fix: preseed

2024-05-08 20:27:09 +02:00 · 2024-05-08 20:27:09 +02:00 · dfece0cb83
commit dfece0cb83
parent 71d6b22b81
3 changed files with 83 additions and 196 deletions
--- a/autoinstall/preseed.cfg
+++ b/autoinstall/preseed.cfg
@ -1,7 +1,8 @@
 #_preseed_V1
-#### Contents of the preconfiguration file (for booksworm)
+#### Contents of the preconfiguration file (for bookworm)
 ### Localization
 # Preseeding only locale sets language, country and locale.
-#d-i debian-installer/locale string en_US.UTF-8
+d-i debian-installer/locale string en_US.UTF-8
 # The values can also be preseeded individually for greater flexibility.
 d-i debian-installer/language string en
@ -9,13 +10,12 @@ d-i debian-installer/country string FR
 d-i debian-installer/locale string en_US.UTF-8
 # Optionally specify additional locales to be generated.
 d-i localechooser/supported-locales multiselect en_US.UTF-8, fr_FR.UTF-8
 #d-i debian-installer/fallbacklocale select fr_FR.UTF-8
 #d-i debian-installer/locale select en_US.UTF-8
 # Keyboard selection.
 d-i keyboard-configuration/xkb-keymap select fr
 d-i console-keymaps-at/keymap select fr-latin9
 d-i debian-installer/keymap string fr-latin9
 # d-i keyboard-configuration/toggle select No toggling
 ### Network configuration
 # Disable network configuration entirely. This is useful for cdrom
@ -27,13 +27,16 @@ d-i debian-installer/keymap string fr-latin9
 # skip displaying a list if there is more than one interface.
 d-i netcfg/choose_interface select auto
 # To pick a particular interface instead:
 #d-i netcfg/choose_interface select eth1
 # To set a different link detection timeout (default is 3 seconds).
 # Values are interpreted as seconds.
-d-i netcfg/link_wait_timeout string 5
+#d-i netcfg/link_wait_timeout string 10
 # If you have a slow dhcp server and the installer times out waiting for
 # it, this might be useful.
-d-i netcfg/dhcp_timeout string 60
+#d-i netcfg/dhcp_timeout string 60
 #d-i netcfg/dhcpv6_timeout string 60
 # Automatic network configuration is the default.
@ -86,7 +89,7 @@ d-i netcfg/wireless_wep string
 # If non-free firmware is needed for the network or other hardware, you can
 # configure the installer to always try to load it, without prompting. Or
 # change to false to disable asking.
-d-i hw-detect/load_firmware boolean false
+d-i hw-detect/load_firmware boolean true
 ### Network console
 # Use the following settings if you wish to make use of the network-console
@ -102,7 +105,7 @@ d-i hw-detect/load_firmware boolean false
 # If you select ftp, the mirror/country string does not need to be set.
 # Default value for the mirror protocol: http.
 #d-i mirror/protocol string ftp
-d-i mirror/country string FR
+d-i mirror/country string manual
 d-i mirror/http/hostname string deb.debian.org
 d-i mirror/http/directory string /debian
 d-i mirror/http/proxy string
@ -115,24 +118,21 @@ d-i mirror/http/proxy string
 ### Account setup
 # Skip creation of a root account (normal user account will be able to
 # use sudo).
-d-i passwd/root-login boolean true
+d-i passwd/root-login boolean false
 # Alternatively, to skip creation of a normal user account.
-d-i passwd/make-user boolean false
+#d-i passwd/make-user boolean true
 # Root password, either in clear text
-d-i passwd/root-password password packer
+#d-i passwd/root-password password packer
-d-i passwd/root-password-again password packer
+#d-i passwd/root-password-again password packer
 # or encrypted using a crypt(3)  hash.
 #d-i passwd/root-password-crypted password [$6$vnNlrAnstgaHYy3U$G2cn0/JQ.U1ssiugJNT4HAbFoOdlduSigYF7wP8DdpJin6W9ddbbjJXPSAU98.8jLn18wSfDNkBqesxdz6pm50]
 # To create a normal user account.
-#d-i passwd/user-fullname string packer
+d-i passwd/user-fullname string debian
-#d-i passwd/username string packer
+d-i passwd/username string debian
-# Normal user's password, either in clear text
+# mkpasswd -m sha-512 -S $(pwgen -ns 16 1) <password>
-#d-i passwd/user-password password packer
+d-i passwd/user-password-crypted password $6$s8qqFert3xhUgBMk$gkMUohcpWbWGqGzRTuPsJnpE4f3DYT5sCPY/f6JTAO/NKRqL04ES91PddS3At3FSj2YCzkJf1WYR0wGtSXTFf1
 #d-i passwd/user-password-again password packer
 # or encrypted using a crypt(3) hash.
 #d-i passwd/user-password-crypted password [$6$vnNlrAnstgaHYy3U$G2cn0/JQ.U1ssiugJNT4HAbFoOdlduSigYF7wP8DdpJin6W9ddbbjJXPSAU98.8jLn18wSfDNkBqesxdz6pm50]
 # Create the first user with the specified UID instead of the default.
 #d-i passwd/user-uid string 1010
@ -327,8 +327,8 @@ d-i apt-setup/cdrom/set-first boolean false
 # You can choose to install non-free firmware.
 #d-i apt-setup/non-free-firmware boolean true
 # You can choose to install non-free and contrib software.
-#d-i apt-setup/non-free boolean true
+d-i apt-setup/non-free boolean true
-#d-i apt-setup/contrib boolean true
+d-i apt-setup/contrib boolean true
 # Uncomment the following line, if you don't want to have the sources.list
 # entry for a DVD/BD installation image active in the installed system
 # (entries for netinst or CD images will be disabled anyway, regardless of
@ -366,6 +366,7 @@ d-i apt-setup/security_host string security.debian.org
 # Uncomment this to add multiarch configuration for i386
 #d-i apt-setup/multiarch string i386
 ### Package selection
 tasksel tasksel/first multiselect standard, ssh-server
@ -374,7 +375,7 @@ tasksel tasksel/first multiselect standard, ssh-server
 #d-i pkgsel/run_tasksel boolean false
 # Individual additional packages to install
-d-i pkgsel/include string ca-certificates cloud-init qemu-guest-agent sudo
+d-i pkgsel/include string ca-certificates cloud-init qemu-guest-agent sudo unattended-upgrades
 # Whether to upgrade packages after debootstrap.
 # Allowed values: none, safe-upgrade, full-upgrade
 d-i pkgsel/upgrade select safe-upgrade
@ -450,6 +451,7 @@ d-i cdrom-detect/eject boolean true
 #   debconf-get-selections --installer > file
 #   debconf-get-selections >> file
 #### Advanced options
 ### Running custom commands during the installation
 # d-i preseeding is inherently not secure. Nothing in the installer checks
@ -472,4 +474,13 @@ d-i cdrom-detect/eject boolean true
 # directly, or use the apt-install and in-target commands to easily install
 # packages and run commands in the target system.
 #d-i preseed/late_command string
-d-i preseed/late_command string in-target sed -e 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' -i /etc/ssh/sshd_config
+d-i preseed/late_command string \
    in-target sed -e 's/#PermitRootLogin prohibit-password/PermitRootLogin no/' -i /etc/ssh/sshd_config; \
    in-target sed -e 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/' -i /etc/ssh/sshd_config; \
    in-target sed -e 's/#PasswordAuthentication yes/PasswordAuthentication no/' -i /etc/ssh/sshd_config; \
    in-target sed -e 's/UsePAM yes/UsePAM no/' -i /etc/ssh/sshd_config; \
    in-target mkdir -p /home/debian/.ssh; \
    in-target /bin/sh -c "echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIERv00qRw1zq3dHoiRF1iOeXSREo4vhTwOGZYwKt5+3h worldtocraft@gmail.com' >> /home/debian/.ssh/authorized_keys"; \
    in-target chown -R debian:debian /home/debian/.ssh/; \
    in-target chmod 644 /home/debian/.ssh/authorized_keys; \
    in-target chmod 700 /home/debian/.ssh/
--- a/build.sh
+++ b/build.sh
--- a/debian12.pkr.hcl
+++ b/debian12.pkr.hcl
@ -7,55 +7,6 @@ packer {
  }
 }
 variable "bios_type" {
  type = string
 }
 variable "boot_command" {
  type = string
 }
 variable "boot_wait" {
  type = string
 }
 variable "bridge_firewall" {
  type    = bool
  default = false
 }
 variable "bridge_name" {
  type = string
 }
 variable "cloud_init" {
  type = bool
 }
 variable "iso_file" {
  type = string
 }
 variable "iso_storage_pool" {
  type    = string
  default = "local"
 }
 variable "machine_default_type" {
  type    = string
  default = "pc"
 }
 variable "network_model" {
  type    = string
  default = "virtio"
 }
 variable "os_type" {
  type    = string
  default = "l26"
 }
 variable "proxmox_api_token_id" {
  type = string
 }
@ -73,153 +24,78 @@ variable "proxmox_node" {
  type = string
 }
 variable "qemu_agent_activation" {
  type    = bool
  default = true
 }
 variable "scsi_controller_type" {
  type = string
 }
 variable "ssh_timeout" {
  type = string
 }
 variable "tags" {
  type = string
 }
 variable "io_thread" {
  type = bool
 }
 variable "cpu_type" {
  type    = string
  default = "x86-64-v3"
 }
 variable "vm_info" {
  type = string
 }
 variable "disk_discard" {
  type    = bool
  default = true
 }
 variable "disk_format" {
  type    = string
  default = "qcow2"
 }
 variable "disk_size" {
  type    = string
  default = "16G"
 }
 variable "disk_type" {
  type    = string
  default = "scsi"
 }
 variable "nb_core" {
  type    = number
  default = 1
 }
 variable "nb_cpu" {
  type    = number
  default = 1
 }
 variable "nb_ram" {
  type    = number
  default = 1024
 }
 variable "ssh_username" {
  type = string
 }
 variable "ssh_password" {
  type = string
 }
 variable "ssh_handshake_attempts" {
  type = number
 }
 variable "storage_pool" {
  type    = string
  default = "local-zfs"
 }
 variable "vm_id" {
  type    = number
  default = 99999
 }
 variable "vm_name" {
  type = string
 }
 locals {
  packer_timestamp = formatdate("YYYYMMDD-hhmm", timestamp())
  storage_pool = "local-zfs"
  vm_name = "pckr-deb12"
 }
 source "proxmox-iso" "debian12" {
-  bios                     = "${var.bios_type}"
+  bios                     = "ovmf"
-  boot_command             = ["${var.boot_command}"]
+  boot_command             = [
-  boot_wait                = "${var.boot_wait}"
+    "<wait><wait><wait>c<wait><wait><wait>",
-  cloud_init               = "${var.cloud_init}"
+    "linux /install.amd/vmlinuz ",
-  cloud_init_storage_pool  = "${var.storage_pool}"
+    "auto=true ",
    "url=https://git.cloud.arnaud-pc.fr/ministicraft/packer-ministack/raw/branch/master/autoinstall/preseed.cfg ",
    "hostname=${local.vm_name} ",
    "domain=arnaud-pc.local ",
    "interface=auto ",
    "vga=788 noprompt quiet --<enter>",
    "initrd /install.amd/initrd.gz<enter>",
    "boot<enter>"
  ]
  boot_wait                = "10s"
  cloud_init               = true
  cloud_init_storage_pool  = local.storage_pool
  communicator             = "ssh"
-  cores                    = "${var.nb_core}"
+  cores                    = 1
-  cpu_type                 = "${var.cpu_type}"
+  cpu_type                 = "x86-64-v3"
  http_directory           = "autoinstall"
  insecure_skip_tls_verify = true
-  iso_file                 = "${var.iso_file}"
+  iso_checksum             = "sha512:33c08e56c83d13007e4a5511b9bf2c4926c4aa12fd5dd56d493c0653aecbab380988c5bf1671dbaea75c582827797d98c4a611f7fb2b131fbde2c677d5258ec9"
-  machine                  = "${var.machine_default_type}"
+  iso_url                  = "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.5.0-amd64-netinst.iso"
-  memory                   = "${var.nb_ram}"
+  iso_storage_pool         = "local"
-  node                     = "${var.proxmox_node}"
+  iso_download_pve         = true
-  os                       = "${var.os_type}"
+  machine                  = "q35"
  memory                   = 2048
  node                     = "pve3"
  os                       = "l26"
  proxmox_url              = "${var.proxmox_api_url}"
-  qemu_agent               = "${var.qemu_agent_activation}"
+  qemu_agent               = true
-  scsi_controller          = "${var.scsi_controller_type}"
+  scsi_controller          = "virtio-scsi-pci"
-  sockets                  = "${var.nb_cpu}"
+  sockets                  = 1
-  ssh_handshake_attempts   = "${var.ssh_handshake_attempts}"
+  ssh_handshake_attempts   = 6
  ssh_pty                  = true
-  ssh_timeout              = "${var.ssh_timeout}"
+  ssh_timeout              = "10m"
-  ssh_username             = "${var.ssh_username}"
+  ssh_username             = "debian"
-  ssh_password             = "${var.ssh_password}"
+  ssh_private_key_file     = "/home/ministicraft/.ssh/id_ed25519"
-  tags                     = "${var.tags}"
+  tags                     = "debian-12;template"
-  template_description     = "${var.vm_info} - ${local.packer_timestamp}"
+  template_description     = "Debian 12 Packer Template - ${local.packer_timestamp}"
  token                    = "${var.proxmox_api_token_secret}"
  unmount_iso              = true
  username                 = "${var.proxmox_api_token_id}"
-  vm_id                    = "${var.vm_id}"
+  vm_id                    = 99998
-  vm_name                  = "${var.vm_name}"
+  vm_name                  = local.vm_name
  efi_config {
-    efi_storage_pool  = "${var.storage_pool}"
+    efi_storage_pool  = "${local.storage_pool}"
    pre_enrolled_keys = false
    efi_type          = "4m"
  }
  disks {
-    discard      = "${var.disk_discard}"
+    discard      = true
-    disk_size    = "${var.disk_size}"
+    disk_size    = "12G"
-    format       = "${var.disk_format}"
+    format       = "raw"
-    io_thread    = "${var.io_thread}"
+    io_thread    = false
-    storage_pool = "${var.storage_pool}"
+    storage_pool = "${local.storage_pool}"
-    type         = "${var.disk_type}"
+    type         = "scsi"
  }
  network_adapters {
-    bridge   = "${var.bridge_name}"
+    bridge   = "vmbr0"
-    firewall = "${var.bridge_firewall}"
+    firewall = false
-    model    = "${var.network_model}"
+    model    = "virtio"
  }
 }