text

# Basic partitioning
clearpart --all --initlabel --disklabel=gpt
part prepboot  --size=4    --fstype=prepboot
part biosboot  --size=1    --fstype=biosboot
part /boot/efi --size=100  --fstype=efi
part /boot     --size=1000  --fstype=ext4 --label=boot
part / --grow --fstype xfs

ostreecontainer --url quay.io/<user>/kiosk-demo:latest	--no-signature-verification

firewall --disabled
services --enabled=sshd

user --name=core --groups=wheel

# Only inject a SSH key for root
rootpw --iscrypted locked
# Add your example SSH key here!
sshkey --username root "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL7xFq1HtZKZiaD8MfkhNtn37m8GSc1W168NoSaT9RSf cardno:000F_C36A3FC0"
reboot

# Workarounds until https://github.com/rhinstaller/anaconda/pull/5298/ lands
bootloader --location=none --disabled
%post --erroronfail
set -euo pipefail
# Work around anaconda wanting a root password
passwd -l root
rootdevice=$(findmnt -nv -o SOURCE /)
device=$(lsblk -n -o PKNAME ${rootdevice})
/usr/bin/bootupctl backend install --auto --with-static-configs --device /dev/${device} /

# kiosk-user
mkdir -p /var/lib/AccountsService/users

cat > /var/lib/AccountsService/users/core << EOF
[User]
Session=gnome-kiosk-script
SystemAccount=false
EOF

mkdir -p /home/core/.local/bin/
cat > /home/core/.local/bin/gnome-kiosk-script << EOF
#!/bin/sh
while true; do
    firefox -kiosk https://time.gov/
done
EOF

cat > /etc/gdm/custom.conf << EOF
#Enable autologin for the user core
# GDM configuration storage
[daemon]
# Uncomment the line below to force the login screen to use Xorg
#WaylandEnable=false
AutomaticLogin=core
AutomaticLoginEnable=True
[security]
[xdmcp]
[chooser]
[debug]
# Uncomment the line below to turn on debugging
#Enable=true
EOF

chown -R core:core /home/core/
chmod u+x /home/core/.local/bin/gnome-kiosk-script
systemctl set-default graphical

%end