dowel
/
installbox
1
1
Fork 1
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Ein auf netboot-assistant basierendes System für die Verteilung von Debian auf "unsere Corona Laptops"
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
57 Commits
1 Branch
127 KiB
 
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
installbox/preseed.cfg

132 lines
5.8 KiB
Raw Permalink Blame History

## /var/lib/tftpboot/d-i/buster/preseed.cfg
##
#### Preconfiguration file
##
## The following preseeding might be used to install a basic system
## completely automatically.
##
## A user 'ansible' is set up and ssh login with public key
## authentication is configured. The idea is to allow further
## customization of the system after installation using ansible.
##
## Modify at least the public ssh key in 'authorized_keys' (see
## below).
##
## Remark: Check local data-protection laws before using ansible!
## The user 'ansible' could connect to the pupils laptop anytime.
##
## For more examples and comments consult:
## https://www.debian.org/releases/stable/example-preseed.txt
##
## To change default values:
#d-i foo/bar seen false
#d-i foo/bar string value
## Useful boot parameters:
# DEBCONF_DEBUG=5
# locale?=de_DE
# Preseeding only locale sets language, country and locale:
d-i debian-installer/locale string de_DE
d-i keyboard-configuration/xkb-keymap select de
## Use hostname assigned by DHCP:
d-i netcfg/get_hostname string unassigned-hostname
d-i netcfg/get_domain string unassigned-domain
## Skip root account:
d-i passwd/root-login boolean false
### Apt setup
d-i apt-setup/non-free boolean true
d-i apt-setup/contrib boolean true
d-i mirror/country string manual
d-i mirror/http/hostname string deb.debian.org
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string http://192.168.0.10:3142/
### Backports and stuff:
apt-setup-udeb apt-setup/services-select multiselect security, contrib, non-free, updates, backports
### Local User
d-i passwd/user-fullname string KvFG
d-i passwd/username string kvfg
d-i passwd/user-password password kvfg
d-i passwd/user-password-again password kvfg
#d-i passwd/user-password-crypted password [crypt(3) hash]
### Local User
#d-i passwd/user-fullname string Local User
#d-i passwd/username string muster
#d-i passwd/user-password password insecure
#d-i passwd/user-password-again password insecure
#
### Use the first SCSI/SATA hard disk:
#d-i partman-auto/disk string /dev/vda
d-i partman-auto/disk string /dev/sda
d-i partman-auto/method string regular
d-i partman-auto/choose_recipe select home
# This makes partman automatically partition without confirmation:
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
### Package selection
#tasksel tasksel/first multiselect standard, ssh-server, gnome-desktop, print-server
tasksel tasksel/first multiselect standard, ssh-server, xfce-desktop
### Individual additional packages to install
#d-i pkgsel/include string firmware-linux ansible git
# d-i pkgsel/include string firmware-linux ansible/stretch-backports
d-i pkgsel/include string firmware-linux xfce4-goodies mlocate arandr papirus-icon-theme arc-theme firmware-realtek xfce4-* libreoffice-style-breeze libreoffice-style-sifr gimp gimp-gmic gimp-dcraw gimp-gap nextcloud-desktop vlc vlc-plugin-access-extra cheese gwenview okular breeze-icon-theme kate libreoffice-help-de libreoffice-l10n-de libreoffice-pdfimport gnome-software simple-scan xserver-xorg-input-synaptics etckeeper git vim zenity cifs-utils
### GRUB on default disk:
d-i grub-installer/bootdev string default
### This command is run just before the install finishes:
# d-i preseed/late_command string rm /target/etc/apt/apt.conf
# Make a beautiful home dir for our users and enable WPA2 config WLAN
# You should rework this part for your institution
d-i preseed/late_command string tftp -g -r /d-i/buster/skel.tar 192.168.0.10 && \
cp skel.tar /target && \
in-target rm /etc/apt/apt.conf && \
in-target tar xf /skel.tar -C /home/kvfg/ --strip 1 && \
in-target mv /home/kvfg/connect2kvfgwlan.sh /opt/ && \
in-target mv /home/kvfg/kvfg.service /etc/systemd/system/ && \
in-target mv /home/kvfg/kvfgshutdown.sh /opt/ && \
in-target chown root:root /opt/connect2kvfgwlan.sh /opt/kvfgshutdown.sh /etc/systemd/system/kvfg.service && \
in-target chmod +x /opt/connect2kvfgwlan.sh /opt/kvfgshutdown.sh /etc/systemd/system/kvfg.service && \
in-target ln -s /etc/systemd/system/kvfg.service /etc/systemd/system/multi-user.target.wants/kvfg.service && \
in-target chown -R kvfg:kvfg /home/kvfg/
## ANSIBLE
# The ansible part should not be active in this setup for EU countries.
# It would allow the school's admin to connect to the pupil's laptop
# anytime via SSH which could be considered a breach of data-protection laws.
# Make sure you check local rules before activation.
#d-i preseed/late_command string \
# mkdir -p /target/home/ansible/.ssh && \
# echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6tlRPOPBdxAJKLCNH+7S3fHhxzu64HViJQDFZbbI+Mbd+wwx6fe7ba1XZ8TXcFGmipHBYiOVaGMXIeJvGsEK3P1ULXNcNygrXl6HzjKDyL+iX3e7plsOQRHFoNfaGSjFtY5cRFeE4pGG7c1Q6EZqzxt1VZX94zhQBGNi8YxSGz4vp+MRH/OaJBvxPKQuBt0jQR/S1v5B8inDk+qty7/0wqnAQLbwvRchJqd7WpOGpk+8bgw+N4r5wA5kwM+QA52VNai5dVgrTzmJXKPRPpQrlvBzp38NW54S6Z894iR+5Hs9TWUWltPZZBYrQhiKWA8bvBieSLEP3yttchxZhh1yh ansible@installbox" >> /target/home/ansible/.ssh/authorized_keys ; \
# in-target chown -R ansible:ansible /home/ansible/.ssh/ ; \
# in-target chmod -R og= /home/ansible/.ssh/
# in-target chmod -R og= /home/ansible/.ssh/ ; \
# in-target ansible-pull --verbose --purge --extra-vars="run_in_installer=true" --url=git://installbox/.git
#
## When installing in combination with ansible-pull,
## export your ansible playbook like:
##
## git daemon --verbose --export-all \
## --base-path=/dir/of/playbook -- /dir/of/playbook
##
## Conditions may be applied in the playbook like:
## when: run_in_installer|default(false)|bool
## when: not run_in_installer|default(false)|bool
### Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note