alfonzso/ubuntu-autoinstaller
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

renamed scripts, added zscaler

Browse Source
This commit is contained in:
Zsolt Alföldi
2026-02-27 16:07:24 +01:00
parent ad2c34e2ac
commit 0641be36e6
6 changed files with 29 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
build-iso.sh
View File

@@ -25,8 +25,8 @@ WORK_DIR="$(mktemp -d /tmp/autoinstall-build.XXXXXX)"
OUTPUT_ISO="autoinstall-$(date +%Y%m%d-%H%M).iso" OUTPUT_ISO="autoinstall-$(date +%Y%m%d-%H%M).iso"
SOPS_FILE="secrets.sops.yaml" SOPS_FILE="secrets.sops.yaml"
TEMPLATE_DIR="templates" TEMPLATE_DIR="templates"
POST_INSTALL_SCRIPT="scripts/post-install.sh" TARGET_USER=$(yq -r .autoinstall.identity.username templates/user-data.tmpl)
TARGET_USERNAME=$(yq -e .autoinstall.identity.username templates/user-data.tmpl) export TARGET_USER
NOCLOUD_DIR="$WORK_DIR/iso/nocloud" NOCLOUD_DIR="$WORK_DIR/iso/nocloud"
mkdir -p "$NOCLOUD_DIR" mkdir -p "$NOCLOUD_DIR"
@@ -40,6 +40,12 @@ error() {
echo -e "${RED}[✗]${NC} $*" echo -e "${RED}[✗]${NC} $*"
exit 1 exit 1
} }
function envsubst_in_place() {
set -x
local _filename=$1
envsubst "\$TARGET_USER" <"$_filename" >$_filename.tmp && mv $_filename.tmp $_filename
set +x
}
while [[ $# -gt 0 ]]; do while [[ $# -gt 0 ]]; do
case $1 in case $1 in
@@ -53,6 +59,7 @@ done
cleanup() { cleanup() {
info "Cleaning up..." info "Cleaning up..."
echo "$WORK_DIR"
rm -rf "$WORK_DIR" rm -rf "$WORK_DIR"
} }
trap cleanup EXIT trap cleanup EXIT
@@ -69,6 +76,9 @@ info "Decrypting secrets and rendering template..."
sops exec-env "$SOPS_FILE" "envsubst < $TEMPLATE_DIR/user-data.tmpl > $NOCLOUD_DIR/user-data" sops exec-env "$SOPS_FILE" "envsubst < $TEMPLATE_DIR/user-data.tmpl > $NOCLOUD_DIR/user-data"
sops exec-env "$SOPS_FILE" "envsubst '\$WIFI_HOUSE_PASSWORD \$NOKIA_WIFI_KEY_PASSWORD' < $TEMPLATE_DIR/user-data-wifi.tmpl > $NOCLOUD_DIR/user-data-wifi.config" sops exec-env "$SOPS_FILE" "envsubst '\$WIFI_HOUSE_PASSWORD \$NOKIA_WIFI_KEY_PASSWORD' < $TEMPLATE_DIR/user-data-wifi.tmpl > $NOCLOUD_DIR/user-data-wifi.config"
envsubst_in_place "$NOCLOUD_DIR/user-data"
envsubst_in_place "$NOCLOUD_DIR/user-data-wifi.config"
info "Template rendered." info "Template rendered."
# ── Get Ubuntu ISO ───────────────────────────────────────────────────────────── # ── Get Ubuntu ISO ─────────────────────────────────────────────────────────────
@@ -101,11 +111,12 @@ dd if="$UBUNTU_ISO" bs=1 count=432 of="$WORK_DIR/mbr_template.bin" 2>/dev/null
# ── Inject autoinstall files ─────────────────────────────────────────────────── # ── Inject autoinstall files ───────────────────────────────────────────────────
info "Injecting autoinstall config and post-install script..." info "Injecting autoinstall config and post-install script..."
cp "$POST_INSTALL_SCRIPT" "$NOCLOUD_DIR/post-install.sh" cp deployment/* "$NOCLOUD_DIR/"
cp "scripts/wifi.sh" "$NOCLOUD_DIR/wifi.sh"
touch "$NOCLOUD_DIR/meta-data" touch "$NOCLOUD_DIR/meta-data"
cp $NOCLOUD_DIR/user-data* /tmp/ envsubst_in_place "$NOCLOUD_DIR/post-install.sh"
cp -r $NOCLOUD_DIR /tmp/
# ── Patch GRUB ──────────────────────────────────────────────────────────────── # ── Patch GRUB ────────────────────────────────────────────────────────────────
GRUB_CFG="$WORK_DIR/iso/boot/grub/grub.cfg" GRUB_CFG="$WORK_DIR/iso/boot/grub/grub.cfg"

1
scripts/post-install.sh → deployment/post-install.sh
View File

@@ -1,7 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
TARGET_USER=${TARGET_USERNAME:?must defined}
GREEN='\033[0;32m' GREEN='\033[0;32m'
YELLOW='\033[1;33m' YELLOW='\033[1;33m'
RED='\033[0;31m' RED='\033[0;31m'

0
scripts/wifi.sh → deployment/wifi.sh
View File

BIN
deployment/zscaler-client_3.7.1.71-1_amd64.deb Normal file
View File

Binary file not shown.

6
templates/user-data-wifi.tmpl
View File

@@ -19,10 +19,10 @@ network:
auth: auth:
key-management: eap key-management: eap
method: tls method: tls
identity: "host/alfoldi.ipa.nsn-net.net" identity: "host/${TARGET_USER}.ipa.nsn-net.net"
ca-certificate: /nokia/vpn/NOKIA_Root_CA.crt ca-certificate: /nokia/vpn/NOKIA_Root_CA.crt
client-certificate: /nokia/vpn/alfoldi.ipa.nsn-net.net.crt client-certificate: /nokia/vpn/${TARGET_USER}.ipa.nsn-net.net.crt
client-key: /nokia/vpn/alfoldi.ipa.nsn-net.net.key client-key: /nokia/vpn/${TARGET_USER}.ipa.nsn-net.net.key
client-key-password: "${NOKIA_WIFI_KEY_PASSWORD}" client-key-password: "${NOKIA_WIFI_KEY_PASSWORD}"
# vim: set filetype=yaml : # vim: set filetype=yaml :

20
templates/user-data.tmpl
View File

@@ -50,24 +50,24 @@ autoinstall:
write_files: write_files:
- path: /nokia/vpn/NOKIA_Root_CA.crt - path: /nokia/vpn/NOKIA_Root_CA.crt
permissions: "0600" permissions: "0600"
owner: alfoldi:alfoldi owner: ${TARGET_USER}:${TARGET_USER}
encoding: b64 encoding: b64
content: "${NOKIA_CA_CERT_B64}" content: "${NOKIA_CA_CERT_B64}"
- path: /nokia/vpn/alfoldi.ipa.nsn-net.net.crt - path: /nokia/vpn/${TARGET_USER}.ipa.nsn-net.net.crt
permissions: "0600" permissions: "0600"
owner: alfoldi:alfoldi owner: ${TARGET_USER}:${TARGET_USER}
encoding: b64 encoding: b64
content: "${NOKIA_CLIENT_CERT_B64}" content: "${NOKIA_CLIENT_CERT_B64}"
- path: /nokia/vpn/alfoldi.ipa.nsn-net.net.key - path: /nokia/vpn/${TARGET_USER}.ipa.nsn-net.net.key
permissions: "0600" permissions: "0600"
owner: alfoldi:alfoldi owner: ${TARGET_USER}:${TARGET_USER}
encoding: b64 encoding: b64
content: "${NOKIA_CLIENT_KEY_B64}" content: "${NOKIA_CLIENT_KEY_B64}"
# - path: /etc/himmelblau/himmelblau.conf # - path: /etc/himmelblau/himmelblau.conf
# owner: alfoldi:alfoldi # owner: ${TARGET_USER}:${TARGET_USER}
# content: | # content: |
# [global] # [global]
# domain = nokia.com # domain = nokia.com
@@ -78,9 +78,9 @@ autoinstall:
# # user_map_file = /etc/himmelblau/user-map # # user_map_file = /etc/himmelblau/user-map
# #
# - path: /etc/himmelblau/user-map # - path: /etc/himmelblau/user-map
# owner: alfoldi:alfoldi # owner: ${TARGET_USER}:${TARGET_USER}
# content: | # content: |
# alfoldi:zsolt.alfoldi@nokia.com # ${TARGET_USER}:zsolt.${TARGET_USER}@nokia.com
- path: /etc/ssh/sshd_config.d/99-custom.conf - path: /etc/ssh/sshd_config.d/99-custom.conf
permissions: "0644" permissions: "0644"
@@ -175,9 +175,9 @@ autoinstall:
# - mkdir -p /target/etc/himmelblau # - mkdir -p /target/etc/himmelblau
late-commands: late-commands:
# - cp /etc/resolv.conf /target/etc/resolv.conf
- bash -x /cdrom/nocloud/wifi.sh - bash -x /cdrom/nocloud/wifi.sh
- cp /cdrom/nocloud/post-install.sh /target/home/ - mkdir -p /target/home/${TARGET_USER}/nocloud
- cp /cdrom/nocloud/* /target/home/${TARGET_USER}/nocloud/
updates: all updates: all
shutdown: poweroff shutdown: poweroff