#version=DEVEL
ignoredisk --only-use=sda
autopart --encrypted --type=lvm --luks-version=luks2 --passphrase=fedora

# Partition clearing information
clearpart --all --initlabel --drives=sda
# OSTree setup
ostreesetup --osname="fedora-iot" --remote="fedora-iot" --url="file:///ostree/repo" --ref="fedora/stable/x86_64/iot" --nogpg
# Use network installation

# Use graphical install
#graphical
text
# Keyboard layouts
keyboard --vckeymap=us --xlayouts='us'
# System language
lang en_CA.UTF-8

# Root password
rootpw --iscrypted $6$TsvXwlJI9f3pfBBk$nUPLIDPfbnoWNVJxMybHtmSnoxstJZdxy9GT/JFnv1XD6ktNhQMJK4nI7jZPH.zhf86UuObCtc2U9yDBwBWiq.
# Run the Setup Agent on first boot
firstboot --enable
# Do not configure the X Window System
skipx
# System services
services --enabled="chronyd"
# System timezone
timezone America/Rainy_River --isUtc
user --groups=wheel --name=pwhalen --password=$6$AWtzWXpyhnzv6U7D$IOuFFn1D4AaMzJLp0cb5nlomih6iqqoVUxeVUktUrBIkCHRbmD6p6NF5d6b6IVGDHOP5/KSF0g1En1wxYA.5t1 --iscrypted --gecos="Paul Whalen"

%post --erroronfail

## Added from Javier
# Find the LUKS volume
clevis luks bind -f -k- -d /dev/sda3 tpm2 '{}' <<< fedora

# To seal against a PCR (i.e: PCR7 from bank SHA-256), pass it
# as options to tpm2 pin: '{"pcr_bank":"sha256","pcr_ids":"7"}'
rm -f /etc/ostree/remotes.d/fedora-iot.conf
ostree remote add --set=gpg-verify=true --set=gpgkeypath=/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-iot-2019 fedora-iot 'https://dl.fedoraproject.org/iot/repo/'
cp /etc/skel/.bash* /root
%end

%addon com_redhat_kdump --disable --reserve-mb='128'

%end

%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end