# Site Customization The PXE server in this repo was built for the GE Aerospace West Jefferson site. To stand it up at another site, several values need to change. This document lists every site-specific value, where it lives today, and the recommended forward state. ## Status The repo has not yet been parameterized. As of 2026-04-14 the site-specific values below are hardcoded in multiple files. The `config/` directory at the repo root is a placeholder for the future state where one YAML file drives substitution at build time. Until that exists, customizing for a new site means editing the source files directly. If you are bringing up the first non-WJ site, expect to do this manually and contribute a `config/sites/.yaml` template back to the repo. ## Values to change ### Network | Value | Default | Where it lives | |-------------------|----------------------|--------------------------------------------------------------------------------| | PXE server IP | 10.9.100.1 | `playbook/pxe_server_setup.yml` (dnsmasq config, iPXE script, samba conf, webapp env), `playbook/startnet.cmd` (mount paths), `boot-tools/blancco/grub-blancco.cfg` (TFTP/HTTP URLs) | | PXE subnet | 10.9.100.0/24 | Same as above, plus `playbook/pxe_server_setup.yml` (UFW rules) | | DHCP range | 10.9.100.10-100 | `playbook/pxe_server_setup.yml` (dnsmasq config) | | Hostname | pxeserver | `autoinstall/user-data` (identity.hostname) | ### Identity and credentials | Value | Default | Where it lives | |-----------------------------|---------------------------------------|---------------------------------------------------------| | Linux user | pxe / pxe | `autoinstall/user-data` (identity.username, password hash) | | Samba upload user | pxe-upload / pxe | `playbook/pxe_server_setup.yml` (Samba user creation) | | Samba blancco user | blancco / blancco | `playbook/pxe_server_setup.yml` | | Sudo password | pxe | autoinstall password hash; also referenced in scripts that ssh + sudo | ### WiFi and BMC (Blancco licensing) The Blancco custom `config.img` carries WiFi credentials and BMC cloud credentials in plaintext. These are GE-Aerospace specific. | Value | Default | Where it lives | |---------------|----------------------|-------------------------------------------------------------------------| | WiFi SSID | INTERNETACCESS | `boot-tools/blancco/config.img` (inside the cpio archive: preferences.xml) | | WiFi password | Acc3ssGr@nted22 | Same | | BMC endpoint | classic.eu-west-1.blancco.cloud:443 | Same; encrypted credentials inside config.img | To rebuild `config.img` for a different site, see BLANCCO.md ("Rebuilding config.img"). ### Image types The repo defines seven image types (see `playbook/pxe_server_setup.yml`, `image_types`). Most sites likely only need a subset. The current set: - gea-standard - gea-engineer - gea-shopfloor - ge-standard - ge-engineer - ge-shopfloor-lockdown - ge-shopfloor-mce Trim or extend this list and the matching `shopfloor_types` filter as needed. ### PC types (shopfloor sub-types) `playbook/shopfloor-setup/` contains per-PC-type install logic. The current types reflect WJ shopfloor needs: - CMM (PC-DMIS) - WaxAndTrace - Keyence - Genspect - Display (Lobby and Dashboard variants) - Standard (Timeclock and Machine variants) - Lab A site without CMMs can drop the CMM type and its installers entirely. ### GCCH bulk-enrollment PPKGs PPKG filenames are baked into `playbook/startnet.cmd` and `startnet-template.cmd`. They are tied to the GE Aerospace tenant. Other sites/tenants will have their own PPKGs with different filenames. | PPKG enrollment menu choice | Default filename | |-----------------------------|---------------------------------------------------------------| | 1 NoOffice | GCCH_Prod_SFLD_NoOffice_US_Exp_20260430_v4.10.ppkg | | 2 StdOffice x86 | GCCH_Prod_SFLD_StdOffice-x86_US_Exp_20260430_v4.10.ppkg | | 3 StdOffice x64 | GCCH_Prod_SFLD_StdOffice-x64_US_Exp_20260430_v4.10.ppkg | | 4 ProPlusOffice x86 | GCCH_Prod_SFLD_ProPlusOffice-x86_US_Exp_20260430_v4.10.ppkg | | 5 ProPlusOffice x64 | GCCH_Prod_SFLD_ProPlusOffice-x64_US_Exp_20260430_v4.10.ppkg | When you bump PPKG versions, update the filenames in startnet.cmd, drop the new PPKGs in `enrollment/` on the workstation, and rebuild the USB. ### Site-specific shopfloor config `playbook/shopfloor-setup/site-config.json` has site-specific values like default machine number ranges, share paths for software, and more. Inspect that file for site name strings, share UNC paths, and machine number ranges. ### Branding The Flask webapp uses GE Aerospace branding: - Logo: `webapp/static/ge-aerospace-logo.svg` - Favicon: `webapp/static/favicon.ico` - Page titles and templates reference "GE Aerospace" in `webapp/templates/*.html` - iPXE menu title: "GE Aerospace PXE Boot Menu" in `playbook/pxe_server_setup.yml` ### Drivers (Dell) Driver content is hardware-specific, not strictly site-specific, but the set of driver families to bundle changes by what hardware the site deploys: - `Dell_11/Pro` and `Dell_11/ProMax`: Dell Pro Micro PCs (most common shopfloor) - `Dell_11/Optiplex`: traditional desktops - `Dell_11/Precision`: workstations - `Dell_11/Latitude`: laptops (large, often excluded if site has none) The `scripts/download-drivers.py` and `scripts/Download-Drivers.ps1` scripts populate `drivers-staging/` from upstream sources. Edit these to target the relevant hardware lists. ### BIOS update manifest `playbook/shopfloor-setup/BIOS/models.txt` maps Dell model strings to the BIOS .exe to flash. Update this whenever new hardware arrives or Dell publishes a new firmware release for a model already in the fleet. ### Intune DSC categories The post-enrollment Intune DSC delivery (per `intune-dsc.md` memory) pulls per-category YAML from Azure Blob: - main - cmm - displaypcs - waxtrace Different sites/tenants will need their own categories and their own Azure Blob storage account. ### Image-upload paths on Windows `scripts/Upload-Image.ps1` defaults to: - `\\10.9.100.1\image-upload` as the destination - `C:\ProgramData\GEAerospace\MediaCreator\Cache\` as the source Update both for a different site. ## Recommended forward state A site config file should drive substitution at build time. Proposed schema: ```yaml # config/sites/.yaml site: name: westjeff pxe_server_ip: 10.9.100.1 pxe_subnet: 10.9.100.0/24 dhcp_range_start: 10.9.100.10 dhcp_range_end: 10.9.100.100 hostname: pxeserver credentials: pxe_user: pxe pxe_password: pxe pxe_upload_password: pxe blancco_password: blancco blancco: wifi_ssid: INTERNETACCESS wifi_password: Acc3ssGr@nted22 bmc_endpoint: classic.eu-west-1.blancco.cloud:443 ppkg_versions: current: v4.10 expiry: 20260430 intune_dsc_categories: [main, cmm, displaypcs, waxtrace] image_types: [gea-standard, gea-engineer, gea-shopfloor] shopfloor_types: [gea-shopfloor] ``` `scripts/build-usb.sh` and the playbook would consume this and substitute into the templated config files. Implementing this is a separate piece of work; until then, edit source files directly. ## Secrets handling Some values above are sensitive (WiFi passwords, BMC credentials, Samba passwords). Today these sit in plain text in the repo. For a multi-site deployment, treat them as per-site secrets: - Keep `config/sites/.secrets.yaml` out of git (gitignore). - Distribute via secure channel (1Password, Vault, etc.) when standing up a new site. - The `eMxInfo.txt` precedent (see `feedback_emxinfo_secret.md`) is a good template: never commit, document where the canonical copy lives.