98 lines
2.3 KiB
Bash
98 lines
2.3 KiB
Bash
# vim: set ft=sh :
|
|
text
|
|
url --url http://dl.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/os
|
|
repo --name=updates --baseurl=http://dl.fedoraproject.org/pub/fedora/linux/updates/$releasever/Everything/$basearch
|
|
repo --name=dch --baseurl=http://files.pyrocufflink.blue/yum/dch/fedora/$releasever
|
|
lang en_US.UTF-8
|
|
keyboard us
|
|
timezone --utc UTC
|
|
rootpw --lock
|
|
reboot
|
|
|
|
%packages --exclude-weakdeps --excludedocs
|
|
-NetworkManager
|
|
-authconfig
|
|
-dhcp-client
|
|
-dnf-yum
|
|
-dracut-config-rescue
|
|
-man-db
|
|
-openssh-clients
|
|
-parted
|
|
-plymouth
|
|
-sssd-common
|
|
-sssd-kcm
|
|
-sudo
|
|
-udisks2
|
|
-yum
|
|
chrony
|
|
dnf
|
|
dnf-command(system-upgrade)
|
|
e2fsprogs
|
|
grubby
|
|
kitty-terminfo
|
|
openssh-server
|
|
python3-libdnf5
|
|
python3-libselinux
|
|
python3-policycoreutils
|
|
rng-tools
|
|
selinux-policy-targeted
|
|
sshca-cli
|
|
systemd-networkd
|
|
%end
|
|
|
|
services --enabled systemd-networkd,systemd-resolved --disabled systemd-homed,systemd-nsresourced,systemd-nsresourced.socket,systemd-userdbd,systemd-userdbd.socket
|
|
|
|
%addon com_redhat_kdump --disable
|
|
%end
|
|
|
|
%post --erroronfail
|
|
export NO_PROXY='pyrocufflink.blue,*.pyrocufflink.blue'
|
|
|
|
echo uninitialized > /etc/machine-id
|
|
|
|
echo 'install_weak_deps=0' >> /etc/dnf/dnf.conf
|
|
echo 'deltarpm=0' >> /etc/dnf/dnf.conf
|
|
echo '%_excludedocs 1' >> /etc/rpm/macros
|
|
|
|
# Set the hostname
|
|
hostname -f > /etc/hostname
|
|
|
|
# Trust SSHCA to authenticate users
|
|
curl -fsSL https://sshca.pyrocufflink.blue/user/ca > /etc/ssh/ca.pub
|
|
test -s /etc/ssh/ca.pub || exit
|
|
cat >> /etc/ssh/sshd_config.d/70-trustedusercakeys.conf <<'EOF'
|
|
TrustedUserCAKeys /etc/ssh/ca.pub
|
|
EOF
|
|
|
|
# Configure networking with systemd-networkd
|
|
# Use MAC address as client ID to keep the same lease from Anaconda
|
|
rm -rf /etc/sysconfig/network-scripts /etc/sysconfig/network
|
|
cat > /etc/systemd/network/99-default.network <<EOF
|
|
[Match]
|
|
Name=en*
|
|
Type=ether
|
|
|
|
[Network]
|
|
DHCP=true
|
|
|
|
[DHCPv4]
|
|
ClientIdentifier=mac
|
|
UseDomain=true
|
|
EOF
|
|
ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
|
|
|
|
# systemd-getty-generator is broken in F40
|
|
if [ $(rpm -E %fedora) -eq 40 ]; then
|
|
console=$(cat /sys/class/tty/console/active)
|
|
case "${console}" in
|
|
ttyS*)
|
|
systemctl enable serial-getty@$console
|
|
;;
|
|
esac
|
|
fi
|
|
|
|
# Enable read-only rootfs. This cannot be done with part/logvol, as that would
|
|
# make Anaconda mount it read-only befor the installation starts.
|
|
#sed -i -r '/\S+\s+\/\s+/s/defaults/ro/' /etc/fstab
|
|
%end
|