-
Notifications
You must be signed in to change notification settings - Fork 1
/
custom.cfg
97 lines (82 loc) · 3.96 KB
/
custom.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
d-i debconf/priority string critical
d-i preseed/include string proxy.cfg
# use -proposed udebs
d-i apt-setup/proposed boolean false
# update and install packages
tasksel tasksel/first multiselect ubuntu-desktop
d-i pkgsel/update-policy select unattended-upgrades
d-i pkgsel/upgrade select full-upgrade
d-i pkgsel/include string firefox net-tools git ssh build-essential
# localization
d-i debian-installer/language string en
d-i debian-installer/country string GB
d-i debian-installer/locale string en_GB.UTF-8
# keyboard
d-i console-setup/ask_detect boolean false
d-i keyboard-configuration/modelcode string pc105
d-i keyboard-configuration/layoutcode string gb
d-i keyboard-configuration/xkb-keymap select gb
# use dhcp network configuration
d-i netcfg/choose_interface select auto
d-i netcfg/get_hostname string unassigned-hostname
d-i netcfg/get_domain string unassigned-domain
# user setup
d-i passwd/user-fullname string fcadmin
d-i passwd/username string fcadmin
# Generate pass using: mkpasswd -m sha-512 -S $(pwgen -ns 16 1) thepassword
d-i passwd/user-password-crypted password $6$ZKpAkSjlCz3YI1RW$z5PQa9Wq8yKjQMM.CJb6AqsjougylkBoEWAV51hbwTUpCsFWhFPRsz7x5eAHNe6F/8sGrVWOggR0qtmcVVok3.
d-i user-setup/encrypt-home boolean false
# enable shadow passwords
d-i passwd/shadow boolean true
# hw clock
d-i clock-setup/utc boolean true
# time zone
d-i time/zone string Europe/London
# release to install
d-i mirror/suite string bionic
# do not enable live installer, use normal instead
d-i live-installer/enable boolean false
# Full disk encryption loosely based on: https://www.linuxjournal.com/content/preseeding-full-disk-encryption
# It's unclear if partman/unmount_active works .. Hence the partman/early_command to unmount
# usb stick below. Otherwise install will stop and ask to unmount the partition before continuing.
# d-i partman/filter_mounted boolean true
# d-i partman/unmount_active boolean true
d-i partman/early_command string \
for mp in $(mount | grep "^/dev/sda[0-9]*" | cut -d" " -f1); do umount ${mp}; done
d-i partman-auto/method string crypto
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-lvm/confirm boolean true
d-i partman-auto-lvm/guided_size string max
d-i partman-auto-lvm/new_vg_name string crypt
d-i partman-auto/disk string /dev/nvme0n1
d-i partman-auto/choose_recipe select root-encrypted
d-i partman-auto/expert_recipe string \
root-encrypted :: \
1000 1000 1000 free \
method{ efi } \
format{ } \
. \
1000 1000 1000 ext3 \
$primary{ } $bootable{ } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /boot } \
. \
500 10000 1000000000 ext4 \
$lvmok{ } lv_name{ root } \
in_vg { crypt } \
$primary{ } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ / } \
.
d-i partman-md/device_remove_md boolean true
d-i partman-basicfilesystems/no_mount_point boolean false
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
d-i partman-crypto/passphrase password changeme123
d-i partman-crypto/passphrase-again password changeme123
# reboot at the end
d-i finish-install/reboot_in_progress note