| #_preseed_V1 |
| {# |
| SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org> |
| SPDX-License-Identifier: Apache-2.0 |
| #} |
| # preseed docs: https://help.ubuntu.com/18.04/installation-guide/amd64/apbs04.html |
| |
| # enable automatic install |
| d-i auto-install/enable boolean true |
| |
| # ask only critical level questions |
| d-i debconf/priority select critical |
| |
| # locale and keyboard |
| d-i debian-installer/locale string en_US.UTF-8 |
| d-i console-setup/ask_detect boolean false |
| d-i keyboard-configuration/xkb-keymap select us |
| |
| # clock |
| d-i clock-setup/utc boolean true |
| d-i time/zone string Etc/UTC |
| d-i clock-setup/ntp boolean true |
| d-i clock-setup/ntp-server string ntp.ubuntu.com |
| |
| # network and hostname |
| {% if 'iface' in item %} |
| d-i netcfg/choose_interface select {{ item['iface'] }} |
| {% else %} |
| d-i netcfg/choose_interface select auto |
| {% endif %} |
| d-i netcfg/hostname string {{ item['hostname'] }} |
| d-i netcfg/get_domain string {{ item['domain'] }} |
| d-i hw-detect/load_firmware boolean true |
| |
| ## Storage |
| # overwrite previous partitions |
| d-i partman-lvm/device_remove_lvm boolean true |
| d-i partman-lvm/confirm boolean true |
| d-i partman-lvm/confirm_nooverwrite boolean true |
| d-i partman-md/device_remove_md boolean true |
| d-i partman-md/confirm boolean true |
| |
| # use lvm |
| d-i partman-auto/method string lvm |
| d-i partman-auto/init_automatically_partition select biggest_free |
| d-i partman-auto-lvm/guided_size string max |
| d-i partman-auto-lvm/new_vg_name string primary |
| |
| # use gpt |
| d-i partman-basicfilesystems/choose_label string gpt |
| d-i partman-basicfilesystems/default_label string gpt |
| d-i partman-partitioning/choose_label string gpt |
| d-i partman-partitioning/default_label string gpt |
| d-i partman/choose_label string gpt |
| d-i partman/default_label string gpt |
| |
| # use ext4 |
| d-i partman/default_filesystem string ext4 |
| |
| # partitioning |
| d-i partman-auto/choose_recipe select atomic |
| d-i partman-partitioning/confirm_write_new_label boolean true |
| d-i partman/alignment select optimal |
| d-i partman/choose_partition select finish |
| d-i partman/confirm boolean true |
| d-i partman/confirm_nooverwrite boolean true |
| |
| ### Do NOT install on the USB stick(!) |
| # |
| # The Debian installer will install on the first disk it finds which can |
| # sometimes be the USB stick itself. Work around this by rolling our own auto |
| # detect logic which disallows installing on USB devices. |
| # |
| # Also, fix issue with grub hang on install |
| # https://bugs.launchpad.net/ubuntu/+source/os-prober/+bug/1663645 |
| d-i partman/early_command string \ |
| USBDEV_LIST="$(mktemp)"; \ |
| list-devices usb-partition | sed "s/\(.*\)./\1/" > "$USBDEV_LIST"; \ |
| BOOTDEV="$(list-devices disk | grep -vf "$USBDEV_LIST" | head -n 1)"; \ |
| debconf-set partman-auto/disk "$BOOTDEV"; \ |
| debconf-set grub-installer/bootdev "$BOOTDEV"; \ |
| while /bin/true; do sleep 0.01; rm -f /target/etc/grub.d/30_os-prober; done & |
| |
| d-i grub-installer/only_debian boolean true |
| |
| ## Software |
| # install mirror |
| d-i mirror/country string manual |
| d-i mirror/protocol select http |
| d-i mirror/http/hostname string us.archive.ubuntu.com |
| d-i mirror/http/directory string /ubuntu |
| d-i mirror/http/proxy string |
| |
| # Use the HWE kernel |
| d-i base-installer/kernel/image select linux-generic-hwe-18.04 |
| base-installer base-installer/kernel/image select linux-generic-hwe-18.04 |
| |
| # install openssh and python3 |
| d-i pkgsel/include string openssh-server python3 |
| |
| # don't install any predefined package groups |
| d-i tasksel/first multiselect none |
| |
| # upgrade all packages on install |
| d-i pkgsel/upgrade select full-upgrade |
| |
| # don't allow root login over SSH |
| openssh-server openssh-server/permit-root-login boolean true |
| openssh-server openssh-server/password-authentication boolean true |
| |
| # don't automatically install updates on running system |
| pkgsel pkgsel/update-policy select none |
| |
| # verbose boot, no splashscreen |
| d-i debian-installer/quiet boolean false |
| d-i debian-installer/splash boolean false |
| |
| ## Users |
| # disable root account |
| d-i passwd/root-login boolean false |
| d-i passwd/root-password-crypted password !! |
| |
| # create user |
| d-i passwd/username string onfadmin |
| d-i passwd/user-fullname string ONFAdmin |
| d-i passwd/user-password-crypted password {{ preseed_onfadmin_pw_crypt }} |
| |
| # add SSH pubkey key to user, secure SSHd |
| d-i preseed/late_command string \ |
| in-target mkdir -p --mode=0700 /home/onfadmin/.ssh ;\ |
| in-target sh -c 'echo "{{ preseed_onfadmin_ssh_pubkey }}" > /home/onfadmin/.ssh/authorized_keys';\ |
| in-target chmod 0600 /home/onfadmin/.ssh/authorized_keys;\ |
| in-target chown -R onfadmin:onfadmin /home/onfadmin/.ssh;\ |
| in-target sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/g' /etc/ssh/sshd_config;\ |
| in-target sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config; |
| |
| ## Reboot |
| d-i finish-install/reboot_in_progress note |