aboutsummaryrefslogtreecommitdiffstats
path: root/preseed.cfg
diff options
context:
space:
mode:
Diffstat (limited to 'preseed.cfg')
-rw-r--r--preseed.cfg110
1 files changed, 80 insertions, 30 deletions
diff --git a/preseed.cfg b/preseed.cfg
index be99a2e..6428063 100644
--- a/preseed.cfg
+++ b/preseed.cfg
@@ -1,6 +1,6 @@
# Preseed file
#
-# Copyright © 2013 Guilhem Moulin <guilhem@fripost.org>
+# Copyright © 2013,2014 Guilhem Moulin <guilhem@fripost.org>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -15,32 +15,64 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-# Locales
-d-i debian-installer/locale string en_US.UTF-8
-d-i localechooser/supported-locales multiselect sv_SE.UTF-8
-d-i keymap skip-config
-# Debian archive mirror hostname (installer only):
-d-i mirror/http/hostname string ftp.se.debian.org
+################################################################################
+# Fripost specific options
-# Assume the clock is UTC. Always use NTP.
-d-i clock-setup/utc boolean true
-d-i clock-setup/ntp boolean true
-d-i clock-setup/ntp-server string 0.se.pool.ntp.org
-d-i time/zone string Europe/Stockholm
+# Which script should be used for partitioning? The path should be absolute,
+# and the script must be executable. (This is mandatory)
+d-i fripost/partition-script string /cdrom/include/partition.sh
+
+# Which kind of data fill the disk with before encryption? 'none' means disks
+# will NOT be wiped, otherwise use /dev/{zero,urandom,random} as the source
+# data to fill disks with. Beware that the later two may drain the entropy
+# pool of the system! (Default: zero)
+#d-i fripost/wipe-device string zero
+
+# Should the system disk be fully encrypted? (Excluding /boot.) (Default: true)
+#d-i fripost/encrypt boolean true
+
+# Password for full-disk encryption? If left empty (recommended, and the
+# default), a SSH daemon will be fired up and the automatic install will be
+# interupted, waiting for the user to dump the password on the standard input.
+#d-i fripost/encryption-password string
+
+# Listening [address:]port for dropbear? If port is a range (e.g., 1024-65535),
+# a random port in that range is chosen. Leaving the question empty is
+# equivalent to specifying the range of registered port 1024-49151. This is only
+# used for remote (SSH) unlocking of encrypted disks. (Default: 22)
+#d-i fripost/initrd-ssh-port string 22
+
+# Use the same key for dropbear and OpenSSH? If False, generate a dedicated key
+# for dropbear. (Default: false)
+#d-i fripost/dropbear-use-openssh-key boolean false
+
+# Install and activate (in enforcing mode) SELinux? Note that activating
+# SELinux requires a dummy reboot to label all files. So if you have full-disk
+# encryption, you'll have to send the password twice to dropbear. (Default: true)
+#d-i fripost/activate-selinux boolean true
+
+# Keep /media and its kids' entries in the fstab? /media (and its related
+# entries in the fstab) can safely be removed on a headless server. (Default:
+# false)
+#d-i fripost/keep-media-directory boolean false
+
+# Display the final notice before rebooting? It's good to show SSH
+# fingerprints, because it defeats MiTM-attacks. (Default: true)
+#d-i fripost/final-notice boolean true
+
+
+################################################################################
+# Network. You probably want to change the host and domain names.
-# Network
d-i netcfg/choose_interface select auto
-d-i netcfg/hostname string eilift
-d-i netcfg/get_domain string guilhem.org
-#d-i netcfg/disable_autoconfig boolean true
-#d-i netcfg/get_ipaddress string 192.168.10.100
-#d-i netcfg/get_netmask string 255.255.255.0
-#d-i netcfg/get_gateway string 192.168.10.2
-#d-i netcfg/get_nameservers string 192.168.10.1
-#d-i netcfg/confirm_static boolean true
-
-# Users
+d-i netcfg/hostname string mistral
+d-i netcfg/get_domain string fripost.org
+
+
+################################################################################
+# Users. You probably want to change the user name and password.
+
adduser adduser/homedir-permission boolean false
d-i passwd/root-login boolean false
d-i passwd/shadow boolean true
@@ -50,10 +82,32 @@ d-i passwd/username string guilhem
d-i passwd/user-password-crypted password $6$QjLeZdW1O$9VymVDc5q6NctEylAqObvmP4S7FXk1ckCPaHua0JaiFSaTeTKoWxaP7bQoUWvzCPDY23Xqthg87QDBbaCY9BP0
d-i passwd/user-default-groups string ssh
-locales/default_environment_locale string en_US.UTF-8
-locales/locales_to_be_generated string en_US.UTF-8 UTF-8, sv_SE.UTF-8 UTF-8
-# System
+################################################################################
+# Locales
+
+d-i debian-installer/locale string en_US.UTF-8
+d-i localechooser/supported-locales multiselect sv_SE.UTF-8
+d-i keymap skip-config
+
+locales locales/default_environment_locale string en_US.UTF-8
+locales locales/locales_to_be_generated string en_US.UTF-8 UTF-8, sv_SE.UTF-8 UTF-8
+
+
+################################################################################
+# Assume the clock is UTC. Always use NTP.
+
+d-i clock-setup/utc boolean true
+d-i clock-setup/ntp boolean true
+d-i clock-setup/ntp-server string 0.se.pool.ntp.org
+d-i time/zone string Europe/Stockholm
+
+################################################################################
+# dpkg/APT (install minimal system)
+
+# Debian archive mirror hostname (installer only):
+d-i mirror/http/hostname string ftp.se.debian.org
+
popularity-contest popularity-contest/participate boolean true
d-i base-installer/kernel/image string linux-image-amd64
d-i base-installer/kernel/linux/initramfs-generators string initramfs-tools
@@ -67,7 +121,3 @@ d-i pkgsel/upgrade select safe-upgrade
d-i preseed/early_command string anna-install fripost-partman fripost-postinst
d-i preseed/late_command string /bin/in-target /usr/bin/update-alternatives --set editor /usr/bin/vim.nox
-d-i fripost/partition-script string /cdrom/include/partition.sh
-
-d-i fripost/wipe-device string none
-d-i fripost/initrd-ssh-port string 2222