##
## Environment setup
##

# Where to fetch the installation tree
url --url=http://192.168.122.1:8080/centos/10-stream/BaseOS/$basearch/os/

# Add the local mirrors as repositories
repo --name=epel --baseurl=http://192.168.122.1:8080/epel/10/Everything/$basearch/
repo --name=baseos --baseurl=http://192.168.122.1:8080/centos/10-stream/BaseOS/$basearch/os/

# Install mode: text (interactive installs) or cmdline (unattended installs)
text

# Hash password with SHA-512
authselect --enableshadow --passalgo=sha512

# French keyboard layout
keyboard --vckeymap=fr --xlayouts='fr'

# English i18n
lang en_US.UTF-8

# Accept the EULA
eula --agreed

# Which action to perform after install: poweroff or reboot
poweroff

##
## network configuration
##

# Configure the network
network  --bootproto=dhcp --device=enp1s0 --noipv6 --activate

# Set the hostname
network  --hostname=localhost.localdomain

# Timezone is GMT
timezone Etc/GMT --utc

##
## partitioning
##

# Install on /dev/vda
ignoredisk --only-use=vda

# Install Grub in the MBR of /dev/vda
bootloader --location=mbr --boot-drive=vda

# Clear the target disk
zerombr

# Remove existing partitions
clearpart --all --initlabel

# Automatically create partitions required by hardware platform
reqpart

# Create the root partition
part / --fstype xfs --size=1 --grow --asprimary --label=root

##
## User Accounts
##

# Generate an encrypted password with "openssl passwd -6"
rootpw --lock
user --groups=wheel --name=admin --iscrypted --password=$6$REDACTED --gecos="Administrator"

# Inject the SSH key of the admin
sshkey --username admin "ssh-ed25519 REDACTED user@host"

##
## SELinux and Firewalld
##

selinux --enforcing
firewall --enabled --ssh

## 
## Software Packages
##

%packages --ignoremissing
epel-release
htop
%end

##
## Install scripts
##

%post --interpreter=/bin/bash

# Remove all metalink to prevent all repositories from using on-line mirrors
sed -i 's/^metalink=.*//; T; d' /etc/yum.repos.d/*.repo

# Disable all repositories
dnf config-manager --setopt=*.enabled=0 --save

# Fix the base URL of the repositories for which we have a local mirror and enable them.
dnf config-manager --setopt=epel.baseurl=http://192.168.122.1:8080/epel/10/Everything/\$basearch/ --setopt=epel.enabled=1 --save
dnf config-manager --setopt=baseos.baseurl=http://192.168.122.1:8080/centos/10-stream/BaseOS/\$basearch/os/ --setopt=baseos.enabled=1 --save

# Disable password authentication over SSH
sed -i.post-install -e "s/PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config
service sshd restart

# Do not ask password for sudo
sed -i.post-install -e "s/^%wheel\tALL=(ALL)\tALL/%wheel  ALL=(ALL)       NOPASSWD: ALL/" /etc/sudoers

%end