The way we usually do things is completely install the application, using either random and/or generic values. Then to ensure that the application includes relevant config, we provide scripts that run at firstboot. We call them "inithooks". They run at firstboot, so that they also apply to other builds (such as OVA and LXC which are essentially "pre-installed") not just ISOs. They also support pre-seeding (which is what the Hub uses to allow users to simply fill in a web form).
The inithooks are relevant to the specific appliance and are provided via overlay scripts (in the appliance build code). These scripts are separated into "firstboot" scripts, and "bin" scripts. To use our WordPress appliance as an example, '20regen-wordpress-secrets' ensures that each user has unique "secrets" and '40wordpress' simply hands pre-seeded values (if they exist) to the 'wordpress.py' "bin" script, were any additionally required values are set (in the case of WordPress, admin password and email). If the values passed to the "bin" script are empty (i.e. no pre-seeding) then the "bin" script runs interactively.
As I mentioned, if you wish to share the code, I'm happy to give some specific feedback and include them in our "official" library.