#### Debian 12 Preseed Configuration #### # Automated installation for VM deployment ### Localization d-i debian-installer/language string en d-i debian-installer/country string US d-i debian-installer/locale string en_US.UTF-8 d-i keyboard-configuration/xkb-keymap select us ### Network configuration d-i netcfg/choose_interface select auto d-i netcfg/get_hostname string debian d-i netcfg/get_domain string localdomain d-i netcfg/wireless_wep string ### Mirror settings d-i mirror/country string manual d-i mirror/http/hostname string deb.debian.org d-i mirror/http/directory string /debian d-i mirror/http/proxy string ### Account setup d-i passwd/root-password-crypted password $6$6deeLJnt4iArwXPn$WPMPRSy6zcltolPn1B0UCo5imyeDQaNaMmcGt48rQ3gRBhZyzP4GILdit8Mg41CautJlqI4PK1DvoMMmkXqWg. d-i passwd/user-fullname string Ansible Service Account d-i passwd/username string ansible d-i passwd/user-password-crypted password $6$rounds=656000$randomsalt$iGqZpVKNEhJe4kGCCDVvjZOPx2B7F7KJi3rHlVJ4T0pQx8F7T0pQx8F7T0p d-i passwd/user-default-groups string sudo ### Clock and time zone d-i clock-setup/utc boolean true d-i time/zone string UTC d-i clock-setup/ntp boolean true ### Partitioning - LVM with clever layout for 16GB disk d-i partman-auto/disk string /dev/vda d-i partman-auto/method string lvm d-i partman-lvm/device_remove_lvm boolean true d-i partman-md/device_remove_md boolean true d-i partman-lvm/confirm boolean true d-i partman-lvm/confirm_nooverwrite boolean true # Custom LVM partitioning recipe d-i partman-auto/expert_recipe string \ boot-lvm :: \ 1024 1024 1024 ext4 \ $primary{ } $bootable{ } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /boot } \ . \ 14336 14336 14336 ext4 \ $primary{ } \ method{ lvm } \ vg_name{ vg_system } \ . \ 2048 2048 2048 ext4 \ $lvmok{ } in_vg{ vg_system } \ lv_name{ lv_root } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ / } \ . \ 1024 1024 1024 ext4 \ $lvmok{ } in_vg{ vg_system } \ lv_name{ lv_opt } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /opt } \ . \ 512 512 512 ext4 \ $lvmok{ } in_vg{ vg_system } \ lv_name{ lv_tmp } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /tmp } \ options/noexec{ noexec } \ options/nosuid{ nosuid } \ options/nodev{ nodev } \ . \ 1024 1024 1024 ext4 \ $lvmok{ } in_vg{ vg_system } \ lv_name{ lv_home } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /home } \ . \ 2048 2048 2048 ext4 \ $lvmok{ } in_vg{ vg_system } \ lv_name{ lv_var } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /var } \ . \ 1024 1024 1024 ext4 \ $lvmok{ } in_vg{ vg_system } \ lv_name{ lv_var_log } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /var/log } \ . \ 512 512 512 ext4 \ $lvmok{ } in_vg{ vg_system } \ lv_name{ lv_var_audit } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /var/log/audit } \ . \ 512 512 512 linux-swap \ $lvmok{ } in_vg{ vg_system } \ lv_name{ lv_swap } \ method{ swap } format{ } \ . d-i partman-partitioning/confirm_write_new_label boolean true d-i partman/choose_partition select finish d-i partman/confirm boolean true d-i partman/confirm_nooverwrite boolean true ### Base system installation d-i base-installer/kernel/image string linux-image-amd64 ### Package selection tasksel tasksel/first multiselect standard, ssh-server d-i pkgsel/include string sudo vim htop tmux curl wget rsync git python3 python3-pip jq bc aide auditd chrony ufw d-i pkgsel/upgrade select full-upgrade popularity-contest popularity-contest/participate boolean false ### Boot loader installation d-i grub-installer/only_debian boolean true d-i grub-installer/bootdev string /dev/vda ### Finishing up d-i finish-install/reboot_in_progress note ### Late commands - Configure ansible user d-i preseed/late_command string \ in-target mkdir -p /home/ansible/.ssh; \ in-target chmod 700 /home/ansible/.ssh; \ echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILBrnivsqjhAxWYeuuvnYc3neeRRuHsr2SjeKv+Drtpu user@debian" > /target/home/ansible/.ssh/authorized_keys; \ in-target chmod 600 /home/ansible/.ssh/authorized_keys; \ in-target chown -R ansible:ansible /home/ansible/.ssh; \ echo "ansible ALL=(ALL) NOPASSWD:ALL" >> /target/etc/sudoers.d/ansible; \ in-target chmod 440 /etc/sudoers.d/ansible; \ in-target systemctl enable ssh; \ echo "PermitRootLogin no" >> /target/etc/ssh/sshd_config; \ echo "PasswordAuthentication no" >> /target/etc/ssh/sshd_config; \ echo "PubkeyAuthentication yes" >> /target/etc/ssh/sshd_config