42_Born2beroot-CentOS/kickstart-install/Born2beroot.cfg

# vim: et sw=4 ts=4:
lang        en_US.UTF-8
keyboard    --xlayouts='us (alt-intl)'
graphical
eula        --agreed
reboot      --eject
url         --mirrorlist="https://mirrors.centos.org/mirrorlist?path=/9-stream/BaseOS/x86_64/os"
network     --bootproto=dhcp --device=enp0s3 --ipv6=auto --activate --onboot=true
timezone    Etc/UTC --utc

# Doesn't required by subject
%addon
com_redhat_kdump --disable
%end

# Bonus disk setup
# This sample configuration use a VirtIO SCSI disk at pci-0000:00:0f.0-scsi-0:0:0:0
ignoredisk --only-use=/dev/disk/by-path/pci-0000:00:0f.0-scsi-0:0:0:0
clearpart   --initlabel --all
# /boot cannot be on LVM
part        /boot --fstype="xfs" --ondisk=/dev/disk/by-path/pci-0000:00:0f.0-scsi-0:0:0:0 --size=500 --label=boot
part        pv.42 --fstype="lvmpv" --ondisk=/dev/disk/by-path/pci-0000:00:0f.0-scsi-0:0:0:0 --size=31038 --encrypted --luks-version=luks2 --passphrase=CHANGE_ME
volgroup    LVMGroup --pesize=4096 pv.42
# The hyphen in volume label will be doubled (as in subject).
logvol      /var/log --fstype="xfs" --size=4096 --label="var-log" --name=var-log --vgname=LVMGroup
logvol      /tmp --fstype="xfs" --size=3072 --label="tmp" --name=tmp --vgname=LVMGroup
logvol      /var --fstype="xfs" --size=3072 --label="var" --name=var --vgname=LVMGroup
logvol      /srv --fstype="xfs" --size=3072 --label="srv" --name=srv --vgname=LVMGroup
logvol      /home --fstype="xfs" --size=5120 --label="home" --name=home --vgname=LVMGroup
logvol      swap --fstype="swap" --size=2355 --name=swap --vgname=LVMGroup
logvol      / --fstype="xfs" --size=10240 --label="root" --name=root --vgname=LVMGroup

%packages
@^minimal-environment
@standard
# Useless.
-plymouth
# We don't want the default firewall.
-firewalld
sudo
%end

# Create the user groups requested by subject.
group       --name=user42
group       --name=sudo
# Set initial root account password and lock it from direct login. You still
# are allowed to log as root by using `su -` as another user.
rootpw      --plaintext "CHANGE_ME" --lock

services    --enabled=sshd --disabled=kdump

# Make edition of bootloader boot entries requires authentication (user is
# root).
bootloader  --password="CHANGE_ME"

# Bonus lighttpd user.
# Disallow login and shell access. Set home dir to a proper location for
# services runtime data.
user        --name=lighttpd --homedir=/var/lib/lighttpd --lock --shell=/bin/false

## Local conf ##
# Your unprivileged user.
user        --name=CHANGEME --groups=sudo,user42
# Add your SSH public key to allow password-less login.
sshkey      --username=CHANGE_ME "CHANGE_ME"
# Set system host name.
network     --hostname=CHANGE_ME