progress snapshot

config/preseed.cfg

@@ -29,7 +29,8 @@ d-i time/zone string UTC
 # User will be prompted for root password during install
 # Password complexity enforced during install via PAM
 
-# Partitioning (User selects disk, we handle the rest)
+# Partitioning - USER SELECTS DISK
+# Commented out to allow user to select disk during install
 
 # ============================================================================
 # Password Complexity Enforcement (During Install)
@@ -44,29 +45,33 @@ passwd/user-password-empty boolean false
 # Password complexity (enforced by PAM during install)
 # PAM will check against pwquality.conf during password entry
 # See config/security-config.sh for full pwquality requirements
-d-i partman-auto/method string lvm
-d-i partman-lvm/device_remove_lvm boolean true
-d-i partman-lvm/confirm boolean true
-d-i partman/choose_partition select finish
-d-i partman/confirm boolean true
-d-i partman/confirm_nooverwrite boolean true
+
+# Partitioning - USER WILL SELECT DISK
+# Commented out to allow disk selection during install
+# d-i partman-auto/method string lvm
+# d-i partman-lvm/device_remove_lvm boolean true
+# d-i partman-lvm/confirm boolean true
+# d-i partman/choose_partition select finish
+# d-i partman/confirm boolean true
+# d-i partman/confirm_nooverwrite boolean true
 
 # LVM setup
-d-i partman-auto-lvm/guided_size string max
+# d-i partman-auto-lvm/guided_size string max
 
 # Base system installation
 d-i base-installer/kernel/image string linux-image-amd64
 
-# Account setup (User will provide these)
-d-i passwd/user-fullname string Football User
-d-i passwd/username string user
-d-i passwd/user-password password changeme
-d-i passwd/user-password-again password changeme
-d-i passwd/root-password password changeme
-d-i passwd/root-password-again password changeme
+# Account setup - USER WILL PROVIDE THESE
+# Commented out to allow user to enter during install
+# d-i passwd/user-fullname string Football User
+# d-i passwd/username string user
+# d-i passwd/user-password password changeme
+# d-i passwd/user-password-again password changeme
+# d-i passwd/root-password password changeme
+# d-i passwd/root-password-again password changeme
 
 # User is not sudo by default - will be configured later
-d-i passwd/user-default-groups string audio,dialout,video
+# d-i passwd/user-default-groups string audio,dialout,video
 
 # Package selection - Minimal system
 tasksel tasksel/first multiselect standard
@@ -138,8 +143,6 @@ d-i finish-install/reboot_in_progress note
 d-i preseed/late_command string \
     in-target systemctl enable lightdm && \
     in-target systemctl set-default graphical.target && \
-    in-target chmod 755 /home/user && \
-    in-target chown -R user:user /home/user && \
     in-target systemctl mask ssh sshd 2>/dev/null || true && \
     in-target systemctl disable ssh sshd 2>/dev/null || true && \
     in-target systemctl mask bluetooth 2>/dev/null || true && \
@@ -147,14 +150,11 @@ d-i preseed/late_command string \
     in-target bash /tmp/disable-wifi-bt.sh && \
     in-target cp /cdrom/config/security-config.sh /tmp/ && \
     in-target bash /tmp/security-config.sh && \
+    in-target cp /cdrom/config/harden.sh /tmp/ && \
+    in-target bash /tmp/harden.sh && \
     in-target cp /cdrom/scripts/verify-system.sh /usr/local/bin/ && \
     in-target chmod +x /usr/local/bin/verify-system.sh && \
     in-target cp /cdrom/config/football-first-boot.service /etc/systemd/system/ && \
-    in-target mkdir -p /home/user/.config/autostart && \
-    in-target cp /usr/share/applications/remmina.desktop /home/user/.config/autostart/ && \
-    in-target chown -R user:user /home/user/.config && \
     in-target systemctl daemon-reload && \
     in-target systemctl enable football-first-boot.service && \
-    in-target rm -f /tmp/disable-wifi-bt.sh /tmp/security-config.sh
-
-# Security configuration will be applied post-install via harden.sh
+    in-target rm -f /tmp/disable-wifi-bt.sh /tmp/security-config.sh /tmp/harden.sh