git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
clevis
1
0
Fork 0
Files Pull Requests 0
Tree: f8286be5a8
Branches Tags
clevis
/
.travis
/
dracut
/
fedora.cfg.in

fedora.cfg.in 2.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384 
  1. # Use text mode install
    2. 

  2. text
    3. 

  3. reboot
    4. 

  4. 

  5. %packages
    6. 

  6. @^minimal-environment
    7. 

  7. %end
    8. 

  8. 

  9. # SELinux configuration
    10. 

  10. selinux --enforcing
    11. 

  11. 

  12. # Keyboard layouts
    13. 

  13. keyboard --vckeymap=us-acentos --xlayouts='us (intl)'
    14. 

  14. # System language
    15. 

  15. lang en_US.UTF-8
    16. 

  16. 

  17. # Network information
    18. 

  18. network --onboot=yes --device=eth0 --bootproto=static --ip=192.168.122.100 --netmask=255.255.255.0 --gateway=192.168.122.1 --nameserver=192.168.122.1
    19. 

  19. network  --hostname=fedora
    20. 

  20. firstboot --enable
    21. 

  21. # Do not configure the X Window System
    22. 

  22. skipx
    23. 

  23. 

  24. # Basic services
    25. 

  25. services --enabled=sshd
    26. 

  26. 

  27. ignoredisk --only-use=vda
    28. 

  28. # Partition clearing information
    29. 

  29. clearpart --all --initlabel --drive=vda
    30. 

  30. 

  31. # Disk partitioning information
    32. 

  32. autopart --type=lvm --nohome --encrypted --luks-version=luks2 --pbkdf=pbkdf2 --pbkdf-iterations=1000  --pbkdf-memory=64 --passphrase=fedora
    33. 

  33. 

  34. %post --erroronfail --interpreter /bin/bash
    35. 

  35. printf "Changing output to TTY 3; press Alt-F3 to view\r\n" > /dev/tty1
    36. 

  36. {
    37. 

  37.     dnf update -y
    38. 

  38. 

  39.     mkdir -m0700 /root/.ssh/
    40. 

  40.     cat <<EOF >/root/.ssh/authorized_keys
    41. 

  41. @PUBKEY@
    42. 

  42. EOF
    43. 

  43.     chmod 0600 /root/.ssh/authorized_keys
    44. 

  44.     restorecon -R /root/.ssh/
    45. 

  45. 

  46.     # Build and install clevis.
    47. 

  47.     dnf -y install dnf-utils
    48. 

  48.     dnf -y builddep clevis
    49. 

  49.     dnf -y install dracut-network nmap-ncat
    50. 

  50. 

  51.     git clone https://github.com/@TRAVIS_REPO_SLUG@.git @TRAVIS_REPO_SLUG@
    52. 

  52.     cd @TRAVIS_REPO_SLUG@
    53. 

  53.     git checkout -qf @TRAVIS_COMMIT@
    54. 

  54.     mkdir build && pushd build
    55. 

  55.     meson .. --prefix=/usr
    56. 

  56.     ninja install
    57. 

  57. 

  58.     # Setup NBDE.
    59. 

  59.     TANG=192.168.122.1
    60. 

  60.     curl "${TANG}/adv" -o adv.jws
    61. 

  61.     cfg=$(printf '{"url":"%s","adv":"adv.jws"}' "${TANG}")
    62. 

  62. 

  63.     for dev in $(lsblk -p -n -s -r | awk '$6 == "crypt" { getline; print $1 }' | sort -u); do
    64. 

  64.         clevis luks bind -f -d "${dev}" tang "${cfg}" <<< fedora
    65. 

  65.     done
    66. 

  66. 

  67.     mkdir -p /etc/dracut.conf.d/
    68. 

  68.     cat <<EOF >/etc/dracut.conf.d/clevis.conf
    69. 

  69. kernel_cmdline="rd.neednet=1 ip=192.168.122.100::192.168.122.1:255.255.255.0::eth0:none:192.168.122.1"
    70. 

  70. EOF
    71. 

  71. 

  72.     dracut -f --regenerate-all
    73. 

  73. } 2>&1 | tee /root/postinstall.log > /dev/tty3
    74. 

  74. %end
    75. 

  75. 

  76. # System timezone
    77. 

  77. timezone America/Fortaleza --utc
    78. 

  78. 

  79. # Root password
    80. 

  80. rootpw --plaintext fedora
    81. 

  81. 

  82. %addon com_redhat_kdump --disable --reserve-mb='128'
    83. 

  83. 

  84. %end
    85.