docu/pve1/guests/vm105-finance/setup-tws.sh

#!/usr/bin/env bash
# Setup-Script für VM 105 finance: Xvfb + noVNC + TWS + IBC
# Ausführen als ubuntu-User (sudo-fähig), nicht-interaktiv:
#   ssh -i /root/.ssh/finance_vm ubuntu@192.168.10.43 'bash -s' < setup-tws.sh
set -euo pipefail

VNC_PASS="${VNC_PASS:-$(openssl rand -base64 12 | tr -d '/+=')}"

echo "=== [1/6] System-Update ==="
sudo apt-get update -qq
sudo DEBIAN_FRONTEND=noninteractive apt-get upgrade -y -qq

echo "=== [2/6] Pakete installieren ==="
sudo DEBIAN_FRONTEND=noninteractive apt-get install -y -qq \
  xvfb \
  openbox \
  tigervnc-standalone-server \
  novnc \
  websockify \
  openjdk-21-jre \
  wget \
  unzip \
  xdotool \
  x11-utils \
  x11-xserver-utils \
  fonts-dejavu \
  dbus-x11 \
  libxtst6 \
  libxi6 \
  ca-certificates \
  curl

echo "=== [3/6] tws-User anlegen ==="
if ! id -u tws &>/dev/null; then
  sudo useradd -m -s /bin/bash tws
fi
sudo mkdir -p /home/tws/.vnc /home/tws/.config/openbox
sudo chown -R tws:tws /home/tws

echo "=== [4/6] VNC-Passwort setzen (automatisch) ==="
echo "$VNC_PASS" | sudo -u tws vncpasswd -f | sudo -u tws tee /home/tws/.vnc/passwd > /dev/null
sudo chmod 600 /home/tws/.vnc/passwd
sudo chown tws:tws /home/tws/.vnc/passwd

echo "=== [5/6] Systemd-Services erstellen ==="

sudo tee /etc/systemd/system/xvfb.service > /dev/null <<'EOF'
[Unit]
Description=Virtual Framebuffer 1920x1080
After=network.target

[Service]
User=tws
ExecStart=/usr/bin/Xvfb :1 -screen 0 1920x1080x24 -ac -nolisten tcp
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF

sudo tee /etc/systemd/system/openbox.service > /dev/null <<'EOF'
[Unit]
Description=Openbox Window Manager on DISPLAY :1
After=xvfb.service
Requires=xvfb.service

[Service]
User=tws
Environment=DISPLAY=:1
Environment=HOME=/home/tws
ExecStart=/usr/bin/openbox-session
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF

sudo tee /etc/systemd/system/vncserver.service > /dev/null <<'EOF'
[Unit]
Description=TigerVNC x0vncserver on DISPLAY :1
After=xvfb.service
Requires=xvfb.service

[Service]
User=tws
Environment=DISPLAY=:1
ExecStart=/usr/bin/x0vncserver -display :1 -rfbport 5900 -SecurityTypes VncAuth -PasswordFile /home/tws/.vnc/passwd
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF

sudo tee /etc/systemd/system/novnc.service > /dev/null <<'EOF'
[Unit]
Description=noVNC Websocket Proxy
After=vncserver.service
Requires=vncserver.service

[Service]
User=tws
ExecStart=/usr/share/novnc/utils/novnc_proxy --vnc localhost:5900 --listen 0.0.0.0:6080
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF

# Openbox autostart (leer)
sudo -u tws tee /home/tws/.config/openbox/autostart > /dev/null <<'EOF'
# TWS wird via tws-ibc.service gestartet
EOF

echo "=== [6/6] Services aktivieren ==="
sudo systemctl daemon-reload
sudo systemctl enable --now xvfb openbox vncserver novnc

# Kurz warten damit Services hochfahren
sleep 3
sudo systemctl is-active xvfb vncserver novnc || true

VM_IP=$(hostname -I | awk '{print $1}')

echo ""
echo "========================================"
echo " Basis-Stack erfolgreich eingerichtet"
echo "========================================"
echo ""
echo "  noVNC Browser:  http://${VM_IP}:6080/vnc.html"
echo "  VNC Passwort:   ${VNC_PASS}"
echo "  VNC Port:       5900"
echo ""
echo "  BITTE NOTIEREN: VNC-Passwort wird nicht erneut angezeigt"
echo "  Ändern mit:     sudo -u tws vncpasswd /home/tws/.vnc/passwd"
echo ""
echo "Nächster Schritt: TWS + IBC installieren:"
echo "  ssh -i /root/.ssh/finance_vm ubuntu@${VM_IP} 'bash -s' < setup-tws-installer.sh"
echo ""