Merge pull request 'Fedora 44, install/configure improvements, Nextcloud desktop client fixes' (#24) from unbrot/fedora-OEMDRV:main into main

Reviewed-on: #24

CLAUDE.md

@@ -13,16 +13,16 @@ A Fedora automated mass-installation and post-setup scripting collection. It use
 
 Before any script runs, copy the dist file and fill in your environment:
 ```sh
-cp /opt/sys_config/config/setup_system.conf.dist /opt/sys_config/config/setup_system.conf
+cp /opt/sys_config/system_setup/config.dist/setup_system.conf.dist /opt/sys_config/config/setup_system.conf
 # Edit setup_system.conf with your domain, server FQDNs, paths, etc.
 ```
 
-Local per-machine overrides go in `config.d/*.conf` (gitignored). These are sourced after `setup_system.conf` and can override any exported variable (e.g. `config.d/system_defines.conf` overrides `UPGRADEBRANCH`).
+Local per-machine overrides go in `config.d/*.conf` (gitignored). These are sourced after `setup_system.conf` and can override any exported variable (e.g. `config.d/system_defines.conf` overrides `REPO_BRANCH`).
 
-`config/skel.tar.zst` (gitignored) holds the `/etc/skel` archive deployed to new installs. The `.dist` version is the default. To modify skel: extract, edit, then repack:
+`config/skel.tar.zst` (gitignored) holds the `/etc/skel` archive deployed to new installs. The `.dist` version is at `system_setup/skel/skel.tar.zst.dist`. To modify skel: extract, edit, then repack:
 ```sh
 cd /opt/sys_config/config
-tar -I 'zstd -9' -cf skel.tar.zst skel/   # or use pack_skel.sh
+tar -I 'zstd -9' -cf skel.tar.zst skel/   # or use system_setup/skel/pack_skel.sh
 ```
 
 ## Installation lifecycle
@@ -51,7 +51,7 @@ tar -I 'zstd -9' -cf skel.tar.zst skel/   # or use pack_skel.sh
 | `system_setup/mount_ecrypt_home.sh` | user | called by logon_script.sh |
 | `system_setup/mozilla_starter.sh` | user | called by logon_script.sh; args: `firefox\|thunderbird run\|sync [profile]` |
 | `system_setup/setup_skel.sh` | root | called by setup_system_full.sh or manually |
-| `config/pack_skel.sh` | root | manually, to repack skel archive after editing |
+| `system_setup/skel/pack_skel.sh` | root | manually, to repack skel archive after editing |
 | `system_setup/create_nc_package_from_sys_config.sh` | user | manually, creates `~/temp/sys_config.tar.zst` |
 
 ## client_software layout

client_software/0050_nextcloud_desktopclient/user_run.sh

@@ -4,13 +4,16 @@
 #
 # Sofwareinstallation script for Nextcloud Desktop
 #
+# Hint: No check for installed Nextcloud needed, because it will be installed by calling script sync_client_software.sh
+# before as it is needed there already
+
 echo "Setup Nextcloud- Sync"
 
 #Local Vars
 BASECMD="/usr/bin/flatpak run --branch=stable --arch=x86_64 --command=nextcloud com.nextcloud.desktopclient.nextcloud"
 
 #Check Token
-if [ "${DAVTOKEN_USER}." == "." ]; then
+if [ "${DAVTOKEN_USER}." = "." ]; then
     # Todo: Move all task to some function to logon as user and get all vars, call it and proceed here
     echo "Error: Script cannot be executed standalone and needs a prereserved Environment. Quit."
     exit 1
@@ -19,29 +22,29 @@ fi
 #Remove Nextcloud from autostart anyway! Must be started by this script manually, because if it was started befor the ecrypted mount,
 #it will never sync and always throw an error that the local dir is missing
 if [ -f "$SUDO_HOME/.config/autostart/com.nextcloud.desktopclient.nextcloud.desktop" ]; then
-  echo "Remove Autostart Nextcloud"
+    echo "Remove Autostart Nextcloud"
-  rm $SUDO_HOME/.config/autostart/com.nextcloud.desktopclient.nextcloud.desktop
+    rm $SUDO_HOME/.config/autostart/com.nextcloud.desktopclient.nextcloud.desktop
 fi
 
 NC_PID=$( pgrep -u $USER nextcloud )
-if [[ ! -z ${NC_PID} ]]; then
+if [ -n "${NC_PID}" ]; then
     echo "Stopping Nextcloud with PID ${NC_PID}"
     /usr/bin/flatpak run --branch=stable --arch=x86_64 --command=nextcloud com.nextcloud.desktopclient.nextcloud --quit >/dev/null
-    if [[ $? -ne 0 ]]; then
+    if [ $? -ne 0 ]; then
-      echo "Service could not be stopped, please check why."
+        echo "Service could not be stopped, please check why."
-      exit 1
+        exit 1
     fi
     sleep 0.5
 fi
 
 NC_PID=$( pgrep -u $USER nextcloud )
-if [[ ! -z ${NC_PID} ]]; then
+if [ -n "${NC_PID}" ]; then
     echo "Nextcloud still running with PID ${NC_PID}. Force stop"
     # Kill does not remove lockfiles in ~/.var/app/com.nextcloud.desktopclient.nextcloud/cache/tmp/ which will prevent next start
     kill ${NC_PID}
-    if [[ $? -ne 0 ]]; then
+    if [ $? -ne 0 ]; then
-      echo "Service could not be stopped, please check why."
+        echo "Service could not be stopped, please check why."
-      exit 1
+        exit 1
     fi
     sleep 0.5
     rm -rif ${HOME}/.var/app/com.nextcloud.desktopclient.nextcloud/cache/temp/*
@@ -52,106 +55,122 @@ declare -p CLIENT_DATA_SYNC_DECLARE >/dev/null
 eval "${CLIENT_DATA_SYNC_DECLARE}"
 declare -p CLIENT_DATA_SYNC_DECLARE CLIENT_DATA_SYNC >/dev/null
 eval "${CLIENT_DATA_SYNC}"
-if [[ "${#CLIENT_DATA_SYNC[@]}" == "0" ]]; then
+if [ "${#CLIENT_DATA_SYNC[@]}" -eq 0 ]; then
     echo "CLIENT_DATA_SYNC not set, skipping setup of Nextcloud Desktop sync"
     exit 0
 fi
 
-#Loop through all Entries
+#Check for leftover .bak directories from previous failed setups
-for i in {0..99}; do
+_nc_bak_list=$(
-    if [[ -z ${CLIENT_DATA_SYNC[$i]} ]]; then
+    for CLIENT_DATA_DECLARE_LINE in "${CLIENT_DATA_SYNC[@]}"; do
-        break
+        eval "${CLIENT_DATA_DECLARE_LINE}"
+        find "$(dirname "${CLIENT_DATA_SYNC_LINE[0]}")" -maxdepth 1 -type d -name "*.bak" 2>/dev/null
+    done | sort -u
+)
+if [ -n "${_nc_bak_list}" ]; then
+    echo "The following old backup folders were found and should be removed:"
+    echo "${_nc_bak_list}" | while IFS= read -r _nc_d; do
+        [ -n "${_nc_d}" ] && echo "  $(du -sh "${_nc_d}" 2>/dev/null | cut -f1)  ${_nc_d}"
+    done
+    read -r -p "Delete these backup folders? [y/N]: " _nc_del
+    if [ "${_nc_del}" = "y" ] || [ "${_nc_del}" = "Y" ]; then
+        echo "${_nc_bak_list}" | while IFS= read -r _nc_d; do
+            if [ -n "${_nc_d}" ]; then
+                rm -rf "${_nc_d}"
+                echo "Deleted: ${_nc_d}"
+            fi
+        done
     fi
-    CLIENT_DATA_DECLARE_LINE="${CLIENT_DATA_SYNC[$i]}"
+fi
+
+#Loop through all Entries
+_nc_first=1
+_nc_wipe_done=0
+for CLIENT_DATA_DECLARE_LINE in "${CLIENT_DATA_SYNC[@]}"; do
     eval "${CLIENT_DATA_DECLARE_LINE}"
     # echo "DEBUG user_run.sh(0020)_2: ${CLIENT_DATA_SYNC_LINE[@]}"
     # Now, CLIENT_DATA_SYNC_LINE[0] contains the local path and CLIENT_DATA_SYNC_LINE[1] contains the remote path
     if grep -q "localPath=${CLIENT_DATA_SYNC_LINE[0]}" "/${HOME}/.var/app/com.nextcloud.desktopclient.nextcloud/config/Nextcloud/nextcloud.cfg"; then
         echo "Already found configured local folder ${CLIENT_DATA_SYNC_LINE[0]} syncing with ${CLIENT_DATA_SYNC_LINE[1]} . Leaving it unchanged."
+        _nc_first=0
     else
         echo "Setup new sync from remote ${CLIENT_DATA_SYNC_LINE[1]} to local ${CLIENT_DATA_SYNC_LINE[0]}"
-        if [[ $i -gt 0 ]]; then
+        if [ "${_nc_first}" -eq 0 ]; then
-          echo "Due to Bug in Nextcloud Client, more than one synced Folder cannot be setup currently. Maybe in the Future."
+            echo "Due to Bug in Nextcloud Client, more than one synced Folder cannot be setup currently. Maybe in the Future."
-          continue;
+            continue
         fi
+        _nc_first=0
         if [ -d "${CLIENT_DATA_SYNC_LINE[0]}" ]; then
-            echo "Old unsynced Folder ${CLIENT_DATA_SYNC_LINE[0]} was found, renaming to ${CLIENT_DATA_SYNC_LINE[0]}_bak."
+            _nc_bak="${CLIENT_DATA_SYNC_LINE[0]}_$(date '+%Y%m%d%H%M%S').bak"
-            mv "${CLIENT_DATA_SYNC_LINE[0]}" "${CLIENT_DATA_SYNC_LINE[0]}_bak"
+            echo "Old unsynced Folder ${CLIENT_DATA_SYNC_LINE[0]} was found, renaming to ${_nc_bak}."
+            mv "${CLIENT_DATA_SYNC_LINE[0]}" "${_nc_bak}"
         fi
         mkdir -p ${CLIENT_DATA_SYNC_LINE[0]}
         SYNCCMD="$BASECMD --userid ${DAVTOKEN_USER} --apppassword ${DAVTOKEN_PASS} --localdirpath ${CLIENT_DATA_SYNC_LINE[0]} --remotedirpath ${CLIENT_DATA_SYNC_LINE[1]} --serverurl https://${SERVERFQDN_NC}"
         SYNCCMD_HIDDENPW=$( echo "${SYNCCMD/${DAVTOKEN_PASS}/***HIDDEN***}" )
         echo "Exec: ${SYNCCMD_HIDDENPW}"
-        # Due to Bugs in Nextcloud, autoprovisioning will only work when no configuration is existent. Therefore delete any exitsing configs that may be there
+        if [ "${_nc_wipe_done}" -eq 0 ]; then
-        rm -rif ${HOME}/.var/app/com.nextcloud.desktopclient.nextcloud/data/Nextcloud
+            # Autoprovisioning only works when no configuration is existent — wipe once before first new setup
-        rm -rif ${HOME}/.var/app/com.nextcloud.desktopclient.nextcloud/config/Nextcloud
+            rm -rif ${HOME}/.var/app/com.nextcloud.desktopclient.nextcloud/data/Nextcloud
+            rm -rif ${HOME}/.var/app/com.nextcloud.desktopclient.nextcloud/config/Nextcloud
+            _nc_wipe_done=1
+        fi
         #Now, execute Nextcloud autoprovisionig
-        ${SYNCCMD}
+        ${SYNCCMD} && sleep 0.5
         if [ $? -ne 0 ]; then
             echo "=========== !!! ========================"
             echo "Error: It looks like this did not work!"
             echo "Please check the above output!"
             exit 1
         fi
-        # The Flatpak autoprovisioning may not successfully write the apppassword to
-        # KWallet from inside the sandbox, so write it directly via D-Bus.
-        # Nextcloud stores HTTP credentials in folder "Nextcloud" with keys:
-        #   user:url/:0            (legacy password entry)
-        #   user_app-password:url/:0  (app password entry, used for auth)
-        NC_WALLET_URL="https://${SERVERFQDN_NC}/"
-        NC_WALLET_APPID="logon_script"
-        NC_QB_CMD="qdbus-qt6"
-        if ! command -v ${NC_QB_CMD} >/dev/null 2>&1; then NC_QB_CMD="qdbus"; fi
-        NC_QB_SVC="org.kde.kwalletd"
-        NC_QB_PATH="/modules/kwalletd6"
-        if ! ( ${NC_QB_CMD} "${NC_QB_SVC}" | grep -q "${NC_QB_PATH}" ); then
-            NC_QB_PATH="/modules/kwalletd5"
-        fi
-        echo "Writing Nextcloud app password to KWallet via D-Bus (${NC_QB_PATH})"
-        NC_WALLET_HANDLE=$(${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.open "kdewallet" 0 "${NC_WALLET_APPID}")
-        if [[ -n "${NC_WALLET_HANDLE}" && "${NC_WALLET_HANDLE}" != "-1" ]]; then
-            HAS_FOLDER=$(${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.hasFolder "${NC_WALLET_HANDLE}" "Nextcloud" "${NC_WALLET_APPID}")
-            if [[ "${HAS_FOLDER}" != "true" ]]; then
-                ${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.createFolder "${NC_WALLET_HANDLE}" "Nextcloud" "${NC_WALLET_APPID}" >/dev/null
-            fi
-            ${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.writePassword "${NC_WALLET_HANDLE}" "Nextcloud" "${DAVTOKEN_USER}:${NC_WALLET_URL}:0" "${DAVTOKEN_PASS}" "${NC_WALLET_APPID}" >/dev/null
-            ${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.writePassword "${NC_WALLET_HANDLE}" "Nextcloud" "${DAVTOKEN_USER}_app-password:${NC_WALLET_URL}:0" "${DAVTOKEN_PASS}" "${NC_WALLET_APPID}" >/dev/null
-            ${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.sync "${NC_WALLET_HANDLE}" "${NC_WALLET_APPID}" >/dev/null
-            ${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.close "${NC_WALLET_HANDLE}" false "${NC_WALLET_APPID}" >/dev/null
-            echo "Nextcloud app password written to KWallet successfully."
-        else
-            echo "Warning: Could not open KWallet (handle: ${NC_WALLET_HANDLE}). Nextcloud may prompt for credentials on next start."
-        fi
     fi
 done
 
-##Check if Nextcloud was already setup
+# The Flatpak autoprovisioning may not successfully write the apppassword to
-#if [ $SETUP_NEEDED = "0" ]; then
+# KWallet from inside the sandbox, so write it directly via D-Bus.
-#    echo "Nextcloud was already setup, skipping configure and starting Service"
+# Nextcloud stores HTTP credentials in folder "Nextcloud" with keys:
-#    echo "If you want to reset, please delete the Folder [HOME]/.var/app/com.nextcloud.desktopclient.nextcloud manually."
+#   user:url/:0            (legacy password entry)
-#    echo "Command: rm -rif ~/.var/app/com.nextcloud.desktopclient.nextcloud/"
+#   user_app-password:url/:0  (app password entry, used for auth)
-#    su -c "nohup ${BASECMD} 1>/dev/null 2>/dev/null &" $SUDO_USER
+NC_WALLET_URL="https://${SERVERFQDN_NC}/"
-#    exit $?
+NC_WALLET_APPID="logon_script"
-#fi
+NC_QB_CMD="qdbus-qt6"
+if ! command -v ${NC_QB_CMD} >/dev/null 2>&1; then NC_QB_CMD="qdbus"; fi
+# Only attempt KWallet on KDE: check that the service is registered on the session bus.
+if command -v "${NC_QB_CMD}" >/dev/null 2>&1 && \
+   "${NC_QB_CMD}" 2>/dev/null | grep -q "org.kde.kwalletd"; then
+    NC_QB_SVC="org.kde.kwalletd"
+    NC_QB_PATH="/modules/kwalletd6"
+    if ! ( ${NC_QB_CMD} "${NC_QB_SVC}" | grep -q "${NC_QB_PATH}" ); then
+        NC_QB_PATH="/modules/kwalletd5"
+    fi
+    echo "Checking Nextcloud app password in KWallet via D-Bus (${NC_QB_PATH})"
+    NC_WALLET_HANDLE=$(${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.open "kdewallet" 0 "${NC_WALLET_APPID}")
+    if [ -n "${NC_WALLET_HANDLE}" ] && [ "${NC_WALLET_HANDLE}" != "-1" ]; then
+        HAS_FOLDER=$(${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.hasFolder "${NC_WALLET_HANDLE}" "Nextcloud" "${NC_WALLET_APPID}")
+        if [ "${HAS_FOLDER}" != "true" ]; then
+            ${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.createFolder "${NC_WALLET_HANDLE}" "Nextcloud" "${NC_WALLET_APPID}" >/dev/null
+        fi
+        HAS_PW1=$(${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.hasEntry "${NC_WALLET_HANDLE}" "Nextcloud" "${DAVTOKEN_USER}:${NC_WALLET_URL}:0" "${NC_WALLET_APPID}")
+        HAS_PW2=$(${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.hasEntry "${NC_WALLET_HANDLE}" "Nextcloud" "${DAVTOKEN_USER}_app-password:${NC_WALLET_URL}:0" "${NC_WALLET_APPID}")
+        if [ "${HAS_PW1}" = "true" ] && [ "${HAS_PW2}" = "true" ]; then
+            echo "Nextcloud app password already present in KWallet — no change needed."
+        else
+            ${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.writePassword "${NC_WALLET_HANDLE}" "Nextcloud" "${DAVTOKEN_USER}:${NC_WALLET_URL}:0" "${DAVTOKEN_PASS}" "${NC_WALLET_APPID}" >/dev/null
+            ${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.writePassword "${NC_WALLET_HANDLE}" "Nextcloud" "${DAVTOKEN_USER}_app-password:${NC_WALLET_URL}:0" "${DAVTOKEN_PASS}" "${NC_WALLET_APPID}" >/dev/null
+            echo "Nextcloud app password written to KWallet successfully."
+        fi
+        ${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.sync "${NC_WALLET_HANDLE}" "${NC_WALLET_APPID}" >/dev/null
+        ${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.close "${NC_WALLET_HANDLE}" false "${NC_WALLET_APPID}" >/dev/null
+    else
+        echo "Warning: Could not open KWallet (handle: ${NC_WALLET_HANDLE}). Nextcloud may prompt for credentials on next start."
+    fi
+else
+    echo "KWallet not available (non-KDE desktop) — skipping credential storage."
+fi
 
-#No check for installed Nextcloud needed, because it will be installed by calling script sync_client_software.sh
-
-#Cleanup Nextcloud Configuration completely, while otherwise, the configure will not work
-#echo "Remove $SUDO_HOME/.var/app/com.nextcloud.desktopclient.nextcloud"
-#rm -rif "$SUDO_HOME/.var/app/com.nextcloud.desktopclient.nextcloud"
-
-#echo "Exec as $SUDO_USER: ${SYNCCMD}"
-#echo "Exec as $SUDO_USER: ${SYNCCMD_HIDDENPW}"
-#su -c "${SYNCCMD}" $SUDO_USER
-#if [ $? -ne 0 ]; then
-#    echo "=========== !!! ========================"
-#    echo "Error: It looks like this did not work!"
-#    echo "Please check the above output!"
-#    exit 1
-#fi
 # Now start Nextcloud
 echo "Starting Nextcloud Client in Background"
-systemd-run --user --no-block --unit=nextcloud-client.service ${BASECMD} >>${TEMPDIR}/nc_desktop_client.log 2>&1
+systemd-run --user --no-block --unit=nextcloud-client.service --setenv=SESSION_MANAGER= ${BASECMD} >>${TEMPDIR}/nc_desktop_client.log 2>&1
 sleep 2
 echo "Done Setup of Nextcloud."
 exit 0

config/README.md

@@ -0,0 +1,4 @@
+# Shared config Files
+
+in this directory, you should have at least the setup_system.conf as a modified copy of system_setup/config.dist/setup_system.conf.dist for your needs.
+This directory will be synced with DISTCONFIGPATH_SRC on your nextcloud instance an thus be delivered to all clients.

configure.md

@@ -1,6 +1,6 @@
 # configure.sh — First-time setup wizard
 
-Run `system_setup/configure.sh` as a **normal user** (not root) on the machine that has the OEMDRV partition mounted. It guides you through all site-specific settings, tests the configuration, and leaves the system ready for a Fedora installation.
+Run `system_setup/configure.sh` on the machine that has the OEMDRV partition mounted. It guides you through all site-specific settings, tests the configuration, and leaves the system ready for a Fedora installation. Can be run as root or as a normal user — `install.sh` pre-creates `ks.cfg` at the OEMDRV root with world-write permission so both cases work.
 
 ```bash
 bash /opt/sys_config/system_setup/configure.sh

install.md

@@ -44,7 +44,7 @@ Both are optional. That way, install.sh should know what to pull.
 Configure your environment before running any installation:
 
 ```sh
-cp /opt/sys_config/config/setup_system.conf.dist /opt/sys_config/config/setup_system.conf
+cp /opt/sys_config/system_setup/config.dist/setup_system.conf.dist /opt/sys_config/config/setup_system.conf
 # Edit setup_system.conf — set TLDOMAIN, SERVERFQDN_IPA, SERVERFQDN_NC, and paths.
 ```
 
@@ -52,7 +52,7 @@ Optionally add local per-machine overrides in `config.d/`:
 
 ```sh
 # Example: use the devel branch on this machine
-echo 'export UPGRADEBRANCH="devel"' > /opt/sys_config/config.d/system_defines.conf
+echo 'export REPO_BRANCH="devel"' > /opt/sys_config/config.d/system_defines.conf
 ```
 
 Once configured, boot the Fedora installer from USB — Anaconda will detect the `OEMDRV` partition and run the Kickstart automatically.

ks_base_profiles/basic_pre_script.inc

@@ -33,7 +33,7 @@ if [ ! -f ${FQFILENAME} ]; then
 fi
 
 # Check if there is a Partition OEMDRV and on which Drive
-/mnt/anaconda_pre/system_setup/setup_system.inc.sh
+. /mnt/anaconda_pre/system_setup/setup_system.inc.sh
 OEMDRVINFO=$(blkid | grep 'LABEL="OEMDRV"')
 if [ "${OEMDRVINFO}." == "." ] ; then
     echo "* Error: Required partition with label 'OEMDRV' is not found."
@@ -65,6 +65,9 @@ else
     echo "The Drive ${SYSDRIVE} contains a GPT."
 fi
 
+# Write the target disk for %include in the kickstart main section
+echo "ignoredisk --only-use=${SYSDRIVE:5}" > /tmp/disk-include.cfg
+
 OEMDRVPARTSHORT=${OEMDRVPART:5}
 ALLPARTS=$(lsblk -n -l -o NAME "${SYSDRIVE}" -Q 'TYPE=="part"')
 REMPARTS=$(echo "$ALLPARTS" | grep -v "${OEMDRVPARTSHORT}")

ks_base_profiles/cinnamon_fullsetup.cfg

@@ -4,14 +4,15 @@
 graphical
 text
 
-# Configure installation method
+#Pre script
-url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64"
+%pre --log=/root/ks-pre.log
-repo --name=fedora-updates --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64" --cost=0
+mkdir /mnt/anaconda_pre
-repo --name=fedora-cisco-openh264 --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-cisco-openh264-43&arch=x86_64" --install
+mount -L OEMDRV /mnt/anaconda_pre
-repo --name=rpmfusion-free --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-43&arch=x86_64"
+/bin/sh /mnt/anaconda_pre/ks_base_profiles/basic_pre_script.inc
-repo --name=rpmfusion-free-updates --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-updates-released-43&arch=x86_64" --cost=0
+%end
-repo --name=rpmfusion-nonfree --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=nonfree-fedora-43&arch=x86_64"
+
-repo --name=rpmfusion-nonfree-updates --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=nonfree-fedora-updates-released-43&arch=x86_64" --cost=0
+# Configure installation source
+%include /mnt/anaconda_pre/ks_base_profiles/source_fedora_44.inc
 
 # Keyboard layouts
 keyboard --vckeymap=de-nodeadkeys --xlayouts='de (nodeadkeys)'
@@ -20,12 +21,6 @@ lang de_DE.UTF-8
 # System timezone
 timezone Europe/Berlin --utc
 
-%pre --log=/root/ks-pre.log
-mkdir /mnt/anaconda_pre
-mount -L OEMDRV /mnt/anaconda_pre
-/bin/sh /mnt/anaconda_pre/ks_base_profiles/basic_pre_script.inc
-%end
-
 %packages
 @^cinnamon-desktop-environment
 @core
@@ -63,6 +58,7 @@ flatpak
 btrfs-assistant
 btrbk
 transmission-gtk
+xapps
 cadaver
 git
 diffuse
@@ -80,9 +76,8 @@ nss-pam-ldapd
 # System authorization information
 authselect enable-feature with-fingerprint
 
-
+# Disk selection written by %pre via basic_pre_script.inc
-# Generated using Blivet version 3.12.1
+%include /tmp/disk-include.cfg
-ignoredisk --only-use=sda,nvme0n1
 # Partition clearing information - do NOT USE --initlabel !
 clearpart --none
 autopart --type=btrfs

ks_base_profiles/kde_fullsetup.cfg

@@ -4,14 +4,8 @@
 graphical
 text
 
-# Configure installation method
+# Configure installation source
-url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64"
+%include /mnt/anaconda_pre/ks_base_profiles/source_fedora_44.inc
-repo --name=fedora-updates --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64" --cost=0
-repo --name=fedora-cisco-openh264 --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-cisco-openh264-43&arch=x86_64" --install
-repo --name=rpmfusion-free --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-43&arch=x86_64"
-repo --name=rpmfusion-free-updates --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-updates-released-43&arch=x86_64" --cost=0
-repo --name=rpmfusion-nonfree --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=nonfree-fedora-43&arch=x86_64"
-repo --name=rpmfusion-nonfree-updates --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=nonfree-fedora-updates-released-43&arch=x86_64" --cost=0
 
 # Keyboard layouts
 keyboard --vckeymap=de-nodeadkeys --xlayouts='de (nodeadkeys)'
@@ -92,8 +86,8 @@ nss-pam-ldapd
 # System authorization information
 authselect enable-feature with-fingerprint
 
-# Generated using Blivet version 3.12.1
+# Disk selection written by %pre via basic_pre_script.inc
-ignoredisk --only-use=sda,nvme0n1
+%include /tmp/disk-include.cfg
 # Partition clearing information - do NOT USE --initlabel !
 clearpart --none
 autopart --type=btrfs

ks_base_profiles/source_fedora_43.inc

@@ -0,0 +1,9 @@
+#Sources for Fedora 43
+url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64"
+repo --name=fedora-updates --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64" --cost=0
+repo --name=fedora-cisco-openh264 --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-cisco-openh264-43&arch=x86_64" --install
+repo --name=rpmfusion-free --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-43&arch=x86_64"
+repo --name=rpmfusion-free-updates --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-updates-released-43&arch=x86_64" --cost=0
+repo --name=rpmfusion-nonfree --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=nonfree-fedora-43&arch=x86_64"
+repo --name=rpmfusion-nonfree-updates --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=nonfree-fedora-updates-released-43&arch=x86_64" --cost=0
+

ks_base_profiles/source_fedora_44.inc

@@ -0,0 +1,8 @@
+#Sources for Fedora 44
+url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-44&arch=x86_64"
+repo --name=fedora-updates --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f44&arch=x86_64" --cost=0
+repo --name=fedora-cisco-openh264 --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-cisco-openh264-44&arch=x86_64" --install
+repo --name=rpmfusion-free --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-44&arch=x86_64"
+repo --name=rpmfusion-free-updates --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-updates-released-44&arch=x86_64" --cost=0
+repo --name=rpmfusion-nonfree --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=nonfree-fedora-44&arch=x86_64"
+repo --name=rpmfusion-nonfree-updates --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=nonfree-fedora-updates-released-44&arch=x86_64" --cost=0

system_setup/config.dist/setup_system.conf.dist

@@ -8,9 +8,9 @@ export SERVERFQDN_IPA=ipa.${TLDOMAIN} # Needs to be the IPA- Server
 export SERVERFQDN_NC=nextcloud.${TLDOMAIN}
 export INSTALLDOCS="https://gitea.dtext.online/obel1x/fedora-OEMDRV/src/branch/main/README.md"
 
-#If the UPGRADEURL and branch is set, this script collection will do automatic upgrades
+#If the REPO_URL and REPO_BRANCH is set, this script collection will do automatic upgrades
-export UPGRADEURL="https://gitea.dtext.online/obel1x/fedora-OEMDRV.git"
+export REPO_URL="https://gitea.dtext.online/obel1x/fedora-OEMDRV.git"
-export UPGRADEBRANCH="main"
+export REPO_BRANCH="main"
 
 #Configuration Files - maybe syned with your companies settings
 export SYSCONFIGPATH="/opt/sys_config"
@@ -21,14 +21,13 @@ export DISTCONFIGPATH_SRC="/Shared/sw_geteilt/client_settings"
 export CLIENTADMINGROUP="clientadmins"
 
 # Method to determine Unique Hostname / FQDN of the Client. May be replaced by your needs
-#Should always had been set by install.sh and should be there anyway.
+# MACHINEID should be set by install.sh. The Determination is done by setup_system.inc.sh as root for old installs.
-#if [ ! -r ${SYSCONFIGPATH}/config.d/machine_uuid.sys ]; then
+if [ -z ${MACHINEID} ]; then
-#elif [ "$EUID" -eq 0 ]; then
+  #Fallback if not configured, should only be needed once for very old installations
-#    export HOSTNM="pc-$( dmidecode -t system | grep -i 'UUID' | sed 's/UUID: //' | tr '[:upper:]' '[:lower:]' | sed 's/[^0-9a-z]*//g' | xargs|tail -c 13)"
+  export HOSTNM=$( hostname -s )
-#else
+else
-#    export HOSTNM=$( hostname -s )
+  export HOSTNM="pc-${MACHINEID}"
-#fi
+fi
-export HOSTNM="pc-$( cat /opt/sys_config/config.d/machine_uuid.sys )"
 export FQDN=${HOSTNM}.${DOMAIN}
 
 #Additional Client-Software- Repository-Folder in Nextcloud (Shared Folder / Systemwide)

system_setup/configure.sh

@@ -5,12 +5,13 @@
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
 SCRIPTDIR="$(cd "$(dirname "$0")" && pwd)"
-CONF_DIST="${SCRIPTDIR}/../config/setup_system.conf.dist"
 CONF_FILE="${SCRIPTDIR}/../config.d/configure.conf"
 
-if [[ "$EUID" -eq 0 ]]; then
+CONF_EXISTING="${SCRIPTDIR}/../config/setup_system.conf"
-    echo "ERROR: This script must not be run as root." >&2
+if [[ -f "$CONF_EXISTING" ]]; then
-    exit 1
+    CONF_DIST="$CONF_EXISTING"
+else
+    CONF_DIST="${SCRIPTDIR}/config.dist/setup_system.conf.dist"
 fi
 
 # Prompt for a single value; returns the old value unchanged if the user presses Enter.
@@ -39,18 +40,25 @@ override_conf_var() {
 
 do_configure() {
     mkdir -p "$(dirname "$CONF_FILE")"
-    cp "$CONF_DIST" "$CONF_FILE"
+    cp "$CONF_DIST" "$CONF_FILE" # Either setup_system.conf or setup_system.conf.dist to config.d/configure.conf
-
-    # Source the dist defaults (unset computed vars first so they are re-evaluated).
-    unset TLDOMAIN DOMAIN SERVERFQDN_IPA SERVERFQDN_NC CLIENTADMINGROUP \
-          DECRYPTEDDATADIR ENCRYPTEDDATADIR IPAVAULTUSE IPAVAULTNAME HOSTNM FQDN
-    # shellcheck disable=SC1090
 
     echo ""
     echo "=== System Configuration ==="
     echo "Press Enter to keep the current value, or type a new one."
+    echo "Configuration will be reread for each value to make sure the settings are applied."
+    echo
 
-    source "$CONF_FILE"
+    # If other Repo infos are given, set them first
+    if [[ ! -z $REPO_URL ]]; then
+        echo "REPO_URL is set to $REPO_URL . Will use it for configure.conf."
+        set_conf_var "REPO_URL" "$REPO_URL"
+    fi
+    if [[ ! -z $REPO_BRANCH ]]; then
+        echo "REPO_BRANCH is set to $REPO_BRANCH . Will use it for configure.conf."
+        set_conf_var "REPO_BRANCH" "$REPO_BRANCH"
+    fi
+
+    source "$( dirname "$0" )/setup_system.inc.sh"
     VARS=("TLDOMAIN" "SERVERFQDN_IPA" "DOMAIN" "SERVERFQDN_NC" "IPAVAULTUSE" "IPAVAULTNAME" "DISTCONFIGPATH_SRC" "CLIENTADMINGROUP" )
     for ELE in "${VARS[@]}"
     do
@@ -58,7 +66,7 @@ do_configure() {
             echo ""
             new_ELE=$(prompt_value "${ELE}" "${!ELE}")
             set_conf_var "${ELE}" "${new_ELE}"
-            source "$CONF_FILE"
+            source "$( dirname "$0" )/setup_system.inc.sh"
             REPEAT_TEST=1
             case ${ELE} in
                 "SERVERFQDN_NC") echo "=== Testing: Nextcloud server ==="

system_setup/install.sh

@@ -24,6 +24,55 @@ die()  { echo; echo "ERROR: $*" >&2; exit 1; }
 info() { echo; echo ">>> $*"; }
 hr()   { printf '%.0s─' {1..100}; echo; }
 
+finish_install() {
+    local dev="$1"
+
+    chown root:root  "$MOUNT_POINT" -R
+    chmod ug=rwX,o=rX "$MOUNT_POINT" -R
+    chmod o+w "$MOUNT_POINT/config" "$MOUNT_POINT/config.d" -R
+
+    # Create an empty ks.cfg at the OEMDRV root so non-root can overwrite it
+    # with configure.sh (the OEMDRV root itself is not world-writable).
+    touch "$MOUNT_POINT/ks.cfg"
+    chmod o+w "$MOUNT_POINT/ks.cfg"
+
+    info "Done."
+    echo
+    echo "  OEMDRV device : $dev"
+    echo "  Mounted at    : $MOUNT_POINT"
+    echo
+
+    CONF_SCRIPT="$MOUNT_POINT/system_setup/configure.sh"
+
+    echo
+    read -r -p "Run configure.sh now to set up your environment? [y/N]: " RUN_CONF
+    if [[ "${RUN_CONF,,}" == "y" ]]; then
+        if [[ -n "$SUDO_USER" && "$SUDO_USER" != "root" ]]; then
+            info "Running configure.sh as user '$SUDO_USER'..."
+            su - "$SUDO_USER" -c "DISPLAY='${DISPLAY}' WAYLAND_DISPLAY='${WAYLAND_DISPLAY}' REPO_URL='${REPO_URL}' REPO_BRANCH='${REPO_BRANCH}' bash '$CONF_SCRIPT'"
+        else
+            info "Running configure.sh as root..."
+            REPO_URL="$REPO_URL" REPO_BRANCH="$REPO_BRANCH" bash "$CONF_SCRIPT"
+        fi
+    else
+        echo
+        echo "Next steps:"
+        echo "  1. Run: bash $CONF_SCRIPT"
+        echo "  2. Boot the Kickstart installer — it will detect the OEMDRV partition automatically."
+        echo
+    fi
+}
+
+do_clone_and_done() {
+    local dev="$1"
+
+    info "Cloning $REPO_URL into $MOUNT_POINT..."
+    cd "$MOUNT_POINT" || die "Cannot cd to $MOUNT_POINT."
+    git clone --progress --depth 1 -b $REPO_BRANCH "$REPO_URL" . || die "git clone failed."
+    source "$MOUNT_POINT/system_setup/setup_system.inc.sh" --missingconfok
+    finish_install "$dev"
+}
+
 require_root() {
     [[ "$EUID" -eq 0 ]] || die "This script must be run as root."
 }
@@ -293,6 +342,88 @@ new_part_device() {
 require_root
 check_tools
 
+# ── Check for existing OEMDRV partition ───────────────────────────────────────
+
+EXISTING_OEMDRV_DEV=$(blkid -L "$OEMDRV_LABEL" 2>/dev/null || true)
+if [[ -n "$EXISTING_OEMDRV_DEV" ]]; then
+    echo
+    echo "Found existing '$OEMDRV_LABEL' partition: $EXISTING_OEMDRV_DEV"
+    read -r -p "  Use this partition and overwrite its install files? [y/N]: " ans
+    if [[ "${ans,,}" == "y" ]]; then
+        EXISTING_MNT=$(lsblk -n -o MOUNTPOINT "$EXISTING_OEMDRV_DEV" 2>/dev/null | grep -v '^$' | head -1)
+        if [[ -n "$EXISTING_MNT" ]]; then
+            echo "  Partition is already mounted at $EXISTING_MNT — using that mountpoint."
+            MOUNT_POINT="$EXISTING_MNT"
+        else
+            info "Mounting $EXISTING_OEMDRV_DEV to $MOUNT_POINT..."
+            [[ -d "$MOUNT_POINT" ]] || mkdir -p "$MOUNT_POINT"
+            mount -o "$MOUNT_OPTS" "$EXISTING_OEMDRV_DEV" "$MOUNT_POINT" || die "mount failed."
+        fi
+
+        if [[ -f "$MOUNT_POINT/system_setup/setup_system.inc.sh" && -f "$MOUNT_POINT/config/setup_system.conf" ]]; then
+            info "Reading existing configuration from ${MOUNT_POINT} ..."
+            source "$MOUNT_POINT/system_setup/setup_system.inc.sh"
+        fi
+
+        # ── Check existing git repository origin ──────────────────────────────
+        if git -C "$MOUNT_POINT" rev-parse --git-dir >/dev/null 2>&1; then
+            EXIST_URL=$(git -C "$MOUNT_POINT" remote get-url origin 2>/dev/null || true)
+            EXIST_BRANCH=$(git -C "$MOUNT_POINT" symbolic-ref --short HEAD 2>/dev/null \
+                           || git -C "$MOUNT_POINT" rev-parse --abbrev-ref HEAD 2>/dev/null || true)
+            if [[ -n "$EXIST_URL" && ( "$EXIST_URL" != "$REPO_URL" || "$EXIST_BRANCH" != "$REPO_BRANCH" ) ]]; then
+                echo
+                echo "  The existing repository differs from the configured values:"
+                printf "    %-12s %-55s %s\n" "" "Origin" "Branch"
+                printf "    %-12s %-55s %s\n" "Existing:"   "$EXIST_URL"  "$EXIST_BRANCH"
+                printf "    %-12s %-55s %s\n" "Configured:" "$REPO_URL"   "$REPO_BRANCH"
+                echo
+                echo "  Hint: set REPO_URL / REPO_BRANCH env vars before running to override the configured values."
+                echo
+                echo "  How should this be resolved?"
+                echo "    1) Keep existing origin/branch — pull latest from $EXIST_URL / $EXIST_BRANCH"
+                echo "    2) Switch to configured origin — migrate to $REPO_URL / $REPO_BRANCH (preserves local files)"
+                while true; do
+                    read -r -p "  Choice [1/2]: " GIT_CHOICE
+                    case "${GIT_CHOICE}" in
+                        1)
+                            REPO_URL="$EXIST_URL"
+                            REPO_BRANCH="$EXIST_BRANCH"
+                            break
+                            ;;
+                        2)
+                            info "Switching origin to $REPO_URL (branch: $REPO_BRANCH)..."
+                            git -C "$MOUNT_POINT" remote set-url origin "$REPO_URL" \
+                                || die "git remote set-url failed."
+                            break
+                            ;;
+                        *)
+                            echo "  Please enter 1 or 2."
+                            ;;
+                    esac
+                done
+            fi
+
+            info "Pulling latest from $REPO_URL (branch: $REPO_BRANCH)..."
+            git -C "$MOUNT_POINT" fetch --depth 1 origin "$REPO_BRANCH" \
+                || die "git fetch failed."
+            git -C "$MOUNT_POINT" checkout -B "$REPO_BRANCH" FETCH_HEAD \
+                || die "git checkout failed."
+            source "$MOUNT_POINT/system_setup/setup_system.inc.sh" --missingconfok
+            finish_install "$EXISTING_OEMDRV_DEV"
+            exit 0
+        fi
+
+        # No git repo on the partition — clear and do a fresh clone
+        if [[ -n "$(ls -A "$MOUNT_POINT" 2>/dev/null)" ]]; then
+            info "No git repository found on $MOUNT_POINT — clearing before fresh clone..."
+            find "$MOUNT_POINT" -mindepth 1 -delete
+        fi
+
+        do_clone_and_done "$EXISTING_OEMDRV_DEV"
+        exit 0
+    fi
+fi
+
 info "Verifying repository URL..."
 check_repo_url
 case $? in
@@ -497,47 +628,6 @@ info "Mounting $OEMDRV_DEV to $MOUNT_POINT (options: $MOUNT_OPTS)..."
 [[ -d "$MOUNT_POINT" ]] || mkdir -p "$MOUNT_POINT"
 mount -o "$MOUNT_OPTS" "$OEMDRV_DEV" "$MOUNT_POINT" || die "mount failed."
 
-# ── Clone repository ──────────────────────────────────────────────────────────
+# ── Clone repository + done ───────────────────────────────────────────────────
 
-info "Cloning $REPO_URL into $MOUNT_POINT..."
+do_clone_and_done "$OEMDRV_DEV"
-cd "$MOUNT_POINT" || die "Cannot cd to $MOUNT_POINT."
-git clone --progress --depth 1 -b $REPO_BRANCH "$REPO_URL" . || die "git clone failed."
-
-# Write hardware UUID to a user-readable per-machine file
-dmidecode -t system | grep -i 'UUID' \
-    | sed 's/UUID: //' | tr '[:upper:]' '[:lower:]' \
-    | sed 's/[^0-9a-z]*//g' | xargs | tail -c 13 \
-    > "./config.d/machine_uuid.sys"
-
-    chmod o=rwX . -R # to make changes to the configuration possible after install
-
-# ── Done ──────────────────────────────────────────────────────────────────────
-
-info "Done."
-echo
-echo "  OEMDRV device : $OEMDRV_DEV"
-echo "  Mounted at    : $MOUNT_POINT"
-echo
-
-# ── Optionally run configure.sh ───────────────────────────────────────────────
-
-CONF_SCRIPT="$MOUNT_POINT/system_setup/configure.sh"
-
-echo
-read -r -p "Run configure.sh now to set up your environment? [y/N]: " RUN_CONF
-if [[ "${RUN_CONF,,}" == "y" ]]; then
-    if [[ -n "$SUDO_USER" ]]; then
-        info "Running configure.sh as user '$SUDO_USER'..."
-        su - "$SUDO_USER" -c "DISPLAY='${DISPLAY}' WAYLAND_DISPLAY='${WAYLAND_DISPLAY}' bash '$CONF_SCRIPT'"
-    else
-        echo
-        echo "configure.sh must be run as a non-root user. Please run:"
-        echo "  bash $CONF_SCRIPT"
-    fi
-else
-    echo
-    echo "Next steps:"
-    echo "  1. Run: bash $CONF_SCRIPT"
-    echo "  2. Boot the Kickstart installer — it will detect the OEMDRV partition automatically."
-    echo
-fi

system_setup/logon_script.sh

@@ -30,14 +30,9 @@ if [[ $? -ne 0 ]]; then
     echo "Error: python3-ipaclient is not installed. Please install it via: sudo dnf install python3-ipaclient"
 fi
 
-
 #TODO C: Check if Desktop is KDE/Plasma and support other Displays
 # Make kdesu use sudo
-kwriteconfig5 --file kdesurc --group super-user-command --key super-user-command sudo
+kwriteconfig5 --file kdesurc --group super-user-command --key super-user-command sudo >/dev/null 2>&1
-if [ $? -ne 0 ]; then
-    elog_add "This script should be run in KDE- Desktop. The setup of kwriteconfig5 has failed. Please check, if you are using KDE."
-    echo "Press any key to continue" && read -n 1 -s -r && exit 1
-fi
 
 # Mount the private Directory
 elog_add_command "${SYSCONFIGPATH}/system_setup/mount_ecrypt_home.sh"

system_setup/setup_skel.sh

@@ -3,7 +3,7 @@
 source $(dirname "$0")/setup_system.inc.sh
 EXECDIR=$(pwd)
 SRCFILE="${SYSCONFIGPATH}/config/skel.tar.zst"
-SRCFILEDIST="${SYSCONFIGPATH}/config/skel.tar.zst.dist"
+SRCFILEDIST="$(dirname "$0")/skel/skel.tar.zst.dist"
 
 #Check for root
 if [ "$EUID" -ne 0 ]; then

system_setup/setup_system.inc.sh

@@ -5,32 +5,56 @@
 # SPDX-License-Identifier: AGPL-3.0-or-later
 #
 # This is not a runnig script-file. No real logic to execute. Its used for includes in other scripts.
+#
+# Parameters (pass as arguments to the `source` call, e.g. source setup_system.inc.sh --missingconfok):
+#   --missingconfok   Print a warning instead of prompting and aborting when config/setup_system.conf is missing.
 
-#Check if we are root
+# Parse flags passed to this inc (e.g. source setup_system.inc.sh --missingconfok).
-# Deprectaed - use if Statement itself
+# In bash, arguments to `source` temporarily replace $@ for the duration of the sourced file.
-#check_root()
+_INC_MISSINGCONFOK=0
-#{
+for _inc_arg in "$@"; do
-#    if [ "$EUID" -ne 0 ]; then
+    [[ "$_inc_arg" == "--missingconfok" ]] && _INC_MISSINGCONFOK=1
-#        return 1
+done
-#    fi
+unset _inc_arg
-#    return 0
-#}
 
-#Check for configure.conf - used for frist setup of system
+#Get the machine_uuid wich is needed by some userspace programs.
-if [[ -f $(dirname "$0")/../config.d/configure.conf ]]; then
+#As all Parameters that are bound to CPU or Mainboard, are only readable by root, we need to get the values at installtime.
-    echo "System in configure-mode. Will use $(dirname "$0")/../config.d/configure.conf for setup."
+#On old installations without the file, we will write it whenever possible
-    source $(dirname "$0")/../config.d/configure.conf
+MACHINEID_FILE="$( dirname "${BASH_SOURCE[0]:-$0}" )/../config.d/machine_uuid.sys"
+if [ -f ${MACHINEID_FILE} ]; then
+    export MACHINEID="$( cat ${MACHINEID_FILE} )"
+elif [ "$EUID" -eq 0 ]; then
+    dmidecode -t system | grep -i 'UUID' \
+    | sed 's/UUID: //' | tr '[:upper:]' '[:lower:]' \
+    | sed 's/[^0-9a-z]*//g' | xargs | tail -c 13 \
+    > "${MACHINEID_FILE}"
+    export MACHINEID="$( cat ${MACHINEID_FILE} )"
+    echo "Wrote MACHINEID ${MACHINEID} to ${MACHINEID_FILE}"
+fi
+
+#Check for configure.conf - used for first setup of system
+if [[ -f $(dirname "${BASH_SOURCE[0]:-$0}")/../config.d/configure.conf ]]; then
+    echo "System in configure-mode. Will use $(dirname "${BASH_SOURCE[0]:-$0}")/../config.d/configure.conf for setup."
+    source $(dirname "${BASH_SOURCE[0]:-$0}")/../config.d/configure.conf
 else
     #Load default system setup file
-    if [[ ! -f $(dirname "$0")/../config/setup_system.conf ]]; then
+    if [[ ! -f $(dirname "${BASH_SOURCE[0]:-$0}")/../config/setup_system.conf ]]; then
-        echo "System configuration not found. Please make a copy of setup_system.conf.dist, name it setup_system.conf and check the settings in it before running."
+        echo "WARNING: System configuration not found."
-        echo "Press any key to continue" && read -n 1 -s -r && exit 1
+        if [[ $_INC_MISSINGCONFOK -eq 1 ]]; then
+            echo "Continuing without system configuration (--missingconfok), but this should only be for installing."
+        else
+            echo "Please copy system_setup/config.dist/setup_system.conf.dist to config/setup_system.conf and adjust the settings before running."
+            echo "Press any key to continue" && read -n 1 -s -r && exit 1
+        fi
+    else
+        echo "Found and use configfile $(dirname "${BASH_SOURCE[0]:-$0}")/../config/setup_system.conf"
+        source $(dirname "${BASH_SOURCE[0]:-$0}")/../config/setup_system.conf
     fi
-    source $(dirname "$0")/../config/setup_system.conf
 
     #Parse additional client-configs
-    if [[ `ls -1 $(dirname "$0")/../config.d/*.conf 2>/dev/null | wc -l ` -gt 0 ]]; then
+    if [[ `ls -1 $(dirname "${BASH_SOURCE[0]:-$0}")/../config.d/*.conf 2>/dev/null | wc -l ` -gt 0 ]]; then
-        source $(dirname "$0")/../config.d/*.conf
+        echo "Additional config file found $(dirname "${BASH_SOURCE[0]:-$0}")/../config.d/*.conf - using it"
+        source $(dirname "${BASH_SOURCE[0]:-$0}")/../config.d/*.conf
     fi
 fi
 

system_setup/skel/pack_skel.sh

@@ -1,7 +1,6 @@
 #!/usr/bin/env sh
 # Usage: will make a tar-file from folder skel found in the directory where executed
 # If you want to change skel- content, extrakt your skel.tar.zstd to this directory, edit the files and use this script to repack
-source $(dirname "$0")/setup_system.inc.sh
 mv skel.tar.zst backup_skel.tar.zst
 if [ $? -eq 0 ]; then
     echo "Old Archive renamed to backup_skel.tar.zst"

system_setup/sync_client_software.sh

@@ -20,37 +20,48 @@ fi
 
 #Install or update Nextcloud com.nextcloud.desktopclient.nextcloud
 echo "Update or install Nextcloud client"
-/usr/bin/flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
+/usr/bin/flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo && \
 /usr/bin/flatpak install -y --or-update --noninteractive flathub com.nextcloud.desktopclient.nextcloud && echo "Done Update/Install of Nextcloud."
+if [[ $? -ne 0 ]]; then
+    echo ""
+    echo "There seems to be a problem with your network connection. Please first check, if your network can be established before reuming."
+    echo "You can press CRTL+C to abort now. Than your data wont be accessible and you need to run \"$0\" again."
+    echo "You can also continue without network. You may need your personal encryptionkey for accessing your data."
+    read -n 1 -s -r -p "Please check Network and press any Key to continue"
+fi
 echo ""
 
-#Sync remote Files
+# Ensure session bus access for Nextcloud (may be blocked by Flatseal or missing from manifest)
-chown root:${CLIENTADMINGROUP} -R ${SYSCONFIGPATH}
+/usr/bin/flatpak override --system --socket=session-bus com.nextcloud.desktopclient.nextcloud
-chmod ug+rwX,o=rX -R ${SYSCONFIGPATH}
 
 #Do an upgrade of the Base package if its configured and if there are changes
-if [[ ! -z "${UPGRADEURL}" ]]; then
+chown root:${CLIENTADMINGROUP} -R ${SYSCONFIGPATH}
-    echo "Checking for Upgrades on ${UPGRADEURL} and Branch ${UPGRADEBRANCH}"
+chmod ug+rwX,o=rX -R ${SYSCONFIGPATH}
+if [[ ! -z "${REPO_URL}" ]]; then
+    echo "Checking for Upgrades on ${REPO_URL} and Branch ${REPO_BRANCH}"
     REMOTEURL=$( git config --get remote.origin.url )
     echo "Remote git URL is ${REMOTEURL}"
-    if [[ "${REMOTEURL}" != "${UPGRADEURL}" ]]; then
+    if [[ "${REMOTEURL}" != "${REPO_URL}" ]]; then
         echo "This Repo is not on the matching URL, so no update is possible. If you want to change this, check out the docs on how to setup from scratch."
     else
         GITBRANCH=$( git rev-parse --abbrev-ref HEAD )
         echo "Current branch is ${GITBRANCH}"
-        if [[ "${GITBRANCH}" != "${UPGRADEBRANCH}" ]]; then
+        if [[ "${GITBRANCH}" != "${REPO_BRANCH}" ]]; then
             echo "This Repo is not on the right branch, so no update is possible."
         else
             # Doing upgrade, discarding all local changes frist (is more save than forced pull)
             echo "Checks have passed, we are now upgrading via git."
-            git fetch origin
+            #Fetch latest Updates and remove all history
-            git reset --hard origin/${UPGRADEBRANCH}
+            git fetch origin && git reset --hard origin/${REPO_BRANCH} && git rebase HEAD^
-            #Remove all history
+            if [[ $? -ne 0 ]]; then
-            git rebase HEAD^
+                echo "Error: Failure while updating, will continue as is."
+            fi
         fi
     fi
-    echo ""
+else
+    echo "REPO_URL is not specified in conf - No Upgrade option available."
 fi
+echo ""
 
 # At first, sync central configs if they are configured to be synced
 if [[ ! -z "${DISTCONFIGPATH_SRC}" ]]; then
@@ -80,17 +91,35 @@ if [[ ! -z "${DISTCONFIGPATH_SRC}" ]]; then
             echo "Existing configuration found in Repository, removing configure-mode and reread the configuration."
             rm -f $(dirname "$0")/../config.d/configure.conf.bak >/dev/null
             mv $(dirname "$0")/../config.d/configure.conf $(dirname "$0")/../config.d/configure.conf.bak
-            source $(dirname "$0")/../config/setup_system.conf
+            OLD_REPO_URL="$REPO_URL"
+            OLD_REPO_BRANCH="$REPO_BRANCH"
+            source $(dirname "$0")/setup_system.inc.sh
+            #Compare the Repository URLS after that
+            if [ "$REPO_URL" != "$OLD_REPO_URL" ] || [ "$REPO_BRANCH" != "$OLD_REPO_BRANCH" ]; then
+                echo "The Repository for installation was"
+                echo "$OLD_REPO_URL Branch $OLD_REPO_BRANCH"
+                echo "After reading the config, the Repository has changed to"
+                echo "$REPO_URL Branch $REPO_BRANCH"
+                echo
+                echo "Do you want to create a system specific configuration for the installation Repository, so that"
+                read -r -p "only this system will stay on the Repository for installation? [y/N]: " CREATE_REPO_CONF
+                if [[ "${CREATE_REPO_CONF,,}" == "y" ]]; then
+                    echo "export REPO_URL=\"$OLD_REPO_URL\"" >$(dirname "$0")/../config.d/repo.conf
+                    echo "export REPO_BRANCH=\"$OLD_REPO_BRANCH\"" >>$(dirname "$0")/../config.d/repo.conf
+                    echo "Wrote new $(dirname "$0")/../config.d/repo.conf"
+                fi
+            fi
         else
             echo "System is in configure-mode and configuration repository was found and synced, but still not configuration was found"
             echo "checking file $(dirname "$0")/../config/setup_system.conf"
             echo ""
-            echo "Please make a inital copy of config/setup_system.conf.dist to config/setup_system.conf and check all settings there."
+            echo "Please make a copy of system_setup/config.dist/setup_system.conf.dist to config/setup_system.conf and check all settings there."
             echo "Then rerun the logon script to sync the file to your repository."
             echo "Press any key to continue" && read -n 1 -s -r && exit 1
         fi
     fi
 fi
+
 #Check if Repository is defined
 if [ "${CLIENT_SOFTWARE_DST}." == "." ]; then
     echo "No central softwarerepository defined (CLIENT_SOFTWARE_DST). Skipping sync."