#!/usr/bin/env sh # SPDX-FileCopyrightText: Daniel Pätzold # SPDX-License-Identifier: AGPL-3.0-or-later # # This Script has some functions: # # A. First setup of PC # Shall run after install of some new Fedora- installation -> in %post Section of Kickstart # Attention: Kickstart-Installations ARE NON INTERACTIVE ! # When this script is executed without knowledge, it can destroy your Installation ! # Basic concepts: # First, you need some other tool, to make a new PC include the OEM- Partition on your drive (refer to the Docs) # The you can run a Installation of Fedora using the Everything Netinstaller or Server DVD- ISO written to USB # The Kickstart will setup your PC, while clearing unused Partitions will be handled by pre- Section of Kickstart # In the post-section this script will be called, to setup your PC and to have the pc getting you in the Domain on first boot # At the first logon, the script is called by your Window- Manager again to fully setup your profile # TODO # - Make it ask for all needed Parameters and store them to the System if needed # - Make it check for what to do each time so that it can be called every startup # - Make it callable from anakondas kickstart post- script to setup system at first run # (kickstart post-script must be non-interactive, while first start with systemd can have a service bounf to tty for getting user-input too) # - Detect System Environment and make User-Logon- Setup Start after first Logon # Supported: Cinnamon, KDE # - Not needed: Import Firefox-Cert from IPA automatically at first run to system -> Somehow this is not needed any more, firefox will work from scratch! # TODO Additionally # Build a bootstick with kickstarter-configuration # Needs the SHARE_ID where to get the installarchive from Nextcloud # when creating the Stick # TODO write a doc! #Load Sytem Settings - MUST BE SOURCED, otherwise Variables will not be available source $(dirname "$0")/setup_system.inc.sh # Setup needed boot- service firstrun_prepare() { #Checking Service if [[ -z ${FIRSTRUN_SERVICENAME} ]]; then echo "Error in Config, no Servicename found. Please check your Environment for FIRSTRUN_SERVICENAME." env exit 1 fi FIRSTRUN_SERVICESTATUS=$( systemctl is-enabled ${FIRSTRUN_SERVICENAME} ) echo "Current Service Status of ${FIRSTRUN_SERVICENAME} is ${FIRSTRUN_SERVICESTATUS}" if [ "${FIRSTRUN_SERVICESTATUS}." != "enabled." ]; then echo "Installing Service at ${FIRSTRUN_SCRIPTPATH}/${FIRSTRUN_SERVICENAME}" ( cat </dev/null sudo chmod go+r ${FIRSTRUN_SCRIPTPATH}/${FIRSTRUN_SERVICENAME} echo "Activating Service" sudo systemctl daemon-reload sudo systemctl enable ${FIRSTRUN_SERVICENAME} fi } firstrun_remove() { sudo systemctl disable ${FIRSTRUN_SERVICENAME} && sudo rm ${FIRSTRUN_SCRIPTPATH}/${FIRSTRUN_SERVICENAME} } #Do updates upgrade_interactive() { if [ "$EUID" -ne 0 ]; then echo "ERROR: Not running as root, cannot continue." return 1 fi dnf upgrade --refresh #Check if restart is needed dnf needs-restarting if [ $? -eq 0 ]; then echo "No Restart required." else echo "Restart is required, please do so now and rerun this script after reboot." read -n 1 -s -r -p "If you do not want to restart, please hit CTRL+C now. Any other key to continue." echo # echo "If you do not want to restart, please hit CTRL+C in the next 10 seconds" # for i in {10..01} # do # echo -ne "\r$i" # sleep 1 # done shutdown -r now fi } #Software needed and additional stuff # Moved all to syc_client_software.sh to make it more interactive install_sw() { if [ "$EUID" -ne 0 ]; then echo "ERROR: Not running as root, cannot continue." return 1 fi #Set default Umask 0077 sudo cp -f /etc/login.defs /etc/login.defs_backup_${CDATEC8}_${CTIMEC6} ( sed 's/^UMASK.*022$/UMASK\t077/' /etc/login.defs | sudo tee /etc/login.defs ) >/dev/null #Append OEMDRV mount to SYSCONFIGPATH in fstab echo "LABEL=OEMDRV ${SYSCONFIGPATH} btrfs noatime,nodiratime,nofail 0 0" >> /etc/fstab #Set openh264 enabled dnf config-manager setopt fedora-cisco-openh264.enabled=1 # Set default runlevel to graphical logon systemctl set-default graphical.target } ipa_register_host() { #Integrate this PC into Domain chvt 2 #Check if IPA is already Configured echo "Checking for existing IPA- Setup." if ( grep -q "${FQDN}" /etc/ipa/default.conf ); then echo "IPA is already installed, skipping setup." chvt 1 return 0 fi echo "IPA not jet installed, doing Setup." if [ "$EUID" -ne 0 ]; then echo "ERROR: Not running as root, cannot continue." return 1 fi #Serialnr of this device echo "This PC is called ${FQDN} and will join Domain ${DOMAIN}" #Always set determined hostname - see setup_system.conf hostnamectl set-hostname ${HOSTNM} #Check, if hostname is resolvable to this host - if not, add entry to /etc/hosts if ! grep -q ${FQDN} "/etc/hosts"; then echo "Adding Host ${FQDN} to /etc/hosts" echo "">>"/etc/hosts" echo "127.0.0.1 ${FQDN} ${HOSTNM}">>"/etc/hosts" fi echo echo -n "Please Enter your Domain- Userid: " read IPAUSERID echo -n "Please Enter your Domain- Password: " read -s IPAPASSWD echo "" INSTCMD="ipa-client-install -U --mkhomedir --force-join --no-ntp --principal=${IPAUSERID} --domain=${DOMAIN} --server=${SERVERFQDN_IPA} -w ${IPAPASSWD}" echo "${INSTCMD/${IPAPASSWD}/*PASSWD*}" ${INSTCMD} if [ $? -ne 0 ]; then echo "Some Error. Please check what went wrong and redo." return 1 fi echo "The PC was integrated into the Domain. You should now be able to Logon with tha User. If not, check the Logs at /var/sssd." echo "" echo "ADVISE: for the First Logon, you may use Console (Using e.g. CONTROL+ALT+F3) - as maybe you will be prompted for Changing your Password there" echo "which may not work on graphical logon. After that works, use CONTROL+ALT+F2 (or F7) to get back to the graphical logon." echo "" read -n 1 -s -r -p "Press any key to continue." chvt 1 echo "" } prepare_skel() { if [ "$EUID" -ne 0 ]; then echo "ERROR: Not running as root, cannot continue." return 1 fi #Copy and extrakt Skel-Archive #Include: Autostart for Getting WEB-DAV-Token if not there #+An empty Firefox Profile - already integrated into domain with one single Startup-Page: Get Token # https://nextcloud.obel1x.de/settings/user/security # #File was created with from Draft-Folder and then transferred to NC #tar -I 'zstd -9' -cf system_setup.tar.zst ~/system_setup # $(dirname "$0")/setup_skel.sh } test_tty() { #Use TTY3 and show it chvt 8 whoami read -r -p "This is a Test. Please enter some String: " SOMESTRING echo "The String was ${SOMESTRING}" read -n 1 -s -r -p "Press any key to continue" echo "" echo "========== END ========" } ### MAIN case $1 in 'install') # Executed after base installation (anaconda post script) echo "Mode: Install" install_sw prepare_skel firstrun_prepare ;; 'firstrun_prepare') firstrun_prepare ;; 'firstrun_remove') firstrun_remove ;; 'firstrun_run') ipa_register_host echo "========== END FIRSTRUN-SERVICE ========" ;; 'logon') upgrade ;; # ''|'something) botherpossible=true; ;; *) echo "Wrong first Parameter. Choose from: install,logon,firstrun_prepare,firstrun_remove,firstrun_run" echo "PLEASE DON'T USE THIS SCRIPT WITHOUT YOU KNOW WHAT YOU ARE DOING!" echo echo "ATTENTION: THIS SCRIPT MAY RENDER YOUR PC USELESS WITHOUT ASKING IF USED WRONG !!!" exit 1 ;; esac #End exit 0 #temp read -n 1 -s -r -p "Press any key to continue"