dowel
/
installbox
1
1
Fork 1
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Ein auf netboot-assistant basierendes System für die Verteilung von Debian auf "unsere Corona Laptops"
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
57 Commits
1 Branch
127 KiB
 
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
installbox/preseed.cfg

133 lines
5.8 KiB
Raw Permalink Blame History 

  1. ## /var/lib/tftpboot/d-i/buster/preseed.cfg

  2. ##

  3. #### Preconfiguration file

  4. ##

  5. ##  The following preseeding might be used to install a basic system

  6. ##  completely automatically.

  7. ##

  8. ##  A user 'ansible' is set up and ssh login with public key

  9. ##  authentication is configured.  The idea is to allow further

  10. ##  customization of the system after installation using ansible.

  11. ##

  12. ##  Modify at least the public ssh key in 'authorized_keys' (see

  13. ##  below).

  14. ##

  15. ##  Remark: Check local data-protection laws before using ansible!

  16. ##  The user 'ansible' could connect to the pupils laptop anytime.  

  17. ##

  18. ##  For more examples and comments consult:

  19. ##    https://www.debian.org/releases/stable/example-preseed.txt

  20. ##

  21. 

  22. ## To change default values:

  23. #d-i foo/bar seen false

  24. #d-i foo/bar string value

  25. 

  26. ## Useful boot parameters:

  27. # DEBCONF_DEBUG=5

  28. # locale?=de_DE

  29. 

  30. # Preseeding only locale sets language, country and locale:

  31. d-i debian-installer/locale string de_DE

  32. d-i keyboard-configuration/xkb-keymap select de

  33. 

  34. ## Use hostname assigned by DHCP:

  35. d-i netcfg/get_hostname string unassigned-hostname

  36. d-i netcfg/get_domain string unassigned-domain

  37. 

  38. ## Skip root account:

  39. d-i passwd/root-login boolean false

  40. 

  41. ### Apt setup

  42. d-i apt-setup/non-free boolean true

  43. d-i apt-setup/contrib boolean true

  44. 

  45. d-i mirror/country string manual

  46. d-i mirror/http/hostname string deb.debian.org

  47. d-i mirror/http/directory string /debian

  48. d-i mirror/http/proxy string http://192.168.0.10:3142/

  49. 

  50. ### Backports and stuff:

  51. apt-setup-udeb apt-setup/services-select multiselect security, contrib, non-free, updates, backports

  52. 

  53. ### Local User

  54. d-i passwd/user-fullname string KvFG 

  55. d-i passwd/username string kvfg

  56. d-i passwd/user-password password kvfg

  57. d-i passwd/user-password-again password kvfg

  58. #d-i passwd/user-password-crypted password [crypt(3) hash]

  59. 

  60. ### Local User

  61. #d-i passwd/user-fullname string Local User

  62. #d-i passwd/username string muster

  63. #d-i passwd/user-password password insecure

  64. #d-i passwd/user-password-again password insecure

  65. #

  66. ### Use the first SCSI/SATA hard disk:

  67. #d-i partman-auto/disk string /dev/vda

  68. d-i partman-auto/disk string /dev/sda

  69. d-i partman-auto/method string regular

  70. d-i partman-auto/choose_recipe select home

  71. # This makes partman automatically partition without confirmation: 

  72. d-i partman-partitioning/confirm_write_new_label boolean true

  73. d-i partman/choose_partition select finish

  74. d-i partman/confirm boolean true

  75. d-i partman/confirm_nooverwrite boolean true

  76. 

  77. ### Package selection

  78. #tasksel tasksel/first multiselect standard, ssh-server, gnome-desktop, print-server

  79. tasksel tasksel/first multiselect standard, ssh-server, xfce-desktop

  80. 

  81. ### Individual additional packages to install

  82. #d-i pkgsel/include string firmware-linux ansible git

  83. # d-i pkgsel/include string firmware-linux ansible/stretch-backports  

  84. d-i pkgsel/include string firmware-linux xfce4-goodies mlocate arandr papirus-icon-theme arc-theme firmware-realtek xfce4-* libreoffice-style-breeze libreoffice-style-sifr gimp gimp-gmic gimp-dcraw gimp-gap nextcloud-desktop vlc vlc-plugin-access-extra cheese gwenview okular breeze-icon-theme kate libreoffice-help-de libreoffice-l10n-de libreoffice-pdfimport gnome-software simple-scan xserver-xorg-input-synaptics etckeeper git vim zenity cifs-utils

  85. 

  86. ### GRUB on default disk:

  87. d-i grub-installer/bootdev string default

  88. 

  89. ### This command is run just before the install finishes:

  90. # d-i preseed/late_command string rm /target/etc/apt/apt.conf 

  91. 

  92. # Make a beautiful home dir for our users and enable WPA2 config WLAN

  93. # You should rework this part for your institution

  94. 

  95. d-i preseed/late_command string tftp -g -r /d-i/buster/skel.tar 192.168.0.10 && \

  96.         cp skel.tar /target && \

  97.         in-target rm /etc/apt/apt.conf && \

  98.         in-target tar xf /skel.tar -C /home/kvfg/ --strip 1 && \

  99.         in-target mv /home/kvfg/connect2kvfgwlan.sh /opt/ && \

  100.         in-target mv /home/kvfg/kvfg.service /etc/systemd/system/ && \

  101.         in-target mv /home/kvfg/kvfgshutdown.sh /opt/ && \

  102.         in-target chown root:root /opt/connect2kvfgwlan.sh /opt/kvfgshutdown.sh /etc/systemd/system/kvfg.service && \

  103.         in-target chmod +x /opt/connect2kvfgwlan.sh /opt/kvfgshutdown.sh /etc/systemd/system/kvfg.service && \

  104.         in-target ln -s /etc/systemd/system/kvfg.service /etc/systemd/system/multi-user.target.wants/kvfg.service && \

  105.         in-target chown -R kvfg:kvfg /home/kvfg/

  106. 

  107. ## ANSIBLE

  108. # The ansible part should not be active in this setup for EU countries.

  109. # It would allow the school's admin to connect to the pupil's laptop 

  110. # anytime via SSH which could be considered a breach of data-protection laws.

  111. # Make sure you check local rules before activation.

  112. 

  113. #d-i preseed/late_command string \

  114. #      mkdir -p /target/home/ansible/.ssh && \

  115. #      echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6tlRPOPBdxAJKLCNH+7S3fHhxzu64HViJQDFZbbI+Mbd+wwx6fe7ba1XZ8TXcFGmipHBYiOVaGMXIeJvGsEK3P1ULXNcNygrXl6HzjKDyL+iX3e7plsOQRHFoNfaGSjFtY5cRFeE4pGG7c1Q6EZqzxt1VZX94zhQBGNi8YxSGz4vp+MRH/OaJBvxPKQuBt0jQR/S1v5B8inDk+qty7/0wqnAQLbwvRchJqd7WpOGpk+8bgw+N4r5wA5kwM+QA52VNai5dVgrTzmJXKPRPpQrlvBzp38NW54S6Z894iR+5Hs9TWUWltPZZBYrQhiKWA8bvBieSLEP3yttchxZhh1yh ansible@installbox" >> /target/home/ansible/.ssh/authorized_keys ; \

  116. #      in-target chown -R ansible:ansible /home/ansible/.ssh/ ; \

  117. #      in-target chmod -R og= /home/ansible/.ssh/

  118. #     in-target chmod -R og= /home/ansible/.ssh/ ; \

  119. #     in-target ansible-pull --verbose --purge --extra-vars="run_in_installer=true" --url=git://installbox/.git

  120. #

  121. ## When installing in combination with ansible-pull,

  122. ## export your ansible playbook like:

  123. ##

  124. ##   git daemon --verbose --export-all \

  125. ##       --base-path=/dir/of/playbook -- /dir/of/playbook

  126. ##

  127. ## Conditions may be applied in the playbook like:

  128. ##    when: run_in_installer|default(false)|bool

  129. ##    when: not run_in_installer|default(false)|bool

  130. 

  131. ### Avoid that last message about the install being complete.

  132. d-i finish-install/reboot_in_progress note