Brave auf apt, Kitty, FaceTime-Webcam, WireGuard wg-quick, SSH-Setup, HiDPI-Verbesserungen
- Brave Browser: von Flatpak auf apt mit offiziellem Repo umgestellt - Kitty Terminal: Installation (apt) + Konfiguration in setup-desktop.sh - FaceTime HD Webcam: Firmware + DKMS-Treiber (bcwc_pcie) - WireGuard: von NetworkManager auf wg-quick umgestellt, DNS fuer m13 - SSH-Key-Generierung + automatische HTTPS→SSH Umstellung der Repos - Thunderbird: von apt auf Snap (wegen .deb-Bug) - XFCE HiDPI: Noto Sans 10pt, Panel 28px, fuer beide MBPs vereinheitlicht - Tastatur: ctrl:swap_lwin_lctl fuer Mac-like Cmd+C/V - Standard-Apps: Brave (Browser), Thunderbird (Mail) - CLAUDE.md: Doku aktualisiert Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
273978b78f
commit
aa24f89511
4 changed files with 234 additions and 92 deletions
176
setup-base.sh
176
setup-base.sh
|
|
@ -41,7 +41,7 @@ echo " setup-base.sh für MBP $MODEL\" startet"
|
|||
echo "════════════════════════════════════════════"
|
||||
|
||||
# ── 0. sudoers reparieren (macOS-Installer hinterlässt macOS-sudoers) ──────
|
||||
echo -e "\n=== 0/11 sudoers ==="
|
||||
echo -e "\n=== 0/12 sudoers ==="
|
||||
cat > /etc/sudoers <<'SUDOEOF'
|
||||
Defaults env_reset
|
||||
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
|
|
@ -58,7 +58,7 @@ chmod 440 /etc/sudoers.d/rene
|
|||
ok "sudoers: Linux-Standard + NOPASSWD fuer rene"
|
||||
|
||||
# ── 1. Kritische Hardware-Fixes ZUERST (vor allem anderen) ───────────────
|
||||
echo -e "\n=== 1/11 Hardware-Fixes ==="
|
||||
echo -e "\n=== 1/12 Hardware-Fixes ==="
|
||||
|
||||
# GPU: AMD Radeon blacklisten (MBP 16")
|
||||
if [[ "$MODEL" == "16" ]]; then
|
||||
|
|
@ -89,7 +89,7 @@ cat > /etc/default/keyboard <<EOF
|
|||
XKBMODEL="macbook79"
|
||||
XKBLAYOUT="de"
|
||||
XKBVARIANT=""
|
||||
XKBOPTIONS="lv3:lalt_switch,terminate:ctrl_alt_bksp"
|
||||
XKBOPTIONS="lv3:lalt_switch,terminate:ctrl_alt_bksp,ctrl:swap_lwin_lctl"
|
||||
EOF
|
||||
dpkg-reconfigure -f noninteractive keyboard-configuration 2>/dev/null || true
|
||||
ok "Tastatur: mac_deadkeys"
|
||||
|
|
@ -105,23 +105,23 @@ update-initramfs -u 2>/dev/null || true
|
|||
ok "initramfs aktualisiert"
|
||||
|
||||
# ── 2. Sleep/Suspend verhindern während Installation ─────────────────────
|
||||
echo -e "\n=== 2/11 Sleep verhindern ==="
|
||||
echo -e "\n=== 2/12 Sleep verhindern ==="
|
||||
systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target 2>/dev/null || true
|
||||
ok "Sleep/Suspend deaktiviert (für Installation)"
|
||||
|
||||
# ── 3. Eventuelle unterbrochene Installationen reparieren ────────────────
|
||||
echo -e "\n=== 3/11 dpkg reparieren ==="
|
||||
echo -e "\n=== 3/12 dpkg reparieren ==="
|
||||
dpkg --configure -a 2>/dev/null || true
|
||||
apt install -f -y 2>/dev/null || true
|
||||
ok "dpkg/apt repariert"
|
||||
|
||||
# ── 4. System aktualisieren ──────────────────────────────────────────────
|
||||
echo -e "\n=== 4/11 System aktualisieren ==="
|
||||
echo -e "\n=== 4/12 System aktualisieren ==="
|
||||
apt update && apt upgrade -y || warn "apt upgrade hatte Probleme"
|
||||
ok "System aktuell"
|
||||
|
||||
# ── 5. Pakete installieren ───────────────────────────────────────────────
|
||||
echo -e "\n=== 5/11 Pakete installieren ==="
|
||||
echo -e "\n=== 5/12 Pakete installieren ==="
|
||||
apt install -y \
|
||||
xubuntu-core \
|
||||
bcmwl-kernel-source \
|
||||
|
|
@ -130,7 +130,7 @@ apt install -y \
|
|||
tlp tlp-rdw \
|
||||
git curl wget stow \
|
||||
zsh neovim \
|
||||
build-essential \
|
||||
build-essential dkms \
|
||||
python3 python3-pip python3-venv \
|
||||
nodejs npm \
|
||||
wireguard wireguard-tools \
|
||||
|
|
@ -140,8 +140,8 @@ apt install -y \
|
|||
zoxide \
|
||||
micro \
|
||||
flatpak \
|
||||
thunderbird thunderbird-locale-de \
|
||||
keepassxc \
|
||||
kitty \
|
||||
htop btop cmatrix libcurses-perl cowsay fortune-mod fortunes-de \
|
||||
bat eza fd-find fzf ripgrep tldr ncdu duf \
|
||||
timeshift \
|
||||
|
|
@ -194,13 +194,62 @@ fi
|
|||
snap install freecad 2>/dev/null || warn "FreeCAD Snap uebersprungen"
|
||||
snap install libreoffice 2>/dev/null || warn "LibreOffice Snap uebersprungen"
|
||||
snap install bitwarden 2>/dev/null || warn "Bitwarden Snap uebersprungen"
|
||||
snap install thunderbird 2>/dev/null || warn "Thunderbird Snap uebersprungen"
|
||||
|
||||
# ── 6. Brave Browser (wird in setup-desktop.sh als Flatpak installiert) ──
|
||||
echo -e "\n=== 6/11 Brave Browser ==="
|
||||
ok "Brave wird als Flatpak in setup-desktop.sh installiert"
|
||||
# ── 6. FaceTime HD Webcam (Broadcom 1570, PCIe) ─────────────────────────
|
||||
echo -e "\n=== 6/12 FaceTime HD Webcam ==="
|
||||
if lspci | grep -qi "facetime"; then
|
||||
if ! dkms status 2>/dev/null | grep -q "facetimehd"; then
|
||||
# Firmware extrahieren
|
||||
FTMP=$(mktemp -d)
|
||||
git clone --depth 1 https://github.com/patjak/facetimehd-firmware.git "$FTMP/fw" \
|
||||
&& make -C "$FTMP/fw" \
|
||||
&& make -C "$FTMP/fw" install \
|
||||
&& ok "facetimehd Firmware installiert" \
|
||||
|| warn "facetimehd Firmware fehlgeschlagen"
|
||||
# Treiber bauen und via DKMS installieren
|
||||
git clone --depth 1 https://github.com/patjak/bcwc_pcie.git /usr/src/facetimehd-1.0 \
|
||||
&& cat > /usr/src/facetimehd-1.0/dkms.conf <<'DKMSEOF'
|
||||
PACKAGE_NAME="facetimehd"
|
||||
PACKAGE_VERSION="1.0"
|
||||
MAKE[0]="make -C /lib/modules/${kernelver}/build M=${dkms_tree}/${PACKAGE_NAME}/${PACKAGE_VERSION}/build modules"
|
||||
CLEAN="make -C /lib/modules/${kernelver}/build M=${dkms_tree}/${PACKAGE_NAME}/${PACKAGE_VERSION}/build clean"
|
||||
BUILT_MODULE_NAME[0]="facetimehd"
|
||||
DEST_MODULE_LOCATION[0]="/updates"
|
||||
AUTOINSTALL="yes"
|
||||
DKMSEOF
|
||||
dkms add facetimehd/1.0 \
|
||||
&& dkms build facetimehd/1.0 \
|
||||
&& dkms install facetimehd/1.0 \
|
||||
&& ok "facetimehd DKMS-Treiber installiert" \
|
||||
|| warn "facetimehd DKMS fehlgeschlagen"
|
||||
rm -rf "$FTMP"
|
||||
else
|
||||
ok "facetimehd bereits via DKMS installiert"
|
||||
fi
|
||||
# Modul beim Boot laden
|
||||
echo "facetimehd" > /etc/modules-load.d/facetimehd.conf
|
||||
# Modul jetzt laden (falls nicht in chroot)
|
||||
if [[ "$(stat -c %d:%i /)" == "$(stat -c %d:%i /proc/1/root/.)" ]] 2>/dev/null; then
|
||||
modprobe facetimehd 2>/dev/null || true
|
||||
fi
|
||||
else
|
||||
ok "Keine FaceTime-Kamera erkannt — uebersprungen"
|
||||
fi
|
||||
|
||||
# ── 7. Systemkonfigurationen ─────────────────────────────────────────────
|
||||
echo -e "\n=== 7/11 Systemkonfigurationen ==="
|
||||
# ── 7. Brave Browser (apt-Repo) ──────────────────────────────────────────
|
||||
echo -e "\n=== 7/12 Brave Browser ==="
|
||||
if ! command -v brave-browser &>/dev/null; then
|
||||
curl -fsSLo /tmp/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg
|
||||
install -o root -g root -m 644 /tmp/brave-browser-archive-keyring.gpg /usr/share/keyrings/brave-browser-archive-keyring.gpg
|
||||
echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main" > /etc/apt/sources.list.d/brave-browser-release.list
|
||||
apt update -qq && apt install -y brave-browser
|
||||
rm -f /tmp/brave-browser-archive-keyring.gpg
|
||||
fi
|
||||
ok "Brave Browser installiert (apt)"
|
||||
|
||||
# ── 8. Systemkonfigurationen ─────────────────────────────────────────────
|
||||
echo -e "\n=== 8/12 Systemkonfigurationen ==="
|
||||
|
||||
# mbpfan (modellabhängig)
|
||||
if [[ -n "$REPO_DIR" && -f "$REPO_DIR/mbpfan-${MODEL}.conf" ]]; then
|
||||
|
|
@ -220,55 +269,23 @@ else
|
|||
chmod +x /usr/local/bin/temp-watch.sh || warn "temp-watch.sh Download fehlgeschlagen"
|
||||
fi
|
||||
|
||||
# WireGuard via NetworkManager (.nmconnection direkt schreiben, kein nmcli noetig)
|
||||
# WireGuard via wg-quick (einfacher als NetworkManager, Config 1:1 verwendbar)
|
||||
WG_CONF="$REPO_DIR/wireguard/m${MODEL}.conf"
|
||||
if [[ -n "$REPO_DIR" && -f "$WG_CONF" ]]; then
|
||||
# Alte wg-quick-Config entfernen falls vorhanden
|
||||
systemctl disable --now wg-quick@wg0 2>/dev/null || true
|
||||
# Werte aus der WireGuard-Conf lesen
|
||||
WG_PRIVKEY=$(grep -oP 'PrivateKey\s*=\s*\K.*' "$WG_CONF")
|
||||
WG_LISTEN=$(grep -oP 'ListenPort\s*=\s*\K.*' "$WG_CONF")
|
||||
WG_ADDR=$(grep -oP 'Address\s*=\s*\K.*' "$WG_CONF")
|
||||
WG_PUBKEY=$(grep -oP 'PublicKey\s*=\s*\K.*' "$WG_CONF")
|
||||
WG_PSK=$(grep -oP 'PresharedKey\s*=\s*\K.*' "$WG_CONF")
|
||||
WG_ALLOWED=$(grep -oP 'AllowedIPs\s*=\s*\K.*' "$WG_CONF" | tr -d ' ' | tr ',' ';')
|
||||
WG_ENDPOINT=$(grep -oP 'Endpoint\s*=\s*\K.*' "$WG_CONF")
|
||||
WG_KEEPALIVE=$(grep -oP 'PersistentKeepalive\s*=\s*\K.*' "$WG_CONF")
|
||||
# NM-Verbindungsdatei direkt schreiben (laeuft als root, Keys persistent)
|
||||
NM_CONN_DIR="/etc/NetworkManager/system-connections"
|
||||
mkdir -p "$NM_CONN_DIR"
|
||||
cat > "$NM_CONN_DIR/wg0.nmconnection" <<WGEOF
|
||||
[connection]
|
||||
id=wg0
|
||||
type=wireguard
|
||||
interface-name=wg0
|
||||
autoconnect=true
|
||||
|
||||
[wireguard]
|
||||
listen-port=$WG_LISTEN
|
||||
private-key=$WG_PRIVKEY
|
||||
private-key-flags=0
|
||||
|
||||
[wireguard-peer.${WG_PUBKEY}]
|
||||
preshared-key=$WG_PSK
|
||||
preshared-key-flags=0
|
||||
allowed-ips=$WG_ALLOWED;
|
||||
endpoint=$WG_ENDPOINT
|
||||
persistent-keepalive=$WG_KEEPALIVE
|
||||
|
||||
[ipv4]
|
||||
method=manual
|
||||
address1=$WG_ADDR
|
||||
dns=10.47.11.20;10.47.11.1;
|
||||
dns-search=~.;
|
||||
|
||||
[ipv6]
|
||||
method=ignore
|
||||
WGEOF
|
||||
chmod 600 "$NM_CONN_DIR/wg0.nmconnection"
|
||||
nmcli connection reload 2>/dev/null || true
|
||||
nmcli connection up wg0 2>/dev/null || true
|
||||
ok "WireGuard wg0.nmconnection geschrieben (DNS: 10.47.11.20, 10.47.11.1, autoconnect)"
|
||||
# Alte NM-WireGuard-Verbindung entfernen falls vorhanden
|
||||
nmcli connection delete wg0 2>/dev/null || true
|
||||
rm -f /etc/NetworkManager/system-connections/wg0.nmconnection
|
||||
# wg-quick Config installieren (Dateiname = Interface-Name)
|
||||
WG_NAME="wg-vps"
|
||||
cp "$WG_CONF" "/etc/wireguard/${WG_NAME}.conf"
|
||||
chmod 600 "/etc/wireguard/${WG_NAME}.conf"
|
||||
# Service aktivieren (startet automatisch beim Boot)
|
||||
systemctl enable wg-quick@${WG_NAME} 2>/dev/null || true
|
||||
# Starten falls nicht in chroot
|
||||
if [[ "$(stat -c %d:%i /)" == "$(stat -c %d:%i /proc/1/root/.)" ]] 2>/dev/null; then
|
||||
wg-quick up "$WG_NAME" 2>/dev/null || true
|
||||
fi
|
||||
ok "WireGuard ${WG_NAME} installiert (wg-quick, DNS: Pihole, autostart)"
|
||||
else
|
||||
warn "WireGuard: keine lokale Config gefunden — manuell einrichten"
|
||||
fi
|
||||
|
|
@ -276,7 +293,7 @@ fi
|
|||
ok "Systemkonfigurationen gesetzt"
|
||||
|
||||
# ── 8. XFCE-Konfiguration (beide MBPs haben Retina-Displays) ─────────────
|
||||
echo -e "\n=== 8/11 XFCE-Konfiguration (HiDPI) ==="
|
||||
echo -e "\n=== 8/12 XFCE-Konfiguration (HiDPI) ==="
|
||||
XFCE_XML_DIR="/home/rene/.config/xfce4/xfconf/xfce-perchannel-xml"
|
||||
mkdir -p "$XFCE_XML_DIR"
|
||||
|
||||
|
|
@ -287,7 +304,7 @@ cat > "$XFCE_XML_DIR/xfwm4.xml" <<XFEOF
|
|||
<property name="general" type="empty">
|
||||
<property name="use_compositing" type="bool" value="false"/>
|
||||
<property name="theme" type="string" value="Default-xhdpi"/>
|
||||
<property name="title_font" type="string" value="Sans Bold 9"/>
|
||||
<property name="title_font" type="string" value="Noto Sans Bold 10"/>
|
||||
</property>
|
||||
</channel>
|
||||
XFEOF
|
||||
|
|
@ -304,6 +321,7 @@ cat > "$XFCE_XML_DIR/xsettings.xml" <<XSEOF
|
|||
</property>
|
||||
<property name="Gtk" type="empty">
|
||||
<property name="CursorThemeSize" type="int" value="48"/>
|
||||
<property name="FontName" type="string" value="Noto Sans 10"/>
|
||||
</property>
|
||||
</channel>
|
||||
XSEOF
|
||||
|
|
@ -312,11 +330,27 @@ XSEOF
|
|||
dpkg-divert --local --rename --divert /usr/bin/xfce4-display-settings.real /usr/bin/xfce4-display-settings 2>/dev/null || true
|
||||
ln -sf /usr/bin/true /usr/bin/xfce4-display-settings
|
||||
|
||||
chown -R 1000:1000 /home/rene/.config/xfce4
|
||||
ok "XFCE: Compositor aus, Retina-Skalierung, Display-Settings deaktiviert"
|
||||
# Panel-Konfiguration (Höhe passend zur Schriftgröße)
|
||||
PANEL_XML="$XFCE_XML_DIR/xfce4-panel.xml"
|
||||
if [[ ! -f "$PANEL_XML" ]]; then
|
||||
cat > "$PANEL_XML" <<PEOF
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<channel name="xfce4-panel" version="1.0">
|
||||
<property name="panels" type="array">
|
||||
<value type="int" value="1"/>
|
||||
<property name="panel-1" type="empty">
|
||||
<property name="size" type="uint" value="28"/>
|
||||
</property>
|
||||
</property>
|
||||
</channel>
|
||||
PEOF
|
||||
fi
|
||||
|
||||
# ── 9. Netzwerk: NetworkManager statt netplan ─────────────────────────────
|
||||
echo -e "\n=== 9/11 Netzwerk ==="
|
||||
chown -R 1000:1000 /home/rene/.config/xfce4
|
||||
ok "XFCE: Compositor aus, Retina-Skalierung, Schriften 10pt, Panel 28px, Display-Settings deaktiviert"
|
||||
|
||||
# ── 10. Netzwerk: NetworkManager statt netplan ────────────────────────────
|
||||
echo -e "\n=== 10/12 Netzwerk ==="
|
||||
|
||||
# WLAN-Zugangsdaten aus bestehender netplan-Config übernehmen (falls vorhanden)
|
||||
WLAN_SSID=""
|
||||
|
|
@ -361,8 +395,8 @@ if [ -f "$EFI_VAR" ]; then
|
|||
ok "auto-boot deaktiviert (kein Start beim Netzteil-Anstecken)"
|
||||
fi
|
||||
|
||||
# ── 10. Energieeinstellungen & Lokalisierung ─────────────────────────────
|
||||
echo -e "\n=== 10/11 Energie & Lokalisierung ==="
|
||||
# ── 11. Energieeinstellungen & Lokalisierung ─────────────────────────────
|
||||
echo -e "\n=== 11/12 Energie & Lokalisierung ==="
|
||||
|
||||
tee /etc/systemd/sleep.conf > /dev/null <<EOF
|
||||
[Sleep]
|
||||
|
|
@ -379,8 +413,8 @@ update-locale LANG=de_DE.UTF-8 LC_ALL=de_DE.UTF-8
|
|||
timedatectl set-timezone Europe/Berlin 2>/dev/null || ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
|
||||
ok "Energie & Lokalisierung gesetzt"
|
||||
|
||||
# ── 11. Services aktivieren ──────────────────────────────────────────────
|
||||
echo -e "\n=== 11/11 Services & Shell ==="
|
||||
# ── 12. Services aktivieren ──────────────────────────────────────────────
|
||||
echo -e "\n=== 12/12 Services & Shell ==="
|
||||
systemctl enable mbpfan 2>/dev/null || true
|
||||
systemctl enable thermald 2>/dev/null || true
|
||||
systemctl enable tlp 2>/dev/null || true
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue