diff options
Diffstat (limited to 'packer/debian-server-bookworm/http')
| -rw-r--r-- | packer/debian-server-bookworm/http/preseed.cfg | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/packer/debian-server-bookworm/http/preseed.cfg b/packer/debian-server-bookworm/http/preseed.cfg index 887dfd4..e5dd8c6 100644 --- a/packer/debian-server-bookworm/http/preseed.cfg +++ b/packer/debian-server-bookworm/http/preseed.cfg @@ -30,8 +30,11 @@ d-i mirror/http/directory string /debian/ d-i mirror/http/proxy string d-i apt-setup/use_mirror boolean true -### Partitioning (Use entire disk, no LVM, no swap) -d-i partman-auto/method string regular +### Partitioning (Use LVM, no swap) +d-i partman-auto/method string lvm +d-i partman-lvm/device_remove_lvm boolean true +d-i partman-lvm/confirm boolean true +d-i partman-auto-lvm/guided_size string max d-i partman-auto/choose_recipe select atomic d-i partman-partitioning/confirm_write_new_label boolean true d-i partman/choose_partition select finish @@ -51,9 +54,9 @@ d-i user-setup/encrypt-home boolean false tasksel tasksel/first multiselect standard, ssh-server ### Install additional packages -d-i pkgsel/include string openssh-server qemu-guest-agent sudo neovim tmux cloud-init +d-i pkgsel/include string openssh-server qemu-guest-agent sudo cloud-init ufw -### SSH setup (Disable password authentication, allow only SSH key) +### Disable password authentication, allow only SSH key, clean up unnecessary packages, optimize and harden the system d-i preseed/late_command string \ in-target mkdir -p /home/mas/.ssh && \ in-target chmod 700 /home/mas/.ssh && \ @@ -65,13 +68,21 @@ d-i preseed/late_command string \ in-target sed -i 's/^#\?PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config && \ in-target sed -i 's|^#\?AuthorizedKeysFile.*|AuthorizedKeysFile %h/.ssh/authorized_keys|' /etc/ssh/sshd_config && \ in-target sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config && \ + in-targer sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config && \ in-target systemctl restart ssh && \ + in-target apt-get purge -y snapd unattended-upgrades && \ + in-target apt-get autoremove -y && \ + in-target apt-get clean && \ + in-target cloud-init clean --logs && \ + in-target ufw allow ssh && \ + in-target ufw enable && \ in-target sed -i '/^deb cdrom:/s/^/#/' /etc/apt/sources.list ### Configure GRUB bootloader d-i grub-installer/only_debian boolean true d-i grub-installer/with_other_os boolean false d-i grub-installer/bootdev string default +d-i grub-installer/timeout string 2 ### Disable popularity contest (privacy setting) popularity-contest popularity-contest/participate boolean false |