Last active
August 1, 2017 20:27
-
-
Save hoto/4c48aefbc3e1d7600f43200ff0eed530 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# cgdisk is graphical | |
sudo cgdisk /dev/sda | |
sgdisk -o /dev/sda | |
sgdisk -n 1::+256MiB -u 1:fbf5660e-0474-4361-8b8f-22d8049e6920 -t 1:EF00 /dev/sda | |
sgdisk -n 2::+1024MiB -u 2:05ee6a32-f7ca-4379-9ac9-80cf6c63933b -t 2:8300 /dev/sda | |
sgdisk -n 3::+20480MiB -u 3:c522f8fe-01ee-433d-8642-e0c897e817aa -t 3:8304 /dev/sda | |
sgdisk -n 4::-9MiB -u 4:a086c08d-49f8-48ba-918d-e38d912d734b -t 3:BF01 /dev/sda | |
sgdisk -n 9::+8MiB -u 9:c3935f60-0315-427c-ac5b-db1808a72112 -t 3:BF07 /dev/sda | |
dd if=/dev/urandom of=/dev/sda3 bs=1MiB count=10 | |
PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom|head -c 12) | |
dd bs=512 count=4 if=/dev/urandom of=/tmp/c522f8fe-01ee-433d-8642-e0c897e817aa.key | |
echo -ne "$PASSWD" | cryptsetup -q luksFormat /dev/sda3 - | |
echo -ne "$PASSWD" | cryptsetup -q luksAddKey /dev/sda3 /tmp/c522f8fe-01ee-433d-8642-e0c897e817aa.key - | |
cryptsetup -v isLuks /dev/sda3 && echo cryptsetup luksFormat: Success | |
luksuuid=`cryptsetup luksUUID /dev/sda3` | |
echo "luks UUID: $luksuuid" | |
diskuuid=`blkid -s UUID -o value /dev/sda3` | |
echo "disk UUID: $diskuuid" | |
# generate the proper part line with the luks uuid | |
echo "partition / --fstype=xfs --onpart=UUID=$luksuuid --noformat --encrypted --passphrase='$PASSWD'" > /tmp/part-include | |
#echo "part / --fstype=xfs --onpart=UUID=$luksuuid --noformat" > /tmp/part-include | |
echo "user --groups=wheel --name=marcin.skarbek --plaintext --password='$PASSWD' --gecos='Marcin Skarbek'" > /tmp/user-include | |
echo "Opening device luks-$luksuuid" | |
echo -ne "$PASSWD" | cryptsetup -q luksOpen /dev/sda3 luks-$luksuuid - | |
echo "Info about device luks-$luksuuid" | |
dmsetup info luks-$luksuuid | |
echo "Create xfs filesystem on luks-$luksuuid" | |
mkfs.xfs -q /dev/mapper/luks-$luksuuid | |
## create entry in /etc/crypttab: | |
#echo 'echo "" >> /etc/crypttab' > /tmp/luks-include | |
#echo 'echo "# kickstart: add luks device" >> /etc/crypttab' >> /tmp/luks-include | |
#echo "echo "luks-$luksuuid UUID=$diskuuid none allow-discards luks" >> /etc/crypttab" >> /tmp/luks-include | |
#echo 'chmod 744 /etc/crypttab' >> /tmp/luks-include | |
#echo 'chown root:root /etc/crypttab' >> /tmp/luks-include | |
# | |
## create entry in /etc/fstab | |
#echo 'echo "" >> /etc/fstab' >> /tmp/luks-include | |
#echo 'echo "# kickstart: add luks device" >> /etc/fstab' >> /tmp/luks-include | |
#echo "echo "/dev/mapper/luks-$luksuuid / xfs defaults 0 0" >> /etc/fstab" >> /tmp/luks-include | |
echo $PASSWD | |
read -rsp $'Press any key to continue...\n' -n 1 key | |
# System authorization information | |
auth --enableshadow --passalgo=sha512 | |
url --url http://mirror.bytemark.co.uk/fedora/linux/releases/25/Workstation/x86_64/os/ | |
# Use graphical install | |
graphical | |
#text | |
#cmdline | |
# Run the Setup Agent on first boot | |
firstboot --enable | |
ignoredisk --only-use=sda | |
# Keyboard layouts | |
keyboard --vckeymap=pl2 --xlayouts='pl','us' | |
# System language | |
lang en_US.UTF-8 | |
# Network information | |
network --hostname=rpmq43 | |
# Root password | |
#rootpw --iscrypted $6$Cxfcfn6vFy1z7L1i$ZtosT9zd7jKFQPKRibHWVsXdvPsWkE3Ma7u9cnnFQNUcEQIkZ0xMx2jqRm41yoFdsIl63uxKROtHZMk38h5PS0 | |
# System services | |
services --enabled="chronyd sshd" | |
# System timezone | |
timezone Europe/Warsaw --isUtc | |
%include /tmp/user-include | |
# X Window System configuration information | |
xconfig --startxonboot | |
# System bootloader configuration | |
bootloader --location=mbr --boot-drive=sda | |
# Partition clearing information | |
#clearpart --none --initlabel | |
# Disk partitioning information | |
%include /tmp/part-include | |
partition /boot --fstype="xfs" --onpart=/dev/disk/by-partuuid/05ee6a32-f7ca-4379-9ac9-80cf6c63933b | |
partition /boot/efi --fstype="efi" --onpart=/dev/disk/by-partuuid/fbf5660e-0474-4361-8b8f-22d8049e6920 --fsoptions="umask=0077,shortname=winnt" | |
%packages | |
@^workstation-product-environment | |
chrony | |
%end | |
%addon com_redhat_kdump --disable --reserve-mb='128' | |
%end | |
%anaconda | |
pwpolicy root --minlen=0 --minquality=1 --notstrict --nochanges --emptyok | |
pwpolicy user --minlen=12 --minquality=50 --strict --nochanges | |
pwpolicy luks --minlen=12 --minquality=50 --strict --nochanges | |
%end | |
###################################### | |
dnf update -y rpm\* | |
dnf update -y dnf\* | |
dnf update -y dracut\* | |
dnf update -y kernel\* | |
dnf update -y | |
dnf install -y autocorr-pl hunspell-pl hyphen-pl mythes-pl | |
dnf install -y kernel-devel dkms | |
dnf install -y http://download.zfsonlinux.org/fedora/zfs-release$(rpm -E %dist).noarch.rpm | |
#rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-zfsonlinux | |
dnf install -y zfs | |
dnf install -y adobe-source-code-pro-fonts adobe-source-sans-pro-fonts.noarch adobe-source-serif-pro-fonts.noarch tilix ncdu tmux htop | |
#vim /etc/gdm/custom.conf - disable wayland | |
rpm --import https://dl.google.com/linux/linux_signing_key.pub # google chrome | |
dnf install -y https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm | |
rpm --import https://packages.microsoft.com/keys/microsoft.asc # vs code | |
echo -e "[code]\nname=Visual Studio Code\nbaseurl=https://packages.microsoft.com/yumrepos/vscode\nenabled=1\ngpgcheck=1\ngpgkey=https://packages.microsoft.com/keys/microsoft.asc" > /etc/yum.repos.d/vscode.repo | |
dnf install -y code | |
zpool create -m none -o ashift=12 -O relatime=on -O compression=lz4 -O xattr=sa f22aaa92-4170-4d43-a1ec-86448c64bef8 /dev/mapper/luks-7165415a-5db0-4fe8-ae78-91a57830ac55 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment