read DnsServer and Domain from bootstrap.json — zero-param bootstrap

.gitignore

@@ -6,6 +6,9 @@ config.yml
 # CA certificate (unique per deployment)
 ca.crt
 
+# Deployment config (unique per deployment)
+bootstrap.json
+
 # Downloaded at install time
 nebula.exe
 nebula-cert.exe

CHANGELOG.md

@@ -4,7 +4,8 @@
 
 DNS persistence and domain authentication at the login screen.
 
-- `install-nebula.ps1` now requires `-DnsServer` and `-Domain` parameters
+- `bootstrap.ps1` now reads `DnsServer` and `Domain` from `bootstrap.json` — no required parameters
+- `install-nebula.ps1` now requires `-DnsServer` and `-Domain` parameters (passed automatically by bootstrap)
 - Nebula service changed from `delayed-auto` to `auto` start — NlaSvc dependency already ensures the physical network is up
 - Creates a `NebulaDNS` scheduled task that runs at startup to re-apply DNS on the `nebula1` adapter after Nebula recreates it, wait for the DC to become reachable, and force Netlogon DC rediscovery via `nltest`
 - Idempotency check now also verifies the scheduled task and startup script exist

README.md

@@ -8,13 +8,15 @@ For domain controller setup requirements, see [DC-SETUP.md](DC-SETUP.md).
 
 ## Prerequisites
 
-Before running, you need the following **per-host files** prepared by the domain administrator:
+The domain administrator prepares a deployment package containing:
 
+- `ca.crt` — Nebula CA certificate (ships with the scripts)
+- `bootstrap.json` — Deployment config with DNS server and domain name (ships with the scripts)
 - `config.yml` — Nebula configuration (use forward slashes in all paths)
 - `host.crt` — Nebula certificate signed by the CA
 - `host.key` — Nebula private key
 
-These files are unique to each machine and should be placed in a directory you will run the scripts from.
+The per-host files (`config.yml`, `host.crt`, `host.key`) are unique to each machine and should be placed in a directory you will run the scripts from.
 
 ## Package Contents
 
@@ -24,6 +26,8 @@ These files are unique to each machine and should be placed in a directory you w
 | `install-nebula.ps1` | Downloads Nebula and installs it as a Windows service |
 | `set-dns.ps1` | Points the Nebula adapter's DNS at the domain controller |
 | `join-domain.ps1` | Joins the machine to the domain |
+| `ca.crt` | Nebula CA certificate (provided by admin) |
+| `bootstrap.json` | Deployment config: DNS server IP and domain name (provided by admin) |
 
 ## Usage
 
@@ -38,16 +42,16 @@ Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process
 From the directory containing your per-host files (`config.yml`, `host.crt`, `host.key`):
 
 ```powershell
-& "C:\path\to\nebula\bootstrap.ps1" -DnsServer 10.10.10.13 -Domain "arvandor.internal"
+& "C:\path\to\nebula\bootstrap.ps1"
 ```
 
 Optionally pass `-ComputerName` to validate the machine name matches a pre-staged AD object:
 
 ```powershell
-& "C:\path\to\nebula\bootstrap.ps1" -DnsServer 10.10.10.13 -Domain "arvandor.internal" -ComputerName "WS-NAME"
+& "C:\path\to\nebula\bootstrap.ps1" -ComputerName "WS-NAME"
 ```
 
-This runs all three steps in order, prompts for domain credentials, and offers to restart when finished.
+DNS server and domain are read from `bootstrap.json` in the script directory. This runs all three steps in order, prompts for domain credentials, and offers to restart when finished.
 
 ### Step-by-step
 
@@ -66,15 +70,27 @@ If you need to run steps individually:
 
 ### Parameters
 
-**install-nebula.ps1**
+**bootstrap.ps1**
+- `-ComputerName` (optional) — Expected NetBIOS name (max 15 characters). Warns if the current machine name doesn't match.
+- Reads `DnsServer` and `Domain` from `bootstrap.json`.
+
+**bootstrap.json**
+```json
+{
+  "DnsServer": "10.10.10.13",
+  "Domain": "arvandor.internal"
+}
+```
+
+**install-nebula.ps1** (standalone use)
 - `-DnsServer` (required) — IP address of the domain controller. Used to configure DNS persistence across reboots.
 - `-Domain` (required) — FQDN of the Active Directory domain. Used to configure Netlogon DC rediscovery at startup.
 
-**set-dns.ps1**
+**set-dns.ps1** (standalone use)
 - `-DnsServer` (required) — IP address of the domain controller
 - `-InterfaceAlias` (optional) — Target a specific adapter. Defaults to `nebula1`
 
-**join-domain.ps1**
+**join-domain.ps1** (standalone use)
 - `-Domain` (required) — FQDN of the Active Directory domain
 - `-ComputerName` (optional) — Expected NetBIOS name (max 15 characters). If provided and the current machine name doesn't match, the script warns but proceeds with the join under the current name.
 

bootstrap.ps1

@@ -1,12 +1,6 @@
 #Requires -RunAsAdministrator
 
 param(
-    [Parameter(Mandatory=$true)]
-    [string]$DnsServer,
-
-    [Parameter(Mandatory=$true)]
-    [string]$Domain,
-
     [Parameter(Mandatory=$false)]
     [string]$ComputerName
 )
@@ -23,6 +17,33 @@ if (-not $principal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administra
 
 $ScriptDir = Split-Path -Parent $MyInvocation.MyCommand.Definition
 
+# --- Read deployment config ---
+
+$configFile = Join-Path $ScriptDir "bootstrap.json"
+if (-not (Test-Path $configFile)) {
+    Write-Error "Missing bootstrap.json in $ScriptDir. This file should be provided by the domain administrator."
+    exit 1
+}
+
+try {
+    $config = Get-Content $configFile -Raw | ConvertFrom-Json
+} catch {
+    Write-Error "Failed to parse bootstrap.json: $_"
+    exit 1
+}
+
+if (-not $config.DnsServer) {
+    Write-Error "bootstrap.json is missing required field: DnsServer"
+    exit 1
+}
+if (-not $config.Domain) {
+    Write-Error "bootstrap.json is missing required field: Domain"
+    exit 1
+}
+
+$DnsServer = $config.DnsServer
+$Domain = $config.Domain
+
 # --- Step 1: Install Nebula ---
 
 Write-Host ""