it-team/lmn-client
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
lmn-client/misc/preseed.cfg
Raphael Dannecker 0406669109 Add vaultpw to debian installer preseeding
2025-04-08 11:19:19 +02:00

149 lines
5.5 KiB
INI
Raw Permalink Blame History

#### Preconfiguration file
##
## The following preseeding might be used to install a basic system
## completely automatically.
##
## A user 'ansible' is set up and ssh login with public key
## authentication is configured. The idea is to allow further
## customization of the system after installation using ansible.
##
## Modify at least the public ssh key in 'authorized_keys' (see
## below).
##
## For more examples and comments consult:
## https://www.debian.org/releases/stable/example-preseed.txt
##
## To change default values:
#d-i foo/bar seen false
#d-i foo/bar string value
## Useful boot parameters:
## DEBCONF_DEBUG=5
## locale?=de_DE
## To set the hostname manually during installation, use priority=high
## as boot parameter and uncomment this line:
d-i debconf/priority string critical
## Preseeding only locale sets language, country and locale:
d-i debian-installer/locale string de_DE
d-i keyboard-configuration/xkb-keymap select de
## Use hostname assigned by DHCP:
d-i netcfg/get_hostname string unassigned-hostname
d-i netcfg/get_domain string unassigned-domain
## Skip root account:
d-i passwd/root-login boolean false
# If non-free firmware is needed for the network or other hardware, you can
# configure the installer to always try to load it, without prompting. Or
# change to false to disable asking.
#d-i hw-detect/load_firmware boolean true
### Apt setup
d-i apt-setup/non-free-firmware boolean true
d-i apt-setup/non-free boolean true
d-i apt-setup/contrib boolean true
d-i mirror/country string manual
d-i mirror/http/hostname string deb.debian.org
d-i mirror/http/directory string /debian
#d-i mirror/http/proxy string http://aptcache.pn.steinbeis.schule:3142/
d-i mirror/http/proxy string
# NTP server to use:
#d-i clock-setup/ntp-server string server.pn.steinbeis.schule
### Backports:
#apt-setup-udeb apt-setup/services-select multiselect security, updates, backports
apt-setup-udeb apt-setup/services-select multiselect security, updates
### Ansible User
d-i passwd/user-fullname string Ansible User
d-i passwd/username string ansible
d-i passwd/user-password password insecure
d-i passwd/user-password-again password insecure
#d-i passwd/user-password-crypted password [crypt(3) hash]
### Do not ask about support for non-efi systems:
d-i partman-efi/non_efi_system boolean true
### Leave this empty to use the only available hard drive:
d-i partman-auto/disk string
#d-i partman-auto/disk string /dev/sdd
#d-i partman-auto/disk string /dev/vda
### Regular partitions:
d-i partman-auto/method string regular
d-i partman-auto/choose_recipe select atomic
## This makes partman automatically partition without confirmation:
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
# ### Enable to set up LVM:
# d-i partman-auto/method string lvm
# ## Use only 50% of the available physical volume size and then
# ## adjust the logical volume sizes later with ansible, if needed:
# d-i partman-auto-lvm/guided_size PERCENT 50%
# # If one of the disks that are going to be automatically partitioned
# # contains an old LVM configuration, the user will normally receive a
# # warning. This can be preseeded away...
# d-i partman-lvm/device_remove_lvm boolean true
# # The same applies to pre-existing software RAID array:
# d-i partman-md/device_remove_md boolean true
# # And the same goes for the confirmation to write the lvm partitions.
# d-i partman-lvm/confirm boolean true
# d-i partman-lvm/confirm_nooverwrite boolean true
# # You can choose one of the three predefined partitioning recipes:
# # - atomic: all files in one partition
# # - home: separate /home partition
# # - multi: separate /home, /var, and /tmp partitions
# d-i partman-auto/choose_recipe select multi
# Enable popcon:
popularity-contest popularity-contest/participate boolean true
### Package selection
#tasksel tasksel/first multiselect standard, ssh-server, gnome-desktop, print-server
tasksel tasksel/first multiselect standard, ssh-server, kde-desktop
### Individual additional packages to install
#d-i pkgsel/include string firmware-linux ansible git
d-i pkgsel/include string ansible git firmware-linux
#d-i pkgsel/include string firmware-linux ansible/buster-backports git
#d-i pkgsel/include string firmware-linux
### GRUB on default disk:
d-i grub-installer/bootdev string default
### This command is run just before the install finishes:
d-i preseed/late_command string \
if [ -n "$playbook" ] ; then \
mkdir -v /target/dev/shm ; \
in-target mount -v -t tmpfs tmpfs /dev/shm ; \
echo "$vaultpw" > /target/dev/shm/vaultpw ; \
in-target ansible-pull --verbose --purge --extra-vars="run_in_installer=true" \
--vault-password-file /dev/shm/vaultpw -l localhost \
-i inventory-sample.yml --url=https://codeberg.org/DigitalSouveraeneSchule/lmn-client.git -C main $playbook ; \
fi
#
## When installing in combination with ansible-pull,
## export your ansible playbook like:
##
## git daemon --verbose --export-all \
## --base-path=/dir/of/playbook -- /dir/of/playbook
##
## Conditions may be applied in the playbook like:
## when: run_in_installer|default(false)|bool
## when: not run_in_installer|default(false)|bool
### Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note
## Do not modify boot order (netboot first):
grub-efi-amd64 grub2/update_nvram boolean false
##grub-efi-amd64 grub2/force_efi_extra_removable boolean true
Reference in a new issue View git blame Copy permalink