##
## Environment setup
##

# CentOS Stream mirror URL
url --url=http://ftp.pasteur.fr/mirrors/CentOS/8-stream/BaseOS/x86_64/os/

# Install mode: text (interactive installs) or cmdline (unattended installs)
# cmdline
text

# Hash password with SHA-512
authselect --enableshadow --passalgo=sha512

# French keyboard layout
keyboard --vckeymap=fr --xlayouts='fr'

# English i18n
lang en_US.UTF-8

# Accept the EULA
eula --agreed

# Which action to perform after install: poweroff or reboot
poweroff

##
## network configuration
##

# Configure the first network device
network  --bootproto=dhcp --device=enp1s0 --noipv6 --activate

# Set the hostname
network  --hostname=localhost.localdomain

# Timezone is GMT
timezone Etc/GMT --utc

##
## partitioning
##

# Install on /dev/vda
ignoredisk --only-use=vda

# Install Grub in the MBR of /dev/vda
bootloader --location=mbr --boot-drive=vda

# Clear the target disk
zerombr

# Remove existing partitions
clearpart --all --initlabel

# Automatically create partitions required by hardware platform
reqpart

# Create the root partition
part / --fstype xfs --size=1 --grow --asprimary --label=root

##
## User Accounts
##

# Generate encrypted password with "openssl passwd -6"
rootpw --lock
user --groups=wheel --name=nicolas --iscrypted --password=$6$XUTB20jVVXIqh78k$L1A9Lft5JlbOtNbeDP.fOZ5giLl09LfJGGCon5uwtsIhPJoNkj4SIk08Rb6vSowOps2ik5tlUwT2ZOZ6jjr7.0 --gecos="Nicolas MASSE"

# Inject the SSH key of nicolas
sshkey --username nicolas "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR1tt58X0+vbvsCR12gMAqr+g7vjt1Fx/qqz9EiboIs nicolas@localhost.localdomain"

##
## SELinux and Firewalld
##

selinux --enforcing
firewall --enabled --ssh

## 
## Software Packages
##

%packages --ignoremissing
@core
@^minimal
net-tools
hdparm
iptraf
iotop
vim-enhanced
tmux
rsync
tree
unzip
tar
tcpdump
telnet
strace
bind-utils
%end

##
## Install scripts
##

%post --interpreter=/bin/bash

# Enable KVM virsh console access
systemctl enable serial-getty@ttyS0.service
systemctl start serial-getty@ttyS0.service

# Help identify when logged in as root
echo "PS1='\[\033[01;31m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]# '" >> /root/.bashrc

# Regular users get a different prompt
echo "PS1='\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '" >> /etc/skel/.bashrc
echo "PS1='\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '" >> /home/nicolas/.bashrc

# Disable password authentication over SSH
sed -i.post-install -e "s/PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config
service sshd restart

# Do not ask password for sudo
sed -i.post-install -e "s/^%wheel\tALL=(ALL)\tALL/%wheel  ALL=(ALL)       NOPASSWD: ALL/" /etc/sudoers

%end