graphical
#text

# Repositories
#url --mirrorlist="https://mirrors.fedoraproject.org/metalink?repo=fedora-36&arch=x86_64"
#repo --name=fedora --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-35&arch=x86_64" --cost=1
#repo --name=fedora-updates --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f35&arch=x86_64" --cost=0
#repo --name=rpmfusion-free --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-35&arch=x86_64" --includepkgs=rpmfusion-free-release
#repo --name=rpmfusion-free-updates --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-updates-released-35&arch=x86_64" --cost=0
#repo --name=rpmfusion-nonfree --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=nonfree-fedora-35&arch=x86_64" --includepkgs=rpmfusion-nonfree-release
#repo --name=rpmfusion-nonfree-updates --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=nonfree-fedora-updates-released-35&arch=x86_64" --cost=0

%packages
# Install clevis packages
clevis-dracut
clevis-luks
clevis-systemd
%end

# Keyboard layouts
keyboard --vckeymap=us --xlayouts='us'
# System language
lang en_US.UTF-8

# Firewall configuration
#firewall --use-system-defaults
# Network information
#network  --bootproto=static --device=enp6s19 --ip=10.48.108.2 --nameserver=10.248.16.30 --nameserver=10.248.26.30 --netmask=255.255.255.0 --ipv6=auto --activate
#network  --bootproto=static --device=enp6s18 --gateway=10.130.0.254 --ip=10.130.0.1 --nameserver=1.1.1.1 --nameserver=1.0.0.1 --netmask=255.255.0.0 --ipv6=auto --activate
network  --hostname=uranus

# Use CDROM installation media
cdrom

# Run the Setup Agent on first boot
firstboot --enable

# Generated using Blivet version 3.4.2
ignoredisk --only-use=sda
# System bootloader configuration
bootloader --location=mbr --boot-drive=sda
# Partition clearing information
clearpart --all
# Disk partitioning information
part /boot --fstype="ext4" --ondisk=sda --size=2048 --label=boot
part /boot/efi --fstype="efi" --ondisk=sda --size=512 --fsoptions="umask=0077,shortname=winnt" --label=EFI
part btrfs.system --fstype="btrfs" --ondisk=sda --grow --encrypted --luks-version=luks2 --passphrase=4u8t --label=system --fsoptions="x-systemd.device-timeout=0"
btrfs none --label=btrfs.system btrfs.system
btrfs / --subvol --name=@root LABEL=btrfs.system
btrfs /mnt/data --subvol --name=@data LABEL=btrfs.system
btrfs /var/lib/containerd --subvol --name=@containerd LABEL=btrfs.system

# System timezone
timezone Europe/Rome --utc

# Root password
rootpw --plaintext "tuogenitore2"

# Ansible ssh 
sshkey --username=root "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDxp2oMO4qEHXPpwnj8wPBuk46IAYJcct8kuxcigt1t4 ansible"

%post
# Enable clevis
clevis luks bind -y -k - -d /dev/sda3 \
tpm2 '{"hash":"sha1","key":"rsa"}' <<< "4u8t"
#tang '{"url":"http://tang.srv"}' <<< "temppass"
#cryptsetup luksRemoveKey /dev/nvme0n1p3 <<< "4u8t"
dracut -fv --regenerate-all
%end


#tpm2_dictionarylockout --setup-parameters --max-tries=4294967295 --clear-lockout
#tpm2_getcap properties-variable