rene/macbook-setup
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Repos lokal klonen vor Setup, WireGuard automatisch deployen

Browse source 
- setup.sh klont macbook-setup + dotfiles-rene lokal (Credentials
  einmalig im interaktiven Terminal statt im Autostart)
- setup-base.sh nutzt lokale Dateien wenn vorhanden (wget-Fallback
  fuer Autoinstall bleibt erhalten), deployed WireGuard-Config
- wireguard/ aus .gitignore entfernt, Configs werden getrackt
- WireGuard aus manueller Checkliste entfernt

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
rene 2026-03-12 16:52:48 +01:00
parent f6e7807d19
commit 4c2fa87209
12 changed files with 164 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1,3 +1,2 @@
*.iso *.iso
.DS_Store .DS_Store
wireguard/

6
INSTALL.md
View file

@ -87,11 +87,11 @@ cat /tmp/setup-desktop.log
### WireGuard ### WireGuard
Config-Datei muss separat vorliegen (nicht im Repo). WireGuard wird automatisch von `setup-base.sh` konfiguriert (Config aus `wireguard/m13.conf` bzw. `wireguard/m16.conf`). Falls nötig, manuell prüfen:
```bash ```bash
sudo cp wg0.conf /etc/wireguard/ sudo systemctl status wg-quick@wg0
sudo systemctl enable --now wg-quick@wg0 sudo wg show
``` ```
Danach ist das Heimnetz erreichbar (10.47.11.0/24 via 10.13.13.x). Danach ist das Heimnetz erreichbar (10.47.11.0/24 via 10.13.13.x).

36
setup-base.sh
View file

@ -13,6 +13,15 @@ ok() { echo -e "${GREEN}✓ $*${NC}"; }
warn() { echo -e "${YELLOW}$*${NC}"; } warn() { echo -e "${YELLOW}$*${NC}"; }
fail() { echo -e "${RED}$*${NC}"; } fail() { echo -e "${RED}$*${NC}"; }
# ── Lokales Repo erkennen (falls nicht via curl|bash) ─────────────────
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" 2>/dev/null && pwd)"
if [[ -n "$SCRIPT_DIR" && -f "$SCRIPT_DIR/mbpfan-13.conf" ]]; then
REPO_DIR="$SCRIPT_DIR"
ok "Lokales Repo erkannt: $REPO_DIR"
else
REPO_DIR=""
fi
# ── Modell ermitteln ───────────────────────────────────────────────────── # ── Modell ermitteln ─────────────────────────────────────────────────────
if [[ "$1" == "13" || "$1" == "16" ]]; then if [[ "$1" == "13" || "$1" == "16" ]]; then
MODEL="$1" MODEL="$1"
@ -129,12 +138,33 @@ ok "Brave wird als Flatpak in setup-desktop.sh installiert"
echo -e "\n=== 7/11 Systemkonfigurationen ===" echo -e "\n=== 7/11 Systemkonfigurationen ==="
# mbpfan (modellabhängig) # mbpfan (modellabhängig)
wget -q -O /tmp/mbpfan.conf "$SETUP_RAW/mbpfan-${MODEL}.conf" && \ if [[ -n "$REPO_DIR" && -f "$REPO_DIR/mbpfan-${MODEL}.conf" ]]; then
cp /tmp/mbpfan.conf /etc/mbpfan.conf || warn "mbpfan.conf Download fehlgeschlagen" cp "$REPO_DIR/mbpfan-${MODEL}.conf" /etc/mbpfan.conf
ok "mbpfan.conf (lokal)"
else
wget -q -O /etc/mbpfan.conf "$SETUP_RAW/mbpfan-${MODEL}.conf" || warn "mbpfan.conf Download fehlgeschlagen"
fi
# Temperatur-Watch-Skript # Temperatur-Watch-Skript
wget -q -O /usr/local/bin/temp-watch.sh "$SETUP_RAW/temp-watch.sh" && \ if [[ -n "$REPO_DIR" && -f "$REPO_DIR/temp-watch.sh" ]]; then
cp "$REPO_DIR/temp-watch.sh" /usr/local/bin/temp-watch.sh
chmod +x /usr/local/bin/temp-watch.sh
ok "temp-watch.sh (lokal)"
else
wget -q -O /usr/local/bin/temp-watch.sh "$SETUP_RAW/temp-watch.sh" && \
chmod +x /usr/local/bin/temp-watch.sh || warn "temp-watch.sh Download fehlgeschlagen" chmod +x /usr/local/bin/temp-watch.sh || warn "temp-watch.sh Download fehlgeschlagen"
fi
# WireGuard-Config
if [[ -n "$REPO_DIR" && -f "$REPO_DIR/wireguard/m${MODEL}.conf" ]]; then
mkdir -p /etc/wireguard
cp "$REPO_DIR/wireguard/m${MODEL}.conf" /etc/wireguard/wg0.conf
chmod 600 /etc/wireguard/wg0.conf
systemctl enable wg-quick@wg0 2>/dev/null || true
ok "WireGuard m${MODEL}.conf → /etc/wireguard/wg0.conf"
else
warn "WireGuard: keine lokale Config gefunden — manuell einrichten"
fi
ok "Systemkonfigurationen gesetzt" ok "Systemkonfigurationen gesetzt"

10
setup-desktop.sh
View file

@ -273,9 +273,7 @@ echo -e " ${GREEN}Desktop-Setup abgeschlossen!${NC}"
echo "============================================" echo "============================================"
echo "" echo ""
warn "Noch manuell erledigen:" warn "Noch manuell erledigen:"
echo " 1. WireGuard-Config einspielen:" echo " 1. Synology Drive Client installieren (.deb von synology.com)"
echo " sudo cp wg0.conf /etc/wireguard/ && sudo systemctl enable --now wg-quick@wg0" echo " 2. Thunderbird starten → Profil aus Synology Drive einbinden"
echo " 2. Synology Drive Client installieren (.deb von synology.com)" echo " 3. Brave starten → Synchronisation einrichten"
echo " 3. Thunderbird starten → Profil aus Synology Drive einbinden" echo " 4. Falls p10k-Icons fehlen: Terminal-Schriftart auf 'MesloLGS NF' setzen"
echo " 4. Brave starten → Synchronisation einrichten"
echo " 5. Falls p10k-Icons fehlen: Terminal-Schriftart auf 'MesloLGS NF' setzen"

51
setup.sh
View file

@ -1,11 +1,15 @@
#!/bin/bash #!/bin/bash
# macbook-setup/setup.sh # macbook-setup/setup.sh
# Post-Install-Skript für Linux auf MacBook Pro # Post-Install-Skript für Linux auf MacBook Pro
# Startet setup-base.sh und richtet setup-desktop.sh als Autostart ein # Klont alle Repos lokal, führt setup-base.sh aus und richtet Autostart ein
# #
# Verwendung: curl -fsSL https://git.motocamp.de/rene/macbook-setup/raw/branch/main/setup.sh | bash # Verwendung:
# curl -fsSL https://git.motocamp.de/rene/macbook-setup/raw/branch/main/setup.sh | bash
# oder: cd macbook-setup && bash setup.sh
SETUP_RAW="https://git.motocamp.de/rene/macbook-setup/raw/branch/main" FORGEJO="https://git.motocamp.de"
MACBOOK_REPO="$FORGEJO/rene/macbook-setup.git"
DOTFILES_REPO="$FORGEJO/rene/dotfiles-rene.git"
# ── Farben ────────────────────────────────────────────────────────────── # ── Farben ──────────────────────────────────────────────────────────────
RED='\033[0;31m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'; NC='\033[0m' RED='\033[0;31m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'; NC='\033[0m'
@ -33,27 +37,50 @@ echo "════════════════════════
echo " macbook-setup für MBP $MODEL\"" echo " macbook-setup für MBP $MODEL\""
echo "════════════════════════════════════════════" echo "════════════════════════════════════════════"
# ── Phase 1: System-Setup (als root) ──────────────────────────────────── # ── Phase 1: Repos lokal klonen ──────────────────────────────────────────
echo -e "\n>>> Phase 1: setup-base.sh (System)" echo -e "\n>>> Phase 1: Repos lokal bereitstellen"
curl -fsSL "$SETUP_RAW/setup-base.sh" | sudo bash -s -- "$MODEL"
ok "Phase 1 abgeschlossen"
# ── Phase 2: Desktop-Setup als Autostart einrichten ────────────────────── REPO_DIR="$HOME/git-projekte/macbook-setup"
echo -e "\n>>> Phase 2: setup-desktop.sh wird als Autostart eingerichtet" if [[ -d "$REPO_DIR/.git" ]]; then
ok "macbook-setup bereits vorhanden: $REPO_DIR"
else
mkdir -p "$HOME/git-projekte"
git clone "$MACBOOK_REPO" "$REPO_DIR"
ok "macbook-setup geklont"
fi
DOTFILES_DIR="$HOME/git-projekte/dotfiles-rene"
if [[ -d "$DOTFILES_DIR/.git" ]]; then
ok "dotfiles-rene bereits vorhanden: $DOTFILES_DIR"
else
echo ""
echo "Dotfiles-Repo wird geklont (Forgejo-Zugangsdaten erforderlich):"
mkdir -p "$HOME/git-projekte"
git clone "$DOTFILES_REPO" "$DOTFILES_DIR"
ok "dotfiles-rene geklont"
fi
# ── Phase 2: System-Setup (als root) ────────────────────────────────────
echo -e "\n>>> Phase 2: setup-base.sh (System)"
sudo bash "$REPO_DIR/setup-base.sh" "$MODEL"
ok "Phase 2 abgeschlossen"
# ── Phase 3: Desktop-Setup als Autostart einrichten ──────────────────────
echo -e "\n>>> Phase 3: setup-desktop.sh wird als Autostart eingerichtet"
mkdir -p ~/.config/autostart mkdir -p ~/.config/autostart
cat > ~/.config/autostart/macbook-setup-desktop.desktop <<DTEOF cat > ~/.config/autostart/macbook-setup-desktop.desktop <<DTEOF
[Desktop Entry] [Desktop Entry]
Type=Application Type=Application
Name=MacBook Setup Desktop Name=MacBook Setup Desktop
Exec=xfce4-terminal -e "bash -c 'curl -fsSL $SETUP_RAW/setup-desktop.sh -o /tmp/setup-desktop.sh && bash /tmp/setup-desktop.sh 2>&1 | tee /tmp/setup-desktop.log; echo; echo Setup abgeschlossen - Enter zum Schliessen; read'" Exec=xfce4-terminal -e "bash -c 'bash $REPO_DIR/setup-desktop.sh 2>&1 | tee /tmp/setup-desktop.log; echo; echo Setup abgeschlossen - Enter zum Schliessen; read'"
Hidden=false Hidden=false
X-GNOME-Autostart-enabled=true X-GNOME-Autostart-enabled=true
DTEOF DTEOF
ok "Autostart für setup-desktop.sh eingerichtet" ok "Autostart für setup-desktop.sh eingerichtet (lokal: $REPO_DIR)"
echo "" echo ""
echo "════════════════════════════════════════════" echo "════════════════════════════════════════════"
echo -e " ${GREEN}Phase 1 abgeschlossen!${NC}" echo -e " ${GREEN}Vorbereitung abgeschlossen!${NC}"
echo "════════════════════════════════════════════" echo "════════════════════════════════════════════"
echo "" echo ""
echo "Nächster Schritt:" echo "Nächster Schritt:"

12
wireguard/iPadM.conf Executable file
View file

@ -0,0 +1,12 @@
[Interface]
PrivateKey = EHTtesjOBYQdhOnii54POY1XivkohZS/3VdZU8xRaUc=
ListenPort = 51820
Address = 10.13.13.5/24
DNS = 10.47.11.21,10.47.11.20
[Peer]
PublicKey = mp0YKEjsUbnld3aTAnF6cSzTfixhZETQCoKiFHIcF30=
PresharedKey = RCdpZ28dwVsRxTNIDu3C3dhj5byma+azl+Z4PIxbzYc=
AllowedIPs = 10.47.11.0/24,10.13.13.0/24
Endpoint = 24.134.39.137:443
PersistentKeepalive = 25

12
wireguard/iPadR.conf Executable file
View file

@ -0,0 +1,12 @@
[Interface]
PrivateKey = CHIzDLQ2Sla/aH591a+OlvG9bjyGDq/toh+NYE6wPFo=
ListenPort = 51820
Address = 10.13.13.4/24
DNS = 10.47.11.21,10.47.11.20
[Peer]
PublicKey = mp0YKEjsUbnld3aTAnF6cSzTfixhZETQCoKiFHIcF30=
PresharedKey = OSjgUUR8mGAmIAmadioA4RYGluN3ROE5qxfhttyQlvg=
AllowedIPs = 10.47.11.0/24,10.13.13.0/24
Endpoint = 24.134.39.137:443
PersistentKeepalive = 25

12
wireguard/iPhoneM.conf Executable file
View file

@ -0,0 +1,12 @@
[Interface]
PrivateKey = OL+CAPy9+HaHLxxqB3+N4ABn51v6xLk8gaGhRWlbG1s=
ListenPort = 51820
Address = 10.13.13.3/24
DNS = 10.47.11.21,10.47.11.20
[Peer]
PublicKey = mp0YKEjsUbnld3aTAnF6cSzTfixhZETQCoKiFHIcF30=
PresharedKey = MorbmVdEQ79ItWbRs3RI+bh6jxqQFkxa/k06fBjHXS0=
AllowedIPs = 10.47.11.0/24,10.13.13.0/24
Endpoint = 24.134.39.137:443
PersistentKeepalive = 25

12
wireguard/iPhoneR.conf Executable file
View file

@ -0,0 +1,12 @@
[Interface]
PrivateKey = oIJYPKn7pmsRFMY5+PIDaXZxDCVug9KsR5ZMjSwdVWw=
ListenPort = 51820
Address = 10.13.13.2/24
DNS = 10.47.11.21,10.47.11.20
[Peer]
PublicKey = mp0YKEjsUbnld3aTAnF6cSzTfixhZETQCoKiFHIcF30=
PresharedKey = +lNOGDr7RjHZqGa/NtsVBUyknY4+uH8Qe3OAPGqerX8=
AllowedIPs = 10.47.11.0/24,10.13.13.0/24
Endpoint = 24.134.39.137:443
PersistentKeepalive = 25

12
wireguard/m1.conf Executable file
View file

@ -0,0 +1,12 @@
[Interface]
PrivateKey = kEUk6gLdqXiPfOt9n639fshf0gMAhRhoRTRRXoz86Hc=
ListenPort = 51820
Address = 10.13.13.6/24
DNS = 10.47.11.21,10.47.11.20
[Peer]
PublicKey = mp0YKEjsUbnld3aTAnF6cSzTfixhZETQCoKiFHIcF30=
PresharedKey = nzxhGAJsHPETlYf/yZiZIx0G//ghg3uUDtMgzxzfahI=
AllowedIPs = 10.47.11.0/24,10.13.13.0/24
Endpoint = 24.134.39.137:443
PersistentKeepalive = 25

12
wireguard/m13.conf Executable file
View file

@ -0,0 +1,12 @@
[Interface]
PrivateKey = sIxh2D50+9bpWe6O6ezrfybW9Iy6QKcrwr9hmFpuGn0=
ListenPort = 51820
Address = 10.13.13.8/24
DNS = 10.47.11.21,10.47.11.20
[Peer]
PublicKey = 7WrqHPof31gcCYMjLWPoP1EIxPR2896/3KL1pQ3YZGs=
PresharedKey = JNq27UrO94P1eSBWfID4TsgQXNKa/PhAKquIHtsq89w=
AllowedIPs = 10.47.11.0/24,10.13.13.0/24
Endpoint = 24.134.39.137:443
PersistentKeepalive = 25

12
wireguard/m16.conf Executable file
View file

@ -0,0 +1,12 @@
[Interface]
PrivateKey = OA5IiSzPglSY8GdobOYMlaOaG+QqNjHIACBRe7MvK04=
ListenPort = 51820
Address = 10.13.13.7/24
DNS = 10.47.11.21,10.47.11.20
[Peer]
PublicKey = J/dD1t3Bo9Zbcvxg6PvGP78kgMlL4s4yYfrUMpcoS2w=
PresharedKey = vReUFqlQoOG1eUMTje+F2OOtgisgp/vNsDyx6lq3KXE=
AllowedIPs = 10.47.11.0/24,10.13.13.0/24
Endpoint = 24.134.39.137:443
PersistentKeepalive = 25