lang en_US.UTF-8
keyboard us
timezone Etc/UTC
rootpw --plaintext provision123

{% if device.run_request.settings.type == "ostree" %}
# TODO: Figure out how to bootstrap this, and enable GPG checking here
# https://github.com/projectatomic/rpm-ostree/issues/190
ostreesetup --nogpg --osname={{ device.run_request.settings.ostree.osname }} --remote={{ device.run_request.settings.ostree.remote }} --url={{ device.run_request.settings.ostree.repo }} --ref={{ device.run_request.settings.ostree.ref }}
{% endif %}

{% if device.run_request.settings.clear_parts %}
clearpart --all --initlabel
zerombr
reqpart
part --fstype=ext4 --label=boot --size=1024 /boot
part pv.01 --size=1024 --grow --encrypted --luks-version=luks2 --passphrase=provision123
volgroup iotvg pv.01
logvol / --vgname=iotvg --fstype=ext4 --label=root --name=root --percent 100
{% endif %}

reboot
install


%post
{% if device.run_request.settings.type == "ostree" %}
sed -i -e "s/gpg-verify=false/gpg-verify=true/" /etc/ostree/remotes.d/{{ device.run_request.settings.ostree.remote }}.conf
echo "gpgkeypath=/etc/pki/rpm-gpg/" >>/etc/ostree/remotes.d/{{ device.run_request.settings.ostree.remote }}.conf
echo "contenturl=mirrorlist=https://ostree.fedoraproject.org/iot/mirrorlist" >>/etc/ostree/remotes.d/{{ device.run_request.settings.ostree.remote }}.conf
{% endif %}

echo "provision123" | clevis luks bind -d /dev/sda3 tpm2 '{}' -k -

curl --fail :urls.base:netboot/postboot/:mac_addr:
%end
