Add generic Fedora kickstarts
* `fedora.ks` is used for virtual machines running Fedora Linux * `fedora-rpi.ks` is for Raspberry Pi machines * `common.ks` is shared between the twomaster
parent
717f17893e
commit
be24a5dd52
|
|
@ -0,0 +1,101 @@
|
|||
# vim: set ft=sh :
|
||||
text
|
||||
url --url http://dl.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/os
|
||||
repo --name=updates --baseurl=http://dl.fedoraproject.org/pub/fedora/linux/updates/$releasever/Everything/$basearch
|
||||
repo --name=dch --baseurl=http://files.pyrocufflink.blue/yum/dch/fedora/$releasever
|
||||
lang en_US.UTF-8
|
||||
keyboard us
|
||||
timezone --utc UTC
|
||||
rootpw --lock
|
||||
reboot
|
||||
|
||||
%packages --exclude-weakdeps
|
||||
-NetworkManager
|
||||
-authconfig
|
||||
-dhcp-client
|
||||
-dnf-plugins-core
|
||||
-dnf-yum
|
||||
-dracut-config-rescue
|
||||
-man-db
|
||||
-openssh-clients
|
||||
-parted
|
||||
-plymouth
|
||||
-sssd-common
|
||||
-sssd-kcm
|
||||
-sudo
|
||||
-yum
|
||||
chrony
|
||||
dnf
|
||||
e2fsprogs
|
||||
grubby
|
||||
kitty-terminfo
|
||||
openssh-server
|
||||
python3-libselinux
|
||||
python3-policycoreutils
|
||||
rng-tools
|
||||
selinux-policy-targeted
|
||||
sshca-cli-systemd
|
||||
systemd-networkd
|
||||
%end
|
||||
|
||||
services --enabled systemd-networkd,systemd-resolved,ssh-host-certs-renew.timer,ssh-host-certs.target --disabled systemd-homed,systemd-nsresourced,systemd-nsresourced.socket,systemd-userdbd,systemd-userdbd.socket
|
||||
|
||||
%addon com_redhat_kdump --disable
|
||||
%end
|
||||
|
||||
%post --erroronfail
|
||||
export NO_PROXY='pyrocufflink.blue,*.pyrocufflink.blue'
|
||||
|
||||
echo 'install_weak_deps=0' >> /etc/dnf/dnf.conf
|
||||
echo 'deltarpm=0' >> /etc/dnf/dnf.conf
|
||||
echo '%_excludedocs 1' >> /etc/rpm/macros
|
||||
|
||||
# Set the hostname
|
||||
hostname -f > /etc/hostname
|
||||
|
||||
# Trust SSHCA to authenticate users
|
||||
curl -fsSL https://sshca.pyrocufflink.blue/user/ca > /etc/ssh/ca.pub
|
||||
test -s /etc/ssh/ca.pub || exit
|
||||
cat >> /etc/ssh/sshd_config.d/70-trustedusercakeys.conf <<'EOF'
|
||||
TrustedUserCAKeys /etc/ssh/ca.pub
|
||||
EOF
|
||||
|
||||
# Configure SSH daemon to use host certificates obtained from SSHCA
|
||||
cat > /etc/sysconfig/ssh-host-cert-sign <<EOF
|
||||
SSHCA_SERVER=https://sshca.pyrocufflink.blue
|
||||
EOF
|
||||
for a in ecdsa ed25519 rsa; do
|
||||
printf 'HostCertificate /etc/ssh/ssh_host_%s_key-cert.pub\n' "${a}"
|
||||
done > /etc/ssh/sshd_config.d/10-hostcertificate.conf
|
||||
|
||||
# Configure networking with systemd-networkd
|
||||
# Use MAC address as client ID to keep the same lease from Anaconda
|
||||
rm -rf /etc/sysconfig/network-scripts /etc/sysconfig/network
|
||||
cat > /etc/systemd/network/99-default.network <<EOF
|
||||
[Match]
|
||||
Name=en*
|
||||
Type=ether
|
||||
|
||||
[Network]
|
||||
DHCP=true
|
||||
|
||||
[DHCPv4]
|
||||
ClientIdentifier=mac
|
||||
UseDomain=true
|
||||
EOF
|
||||
ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
|
||||
|
||||
# systemd-getty-generator is broken in F40
|
||||
if [ $(rpm -E %fedora) -eq 40 ]; then
|
||||
console=$(cat /sys/class/tty/console/active)
|
||||
case "${console}" in
|
||||
ttyS*)
|
||||
systemctl enable serial-getty@$console
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
|
||||
# Enable read-only rootfs. This cannot be done with part/logvol, as that would
|
||||
# make Anaconda mount it read-only befor the installation starts.
|
||||
#sed -i -r '/\S+\s+\/\s+/s/defaults/ro/' /etc/fstab
|
||||
%end
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
# vim: set ft=sh :
|
||||
bootloader --location none
|
||||
clearpart --all --initlabel --disklabel msdos
|
||||
part /boot/efi --fstype vfat --size 128 --label RASPBERRYPI
|
||||
part /boot --fstype ext4 --size 512 --label boot
|
||||
part pv.01 --size 1 --grow
|
||||
volgroup fedora pv.01
|
||||
logvol / --fstype ext4 --name rootfs --vgname fedora --size 4096 --label rootfs
|
||||
logvol swap --fstype swap --name swap --vgname fedora --size 1024 --maxsize 8192 --label swap --grow
|
||||
logvol /var --fstype ext4 --name var --vgname fedora --size 2048 --label var --grow
|
||||
logvol /var/log --fstype ext4 --name var_log --vgname fedora --size 1024 --label var-log
|
||||
logvol /home --fstype ext4 --name home --vgname fedora --size 100 --label home
|
||||
logvol /tmp --fstype ext4 --name tmp --vgname fedora --size 2048 --label tmp
|
||||
|
||||
timesource --ntp-pool 2.fedora.pool.ntp.org
|
||||
|
||||
%packages --exclude-weakdeps
|
||||
bcm2711-firmware
|
||||
bcm283x-overlays
|
||||
uboot-images-armv8
|
||||
%end
|
||||
|
||||
%include http://git.pyrocufflink.net/infra/kickstart/raw/branch/master/fedora-common.ks
|
||||
|
||||
%post --erroronfail
|
||||
cp -P /usr/share/uboot/rpi_arm64/u-boot.bin /boot/efi/rpi-u-boot.bin
|
||||
|
||||
grubby --args='quiet systemd.show_status=1' --update-kernel=ALL
|
||||
%end
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
# vim: set ft=sh sw=4 ts=4 sts=4 et :
|
||||
|
||||
# Create the "standard" disk layout using only the first disk
|
||||
# Other disks are left alone in case they already contain data, e.g.
|
||||
# migrated from another system.
|
||||
bootloader --location mbr
|
||||
clearpart --all --initlabel --drives vda
|
||||
reqpart
|
||||
part /boot --fstype ext4 --size=512 --ondisk vda
|
||||
part pv.01 --size=1 --grow --ondisk vda
|
||||
volgroup fedora pv.01
|
||||
logvol / --fstype ext4 --name=root --vgname=fedora --size=4096
|
||||
logvol /home --fstype ext4 --name=home --vgname=fedora --size=100
|
||||
logvol /var --fstype ext4 --name=var --vgname=fedora --size=1024 --grow
|
||||
logvol /var/log --fstype ext4 --name=var_log --vgname=fedora --size=1024
|
||||
|
||||
%include https://git.pyrocufflink.net/infra/kickstart/raw/branch/master/fedora-common.ks
|
||||
|
||||
%packages
|
||||
qemu-guest-agent
|
||||
%end
|
||||
Loading…
Reference in New Issue