fedora.cfg.in 2.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384
  1. # Use text mode install
  2. text
  3. reboot
  4. %packages
  5. @^minimal-environment
  6. %end
  7. # SELinux configuration
  8. selinux --enforcing
  9. # Keyboard layouts
  10. keyboard --vckeymap=us-acentos --xlayouts='us (intl)'
  11. # System language
  12. lang en_US.UTF-8
  13. # Network information
  14. network --onboot=yes --device=eth0 --bootproto=static --ip=192.168.122.100 --netmask=255.255.255.0 --gateway=192.168.122.1 --nameserver=192.168.122.1
  15. network --hostname=fedora
  16. firstboot --enable
  17. # Do not configure the X Window System
  18. skipx
  19. # Basic services
  20. services --enabled=sshd
  21. ignoredisk --only-use=vda
  22. # Partition clearing information
  23. clearpart --all --initlabel --drive=vda
  24. # Disk partitioning information
  25. autopart --type=lvm --nohome --encrypted --luks-version=luks2 --pbkdf=pbkdf2 --pbkdf-iterations=1000 --pbkdf-memory=64 --passphrase=fedora
  26. %post --erroronfail --interpreter /bin/bash
  27. printf "Changing output to TTY 3; press Alt-F3 to view\r\n" > /dev/tty1
  28. {
  29. dnf update -y
  30. mkdir -m0700 /root/.ssh/
  31. cat <<EOF >/root/.ssh/authorized_keys
  32. @PUBKEY@
  33. EOF
  34. chmod 0600 /root/.ssh/authorized_keys
  35. restorecon -R /root/.ssh/
  36. # Build and install clevis.
  37. dnf -y install dnf-utils
  38. dnf -y builddep clevis
  39. dnf -y install dracut-network nmap-ncat
  40. git clone https://github.com/@TRAVIS_REPO_SLUG@.git @TRAVIS_REPO_SLUG@
  41. cd @TRAVIS_REPO_SLUG@
  42. git checkout -qf @TRAVIS_COMMIT@
  43. mkdir build && pushd build
  44. meson .. --prefix=/usr
  45. ninja install
  46. # Setup NBDE.
  47. TANG=192.168.122.1
  48. curl "${TANG}/adv" -o adv.jws
  49. cfg=$(printf '{"url":"%s","adv":"adv.jws"}' "${TANG}")
  50. for dev in $(lsblk -p -n -s -r | awk '$6 == "crypt" { getline; print $1 }' | sort -u); do
  51. clevis luks bind -f -d "${dev}" tang "${cfg}" <<< fedora
  52. done
  53. mkdir -p /etc/dracut.conf.d/
  54. cat <<EOF >/etc/dracut.conf.d/clevis.conf
  55. kernel_cmdline="rd.neednet=1 ip=192.168.122.100::192.168.122.1:255.255.255.0::eth0:none:192.168.122.1"
  56. EOF
  57. dracut -f --regenerate-all
  58. } 2>&1 | tee /root/postinstall.log > /dev/tty3
  59. %end
  60. # System timezone
  61. timezone America/Fortaleza --utc
  62. # Root password
  63. rootpw --plaintext fedora
  64. %addon com_redhat_kdump --disable --reserve-mb='128'
  65. %end