Not needed since iPXE chains to grubx64.efi for Blancco boot.
Simplifies DHCP config and avoids interfering with other UEFI clients.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add /user:pxe-upload pxe credentials to all net use commands (share requires auth)
- Replace timeout with ping delays (timeout.exe not available in WinPE)
- Restore size: largest disk match in autoinstall (root cause was BIOS RST mode)
- Simplify autoinstall late-commands structure
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Autoinstall user-data now disables cloud-init in multiple stages
(late-commands + runcmd + systemd masks) to prevent post-install
hangs. Also disables networkd-wait-online for air-gapped networks.
build-usb.sh switched from in-place ISO patching to full extract
and rebuild with xorriso mkisofs for reliable UEFI boot.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- build-usb.sh now patches the ISO's grub.cfg with xorriso to add
'autoinstall' kernel param (skips confirmation prompt) and reduces
GRUB timeout from 30s to 5s
- Disable and remove cloud-init on the installed system to prevent
boot delays on air-gapped network
- Fix ISO size calculation to use patched ISO for CIDATA partition offset
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds interactive-sections: [] to avoid the "Continue with autoinstall?" prompt,
and disables cloud-init on the installed system to prevent boot delays.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Webapp now creates Deploy/Control/Media.tag after every image import.
Cron updated to create (not just touch) Media.tag for any image
directory that has Deploy/Control/.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
startnet.cmd now polls for PESetup.exe completion and reboots with a
15-second countdown. Build scripts (USB + Proxmox) auto-download pip
wheels if the pip-wheels/ directory is missing. Added mok-keys/ to
gitignore.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
PESetup.exe checks Media.tag last modified date and rejects it after
30 days. Cron job touches all Media.tag files daily at midnight.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add startnet.cmd: FlatSetupLoader.exe + Boot.tag/Media.tag eliminates
physical USB requirement for WinPE PXE deployment
- Add Upload-Image.ps1: PowerShell script to robocopy MCL cached images
to PXE server via SMB (Deploy, Tools, Sources)
- Add gea-shopfloor-mce image type across playbook, webapp, startnet
- Change webapp import to move (not copy) for upload sources to save disk
- Add Samba symlink following config for shared image directories
- Add Media.tag creation task in playbook for drive detection
- Update prepare-boot-tools.sh with Blancco config/initramfs patching
- Add grub-efi-amd64-bin to download-packages.sh
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Playbook: detect interface already configured with 10.9.100.1 before
falling back to non-default-gateway heuristic (fixes dnsmasq binding
to wrong NIC when multiple interfaces exist)
- test-vm.sh: auto-attach br-pxe bridge NIC if available on host
- Webapp: add network upload import via SMB share with shared driver
deduplication and symlinks
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Move Flask to localhost:9010, Apache serves port 9009 with static file
handling and reverse proxy to fix intermittent asset loading on remote clients
- Add "PXE Manager" branding beneath logo in sidebar
- Increase code editor size (startnet.cmd and unattend XML) to 70vh
- Add test-lab.sh for full lab VM testing
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add build-proxmox-iso.sh: remaster Ubuntu ISO with autoinstall config,
offline packages, playbook, webapp, and boot files for zero-touch
Proxmox VM deployment
- Add boot-files/ directory for WinPE boot files (wimboot, boot.wim,
BCD, ipxe.efi, etc.) sourced from WestJeff playbook
- Update build-usb.sh and test-vm.sh to bundle boot-files automatically
- Add usb_root variable to playbook, fix all file copy paths to use it
- Unify Apache VirtualHost config (merge default site + webapp proxy)
- Add CSRF token protection to all webapp POST forms and API endpoints
- Update README with Proxmox deployment instructions
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix pip/distutils incompatibility: install Python wheels directly via
zipfile extraction instead of broken pip3 from Ubuntu 22.04 .debs
(pip3 crashes on Python 3.12 with ModuleNotFoundError: distutils)
- Fix UFW port types: quote loop items so string comparison works
correctly, giving ports 67/69 UDP rules instead of TCP
- Fix autoinstall crash: set refresh-installer to no (can't reach
internet on air-gapped network, was crashing subiquity)
- Remove python3-pip and python3-venv from download-packages.sh
(no longer needed with direct wheel extraction)
- Add ignore_errors to WinPE/iPXE copy tasks (files only present
on real USB media, not test VM)
- Use system python3 instead of venv for webapp service
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add comprehensive README.md with full project documentation
- Update SETUP.md to reflect current state (7 image types, webapp, boot tools, Samba shares)
- Enable SSH in autoinstall user-data for remote access
- Fix ansible_default_ipv4.interface error when no default gateway exists
- Fix Windows CRLF line endings on all shell scripts and YAML files
- Fix test-vm.sh: use --install kernel extraction instead of --location, don't delete source ISO on --destroy
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Webapp now listens on port 9009 (UFW rule added)
- Apache reverse proxy updated to proxy to 9009
- test-vm.sh creates a KVM test environment with:
- CIDATA ISO built from project files
- Isolated libvirt network (10.9.100.0/24)
- Ubuntu 24.04 VM with autoinstall
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
After extracting Blancco from ISO, automatically patches preferences.xml
to save erasure reports to \\10.9.100.1\blancco-reports via SMB.
Sets auto_backup=true so reports save without user intervention.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Samba share at \\server\blancco-reports for automatic report collection
- Webapp reports page with list, download, and delete
- Compliance warning on delete confirmation
- Sidebar link under Tools section
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Added wimtools to offline packages and playbook verification
- Webapp startnet.cmd editor: extract, view, edit, save back to boot.wim
- Uses wimextract/wimupdate for in-place WIM modification
- Dark-themed code editor with tab support and common command reference
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- iPXE boot menu with WinPE, Clonezilla, Blancco Drive Eraser, Memtest86+
- prepare-boot-tools.sh to download/extract boot tool binaries
- Clonezilla backup management in webapp (upload, download, delete)
- Clonezilla Samba share for network backup/restore
- GE Aerospace logo and favicon in webapp
- Updated playbook with boot tool directories and webapp env vars
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Changed from Deploy/Control/unattend.xml to Deploy/FlatUnattendW10.xml
to match the real GE Aerospace image layout.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- webapp/: Flask web management app with:
- Dashboard showing image types and service status
- USB import page for WinPE deployment content
- Unattend.xml visual editor (driver paths, specialize commands,
OOBE settings, first logon commands, raw XML view)
- API endpoints for services and image management
- SETUP.md: Complete setup documentation for streamlined process
- build-usb.sh: Now copies webapp and optional WinPE images to USB
- playbook: Added webapp deployment (systemd service, Apache reverse
proxy), offline package verification, WinPE auto-import from USB
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Reorganized from OneDrive export into a clean project structure:
- autoinstall/: cloud-init user-data and meta-data for Ubuntu 24.04 autoinstall
- playbook/: Ansible playbook for PXE server config (dnsmasq, Apache, Samba, iPXE)
- unattend/: Windows unattend.xml sample for image deployment
- build-usb.sh: builds a bootable USB with Ubuntu installer + CIDATA partition
- download-packages.sh: downloads all offline .deb dependencies via Docker
Key improvements over original:
- Fully air-gapped: all packages bundled offline, no WiFi needed
- Hardware-agnostic network config (wildcard NIC matching)
- Removed plaintext WiFi credentials
- Single USB build process (was 15+ manual steps)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
