ist-macbook.sh 4.28 KB
Newer Older
1 2 3 4
#!/bin/sh
# Set up a fresh Macbook for IST. Run with sudo!
# run from /Users/Shared/mac-scripts
# note: slow login may be helped by putting IPs of domain controllers: DC1, W1521003, W1521007
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
scriptdir="$HOME/.mac-scripts"
username=$SUDO_USER
echo "userhome is $HOME"
echo "scriptdir is $scriptdir"
echo "user is $SUDO_USER ... cancel if this isn't right..."

if [ $USER != "root" ]
then
    echo "Must be run with Sudo!"
    exit 1
fi
if [ `pwd` != $scriptdir ]
then
    echo "Move this directory to $HOME/.mac-scripts and run from there."
    exit 1
fi
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36

function enter_yesno {
    while true ; do
        echo -n "${1} (Y/N)? " 1>&2
         read -n 1 reply
        echo
        case "$reply" in
            Y*|y*) return 0 ;;
            N*|n*) return 1 ;;
        esac
        echo "Invalid input, try again ..." 1>&2
    done
}

# hostname = "USER INPUT"
read -p "Enter hostname (e.g. 'mnadmn001'): " hostname
37 38
# admuser = "USER INPUT"
read -p "Enter your adm username: " admuser
39 40
# username = "USER INPUT"
# read -p "Enter the username of the eventual user: " username
41

42
# adding home drive to favorite servers (cmd-K in finder)
43
sfltool add-item -n "Home" com.apple.LSSharedFileList.FavoriteServers "smb://istsmb3.ist.local/$username"
44 45

# get group-drive names, add to favorite servers
46
groups=`ldapsearch -LLL -x -h ldap.ista.local -b "ou=group,dc=ist,dc=ac,dc=at" memberUid=$username cn | egrep "cn\: \w+grp" | cut -d " " -f 2`
47 48 49 50 51 52
for g in $groups
do
    sfltool add-item -n "Group" com.apple.LSSharedFileList.FavoriteServers "smb://istsmb3.ist.local/$g"
    sfltool add-item -n "Group-Archive" com.apple.LSSharedFileList.FavoriteServers "smb://archive3.ist.local/archive-$g"
done

53 54 55 56 57 58 59 60 61 62
# change computer name
scutil --set HostName $hostname
scutil --set LocalHostName $hostname
scutil --set ComputerName $hostname

# set root password to proper one
passwd root

# enable SSH
systemsetup -setremotelogin on
Peter NORTHUP's avatar
Peter NORTHUP committed
63
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
64

65 66 67 68
# install NoMAD and launch agent
installer -pkg NoMAD.pkg -target /
installer -pkg NoMAD-LaunchAgent.pkg -target /

69
# NoMAD prefs: IST.LOCAL, use keychain, sync PW
70 71 72 73
sudo -u $username defaults write com.trusourcelabs.NoMAD ADDomain IST.LOCAL
sudo -u $username defaults write com.trusourcelabs.NoMAD KerberosRealm IST.LOCAL
sudo -u $username defaults write com.trusourcelabs.NoMAD UseKeychain 1
sudo -u $username defaults write com.trusourcelabs.NoMAD LocalPasswordSync 1
74

75
# set scripts as executable
Peter NORTHUP's avatar
Peter NORTHUP committed
76
# chmod 755 mount-shares.command mac_install_printers.sh
77

78
# make link to disk mount on desktop
79
# ln -s /Users/$username/.mac-scripts/mount-shares.command "/Users/$username/Desktop/Mount IST Shares"
80

81 82 83 84 85 86 87 88 89
# download, install browser certificates / istwlan cert

curl -O https://git.ist.ac.at/support/software/raw/master/IST.CA.CRT.pem
curl -O https://git.ist.ac.at/support/software/raw/master/IST-Austria-Root-CA01.crt
security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain IST-Austria-Root-CA01.crt
security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain IST.CA.CRT.pem
rm IST.CA.CRT.pem
rm IST-Austria-Root-CA01.crt

Peter NORTHUP's avatar
Peter NORTHUP committed
90 91 92
# install ESET
. ./EraAgentInstaller-mac.sh

93 94 95 96 97 98 99
# download, install OCS
# waiting on Thomas to update this

# download, install Tunnelblick - install config files?
curl -O https://git.ist.ac.at/support/software/raw/master/Tunnelblick.app.zip
unzip Tunnelblick.app.zip > /dev/null
mv Tunnelblick.app /Applications
100
chown -R :wheel /Applications/Tunnelblick.app
101
rm Tunnelblick.app.zip
102
rm -rf __MACOSX
103 104 105 106 107

# download, install SeaFile
curl -O https://git.ist.ac.at/support/software/raw/master/Seafile.app.zip
unzip Seafile.app.zip > /dev/null
mv Seafile\ Client.app /Applications
108
chown -R :wheel /Applications/Seafile\ Client.app
109 110 111 112 113 114
rm Seafile.app.zip

# download, install MacPass
curl -O https://git.ist.ac.at/support/software/raw/master/MacPass.zip
unzip MacPass.zip > /dev/null
mv MacPass.app /Applications
115
chown -R :wheel /Applications/MacPass.app
116 117 118 119 120 121
rm MacPass.zip

# download printers, install
# when domain-joined adding printers is easy
if enter_yesno "Install printers?"
then
122
  . ./mac_install_printers.sh
123 124 125
fi
if enter_yesno "Install common programs?"
then
126
  . ./install-common-programs.sh
127 128
fi

Peter NORTHUP's avatar
Peter NORTHUP committed
129
# if we copied openvpn files, remove
130 131
rm "/Users/$username/openvpn-$username.zip"
rm -rf "/Users/$username/openvpn"
Peter NORTHUP's avatar
Peter NORTHUP committed
132 133

# cleanup
134
sudo -u $username history -c
135
rm /Users/$username/.bash_history