installbox/preseed.cfg

## /var/lib/tftpboot/d-i/buster/preseed.cfg
##
#### Preconfiguration file
##
##  The following preseeding might be used to install a basic system
##  completely automatically.
##
##  A user 'ansible' is set up and ssh login with public key
##  authentication is configured.  The idea is to allow further
##  customization of the system after installation using ansible.
##
##  Modify at least the public ssh key in 'authorized_keys' (see
##  below).
##
##  Remark: Check local data-protection laws before using ansible!
##  The user 'ansible' could connect to the pupils laptop anytime.  
##
##  For more examples and comments consult:
##    https://www.debian.org/releases/stable/example-preseed.txt
##

## To change default values:
#d-i foo/bar seen false
#d-i foo/bar string value

## Useful boot parameters:
# DEBCONF_DEBUG=5
# locale?=de_DE

# Preseeding only locale sets language, country and locale:
d-i debian-installer/locale string de_DE
d-i keyboard-configuration/xkb-keymap select de

## Use hostname assigned by DHCP:
d-i netcfg/get_hostname string unassigned-hostname
d-i netcfg/get_domain string unassigned-domain

## Skip root account:
d-i passwd/root-login boolean false

### Apt setup
d-i apt-setup/non-free boolean true
d-i apt-setup/contrib boolean true

d-i mirror/country string manual
d-i mirror/http/hostname string deb.debian.org
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string http://192.168.0.10:3142/

### Backports and stuff:
apt-setup-udeb apt-setup/services-select multiselect security, contrib, non-free, updates, backports

### Local User
d-i passwd/user-fullname string KvFG 
d-i passwd/username string kvfg
d-i passwd/user-password password kvfg
d-i passwd/user-password-again password kvfg
#d-i passwd/user-password-crypted password [crypt(3) hash]

### Local User
#d-i passwd/user-fullname string Local User
#d-i passwd/username string muster
#d-i passwd/user-password password insecure
#d-i passwd/user-password-again password insecure
#
### Use the first SCSI/SATA hard disk:
#d-i partman-auto/disk string /dev/vda
d-i partman-auto/disk string /dev/sda
d-i partman-auto/method string regular
d-i partman-auto/choose_recipe select home
# This makes partman automatically partition without confirmation: 
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true

### Package selection
#tasksel tasksel/first multiselect standard, ssh-server, gnome-desktop, print-server
tasksel tasksel/first multiselect standard, ssh-server, xfce-desktop

### Individual additional packages to install
#d-i pkgsel/include string firmware-linux ansible git
# d-i pkgsel/include string firmware-linux ansible/stretch-backports  
d-i pkgsel/include string firmware-linux xfce4-goodies mlocate arandr papirus-icon-theme arc-theme firmware-realtek xfce4-* libreoffice-style-breeze libreoffice-style-sifr gimp gimp-gmic gimp-dcraw gimp-gap nextcloud-desktop vlc vlc-plugin-access-extra cheese gwenview okular breeze-icon-theme kate libreoffice-help-de libreoffice-l10n-de libreoffice-pdfimport gnome-software simple-scan xserver-xorg-input-synaptics etckeeper git vim zenity cifs-utils

### GRUB on default disk:
d-i grub-installer/bootdev string default

### This command is run just before the install finishes:
# d-i preseed/late_command string rm /target/etc/apt/apt.conf 

# Make a beautiful home dir for our users and enable WPA2 config WLAN
# You should rework this part for your institution

d-i preseed/late_command string tftp -g -r /d-i/buster/skel.tar 192.168.0.10 && \
        cp skel.tar /target && \
        in-target rm /etc/apt/apt.conf && \
        in-target tar xf /skel.tar -C /home/kvfg/ --strip 1 && \
        in-target mv /home/kvfg/connect2kvfgwlan.sh /opt/ && \
        in-target mv /home/kvfg/kvfg.service /etc/systemd/system/ && \
        in-target mv /home/kvfg/kvfgshutdown.sh /opt/ && \
        in-target chown root:root /opt/connect2kvfgwlan.sh /opt/kvfgshutdown.sh /etc/systemd/system/kvfg.service && \
        in-target chmod +x /opt/connect2kvfgwlan.sh /opt/kvfgshutdown.sh /etc/systemd/system/kvfg.service && \
        in-target ln -s /etc/systemd/system/kvfg.service /etc/systemd/system/multi-user.target.wants/kvfg.service && \
        in-target chown -R kvfg:kvfg /home/kvfg/

## ANSIBLE
# The ansible part should not be active in this setup for EU countries.
# It would allow the school's admin to connect to the pupil's laptop 
# anytime via SSH which could be considered a breach of data-protection laws.
# Make sure you check local rules before activation.

#d-i preseed/late_command string \
#      mkdir -p /target/home/ansible/.ssh && \
#      echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6tlRPOPBdxAJKLCNH+7S3fHhxzu64HViJQDFZbbI+Mbd+wwx6fe7ba1XZ8TXcFGmipHBYiOVaGMXIeJvGsEK3P1ULXNcNygrXl6HzjKDyL+iX3e7plsOQRHFoNfaGSjFtY5cRFeE4pGG7c1Q6EZqzxt1VZX94zhQBGNi8YxSGz4vp+MRH/OaJBvxPKQuBt0jQR/S1v5B8inDk+qty7/0wqnAQLbwvRchJqd7WpOGpk+8bgw+N4r5wA5kwM+QA52VNai5dVgrTzmJXKPRPpQrlvBzp38NW54S6Z894iR+5Hs9TWUWltPZZBYrQhiKWA8bvBieSLEP3yttchxZhh1yh ansible@installbox" >> /target/home/ansible/.ssh/authorized_keys ; \
#      in-target chown -R ansible:ansible /home/ansible/.ssh/ ; \
#      in-target chmod -R og= /home/ansible/.ssh/
#     in-target chmod -R og= /home/ansible/.ssh/ ; \
#     in-target ansible-pull --verbose --purge --extra-vars="run_in_installer=true" --url=git://installbox/.git
#
## When installing in combination with ansible-pull,
## export your ansible playbook like:
##
##   git daemon --verbose --export-all \
##       --base-path=/dir/of/playbook -- /dir/of/playbook
##
## Conditions may be applied in the playbook like:
##    when: run_in_installer|default(false)|bool
##    when: not run_in_installer|default(false)|bool

### Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note