enable_services='NetworkManager sshd rsyslog chronyd cloud-init cloud-init-local cloud-config cloud-final rngd'
systemctl enable $enable_services
sed -i 's/^SELINUX=/SELINUX=enforcing/' /etc/sysconfig/selinux
# Lockout root
passwd -d root
passwd -l root
......@@ -9,9 +14,6 @@ rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
echo .
# Ensure sshd
systemctl enable sshd
# Remove unneeded firmware
dnf -C -y remove linux-firmware
......@@ -66,6 +68,8 @@ EOF
systemctl mask tmp.mount
grubby --update-kernel=ALL --args="console=ttyS0,115200n8 no_timer_check crashkernel=auto net.ifnames=0"
cat <<EOL > /etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
......@@ -14,3 +14,23 @@ rm -f /var/lib/dnf/history.*
rm -fr /var/log/* /tmp/* /tmp/.*
for dir in $(ls -d /usr/share/{locale,i18n}/* | grep -v 'en_US\|all_languages\|locale\.alias'); do rm -fr $dir; done
# systemd fixes
umount /run
systemd-tmpfiles --create --boot
# mask mounts and login bits
systemctl mask \
console-getty.service \
dev-hugepages.mount \
getty.target \
sys-fs-fuse-connections.mount \
systemd-logind.service \
# Cleanup the image
rm -f /etc/udev/hwdb.bin
rm -rf /usr/lib/udev/hwdb.d/ \
/boot /var/lib/dnf/history.* \
/tmp/* /tmp/.*
