Zack Williams | 5b5d9a7 | 2020-11-06 13:59:06 -0700 | [diff] [blame^] | 1 | #_preseed_V1 |
| 2 | {# |
| 3 | SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org> |
| 4 | SPDX-License-Identifier: Apache-2.0 |
| 5 | #} |
| 6 | # preseed docs: https://help.ubuntu.com/18.04/installation-guide/amd64/apbs04.html |
| 7 | |
| 8 | # enable automatic install |
| 9 | d-i auto-install/enable boolean true |
| 10 | |
| 11 | # ask only critical level questions |
| 12 | d-i debconf/priority select critical |
| 13 | |
| 14 | # locale and keyboard |
| 15 | d-i debian-installer/locale string en_US.UTF-8 |
| 16 | d-i console-setup/ask_detect boolean false |
| 17 | d-i keyboard-configuration/xkb-keymap select us |
| 18 | |
| 19 | # clock |
| 20 | d-i clock-setup/utc boolean true |
| 21 | d-i time/zone string Etc/UTC |
| 22 | d-i clock-setup/ntp boolean true |
| 23 | d-i clock-setup/ntp-server string ntp.ubuntu.com |
| 24 | |
| 25 | # network and hostname |
| 26 | d-i netcfg/choose_interface select auto |
| 27 | d-i netcfg/hostname string {{ item['hostname'] }} |
| 28 | d-i netcfg/domain string {{ item['domain'] }} |
| 29 | d-i hw-detect/load_firmware boolean true |
| 30 | |
| 31 | ## Storage |
| 32 | # overwrite previous partitions |
| 33 | d-i partman-lvm/device_remove_lvm boolean true |
| 34 | d-i partman-lvm/confirm boolean true |
| 35 | d-i partman-lvm/confirm_nooverwrite boolean true |
| 36 | d-i partman-md/device_remove_md boolean true |
| 37 | d-i partman-md/confirm boolean true |
| 38 | |
| 39 | # use lvm |
| 40 | d-i partman-auto/method string lvm |
| 41 | d-i partman-auto/init_automatically_partition select biggest_free |
| 42 | d-i partman-auto-lvm/guided_size string max |
| 43 | d-i partman-auto-lvm/new_vg_name string primary |
| 44 | |
| 45 | # use gpt |
| 46 | d-i partman-basicfilesystems/choose_label string gpt |
| 47 | d-i partman-basicfilesystems/default_label string gpt |
| 48 | d-i partman-partitioning/choose_label string gpt |
| 49 | d-i partman-partitioning/default_label string gpt |
| 50 | d-i partman/choose_label string gpt |
| 51 | d-i partman/default_label string gpt |
| 52 | |
| 53 | # use ext4 |
| 54 | d-i partman/default_filesystem string ext4 |
| 55 | |
| 56 | # partitioning |
| 57 | d-i partman-auto/choose_recipe select atomic |
| 58 | d-i partman-partitioning/confirm_write_new_label boolean true |
| 59 | d-i partman/alignment select optimal |
| 60 | d-i partman/choose_partition select finish |
| 61 | d-i partman/confirm boolean true |
| 62 | d-i partman/confirm_nooverwrite boolean true |
| 63 | |
| 64 | # fix issue with grub hang on install |
| 65 | # https://bugs.launchpad.net/ubuntu/+source/os-prober/+bug/1663645 |
| 66 | d-i partman/early_command string \ |
| 67 | while /bin/true; do sleep 0.01; rm -f /target/etc/grub.d/30_os-prober; done & |
| 68 | |
| 69 | d-i grub-installer/only_debian boolean true |
| 70 | |
| 71 | ## Software |
| 72 | # install mirror |
| 73 | d-i mirror/country string manual |
| 74 | d-i mirror/protocol select http |
| 75 | d-i mirror/http/hostname string us.archive.ubuntu.com |
| 76 | d-i mirror/http/directory string /ubuntu |
| 77 | d-i mirror/http/proxy string |
| 78 | |
| 79 | # Use the HWE kernel |
| 80 | d-i base-installer/kernel/image select linux-generic-hwe-18.04 |
| 81 | base-installer base-installer/kernel/image select linux-generic-hwe-18.04 |
| 82 | |
| 83 | # install openssh and python3 |
| 84 | d-i pkgsel/include string openssh-server python3 |
| 85 | |
| 86 | # don't install any predefined package groups |
| 87 | d-i tasksel/first multiselect none |
| 88 | |
| 89 | # upgrade all packages on install |
| 90 | d-i pkgsel/upgrade select full-upgrade |
| 91 | |
| 92 | # don't allow root login over SSH |
| 93 | openssh-server openssh-server/permit-root-login boolean true |
| 94 | openssh-server openssh-server/password-authentication boolean true |
| 95 | |
| 96 | # don't automatically install updates on running system |
| 97 | pkgsel pkgsel/update-policy select none |
| 98 | |
| 99 | # verbose boot, no splashscreen |
| 100 | d-i debian-installer/quiet boolean false |
| 101 | d-i debian-installer/splash boolean false |
| 102 | |
| 103 | ## Users |
| 104 | # disable root account |
| 105 | d-i passwd/root-login boolean false |
| 106 | d-i passwd/root-password-crypted password !! |
| 107 | |
| 108 | # create user |
| 109 | d-i passwd/username string onfadmin |
| 110 | d-i passwd/user-fullname string ONFAdmin |
| 111 | d-i passwd/user-password-crypted password {{ preseed_onfadmin_pw_crypt }} |
| 112 | |
| 113 | # add SSH pubkey key to user, secure SSHd |
| 114 | d-i preseed/late_command string \ |
| 115 | in-target mkdir -p --mode=0700 /home/onfadmin/.ssh ;\ |
| 116 | in-target sh -c 'echo "{{ preseed_onfadmin_ssh_pubkey }}" > /home/onfadmin/.ssh/authorized_keys';\ |
| 117 | in-target chmod 0600 /home/onfadmin/.ssh/authorized_keys;\ |
| 118 | in-target chown -R onfadmin:onfadmin /home/onfadmin/.ssh;\ |
| 119 | in-target sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/g' /etc/ssh/sshd_config;\ |
| 120 | in-target sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config; |
| 121 | |
| 122 | ## Reboot |
| 123 | d-i finish-install/reboot_in_progress note |