ansible/infra-automation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
df628983d1987c8a46d6e862455ea1d1531ad20f
infra-automation/preseed-debian.cfg
ansible 455133c600 Initial commit: Ansible infrastructure automation 
- Add comprehensive Ansible guidelines and best practices (CLAUDE.md)
- Add infrastructure inventory documentation
- Add VM deployment playbooks and configurations
- Add dynamic inventory plugins (libvirt_kvm, ssh_config)
- Add cloud-init and preseed configurations for automated deployments
- Add security-first configuration templates
- Add role and setup documentation

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-10 23:02:32 +01:00

148 lines
7.4 KiB
INI
Raw Blame History

#### Debian 12 Preseed Configuration ####
# Automated installation for VM deployment
### Localization
d-i debian-installer/language string en
d-i debian-installer/country string US
d-i debian-installer/locale string en_US.UTF-8
d-i keyboard-configuration/xkb-keymap select us
### Network configuration
d-i netcfg/choose_interface select auto
d-i netcfg/get_hostname string debian
d-i netcfg/get_domain string localdomain
d-i netcfg/wireless_wep string
### Mirror settings
d-i mirror/country string manual
d-i mirror/http/hostname string deb.debian.org
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string
### Account setup
d-i passwd/root-password-crypted password $6$6deeLJnt4iArwXPn$WPMPRSy6zcltolPn1B0UCo5imyeDQaNaMmcGt48rQ3gRBhZyzP4GILdit8Mg41CautJlqI4PK1DvoMMmkXqWg.
d-i passwd/user-fullname string Ansible Service Account
d-i passwd/username string ansible
d-i passwd/user-password-crypted password $6$rounds=656000$randomsalt$iGqZpVKNEhJe4kGCCDVvjZOPx2B7F7KJi3rHlVJ4T0pQx8F7T0pQx8F7T0p
d-i passwd/user-default-groups string sudo
### Clock and time zone
d-i clock-setup/utc boolean true
d-i time/zone string UTC
d-i clock-setup/ntp boolean true
### Partitioning - LVM with clever layout for 16GB disk
d-i partman-auto/disk string /dev/vda
d-i partman-auto/method string lvm
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-md/device_remove_md boolean true
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
# Custom LVM partitioning recipe
d-i partman-auto/expert_recipe string \
boot-lvm :: \
1024 1024 1024 ext4 \
$primary{ } $bootable{ } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /boot } \
. \
14336 14336 14336 ext4 \
$primary{ } \
method{ lvm } \
vg_name{ vg_system } \
. \
2048 2048 2048 ext4 \
$lvmok{ } in_vg{ vg_system } \
lv_name{ lv_root } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ / } \
. \
1024 1024 1024 ext4 \
$lvmok{ } in_vg{ vg_system } \
lv_name{ lv_opt } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /opt } \
. \
512 512 512 ext4 \
$lvmok{ } in_vg{ vg_system } \
lv_name{ lv_tmp } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /tmp } \
options/noexec{ noexec } \
options/nosuid{ nosuid } \
options/nodev{ nodev } \
. \
1024 1024 1024 ext4 \
$lvmok{ } in_vg{ vg_system } \
lv_name{ lv_home } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /home } \
. \
2048 2048 2048 ext4 \
$lvmok{ } in_vg{ vg_system } \
lv_name{ lv_var } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /var } \
. \
1024 1024 1024 ext4 \
$lvmok{ } in_vg{ vg_system } \
lv_name{ lv_var_log } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /var/log } \
. \
512 512 512 ext4 \
$lvmok{ } in_vg{ vg_system } \
lv_name{ lv_var_audit } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /var/log/audit } \
. \
512 512 512 linux-swap \
$lvmok{ } in_vg{ vg_system } \
lv_name{ lv_swap } \
method{ swap } format{ } \
.
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
### Base system installation
d-i base-installer/kernel/image string linux-image-amd64
### Package selection
tasksel tasksel/first multiselect standard, ssh-server
d-i pkgsel/include string sudo vim htop tmux curl wget rsync git python3 python3-pip jq bc aide auditd chrony ufw
d-i pkgsel/upgrade select full-upgrade
popularity-contest popularity-contest/participate boolean false
### Boot loader installation
d-i grub-installer/only_debian boolean true
d-i grub-installer/bootdev string /dev/vda
### Finishing up
d-i finish-install/reboot_in_progress note
### Late commands - Configure ansible user
d-i preseed/late_command string \
in-target mkdir -p /home/ansible/.ssh; \
in-target chmod 700 /home/ansible/.ssh; \
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILBrnivsqjhAxWYeuuvnYc3neeRRuHsr2SjeKv+Drtpu user@debian" > /target/home/ansible/.ssh/authorized_keys; \
in-target chmod 600 /home/ansible/.ssh/authorized_keys; \
in-target chown -R ansible:ansible /home/ansible/.ssh; \
echo "ansible ALL=(ALL) NOPASSWD:ALL" >> /target/etc/sudoers.d/ansible; \
in-target chmod 440 /etc/sudoers.d/ansible; \
in-target systemctl enable ssh; \
echo "PermitRootLogin no" >> /target/etc/ssh/sshd_config; \
echo "PasswordAuthentication no" >> /target/etc/ssh/sshd_config; \
echo "PubkeyAuthentication yes" >> /target/etc/ssh/sshd_config
Reference in New Issue View Git Blame Copy Permalink