#!/usr/bin/env bash set -euo pipefail GREEN='\033[0;32m' YELLOW='\033[1;33m' RED='\033[0;31m' NC='\033[0m' info() { echo -e "${GREEN}[+]${NC} $*"; } warn() { echo -e "${YELLOW}[!]${NC} $*"; } error() { echo -e "${RED}[✗]${NC} $*" exit 1 } function desktop() { # ─── DESKTOP ───────────────────────────────────────────────────────────────── info "Installing GNOME desktop (minimal)..." DEBIAN_FRONTEND=noninteractive apt-get install -y \ ubuntu-desktop-minimal \ gnome-tweaks \ gnome-terminal \ firefox \ nautilus systemctl set-default graphical.target info "Desktop installed." echo desktop >>/tmp/installer } function docker() { # ─── DOCKER ────────────────────────────────────────────────────────────────── info "Installing Docker..." install -m 0755 -d /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg chmod a+r /etc/apt/keyrings/docker.gpg echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \ https://download.docker.com/linux/ubuntu \ $(. /etc/os-release && echo "$VERSION_CODENAME") stable" \ >/etc/apt/sources.list.d/docker.list apt-get update -qq apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin usermod -aG docker "$TARGET_USER" systemctl enable docker info "Docker installed." echo docker >>/tmp/installer } function intune() { # # ─── HIMMELBLAU (Azure Entra ID) ───────────────────────────────────────────── # info "Installing Himmelblau..." # curl -fsSL https://packages.himmelblau-idm.org/himmelblau.asc | gpg --dearmor -o /etc/apt/trusted.gpg.d/himmelblau.gpg # add-apt-repository -y "deb [arch=amd64] https://packages.himmelblau-idm.org/stable/latest/deb/ubuntu24.04/ ./" # # # Pre-seed kerberos to avoid interactive prompts # echo "krb5-config krb5-config/default_realm string EXAMPLE.COM" | debconf-set-selections # echo "krb5-config krb5-config/add_servers boolean false" | debconf-set-selections # echo "krb5-config krb5-config/add_servers_realm string EXAMPLE.COM" | debconf-set-selections # # # Himmelblau # DEBIAN_FRONTEND=noninteractive apt-get install -y -o Dpkg::Options::="--force-confold" \ # himmelblau \ # pam-himmelblau \ # nss-himmelblau \ # himmelblau-sshd-config \ # himmelblau-qr-greeter \ # himmelblau-sso # # o365 # info "Himmelblau installed." # # # 2. Fix PAM immediately after # tee /etc/pam.d/common-auth <<'EOF' # auth required pam_env.so # auth [default=1 ignore=ignore success=ok] pam_localuser.so # auth sufficient pam_unix.so nullok try_first_pass # auth sufficient pam_himmelblau.so ignore_unknown_user # auth required pam_deny.so # EOF # # tee /etc/pam.d/common-account <<'EOF' # account [default=1 ignore=ignore success=ok] pam_localuser.so # account sufficient pam_unix.so # account sufficient pam_himmelblau.so ignore_unknown_user # account required pam_deny.so # EOF apt -y install curl software-properties-common apt-transport-https curl -sSL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor -o /usr/share/keyrings/microsoft.gpg echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/edge stable main" | tee /etc/apt/sources.list.d/microsoft-edge.list sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/$(lsb_release -rs)/prod $(lsb_release -cs) main" >> /etc/apt/sources.list.d/microsoft-ubuntu-$(lsb_release -cs)-prod.list' apt update apt install microsoft-edge-stable intune-portal -y echo intune >>/tmp/installer } function nix_home_manager() { # ─── NIX + HOME-MANAGER ────────────────────────────────────────────────────── info "Installing Nix (multi-user)..." sh <(curl --proto '=https' --tlsv1.2 -L https://nixos.org/nix/install) --daemon --yes info "Sourcing Nix..." source /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh info "Adding home-manager channel..." nix-channel --add https://github.com/nix-community/home-manager/archive/release-25.11.tar.gz home-manager nix-channel --update info "Installing home-manager..." nix-shell '' -A install echo nix_home_manager >>/tmp/installer } function displaylink_driver() { # DisplayLink curl -fsSL -o /tmp/synaptics-keyring.deb \ "https://www.synaptics.com/sites/default/files/Ubuntu/pool/stable/main/all/synaptics-repository-keyring.deb" apt-get install -y /tmp/synaptics-keyring.deb apt-get update apt-get install -y displaylink-driver systemctl start displaylink-driver.service echo displaylink_driver >>/tmp/installer } function main() { desktop || true docker || true intune || true nix_home_manager || true displaylink_driver || true # ─── DASH TO PANEL ─────────────────────────────────────────────────────────── info "Installing Dash to Panel..." sudo -u "$TARGET_USER" bash -c ' cd /tmp git clone https://github.com/home-sweet-gnome/dash-to-panel.git || true cd dash-to-panel make install ' dconf update # ─── SSH ───────────────────────────────────────────────────────────────────── info "Enabling SSH..." systemctl enable ssh # ─── (passwordless for "$TARGET_USER") ───────────────────────────────────────── info "Configuring sudoers..." echo "$TARGET_USER ALL=(ALL) NOPASSWD:ALL" > "/etc/sudoers.d/$TARGET_USER" chmod 440 "/etc/sudoers.d/$TARGET_USER" info "Post-install complete ✓" systemctl start gdm } if [[ "$1" = "main" ]]; then main fi