Skip to content

Instantly share code, notes, and snippets.

@madalinignisca
Last active May 13, 2024 09:45
Show Gist options
  • Save madalinignisca/69d55a40793f20c39c6f0f4893a1341c to your computer and use it in GitHub Desktop.
Save madalinignisca/69d55a40793f20c39c6f0f4893a1341c to your computer and use it in GitHub Desktop.
Debian installer preseed PCI compliant minimal
d-i debian-installer/locale string en_US.UTF-8
d-i debian-installer/language string en
d-i debian-installer/country string ES
d-i keyboard-configuration/xkb-keymap select us
d-i netcfg/choose_interface select auto
d-i hw-detect/load_firmware boolean true
d-i mirror/protocol string http
d-i mirror/country string manual
d-i mirror/http/hostname string mirror.hetzner.com
d-i mirror/http/directory string /debian/packages/
d-i mirror/http/proxy string
d-i passwd/root-login boolean false
d-i passwd/user-fullname string Hercules Admins
d-i passwd/username string hercules
d-i clock-setup/utc boolean true
d-i time/zone string UTC
d-i clock-setup/ntp boolean true
d-i clock-setup/ntp-server ntp2.hetzner.com
bootstrap-basei base-installer/initramfs-tools/driver-policy select dep
d-i apt-setup/cdrom/set-first boolean false
d-i apt-setup/non-free-firmware boolean true
d-i apt-setup/non-free boolean false
d-i apt-setup/contrib boolean false
d-i apt-setup/disable-cdrom-entries boolean true
d-i apt-setup/services-select multiselect security
d-i apt-setup/enable-source-repositories boolean false
d-i tasksel/tasks multiselect ssh-server
d-i pkgsel/upgrade select none
d-i grub-installer/bootdev string default
d-i grub-installer/only_debian boolean true
d-i preseed/late_command string \
in-target mkdir -p /home/hercules/.ssh; \
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMDU5kK4dXBLGlo8TQpa8GFTL/VfQa6LKNI8dgfEYqU madalin@macbook-pro-13-2019" >> /target/home/hercules/.ssh/authorized_keys; \
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFdUvOZNiePhtqCTE++ZRpxt8sH32TzVTSU/mH1Fo8HR madalin@ipad-mini-6" >> /target/home/hercules/.ssh/authorized_keys; \
in-target chown -R hercules:hercules /home/hercules/.ssh; \
in-target chmod 700 /home/hercules/.ssh; \
in-target chmod 600 /home/hercules/.ssh/authorized_keys; \
in-target sed -i -E 's/#?PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config; \
in-target sed -i -E 's/#?PermitRootLogin prohibit-password/PermitRootLogin no/' /etc/ssh/sshd_config; \
echo "hercules ALL=(ALL) NOPASSWD:ALL" > /target/etc/sudoers.d/hercules;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment