Improve documentation

doc/install_ontop.md

@@ -1,6 +1,12 @@
 # Installation on existing client
 
-An easy method to test the lmn-client is to run the playbook manual on a fresh installed client.
+A straightforward way to test the lmn-client is to manually run the playbook on a freshly installed client.
+
+This can be done in the following ways:
+
+    On the client using ansible-pull
+    On the client by checking out the lmn-client repository and running the playbook locally
+    On a target device by checking out the lmn-client repository locally and executing the playbook against the target device
 
 ## Direct call via ansible-pull
 
@@ -9,10 +15,10 @@ With two simple commands you can install the lmn-client with default configurati
 Steps:
 
 * Install debian on client (via USB or PXE)
-* Install additional packages: ansible
+* Install additional packages: ansible  
   `sudo apt install ansible`
-* Run Playbook
-  `ansible-pull -i inventory.yml -l localhost, --url=https://codeberg.org/DigitalSouveraeneSchule/lmn-client.git -C main lmn-client.yml`
+* Run Playbook  
+  `sudo ansible-pull --verbose -i inventory-sample.yml -l localhost --url=https://codeberg.org/DigitalSouveraeneSchule/lmn-client.git -C main lmn-client.yml`
 
 ## Checkout git and run ansible locally
 
@@ -24,10 +30,12 @@ Steps:
 * Install debian on client (via USB or PXE)
 * Install additional packages: ansible, git  
   `sudo apt install ansible git`
-* Checkout Repository
+* Checkout Repository  
   `git clone https://codeberg.org/DigitalSouveraeneSchule/lmn-client.git`
+* Change into repository directory  
+  `cd lmn-client`
 * Create inventory  
-  `cp inventory.yml inventory-myschool.yml`
+  `cp inventory-sample.yml inventory-myschool.yml`
 * Edit inventory-myschool.yml  
   e.g.: `nano inventory-myschool.yml`
 * Run Playbook  

doc/install_pxe.md

@@ -2,15 +2,28 @@
 
 * **Using DigitalSouveraeneSchule repository and LinuxMuster.Net tftp**  
   Simplest solution. Playbook and default inventory from DigitalSouveraeneSchule codeberg repository.  
-  Linux kernel and initial Ramdisk from debian repository.
+  Linux kernel and initial Ramdisk from debian repository.  
+  Client must have access to the internet (noproxy group).
 * **Using your own repository and LinuxMuster.Net tftp**  
   Here you can use your own inventory and make many custom settings.  
-  Linux kernel and initial Ramdisk from debian repository.
+  Linux kernel and initial Ramdisk from debian repository.  
+  Client must have access to the internet (noproxy group).
 * **Using your own repository and livebox tftp**  
-  Additional kernel and Ramdisk from your own infrastrukture.
+  Additional kernel and Ramdisk from your own infrastrukture.  
+  Client does not need direct internet access.
 
 ## Using codeberg repository and LinuxMuster.Net tftp
 
+### Requirements / firewall settings
+
+The computer on which the linuxclient is to be installed must have access to the Internet (add host to noproxy group)
+
+The following resources are downloaded from the internet:
+
+* The repository is provided by codeberg.org
+* the Linux kernel, the initial ramdisk and the installation files are loaded from debian.org.
+* mscorefonts from Microsoft
+
 ### Modification LinuxMuster.Net server
 
 Create grub config for device group `lmnclient` on your schools server:
@@ -25,9 +38,12 @@ set default=1
 menuentry 'Installer Debian bookworm (amd64) + preseed + ansible inventory' {
    echo -n "Enter domain join password: "
    read adpw
+   set vaultpw="dummy"
+   # echo -n "Enter vault password"
+   # read vaultpw
    linux   (http,ftp.debian.org)/debian/dists/stable/main/installer-amd64/current/images/netboot/debian-installer/amd64/linux auto=true priority=high \
-           url=https://codeberg.org/DigitalSouveraeneSchule/lmn-client/raw/branch/fvs/misc/preseed.cfg interface=auto \
-           playbook=lmn-client.yml adpw="${adpw}" ---
+           url=https://codeberg.org/DigitalSouveraeneSchule/lmn-client/raw/branch/main/misc/preseed.cfg interface=auto \
+           playbook=lmn-client.yml adpw="${adpw}" vaultpw="${vaultpw}" ---
    initrd  (http,ftp.debian.org)/debian/dists/stable/main/installer-amd64/current/images/netboot/debian-installer/amd64/initrd.gz
 }
 ```
@@ -47,4 +63,52 @@ classroom;mypc01;lmnclient;F2:81:6B:C9:E3:EF;10.0.5.51;;;;classroom-studentcompu
 * confirm `hostname` and `domain` (you will be asked in network setup)
 * ... Get a cup of coffee ... wait until reboot ... login (Logging in may take a few minutes after installation)
 
-## Using your own livebox server
+
+## Using your own repository and LinuxMuster.Net tftp
+
+If you fork the lmn-client repository, you can customize the preseeding and inventory to your needs.
+Use the instructions in the previous section and customize the repository in `/srv/linbo/boot/grub/lmnclient.cfg`.
+
+It makes sense to encrypt your inventory via `ansible-vault`.
+When using encrypted inventories you have to provide the vault password by commenting in the two lines in the `/srv/linbo/boot/grub/lmnclient.cfg`.
+
+## Using your own repository and livebox tftp
+
+The next improvement will be to use your own livebox with following functionalities:
+
+* Providing linux kernel and initial ramdisk for installer
+* Can be used as cache for debian packages (aptcacher)
+* Can provide mscorefonts and libdvdcss (multimedia codecs)
+* Can be used to boot live systems (netboot) via pxe
+
+### Installing the livebox server
+
+* Install debian VM and configure network
+* Install additional packages: ansible  
+  `sudo apt install ansible`
+* Run livebox playbook  
+  `ansible-pull -i localhost, --url=https://salsa.debian.org/andi/debian-lan-ansible.git -C master livebox.yml`
+* Set DNS entry for your new livebox server
+
+### Modification LinuxMuster.Net server
+
+The file `/srv/linbo/boot/grub/lmnclient.cfg` might look like this:
+
+```
+# ### NOT managed by linuxmuster.net ###
+
+# edit to your needs
+set default=1
+
+menuentry 'Installer Debian bookworm (amd64) + preseed + ansible inventory' {
+   echo -n "Enter domain join password: "
+   read adpw
+   set vaultpw="dummy"
+   # echo -n "Enter vault password"
+   # read vaultpw
+   linux   (http,livebox.example.com)/d-i/n-pkg/images/12/amd64/text/debian-installer/amd64/linux auto=true priority=high \
+           url=https://codeberg.org/MySchool/lmn-client/raw/branch/main/misc/preseed-myschool.cfg interface=auto \
+           playbook=lmn-client.yml adpw="${adpw}" vaultpw="${vaultpw}" ---
+   initrd  (http,livebox.example.com)/d-i/n-pkg/images/12/amd64/text/debian-installer/amd64/initrd.gz
+}
+```

inventory-sample.yml

@@ -2,10 +2,9 @@
 all:
   vars:
     domain: "{{ ansible_domain }}"
-    security_defaultuser_login_disable: false
-    kde_desktop_pkg:
-      - akonadi-backend-sqlite
 
+    # Comment out on productive systems when ssh key is provided
+    security_defaultuser_login_disable: false
 
     ## Proxy configuration (see: doc/localproxy.md)
     # localproxy: true
@@ -59,7 +58,6 @@ all:
     #   - vim
     #   - mc
     #   - tmux
-    #   - debconf-utils
 
     ## WLAN configuration (see: doc/vpn.md):
     ##
@@ -105,6 +103,7 @@ all:
 
   hosts:
     localhost:
+      ansible_connection: local
 
 laptops:
   children:

misc/preseed.cfg

@@ -50,13 +50,11 @@ d-i apt-setup/contrib boolean true
 d-i mirror/country string manual
 d-i mirror/http/hostname string deb.debian.org
 d-i mirror/http/directory string /debian
-#d-i mirror/http/proxy string http://10.167.0.253:3142/
-#d-i mirror/http/proxy string http://192.168.1.17:3142/
-#d-i mirror/http/proxy string http://aptcache.steinbeisschule-reutlingen.de:3142/
-d-i mirror/http/proxy string http://aptcache.pn.steinbeis.schule:3142/
+#d-i mirror/http/proxy string http://aptcache.pn.steinbeis.schule:3142/
+d-i mirror/http/proxy string
 
 # NTP server to use:
-d-i clock-setup/ntp-server string server.pn.steinbeis.schule
+#d-i clock-setup/ntp-server string server.pn.steinbeis.schule
 
 ### Backports:
 #apt-setup-udeb apt-setup/services-select multiselect security, updates, backports
@@ -129,10 +127,9 @@ d-i preseed/late_command string \
         in-target mount -v -t tmpfs tmpfs /dev/shm ; \
         echo "$vaultpw" > /target/dev/shm/vaultpw ; \
         in-target ansible-pull --verbose --purge --extra-vars="run_in_installer=true" \
-           -l localhost \
-           -i inventory-sample.yml --url=https://codeberg.org/DigitalSouveraeneSchule/lmn-client.git -C fvs $playbook ; \
+           --vault-password-file /dev/shm/vaultpw -l localhost \
+           -i inventory-sample.yml --url=https://codeberg.org/DigitalSouveraeneSchule/lmn-client.git -C main $playbook ; \
       fi
-##           --vault-password-file /dev/shm/vaultpw -l localhost \
 #
 ## When installing in combination with ansible-pull,
 ## export your ansible playbook like: