# Generated by Anaconda 34.25.7.6
# Generated by pykickstart v3.32
#version=RHEL9
# Use graphical install
graphical

%addon com_redhat_kdump --disable
%end

# Keyboard layouts
keyboard --xlayouts='es (winkeys)','gb'
# System language
lang en_GB.UTF-8

# Network information
network  --bootproto=dhcp --device=ens192 --ipv6=auto --activate
network  --hostname=rhel.modemna.net

%packages
@^minimal-environment
sudo
%end

# Run the Setup Agent on first boot
firstboot --enable

# Generated using Blivet version 3.6.0
ignoredisk --only-use=sda
# Partition clearing information
clearpart --none --initlabel
# Disk partitioning information
part pv.116 --fstype="lvmpv" --ondisk=sda --size=8938
part /boot/efi --fstype="efi" --ondisk=sda --size=600 --fsoptions="umask=0077,shortname=winnt"
part /boot --fstype="xfs" --ondisk=sda --size=700
volgroup vg00 --pesize=4096 pv.116
logvol / --fstype="xfs" --size=8340 --name=root --vgname=vg00
logvol swap --fstype="swap" --size=596 --name=swap --vgname=vg00

timesource --ntp-server=ADC2.modemna.net
timesource --ntp-server=ADC1.modemna.net
# System timezone
timezone Europe/Madrid --utc

# Root password
rootpw --iscrypted --allow-ssh $6$xdWwfVGdpIkLiuPW$Q8SoYHf4gXdvk87ImvllCTwnPeHv3kiBrcGHEHf/mWi92PrBW4saab5b7/lC.//AJwwMrIu537A/xBBDgAR/u/
user --groups=wheel --name=ansible --password=$6$gPc0D56O8/icThH8$1ETMZJWzbRqq.ojnvQk14WqZSCeO88sdxb/NpdeHBBj6GAZlOGWKalG35Jl9hkyLRJXDglCxolAvoyPs6K//O0 --iscrypted --gecos="Ansible"

%post --interpreter /bin/bash

# Determine ansible's home directory (in case it's customized later)
ANSIBLE_HOME="$(getent passwd ansible | cut -d: -f6)"
[ -z "$ANSIBLE_HOME" ] && ANSIBLE_HOME="/home/ansible"

# Create .ssh directory with correct permissions
install -d -m 700 "$ANSIBLE_HOME/.ssh"
chown ansible:ansible "$ANSIBLE_HOME/.ssh"

# Install Ansible user's public key
cat > "$ANSIBLE_HOME/.ssh/authorized_keys" << 'EOF'
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDhmR5eBJNnDGhaiGiIhvUC74DHZTQDTULcG5pCvbi3Ad3kll0ZWnkdqW0KtLAZsp6PZAjOfoQw3Z/hIqc4IF/Y1y/KOcp7REEYoHS6JI8UkxNPcYyZ0yPiB4fOhPkG/CtfZv270csCk6zCLY2y12Naw0GdEhyX7Fv7o1YQpYpwzRcGqVu5M9YNpueF2br4JXjfHzBlMinuzMgfXGUzBcD2A2jgEZQRtQUG7jjnIlTG/1QrdaSKGvd2sUXSTF7ci3nthYe2Anv4itaAP92cNBJDYOl7UXApHGUQunomzWZOmHcwg92dWZDmksIktNQOM5+Fq1LH0Yd5otNaJcZwhZbwvaITTFtVMnMxpm4VbBPn9ARzQnSqV+aMdn07UBJ/eEp6b0uGBiksAyP0zAPmxG7kZCutFrDZKlir6YxJu222CktkJrZcm1Kc/t+TaZq/4IA/Fq9gRTlIXIewSmeZ7qUlYW2P4D+5iQpg+NCMWuLF1/u8zJfFp5RqrgdVem8nEGbulJE55Jttln6APiaibltZ8tU75J44F9XFjYyLrbrm6vaehxIR4pOgYZv6KPG/+88BQUaWvmoXEFdnh/HRT10acJbT8RaLdnEMDqecWqnhw8ve+HekDjfSIZVZIaCgGcObf5aSsHWNM4i+8/dRepIkC9cDzOebBLgHlTgGbWLklQ== Ansible deploys
EOF

chmod 600 "$ANSIBLE_HOME/.ssh/authorized_keys"
chown ansible:ansible "$ANSIBLE_HOME/.ssh/authorized_keys"

# Create sudoers drop-in for passwordless sudo
cat > /etc/sudoers.d/ansible << 'EOF'
ansible ALL=(ALL) NOPASSWD: ALL
EOF

chmod 440 /etc/sudoers.d/ansible

# Validate sudoers syntax; if invalid, remove file to avoid breaking sudo
visudo -cf /etc/sudoers.d/ansible || rm -f /etc/sudoers.d/ansible

%end