Moved config files to syncable folder
This commit is contained in:
Daniel Pätzold
@@ -1,22 +0,0 @@
|
||||
#!/usr/bin/env sh
|
||||
source $(dirname "$0")/setup_system.inc.sh
|
||||
mv skel.tar.zst backup_skel.tar.zst
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "Old Archive renamed to backup_skel.tar.zst"
|
||||
else
|
||||
echo "Some Errors occured, cannot continue."
|
||||
exit 1
|
||||
fi
|
||||
tar -I 'zstd -9' -cf skel.tar.zst skel
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "Archive skel.tar.zst has been created"
|
||||
echo "You should now remove skel- Folder here"
|
||||
else
|
||||
echo "Some Errors occured, quit"
|
||||
exit 1
|
||||
fi
|
||||
rm backup_skel.tar.zst
|
||||
echo "Old Archive deleted"
|
||||
# TODO
|
||||
# - up file to NC - is only possible, when setup already has the webdav-token created
|
||||
#
|
||||
@@ -2,7 +2,8 @@
|
||||
# Replaces /etc/skel with the contents of skel.tar.zst
|
||||
source $(dirname "$0")/setup_system.inc.sh
|
||||
EXECDIR=$(pwd)
|
||||
SRCFILE="${SYSCONFIGPATH}/system_setup/skel.tar.zst"
|
||||
SRCFILE="${SYSCONFIGPATH}/config/skel.tar.zst"
|
||||
SRCFILEDIST="${SYSCONFIGPATH}/config/skel.tar.zst.dist"
|
||||
|
||||
#Check for root
|
||||
if [ "$EUID" -ne 0 ]; then
|
||||
@@ -10,6 +11,16 @@ if [ "$EUID" -ne 0 ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
#Check for existing File - if not there, make a copy of the dist-file
|
||||
if [[ ! -f "${SRCFILE}" ]]; then
|
||||
echo "No SKEL file was found. Using distributed skel in ${SRCFILEDIST}"
|
||||
cp "${SRCFILEDIST}" "${SRCFILE}"
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "Something went wrong, please check Output"
|
||||
echo "Press any key to continue" && read -n 1 -s -r && exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
cd /etc
|
||||
sudo rm -f -r /etc/skel
|
||||
sudo tar -xf ${SRCFILE}
|
||||
@@ -19,5 +30,6 @@ if [ $? -eq 0 ]; then
|
||||
sudo setfacl -R -m u::rwX,g::rX,o::rX /etc/skel
|
||||
else
|
||||
echo "Something went wrong, please check Output"
|
||||
echo "Press any key to continue" && read -n 1 -s -r && exit 1
|
||||
fi
|
||||
cd ${EXECDIR}
|
||||
|
||||
@@ -1,88 +0,0 @@
|
||||
# Include for System Settings
|
||||
# SPDX-FileCopyrightText: Daniel Pätzold
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
#
|
||||
export TLDOMAIN=domain.tld
|
||||
export DOMAIN=clients.${TLDOMAIN}
|
||||
export SERVERFQDN_IPA=ipa.${TLDOMAIN} # Needs to be the IPA- Server
|
||||
export SERVERFQDN_NC=nextcloud.${TLDOMAIN}
|
||||
export SYSCONFIGPATH="/opt/sys_config"
|
||||
export INSTALLDOCS="https://gitea.dtext.online/obel1x/fedora-OEMDRV/src/branch/main/README.md"
|
||||
export CLIENTADMINGROUP="clientadmins"
|
||||
|
||||
# Method to determine Unique Hostname / FQDN of the Client. May be replaced by your needs
|
||||
if [ "$EUID" -eq 0 ]; then
|
||||
export HOSTNM="pc-$( dmidecode -t system | grep -i 'UUID' | sed 's/UUID: //' | tr '[:upper:]' '[:lower:]' | sed 's/[^0-9a-z]*//g' | xargs|tail -c 13)"
|
||||
else
|
||||
export HOSTNM=$( hostname -s )
|
||||
fi
|
||||
export FQDN=${HOSTNM}.${DOMAIN}
|
||||
|
||||
#Additional Client-Software- Repository-Folder in Nextcloud (Shared Folder / Systemwide)
|
||||
export CLIENT_SOFTWARE_DST="/opt/sys_config/client_software" # Optional. If you don't have a Folder that should always be synced, leave this empty
|
||||
export CLIENT_SOFTWARE_SRC="/Shared/sw_geteilt/client_software" Set to the Nextcloud directory where the software should come from
|
||||
|
||||
#Secure File Encryption
|
||||
#Needs a running KRA- Service on FreeIPA
|
||||
# Set to "true" to use Encryption via IPAVAULT - OTHERWISE YOUR FILES WILL NOT BE ENCRYPTED
|
||||
export IPAVAULTUSE="true"
|
||||
# Vaultname - can be any Name
|
||||
export IPAVAULTNAME="CLIENT_FILEENCRYPTION_"${HOSTNM}
|
||||
|
||||
#Following settings are only available when run in Userspace
|
||||
if [ "$EUID" -ne 0 ]; then
|
||||
#This is the Path, that will be mapped from encryptet filesystem at logon - only available for users, not for root
|
||||
export DECRYPTEDDATADIR="${HOME}/data" # Decrypted Dir to work for the User
|
||||
export ENCRYPTEDDATADIR="${HOME}/.data" # Contains the encrypted Data
|
||||
|
||||
#Important Files
|
||||
export DAVTOKENFILENAME="${DECRYPTEDDATADIR}/WEBDAVTOKEN"
|
||||
|
||||
#Optional: Sync Folders with nextcloud client
|
||||
CLIENT_DATA_SYNC=() # Do not remove
|
||||
|
||||
# If you dont want to use Folder synchronisation: comment out each line starting with CLIENT_DATA_SYNC_LINE= or CLIENT_DATA_SYNC+=
|
||||
#First Sync Folder
|
||||
CLIENT_DATA_SYNC_LINE=("${DECRYPTEDDATADIR}/Dokumente" "/Documents")
|
||||
CLIENT_DATA_SYNC+=("$(declare -p CLIENT_DATA_SYNC_LINE)") # Repeat for each CLIENT_DATA_SYNC_LINE
|
||||
|
||||
#Next Sync Folder
|
||||
CLIENT_DATA_SYNC_LINE=("${DECRYPTEDDATADIR}/Bilder" "/Photos")
|
||||
CLIENT_DATA_SYNC+=("$(declare -p CLIENT_DATA_SYNC_LINE)") # Repeat for each CLIENT_DATA_SYNC_LINE
|
||||
|
||||
#Next Sync Folder
|
||||
#...
|
||||
|
||||
export CLIENT_DATA_SYNC_DECLARE="$(declare -p CLIENT_DATA_SYNC)" # Do not remove
|
||||
#End of Sync Folder for nextcloud client
|
||||
|
||||
#Firefox Profiles of the User
|
||||
export PROFILE_FIREFOX_RESET_LOCAL="true" # Set this to wipe ~/.mozilla each time if you don't want users to setup their own firefox profile
|
||||
export PROFILE_FIREFOX_SRC="mozilla_profiles/firefox"
|
||||
export PROFILE_FIREFOX_DST="${DECRYPTEDDATADIR}/firefox"
|
||||
|
||||
#Thunderbird Profiles
|
||||
export PROFILE_TB_SRC="mozilla_profiles/thunderbird"
|
||||
export PROFILE_TB_DST="${DECRYPTEDDATADIR}/thunderbird"
|
||||
fi
|
||||
|
||||
#Basic commons not needing change
|
||||
export CDATEC8=$(date '+%Y%m%d') # Date 8 Characters long: YYYYMMDD
|
||||
export CTIMEC6=$(date '+%H%M%S') # Time 6 Chars: HHMMSS
|
||||
|
||||
#Basic runtime-Vars
|
||||
export EXECDIR=$(pwd)
|
||||
export SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
|
||||
if [ ${SCRIPTPATH::2} == "//" ]; then
|
||||
export SCRIPTPATH=${SCRIPTPATH:1}
|
||||
fi
|
||||
export SCRIPTNAME=$(basename "$0")
|
||||
|
||||
#First run Service Name
|
||||
export FIRSTRUN_SERVICENAME="setup-system.service"
|
||||
export FIRSTRUN_SCRIPTPATH="/usr/lib/systemd/system"
|
||||
|
||||
# temp and log files
|
||||
TEMPDIR="${HOME}/temp/system_setup"
|
||||
LOGFILE="${TEMPDIR}/${SCRIPTNAME}.log"
|
||||
mkdir -p ${TEMPDIR}
|
||||
@@ -15,11 +15,11 @@
|
||||
# fi
|
||||
# return 0
|
||||
#}
|
||||
if [ ! -f $(dirname "$0")/setup_system.conf ]; then
|
||||
if [ ! -f $(dirname "$0")/../config/setup_system.conf ]; then
|
||||
echo "System configuration not found. Please make a copy of setup_system.conf.dist, name it setup_system.conf and check the settings in it before running."
|
||||
echo "Press any key to continue" && read -n 1 -s -r && exit 1
|
||||
fi
|
||||
source $(dirname "$0")/setup_system.conf
|
||||
source $(dirname "$0")/../config/setup_system.conf
|
||||
|
||||
#Check if the Data- Directory is encrypted
|
||||
check_data_isecrypted() {
|
||||
|
||||
Binary file not shown.
@@ -40,30 +40,57 @@ echo "Update or install Nextcloud client"
|
||||
/usr/bin/flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
|
||||
/usr/bin/flatpak install -y --or-update --noninteractive flathub com.nextcloud.desktopclient.nextcloud && echo "Done Update/Install of Nextcloud."
|
||||
|
||||
#Sync Files
|
||||
SYNCCMD="sudo -i /usr/bin/flatpak run --branch=stable --arch=x86_64 --command=nextcloudcmd com.nextcloud.desktopclient.nextcloud -h -u ${DAVTOKEN_USER} -p ${DAVTOKEN_PASS} --path ${CLIENT_SOFTWARE_SRC} ${CLIENT_SOFTWARE_DST} https://${SERVERFQDN_NC}"
|
||||
SYNCCMD_HIDDENPW=$( echo "${SYNCCMD/${DAVTOKEN_PASS}/***HIDDEN***}" )
|
||||
#Sync remote Files
|
||||
chown root:${CLIENTADMINGROUP} -R ${SYSCONFIGPATH}
|
||||
chmod ug+rwX,o=rX -R ${SYSCONFIGPATH}
|
||||
echo "Exec: ${SYNCCMD_HIDDENPW}"
|
||||
echo "Sync Client Software" > ${LOGFILE}
|
||||
echo "====================" >> ${LOGFILE}
|
||||
date >> ${LOGFILE}
|
||||
echo ${SYNCCMD_HIDDENPW} >> ${LOGFILE}
|
||||
echo "" >> ${LOGFILE}
|
||||
${SYNCCMD} >> ${LOGFILE} 2>&1
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "Error in sync:"
|
||||
echo "****"
|
||||
cat ${LOGFILE}
|
||||
echo "****"
|
||||
echo ""
|
||||
echo "Please check if your Token is setup right and for the above Output"
|
||||
read -n 1 -s -r -p "Press any key to continue"
|
||||
echo ""
|
||||
exit 1
|
||||
# At first, sync central configs if they are configured to be synced
|
||||
if [[ ! -z "${DISTCONFIGPATH_SRC}" ]]; then
|
||||
SYNCCMD="sudo -i /usr/bin/flatpak run --branch=stable --arch=x86_64 --command=nextcloudcmd com.nextcloud.desktopclient.nextcloud -h -u ${DAVTOKEN_USER} -p ${DAVTOKEN_PASS} --path ${DISTCONFIGPATH_SRC} ${DISTCONFIGPATH} https://${SERVERFQDN_NC}"
|
||||
SYNCCMD_HIDDENPW=$( echo "${SYNCCMD/${DAVTOKEN_PASS}/***HIDDEN***}" )
|
||||
echo "Exec: ${SYNCCMD_HIDDENPW}"
|
||||
echo "Sync Configuration" > ${LOGFILE}
|
||||
echo "====================" >> ${LOGFILE}
|
||||
date >> ${LOGFILE}
|
||||
echo ${SYNCCMD_HIDDENPW} >> ${LOGFILE}
|
||||
echo "" >> ${LOGFILE}
|
||||
${SYNCCMD} >> ${LOGFILE} 2>&1
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "Error in sync:"
|
||||
echo "****"
|
||||
cat ${LOGFILE}
|
||||
echo "****"
|
||||
echo ""
|
||||
echo "Please check if your Token is setup right and for the above Output"
|
||||
read -n 1 -s -r -p "Press any key to continue"
|
||||
echo ""
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
#Files must be owned by root (we are root!)
|
||||
# Then, sync all client_software-files
|
||||
if [[ ! -z "${CLIENT_SOFTWARE_SRC}" ]]; then
|
||||
SYNCCMD="sudo -i /usr/bin/flatpak run --branch=stable --arch=x86_64 --command=nextcloudcmd com.nextcloud.desktopclient.nextcloud -h -u ${DAVTOKEN_USER} -p ${DAVTOKEN_PASS} --path ${CLIENT_SOFTWARE_SRC} ${CLIENT_SOFTWARE_DST} https://${SERVERFQDN_NC}"
|
||||
SYNCCMD_HIDDENPW=$( echo "${SYNCCMD/${DAVTOKEN_PASS}/***HIDDEN***}" )
|
||||
echo "Exec: ${SYNCCMD_HIDDENPW}"
|
||||
echo "Sync Client Software" > ${LOGFILE}
|
||||
echo "====================" >> ${LOGFILE}
|
||||
date >> ${LOGFILE}
|
||||
echo ${SYNCCMD_HIDDENPW} >> ${LOGFILE}
|
||||
echo "" >> ${LOGFILE}
|
||||
${SYNCCMD} >> ${LOGFILE} 2>&1
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "Error in sync:"
|
||||
echo "****"
|
||||
cat ${LOGFILE}
|
||||
echo "****"
|
||||
echo ""
|
||||
echo "Please check if your Token is setup right and for the above Output"
|
||||
read -n 1 -s -r -p "Press any key to continue"
|
||||
echo ""
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# After sync again, restore the right to all filles. They must be owned by root, changeable by admingroup and readable by otherusers (we are root, so we can change!)
|
||||
chown root:${CLIENTADMINGROUP} -R ${SYSCONFIGPATH}
|
||||
chmod ug+rwX,o=rX -R ${SYSCONFIGPATH}
|
||||
#Make all install.sh executable
|
||||
@@ -72,6 +99,7 @@ if [ -f "${CLIENT_SOFTWARE_DST}/install.sh" ]; then
|
||||
chmod u+x "${CLIENT_SOFTWARE_DST}/install.sh"
|
||||
fi
|
||||
echo "Sucessfully synced."
|
||||
|
||||
#Run Software setup
|
||||
echo "Running Setup of Software"
|
||||
if [ $1 == "install" ]; then
|
||||
|
||||
Reference in New Issue
Block a user