Skip to content

Instantly share code, notes, and snippets.

@bitsandbooks

bitsandbooks/README.md

Last active March 26, 2024 06:29
Show Gist options
  • Save bitsandbooks/e2cbc03c7f6e1939f3a3eb834597a710 to your computer and use it in GitHub Desktop.
Save bitsandbooks/e2cbc03c7f6e1939f3a3eb834597a710 to your computer and use it in GitHub Desktop.
Download ZIP
Kickstart Files
Raw
README.md

Kickstart Files

These files are here to install a minimal environment (i.e., no desktop) for Fedora Linux 38 and Rocky Linux 9. They're designed to partition a single disk device, creating a UEFI partition, a /boot partition, and logical volumes for an 8 GB swap partition, and the majority of the space for a single / volume.

Usage

The files are designed so you need only change a few minor things to make it work for you:

  • Set a hostname in the network options
  • Specify the storage device for the ignoredisk and bootloader options (usually something like sda, vda, or nvme0n1)
  • Change the user info to create a user and group of your choice

Once the file is customized, copy it to a FAT-formatted USB flash drive with the label KS, attach it to your machine or VM, boot from the ISO/CDROM. When you see the boot menu, press e and add inst.ks=hd:LABEL=KS:/fedora38-ks.cfg to the end of the first linuxefi line. Press F10 to boot with these options, and installation should begin.

License

These kickstart files are licensed under the GNU General Public License, version 3.

Raw
fedora38-ks.cfg
#version=Fedora Linux 38
#documentation: https://docs.fedoraproject.org/en-US/fedora/f36/install-guide/appendixes/Kickstart_Syntax_Reference/
# PRE-INSTALLATION SCRIPT
%pre --interpreter=/usr/bin/bash --log=/root/anaconda-ks-pre.log
%end
# INSTALL USING TEXT MODE
text
# KEYBOARDS, LANGUAGES, TIMEZONE
keyboard --vckeymap=us --xlayouts=us
lang en_US.UTF-8
timezone Etc/UTC --utc
# NETWORK, SELINUX, FIREWALL
# Hostname must be separate from link config, in either 'host' or 'host.domain.tld' form.
network --hostname='host.domain.tld'
network --device=link --bootproto=dhcp --onboot=on --noipv6 --activate
selinux --enforcing
firewall --enabled --ssh
# DISKS, PARTITIONS, VOLUME GROUPS, LOGICAL VOLUMES
# Install target is usually sda, vda, or nvme0n1; adjust all references below accordingly.
# The EFI & /boot partitions are explicitly set here, but some people just use `reqpart`.
ignoredisk --only-use=vda
zerombr
clearpart --all --initlabel --disklabel=gpt
bootloader --location=mbr --boot-drive=vda --append='crashkernel=auto'
part /boot/efi --label=FIRMWARE --size=1024 --asprimary --fstype=efi
part /boot --label=BOOT --size=1024 --asprimary --fstype=ext4
part pv.01 --label=VOLUMES --size=1024 --grow --asprimary
volgroup volgroup0 pv.01
logvol swap --label=SWAP --size=8192 --vgname=volgroup0 --name=swap
logvol / --label=ROOT --size=1024 --grow --vgname=volgroup0 --name=root --fstype=xfs
# INSTALLATION SOURCE, EXTRA REPOSITOROIES, PACKAGE GROUPS, PACKAGES
url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch"
repo --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-cisco-openh264-$releasever&arch=$basearch" --name=fedora-cisco-openh264 --cost=0
repo --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-modular-$releasever&arch=$basearch" --name=fedora-modular --cost=0
repo --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f$releasever&arch=$basearch" --name=updates --cost=0
repo --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-modular-f$releasever&arch=$basearch" --name=updates-modular --cost=0
# Remove @guest-agents if this is not a VM.
%packages --retries=5 --timeout=20 --inst-langs=en
@^minimal-environment
@guest-agents
kernel-devel
openssh-server
%end
# GROUPS, USERS, ENABLE SSH, FINISH INSTALL
rootpw --lock
# Create user 'myuser' and group 'mygroup' (with GID 3000), make it myuser's primary group, and add myuser to administrative 'wheel' group.
user --name=myuser --password='1st-password-change-asap!' --plaintext --gecos='Michael Y. User' --groups='wheel,mygroup(3000)' --gid=3000
sshkey --username=myuser 'publickeygoeshere'
services --enabled='sshd.service'
reboot --eject
# ENABLE EMERGENCY KERNEL DUMPS FOR DEBUGGING
%addon com_redhat_kdump --reserve-mb=auto --enable
%end
# POST-INSTALLATION SCRIPT
%post --interpreter=/usr/bin/bash --log=/root/anaconda-ks-post.log --erroronfail
# Enable CodeReady Builder repo (requires `epel-release` package).
/usr/bin/dnf config-manager --set-enabled crb
%end
Raw
rocky9-firewalld-services.txt
RH-Satellite-6
RH-Satellite-6-capsule
afp
amanda-client
amanda-k5-client
amqp
amqps
apcupsd
audit
ausweisapp2
bacula
bacula-client
bb
bgp
bitcoin
bitcoin-rpc
bitcoin-testnet
bitcoin-testnet-rpc
bittorrent-lsd
ceph
ceph-mon
cfengine
checkmk-agent
cockpit
collectd
condor-collector
cratedb
ctdb
dhcp
dhcpv6
dhcpv6-client
distcc
dns
dns-over-tls
docker-registry
docker-swarm
dropbox-lansync
elasticsearch
etcd-client
etcd-server
finger
foreman
foreman-proxy
freeipa-4
freeipa-ldap
freeipa-ldaps
freeipa-replication
freeipa-trust
ftp
galera
ganglia-client
ganglia-master
git
gpsd
grafana
gre
high-availability
http
http3
https
ident
imap
imaps
ipfs
ipp
ipp-client
ipsec
irc
ircs
iscsi-target
isns
jellyfin
jenkins
kadmin
kdeconnect
kerberos
kibana
klogin
kpasswd
kprop
kshell
kube-api
kube-apiserver
kube-control-plane
kube-control-plane-secure
kube-controller-manager
kube-controller-manager-secure
kube-nodeport-services
kube-scheduler
kube-scheduler-secure
kube-worker
kubelet
kubelet-readonly
kubelet-worker
ldap
ldaps
libvirt
libvirt-tls
lightning-network
llmnr
llmnr-tcp
llmnr-udp
managesieve
matrix
mdns
memcache
minidlna
mongodb
mosh
mountd
mqtt
mqtt-tls
ms-wbt
mssql
murmur
mysql
nbd
netbios-ns
netdata-dashboard
nfs
nfs3
nmea-0183
nrpe
ntp
nut
openvpn
ovirt-imageio
ovirt-storageconsole
ovirt-vmconsole
plex
pmcd
pmproxy
pmwebapi
pmwebapis
pop3
pop3s
postgresql
privoxy
prometheus
prometheus-node-exporter
proxy-dhcp
ps3netsrv
ptp
pulseaudio
puppetmaster
quassel
radius
rdp
redis
redis-sentinel
rpc-bind
rquotad
rsh
rsyncd
rtsp
salt-master
samba
samba-client
samba-dc
sane
sip
sips
slp
smtp
smtp-submission
smtps
snmp
snmptls
snmptls-trap
snmptrap
spideroak-lansync
spotify-sync
squid
ssdp
ssh
steam-streaming
svdrp
svn
syncthing
syncthing-gui
synergy
syslog
syslog-tls
telnet
tentacle
tftp
tile38
tinc
tor-socks
transmission-client
upnp-client
vdsm
vnc-server
wbem-http
wbem-https
wireguard
ws-discovery
ws-discovery-client
ws-discovery-tcp
ws-discovery-udp
wsman
wsmans
xdmcp
xmpp-bosh
xmpp-client
xmpp-local
xmpp-server
zabbix-agent
zabbix-server
zerotier
Raw
rocky9-ks.cfg
#version=Rocky Linux 9
#documentation: https://docs.fedoraproject.org/en-US/fedora/f36/install-guide/appendixes/Kickstart_Syntax_Reference/
# PRE-INSTALLATION SCRIPT
%pre --interpreter=/usr/bin/bash --log=/root/anaconda-ks-pre.log
%end
# INSTALL USING TEXT MODE
text
# KEYBOARDS, LANGUAGES, TIMEZONE
keyboard --vckeymap=us --xlayouts=us
lang en_US.UTF-8
timezone Etc/UTC --utc
# NETWORK, SELINUX, FIREWALL
# Hostname must be separate from link config, in either 'host' or 'host.domain.tld' form.
network --hostname='host.domain.tld'
network --device=link --bootproto=dhcp --onboot=on --noipv6 --activate
selinux --enforcing
firewall --enabled --ssh
# DISKS, PARTITIONS, VOLUME GROUPS, LOGICAL VOLUMES
# Install target is usually sda, vda, or nvme0n1; adjust all references below accordingly.
# The EFI & /boot partitions are explicitly set here, but some people just use `reqpart`.
ignoredisk --only-use=sda
zerombr
clearpart --all --initlabel --disklabel=gpt
bootloader --location=mbr --boot-drive=sda --append='crashkernel=auto'
part /boot/efi --label=FIRMWARE --size=1024 --asprimary --fstype=efi
part /boot --label=BOOT --size=1024 --asprimary --fstype=ext4
part pv.01 --label=VOLUMES --size=1024 --grow --asprimary
volgroup volgroup0 pv.01
logvol swap --label=SWAP --size=8192 --vgname=volgroup0 --name=swap
logvol / --label=ROOT --size=1024 --grow --vgname=volgroup0 --name=root --fstype=xfs
# INSTALLATION SOURCE, EXTRA REPOSITOROIES, PACKAGE GROUPS, PACKAGES
url --mirrorlist="http://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=BaseOS-$releasever"
repo --mirrorlist="http://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=AppStream-$releasever" --name=AppStream --cost=0
repo --mirrorlist="http://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=extras-$releasever" --name=Extras --cost=0
# Extras repository is needed to install `epel-release` package.
# Remove `@guest-agents` group if this is not a VM.
%packages --retries=5 --timeout=20 --inst-langs=en
@^minimal-environment
@guest-agents
epel-release
kernel-devel
openssh-server
%end
# GROUPS, USERS, ENABLE SSH, FINISH INSTALL
rootpw --lock
# Create user 'myuser' and group 'mygroup' (with GID 3000), make it myuser's primary group, and add myuser to administrative 'wheel' group.
user --name=myuser --password='1st-password-change-asap!' --plaintext --gecos='Michael Y. User' --groups='wheel,mygroup(3000)' --gid=3000
sshkey --username=myuser 'publickeygoeshere'
services --enabled='sshd.service'
reboot --eject
# ENABLE EMERGENCY KERNEL DUMPS FOR DEBUGGING
%addon com_redhat_kdump --reserve-mb=auto --enable
%end
# POST-INSTALLATION SCRIPT
%post --interpreter=/usr/bin/bash --log=/root/anaconda-ks-post.log --erroronfail
# Enable CodeReady Builder repo (requires `epel-release` package).
/usr/bin/dnf config-manager --set-enabled crb
%end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment