Example AlmaLinux Kickstart

This is an example kickstart for a typical system with a single disk (nvme0n1) and a single network adapter (ens160). These values may need to be changed to suit your environment.

It will copy additional Assets to the target system as described in Customizing the AlmaLinux Installer Media.

The resulting system uses LUKS full-disk encryption (the LUKS and root user passwords are all “password”). Security updates are applied automagically.

#version=RHEL8
ignoredisk --only-use=nvme0n1

# System bootloader configuration
bootloader --append=" crashkernel=auto" --location=mbr --boot-drive=nvme0n1

# Partition clearing information
clearpart --all --initlabel --drives=nvme0n1

# Partition information
autopart --encrypted --type=lvm --luks-version=luks1 --passphrase=password

# Use text install
text

# Install source
url --url="http://repo.almalinux.org/almalinux/8.5/BaseOS/x86_64/os"

# Keyboard layouts
keyboard --vckeymap=us --xlayouts='us'

# System language
lang en_US.UTF-8

# License agreement
eula --agreed

# Network information
network  --onboot=yes --device=ens160 --bootproto=dhcp --noipv6 --activate
network  --hostname=almalinux-custom.localdomain

# Root password
rootpw password

# Additional users
user --groups=dialout,kvm,libvirt,qemu,wheel --name=user --password=password --gecos="User"

# Run the Setup Agent on first boot
firstboot --disable

# X Window System configuration information
xconfig  --startxonboot

# System services
services --enabled="chronyd"

# System timezone
timezone America/New_York --isUtc --ntpservers=pool.ntp.org

%packages
@^workstation-product-environment
createrepo
dnf-automatic
genisoimage
isomd5sum
kexec-tools
libatomic
liberation-fonts
libuv
libvirt
libvirt-client
libvirt-daemon
libXScrnSaver
nss-tools
open-vm-tools
open-vm-tools-desktop
policycoreutils-python-utils
qt5-qtquickcontrols
qt5-qtx11extras
syslinux
virt-install
virt-manager
virt-viewer
vulkan-loader
yum-utils
zstd
%end

%addon com_redhat_kdump --enable --reserve-mb='auto'
%end

%anaconda
pwpolicy root --minlen=16 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=16 --minquality=1 --notstrict --nochanges --notempty
pwpolicy luks --minlen=16 --minquality=1 --notstrict --nochanges --notempty
%end

poweroff

###############################################################################
# post nochroot

%post --nochroot --erroronfail --log=/mnt/sysimage/root/ks-post.log

# Copy additional file assets from ISO to /tmp of the target filesystem
cp -arf /run/install/repo/Assets /mnt/sysimage/tmp/

%end

###############################################################################
# post chroot

%post --interpreter=/usr/bin/bash --erroronfail --log=/root/ks-post-chroot.log

# Implemented by Anaconda
#ARCH=$( /bin/arch )
#subscription-manager repos --enable "codeready-builder-for-rhel-8-${ARCH}-rpms"

TMP_ASSETS="/tmp/Assets"

# Enable DNF Automagic
sed -i s/'upgrade_type = default'/'upgrade_type = security'/ /etc/dnf/automatic.conf
sed -i s/'apply_updates = no'/'apply_updates = yes'/ /etc/dnf/automatic.conf
systemctl enable dnf-automatic.timer

# Configure SELinux
setsebool -P domain_kernel_load_modules on

# Configure wallpaper (dconf update happens in cleanup)
install -m 644 -o root -g root -D --target-directory /usr/share/backgrounds ${TMP_ASSETS}/Custom-Alma-dark*
install -m 644 -o root -g root -D --target-directory /usr/share/gnome-background-properties ${TMP_ASSETS}/Custom-Alma-backgrounds.xml
install -m 644 -o root -g root -D --target-directory /etc/dconf/db/local.d ${TMP_ASSETS}/00-background
install -m 644 -o root -g root -D --target-directory /etc/dconf/db/local.d ${TMP_ASSETS}/01-screensaver

# Configure Gnome to use Xorg (recommended for virtual environments; Wayland instability)
#sed -i s/'#WaylandEnable=false'/'WaylandEnable=false'/ /etc/gdm/custom.conf
#sed -i '/WaylandEnable/a DefaultSession=gnome-classic.desktop' /etc/gdm/custom.conf

# Disable Gnome initial setup
echo "X-GNOME-Autostart-enabled=false" >> /etc/xdg/autostart/gnome-initial-setup-first-login.desktop

# Install EPEL repository and packages
#dnf config-manager --set-enabled PowerTools
dnf --nogpgcheck -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
dnf -y install debootstrap joe pwgen qt5-qtwebkit schroot screen

# Configure Joe (package is installed from EPEL)
sed -i s/' -nobackups'/'-nobackups'/ /etc/joe/joerc
sed -i /-wordwrap/d /etc/joe/ftyperc

# Cleanup

# Remove Assets temporary staging area
rm -rf /tmp/Assets

# DCONF update for GDM modifications
dconf update

# Rewrite GRUB config
if [ -e /boot/grub2/grub.cfg ]
then
  grub2-mkconfig -o /boot/grub2/grub.cfg
else
  grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
fi

# lock root account
passwd -l root

# Set user password age minimum
chage -M 99999 user

%end