echo "$VERSION_CODENAME") stable" \ - >/etc/apt/sources.list.d/docker.list + >/etc/apt/sources.list.d/docker.list - apt-get update -qq - apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin + apt-get update -qq + apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin - usermod -aG docker "$TARGET_USER" - systemctl enable docker - info "Docker installed." - echo docker >>/tmp/installer + usermod -aG docker "$TARGET_USER" + systemctl enable docker + info "Docker installed." + echo docker >>/tmp/installer } function intune() { - # # ─── HIMMELBLAU (Azure Entra ID) ───────────────────────────────────────────── - # info "Installing Himmelblau..." - # curl -fsSL https://packages.himmelblau-idm.org/himmelblau.asc | gpg --dearmor -o /etc/apt/trusted.gpg.d/himmelblau.gpg - # add-apt-repository -y "deb [arch=amd64] https://packages.himmelblau-idm.org/stable/latest/deb/ubuntu24.04/ ./" - # - # # Pre-seed kerberos to avoid interactive prompts - # echo "krb5-config krb5-config/default_realm string EXAMPLE.COM" | debconf-set-selections - # echo "krb5-config krb5-config/add_servers boolean false" | debconf-set-selections - # echo "krb5-config krb5-config/add_servers_realm string EXAMPLE.COM" | debconf-set-selections - # - # # Himmelblau - # DEBIAN_FRONTEND=noninteractive apt-get install -y -o Dpkg::Options::="--force-confold" \ - # himmelblau \ - # pam-himmelblau \ - # nss-himmelblau \ - # himmelblau-sshd-config \ - # himmelblau-qr-greeter \ - # himmelblau-sso - # # o365 - # info "Himmelblau installed." - # - # # 2. Fix PAM immediately after - # tee /etc/pam.d/common-auth <<'EOF' - # auth required pam_env.so - # auth [default=1 ignore=ignore success=ok] pam_localuser.so - # auth sufficient pam_unix.so nullok try_first_pass - # auth sufficient pam_himmelblau.so ignore_unknown_user - # auth required pam_deny.so - # EOF - # - # tee /etc/pam.d/common-account <<'EOF' - # account [default=1 ignore=ignore success=ok] pam_localuser.so - # account sufficient pam_unix.so - # account sufficient pam_himmelblau.so ignore_unknown_user - # account required pam_deny.so - # EOF + # # ─── HIMMELBLAU (Azure Entra ID) ───────────────────────────────────────────── + # info "Installing Himmelblau..." + # curl -fsSL https://packages.himmelblau-idm.org/himmelblau.asc | gpg --dearmor -o /etc/apt/trusted.gpg.d/himmelblau.gpg + # add-apt-repository -y "deb [arch=amd64] https://packages.himmelblau-idm.org/stable/latest/deb/ubuntu24.04/ ./" + # + # # Pre-seed kerberos to avoid interactive prompts + # echo "krb5-config krb5-config/default_realm string EXAMPLE.COM" | debconf-set-selections + # echo "krb5-config krb5-config/add_servers boolean false" | debconf-set-selections + # echo "krb5-config krb5-config/add_servers_realm string EXAMPLE.COM" | debconf-set-selections + # + # # Himmelblau + # DEBIAN_FRONTEND=noninteractive apt-get install -y -o Dpkg::Options::="--force-confold" \ + # himmelblau \ + # pam-himmelblau \ + # nss-himmelblau \ + # himmelblau-sshd-config \ + # himmelblau-qr-greeter \ + # himmelblau-sso + # # o365 + # info "Himmelblau installed." + # + # # 2. Fix PAM immediately after + # tee /etc/pam.d/common-auth <<'EOF' + # auth required pam_env.so + # auth [default=1 ignore=ignore success=ok] pam_localuser.so + # auth sufficient pam_unix.so nullok try_first_pass + # auth sufficient pam_himmelblau.so ignore_unknown_user + # auth required pam_deny.so + # EOF + # + # tee /etc/pam.d/common-account <<'EOF' + # account [default=1 ignore=ignore success=ok] pam_localuser.so + # account sufficient pam_unix.so + # account sufficient pam_himmelblau.so ignore_unknown_user + # account required pam_deny.so + # EOF - apt -y install curl software-properties-common apt-transport-https - curl -sSL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor -o /usr/share/keyrings/microsoft.gpg - echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/edge stable main" | tee /etc/apt/sources.list.d/microsoft-edge.list - sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/$(lsb_release -rs)/prod $(lsb_release -cs) main" >> /etc/apt/sources.list.d/microsoft-ubuntu-$(lsb_release -cs)-prod.list' + apt -y install curl software-properties-common apt-transport-https + curl -sSL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor -o /usr/share/keyrings/microsoft.gpg + echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/edge stable main" | tee /etc/apt/sources.list.d/microsoft-edge.list + sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/$(lsb_release -rs)/prod $(lsb_release -cs) main" >> /etc/apt/sources.list.d/microsoft-ubuntu-$(lsb_release -cs)-prod.list' - apt update - apt install microsoft-edge-stable intune-portal -y + apt update + apt install microsoft-edge-stable intune-portal -y - echo intune >>/tmp/installer + echo intune >>/tmp/installer } function nix_home_manager() { - # ─── NIX + HOME-MANAGER ────────────────────────────────────────────────────── - info "Installing Nix (multi-user)..." - sh <(curl --proto '=https' --tlsv1.2 -L https://nixos.org/nix/install) --daemon --yes + # ─── NIX + HOME-MANAGER ────────────────────────────────────────────────────── + info "Installing Nix (multi-user)..." + sh <(curl --proto '=https' --tlsv1.2 -L https://nixos.org/nix/install) --daemon --yes - info "Sourcing Nix..." - source /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh + info "Sourcing Nix..." + source /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh - info "Adding home-manager channel..." - nix-channel --add https://github.com/nix-community/home-manager/archive/release-25.11.tar.gz home-manager - nix-channel --update + info "Adding home-manager channel..." + nix-channel --add https://github.com/nix-community/home-manager/archive/release-25.11.tar.gz home-manager + nix-channel --update - info "Installing home-manager..." - nix-shell '' -A install - echo nix_home_manager >>/tmp/installer + info "Installing home-manager..." + nix-shell '' -A install + echo nix_home_manager >>/tmp/installer } function displaylink_driver() { - # DisplayLink - curl -fsSL -o /tmp/synaptics-keyring.deb \ - "https://www.synaptics.com/sites/default/files/Ubuntu/pool/stable/main/all/synaptics-repository-keyring.deb" - apt-get install -y /tmp/synaptics-keyring.deb - apt-get update - apt-get install -y displaylink-driver - systemctl start displaylink-driver.service - echo displaylink_driver >>/tmp/installer + # DisplayLink + curl -fsSL -o /tmp/synaptics-keyring.deb \ + "https://www.synaptics.com/sites/default/files/Ubuntu/pool/stable/main/all/synaptics-repository-keyring.deb" + apt-get install -y /tmp/synaptics-keyring.deb + apt-get update + apt-get install -y displaylink-driver + systemctl start displaylink-driver.service + echo displaylink_driver >>/tmp/installer } function zscaler() { - apt install /home/${TARGET_USER}/nocloud/zscaler-client_3.7.1.71-1_amd64.deb -y - echo zscaler >>/tmp/installer + apt install /home/${TARGET_USER}/nocloud/zscaler-client_3.7.1.71-1_amd64.deb -y + echo zscaler >>/tmp/installer } function dash_to_panel() { - # ─── DASH TO PANEL ─────────────────────────────────────────────────────────── - info "Installing Dash to Panel..." - sudo -u "$TARGET_USER" bash -c ' + # ─── DASH TO PANEL ─────────────────────────────────────────────────────────── + info "Installing Dash to Panel..." + sudo -u "$TARGET_USER" bash -c ' cd /tmp git clone https://github.com/home-sweet-gnome/dash-to-panel.git || true cd dash-to-panel make install ' - dconf update - echo dash_to_panel >>/tmp/installer + dconf update + echo dash_to_panel >>/tmp/installer } function qemu() { - info "Install qemu binaries" - apt install -y qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virt-manager libnss-libvirt qemu-user-static binfmt-support - echo qemu >>/tmp/installer + info "Install qemu binaries" + apt install -y qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virt-manager libnss-libvirt qemu-user-static binfmt-support + echo qemu >>/tmp/installer } function chrome() { - info "Install chrome binaries" - cd /tmp - wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb - sudo apt install ./google-chrome-stable_current_amd64.deb - cd - - echo chrome >>/tmp/installer + info "Install chrome binaries" + cd /tmp + wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb + sudo apt install ./google-chrome-stable_current_amd64.deb + cd - + echo chrome >>/tmp/installer +} + +function gnome_keyring_patch() { + info "Patching keyring" + BASE="http://archive.ubuntu.com/ubuntu/pool/main/g/gnome-keyring" + + # The fix was backported to Noble as 46.1-2ubuntu0.1 (released 2026-02-27) + curl -LO "$BASE/gnome-keyring_46.1-2ubuntu0.1_amd64.deb" + curl -LO "$BASE/libpam-gnome-keyring_46.1-2ubuntu0.1_amd64.deb" + + sudo dpkg -i gnome-keyring_46.1-2ubuntu0.1_amd64.deb \ + libpam-gnome-keyring_46.1-2ubuntu0.1_amd64.deb + + echo "Done! Log out and back in to apply." + echo gnome_keyring_patch >>/tmp/installer } function main() { - desktop || true - docker || true - intune || true - nix_home_manager || true - displaylink_driver || true - zscaler || true - dash_to_panel || true - qemu || true - chrome || true + desktop || true + docker || true + nix_home_manager || true + displaylink_driver || true + dash_to_panel || true + qemu || true + chrome || true + gnome_keyring_patch || true - # ─── SSH ───────────────────────────────────────────────────────────────────── - info "Enabling SSH..." - systemctl enable ssh + intune || true + zscaler || true - # ─── (passwordless for "$TARGET_USER") ───────────────────────────────────────── - info "Configuring sudoers..." - echo "$TARGET_USER ALL=(ALL) NOPASSWD:ALL" >"/etc/sudoers.d/$TARGET_USER" - chmod 440 "/etc/sudoers.d/$TARGET_USER" + # ─── SSH ───────────────────────────────────────────────────────────────────── + info "Enabling SSH..." + systemctl enable ssh - info "Post-install complete ✓" - systemctl start gdm + # ─── (passwordless for "$TARGET_USER") ───────────────────────────────────────── + info "Configuring sudoers..." + echo "$TARGET_USER ALL=(ALL) NOPASSWD:ALL" >"/etc/sudoers.d/$TARGET_USER" + chmod 440 "/etc/sudoers.d/$TARGET_USER" + + info "Post-install complete ✓" + systemctl start gdm } if [[ "${1:-NOPE}" = "main" ]]; then - main + main fi diff --git a/templates/user-data.tmpl b/templates/user-data.tmpl index 24198b7..22ca26c 100644 --- a/templates/user-data.tmpl +++ b/templates/user-data.tmpl @@ -136,6 +136,13 @@ autoinstall: HandleHibernateKey=ignore IdleAction=ignore + - path: /etc/NetworkManager/conf.d/default-wifi-powersave-on.conf + permissions: "0644" + owner: root:root + content: | + [connection] + wifi.powersave = 2 + - path: /etc/dconf/db/local.d/99-custom-gnome permissions: "0644" owner: root:root @@ -144,23 +151,70 @@ autoinstall: color-scheme='prefer-dark' gtk-theme='Adwaita-dark' - [org/gnome/shell] - disabled-extensions=['ubuntu-dock@ubuntu.com'] - enabled-extensions=['dash-to-panel@jderose9.github.com'] - disable-user-extensions=false + [org/gnome/desktop/background] + color-shading-type='solid' + picture-options='zoom' + picture-uri='file:///usr/share/backgrounds/Fuji_san_by_amaral.png' + picture-uri-dark='file:///usr/share/backgrounds/Fuji_san_by_amaral.png' + primary-color='#000000' + secondary-color='#000000' - [org/gnome/settings-daemon/plugins/power] - sleep-inactive-ac-type='nothing' - sleep-inactive-battery-type='nothing' - # power-button-action='nothing' + [org/gnome/desktop/screensaver] + picture-uri='file:///usr/share/backgrounds/Fuji_san_by_amaral.png' [org/gnome/desktop/session] idle-delay=uint32 0 + [org/gnome/settings-daemon/plugins/power] + idle-dim=false + sleep-inactive-ac-type='nothing' + sleep-inactive-battery-type='nothing' + sleep-inactive-ac-timeout=3600 + + [org/gnome/desktop/peripherals/mouse] + speed=-0.60 + + # [org/gnome/desktop/peripherals/touchpad] + # edge-scrolling-enabled=true + # two-finger-scrolling-enabled=false + + [org/gnome/desktop/peripherals/keyboard] + numlock-state=true + + [org/gnome/desktop/notifications] + show-banners=false + + [org/gnome/desktop/wm/keybindings] + maximize=@as [] + unmaximize=@as [] + move-to-workspace-left=['h'] + move-to-workspace-right=['l'] + switch-to-workspace-left=['h'] + switch-to-workspace-right=['l'] + + [org/gnome/mutter/keybindings] + toggle-tiled-left=@as [] + toggle-tiled-right=@as [] + + [org/gnome/shell] + disable-user-extensions=false + disabled-extensions=['ubuntu-dock@ubuntu.com'] + enabled-extensions=['dash-to-panel@jderose9.github.com'] + favorite-apps=['firefox_firefox.desktop', 'google-chrome.desktop', 'microsoft-edge.desktop', 'org.gnome.Nautilus.desktop', 'ZSTray.desktop', 'org.gnome.Settings.desktop', 'org.gnome.Terminal.desktop', 'msedge-cifhbcnohmdccbgoicgdjpfamggdegmo-Default.desktop'] + + [org/gnome/shell/extensions/dash-to-panel] + dot-position='BOTTOM' + panel-sizes='{"GSM-0x01010101":32,"IVO-0x00000000":32}' + panel-anchors='{"GSM-0x01010101":"MIDDLE","IVO-0x00000000":"MIDDLE","HWP-3CQ5372CSD":"MIDDLE"}' + panel-element-positions='{"GSM-0x01010101":[{"element":"showAppsButton","visible":true,"position":"stackedTL"},{"element":"activitiesButton","visible":false,"position":"stackedTL"},{"element":"leftBox","visible":true,"position":"stackedTL"},{"element":"taskbar","visible":true,"position":"stackedTL"},{"element":"centerBox","visible":true,"position":"stackedBR"},{"element":"dateMenu","visible":true,"position":"centerMonitor"},{"element":"rightBox","visible":true,"position":"stackedBR"},{"element":"systemMenu","visible":true,"position":"stackedBR"},{"element":"desktopButton","visible":true,"position":"stackedBR"}],"IVO-0x00000000":[{"element":"showAppsButton","visible":true,"position":"stackedTL"},{"element":"activitiesButton","visible":false,"position":"stackedTL"},{"element":"leftBox","visible":true,"position":"stackedTL"},{"element":"taskbar","visible":true,"position":"stackedTL"},{"element":"centerBox","visible":true,"position":"stackedBR"},{"element":"dateMenu","visible":true,"position":"centerMonitor"},{"element":"rightBox","visible":true,"position":"stackedBR"},{"element":"systemMenu","visible":true,"position":"stackedBR"},{"element":"desktopButton","visible":true,"position":"stackedBR"}]}' + window-preview-title-position='TOP' + hotkeys-overlay-combo='TEMPORARILY' + prefs-opened=false + [system/proxy] - autoconfig-url='proxyconf.glb.nokia.com/proxy.pac' - ignore-hosts=['localhost', '127.0.0.0/8', '::1', '192.168.1.1', '192.168.0.0', '192.168.0.0/8'] mode='none' + autoconfig-url='' + ignore-hosts=['localhost', '127.0.0.0/8', '::1', '192.168.1.1', '192.168.0.0', '192.168.0.0/8'] [system/proxy/http] host='10.158.100.1' @@ -169,6 +223,68 @@ autoinstall: host='10.158.100.1' port=8080 + [org/gnome/terminal/legacy/profiles:] + default='71a9971e-e829-43a9-9b2f-4565c855d664' + list=['b1dcc9dd-5262-4d8d-a863-c897e6d979b9', 'de8a9081-8352-4ce4-9519-5de655ad9361', '71a9971e-e829-43a9-9b2f-4565c855d664', '5083e06b-024e-46be-9cd2-892b814f1fc8', '95894cfd-82f7-430d-af6e-84d168bc34f5'] + + [org/gnome/terminal/legacy/profiles:/:b1dcc9dd-5262-4d8d-a863-c897e6d979b9] + cell-width-scale=1.0 + font='Monospace 10' + use-system-font=false + + [org/gnome/terminal/legacy/profiles:/:de8a9081-8352-4ce4-9519-5de655ad9361] + visible-name='Catppuccin Latte' + background-color='#eff1f5' + foreground-color='#4c4f69' + highlight-colors-set=true + highlight-background-color='#dc8a78' + highlight-foreground-color='#acb0be' + cursor-colors-set=true + cursor-background-color='#dc8a78' + cursor-foreground-color='#eff1f5' + use-theme-colors=false + palette=['#5c5f77', '#d20f39', '#40a02b', '#df8e1d', '#1e66f5', '#ea76cb', '#179299', '#acb0be', '#6c6f85', '#d20f39', '#40a02b', '#df8e1d', '#1e66f5', '#ea76cb', '#179299', '#bcc0cc'] + + [org/gnome/terminal/legacy/profiles:/:71a9971e-e829-43a9-9b2f-4565c855d664] + visible-name='Catppuccin Frappe' + background-color='#303446' + foreground-color='#c6d0f5' + highlight-colors-set=true + highlight-background-color='#f2d5cf' + highlight-foreground-color='#626880' + cursor-colors-set=true + cursor-background-color='#f2d5cf' + cursor-foreground-color='#303446' + use-theme-colors=false + font='Monospace 10' + use-system-font=false + palette=['#51576d', '#e78284', '#a6d189', '#e5c890', '#8caaee', '#f4b8e4', '#81c8be', '#b5bfe2', '#626880', '#e78284', '#a6d189', '#e5c890', '#8caaee', '#f4b8e4', '#81c8be', '#a5adce'] + + [org/gnome/terminal/legacy/profiles:/:5083e06b-024e-46be-9cd2-892b814f1fc8] + visible-name='Catppuccin Macchiato' + background-color='#24273a' + foreground-color='#cad3f5' + highlight-colors-set=true + highlight-background-color='#f4dbd6' + highlight-foreground-color='#5b6078' + cursor-colors-set=true + cursor-background-color='#f4dbd6' + cursor-foreground-color='#24273a' + use-theme-colors=false + palette=['#494d64', '#ed8796', '#a6da95', '#eed49f', '#8aadf4', '#f5bde6', '#8bd5ca', '#b8c0e0', '#5b6078', '#ed8796', '#a6da95', '#eed49f', '#8aadf4', '#f5bde6', '#8bd5ca', '#a5adcb'] + + [org/gnome/terminal/legacy/profiles:/:95894cfd-82f7-430d-af6e-84d168bc34f5] + visible-name='Catppuccin Mocha' + background-color='#1e1e2e' + foreground-color='#cdd6f4' + highlight-colors-set=true + highlight-background-color='#f5e0dc' + highlight-foreground-color='#585b70' + cursor-colors-set=true + cursor-background-color='#f5e0dc' + cursor-foreground-color='#1e1e2e' + use-theme-colors=false + palette=['#45475a', '#f38ba8', '#a6e3a1', '#f9e2af', '#89b4fa', '#f5c2e7', '#94e2d5', '#bac2de', '#585b70', '#f38ba8', '#a6e3a1', '#f9e2af', '#89b4fa', '#f5c2e7', '#94e2d5', '#a6adc8'] - path: /etc/dconf/profile/user owner: root:root content: |