Add kickstart for zaphym

2020-05-03 14:57:25 -05:00 · 2020-05-03 14:57:25 -05:00 · 6b35ac54d7
parent 2346c2e910
commit 6b35ac54d7
1 changed files with 311 additions and 0 deletions
--- a/zaphym.ks
+++ b/zaphym.ks
@ -0,0 +1,311 @@
 # vim: set ft=sh :
 graphical
 install
 url --url http://mirror.rnet.missouri.edu/fedora/linux/releases/32/Everything/x86_64/os/
 repo --name=updates --baseurl=http://mirror.rnet.missouri.edu/fedora/linux/updates/32/Everything/x86_64/
 lang en_US.UTF-8
 keyboard us
 timezone --utc America/Chicago
 rootpw --lock
 user --name dhatch --uid 1987 --gid 1987 --groups wheel,kvm,mock,wireshark,disk --gecos "Dustin C. Hatch" --shell /bin/zsh --iscrypted --password $6$sO9XmlC6Y8NiRyNT$8SLQmhI9kKOAJl5fys.qFUyGb1MHSJdE5WVOsjGTY2qlPqYKfX0SqKnhw6l3nqYVFNW7YQx.CoSaHC0AjVotw.
 reboot
 bootloader --location mbr --append "quiet systemd.show_status=1 console=ttyS0,115200 console=tty0"
 clearpart --all --initlabel
 reqpart
 part /boot --fstype ext4 --size=200
 part pv.01 --size=623620 --encrypted --passphrase="elude cameo press ladybug debunk untidy"
 volgroup zaphym pv.01
 logvol swap --fstype swap --name=swap --vgname=zaphym --size=131072 --fsoptions="noexec,nodev,nosuid"
 logvol / --fstype ext4 --name=root --vgname=zaphym --size=32768
 logvol /var --fstype ext4 --name=var --vgname=zaphym --size=131072 --fsoptions="noexec,nodev,nosuid"
 logvol /var/log --fstype ext4 --name=var_log --vgname=zaphym --size=1024 --fsoptions="noexec,nodev,nosuid"
 logvol /var/tmp --fstype ext4 --name=var_tmp --vgname=zaphym --size=65536 --fsoptions="noexec,nodev,nosuid"
 logvol /home --fstype ext4 --name=home --vgname=zaphym --size=262144 --fsoptions="nodev,nosuid"
 %packages --excludeWeakdeps
 -NetworkManager
 -authconfig
 -authselect
 -dhcp-client
 -dnf-yum
 -dracut-config-rescue
 -plymouth
 -sssd-common
 -sssd-kcm
 -yum
 adwaita-gtk2-theme
 audit
 avahi
 cargo
 chrony
 compton
 cracklib-dicts
 dash
 dejavu-sans-fonts
 dejavu-serif-fonts
 desktop-backgrounds-compat
 diceware
 dmenu
 dnf
 dnf-command(system-upgrade)
 dnf-plugins-core
 dnf-utils
 dnsmasq
 dosfstools
 e2fsprogs
 efibootmgr
 fedpkg
 feh
 firefox
 firewalld
 flatpak
 gedit
 gimp
 git
 gitg
 grubby
 gucharmap
 gvfs-fuse
 gvfs-smb
 htop
 httpd
 i3
 icedtea-web
 inkscape
 inotify-tools
 iperf3
 java-11-openjdk-headless
 jq
 krb5-workstation
 less
 liberation-fonts   
 libreoffice
 libvirt-client
 libvirt-daemon-driver-network
 libvirt-daemon-driver-qemu
 libvirt-daemon-driver-storage-core
 lxdm
 man-db
 man-pages
 mate-notification-daemon
 meld
 mesa-dri-drivers
 meson
 mock
 mozilla-fira-mono-fonts
 mozilla-fira-sans-fonts
 mtools
 netpbm
 nginx
 ninja-build
 nmap
 nodejs
 npm
 openldap-clients
 openssh-clients
 openssh-server
 openssl
 parted
 patch
 pinentry-gtk
 pmount
 podman
 policycoreutils-python-utils
 postgresql-server
 pv
 pwgen
 py3status
 python3-pip
 qemu-system-x86-core
 redis
 remmina
 remmina-plugins-rdp
 ripgrep
 rng-tools
 rpm-build
 rust
 rsync
 rsyslog
 samba-client
 selinux-policy-targeted
 setools-console
 smem
 squid
 strace
 strongswan
 sudo
 tar
 thunderbird
 tmux
 tokei
 twine
 unzip
 util-linux-user
 urw-base35-fonts
 vim-X11
 vim-enhanced
 virt-install
 virt-manager
 wireshark-cli
 xclip
 xdotool
 xscreensaver
 xorg-x11-drv-amdgpu
 xorg-x11-fonts-misc
 xorg-x11-server-Xorg
 xorg-x11-server-utils
 xorg-x11-utils
 xorg-x11-xauth
 xorg-x11-xinit
 xorg-x11-xinit-session
 zip
 zsh
 %end
 services --enabled serial-getty@ttyS0,dnsmasq,lxdm,systemd-networkd,systemd-resolved,rngd,rsyslog
 %addon com_redhat_kdump --disable
 %end
 %post --erroronfail
 echo 'install_weak_deps=0' >> /etc/dnf/dnf.conf
 echo 'deltarpm=0' >> /etc/dnf/dnf.conf
 systemctl mask systemd-journald-audit.socket
 systemctl set-default graphical.target
 echo zaphym.securepassage.com > /etc/hostname
 sed -i 's/localhost /zaphym.securepassage.com zaphym localhost /' /etc/hosts
 rm -rf /etc/sysconfig/network-scripts /etc/sysconfig/network
 mkdir -p /etc/systemd/resolved.conf.d
 cat > /etc/systemd/resolved.conf.d/no-stub-listener.conf <<EOF
 [Resolve]
 DNSStubListener=no
 EOF
 cat > /etc/systemd/network/20-br0.netdev <<EOF
 [NetDev]
 Name=br0
 Kind=bridge
 EOF
 cat > /etc/systemd/network/60-br0.network <<EOF
 [Match]
 Name=br0
 [Network]
 DHCP=yes
 EOF
 cat > /etc/systemd/network/40-eno1.network <<EOF
 [Match]
 Name=eno1
 [Network]
 Bridge=br0
 EOF
 cat > /etc/systemd/network/61-virbr0.network <<EOF
 [Match]
 Name=virbr0
 [Network]
 Address=172.21.10.1/26
 EOF
 cat > /etc/systemd/network/21-virbr0.netdev <<EOF
 [NetDev]
 Name=virbr0
 Kind=bridge
 EOF
 cat > /etc/resolv.conf <<EOF
 search securepassage.com
 nameserver ::1
 EOF
 mkdir /etc/systemd/system/dnsmasq.service.d
 cat > /etc/systemd/system/dnsmasq.service.d/after-resolved.conf <<EOF
 [Unit]
 Wants=systemd-resolved.service
 After=systemd-resolved.service
 EOF
 cat > /etc/dnsmasq.d/dustin.test.conf <<EOF
 interface=virbr0
 dhcp-range=set:test0,172.21.10.2,172.21.10.19,10m
 dhcp-range=set:test0,::ff,::ff:ffff,constructor:virbr0,slaac
 domain=dustin.test,172.21.10.0/26
 interface-name=zaphym.dustin.test,virbr0
 srv-host=_fmosconfig._tcp.dustin.test,zaphym.dustin.test,4967,10,100
 txt-record=_fmosconfig._tcp.dustin.test,ssl=no
 EOF
 cat > /etc/dnsmasq.d/securepassage.conf <<EOF
 server=/securepassage.com/192.168.20.146
 server=/securepassage.com/192.168.20.147
 server=/lab.firemon.com/192.168.20.146
 server=/lab.firemon.com/192.168.20.147
 server=/intranet.firemon.com/192.168.20.146
 server=/intranet.firemon.com/192.168.20.147
 server=/firemon.in/192.168.20.146
 server=/firemon.in/192.168.20.147
 server=/168.192.in-addr.arpa/192.168.20.146
 server=/168.192.in-addr.arpa/192.168.20.147
 server=/10.in-addr.arpa/192.168.20.146
 server=/10.in-addr.arpa/192.168.20.147
 EOF
 cat > /etc/dnsmasq.d/fmaas.conf <<EOF
 server=/testing.cloud.frmn/10.61.65.10
 server=/65.61.10.in-addr.arpa/10.61.65.10
 server=/prod.cloud.frmn/10.61.1.10
 server=/1.61.10.in-addr.arpa/10.61.1.10
 server=/dev.cloud.frmn/10.82.1.10
 server=/1.82.10.in-addr.arpa/10.82.1.10
 EOF
 cat > /etc/dnsmasq.d/resolv.conf <<EOF
 resolv-file=/run/systemd/resolve/resolv.conf
 EOF
 cat > /etc/qemu/bridge.conf <<EOF
 allow br0
 allow virbr0
 allow virbr1
 allow virbr2
 allow virbr3
 EOF
 sed -i \
    -e 's/Xorg/Xorg -dpi 144/' \
    -e 's/gtk_theme=.*/gtk_theme=Adwaita/' \
    -e 's:bg=.*:bg=/usr/share/backgrounds/default.png:' \
    -e 's/disable=0/disable=1/' \
    /etc/lxdm/lxdm.conf
 # Generate SSH host keys before first boot, since / will be read-only then
 /usr/libexec/openssh/sshd-keygen ecdsa
 /usr/libexec/openssh/sshd-keygen ed25519
 /usr/libexec/openssh/sshd-keygen rsa
 # Configuration for FMOS virtual machines/automatic configuration
 firewall-offline-cmd --zone internal --add-interface virbr0
 firewall-offline-cmd --zone internal --add-service dhcp
 firewall-offline-cmd --zone internal --add-service dns
 firewall-offline-cmd --zone internal --add-service http
 firewall-offline-cmd --zone internal --add-port 4967/tcp
 firewall-offline-cmd --zone public --add-rich-rule 'rule family="ipv4" source address="172.21.10.0/26" masquerade'
 # Enable read-only rootfs. This cannot be done with part/logvol, as that would
 # make Anaconda mount it read-only befor the installation starts.
 sed -i -r '/\S+\s+\/\s+/s/defaults/ro,nodev/' /etc/fstab
 # Make sure all filesystems /tmp is mounted noexec,nosuid,nodev
 echo 'tmpfs /tmp tmpfs mode=1777,strictatime,noexec,nodev,nosuid 0 0' >> /etc/fstab
 %end