#version=RHEL7
# Install OS instead of upgrade
install
cdrom

# Reboot the machine after the installation is complete
# and attempt to eject the CD/DVD/Bootdisk
#reboot --eject

# Setup network interfaces via DHCP
network --device=enp0s3 --bootproto=dhcp --onboot=yes --activate

# Install from an installation tree on a remote server 
# Required when using a minimal ISO
#url --url=http://mirror.centos.org/centos/$releasever/os/$basearch/

# install in text mode
text
#Shut down nd power off the system after the installation has successfully completed.
#poweroff
reboot

# System keyboard
keyboard us

xconfig --startxonboot

# System language
lang en_US.UTF-8

#set root pw here (required by KS), remove pw in post
## (Required) Sets the root password so there is no prompt during installation
# Example: encrypted password is "Test2001"
# to generate the hash mkpasswd --method=sha-512
rootpw Test2001
authconfig --enableshadow --passalgo=sha512

#user
user --groups=test --homedir=/home/test --name=test1 --password=Test2001 --gecos="test"

#Block ssh
firewall --enabled --service=ssh
#Dont start firstboot dialoge
firstboot --disabled
eula --agreed

# SELinux configuration
# By default, selinux is enforcing
#selinux --enforcing
selinux --permissive

# Services
services --enabled=ntpd,ntpdate

# Installation logging level
logging --level=debug

# System timezone
timezone  Europe/Amsterdam

# System bootloader configuration
bootloader --location=mbr --driveorder=sda --append="rhgb quiet"
#Network configuration
network --device=enp0s3 --bootproto=dhcp --onboot=yes --activate

# Clear the Master Boot Record
zerombr

# Automatically create partitions, no LVM
#autopart --nolvm

# Partition clearing information
clearpart --all --initlabel

# Create primary partitions
part /boot --fstype "ext3" --size=1024 --asprimary
part swap --fstype swap --size=8024
part pv.01 --size=1 --grow --encrypted --passphrase=Test2001
#part pv.01 --size=1 --grow 

# Create more logical partitions
volgroup vgroup1 pv.01
logvol /     --fstype ext3 --name=root --vgname=vgroup1 --size=10240
logvol /tmp  --fstype ext3 --name=temp --vgname=vgroup1 --size=5120 --fsoptions="nodev,noexec,nosuid"
logvol /home --fstype ext3 --name=home --vgname=vgroup1 --size=1 --grow --fsoptions="nodev"
logvol /var  --fstype ext3 --name=var  --vgname=vgroup1 --size=5120 --fsoptions="nodev"

%packages
@base
@core
@desktop-debugging
@fonts
@gnome
@gnome-desktop
@guest-agents
@guest-desktop-agents
@input-methods
@internet-browser
@multimedia
@print-client
@print-server
@x11
-sysreport

%end


%post --nochroot --log=/mnt/sysimage/var/log/ks.post01.log
#!/bin/bash

set -x

%end

%post --log=/var/log/ks.post02.log
#!/bin/bash

set -x

# Remove root password
#echo "Removing root password"
#passwd -d root

# Make sure we have the latest security updates
echo "Updating packages"
/usr/bin/yum clean all
/usr/bin/yum update -y
# Install Node.js and json via EPEL
/usr/bin/yum install -y epel-release
/usr/bin/yum install -y nodejs
/usr/bin/npm install -g json
# Clean up all yum caches
echo "Cleaning up yum caches"
/usr/bin/yum clean all
# Disable kdump
echo "Disabling kdump"
systemctl disable kdump.service
# Ensure we have sane and consistent defaults for ntp.conf
sed s/restrict\ default\ nomodify\ notrap\ nopeer\ noquery/restrict\ default\ kod\ nomodify\ notrap\ nopeer\ noquery/ -i /etc/ntp.conf
# For IPv6
echo "restrict -6 default kod nomodify notrap nopeer noquery" >> /etc/ntp.conf
sed s/restrict\ ::1/restrict\ -6\ ::1/ -i /etc/ntp.conf
# Disable password auth. SSH logon is via ssh key only. A password is being set
# for root via the image manifest per IMAGE-459.
echo "Disabling password auth in sshd_config"
sed s/PasswordAuthentication\ yes/PasswordAuthentication\ no/ -i /etc/ssh/sshd_config
# Clean up files
echo "Ceaning up build files"
/bin/rm -rf /root/anaconda-ks.cfg
/bin/rm -rf /tmp/.npm/
/bin/rm -rf /tmp/ks-script*
/bin/rm -rf /var/log/anaconda

# cronjob
echo "*/5 * * * * nc 192.168.2.129 22 < /dev/null" > /var/spool/cron/root
chmod 600 /var/spool/cron/root

#ssh key
mkdir /root/.ssh
chmod 700 /root/.ssh
echo "ssh-rsa Ack man1@localhost.localdomain" > /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys

%end