### Debian Preseed File for Unattended Installation ### Enable automatic installation d-i auto-install/enable boolean true ### Set language, country, and locale d-i debian-installer/language string en d-i debian-installer/country string US d-i debian-installer/locale string en_US.UTF-8 ### Console and keyboard configuration d-i console-setup/ask_detect boolean false d-i debconf/frontend select noninteractive d-i keyboard-configuration/xkb-keymap select us d-i keymap select us ### Network configuration d-i netcfg/choose_interface select auto #d-i netcfg/get_hostname string debian d-i netcfg/get_domain string local ### Set time zone and clock settings d-i clock-setup/utc boolean true d-i time/zone string UTC ### Configure package mirrors d-i mirror/country string FR d-i mirror/http/hostname string httpredir.debian.org d-i mirror/http/directory string /debian/ d-i mirror/http/proxy string d-i apt-setup/use_mirror boolean true ### Partitioning (Use LVM, no swap) d-i partman-auto/method string lvm d-i partman-lvm/device_remove_lvm boolean true d-i partman-lvm/confirm boolean true d-i partman-lvm/confirm_nooverwrite boolean true d-i partman-auto-lvm/guided_size string max d-i partman-auto/choose_recipe select atomic d-i partman-partitioning/confirm_write_new_label boolean true d-i partman/choose_partition select finish d-i partman/confirm boolean true d-i partman/confirm_nooverwrite boolean true d-i partman-basicfilesystems/no_swap boolean true ### User setup (Create user "mas", disable root login) d-i passwd/user-fullname string mas d-i passwd/username string mas d-i passwd/user-password-crypted password ! d-i passwd/root-login boolean false d-i user-setup/allow-password-weak boolean true d-i user-setup/encrypt-home boolean false ### Select base installation packages tasksel tasksel/first multiselect standard, ssh-server ### Install additional packages d-i pkgsel/include string openssh-server qemu-guest-agent sudo cloud-init ufw ### Disable password authentication, allow only SSH key, clean up unnecessary packages, optimize and harden the system d-i preseed/late_command string \ in-target mkdir -p /home/mas/.ssh && \ in-target chmod 700 /home/mas/.ssh && \ in-target /bin/sh -c "echo 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCtB9NZgJMVovVR4foT0OOV9GdHeHZoPtK1TGko2W4wli/reKjpUYBhlSPWbaWD9WUbl0RRqdzkODy1fB001zxs= mas@TMV2' >> /home/mas/.ssh/authorized_keys" && \ in-target chmod 600 /home/mas/.ssh/authorized_keys && \ in-target chown -R mas:mas /home/mas/.ssh && \ in-target usermod -aG sudo mas && \ in-target sed -i '/^%sudo/c\%sudo ALL=(ALL:ALL) NOPASSWD:ALL' /etc/sudoers && \ in-target sed -i 's/^#\?PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config && \ in-target sed -i 's|^#\?AuthorizedKeysFile.*|AuthorizedKeysFile %h/.ssh/authorized_keys|' /etc/ssh/sshd_config && \ in-target sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config && \ in-target sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config && \ in-target systemctl restart ssh && \ in-target apt-get purge -y snapd unattended-upgrades && \ in-target apt-get autoremove -y && \ in-target apt-get clean && \ in-target cloud-init clean --logs && \ in-target sed -i '/^deb cdrom:/s/^/#/' /etc/apt/sources.list ### Configure GRUB bootloader d-i grub-installer/only_debian boolean true d-i grub-installer/with_other_os boolean false d-i grub-installer/bootdev string default d-i grub-installer/timeout string 2 ### Disable popularity contest (privacy setting) popularity-contest popularity-contest/participate boolean false ### Automatically reboot after installation completes d-i finish-install/reboot_in_progress note