gitadmin/mdm-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
mdm-scripts/install-mac.sh
gitadmin 0a17e6363b Add install-mac.sh
2026-03-12 08:54:09 +00:00

118 lines
4.3 KiB
Bash
Raw Permalink Blame History

#!/usr/bin/env bash
# ControlD MDM Agent — macOS Installer
# Usage: sudo bash install-mac.sh <CONTROLD_TOKEN> <DASHBOARD_URL> <EMPLOYEE_NAME>
set -euo pipefail
CONTROLD_TOKEN="${1:?Usage: $0 <CONTROLD_TOKEN> <DASHBOARD_URL> <EMPLOYEE_NAME>}"
DASHBOARD_URL="${2:?Usage: $0 <CONTROLD_TOKEN> <DASHBOARD_URL> <EMPLOYEE_NAME>}"
EMPLOYEE_NAME="${3:?Usage: $0 <CONTROLD_TOKEN> <DASHBOARD_URL> <EMPLOYEE_NAME>}"
CTRLD_DIR="/opt/controld"
CTRLD_BIN="${CTRLD_DIR}/ctrld"
CTRLD_CONFIG="${CTRLD_DIR}/ctrld.toml"
PLIST_PATH="/Library/LaunchDaemons/com.controld.agent.plist"
DEVICE_ID="$(uuidgen | tr '[:upper:]' '[:lower:]')"
HOSTNAME="$(hostname)"
echo "[*] Installing ControlD MDM agent for ${EMPLOYEE_NAME} on ${HOSTNAME}..."
# 1. Download ctrld binary
echo "[*] Downloading ctrld..."
mkdir -p "${CTRLD_DIR}"
ARCH="$(uname -m)"
if [ "${ARCH}" = "arm64" ]; then
CTRLD_URL="https://github.com/Control-D-Inc/ctrld/releases/latest/download/ctrld-darwin-arm64"
else
CTRLD_URL="https://github.com/Control-D-Inc/ctrld/releases/latest/download/ctrld-darwin-amd64"
fi
curl -fsSL -o "${CTRLD_BIN}" "${CTRLD_URL}"
chmod +x "${CTRLD_BIN}"
# 2. Write config
echo "[*] Writing ctrld.toml..."
cat > "${CTRLD_CONFIG}" <<TOML
[upstream.0]
endpoint = "https://dns.controld.com/${CONTROLD_TOKEN}"
type = "doh"
timeout = 5000
[listener.0]
ip = "127.0.0.1"
port = 53
TOML
# 3. Install LaunchDaemon
echo "[*] Installing LaunchDaemon..."
cat > "${PLIST_PATH}" <<PLIST
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.controld.agent</string>
<key>ProgramArguments</key>
<array>
<string>${CTRLD_BIN}</string>
<string>run</string>
<string>--config</string>
<string>${CTRLD_CONFIG}</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<true/>
<key>StandardOutPath</key>
<string>/var/log/controld-agent.log</string>
<key>StandardErrorPath</key>
<string>/var/log/controld-agent.err</string>
</dict>
</plist>
PLIST
launchctl load -w "${PLIST_PATH}"
# 4. Set system DNS to 127.0.0.1
echo "[*] Setting system DNS..."
SERVICES=$(networksetup -listallnetworkservices | tail -n +2)
while IFS= read -r svc; do
networksetup -setdnsservers "$svc" 127.0.0.1 2>/dev/null || true
done <<< "$SERVICES"
mkdir -p /etc/resolver
echo "nameserver 127.0.0.1" > /etc/resolver/default
# 5. Register with MDM backend
echo "[*] Registering device with MDM backend..."
curl -fsSL -X POST "${DASHBOARD_URL}/api/register" \
-H "Content-Type: application/json" \
-d "{
\"device_id\": \"${DEVICE_ID}\",
\"hostname\": \"${HOSTNAME}\",
\"employee\": \"${EMPLOYEE_NAME}\",
\"os\": \"macos\",
\"resolver_id\": \"${CONTROLD_TOKEN}\"
}" || echo "[!] Warning: Could not reach MDM backend. Device will register on next heartbeat."
# 6. Install heartbeat cron (every 5 min)
echo "[*] Setting up heartbeat..."
HEARTBEAT_SCRIPT="${CTRLD_DIR}/heartbeat.sh"
cat > "${HEARTBEAT_SCRIPT}" <<BEAT
#!/usr/bin/env bash
IP=\$(curl -fsSL ifconfig.me 2>/dev/null || echo "unknown")
curl -fsSL -X POST "${DASHBOARD_URL}/api/heartbeat" \
-H "Content-Type: application/json" \
-d "{\"device_id\": \"${DEVICE_ID}\", \"ip\": \"\${IP}\"}" >/dev/null 2>&1
BEAT
chmod +x "${HEARTBEAT_SCRIPT}"
(crontab -l 2>/dev/null | grep -v "${HEARTBEAT_SCRIPT}"; echo "*/5 * * * * ${HEARTBEAT_SCRIPT}") | crontab -
echo "[+] Installation complete!"
echo " Device ID: ${DEVICE_ID}"
echo " Config: ${CTRLD_CONFIG}"
echo " DNS: 127.0.0.1 -> ControlD (DoH)"
Reference in New Issue View Git Blame Copy Permalink