gitadmin/mdm-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add install-linux.sh

Browse Source
This commit is contained in:
gitadmin
2026-03-12 08:54:44 +00:00
parent 0a17e6363b
commit 9f702b6309
1 changed files with 119 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

119
install-linux.sh Normal file
View File

@@ -0,0 +1,119 @@
#!/usr/bin/env bash
# ControlD MDM Agent — Linux Installer
# Usage: sudo bash install-linux.sh <CONTROLD_TOKEN> <DASHBOARD_URL> <EMPLOYEE_NAME>
set -euo pipefail
CONTROLD_TOKEN="${1:?Usage: $0 <CONTROLD_TOKEN> <DASHBOARD_URL> <EMPLOYEE_NAME>}"
DASHBOARD_URL="${2:?Usage: $0 <CONTROLD_TOKEN> <DASHBOARD_URL> <EMPLOYEE_NAME>}"
EMPLOYEE_NAME="${3:?Usage: $0 <CONTROLD_TOKEN> <DASHBOARD_URL> <EMPLOYEE_NAME>}"
CTRLD_DIR="/opt/controld"
CTRLD_BIN="${CTRLD_DIR}/ctrld"
CTRLD_CONFIG="${CTRLD_DIR}/ctrld.toml"
DEVICE_ID="$(cat /proc/sys/kernel/random/uuid)"
HOSTNAME="$(hostname)"
echo "[*] Installing ControlD MDM agent for ${EMPLOYEE_NAME} on ${HOSTNAME}..."
# 1. Download ctrld binary
echo "[*] Downloading ctrld..."
mkdir -p "${CTRLD_DIR}"
ARCH="$(uname -m)"
case "${ARCH}" in
x86_64) CTRLD_URL="https://github.com/Control-D-Inc/ctrld/releases/latest/download/ctrld-linux-amd64" ;;
aarch64) CTRLD_URL="https://github.com/Control-D-Inc/ctrld/releases/latest/download/ctrld-linux-arm64" ;;
armv7l) CTRLD_URL="https://github.com/Control-D-Inc/ctrld/releases/latest/download/ctrld-linux-arm" ;;
*) echo "[!] Unsupported architecture: ${ARCH}"; exit 1 ;;
esac
curl -fsSL -o "${CTRLD_BIN}" "${CTRLD_URL}"
chmod +x "${CTRLD_BIN}"
# 2. Write config
echo "[*] Writing ctrld.toml..."
cat > "${CTRLD_CONFIG}" <<TOML
[upstream.0]
endpoint = "https://dns.controld.com/${CONTROLD_TOKEN}"
type = "doh"
timeout = 5000
[listener.0]
ip = "127.0.0.1"
port = 53
TOML
# 3. Install systemd service
echo "[*] Installing systemd service..."
cat > /etc/systemd/system/controld-agent.service <<SVC
[Unit]
Description=ControlD MDM Agent
After=network-online.target
Wants=network-online.target
[Service]
Type=simple
ExecStart=${CTRLD_BIN} run --config ${CTRLD_CONFIG}
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
SVC
systemctl daemon-reload
systemctl enable --now controld-agent.service
# 4. Set system DNS to 127.0.0.1
echo "[*] Configuring system DNS..."
if command -v resolvectl &>/dev/null; then
mkdir -p /etc/systemd/resolved.conf.d
cat > /etc/systemd/resolved.conf.d/controld.conf <<DNS
[Resolve]
DNS=127.0.0.1
DNSStubListener=no
DNS
systemctl restart systemd-resolved
elif command -v nmcli &>/dev/null; then
CONN=$(nmcli -t -f NAME connection show --active | head -1)
if [ -n "${CONN}" ]; then
nmcli connection modify "${CONN}" ipv4.dns "127.0.0.1"
nmcli connection modify "${CONN}" ipv4.ignore-auto-dns yes
nmcli connection up "${CONN}" >/dev/null 2>&1
fi
else
cp /etc/resolv.conf /etc/resolv.conf.bak
echo "nameserver 127.0.0.1" > /etc/resolv.conf
fi
# 5. Register with MDM backend
echo "[*] Registering device with MDM backend..."
curl -fsSL -X POST "${DASHBOARD_URL}/api/register" \
-H "Content-Type: application/json" \
-d "{
\"device_id\": \"${DEVICE_ID}\",
\"hostname\": \"${HOSTNAME}\",
\"employee\": \"${EMPLOYEE_NAME}\",
\"os\": \"linux\",
\"resolver_id\": \"${CONTROLD_TOKEN}\"
}" || echo "[!] Warning: Could not reach MDM backend."
# 6. Install heartbeat cron (every 5 min)
echo "[*] Setting up heartbeat..."
HEARTBEAT_SCRIPT="${CTRLD_DIR}/heartbeat.sh"
cat > "${HEARTBEAT_SCRIPT}" <<BEAT
#!/usr/bin/env bash
IP=\$(curl -fsSL ifconfig.me 2>/dev/null || echo "unknown")
curl -fsSL -X POST "${DASHBOARD_URL}/api/heartbeat" \
-H "Content-Type: application/json" \
-d "{\"device_id\": \"${DEVICE_ID}\", \"ip\": \"\${IP}\"}" >/dev/null 2>&1
BEAT
chmod +x "${HEARTBEAT_SCRIPT}"
(crontab -l 2>/dev/null | grep -v "${HEARTBEAT_SCRIPT}"; echo "*/5 * * * * ${HEARTBEAT_SCRIPT}") | crontab -
echo "[+] Installation complete!"
echo " Device ID: ${DEVICE_ID}"
echo " Config: ${CTRLD_CONFIG}"
echo " DNS: 127.0.0.1 -> ControlD (DoH)"