86 lines
2.9 KiB
HCL
86 lines
2.9 KiB
HCL
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
|
|
# WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
|
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
|
|
# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
|
|
# Rocky Linux 9
|
|
|
|
### Installs from the first attached CD-ROM/DVD on the system.
|
|
cdrom
|
|
|
|
### Performs the kickstart installation in text mode.
|
|
### By default, kickstart installations are performed in graphical mode.
|
|
text
|
|
|
|
### Accepts the End User License Agreement.
|
|
eula --agreed
|
|
|
|
### Sets the language to use during installation and the default language to use on the installed system.
|
|
lang ${vm_os_language}
|
|
|
|
### Sets the default keyboard type for the system.
|
|
keyboard ${vm_os_keyboard}
|
|
|
|
### Configure network information for target system and activate network devices in the installer environment (optional)
|
|
### --onboot enable device at a boot time
|
|
### --device device to be activated and / or configured with the network command
|
|
### --bootproto method to obtain networking configuration for device (default dhcp)
|
|
### --noipv6 disable IPv6 on this device
|
|
${network}
|
|
|
|
### Lock the root account.
|
|
rootpw --lock
|
|
|
|
### The selected profile will restrict root login.
|
|
### Add a user that can login and escalate privileges.
|
|
user --name=${build_username} --iscrypted --password=${build_password_encrypted} --groups=wheel
|
|
|
|
### Configure firewall settings for the system.
|
|
### --enabled reject incoming connections that are not in response to outbound requests
|
|
### --ssh allow sshd service through the firewall
|
|
firewall --enabled --ssh
|
|
|
|
### Sets up the authentication options for the system.
|
|
### The SSSD profile sets sha512 to hash passwords. Passwords are shadowed by default
|
|
### See the manual page for authselect-profile for a complete list of possible options.
|
|
authselect select sssd
|
|
|
|
### Sets the state of SELinux on the installed system.
|
|
### Defaults to enforcing.
|
|
selinux --enforcing
|
|
|
|
### Sets the system time zone.
|
|
timezone ${vm_os_timezone}
|
|
|
|
### Partitioning
|
|
${storage}
|
|
|
|
### Modifies the default set of services that will run under the default runlevel.
|
|
services --enabled=NetworkManager,sshd
|
|
|
|
### Do not configure X on the installed system.
|
|
skipx
|
|
|
|
### Packages selection.
|
|
%packages --ignoremissing --excludedocs
|
|
@core
|
|
-iwl*firmware
|
|
%end
|
|
|
|
### Post-installation commands.
|
|
%post
|
|
dnf makecache
|
|
dnf install epel-release -y
|
|
dnf makecache
|
|
dnf install -y sudo qemu-guest-tools
|
|
%{ if additional_packages != "" ~}
|
|
dnf install -y ${additional_packages}
|
|
%{ endif ~}
|
|
echo "${build_username} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/${build_username}
|
|
sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers
|
|
%end
|
|
|
|
### Reboot after the installation is complete.
|
|
### --eject attempt to eject the media before rebooting.
|
|
reboot --eject
|