KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
af03f2febad27a3655ca627baee08f065ffe7629
football/config/includes.installer/preseed.cfg
Charles N Wyble af03f2feba fix: restore user-mode libvirt (no sudo) and fix preseed partitioning 
Two critical fixes in this commit:

1. VM Creation Regression (13139f2):
   - Restored qemu:///session (user mode) from qemu:///system (root mode)
   - Changed storage paths from /var/lib/libvirt/images to ~/.local/share/libvirt/images
   - Removed all sudo calls from vm_create and vm_destroy functions
   - Updated test to expect session URI

2. Preseed Partitioning Fix:
   - Added GPT partition table directives
   - Added LVM confirmation settings
   - Fixed EFI partition syntax per Debian official example
   - Fixed /boot max size from 512 to 1024
   - KEY FIX: Added 'partman-auto/choose_recipe select efi-boot-root'

Additional changes:
- Added LICENSE file (GNU AGPL v3.0 only)
- Updated AGENTS.md to enforce auto-commit/push behavior

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
2026-02-20 10:10:06 -05:00

169 lines
6.2 KiB
INI
Raw Blame History

# Localization - suppress all locale questions
d-i debian-installer/locale string en_US.UTF-8
d-i debian-installer/supported_locales multiselect en_US.UTF-8
d-i console-setup/ask_detect boolean false
d-i console-setup/layoutcode string us
d-i console-setup/variantcode string
# Keyboard
d-i keyboard-configuration/xkb-keymap select us
d-i keyboard-configuration/toggle select No toggling
# Set debconf priority to high (allows user password prompts)
# Using 'critical' suppresses the non-root user password prompt
d-i debconf/priority select high
# Network configuration
d-i netcfg/choose_interface select auto
d-i netcfg/disable_autoconfig boolean false
d-i netcfg/get_hostname string knel-football
d-i netcfg/get_domain string knel.net
d-i netcfg/hostname string knel-football
# Mirror configuration
d-i mirror/country string manual
d-i mirror/http/hostname string deb.debian.org
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string
# Clock and time zone setup
d-i time/zone string US/Chicago
d-i clock-setup/utc boolean true
d-i clock-setup/ntp boolean true
# User setup
# SECURITY: Passwords are prompted during installation, not hardcoded
# This ensures each installation has unique credentials
d-i passwd/user-fullname string football user
d-i passwd/username string football
# Force password prompt during installation
d-i passwd/user-password-crypted string !
d-i passwd/root-password-crypted string !
d-i passwd/root-login boolean true
# Password quality enforcement (MANDATORY for tier0 security)
d-i passwd/make-user boolean true
d-i passwd/user-default-groups string audio,video,plugdev,input,cdrom,floppy
# PAM password quality configuration (enforced in installed system)
# This will be configured in post-installation hooks
# Partitioning (LUKS full disk encryption - MANDATORY)
# For UEFI systems, we need: EFI System Partition, /boot, encrypted LUKS+LVM
# Force GPT partition table for UEFI
d-i partman-partitioning/choose_label select gpt
d-i partman-partitioning/default_label string gpt
d-i partman-auto/disk string /dev/sda
d-i partman-auto/method string crypto
# LVM configuration
d-i partman-auto-lvm/device_remove_lvs boolean true
d-i partman-auto-lvm/device_remove_lvs_span boolean true
d-i partman-auto-lvm/guided_size string max
d-i partman-auto-lvm/new_vg_name string knel_vg
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
# Expert recipe for UEFI + encrypted LVM
# Structure: ESP (EFI) -> /boot -> LUKS encrypted container -> LVM VG -> root + swap
d-i partman-auto/expert_recipe string \
efi-boot-root :: \
538 538 1075 free \
$iflabel{ gpt } \
$reusemethod{ } \
method{ efi } format{ } \
. \
512 1024 1024 ext4 \
$primary{ } $bootable{ } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /boot } \
. \
10000 20000 -1 ext4 \
$lvmok{ } \
in_vg{ knel_vg } \
lv_name{ root } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ / } \
. \
1024 200% 8192 linux-swap \
$lvmok{ } \
in_vg{ knel_vg } \
lv_name{ swap } \
method{ swap } format{ } \
.
# Select our custom recipe
d-i partman-auto/choose_recipe select efi-boot-root
# LUKS encryption configuration (AES-XTS, 256-bit key)
# NOTE: Passphrase will be prompted during installation
# REQUIREMENTS: 14+ characters, mix of upper/lower/digits/special
# This passphrase unlocks the encrypted disk at boot time
d-i partman-crypto/erase_disks boolean true
d-i partman-crypto/erase_disks_secure boolean true
# LUKS cipher selection
d-i partman-crypto/cipher aes-xts-plain64
d-i partman-crypto/keysize 512
d-i partman-crypto/lvm boolean true
# LUKS2 format (modern, more secure)
d-i partman-crypto/use-luks2 boolean true
# Confirm partitioning
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
# Package selection
tasksel tasksel/first multiselect standard
d-i pkgsel/include string \
icewm \
lightdm \
remmina \
wireguard \
wireguard-tools \
mousepad \
zbar-tools \
nftables \
openssh-client \
cryptsetup \
cryptsetup-initramfs \
busybox \
dmsetup \
libpam-pwquality
# Boot loader configuration
d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean false
d-i grub-installer/bootdev string default
d-i grub-installer/force-efi-extra-removable boolean true
# Popularity contest - do not participate
popularity-contest popularity-contest/participate boolean false
# Security configuration
d-i security/updates select none
d-i passwd/shadow boolean true
# Finish
d-i finish-install/reboot_in_progress note
d-i cdrom-detect/eject boolean false
# Skip additional prompts
d-i apt-setup/contrib boolean false
d-i apt-setup/non-free boolean false
d-i apt-setup/backports boolean false
d-i apt-setup/services-select multiselect
# Don't ask about kernel flavors
d-i base-installer/kernel/image select linux-image-amd64
# Don't ask about hostname confirmation
d-i netcfg/confirm_static boolean true
Reference in New Issue View Git Blame Copy Permalink