Ein auf netboot-assistant basierendes System für die Verteilung von Debian auf "unsere Corona Laptops"
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 

133 lines
5.8 KiB

  1. ## /var/lib/tftpboot/d-i/buster/preseed.cfg
  2. ##
  3. #### Preconfiguration file
  4. ##
  5. ## The following preseeding might be used to install a basic system
  6. ## completely automatically.
  7. ##
  8. ## A user 'ansible' is set up and ssh login with public key
  9. ## authentication is configured. The idea is to allow further
  10. ## customization of the system after installation using ansible.
  11. ##
  12. ## Modify at least the public ssh key in 'authorized_keys' (see
  13. ## below).
  14. ##
  15. ## Remark: Check local data-protection laws before using ansible!
  16. ## The user 'ansible' could connect to the pupils laptop anytime.
  17. ##
  18. ## For more examples and comments consult:
  19. ## https://www.debian.org/releases/stable/example-preseed.txt
  20. ##
  21. ## To change default values:
  22. #d-i foo/bar seen false
  23. #d-i foo/bar string value
  24. ## Useful boot parameters:
  25. # DEBCONF_DEBUG=5
  26. # locale?=de_DE
  27. # Preseeding only locale sets language, country and locale:
  28. d-i debian-installer/locale string de_DE
  29. d-i keyboard-configuration/xkb-keymap select de
  30. ## Use hostname assigned by DHCP:
  31. d-i netcfg/get_hostname string unassigned-hostname
  32. d-i netcfg/get_domain string unassigned-domain
  33. ## Skip root account:
  34. d-i passwd/root-login boolean false
  35. ### Apt setup
  36. d-i apt-setup/non-free boolean true
  37. d-i apt-setup/contrib boolean true
  38. d-i mirror/country string manual
  39. d-i mirror/http/hostname string deb.debian.org
  40. d-i mirror/http/directory string /debian
  41. d-i mirror/http/proxy string http://192.168.0.10:3142/
  42. ### Backports and stuff:
  43. apt-setup-udeb apt-setup/services-select multiselect security, contrib, non-free, updates, backports
  44. ### Local User
  45. d-i passwd/user-fullname string KvFG
  46. d-i passwd/username string kvfg
  47. d-i passwd/user-password password kvfg
  48. d-i passwd/user-password-again password kvfg
  49. #d-i passwd/user-password-crypted password [crypt(3) hash]
  50. ### Local User
  51. #d-i passwd/user-fullname string Local User
  52. #d-i passwd/username string muster
  53. #d-i passwd/user-password password insecure
  54. #d-i passwd/user-password-again password insecure
  55. #
  56. ### Use the first SCSI/SATA hard disk:
  57. #d-i partman-auto/disk string /dev/vda
  58. d-i partman-auto/disk string /dev/sda
  59. d-i partman-auto/method string regular
  60. d-i partman-auto/choose_recipe select home
  61. # This makes partman automatically partition without confirmation:
  62. d-i partman-partitioning/confirm_write_new_label boolean true
  63. d-i partman/choose_partition select finish
  64. d-i partman/confirm boolean true
  65. d-i partman/confirm_nooverwrite boolean true
  66. ### Package selection
  67. #tasksel tasksel/first multiselect standard, ssh-server, gnome-desktop, print-server
  68. tasksel tasksel/first multiselect standard, ssh-server, xfce-desktop
  69. ### Individual additional packages to install
  70. #d-i pkgsel/include string firmware-linux ansible git
  71. # d-i pkgsel/include string firmware-linux ansible/stretch-backports
  72. d-i pkgsel/include string firmware-linux xfce4-goodies mlocate arandr papirus-icon-theme arc-theme firmware-realtek xfce4-* libreoffice-style-breeze libreoffice-style-sifr gimp gimp-gmic gimp-dcraw gimp-gap nextcloud-desktop vlc vlc-plugin-access-extra cheese gwenview okular breeze-icon-theme kate libreoffice-help-de libreoffice-l10n-de libreoffice-pdfimport gnome-software simple-scan xserver-xorg-input-synaptics etckeeper git vim zenity cifs-utils
  73. ### GRUB on default disk:
  74. d-i grub-installer/bootdev string default
  75. ### This command is run just before the install finishes:
  76. # d-i preseed/late_command string rm /target/etc/apt/apt.conf
  77. # Make a beautiful home dir for our users and enable WPA2 config WLAN
  78. # You should rework this part for your institution
  79. d-i preseed/late_command string tftp -g -r /d-i/buster/skel.tar 192.168.0.10 && \
  80. cp skel.tar /target && \
  81. in-target rm /etc/apt/apt.conf && \
  82. in-target tar xf /skel.tar -C /home/kvfg/ --strip 1 && \
  83. in-target mv /home/kvfg/connect2kvfgwlan.sh /opt/ && \
  84. in-target mv /home/kvfg/kvfg.service /etc/systemd/system/ && \
  85. in-target mv /home/kvfg/kvfgshutdown.sh /opt/ && \
  86. in-target chown root:root /opt/connect2kvfgwlan.sh /opt/kvfgshutdown.sh /etc/systemd/system/kvfg.service && \
  87. in-target chmod +x /opt/connect2kvfgwlan.sh /opt/kvfgshutdown.sh /etc/systemd/system/kvfg.service && \
  88. in-target ln -s /etc/systemd/system/kvfg.service /etc/systemd/system/multi-user.target.wants/kvfg.service && \
  89. in-target chown -R kvfg:kvfg /home/kvfg/
  90. ## ANSIBLE
  91. # The ansible part should not be active in this setup for EU countries.
  92. # It would allow the school's admin to connect to the pupil's laptop
  93. # anytime via SSH which could be considered a breach of data-protection laws.
  94. # Make sure you check local rules before activation.
  95. #d-i preseed/late_command string \
  96. # mkdir -p /target/home/ansible/.ssh && \
  97. # echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6tlRPOPBdxAJKLCNH+7S3fHhxzu64HViJQDFZbbI+Mbd+wwx6fe7ba1XZ8TXcFGmipHBYiOVaGMXIeJvGsEK3P1ULXNcNygrXl6HzjKDyL+iX3e7plsOQRHFoNfaGSjFtY5cRFeE4pGG7c1Q6EZqzxt1VZX94zhQBGNi8YxSGz4vp+MRH/OaJBvxPKQuBt0jQR/S1v5B8inDk+qty7/0wqnAQLbwvRchJqd7WpOGpk+8bgw+N4r5wA5kwM+QA52VNai5dVgrTzmJXKPRPpQrlvBzp38NW54S6Z894iR+5Hs9TWUWltPZZBYrQhiKWA8bvBieSLEP3yttchxZhh1yh ansible@installbox" >> /target/home/ansible/.ssh/authorized_keys ; \
  98. # in-target chown -R ansible:ansible /home/ansible/.ssh/ ; \
  99. # in-target chmod -R og= /home/ansible/.ssh/
  100. # in-target chmod -R og= /home/ansible/.ssh/ ; \
  101. # in-target ansible-pull --verbose --purge --extra-vars="run_in_installer=true" --url=git://installbox/.git
  102. #
  103. ## When installing in combination with ansible-pull,
  104. ## export your ansible playbook like:
  105. ##
  106. ## git daemon --verbose --export-all \
  107. ## --base-path=/dir/of/playbook -- /dir/of/playbook
  108. ##
  109. ## Conditions may be applied in the playbook like:
  110. ## when: run_in_installer|default(false)|bool
  111. ## when: not run_in_installer|default(false)|bool
  112. ### Avoid that last message about the install being complete.
  113. d-i finish-install/reboot_in_progress note