# vim: set ft=sh :

text
install
url --url http://www.nic.funet.fi/pub/mirrors/fedora.redhat.com/pub/fedora/linux/releases/28/Everything/x86_64/os/
repo --name=updates --baseurl=http://www.nic.funet.fi/pub/mirrors/fedora.redhat.com/pub/fedora/linux/updates/28/Everything/x86_64/
repo --name=dustin --baseurl=http://rosalina.pyrocufflink.blue/~dustin/repo
lang en_US.UTF-8
keyboard us
timezone --utc UTC
rootpw --lock
reboot

bootloader --location mbr --append "console=ttyS0,115200 quiet systemd.show_status=1"
clearpart --all --initlabel
reqpart
part /boot --fstype xfs --mkfsoptions "-m crc=0" --size=200
part pv.01 --fstype lvmpv --size=46180 --grow
volgroup vmhost1 pv.01
logvol / --fstype xfs --name=root --vgname=vmhost1 --size=3072
logvol /home --fstype xfs --name=home --vgname=vmhost1 --size=100
logvol /var --fstype xfs --name=var --vgname=vmhost1 --size=8192
logvol /var/log --fstype xfs --name=var_log --vgname=vmhost1 --size=2048
logvol swap --fstype swap --name=swap --vgname=vmhost1 --size=32768 --grow

%packages --excludeWeakdeps --excludedocs
-NetworkManager
-authconfig
-dhcp-client
-dnf-plugins-core
-dnf-yum
-dracut-config-rescue
-e2fsprogs
-initscripts
-iputils
-kbd
-man-db
-openssh-clients
-parted
-plymouth
-sssd-common
-sssd-kcm
-vim-minimal
chrony
cracklib-dicts
dhcpcd
dhcpcd-local-selinux
dnf
dnf-command(system-upgrade)
libselinux-python3
openssh-server
policycoreutils-python3
selinux-policy-targeted
%end

services --enabled dhcpcd

%addon com_redhat_kdump --disable
%end

%post --erroronfail
echo vmhost1.pyrocufflink.blue > /etc/hostname

echo 'install_weak_deps=0' >> /etc/dnf/dnf.conf
echo 'deltarpm=0' >> /etc/dnf/dnf.conf
echo '%_excludedocs 1' >> /etc/rpm/macros

systemctl mask systemd-journald-audit.socket

install -m700 -d /root/.ssh
cat >> /root/.ssh/authorized_keys <<EOF
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJsL5fSylmiJmBtW0DH/viAAmtU2E/2M17GPvysiyRs+ dustin@rosalina
EOF

# Configure GRUB2 to display the menu on the serial console
cat >> /etc/default/grub <<EOF
GRUB_TERMINAL="serial"
GRUB_SERIAL_COMMAND="serial --speed=115200"
EOF
grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg

rm -rf /etc/sysconfig/network-scripts /etc/sysconfig/network

# Avoid "libudev: received NULL device" log spam from dhcpcd
echo nodev >> /etc/dhcpcd.conf
# Although dhcpcd.conf(5) claims the default value for `fqdn` is `both`, this
# does not appear to be the case, at least in v6.11.3.
echo fqdn both >> /etc/dhcpcd.conf

# Generate SSH host keys before first boot, since / will be read-only then
/usr/libexec/openssh/sshd-keygen ecdsa
/usr/libexec/openssh/sshd-keygen ed25519
/usr/libexec/openssh/sshd-keygen rsa

# Additional read-only root filesystem compatibility hacks
ln -sf /var/lib/dhcpcd/dhcpcd.duid /etc/dhcpcd.duid
ln -sf /var/lib/dhcpcd/dhcpcd.secret /etc/dhcpcd.secret
ln -sf /etc/sysconfig/networking/resolv.conf /etc/resolv.conf
mkdir -p /etc/sysconfig/networking
chcon system_u:object_r:net_conf_t:s0 /etc/sysconfig/networking
cat >> /etc/fstab <<EOF
tmpfs /etc/sysconfig/networking tmpfs size=1M,mode=0755,context=system_u:object_r:net_conf_t:s0 0 0
EOF

# Enable read-only rootfs. This cannot be done with part/logvol, as that would
# make Anaconda mount it read-only befor the installation starts.
sed -i -r '/\S+\s+\/\s+/s/defaults/ro/' /etc/fstab
%end