Anaconda provisioning: Many fixes, first working autoinstall

system_setup/setup_skel.sh

@@ -14,11 +14,10 @@ cd /etc
 sudo rm -f -r /etc/skel
 sudo tar -xf ${SRCFILE}
 if [ $? -eq 0 ]; then
-    echo "Sucessfully wrote skel new"
+    echo "Sucessfully wrote skel."
     sudo chown -R root:root /etc/skel
     sudo setfacl -R -m u::rwX,g::rX,o::rX /etc/skel
 else
     echo "Something went wrong, please check Output"
 fi
 cd ${EXECDIR}
-

system_setup/setup_system_full.sh

@@ -21,7 +21,7 @@
 # - Make it check for what to do each time so that it can be called every startup
 # - Make it callable from anakondas kickstart post- script to setup system at first run
 #   (kickstart post-script must be non-interactive, while first start with systemd can have a service bounf to tty for getting user-input too)
-# - Detect System Environement and make User-Logon- Setup Start after first Logon
+# - Detect System Environment and make User-Logon- Setup Start after first Logon
 #   Supported: Cinnamon, KDE
 # - Not needed: Import Firefox-Cert from IPA automatically at first run to system -> Somehow this is not needed any more, firefox will work from scratch!
 
@@ -32,26 +32,28 @@
 
 # TODO write a doc!
 
-#Load Sytem Settings
+#Load Sytem Settings - MUST BE SOURCED, otherwise Variables will not be available
 source $(dirname "$0")/setup_system.inc.sh
 
-# TODO
-# Install System settings to installed system
-# read system settings from that file
-
-##Step 1 - Install at System boot
+# Setup needed boot- service
 firstrun_prepare()
 {
 #Checking Service
+if [[ -z ${FIRSTRUN_SERVICENAME} ]]; then
+  echo "Error in Config, no Servicename found. Please check your Environment for FIRSTRUN_SERVICENAME."
+  env
+  exit 1
+fi
 FIRSTRUN_SERVICESTATUS=$( systemctl is-enabled ${FIRSTRUN_SERVICENAME} )
 echo "Current Service Status of ${FIRSTRUN_SERVICENAME} is ${FIRSTRUN_SERVICESTATUS}"
-if [ ${FIRSTRUN_SERVICESTATUS} != "enabled" ]; then
+if [ "${FIRSTRUN_SERVICESTATUS}." != "enabled." ]; then
     echo "Installing Service at ${FIRSTRUN_SCRIPTPATH}/${FIRSTRUN_SERVICENAME}"
 ( cat <<EOF | sudo tee ${FIRSTRUN_SCRIPTPATH}/${FIRSTRUN_SERVICENAME}
 [Unit]
 Description=First time setup of this PC
 After=NetworkManager-wait-online.service
-Before=sssd.service
+Before=systemd-user-sessions.service nss-user-lookup.target
+Wants=nss-user-lookup.target
 ConditionKernelCommandLine=!inst.nofirstrun
 
 [Service]
@@ -65,7 +67,7 @@ ExecStart=/bin/sh ${SCRIPTPATH}/${SCRIPTNAME} firstrun_run
 #ExecStart=-/sbin/agetty --noclear -n -l "/bin/sh ${SCRIPTPATH}/${SCRIPTNAME} firstrun_run" %I 38400
 # user interaction in tty8
 StandardInput=tty
-TTYPath=/dev/tty8
+TTYPath=/dev/tty2
 TTYReset=yes
 TTYVHangup=yes
 
@@ -88,7 +90,10 @@ firstrun_remove()
 #Do updates
 upgrade_interactive()
 {
-check_root
+if [ "$EUID" -ne 0 ]; then
+  echo "ERROR: Not running as root, cannot continue."
+  return 1
+fi
 dnf upgrade --refresh
 #Check if restart is needed
 dnf needs-restarting
@@ -109,29 +114,36 @@ fi
 }
 
 #Software needed and additional stuff
+# Moved all to syc_client_software.sh to make it more interactive
 install_sw()
 {
-check_root
-dnf install -y mc htop ipa-client thunderbird pykickstart gocryptfs mediawriter
-flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
-
-#Set default Umask 0077
-sudo cp -f /etc/login.defs /etc/login.defs_backup_${CDATEC8}_${CTIMEC6}
-( sed 's/^UMASK.*022$/UMASK\t077/' /etc/login.defs | sudo tee /etc/login.defs ) >/dev/null
+  if [ "$EUID" -ne 0 ]; then
+    echo "ERROR: Not running as root, cannot continue."
+    return 1
+  fi
+  #Set default Umask 0077
+  sudo cp -f /etc/login.defs /etc/login.defs_backup_${CDATEC8}_${CTIMEC6}
+  ( sed 's/^UMASK.*022$/UMASK\t077/' /etc/login.defs | sudo tee /etc/login.defs ) >/dev/null
+  #Append OEMDRV mount to SYSCONFIGPATH in fstab
+  echo "LABEL=OEMDRV ${SYSCONFIGPATH} btrfs noatime,nodiratime,nofail 0 0" >> /etc/fstab
 }
 
 ipa_register_host()
 {
 #Integrate this PC into Domain
-chvt 8
+chvt 2
 #Check if IPA is already Configured
 echo "Checking for existing IPA- Setup."
 if ( grep -q "${FQDN}" /etc/ipa/default.conf ); then
   echo "IPA is already installed, skipping setup."
+  chvt 1
   return 0
 fi
 echo "IPA not jet installed, doing Setup."
-check_root
+if [ "$EUID" -ne 0 ]; then
+  echo "ERROR: Not running as root, cannot continue."
+  return 1
+fi
 #Serialnr of this device
 echo "This PC is called ${FQDN} and will join Domain ${DOMAIN}"
 #Always set determined hostname - see setup_system.conf
@@ -147,22 +159,41 @@ echo -n "Please Enter your Domain- Userid: "
 read IPAUSERID
 echo -n "Please Enter your Domain- Password: "
 read -s IPAPASSWD
-INSTCMD="ipa-client-install -U --mkhomedir --force-join --no-ntp --principal=${IPAUSERID} --domain=${DOMAIN} --server=${SERVERFQDN_IPA} --hostname=${FQDN} -w ${IPAPASSWD}"
-echo ${INSTCMD}
+echo ""
+INSTCMD="ipa-client-install -U --mkhomedir --force-join --no-ntp --principal=${IPAUSERID} --domain=${DOMAIN} --server=${SERVERFQDN_IPA} -w ${IPAPASSWD}"
+echo "${INSTCMD/${IPAPASSWD}/*PASSWD*}"
 ${INSTCMD}
 if [ $? -ne 0 ]; then
     echo "Some Error. Please check what went wrong and redo."
     return 1
 fi
-echo "The PC was integrated into the Domain. You should now be able to Logon with tha User. If not, restart SSSD- Service and check the Logs."
+echo "The PC was integrated into the Domain. You should now be able to Logon with tha User. If not, check the Logs at /var/sssd."
 echo ""
 echo "ADVISE: for the First Logon, you may use Console (Using e.g. CONTROL+ALT+F3) - as maybe you will be prompted for Changing your Password there"
 echo "which may not work on graphical logon. After that works, use CONTROL+ALT+F2 (or F7) to get back to the graphical logon."
 echo ""
 read -n 1 -s -r -p "Press any key to continue."
+chvt 1
 echo ""
 }
 
+prepare_skel()
+{
+if [ "$EUID" -ne 0 ]; then
+  echo "ERROR: Not running as root, cannot continue."
+  return 1
+fi
+#Copy and extrakt Skel-Archive
+#Include: Autostart for Getting WEB-DAV-Token if not there
+#+An empty Firefox Profile - already integrated into domain with one single Startup-Page: Get Token
+# https://nextcloud.obel1x.de/settings/user/security
+#
+#File was created with from Draft-Folder and then transferred to NC
+#tar -I 'zstd -9' -cf system_setup.tar.zst ~/system_setup
+#
+./setup_skel.sh
+}
+
 test_tty()
 {
   #Use TTY3 and show it
@@ -175,23 +206,10 @@ test_tty()
   echo "========== END ========"
 }
 
-prepare_skel()
-{
-check_root
-#Copy and extrakt Skel-Archive
-#Include: Autostart for Getting WEB-DAV-Token if not there
-#+An empty Firefox Profile - already integrated into domain with one single Startup-Page: Get Token
-# https://nextcloud.obel1x.de/settings/user/security
-#
-#File was created with from Draft-Folder and then transferred to NC
-#tar -I 'zstd -9' -cf system_setup.tar.zst ~/system_setup
-#
-./setup_skel.sh
-}
-
 ### MAIN
 case $1 in
   'install')
+    # Executed after base installation (anaconda post script)
     echo "Mode: Install"
     install_sw
     prepare_skel
@@ -204,7 +222,6 @@ case $1 in
     firstrun_remove
   ;;
   'firstrun_run')
-#    test_tty
     ipa_register_host
     echo "========== END FIRSTRUN-SERVICE ========"
   ;;

system_setup/sync_client_software.sh

@@ -37,6 +37,7 @@ mkdir -p ${TEMPDIR}
 
 #Install or update Nextcloud com.nextcloud.desktopclient.nextcloud
 echo "Update or install Nextcloud client"
+/usr/bin/flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
 /usr/bin/flatpak install -y --or-update --noninteractive flathub com.nextcloud.desktopclient.nextcloud && echo "Done Update/Install of Nextcloud."
 
 #Sync Files