fedora/install.sh

#!/bin/sh

set -e

DRIVE=/dev/nvme1n1
bs=2048 # 4096
VERSION=42

sgdisk --zap-all ${DRIVE}
sgdisk -o ${DRIVE}
sgdisk -a ${bs} -n 1:0:+1G --typecode=1:ef00 ${DRIVE}
sgdisk -a ${bs} -n 2:0:+8G --typecode=2:8200 ${DRIVE}
sgdisk -a ${bs} --largest-new=3 --typecode=3:8300 ${DRIVE}

mkfs.vfat ${DRIVE}p1
mkswap --force ${DRIVE}p2
mkfs.xfs -f ${DRIVE}p3

mount ${DRIVE}p3 /mnt
mkdir /mnt/{boot,dev,sys,proc,run}
mkdir /mnt/boot/efi
mount ${DRIVE}p1 /mnt/boot/efi

mount --bind /dev /mnt/dev
mount --bind /sys /mnt/sys
mount --bind /proc /mnt/proc
mount --bind /run /mnt/run

# echo 'fastestmirror=1' >> /etc/dnf/dnf.conf
dnf -y update fedora-gpg-keys
# curl https://fedoraproject.org/fedora.gpg | gpg --import

dnf -y --installroot=/mnt --releasever=${VERSION} --use-host-config \
group install \
standard core \
hardware-support development-libs development-tools

dnf -y --installroot=/mnt --releasever=${VERSION} --use-host-config \
install \
gpart gdisk rsync nano tcpdump \
tcsh net-tools bind-utils sysstat xfsprogs atop chrony ntpstat \
tree git git-all mc wpa_supplicant glibc-langpack-ru

dnf -y --installroot=/mnt --releasever=${VERSION} --use-host-config \
install \
kernel efibootmgr shim \
grub2-efi-x64 grub2-efi-x64-modules \
grub2-tools-efi grub2-tools-extra \
grub2-breeze-theme

cat <<EOF > /mnt/etc/default/grub
GRUB_TIMEOUT=30
GRUB_DEFAULT=saved
GRUB_SAVEDEFAULT=false
GRUB_TERMINAL_INPUT="console"
GRUB_TERMINAL_OUTPUT="gfxterm"
GRUB_ENABLE_BLSCFG=true
GRUB_CMDLINE_LINUX="nomodeset rhgb pci=noaer i8042.debug=1 i8042.noaux=1"
EOF

chroot /mnt grub2-mkconfig -o /boot/grub2/grub.cfg

blkid --output export ${DRIVE}p3 | grep ^UUID= | xargs -I '{}' echo {} / xfs defaults 0 1 > /mnt/etc/fstab
blkid --output export ${DRIVE}p2 | grep ^UUID= | xargs -I '{}' echo {} none swap defaults 0 0 >> /mnt/etc/fstab
blkid --output export ${DRIVE}p1 | grep ^UUID= | xargs -I '{}' echo {} /boot/efi vfat defaults 0 2 >> /mnt/etc/fstab

chroot /mnt systemctl disable NetworkManager
chroot /mnt systemctl disable firewalld
chroot /mnt systemctl enable systemd-networkd
chroot /mnt systemctl enable nftables

wget -P /mnt/etc/systemd/network/ https://codex.r10x.net/sysadmin/fedora/raw/branch/master/files/dhcp.network
wget -P /mnt/etc/systemd/network/ https://codex.r10x.net/sysadmin/fedora/raw/branch/master/files/dummy0.netdev
wget -P /mnt/etc/systemd/network/ https://codex.r10x.net/sysadmin/fedora/raw/branch/master/files/dummy0.network

setenforce 0
echo 'root:123' | chpasswd --root /mnt
#groupadd --root /mnt admin
#useradd --root /mnt -m -d /home/admin -s /bin/bash -g admin -m admin
#echo 'admin:admin' | chpasswd --root /mnt
# SElinux to mode Permissive
sed -i s/^SELINUX=.*$/SELINUX=permissive/ /mnt/etc/selinux/config

sed -i -r 's/^.?PermitRootLogin.*/PermitRootLogin\ yes/g' /mnt/etc/ssh/sshd_config
sed -i -r 's/^.?UseDNS no/UseDNS no/g' /mnt/etc/ssh/sshd_config
sed -i -r 's/^.?UseDNS yes/UseDNS no/g' /mnt/etc/ssh/sshd_config

mkdir /mnt/root/.ssh
touch /mnt/root/.ssh/authorized_keys
# cat <<EOF > /mnt/root/.ssh/authorized_keys
# Здесь может быть открытый ключ для входа через SSH
# EOF
chmod 0700 /mnt/root/.ssh
chmod 0600 /mnt/root/.ssh/authorized_keys

sed -i -r 's/^.*history-search-backward.*/"\\e[A": history-search-backward/g' /mnt/etc/inputrc
sed -i -r 's/^.*history-search-forward.*/"\\e[B": history-search-forward/g' /mnt/etc/inputrc

umount /mnt/run
umount /mnt/dev
umount /mnt/sys
umount /mnt/proc
umount /mnt/boot/efi
umount /mnt