mirror of
https://github.com/BluemediaDev/homelab.git
synced 2025-01-18 23:58:56 +01:00
91 lines
4.7 KiB
Django/Jinja
91 lines
4.7 KiB
Django/Jinja
#_preseed_V1
|
|
# For documentation see: https://www.debian.org/releases/stable/example-preseed.txt
|
|
|
|
# Set default locale and keyboard layout
|
|
d-i debian-installer/locale string {{ locale | default('en_US.UTF-8') }}
|
|
d-i keyboard-configuration/xkb-keymap select {{ keyboard_layout | default('de') }}
|
|
|
|
# Set network interface used by default
|
|
d-i netcfg/choose_interface select auto
|
|
|
|
# Work around the problem that the network configuration is not applied, because the preseed file is loaded after it already completed. So we just run the network configuration again! :D
|
|
d-i preseed/early_command string kill-all-dhcp; netcfg
|
|
|
|
# Static network config
|
|
d-i netcfg/disable_autoconfig boolean true
|
|
d-i netcfg/dhcp_failed note
|
|
d-i netcfg/dhcp_options select Configure network manually
|
|
|
|
d-i netcfg/get_ipaddress string {{ hostvars[item]['ansible_host'] }}
|
|
d-i netcfg/get_netmask string {{ netmask }}
|
|
d-i netcfg/get_gateway string {{ gateway }}
|
|
d-i netcfg/get_nameservers string {{ nameserver }}
|
|
d-i netcfg/confirm_static boolean true
|
|
|
|
# These values will be overwritten if set by dhcp, but the entries will get rid of the correscponding questions
|
|
d-i netcfg/get_hostname string {{ hostvars[item]['inventory_hostname'] | default('unassigned-hostname') }}
|
|
d-i netcfg/get_domain string {{ domain | default('unassigned-domain') }}
|
|
|
|
# Force hostname regarding of value set by dhcp
|
|
d-i netcfg/hostname string {{ hostvars[item]['inventory_hostname'] | default('unassigned-hostname') }}
|
|
|
|
# Load non-free firmware for hardware by default
|
|
d-i hw-detect/load_firmware boolean true
|
|
|
|
# Setup package mirrror
|
|
d-i mirror/protocol string {{ mirror_proto | default('http') }}
|
|
d-i mirror/country string manual
|
|
d-i mirror/http/hostname string {{ mirror | default('deb.debian.org') }}
|
|
d-i mirror/http/directory string {{ mirror_dir | default('/debian') }}
|
|
d-i mirror/http/proxy string {{ mirror_proxy | default('') }}
|
|
|
|
# Disable root user - normal user (see below) will have sudo permissions
|
|
d-i passwd/root-login boolean false
|
|
|
|
# Create new user
|
|
d-i passwd/user-fullname string {{ user_fullname | default('Debian User') }}
|
|
d-i passwd/username string {{ ansible_user | default('debian') }}
|
|
d-i passwd/user-password password {{ ansible_become_password | default('insecure') }}
|
|
d-i passwd/user-password-again password {{ ansible_become_password | default('insecure') }}
|
|
|
|
# Setup timezone and NTP server
|
|
d-i clock-setup/utc boolean true
|
|
d-i time/zone string {{ timezone | default('UTC') }}
|
|
d-i clock-setup/ntp-server string {{ ntp_server | default('de.pool.ntp.org') }}
|
|
|
|
# Autoformat disk
|
|
d-i partman-auto/disk string {{ hostvars[item]['disk'] | default('/dev/sda') }}
|
|
d-i partman-auto/method string regular
|
|
d-i partman-auto/choose_recipe select atomic
|
|
d-i partman-partitioning/confirm_write_new_label boolean true
|
|
d-i partman/choose_partition select finish
|
|
d-i partman/confirm boolean true
|
|
d-i partman/confirm_nooverwrite boolean true
|
|
|
|
# Remove install cd sources from /etc/sources.list
|
|
d-i apt-setup/cdrom/set-first boolean false
|
|
d-i apt-setup/disable-cdrom-entries boolean true
|
|
|
|
# Install openssh-server and basic system tools
|
|
tasksel tasksel/first multiselect standard, ssh-server
|
|
d-i pkgsel/upgrade select safe-upgrade
|
|
|
|
# Disable package reporting
|
|
popularity-contest popularity-contest/participate boolean false
|
|
|
|
# Install grub to specified device
|
|
d-i grub-installer/only_debian boolean true
|
|
d-i grub-installer/bootdev string {{ hostvars[item]['disk'] | default('/dev/sda') }}
|
|
|
|
# Configure openssh-server. Include public key, disable root login and passord based login.
|
|
d-i preseed/late_command string in-target mkdir -p /home/{{ ansible_user | default('debian') }}/.ssh/ ; \
|
|
in-target /bin/sh -c 'echo "{{ ssh_public_key }}" >> /home/{{ ansible_user | default('debian') }}/.ssh/authorized_keys' ; \
|
|
in-target chmod -R 700 /home/{{ ansible_user | default('debian') }}/.ssh/ ; \
|
|
in-target chown -R {{ ansible_user | default('debian') }}:{{ ansible_user | default('debian') }} /home/{{ ansible_user | default('debian') }}/.ssh/ ; \
|
|
in-target grep -q '^PermitRootLogin ' /etc/ssh/sshd_config || in-target sh -c 'echo "PermitRootLogin no" >> /etc/ssh/sshd_config' ; \
|
|
in-target sed 's/^PermitRootLogin .*/PermitRootLogin no/' -i /etc/ssh/sshd_config ; \
|
|
in-target grep -q '^PasswordAuthentication ' /etc/ssh/sshd_config || in-target sh -c 'echo "PasswordAuthentication no" >> /etc/ssh/sshd_config' ; \
|
|
in-target sed 's/^PasswordAuthentication .*/PasswordAuthentication no/' -i /etc/ssh/sshd_config
|
|
|
|
# Reboot to installed system without confirmation
|
|
d-i finish-install/reboot_in_progress note |