特别鸣谢:陆旭xu.lu老师
找一个双网卡(有线+无线)的笔记本安装好Ubuntu20.04,WiFi网络作为互联网连接,物理网络接口作为DHCP和操作系统推送的连接接口,设置IP地址为10.1.1.99/24。
#!/bin/bash
# iPXE portal link - https://ipxe.org/start
set -e
#set -x
gsettings set org.gnome.desktop.session idle-delay 0
gsettings set org.gnome.desktop.screensaver lock-delay 600
CUSTOM=<Need_to_define_by_yourself>
WIFI=<Your_WiFi_SSID>
sudo rsync --ignore-existing --progress /etc/sudoers /etc/sudoers.bak && sudo chmod 640 /etc/sudoers
sudo sed -i 's|env_reset|env_reset,timestamp_timeout=1440|g' /etc/sudoers##### Setup apt sources #####
# Change the apt sources to aliyun - https://developer.aliyun.com/mirror/ubuntu?spm=a2c6h.13651102.0.0.3e221b114hpiV9
sudo rsync --ignore-existing --progress /etc/apt/sources.list /etc/apt/sources.list.bak && sudo chmod o+w /etc/apt/sources.list
sudo cat <<EOF > /etc/apt/sources.list && sudo chmod o-w /etc/apt/sources.list
deb http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
EOF
sudo dpkg --configure -a
sudo apt-get update && sudo apt-get upgrade -y##### Install service packages #####
sudo apt-get -y install openssh-server tftpd-hpa nginx samba nfs-kernel-server isc-dhcp-server
sudo rsync --ignore-existing --progress /etc/resolv.conf /etc/resolv.conf.bak && sudo chmod o+w /etc/resolv.conf
sudo cat <<EOF > /etc/resolv.conf && sudo chmod o-w /etc/resolv.conf
nameserver 10.9.40.4
nameserver 114.114.114.114
nameserver 127.0.0.53
options edns0 trust-ad
serach localdomain
EOF##### Setup SSH link port #####
sudo rsync --ignore-existing --progress /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
sudo sed -i "s|#Port 22|Port 22222|g" /etc/ssh/sshd_config
sudo systemctl restart sshd.service
##### Disable conflict service #####
sudo systemctl stop systemd-resolved && sudo systemctl disable systemd-resolved
##### Setup no locked when close #####
sudo rsync --ignore-existing --progress /etc/systemd/logind.conf /etc/systemd/logind.conf.bak
sudo sed -i "s|#HandleLidSwitch=suspend|HandleLidSwitch=ignore|g" /etc/systemd/logind.conf
##### Create data directory #####
sudo mkdir -p /ipxe/{firmware,menu,iso}
##### Download iPXE boot firmware #####
sudo wget http://boot.ipxe.org/undionly.kpxe -O /ipxe/firmware/undionly.kpxe
sudo wget http://boot.ipxe.org/ipxe.efi -O /ipxe/firmware/ipxe.efi
sudo wget https://github.com/ipxe/wimboot/releases/latest/download/wimboot -O /ipxe/wimboot##### Generate boot menu #####
sudo touch /ipxe/menu/boot.ipxe ; sudo chmod o+w /ipxe/menu/boot.ipxe
sudo cat <<EOF > /ipxe/menu/boot.ipxe && sudo chmod o-w /ipxe/menu/boot.ipxe
#!ipxe
set menu-timeout 31000
set menu-default reload-main
:start
menu iPXE Boot Menu
item --gap -- -------------------------- IPXE for $CUSTOM ---------------------------
item --key b reload-main [B] Back to main menu
item auto-windows-10-pro-$CUSTOM Auto Install Windows 10 Pro $CUSTOM
item auto-windows-10-pro Auto Install Windows 10 Pro
item auto-ubuntu-20-$CUSTOM Auto Install ubuntu 20 $CUSTOM
item auto-ubuntu-20-alienware Auto Install ubuntu 20 Alienware 15 R4
item auto-ubuntu-20 Auto Install ubuntu 20
item auto-ubuntu-18-$CUSTOM Auto Install ubuntu 18 $CUSTOM
item auto-ubuntu-18 Auto Install ubuntu 18
choose --timeout \${menu-timeout} --default \${menu-default} selected
goto \${selected}
:reload-main
chain http://10.1.1.99/menu/boot.ipxe
:auto-windows-10-pro-$CUSTOM
set URL http://10.1.1.99/
kernel \${URL}wimboot
initrd \${URL}win10pe-$CUSTOM/install.bat
initrd \${URL}win10pe-$CUSTOM/winpeshl.ini
initrd \${URL}win10pe-$CUSTOM/Boot/BCD BCD
initrd \${URL}win10pe-$CUSTOM/Boot/boot.sdi boot.sdi
initrd -n boot.wim \${URL}win10pe-$CUSTOM/sources/boot.wim boot.wim
boot
:auto-windows-10-pro
set URL http://10.1.1.99/
kernel \${URL}wimboot
initrd \${URL}win10pe/install.bat
initrd \${URL}win10pe/winpeshl.ini
initrd \${URL}win10pe/Boot/BCD BCD
initrd \${URL}win10pe/Boot/boot.sdi boot.sdi
initrd -n boot.wim \${URL}win10pe/sources/boot.wim boot.wim
boot
:auto-ubuntu-20-$CUSTOM
set arch ubuntu-20-desktop-$CUSTOM
set address 10.1.1.99
set gfxpayload=keep
kernel http://\${address}/\${arch}/casper/vmlinuz auto url=http://\${address}/ubuntu-desktop-autoinstall.seed boot=casper automatic-ubiquity quiet initrd=initrd netboot=nfs nfsroot=\${address}:/ipxe/\${arch}/ ip=dhcp root=/dev/nfs ---
initrd http://\${address}/\${arch}/casper/initrd
boot
:auto-ubuntu-20-alienware
set arch ubuntu-20-desktop
set address 10.1.1.99
set gfxpayload=keep
kernel http://\${address}/\${arch}/casper/vmlinuz auto url=http://\${address}/ubuntu-desktop-autoinstall.seed boot=casper automatic-ubiquity quiet initrd=initrd netboot=nfs nfsroot=\${address}:/ipxe/\${arch}/ ip=dhcp root=/dev/nfs ---
initrd http://\${address}/\${arch}/casper/initrd
boot
:auto-ubuntu-20
set arch ubuntu-20-desktop
set address 10.1.1.99
set gfxpayload=keep
kernel http://\${address}/\${arch}/casper/vmlinuz boot=casper automatic-ubiquity quiet initrd=initrd netboot=nfs nfsroot=\${address}:/ipxe/\${arch}/ ip=dhcp root=/dev/nfs ---
initrd http://\${address}/\${arch}/casper/initrd
boot
:auto-ubuntu-18-$CUSTOM
set arch ubuntu-18-desktop
set address 10.1.1.99
set gfxpayload=keep
kernel http://\${address}/\${arch}/casper/vmlinuz auto url=http://\${address}/ubuntu-desktop-autoinstall.seed boot=casper automatic-ubiquity quiet initrd=initrd netboot=nfs nfsroot=\${address}:/ipxe/\${arch}/ ip=dhcp root=/dev/nfs ---
initrd http://\${address}/\${arch}/casper/initrd
boot
:auto-ubuntu-18
set arch ubuntu-18-desktop
set address 10.1.1.99
set gfxpayload=keep
kernel http://\${address}/\${arch}/casper/vmlinuz boot=casper automatic-ubiquity quiet initrd=initrd netboot=nfs nfsroot=\${address}:/ipxe/\${arch}/ ip=dhcp root=/dev/nfs ---
initrd http://\${address}/\${arch}/casper/initrd
boot
EOF##### Setup TFTP #####
sudo rsync --ignore-existing --progress /etc/default/tftpd-hpa /etc/default/tftpd-hpa.bak && sudo chmod o+w /etc/default/tftpd-hpa
sudo cat <<EOF > /etc/default/tftpd-hpa && sudo chmod o-w /etc/default/tftpd-hpa
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/ipxe/firmware"
TFTP_ADDRESS=":69"
TFTP_OPTIONS="--secure"
EOF
sudo systemctl restart tftpd-hpa.service##### Setup HTTP #####
sudo rsync --ignore-existing --progress /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak && sudo chmod o+w /etc/nginx/nginx.conf
sudo cat <<EOF > /etc/nginx/nginx.conf && sudo chmod o-w /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
include /etc/nginx/conf.d/*.conf;
}
EOF
sudo touch /etc/nginx/conf.d/ipxe.conf ; sudo chmod o+w /etc/nginx/conf.d/ipxe.conf
sudo cat <<EOF > /etc/nginx/conf.d/ipxe.conf && sudo chmod o-w /etc/nginx/conf.d/ipxe.conf
server {
listen 80;
server_name localhost;
charset utf-8;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
location / {
root /ipxe;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
EOF
sudo systemctl restart nginx.service##### Setup smb #####
sudo rsync --ignore-existing --progress /etc/samba/smb.conf /etc/samba/smb.conf.bak && sudo chmod o+w /etc/samba/smb.conf
sudo cat <<EOF > /etc/samba/smb.conf && sudo chmod o-w /etc/samba/smb.conf
[global]
workgroup = WORKGROUP
security = user
passdb backend = tdbsam
map to guest = Bad User
[ipxe]
comment = ipxe
browseable = yes
path = /ipxe
writeable = no
guest ok = yes
EOF
sudo systemctl restart smbd.service##### Setup Ubuntu #####
# How to generate a preseed file - http://blog.chinaunix.net/uid-23225855-id-1992135.html
# How to customize a ubuntu ISO for your own - https://cloud.tencent.com/developer/article/1796633
sudo mkdir -p /ipxe/{ubuntu-20-desktop,ubuntu-20-desktop-$CUSTOM}/
sudo mkdir -p /ipxe/{ubuntu-18-desktop,ubuntu-18-desktop-$CUSTOM}/
sudo touch /ipxe/ubuntu-desktop-autoinstall.seed ; sudo chmod o+w /ipxe/ubuntu-desktop-autoinstall.seed
sudo cat <<EOF > /ipxe/ubuntu-desktop-autoinstall.seed && sudo chmod o-w /ipxe/ubuntu-desktop-autoinstall.seed
d-i debian-installer/locale string en_US
d-i debian-installer/locale string en_US.UTF-8
d-i debian-installer/language string en
d-i debian-installer/country string us
d-i localechooser/supported-locales multiselect en_US.UTF-8
d-i console-setup/layoutcode string us
d-i console-setup/variantcode string
d-i console-keymaps-at/keymap select us
d-i console-tools/archs select at
d-i keyboard-configuration/xkb-keymap select us
d-i keyboard-configuration/layoutcode select us
d-i console-setup/ask_detect boolean false
d-i netcfg/choose_interface select auto
d-i netcfg/get_hostname string unassigned-hostname
d-i netcfg/get_domain string
d-i netcfg/wireless_wep string
d-i partman-basicfilesystems/no_swap boolean false
d-i partman/confirm boolean true
d-i clock-setup/utc boolean false
d-i time/zone string Asia/Shanghai
d-i passwd/root-login boolean false
d-i passwd/user-fullname string $CUSTOM
d-i passwd/username string $CUSTOM
d-i passwd/user-password password xiaomazhixing
d-i passwd/user-password-again password xiaomazhixing
d-i user-setup/allow-password-weak boolean true
d-i grub-installer/skip boolean true
d-i grub-installer/only_debian boolean false
tasksel tasksel/first multiselect standard, desktop
xserver-xorg xserver-xorg/autodetect_monitor boolean true
ubiquity ubiquity/success_command string \
wget http://10.1.1.99/ubuntu_init.sh -O /target/home/$CUSTOM/ubuntu_init.sh; \
chmod 755 /target/home/$CUSTOM/ubuntu_init.sh; \
cp -n /target/etc/bash.bashrc /target/etc/bash.bashrc.bak; \
echo 'sudo /home/$CUSTOM/ubuntu_init.sh' >> /target/etc/bash.bashrc; \
cp -n /target/etc/sudoers /target/etc/sudoers.bak; \
echo '$CUSTOM ALL=(ALL:ALL) NOPASSWD:ALL' >> /target/etc/sudoers; \
cp -n /target/etc/gdm3/custom.conf /target/etc/gdm3/custom.conf.bak; \
wget http://10.1.1.99/ubuntu-desktop-$CUSTOM-custom.conf -O /target/etc/gdm3/custom.conf;
ubiquity ubiquity/summary note
ubiquity ubiquity/reboot boolean true
EOF
sudo touch /ipxe/ubuntu-desktop-$CUSTOM-custom.conf ; sudo chmod o+w /ipxe/ubuntu-desktop-$CUSTOM-custom.conf
sudo cat <<EOF > /ipxe/ubuntu-desktop-$CUSTOM-custom.conf && sudo chmod o-w /ipxe/ubuntu-desktop-$CUSTOM-custom.conf
[daemon]
WaylandEnable=false
AutomaticLoginEnable = true
AutomaticLogin = $CUSTOM
[security]
[xdmcp]
[chooser]
[debug]
EOF
sudo wget ftp://10.16.1.229/iso/ubuntu-20.04.5-$CUSTOM-desktop-amd64.iso -O /ipxe/iso/ubuntu-20-desktop-$CUSTOM.iso
sudo wget ftp://10.16.1.229/iso/ubuntu-20.04.5-desktop-amd64.iso -O /ipxe/iso/ubuntu-20-desktop.iso
sudo wget ftp://10.16.1.229/iso/ubuntu-18.04.5-desktop-amd64.iso -O /ipxe/iso/ubuntu-18-desktop.iso
sudo rsync --ignore-existing --progress /etc/fstab /etc/fstab.bak && sudo chmod o+w /etc/fstab
sudo cat <<EOF >> /etc/fstab && sudo chmod o-w /etc/fstab && sudo mount -a
/ipxe/iso/ubuntu-20-desktop-$CUSTOM.iso /ipxe/ubuntu-20-desktop-$CUSTOM/ iso9660 defaults 0 0
/ipxe/iso/ubuntu-20-desktop.iso /ipxe/ubuntu-20-desktop/ iso9660 defaults 0 0
/ipxe/iso/ubuntu-18-desktop.iso /ipxe/ubuntu-18-desktop/ iso9660 defaults 0 0
EOF
sudo touch /ipxe/ubuntu_init.sh ; sudo chmod o+w /ipxe/ubuntu_init.sh
sudo cat <<EOF > /ipxe/ubuntu_init.sh && sudo chmod o-w /ipxe/ubuntu_init.sh
#!/bin/bash
set -e
#set -x
echo \[System init start\] | sudo tee /var/log/ubuntu_init.log
read -p "Please input the username: " USERNAME
if [ ! -z \$USERNAME ]; then
echo "Correct! Script will be executed."
sudo chmod 666 /etc/bash.bashrc
else
echo "Usage: ./ubuntu.sh <Creat_userID>."
exit 1
fi##### Keep screen on #####
gsettings set org.gnome.desktop.session idle-delay 0
gsettings set org.gnome.desktop.screensaver lock-delay 600##### Setup 802.1x to Network #####
echo -e "\e[33mSetup 802.1x to Network.\e[0m" | sudo tee -a /var/log/ubuntu_init.log
NETWORKMANAGER=\$(ls -A /etc/NetworkManager/system-connections)
if [[ \$NETWORKMANAGER == '' ]]; then
WIFI=\$(ip add | grep wlp | grep -i 'no-carrier' | cut -d':' -f2 | cut -d' ' -f2)
ETHERNET=\$(ip add | grep enp | grep -i 'state up' | cut -d':' -f2 | cut -d' ' -f2)
if [[ \$WIFI != '' ]]; then
sudo nmcli connection add type wifi con-name "$WIFI" ifname "\${WIFI}" autoconnect yes ssid $WIFI wifi-sec.key-mgmt wpa-eap 802-1x.eap peap 802-1x.phase2-auth GTC 802-1x.phase1-peapver 1 802-1x.identity bjittest_ipxe 802-1x.password 'X!@0mazhixing' && sleep 6s
ping -c 1 10.16.1.229
while ((\$?!=0))
do
sleep 1s
ping -c 1 10.16.1.229
done
elif [[ \$ETHERNET != '' ]]; then
sudo nmcli connection add type ethernet con-name "$WIFI" ifname "\${ETHERNET}" autoconnect yes 802-1x.eap peap 802-1x.phase2-auth GTC 802-1x.phase1-peapver 1 802-1x.identity bjittest_ipxe 802-1x.password 'X!@0mazhixing' && sudo nmcli connection down 'Wired connection 1' && sleep 6s
ping -c 1 10.16.1.229
while ((\$?!=0))
do
sleep 1s
ping -c 1 10.16.1.229
done
else
echo "You do not have an available network device." && exit 1
fi
fi
echo -e "\e[32mSetup 802.1x to Network accomplished.\e[0m" | sudo tee -a /var/log/ubuntu_init.log##### Setup apt source #####
sudo cp -n /etc/apt/sources.list /etc/apt/sources.list.bak
VERSION_ID=\$(cat /etc/os-release | grep -i version_id | cut -d\\" -f2)
if [[ \$VERSION_ID == '20.04' ]]; then
sudo cat <<EOF | sudo tee /etc/apt/sources.list
deb http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
eofEOF
else
sudo cat <<EOF | sudo tee /etc/apt/sources.list
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
eofEOF
fi
sudo dpkg --configure -a
sudo apt-get update | sudo tee -a /var/log/ubuntu_init.log##### Add user #####
echo -e "\e[33m Add user and create home directory.\e[0m" | sudo tee -a /var/log/ubuntu_init.log
if [ -f /home/\$USERNAME ]; then
sudo userdel \$USERNAME && sudo rm -rf /home/\$USERNAME && sudo rm -rf /home/.ecryptfs/\$USERNAME
fi
sudo useradd \$USERNAME -G sudo -m -k /etc/skel -s /bin/bash && (echo qwer1234;echo qwer1234) | sudo passwd \$USERNAME
sudo apt-get -y install ecryptfs-utils | sudo tee -a /var/log/ubuntu_init.log
#echo qwer1234 | sudo ecryptfs-migrate-home -u \$USERNAME
echo -e "\e[32mAdd user and create home directory accomplished.\e[0m" | sudo tee -a /var/log/ubuntu_init.log##### Change hostname #####
echo -e "\e[33mChange hostname.\e[0m" | sudo tee -a /var/log/ubuntu_init.log
sudo chmod +w /etc/hostname
echo \$USERNAME-U-\$(sudo dmidecode -s system-serial-number) | sudo tee /etc/hostname
sudo sed -i 's/127.0.1.1\tunassigned-hostname/127.0.1.1\t'"\$USERNAME-U-\$(sudo dmidecode -s system-serial-number)"'/g' /etc/hosts
echo -e "\e[32mChange hostname accomplished.\e[0m" | sudo tee -a /var/log/ubuntu_init.log##### Download auto_setup scripts #####
sudo mkdir /usr/ubuntu_softwares -p
sudo wget -r -np -nH -c ftp://10.16.1.229/ubuntu_softwares/auto_setup -P /usr/
sudo chmod -R +x /usr/ubuntu_softwares/##### Prepare for next boot #####
sudo cp -n /etc/profile /etc/profile.bak
sudo sed -i "/^\/home\/$CUSTOM\/ubuntu_init.sh/d" /etc/bash.bashrc
pre_system_setup=\$(sudo tail -n 1 /etc/profile | cut -d' ' -f1)
if [ \$pre_system_setup != "gnome-terminal" ]; then
sudo chmod 666 /etc/profile
if [[ \$VERSION_ID == '20.04' ]]; then
echo 'gnome-terminal -- bash -c "/usr/ubuntu_softwares/auto_setup/Ubuntu20.04-pre-system-setup.sh"' >> /etc/profile
else
echo 'gnome-terminal -- bash -c "/usr/ubuntu_softwares/auto_setup/Ubuntu18.04-pre-system-setup.sh"' >> /etc/profile
fi
fi
sudo cp -f /etc/bash.bashrc.bak /etc/bash.bashrc
sudo sed -i "s|$CUSTOM|\$USERNAME|g" /etc/gdm3/custom.conf
sudo sed -i "s|$CUSTOM|\$USERNAME|g" /etc/sudoers
reboot
EOF
sudo sed -i "s|eofEOF|EOF|g" /ipxe/ubuntu_init.sh
##### Setup NFS #####
sudo rsync --ignore-existing --progress /etc/exports /etc/exports.bak && sudo chmod o+w /etc/exports
sudo cat <<EOF > /etc/exports && sudo chmod o-w /etc/exports
/ipxe/ubuntu-20-desktop-$CUSTOM/ *(ro,sync)
/ipxe/ubuntu-20-desktop/ *(ro,sync)
/ipxe/ubuntu-18-desktop/ *(ro,sync)
EOF
sudo systemctl restart nfs-kernel-server.service##### Setup Windows #####
# How to generate a winPE ISO - https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/download-winpe--windows-pe?view=windows-11
# How to generate an AutoUnattend.xml - https://www.likecs.com/show-98734.html
sudo wget -r -np -nH -c ftp://10.16.1.229/iso/win10pe -P /ipxe/
sudo cp -r /ipxe/iso/win10pe/ /ipxe/win10pe && sudo cp -r /ipxe/iso/win10pe/ /ipxe/win10pe-$CUSTOM
sudo touch /ipxe/win10pe-$CUSTOM/winpeshl.ini ; sudo chmod o+w /ipxe/win10pe-$CUSTOM/winpeshl.ini
sudo cat <<EOF > /ipxe/win10pe-$CUSTOM/winpeshl.ini && sudo chmod o-w /ipxe/win10pe-$CUSTOM/winpeshl.ini
[LaunchApps]
"install.bat"
EOF
sudo touch /ipxe/win10pe-$CUSTOM/install.bat ; sudo chmod o+w /ipxe/win10pe-$CUSTOM/install.bat
sudo cat <<EOF > /ipxe/win10pe-$CUSTOM/install.bat && sudo chmod o-w /ipxe/win10pe-$CUSTOM/install.bat
::@echo off
wpeinit
ping 10.1.1.99 -n 10 2>nul
net use \\\10.1.1.99
net use \\\10.1.1.99\ipxe
net use \\\10.1.1.99\ipxe\win10-$CUSTOM
net use U: \\\10.1.1.99\ipxe\win10-$CUSTOM
U:\setup.exe
pause
EOF
sudo wget -r -np -nH -c ftp://10.16.1.229/iso/win10-$CUSTOM -P /ipxe/ && sudo chmod +x /ipxe/iso/win10-$CUSTOM/setup.exe
sudo mv /ipxe/iso/win10-$CUSTOM/ /ipxe/win10-$CUSTOM ; sudo chmod 755 -R /ipxe/win10-$CUSTOM
sudo touch /ipxe/win10-$CUSTOM/AutoUnattend.xml ; sudo chmod o+w /ipxe/win10-$CUSTOM/AutoUnattend.xml
sudo cat <<EOF > /ipxe/win10-$CUSTOM/AutoUnattend.xml && sudo chmod o-w /ipxe/win10-$CUSTOM/AutoUnattend.xml
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SetupUILanguage>
<UILanguage>en-US</UILanguage>
</SetupUILanguage>
<InputLocale>en-US</InputLocale>
<UILanguage>en-US</UILanguage>
<UserLocale>zh-CN</UserLocale>
<UILanguageFallback>en-US</UILanguageFallback>
<SystemLocale>zh-CN</SystemLocale>
</component>
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ImageInstall>
<OSImage>
<InstallToAvailablePartition>false</InstallToAvailablePartition>
<WillShowUI>OnError</WillShowUI>
</OSImage>
</ImageInstall>
<UserData>
<ProductKey>
<Key>B8QNH-2TMP3-9WYB3-D6TTK-M98XM</Key>
<WillShowUI>OnError</WillShowUI>
</ProductKey>
<AcceptEula>true</AcceptEula>
<FullName>Windows10</FullName>
<Organization>WORKGROUP</Organization>
</UserData>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<AutoLogon>
<Password>
<Value>eABpAGEAbwBtAGEAegBoAGkAeABpAG4AZwBQAGEAcwBzAHcAbwByAGQA</Value>
<PlainText>false</PlainText>
</Password>
<Username>$CUSTOM</Username>
</AutoLogon>
<OOBE>
<HideEULAPage>true</HideEULAPage>
<SkipMachineOOBE>true</SkipMachineOOBE>
<SkipUserOOBE>true</SkipUserOOBE>
<NetworkLocation>Work</NetworkLocation>
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<HideLocalAccountScreen>true</HideLocalAccountScreen>
</OOBE>
<UserAccounts>
<AdministratorPassword>
<Value>cABvAG4AeQBhAGkAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBQAGEAcwBzAHcAbwByAGQA</Value>
<PlainText>false</PlainText>
</AdministratorPassword>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>eABpAGEAbwBtAGEAegBoAGkAeABpAG4AZwBQAGEAcwBzAHcAbwByAGQA</Value>
<PlainText>false</PlainText>
</Password>
<DisplayName>$CUSTOM</DisplayName>
<Group>Administrators</Group>
<Name>$CUSTOM</Name>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<AutoLogon>
<Enabled>true</Enabled>
<Username>$CUSTOM</Username>
</AutoLogon>
<ComputerName>*</ComputerName>
<TimeZone>China Standard Time</TimeZone>
</component>
<component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SkipAutoActivation>true</SkipAutoActivation>
</component>
</settings>
<cpi:offlineImage cpi:source="wim://wudan-w-r90q7w0/isoandrufus/cn_windows_10_consumer_edition_version_1809_updated_sept_2018_x64_dvd/sources/install.wim#Windows 10 Pro" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>
EOF
sudo touch /ipxe/windows10_system_init.bat ; sudo chmod o+w /ipxe/windows10_system_init.bat
sudo cat <<EOF > /ipxe/windows10_system_init.bat && sudo chmod o-w /ipxe/windows10_system_init.bat
@echo off
:: Get Admin Right
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
if '%errorlevel%' NEQ '0' (
goto UACPrompt
) else ( goto gotAdmin )
:UACPrompt
echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
echo UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\getadmin.vbs"
"%temp%\getadmin.vbs"
exit /B
:gotAdmin
if exist "%temp%\getadmin.vbs" ( del "%temp%\getadmin.vbs" )
::pause
echo Please identify who will use this computer:
set /p USER=
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v USER /t reg_sz /d %USER% /f
::for /f "delims=: tokens=1*" %%l in (%USER%) do (
:: setlocal enabledelayedexpansion
:: set line=%%l
:: set line=!line:.=_!
:: endlocal
:: )
set "USERNAME=%USER:.=_%"
:: Close UAC
reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v ConsentPromptBehaviorAdmin /t reg_dword /d 0 /f
reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v PromptOnSecureDesktop /t reg_dword /d 0 /f
echo UAC is closed
::pause
:: Setup 802.1x for Wireless Network
sc config dot3svc start=auto
sc config wlansvc start=auto
sc start dot3svc
sc start wlansvc
netsh wlan add profile filename=C:\Downloads\WLAN-$WIFI.xml
::netsh wlan add profile filename=%~dp0\WLAN-$WIFI.xml
netsh wlan connect name=$WIFI ssid=$WIFI
echo 802.1x is installed.
::pause
:: Add user
net user %USER% /add /active:yes
net user %USER% qwer1234
net localgroup administrators %USER% /add
net user $CUSTOM 1q2w3e4r
echo User is added.
::pause
:: Change Hostname
for /f "delims=: tokens=1*" %%o in ('wmic bios get serialnumber^|findstr /n "."') do (
if %%o==2 set tempSN=%%p
)
for /f "tokens=1*" %%r in ("%tempSN%") do (
set SN=%%r
)
:: set CombineNAME=%USER%-W-%SN%
set CombineNAME=%USERNAME%-W-%SN%
wmic computersystem where "name='%computername%'" call rename "%CombineNAME%"
echo Hostname is changed.
::pause
:: Set what execute in next boot
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v software /t reg_sz /d "C:\windows\system32\software-setup.bat" /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t reg_sz /d "1" /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /t reg_sz /d "%USER%" /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /t reg_sz /d "qwer1234" /f
::pause
:: Ftp download
ping 10.16.1.229 1>null
netsh advfirewall set allprofiles state off
mkdir C:\Downloads
echo prompt>ftptmp.txt
echo open 10.16.1.229>>ftptmp.txt
echo user anonymous>>ftptmp.txt
echo lcd C:\Downloads>>ftptmp.txt
echo cd windows_softwares>>ftptmp.txt
echo get software-setup.bat>>ftptmp.txt
::echo get WLAN-$WIFI.xml>>ftptmp.txt
echo bye>>ftptmp.txt
ftp -n -i -s:"ftptmp.txt"
del "C:\windows\system32\ftptmp.txt" -f -q
::pause
shutdown -r -t 0
EOF
sudo touch /ipxe/win10pe/winpeshl.ini ; sudo chmod o+w /ipxe/win10pe/winpeshl.ini
sudo cat <<EOF > /ipxe/win10pe/winpeshl.ini && sudo chmod o-w /ipxe/win10pe/winpeshl.ini
[LaunchApps]
"install.bat"
EOF
sudo touch /ipxe/win10pe/install.bat ; sudo chmod o+w /ipxe/win10pe/install.bat
sudo cat <<EOF > /ipxe/win10pe/install.bat && sudo chmod o-w /ipxe/win10pe/install.bat
::@echo off
wpeinit
ping 10.1.1.99 -n 10 2>nul
net use \\\10.1.1.99
net use \\\10.1.1.99\ipxe
net use \\\10.1.1.99\ipxe\win10
net use U: \\\10.1.1.99\ipxe\win10
U:\setup.exe
pause
EOF
sudo wget -r -np -nH -c ftp://10.16.1.229/iso/win10 -P /ipxe/ && sudo chmod +x /ipxe/iso/win10/setup.exe
sudo mv /ipxe/iso/win10/ /ipxe/win10 ; sudo chmod 755 -R /ipxe/win10##### Setup DHCP #####
sudo rsync --ignore-existing --progress /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.bak && sudo chmod o+w /etc/dhcp/dhcpd.conf
sudo cat <<EOF > /etc/dhcp/dhcpd.conf && sudo chmod o-w /etc/dhcp/dhcpd.conf
#option domain-name "***.***";
default-lease-time 3600;
max-lease-time 7200;
option client-architecture code 93 = unsigned integer 16;
subnet 10.1.1.0 netmask 255.255.255.0 {
range 10.1.1.101 10.1.1.199;
option routers 10.1.1.99;
option broadcast-address 10.1.1.255;
option domain-name-servers 10.1.1.99;
authoritative;
next-server 10.1.1.99;
if exists user-class and option user-class = "iPXE" {
filename "http://10.1.1.99/menu/boot.ipxe";
} elsif option client-architecture = 00:07 or option client-architecture = 00:09 {
filename "ipxe.efi";
} elsif option client-architecture = 00:00 {
filename "undionly.kpxe";
}
}
EOF
sudo rsync --ignore-existing --progress /etc/default/isc-dhcp-server /etc/default/isc-dhcp-server.bak && sudo chmod o+w /etc/default/isc-dhcp-server
INTERFACE=$(ip add | grep 1500 | grep codel | cut -d" " -f2 | cut -d":" -f1 |tail -n 1)
sudo cat <<EOF > /etc/default/isc-dhcp-server && sudo chmod o-w /etc/default/isc-dhcp-server
INTERFACESv4="$INTERFACE"
INTERFACESv6=""
EOF
sudo systemctl restart isc-dhcp-server.service
echo "iPXE setup accomplished"
