# Use text mode install text reboot %packages @^minimal-environment %end # SELinux configuration selinux --enforcing # Keyboard layouts keyboard --vckeymap=us-acentos --xlayouts='us (intl)' # System language lang en_US.UTF-8 # Network information network --onboot=yes --device=eth0 --bootproto=static --ip=192.168.122.100 --netmask=255.255.255.0 --gateway=192.168.122.1 --nameserver=192.168.122.1 network --hostname=centos # Use network installation url --url=@COMPOSE@ firstboot --enable # Do not configure the X Window System skipx # Basic services services --enabled=sshd ignoredisk --only-use=vda # Partition clearing information clearpart --all --initlabel --drive=vda # Disk partitioning information autopart --type=lvm --nohome --encrypted --luks-version=luks2 --pbkdf=pbkdf2 --pbkdf-iterations=1000 --pbkdf-memory=64 --passphrase=centos %post --erroronfail --interpreter /bin/bash printf "Changing output to TTY 3; press Alt-F3 to view\r\n" > /dev/tty1 { dnf update -y mkdir -m0700 /root/.ssh/ cat </root/.ssh/authorized_keys @PUBKEY@ EOF chmod 0600 /root/.ssh/authorized_keys restorecon -R /root/.ssh/ # Build and install clevis. dnf config-manager -y --set-enabled PowerTools || dnf config-manager -y --set-enabled powertools dnf -y install epel-release dnf-utils dnf -y install dracut-network nmap-ncat git meson gcc libjose-devel \ jq libluksmeta-devel jansson-devel cracklib-dicts \ luksmeta jose tpm2-tools git clone https://github.com/@TRAVIS_REPO_SLUG@.git @TRAVIS_REPO_SLUG@ cd @TRAVIS_REPO_SLUG@ git checkout -qf @TRAVIS_COMMIT@ mkdir build && pushd build meson .. --prefix=/usr ninja install # Setup NBDE. TANG=192.168.122.1 curl "${TANG}/adv" -o adv.jws cfg=$(printf '{"url":"%s","adv":"adv.jws"}' "${TANG}") for dev in $(lsblk -p -n -s -r | awk '$6 == "crypt" { getline; print $1 }' | sort -u); do clevis luks bind -f -d "${dev}" tang "${cfg}" <<< centos done mkdir -p /etc/dracut.conf.d/ cat </etc/dracut.conf.d/clevis.conf kernel_cmdline="rd.neednet=1 ip=192.168.122.100::192.168.122.1:255.255.255.0::eth0:none:192.168.122.1" EOF dracut -f --regenerate-all } 2>&1 | tee /root/postinstall.log > /dev/tty3 %end # System timezone timezone America/Fortaleza --utc # Root password rootpw --plaintext centos %addon com_redhat_kdump --disable --reserve-mb='128' %end