# CentOS Stream 10 Kickstart configuration
# Installs a minimal system with Docker CE pre-installed
text
lang en_US.UTF-8
keyboard us
timezone Australia/Melbourne --utc
rootpw --lock
user --name=netwiz --groups=wheel
sshkey --username=netwiz "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILyZqtec+t/3p35yib26b1hRvemvu3BuMjVkCFd0/a7m netwiz"
network --bootproto=dhcp --device=link --activate

# Disable SELinux and auditing
selinux --disabled
firewall --disabled
services --disabled=auditd
services --enabled=sshd,NetworkManager,chronyd,postfix

zerombr
clearpart --all --initlabel --disklabel=gpt
bootloader --location=mbr --append="selinux=0 audit=0"
part /boot/efi --fstype=efi --size=600 --fsoptions="umask=0077,shortname=winnt" --asprimary
part / --fstype=xfs --grow --size=4096

# Configure repositories
repo --name="baseos" --baseurl=http://mirror.stream.centos.org/$releasever-stream/BaseOS/x86_64/os/
repo --name="appstream" --baseurl=http://mirror.stream.centos.org/$releasever-stream/AppStream/x86_64/os/

%packages
@^minimal-environment
-*-firmware
-*fonts*
-grub2-tools-extra
-firewalld
-freetype
-hunspell
-langpacks*
-mdadm
-sssd*
bash-completion
chrony
dnf-automatic
git
postfix
systemd-boot-unsigned
vim-enhanced
zstd
%end

%post --log=/root/ks-post.log
echo; echo "- Enable Passwordless sudo..."
sed -i 's/^%wheel/#%wheel/g' /etc/sudoers
sed -i 's/^# %wheel/%wheel/g' /etc/sudoers

echo; echo "- Configuring email aliases..."
echo "root:		netwiz@crc.id.au" >> /etc/aliases
echo "netwiz:		netwiz@crc.id.au" >> /etc/aliases
newaliases

echo; echo "- Tweaking network..."
nmcli connection modify ens18 ipv4.dhcp-send-release true
nmcli connection modify ens18 ipv6.dhcp-send-release true

echo; echo "- Setting up automatic updates..."
HOSTNAME="$(hostname)"
sed -i -e 's/apply_updates = no/apply_updates = yes/' /etc/dnf/automatic.conf
sed -i -e 's/reboot = never/reboot = when-needed/' /etc/dnf/automatic.conf
sed -i -e 's/emit_via = stdio/emit_via = email,stdio/' /etc/dnf/automatic.conf
sed -i -e "s/email_from = root@example.com/email_from = root@${HOSTNAME}/" /etc/dnf/automatic.conf
systemctl enable dnf-automatic.timer --now

echo; echo "- Moving to systemd-boot..."
rm -fR /boot/efi/* /etc/dnf/protected.d/grub* /etc/dnf/protected.d/shim* /boot/grub2
dnf -y remove grub* shim
bootctl install
kernel-install add-all

echo; echo "- Installing Pureline..."
cat << 'EOF' > update-pureline
#!/bin/bash
pushd /opt/
rm -fR /opt/pureline
git clone --depth 1 https://github.com/chris-marsh/pureline.git
EOF

cat << 'EOF' > zzz-pureline.sh
#!/bin/bash

## Only run on TERM != vt*
if [[ ${TERM} == vt* ]]; then
        exit 0
fi

## Install the user config if it exists, or the global default.
if [ -f ~/.pureline.conf ]; then
        source /opt/pureline/pureline ~/.pureline.conf
else
        source /opt/pureline/pureline /opt/pureline/configs/powerline_full_256col.conf
fi
EOF
install -D -o root -g root -m 755 update-pureline /opt/update-pureline
install -D -o root -g root -m 644 zzz-pureline.sh /etc/profile.d/zzz-pureline.sh
rm -f update-pureline zzz-pureline.sh
/opt/update-pureline

# Disable auditd service if present (belt and suspenders)
systemctl disable auditd
%end

reboot