From 95fdaebe15b7156d5c7a8b47a8ee60446dc03a47 Mon Sep 17 00:00:00 2001
From: t3chn0m4g3 <m.ochse@telekom.de>
Date: Fri, 15 Jun 2018 16:24:20 +0000
Subject: [PATCH] add config file for makeiso

rework makeiso.sh / installer.sh to acommodate for the changes
---
 iso/installer/install.sh    |  51 ++++++------
 iso/installer/iso.conf.dist |  13 ++++
 makeiso.sh                  | 151 ++++++++++++++++++++++--------------
 3 files changed, 133 insertions(+), 82 deletions(-)
 create mode 100644 iso/installer/iso.conf.dist

diff --git a/iso/installer/install.sh b/iso/installer/install.sh
index 837c3487..da1ab1d1 100755
--- a/iso/installer/install.sh
+++ b/iso/installer/install.sh
@@ -9,15 +9,14 @@ export DIALOGRC=/etc/dialogrc
 cp /root/installer/dialogrc /etc/
 
 # Some global vars
-myPROXYFILEPATH="/root/installer/proxy"
-myNTPCONFPATH="/root/installer/ntp"
-myPFXPATH="/root/installer/keys/8021x.pfx"
-myPFXPWPATH="/root/installer/keys/8021x.pw"
-myPFXHOSTIDPATH="/root/installer/keys/8021x.id"
+myNTPCONFFILE="/root/installer/ntp.conf"
+myPFXFILE="/root/installer/keys/8021x.pfx"
 myTPOTCOMPOSE="/opt/tpot/etc/tpot.yml"
 myBACKTITLE="T-Pot-Installer"
 mySITES="https://index.docker.io https://github.com https://pypi.python.org https://ubuntu.com"
 myPROGRESSBOXCONF=" --backtitle "$myBACKTITLE" --progressbox 24 80"
+myCONF_FILE="/root/installer/iso.conf"
+myTPOT_CONF_FILE="/root/installer/tpot.conf"
 
 fuRANDOMWORD () {
   local myWORDFILE="$1"
@@ -32,12 +31,25 @@ sleep 3
 tput civis
 dialog --no-ok --no-cancel --backtitle "$myBACKTITLE" --title "[ Wait to avoid interference with service messages ]" --pause "" 6 80 7
 
+# Let's load the iso config file
+if [ -f $myCONF_FILE ];
+  then
+    dialog --backtitle "$myBACKTITLE" --title "[ Found personalized iso.config ]" --msgbox "\nYour personalized settings will be applied!" 7 47
+    source $myCONF_FILE
+  else
+    # dialog logic considers 1=false, 0=true
+    myCONF_PROXY_USE="1"
+    myCONF_SSH_PUBKEY_USE="1"
+    myCONF_PFX_USE="1"
+    myCONF_NTP_USE="1"
+fi
+
 # Let's setup the proxy for env
-if [ -f $myPROXYFILEPATH ];
+if [ "$myCONF_PROXY_USE" == "0" ];
 then
 dialog --title "[ Setting up the proxy ]" $myPROGRESSBOXCONF <<EOF
 EOF
-myPROXY=$(cat $myPROXYFILEPATH)
+myPROXY="http://$myCONF_PROXY_IP:$myCONF_PROXY_PORT"
 tee -a /etc/environment 2>&1>/dev/null <<EOF
 export http_proxy=$myPROXY
 export https_proxy=$myPROXY
@@ -54,7 +66,6 @@ Acquire::https::Proxy "$myPROXY";
 EOF
 
 # Let's add proxy settings to docker defaults
-myPROXY=$(cat $myPROXYFILEPATH)
 tee -a /etc/default/docker 2>&1>/dev/null <<EOF
 http_proxy=$myPROXY
 https_proxy=$myPROXY
@@ -95,7 +106,6 @@ EOF
   done;
 
 # Let's ask user for install flavor
-# Install types are TPOT, HP, INDUSTRIAL, ALL
 tput cnorm
 myFLAVOR=$(dialog --no-cancel --backtitle "$myBACKTITLE" --title "[ Choose Your T-Pot NG Edition ]" --menu \
 "\nRequired: 6GB RAM, 128GB SSD\nRecommended: 8GB RAM, 256GB SSD" 15 70 7 \
@@ -207,26 +217,19 @@ openssl req \
         -subj '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd' 2>&1 | dialog --title "[ Generating a self-signed-certificate for NGINX ]" $myPROGRESSBOXCONF;
 
 # Let's setup the ntp server
-if [ -f $myNTPCONFPATH ];
+if [ "$myCONF_NTP_USE" == "0" ];
   then
 dialog --title "[ Setting up the ntp server ]" $myPROGRESSBOXCONF <<EOF
 EOF
-    cp $myNTPCONFPATH /etc/ntp.conf 2>&1 | dialog --title "[ Setting up the ntp server ]" $myPROGRESSBOXCONF
+    cp $myNTPCONFFILE /etc/ntp.conf 2>&1 | dialog --title "[ Setting up the ntp server ]" $myPROGRESSBOXCONF
 fi
 
 # Let's setup 802.1x networking
-if [ -f $myPFXPATH ];
+if [ "myCONF_PFX_USE" == "0" ];
   then
 dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF <<EOF
 EOF
-    cp $myPFXPATH /etc/wpa_supplicant/ 2>&1 | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF
-    if [ -f $myPFXPWPATH ];
-      then
-dialog --title "[ Setting up 802.1x password ]" $myPROGRESSBOXCONF <<EOF
-EOF
-        myPFXPW=$(cat $myPFXPWPATH)
-    fi
-    myPFXHOSTID=$(cat $myPFXHOSTIDPATH)
+    cp $myPFXFILE /etc/wpa_supplicant/ 2>&1 | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF
 tee -a /etc/network/interfaces 2>&1>/dev/null <<EOF
         wpa-driver wired
         wpa-conf /etc/wpa_supplicant/wired8021x.conf
@@ -251,9 +254,9 @@ ap_scan=1
 network={
   key_mgmt=IEEE8021X
   eap=TLS
-  identity="host/$myPFXHOSTID"
+  identity="host/$myCONF_PFX_HOST_ID"
   private_key="/etc/wpa_supplicant/8021x.pfx"
-  private_key_passwd="$myPFXPW"
+  private_key_passwd="$myCONF_PFX_PW"
 }
 EOF
 
@@ -268,9 +271,9 @@ network={
   pairwise=CCMP
   group=CCMP
   eap=TLS
-  identity="host/$myPFXHOSTID"
+  identity="host/$myCONF_PFX_HOST_ID"
   private_key="/etc/wpa_supplicant/8021x.pfx"
-  private_key_passwd="$myPFXPW"
+  private_key_passwd="$myCONF_PFX_PW"
 }
 EOF
 fi
diff --git a/iso/installer/iso.conf.dist b/iso/installer/iso.conf.dist
new file mode 100644
index 00000000..133b0bbd
--- /dev/null
+++ b/iso/installer/iso.conf.dist
@@ -0,0 +1,13 @@
+# makeiso configuration file
+myCONF_PROXY_USE="0"
+myCONF_PROXY_IP="1.2.3.4"
+myCONF_PROXY_PORT="3128"
+myCONF_SSH_PUBKEY_USE="0"
+myCONF_SSH_PUBKEY_FILE="/"
+myCONF_PFX_USE="0"
+myCONF_PFX_FILE="/"
+myCONF_PFX_PW_USE="0"
+myCONF_PFX_PW="<SECRET>"
+myCONF_PFX_HOST_ID="<HOSTNAME>.<DOMAIN>"
+myCONF_NTP_USE="0"
+myCONF_NTP_IP="1.2.3.4"
diff --git a/makeiso.sh b/makeiso.sh
index f5c884e7..4def3f18 100755
--- a/makeiso.sh
+++ b/makeiso.sh
@@ -14,14 +14,13 @@ myTPOTISO="tpot.iso"
 myTPOTDIR="tpotiso"
 myTPOTSEED="iso/preseed/tpot.seed"
 myPACKAGES="dialog genisoimage syslinux syslinux-utils pv udisks2"
-myAUTHKEYSPATH="iso/installer/keys/authorized_keys"
-myPFXPATH="iso/installer/keys/8021x.pfx"
-myPFXPWPATH="iso/installer/keys/8021x.pw"
-myPFXHOSTIDPATH="iso/installer/keys/8021x.id"
+myAUTHKEYSFILE="iso/installer/keys/authorized_keys"
+myPFXFILE="iso/installer/keys/8021x.pfx"
 myINSTALLERPATH="iso/installer/install.sh"
-myPROXYCONFIG="iso/installer/proxy"
-myNTPCONFPATH="iso/installer/ntp"
+myNTPCONFFILE="iso/installer/ntp.conf"
 myTMP="tmp"
+myCONF_FILE="iso/installer/iso.conf"
+myCONF_DEFAULT_FILE="iso/installer/iso.conf.dist"
 
 # Got root?
 myWHOAMI=$(whoami)
@@ -32,13 +31,32 @@ if [ "$myWHOAMI" != "root" ]
     exit
 fi
 
+# Let's check if all dependencies are met
+myINST=""
+for myDEPS in $myPACKAGES;
+do
+  myOK=$(dpkg -s $myDEPS | grep ok | awk '{ print $3 }');
+  if [ "$myOK" != "ok" ]
+    then
+      myINST=$(echo $myINST $myDEPS)
+  fi
+done
+if [ "$myINST" != "" ]
+  then
+    apt-get update -y
+    for myDEPS in $myINST;
+    do
+      apt-get install $myDEPS -y
+    done
+fi
+
 # Let's load dialog color theme
 cp host/etc/dialogrc /etc/
 
 # Let's clean up at the end or if something goes wrong ...
 function fuCLEANUP {
-rm -rf $myTMP $myTPOTDIR $myPROXYCONFIG $myPFXPATH $myPFXPWPATH $myPFXHOSTIDPATH $myNTPCONFPATH
-echo > $myAUTHKEYSPATH
+rm -rf $myTMP $myTPOTDIR $myPFXFILE $myNTPCONFFILE $myCONF_FILE
+echo > $myAUTHKEYSFILE
 if [ -f $myTPOTSEED.bak ];
   then
     mv $myTPOTSEED.bak $myTPOTSEED
@@ -64,25 +82,6 @@ function valid_ip()
     return $stat
 }
 
-# Let's check if all dependencies are met
-myINST=""
-for myDEPS in $myPACKAGES;
-do
-  myOK=$(dpkg -s $myDEPS | grep ok | awk '{ print $3 }');
-  if [ "$myOK" != "ok" ]
-    then
-      myINST=$(echo $myINST $myDEPS)
-  fi
-done
-if [ "$myINST" != "" ]
-  then
-    apt-get update -y
-    for myDEPS in $myINST;
-    do
-      apt-get install $myDEPS -y
-    done
-fi
-
 # Let's ask if the user wants to run the script ...
 dialog --backtitle "$myBACKTITLE" --title "[ Continue? ]" --yesno "\nDownload latest supported Ubuntu Mini ISO and build the T-Pot Install Image." 8 50
 mySTART=$?
@@ -91,29 +90,39 @@ if [ "$mySTART" = "1" ];
     exit
 fi
 
+# Let's load the default config file
+if [ -f $myCONF_DEFAULT_FILE ];
+  then
+    source $myCONF_DEFAULT_FILE
+fi
+
 # Let's ask the user for a proxy ...
 while true;
 do
   dialog --backtitle "$myBACKTITLE" --title "[ Proxy Settings ]" --yesno "\nDo you want to configure a proxy?" 7 50
-  myADDPROXY=$?
-  if [ "$myADDPROXY" = "0" ]
+  myCONF_PROXY_USE=$?
+  if [ "$myCONF_PROXY_USE" = "0" ]
     then
       myIPRESULT="false"
       while [ "$myIPRESULT" = "false" ];
         do
-          myPROXYIP=$(dialog --backtitle "$myBACKTITLE" --no-cancel --title "Proxy IP?" --inputbox "" 7 50 "1.2.3.4" 3>&1 1>&2 2>&3 3>&-)
-          if valid_ip $myPROXYIP; then myIPRESULT="true"; fi
+          myCONF_PROXY_IP=$(dialog --backtitle "$myBACKTITLE" --no-cancel --title "Proxy IP?" --inputbox "" 7 50 "$myCONF_PROXY_IP" 3>&1 1>&2 2>&3 3>&-)
+          if valid_ip $myCONF_PROXY_IP; then myIPRESULT="true"; fi
       done
       myPORTRESULT="false"
       while [ "$myPORTRESULT" = "false" ];
         do
-          myPROXYPORT=$(dialog --backtitle "$myBACKTITLE" --no-cancel --title "Proxy Port (i.e. 3128)?" --inputbox "" 7 50 "3128" 3>&1 1>&2 2>&3 3>&-)
-          if [[ $myPROXYPORT =~ ^-?[0-9]+$ ]] && [ $myPROXYPORT -gt 0 ] && [ $myPROXYPORT -lt 65536 ]; then myPORTRESULT="true"; fi
+          myCONF_PROXY_PORT=$(dialog --backtitle "$myBACKTITLE" --no-cancel --title "Proxy Port (i.e. 3128)?" --inputbox "" 7 50 "$myCONF_PROXY_PORT" 3>&1 1>&2 2>&3 3>&-)
+          if [[ $myCONF_PROXY_PORT =~ ^-?[0-9]+$ ]] && [ $myCONF_PROXY_PORT -gt 0 ] && [ $myCONF_PROXY_PORT -lt 65536 ]; then myPORTRESULT="true"; fi
       done
-      echo http://$myPROXYIP:$myPROXYPORT > $myPROXYCONFIG
-      sed -i.bak 's#d-i mirror/http/proxy.*#d-i mirror/http/proxy string http://'$myPROXYIP':'$myPROXYPORT'/#' $myTPOTSEED
+      #################################################################
+      #echo http://$myCONF_PROXY_IP:$myCONF_PROXY_PORT > $myPROXYCONFIG
+      #################################################################
+      sed -i.bak 's#d-i mirror/http/proxy.*#d-i mirror/http/proxy string http://'$myCONF_PROXY_IP':'$myCONF_PROXY_PORT'/#' $myTPOTSEED
       break
     else
+      myCONF_PROXY_IP=""
+      myCONF_PROXY_PORT=""
       break
   fi
 done
@@ -122,19 +131,20 @@ done
 while true;
 do
   dialog --backtitle "$myBACKTITLE" --title "[ Add ssh keys? ]" --yesno "\nDo you want to add public key(s) to authorized_keys file?" 8 50
-  myADDKEYS=$?
-  if [ "$myADDKEYS" = "0" ]
+  myCONF_SSH_PUBKEY_USE=$?
+  if [ "$myCONF_SSH_PUBKEY_USE" = "0" ]
     then
-      myKEYS=$(dialog --backtitle "$myBACKTITLE" --fselect "/" 15 50 3>&1 1>&2 2>&3 3>&-)
-      if [ -f "$myKEYS" ]
+      myCONF_SSH_PUBKEY_FILE=$(dialog --backtitle "$myBACKTITLE" --fselect "$myCONF_SSH_PUBKEY_FILE" 15 50 3>&1 1>&2 2>&3 3>&-)
+      if [ -f "$myCONF_SSH_PUBKEY_FILE" ]
         then
-          cat $myKEYS > $myAUTHKEYSPATH
+          cp $myCONF_SSH_PUBKEY_FILE $myAUTHKEYSFILE
           break
         else
           dialog --backtitle "$myBACKTITLE" --title "[ Try again! ]" --msgbox "\nThis is no regular file." 7 50;
       fi
     else
-      echo > $myAUTHKEYSPATH
+      echo > $myAUTHKEYSFILE
+      myCONF_SSH_PUBKEY_FILE=""
       break
   fi
 done
@@ -143,27 +153,36 @@ done
 while true;
 do
   dialog --backtitle "$myBACKTITLE" --title "[ Need 802.1x auth? ]" --yesno "\nDo you want to add a 802.1x host certificate?" 7 50
-  myADDPFX=$?
-  if [ "$myADDPFX" = "0" ]
+  myCONF_PFX_USE=$?
+  if [ "$myCONF_PFX_USE" = "0" ]
     then
-      myPFX=$(dialog --backtitle "$myBACKTITLE" --fselect "/" 15 50 3>&1 1>&2 2>&3 3>&-)
-      if [ -f "$myPFX" ]
+      myCONF_PFX_FILE=$(dialog --backtitle "$myBACKTITLE" --fselect "$myCONF_PFX_FILE" 15 50 3>&1 1>&2 2>&3 3>&-)
+      if [ -f "$myCONF_PFX_FILE" ]
         then
-          cp $myPFX $myPFXPATH
+          cp $myCONF_PFX_FILE $myPFXFILE
           dialog --backtitle "$myBACKTITLE" --title "[ Password protected? ]" --yesno "\nDoes the certificate need your password?" 7 50
-          myADDPFXPW=$?
-          if [ "$myADDPFXPW" = "0" ]
+          myCONF_PFX_PW_USE=$?
+          if [ "$myCONF_PFX_PW_USE" = "0" ]
             then
-              myPFXPW=$(dialog --backtitle "$myBACKTITLE" --no-cancel --inputbox "Password?" 7 50 3>&1 1>&2 2>&3 3>&-)
-              echo $myPFXPW > $myPFXPWPATH
+              myCONF_PFX_PW=$(dialog --backtitle "$myBACKTITLE" --no-cancel --inputbox "Password?" 7 50 3>&1 1>&2 2>&3 3>&-)
+              ###################################
+	      #echo $myCONF_PFX_PW > $myPFXPWPATH
+	      ###################################
+	    else
+	      myCONF_PFX_PW=""
           fi
-          myPFXHOSTID=$(dialog --backtitle "$myBACKTITLE" --no-cancel --inputbox "Host ID?" 7 50 "<HOSTNAME>.<DOMAIN>" 3>&1 1>&2 2>&3 3>&-)
-          echo $myPFXHOSTID > $myPFXHOSTIDPATH
+          myCONF_PFX_HOST_ID=$(dialog --backtitle "$myBACKTITLE" --no-cancel --inputbox "Host ID?" 7 50 "$myCONF_PFX_HOST_ID" 3>&1 1>&2 2>&3 3>&-)
+          ############################################
+	  #echo $myCONF_PFX_HOST_ID > $myPFXHOSTIDPATH
+	  ############################################
           break
         else
           dialog --backtitle "$myBACKTITLE" --title "[ Try again! ]" --msgbox "\nThis is no regular file." 7 50;
       fi
     else
+      myCONF_PFX_FILE=""
+      myCONF_PFX_HOST_ID=""
+      myCONF_PFX_PW=""
       break
   fi
 done
@@ -172,16 +191,16 @@ done
 while true;
 do
   dialog --backtitle "$myBACKTITLE" --title "[ NTP server? ]" --yesno "\nDo you want to configure a ntp server?" 7 50
-  myADDNTP=$?
-  if [ "$myADDNTP" = "0" ]
+  myCONF_NTP_USE=$?
+  if [ "$myCONF_NTP_USE" = "0" ]
     then
       myIPRESULT="false"
       while [ "$myIPRESULT" = "false" ];
         do
-          myNTPIP=$(dialog --backtitle "$myBACKTITLE" --no-cancel --title "NTP IP?" --inputbox "" 7 50 "1.2.3.4" 3>&1 1>&2 2>&3 3>&-)
-          if valid_ip $myNTPIP; then myIPRESULT="true"; fi
+          myCONF_NTP_IP=$(dialog --backtitle "$myBACKTITLE" --no-cancel --title "NTP IP?" --inputbox "" 7 50 "$myCONF_NTP_IP" 3>&1 1>&2 2>&3 3>&-)
+          if valid_ip $myCONF_NTP_IP; then myIPRESULT="true"; fi
       done
-tee $myNTPCONFPATH <<EOF
+tee $myNTPCONFFILE <<EOF
 driftfile /var/lib/ntp/ntp.drift
 
 statistics loopstats peerstats clockstats
@@ -189,7 +208,7 @@ filegen loopstats file loopstats type day enable
 filegen peerstats file peerstats type day enable
 filegen clockstats file clockstats type day enable
 
-server $myNTPIP
+server $myCONF_NTP_IP
 
 restrict -4 default kod notrap nomodify nopeer noquery
 restrict -6 default kod notrap nomodify nopeer noquery
@@ -199,10 +218,26 @@ EOF
 
       break
     else
+      myCONF_NTP_IP=""
       break
   fi
 done
 
+# Let's write the config file
+echo "# makeiso configuration file" > $myCONF_FILE
+echo "myCONF_PROXY_USE=\"$myCONF_PROXY_USE\"" >> $myCONF_FILE
+echo "myCONF_PROXY_IP=\"$myCONF_PROXY_IP\"" >> $myCONF_FILE
+echo "myCONF_PROXY_PORT=\"$myCONF_PROXY_PORT\"" >> $myCONF_FILE
+echo "myCONF_SSH_PUBKEY_USE=\"$myCONF_SSH_PUBKEY_USE\"" >> $myCONF_FILE
+echo "myCONF_SSH_PUBKEY_FILE=\"$myCONF_SSH_PUBKEY_FILE\"" >> $myCONF_FILE
+echo "myCONF_PFX_USE=\"$myCONF_PFX_USE\"" >> $myCONF_FILE
+echo "myCONF_PFX_FILE=\"$myCONF_PFX_FILE\"" >> $myCONF_FILE
+echo "myCONF_PFX_PW_USE=\"$myCONF_PFX_PW_USE\"" >> $myCONF_FILE
+echo "myCONF_PFX_PW=\"$myCONF_PFX_PW\"" >> $myCONF_FILE
+echo "myCONF_PFX_HOST_ID=\"$myCONF_PFX_HOST_ID\"" >> $myCONF_FILE
+echo "myCONF_NTP_USE=\"$myCONF_NTP_USE\"" >> $myCONF_FILE
+echo "myCONF_NTP_IP=\"$myCONF_NTP_IP\"" >> $myCONF_FILE
+
 # Let's download Ubuntu Minimal ISO
 if [ ! -f $myUBUNTUISO ]
   then