Refactor of live_exam_os for ubuntu

live_exam_os/.env.example

+# Location of generated files
+export SQUASHFS="/tmp/squashfs"
+export ROOTFS_DIR="/tmp/rootfs"
+export ISO_DIR="/tmp/iso"
+export BOOT_FOLDER="$ISO_DIR/boot"
+export LUKS_IMG="squash.rootfs.luks"
+
+# Nexus build configuration
+export SERVER="127.0.0.1:1077"
+export CERT="ca-cert.pem"
+export EXAM_USER="user"
+export EXAM_PWD="password"
+
+# Build parameters
+export LUKS_PASSPHRASE="passphrase"
+export ADDITIONAL_KEYS="keys keyss"
+export VERBOSE=false
+#export PXE_URL="127.0.0.1:8000"
+export OUTPUT="build"
+export CACHE_FS="cache"

live_exam_os/.gitignore

-output/
 *.iso
+.env
+cache/
+config/02-customisation/etc/NetworkManager/system-connections/wifi.nmconnection

live_exam_os/Dockerfile

-#ARG ALPINE_VERSION
-
 ARG DEBIAN_FRONTEND=noninteractive
-#FROM alpine:${ALPINE_VERSION}
 FROM ubuntu:22.04
 
-#RUN apk add mtools xorriso squashfs-tools cryptsetup e2fsprogs limine-x86_64 limine-cd
-
-
+ENV archive=go1.22.6.linux-amd64.tar.gz
+ENV PATH=$PATH:/usr/local/go/bin
 
-RUN apt-get update && apt-get install -y gcc pkg-config git wget make ca-certificates libglfw3-dev libxcursor-dev libxinerama-dev libxi-dev libxxf86vm-dev upx-ucl
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y gcc pkg-config git wget make ca-certificates libglfw3-dev libxcursor-dev libxinerama-dev libxi-dev libxxf86vm-dev upx-ucl curl cryptsetup squashfs-tools fakechroot debootstrap xorriso
 
-RUN DEBIAN_FRONTEND=noninteractive apt install -y cryptsetup squashfs-tools
-RUN apt install -y debootstrap schroot
+RUN git clone https://github.com/limine-bootloader/limine.git --branch=v8.x-binary --depth=1 /opt/limine && \
+    cd /opt/limine && \
+    make && \
+    cp /opt/limine/limine /bin/
 
-RUN git clone https://github.com/limine-bootloader/limine.git --branch=v8.x-binary --depth=1 /opt/limine
+RUN wget https://go.dev/dl/$archive && tar -C /usr/local -xzf $archive
 
-# Install go 1.22 from the official GO site
-ENV archive=go1.22.6.linux-amd64.tar.gz
-ENV PATH=$PATH:/usr/local/go/bin
+WORKDIR /nexus
 
-RUN wget https://go.dev/dl/$archive
-RUN tar -C /usr/local -xzf $archive
+RUN mkdir src
+COPY src src
+COPY Makefile .
+COPY ca-cert.pem .
 
-RUN apt install -y xorriso
+RUN make build_nexus-exam SERVER="127.0.0.1:1077" CERT="ca-cert.pem" EXAM_USER="user" EXAM_PWD="pwd"

live_exam_os/Makefile

-image_name := builder_alpine_iso
-alpine_version := "3.20.3"
-iso_file := image.iso
-output := output
-squashfs_file := ${output}/squash.rootfs
-root_fs := ${output}/rootfs
-initrd_fs := ${output}/initrd
-iso_path := ${output}/iso
-server_ip := "127.0.0.1"
-server_port := "1077"
-cert := "ca-cert.pem"
-exam_user := "user"
-exam_pwd := "password"
+image_name := builder_nexus_iso
 
-all: build
+all: build 
 
-build: build_container clean
-	sudo docker run -it --rm -v $(PWD)/..:/data --workdir /data/live_exam_os --privileged -e SQUASHFS=${squashfs_file} -e ROOTFS_DIR=${root_fs} -e INITRD_DIR=${initrd_fs} -e ISO_DIR=${iso_path} -e SERVER="${server_ip}:${server_port}" -e CERT=${cert} -e EXAM_USER=${exam_user} -e EXAM_PWD=${exam_pwd} ${image_name} ./build.sh ${iso_file} "123" --alpine-version ${alpine_version} --user-password "0"
-	sudo chown ${USER}:${USER} ${iso_file}
+run:
+	sudo docker run -it --rm -v $(PWD)/..:/data --workdir /data/live_exam_os --privileged ${image_name} ./build.sh $(PARAM)
 
-no_luks: build_container clean
-	sudo docker run -it --rm -v $(PWD)/..:/data --workdir /data/live_exam_os --privileged -e SQUASHFS=${squashfs_file} -e ROOTFS_DIR=${root_fs} -e INITRD_DIR=${initrd_fs} -e ISO_DIR=${iso_path} -e SERVER="${server_ip}:${server_port}" -e CERT=${cert} -e EXAM_USER=${exam_user} -e EXAM_PWD=${exam_pwd} ${image_name} ./build.sh ${iso_file} '' --no-luks --alpine-version ${alpine_version} --user-password "0"
-	sudo chown ${USER}:${USER} ${iso_file}
-
-build_container:
-	sudo docker build -t ${image_name} --build-arg ALPINE_VERSION=${alpine_version} . 
-
-clean:
-	sudo rm -rf ${iso_file} ${output}
-
-uefi:
-	qemu-system-x86_64 -bios /usr/share/OVMF/x64/OVMF.fd -drive file=${iso_file},format=raw -boot d -m 16G -smp 4 -netdev user,id=n1 -device virtio-net-pci,netdev=n1
+build:
+	cd .. && sudo docker build -t ${image_name} -f live_exam_os/Dockerfile .
 
 bios:
-	qemu-system-x86_64 -drive file=${iso_file},format=raw -boot d -m 4G -smp 4
+	qemu-system-x86_64 -drive file=$(ISO),format=raw -boot d -m 4G -smp 4
 
 bios_cd:
-	qemu-system-x86_64 -drive file=${iso_file},media=cdrom,if=ide,readonly=on -boot d -m 4G -smp 4
+	qemu-system-x86_64 -drive file=$(ISO),media=cdrom,if=ide,readonly=on -boot d -m 4G -smp 4
+
+uefi:
+	qemu-system-x86_64 -bios /usr/share/OVMF/x64/OVMF.fd -drive file=$(ISO),format=raw -boot d -m 16G -smp 4 -netdev user,id=n1 -device virtio-net-pci,netdev=n1 -serial mon:stdio
 
-uefiserie:
-	qemu-system-x86_64 -bios /usr/share/OVMF/x64/OVMF.fd -drive file=${iso_file},format=raw -boot d -m 16G -smp 4 -netdev user,id=n1 -device virtio-net-pci,netdev=n1 -serial mon:stdio
+.PHONY: build

live_exam_os/README.md

-# live_exam_os
+# Live Exam OS Builder
 
-This project aims to create a minimal live operating system in the form of an ISO image, specifically designed for use on any computer. The generated ISO boots directly into a lightweight XFCE desktop environment and automatically launches the nexus-client. The focus is on simplicity, speed and portability.
+This project provides a set of tools and scripts to build a customized ISO image for live examination environments. It supports features such as PXE booting, LUKS encryption, and user environment setup.
 
-The ISO is based on Alpine Linux, known for its small footprint and security. LUKS encryption to secure the filesystem is enabled by default and can be disabled.
+---
 
-## Features
+## Usage
 
- - Minimal ISO: Starts with a lightweight Alpine Linux base.
- - Encryption: Utilizes LUKS encryption for securing the filesystem (optional).
- - Desktop Environment: Configured for autologin with a minimal desktop environment.
- - Nexus Client: Auto-launches the nexus-client at startup.
- - Customizable: Flexible options for user credentials, Alpine version, and additional files.
+To use the script, run it with the following command:
 
-## Prerequisites
-
- - Docker: Used to containerize the build process.
- - QEMU: Optional, for testing the generated ISO.
-
-## Environment Setup
-
-The build.sh script use several environment variables for flexibility:
+```bash
+./build.sh [options]
+```
 
-| Variable	| Description	|Example|
-|-|-|-|
-| SQUASHFS	| Path to SquashFS file	| out/squash.rootfs |
-| ROOTFS_DIR |	Temporary root filesystem directory |	out/rootfs |
-| INITRD_DIR |	Temporary initrd directory	| out/initrd |
-| ISO_DIR|	Temporary ISO directory	| out/iso |
-| SERVER |	Server details | 127.0.0.1:1077 |
-| CERT|	Path to Certificate file	|ca-cert.pem |
-| EXAM_USER|	Default user for exam client|	user |
-| EXAM_PWD|	Default password for exam client |	password |
+### Requirements
 
-## build.sh Script
+The `build.sh` script should be executed on a Ubuntu/Debian environment with the following tools installed:
+- `debootstrap`
+- Other necessary dependencies for building ISO images.
 
-The script build.sh generates the live ISO with various options for customization.
+For simpler deployment on any environment that supports Docker, we provide a `Dockerfile` and `Makefile`. These tools allow you to build and run the project without worrying about host system dependencies.
 
-### Syntax
+### Options
 
-./build.sh iso_output_path luks_passphrase [options]
+| Option                | Description |
+|-----------------------|-------------|
+| `-v, --verbose`      | Enable verbose mode for detailed output. |
+| `--env`              | Specify the path to an environment file with the required parameters. |
+| `--output`           | Define the output folder (default: `.`). |
+| `--luks-passphrase`  | Enable LUKS encryption with a passphrase. |
+| `--luks-keys`        | Provide a list of additional keys for LUKS encryption. |
+| `--pxe`              | Set the URL of the PXE and generate an initramfs, kernel, and SquashFS for PXE use. |
+| `--cache`            | Specify the path to a folder containing a pre-downloaded clean filesystem. |
 
-### Required Arguments
+### Environment Setup Parameters
 
- - iso_output_path: Path to save the generated ISO image (e.g., out/iso/alpine.iso).
- - luks_passphrase: Passphrase for LUKS encryption. Leave blank when using --no-luks.
+| Parameter      | Description |
+|----------------|-------------|
+| `SQUASHFS`     | Path to the SquashFS file (e.g., `out/squash.rootfs`). |
+| `ROOTFS_DIR`   | Path to the temporary filesystem directory (e.g., `out/rootfs`). |
+| `ISO_DIR`      | Path to the temporary ISO directory (e.g., `out/iso`). |
+| `SERVER`       | IP address of the Nexus server (e.g., `127.0.0.1:1077`). |
+| `CERT`         | Path to the certificate file (e.g., `ca-cert.pem`). |
+| `EXAM_USER`    | Default username for the exam client (e.g., `user`). |
+| `EXAM_PWD`     | Default password for the exam client (e.g., `password`). |
 
-### Options
+---
 
- - --no-luks: Disable LUKS encryption (makes luks_passphrase optional).
- - --alpine-version: Specify Alpine Linux version (default: 3.20.3).
- - --root-enabled: Enable root access (default: disabled).
- - --root-password: Set the root password (ignored if root is disabled).
- - --user-password: Set the default user password.
+## Example Usage
 
-### Example Usage
-
-#### With Encryption:
+Here are some examples of how to use the script:
 
+### Example 1
+Build an ISO image with LUKS encryption:
 ```bash
-./build.sh out/iso/alpine.iso 'my_luks_pass' --alpine-version 3.16 --root-enabled yes --root-password 'rootpass' --user-password 'userpass'
+./build.sh --env .env
 ```
 
-#### Without Encryption:
+### Example 2
+Build an ISO image without LUKS encryption:
 ```bash
-./build.sh out/iso/alpine.iso '' --no-luks --alpine-version 3.18
+./build.sh --output build --luks-passphrase 'my_luks_pass' --cache cache --pxe
 ```
 
+---
 
-## Usage Instructions
-### Build the ISO
+## Makefile Targets
 
-The core ISO creation is handled by the script build.sh. For development, a Makefile is included to set up the environment and execute the script inside a Docker container.
+The Makefile includes targets to facilitate the building, running, and testing processes.
 
-#### Buld the ISO with encryption
-Builds an encrypted ISO using LUKS with a default password of "123".
-```
-make build
-```
+### Available Targets
 
-#### Build the ISO without encryption
-```
-make no_luks
-```
+| Target    | Description |
+|-----------|-------------|
+| `build`   | Build the Docker image for the project. |
+| `run`     | Run the Docker container to execute the build script. |
+| `bios`    | Run the ISO in QEMU using BIOS mode. |
+| `bios_cd` | Run the ISO in QEMU using BIOS mode with a CD-ROM interface. |
+| `uefi`    | Run the ISO in QEMU using UEFI mode with network and serial options. |
 
-### Testing the ISO
+### Running Makefile Targets
 
-After building the ISO, you can test it using QEMU:
+1. **Build the Docker Image**:
+   ```bash
+   make build
+   ```
 
-#### UEFI Environment:
-```
-make uefi
-```
+2. **Run the Build Script**:
+   ```bash
+   make run PARAM="--env .env"
+   ```
 
-#### BIOS Environment:
-```
-make bios
-```
+3. **Test the ISO in QEMU**:
+   - BIOS mode:
+     ```bash
+     make bios ISO=image.iso
+     ```
+   - BIOS with CD-ROM:
+     ```bash
+     make bios_cd ISO=image.iso
+     ```
+   - UEFI mode:
+     ```bash
+     make uefi ISO=image.iso
+     ```
 
-#### BIOS as CD-ROM:
-```
-make bios_cd
-```
+---
+
+## Project Components
+
+### Scripts
+- **build.sh**: Main script to build the ISO image and configure the environment.
+
+### Docker
+- **Dockerfile**: Defines the Docker image used to build the live examination environment.
+- **Makefile**: Simplifies the process of building and running the project in a Docker container.
+
+### Configuration Files
+- **Environment file**: Provides parameters and paths required by the build script.
+
+---
+
+## Notes
+
+- Ensure that all required dependencies are installed before running the script or Makefile.
+- For UEFI testing, verify that the `OVMF` firmware is installed on your system (e.g., `/usr/share/OVMF/x64/OVMF.fd`).

live_exam_os/build.sh

-#!/bin/sh
+#!/bin/bash
 
-ALPINE_VERSION="3.20.3"
-ROOT_ENABLED="no"
-LUKS_ENABLED="yes"
-ROOT_PASSWORD=""
-USER_PASSWORD=""
-LUKS_IMG="squash.rootfs.luks"
-BOOT_FOLDER="$ISO_DIR/boot"
+. tools/functions.sh
+
+# Default variables
+export SQUASHFS="/tmp/squashfs"
+export ROOTFS_DIR="/tmp/rootfs"
+export ISO_DIR="/tmp/iso"
+export BOOT_FOLDER="$ISO_DIR/boot"
+export LUKS_IMG="squash.rootfs.luks"
+export VERBOSE=false
+export OUTPUT="."
+export ISO_NAME="nexus.iso"
 
 helper() {
-  echo "USAGE: $(basename "$0") iso_output_path luks_passphrase [options]"
-  echo
-  echo "Required arguments:"
-  echo "  iso_output_path       Path where the generated ISO image will be saved (e.g., out/iso/alpine.iso)"
-  echo "  luks_passphrase       LUKS encryption passphrase for securing the filesystem"
+  echo "USAGE: $(basename "$0") [options]"
   echo
   echo "Options:"
-  echo "  --no-luks             Disable LUKS encryption (makes luks_passphrase optional)"
-  echo "  --alpine-version      Specify the Alpine Linux version to use (default: 3.20.3)"
-  echo "  --root-enabled        Enable root access (default: disabled)"
-  echo "  --root-password       Set the root password (ignored if root is disabled)"
-  echo "  --user-password       Set the default user password"
+  echo "  -v, --verbose         Set verbose mode"
+  echo "  --env                 Path to an env file with all described parameters"
+  echo "  --output              Set the output folder (default: .)"
+  echo "  --luks-passphrase     Enable LUKS encryption with passphrase"
+  echo "  --luks-keys           List of additional keys"
+  echo "  --pxe                 Set the url of the pxe and generate an initramfs, kernel and squashfs for pxe use"
+  echo "  --cache               Path to a folder with a clean fs already downloaded"
   echo
   echo "Environment Setup Parameters:"
   echo "  SQUASHFS              Path to the SquashFS file (e.g., out/squash.rootfs)"
   echo "  ROOTFS_DIR            Path to the temporary filesystem directory (e.g., out/rootfs)"
-  echo "  INITRD_DIR            Temporary directory for initrd (e.g., out/initrd)"
   echo "  ISO_DIR               Path to the temporary ISO directory (e.g., out/iso)"
   echo "  SERVER                IP of the nexus server (e.g., 127.0.0.1:1077)"
   echo "  CERT 	                Path to the Certificate file 	(e.g., ca-cert.pem)"
@@ -33,88 +34,62 @@ helper() {
   echo "  EXAM_PWD              Default password for exam client 	(e.g., password)"
   echo
   echo "Example Usage:"
-  echo "  $(basename "$0") out/iso/alpine.iso 'my_luks_pass' --alpine-version 3.16 --root-enabled yes --root-password 'rootpass' --user-password 'userpass'"
-  echo "  $(basename "$0") out/iso/alpine.iso '' --no-luks --alpine-version 3.18"
+  echo "  $(basename "$0") --env .env"
+  echo "  $(basename "$0") --luks-passphrase mypassphrase --cache cache -v"
   exit 1
 }
 
-check_container_and_alpine_version() {
-  if [ ! -f "/.dockerenv" ] && [ ! -f "/run/.containerenv" ]; then
-    echo "Error: This script should be run inside a container environment on Alpine Linux version $ALPINE_VERSION."
-    helper
-  fi
-
-  if [ -f "/etc/os-release" ]; then
-    . /etc/os-release
-    if [ "$ID" != "alpine" ] || [ "$VERSION_ID" != "$ALPINE_VERSION" ]; then
-      echo "Error: This script should be run inside a container environment on Alpine Linux version $ALPINE_VERSION."
-      echo "Actual version: $VERSION_ID"
-      helper
-    fi
-  else
-    echo "Error: This script should be run inside a container environment on Alpine Linux version $ALPINE_VERSION."
-    helper
-  fi
-}
-
-check_environment_var() {
-  if [ -z $SQUASHFS ] || [ -z $ROOTFS_DIR ] || [ -z $INITRD_DIR ] || [ -z $ISO_DIR ]; then
-    echo "Error: Environment variables aren't set"
-    helper
-  fi
-}
-
-run() {
-  chroot "$ROOTFS_DIR" $@
-}
-
-if [ "$#" -lt 2 ]; then
-  helper
-fi
-
-ISO_OUTPUT_PATH="$1"
-LUKS_PASSPHRASE="$2"
-shift 2
-
 while [ "$#" -gt 0 ]; do
   case "$1" in
-    --no-luks)
-      LUKS_ENABLED="no"
-      shift
+    --env)
+      source $2 > /dev/null
+      shift 2
       ;;
-    --alpine-version)
+    --ouput)
       if [ -n "$2" ]; then
-        ALPINE_VERSION="$2"
+        export OUTPUT="$2"
         shift 2
       else
-        echo "Error: --alpine-version requires an argument" >&2
+        echo "Error: --output requires an argument" >&2
         helper
       fi
       ;;
-    --root-enabled)
-      if [ "$2" = "yes" ] || [ "$2" = "no" ]; then
-        ROOT_ENABLED="$2"
+    --luks-passphrase)
+      LUKS_PASSPHRASE="$2"
+      shit 2
+      ;;
+    --luks-keys)
+      if [ -n "$2" ]; then
+        ADDITIONAL_KEYS="$2"
         shift 2
       else
-        echo "Error: --root-enabled must be 'yes' or 'no'" >&2
+        echo "Error: --luks-keys requires an argument" >&2
         helper
       fi
       ;;
-    --root-password)
+    --pxe)
       if [ -n "$2" ]; then
-        ROOT_PASSWORD="$2"
+        export PXE_URL="$2"
         shift 2
       else
-        echo "Error: --root-password requires an argument" >&2
+        echo "Error: --pxe requires an argument" >&2
         helper
       fi
       ;;
-    --user-password)
+    -v)
+      export VERBOSE=true
+      shift
+      ;;
+    --verbose)
+      export VERBOSE=true
+      shift
+      ;;
+    --cache)
       if [ -n "$2" ]; then
-        USER_PASSWORD="$2"
+        export CACHE_FS=$2
         shift 2
       else
-        echo "Error: --user-password requires an argument" >&2
+        echo "Error: --cache requires an argument" >&2
         helper
       fi
       ;;
@@ -125,149 +100,178 @@ while [ "$#" -gt 0 ]; do
   esac
 done
 
-if [ "$LUKS_ENABLED" = "yes" ] && [ -z "$LUKS_PASSPHRASE" ]; then
-  echo "Error: LUKS encryption is enabled, but no passphrase was provided." >&2
-  helper
-fi
-
-#check_container_and_alpine_version
 check_environment_var
 
-#echo "[Compiling nexus-exam...]"
-#cd ..
-#make build_nexus-exam
-#mkdir -p live_exam_os/$ROOTFS_DIR/usr/local/bin
-#cp build/nexus-exam live_exam_os/$ROOTFS_DIR/usr/local/bin/nexus-exam
-#make clean_client
-#cd -
-
-echo "[Create initramfs...]"
-rm -rf $INITRD_DIR
-mkdir -p "$INITRD_DIR"
-if [ "$LUKS_ENABLED" = "yes" ]; then
-    packages="busybox cryptsetup libblkid1 libuuid1 libdevmapper1.02.1 libcryptsetup12 \
-              libargon2-1 libjson-c5 libudev1 kmod zlib1g xz-utils zstd"
-else
-    packages="busybox libblkid1 libudev1 kmod zlib1g xz-utils zstd"
-fi
-
-chmod 777 $INITRD_DIR
-
-cd $INITRD_DIR
-for package in $packages; do
-    apt download "$package" --allow-unauthenticated 
-done
-
-for deb in *.deb; do
-  echo "$deb"
-    dpkg-deb -x "$deb" .
-    rm "$deb"
-done
-cd ../..
-
-
-#apk update
-#if [ $LUKS_ENABLED = "yes" ]; then
-#  cp config/01-initramfs/init $INITRD_DIR/init
-#  packages="busybox musl cryptsetup cryptsetup-libs popt libuuid libblkid 
-#            device-mapper-libs libcrypto3 argon2-libs json-c libeconf 
-#            udev kmod-libs zlib xz-libs zstd-libs"
-#else
-#  cp config/01-initramfs/init_no_luks $INITRD_DIR/init
-#  packages="busybox musl libblkid libeconf libcrypto3
-#            udev kmod-libs zlib xz-libs zstd-libs"
-#fi
-#chmod +x $INITRD_DIR/init
-#for package in $packages; do
-#  apk fetch -s "$package" > "$INITRD_DIR/$package.apk"
-#  tar -xzf "$INITRD_DIR/$package.apk" -C $INITRD_DIR
-#  rm "$INITRD_DIR/$package.apk"
-#done
 
 echo "[Create filesystem...]"
+rm -rf "$ROOTFS_DIR" "$OUTPUT"
 mkdir -p "$ROOTFS_DIR"
-#apk add --initdb --root "$ROOTFS_DIR"
-#cp /etc/apk/repositories "$ROOTFS_DIR/etc/apk/repositories"
 
-echo "[Installing packages...]"
-debootstrap --arch=amd64 focal $ROOTFS_DIR http://archive.ubuntu.com/ubuntu/
-chroot $ROOTFS_DIR /bin/bash -c "
-apt update &&
-DEBIAN_FRONTEND=noninteractive apt install -y \$(cat config/02-packages_install/packages)"
+if [ -z $CACHE_FS ]; then
+  echo "debootstrap --arch=amd64 noble $ROOTFS_DIR http://archive.ubuntu.com/ubuntu/"
+  debootstrap --arch=amd64 noble $ROOTFS_DIR http://archive.ubuntu.com/ubuntu/
+  mount -t proc /proc $ROOTFS_DIR/proc
+  mount --rbind /sys $ROOTFS_DIR/sys
+  mount --rbind /dev $ROOTFS_DIR/dev
+  mount --rbind /run $ROOTFS_DIR/run
+  mount -t tmpfs tmpfs $ROOTFS_DIR/tmp
+  
+  
+  echo "[Installing packages...]"
+  packages=$(tr '\n' ' ' < config/01-packages_install/packages)
+  echo "deb http://archive.ubuntu.com/ubuntu noble main universe" > $ROOTFS_DIR/etc/apt/sources.list
+  run_command_chroot apt update
+  check_exit_code $? "Error during apt update"
+  run_command_chroot apt install -y --no-install-recommends zstd initramfs-tools linux-image-generic linux-firmware casper cryptsetup-initramfs $packages
+  check_exit_code $? "Error during packages installation"
+else
+  if [ ! -d $CACHE_FS ]; then
+    mkdir $CACHE_FS
+    debootstrap --arch=amd64 noble $CACHE_FS http://archive.ubuntu.com/ubuntu/
+
+    mount -t proc /proc $CACHE_FS/proc
+    mount --rbind /sys $CACHE_FS/sys
+    mount --rbind /dev $CACHE_FS/dev
+    mount --rbind /run $CACHE_FS/run
+    mount -t tmpfs tmpfs $CACHE_FS/tmp
+    
+    
+    echo "[Installing packages...]"
+    packages=$(tr '\n' ' ' < config/01-packages_install/packages)
+    echo "deb http://archive.ubuntu.com/ubuntu noble main universe" > $CACHE_FS/etc/apt/sources.list
+    run_command chroot $CACHE_FS apt update
+    check_exit_code $? "Error during apt update"
+    run_command chroot $CACHE_FS apt install -y --no-install-recommends zstd initramfs-tools linux-image-generic linux-firmware casper cryptsetup-initramfs $packages
+    check_exit_code $? "Error during packages installation"
+
+    umount -l $CACHE_FS/proc
+    umount -l $CACHE_FS/sys
+    umount -l $CACHE_FS/dev
+    umount -l $CACHE_FS/run
+    umount -l $CACHE_FS/tmp
+  else
+    echo "Skip through cache"
+  fi
 
-echo "[Installing kernel...]"
-chroot $ROOTFS_DIR /bin/bash -c "
-apt update &&
-DEBIAN_FRONTEND=noninteractive apt install -y --no-install-recommends linux-image-generic"
-# &&
-#update-initramfs -c -k all"
+  cp -r $CACHE_FS/* $ROOTFS_DIR
 
-#apk update --root "$ROOTFS_DIR" --allow-untrusted
-#apk add --root "$ROOTFS_DIR" --allow-untrusted $(cat config/02-packages_install/packages) &>/dev/null
-mkdir -p $INITRD_DIR/lib
-cp -r $ROOTFS_DIR/lib/modules $INITRD_DIR/lib/
+  mount -t proc /proc $ROOTFS_DIR/proc
+  mount --rbind /sys $ROOTFS_DIR/sys
+  mount --rbind /dev $ROOTFS_DIR/dev
+  mount --rbind /run $ROOTFS_DIR/run
+  mount -t tmpfs tmpfs $ROOTFS_DIR/tmp
+fi
 
 echo "[Uploading configuration file...]"
-cd config/03-customisation
-cp -R --parents * ../../$ROOTFS_DIR
-cd ../..
+cp -rf config/02-customisation/* $ROOTFS_DIR
 
 echo "[Post-install...]"
-for script in config/04-post_install/*.sh; do
+for script in config/03-post_install/*.sh; do
   ./$script
 done
 
-echo "[Moving kernel from rootfs to iso/boot...]"
-mkdir -p $BOOT_FOLDER
-cp $ROOTFS_DIR/boot/vmlinuz-* $BOOT_FOLDER
+echo "[Moving kernel..]"
+cp $ROOTFS_DIR/boot/vmlinuz-* /tmp/vmlinuz
+cp $ROOTFS_DIR/boot/initrd.img /tmp/initrd
 rm -rf $ROOTFS_DIR/boot
 
-echo "[Create initrd...]"
-mkdir -p "$INITRD_DIR/usr/bin"
-chroot "$INITRD_DIR" /bin/busybox --install
-TMP_PWD=$(pwd)
-cd $INITRD_DIR
-find . | cpio -R root:root -H newc -o | gzip > $TMP_PWD/$BOOT_FOLDER/initrd
-cd $TMP_PWD
+echo "[Unmount subsystem...]"
+umount -l $ROOTFS_DIR/proc
+umount -l $ROOTFS_DIR/sys
+umount -l $ROOTFS_DIR/dev
+umount -l $ROOTFS_DIR/run
+umount -l $ROOTFS_DIR/tmp
 
 echo "[Create squash.rootfs..]"
-mksquashfs "$ROOTFS_DIR" "$SQUASHFS" &>/dev/null
+run_command mksquashfs "$ROOTFS_DIR" "$SQUASHFS"
+check_exit_code $? "Error during squashfs generation"
 
-if [ $LUKS_ENABLED = "yes" ]; then
+if [ ! -z $LUKS_PASSPHRASE ]; then
   echo "[Encrypt squash.rootfs..]"
   SQUASHFS_SIZE=$(stat -c %s "$SQUASHFS")
   LUKS_HEADER_SIZE=$((1024 * 1024 * 16)) # 16 MiB header LUKS2
   TOTAL_SIZE=$((SQUASHFS_SIZE + LUKS_HEADER_SIZE))
   SECTOR_SIZE=512
   TOTAL_SIZE=$(( (TOTAL_SIZE + SECTOR_SIZE - 1) / SECTOR_SIZE * SECTOR_SIZE ))
-  
-  fallocate -l $TOTAL_SIZE "$ISO_DIR/$LUKS_IMG"
-  
-  echo -n "$LUKS_PASSPHRASE" | cryptsetup luksFormat "$ISO_DIR/$LUKS_IMG" --batch-mode
-  echo -n "$LUKS_PASSPHRASE" | cryptsetup luksOpen "$ISO_DIR/$LUKS_IMG" container
-  dd if="$SQUASHFS" of=/dev/mapper/container bs=4M
-  
+
+  fallocate -l $TOTAL_SIZE "/tmp/$LUKS_IMG"
+  echo -n "$LUKS_PASSPHRASE" | cryptsetup luksFormat "/tmp/$LUKS_IMG" --batch-mode
+  echo -n "$LUKS_PASSPHRASE" | cryptsetup luksOpen "/tmp/$LUKS_IMG" container
+  run_command dd if="$SQUASHFS" of=/dev/mapper/container bs=4M 
   cryptsetup luksClose container
+  
+  if [ ! -z $ADDITIONAL_KEYS ]; then
+    for key in $ADDITIONAL_KEYS; do
+      echo -e "$LUKS_PASSPHRASE\n$key" | cryptsetup luksAddKey "/tmp/$LUKS_IMG"
+    done
+  fi
 else
-  cp "$SQUASHFS" "$ISO_DIR/squash.rootfs"
+  mkdir -p $ISO_DIR/casper
+  cp "$SQUASHFS" "$ISO_DIR/casper/filesystem.squashfs"
 fi
 
+mkdir $OUTPUT
+if [ ! -z $PXE_URL ];then
+  cp /tmp/vmlinuz $OUTPUT
+  cp /tmp/initrd $OUTPUT
+  cp /tmp/$LUKS_IMG $OUTPUT
 
-echo "[Create iso...]"
+  echo "[Moving kernel to iso/boot...]"
+  mkdir -p $BOOT_FOLDER
+  cp /tmp/vmlinuz $BOOT_FOLDER/vmlinuz
+  cp /tmp/initrd $BOOT_FOLDER/initrd
 
-mkdir -p "$ISO_DIR/EFI/BOOT"
-
-cp /opt/limine/BOOTX64.EFI "$ISO_DIR/EFI/BOOT/"
-cp /opt/limine/*.bin "$ISO_DIR/"
-cp /opt/limine/*.sys "$ISO_DIR/"
+  echo "[Create iso...]"
+  
+  mkdir -p "$ISO_DIR/EFI/BOOT"
+  
+  cp /opt/limine/*.EFI "$ISO_DIR/EFI/BOOT/"
+  cp /opt/limine/*.bin "$ISO_DIR/"
+  cp /opt/limine/*.sys "$ISO_DIR/"
+  
+  cp config/00-bootloader/limine_pxe.conf "$ISO_DIR/boot/limine.conf"
+
+  run_command xorriso -as mkisofs -R -r -J -b "limine-bios-cd.bin" \
+          -no-emul-boot -boot-load-size 4 -boot-info-table -hfsplus \
+          -apm-block-size 2048 --efi-boot "limine-uefi-cd.bin" \
+          -efi-boot-part --efi-boot-image --protective-msdos-label \
+          -volid "NEXUSCLIENTISO" \
+          "$ISO_DIR" -o "$OUTPUT/$ISO_NAME"
+  check_exit_code $? "Error during iso creation"
+  
+  run_command limine bios-install "$OUTPUT/$ISO_NAME"
+  check_exit_code $? "Error during add bios header"
+else
+  echo "[Moving kernel && squashfs from rootfs to iso/boot...]"
+  mkdir -p $BOOT_FOLDER
+  cp /tmp/vmlinuz $BOOT_FOLDER/vmlinuz
+  cp /tmp/initrd $BOOT_FOLDER/initrd
+  cp /tmp/$LUKS_IMG $ISO_DIR/$LUKS_IMG
 
-cp config/00-bootloader/limine.cfg "$ISO_DIR/limine.cfg"
+  echo "[Create iso...]"
+  
+  mkdir -p "$ISO_DIR/EFI/BOOT"
+  
+  cp /opt/limine/*.EFI "$ISO_DIR/EFI/BOOT/"
+  cp /opt/limine/*.bin "$ISO_DIR/"
+  cp /opt/limine/*.sys "$ISO_DIR/"
+  
+  if [ ! -z $LUKS_PASSPHRASE ]; then
+    cp config/00-bootloader/limine.conf "$ISO_DIR/boot/"
+  else
+    cp config/00-bootloader/limine_casper.conf "$ISO_DIR/boot/limine.conf"
+  fi
 
-xorriso -as mkisofs -R -r -J -b "limine-bios-cd.bin" \
-        -no-emul-boot -boot-load-size 4 -boot-info-table -hfsplus \
-        -apm-block-size 2048 --efi-boot "limine-uefi-cd.bin" \
-        -efi-boot-part --efi-boot-image --protective-msdos-label \
-        -volid "NEXUSCLIENTISO" \
-        "$ISO_DIR" -o image.iso
+  run_command xorriso -as mkisofs -R -r -J -b "limine-bios-cd.bin" \
+          -no-emul-boot -boot-load-size 4 -boot-info-table -hfsplus \
+          -apm-block-size 2048 --efi-boot "limine-uefi-cd.bin" \
+          -efi-boot-part --efi-boot-image --protective-msdos-label \
+          -volid "NEXUSCLIENTISO" \
+          "$ISO_DIR" -o "$OUTPUT/$ISO_NAME"
+  check_exit_code $? "Error during iso creation"
+  
+  run_command limine bios-install "$OUTPUT/$ISO_NAME"
+  check_exit_code $? "Error during add bios header"
+fi
 
-#limine bios-install image.iso
+chown -R 1000:1000 "$OUTPUT"

live_exam_os/config/00-bootloader/limine.cfg

-TIMEOUT=0
-
-:AlpineLinux
-    PROTOCOL=linux
-    KERNEL_PATH=boot:///boot/vmlinuz-5.4.0-26-generic
-    KERNEL_CMDLINE=quiet console=ttyS0
-    MODULE_PATH=boot:///boot/initrd

live_exam_os/config/00-bootloader/limine.conf

+timeout: 0
+
+/Nexus
+    protocol: linux
+    kernel_path: boot():/boot/vmlinuz
+    kernel_cmdline: boot=nexus quiet splash
+    module_path: boot():/boot/initrd

live_exam_os/config/00-bootloader/limine_casper.conf

+timeout: 0
+
+/Nexus
+    protocol: linux
+    kernel_path: boot():/boot/vmlinuz
+    kernel_cmdline: boot=casper quiet splash
+    module_path: boot():/boot/initrd

live_exam_os/config/00-bootloader/limine_pxe.conf

+timeout: 0
+
+/Nexus
+    protocol: linux
+    kernel_path: boot():/boot/vmlinuz
+    kernel_cmdline: boot=pxe quiet splash
+    module_path: boot():/boot/initrd

live_exam_os/config/01-initramfs/init

-#!/bin/sh
-echo "Starting Nexus client..."
-dmesg -n 1
-
-mkdir -p /dev /proc /sys /tmp
-mount -t devtmpfs none /dev
-mount -t proc none /proc
-mount -t sysfs none /sys
-mount -t tmpfs none /tmp
-mkdir -p /dev/pts
-mount -t devpts none /dev/pts
-
-modprobe simpledrm
-modprobe usbcore
-modprobe usb_storage
-modprobe usb_common
-modprobe uas
-modprobe scsi_mod
-modprobe sr_mod
-modprobe sd_mod
-modprobe xhci_pci
-modprobe xhci_hcd
-modprobe ata_piix
-modprobe cdrom
-modprobe loop
-
-/bin/sh
-
-udevadm trigger
-
-echo "Mounting cdrom..."
-while [ -z $(blkid | grep "NEXUSCLIENTISO" | cut -d ':' -f1) ]; do
-  echo -n ""
-done
-
-DISK=$(blkid | grep "NEXUSCLIENTISO" | cut -d ':' -f1)
-mkdir -p /cdrom
-mount -t iso9660 $DISK /cdrom
-
-cryptsetup open /cdrom/squash.rootfs.luks data
-
-echo "Mounting overlay..."
-mkdir -p /squash /upper/lib /work /newroot
-mount -t squashfs /dev/mapper/data /squash
-cp -r /lib/modules /upper/lib
-
-mount -t overlay -o lowerdir=/squash,upperdir=/upper,workdir=/work overlayfs /newroot
-
-mount -t devtmpfs none /newroot/dev
-mount -t proc none /newroot/proc
-mount -t sysfs none /newroot/sys
-mount -t tmpfs none /newroot/tmp
-mount -t devpts none /newroot/dev/pts
-
-exec switch_root /newroot /sbin/init

live_exam_os/config/01-initramfs/init_no_luks

-#!/bin/sh
-echo "Starting Nexus client..."
-dmesg -n 1
-
-mkdir -p /dev /proc /sys /tmp
-mount -t devtmpfs none /dev
-mount -t proc none /proc
-mount -t sysfs none /sys
-mount -t tmpfs none /tmp
-mkdir -p /dev/pts
-mount -t devpts none /dev/pts
-
-modprobe simpledrm
-modprobe usbcore
-modprobe usb_storage
-modprobe usb_common
-modprobe uas
-modprobe scsi_mod
-modprobe sr_mod
-modprobe sd_mod
-modprobe xhci_pci
-modprobe xhci_hcd
-modprobe ata_piix
-modprobe cdrom
-modprobe loop
-
-udevadm trigger
-
-echo "Mounting cdrom..."
-while [ -z $(blkid | grep "NEXUSCLIENTISO" | cut -d ':' -f1) ]; do
-  echo -n ""
-done
-
-DISK=$(blkid | grep "NEXUSCLIENTISO" | cut -d ':' -f1)
-mkdir -p /cdrom
-mount -t iso9660 $DISK /cdrom
-
-/bin/sh
-
-echo "Mounting overlay..."
-mkdir -p /squash /upper/lib /work /newroot
-mount -t squashfs /cdrom/squash.rootfs /squash
-cp -r /lib/modules /upper/lib
-
-mount -t overlay -o lowerdir=/squash,upperdir=/upper,workdir=/work overlayfs /newroot
-
-mount -t devtmpfs none /newroot/dev
-mount -t proc none /newroot/proc
-mount -t sysfs none /newroot/sys
-mount -t tmpfs none /newroot/tmp
-mount -t devpts none /newroot/dev/pts
-
-exec switch_root /newroot /sbin/init

live_exam_os/config/01-packages_install/packages

+udev
+network-manager
+xserver-xorg
+xserver-xorg-input-libinput
+xinit
+xfce4
+xfce4-terminal
+systemd
+policykit-1
+adwaita-icon-theme
+dbus
+dbus-x11
+virt-viewer
+mesa-va-drivers
+iptables
+ufw
+sudo
+vim
+rfkill
+wpasupplicant
+yubikey-personalization

live_exam_os/config/02-customisation/etc/NetworkManager/NetworkManager.conf.bak

+[main]
+plugins=ifupdown,keyfile
+
+[ifupdown]
+managed=true
+
+[device]
+wifi.scan-rand-mac-address=no

live_exam_os/config/02-customisation/etc/NetworkManager/conf.d/10-default-wired.conf.bak

+[connection]
+id=Auto Ethernet
+type=ethernet
+autoconnect=true
+
+[ipv4]
+method=auto
+
+[ipv6]
+method=auto

live_exam_os/config/02-customisation/etc/NetworkManager/conf.d/dns.conf.bak

+[main]
+dns=none

live_exam_os/config/02-customisation/etc/challenge

+test