Repos lokal klonen vor Setup, WireGuard automatisch deployen

- setup.sh klont macbook-setup + dotfiles-rene lokal (Credentials einmalig im interaktiven Terminal statt im Autostart) - setup-base.sh nutzt lokale Dateien wenn vorhanden (wget-Fallback fuer Autoinstall bleibt erhalten), deployed WireGuard-Config - wireguard/ aus .gitignore entfernt, Configs werden getrackt - WireGuard aus manueller Checkliste entfernt
2026-03-12 16:52:48 +01:00 · 2026-03-12 16:52:48 +01:00 · 6a6acca19f
commit 6a6acca19f
parent 56bf15e03a
12 changed files with 164 additions and 26 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,2 @@
 *.iso
 .DS_Store
-wireguard/
--- a/INSTALL.md
+++ b/INSTALL.md
@ -87,11 +87,11 @@ cat /tmp/setup-desktop.log

 ### WireGuard

-Config-Datei muss separat vorliegen (nicht im Repo).
+WireGuard wird automatisch von `setup-base.sh` konfiguriert (Config aus `wireguard/m13.conf` bzw. `wireguard/m16.conf`). Falls nötig, manuell prüfen:

 ```bash
-sudo cp wg0.conf /etc/wireguard/
-sudo systemctl enable --now wg-quick@wg0
+sudo systemctl status wg-quick@wg0
+sudo wg show
 ```

 Danach ist das Heimnetz erreichbar (10.47.11.0/24 via 10.13.13.x).
--- a/setup-base.sh
+++ b/setup-base.sh
@ -13,6 +13,15 @@ ok()   { echo -e "${GREEN}✓ $*${NC}"; }
 warn() { echo -e "${YELLOW}⚠ $*${NC}"; }
 fail() { echo -e "${RED}✗ $*${NC}"; }

+# ── Lokales Repo erkennen (falls nicht via curl|bash) ─────────────────
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" 2>/dev/null && pwd)"
+if [[ -n "$SCRIPT_DIR" && -f "$SCRIPT_DIR/mbpfan-13.conf" ]]; then
+    REPO_DIR="$SCRIPT_DIR"
+    ok "Lokales Repo erkannt: $REPO_DIR"
+else
+    REPO_DIR=""
+fi
+
 # ── Modell ermitteln ─────────────────────────────────────────────────────
 if [[ "$1" == "13" || "$1" == "16" ]]; then
    MODEL="$1"
@ -129,12 +138,33 @@ ok "Brave wird als Flatpak in setup-desktop.sh installiert"
 echo -e "\n=== 7/11 Systemkonfigurationen ==="

 # mbpfan (modellabhängig)
-wget -q -O /tmp/mbpfan.conf "$SETUP_RAW/mbpfan-${MODEL}.conf" && \
-    cp /tmp/mbpfan.conf /etc/mbpfan.conf || warn "mbpfan.conf Download fehlgeschlagen"
+if [[ -n "$REPO_DIR" && -f "$REPO_DIR/mbpfan-${MODEL}.conf" ]]; then
+    cp "$REPO_DIR/mbpfan-${MODEL}.conf" /etc/mbpfan.conf
+    ok "mbpfan.conf (lokal)"
+else
+    wget -q -O /etc/mbpfan.conf "$SETUP_RAW/mbpfan-${MODEL}.conf" || warn "mbpfan.conf Download fehlgeschlagen"
+fi

 # Temperatur-Watch-Skript
+if [[ -n "$REPO_DIR" && -f "$REPO_DIR/temp-watch.sh" ]]; then
+    cp "$REPO_DIR/temp-watch.sh" /usr/local/bin/temp-watch.sh
+    chmod +x /usr/local/bin/temp-watch.sh
+    ok "temp-watch.sh (lokal)"
+else
    wget -q -O /usr/local/bin/temp-watch.sh "$SETUP_RAW/temp-watch.sh" && \
        chmod +x /usr/local/bin/temp-watch.sh || warn "temp-watch.sh Download fehlgeschlagen"
+fi
+
+# WireGuard-Config
+if [[ -n "$REPO_DIR" && -f "$REPO_DIR/wireguard/m${MODEL}.conf" ]]; then
+    mkdir -p /etc/wireguard
+    cp "$REPO_DIR/wireguard/m${MODEL}.conf" /etc/wireguard/wg0.conf
+    chmod 600 /etc/wireguard/wg0.conf
+    systemctl enable wg-quick@wg0 2>/dev/null || true
+    ok "WireGuard m${MODEL}.conf → /etc/wireguard/wg0.conf"
+else
+    warn "WireGuard: keine lokale Config gefunden — manuell einrichten"
+fi

 ok "Systemkonfigurationen gesetzt"

--- a/setup-desktop.sh
+++ b/setup-desktop.sh
@ -273,9 +273,7 @@ echo -e " ${GREEN}Desktop-Setup abgeschlossen!${NC}"
 echo "============================================"
 echo ""
 warn "Noch manuell erledigen:"
-echo "  1. WireGuard-Config einspielen:"
-echo "     sudo cp wg0.conf /etc/wireguard/ && sudo systemctl enable --now wg-quick@wg0"
-echo "  2. Synology Drive Client installieren (.deb von synology.com)"
-echo "  3. Thunderbird starten → Profil aus Synology Drive einbinden"
-echo "  4. Brave starten → Synchronisation einrichten"
-echo "  5. Falls p10k-Icons fehlen: Terminal-Schriftart auf 'MesloLGS NF' setzen"
+echo "  1. Synology Drive Client installieren (.deb von synology.com)"
+echo "  2. Thunderbird starten → Profil aus Synology Drive einbinden"
+echo "  3. Brave starten → Synchronisation einrichten"
+echo "  4. Falls p10k-Icons fehlen: Terminal-Schriftart auf 'MesloLGS NF' setzen"
--- a/setup.sh
+++ b/setup.sh
@ -1,11 +1,15 @@
 #!/bin/bash
 # macbook-setup/setup.sh
 # Post-Install-Skript für Linux auf MacBook Pro
-# Startet setup-base.sh und richtet setup-desktop.sh als Autostart ein
+# Klont alle Repos lokal, führt setup-base.sh aus und richtet Autostart ein
 #
-# Verwendung: curl -fsSL https://git.motocamp.de/rene/macbook-setup/raw/branch/main/setup.sh | bash
+# Verwendung:
+#   curl -fsSL https://git.motocamp.de/rene/macbook-setup/raw/branch/main/setup.sh | bash
+#   oder: cd macbook-setup && bash setup.sh

-SETUP_RAW="https://git.motocamp.de/rene/macbook-setup/raw/branch/main"
+FORGEJO="https://git.motocamp.de"
+MACBOOK_REPO="$FORGEJO/rene/macbook-setup.git"
+DOTFILES_REPO="$FORGEJO/rene/dotfiles-rene.git"

 # ── Farben ──────────────────────────────────────────────────────────────
 RED='\033[0;31m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'; NC='\033[0m'
@ -33,27 +37,50 @@ echo "════════════════════════
 echo " macbook-setup für MBP $MODEL\""
 echo "════════════════════════════════════════════"

-# ── Phase 1: System-Setup (als root) ────────────────────────────────────
-echo -e "\n>>> Phase 1: setup-base.sh (System)"
-curl -fsSL "$SETUP_RAW/setup-base.sh" | sudo bash -s -- "$MODEL"
-ok "Phase 1 abgeschlossen"
+# ── Phase 1: Repos lokal klonen ──────────────────────────────────────────
+echo -e "\n>>> Phase 1: Repos lokal bereitstellen"

-# ── Phase 2: Desktop-Setup als Autostart einrichten ──────────────────────
-echo -e "\n>>> Phase 2: setup-desktop.sh wird als Autostart eingerichtet"
+REPO_DIR="$HOME/git-projekte/macbook-setup"
+if [[ -d "$REPO_DIR/.git" ]]; then
+    ok "macbook-setup bereits vorhanden: $REPO_DIR"
+else
+    mkdir -p "$HOME/git-projekte"
+    git clone "$MACBOOK_REPO" "$REPO_DIR"
+    ok "macbook-setup geklont"
+fi
+
+DOTFILES_DIR="$HOME/git-projekte/dotfiles-rene"
+if [[ -d "$DOTFILES_DIR/.git" ]]; then
+    ok "dotfiles-rene bereits vorhanden: $DOTFILES_DIR"
+else
+    echo ""
+    echo "Dotfiles-Repo wird geklont (Forgejo-Zugangsdaten erforderlich):"
+    mkdir -p "$HOME/git-projekte"
+    git clone "$DOTFILES_REPO" "$DOTFILES_DIR"
+    ok "dotfiles-rene geklont"
+fi
+
+# ── Phase 2: System-Setup (als root) ────────────────────────────────────
+echo -e "\n>>> Phase 2: setup-base.sh (System)"
+sudo bash "$REPO_DIR/setup-base.sh" "$MODEL"
+ok "Phase 2 abgeschlossen"
+
+# ── Phase 3: Desktop-Setup als Autostart einrichten ──────────────────────
+echo -e "\n>>> Phase 3: setup-desktop.sh wird als Autostart eingerichtet"
 mkdir -p ~/.config/autostart
 cat > ~/.config/autostart/macbook-setup-desktop.desktop <<DTEOF
 [Desktop Entry]
 Type=Application
 Name=MacBook Setup Desktop
-Exec=xfce4-terminal -e "bash -c 'curl -fsSL $SETUP_RAW/setup-desktop.sh -o /tmp/setup-desktop.sh && bash /tmp/setup-desktop.sh 2>&1 | tee /tmp/setup-desktop.log; echo; echo Setup abgeschlossen - Enter zum Schliessen; read'"
+Exec=xfce4-terminal -e "bash -c 'bash $REPO_DIR/setup-desktop.sh 2>&1 | tee /tmp/setup-desktop.log; echo; echo Setup abgeschlossen - Enter zum Schliessen; read'"
 Hidden=false
 X-GNOME-Autostart-enabled=true
 DTEOF
-ok "Autostart für setup-desktop.sh eingerichtet"
+ok "Autostart für setup-desktop.sh eingerichtet (lokal: $REPO_DIR)"

 echo ""
 echo "════════════════════════════════════════════"
-echo -e " ${GREEN}Phase 1 abgeschlossen!${NC}"
+echo -e " ${GREEN}Vorbereitung abgeschlossen!${NC}"
 echo "════════════════════════════════════════════"
 echo ""
 echo "Nächster Schritt:"
--- a/wireguard/iPadM.conf
+++ b/wireguard/iPadM.conf
@ -0,0 +1,12 @@
+[Interface]
+PrivateKey = EHTtesjOBYQdhOnii54POY1XivkohZS/3VdZU8xRaUc=
+ListenPort = 51820
+Address = 10.13.13.5/24
+DNS = 10.47.11.21,10.47.11.20
+
+[Peer]
+PublicKey = mp0YKEjsUbnld3aTAnF6cSzTfixhZETQCoKiFHIcF30=
+PresharedKey = RCdpZ28dwVsRxTNIDu3C3dhj5byma+azl+Z4PIxbzYc=
+AllowedIPs = 10.47.11.0/24,10.13.13.0/24
+Endpoint = 24.134.39.137:443
+PersistentKeepalive = 25
--- a/wireguard/iPadR.conf
+++ b/wireguard/iPadR.conf
@ -0,0 +1,12 @@
+[Interface]
+PrivateKey = CHIzDLQ2Sla/aH591a+OlvG9bjyGDq/toh+NYE6wPFo=
+ListenPort = 51820
+Address = 10.13.13.4/24
+DNS = 10.47.11.21,10.47.11.20
+
+[Peer]
+PublicKey = mp0YKEjsUbnld3aTAnF6cSzTfixhZETQCoKiFHIcF30=
+PresharedKey = OSjgUUR8mGAmIAmadioA4RYGluN3ROE5qxfhttyQlvg=
+AllowedIPs = 10.47.11.0/24,10.13.13.0/24
+Endpoint = 24.134.39.137:443
+PersistentKeepalive = 25
--- a/wireguard/iPhoneM.conf
+++ b/wireguard/iPhoneM.conf
@ -0,0 +1,12 @@
+[Interface]
+PrivateKey = OL+CAPy9+HaHLxxqB3+N4ABn51v6xLk8gaGhRWlbG1s=
+ListenPort = 51820
+Address = 10.13.13.3/24
+DNS = 10.47.11.21,10.47.11.20
+
+[Peer]
+PublicKey = mp0YKEjsUbnld3aTAnF6cSzTfixhZETQCoKiFHIcF30=
+PresharedKey = MorbmVdEQ79ItWbRs3RI+bh6jxqQFkxa/k06fBjHXS0=
+AllowedIPs = 10.47.11.0/24,10.13.13.0/24
+Endpoint = 24.134.39.137:443
+PersistentKeepalive = 25
--- a/wireguard/iPhoneR.conf
+++ b/wireguard/iPhoneR.conf
@ -0,0 +1,12 @@
+[Interface]
+PrivateKey = oIJYPKn7pmsRFMY5+PIDaXZxDCVug9KsR5ZMjSwdVWw=
+ListenPort = 51820
+Address = 10.13.13.2/24
+DNS = 10.47.11.21,10.47.11.20
+
+[Peer]
+PublicKey = mp0YKEjsUbnld3aTAnF6cSzTfixhZETQCoKiFHIcF30=
+PresharedKey = +lNOGDr7RjHZqGa/NtsVBUyknY4+uH8Qe3OAPGqerX8=
+AllowedIPs = 10.47.11.0/24,10.13.13.0/24
+Endpoint = 24.134.39.137:443
+PersistentKeepalive = 25
--- a/wireguard/m1.conf
+++ b/wireguard/m1.conf
@ -0,0 +1,12 @@
+[Interface]
+PrivateKey = kEUk6gLdqXiPfOt9n639fshf0gMAhRhoRTRRXoz86Hc=
+ListenPort = 51820
+Address = 10.13.13.6/24
+DNS = 10.47.11.21,10.47.11.20
+
+[Peer]
+PublicKey = mp0YKEjsUbnld3aTAnF6cSzTfixhZETQCoKiFHIcF30=
+PresharedKey = nzxhGAJsHPETlYf/yZiZIx0G//ghg3uUDtMgzxzfahI=
+AllowedIPs = 10.47.11.0/24,10.13.13.0/24
+Endpoint = 24.134.39.137:443
+PersistentKeepalive = 25
--- a/wireguard/m13.conf
+++ b/wireguard/m13.conf
@ -0,0 +1,12 @@
+[Interface]
+PrivateKey = sIxh2D50+9bpWe6O6ezrfybW9Iy6QKcrwr9hmFpuGn0=
+ListenPort = 51820
+Address = 10.13.13.8/24
+DNS = 10.47.11.21,10.47.11.20
+
+[Peer]
+PublicKey = 7WrqHPof31gcCYMjLWPoP1EIxPR2896/3KL1pQ3YZGs=
+PresharedKey = JNq27UrO94P1eSBWfID4TsgQXNKa/PhAKquIHtsq89w=
+AllowedIPs = 10.47.11.0/24,10.13.13.0/24
+Endpoint = 24.134.39.137:443
+PersistentKeepalive = 25
--- a/wireguard/m16.conf
+++ b/wireguard/m16.conf
@ -0,0 +1,12 @@
+[Interface]
+PrivateKey = OA5IiSzPglSY8GdobOYMlaOaG+QqNjHIACBRe7MvK04=
+ListenPort = 51820
+Address = 10.13.13.7/24
+DNS = 10.47.11.21,10.47.11.20
+
+[Peer]
+PublicKey = J/dD1t3Bo9Zbcvxg6PvGP78kgMlL4s4yYfrUMpcoS2w=
+PresharedKey = vReUFqlQoOG1eUMTje+F2OOtgisgp/vNsDyx6lq3KXE=
+AllowedIPs = 10.47.11.0/24,10.13.13.0/24
+Endpoint = 24.134.39.137:443
+PersistentKeepalive = 25