207 lines
8.2 KiB
Bash
Executable File
207 lines
8.2 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
RED='\033[0;31m'
|
|
NC='\033[0m'
|
|
info() { echo -e "${GREEN}[+]${NC} $*"; }
|
|
warn() { echo -e "${YELLOW}[!]${NC} $*"; }
|
|
error() {
|
|
echo -e "${RED}[✗]${NC} $*"
|
|
exit 1
|
|
}
|
|
|
|
function desktop() {
|
|
# ─── DESKTOP ─────────────────────────────────────────────────────────────────
|
|
info "Installing GNOME desktop (minimal)..."
|
|
DEBIAN_FRONTEND=noninteractive apt-get install -y \
|
|
ubuntu-desktop-minimal \
|
|
gnome-tweaks \
|
|
gnome-terminal \
|
|
firefox \
|
|
nautilus
|
|
systemctl set-default graphical.target
|
|
info "Desktop installed."
|
|
echo desktop >>/tmp/installer
|
|
}
|
|
|
|
function docker() {
|
|
# ─── DOCKER ──────────────────────────────────────────────────────────────────
|
|
info "Installing Docker..."
|
|
install -m 0755 -d /etc/apt/keyrings
|
|
curl -fsSL https://download.docker.com/linux/ubuntu/gpg |
|
|
gpg --dearmor -o /etc/apt/keyrings/docker.gpg
|
|
chmod a+r /etc/apt/keyrings/docker.gpg
|
|
|
|
echo \
|
|
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \
|
|
https://download.docker.com/linux/ubuntu \
|
|
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" \
|
|
>/etc/apt/sources.list.d/docker.list
|
|
|
|
apt-get update -qq
|
|
apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
|
|
|
|
usermod -aG docker "$TARGET_USER"
|
|
systemctl enable docker
|
|
info "Docker installed."
|
|
echo docker >>/tmp/installer
|
|
}
|
|
|
|
function intune() {
|
|
# # ─── HIMMELBLAU (Azure Entra ID) ─────────────────────────────────────────────
|
|
# info "Installing Himmelblau..."
|
|
# curl -fsSL https://packages.himmelblau-idm.org/himmelblau.asc | gpg --dearmor -o /etc/apt/trusted.gpg.d/himmelblau.gpg
|
|
# add-apt-repository -y "deb [arch=amd64] https://packages.himmelblau-idm.org/stable/latest/deb/ubuntu24.04/ ./"
|
|
#
|
|
# # Pre-seed kerberos to avoid interactive prompts
|
|
# echo "krb5-config krb5-config/default_realm string EXAMPLE.COM" | debconf-set-selections
|
|
# echo "krb5-config krb5-config/add_servers boolean false" | debconf-set-selections
|
|
# echo "krb5-config krb5-config/add_servers_realm string EXAMPLE.COM" | debconf-set-selections
|
|
#
|
|
# # Himmelblau
|
|
# DEBIAN_FRONTEND=noninteractive apt-get install -y -o Dpkg::Options::="--force-confold" \
|
|
# himmelblau \
|
|
# pam-himmelblau \
|
|
# nss-himmelblau \
|
|
# himmelblau-sshd-config \
|
|
# himmelblau-qr-greeter \
|
|
# himmelblau-sso
|
|
# # o365
|
|
# info "Himmelblau installed."
|
|
#
|
|
# # 2. Fix PAM immediately after
|
|
# tee /etc/pam.d/common-auth <<'EOF'
|
|
# auth required pam_env.so
|
|
# auth [default=1 ignore=ignore success=ok] pam_localuser.so
|
|
# auth sufficient pam_unix.so nullok try_first_pass
|
|
# auth sufficient pam_himmelblau.so ignore_unknown_user
|
|
# auth required pam_deny.so
|
|
# EOF
|
|
#
|
|
# tee /etc/pam.d/common-account <<'EOF'
|
|
# account [default=1 ignore=ignore success=ok] pam_localuser.so
|
|
# account sufficient pam_unix.so
|
|
# account sufficient pam_himmelblau.so ignore_unknown_user
|
|
# account required pam_deny.so
|
|
# EOF
|
|
|
|
apt -y install curl software-properties-common apt-transport-https
|
|
curl -sSL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor -o /usr/share/keyrings/microsoft.gpg
|
|
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/edge stable main" | tee /etc/apt/sources.list.d/microsoft-edge.list
|
|
sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/$(lsb_release -rs)/prod $(lsb_release -cs) main" >> /etc/apt/sources.list.d/microsoft-ubuntu-$(lsb_release -cs)-prod.list'
|
|
|
|
apt update
|
|
apt install microsoft-edge-stable intune-portal -y
|
|
|
|
echo intune >>/tmp/installer
|
|
}
|
|
|
|
function nix_home_manager() {
|
|
# ─── NIX + HOME-MANAGER ──────────────────────────────────────────────────────
|
|
info "Installing Nix (multi-user)..."
|
|
sh <(curl --proto '=https' --tlsv1.2 -L https://nixos.org/nix/install) --daemon --yes
|
|
|
|
info "Sourcing Nix..."
|
|
source /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
|
|
|
|
info "Adding home-manager channel..."
|
|
nix-channel --add https://github.com/nix-community/home-manager/archive/release-25.11.tar.gz home-manager
|
|
nix-channel --update
|
|
|
|
info "Installing home-manager..."
|
|
nix-shell '<home-manager>' -A install
|
|
echo nix_home_manager >>/tmp/installer
|
|
}
|
|
|
|
function displaylink_driver() {
|
|
# DisplayLink
|
|
curl -fsSL -o /tmp/synaptics-keyring.deb \
|
|
"https://www.synaptics.com/sites/default/files/Ubuntu/pool/stable/main/all/synaptics-repository-keyring.deb"
|
|
apt-get install -y /tmp/synaptics-keyring.deb
|
|
apt-get update
|
|
apt-get install -y displaylink-driver
|
|
systemctl start displaylink-driver.service
|
|
echo displaylink_driver >>/tmp/installer
|
|
}
|
|
|
|
function zscaler() {
|
|
apt install /home/${TARGET_USER}/nocloud/zscaler-client_3.7.1.71-1_amd64.deb -y
|
|
echo zscaler >>/tmp/installer
|
|
}
|
|
|
|
function dash_to_panel() {
|
|
# ─── DASH TO PANEL ───────────────────────────────────────────────────────────
|
|
info "Installing Dash to Panel..."
|
|
sudo -u "$TARGET_USER" bash -c '
|
|
cd /tmp
|
|
git clone https://github.com/home-sweet-gnome/dash-to-panel.git || true
|
|
cd dash-to-panel
|
|
make install
|
|
'
|
|
|
|
dconf update
|
|
echo dash_to_panel >>/tmp/installer
|
|
}
|
|
|
|
function qemu() {
|
|
info "Install qemu binaries"
|
|
apt install -y qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virt-manager libnss-libvirt qemu-user-static binfmt-support
|
|
echo qemu >>/tmp/installer
|
|
}
|
|
|
|
function chrome() {
|
|
info "Install chrome binaries"
|
|
cd /tmp
|
|
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
|
|
sudo apt install ./google-chrome-stable_current_amd64.deb
|
|
cd -
|
|
echo chrome >>/tmp/installer
|
|
}
|
|
|
|
function gnome_keyring_patch() {
|
|
info "Patching keyring"
|
|
BASE="http://archive.ubuntu.com/ubuntu/pool/main/g/gnome-keyring"
|
|
|
|
# The fix was backported to Noble as 46.1-2ubuntu0.1 (released 2026-02-27)
|
|
curl -LO "$BASE/gnome-keyring_46.1-2ubuntu0.1_amd64.deb"
|
|
curl -LO "$BASE/libpam-gnome-keyring_46.1-2ubuntu0.1_amd64.deb"
|
|
|
|
sudo dpkg -i gnome-keyring_46.1-2ubuntu0.1_amd64.deb \
|
|
libpam-gnome-keyring_46.1-2ubuntu0.1_amd64.deb
|
|
|
|
echo "Done! Log out and back in to apply."
|
|
echo gnome_keyring_patch >>/tmp/installer
|
|
}
|
|
|
|
function main() {
|
|
desktop || true
|
|
docker || true
|
|
nix_home_manager || true
|
|
displaylink_driver || true
|
|
dash_to_panel || true
|
|
qemu || true
|
|
chrome || true
|
|
gnome_keyring_patch || true
|
|
|
|
intune || true
|
|
zscaler || true
|
|
|
|
# ─── SSH ─────────────────────────────────────────────────────────────────────
|
|
info "Enabling SSH..."
|
|
systemctl enable ssh
|
|
|
|
# ─── (passwordless for "$TARGET_USER") ─────────────────────────────────────────
|
|
info "Configuring sudoers..."
|
|
echo "$TARGET_USER ALL=(ALL) NOPASSWD:ALL" >"/etc/sudoers.d/$TARGET_USER"
|
|
chmod 440 "/etc/sudoers.d/$TARGET_USER"
|
|
|
|
info "Post-install complete ✓"
|
|
systemctl start gdm
|
|
}
|
|
|
|
if [[ "${1:-NOPE}" = "main" ]]; then
|
|
main
|
|
fi
|