diff --git a/system_setup/create_nc_package_from_sys_config.sh b/system_setup/create_nc_package_from_sys_config.sh index f62ab63..ea37c6b 100755 --- a/system_setup/create_nc_package_from_sys_config.sh +++ b/system_setup/create_nc_package_from_sys_config.sh @@ -1,5 +1,5 @@ #!/bin/sh -source ./setup_system.conf +source $(dirname "$0")/setup_system.inc.sh mkdir -p ${HOME}/temp cd ${SYSCONFIGPATH} tar --exclude='.*' -I 'zstd -9' -cf ${HOME}/temp/sys_config.tar.zst ${SYSCONFIGPATH} diff --git a/system_setup/logon_script.sh b/system_setup/logon_script.sh index 81fe5df..a7051f9 100755 --- a/system_setup/logon_script.sh +++ b/system_setup/logon_script.sh @@ -4,8 +4,7 @@ # # User logon script for KDE Environement # -source ./setup_system.conf -source ./setup_system.inc.sh +source $(dirname "$0")/setup_system.inc.sh elog_init "User Logon Script" elog_add "==================" @@ -50,11 +49,7 @@ fi get_nc_token elog_add "Successfully obtained Token for User ${DAVTOKEN_USER}" -#SYNC Firefox + Thunderbird Profile -./mozilla_starter.sh firefox sync && ./mozilla_starter.sh thunderbird sync -elog_add "Successfully synced Mozilla profiles (log in another file)." - -#Install additional Software +#Install Software elog_add "===" elog_add "Update and install client Software" # Without sudoers-rule for run without asking for password, it won't run and quit complaining about not askpass utilities found @@ -72,6 +67,10 @@ if [[ $INST_RET -ne 0 ]]; then fi fi +#SYNC Firefox + Thunderbird Profile +./mozilla_starter.sh firefox sync && ./mozilla_starter.sh thunderbird sync +elog_add "Successfully synced Mozilla profiles (log in another file)." + elog_add "Sucessfully run logon script (Wait 3 seconds)" sleep 3 diff --git a/system_setup/mount_ecrypt_home.sh b/system_setup/mount_ecrypt_home.sh index 7d05ec7..422a67d 100755 --- a/system_setup/mount_ecrypt_home.sh +++ b/system_setup/mount_ecrypt_home.sh @@ -7,7 +7,7 @@ # If no IPA-Server is available (e.g. if no internet is available) it will Prompt the User to Enter the Key manually. ATTENTION: The Key MUST NOT BE STORED plaintext on this PC, this would be very insecure! # If no encryption has been setup so far, it will create a new wallet and Store the Encryption to the IPA Vault. -source ./setup_system.conf +source $(dirname "$0")/setup_system.inc.sh EXECDIR=$(pwd) #Check if Directory is alread mounted diff --git a/system_setup/mount_nocrypt_home.sh b/system_setup/mount_nocrypt_home.sh index 906ee73..46be30f 100755 --- a/system_setup/mount_nocrypt_home.sh +++ b/system_setup/mount_nocrypt_home.sh @@ -6,7 +6,7 @@ # I created an Issue for that: https://github.com/dogtagpki/pki/issues/5242 # So we will skip encryption completely! -source ./setup_system.conf +source $(dirname "$0")/setup_system.inc.sh EXECDIR=$(pwd) #Check if Directory is alread mounted diff --git a/system_setup/mozilla_starter.sh b/system_setup/mozilla_starter.sh index 645e4e5..01a3565 100755 --- a/system_setup/mozilla_starter.sh +++ b/system_setup/mozilla_starter.sh @@ -3,8 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0-or-later # # Usage -source ./setup_system.conf -source ./setup_system.inc.sh +source $(dirname "$0")/setup_system.inc.sh #Lokal Vars LOGFILE="${TEMPDIR}/${SCRIPTNAME}.log" diff --git a/system_setup/pack_skel.sh b/system_setup/pack_skel.sh index 314c0aa..2bc1598 100755 --- a/system_setup/pack_skel.sh +++ b/system_setup/pack_skel.sh @@ -1,5 +1,5 @@ #!/bin/bash -source ./setup_system.conf +source $(dirname "$0")/setup_system.inc.sh mv skel.tar.zst backup_skel.tar.zst if [ $? -eq 0 ]; then echo "Old Archive renamed to backup_skel.tar.zst" @@ -19,4 +19,4 @@ rm backup_skel.tar.zst echo "Old Archive deleted" # TODO # - up file to NC - is only possible, when setup already has the webdav-token created -# +# diff --git a/system_setup/setup_skel.sh b/system_setup/setup_skel.sh index 62c82f0..9068952 100755 --- a/system_setup/setup_skel.sh +++ b/system_setup/setup_skel.sh @@ -1,9 +1,15 @@ #!/bin/sh # Replaces /etc/skel with the contents of skel.tar.zst -source ./setup_system.conf +source $(dirname "$0")/setup_system.inc.sh EXECDIR=$(pwd) SRCFILE="${SYSCONFIGPATH}/system_setup/skel.tar.zst" +#Check for root +if [ "$EUID" -ne 0 ]; then + echo "Error: Script requires root privileges." + exit 1 +fi + cd /etc sudo rm -f -r /etc/skel sudo tar -xf ${SRCFILE} diff --git a/system_setup/setup_system.inc b/system_setup/setup_system.inc deleted file mode 100644 index 97df29d..0000000 --- a/system_setup/setup_system.inc +++ /dev/null @@ -1,111 +0,0 @@ -# Includes for System Setup -# -# SPDX-FileCopyrightText: Daniel Pätzold -# SPDX-License-Identifier: AGPL-3.0-or-later -# - -#Check if we are root -check_root() -{ - if [ "$EUID" -ne 0 ] - then echo "Please run as root" - return 1 - fi - return 0 -} - -#Check if the Data- Directory is encrypted -check_data_isecrypted() { - CHECKRES=$( cat /etc/mtab | grep "${DECRYPTEDDATADIR}" | grep "fuse.gocryptfs" ) - if [ "${CHECKRES}." == "." ]; then - return 1 # Error: Directory is not mounted - else - return 0 # Directory is mounted - fi -} - -# Will set variable DAVTOKEN_USER and DAVTOKEN_PASS to the stored value or get a new one -get_nc_token() { - DAVTOKEN_USER="" - DAVTOKEN_PASS="" - - if [ ${IPAVAULTUSE} == "true" ]; then - check_data_isecrypted - if [ $? -ne 0 ]; then - echo "Data Directory is not encrypted. Please mount it first." - return 1 - fi - fi - - if [ ! -f ${DAVTOKENFILENAME} ]; then - # Directory is ok, but no Tokenfile was found, need to generate a new one - REQJSON=$( curl -s -A "WEBDAV:${HOSTNM}" -X POST "https://${SERVERFQDN_NC}/index.php/login/v2" ) - # echo "JSON is:" - # echo "${REQJSON}" - - REQTOKEN=$( echo "${REQJSON}" | grep -oP '(?<="token":")[^"]+(?=")' ) - REQURL=$( echo "${REQJSON}" | grep -oP '(?<="login":")[^"]+(?=")' ) - /usr/bin/firefox "${REQURL}" & - - for i in {1..200} - do - echo "Waiting 6 seconds" - sleep 6 - echo -n "Poll Number ${i}..." - POLLJSON=$( curl -s -X POST "https://${SERVERFQDN_NC}/login/v2/poll" -d "token=${REQTOKEN}" ) - if [[ "${POLLJSON}" == *"appPassword"* ]]; then - echo "${POLLJSON}" > ${DAVTOKENFILENAME} - echo "found token. Token has been written to ${DAVTOKENFILENAME}" - break - else - echo "failed" - fi - done - else - # Tokenfile found, reading it - POLLJSON=$( cat ${DAVTOKENFILENAME} ) - fi - DAVTOKEN_USER=$( echo "${POLLJSON}" | grep -oP '(?<="loginName":")[^"]+(?=")' ) - DAVTOKEN_PASS=$( echo "${POLLJSON}" | grep -oP '(?<="appPassword":")[^"]+(?=")' ) -} - -# Custom `select` implementation that allows *empty* input. -# Pass the choices as individual arguments. -# Output is the chosen item, or "", if the user just pressed ENTER. -# Example: -# choice=$(selectWithDefault 'one' 'two' 'three') -selectWithDefault() { - - local item i=0 numItems=$# - - # Print numbered menu items, based on the arguments passed. - for item; do # Short for: for item in "$@"; do - printf '%s\n' "$((++i))) $item" - done >&2 # Print to stderr, as `select` does. - - # Prompt the user for the index of the desired item. - while :; do - printf %s "${PS3-#? }" >&2 # Print the prompt string to stderr, as `select` does. - read -r index - # Make sure that the input is either empty or that a valid index was entered. - [[ -z $index ]] && break # empty input - (( index >= 1 && index <= numItems )) 2>/dev/null || { echo "Invalid selection. Please try again." >&2; continue; } - break - done - - # Output the selected item, if any. - [[ -n $index ]] && printf %s "${@: index:1}" - -} -selectExample() { -# Print the prompt message and call the custom select function. -echo "Include audits (default is 'Nope')?" -optionsAudits=('Yep' 'Nope') -opt=$(selectWithDefault "${optionsAudits[@]}") - -# Process the selected item. -case $opt in -'Yep') includeAudits=true; ;; -''|'Nope') includeAudits=false; ;; # $opt is '' if the user just pressed ENTER -esac -} diff --git a/system_setup/setup_system.inc.sh b/system_setup/setup_system.inc.sh index f4fe7d5..905e81b 100644 --- a/system_setup/setup_system.inc.sh +++ b/system_setup/setup_system.inc.sh @@ -14,6 +14,7 @@ # fi # return 0 #} +source $(dirname "$0")/setup_system.conf #Check if the Data- Directory is encrypted check_data_isecrypted() { diff --git a/system_setup/setup_system_full.sh b/system_setup/setup_system_full.sh index 6d4edc7..3eb9403 100755 --- a/system_setup/setup_system_full.sh +++ b/system_setup/setup_system_full.sh @@ -33,8 +33,8 @@ # TODO write a doc! #Load Sytem Settings -source $(dirname "$0")/setup_system.conf source $(dirname "$0")/setup_system.inc.sh + # TODO # Install System settings to installed system # read system settings from that file @@ -114,7 +114,6 @@ install_sw() check_root yum install -y mc htop ipa-client thunderbird pip npm pykickstart gocryptfs mediawriter flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo -flatpak install -y --reinstall flathub com.nextcloud.desktopclient.nextcloud #Set default Umask 0077 sudo cp -f /etc/login.defs /etc/login.defs_backup_${CDATEC8}_${CTIMEC6} diff --git a/system_setup/sync_client_software.sh b/system_setup/sync_client_software.sh index 1187bd6..736e9e5 100755 --- a/system_setup/sync_client_software.sh +++ b/system_setup/sync_client_software.sh @@ -4,8 +4,7 @@ # # Central sofwareinstallation script. Should be called from logon-script via sudo and prereserved env # -source ./setup_system.conf -source ./setup_system.inc.sh +source $(dirname "$0")/setup_system.inc.sh #Check for root if [ "$EUID" -ne 0 ]; then @@ -38,6 +37,10 @@ LOGFILE="${TEMPDIR}/${SCRIPTNAME}.log" echo "Logging to File ${LOGFILE}" mkdir -p ${TEMPDIR} +#Install or update Nextcloud com.nextcloud.desktopclient.nextcloud +echo "Update or install Nextcloud client" +/usr/bin/flatpak install -y --or-update --noninteractive flathub com.nextcloud.desktopclient.nextcloud && echo "Done Update/Install of Nextcloud." + #Sync Files SYNCCMD="sudo -i /usr/bin/flatpak run --branch=stable --arch=x86_64 --command=nextcloudcmd com.nextcloud.desktopclient.nextcloud -h -u ${DAVTOKEN_USER} -p ${DAVTOKEN_PASS} --path ${CLIENT_SOFTWARE_SRC} ${CLIENT_SOFTWARE_DST} https://${SERVERFQDN_NC}" SYNCCMD_HIDDENPW=$( echo "${SYNCCMD/${DAVTOKEN_PASS}/***HIDDEN***}" )