114 lines
2.5 KiB
Bash
114 lines
2.5 KiB
Bash
# vim: set ft=sh :
|
|
text
|
|
url --url http://mirror.rnet.missouri.edu/fedora/linux/releases/34/Everything/x86_64/os/
|
|
repo --name=updates --baseurl=http://mirror.rnet.missouri.edu/fedora/linux/updates/34/Everything/x86_64/
|
|
lang en_US.UTF-8
|
|
keyboard us
|
|
timezone --utc UTC
|
|
rootpw --lock
|
|
reboot
|
|
|
|
bootloader --location mbr --append "console=ttyS0,115200 quiet systemd.show_status=1"
|
|
clearpart --all --initlabel
|
|
reqpart
|
|
part /boot --fstype ext4 --size=200
|
|
part pv.01 --size=1 --grow
|
|
volgroup gw1 pv.01
|
|
logvol / --fstype ext4 --name=root --vgname=gw1 --size=4096
|
|
logvol /home --fstype ext4 --name=home --vgname=gw1 --size=100
|
|
logvol /var --fstype ext4 --name=var --vgname=gw1 --size=1024 --grow
|
|
logvol /var/log --fstype ext4 --name=var_log --vgname=gw1 --size=1024
|
|
|
|
%packages --excludeWeakdeps --excludedocs
|
|
-NetworkManager
|
|
-authconfig
|
|
-authselect
|
|
-dhcp-client
|
|
-dnf-plugins-core
|
|
-dnf-yum
|
|
-dracut-config-rescue
|
|
-e2fsprogs
|
|
-langpacks-en
|
|
-man-db
|
|
-openssh-clients
|
|
-parted
|
|
-plymouth
|
|
-sssd-common
|
|
-sssd-kcm
|
|
-sudo
|
|
-yum
|
|
audit
|
|
avahi
|
|
bind-utils
|
|
chrony
|
|
dhcp-server
|
|
dnf
|
|
dnf-command(system-upgrade)
|
|
dnsmasq
|
|
grubby
|
|
linux-firmware
|
|
nftables
|
|
openssh-server
|
|
passwd
|
|
python3-libselinux
|
|
python3-policycoreutils
|
|
radvd
|
|
rng-tools
|
|
selinux-policy-targeted
|
|
strongswan
|
|
sudo
|
|
systemd-networkd
|
|
tar
|
|
tmux
|
|
vim-enhanced
|
|
wireguard-tools
|
|
wpa_supplicant
|
|
%end
|
|
|
|
services --enabled systemd-networkd,systemd-resolved
|
|
|
|
%addon com_redhat_kdump --disable
|
|
%end
|
|
|
|
%post --erroronfail
|
|
echo gw1.pyrocufflink.blue > /etc/hostname
|
|
|
|
echo 'install_weak_deps=0' >> /etc/dnf/dnf.conf
|
|
echo 'deltarpm=0' >> /etc/dnf/dnf.conf
|
|
echo '%_excludedocs 1' >> /etc/rpm/macros
|
|
|
|
systemctl mask systemd-journald-audit.socket
|
|
|
|
install -m700 -d /root/.ssh
|
|
cat >> /root/.ssh/authorized_keys <<EOF
|
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKM7C2UKDg8meUGXY+4qyspk/QRdHGNga8EqeWgGf4hV dustin@rosalina.pyrocufflink.blue
|
|
EOF
|
|
|
|
sed -i \
|
|
-e '/pam_pwquality/d' \
|
|
-e '/^password.*pam_unix/s/use_authtok \?//' \
|
|
/etc/pam.d/system-auth \
|
|
/etc/pam.d/password-auth
|
|
|
|
rm -rf /etc/sysconfig/network-scripts /etc/sysconfig/network
|
|
|
|
cat > /etc/systemd/network/99-default.network <<EOF
|
|
[Match]
|
|
Name=*
|
|
|
|
[Network]
|
|
DHCP=true
|
|
EOF
|
|
|
|
ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
|
|
|
|
# Generate SSH host keys before first boot, since / will be read-only then
|
|
/usr/libexec/openssh/sshd-keygen ecdsa
|
|
/usr/libexec/openssh/sshd-keygen ed25519
|
|
/usr/libexec/openssh/sshd-keygen rsa
|
|
|
|
# Enable read-only rootfs. This cannot be done with part/logvol, as that would
|
|
# make Anaconda mount it read-only befor the installation starts.
|
|
sed -i -r '/\S+\s+\/\s+/s/defaults/ro/' /etc/fstab
|
|
%end
|