|
## /var/lib/tftpboot/d-i/buster/preseed.cfg
|
|
##
|
|
#### Preconfiguration file
|
|
##
|
|
## The following preseeding might be used to install a basic system
|
|
## completely automatically.
|
|
##
|
|
## A user 'ansible' is set up and ssh login with public key
|
|
## authentication is configured. The idea is to allow further
|
|
## customization of the system after installation using ansible.
|
|
##
|
|
## Modify at least the public ssh key in 'authorized_keys' (see
|
|
## below).
|
|
##
|
|
## Remark: Check local data-protection laws before using ansible!
|
|
## The user 'ansible' could connect to the pupils laptop anytime.
|
|
##
|
|
## For more examples and comments consult:
|
|
## https://www.debian.org/releases/stable/example-preseed.txt
|
|
##
|
|
|
|
## To change default values:
|
|
#d-i foo/bar seen false
|
|
#d-i foo/bar string value
|
|
|
|
## Useful boot parameters:
|
|
# DEBCONF_DEBUG=5
|
|
# locale?=de_DE
|
|
|
|
# Preseeding only locale sets language, country and locale:
|
|
d-i debian-installer/locale string de_DE
|
|
d-i keyboard-configuration/xkb-keymap select de
|
|
|
|
## Use hostname assigned by DHCP:
|
|
d-i netcfg/get_hostname string unassigned-hostname
|
|
d-i netcfg/get_domain string unassigned-domain
|
|
|
|
## Skip root account:
|
|
d-i passwd/root-login boolean false
|
|
|
|
### Apt setup
|
|
d-i apt-setup/non-free boolean true
|
|
d-i apt-setup/contrib boolean true
|
|
|
|
d-i mirror/country string manual
|
|
d-i mirror/http/hostname string deb.debian.org
|
|
d-i mirror/http/directory string /debian
|
|
d-i mirror/http/proxy string http://192.168.0.10:3142/
|
|
|
|
### Backports and stuff:
|
|
apt-setup-udeb apt-setup/services-select multiselect security, contrib, non-free, updates, backports
|
|
|
|
### Local User
|
|
d-i passwd/user-fullname string KvFG
|
|
d-i passwd/username string kvfg
|
|
d-i passwd/user-password password kvfg
|
|
d-i passwd/user-password-again password kvfg
|
|
#d-i passwd/user-password-crypted password [crypt(3) hash]
|
|
|
|
### Local User
|
|
#d-i passwd/user-fullname string Local User
|
|
#d-i passwd/username string muster
|
|
#d-i passwd/user-password password insecure
|
|
#d-i passwd/user-password-again password insecure
|
|
#
|
|
### Use the first SCSI/SATA hard disk:
|
|
#d-i partman-auto/disk string /dev/vda
|
|
d-i partman-auto/disk string /dev/sda
|
|
d-i partman-auto/method string regular
|
|
d-i partman-auto/choose_recipe select home
|
|
# This makes partman automatically partition without confirmation:
|
|
d-i partman-partitioning/confirm_write_new_label boolean true
|
|
d-i partman/choose_partition select finish
|
|
d-i partman/confirm boolean true
|
|
d-i partman/confirm_nooverwrite boolean true
|
|
|
|
### Package selection
|
|
#tasksel tasksel/first multiselect standard, ssh-server, gnome-desktop, print-server
|
|
tasksel tasksel/first multiselect standard, ssh-server, xfce-desktop
|
|
|
|
### Individual additional packages to install
|
|
#d-i pkgsel/include string firmware-linux ansible git
|
|
# d-i pkgsel/include string firmware-linux ansible/stretch-backports
|
|
d-i pkgsel/include string firmware-linux xfce4-goodies mlocate arandr papirus-icon-theme arc-theme firmware-realtek xfce4-* libreoffice-style-breeze libreoffice-style-sifr gimp gimp-gmic gimp-dcraw gimp-gap nextcloud-desktop vlc vlc-plugin-access-extra cheese gwenview okular breeze-icon-theme kate libreoffice-help-de libreoffice-l10n-de libreoffice-pdfimport gnome-software simple-scan xserver-xorg-input-synaptics etckeeper git vim zenity cifs-utils
|
|
|
|
### GRUB on default disk:
|
|
d-i grub-installer/bootdev string default
|
|
|
|
### This command is run just before the install finishes:
|
|
# d-i preseed/late_command string rm /target/etc/apt/apt.conf
|
|
|
|
# Make a beautiful home dir for our users and enable WPA2 config WLAN
|
|
# You should rework this part for your institution
|
|
|
|
d-i preseed/late_command string tftp -g -r /d-i/buster/skel.tar 192.168.0.10 && \
|
|
cp skel.tar /target && \
|
|
in-target rm /etc/apt/apt.conf && \
|
|
in-target tar xf /skel.tar -C /home/kvfg/ --strip 1 && \
|
|
in-target mv /home/kvfg/connect2kvfgwlan.sh /opt/ && \
|
|
in-target mv /home/kvfg/kvfg.service /etc/systemd/system/ && \
|
|
in-target mv /home/kvfg/kvfgshutdown.sh /opt/ && \
|
|
in-target chown root:root /opt/connect2kvfgwlan.sh /opt/kvfgshutdown.sh /etc/systemd/system/kvfg.service && \
|
|
in-target chmod +x /opt/connect2kvfgwlan.sh /opt/kvfgshutdown.sh /etc/systemd/system/kvfg.service && \
|
|
in-target ln -s /etc/systemd/system/kvfg.service /etc/systemd/system/multi-user.target.wants/kvfg.service && \
|
|
in-target chown -R kvfg:kvfg /home/kvfg/
|
|
|
|
## ANSIBLE
|
|
# The ansible part should not be active in this setup for EU countries.
|
|
# It would allow the school's admin to connect to the pupil's laptop
|
|
# anytime via SSH which could be considered a breach of data-protection laws.
|
|
# Make sure you check local rules before activation.
|
|
|
|
#d-i preseed/late_command string \
|
|
# mkdir -p /target/home/ansible/.ssh && \
|
|
# echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6tlRPOPBdxAJKLCNH+7S3fHhxzu64HViJQDFZbbI+Mbd+wwx6fe7ba1XZ8TXcFGmipHBYiOVaGMXIeJvGsEK3P1ULXNcNygrXl6HzjKDyL+iX3e7plsOQRHFoNfaGSjFtY5cRFeE4pGG7c1Q6EZqzxt1VZX94zhQBGNi8YxSGz4vp+MRH/OaJBvxPKQuBt0jQR/S1v5B8inDk+qty7/0wqnAQLbwvRchJqd7WpOGpk+8bgw+N4r5wA5kwM+QA52VNai5dVgrTzmJXKPRPpQrlvBzp38NW54S6Z894iR+5Hs9TWUWltPZZBYrQhiKWA8bvBieSLEP3yttchxZhh1yh ansible@installbox" >> /target/home/ansible/.ssh/authorized_keys ; \
|
|
# in-target chown -R ansible:ansible /home/ansible/.ssh/ ; \
|
|
# in-target chmod -R og= /home/ansible/.ssh/
|
|
# in-target chmod -R og= /home/ansible/.ssh/ ; \
|
|
# in-target ansible-pull --verbose --purge --extra-vars="run_in_installer=true" --url=git://installbox/.git
|
|
#
|
|
## When installing in combination with ansible-pull,
|
|
## export your ansible playbook like:
|
|
##
|
|
## git daemon --verbose --export-all \
|
|
## --base-path=/dir/of/playbook -- /dir/of/playbook
|
|
##
|
|
## Conditions may be applied in the playbook like:
|
|
## when: run_in_installer|default(false)|bool
|
|
## when: not run_in_installer|default(false)|bool
|
|
|
|
### Avoid that last message about the install being complete.
|
|
d-i finish-install/reboot_in_progress note
|