#!/usr/bin/env bash # ═══════════════════════════════════════════════════════════════ # NISGuard Agent Installer # ═══════════════════════════════════════════════════════════════ # Usage: # curl -sL https://install.nis-guard.eu | sh -s -- # curl -sL https://install.nis-guard.eu | sh -s -- --docker # ═══════════════════════════════════════════════════════════════ set -euo pipefail C_RED="\033[1;31m"; C_GRN="\033[1;32m"; C_YLW="\033[1;33m"; C_CYN="\033[1;36m"; C_RST="\033[0m" log() { printf "${C_CYN}[NISGuard]${C_RST} %s\n" "$*"; } ok() { printf "${C_GRN}✓${C_RST} %s\n" "$*"; } warn() { printf "${C_YLW}!${C_RST} %s\n" "$*"; } err() { printf "${C_RED}✗${C_RST} %s\n" "$*" >&2; } TOKEN="${1:-}" MODE="native" shift || true for arg in "$@"; do case "$arg" in --docker) MODE="docker" ;; --systemd) MODE="systemd" ;; esac done if [ -z "$TOKEN" ] || [[ ! "$TOKEN" =~ ^[A-Za-z0-9_-]+$ ]]; then err "Site-Token fehlt oder ungültig." echo echo "Verwendung:" echo " curl -sL https://install.nis-guard.eu | sh -s -- NG-XXXX-XXXX-XXXX" echo echo "Token findest du im Dashboard → Geräte → Edge Agent → Provisioning." exit 1 fi log "Erkenne System ..." OS="$(uname -s)" ARCH="$(uname -m)" case "$OS" in Linux*) PLATFORM=linux ;; Darwin*) PLATFORM=macos ;; *) err "Plattform nicht unterstützt: $OS"; exit 1 ;; esac ok "$PLATFORM/$ARCH" API_BASE="${NISGUARD_API:-https://api.nis-guard.eu}" # ── Docker-Modus ───────────────────────────────────────────── if [ "$MODE" = "docker" ]; then if ! command -v docker >/dev/null 2>&1; then err "Docker nicht installiert. Installiere mit: curl -fsSL https://get.docker.com | sh" exit 1 fi log "Lade Image ..." if ! docker pull nisguard/agent:latest >/dev/null 2>&1 \ && ! docker pull ghcr.io/rduetsch/nisguard-agent:latest >/dev/null 2>&1; then warn "Public Registry nicht erreichbar — lade tar-Fallback ..." TMP=$(mktemp -d) && trap "rm -rf $TMP" EXIT curl -fsSL "https://install.nis-guard.eu/agent.tar" -o "$TMP/agent.tar" || { err "Image-Download fehlgeschlagen."; exit 1 } docker load -i "$TMP/agent.tar" >/dev/null fi log "Starte Container ..." docker rm -f nisguard-agent >/dev/null 2>&1 || true docker run -d \ --name nisguard-agent \ --restart unless-stopped \ --network host \ -e NISGUARD_TOKEN="$TOKEN" \ -e NISGUARD_API="$API_BASE" \ -v /var/log:/host/var/log:ro \ -v /etc/nisguard:/etc/nisguard \ nisguard/agent:latest ok "Container nisguard-agent läuft." echo echo "Status: docker ps --filter name=nisguard-agent" echo "Logs: docker logs -f nisguard-agent" echo "Stop: docker rm -f nisguard-agent" exit 0 fi # ── Native Python-Modus ────────────────────────────────────── log "Prüfe Python ..." if ! command -v python3 >/dev/null 2>&1; then warn "python3 fehlt — versuche zu installieren ..." if [ "$PLATFORM" = "linux" ]; then if command -v apt-get >/dev/null; then sudo apt-get update && sudo apt-get install -y python3 python3-pip elif command -v dnf >/dev/null; then sudo dnf install -y python3 python3-pip elif command -v apk >/dev/null; then sudo apk add --no-cache python3 py3-pip else err "Kein Paket-Manager erkannt. Bitte python3 manuell installieren."; exit 1; fi else err "Bitte python3 installieren (z.B. via Homebrew: brew install python)."; exit 1 fi fi ok "$(python3 --version)" INSTALL_DIR="/opt/nisguard-agent" sudo mkdir -p "$INSTALL_DIR" && sudo chown "$(id -u):$(id -g)" "$INSTALL_DIR" log "Lade Agent-Skript ..." curl -fsSL "${API_BASE/api./install.}/nisguard-log-agent.py" -o "$INSTALL_DIR/nisguard-log-agent.py" \ || curl -fsSL "https://install.nis-guard.eu/nisguard-log-agent.py" -o "$INSTALL_DIR/nisguard-log-agent.py" chmod +x "$INSTALL_DIR/nisguard-log-agent.py" ok "Agent in $INSTALL_DIR" log "Installiere Python-Abhängigkeiten ..." python3 -m pip install --quiet --user requests pyyaml # Config schreiben mkdir -p "$HOME/.config/nisguard" cat > "$HOME/.config/nisguard/agent.yml" << EOF api_url: $API_BASE site_token: $TOKEN interval: 30 batch_size: 50 sources: - type: journald enabled: true EOF ok "Konfiguration in ~/.config/nisguard/agent.yml" # Systemd-Service (optional) if [ "$PLATFORM" = "linux" ] && [ "$MODE" != "manual" ] && command -v systemctl >/dev/null; then log "Installiere systemd-Service ..." sudo tee /etc/systemd/system/nisguard-agent.service >/dev/null << EOF [Unit] Description=NISGuard Log Agent After=network-online.target Wants=network-online.target [Service] Type=simple User=$(id -un) ExecStart=/usr/bin/python3 $INSTALL_DIR/nisguard-log-agent.py --config $HOME/.config/nisguard/agent.yml Restart=always RestartSec=10 [Install] WantedBy=multi-user.target EOF sudo systemctl daemon-reload sudo systemctl enable --now nisguard-agent ok "Service nisguard-agent läuft (systemctl status nisguard-agent)" fi echo ok "Installation abgeschlossen." echo echo "Verbindung testen: curl -sf $API_BASE/health && echo OK" echo "Logs anzeigen: sudo journalctl -u nisguard-agent -f" echo "Status im Dashboard: https://app.nis-guard.eu/devices"