#version=20131031
install
url --mirrorlist="http://mirrorlist.centos.org/?release=6.4&arch=x86_64&repo=os"
cmdline
skipx
poweroff
lang en_US.UTF-8
keyboard es
repo --name="CentOS" --mirrorlist="http://mirrorlist.centos.org/?release=6.4&arch=x86_64&repo=os"
repo --name="CentOS Updates" --mirrorlist="http://mirrorlist.centos.org/?release=6.4&arch=x86_64&repo=updates"
repo --name="Extra Packages for Enterprise Linux 6" --mirrorlist="https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=x86_64"
network --onboot yes --device eth0 --bootproto dhcp --noipv6
network --onboot yes --device eth1 --bootproto static --ip 192.168.77.66 --netmask 255.255.255.0 --noipv6 --nameserver 8.8.4.4,8.8.8.8 --hostname server1.evalinux.net
firewall --service=ssh
authconfig --enableshadow --passalgo=sha512
group --name=gitters
group --name=deployers
user --name=renich --password="$6$MimamiMemimomuch$hpxuYju3El1Ik1l7xKGW7Xu/oUKbXX.h83.4aDHFVrQwKO8Y7unWTfyqhyj7a1IX/CX32egc0/BRH5OQ/iQ0O/" --iscrypted --groups=renich,gitters,deployers
rootpw --iscrypted $6$cenJK9DgJwJgzWkY$SAOpxKGLQJbJZkUfJQsXmtVeyrhftdm7FwzyeOjbrVV5J71Kx3uxs3/dwljO38IuIY5K7V5wkwkF1dEqw5URn/
selinux --enforcing
timezone --utc Etc/UTC
bootloader --location=mbr --driveorder=vda --append="crashkernel=auto rhgb quiet elevator=deadline fifo_batch=1"
zerombr
clearpart --all --drives=vda
part /boot --fstype=ext4 --size=500
part pv.evalinux --grow --size=1
volgroup vg_server --pesize=4096 pv.evalinux
logvol /home --fstype=ext4 --name=lv_home --vgname=vg_server1 --size=2048
logvol / --fstype=ext4 --name=lv_root --vgname=vg_server1 --size=10240
logvol / --fstype=ext4 --name=lv_tmp --vgname=vg_server1 --size=4096
logvol swap --name=lv_swap --vgname=vg_server1 --size=2048
logvol /var --fstype=ext4 --name=lv_var --vgname=vg_server1 --grow --size=1
services --enabled=sshd,denyhosts
%packages
@core
@server-policy
bash-completion
bc
bzip2
denyhosts
epel-release
git
htop
iftop
iotop
openssh-clients
rsync
ruby
screen
tar
vim
xz
yum-plugin-merge-conf
yum-plugin-priorities
yum-plugin-protectbase
yum-plugin-remove-with-leaves
yum-plugin-security
yum-plugin-upgrade-helper
yum-plugin-verify
yum-utils
zip
%end
%post --log=/root/post.log
#!/bin/bash
shopt -s extglob
# SSH
## authorize ssh root access by keys
mkdir -p -m 700 /root/.ssh
cat << 'EOF' > /root/.ssh/authorized_keys
# Renich Bon Ciric (home and laptop)
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQC8LgmKrDAEEj/gYYjL/M6kfl5z19HaA8ANdY5bVaDMrdOQPVEvC0RPwMDW7te/C9Pnd+Ms7ImOydaos0FCyMKoSdVCK3i7rkuJPiLLVpaFR3qkM2v0eMaOAbpFvamac4TFuBrNWVsgRZKmataij2jE8EuGl+JMKXjaRPJLAkYwucqY0Guwah0exUI6CXC/V5iVCI7U6ipuZl1Wn5J73OGZgObLYxE4HFoG+06+eiMOsCnFSzRNSsfen78IcgY+QcdG9BbC44XBSh+oofpZuGRQ/IyqfRz6qL0aRjkQSj/q33dhVdtCMPXxiUFyRHtu1vEj7uSxrtnlWICir2eugZpR7CDm0btsnyNdIzDQbeqHTWvg5ho0Q4Hw3UDkPQvBlQJ3AayXLYW+GzZNk72s4j6Fj1lL6uCV0P9nCui6sGyhU2kXQi0KS6iVvVGjLpJ38KmM/RP0CEHqUsYpDUJCoPuKL1rSQB8AG5l4BOTJESPy5YdpGSDMEhsrZvzfbPJ6BSC0ouTj7KIHy/aqSEEQAqznR/5Q/fjmiZrPb8Er4gOd+XAS1ATIwMRKg9Zkk4AjVBkWLW9kCxj6ZF5r44pUvnw1jFdMCrUgtTO1JF1A4lHH8lwMrPX6YelEGiDPWTM+YUc3SNld431vyvOz1i/dhfMRQcV21YC34ftyctBJdD7VcE0dM7tL4FrLckRghNrRAeAhHxE3JDbrvOXmQ826w7foi1rKqkc2vUxfuDRHQpwsBxlHLGf4CWPFLoajdzBjg0t445arbMaA3S6c4sKbzw8S0Gm9wEucuE2AywqMjVYDOXXxfpMYyXj2NrzS9IROvBt5HS1LLeBEOkSYzJW0cUJomIYrFj0NAf+kzIM/Jx+ZLB/23240qvuoHalEGy0ZMCfV3WVfS8lHBTpigcj+ReqQMVfJCi2+pmHVRfpCIlJVc6wzc2dgI7YbSbB8VEe2kOvP2edrc91l/5cpD8X4EbSg76I5gnqSHIqnHukz1ROO00zd5aBvqoi6IuHYDiq6f3qJxCY6NruvZ33OP9LjiQoEDOYGtvcZhGzLgKZsUKunwVz7udMEmfEQrC4yY3nuLGNfexRta7+l6/TKbHBI1Xq9fkBd5+rMNgW8OmWYnEwSiwyc8mlCzjeZEyMiMLMNoHRqQ5/V+bGHKldgpwepm4QTaF4Iut+05oa8kEv3+gtVuoCeTuCLhXIhipJTgYdvlp5Jw5EUcrhIAJMoiQeYCf5lWd8PSQp86+sK+zmnOk4ly5gtlDlJ0zSzKkqZDArdVpSPJgEaCLQ5x2AFXrlEB4gGxlHheQzC6e9YFkvKbmpuMEAzC09IZqTpHcKIzfWsup2eHYNHyc8gYXme4C+GYZRB My PC Key
EOF
chmod 400 /root/.ssh/authorized_keys
cat << 'EOF' > /etc/ssh/sshd_config
# Server config
# Date: 20130428
# Author: Renich Bon Ciric <renich@evalinux.com>
# Log
SyslogFacility AUTHPRIV
# Auth
ChallengeResponseAuthentication no
PasswordAuthentication yes
UsePAM yes
# Settings
Banner /etc/ssh/banner
PermitRootLogin without-password
UseDns yes
X11Forwarding yes
# Locale
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
# sFTP
Subsystem sftp /usr/libexec/openssh/sftp-server -u 002
# Users
AllowUsers root renich
Match User renich
PubkeyAuthentication yes
PasswordAuthentication yes
Match User root
PubkeyAuthentication yes
PasswordAuthentication no
EOF
# vim
curl downloads.woralelandia.com/projects/vim/vimrc > /root/.vimrc
curl downloads.woralelandia.com/projects/vim/vimrc > /etc/skel/.vimrc
# root
mkdir bin
chmod 2700 bin/
# git
cd /var/lib/
groupadd gitters
groupadd deployers
mkdir git -m 2710
chgrp gitters git/
cd git/
umask 007
mkdir repos deploys
chmod 2750 deploys repos
chogrp deployers deploys/
chgrp deployers deploys/
## repo
cd repos/
mkdir ${HOSTNAME}
cd ${HOSTNAME}
git init --bare .
## deploy
cd deploys/
mkdir management.deploy
cd management.deploy/
git init --bare .
cd hooks/
mv post-receive.sample post-receive
cat << 'EOF' > post-receive
#!/usr/bin/env bash
path=/
GIT_WORK_TREE=$path git checkout -f
EOF
# network
cd /etc/udev/rules.d/
rm -f 70-persistent-net.rules
cd /etc/sysconfig/
rm -fr networking/
cd network-scripts/
sed -ri '/^UUID/d' ifcfg-eth*
sed -ri '/^HWADDR/d' ifcfg-eth*
# yum
sed -ri 's@^always=false@always=true@' /etc/yum/pluginconf.d/merge-conf.conf
%end