2026-04-29 22:13:45 +02:00
13 changed files with 382 additions and 128 deletions
@@ -9,3 +9,5 @@ config/skel.tar.zst
 config/.sync_*.db
 config/.sync_*.db
 config.d/*.conf
 ks_pc_prof/*
 ks.cfg
@@ -70,7 +70,6 @@ ${CLIENT_SOFTWARE_DST}/install.sh 0010_kwallet
 - `ks.cfg` — the primary kickstart used for production installs (Fedora 43, KDE, x86_64, German locale/keyboard)
 - `ks_base_profiles/kde_fullsetup.cfg` — an alternate/reference profile generated by Anaconda
 - `ks_base_profiles/minimal_setup.cfg`, `part_sda.cfg` — additional profile fragments
 - `ks_pc_prof/` — per-machine kickstart overrides, named by system UUID suffix (e.g. `pc-9cdb93ef7c20.cfg`)
 ## Sudo rule required for logon_script
@@ -1,23 +1,18 @@
-# Fedora OEMDRV
+
 # Fedora automated install script collection
 an automated massinstallation scripting collection for Fedora and Anaconda
 IN DEVELOPMENT !
 This Software is very Specific, it needs at least:
- A Free IPA Server with IP Clients enrolled to the Domain
+- A Free IPA Server in which IP Clients can be enrolled to
- A Nextcloud instance, connected to the Domain
+- An Admin that has the rights to do so
 - A Nextcloud instance, connected to the Domain which should have Software Configuration and Reository Paths setup
 - A client pc that will use this software to automate install and setup the PC
 ## Install
-1. Create Partition named "OEMDRV", at least 1 GByte in size on a local disk that will be readable when starting installation from stick
+- Look at the file [install.md](install.md)
 2. Format it BTRFS and mount it to "/opt/sys_config"
 3. Copy git files in it with "git clone --progress --depth 1 https://gitea.dtext.online/obel1x/fedora-OEMDRV.git /opt/sys_config"
    1. or for developement "git clone --progress https://gitea.dtext.online/obel1x/fedora-OEMDRV.git /opt/sys_config"
-Setup
+more to come
 - Make a copy of /opt/sys_config/system_setup/setup_system.conf.dist, name it /opt/sys_config/system_setup/setup_system.conf
 - Check the settings in it and change to your needs before running
 More to come...
@@ -0,0 +1,34 @@
 # configure.sh — First-time setup wizard
 Run `system_setup/configure.sh` as a **normal user** (not root) on the machine that has the OEMDRV partition mounted. It guides you through all site-specific settings, tests the configuration, and leaves the system ready for a Fedora installation.
 ```bash
 bash /opt/sys_config/system_setup/configure.sh
 ```
 ## What it does
 1. **Edits configuration values** — prompts for each setting below. Press Enter to keep the shown default, or type a new value. Derived values (e.g. `SERVERFQDN_IPA`) are updated immediately when you change `TLDOMAIN`, so subsequent prompts always reflect your latest input.
   | Variable | Description |
   |---|---|
   | `TLDOMAIN` | Top-level domain of your infrastructure (e.g. `company.tld`) |
   | `SERVERFQDN_IPA` | FQDN of the FreeIPA server (default: `ipa.<TLDOMAIN>`) |
   | `SERVERFQDN_NC` | FQDN of the Nextcloud server (default: `nextcloud.<TLDOMAIN>`) |
   | `CLIENTADMINGROUP` | IPA group that receives sudo rights on clients |
   | `DECRYPTEDDATADIR` | Mount point for the decrypted user data directory |
   | `ENCRYPTEDDATADIR` | Path of the gocryptfs-encrypted data directory |
   | `IPAVAULTUSE` | `true` to use IPA KRA vault for the encryption key, `false` to disable encryption |
   | `IPAVAULTNAME` | Name of the IPA vault entry (default: `CLIENT_FILEENCRYPTION_<hostname>`) |
 2. **Confirms the FQDN** — shows the computed `FQDN` (`<hostname>.clients.<TLDOMAIN>`) and lets you override the hostname part if needed.
 3. **Tests the encrypted home mount** — runs `mount_ecrypt_home.sh`. On failure you can restart the wizard or quit.
 4. **Obtains a Nextcloud WebDAV token** — calls `get_nc_token`, which opens Firefox for login. Verifies that the returned token belongs to the current user. You can retry or quit on failure.
 5. On success, the written config file `config.d/configure.conf` is picked up automatically by all other scripts instead of `config/setup_system.conf`.
 ## After the wizard completes
 Boot the target machine from the Fedora USB installer. Anaconda detects the OEMDRV partition and runs the Kickstart automatically.
@@ -1,4 +1,6 @@
-#Basic settings:
+# Full Cinnamon Setup
 #Basic settings
 graphical
 text
@@ -25,13 +27,11 @@ mount -L OEMDRV /mnt/anaconda_pre
 %end
 %packages
-@^kde-desktop-environment
+@^cinnamon-desktop-environment
@core
@admin-tools
@domain-client
@system-tools
@kde-media
@kde-spin-initial-setup
@libreoffice
@office
@sound-and-video
@@ -57,29 +57,17 @@ pykickstart
 xrdp
 xorgxrdp
 libxcb-doc
 plasma-workspace-x11
 xterm
 wmctrl
 flatpak
 btrfs-assistant
 btrbk
-ktorrent
+transmission-gtk
 cadaver
 kdevelop
 git
 diffuse
 remmina
 android-tools
 -kpat
 -kmines
 #Annoying plasmoids
 -kdeplasma-addons
 #Search - Powerful, but slow
 -akonadi-server
 -akonadi-server-mysql
 -dragon
 -kdeconnectd
 -kde-connect
 -samba
 -samba-client
 -samba-usershares
@@ -1,47 +1,115 @@
-# Generated by Anaconda 43.44
+# Full KDE Wayland Setup
-%pre
+#Basic settings
-/bin/sh /mnt/tmp/ks_base_profiles/basic_pre_script.inc
+graphical
-%end
+text
 # Configure installation method
 url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64"
 repo --name=fedora-updates --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64" --cost=0
 repo --name=fedora-cisco-openh264 --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-cisco-openh264-43&arch=x86_64" --install
 repo --name=rpmfusion-free --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-43&arch=x86_64"
 repo --name=rpmfusion-free-updates --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-updates-released-43&arch=x86_64" --cost=0
 repo --name=rpmfusion-nonfree --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=nonfree-fedora-43&arch=x86_64"
 repo --name=rpmfusion-nonfree-updates --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=nonfree-fedora-updates-released-43&arch=x86_64" --cost=0
 # Keyboard layouts
 keyboard --vckeymap=de-nodeadkeys --xlayouts='de (nodeadkeys)'
 # System language
 lang de_DE.UTF-8
 # System timezone
 timezone Europe/Berlin --utc
 %pre --log=/root/ks-pre.log
 mkdir /mnt/anaconda_pre
 mount -L OEMDRV /mnt/anaconda_pre
 /bin/sh /mnt/anaconda_pre/ks_base_profiles/basic_pre_script.inc
 %end
 %packages
@^kde-desktop-environment
@core
@admin-tools
@development-tools
@domain-client
-@editors
+@system-tools
@firefox
@kde-apps
@kde-desktop
@kde-media
@kde-spin-initial-setup
@libreoffice
@office
@sound-and-video
-@system-tools
+libva-utils
 libavcodec-freeworld
 mesa-va-drivers-freeworld
 ffmpeg
@vlc
-
+python-vlc
@firefox
 thunderbird
 openssh-server
 bash
 sudo
 gocryptfs
 htop
 mc
 mediawriter
 python-pip
 pykickstart
 xrdp
 xorgxrdp
 libxcb-doc
 plasma-workspace-x11
 xterm
 wmctrl
 flatpak
 btrfs-assistant
 btrbk
 ktorrent
 cadaver
 kdevelop
 git
 diffuse
 remmina
 android-tools
 -kpat
 -kmines
 #Annoying plasmoids
 -kdeplasma-addons
 #Search - Powerful, but slow
 -akonadi-server
 -akonadi-server-mysql
 -dragon
 -kdeconnectd
 -kde-connect
 -samba
 -samba-client
 -samba-usershares
 -BackupPC
 #Needed by SSSD
 oddjob-mkhomedir
 nss-pam-ldapd
 %end
 # System authorization information
 authselect enable-feature with-fingerprint
-# Run the Setup Agent on first boot
+# Generated using Blivet version 3.12.1
-firstboot --enable
+ignoredisk --only-use=sda
-
+# Partition clearing information
-timesource --ntp-server=_gateway
+#clearpart --none --initlabel
-# System timezone
+clearpart --none
-timezone Europe/Berlin --utc
+autopart --type=btrfs
 # Root password
 # This Password is completely unknown to anyone. After installation, the PC should be Member of Domain and the users may use sudo to become superuser.
 rootpw --iscrypted $y$j9T$jpKVkxaFqL6GH6GAgB0Yb/$oc.rfZgnHNlTAIj/boJeI.ZFf1QHvMF7fymZww9bzE3
 #user --name=none
-%post
+# Do not run the Setup Agent on first boot because it will complain about missing user account which we dont want
-/bin/sh /mnt/tmp/system_setup/setup_system_full.sh install
+firstboot --disable
 %post --log=/root/ks-post.log
 mkdir /opt/sys_config
 mount -L OEMDRV /opt/sys_config
 /bin/sh /opt/sys_config/system_setup/setup_system_full.sh install
 umount /opt/sys_config
 %end
@@ -1,50 +0,0 @@
 # Generated by Anaconda 43.44
 # Keyboard layouts
 keyboard --vckeymap=de-nodeadkeys --xlayouts='de (nodeadkeys)'
 # System language
 lang de_DE.UTF-8
 %packages
@^kde-desktop-environment
@admin-tools
@development-tools
@domain-client
@editors
@firefox
@kde-apps
@kde-desktop
@kde-media
@kde-spin-initial-setup
@libreoffice
@office
@sound-and-video
@system-tools
@vlc
 %end
 # System authorization information
 authselect enable-feature with-fingerprint
 # Run the Setup Agent on first boot
 firstboot --enable
 # Generated using Blivet version 3.12.1
 ignoredisk --only-use=nvme0n1
 # Partition clearing information
 clearpart --none --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --ondisk=nvme0n1 --size=600 --fsoptions="umask=0077,shortname=winnt"
 part /sys_config --fstype="ext4" --noformat --onpart=UUID=3f9837da-5a46-4da1-a98b-62a8899e63cb --label=OEMDRV
 part /boot --fstype="ext4" --ondisk=nvme0n1 --size=2048
 part btrfs.115 --fstype="btrfs" --ondisk=nvme0n1 --size=485249
 btrfs none --label=fedora_fedora btrfs.115
 btrfs / --subvol --name=root LABEL=fedora_fedora
 btrfs /home --subvol --name=home LABEL=fedora_fedora
 timesource --ntp-server=_gateway
 # System timezone
 timezone Europe/Berlin --utc
 # Root password
 rootpw --iscrypted $y$j9T$SYQgSGCnU.FUaT7BKMEI9TKz$nLPf1uHlzpoBCmEndvVRK2FnY67wUY2TyxiMUIufH7A
@@ -1,10 +0,0 @@
 # Generated using Blivet version 3.12.1
 ignoredisk --only-use=sda
 # Partition clearing information
 clearpart --none --initlabel
 # Disk partitioning information
 part biosboot --fstype="biosboot" --ondisk=sda --size=1
 part btrfs.69 --fstype="btrfs" --ondisk=sda --size=80000
 part /boot --fstype="xfs" --ondisk=sda --size=2048
 btrfs none --label=fedora btrfs.69
 btrfs / --subvol --name=root LABEL=fedora
@@ -1 +0,0 @@
 %include ../ks_base_profiles/kde_fullsetup.cfg
@@ -0,0 +1,141 @@
 #!/usr/bin/env bash
 # configure.sh - Interactive first-time configuration wizard
 #
 # SPDX-FileCopyrightText: Daniel Pätzold
 # SPDX-License-Identifier: AGPL-3.0-or-later
 SCRIPTDIR="$(cd "$(dirname "$0")" && pwd)"
 CONF_DIST="${SCRIPTDIR}/../config/setup_system.conf.dist"
 CONF_FILE="${SCRIPTDIR}/../config.d/configure.conf"
 if [[ "$EUID" -eq 0 ]]; then
    echo "ERROR: This script must not be run as root." >&2
    exit 1
 fi
 # Prompt for a single value; returns the old value unchanged if the user presses Enter.
 prompt_value() {
    local name="$1" current="$2" new_val
    printf '  %-28s [%s]: ' "$name" "$current" >&2
    read -r new_val
    printf '%s' "${new_val:-$current}"
 }
 # Replace the first matching simple export line in configure.conf.
 set_conf_var() {
    local varname="$1" value="$2"
    sed -i "s|^[[:space:]]*export ${varname}=.*|export ${varname}=\"${value}\"|" "$CONF_FILE"
 }
 # Update an existing bare "export VAR=…" line at the top level, or append one.
 override_conf_var() {
    local varname="$1" value="$2"
    if grep -q "^export ${varname}=" "$CONF_FILE"; then
        sed -i "s|^export ${varname}=.*|export ${varname}=\"${value}\"|" "$CONF_FILE"
    else
        printf 'export %s="%s"\n' "$varname" "$value" >> "$CONF_FILE"
    fi
 }
 do_configure() {
    mkdir -p "$(dirname "$CONF_FILE")"
    cp "$CONF_DIST" "$CONF_FILE"
    # Source the dist defaults (unset computed vars first so they are re-evaluated).
    unset TLDOMAIN DOMAIN SERVERFQDN_IPA SERVERFQDN_NC CLIENTADMINGROUP \
          DECRYPTEDDATADIR ENCRYPTEDDATADIR IPAVAULTUSE IPAVAULTNAME HOSTNM FQDN
    # shellcheck disable=SC1090
    echo ""
    echo "=== System Configuration ==="
    echo "Press Enter to keep the current value, or type a new one."
    echo ""
    source "$CONF_FILE"
    VARS=("TLDOMAIN" "DOMAIN" "SERVERFQDN_IPA" "SERVERFQDN_NC" "CLIENTADMINGROUP" "IPAVAULTUSE" )
    for ELE in "${VARS[@]}"
    do
        new_ELE=$(prompt_value "${ELE}" "${!ELE}")
        set_conf_var "${ELE}" "${new_ELE}"
        source "$CONF_FILE"
    done
    echo ""
    echo "Configuration written to: ${CONF_FILE}"
 }
 while true; do
    do_configure
    echo ""
    echo "=== Testing: Nextcloud server ==="
    NC_STATUS=$(curl -fsSL "https://${SERVERFQDN_NC}/status.php" 2>/dev/null)
    if echo "$NC_STATUS" | grep -q '"installed":true'; then
        NC_VERSION=$(echo "$NC_STATUS" | grep -oP '(?<="versionstring":")[^"]+')
        echo "Nextcloud confirmed at ${SERVERFQDN_NC} (version ${NC_VERSION})."
    else
        echo ""
        echo "WARNING: '${SERVERFQDN_NC}' does not appear to be a valid Nextcloud server."
        echo "         Could not reach https://${SERVERFQDN_NC}/status.php or response was unexpected."
        read -rp "Start configuration again (a) or quit (q)? [a/q]: " ans
        if [[ "${ans,,}" == "q" ]]; then
            echo "Quitting."
            exit 1
        fi
        continue
    fi
    echo ""
    echo "=== Testing: FreeIPA server ==="
    IPA_CODE=$(curl -s -o /dev/null -w "%{http_code}" \
        "https://${SERVERFQDN_IPA}/ipa/session/json" 2>/dev/null)
    if [[ "$IPA_CODE" == "200" || "$IPA_CODE" == "401" ]]; then
        echo "FreeIPA server confirmed at ${SERVERFQDN_IPA}."
    else
        echo ""
        echo "WARNING: '${SERVERFQDN_IPA}' does not appear to be a valid FreeIPA server."
        echo "         https://${SERVERFQDN_IPA}/ipa/session/json returned: ${IPA_CODE:-no response}"
        read -rp "Start configuration again (a) or quit (q)? [a/q]: " ans
        if [[ "${ans,,}" == "q" ]]; then
            echo "Quitting."
            exit 1
        fi
        continue
    fi
    echo ""
    echo "=== Select Kickstart Profile ==="
    KS_DIR="${SCRIPTDIR}/../ks_base_profiles"
    KS_DEST="${SCRIPTDIR}/../ks.cfg"
    mapfile -t KS_FILES < <(find "$KS_DIR" -maxdepth 1 -name "*.cfg" | sort)
    if [[ ${#KS_FILES[@]} -eq 0 ]]; then
        echo "No kickstart profiles found in ${KS_DIR}."
        exit 1
    fi
    echo ""
    for i in "${!KS_FILES[@]}"; do
        desc=$(awk '/^$/{exit} {print}' "${KS_FILES[$i]}" \
               | sed 's/^#[[:space:]]*//' | tr '\n' ' ' | xargs)
        printf "  %d) %-36s %s\n" "$((i+1))" "$(basename "${KS_FILES[$i]}")" "$desc"
    done
    echo ""
    while true; do
        read -rp "Select profile [1-${#KS_FILES[@]}]: " sel
        [[ "$sel" =~ ^[0-9]+$ ]] && (( sel >= 1 && sel <= ${#KS_FILES[@]} )) && break
        echo "  Invalid selection, please enter a number between 1 and ${#KS_FILES[@]}."
    done
    cp "${KS_FILES[$((sel-1))]}" "$KS_DEST"
    echo "Copied '$(basename "${KS_FILES[$((sel-1))]}")' to ${KS_DEST}."
    echo ""
    echo "=== Configuration complete ==="
    echo "All values have been configured and verified successfully."
    echo "The system is now ready for the new installation."
    echo "Boot from the Fedora USB installer — Anaconda will detect the OEMDRV partition"
    echo "and run the Kickstart automatically."
    exit 0
 done
@@ -14,7 +14,7 @@ SHRINK_MIB=4096
 OEMDRV_LABEL="OEMDRV"
 MOUNT_POINT="/opt/sys_config"
 MOUNT_OPTS="compress=zstd:6"
-REPO_URL="https://gitea.dtext.online/obel1x/fedora-OEMDRV.git"
+REPO_URL="${1:-https://gitea.dtext.online/obel1x/fedora-OEMDRV.git}"
 MIN_FREE_MIB=$(( SHRINK_MIB + 512 ))   # require 512 MiB headroom above the shrink size
 # ── Helpers ───────────────────────────────────────────────────────────────────
@@ -35,6 +35,28 @@ check_tools() {
    [[ ${#missing[@]} -eq 0 ]] || die "Missing required tools: ${missing[*]}"
 }
 # Returns 0 if the remote install.sh matches this script's checksum,
 # 1 if the URL is unreachable or the file cannot be downloaded,
 # 2 if the checksum does not match.
 check_repo_url() {
    local tmpdir sum_remote sum_local
    tmpdir=$(mktemp -d /tmp/oemdrv_repocheck.XXXXXX)
    if ! curl -fsSL "${REPO_URL%.git}/raw/branch/main/system_setup/install.sh" \
              -o "$tmpdir/install.sh" 2>/dev/null; then
        rm -rf "$tmpdir"
        return 1
    fi
    sum_remote=$(sha256sum "$tmpdir/install.sh" | awk '{print $1}')
    sum_local=$(sha256sum "$0"                  | awk '{print $1}')
    rm -rf "$tmpdir"
    [[ "$sum_remote" == "$sum_local" ]] || return 2
    return 0
 }
 # ── Free-space helpers ────────────────────────────────────────────────────────
 # Free MiB for a mounted device via df
@@ -241,6 +263,23 @@ new_part_device() {
 require_root
 check_tools
 info "Verifying repository URL..."
 check_repo_url
 case $? in
    1) echo
       echo "WARNING: '$REPO_URL' is not a reachable git repository."
       read -r -p "  Continue anyway? [y/N]: " ans
       [[ "${ans,,}" == "y" ]] || { echo "Aborted."; exit 0; }
       ;;
    2) echo
       echo "WARNING: The checksum of this script does not match 'system_setup/install.sh'"
       echo "         at '$REPO_URL'."
       echo "         You may be running an outdated or modified version of install.sh."
       read -r -p "  Continue anyway? [y/N]: " ans
       [[ "${ans,,}" == "y" ]] || { echo "Aborted."; exit 0; }
       ;;
 esac
 info "Scanning for shrinkable partitions and unpartitioned free space..."
 collect_partitions
 collect_free_space
@@ -432,6 +471,7 @@ mount -o "$MOUNT_OPTS" "$OEMDRV_DEV" "$MOUNT_POINT" || die "mount failed."
 info "Cloning $REPO_URL into $MOUNT_POINT..."
 cd "$MOUNT_POINT" || die "Cannot cd to $MOUNT_POINT."
 git clone --progress --depth 1 "$REPO_URL" . || die "git clone failed."
 chmod o=rwX . -R # to make changes to the configuration possible after install
 # ── Done ──────────────────────────────────────────────────────────────────────
@@ -440,9 +480,26 @@ echo
 echo "  OEMDRV device : $OEMDRV_DEV"
 echo "  Mounted at    : $MOUNT_POINT"
 echo
-echo "Next steps:"
+
-echo "  1. cp $MOUNT_POINT/config/setup_system.conf.dist \\"
+# ── Optionally run configure.sh ───────────────────────────────────────────────
-echo "        $MOUNT_POINT/config/setup_system.conf"
+
-echo "  2. Edit setup_system.conf with your domain, IPA/Nextcloud FQDNs, and paths."
+CONF_SCRIPT="$MOUNT_POINT/system_setup/configure.sh"
-echo "  3. Boot the Kickstart installer — it will detect the OEMDRV partition automatically."
+
 echo
 read -r -p "Run configure.sh now to set up your environment? [y/N]: " RUN_CONF
 if [[ "${RUN_CONF,,}" == "y" ]]; then
    if [[ -n "$SUDO_USER" ]]; then
        info "Running configure.sh as user '$SUDO_USER'..."
        su - "$SUDO_USER" -c "DISPLAY='${DISPLAY}' WAYLAND_DISPLAY='${WAYLAND_DISPLAY}' bash '$CONF_SCRIPT'"
    else
        echo
        echo "configure.sh must be run as a non-root user. Please run:"
        echo "  bash $CONF_SCRIPT"
    fi
 else
    echo
    echo "Next steps:"
    echo "  1. Run: bash $CONF_SCRIPT"
    echo "  2. Boot the Kickstart installer — it will detect the OEMDRV partition automatically."
    echo
 fi
@@ -15,15 +15,23 @@
 #    fi
 #    return 0
 #}
 if [ ! -f $(dirname "$0")/../config/setup_system.conf ]; then
    echo "System configuration not found. Please make a copy of setup_system.conf.dist, name it setup_system.conf and check the settings in it before running."
    echo "Press any key to continue" && read -n 1 -s -r && exit 1
 fi
 source $(dirname "$0")/../config/setup_system.conf
-#Parse additional client-configs
+#Check for configure.conf - used for frist setup of system
-if [[ `ls -1 $(dirname "$0")/../config.d/*.conf 2>/dev/null | wc -l ` -gt 0 ]]; then
+if [[ -f $(dirname "$0")/../config.d/configure.conf ]]; then
-    source $(dirname "$0")/../config.d/*.conf
+    echo "System in configure-mode. Will use $(dirname "$0")/../config.d/configure.conf for setup."
    source $(dirname "$0")/../config.d/configure.conf
 else
    #Load default system setup file
    if [[ ! -f $(dirname "$0")/../config/setup_system.conf ]]; then
        echo "System configuration not found. Please make a copy of setup_system.conf.dist, name it setup_system.conf and check the settings in it before running."
        echo "Press any key to continue" && read -n 1 -s -r && exit 1
    fi
    source $(dirname "$0")/../config/setup_system.conf
    #Parse additional client-configs
    if [[ `ls -1 $(dirname "$0")/../config.d/*.conf 2>/dev/null | wc -l ` -gt 0 ]]; then
        source $(dirname "$0")/../config.d/*.conf
    fi
 fi
 #Check if the Data- Directory is encrypted
@@ -74,7 +82,8 @@ get_nc_token() {
      return 1 # Token for Superuser makes no sense and cannot work
    fi
-    if [ ${IPAVAULTUSE} == "true" ]; then
+    # If Filename is given andf encryption is turned on, than first check for encrypted Directory
    if [ ${IPAVAULTUSE} == "true" ] && [ ! -z ${DAVTOKENFILENAME} ]; then
        check_data_isecrypted
        if [ $? -ne 0 ]; then
            echo "Data Directory is not encrypted. Please mount it first."
@@ -82,7 +91,7 @@ get_nc_token() {
        fi
    fi
-    if [ ! -f ${DAVTOKENFILENAME} ]; then
+    if [ ! -f ${DAVTOKENFILENAME} ] || [ -z ${DAVTOKENFILENAME} ]; then
        echo "No token found here. Getting a new WEBDAV Token for this Device."
        echo "Please logon to your Nextcloud instance via SSO/kerberos"
@@ -102,8 +111,12 @@ get_nc_token() {
            echo -n "Poll Number ${i}..."
            POLLJSON=$( curl -s -X POST "https://${SERVERFQDN_NC}/login/v2/poll" -d "token=${REQTOKEN}" )
            if [[ "${POLLJSON}" == *"appPassword"* ]]; then
-                echo "${POLLJSON}" > ${DAVTOKENFILENAME}
+                if [ ! -z ${DAVTOKENFILENAME} ]; then
-                echo "found token. Token has been written to ${DAVTOKENFILENAME}"
+                    echo "${POLLJSON}" > ${DAVTOKENFILENAME}
                    echo "Token has been written to ${DAVTOKENFILENAME}"
                else
                    echo "Temporary token was obtained."
                fi
                pkill firefox
                break
            else
@@ -72,6 +72,24 @@ if [[ ! -z "${DISTCONFIGPATH_SRC}" ]]; then
    fi
    echo "Sucessfully synced."
    echo ""
    # Check, if we are in configure-mode and if so, remove the file and reread the now new synced configuration
    if [ -f $(dirname "$0")/../config.d/configure.conf ]; then
        #Check if configuration was obtained by sync
        if [ -f $(dirname "$0")/../config/setup_system.conf ]; then
            echo "Existing configuration found in Repository, removing configure-mode and reread the configuration."
            rm -f $(dirname "$0")/../config.d/configure.conf.bak >/dev/null
            mv $(dirname "$0")/../config.d/configure.conf $(dirname "$0")/../config.d/configure.conf.bak
            source $(dirname "$0")/../config/setup_system.conf
        else
            echo "System is in configure-mode and configuration repository was found and synced, but still not configuration was found"
            echo "checking file $(dirname "$0")/../config/setup_system.conf"
            echo ""
            echo "Please make a inital copy of config/setup_system.conf.dist to config/setup_system.conf and check all settings there."
            echo "Then rerun the logon script to sync the file to your repository."
            echo "Press any key to continue" && read -n 1 -s -r && exit 1
        fi
    fi
 fi
 #Check if Repository is defined
 if [ "${CLIENT_SOFTWARE_DST}." == "." ]; then
		`@@ -1 +0,0 @@`
			`%include ../ks_base_profiles/kde_fullsetup.cfg`