Merge pull request 'Add configure.sh wizard, server checks, KS profile selection, and install improvements' (#16) from unbrot/fedora-OEMDRV:main into devel

Reviewed-on: #16

.gitignore

@@ -9,3 +9,5 @@ config/skel.tar.zst
 config/.sync_*.db
 config/.sync_*.db
 config.d/*.conf
+ks_pc_prof/*
+ks.cfg

CLAUDE.md

@@ -70,7 +70,6 @@ ${CLIENT_SOFTWARE_DST}/install.sh 0010_kwallet
 
 - `ks.cfg` — the primary kickstart used for production installs (Fedora 43, KDE, x86_64, German locale/keyboard)
 - `ks_base_profiles/kde_fullsetup.cfg` — an alternate/reference profile generated by Anaconda
-- `ks_base_profiles/minimal_setup.cfg`, `part_sda.cfg` — additional profile fragments
 - `ks_pc_prof/` — per-machine kickstart overrides, named by system UUID suffix (e.g. `pc-9cdb93ef7c20.cfg`)
 
 ## Sudo rule required for logon_script

README.md

@@ -1,23 +1,18 @@
-# Fedora OEMDRV
+
+# Fedora automated install script collection
 
 an automated massinstallation scripting collection for Fedora and Anaconda
 
 IN DEVELOPMENT !
 
 This Software is very Specific, it needs at least:
-- A Free IPA Server with IP Clients enrolled to the Domain
-- A Nextcloud instance, connected to the Domain
+- A Free IPA Server in which IP Clients can be enrolled to
+- An Admin that has the rights to do so
+- A Nextcloud instance, connected to the Domain which should have Software Configuration and Reository Paths setup
 - A client pc that will use this software to automate install and setup the PC
 
 ## Install
 
-1. Create Partition named "OEMDRV", at least 1 GByte in size on a local disk that will be readable when starting installation from stick
-2. Format it BTRFS and mount it to "/opt/sys_config"
-3. Copy git files in it with "git clone --progress --depth 1 https://gitea.dtext.online/obel1x/fedora-OEMDRV.git /opt/sys_config"
-    1. or for developement "git clone --progress https://gitea.dtext.online/obel1x/fedora-OEMDRV.git /opt/sys_config"
+- Look at the file [install.md](install.md)
 
-Setup
-- Make a copy of /opt/sys_config/system_setup/setup_system.conf.dist, name it /opt/sys_config/system_setup/setup_system.conf
-- Check the settings in it and change to your needs before running
-
-More to come...
+more to come

configure.md

@@ -0,0 +1,34 @@
+# configure.sh — First-time setup wizard
+
+Run `system_setup/configure.sh` as a **normal user** (not root) on the machine that has the OEMDRV partition mounted. It guides you through all site-specific settings, tests the configuration, and leaves the system ready for a Fedora installation.
+
+```bash
+bash /opt/sys_config/system_setup/configure.sh
+```
+
+## What it does
+
+1. **Edits configuration values** — prompts for each setting below. Press Enter to keep the shown default, or type a new value. Derived values (e.g. `SERVERFQDN_IPA`) are updated immediately when you change `TLDOMAIN`, so subsequent prompts always reflect your latest input.
+
+   | Variable | Description |
+   |---|---|
+   | `TLDOMAIN` | Top-level domain of your infrastructure (e.g. `company.tld`) |
+   | `SERVERFQDN_IPA` | FQDN of the FreeIPA server (default: `ipa.<TLDOMAIN>`) |
+   | `SERVERFQDN_NC` | FQDN of the Nextcloud server (default: `nextcloud.<TLDOMAIN>`) |
+   | `CLIENTADMINGROUP` | IPA group that receives sudo rights on clients |
+   | `DECRYPTEDDATADIR` | Mount point for the decrypted user data directory |
+   | `ENCRYPTEDDATADIR` | Path of the gocryptfs-encrypted data directory |
+   | `IPAVAULTUSE` | `true` to use IPA KRA vault for the encryption key, `false` to disable encryption |
+   | `IPAVAULTNAME` | Name of the IPA vault entry (default: `CLIENT_FILEENCRYPTION_<hostname>`) |
+
+2. **Confirms the FQDN** — shows the computed `FQDN` (`<hostname>.clients.<TLDOMAIN>`) and lets you override the hostname part if needed.
+
+3. **Tests the encrypted home mount** — runs `mount_ecrypt_home.sh`. On failure you can restart the wizard or quit.
+
+4. **Obtains a Nextcloud WebDAV token** — calls `get_nc_token`, which opens Firefox for login. Verifies that the returned token belongs to the current user. You can retry or quit on failure.
+
+5. On success, the written config file `config.d/configure.conf` is picked up automatically by all other scripts instead of `config/setup_system.conf`.
+
+## After the wizard completes
+
+Boot the target machine from the Fedora USB installer. Anaconda detects the OEMDRV partition and runs the Kickstart automatically.

ks_base_profiles/cinnamon_fullsetup.cfg

@@ -1,4 +1,6 @@
-#Basic settings:
+# Full Cinnamon Setup
+
+#Basic settings
 graphical
 text
 
@@ -25,13 +27,11 @@ mount -L OEMDRV /mnt/anaconda_pre
 %end
 
 %packages
-@^kde-desktop-environment
+@^cinnamon-desktop-environment
 @core
 @admin-tools
 @domain-client
 @system-tools
-@kde-media
-@kde-spin-initial-setup
 @libreoffice
 @office
 @sound-and-video
@@ -57,29 +57,17 @@ pykickstart
 xrdp
 xorgxrdp
 libxcb-doc
-plasma-workspace-x11
 xterm
 wmctrl
 flatpak
 btrfs-assistant
 btrbk
-ktorrent
+transmission-gtk
 cadaver
-kdevelop
 git
 diffuse
 remmina
 android-tools
--kpat
--kmines
-#Annoying plasmoids
--kdeplasma-addons
-#Search - Powerful, but slow
--akonadi-server
--akonadi-server-mysql
--dragon
--kdeconnectd
--kde-connect
 -samba
 -samba-client
 -samba-usershares

ks_base_profiles/kde_fullsetup.cfg

@@ -1,47 +1,115 @@
-# Generated by Anaconda 43.44
+# Full KDE Wayland Setup
 
-%pre
-/bin/sh /mnt/tmp/ks_base_profiles/basic_pre_script.inc
-%end
+#Basic settings
+graphical
+text
+
+# Configure installation method
+url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64"
+repo --name=fedora-updates --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64" --cost=0
+repo --name=fedora-cisco-openh264 --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-cisco-openh264-43&arch=x86_64" --install
+repo --name=rpmfusion-free --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-43&arch=x86_64"
+repo --name=rpmfusion-free-updates --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-updates-released-43&arch=x86_64" --cost=0
+repo --name=rpmfusion-nonfree --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=nonfree-fedora-43&arch=x86_64"
+repo --name=rpmfusion-nonfree-updates --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=nonfree-fedora-updates-released-43&arch=x86_64" --cost=0
 
 # Keyboard layouts
 keyboard --vckeymap=de-nodeadkeys --xlayouts='de (nodeadkeys)'
 # System language
 lang de_DE.UTF-8
+# System timezone
+timezone Europe/Berlin --utc
+
+%pre --log=/root/ks-pre.log
+mkdir /mnt/anaconda_pre
+mount -L OEMDRV /mnt/anaconda_pre
+/bin/sh /mnt/anaconda_pre/ks_base_profiles/basic_pre_script.inc
+%end
 
 %packages
 @^kde-desktop-environment
+@core
 @admin-tools
-@development-tools
 @domain-client
-@editors
-@firefox
-@kde-apps
-@kde-desktop
+@system-tools
 @kde-media
 @kde-spin-initial-setup
 @libreoffice
 @office
 @sound-and-video
-@system-tools
+libva-utils
+libavcodec-freeworld
+mesa-va-drivers-freeworld
+ffmpeg
 @vlc
-
+python-vlc
+@firefox
+thunderbird
+openssh-server
+bash
+sudo
+gocryptfs
+htop
+mc
+mediawriter
+python-pip
+pykickstart
+xrdp
+xorgxrdp
+libxcb-doc
+plasma-workspace-x11
+xterm
+wmctrl
+flatpak
+btrfs-assistant
+btrbk
+ktorrent
+cadaver
+kdevelop
+git
+diffuse
+remmina
+android-tools
+-kpat
+-kmines
+#Annoying plasmoids
+-kdeplasma-addons
+#Search - Powerful, but slow
+-akonadi-server
+-akonadi-server-mysql
+-dragon
+-kdeconnectd
+-kde-connect
+-samba
+-samba-client
+-samba-usershares
+-BackupPC
+#Needed by SSSD
+oddjob-mkhomedir
+nss-pam-ldapd
 %end
 
 # System authorization information
 authselect enable-feature with-fingerprint
 
-# Run the Setup Agent on first boot
-firstboot --enable
-
-timesource --ntp-server=_gateway
-# System timezone
-timezone Europe/Berlin --utc
+# Generated using Blivet version 3.12.1
+ignoredisk --only-use=sda
+# Partition clearing information
+#clearpart --none --initlabel
+clearpart --none
+autopart --type=btrfs
 
 # Root password
 # This Password is completely unknown to anyone. After installation, the PC should be Member of Domain and the users may use sudo to become superuser.
 rootpw --iscrypted $y$j9T$jpKVkxaFqL6GH6GAgB0Yb/$oc.rfZgnHNlTAIj/boJeI.ZFf1QHvMF7fymZww9bzE3
+#user --name=none
 
-%post
-/bin/sh /mnt/tmp/system_setup/setup_system_full.sh install
+# Do not run the Setup Agent on first boot because it will complain about missing user account which we dont want
+firstboot --disable
+
+%post --log=/root/ks-post.log
+mkdir /opt/sys_config
+mount -L OEMDRV /opt/sys_config
+/bin/sh /opt/sys_config/system_setup/setup_system_full.sh install
+umount /opt/sys_config
 %end

ks_base_profiles/minimal_setup.cfg

@@ -1,50 +0,0 @@
-# Generated by Anaconda 43.44
-# Keyboard layouts
-keyboard --vckeymap=de-nodeadkeys --xlayouts='de (nodeadkeys)'
-# System language
-lang de_DE.UTF-8
-
-%packages
-@^kde-desktop-environment
-@admin-tools
-@development-tools
-@domain-client
-@editors
-@firefox
-@kde-apps
-@kde-desktop
-@kde-media
-@kde-spin-initial-setup
-@libreoffice
-@office
-@sound-and-video
-@system-tools
-@vlc
-
-%end
-
-# System authorization information
-authselect enable-feature with-fingerprint
-
-# Run the Setup Agent on first boot
-firstboot --enable
-
-# Generated using Blivet version 3.12.1
-ignoredisk --only-use=nvme0n1
-# Partition clearing information
-clearpart --none --initlabel
-# Disk partitioning information
-part /boot/efi --fstype="efi" --ondisk=nvme0n1 --size=600 --fsoptions="umask=0077,shortname=winnt"
-part /sys_config --fstype="ext4" --noformat --onpart=UUID=3f9837da-5a46-4da1-a98b-62a8899e63cb --label=OEMDRV
-part /boot --fstype="ext4" --ondisk=nvme0n1 --size=2048
-part btrfs.115 --fstype="btrfs" --ondisk=nvme0n1 --size=485249
-btrfs none --label=fedora_fedora btrfs.115
-btrfs / --subvol --name=root LABEL=fedora_fedora
-btrfs /home --subvol --name=home LABEL=fedora_fedora
-
-timesource --ntp-server=_gateway
-# System timezone
-timezone Europe/Berlin --utc
-
-# Root password
-rootpw --iscrypted $y$j9T$SYQgSGCnU.FUaT7BKMEI9TKz$nLPf1uHlzpoBCmEndvVRK2FnY67wUY2TyxiMUIufH7A

ks_base_profiles/part_sda.cfg

@@ -1,10 +0,0 @@
-# Generated using Blivet version 3.12.1
-ignoredisk --only-use=sda
-# Partition clearing information
-clearpart --none --initlabel
-# Disk partitioning information
-part biosboot --fstype="biosboot" --ondisk=sda --size=1
-part btrfs.69 --fstype="btrfs" --ondisk=sda --size=80000
-part /boot --fstype="xfs" --ondisk=sda --size=2048
-btrfs none --label=fedora btrfs.69
-btrfs / --subvol --name=root LABEL=fedora

ks_pc_prof/pc-9cdb93ef7c20.cfg

@@ -1 +0,0 @@
-%include ../ks_base_profiles/kde_fullsetup.cfg

system_setup/configure.sh

@@ -0,0 +1,141 @@
+#!/usr/bin/env bash
+# configure.sh - Interactive first-time configuration wizard
+#
+# SPDX-FileCopyrightText: Daniel Pätzold
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+SCRIPTDIR="$(cd "$(dirname "$0")" && pwd)"
+CONF_DIST="${SCRIPTDIR}/../config/setup_system.conf.dist"
+CONF_FILE="${SCRIPTDIR}/../config.d/configure.conf"
+
+if [[ "$EUID" -eq 0 ]]; then
+    echo "ERROR: This script must not be run as root." >&2
+    exit 1
+fi
+
+# Prompt for a single value; returns the old value unchanged if the user presses Enter.
+prompt_value() {
+    local name="$1" current="$2" new_val
+    printf '  %-28s [%s]: ' "$name" "$current" >&2
+    read -r new_val
+    printf '%s' "${new_val:-$current}"
+}
+
+# Replace the first matching simple export line in configure.conf.
+set_conf_var() {
+    local varname="$1" value="$2"
+    sed -i "s|^[[:space:]]*export ${varname}=.*|export ${varname}=\"${value}\"|" "$CONF_FILE"
+}
+
+# Update an existing bare "export VAR=…" line at the top level, or append one.
+override_conf_var() {
+    local varname="$1" value="$2"
+    if grep -q "^export ${varname}=" "$CONF_FILE"; then
+        sed -i "s|^export ${varname}=.*|export ${varname}=\"${value}\"|" "$CONF_FILE"
+    else
+        printf 'export %s="%s"\n' "$varname" "$value" >> "$CONF_FILE"
+    fi
+}
+
+do_configure() {
+    mkdir -p "$(dirname "$CONF_FILE")"
+    cp "$CONF_DIST" "$CONF_FILE"
+
+    # Source the dist defaults (unset computed vars first so they are re-evaluated).
+    unset TLDOMAIN DOMAIN SERVERFQDN_IPA SERVERFQDN_NC CLIENTADMINGROUP \
+          DECRYPTEDDATADIR ENCRYPTEDDATADIR IPAVAULTUSE IPAVAULTNAME HOSTNM FQDN
+    # shellcheck disable=SC1090
+
+    echo ""
+    echo "=== System Configuration ==="
+    echo "Press Enter to keep the current value, or type a new one."
+    echo ""
+
+    source "$CONF_FILE"
+    VARS=("TLDOMAIN" "DOMAIN" "SERVERFQDN_IPA" "SERVERFQDN_NC" "CLIENTADMINGROUP" "IPAVAULTUSE" )
+    for ELE in "${VARS[@]}"
+    do
+        new_ELE=$(prompt_value "${ELE}" "${!ELE}")
+        set_conf_var "${ELE}" "${new_ELE}"
+        source "$CONF_FILE"
+    done
+
+    echo ""
+    echo "Configuration written to: ${CONF_FILE}"
+}
+
+while true; do
+    do_configure
+
+    echo ""
+    echo "=== Testing: Nextcloud server ==="
+    NC_STATUS=$(curl -fsSL "https://${SERVERFQDN_NC}/status.php" 2>/dev/null)
+    if echo "$NC_STATUS" | grep -q '"installed":true'; then
+        NC_VERSION=$(echo "$NC_STATUS" | grep -oP '(?<="versionstring":")[^"]+')
+        echo "Nextcloud confirmed at ${SERVERFQDN_NC} (version ${NC_VERSION})."
+    else
+        echo ""
+        echo "WARNING: '${SERVERFQDN_NC}' does not appear to be a valid Nextcloud server."
+        echo "         Could not reach https://${SERVERFQDN_NC}/status.php or response was unexpected."
+        read -rp "Start configuration again (a) or quit (q)? [a/q]: " ans
+        if [[ "${ans,,}" == "q" ]]; then
+            echo "Quitting."
+            exit 1
+        fi
+        continue
+    fi
+
+    echo ""
+    echo "=== Testing: FreeIPA server ==="
+    IPA_CODE=$(curl -s -o /dev/null -w "%{http_code}" \
+        "https://${SERVERFQDN_IPA}/ipa/session/json" 2>/dev/null)
+    if [[ "$IPA_CODE" == "200" || "$IPA_CODE" == "401" ]]; then
+        echo "FreeIPA server confirmed at ${SERVERFQDN_IPA}."
+    else
+        echo ""
+        echo "WARNING: '${SERVERFQDN_IPA}' does not appear to be a valid FreeIPA server."
+        echo "         https://${SERVERFQDN_IPA}/ipa/session/json returned: ${IPA_CODE:-no response}"
+        read -rp "Start configuration again (a) or quit (q)? [a/q]: " ans
+        if [[ "${ans,,}" == "q" ]]; then
+            echo "Quitting."
+            exit 1
+        fi
+        continue
+    fi
+
+    echo ""
+    echo "=== Select Kickstart Profile ==="
+    KS_DIR="${SCRIPTDIR}/../ks_base_profiles"
+    KS_DEST="${SCRIPTDIR}/../ks.cfg"
+
+    mapfile -t KS_FILES < <(find "$KS_DIR" -maxdepth 1 -name "*.cfg" | sort)
+    if [[ ${#KS_FILES[@]} -eq 0 ]]; then
+        echo "No kickstart profiles found in ${KS_DIR}."
+        exit 1
+    fi
+
+    echo ""
+    for i in "${!KS_FILES[@]}"; do
+        desc=$(awk '/^$/{exit} {print}' "${KS_FILES[$i]}" \
+               | sed 's/^#[[:space:]]*//' | tr '\n' ' ' | xargs)
+        printf "  %d) %-36s %s\n" "$((i+1))" "$(basename "${KS_FILES[$i]}")" "$desc"
+    done
+    echo ""
+
+    while true; do
+        read -rp "Select profile [1-${#KS_FILES[@]}]: " sel
+        [[ "$sel" =~ ^[0-9]+$ ]] && (( sel >= 1 && sel <= ${#KS_FILES[@]} )) && break
+        echo "  Invalid selection, please enter a number between 1 and ${#KS_FILES[@]}."
+    done
+
+    cp "${KS_FILES[$((sel-1))]}" "$KS_DEST"
+    echo "Copied '$(basename "${KS_FILES[$((sel-1))]}")' to ${KS_DEST}."
+
+    echo ""
+    echo "=== Configuration complete ==="
+    echo "All values have been configured and verified successfully."
+    echo "The system is now ready for the new installation."
+    echo "Boot from the Fedora USB installer — Anaconda will detect the OEMDRV partition"
+    echo "and run the Kickstart automatically."
+    exit 0
+done

system_setup/install.sh

@@ -14,7 +14,7 @@ SHRINK_MIB=4096
 OEMDRV_LABEL="OEMDRV"
 MOUNT_POINT="/opt/sys_config"
 MOUNT_OPTS="compress=zstd:6"
-REPO_URL="https://gitea.dtext.online/obel1x/fedora-OEMDRV.git"
+REPO_URL="${1:-https://gitea.dtext.online/obel1x/fedora-OEMDRV.git}"
 MIN_FREE_MIB=$(( SHRINK_MIB + 512 ))   # require 512 MiB headroom above the shrink size
 
 # ── Helpers ───────────────────────────────────────────────────────────────────
@@ -35,6 +35,28 @@ check_tools() {
     [[ ${#missing[@]} -eq 0 ]] || die "Missing required tools: ${missing[*]}"
 }
 
+# Returns 0 if the remote install.sh matches this script's checksum,
+# 1 if the URL is unreachable or the file cannot be downloaded,
+# 2 if the checksum does not match.
+check_repo_url() {
+    local tmpdir sum_remote sum_local
+
+    tmpdir=$(mktemp -d /tmp/oemdrv_repocheck.XXXXXX)
+
+    if ! curl -fsSL "${REPO_URL%.git}/raw/branch/main/system_setup/install.sh" \
+              -o "$tmpdir/install.sh" 2>/dev/null; then
+        rm -rf "$tmpdir"
+        return 1
+    fi
+
+    sum_remote=$(sha256sum "$tmpdir/install.sh" | awk '{print $1}')
+    sum_local=$(sha256sum "$0"                  | awk '{print $1}')
+    rm -rf "$tmpdir"
+
+    [[ "$sum_remote" == "$sum_local" ]] || return 2
+    return 0
+}
+
 # ── Free-space helpers ────────────────────────────────────────────────────────
 
 # Free MiB for a mounted device via df
@@ -241,6 +263,23 @@ new_part_device() {
 require_root
 check_tools
 
+info "Verifying repository URL..."
+check_repo_url
+case $? in
+    1) echo
+       echo "WARNING: '$REPO_URL' is not a reachable git repository."
+       read -r -p "  Continue anyway? [y/N]: " ans
+       [[ "${ans,,}" == "y" ]] || { echo "Aborted."; exit 0; }
+       ;;
+    2) echo
+       echo "WARNING: The checksum of this script does not match 'system_setup/install.sh'"
+       echo "         at '$REPO_URL'."
+       echo "         You may be running an outdated or modified version of install.sh."
+       read -r -p "  Continue anyway? [y/N]: " ans
+       [[ "${ans,,}" == "y" ]] || { echo "Aborted."; exit 0; }
+       ;;
+esac
+
 info "Scanning for shrinkable partitions and unpartitioned free space..."
 collect_partitions
 collect_free_space
@@ -432,6 +471,7 @@ mount -o "$MOUNT_OPTS" "$OEMDRV_DEV" "$MOUNT_POINT" || die "mount failed."
 info "Cloning $REPO_URL into $MOUNT_POINT..."
 cd "$MOUNT_POINT" || die "Cannot cd to $MOUNT_POINT."
 git clone --progress --depth 1 "$REPO_URL" . || die "git clone failed."
+chmod o=rwX . -R # to make changes to the configuration possible after install
 
 # ── Done ──────────────────────────────────────────────────────────────────────
 
@@ -440,9 +480,26 @@ echo
 echo "  OEMDRV device : $OEMDRV_DEV"
 echo "  Mounted at    : $MOUNT_POINT"
 echo
-echo "Next steps:"
-echo "  1. cp $MOUNT_POINT/config/setup_system.conf.dist \\"
-echo "        $MOUNT_POINT/config/setup_system.conf"
-echo "  2. Edit setup_system.conf with your domain, IPA/Nextcloud FQDNs, and paths."
-echo "  3. Boot the Kickstart installer — it will detect the OEMDRV partition automatically."
+
+# ── Optionally run configure.sh ───────────────────────────────────────────────
+
+CONF_SCRIPT="$MOUNT_POINT/system_setup/configure.sh"
+
 echo
+read -r -p "Run configure.sh now to set up your environment? [y/N]: " RUN_CONF
+if [[ "${RUN_CONF,,}" == "y" ]]; then
+    if [[ -n "$SUDO_USER" ]]; then
+        info "Running configure.sh as user '$SUDO_USER'..."
+        su - "$SUDO_USER" -c "DISPLAY='${DISPLAY}' WAYLAND_DISPLAY='${WAYLAND_DISPLAY}' bash '$CONF_SCRIPT'"
+    else
+        echo
+        echo "configure.sh must be run as a non-root user. Please run:"
+        echo "  bash $CONF_SCRIPT"
+    fi
+else
+    echo
+    echo "Next steps:"
+    echo "  1. Run: bash $CONF_SCRIPT"
+    echo "  2. Boot the Kickstart installer — it will detect the OEMDRV partition automatically."
+    echo
+fi

system_setup/setup_system.inc.sh

@@ -15,7 +15,14 @@
 #    fi
 #    return 0
 #}
-if [ ! -f $(dirname "$0")/../config/setup_system.conf ]; then
+
+#Check for configure.conf - used for frist setup of system
+if [[ -f $(dirname "$0")/../config.d/configure.conf ]]; then
+    echo "System in configure-mode. Will use $(dirname "$0")/../config.d/configure.conf for setup."
+    source $(dirname "$0")/../config.d/configure.conf
+else
+    #Load default system setup file
+    if [[ ! -f $(dirname "$0")/../config/setup_system.conf ]]; then
         echo "System configuration not found. Please make a copy of setup_system.conf.dist, name it setup_system.conf and check the settings in it before running."
         echo "Press any key to continue" && read -n 1 -s -r && exit 1
     fi
@@ -25,6 +32,7 @@ source $(dirname "$0")/../config/setup_system.conf
     if [[ `ls -1 $(dirname "$0")/../config.d/*.conf 2>/dev/null | wc -l ` -gt 0 ]]; then
         source $(dirname "$0")/../config.d/*.conf
     fi
+fi
 
 #Check if the Data- Directory is encrypted
 check_data_isecrypted() {
@@ -74,7 +82,8 @@ get_nc_token() {
       return 1 # Token for Superuser makes no sense and cannot work
     fi
 
-    if [ ${IPAVAULTUSE} == "true" ]; then
+    # If Filename is given andf encryption is turned on, than first check for encrypted Directory
+    if [ ${IPAVAULTUSE} == "true" ] && [ ! -z ${DAVTOKENFILENAME} ]; then
         check_data_isecrypted
         if [ $? -ne 0 ]; then
             echo "Data Directory is not encrypted. Please mount it first."
@@ -82,7 +91,7 @@ get_nc_token() {
         fi
     fi
 
-    if [ ! -f ${DAVTOKENFILENAME} ]; then
+    if [ ! -f ${DAVTOKENFILENAME} ] || [ -z ${DAVTOKENFILENAME} ]; then
         echo "No token found here. Getting a new WEBDAV Token for this Device."
         echo "Please logon to your Nextcloud instance via SSO/kerberos"
 
@@ -102,8 +111,12 @@ get_nc_token() {
             echo -n "Poll Number ${i}..."
             POLLJSON=$( curl -s -X POST "https://${SERVERFQDN_NC}/login/v2/poll" -d "token=${REQTOKEN}" )
             if [[ "${POLLJSON}" == *"appPassword"* ]]; then
+                if [ ! -z ${DAVTOKENFILENAME} ]; then
                     echo "${POLLJSON}" > ${DAVTOKENFILENAME}
-                echo "found token. Token has been written to ${DAVTOKENFILENAME}"
+                    echo "Token has been written to ${DAVTOKENFILENAME}"
+                else
+                    echo "Temporary token was obtained."
+                fi
                 pkill firefox
                 break
             else

system_setup/sync_client_software.sh

@@ -72,6 +72,24 @@ if [[ ! -z "${DISTCONFIGPATH_SRC}" ]]; then
     fi
     echo "Sucessfully synced."
     echo ""
+
+    # Check, if we are in configure-mode and if so, remove the file and reread the now new synced configuration
+    if [ -f $(dirname "$0")/../config.d/configure.conf ]; then
+        #Check if configuration was obtained by sync
+        if [ -f $(dirname "$0")/../config/setup_system.conf ]; then
+            echo "Existing configuration found in Repository, removing configure-mode and reread the configuration."
+            rm -f $(dirname "$0")/../config.d/configure.conf.bak >/dev/null
+            mv $(dirname "$0")/../config.d/configure.conf $(dirname "$0")/../config.d/configure.conf.bak
+            source $(dirname "$0")/../config/setup_system.conf
+        else
+            echo "System is in configure-mode and configuration repository was found and synced, but still not configuration was found"
+            echo "checking file $(dirname "$0")/../config/setup_system.conf"
+            echo ""
+            echo "Please make a inital copy of config/setup_system.conf.dist to config/setup_system.conf and check all settings there."
+            echo "Then rerun the logon script to sync the file to your repository."
+            echo "Press any key to continue" && read -n 1 -s -r && exit 1
+        fi
+    fi
 fi
 #Check if Repository is defined
 if [ "${CLIENT_SOFTWARE_DST}." == "." ]; then