chore: Änderungen commited
This commit is contained in:
496
backend/setup/modules/packages.sh
Normal file
496
backend/setup/modules/packages.sh
Normal file
@ -0,0 +1,496 @@
|
||||
#!/bin/bash
|
||||
|
||||
#######################################################################
|
||||
# MYP AIO-Installer - System Packages Module
|
||||
#
|
||||
# Dieses Modul behandelt die Installation und Aktualisierung von:
|
||||
# - System-Updates und Upgrades
|
||||
# - Grundlegende System-Packages
|
||||
# - Zusätzliche Sources und Repositories
|
||||
# - Abhängigkeiten für das MYP-System
|
||||
#######################################################################
|
||||
|
||||
# Funktionsdeklarationen für Package Management
|
||||
|
||||
update_system_packages() {
|
||||
log "INFO" "=== SYSTEM-PACKAGES AKTUALISIEREN ==="
|
||||
|
||||
# APT Sources konfigurieren
|
||||
configure_apt_sources
|
||||
|
||||
# System-Update durchführen
|
||||
perform_system_update
|
||||
|
||||
# Grundlegende Packages installieren
|
||||
install_base_packages
|
||||
|
||||
# Spezielle Repositories hinzufügen
|
||||
add_additional_repositories
|
||||
|
||||
# Cleanup durchführen
|
||||
cleanup_packages
|
||||
|
||||
log "INFO" "System-Package-Aktualisierung abgeschlossen"
|
||||
}
|
||||
|
||||
configure_apt_sources() {
|
||||
log "INFO" "Konfiguriere APT-Sources..."
|
||||
|
||||
# Backup der aktuellen sources.list
|
||||
cp /etc/apt/sources.list /etc/apt/sources.list.backup.$(date +%Y%m%d)
|
||||
|
||||
# Detect Debian/Ubuntu Version
|
||||
local os_id=$(lsb_release -si)
|
||||
local os_codename=$(lsb_release -sc)
|
||||
|
||||
log "INFO" "Erkanntes System: $os_id $os_codename"
|
||||
|
||||
case "$os_id" in
|
||||
"Debian")
|
||||
configure_debian_sources "$os_codename"
|
||||
;;
|
||||
"Ubuntu"|"Raspbian")
|
||||
configure_ubuntu_sources "$os_codename"
|
||||
;;
|
||||
*)
|
||||
log "WARN" "Unbekanntes System, verwende Standard-Konfiguration"
|
||||
;;
|
||||
esac
|
||||
|
||||
# Sicherstellen dass Universe und Multiverse aktiviert sind (Ubuntu/Raspbian)
|
||||
if [[ "$os_id" == "Ubuntu" ]] || [[ "$os_id" == "Raspbian" ]]; then
|
||||
add-apt-repository universe -y 2>/dev/null || true
|
||||
add-apt-repository multiverse -y 2>/dev/null || true
|
||||
fi
|
||||
|
||||
log "INFO" "APT-Sources konfiguriert"
|
||||
}
|
||||
|
||||
configure_debian_sources() {
|
||||
local codename="$1"
|
||||
|
||||
log "INFO" "Konfiguriere Debian Sources für $codename"
|
||||
|
||||
# Standard Debian Sources
|
||||
cat > /etc/apt/sources.list << EOF
|
||||
# Debian $codename - Hauptrepositories
|
||||
deb http://deb.debian.org/debian $codename main contrib non-free
|
||||
deb-src http://deb.debian.org/debian $codename main contrib non-free
|
||||
|
||||
# Debian $codename - Updates
|
||||
deb http://deb.debian.org/debian $codename-updates main contrib non-free
|
||||
deb-src http://deb.debian.org/debian $codename-updates main contrib non-free
|
||||
|
||||
# Debian $codename - Security Updates
|
||||
deb http://security.debian.org/debian-security $codename-security main contrib non-free
|
||||
deb-src http://security.debian.org/debian-security $codename-security main contrib non-free
|
||||
|
||||
# Debian $codename - Backports (falls verfügbar)
|
||||
deb http://deb.debian.org/debian $codename-backports main contrib non-free
|
||||
deb-src http://deb.debian.org/debian $codename-backports main contrib non-free
|
||||
EOF
|
||||
}
|
||||
|
||||
configure_ubuntu_sources() {
|
||||
local codename="$1"
|
||||
|
||||
log "INFO" "Konfiguriere Ubuntu/Raspbian Sources für $codename"
|
||||
|
||||
# Ubuntu/Raspbian Sources
|
||||
cat > /etc/apt/sources.list << EOF
|
||||
# Ubuntu/Raspbian $codename - Hauptrepositories
|
||||
deb http://archive.ubuntu.com/ubuntu $codename main restricted universe multiverse
|
||||
deb-src http://archive.ubuntu.com/ubuntu $codename main restricted universe multiverse
|
||||
|
||||
# Ubuntu/Raspbian $codename - Updates
|
||||
deb http://archive.ubuntu.com/ubuntu $codename-updates main restricted universe multiverse
|
||||
deb-src http://archive.ubuntu.com/ubuntu $codename-updates main restricted universe multiverse
|
||||
|
||||
# Ubuntu/Raspbian $codename - Security Updates
|
||||
deb http://security.ubuntu.com/ubuntu $codename-security main restricted universe multiverse
|
||||
deb-src http://security.ubuntu.com/ubuntu $codename-security main restricted universe multiverse
|
||||
|
||||
# Ubuntu/Raspbian $codename - Backports
|
||||
deb http://archive.ubuntu.com/ubuntu $codename-backports main restricted universe multiverse
|
||||
deb-src http://archive.ubuntu.com/ubuntu $codename-backports main restricted universe multiverse
|
||||
EOF
|
||||
}
|
||||
|
||||
perform_system_update() {
|
||||
log "INFO" "Führe System-Update durch..."
|
||||
|
||||
# APT-Cache aktualisieren
|
||||
log "INFO" "Aktualisiere APT-Cache..."
|
||||
apt-get update -y || {
|
||||
log "ERROR" "APT-Update fehlgeschlagen"
|
||||
return 1
|
||||
}
|
||||
|
||||
# Upgrade durchführen
|
||||
log "INFO" "Führe System-Upgrade durch..."
|
||||
DEBIAN_FRONTEND=noninteractive apt-get upgrade -y || {
|
||||
log "ERROR" "APT-Upgrade fehlgeschlagen"
|
||||
return 1
|
||||
}
|
||||
|
||||
# Dist-Upgrade für kritische Updates
|
||||
log "INFO" "Führe Distribution-Upgrade durch..."
|
||||
DEBIAN_FRONTEND=noninteractive apt-get dist-upgrade -y || {
|
||||
log "WARN" "Dist-Upgrade hatte Probleme, fortfahren..."
|
||||
}
|
||||
|
||||
log "INFO" "System-Update abgeschlossen"
|
||||
}
|
||||
|
||||
install_base_packages() {
|
||||
log "INFO" "Installiere grundlegende System-Packages..."
|
||||
|
||||
# Essentielle System-Tools
|
||||
local base_packages=(
|
||||
# Grundlegende Tools
|
||||
"curl"
|
||||
"wget"
|
||||
"git"
|
||||
"unzip"
|
||||
"zip"
|
||||
"tar"
|
||||
"gzip"
|
||||
"rsync"
|
||||
"htop"
|
||||
"tree"
|
||||
"nano"
|
||||
"vim-tiny"
|
||||
|
||||
# Netzwerk-Tools
|
||||
"net-tools"
|
||||
"iputils-ping"
|
||||
"dnsutils"
|
||||
"ssh"
|
||||
"openssh-server"
|
||||
|
||||
# Build-Tools
|
||||
"build-essential"
|
||||
"gcc"
|
||||
"g++"
|
||||
"make"
|
||||
"cmake"
|
||||
"pkg-config"
|
||||
|
||||
# Python-Grundlagen
|
||||
"python3"
|
||||
"python3-pip"
|
||||
"python3-dev"
|
||||
"python3-venv"
|
||||
"python3-setuptools"
|
||||
"python3-wheel"
|
||||
|
||||
# SSL/TLS
|
||||
"ca-certificates"
|
||||
"openssl"
|
||||
|
||||
# System-Utilities
|
||||
"systemd"
|
||||
"systemctl"
|
||||
"cron"
|
||||
"logrotate"
|
||||
"sudo"
|
||||
|
||||
# Raspberry Pi spezifisch
|
||||
"rpi-update"
|
||||
"raspberrypi-kernel-headers"
|
||||
|
||||
# Zusätzliche Libraries
|
||||
"libffi-dev"
|
||||
"libssl-dev"
|
||||
"libxml2-dev"
|
||||
"libxslt1-dev"
|
||||
"zlib1g-dev"
|
||||
"libjpeg-dev"
|
||||
"libpng-dev"
|
||||
"libfreetype6-dev"
|
||||
"liblcms2-dev"
|
||||
"libwebp-dev"
|
||||
"tcl8.6-dev"
|
||||
"tk8.6-dev"
|
||||
"python3-tk"
|
||||
|
||||
# Firewall
|
||||
"ufw"
|
||||
"iptables"
|
||||
"iptables-persistent"
|
||||
|
||||
# Monitoring
|
||||
"psmisc"
|
||||
"lsof"
|
||||
"strace"
|
||||
)
|
||||
|
||||
# Installiere Packages in Batches für bessere Fehlerbehandlung
|
||||
local batch_size=10
|
||||
local total_packages=${#base_packages[@]}
|
||||
local current_batch=0
|
||||
|
||||
for ((i=0; i<total_packages; i+=batch_size)); do
|
||||
current_batch=$((current_batch + 1))
|
||||
local batch=("${base_packages[@]:i:batch_size}")
|
||||
|
||||
log "INFO" "Installiere Package-Batch $current_batch (${#batch[@]} Packages)..."
|
||||
|
||||
if ! DEBIAN_FRONTEND=noninteractive apt-get install -y "${batch[@]}"; then
|
||||
log "WARN" "Batch $current_batch hatte Probleme, installiere einzeln..."
|
||||
|
||||
# Installiere einzeln bei Fehlern
|
||||
for package in "${batch[@]}"; do
|
||||
if ! DEBIAN_FRONTEND=noninteractive apt-get install -y "$package"; then
|
||||
log "WARN" "Package konnte nicht installiert werden: $package"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
done
|
||||
|
||||
log "INFO" "Grundlegende Packages installiert"
|
||||
}
|
||||
|
||||
add_additional_repositories() {
|
||||
log "INFO" "Füge zusätzliche Repositories hinzu..."
|
||||
|
||||
# Node.js Repository (NodeSource)
|
||||
add_nodejs_repository
|
||||
|
||||
# Chromium Repository (falls nicht verfügbar)
|
||||
add_chromium_repository
|
||||
|
||||
# Docker Repository (optional, für erweiterte Funktionen)
|
||||
# add_docker_repository
|
||||
|
||||
log "INFO" "Zusätzliche Repositories hinzugefügt"
|
||||
}
|
||||
|
||||
add_nodejs_repository() {
|
||||
log "INFO" "Füge Node.js Repository hinzu..."
|
||||
|
||||
# NodeSource GPG-Key hinzufügen
|
||||
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - || {
|
||||
log "WARN" "Node.js GPG-Key konnte nicht hinzugefügt werden"
|
||||
return 1
|
||||
}
|
||||
|
||||
# Node.js 18.x Repository
|
||||
local os_codename=$(lsb_release -sc)
|
||||
echo "deb https://deb.nodesource.com/node_18.x $os_codename main" > /etc/apt/sources.list.d/nodesource.list
|
||||
echo "deb-src https://deb.nodesource.com/node_18.x $os_codename main" >> /etc/apt/sources.list.d/nodesource.list
|
||||
|
||||
# APT-Cache aktualisieren
|
||||
apt-get update -y || {
|
||||
log "WARN" "Node.js Repository-Update fehlgeschlagen"
|
||||
return 1
|
||||
}
|
||||
|
||||
log "INFO" "Node.js Repository hinzugefügt"
|
||||
}
|
||||
|
||||
add_chromium_repository() {
|
||||
log "INFO" "Prüfe Chromium-Verfügbarkeit..."
|
||||
|
||||
# Prüfe ob Chromium bereits verfügbar ist
|
||||
if apt-cache search chromium-browser | grep -q chromium-browser; then
|
||||
log "INFO" "Chromium ist bereits über Standard-Repository verfügbar"
|
||||
return 0
|
||||
fi
|
||||
|
||||
# Füge Snap für Chromium hinzu falls APT-Version nicht verfügbar
|
||||
if command -v snap >/dev/null 2>&1; then
|
||||
log "INFO" "Snap verfügbar, Chromium wird über Snap installiert"
|
||||
return 0
|
||||
fi
|
||||
|
||||
# Installiere Snap falls nicht vorhanden
|
||||
if ! DEBIAN_FRONTEND=noninteractive apt-get install -y snapd; then
|
||||
log "WARN" "Snap konnte nicht installiert werden"
|
||||
return 1
|
||||
fi
|
||||
|
||||
log "INFO" "Snap für Chromium-Installation vorbereitet"
|
||||
}
|
||||
|
||||
add_docker_repository() {
|
||||
log "INFO" "Füge Docker Repository hinzu (optional)..."
|
||||
|
||||
# Docker GPG-Key
|
||||
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - || {
|
||||
log "WARN" "Docker GPG-Key konnte nicht hinzugefügt werden"
|
||||
return 1
|
||||
}
|
||||
|
||||
# Docker Repository
|
||||
local os_codename=$(lsb_release -sc)
|
||||
echo "deb [arch=amd64,arm64,armhf] https://download.docker.com/linux/debian $os_codename stable" > /etc/apt/sources.list.d/docker.list
|
||||
|
||||
# APT-Cache aktualisieren
|
||||
apt-get update -y || {
|
||||
log "WARN" "Docker Repository-Update fehlgeschlagen"
|
||||
return 1
|
||||
}
|
||||
|
||||
log "INFO" "Docker Repository hinzugefügt"
|
||||
}
|
||||
|
||||
install_security_updates() {
|
||||
log "INFO" "Installiere Sicherheitsupdates..."
|
||||
|
||||
# Unattended-upgrades für automatische Sicherheitsupdates
|
||||
DEBIAN_FRONTEND=noninteractive apt-get install -y unattended-upgrades apt-listchanges || {
|
||||
log "WARN" "Unattended-upgrades konnte nicht installiert werden"
|
||||
}
|
||||
|
||||
# Konfiguriere automatische Sicherheitsupdates
|
||||
cat > /etc/apt/apt.conf.d/20auto-upgrades << 'EOF'
|
||||
APT::Periodic::Update-Package-Lists "1";
|
||||
APT::Periodic::Unattended-Upgrade "1";
|
||||
APT::Periodic::AutocleanInterval "7";
|
||||
EOF
|
||||
|
||||
# Konfiguriere welche Updates automatisch installiert werden
|
||||
cat > /etc/apt/apt.conf.d/50unattended-upgrades << 'EOF'
|
||||
Unattended-Upgrade::Allowed-Origins {
|
||||
"${distro_id}:${distro_codename}-security";
|
||||
"${distro_id} ESMApps:${distro_codename}-apps-security";
|
||||
"${distro_id} ESM:${distro_codename}-infra-security";
|
||||
};
|
||||
|
||||
Unattended-Upgrade::Package-Blacklist {
|
||||
// Keine Packages blockieren für MYP-System
|
||||
};
|
||||
|
||||
Unattended-Upgrade::AutoFixInterruptedDpkg "true";
|
||||
Unattended-Upgrade::MinimalSteps "true";
|
||||
Unattended-Upgrade::Remove-Unused-Dependencies "true";
|
||||
Unattended-Upgrade::Automatic-Reboot "false";
|
||||
Unattended-Upgrade::SyslogEnable "true";
|
||||
EOF
|
||||
|
||||
log "INFO" "Automatische Sicherheitsupdates konfiguriert"
|
||||
}
|
||||
|
||||
cleanup_packages() {
|
||||
log "INFO" "Bereinige Package-System..."
|
||||
|
||||
# Nicht mehr benötigte Packages entfernen
|
||||
apt-get autoremove --purge -y || {
|
||||
log "WARN" "Autoremove hatte Probleme"
|
||||
}
|
||||
|
||||
# APT-Cache bereinigen
|
||||
apt-get autoclean || {
|
||||
log "WARN" "Autoclean hatte Probleme"
|
||||
}
|
||||
|
||||
apt-get clean || {
|
||||
log "WARN" "Clean hatte Probleme"
|
||||
}
|
||||
|
||||
# Alte Kernel entfernen (behalte nur die letzten 2)
|
||||
if command -v purge-old-kernels >/dev/null 2>&1; then
|
||||
purge-old-kernels --keep 2 -y || {
|
||||
log "WARN" "Alte Kernel konnten nicht bereinigt werden"
|
||||
}
|
||||
fi
|
||||
|
||||
log "INFO" "Package-System bereinigt"
|
||||
}
|
||||
|
||||
verify_packages() {
|
||||
log "INFO" "Überprüfe installierte Packages..."
|
||||
|
||||
local errors=0
|
||||
|
||||
# Kritische Packages prüfen
|
||||
local critical_packages=(
|
||||
"python3"
|
||||
"python3-pip"
|
||||
"git"
|
||||
"curl"
|
||||
"wget"
|
||||
"build-essential"
|
||||
"openssh-server"
|
||||
"systemd"
|
||||
)
|
||||
|
||||
for package in "${critical_packages[@]}"; do
|
||||
if ! dpkg -l | grep -q "^ii.*$package"; then
|
||||
log "ERROR" "Kritisches Package fehlt: $package"
|
||||
errors=$((errors + 1))
|
||||
fi
|
||||
done
|
||||
|
||||
# System-Dienste prüfen
|
||||
local critical_services=(
|
||||
"ssh"
|
||||
"systemd-resolved"
|
||||
"cron"
|
||||
)
|
||||
|
||||
for service in "${critical_services[@]}"; do
|
||||
if ! systemctl is-active --quiet "$service"; then
|
||||
log "WARN" "Service nicht aktiv: $service"
|
||||
fi
|
||||
done
|
||||
|
||||
if [[ $errors -eq 0 ]]; then
|
||||
log "INFO" "Package-Verifikation erfolgreich"
|
||||
return 0
|
||||
else
|
||||
log "ERROR" "Package-Verifikation fehlgeschlagen ($errors Fehler)"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
optimize_raspberry_pi() {
|
||||
log "INFO" "Optimiere System für Raspberry Pi..."
|
||||
|
||||
# Prüfe ob es sich um einen Raspberry Pi handelt
|
||||
if [[ ! -f /proc/device-tree/model ]] || ! grep -q "Raspberry Pi" /proc/device-tree/model; then
|
||||
log "INFO" "Kein Raspberry Pi erkannt, überspringe Optimierungen"
|
||||
return 0
|
||||
fi
|
||||
|
||||
# GPU Memory Split optimieren
|
||||
if command -v raspi-config >/dev/null 2>&1; then
|
||||
log "INFO" "Konfiguriere GPU Memory Split..."
|
||||
raspi-config nonint do_memory_split 128
|
||||
fi
|
||||
|
||||
# Overclock aktivieren (vorsichtig)
|
||||
if [[ -f /boot/config.txt ]]; then
|
||||
log "INFO" "Aktiviere moderate Overclock-Einstellungen..."
|
||||
|
||||
# Backup der config.txt
|
||||
cp /boot/config.txt /boot/config.txt.backup.$(date +%Y%m%d)
|
||||
|
||||
# Füge Overclock-Einstellungen hinzu
|
||||
cat >> /boot/config.txt << 'EOF'
|
||||
|
||||
# MYP System Optimierungen
|
||||
# Moderate Overclock für bessere Performance
|
||||
arm_freq=1200
|
||||
gpu_freq=400
|
||||
sdram_freq=500
|
||||
over_voltage=2
|
||||
|
||||
# USB Power
|
||||
max_usb_current=1
|
||||
|
||||
# Audio deaktivieren (nicht benötigt)
|
||||
dtparam=audio=off
|
||||
EOF
|
||||
fi
|
||||
|
||||
# Swap optimieren
|
||||
if [[ -f /etc/dphys-swapfile ]]; then
|
||||
log "INFO" "Optimiere Swap-Konfiguration..."
|
||||
sed -i 's/CONF_SWAPSIZE=100/CONF_SWAPSIZE=1024/' /etc/dphys-swapfile
|
||||
systemctl restart dphys-swapfile
|
||||
fi
|
||||
|
||||
log "INFO" "Raspberry Pi Optimierungen abgeschlossen"
|
||||
}
|
||||
Reference in New Issue
Block a user