#!/usr/bin/env bash # ControlD MDM Agent — Linux Installer # Usage: sudo bash install-linux.sh set -euo pipefail CONTROLD_TOKEN="${1:?Usage: $0 }" DASHBOARD_URL="${2:?Usage: $0 }" EMPLOYEE_NAME="${3:?Usage: $0 }" CTRLD_DIR="/opt/controld" CTRLD_BIN="${CTRLD_DIR}/ctrld" CTRLD_CONFIG="${CTRLD_DIR}/ctrld.toml" DEVICE_ID="$(cat /proc/sys/kernel/random/uuid)" HOSTNAME="$(hostname)" echo "[*] Installing ControlD MDM agent for ${EMPLOYEE_NAME} on ${HOSTNAME}..." # 1. Download ctrld binary echo "[*] Downloading ctrld..." mkdir -p "${CTRLD_DIR}" ARCH="$(uname -m)" case "${ARCH}" in x86_64) CTRLD_URL="https://github.com/Control-D-Inc/ctrld/releases/latest/download/ctrld-linux-amd64" ;; aarch64) CTRLD_URL="https://github.com/Control-D-Inc/ctrld/releases/latest/download/ctrld-linux-arm64" ;; armv7l) CTRLD_URL="https://github.com/Control-D-Inc/ctrld/releases/latest/download/ctrld-linux-arm" ;; *) echo "[!] Unsupported architecture: ${ARCH}"; exit 1 ;; esac curl -fsSL -o "${CTRLD_BIN}" "${CTRLD_URL}" chmod +x "${CTRLD_BIN}" # 2. Write config echo "[*] Writing ctrld.toml..." cat > "${CTRLD_CONFIG}" < /etc/systemd/system/controld-agent.service </dev/null; then mkdir -p /etc/systemd/resolved.conf.d cat > /etc/systemd/resolved.conf.d/controld.conf </dev/null; then CONN=$(nmcli -t -f NAME connection show --active | head -1) if [ -n "${CONN}" ]; then nmcli connection modify "${CONN}" ipv4.dns "127.0.0.1" nmcli connection modify "${CONN}" ipv4.ignore-auto-dns yes nmcli connection up "${CONN}" >/dev/null 2>&1 fi else cp /etc/resolv.conf /etc/resolv.conf.bak echo "nameserver 127.0.0.1" > /etc/resolv.conf fi # 5. Register with MDM backend echo "[*] Registering device with MDM backend..." curl -fsSL -X POST "${DASHBOARD_URL}/api/register" \ -H "Content-Type: application/json" \ -d "{ \"device_id\": \"${DEVICE_ID}\", \"hostname\": \"${HOSTNAME}\", \"employee\": \"${EMPLOYEE_NAME}\", \"os\": \"linux\", \"resolver_id\": \"${CONTROLD_TOKEN}\" }" || echo "[!] Warning: Could not reach MDM backend." # 6. Install heartbeat cron (every 5 min) echo "[*] Setting up heartbeat..." HEARTBEAT_SCRIPT="${CTRLD_DIR}/heartbeat.sh" cat > "${HEARTBEAT_SCRIPT}" </dev/null || echo "unknown") curl -fsSL -X POST "${DASHBOARD_URL}/api/heartbeat" \ -H "Content-Type: application/json" \ -d "{\"device_id\": \"${DEVICE_ID}\", \"ip\": \"\${IP}\"}" >/dev/null 2>&1 BEAT chmod +x "${HEARTBEAT_SCRIPT}" (crontab -l 2>/dev/null | grep -v "${HEARTBEAT_SCRIPT}"; echo "*/5 * * * * ${HEARTBEAT_SCRIPT}") | crontab - echo "[+] Installation complete!" echo " Device ID: ${DEVICE_ID}" echo " Config: ${CTRLD_CONFIG}" echo " DNS: 127.0.0.1 -> ControlD (DoH)"