SUSE IT needs help from fellow geekos with release engineering skills to define the requirements, process, infrastructure, and tools for building an openSUSE-based distribution bundled with SUSE IT-supported application stack. The resulting OS build will be offered as a standard distribution for new SUSE employees in addition to the existing Operating System library.
- Define requirements (and name) for the build.
- Selected features implemented for the MVP.
- Define a process for updating the image with the future releases of openSUSE.
- Identify and deploy required infrastructure and repositories.
- Produce an installable OS image that can be used by volunteers across the company.
- Document everything.
- Have a lot of fun in the process.
- the deployment do the end-user machine is unattended
- machine has disk encrypted
- once the machine is provisioned, it is added to asset DB (serial number + asset owner)
- productivity tools are installed
- Details are tracked here: https://en.opensuse.org/Portal:Leap:CSBRequirements
About combustion https://en.opensuse.org/Portal:MicroOS/Combustion
- set root password (by default unset)
- enforce that user has to specify root password while using sudo (root access controlled by SUSE IT)
- change the default btrfs/luks password (set to suse-it by default). This part doesn't work for some reason.
The rest of the configuration will be done by the user as part of the first boot. This is handled by gnome-initial-setup.
Once the gnome-initial-setup is finished and network connectivity is established, additional SUSE-it pre-selected non-rpm software will be deployed via mod-firstboot. This is handled by gnome-branding-Leap.
Copy combustion directory from this git repo on a root of flash drive formatted as ext4 disk has to be labeled as "ignition".
Tweak password for luks and root in the config script on the USB drive.
Ensure that the USB drive is plugged on the first boot to the employee machine.
The machine will be rebooted afterward due to a one-shot reboot service (livecd/openSUSE/config.sh).
Perhaps you could do what Vadim did with fido?
TODO: do not print debug output into /etc/issue.d/combustion
Big thanks to Richard Brown and his work on MicroOS, as this is heavily based on his setup.