forked from obel1x/fedora-OEMDRV
260 lines
8.2 KiB
Bash
Executable File
260 lines
8.2 KiB
Bash
Executable File
#!/usr/bin/env sh
|
|
# SPDX-FileCopyrightText: Daniel Pätzold
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
#
|
|
# This Script has some functions:
|
|
#
|
|
# A. First setup of PC
|
|
# Shall run after install of some new Fedora- installation -> in %post Section of Kickstart
|
|
# Attention: Kickstart-Installations ARE NON INTERACTIVE !
|
|
# When this script is executed without knowledge, it can destroy your Installation !
|
|
|
|
# Basic concepts:
|
|
# First, you need some other tool, to make a new PC include the OEM- Partition on your drive (refer to the Docs)
|
|
# The you can run a Installation of Fedora using the Everything Netinstaller or Server DVD- ISO written to USB
|
|
# The Kickstart will setup your PC, while clearing unused Partitions will be handled by pre- Section of Kickstart
|
|
# In the post-section this script will be called, to setup your PC and to have the pc getting you in the Domain on first boot
|
|
# At the first logon, the script is called by your Window- Manager again to fully setup your profile
|
|
|
|
# TODO
|
|
# - Make it ask for all needed Parameters and store them to the System if needed
|
|
# - Make it check for what to do each time so that it can be called every startup
|
|
# - Make it callable from anakondas kickstart post- script to setup system at first run
|
|
# (kickstart post-script must be non-interactive, while first start with systemd can have a service bounf to tty for getting user-input too)
|
|
# - Detect System Environment and make User-Logon- Setup Start after first Logon
|
|
# Supported: Cinnamon, KDE
|
|
# - Not needed: Import Firefox-Cert from IPA automatically at first run to system -> Somehow this is not needed any more, firefox will work from scratch!
|
|
|
|
# TODO Additionally
|
|
# Build a bootstick with kickstarter-configuration
|
|
# Needs the SHARE_ID where to get the installarchive from Nextcloud
|
|
# when creating the Stick
|
|
|
|
# TODO write a doc!
|
|
|
|
#Load Sytem Settings - MUST BE SOURCED, otherwise Variables will not be available
|
|
source $(dirname "$0")/setup_system.inc.sh
|
|
|
|
# Setup needed boot- service
|
|
firstrun_prepare()
|
|
{
|
|
#Checking Service
|
|
if [[ -z ${FIRSTRUN_SERVICENAME} ]]; then
|
|
echo "Error in Config, no Servicename found. Please check your Environment for FIRSTRUN_SERVICENAME."
|
|
env
|
|
exit 1
|
|
fi
|
|
FIRSTRUN_SERVICESTATUS=$( systemctl is-enabled ${FIRSTRUN_SERVICENAME} )
|
|
echo "Current Service Status of ${FIRSTRUN_SERVICENAME} is ${FIRSTRUN_SERVICESTATUS}"
|
|
if [ "${FIRSTRUN_SERVICESTATUS}." != "enabled." ]; then
|
|
echo "Installing Service at ${FIRSTRUN_SCRIPTPATH}/${FIRSTRUN_SERVICENAME}"
|
|
( cat <<EOF | sudo tee ${FIRSTRUN_SCRIPTPATH}/${FIRSTRUN_SERVICENAME}
|
|
[Unit]
|
|
Description=First time setup of this PC
|
|
After=NetworkManager-wait-online.service
|
|
Before=systemd-user-sessions.service nss-user-lookup.target
|
|
Wants=nss-user-lookup.target
|
|
ConditionKernelCommandLine=!inst.nofirstrun
|
|
|
|
[Service]
|
|
User=root
|
|
Group=root
|
|
Type=oneshot
|
|
# RemainAfterExit=yes
|
|
StandardOutput=tty
|
|
#Setup_System Path
|
|
ExecStart=/bin/sh ${SCRIPTPATH}/${SCRIPTNAME} firstrun_run
|
|
#ExecStart=-/sbin/agetty --noclear -n -l "/bin/sh ${SCRIPTPATH}/${SCRIPTNAME} firstrun_run" %I 38400
|
|
# user interaction in tty8
|
|
StandardInput=tty
|
|
TTYPath=/dev/tty8
|
|
TTYReset=yes
|
|
TTYVHangup=yes
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
) >/dev/null
|
|
sudo chmod go+r ${FIRSTRUN_SCRIPTPATH}/${FIRSTRUN_SERVICENAME}
|
|
echo "Activating Service"
|
|
sudo systemctl daemon-reload
|
|
sudo systemctl enable ${FIRSTRUN_SERVICENAME}
|
|
fi
|
|
}
|
|
|
|
firstrun_remove()
|
|
{
|
|
sudo systemctl disable ${FIRSTRUN_SERVICENAME} && sudo rm ${FIRSTRUN_SCRIPTPATH}/${FIRSTRUN_SERVICENAME}
|
|
}
|
|
|
|
#Do updates
|
|
upgrade_interactive()
|
|
{
|
|
if [ "$EUID" -ne 0 ]; then
|
|
echo "ERROR: Not running as root, cannot continue."
|
|
return 1
|
|
fi
|
|
dnf upgrade --refresh
|
|
#Check if restart is needed
|
|
dnf needs-restarting
|
|
if [ $? -eq 0 ]; then
|
|
echo "No Restart required."
|
|
else
|
|
echo "Restart is required, please do so now and rerun this script after reboot."
|
|
read -n 1 -s -r -p "If you do not want to restart, please hit CTRL+C now. Any other key to continue."
|
|
echo
|
|
# echo "If you do not want to restart, please hit CTRL+C in the next 10 seconds"
|
|
# for i in {10..01}
|
|
# do
|
|
# echo -ne "\r$i"
|
|
# sleep 1
|
|
# done
|
|
shutdown -r now
|
|
fi
|
|
}
|
|
|
|
#Software needed and additional stuff
|
|
# Moved all to syc_client_software.sh to make it more interactive
|
|
install_sw()
|
|
{
|
|
if [ "$EUID" -ne 0 ]; then
|
|
echo "ERROR: Not running as root, cannot continue."
|
|
return 1
|
|
fi
|
|
|
|
#Set default Umask 0077
|
|
sudo cp -f /etc/login.defs /etc/login.defs_backup_${CDATEC8}_${CTIMEC6}
|
|
( sed 's/^UMASK.*022$/UMASK\t077/' /etc/login.defs | sudo tee /etc/login.defs ) >/dev/null
|
|
|
|
#Append OEMDRV mount to SYSCONFIGPATH in fstab
|
|
echo "LABEL=OEMDRV ${SYSCONFIGPATH} btrfs noatime,nodiratime,nofail 0 0" >> /etc/fstab
|
|
|
|
#Make KDE single click
|
|
echo -e "[KDE]\nSingleClick=true" | tee -a /etc/xdg/kdeglobals
|
|
|
|
#Make encryption accessible for root
|
|
echo "user_allow_other" >>/etc/fuse.conf
|
|
|
|
#Set openh264 enabled
|
|
dnf config-manager setopt fedora-cisco-openh264.enabled=1
|
|
|
|
# Set default runlevel to graphical logon
|
|
systemctl set-default graphical.target
|
|
}
|
|
|
|
ipa_register_host()
|
|
{
|
|
#Integrate this PC into Domain
|
|
chvt 8
|
|
#Check if IPA is already Configured
|
|
echo "Checking for existing IPA- Setup."
|
|
if ( grep -q "${FQDN}" /etc/ipa/default.conf ); then
|
|
echo "IPA is already installed, skipping setup."
|
|
chvt 1
|
|
return 0
|
|
fi
|
|
echo "IPA not jet installed, doing Setup."
|
|
if [ "$EUID" -ne 0 ]; then
|
|
echo "ERROR: Not running as root, cannot continue."
|
|
return 1
|
|
fi
|
|
#Serialnr of this device
|
|
echo "This PC is called ${FQDN} and will join Domain ${DOMAIN}"
|
|
#Always set determined hostname - see setup_system.conf
|
|
hostnamectl set-hostname ${HOSTNM}
|
|
#Check, if hostname is resolvable to this host - if not, add entry to /etc/hosts
|
|
if ! grep -q ${FQDN} "/etc/hosts"; then
|
|
echo "Adding Host ${FQDN} to /etc/hosts"
|
|
echo "">>"/etc/hosts"
|
|
echo "127.0.0.1 ${FQDN} ${HOSTNM}">>"/etc/hosts"
|
|
fi
|
|
echo
|
|
echo -n "Please Enter your Domain- Userid: "
|
|
read IPAUSERID
|
|
echo -n "Please Enter your Domain- Password: "
|
|
read -s IPAPASSWD
|
|
echo ""
|
|
INSTCMD="ipa-client-install -U --mkhomedir --force-join --no-ntp --principal=${IPAUSERID} --domain=${DOMAIN} --server=${SERVERFQDN_IPA} -w ${IPAPASSWD}"
|
|
echo "${INSTCMD/${IPAPASSWD}/*PASSWD*}"
|
|
${INSTCMD}
|
|
if [ $? -ne 0 ]; then
|
|
echo "Some Error. Please check what went wrong and redo."
|
|
return 1
|
|
fi
|
|
echo "The PC was integrated into the Domain. You should now be able to Logon with tha User. If not, check the Logs at /var/sssd."
|
|
echo ""
|
|
echo "ADVISE: for the First Logon, you may use Console (Using e.g. CONTROL+ALT+F3) - as maybe you will be prompted for Changing your Password there"
|
|
echo "which may not work on graphical logon. After that works, use CONTROL+ALT+F2 (or F7) to get back to the graphical logon."
|
|
echo ""
|
|
read -n 1 -s -r -p "Press any key to continue."
|
|
chvt 1
|
|
echo ""
|
|
}
|
|
|
|
prepare_skel()
|
|
{
|
|
if [ "$EUID" -ne 0 ]; then
|
|
echo "ERROR: Not running as root, cannot continue."
|
|
return 1
|
|
fi
|
|
#Copy and extrakt Skel-Archive
|
|
#Include: Autostart for Getting WEB-DAV-Token if not there
|
|
#+An empty Firefox Profile - already integrated into domain with one single Startup-Page: Get Token
|
|
# https://nextcloud.obel1x.de/settings/user/security
|
|
#
|
|
#File was created with from Draft-Folder and then transferred to NC
|
|
#tar -I 'zstd -9' -cf system_setup.tar.zst ~/system_setup
|
|
#
|
|
$(dirname "$0")/setup_skel.sh
|
|
}
|
|
|
|
test_tty()
|
|
{
|
|
#Use TTY3 and show it
|
|
chvt 8
|
|
whoami
|
|
read -r -p "This is a Test. Please enter some String: " SOMESTRING
|
|
echo "The String was ${SOMESTRING}"
|
|
read -n 1 -s -r -p "Press any key to continue"
|
|
echo ""
|
|
echo "========== END ========"
|
|
}
|
|
|
|
### MAIN
|
|
case $1 in
|
|
'install')
|
|
# Executed after base installation (anaconda post script)
|
|
echo "Mode: Install"
|
|
install_sw
|
|
prepare_skel
|
|
firstrun_prepare
|
|
;;
|
|
'firstrun_prepare')
|
|
firstrun_prepare
|
|
;;
|
|
'firstrun_remove')
|
|
firstrun_remove
|
|
;;
|
|
'firstrun_run')
|
|
ipa_register_host
|
|
echo "========== END FIRSTRUN-SERVICE ========"
|
|
;;
|
|
'logon')
|
|
upgrade
|
|
;;
|
|
# ''|'something) botherpossible=true; ;;
|
|
*)
|
|
echo "Wrong first Parameter. Choose from: install,logon,firstrun_prepare,firstrun_remove,firstrun_run"
|
|
echo "PLEASE DON'T USE THIS SCRIPT WITHOUT YOU KNOW WHAT YOU ARE DOING!"
|
|
echo
|
|
echo "ATTENTION: THIS SCRIPT MAY RENDER YOUR PC USELESS WITHOUT ASKING IF USED WRONG !!!"
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
#End
|
|
exit 0
|
|
|
|
#temp
|
|
read -n 1 -s -r -p "Press any key to continue"
|