#version=DEVEL ignoredisk --only-use=vda autopart --encrypted --type=lvm --luks-version=luks1 --passphrase=lukspass123 # Partition clearing information clearpart --none --initlabel --drives=vda # Use graphical install graphical # Keyboard layouts keyboard --vckeymap=us --xlayouts='us' # System language lang en_US.UTF-8 # Rawhide repo repo --name=rawhide --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=$basearch url --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=$basearch # Network information network --bootproto=dhcp --device=ens3 --ipv6=auto --activate network --hostname=localhost.localdomain # Root password rootpw rootpass123 # Run the Setup Agent on first boot firstboot --enable # Do not configure the X Window System skipx # System services services --enabled="chronyd" %packages @^server-product-environment clevis-dracut %end %post --erroronfail # Find the LUKS volume UUID=$(lsblk | grep luks | sed 's/^.*luks-//' | cut -d ' ' -f1) DEV=$(blkid --uuid $UUID) # Bind the LUKS volume to a TPM2 for automatic unlocking on boot clevis luks bind -f -k- -d $DEV tpm2 '{}' <<< lukspass123 # To seal against a PCR (i.e: PCR7 from bank SHA-256), pass it # as options to tpm2 pin: '{"pcr_bank":"sha256","pcr_ids":"7"}' %end %addon com_redhat_kdump --disable --reserve-mb='128' %end %anaconda pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty %end