# Use text install
text

%pre

# Clean out all strange stuff on the disks. Probably change wipefs to
#  only handle "OS-nvmes" later

(ls -d /dev/md/* |xargs -rn1 mdadm --stop) || true
(lvdisplay -c|cut -d":" -f1|xargs -rn1  lvremove -y)||true
(ls /dev/disk/by-path/pci-0000:*:00.0-nvme-1*|xargs  -rn1 wipefs -af)||true
partprobe || true
%end

%addon com_redhat_kdump --disable

%end

# Keyboard layouts
keyboard --xlayouts='se','us'
# System language
lang en_US.UTF-8


# Use network installation

url --url="http://repo1.uppmax.uu.se/repos/mirror/snapshots/freeze.20240508/rocky/9.3/BaseOS/x86_64/os"
logging --host=syslog.uppmax.uu.se
eula --agreed

reboot --kexec

%packages
@^minimal-environment
tar
unzip
%end

# Run the Setup Agent on first boot
firstboot --disable

clearpart --all --initlabel
zerombr

bootloader --location=mbr

autopart --type=plain --fstype=ext4 --nohome

timesource --ntp-server=nat1.uppmax.uu.se
timesource --ntp-server=nat2.uppmax.uu.se

# System timezone
timezone Europe/Stockholm --utc

# Root password
rootpw --iscrypted $6$AlquGAvEfjmjtjzq$KD8rrNq9B7cruUIsBReWhGCPisPQH./rTC2hKNvR.zCn2TZkLl4r7Qd1/7qlGbNbi09qzqSqJ/rzQ7RSctADn.

%post

# Do this directly so no packages sneaks in from the outside
mkdir /etc/uppmax.repos.d
echo "reposdir=/etc/uppmax.repos.d" >> /etc/dnf/dnf.conf

# Some stuff just works better with a fully installed system -- nmcli for example
cat <<EOF > /etc/systemd/system/firstrun.service
[Unit]
Description=Initial setup
ConditionPathExists=!/etc/initial_setup_done

[Service]
Type=oneshot
ExecStart=/usr/local/sbin/firstrun.sh

[Install]
WantedBy=multi-user.target
EOF

cat <<EOF >/usr/local/sbin/firstrun.sh
#!/bin/bash
logger initial_puppet_ping

# Util network and resolver works (almost blabla-wait-online.service)
while true; do ping -c1 puppet &> /dev/null && break; done

hostnamectl set-hostname \$(hostnamectl --transient)

logger initial_puppet_install

rpm -Uvh http://repo1.uppmax.uu.se/repos/mirror/live/rsync.puppet.com/yum/puppet7/el/9/x86_64/puppet-agent-7.31.0-1.el9.x86_64.rpm

# Trying to handle a bug with puppet sometimes ignoring the ssldir in first puppet run
ln -s  /var/lib/puppetlabs/puppet/ssl     /etc/puppetlabs/puppet/ssl

/opt/puppetlabs/bin/puppet agent -tv  --ssldir  /var/lib/puppetlabs/puppet/ssl  --vardir  /var/lib/puppetlabs/puppet/cache 
# Grrr puppet... Need to make second run to have all repos correctly installed
/opt/puppetlabs/bin/puppet agent -tv 
/opt/puppetlabs/bin/puppet agent -tv 

logger initial_puppet_done
systemctl enable --now puppet

update-crypto-policies --set DEFAULT:SHA1
systemctl disable firstrun.service 
systemctl disable firewalld.service

dnf -y  install yum-utils screen emacs-nox nmap fping lldpd strace nfs-utils python3-psutil sssd-ldap ipmitool freeipmi iotop iperf3 wget sysstat hdparm htop  nethogs hdparm lvm2 bind-utils dmidecode pciutils gnutls-utils ledctl

dnf -y groupinstall 'Development Tools'  base-x xfce
dnf -y update

parted /dev/nvme0n1  mkpart primary  ext4 158517248s 100%
mkfs.ext4 /dev/nvme0n1p5
echo "/dev/nvme0n1p5 /scratch ext4 defaults 1 2" >>/etc/fstab

sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
authselect select --force sssd

# Set up network correct
systemctl restart NetworkManager

# perhaps 1 second is enough... but no sleep does not work
sleep 5
logger start_staticify
/usr/local/sbin/staticify.sh
logger start_fat_network
/usr/local/sbin/p-fatnet.sh

touch /etc/initial_setup_done
logger initial_setup_done
sleep 10
ipmitool chassis  bootdev none options=efiboot
sleep 10
reboot
EOF

chmod +x /usr/local/sbin/firstrun.sh
systemctl enable firstrun.service
sleep 10
ipmitool chassis  bootdev disk options=efiboot
sleep 10 
%end