oguya/debian-08-template-preseed.txt Secret

## debian-08-template-preseed.txt
#### Debian 08 (jessie) preseed file
#### Based on the official example preseed: https://www.debian.org/releases/jessie/example-preseed.txt
#### TODO: Changes made to suit our research computing needs
####    - Networking: set static network IPv4 address & hostname, no DHCP
####    - Mirror: use local KENET debian mirror
####    - User accounts: create root & provisioning accounts. Don't forget to remove clear text passwords!!
####    - Partitioning: use LVMs with separate /home, /var & /tmp partitions
####    - Extra Packages: Install openssh-server & sudo
####    - Bootloader: Install grub on /dev/vda
####    -

### Localization
# Preseeding only locale sets language, country and locale.
d-i debian-installer/locale string en_US

# Keyboard selection.
d-i keyboard-configuration/xkb-keymap select us
# d-i keyboard-configuration/toggle select No toggling


### Network configuration
# netcfg will choose an interface that has link if possible. This makes it
# skip displaying a list if there is more than one interface.
d-i netcfg/choose_interface select auto

# If you prefer to configure the network manually, uncomment this line and
# the static network configuration below.
d-i netcfg/disable_autoconfig boolean true

# If you want the preconfiguration file to work on systems both with and
# without a dhcp server, uncomment these lines and the static network
# configuration below.
d-i netcfg/dhcp_failed note
d-i netcfg/dhcp_options select Configure network manually

# TODO: Static network configuration.
d-i netcfg/get_ipaddress string 172.26.23.220
d-i netcfg/get_netmask string 255.255.255.0
d-i netcfg/get_gateway string 172.26.23.254
d-i netcfg/get_nameservers string 8.8.8.8
d-i netcfg/confirm_static boolean true

# Any hostname and domain names assigned from dhcp take precedence over
# values set here. However, setting the values still prevents the questions
# from being shown, even if values come from dhcp.
#d-i netcfg/get_hostname string unassigned-hostname
#d-i netcfg/get_domain string unassigned-domain

# TODO: Set hostname
# If you want to force a hostname, regardless of what either the DHCP
# server returns or what the reverse DNS entry for the IP is, uncomment
# and adjust the following line.
d-i netcfg/hostname string debian-08

# Disable that annoying WEP key dialog.
d-i netcfg/wireless_wep string
# The wacky dhcp hostname that some ISPs use as a password of sorts.
#d-i netcfg/dhcp_hostname string radish

# If non-free firmware is needed for the network or other hardware, you can
# configure the installer to always try to load it, without prompting. Or
# change to false to disable asking.
#d-i hw-detect/load_firmware boolean true


### TODO: Mirror settings - use KENET
d-i mirror/country string manual
d-i mirror/http/hostname string debian.mirror.ac.ke
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string


### Account setup
# TODO: create root user with password - redhat - ;)
d-i passwd/root-login boolean
# clear text password
d-i passwd/root-password password redhat
d-i passwd/root-password-again password redhat
# OR use SHA-512 user pass: python -c 'import crypt; print crypt.crypt("AAAAAAAA", "$6$saltiness")
#d-i passwd/root-password-crypted password [SHA-512 hash]

# TODO: Create a normal user(provisioning) account
d-i passwd/user-fullname string Provisioning User
d-i passwd/username string provisioning
# clear text password
d-i passwd/user-password password 0-100_real_quick
d-i passwd/user-password-again password 0-100_real_quick
# OR use SHA-512 user pass: python -c 'import crypt; print crypt.crypt("AAAAAAAA", "$6$saltiness")
#d-i passwd/user-password-crypted password [SHA-512 hash]
# Specify UID ??
#d-i passwd/user-uid string 1010
# Add user to group(s)
d-i passwd/user-default-groups string sudo


### Clock and time zone setup
# Controls whether or not the hardware clock is set to UTC.
d-i clock-setup/utc boolean true

# You may set this to any valid setting for $TZ; see the contents of
# /usr/share/zoneinfo/ for valid values.
d-i time/zone string Africa/Nairobi

# Controls whether to use NTP to set the clock during the install
d-i clock-setup/ntp boolean true
# NTP server to use. The default is almost always fine here.
#d-i clock-setup/ntp-server string ntp.example.com


### Partitioning

# TODO: using lvms with separate /home, /var & /tmp partitions
d-i partman-auto/method string lvm
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-md/device_remove_md boolean true
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
d-i partman-auto/choose_recipe select multi
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
d-i partman/mount_style select uuid


## TODO: Consult the official example preseed file for more info on
## partitioning: https://www.debian.org/releases/jessie/example-preseed.txt


### Base system installation
# Configure APT to not install recommended packages by default. Use of this
# option can result in an incomplete system and should only be used by very
# experienced users.
d-i base-installer/install-recommends boolean false

# The kernel image (meta) package to be installed; "none" can be used if no
# kernel is to be installed.
d-i base-installer/kernel/image string linux-virtual


### Apt setup
# You can choose to install non-free and contrib software.
#d-i apt-setup/non-free boolean true
#d-i apt-setup/contrib boolean true

# Select which update services to use; define the mirrors to be used.
# Values shown below are the normal defaults.
d-i apt-setup/services-select multiselect security, updates
d-i apt-setup/security_host string security.debian.org


### Package selection
tasksel tasksel/first multiselect standard, ssh-server

## Individual additional packages to install
# TODO: Install openssh-server & sudo extra packages
d-i pkgsel/include string openssh-server build-essential sudo
# Whether to upgrade packages after debootstrap.
# Allowed values: none, safe-upgrade, full-upgrade
# TODO: Full upgrade all packages ??
#d-i pkgsel/upgrade select full-upgrade


### Boot loader installation

## TODO: Install grub on /dev/[sda|vda]
d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean true
d-i grub-installer/bootdev  string /dev/vda
d-i finish-install/reboot_in_progress note


## TODO: Consult the official example preseed file for more info on
## bootloader installation: https://www.debian.org/releases/jessie/example-preseed.txt


#### Advanced options
### Running custom commands during the installation

# This command is run just before the install finishes, but when there is
# still a usable /target directory. You can chroot to /target and use it
# directly, or use the apt-install and in-target commands to easily install
# packages and run commands in the target system.
#d-i preseed/late_command string apt-install zsh; in-target chsh -s /bin/zsh

# ILRI-HPC: add provisioning user to sudoers
# NOTE: prefix your paths with /target/
#d-i preseed/late_command string apt-install zsh; in-target chsh -s /bin/zsh
#d-i preseed/late_command string in-target update-alternatives --set editor /usr/bin/vim.tiny;echo "provisioning   ALL=(ALL)  ALL" > /target/etc/sudoers.d/provisioning;sync
	#### Debian 08 (jessie) preseed file
	#### Based on the official example preseed: https://www.debian.org/releases/jessie/example-preseed.txt
	#### TODO: Changes made to suit our research computing needs
	#### - Networking: set static network IPv4 address & hostname, no DHCP
	#### - Mirror: use local KENET debian mirror
	#### - User accounts: create root & provisioning accounts. Don't forget to remove clear text passwords!!
	#### - Partitioning: use LVMs with separate /home, /var & /tmp partitions
	#### - Extra Packages: Install openssh-server & sudo
	#### - Bootloader: Install grub on /dev/vda
	#### -

	### Localization
	# Preseeding only locale sets language, country and locale.
	d-i debian-installer/locale string en_US

	# Keyboard selection.
	d-i keyboard-configuration/xkb-keymap select us
	# d-i keyboard-configuration/toggle select No toggling


	### Network configuration
	# netcfg will choose an interface that has link if possible. This makes it
	# skip displaying a list if there is more than one interface.
	d-i netcfg/choose_interface select auto

	# If you prefer to configure the network manually, uncomment this line and
	# the static network configuration below.
	d-i netcfg/disable_autoconfig boolean true

	# If you want the preconfiguration file to work on systems both with and
	# without a dhcp server, uncomment these lines and the static network
	# configuration below.
	d-i netcfg/dhcp_failed note
	d-i netcfg/dhcp_options select Configure network manually

	# TODO: Static network configuration.
	d-i netcfg/get_ipaddress string 172.26.23.220
	d-i netcfg/get_netmask string 255.255.255.0
	d-i netcfg/get_gateway string 172.26.23.254
	d-i netcfg/get_nameservers string 8.8.8.8
	d-i netcfg/confirm_static boolean true

	# Any hostname and domain names assigned from dhcp take precedence over
	# values set here. However, setting the values still prevents the questions
	# from being shown, even if values come from dhcp.
	#d-i netcfg/get_hostname string unassigned-hostname
	#d-i netcfg/get_domain string unassigned-domain

	# TODO: Set hostname
	# If you want to force a hostname, regardless of what either the DHCP
	# server returns or what the reverse DNS entry for the IP is, uncomment
	# and adjust the following line.
	d-i netcfg/hostname string debian-08

	# Disable that annoying WEP key dialog.
	d-i netcfg/wireless_wep string
	# The wacky dhcp hostname that some ISPs use as a password of sorts.
	#d-i netcfg/dhcp_hostname string radish

	# If non-free firmware is needed for the network or other hardware, you can
	# configure the installer to always try to load it, without prompting. Or
	# change to false to disable asking.
	#d-i hw-detect/load_firmware boolean true


	### TODO: Mirror settings - use KENET
	d-i mirror/country string manual
	d-i mirror/http/hostname string debian.mirror.ac.ke
	d-i mirror/http/directory string /debian
	d-i mirror/http/proxy string


	### Account setup
	# TODO: create root user with password - redhat - ;)
	d-i passwd/root-login boolean
	# clear text password
	d-i passwd/root-password password redhat
	d-i passwd/root-password-again password redhat
	# OR use SHA-512 user pass: python -c 'import crypt; print crypt.crypt("AAAAAAAA", "$6$saltiness")
	#d-i passwd/root-password-crypted password [SHA-512 hash]

	# TODO: Create a normal user(provisioning) account
	d-i passwd/user-fullname string Provisioning User
	d-i passwd/username string provisioning
	# clear text password
	d-i passwd/user-password password 0-100_real_quick
	d-i passwd/user-password-again password 0-100_real_quick
	# OR use SHA-512 user pass: python -c 'import crypt; print crypt.crypt("AAAAAAAA", "$6$saltiness")
	#d-i passwd/user-password-crypted password [SHA-512 hash]
	# Specify UID ??
	#d-i passwd/user-uid string 1010
	# Add user to group(s)
	d-i passwd/user-default-groups string sudo


	### Clock and time zone setup
	# Controls whether or not the hardware clock is set to UTC.
	d-i clock-setup/utc boolean true

	# You may set this to any valid setting for $TZ; see the contents of
	# /usr/share/zoneinfo/ for valid values.
	d-i time/zone string Africa/Nairobi

	# Controls whether to use NTP to set the clock during the install
	d-i clock-setup/ntp boolean true
	# NTP server to use. The default is almost always fine here.
	#d-i clock-setup/ntp-server string ntp.example.com


	### Partitioning

	# TODO: using lvms with separate /home, /var & /tmp partitions
	d-i partman-auto/method string lvm
	d-i partman-lvm/device_remove_lvm boolean true
	d-i partman-md/device_remove_md boolean true
	d-i partman-lvm/confirm boolean true
	d-i partman-lvm/confirm_nooverwrite boolean true
	d-i partman-auto/choose_recipe select multi
	d-i partman-partitioning/confirm_write_new_label boolean true
	d-i partman/choose_partition select finish
	d-i partman/confirm boolean true
	d-i partman/confirm_nooverwrite boolean true
	d-i partman/mount_style select uuid


	## TODO: Consult the official example preseed file for more info on
	## partitioning: https://www.debian.org/releases/jessie/example-preseed.txt


	### Base system installation
	# Configure APT to not install recommended packages by default. Use of this
	# option can result in an incomplete system and should only be used by very
	# experienced users.
	d-i base-installer/install-recommends boolean false

	# The kernel image (meta) package to be installed; "none" can be used if no
	# kernel is to be installed.
	d-i base-installer/kernel/image string linux-virtual


	### Apt setup
	# You can choose to install non-free and contrib software.
	#d-i apt-setup/non-free boolean true
	#d-i apt-setup/contrib boolean true

	# Select which update services to use; define the mirrors to be used.
	# Values shown below are the normal defaults.
	d-i apt-setup/services-select multiselect security, updates
	d-i apt-setup/security_host string security.debian.org


	### Package selection
	tasksel tasksel/first multiselect standard, ssh-server

	## Individual additional packages to install
	# TODO: Install openssh-server & sudo extra packages
	d-i pkgsel/include string openssh-server build-essential sudo
	# Whether to upgrade packages after debootstrap.
	# Allowed values: none, safe-upgrade, full-upgrade
	# TODO: Full upgrade all packages ??
	#d-i pkgsel/upgrade select full-upgrade


	### Boot loader installation

	## TODO: Install grub on /dev/[sda\|vda]
	d-i grub-installer/only_debian boolean true
	d-i grub-installer/with_other_os boolean true
	d-i grub-installer/bootdev string /dev/vda
	d-i finish-install/reboot_in_progress note


	## TODO: Consult the official example preseed file for more info on
	## bootloader installation: https://www.debian.org/releases/jessie/example-preseed.txt


	#### Advanced options
	### Running custom commands during the installation

	# This command is run just before the install finishes, but when there is
	# still a usable /target directory. You can chroot to /target and use it
	# directly, or use the apt-install and in-target commands to easily install
	# packages and run commands in the target system.
	#d-i preseed/late_command string apt-install zsh; in-target chsh -s /bin/zsh

	# ILRI-HPC: add provisioning user to sudoers
	# NOTE: prefix your paths with /target/
	#d-i preseed/late_command string apt-install zsh; in-target chsh -s /bin/zsh
	#d-i preseed/late_command string in-target update-alternatives --set editor /usr/bin/vim.tiny;echo "provisioning ALL=(ALL) ALL" > /target/etc/sudoers.d/provisioning;sync