blob: 736c7be5b62bf584f2b063901e24608712653367 [file] [log] [blame]
#_preseed_V1
# Basic Debian10 (buster) installer preseed file for Skolo machines. Assumes additional setup
# post-installation to reset the password for the chrome-bot user and overwrite
# /home/chrome-bot/.ssh/authorized_keys.
# Based on https://www.debian.org/releases/stretch/example-preseed.txt, retrieved 2018-01-17.
# Documentation of preseed files at https://www.debian.org/releases/buster/amd64/apb.en.html
#
# Note this warning in the example file ("d-i" is an abbreviation for Debian installer):
# d-i preseeding is inherently not secure. Nothing in the installer checks
# for attempts at buffer overflows or other exploits of the values of a
# preconfiguration file like this one. Only use preconfiguration files from
# trusted locations!
#
####################################################################################################
# Making a USB stick:
####################################################################################################
# 1. Create a modifiable Debian installer USB stick.
# a. Download a Debian Installer CD ISO. Maybe helpful to include third-party firmware. (I used
# debian-live-10.1.0-amd64-cinnamon+nonfree.iso.)
# b. Format USB stick (replace "foo" with device name):
# - sudo fdisk /dev/foo
# - g (Create a new GPT)
# - n (Create new partition)
# - 1 (Partition number)
# - Enter, enter (default start/end for max size)
# - t (Change partition type)
# - (If necessary:) 1 (Select partition 1)
# - 1 (EFI System)
# - w (Write partition table)
# c. sudo mkfs.fat -F32 /dev/foo1
# d. Mount USB partition
# - sudo mkdir /mnt/usb
# - sudo mount /dev/foo1 /mnt/usb
# e. Install GRUB to the USB EFI partition
# - sudo grub-install --target x86_64-efi --efi-directory /mnt/usb/ --removable --boot-directory=/mnt/usb/boot
# f. Mount ISO
# - sudo mkdir /mnt/iso
# - sudo mount -o loop Downloads/debian-live-9.4.0-amd64-cinnamon+nonfree.iso /mnt/iso
# g. Copy all files from ISO to USB (ISO has a dir named .disk that * doesn't match)
# - sudo cp -R /mnt/iso/* /mnt/usb/
# - sudo cp -R /mnt/iso/.disk/ /mnt/usb/
# 2. Copy this file to the root of the USB stick.
# - sudo cp debian-preseed.cfg /mnt/usb/
# 3. Add/modify a menuentry in boot/grub/grub.cfg:
# - md5sum /mnt/usb/debian-preseed.cfg
# - sudo nano /mnt/usb/boot/grub/grub.cfg
# - Add the following before any other menuentry lines, replacing ... with the output from
# above.
# set default="0"
# set timeout=15
# menuentry "Preeseeded Debian Installer" {
# linux /d-i/vmlinuz auto=true file=/cdrom/debian-preseed.cfg preseed-md5=... "${loopback}"
# initrd /d-i/initrd.gz
# }
# 4. Cleanup
# - sudo umount /mnt/iso /mnt/usb
# - sudo rmdir /mnt/iso /mnt/usb
# 5. Label the USB stick with
# "WARNING: booting this will wipe the hard disk with no confirmation!
# Debian 10.1.0 preseed"
#
####################################################################################################
# Updating for a new version
####################################################################################################
# 1. In this file, replace buster with the next codename.
# 2. Compare the current release example-preseed.txt with buster and apply any relevant changes.
# 3. Create a new USB stick and test the installation.
# 4. If the installer paused for input, after the install is complete, copy the relevant parts of
# 'debconf-get-selections --installer' and/or 'debconf-get-selections' to this file.
# 5. Repeat steps 3-5 until the installer can run unattended.
####################################################################################################
### Localization
# Preseeding only locale sets language, country and locale.
d-i debian-installer/locale string en_US
# Keyboard selection.
d-i keyboard-configuration/xkb-keymap select us
### Network configuration
# netcfg will choose an interface that has link if possible. This makes it
# skip displaying a list if there is more than one interface.
d-i netcfg/choose_interface select auto
####################################################################################################
# For bots that have a wifi chip, we try to disable it in the BIOS. Some bots, like the Braswell
# NUC5PPYH, don't allow the wifi chip to be disabled, which means you must specify the network link
# you want to use (otherwise, the wifi might get selected which requires a WIFI prompt and other
# unwanted behavior). Unfortunately, the name "eth1" has more or less been deprecated and not used
# in modern Linux distros, so one has to specify the *exact* name here, requiring a different
# preseed config for different batches of bots. kjlubick simply made one for the Braswell bots with
# the line below instead of the "choose_interface select auto" line above.
#
# Alternatively, one can manually edit the boot line before starting the installer, or add more boot
# options to the menu with different network interfaces specified. See preseed docs for more info.
#d-i netcfg/choose_interface select enp3s0
####################################################################################################
# Any hostname and domain names assigned from dhcp take precedence over
# values set here. However, setting the values still prevents the questions
# from being shown, even if values come from dhcp.
d-i netcfg/get_hostname string unassigned-hostname
d-i netcfg/get_domain string unassigned-domain
# Disable that annoying WEP key dialog.
d-i netcfg/wireless_wep string
# If non-free firmware is needed for the network or other hardware, you can
# configure the installer to always try to load it, without prompting.
d-i hw-detect/load_firmware boolean true
### Mirror settings
apt-mirror-setup apt-setup/use_mirror boolean true
d-i mirror/country string manual
d-i mirror/http/hostname string http.us.debian.org
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string
# Suite to install.
d-i mirror/suite string buster
### Account setup
# Skip creation of a root account (normal user account will be able to use sudo). (If this is set to
# true, chrome-bot user can't use sudo.)
d-i passwd/root-login boolean false
# To create a normal user account.
d-i passwd/user-fullname string chrome-bot
d-i passwd/username string chrome-bot
# This is the hash of the temporary password that can be found in Valentine under
# "debian9-preseed.cfg." Generated with:
# > mkpasswd -m sha-512 <password>
d-i passwd/user-password-crypted password \
$6$3cgN2NkwPUSrJ1T6$kMw8sP1suFA0fF8n8EwgYtgHgROOwuH7yKAtLBfx3z4heqRX1fe3T0UTGF1wd5v5AxBcGK4385WhtA2ZqiW1m/
### Clock and time zone setup
# Controls whether or not the hardware clock is set to UTC.
d-i clock-setup/utc boolean true
# You may set this to any valid setting for $TZ; see the contents of
# /usr/share/zoneinfo/ for valid values.
d-i time/zone string US/Eastern
# Controls whether to use NTP to set the clock during the install
d-i clock-setup/ntp boolean true
# NTP server to use. We use the local router.
d-i clock-setup/ntp-server string 192.168.1.1
### Partitioning
# - lvm: use LVM to partition the disk
d-i partman-auto/method string lvm
partman-auto partman-auto/method string lvm
# No clue what this means or why above is not enough to pick LVM.
partman-auto partman-auto/init_automatically_partition select 60some_device_lvm__________lvm
# Use largest disk (i.e. not USB stick) for installation.
d-i partman/early_command string \
largest=""; \
largest_size="0"; \
for d in /sys/block/*; do \
d_size="$(cat $d/size)"; \
if [ "$d_size" -gt "$largest_size" ]; then \
largest="$(basename $d)"; \
largest_size="$d_size"; \
fi; \
done; \
debconf-set partman-auto/disk "/dev/$largest";
partman-auto-lvm partman-auto-lvm/guided_size string max
partman-auto-lvm partman-auto-lvm/new_vg_name string primary-vg
# If one of the disks that are going to be automatically partitioned
# contains an old LVM configuration, the user will normally receive a
# warning. This can be preseeded away...
d-i partman-lvm/device_remove_lvm boolean true
# The same applies to pre-existing software RAID array:
d-i partman-md/device_remove_md boolean true
# And the same goes for the confirmation to write the lvm partitions.
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
# You can choose one of the three predefined partitioning recipes:
# - atomic: all files in one partition
# - home: separate /home partition
# - multi: separate /home, /var, and /tmp partitions
d-i partman-auto/choose_recipe select atomic
# This makes partman automatically partition without confirmation, provided
# that you told it what to do using one of the methods above.
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
### Apt setup
# You can choose to install non-free and contrib software.
d-i apt-setup/non-free boolean true
d-i apt-setup/contrib boolean true
### Package selection
tasksel tasksel/first multiselect standard, desktop
# Whether to upgrade packages after debootstrap.
# Allowed values: none, safe-upgrade, full-upgrade
d-i pkgsel/upgrade select full-upgrade
### Boot loader installation
# This is fairly safe to set, it makes grub install automatically to the MBR
# if no other operating system is detected on the machine.
d-i grub-installer/only_debian boolean true
# This one makes grub-installer install to the MBR if it also finds some other
# OS, which is less safe as it might not be able to boot that other OS.
d-i grub-installer/with_other_os boolean true
### Finishing up the installation
# Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note
### SSH setup
# Install openssh-server.
d-i preseed/late_command string \
apt-install openssh-server;