ist-macbook-private.sh 3.28 KB
Newer Older
1 2 3 4
#!/bin/sh
# Set up a fresh Macbook for IST. Run with sudo!
# run from /Users/Shared/mac-scripts
# note: slow login may be helped by putting IPs of domain controllers: DC1, W1521003, W1521007
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
scriptdir="$HOME/.mac-scripts"
username=$SUDO_USER
echo "userhome is $HOME"
echo "scriptdir is $scriptdir"
echo "user is $SUDO_USER ... cancel if this isn't right..."

if [ $USER != "root" ]
then
    echo "Must be run with Sudo!"
    exit 1
fi
if [ `pwd` != $scriptdir ]
then
    echo "Move this directory to $HOME/.mac-scripts and run from there."
    exit 1
fi
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36

function enter_yesno {
    while true ; do
        echo -n "${1} (Y/N)? " 1>&2
         read -n 1 reply
        echo
        case "$reply" in
            Y*|y*) return 0 ;;
            N*|n*) return 1 ;;
        esac
        echo "Invalid input, try again ..." 1>&2
    done
}

# hostname = "USER INPUT"
read -p "Enter hostname (e.g. 'mnadmn001'): " hostname
37 38
# admuser = "USER INPUT"
read -p "Enter your adm username: " admuser
39 40
# username = "USER INPUT"
# read -p "Enter the username of the eventual user: " username
41 42 43 44 45 46 47 48 49 50 51

# change computer name
scutil --set HostName $hostname
scutil --set LocalHostName $hostname
scutil --set ComputerName $hostname

# set root password to proper one
passwd root

# enable SSH
systemsetup -setremotelogin on
Peter NORTHUP's avatar
Peter NORTHUP committed
52
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
53

54 55 56 57
# install NoMAD and launch agent
installer -pkg NoMAD.pkg -target /
installer -pkg NoMAD-LaunchAgent.pkg -target /

58
# set scripts as executable
Peter NORTHUP's avatar
Peter NORTHUP committed
59
# chmod 755 mount-shares.command mac_install_printers.sh
60

61
# make link to disk mount on desktop
62
# ln -s /Users/$username/.mac-scripts/mount-shares.command "/Users/$username/Desktop/Mount IST Shares"
63

64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79
# download, install browser certificates / istwlan cert

curl -O https://git.ist.ac.at/support/software/raw/master/IST.CA.CRT.pem
curl -O https://git.ist.ac.at/support/software/raw/master/IST-Austria-Root-CA01.crt
security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain IST-Austria-Root-CA01.crt
security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain IST.CA.CRT.pem
rm IST.CA.CRT.pem
rm IST-Austria-Root-CA01.crt

# download, install OCS
# waiting on Thomas to update this

# download, install Tunnelblick - install config files?
curl -O https://git.ist.ac.at/support/software/raw/master/Tunnelblick.app.zip
unzip Tunnelblick.app.zip > /dev/null
mv Tunnelblick.app /Applications
80
chown -R :wheel /Applications/Tunnelblick.app
81
rm Tunnelblick.app.zip
82
rm -rf __MACOSX
83 84 85 86 87

# download, install SeaFile
curl -O https://git.ist.ac.at/support/software/raw/master/Seafile.app.zip
unzip Seafile.app.zip > /dev/null
mv Seafile\ Client.app /Applications
88
chown -R :wheel /Applications/Seafile\ Client.app
89 90 91 92 93 94
rm Seafile.app.zip

# download, install MacPass
curl -O https://git.ist.ac.at/support/software/raw/master/MacPass.zip
unzip MacPass.zip > /dev/null
mv MacPass.app /Applications
95
chown -R :wheel /Applications/MacPass.app
96 97 98 99 100 101
rm MacPass.zip

# download printers, install
# when domain-joined adding printers is easy
if enter_yesno "Install printers?"
then
102
  . ./mac_install_printers.sh
103 104 105
fi
if enter_yesno "Install common programs?"
then
106
  . ./install-common-programs.sh
107 108
fi

Peter NORTHUP's avatar
Peter NORTHUP committed
109
# if we copied openvpn files, remove
110 111
rm "/Users/$username/openvpn-$username.zip"
rm -rf "/Users/$username/openvpn"
Peter NORTHUP's avatar
Peter NORTHUP committed
112 113 114

# cleanup
history -c
115
rm /Users/$username/.bash_history