# Generated by Anaconda 34.25.3.8
# Generated by pykickstart v3.32
#version=RHEL9
# Use graphical install
graphical
repo --name="AppStream" --baseurl=http://imap/iso/AppStream 
%addon com_redhat_kdump --enable --reserve-mb='auto'

%end

# Keyboard layouts
keyboard --xlayouts='es (winkeys)','us'
# System language
lang en_US.UTF-8

# Network information
network  --bootproto=static --device=ens192 --gateway=192.168.1.253 --ip=192.168.1.222 --nameserver=192.168.1.8,192.168.1.25 --netmask=255.255.255.0 --ipv6=auto --activate --ipv4-dns-search=modemna.net,aragon.local
network  --hostname=kickstart

# Use CDROM installation media
#cdrom
# Use network installation
url --url="http://imap/iso" 
%packages
@^minimal-environment

%end

# Run the Setup Agent on first boot
firstboot --enable

# Generated using Blivet version 3.6.0
ignoredisk --only-use=sda,sdb
# Partition clearing information
clearpart --none --initlabel

# OS Disk partitioning information
part pv.408 --fstype="lvmpv" --ondisk=sda --size=14758
part /boot/efi --fstype="efi" --size=600 --fsoptions="umask=0077,shortname=winnt"
part /boot --fstype="xfs" --size=1024
volgroup vg_root --pesize=4096 pv.408
logvol / --fstype="xfs" --size=12672 --name=root --vgname=vg_root
logvol swap --fstype="swap" --size=2083 --name=swap --vgname=vg_root

# Data disk
part pv.3219 --fstype="lvmpv" --ondisk=sdb --size=20488
volgroup vg_home --pesize=4096 pv.3219
logvol /home --fstype="xfs" --size=20480 --name=home --vgname=vg_home

# System timezone
timezone Europe/Zurich --utc

# Root password
rootpw --iscrypted --lock $6$mllf62mXP3m6WI/q$gr2fMvUtJxpKjxuN77CU.E7Z53/nUEUOmVdh9sY0iDkWd72VAA39nxws1a00rmIzMEcRwyF.Q7ZH1oRm6LvdY/

user --groups=wheel --name=ansible --password=$6$z2QI1hRhvHjnVD7n$OZh3MISgG5DBJTaEtQdTNjBefWg3utDD9WzObJS6xtrPpSNige2MdSWFzwy1XIyVqeYAb8jFbVNdjT/XsBJip/ --iscrypted --gecos="Ansible"

%post --interpreter /bin/bash

# Get ansible home directory
ANSIBLE_HOME="$(getent passwd ansible | cut -d: -f6)"
[ -z "$ANSIBLE_HOME" ] && ANSIBLE_HOME="/home/ansible"

# Create .ssh directory with correct permissions
install -d -m 700 "$ANSIBLE_HOME/.ssh"
chown ansible:ansible "$ANSIBLE_HOME/.ssh"

# Install Ansible user's public key
cat > "$ANSIBLE_HOME/.ssh/authorized_keys" << 'EOF'
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUwRdRAHzpiwnIKVtTfeACubMCjf7OlxSRkKKtmZ4slv8J71FZPLonL3qcY+tXq1vgzs/ndnVuClHuvdR60R7JOzUUgSgGz2AztgaoCwAmbsEGRHOhur48XLhsvjqL8sHElyRY4FI8DLyXvZHRNy68DRDcszBSm33LJwcGXl27PrKcNVUcbubTvJhWQocLkfFZB0vHNVTaqAjcec9aiEGpHEXDrcJQFk5CH8ZN2/FkVSJ16WqYAOu/c10s83Q+0U5Q0vFs99aUl3IgVXVBDXHyRZJpbXw7xB7gEt7XKONJLVD3NlW/SkZeSdO/44YngKQL4nrsudq9N4MIbsv+uT9R SCC Ansible user
EOF

chmod 600 "$ANSIBLE_HOME/.ssh/authorized_keys"
chown ansible:ansible "$ANSIBLE_HOME/.ssh/authorized_keys"

# Create sudoers drop-in for passwordless sudo
cat > /etc/sudoers.d/ansible << 'EOF'
ansible ALL=(ALL) NOPASSWD: ALL
EOF

chmod 440 /etc/sudoers.d/ansible

# Validate sudoers syntax; if invalid, remove file to avoid breaking sudo
visudo -cf /etc/sudoers.d/ansible || rm -f /etc/sudoers.d/ansible

%end