diff options
| author | clyhtsuriva <aimeric@adjutor.xyz> | 2025-01-31 22:50:59 +0100 | 
|---|---|---|
| committer | clyhtsuriva <aimeric@adjutor.xyz> | 2025-01-31 22:50:59 +0100 | 
| commit | 97f55e590c58a3f252497df23bcec97c9352ff06 (patch) | |
| tree | aa82dfa885504b038cf431e9a9663aba5f0b6fb1 /packer/debian-server-bookworm/http | |
| parent | fc38318929e79cb8cea9e6b7baca1690e30cba8d (diff) | |
packer: use lvm, optimize and harden debian template
Diffstat (limited to 'packer/debian-server-bookworm/http')
| -rw-r--r-- | packer/debian-server-bookworm/http/preseed.cfg | 19 | 
1 files changed, 15 insertions, 4 deletions
| diff --git a/packer/debian-server-bookworm/http/preseed.cfg b/packer/debian-server-bookworm/http/preseed.cfg index 887dfd4..e5dd8c6 100644 --- a/packer/debian-server-bookworm/http/preseed.cfg +++ b/packer/debian-server-bookworm/http/preseed.cfg @@ -30,8 +30,11 @@ d-i mirror/http/directory string /debian/  d-i mirror/http/proxy string  d-i apt-setup/use_mirror boolean true -### Partitioning (Use entire disk, no LVM, no swap) -d-i partman-auto/method string regular +### Partitioning (Use LVM, no swap) +d-i partman-auto/method string lvm +d-i partman-lvm/device_remove_lvm boolean true +d-i partman-lvm/confirm boolean true +d-i partman-auto-lvm/guided_size string max  d-i partman-auto/choose_recipe select atomic  d-i partman-partitioning/confirm_write_new_label boolean true  d-i partman/choose_partition select finish @@ -51,9 +54,9 @@ d-i user-setup/encrypt-home boolean false  tasksel tasksel/first multiselect standard, ssh-server  ### Install additional packages -d-i pkgsel/include string openssh-server qemu-guest-agent sudo neovim tmux cloud-init +d-i pkgsel/include string openssh-server qemu-guest-agent sudo cloud-init ufw -### SSH setup (Disable password authentication, allow only SSH key) +### Disable password authentication, allow only SSH key, clean up unnecessary packages, optimize and harden the system  d-i preseed/late_command string \      in-target mkdir -p /home/mas/.ssh && \      in-target chmod 700 /home/mas/.ssh && \ @@ -65,13 +68,21 @@ d-i preseed/late_command string \      in-target sed -i 's/^#\?PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config && \      in-target sed -i 's|^#\?AuthorizedKeysFile.*|AuthorizedKeysFile %h/.ssh/authorized_keys|' /etc/ssh/sshd_config && \      in-target sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config && \ +    in-targer sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config && \      in-target systemctl restart ssh && \ +    in-target apt-get purge -y snapd unattended-upgrades && \ +    in-target apt-get autoremove -y && \ +    in-target apt-get clean && \ +    in-target cloud-init clean --logs && \ +    in-target ufw allow ssh && \ +    in-target ufw enable && \      in-target sed -i '/^deb cdrom:/s/^/#/' /etc/apt/sources.list  ### Configure GRUB bootloader  d-i grub-installer/only_debian boolean true  d-i grub-installer/with_other_os boolean false  d-i grub-installer/bootdev string default +d-i grub-installer/timeout string 2  ### Disable popularity contest (privacy setting)  popularity-contest popularity-contest/participate boolean false | 
