#version=DEVEL

@DISTRIB_BASE_CONFIG@
@NODE_BASE_CONFIG@
@ND_BASE_CONFIG@

# System authorization information
auth --enableshadow --passalgo=sha512

# Use graphical install (graphical is enforce by vnc requested at kernel args)
#text
graphical

# Run the Setup Agent on first boot
firstboot --enable
ignoredisk --only-use=@SYSDISKS@
# Keyboard layouts
keyboard --vckeymap=us --xlayouts='us'
# System language
lang en_US.UTF-8

# Network information (device=link signifies first device link active)
network --device=@ETHDEV@ --bootproto=dhcp --noipv6 --onboot=on --activate
#This still doesn't work
#@SKIP_IP@network --device=@ETHDEV@:1 --bootproto=static --ip=@IP@ --netmask=@NETMASK@ --noipv6 --onboot=on --activate
network  --hostname=@FQDN@


# Partition clearing information
clearpart --all --initlabel --drives=@SYSDISKS@
zerombr

# System bootloader configuration
bootloader --location=mbr --driveorder=@SYSDISKS@ --boot-drive=@BOOTDISK@  --append=" crashkernel=auto @APPEND_SOL@"

#autopart --type=lvm
#reqpart --add-boot

# rpm & iso are supported here
@SKIP_DRIVERDISK@driverdisk --source=http://ufo.kit.edu/ands/kickstart/@DISTRIBUTION@/drivers/@DRIVERDISK@
@STORAGE_CONFIG@


logvol / --vgname=sysvg --size=@SIZE@ --name=lv_root --fstype=ext4
@SKIP_HOME@logvol /home --vgname=sysvg --size=@HOME_SIZE@ --name=lv_home --fstype=ext4 --grow


# Root password (KaaS)
#rootpw --iscrypted $6$ihAbktYN$T36KRAmi8ccjNrE5Y0gEl11Rb/dl3GjemejAJyHVzrAL51/st7aMZ0dqnMIkhubX/gUcPe5LdTlJODC9D/60h0
# Root passowrd (IPE, old and compromised)
#rootpw --iscrypted $6$ioKrEQSxzYypx2HZ$jiynrl6knbmhbL066k.HjmxcwvQwBsT53LPlp2fRdkg2E1E7Gy4gwxaZ0m86rbD6q4dTaWdYfKhDVSij6N1Y7.
# Root password (IPE, mid-secure)
rootpw --iscrypted $6$6qbYQDyLZcG6z9M/$qtkNhr3BB3uJinEZrhE1bTomJtT1qxDiavMadLfCVVM.F5Qv20a30Ovam7TzwUR1.G7bik25I8uNx09Qxl4Fe0
		    
# System services
services --enabled="chronyd"
# System timezone
timezone Europe/Berlin --isUtc --ntpservers=@TIME@
user --groups=wheel --name=csa --uid=1001 --gid=1001  --gecos="Suren A. Chilingaryan"

# SELinux configuration
@SKIP_SECURITY@selinux --disabled

# Do not configure the X Window System
@SKIP_MINIMAL@skipx

install
poweroff


%packages
@CENTOS7@@^minimal
@core
@DISTRIB_PACKAGE_CONFIG@
@NODE_PACKAGE_CONFIG@
@ND_PACKAGE_CONFIG@
chrony
curl
%end

%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end


%pre --log=/var/log/ks01.log

# Stop all md devices
for name in /dev/md?*; do
    dev=$(basename $name)
    echo "Stopping $dev"
    mdadm --manage -S $name
done

ls -la /dev/sd*
ls -la /dev/md*

# Remove md superblocks
if [ -b /dev/@DISK1@ ]; then
    for name in /dev/@DISK1@?*; do
	echo "Removing md superblock on $name"
	mdadm --misc --zero-superblock $name
	dd if=/dev/zero of=$name bs=4096 count=1024
	dd if=/dev/zero of=$name bs=4096 seek=$(( $(blockdev --getsz $name) - 1024 )) count=1024
    done
    dd if=/dev/zero of=/dev/@DISK1@ bs=4096 count=1024
    parted /dev/@DISK1@ --script -- mklabel gpt
fi
if [ -b /dev/@DISK2@ ]; then
    for name in /dev/@DISK2@?*; do
	echo "Removing md superblock on $name"
	mdadm --misc --zero-superblock $name
	dd if=/dev/zero of=$name bs=4096 count=1024
	dd if=/dev/zero of=$name bs=4096 seek=$(( $(blockdev --getsz $name) - 1024 )) count=1024
    done
    dd if=/dev/zero of=/dev/@DISK2@ bs=4096 count=1024
    parted /dev/@DISK2@ --script -- mklabel gpt
fi
# wait for partition table to propogate
sleep 10

@DISTRIB_PRE_CONFIG@
@NODE_PRE_CONFIG@
@ND_PRE_CONFIG@
%end

%post --log=/var/log/ks02.log
yum install -y unzip

@CENTOS8@alternatives --set python /usr/bin/python3

mkdir /root/.ssh
chmod 0700 /root/.ssh
curl http://ufo.kit.edu/ands/kickstart/authorized_keys -o /root/.ssh/authorized_keys
chmod 0600 /root/.ssh/authorized_keys

mkdir /home/csa/.ssh
chmod 0700 /home/csa/.ssh
curl http://ufo.kit.edu/ands/kickstart/authorized_keys.csa -o /home/csa/.ssh/authorized_keys
chown -R csa:user /home/csa/.ssh
chmod 0600 /home/csa/.ssh/authorized_keys

#Doesn't work either
#con=$(nmcli d show eno1 | grep CONNECTION | cut -d ':' -f 2- | sed -E -e 's/^[[:space:]]+//' | grep '^[[:alpha:]]')
#@SKIP_IP@nmcli connection modify "$con" +ipv4.address @IP@/@CIDR@

cat <<EOF >>/etc/sysconfig/network-scripts/ifcfg-@ETHDEV@
IPADDR=@IP@
PREFIX=@CIDR@
#IPADDR1=
#PREFEX1=
EOF

@DISTRIB_POST_CONFIG@
@NODE_POST_CONFIG@
@ND_POST_CONFIG@
%end