Steps to get a brand new business notebook with openvpn running

jhwnotebook.sh

#!/bin/bash
# Lokalisieren eines Juhiwue-Notebooks oder Desktops
#
# Usage: wget 
# Für UBUNTU 16.04
# (c) 2017 by Klaus Kappel <kkappel@yahoo.de>

# Sind wir in Rehr?
INTERN=1

echo "jhwclient.sh - Lokalisieren eines Juhiwue-Notebooks oder Desktops"

if [ "$EUID" -ne 0 ]
then echo "Please run as root"
    exit
fi

if [ $# -eq 1 ]; then 
    CLIENT=$1
else 
    echo "Geben Sie den Namen des Rechners ein,"
    echo "für den ein Zertifikat angelegt werden soll!"
    read CLIENT
fi

# hostname ändern
function client {
    gedit /etc/hosts
    gedit /etc/hostname
    hostname -F /etc/hostname
}

function user {
    # sysadmin anlegen
    adduser sysadmin
    # lokalen User anlegen
    echo "Wie soll der lokale Benutzer heissen?"
    read U
    adduser $U
}

function upgrade {
  # System update
    apt-get update
    apt-get upgrade
    apt-get install exfat-fuse exfat-utils
    apt-get install openvpn openssh-server
    apt-get install network-manager-openvpn network-manager-openvpn-gnome
    apt-get install mc emacs
}

function wlan {
  echo Geben Sie den WLAN Benutzernamen ein:
  read username
  echo Geben Sie das WLAN-Passwort ein:
  read pw
  
  ssids="jhw55 jhwjm32 jhwjm25 jhwjm2test jhwjm jhwjm2 jhw jhw55g jhwdjm25 jhwjm2b jhwjm2eg jhwjm1 jhwjm3 jhwjm4"
  mac=$(iw dev | grep addr | cut -c 8-)
  pfad=/etc/NetworkManager/system-connections/

  for ssid in $ssids; do 
     uuid=$(uuidgen)
     sed "s/:wlan00:/$ssid/; s/:user:/$username/; s/:pw:/$pw/; s/:uuid:/$uuid/; s/:mac:/$mac/" wlan00 > $pfad/$ssid
  done
}


function vpn {
    MASTER=piaget.juhiwue.de
    ssh -n root@${MASTER} "univention-certificate new -name $CLIENT"
    scp root@${MASTER}:/etc/univention/ssl/$CLIENT/* /etc/openvpn/
    scp root@${MASTER}:/etc/univention/ssl/ucsCA/CAcert.pem /etc/openvpn/
    cat >> /etc/sysctl.conf <<EOF
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
EOF
    sysctl -p
    service openvpn restart
    cat > /etc/NetworkManager/dnsmasq.d/juhiwue <<EOF
server=/juhiwue.de/192.168.0.5
server=/0.168.192.in-addr.arpa/192.168.0.5
server=/4.168.192.in-addr.arpa/192.168.0.5
EOF

    # service dnsmasq restart
    service network-manager restart
    echo "AUTOSTART=\"all\"" > /etc/default/openvpn
    echo "OMIT_SENDSIGS=0" >> /etc/default/openvpn
    
    cat > /etc/openvpn/clients/rehr1.conf <<EOF
remote rehr1.from-de.com
port 1194
proto udp
client
dev tap
link-mtu 1492
mssfix
nobind
ca CAcert.pem
cert cert.pem
key private.key
keepalive 10 120
auth SHA512
tls-cipher DHE-RSA-AES256-SHA
user nobody
group nogroup
persist-key
persist-tun
verb 2
EOF
}

function teamviewer {
    cd /tmp
    wget https://download.teamviewer.com/download/teamviewer_i386.deb
    dpkg -i teamviewer_i386.deb
}

function nextcloud {
    add-apt-repository ppa:nextcloud-devs/client
    apt-get update
    apt-get install nextcloud-client
}

function fonts {
    cd /tmp
    mkdir fonts
    cd fonts
    wget http://kubin.jugendhilfe-wuemmetal.de/fonts/jhwfonts.tar.gz
    tar xzvf jhwfonts.tar.gz
    mv * /usr/local/share/fonts
    chmod -R a+r /usr/local/share/fonts 
    fc-cache
}

function ucsjoin {
	add-apt-repository ppa:univention-dev/ppa
	apt-get update
	DEBIAN_FRONTEND=noninteractive apt-get install univention-domain-join
	# univention-domain-join-cli
	univention-domain-join
}

function check {    
    echo "Möchten Sie die Funktion: $1 ausführen? (j/n)"
    read a
    if [ "$a" == "j" ]; then
	$1
    fi
}

echo "Wir starten mit dem generieren eines JHW-Client!"

check client
check user
check upgrade
check wlan
check vpn
check teamviewer
check nextcloud
check fonts
check ucsjoin

echo "Ready!!"
echo "Was gibt es noch zu tun?"
echo "NextCloud Client Anmelden: nextcloud &"
echo "LibreOffice Konfiguration (Standard Vorlage)"