Add kickstart for gw1
parent
6b35ac54d7
commit
3221ad95d0
|
|
@ -0,0 +1,113 @@
|
|||
# vim: set ft=sh :
|
||||
text
|
||||
url --url http://mirror.rnet.missouri.edu/fedora/linux/releases/34/Everything/x86_64/os/
|
||||
repo --name=updates --baseurl=http://mirror.rnet.missouri.edu/fedora/linux/updates/34/Everything/x86_64/
|
||||
lang en_US.UTF-8
|
||||
keyboard us
|
||||
timezone --utc UTC
|
||||
rootpw --lock
|
||||
reboot
|
||||
|
||||
bootloader --location mbr --append "console=ttyS0,115200 quiet systemd.show_status=1"
|
||||
clearpart --all --initlabel
|
||||
reqpart
|
||||
part /boot --fstype ext4 --size=200
|
||||
part pv.01 --size=1 --grow
|
||||
volgroup gw1 pv.01
|
||||
logvol / --fstype ext4 --name=root --vgname=gw1 --size=4096
|
||||
logvol /home --fstype ext4 --name=home --vgname=gw1 --size=100
|
||||
logvol /var --fstype ext4 --name=var --vgname=gw1 --size=1024 --grow
|
||||
logvol /var/log --fstype ext4 --name=var_log --vgname=gw1 --size=1024
|
||||
|
||||
%packages --excludeWeakdeps --excludedocs
|
||||
-NetworkManager
|
||||
-authconfig
|
||||
-authselect
|
||||
-dhcp-client
|
||||
-dnf-plugins-core
|
||||
-dnf-yum
|
||||
-dracut-config-rescue
|
||||
-e2fsprogs
|
||||
-langpacks-en
|
||||
-man-db
|
||||
-openssh-clients
|
||||
-parted
|
||||
-plymouth
|
||||
-sssd-common
|
||||
-sssd-kcm
|
||||
-sudo
|
||||
-yum
|
||||
audit
|
||||
avahi
|
||||
bind-utils
|
||||
chrony
|
||||
dhcp-server
|
||||
dnf
|
||||
dnf-command(system-upgrade)
|
||||
dnsmasq
|
||||
grubby
|
||||
linux-firmware
|
||||
nftables
|
||||
openssh-server
|
||||
passwd
|
||||
python3-libselinux
|
||||
python3-policycoreutils
|
||||
radvd
|
||||
rng-tools
|
||||
selinux-policy-targeted
|
||||
strongswan
|
||||
sudo
|
||||
systemd-networkd
|
||||
tar
|
||||
tmux
|
||||
vim-enhanced
|
||||
wireguard-tools
|
||||
wpa_supplicant
|
||||
%end
|
||||
|
||||
services --enabled systemd-networkd,systemd-resolved
|
||||
|
||||
%addon com_redhat_kdump --disable
|
||||
%end
|
||||
|
||||
%post --erroronfail
|
||||
echo gw1.pyrocufflink.blue > /etc/hostname
|
||||
|
||||
echo 'install_weak_deps=0' >> /etc/dnf/dnf.conf
|
||||
echo 'deltarpm=0' >> /etc/dnf/dnf.conf
|
||||
echo '%_excludedocs 1' >> /etc/rpm/macros
|
||||
|
||||
systemctl mask systemd-journald-audit.socket
|
||||
|
||||
install -m700 -d /root/.ssh
|
||||
cat >> /root/.ssh/authorized_keys <<EOF
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKM7C2UKDg8meUGXY+4qyspk/QRdHGNga8EqeWgGf4hV dustin@rosalina.pyrocufflink.blue
|
||||
EOF
|
||||
|
||||
sed -i \
|
||||
-e '/pam_pwquality/d' \
|
||||
-e '/^password.*pam_unix/s/use_authtok \?//' \
|
||||
/etc/pam.d/system-auth \
|
||||
/etc/pam.d/password-auth
|
||||
|
||||
rm -rf /etc/sysconfig/network-scripts /etc/sysconfig/network
|
||||
|
||||
cat > /etc/systemd/network/99-default.network <<EOF
|
||||
[Match]
|
||||
Name=*
|
||||
|
||||
[Network]
|
||||
DHCP=true
|
||||
EOF
|
||||
|
||||
ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
|
||||
|
||||
# Generate SSH host keys before first boot, since / will be read-only then
|
||||
/usr/libexec/openssh/sshd-keygen ecdsa
|
||||
/usr/libexec/openssh/sshd-keygen ed25519
|
||||
/usr/libexec/openssh/sshd-keygen rsa
|
||||
|
||||
# Enable read-only rootfs. This cannot be done with part/logvol, as that would
|
||||
# make Anaconda mount it read-only befor the installation starts.
|
||||
sed -i -r '/\S+\s+\/\s+/s/defaults/ro/' /etc/fstab
|
||||
%end
|
||||
Loading…
Reference in New Issue