You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
115 lines
2.7 KiB
115 lines
2.7 KiB
##
|
|
## Environment setup
|
|
##
|
|
|
|
# Where to fetch the installation tree
|
|
url --url=http://192.168.122.1:8080/centos/10-stream/BaseOS/$basearch/os/
|
|
|
|
# Add the local mirrors as repositories
|
|
repo --name=epel --baseurl=http://192.168.122.1:8080/epel/10/Everything/$basearch/
|
|
repo --name=baseos --baseurl=http://192.168.122.1:8080/centos/10-stream/BaseOS/$basearch/os/
|
|
|
|
# Install mode: text (interactive installs) or cmdline (unattended installs)
|
|
text
|
|
|
|
# Hash password with SHA-512
|
|
authselect --enableshadow --passalgo=sha512
|
|
|
|
# French keyboard layout
|
|
keyboard --vckeymap=fr --xlayouts='fr'
|
|
|
|
# English i18n
|
|
lang en_US.UTF-8
|
|
|
|
# Accept the EULA
|
|
eula --agreed
|
|
|
|
# Which action to perform after install: poweroff or reboot
|
|
poweroff
|
|
|
|
##
|
|
## network configuration
|
|
##
|
|
|
|
# Configure the network
|
|
network --bootproto=dhcp --device=enp1s0 --noipv6 --activate
|
|
|
|
# Set the hostname
|
|
network --hostname=localhost.localdomain
|
|
|
|
# Timezone is GMT
|
|
timezone Etc/GMT --utc
|
|
|
|
##
|
|
## partitioning
|
|
##
|
|
|
|
# Install on /dev/vda
|
|
ignoredisk --only-use=vda
|
|
|
|
# Install Grub in the MBR of /dev/vda
|
|
bootloader --location=mbr --boot-drive=vda
|
|
|
|
# Clear the target disk
|
|
zerombr
|
|
|
|
# Remove existing partitions
|
|
clearpart --all --initlabel
|
|
|
|
# Automatically create partitions required by hardware platform
|
|
reqpart
|
|
|
|
# Create the root partition
|
|
part / --fstype xfs --size=1 --grow --asprimary --label=root
|
|
|
|
##
|
|
## User Accounts
|
|
##
|
|
|
|
# Generate an encrypted password with "openssl passwd -6"
|
|
rootpw --lock
|
|
user --groups=wheel --name=admin --iscrypted --password=$6$REDACTED --gecos="Administrator"
|
|
|
|
# Inject the SSH key of the admin
|
|
sshkey --username admin "ssh-ed25519 REDACTED user@host"
|
|
|
|
##
|
|
## SELinux and Firewalld
|
|
##
|
|
|
|
selinux --enforcing
|
|
firewall --enabled --ssh
|
|
|
|
##
|
|
## Software Packages
|
|
##
|
|
|
|
%packages --ignoremissing
|
|
epel-release
|
|
htop
|
|
%end
|
|
|
|
##
|
|
## Install scripts
|
|
##
|
|
|
|
%post --interpreter=/bin/bash
|
|
|
|
# Remove all metalink to prevent all repositories from using on-line mirrors
|
|
sed -i 's/^metalink=.*//; T; d' /etc/yum.repos.d/*.repo
|
|
|
|
# Disable all repositories
|
|
dnf config-manager --setopt=*.enabled=0 --save
|
|
|
|
# Fix the base URL of the repositories for which we have a local mirror and enable them.
|
|
dnf config-manager --setopt=epel.baseurl=http://192.168.122.1:8080/epel/10/Everything/\$basearch/ --setopt=epel.enabled=1 --save
|
|
dnf config-manager --setopt=baseos.baseurl=http://192.168.122.1:8080/centos/10-stream/BaseOS/\$basearch/os/ --setopt=baseos.enabled=1 --save
|
|
|
|
# Disable password authentication over SSH
|
|
sed -i.post-install -e "s/PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config
|
|
service sshd restart
|
|
|
|
# Do not ask password for sudo
|
|
sed -i.post-install -e "s/^%wheel\tALL=(ALL)\tALL/%wheel ALL=(ALL) NOPASSWD: ALL/" /etc/sudoers
|
|
|
|
%end
|
|
|