From 9f702b63097791d19c1532874127f4b93ed3e8a5 Mon Sep 17 00:00:00 2001
From: gitadmin <mohammad.ashraf@livingthings.ai>
Date: Thu, 12 Mar 2026 08:54:44 +0000
Subject: [PATCH] Add install-linux.sh

---
 install-linux.sh | 119 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 119 insertions(+)
 create mode 100644 install-linux.sh

diff --git a/install-linux.sh b/install-linux.sh
new file mode 100644
index 0000000..8a943e3
--- /dev/null
+++ b/install-linux.sh
@@ -0,0 +1,119 @@
+
+
+  #!/usr/bin/env bash
+  # ControlD MDM Agent — Linux Installer
+  # Usage: sudo bash install-linux.sh <CONTROLD_TOKEN> <DASHBOARD_URL> <EMPLOYEE_NAME>
+  set -euo pipefail
+
+  CONTROLD_TOKEN="${1:?Usage: $0 <CONTROLD_TOKEN> <DASHBOARD_URL> <EMPLOYEE_NAME>}"
+  DASHBOARD_URL="${2:?Usage: $0 <CONTROLD_TOKEN> <DASHBOARD_URL> <EMPLOYEE_NAME>}"
+  EMPLOYEE_NAME="${3:?Usage: $0 <CONTROLD_TOKEN> <DASHBOARD_URL> <EMPLOYEE_NAME>}"
+
+  CTRLD_DIR="/opt/controld"
+  CTRLD_BIN="${CTRLD_DIR}/ctrld"
+  CTRLD_CONFIG="${CTRLD_DIR}/ctrld.toml"
+  DEVICE_ID="$(cat /proc/sys/kernel/random/uuid)"
+  HOSTNAME="$(hostname)"
+
+  echo "[*] Installing ControlD MDM agent for ${EMPLOYEE_NAME} on ${HOSTNAME}..."
+
+  # 1. Download ctrld binary
+  echo "[*] Downloading ctrld..."
+  mkdir -p "${CTRLD_DIR}"
+  ARCH="$(uname -m)"
+  case "${ARCH}" in
+      x86_64)  CTRLD_URL="https://github.com/Control-D-Inc/ctrld/releases/latest/download/ctrld-linux-amd64" ;;
+      aarch64) CTRLD_URL="https://github.com/Control-D-Inc/ctrld/releases/latest/download/ctrld-linux-arm64" ;;
+      armv7l)  CTRLD_URL="https://github.com/Control-D-Inc/ctrld/releases/latest/download/ctrld-linux-arm" ;;
+      *)       echo "[!] Unsupported architecture: ${ARCH}"; exit 1 ;;
+  esac
+  curl -fsSL -o "${CTRLD_BIN}" "${CTRLD_URL}"
+  chmod +x "${CTRLD_BIN}"
+
+  # 2. Write config
+  echo "[*] Writing ctrld.toml..."
+  cat > "${CTRLD_CONFIG}" <<TOML
+  [upstream.0]
+    endpoint = "https://dns.controld.com/${CONTROLD_TOKEN}"
+    type = "doh"
+    timeout = 5000
+
+  [listener.0]
+    ip = "127.0.0.1"
+    port = 53
+  TOML
+
+  # 3. Install systemd service
+  echo "[*] Installing systemd service..."
+  cat > /etc/systemd/system/controld-agent.service <<SVC
+  [Unit]
+  Description=ControlD MDM Agent
+  After=network-online.target
+  Wants=network-online.target
+
+  [Service]
+  Type=simple
+  ExecStart=${CTRLD_BIN} run --config ${CTRLD_CONFIG}
+  Restart=always
+  RestartSec=5
+
+  [Install]
+  WantedBy=multi-user.target
+  SVC
+
+  systemctl daemon-reload
+  systemctl enable --now controld-agent.service
+
+  # 4. Set system DNS to 127.0.0.1
+  echo "[*] Configuring system DNS..."
+  if command -v resolvectl &>/dev/null; then
+      mkdir -p /etc/systemd/resolved.conf.d
+      cat > /etc/systemd/resolved.conf.d/controld.conf <<DNS
+  [Resolve]
+  DNS=127.0.0.1
+  DNSStubListener=no
+  DNS
+      systemctl restart systemd-resolved
+  elif command -v nmcli &>/dev/null; then
+      CONN=$(nmcli -t -f NAME connection show --active | head -1)
+      if [ -n "${CONN}" ]; then
+          nmcli connection modify "${CONN}" ipv4.dns "127.0.0.1"
+          nmcli connection modify "${CONN}" ipv4.ignore-auto-dns yes
+          nmcli connection up "${CONN}" >/dev/null 2>&1
+      fi
+  else
+      cp /etc/resolv.conf /etc/resolv.conf.bak
+      echo "nameserver 127.0.0.1" > /etc/resolv.conf
+  fi
+
+  # 5. Register with MDM backend
+  echo "[*] Registering device with MDM backend..."
+  curl -fsSL -X POST "${DASHBOARD_URL}/api/register" \
+      -H "Content-Type: application/json" \
+      -d "{
+          \"device_id\": \"${DEVICE_ID}\",
+          \"hostname\": \"${HOSTNAME}\",
+          \"employee\": \"${EMPLOYEE_NAME}\",
+          \"os\": \"linux\",
+          \"resolver_id\": \"${CONTROLD_TOKEN}\"
+      }" || echo "[!] Warning: Could not reach MDM backend."
+
+  # 6. Install heartbeat cron (every 5 min)
+  echo "[*] Setting up heartbeat..."
+  HEARTBEAT_SCRIPT="${CTRLD_DIR}/heartbeat.sh"
+  cat > "${HEARTBEAT_SCRIPT}" <<BEAT
+  #!/usr/bin/env bash
+  IP=\$(curl -fsSL ifconfig.me 2>/dev/null || echo "unknown")
+  curl -fsSL -X POST "${DASHBOARD_URL}/api/heartbeat" \
+      -H "Content-Type: application/json" \
+      -d "{\"device_id\": \"${DEVICE_ID}\", \"ip\": \"\${IP}\"}" >/dev/null 2>&1
+  BEAT
+  chmod +x "${HEARTBEAT_SCRIPT}"
+
+  (crontab -l 2>/dev/null | grep -v "${HEARTBEAT_SCRIPT}"; echo "*/5 * * * * ${HEARTBEAT_SCRIPT}") | crontab -
+
+  echo "[+] Installation complete!"
+  echo "    Device ID: ${DEVICE_ID}"
+  echo "    Config:    ${CTRLD_CONFIG}"
+  echo "    DNS:       127.0.0.1 -> ControlD (DoH)"
+