68 lines
2.6 KiB
INI
68 lines
2.6 KiB
INI
# vim: et sw=4 ts=4:
|
|
lang en_US.UTF-8
|
|
keyboard --xlayouts='us (alt-intl)'
|
|
graphical
|
|
eula --agreed
|
|
reboot --eject
|
|
url --mirrorlist="https://mirrors.centos.org/mirrorlist?path=/9-stream/BaseOS/x86_64/os"
|
|
network --bootproto=dhcp --device=enp0s3 --ipv6=auto --activate --onboot=true
|
|
timezone Etc/UTC --utc
|
|
|
|
# Doesn't required by subject
|
|
%addon
|
|
com_redhat_kdump --disable
|
|
%end
|
|
|
|
# Bonus disk setup
|
|
# This sample configuration use a VirtIO SCSI disk at pci-0000:00:0f.0-scsi-0:0:0:0
|
|
ignoredisk --only-use=/dev/disk/by-path/pci-0000:00:0f.0-scsi-0:0:0:0
|
|
clearpart --initlabel --all
|
|
# /boot cannot be on LVM
|
|
part /boot --fstype="xfs" --ondisk=/dev/disk/by-path/pci-0000:00:0f.0-scsi-0:0:0:0 --size=500 --label=boot
|
|
part pv.42 --fstype="lvmpv" --ondisk=/dev/disk/by-path/pci-0000:00:0f.0-scsi-0:0:0:0 --size=31038 --encrypted --luks-version=luks2 --passphrase=CHANGE_ME
|
|
volgroup LVMGroup --pesize=4096 pv.42
|
|
# The hyphen in volume label will be doubled (as in subject).
|
|
logvol /var/log --fstype="xfs" --size=4096 --label="var-log" --name=var-log --vgname=LVMGroup
|
|
logvol /tmp --fstype="xfs" --size=3072 --label="tmp" --name=tmp --vgname=LVMGroup
|
|
logvol /var --fstype="xfs" --size=3072 --label="var" --name=var --vgname=LVMGroup
|
|
logvol /srv --fstype="xfs" --size=3072 --label="srv" --name=srv --vgname=LVMGroup
|
|
logvol /home --fstype="xfs" --size=5120 --label="home" --name=home --vgname=LVMGroup
|
|
logvol swap --fstype="swap" --size=2355 --name=swap --vgname=LVMGroup
|
|
logvol / --fstype="xfs" --size=10240 --label="root" --name=root --vgname=LVMGroup
|
|
|
|
%packages
|
|
@^minimal-environment
|
|
@standard
|
|
# Useless.
|
|
-plymouth
|
|
# We don't want the default firewall.
|
|
-firewalld
|
|
sudo
|
|
%end
|
|
|
|
# Create the user groups requested by subject.
|
|
group --name=user42
|
|
group --name=sudo
|
|
# Set initial root account password and lock it from direct login. You still
|
|
# are allowed to log as root by using `su -` as another user.
|
|
rootpw --plaintext "CHANGE_ME" --lock
|
|
|
|
services --enabled=sshd --disabled=kdump
|
|
|
|
# Make edition of bootloader boot entries requires authentication (user is
|
|
# root).
|
|
bootloader --password="CHANGE_ME"
|
|
|
|
# Bonus lighttpd user.
|
|
# Disallow login and shell access. Set home dir to a proper location for
|
|
# services runtime data.
|
|
user --name=lighttpd --homedir=/var/lib/lighttpd --lock --shell=/bin/false
|
|
|
|
## Local conf ##
|
|
# Your unprivileged user.
|
|
user --name=CHANGEME --groups=sudo,user42
|
|
# Add your SSH public key to allow password-less login.
|
|
sshkey --username=CHANGE_ME "CHANGE_ME"
|
|
# Set system host name.
|
|
network --hostname=CHANGE_ME
|