From b0653f0f119e147acb19e5f30f2be6a6dfb2209b Mon Sep 17 00:00:00 2001 From: Thomas de Roo Date: Tue, 25 Apr 2023 13:33:46 +0200 Subject: [PATCH] 1e commit --- bookworm/preseed.cfg | 280 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 280 insertions(+) create mode 100644 bookworm/preseed.cfg diff --git a/bookworm/preseed.cfg b/bookworm/preseed.cfg new file mode 100644 index 0000000..e1307c3 --- /dev/null +++ b/bookworm/preseed.cfg @@ -0,0 +1,280 @@ +# Preseeding only locale sets language, country and locale. +d-i debian-installer/locale string en_US + +# Keyboard selection. +d-i keyboard-configuration/xkb-keymap select us + +# netcfg will choose an interface that has link if possible. This makes it +# skip displaying a list if there is more than one interface. +d-i netcfg/choose_interface select auto + +# Any hostname and domain names assigned from dhcp take precedence over +# values set here. However, setting the values still prevents the questions +# from being shown, even if values come from dhcp. +d-i netcfg/get_hostname string unassigned-hostname +d-i netcfg/get_domain string de-roo.org + +# Disable that annoying WEP key dialog. +d-i netcfg/wireless_wep string + +# If you want to completely disable firmware lookup (i.e. not use firmware +# files or packages that might be available on installation images): +d-i hw-detect/firmware-lookup string never + +# If non-free firmware is needed for the network or other hardware, you can +# configure the installer to always try to load it, without prompting. Or +# change to false to disable asking. +d-i hw-detect/load_firmware boolean false + +# Mirror protocol: +# If you select ftp, the mirror/country string does not need to be set. +# Default value for the mirror protocol: http. +#d-i mirror/protocol string ftp +d-i mirror/country string manual +d-i mirror/http/hostname string http.us.debian.org +d-i mirror/http/directory string /debian +d-i mirror/http/proxy string + +# Suite to install. +#d-i mirror/suite string testing +# Suite to use for loading installer components (optional). +#d-i mirror/udeb/suite string testing + +# Root password, either in clear text +#d-i passwd/root-password password XXXXXX +#d-i passwd/root-password-again password XXXXXXXXXX +# or encrypted using a crypt(3) hash. +d-i passwd/root-password-crypted password $6$7klXgiEOpN8ow0c4$ggqgPxulpjnVT7Poc35GD0WK14lzC8QQjEw42V21VYRBg9DIL/.QuhrOIc..NB/KMUcB3Ig8aJnIzt/H15X7n. + +# To create a normal user account. +d-i passwd/user-fullname string Systeembeheerder +d-i passwd/username string beheer +# Normal user's password, either in clear text +#d-i passwd/user-password password XXXXXXX +#d-i passwd/user-password-again password XXXXX +# or encrypted using a crypt(3) hash. +d-i passwd/user-password-crypted password $6$/gPzILK1xVXt4K1K$EJpbyxcjeiRJnZVEzRAXZvuGEZ2O5F9fCKCYGJXqXKHpVUDz3S9WZOZ8Bh9g8tnTfJX3uhCzvr/mrj70oUlXj0 +# Create the first user with the specified UID instead of the default. +#d-i passwd/user-uid string 1010 + +### Clock and time zone setup +# Controls whether or not the hardware clock is set to UTC. +d-i clock-setup/utc boolean true + +# You may set this to any valid setting for $TZ; see the contents of +# /usr/share/zoneinfo/ for valid values. +d-i time/zone string Europe/Amsterdam + +# Controls whether to use NTP to set the clock during the install +d-i clock-setup/ntp boolean true +# NTP server to use. The default is almost always fine here. +#d-i clock-setup/ntp-server string ntp.example.com + +# If the system has free space you can choose to only partition that space. +# This is only honoured if partman-auto/method (below) is not set. +#d-i partman-auto/init_automatically_partition select biggest_free + +# Alternatively, you may specify a disk to partition. If the system has only +# one disk the installer will default to using that, but otherwise the device +# name must be given in traditional, non-devfs format (so e.g. /dev/sda +# and not e.g. /dev/discs/disc0/disc). +# For example, to use the first SCSI/SATA hard disk: +#d-i partman-auto/disk string /dev/sda +# In addition, you'll need to specify the method to use. +# The presently available methods are: +# - regular: use the usual partition types for your architecture +# - lvm: use LVM to partition the disk +# - crypto: use LVM within an encrypted partition +d-i partman-auto/method string lvm + +# You can define the amount of space that will be used for the LVM volume +# group. It can either be a size with its unit (eg. 20 GB), a percentage of +# free space or the 'max' keyword. +d-i partman-auto-lvm/guided_size string max + +# If one of the disks that are going to be automatically partitioned +# contains an old LVM configuration, the user will normally receive a +# warning. This can be preseeded away... +d-i partman-lvm/device_remove_lvm boolean true +# The same applies to pre-existing software RAID array: +d-i partman-md/device_remove_md boolean true +# And the same goes for the confirmation to write the lvm partitions. +d-i partman-lvm/confirm boolean true +d-i partman-lvm/confirm_nooverwrite boolean true + +# You can choose one of the three predefined partitioning recipes: +# - atomic: all files in one partition +# - home: separate /home partition +# - multi: separate /home, /var, and /tmp partitions +d-i partman-auto/choose_recipe select atomic + +# Or provide a recipe of your own... +# If you have a way to get a recipe file into the d-i environment, you can +# just point at it. +#d-i partman-auto/expert_recipe_file string /hd-media/recipe + +# If not, you can put an entire recipe into the preconfiguration file in one +# (logical) line. This example creates a small /boot partition, suitable +# swap, and uses the rest of the space for the root partition: +#d-i partman-auto/expert_recipe string \ +# boot-root :: \ +# 40 50 100 ext3 \ +# $primary{ } $bootable{ } \ +# method{ format } format{ } \ +# use_filesystem{ } filesystem{ ext3 } \ +# mountpoint{ /boot } \ +# . \ +# 500 10000 1000000000 ext3 \ +# method{ format } format{ } \ +# use_filesystem{ } filesystem{ ext3 } \ +# mountpoint{ / } \ +# . \ +# 64 512 300% linux-swap \ +# method{ swap } format{ } \ +# . + +# The full recipe format is documented in the file partman-auto-recipe.txt +# included in the 'debian-installer' package or available from D-I source +# repository. This also documents how to specify settings such as file +# system labels, volume group names and which physical devices to include +# in a volume group. + +## Partitioning for EFI +# If your system needs an EFI partition you could add something like +# this to the recipe above, as the first element in the recipe: +# 538 538 1075 free \ +# $iflabel{ gpt } \ +# $reusemethod{ } \ +# method{ efi } \ +# format{ } \ +# . \ +# +# The fragment above is for the amd64 architecture; the details may be +# different on other architectures. The 'partman-auto' package in the +# D-I source repository may have an example you can follow. + +# This makes partman automatically partition without confirmation, provided +# that you told it what to do using one of the methods above. +d-i partman-partitioning/confirm_write_new_label boolean true +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true + +# Force UEFI booting ('BIOS compatibility' will be lost). Default: false. +#d-i partman-efi/non_efi_system boolean true +# Ensure the partition table is GPT - this is required for EFI +#d-i partman-partitioning/choose_label select gpt +#d-i partman-partitioning/default_label string gpt + +# When disk encryption is enabled, skip wiping the partitions beforehand. +#d-i partman-auto-crypto/erase_disks boolean false + +# Choose, if you want to scan additional installation media +# (default: false). +d-i apt-setup/cdrom/set-first boolean false +# You can choose to install non-free firmware. +d-i apt-setup/non-free-firmware boolean true +# You can choose to install non-free and contrib software. +d-i apt-setup/non-free boolean true +d-i apt-setup/contrib boolean true +# Uncomment the following line, if you don't want to have the sources.list +# entry for a DVD/BD installation image active in the installed system +# (entries for netinst or CD images will be disabled anyway, regardless of +# this setting). +#d-i apt-setup/disable-cdrom-entries boolean true +# Uncomment this if you don't want to use a network mirror. +#d-i apt-setup/use_mirror boolean false +# Select which update services to use; define the mirrors to be used. +# Values shown below are the normal defaults. +#d-i apt-setup/services-select multiselect security, updates +#d-i apt-setup/security_host string security.debian.org + +# Additional repositories, local[0-9] available +#d-i apt-setup/local0/repository string \ +# http://local.server/debian stable main +#d-i apt-setup/local0/comment string local server +# Enable deb-src lines +#d-i apt-setup/local0/source boolean true +# URL to the public key of the local repository; you must provide a key or +# apt will complain about the unauthenticated repository and so the +# sources.list line will be left commented out. +#d-i apt-setup/local0/key string http://local.server/key +# or one can provide it in-line by base64 encoding the contents of the +# key file (with `base64 -w0`) and specifying it thus: +#d-i apt-setup/local0/key string base64://LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCi4uLgo= +# The content of the key file is checked to see if it appears to be ASCII-armoured. +# If so it will be saved with an ".asc" extension, otherwise it gets a '.gpg' extension. +# "keybox database" format is currently not supported. (see generators/60local in apt-setup's source) + +# By default the installer requires that repositories be authenticated +# using a known gpg key. This setting can be used to disable that +# authentication. Warning: Insecure, not recommended. +#d-i debian-installer/allow_unauthenticated boolean true + +# Uncomment this to add multiarch configuration for i386 +#d-i apt-setup/multiarch string i386 + +### Package selection +#tasksel tasksel/first multiselect standard, web-server, kde-desktop +tasksel tasksel/first select ssh-server +d-i pkgsel/include string openssh-server vim screen mc ntp krb5-user samba samba-common sssd sudo postfix bsd-mailx nfs-client snmpd realmd packagekit figlet + +# Individual additional packages to install +#d-i pkgsel/include string openssh-server build-essential +# Whether to upgrade packages after debootstrap. +# Allowed values: none, safe-upgrade, full-upgrade +#d-i pkgsel/upgrade select none + +# Some versions of the installer can report back on what software you have +# installed, and what software you use. The default is not to report back, +# but sending reports helps the project determine what software is most +# popular and include it on CDs. +popularity-contest popularity-contest/participate boolean false + +samba-common samba-common/do_debconf boolean true +samba-common samba-common/workgroup string WORKGROUP +samba-common samba-common/dhcp boolean false +postfix postfix/main_cf_conversion_warning boolean true +postfix postfix/root_address string +postfix postfix/compat_conversion_warning boolean true +postfix postfix/tlsmgr_upgrade_warning boolean +postfix postfix/relayhost string smtp.de-roo.org +postfix postfix/dynamicmaps_conversion_warning boolean +postfix postfix/sqlite_warning boolean +postfix postfix/mydomain_warning boolean +postfix postfix/rfc1035_violation boolean false +postfix postfix/chattr boolean false +postfix postfix/mailbox_limit string 0 +postfix postfix/not_configured error +postfix postfix/destinations string $myhostname, $myhostname.de-roo.org, localhost.de-roo.org, localhost +postfix postfix/kernel_version_warning boolean +postfix postfix/protocols select all +postfix postfix/main_mailer_type select Satellite system +postfix postfix/mynetworks string 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 +postfix postfix/retry_upgrade_warning boolean +postfix postfix/recipient_delim string + +postfix postfix/bad_recipient_delimiter error +postfix postfix/mailname string $myhostname.de-roo.org +postfix postfix/relay_restrictions_warning boolean +postfix postfix/newaliases boolean false +postfix postfix/lmtp_retired_warning boolean true +postfix postfix/procmail boolean false + +d-i preseed/late_command string \ + mkdir -p -m 700 /target/root/.ssh; \ + echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgygLN0NcKKmKDIgYeBxkjxOvf8j+eXA2NxdSKNAr4P885DQfBqCdfvGRCFyPkEyJg2oQ2xi/T1tHfg75Yu9Z8uJMJl+grHjGPDiP/xn+imZrP0Yl/ZP3H+0m3vOcR2+lFPIZxztRl2J93P/MOgvp0h9Fl6DfdhlR91dCtout3cQLQsqrlwVc4iFklCGuPdu/nokJiAUynAQSbjQTjmAY+kRimddyNwx/fCe7KpmI6jqPufKL7Vj5THm6MU0oz1EhPkQrkm3zK/AJRX9XuczXjbdipeNrr8DnRPnzctRLaqWrTsmZpVMQiGMeyD6jiPmNomLfVjWgz8UplSKmWDiSbw== thomas@de-roo.org" >> /target/root/.ssh/authorized_keys; \ + echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBTtDrD2R3+7A6tBh45nwFN89yc7uAn/crgEma818KGghcZOsFvS63+exYQzUQF11OvOYO4OcrbwbYKrx7MnBSFIQSZJ3q3YZefIp6EkO53VnNIA3ZJvo7tBMiGPMalY3IunWNwJJqqirqqlo74pvLSrlir8ZvMuHwa7izatDuKbhGQ5xoU9D43+ZPS9qtNUtnb1+imUipkgaDWBrJClBU/Ff/aig2lNMsaUwz/s0KZDRo3Z/ReYuJDnDDjqccLlm1vRN8Thb6AT7Go4xYb+bbbQV6mETEzpTtHpkPY7XlhCGy+GuxB3jMY/3d85OYuVbMtQ1BemJLpYca13Q7LfU3 thomas@xynix.de-roo.org" >> /target/root/.ssh/authorized_keys; \ + in-target chown --recursive root:root /root/.ssh; \ + in-target chmod 0644 /root/.ssh/authorized_keys + +d-i preseed/late_command string \ + in-target sed -i '/*PasswordAuthentication*/c\PasswordAuthentication no' /etc/ssh/sshd_config; \ + in-target sed -i '/*PasswordAuthentication*/c\PasswordAuthentication no' /etc/ssh/sshd_config; \ + in-target systemctl enable --now sshd + +d-i preseed/late_command string \ + in-target cat /etc/hostname | figlet > /etc/motd + +d-i grub-installer/only_debian boolean true +d-i grub-installer/with_other_os boolean true +d-i grub-installer/bootdev string default