obel1x/fedora-OEMDRV
0
0
Fork 1
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3e78a77623381451581ea5f57acb2aa81546c205
fedora-OEMDRV/configure.md
T
Daniel unbrot Pätzold 94e857f340 configure.sh: allow root and non-root execution 
- install.sh: pre-create ks.cfg with o+w after permission setup so
  non-root users can overwrite it (OEMDRV root itself stays o=rX)
- install.sh: restore su drop to $SUDO_USER when it is set and not
  root; fall back to direct root execution otherwise
- configure.sh: remove the hard root check so both cases work
- configure.md: update docs to reflect root/non-root support

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-03 13:43:09 +02:00

2.2 KiB
Raw Blame History

configure.sh — First-time setup wizard

Run system_setup/configure.sh on the machine that has the OEMDRV partition mounted. It guides you through all site-specific settings, tests the configuration, and leaves the system ready for a Fedora installation. Can be run as root or as a normal user — install.sh pre-creates ks.cfg at the OEMDRV root with world-write permission so both cases work.

bash /opt/sys_config/system_setup/configure.sh

What it does

  1. Edits configuration values — prompts for each setting below. Press Enter to keep the shown default, or type a new value. Derived values (e.g. SERVERFQDN_IPA) are updated immediately when you change TLDOMAIN, so subsequent prompts always reflect your latest input.

    Variable Description
    TLDOMAIN Top-level domain of your infrastructure (e.g. company.tld)
    SERVERFQDN_IPA FQDN of the FreeIPA server (default: ipa.<TLDOMAIN>)
    SERVERFQDN_NC FQDN of the Nextcloud server (default: nextcloud.<TLDOMAIN>)
    CLIENTADMINGROUP IPA group that receives sudo rights on clients
    DECRYPTEDDATADIR Mount point for the decrypted user data directory
    ENCRYPTEDDATADIR Path of the gocryptfs-encrypted data directory
    IPAVAULTUSE true to use IPA KRA vault for the encryption key, false to disable encryption
    IPAVAULTNAME Name of the IPA vault entry (default: CLIENT_FILEENCRYPTION_<hostname>)

  2. Confirms the FQDN — shows the computed FQDN (<hostname>.clients.<TLDOMAIN>) and lets you override the hostname part if needed.

  3. Tests the encrypted home mount — runs mount_ecrypt_home.sh. On failure you can restart the wizard or quit.

  4. Obtains a Nextcloud WebDAV token — calls get_nc_token, which opens Firefox for login. Verifies that the returned token belongs to the current user. You can retry or quit on failure.

  5. On success, the written config file config.d/configure.conf is picked up automatically by all other scripts instead of config/setup_system.conf.

After the wizard completes

Boot the target machine from the Fedora USB installer. Anaconda detects the OEMDRV partition and runs the Kickstart automatically.

Reference in New Issue View Git Blame Copy Permalink