115 lines
3.1 KiB
Django/Jinja
115 lines
3.1 KiB
Django/Jinja
firewall --disabled
|
|
|
|
cdrom
|
|
lang en_US.UTF-8
|
|
keyboard us
|
|
timezone UTC
|
|
|
|
{% if template.networks is defined and template.networks[0].ip is defined and template.networks[0].gateway is defined and template.networks[0].netmask is defined %}
|
|
network --bootproto=static --ip={{ template.networks[0].ip }} --netmask={{ template.networks[0].netmask }} --gateway={{ template.networks[0].gateway }}{% if template.networks[0].dns_servers is defined %} --nameserver={{ template.networks[0].dns_servers|join(',') }}{% endif %}
|
|
{% else %}
|
|
network --bootproto=dhcp
|
|
{% endif %}
|
|
|
|
network --hostname=localhost.localdomain
|
|
rootpw {{ local_administrator_password }}
|
|
authselect --enableshadow --passalgo=sha512
|
|
|
|
{% if template_selinux_enabled is undefined or not template_selinux_enabled %}
|
|
selinux --disabled
|
|
{% endif %}
|
|
text
|
|
skipx
|
|
|
|
eula --agreed
|
|
|
|
bootloader --append="no_timer_check"
|
|
clearpart --all --initlabel
|
|
part /boot/efi --fstype="efi" --size=200 --fsoptions="umask=0077,shortname=winnt" --asprimary
|
|
part /boot --fstype="xfs" --size=1024 --asprimary
|
|
part pv.00 --fstype="lvmpv" --size=1 --grow --asprimary
|
|
volgroup vg00 --pesize=4096 pv.00
|
|
logvol swap --fstype="swap" --size=4096 --name=swap --vgname=vg00
|
|
logvol / --fstype="xfs" --size=1 --grow --name=root --vgname=vg00
|
|
|
|
authselect --useshadow --enablemd5
|
|
firstboot --disabled
|
|
services --enabled=NetworkManager,sshd
|
|
reboot
|
|
# this doesn't seem to work in RHEL 8.0
|
|
#user --name={{ local_account_username }} --plaintext --password {{ local_account_password }} --groups={{ local_account_username }},wheel
|
|
|
|
%packages --ignoremissing --excludedocs
|
|
@Base
|
|
@Core
|
|
openssh-clients
|
|
sudo
|
|
openssl-devel
|
|
readline-devel
|
|
zlib-devel
|
|
kernel-headers
|
|
kernel-devel
|
|
gcc
|
|
make
|
|
perl
|
|
curl
|
|
wget
|
|
ntp
|
|
nfs-utils
|
|
net-tools
|
|
vim
|
|
curl
|
|
unbound-libs
|
|
bzip2
|
|
sshpass
|
|
openssl
|
|
|
|
# unnecessary firmware
|
|
-aic94xx-firmware
|
|
-atmel-firmware
|
|
-b43-openfwwf
|
|
-bfa-firmware
|
|
-ipw2100-firmware
|
|
-ipw2200-firmware
|
|
-ivtv-firmware
|
|
-iwl100-firmware
|
|
-iwl1000-firmware
|
|
-iwl3945-firmware
|
|
-iwl4965-firmware
|
|
-iwl5000-firmware
|
|
-iwl5150-firmware
|
|
-iwl6000-firmware
|
|
-iwl6000g2a-firmware
|
|
-iwl6050-firmware
|
|
-libertas-usb8388-firmware
|
|
-ql2100-firmware
|
|
-ql2200-firmware
|
|
-ql23xx-firmware
|
|
-ql2400-firmware
|
|
-ql2500-firmware
|
|
-rt61pci-firmware
|
|
-rt73usb-firmware
|
|
-xorg-x11-drv-ati-firmware
|
|
-zd1211-firmware
|
|
%end
|
|
|
|
%post
|
|
# update root certs
|
|
# wget -O/etc/pki/tls/certs/ca-bundle.crt https://curl.haxx.se/ca/cacert.pem --no-check-certificate
|
|
# yum reinstall ca-certificates
|
|
|
|
{% if permit_root_login_with_password %}
|
|
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
|
|
{% endif %}
|
|
|
|
# sudo
|
|
groupadd {{ local_account_username }}
|
|
useradd -g {{ local_account_username }} -G {{ local_account_username }},wheel -d /home/{{ local_account_username }} -m -p $(openssl passwd -1 {{ local_account_password }}) {{ local_account_username }}
|
|
yum install -y sudo
|
|
echo "{{ local_account_username }} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/{{ local_account_username }}
|
|
sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers
|
|
{% if template_selinux_enabled is undefined or not template_selinux_enabled %}
|
|
sed -i s'/SELINUX=enforcing/SELINUX=disabled'/g /etc/selinux/config
|
|
{% endif %}
|
|
yum clean all
|
|
%end |