diff --git a/.gitignore b/.gitignore index 1fcc764..656b86f 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,5 @@ config/skel.tar.zst config/.sync_*.db config/.sync_*.db config.d/*.conf +ks_pc_prof/* +ks.cfg diff --git a/CLAUDE.md b/CLAUDE.md index c8e2d80..3bdc345 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -70,7 +70,6 @@ ${CLIENT_SOFTWARE_DST}/install.sh 0010_kwallet - `ks.cfg` — the primary kickstart used for production installs (Fedora 43, KDE, x86_64, German locale/keyboard) - `ks_base_profiles/kde_fullsetup.cfg` — an alternate/reference profile generated by Anaconda -- `ks_base_profiles/minimal_setup.cfg`, `part_sda.cfg` — additional profile fragments - `ks_pc_prof/` — per-machine kickstart overrides, named by system UUID suffix (e.g. `pc-9cdb93ef7c20.cfg`) ## Sudo rule required for logon_script diff --git a/README.md b/README.md index 42fd8cd..243a737 100644 --- a/README.md +++ b/README.md @@ -1,23 +1,18 @@ -# Fedora OEMDRV + +# Fedora automated install script collection an automated massinstallation scripting collection for Fedora and Anaconda IN DEVELOPMENT ! This Software is very Specific, it needs at least: -- A Free IPA Server with IP Clients enrolled to the Domain -- A Nextcloud instance, connected to the Domain +- A Free IPA Server in which IP Clients can be enrolled to +- An Admin that has the rights to do so +- A Nextcloud instance, connected to the Domain which should have Software Configuration and Reository Paths setup - A client pc that will use this software to automate install and setup the PC ## Install -1. Create Partition named "OEMDRV", at least 1 GByte in size on a local disk that will be readable when starting installation from stick -2. Format it BTRFS and mount it to "/opt/sys_config" -3. Copy git files in it with "git clone --progress --depth 1 https://gitea.dtext.online/obel1x/fedora-OEMDRV.git /opt/sys_config" - 1. or for developement "git clone --progress https://gitea.dtext.online/obel1x/fedora-OEMDRV.git /opt/sys_config" +- Look at the file [install.md](install.md) -Setup -- Make a copy of /opt/sys_config/system_setup/setup_system.conf.dist, name it /opt/sys_config/system_setup/setup_system.conf -- Check the settings in it and change to your needs before running - -More to come... +more to come diff --git a/configure.md b/configure.md new file mode 100644 index 0000000..1afc83a --- /dev/null +++ b/configure.md @@ -0,0 +1,34 @@ +# configure.sh — First-time setup wizard + +Run `system_setup/configure.sh` as a **normal user** (not root) on the machine that has the OEMDRV partition mounted. It guides you through all site-specific settings, tests the configuration, and leaves the system ready for a Fedora installation. + +```bash +bash /opt/sys_config/system_setup/configure.sh +``` + +## What it does + +1. **Edits configuration values** — prompts for each setting below. Press Enter to keep the shown default, or type a new value. Derived values (e.g. `SERVERFQDN_IPA`) are updated immediately when you change `TLDOMAIN`, so subsequent prompts always reflect your latest input. + + | Variable | Description | + |---|---| + | `TLDOMAIN` | Top-level domain of your infrastructure (e.g. `company.tld`) | + | `SERVERFQDN_IPA` | FQDN of the FreeIPA server (default: `ipa.`) | + | `SERVERFQDN_NC` | FQDN of the Nextcloud server (default: `nextcloud.`) | + | `CLIENTADMINGROUP` | IPA group that receives sudo rights on clients | + | `DECRYPTEDDATADIR` | Mount point for the decrypted user data directory | + | `ENCRYPTEDDATADIR` | Path of the gocryptfs-encrypted data directory | + | `IPAVAULTUSE` | `true` to use IPA KRA vault for the encryption key, `false` to disable encryption | + | `IPAVAULTNAME` | Name of the IPA vault entry (default: `CLIENT_FILEENCRYPTION_`) | + +2. **Confirms the FQDN** — shows the computed `FQDN` (`.clients.`) and lets you override the hostname part if needed. + +3. **Tests the encrypted home mount** — runs `mount_ecrypt_home.sh`. On failure you can restart the wizard or quit. + +4. **Obtains a Nextcloud WebDAV token** — calls `get_nc_token`, which opens Firefox for login. Verifies that the returned token belongs to the current user. You can retry or quit on failure. + +5. On success, the written config file `config.d/configure.conf` is picked up automatically by all other scripts instead of `config/setup_system.conf`. + +## After the wizard completes + +Boot the target machine from the Fedora USB installer. Anaconda detects the OEMDRV partition and runs the Kickstart automatically. diff --git a/ks.cfg b/ks_base_profiles/cinnamon_fullsetup.cfg similarity index 90% rename from ks.cfg rename to ks_base_profiles/cinnamon_fullsetup.cfg index 1006d75..5833e0d 100644 --- a/ks.cfg +++ b/ks_base_profiles/cinnamon_fullsetup.cfg @@ -1,4 +1,6 @@ -#Basic settings: +# Full Cinnamon Setup + +#Basic settings graphical text @@ -25,13 +27,11 @@ mount -L OEMDRV /mnt/anaconda_pre %end %packages -@^kde-desktop-environment +@^cinnamon-desktop-environment @core @admin-tools @domain-client @system-tools -@kde-media -@kde-spin-initial-setup @libreoffice @office @sound-and-video @@ -57,29 +57,17 @@ pykickstart xrdp xorgxrdp libxcb-doc -plasma-workspace-x11 xterm wmctrl flatpak btrfs-assistant btrbk -ktorrent +transmission-gtk cadaver -kdevelop git diffuse remmina android-tools --kpat --kmines -#Annoying plasmoids --kdeplasma-addons -#Search - Powerful, but slow --akonadi-server --akonadi-server-mysql --dragon --kdeconnectd --kde-connect -samba -samba-client -samba-usershares diff --git a/ks_base_profiles/kde_fullsetup.cfg b/ks_base_profiles/kde_fullsetup.cfg index 21445f6..4e0774b 100644 --- a/ks_base_profiles/kde_fullsetup.cfg +++ b/ks_base_profiles/kde_fullsetup.cfg @@ -1,47 +1,115 @@ -# Generated by Anaconda 43.44 +# Full KDE Wayland Setup -%pre -/bin/sh /mnt/tmp/ks_base_profiles/basic_pre_script.inc -%end +#Basic settings +graphical +text + +# Configure installation method +url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64" +repo --name=fedora-updates --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64" --cost=0 +repo --name=fedora-cisco-openh264 --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-cisco-openh264-43&arch=x86_64" --install +repo --name=rpmfusion-free --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-43&arch=x86_64" +repo --name=rpmfusion-free-updates --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-updates-released-43&arch=x86_64" --cost=0 +repo --name=rpmfusion-nonfree --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=nonfree-fedora-43&arch=x86_64" +repo --name=rpmfusion-nonfree-updates --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=nonfree-fedora-updates-released-43&arch=x86_64" --cost=0 # Keyboard layouts keyboard --vckeymap=de-nodeadkeys --xlayouts='de (nodeadkeys)' # System language lang de_DE.UTF-8 +# System timezone +timezone Europe/Berlin --utc + +%pre --log=/root/ks-pre.log +mkdir /mnt/anaconda_pre +mount -L OEMDRV /mnt/anaconda_pre +/bin/sh /mnt/anaconda_pre/ks_base_profiles/basic_pre_script.inc +%end %packages @^kde-desktop-environment +@core @admin-tools -@development-tools @domain-client -@editors -@firefox -@kde-apps -@kde-desktop +@system-tools @kde-media @kde-spin-initial-setup @libreoffice @office @sound-and-video -@system-tools +libva-utils +libavcodec-freeworld +mesa-va-drivers-freeworld +ffmpeg @vlc - +python-vlc +@firefox +thunderbird +openssh-server +bash +sudo +gocryptfs +htop +mc +mediawriter +python-pip +pykickstart +xrdp +xorgxrdp +libxcb-doc +plasma-workspace-x11 +xterm +wmctrl +flatpak +btrfs-assistant +btrbk +ktorrent +cadaver +kdevelop +git +diffuse +remmina +android-tools +-kpat +-kmines +#Annoying plasmoids +-kdeplasma-addons +#Search - Powerful, but slow +-akonadi-server +-akonadi-server-mysql +-dragon +-kdeconnectd +-kde-connect +-samba +-samba-client +-samba-usershares +-BackupPC +#Needed by SSSD +oddjob-mkhomedir +nss-pam-ldapd %end # System authorization information authselect enable-feature with-fingerprint -# Run the Setup Agent on first boot -firstboot --enable - -timesource --ntp-server=_gateway -# System timezone -timezone Europe/Berlin --utc +# Generated using Blivet version 3.12.1 +ignoredisk --only-use=sda +# Partition clearing information +#clearpart --none --initlabel +clearpart --none +autopart --type=btrfs # Root password # This Password is completely unknown to anyone. After installation, the PC should be Member of Domain and the users may use sudo to become superuser. rootpw --iscrypted $y$j9T$jpKVkxaFqL6GH6GAgB0Yb/$oc.rfZgnHNlTAIj/boJeI.ZFf1QHvMF7fymZww9bzE3 +#user --name=none -%post -/bin/sh /mnt/tmp/system_setup/setup_system_full.sh install +# Do not run the Setup Agent on first boot because it will complain about missing user account which we dont want +firstboot --disable + +%post --log=/root/ks-post.log +mkdir /opt/sys_config +mount -L OEMDRV /opt/sys_config +/bin/sh /opt/sys_config/system_setup/setup_system_full.sh install +umount /opt/sys_config %end diff --git a/ks_base_profiles/minimal_setup.cfg b/ks_base_profiles/minimal_setup.cfg deleted file mode 100644 index ab8e1e3..0000000 --- a/ks_base_profiles/minimal_setup.cfg +++ /dev/null @@ -1,50 +0,0 @@ -# Generated by Anaconda 43.44 -# Keyboard layouts -keyboard --vckeymap=de-nodeadkeys --xlayouts='de (nodeadkeys)' -# System language -lang de_DE.UTF-8 - -%packages -@^kde-desktop-environment -@admin-tools -@development-tools -@domain-client -@editors -@firefox -@kde-apps -@kde-desktop -@kde-media -@kde-spin-initial-setup -@libreoffice -@office -@sound-and-video -@system-tools -@vlc - -%end - -# System authorization information -authselect enable-feature with-fingerprint - -# Run the Setup Agent on first boot -firstboot --enable - -# Generated using Blivet version 3.12.1 -ignoredisk --only-use=nvme0n1 -# Partition clearing information -clearpart --none --initlabel -# Disk partitioning information -part /boot/efi --fstype="efi" --ondisk=nvme0n1 --size=600 --fsoptions="umask=0077,shortname=winnt" -part /sys_config --fstype="ext4" --noformat --onpart=UUID=3f9837da-5a46-4da1-a98b-62a8899e63cb --label=OEMDRV -part /boot --fstype="ext4" --ondisk=nvme0n1 --size=2048 -part btrfs.115 --fstype="btrfs" --ondisk=nvme0n1 --size=485249 -btrfs none --label=fedora_fedora btrfs.115 -btrfs / --subvol --name=root LABEL=fedora_fedora -btrfs /home --subvol --name=home LABEL=fedora_fedora - -timesource --ntp-server=_gateway -# System timezone -timezone Europe/Berlin --utc - -# Root password -rootpw --iscrypted $y$j9T$SYQgSGCnU.FUaT7BKMEI9TKz$nLPf1uHlzpoBCmEndvVRK2FnY67wUY2TyxiMUIufH7A \ No newline at end of file diff --git a/ks_base_profiles/part_sda.cfg b/ks_base_profiles/part_sda.cfg deleted file mode 100644 index 5ef26b5..0000000 --- a/ks_base_profiles/part_sda.cfg +++ /dev/null @@ -1,10 +0,0 @@ -# Generated using Blivet version 3.12.1 -ignoredisk --only-use=sda -# Partition clearing information -clearpart --none --initlabel -# Disk partitioning information -part biosboot --fstype="biosboot" --ondisk=sda --size=1 -part btrfs.69 --fstype="btrfs" --ondisk=sda --size=80000 -part /boot --fstype="xfs" --ondisk=sda --size=2048 -btrfs none --label=fedora btrfs.69 -btrfs / --subvol --name=root LABEL=fedora diff --git a/ks_pc_prof/pc-9cdb93ef7c20.cfg b/ks_pc_prof/pc-9cdb93ef7c20.cfg deleted file mode 100644 index 9f0cc95..0000000 --- a/ks_pc_prof/pc-9cdb93ef7c20.cfg +++ /dev/null @@ -1 +0,0 @@ -%include ../ks_base_profiles/kde_fullsetup.cfg diff --git a/system_setup/configure.sh b/system_setup/configure.sh new file mode 100755 index 0000000..b7653f0 --- /dev/null +++ b/system_setup/configure.sh @@ -0,0 +1,141 @@ +#!/usr/bin/env bash +# configure.sh - Interactive first-time configuration wizard +# +# SPDX-FileCopyrightText: Daniel Pätzold +# SPDX-License-Identifier: AGPL-3.0-or-later + +SCRIPTDIR="$(cd "$(dirname "$0")" && pwd)" +CONF_DIST="${SCRIPTDIR}/../config/setup_system.conf.dist" +CONF_FILE="${SCRIPTDIR}/../config.d/configure.conf" + +if [[ "$EUID" -eq 0 ]]; then + echo "ERROR: This script must not be run as root." >&2 + exit 1 +fi + +# Prompt for a single value; returns the old value unchanged if the user presses Enter. +prompt_value() { + local name="$1" current="$2" new_val + printf ' %-28s [%s]: ' "$name" "$current" >&2 + read -r new_val + printf '%s' "${new_val:-$current}" +} + +# Replace the first matching simple export line in configure.conf. +set_conf_var() { + local varname="$1" value="$2" + sed -i "s|^[[:space:]]*export ${varname}=.*|export ${varname}=\"${value}\"|" "$CONF_FILE" +} + +# Update an existing bare "export VAR=…" line at the top level, or append one. +override_conf_var() { + local varname="$1" value="$2" + if grep -q "^export ${varname}=" "$CONF_FILE"; then + sed -i "s|^export ${varname}=.*|export ${varname}=\"${value}\"|" "$CONF_FILE" + else + printf 'export %s="%s"\n' "$varname" "$value" >> "$CONF_FILE" + fi +} + +do_configure() { + mkdir -p "$(dirname "$CONF_FILE")" + cp "$CONF_DIST" "$CONF_FILE" + + # Source the dist defaults (unset computed vars first so they are re-evaluated). + unset TLDOMAIN DOMAIN SERVERFQDN_IPA SERVERFQDN_NC CLIENTADMINGROUP \ + DECRYPTEDDATADIR ENCRYPTEDDATADIR IPAVAULTUSE IPAVAULTNAME HOSTNM FQDN + # shellcheck disable=SC1090 + + echo "" + echo "=== System Configuration ===" + echo "Press Enter to keep the current value, or type a new one." + echo "" + + source "$CONF_FILE" + VARS=("TLDOMAIN" "DOMAIN" "SERVERFQDN_IPA" "SERVERFQDN_NC" "CLIENTADMINGROUP" "IPAVAULTUSE" ) + for ELE in "${VARS[@]}" + do + new_ELE=$(prompt_value "${ELE}" "${!ELE}") + set_conf_var "${ELE}" "${new_ELE}" + source "$CONF_FILE" + done + + echo "" + echo "Configuration written to: ${CONF_FILE}" +} + +while true; do + do_configure + + echo "" + echo "=== Testing: Nextcloud server ===" + NC_STATUS=$(curl -fsSL "https://${SERVERFQDN_NC}/status.php" 2>/dev/null) + if echo "$NC_STATUS" | grep -q '"installed":true'; then + NC_VERSION=$(echo "$NC_STATUS" | grep -oP '(?<="versionstring":")[^"]+') + echo "Nextcloud confirmed at ${SERVERFQDN_NC} (version ${NC_VERSION})." + else + echo "" + echo "WARNING: '${SERVERFQDN_NC}' does not appear to be a valid Nextcloud server." + echo " Could not reach https://${SERVERFQDN_NC}/status.php or response was unexpected." + read -rp "Start configuration again (a) or quit (q)? [a/q]: " ans + if [[ "${ans,,}" == "q" ]]; then + echo "Quitting." + exit 1 + fi + continue + fi + + echo "" + echo "=== Testing: FreeIPA server ===" + IPA_CODE=$(curl -s -o /dev/null -w "%{http_code}" \ + "https://${SERVERFQDN_IPA}/ipa/session/json" 2>/dev/null) + if [[ "$IPA_CODE" == "200" || "$IPA_CODE" == "401" ]]; then + echo "FreeIPA server confirmed at ${SERVERFQDN_IPA}." + else + echo "" + echo "WARNING: '${SERVERFQDN_IPA}' does not appear to be a valid FreeIPA server." + echo " https://${SERVERFQDN_IPA}/ipa/session/json returned: ${IPA_CODE:-no response}" + read -rp "Start configuration again (a) or quit (q)? [a/q]: " ans + if [[ "${ans,,}" == "q" ]]; then + echo "Quitting." + exit 1 + fi + continue + fi + + echo "" + echo "=== Select Kickstart Profile ===" + KS_DIR="${SCRIPTDIR}/../ks_base_profiles" + KS_DEST="${SCRIPTDIR}/../ks.cfg" + + mapfile -t KS_FILES < <(find "$KS_DIR" -maxdepth 1 -name "*.cfg" | sort) + if [[ ${#KS_FILES[@]} -eq 0 ]]; then + echo "No kickstart profiles found in ${KS_DIR}." + exit 1 + fi + + echo "" + for i in "${!KS_FILES[@]}"; do + desc=$(awk '/^$/{exit} {print}' "${KS_FILES[$i]}" \ + | sed 's/^#[[:space:]]*//' | tr '\n' ' ' | xargs) + printf " %d) %-36s %s\n" "$((i+1))" "$(basename "${KS_FILES[$i]}")" "$desc" + done + echo "" + + while true; do + read -rp "Select profile [1-${#KS_FILES[@]}]: " sel + [[ "$sel" =~ ^[0-9]+$ ]] && (( sel >= 1 && sel <= ${#KS_FILES[@]} )) && break + echo " Invalid selection, please enter a number between 1 and ${#KS_FILES[@]}." + done + + cp "${KS_FILES[$((sel-1))]}" "$KS_DEST" + echo "Copied '$(basename "${KS_FILES[$((sel-1))]}")' to ${KS_DEST}." + + echo "" + echo "=== Configuration complete ===" + echo "All values have been configured and verified successfully." + echo "The system is now ready for the new installation." + echo "Boot from the Fedora USB installer — Anaconda will detect the OEMDRV partition" + echo "and run the Kickstart automatically." + exit 0 +done diff --git a/system_setup/install.sh b/system_setup/install.sh index 6496b26..30689dc 100755 --- a/system_setup/install.sh +++ b/system_setup/install.sh @@ -14,7 +14,7 @@ SHRINK_MIB=4096 OEMDRV_LABEL="OEMDRV" MOUNT_POINT="/opt/sys_config" MOUNT_OPTS="compress=zstd:6" -REPO_URL="https://gitea.dtext.online/obel1x/fedora-OEMDRV.git" +REPO_URL="${1:-https://gitea.dtext.online/obel1x/fedora-OEMDRV.git}" MIN_FREE_MIB=$(( SHRINK_MIB + 512 )) # require 512 MiB headroom above the shrink size # ── Helpers ─────────────────────────────────────────────────────────────────── @@ -35,6 +35,28 @@ check_tools() { [[ ${#missing[@]} -eq 0 ]] || die "Missing required tools: ${missing[*]}" } +# Returns 0 if the remote install.sh matches this script's checksum, +# 1 if the URL is unreachable or the file cannot be downloaded, +# 2 if the checksum does not match. +check_repo_url() { + local tmpdir sum_remote sum_local + + tmpdir=$(mktemp -d /tmp/oemdrv_repocheck.XXXXXX) + + if ! curl -fsSL "${REPO_URL%.git}/raw/branch/main/system_setup/install.sh" \ + -o "$tmpdir/install.sh" 2>/dev/null; then + rm -rf "$tmpdir" + return 1 + fi + + sum_remote=$(sha256sum "$tmpdir/install.sh" | awk '{print $1}') + sum_local=$(sha256sum "$0" | awk '{print $1}') + rm -rf "$tmpdir" + + [[ "$sum_remote" == "$sum_local" ]] || return 2 + return 0 +} + # ── Free-space helpers ──────────────────────────────────────────────────────── # Free MiB for a mounted device via df @@ -241,6 +263,23 @@ new_part_device() { require_root check_tools +info "Verifying repository URL..." +check_repo_url +case $? in + 1) echo + echo "WARNING: '$REPO_URL' is not a reachable git repository." + read -r -p " Continue anyway? [y/N]: " ans + [[ "${ans,,}" == "y" ]] || { echo "Aborted."; exit 0; } + ;; + 2) echo + echo "WARNING: The checksum of this script does not match 'system_setup/install.sh'" + echo " at '$REPO_URL'." + echo " You may be running an outdated or modified version of install.sh." + read -r -p " Continue anyway? [y/N]: " ans + [[ "${ans,,}" == "y" ]] || { echo "Aborted."; exit 0; } + ;; +esac + info "Scanning for shrinkable partitions and unpartitioned free space..." collect_partitions collect_free_space @@ -432,6 +471,7 @@ mount -o "$MOUNT_OPTS" "$OEMDRV_DEV" "$MOUNT_POINT" || die "mount failed." info "Cloning $REPO_URL into $MOUNT_POINT..." cd "$MOUNT_POINT" || die "Cannot cd to $MOUNT_POINT." git clone --progress --depth 1 "$REPO_URL" . || die "git clone failed." +chmod o=rwX . -R # to make changes to the configuration possible after install # ── Done ────────────────────────────────────────────────────────────────────── @@ -440,9 +480,26 @@ echo echo " OEMDRV device : $OEMDRV_DEV" echo " Mounted at : $MOUNT_POINT" echo -echo "Next steps:" -echo " 1. cp $MOUNT_POINT/config/setup_system.conf.dist \\" -echo " $MOUNT_POINT/config/setup_system.conf" -echo " 2. Edit setup_system.conf with your domain, IPA/Nextcloud FQDNs, and paths." -echo " 3. Boot the Kickstart installer — it will detect the OEMDRV partition automatically." + +# ── Optionally run configure.sh ─────────────────────────────────────────────── + +CONF_SCRIPT="$MOUNT_POINT/system_setup/configure.sh" + echo +read -r -p "Run configure.sh now to set up your environment? [y/N]: " RUN_CONF +if [[ "${RUN_CONF,,}" == "y" ]]; then + if [[ -n "$SUDO_USER" ]]; then + info "Running configure.sh as user '$SUDO_USER'..." + su - "$SUDO_USER" -c "DISPLAY='${DISPLAY}' WAYLAND_DISPLAY='${WAYLAND_DISPLAY}' bash '$CONF_SCRIPT'" + else + echo + echo "configure.sh must be run as a non-root user. Please run:" + echo " bash $CONF_SCRIPT" + fi +else + echo + echo "Next steps:" + echo " 1. Run: bash $CONF_SCRIPT" + echo " 2. Boot the Kickstart installer — it will detect the OEMDRV partition automatically." + echo +fi diff --git a/system_setup/setup_system.inc.sh b/system_setup/setup_system.inc.sh index 777a9b5..6256c27 100755 --- a/system_setup/setup_system.inc.sh +++ b/system_setup/setup_system.inc.sh @@ -15,15 +15,23 @@ # fi # return 0 #} -if [ ! -f $(dirname "$0")/../config/setup_system.conf ]; then - echo "System configuration not found. Please make a copy of setup_system.conf.dist, name it setup_system.conf and check the settings in it before running." - echo "Press any key to continue" && read -n 1 -s -r && exit 1 -fi -source $(dirname "$0")/../config/setup_system.conf -#Parse additional client-configs -if [[ `ls -1 $(dirname "$0")/../config.d/*.conf 2>/dev/null | wc -l ` -gt 0 ]]; then - source $(dirname "$0")/../config.d/*.conf +#Check for configure.conf - used for frist setup of system +if [[ -f $(dirname "$0")/../config.d/configure.conf ]]; then + echo "System in configure-mode. Will use $(dirname "$0")/../config.d/configure.conf for setup." + source $(dirname "$0")/../config.d/configure.conf +else + #Load default system setup file + if [[ ! -f $(dirname "$0")/../config/setup_system.conf ]]; then + echo "System configuration not found. Please make a copy of setup_system.conf.dist, name it setup_system.conf and check the settings in it before running." + echo "Press any key to continue" && read -n 1 -s -r && exit 1 + fi + source $(dirname "$0")/../config/setup_system.conf + + #Parse additional client-configs + if [[ `ls -1 $(dirname "$0")/../config.d/*.conf 2>/dev/null | wc -l ` -gt 0 ]]; then + source $(dirname "$0")/../config.d/*.conf + fi fi #Check if the Data- Directory is encrypted @@ -74,7 +82,8 @@ get_nc_token() { return 1 # Token for Superuser makes no sense and cannot work fi - if [ ${IPAVAULTUSE} == "true" ]; then + # If Filename is given andf encryption is turned on, than first check for encrypted Directory + if [ ${IPAVAULTUSE} == "true" ] && [ ! -z ${DAVTOKENFILENAME} ]; then check_data_isecrypted if [ $? -ne 0 ]; then echo "Data Directory is not encrypted. Please mount it first." @@ -82,7 +91,7 @@ get_nc_token() { fi fi - if [ ! -f ${DAVTOKENFILENAME} ]; then + if [ ! -f ${DAVTOKENFILENAME} ] || [ -z ${DAVTOKENFILENAME} ]; then echo "No token found here. Getting a new WEBDAV Token for this Device." echo "Please logon to your Nextcloud instance via SSO/kerberos" @@ -102,8 +111,12 @@ get_nc_token() { echo -n "Poll Number ${i}..." POLLJSON=$( curl -s -X POST "https://${SERVERFQDN_NC}/login/v2/poll" -d "token=${REQTOKEN}" ) if [[ "${POLLJSON}" == *"appPassword"* ]]; then - echo "${POLLJSON}" > ${DAVTOKENFILENAME} - echo "found token. Token has been written to ${DAVTOKENFILENAME}" + if [ ! -z ${DAVTOKENFILENAME} ]; then + echo "${POLLJSON}" > ${DAVTOKENFILENAME} + echo "Token has been written to ${DAVTOKENFILENAME}" + else + echo "Temporary token was obtained." + fi pkill firefox break else diff --git a/system_setup/sync_client_software.sh b/system_setup/sync_client_software.sh index 968bc2f..d5921f4 100755 --- a/system_setup/sync_client_software.sh +++ b/system_setup/sync_client_software.sh @@ -72,6 +72,24 @@ if [[ ! -z "${DISTCONFIGPATH_SRC}" ]]; then fi echo "Sucessfully synced." echo "" + + # Check, if we are in configure-mode and if so, remove the file and reread the now new synced configuration + if [ -f $(dirname "$0")/../config.d/configure.conf ]; then + #Check if configuration was obtained by sync + if [ -f $(dirname "$0")/../config/setup_system.conf ]; then + echo "Existing configuration found in Repository, removing configure-mode and reread the configuration." + rm -f $(dirname "$0")/../config.d/configure.conf.bak >/dev/null + mv $(dirname "$0")/../config.d/configure.conf $(dirname "$0")/../config.d/configure.conf.bak + source $(dirname "$0")/../config/setup_system.conf + else + echo "System is in configure-mode and configuration repository was found and synced, but still not configuration was found" + echo "checking file $(dirname "$0")/../config/setup_system.conf" + echo "" + echo "Please make a inital copy of config/setup_system.conf.dist to config/setup_system.conf and check all settings there." + echo "Then rerun the logon script to sync the file to your repository." + echo "Press any key to continue" && read -n 1 -s -r && exit 1 + fi + fi fi #Check if Repository is defined if [ "${CLIENT_SOFTWARE_DST}." == "." ]; then