Zack Williams | d1ee626 | 2022-05-19 15:29:40 -0700 | [diff] [blame^] | 1 | #_preseed_V1 |
| 2 | {# |
| 3 | SPDX-FileCopyrightText: © 2022 Open Networking Foundation <support@opennetworking.org> |
| 4 | SPDX-License-Identifier: Apache-2.0 |
| 5 | #} |
| 6 | # docs https://www.debian.org/releases/stable/amd64/apb.en.html |
| 7 | |
| 8 | # enable automatic install |
| 9 | d-i auto-install/enable boolean true |
| 10 | |
| 11 | # ask only critical level questions |
| 12 | d-i debconf/priority select critical |
| 13 | |
| 14 | # locale and keyboard |
| 15 | d-i debian-installer/locale string en_US.UTF-8 |
| 16 | d-i console-setup/ask_detect boolean false |
| 17 | d-i keyboard-configuration/xkb-keymap select us |
| 18 | |
| 19 | # clock |
| 20 | d-i clock-setup/utc boolean true |
| 21 | d-i time/zone string Etc/UTC |
| 22 | d-i clock-setup/ntp boolean true |
| 23 | d-i clock-setup/ntp-server string pool.ntp.org |
| 24 | |
| 25 | # network and hostname |
| 26 | {% if 'iface' in item %} |
| 27 | d-i netcfg/choose_interface select {{ item['iface'] }} |
| 28 | {% else %} |
| 29 | d-i netcfg/choose_interface select auto |
| 30 | {% endif %} |
| 31 | d-i netcfg/hostname string {{ item['hostname'] }} |
| 32 | d-i netcfg/get_domain string {{ item['domain'] }} |
| 33 | |
| 34 | # load network card firmware |
| 35 | d-i hw-detect/load_firmware boolean true |
| 36 | |
| 37 | ## Storage |
| 38 | # overwrite previous partitions |
| 39 | d-i partman-lvm/device_remove_lvm boolean true |
| 40 | d-i partman-lvm/confirm boolean true |
| 41 | d-i partman-lvm/confirm_nooverwrite boolean true |
| 42 | d-i partman-md/device_remove_md boolean true |
| 43 | d-i partman-md/confirm boolean true |
| 44 | |
| 45 | # use lvm |
| 46 | d-i partman-auto/method string lvm |
| 47 | d-i partman-auto/init_automatically_partition select biggest_free |
| 48 | d-i partman-auto-lvm/guided_size string max |
| 49 | d-i partman-auto-lvm/new_vg_name string primary |
| 50 | |
| 51 | # use gpt |
| 52 | d-i partman-basicfilesystems/choose_label string gpt |
| 53 | d-i partman-basicfilesystems/default_label string gpt |
| 54 | d-i partman-partitioning/choose_label string gpt |
| 55 | d-i partman-partitioning/default_label string gpt |
| 56 | d-i partman/choose_label string gpt |
| 57 | d-i partman/default_label string gpt |
| 58 | |
| 59 | # use ext4 |
| 60 | d-i partman/default_filesystem string ext4 |
| 61 | |
| 62 | # partitioning |
| 63 | d-i partman-auto/choose_recipe select atomic |
| 64 | d-i partman-partitioning/confirm_write_new_label boolean true |
| 65 | d-i partman/alignment select optimal |
| 66 | d-i partman/choose_partition select finish |
| 67 | d-i partman/confirm boolean true |
| 68 | d-i partman/confirm_nooverwrite boolean true |
| 69 | |
| 70 | # configure grub |
| 71 | # install to first disk |
| 72 | d-i grub-installer/bootdev string /dev/sda |
| 73 | d-i grub-installer/with_other_os boolean true |
| 74 | d-i grub-installer/only_debian boolean true |
| 75 | d-i grub-installer/make_active boolean true |
| 76 | d-i grub-installer/skip boolean false |
| 77 | |
| 78 | ## Software |
| 79 | # mirror |
| 80 | d-i mirror/country string manual |
| 81 | d-i mirror/http/hostname string http.us.debian.org |
| 82 | d-i mirror/http/directory string /debian |
| 83 | d-i mirror/http/proxy string |
| 84 | |
| 85 | # base install |
| 86 | d-i base-installer/install-recommends boolean false |
| 87 | |
| 88 | # install only the standard system utils |
| 89 | tasksel tasksel/first multiselect standard, ssh-server |
| 90 | |
| 91 | # install python3 |
| 92 | d-i pkgsel/include string python3 |
| 93 | |
| 94 | # upgrade all packages on install |
| 95 | d-i pkgsel/upgrade select full-upgrade |
| 96 | |
| 97 | # include nonfree |
| 98 | d-i apt-setup/non-free boolean true |
| 99 | |
| 100 | # don't use popcon |
| 101 | popularity-contest popularity-contest/participate boolean false |
| 102 | |
| 103 | # don't allow root login over SSH |
| 104 | openssh-server openssh-server/permit-root-login boolean true |
| 105 | openssh-server openssh-server/password-authentication boolean true |
| 106 | |
| 107 | # verbose boot, no splashscreen |
| 108 | d-i debian-installer/quiet boolean false |
| 109 | d-i debian-installer/splash boolean false |
| 110 | |
| 111 | ## Users |
| 112 | # disable root account |
| 113 | d-i passwd/root-login boolean false |
| 114 | d-i passwd/root-password-crypted password !! |
| 115 | |
| 116 | # create user |
| 117 | d-i passwd/username string onfadmin |
| 118 | d-i passwd/user-fullname string ONFAdmin |
| 119 | d-i passwd/user-password-crypted password {{ preseed_onfadmin_pw_crypt }} |
| 120 | |
| 121 | # add SSH pubkey key to user, secure SSHd |
| 122 | d-i preseed/late_command string \ |
| 123 | in-target mkdir -p --mode=0700 /home/onfadmin/.ssh ;\ |
| 124 | in-target sh -c 'echo "{{ preseed_onfadmin_ssh_pubkey }}" > /home/onfadmin/.ssh/authorized_keys';\ |
| 125 | in-target chmod 0600 /home/onfadmin/.ssh/authorized_keys;\ |
| 126 | in-target chown -R onfadmin:onfadmin /home/onfadmin/.ssh;\ |
| 127 | in-target sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/g' /etc/ssh/sshd_config;\ |
| 128 | in-target sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config; |
| 129 | |
| 130 | ## Reboot |
| 131 | d-i finish-install/reboot_in_progress note |