blob: e5dd8c6225bb50e2a07a942c4eea023f2a556022 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
### Debian Preseed File for Unattended Installation
### Enable automatic installation
d-i auto-install/enable boolean true
### Set language, country, and locale
d-i debian-installer/language string en
d-i debian-installer/country string US
d-i debian-installer/locale string en_US.UTF-8
### Console and keyboard configuration
d-i console-setup/ask_detect boolean false
d-i debconf/frontend select noninteractive
d-i keyboard-configuration/xkb-keymap select us
d-i keymap select us
### Network configuration
d-i netcfg/choose_interface select auto
#d-i netcfg/get_hostname string debian
d-i netcfg/get_domain string local
### Set time zone and clock settings
d-i clock-setup/utc boolean true
d-i time/zone string UTC
### Configure package mirrors
d-i mirror/country string FR
d-i mirror/http/hostname string httpredir.debian.org
d-i mirror/http/directory string /debian/
d-i mirror/http/proxy string
d-i apt-setup/use_mirror boolean true
### Partitioning (Use LVM, no swap)
d-i partman-auto/method string lvm
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-lvm/confirm boolean true
d-i partman-auto-lvm/guided_size string max
d-i partman-auto/choose_recipe select atomic
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
d-i partman-basicfilesystems/no_swap boolean true
### User setup (Create user "mas", disable root login)
d-i passwd/user-fullname string mas
d-i passwd/username string mas
d-i passwd/user-password-crypted password !
d-i passwd/root-login boolean false
d-i user-setup/allow-password-weak boolean true
d-i user-setup/encrypt-home boolean false
### Select base installation packages
tasksel tasksel/first multiselect standard, ssh-server
### Install additional packages
d-i pkgsel/include string openssh-server qemu-guest-agent sudo cloud-init ufw
### Disable password authentication, allow only SSH key, clean up unnecessary packages, optimize and harden the system
d-i preseed/late_command string \
in-target mkdir -p /home/mas/.ssh && \
in-target chmod 700 /home/mas/.ssh && \
in-target /bin/sh -c "echo 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCtB9NZgJMVovVR4foT0OOV9GdHeHZoPtK1TGko2W4wli/reKjpUYBhlSPWbaWD9WUbl0RRqdzkODy1fB001zxs= mas@TMV2' >> /home/mas/.ssh/authorized_keys" && \
in-target chmod 600 /home/mas/.ssh/authorized_keys && \
in-target chown -R mas:mas /home/mas/.ssh && \
in-target usermod -aG sudo mas && \
in-target sed -i '/^%sudo/c\%sudo ALL=(ALL:ALL) NOPASSWD:ALL' /etc/sudoers && \
in-target sed -i 's/^#\?PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config && \
in-target sed -i 's|^#\?AuthorizedKeysFile.*|AuthorizedKeysFile %h/.ssh/authorized_keys|' /etc/ssh/sshd_config && \
in-target sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config && \
in-targer sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config && \
in-target systemctl restart ssh && \
in-target apt-get purge -y snapd unattended-upgrades && \
in-target apt-get autoremove -y && \
in-target apt-get clean && \
in-target cloud-init clean --logs && \
in-target ufw allow ssh && \
in-target ufw enable && \
in-target sed -i '/^deb cdrom:/s/^/#/' /etc/apt/sources.list
### Configure GRUB bootloader
d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean false
d-i grub-installer/bootdev string default
d-i grub-installer/timeout string 2
### Disable popularity contest (privacy setting)
popularity-contest popularity-contest/participate boolean false
### Automatically reboot after installation completes
d-i finish-install/reboot_in_progress note
|
