Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Rocky Linux 9 Kickstart #20

Open
OhMyMndy opened this issue Apr 8, 2023 · 0 comments
Open

Rocky Linux 9 Kickstart #20

OhMyMndy opened this issue Apr 8, 2023 · 0 comments

Comments

@OhMyMndy
Copy link
Owner

OhMyMndy commented Apr 8, 2023
edited
Loading 

# see https://access.redhat.com/solutions/5509
# see https://www.golinuxhub.com/2018/05/sample-kickstart-partition-example-raid/
# see https://access.redhat.com/labs/kickstartconfig/
# see https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/installation_guide/sect-kickstart-howto#sect-kickstart-installation-starting-automatic

lang en_US
keyboard --xlayouts='us'
timezone Europe/Amsterdam --utc
rootpw $2b$10$OZTWYTc5xlmwIc0Lrp/x3u3xFgAEBMy5J4Xa9YMmprCbshtoKShw. --iscrypted

user --name=mandy --groups=wheel --iscrypted --password=$2b$10$OZTWYTc5xlmwIc0Lrp/x3u3xFgAEBMy5J4Xa9YMmprCbshtoKShw.

reboot --eject
cdrom
bootloader --append="rhgb quiet crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M"
zerombr

clearpart --all --initlabel



part /boot --size 1024 --asprimary --fstype=ext4 --ondrive=sda
part swap --ondisk=sda --size=2048

part pv.01 --size=1 --grow --fstype=lmpv --ondrive=sda

volgroup vg_root pv.01



logvol  /tmp  --vgname=vg_root  --size=2048  --name=lv_tmp
logvol  /var  --vgname=vg_root  --size=8192  --name=lv_var
logvol  /var/log  --vgname=vg_root  --size=4096  --name=lv_var_log
logvol  /var/log/audit  --vgname=vg_root  --size=4096  --name=lv_var_log_audit
logvol  /var/tmp  --vgname=vg_root  --size=4096  --name=lv_var_tmp

# Set to a certain size so the Post step can install stuff, before the grow step ran on the first boot
logvol / --vgname=vg_root --name=root --fstype=xfs --size=8192 --grow


network --bootproto=dhcp
firstboot --disable
selinux --enforcing
firewall --enabled --ssh

%addon com_redhat_oscap
content-type = scap-security-guide
profile = xccdf_org.ssgproject.content_profile_ospp
%end

%post --interpreter=/bin/bash --log=/var/log/ks-post.log
set -x

df -h

dnf install update -y --refresh
dnf install epel-release -y

dnf install -y tig htop
dnf install -y kernel-devel kernel-debug-devel dkms

dnf install -y https://download.falco.org/packages/rpm/falco-0.0.0-x86_64.rpm

systemctl enable falco-modern-bpf

sed -i '/^user.max_user_namespaces/d' /etc/sysctl.conf

cat <<EOL | tee /etc/sysctl.d/99-z-podman.conf
net.ipv4.ip_unprivileged_port_start = 80
user.max_user_namespaces = 31477
EOL

# see https://access.redhat.com/solutions/5488251
# /usr/bin/eject -i 0
# /usr/bin/eject -r
%end

%packages
@^graphical-server-environment
@hardware-monitoring
@network-tools
curl
vim
tmux
git
%end
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@OhMyMndy