unbrot/fedora-OEMDRV
1
0
Fork 0
forked from obel1x/fedora-OEMDRV
Code Pull Requests Activity

Add configure.sh wizard and offer to run it after install

Browse Source 
- system_setup/configure.sh: interactive first-time setup wizard that
  edits config.d/configure.conf, tests the encrypted home mount, and
  obtains a Nextcloud WebDAV token
- configure.md: short usage documentation for configure.sh
- system_setup/install.sh: after cloning the repo, ask whether to run
  configure.sh immediately (as the sudo-invoking user via su)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Brot der Bot
2026-04-29 14:12:11 +02:00
parent 3eee476fc4
commit 05a47a140d
3 changed files with 219 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
configure.md
+34
View File
@@ -0,0 +1,34 @@
# configure.sh — First-time setup wizard
Run `system_setup/configure.sh` as a **normal user** (not root) on the machine that has the OEMDRV partition mounted. It guides you through all site-specific settings, tests the configuration, and leaves the system ready for a Fedora installation.
```bash
bash /opt/sys_config/system_setup/configure.sh
```
## What it does
1. **Edits configuration values** — prompts for each setting below. Press Enter to keep the shown default, or type a new value. Derived values (e.g. `SERVERFQDN_IPA`) are updated immediately when you change `TLDOMAIN`, so subsequent prompts always reflect your latest input.
| Variable | Description |
|---|---|
| `TLDOMAIN` | Top-level domain of your infrastructure (e.g. `company.tld`) |
| `SERVERFQDN_IPA` | FQDN of the FreeIPA server (default: `ipa.<TLDOMAIN>`) |
| `SERVERFQDN_NC` | FQDN of the Nextcloud server (default: `nextcloud.<TLDOMAIN>`) |
| `CLIENTADMINGROUP` | IPA group that receives sudo rights on clients |
| `DECRYPTEDDATADIR` | Mount point for the decrypted user data directory |
| `ENCRYPTEDDATADIR` | Path of the gocryptfs-encrypted data directory |
| `IPAVAULTUSE` | `true` to use IPA KRA vault for the encryption key, `false` to disable encryption |
| `IPAVAULTNAME` | Name of the IPA vault entry (default: `CLIENT_FILEENCRYPTION_<hostname>`) |
2. **Confirms the FQDN** — shows the computed `FQDN` (`<hostname>.clients.<TLDOMAIN>`) and lets you override the hostname part if needed.
3. **Tests the encrypted home mount** — runs `mount_ecrypt_home.sh`. On failure you can restart the wizard or quit.
4. **Obtains a Nextcloud WebDAV token** — calls `get_nc_token`, which opens Firefox for login. Verifies that the returned token belongs to the current user. You can retry or quit on failure.
5. On success, the written config file `config.d/configure.conf` is picked up automatically by all other scripts instead of `config/setup_system.conf`.
## After the wizard completes
Boot the target machine from the Fedora USB installer. Anaconda detects the OEMDRV partition and runs the Kickstart automatically.