Skip to content

Instantly share code, notes, and snippets.

@Prototype-X
Forked from slattery/firstboot.sh.erb
Created August 20, 2023 19:40
Show Gist options
  • Save Prototype-X/760cc26dcefaa7ef557f8dc707c4f8cd to your computer and use it in GitHub Desktop.
Save Prototype-X/760cc26dcefaa7ef557f8dc707c4f8cd to your computer and use it in GitHub Desktop.
Generator for Debian preseed files
#!/bin/sh
# set hostname
echo <%= hostname %> > /etc/hostname
/etc/init.d/hostname.sh
# Set up networking
cat > /etc/network/interfaces << EOF
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 10.100.0.<%= ip_suffix %>
netmask 255.255.255.0
gateway 10.100.0.1
dns-nameservers 10.100.0.11 10.100.2.11
dns-search int.mtak.nl
iface eth0 inet6 static
address 2001:470:7927::<%= ip_suffix %>
netmask 64
gateway 2001:470:7927::1
EOF
cat > /etc/resolv.conf << EOF
domain int.mtak.nl
search int.mtak.nl
nameserver 10.100.0.11
nameserver 10.100.2.11
EOF
ifdown eth0
ifup eth0
# Set up MOTD
cat > /etc/motd << EOF
THIS IS A PRIVATE COMPUTER SYSTEM. Unauthorized access prohibited.
EOF
# Set up sudoers
cat >> /etc/sudoers << EOF
mtak ALL=(ALL) NOPASSWD: ALL
EOF
# Set up mail relaying
# System settings
update-alternatives --set editor /usr/bin/vim.tiny
cp /etc/locale.gen /etc/locale.gen.orig
cat > /etc/locale.gen << EOF
en_US ISO-8859-1
nl_NL.UTF-8 UTF-8
EOF
locale-gen
# TODO: upgrade to ldap+kerberos realm INT.MTAK.NL
# Set up SSH key for mtak
mkdir -p /home/mtak/.ssh
echo 'ssh-rsa AAAAB3Nz6nTkZGXMchiG0K4aNp5MiZguDs9o8CiwnZhm9Nmz4Tcyg7j/6y1T7iZehaLeC0MCsUGVwBqYX8c= mtak@fs1' >> /home/mtak/.ssh/authorized_keys
chown -R mtak: /home/mtak
chmod 700 /home/mtak/.ssh
chmod 600 /home/mtak/.ssh/authorized_keys
# Set up Postfix
cat > /etc/mailname << EOF
<%= hostname %>.int.mtak.nl
EOF
cat > /etc/postfix/main.cf << EOF
myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_use_tls=no
myhostname = <%= hostname %>.int.mtak.nl
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = <%= hostname %>.int.mtak.nl, localhost.int.mtak.nl, localhost
relayhost = smtp.int.mtak.nl
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
EOF
#
# End of script
#
# Remove our firstboot service so that it won't run again
update-rc.d firstboot remove
rm /etc/init.d/firstboot /root/firstboot
# Reboot into the new kernel
/sbin/reboot
#!/usr/bin/env ruby
require 'erb'
if ARGV.count != 1
puts "Error, no hostname specified"
puts "Usage: #{$0} hostname"
exit 1
end
hostname = ARGV[0]
dig_output = `dig -t A #{hostname}.int.mtak.nl @10.100.0.11 +short`
if dig_output.nil? || dig_output.length == 0
puts "No DNS entry found for #{hostname}.int.mtak.nl"
exit 1
end
dig_output =~ /^(\d*)\.(\d*)\.(\d*)\.(\d*)$/
ip_suffix = $4
preseed_template = File.read("preseed.erb")
template = ERB.new(preseed_template)
erb_output = template.result(binding)
File.write("#{hostname}_preseed.cfg", erb_output)
postinstall_template = File.read("postinstall.sh.erb")
postinstall = ERB.new(postinstall_template)
erb_output = postinstall.result(binding)
File.write("#{hostname}_postinstall.sh", erb_output)
firstboot_template = File.read("firstboot.sh.erb")
firstboot = ERB.new(firstboot_template)
erb_output = firstboot.result(binding)
File.write("#{hostname}_firstboot.sh", erb_output)
puts "Preseed file at http://gen1.int.mtak.nl/mtak/preseed/#{hostname}_preseed.cfg"
#!/bin/sh
# grab our firstboot script
/usr/bin/curl -o /root/firstboot http://gen1.int.mtak.nl/mtak/preseed/<%= hostname %>_firstboot.sh
chmod +x /root/firstboot
# create a service that will run our firstboot script
cat > /etc/init.d/firstboot << EOF
### BEGIN INIT INFO
# Provides: firstboot
# Required-Start: $networking
# Required-Stop: $networking
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: A script that runs once
# Description: A script that runs once
### END INIT INFO
cd /root ; /usr/bin/nohup sh -x /root/firstboot &
EOF
# install the firstboot service
chmod +x /etc/init.d/firstboot
update-rc.d firstboot defaults
echo "finished postinst"
# Contents of the preconfiguration file (for wheezy)
# Localization
d-i debian-installer/locale string en_US
d-i keymap select us
# Static network configuration.
# IPv4 example
d-i netcfg/choose_interface select auto
#d-i netcfg/ipaddress string 10.100.0.<%= ip_suffix %>
#d-i netcfg/netmask string 255.255.255.0
#d-i netcfg/gateway string 10.100.0.1
#d-i netcfg/nameservers string 10.100.0.11 10.100.2.11
#d-i netcfg/confirm_static boolean true
#d-i netcfg/disable_dhcp boolean true
# IPv6 example
#d-i netcfg/get_ipaddress string 2001:470:7927::<%= ip_suffix %>
#d-i netcfg/get_netmask string ffff:ffff:ffff:ffff::
#d-i netcfg/get_gateway string 2001:470:7927::1
#d-i netcfg/get_nameservers string 2001:470:7927::11
#d-i netcfg/confirm_static boolean true
d-i netcfg/get_hostname string <%= hostname %>
d-i netcfg/get_hostname seen true
d-i netcfg/get_domain string int.mtak.nl
d-i netcfg/get_domain seen true
# If you want to force a hostname, regardless of what either the DHCP
# server returns or what the reverse DNS entry for the IP is, uncomment
# and adjust the following line.
d-i netcfg/hostname string <%= hostname %>
### Mirror settings
# If you select ftp, the mirror/country string does not need to be set.
#d-i mirror/protocol string ftp
d-i mirror/country string manual
d-i mirror/http/hostname string ftp.nluug.nl
d-i mirror/http/directory string /pub/os/Linux/distr/debian/
d-i mirror/http/proxy string
### Account setup
d-i passwd/root-password-crypted password <some-enc_hash>
# To create a normal user account.
d-i passwd/user-fullname string mtak
d-i passwd/username string mtak
d-i passwd/user-password-crypted password <some-enc_hash>
# The user account will be added to some standard initial groups. To
# override that, use this.
#d-i passwd/user-default-groups string audio cdrom video
### Clock and time zone setup
# Controls whether or not the hardware clock is set to UTC.
d-i clock-setup/utc boolean true
# You may set this to any valid setting for $TZ; see the contents of
# /usr/share/zoneinfo/ for valid values.
d-i time/zone string Europe/Amsterdam
# Controls whether to use NTP to set the clock during the install
d-i clock-setup/ntp boolean true
# NTP server to use. The default is almost always fine here.
d-i clock-setup/ntp-server string 0.nl.pool.ntp.org
# Disk stuff
d-i partman-auto/method string lvm
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-md/device_remove_md boolean true
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
d-i partman-auto/choose_recipe select atomic
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
d-i partman-md/confirm boolean true
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
### Package selection
tasksel tasksel/first multiselect standard
# If the desktop task is selected, install the kde and xfce desktops
# instead of the default gnome desktop.
#tasksel tasksel/desktop multiselect kde, xfce
# Individual additional packages to install
d-i pkgsel/include string openssh-server build-essential curl sudo postfix
# Whether to upgrade packages after debootstrap.
# Allowed values: none, safe-upgrade, full-upgrade
d-i pkgsel/upgrade select full-upgrade
# Some versions of the installer can report back on what software you have
# installed, and what software you use. The default is not to report back,
# but sending reports helps the project determine what software is most
# popular and include it on CDs.
#popularity-contest popularity-contest/participate boolean false
### Finishing up the installation
# During installations from serial console, the regular virtual consoles
# (VT1-VT6) are normally disabled in /etc/inittab. Uncomment the next
# line to prevent this.
#d-i finish-install/keep-consoles boolean true
# Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note
# This will prevent the installer from ejecting the CD during the reboot,
# which is useful in some situations.
#d-i cdrom-detect/eject boolean false
# This is how to make the installer shutdown when finished, but not
# reboot into the installed system.
#d-i debian-installer/exit/halt boolean true
# This will power off the machine instead of just halting it.
#d-i debian-installer/exit/poweroff boolean true
### Preseeding other packages
# Depending on what software you choose to install, or if things go wrong
# during the installation process, it's possible that other questions may
# be asked. You can preseed those too, of course. To get a list of every
# possible question that could be asked during an install, do an
# installation, and then run these commands:
# debconf-get-selections --installer > file
# debconf-get-selections >> file
#### Advanced options
### Running custom commands during the installation
# d-i preseeding is inherently not secure. Nothing in the installer checks
# for attempts at buffer overflows or other exploits of the values of a
# preconfiguration file like this one. Only use preconfiguration files from
# trusted locations! To drive that home, and because it's generally useful,
# here's a way to run any shell command you'd like inside the installer,
# automatically.
# This first command is run as early as possible, just after
# preseeding is read.
#d-i preseed/early_command string anna-install some-udeb
# This command is run immediately before the partitioner starts. It may be
# useful to apply dynamic partitioner preseeding that depends on the state
# of the disks (which may not be visible when preseed/early_command runs).
#d-i partman/early_command \
# string debconf-set partman-auto/disk "$(list-devices disk | head -n1)"
# This command is run just before the install finishes, but when there is
# still a usable /target directory. You can chroot to /target and use it
# directly, or use the apt-install and in-target commands to easily install
# packages and run commands in the target system.
d-i preseed/late_command string chroot /target sh -c "/usr/bin/curl -o /tmp/postinstall http://gen1.int.mtak.nl/mtak/preseed/<%= hostname %>_postinstall.sh && /bin/sh -x /tmp/postinstall"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment