blob: 3212a14bae377c10a6fdcf97946e875b05ec7785 [file] [log] [blame]
#_preseed_V1
{#
SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
SPDX-License-Identifier: Apache-2.0
#}
# preseed docs: https://help.ubuntu.com/18.04/installation-guide/amd64/apbs04.html
# enable automatic install
d-i auto-install/enable boolean true
# ask only critical level questions
d-i debconf/priority select critical
# locale and keyboard
d-i debian-installer/locale string en_US.UTF-8
d-i console-setup/ask_detect boolean false
d-i keyboard-configuration/xkb-keymap select us
# clock
d-i clock-setup/utc boolean true
d-i time/zone string Etc/UTC
d-i clock-setup/ntp boolean true
d-i clock-setup/ntp-server string ntp.ubuntu.com
# network and hostname
d-i netcfg/choose_interface select auto
d-i netcfg/hostname string {{ item['hostname'] }}
d-i netcfg/get_domain string {{ item['domain'] }}
d-i hw-detect/load_firmware boolean true
## Storage
# overwrite previous partitions
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
d-i partman-md/device_remove_md boolean true
d-i partman-md/confirm boolean true
# use lvm
d-i partman-auto/method string lvm
d-i partman-auto/init_automatically_partition select biggest_free
d-i partman-auto-lvm/guided_size string max
d-i partman-auto-lvm/new_vg_name string primary
# use gpt
d-i partman-basicfilesystems/choose_label string gpt
d-i partman-basicfilesystems/default_label string gpt
d-i partman-partitioning/choose_label string gpt
d-i partman-partitioning/default_label string gpt
d-i partman/choose_label string gpt
d-i partman/default_label string gpt
# use ext4
d-i partman/default_filesystem string ext4
# partitioning
d-i partman-auto/choose_recipe select atomic
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/alignment select optimal
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
### Do NOT install on the USB stick(!)
#
# The Debian installer will install on the first disk it finds which can
# sometimes be the USB stick itself. Work around this by rolling our own auto
# detect logic which disallows installing on USB devices.
#
# Also, fix issue with grub hang on install
# https://bugs.launchpad.net/ubuntu/+source/os-prober/+bug/1663645
d-i partman/early_command string \
USBDEV_LIST="$(mktemp)"; \
list-devices usb-partition | sed "s/\(.*\)./\1/" > "$USBDEV_LIST"; \
BOOTDEV="$(list-devices disk | grep -vf "$USBDEV_LIST" | head -n 1)"; \
debconf-set partman-auto/disk "$BOOTDEV"; \
debconf-set grub-installer/bootdev "$BOOTDEV"; \
while /bin/true; do sleep 0.01; rm -f /target/etc/grub.d/30_os-prober; done &
d-i grub-installer/only_debian boolean true
## Software
# install mirror
d-i mirror/country string manual
d-i mirror/protocol select http
d-i mirror/http/hostname string us.archive.ubuntu.com
d-i mirror/http/directory string /ubuntu
d-i mirror/http/proxy string
# Use the HWE kernel
d-i base-installer/kernel/image select linux-generic-hwe-18.04
base-installer base-installer/kernel/image select linux-generic-hwe-18.04
# install openssh and python3
d-i pkgsel/include string openssh-server python3
# don't install any predefined package groups
d-i tasksel/first multiselect none
# upgrade all packages on install
d-i pkgsel/upgrade select full-upgrade
# don't allow root login over SSH
openssh-server openssh-server/permit-root-login boolean true
openssh-server openssh-server/password-authentication boolean true
# don't automatically install updates on running system
pkgsel pkgsel/update-policy select none
# verbose boot, no splashscreen
d-i debian-installer/quiet boolean false
d-i debian-installer/splash boolean false
## Users
# disable root account
d-i passwd/root-login boolean false
d-i passwd/root-password-crypted password !!
# create user
d-i passwd/username string onfadmin
d-i passwd/user-fullname string ONFAdmin
d-i passwd/user-password-crypted password {{ preseed_onfadmin_pw_crypt }}
# add SSH pubkey key to user, secure SSHd
d-i preseed/late_command string \
in-target mkdir -p --mode=0700 /home/onfadmin/.ssh ;\
in-target sh -c 'echo "{{ preseed_onfadmin_ssh_pubkey }}" > /home/onfadmin/.ssh/authorized_keys';\
in-target chmod 0600 /home/onfadmin/.ssh/authorized_keys;\
in-target chown -R onfadmin:onfadmin /home/onfadmin/.ssh;\
in-target sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/g' /etc/ssh/sshd_config;\
in-target sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config;
## Reboot
d-i finish-install/reboot_in_progress note