centos.cfg.in 2.4 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091
  1. # Use text mode install
  2. text
  3. reboot
  4. %packages
  5. @^minimal-environment
  6. %end
  7. # SELinux configuration
  8. selinux --enforcing
  9. # Keyboard layouts
  10. keyboard --vckeymap=us-acentos --xlayouts='us (intl)'
  11. # System language
  12. lang en_US.UTF-8
  13. # Network information
  14. network --onboot=yes --device=eth0 --bootproto=static --ip=192.168.122.100 --netmask=255.255.255.0 --gateway=192.168.122.1 --nameserver=192.168.122.1
  15. network --hostname=centos
  16. # Use network installation
  17. url --url=@COMPOSE@
  18. firstboot --enable
  19. # Do not configure the X Window System
  20. skipx
  21. # Basic services
  22. services --enabled=sshd
  23. ignoredisk --only-use=vda
  24. # Partition clearing information
  25. clearpart --all --initlabel --drive=vda
  26. # Disk partitioning information
  27. autopart --type=lvm --nohome --encrypted --luks-version=luks2 --pbkdf=pbkdf2 --pbkdf-iterations=1000 --pbkdf-memory=64 --passphrase=centos
  28. %post --erroronfail --interpreter /bin/bash
  29. printf "Changing output to TTY 3; press Alt-F3 to view\r\n" > /dev/tty1
  30. {
  31. dnf update -y
  32. mkdir -m0700 /root/.ssh/
  33. cat <<EOF >/root/.ssh/authorized_keys
  34. @PUBKEY@
  35. EOF
  36. chmod 0600 /root/.ssh/authorized_keys
  37. restorecon -R /root/.ssh/
  38. # Build and install clevis.
  39. dnf config-manager -y --set-enabled PowerTools || dnf config-manager -y --set-enabled powertools
  40. dnf -y install epel-release dnf-utils
  41. dnf -y install dracut-network nmap-ncat git meson gcc libjose-devel \
  42. jq libluksmeta-devel jansson-devel cracklib-dicts \
  43. luksmeta jose tpm2-tools
  44. git clone https://github.com/@TRAVIS_REPO_SLUG@.git @TRAVIS_REPO_SLUG@
  45. cd @TRAVIS_REPO_SLUG@
  46. git checkout -qf @TRAVIS_COMMIT@
  47. mkdir build && pushd build
  48. meson .. --prefix=/usr
  49. ninja install
  50. # Setup NBDE.
  51. TANG=192.168.122.1
  52. curl "${TANG}/adv" -o adv.jws
  53. cfg=$(printf '{"url":"%s","adv":"adv.jws"}' "${TANG}")
  54. for dev in $(lsblk -p -n -s -r | awk '$6 == "crypt" { getline; print $1 }' | sort -u); do
  55. clevis luks bind -f -d "${dev}" tang "${cfg}" <<< centos
  56. done
  57. mkdir -p /etc/dracut.conf.d/
  58. cat <<EOF >/etc/dracut.conf.d/clevis.conf
  59. kernel_cmdline="rd.neednet=1 ip=192.168.122.100::192.168.122.1:255.255.255.0::eth0:none:192.168.122.1"
  60. EOF
  61. dracut -f --regenerate-all
  62. } 2>&1 | tee /root/postinstall.log > /dev/tty3
  63. %end
  64. # System timezone
  65. timezone America/Fortaleza --utc
  66. # Root password
  67. rootpw --plaintext centos
  68. %addon com_redhat_kdump --disable --reserve-mb='128'
  69. %end