unbrot/fedora-OEMDRV
1
0
Fork 0
forked from obel1x/fedora-OEMDRV
Code Pull Requests Activity
Files
0dadf36230d5823acfcf8ef18e19bf4b7f885f54
fedora-OEMDRV/configure.md
T
Daniel unbrot Pätzold 94e857f340 configure.sh: allow root and non-root execution 
- install.sh: pre-create ks.cfg with o+w after permission setup so
  non-root users can overwrite it (OEMDRV root itself stays o=rX)
- install.sh: restore su drop to $SUDO_USER when it is set and not
  root; fall back to direct root execution otherwise
- configure.sh: remove the hard root check so both cases work
- configure.md: update docs to reflect root/non-root support

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-03 13:43:09 +02:00

2.2 KiB
Raw Blame History

configure.sh — First-time setup wizard

Run system_setup/configure.sh on the machine that has the OEMDRV partition mounted. It guides you through all site-specific settings, tests the configuration, and leaves the system ready for a Fedora installation. Can be run as root or as a normal user — install.sh pre-creates ks.cfg at the OEMDRV root with world-write permission so both cases work.

bash /opt/sys_config/system_setup/configure.sh

What it does

  1. Edits configuration values — prompts for each setting below. Press Enter to keep the shown default, or type a new value. Derived values (e.g. SERVERFQDN_IPA) are updated immediately when you change TLDOMAIN, so subsequent prompts always reflect your latest input.

    Variable Description
    TLDOMAIN Top-level domain of your infrastructure (e.g. company.tld)
    SERVERFQDN_IPA FQDN of the FreeIPA server (default: ipa.<TLDOMAIN>)
    SERVERFQDN_NC FQDN of the Nextcloud server (default: nextcloud.<TLDOMAIN>)
    CLIENTADMINGROUP IPA group that receives sudo rights on clients
    DECRYPTEDDATADIR Mount point for the decrypted user data directory
    ENCRYPTEDDATADIR Path of the gocryptfs-encrypted data directory
    IPAVAULTUSE true to use IPA KRA vault for the encryption key, false to disable encryption
    IPAVAULTNAME Name of the IPA vault entry (default: CLIENT_FILEENCRYPTION_<hostname>)

  2. Confirms the FQDN — shows the computed FQDN (<hostname>.clients.<TLDOMAIN>) and lets you override the hostname part if needed.

  3. Tests the encrypted home mount — runs mount_ecrypt_home.sh. On failure you can restart the wizard or quit.

  4. Obtains a Nextcloud WebDAV token — calls get_nc_token, which opens Firefox for login. Verifies that the returned token belongs to the current user. You can retry or quit on failure.

  5. On success, the written config file config.d/configure.conf is picked up automatically by all other scripts instead of config/setup_system.conf.

After the wizard completes

Boot the target machine from the Fedora USB installer. Anaconda detects the OEMDRV partition and runs the Kickstart automatically.

View Git Blame Copy Permalink