# #Kickstart template for Ubuntu #Platform: x86-64 # # Customized for Server 18.04 minimal vm install # # See README.mkd for usage # Load the minimal server preseed off cdrom preseed preseed/file string /cdrom/preseed/ubuntu-server-minimalvm.seed # OPTIONAL: Change hostname from default 'preseed' # If your DHCP hands out a hostname that will take precedence over this # see: https://bugs.launchpad.net/ubuntu/+source/preseed/+bug/1452202 #preseed netcfg/hostname string minimal-vm # Use local proxy # Setup a server with apt-cacher-ng and enter that hostname here #preseed mirror/http/proxy string http://my-local-cache:3142/ #System language lang en_US #Language modules to install langsupport en_US #System keyboard keyboard us #System mouse mouse #System timezone timezone America/New_York #Root password rootpw --disabled #Initial user (user with sudo capabilities) user ubuntu --fullname "Ubuntu" --password ChangeMe #Reboot after installation reboot #Use text mode install text #Install OS instead of upgrade install #Installation media cdrom #Change console size to 1024x768x24 preseed debian-installer/add-kernel-opts string "vga=792" #System bootloader configuration bootloader --location=mbr #Clear the Master Boot Record zerombr yes #Partition clearing information # `--all` will give message in install log about only clearing first drive but # this is still needed clearpart --all --initlabel #Advanced partition # The last lv specified will take up the remaining space of the vg. To get # around that add up all your disk sizes and set this value. It appears to # factor in the size of non lvm partitions as well preseed partman-auto-lvm/guided_size string 8192MB part /boot --fstype=ext4 --size=512 --asprimary part pv.1 --grow --size=1 --asprimary volgroup vg0 pv.1 logvol / --fstype=ext4 --name=root --vgname=vg0 --size=1024 logvol /usr --fstype=ext4 --name=usr --vgname=vg0 --size=2048 logvol /var --fstype=ext4 --name=var --vgname=vg0 --size=1536 logvol /var/log --fstype=ext4 --name=var_log --vgname=vg0 --size=512 logvol swap --name=swap --vgname=vg0 --size=2048 --maxsize=2048 logvol /home --fstype=ext4 --name=home --vgname=vg0 --size=512 # Don't install recommended items by default # This will also be set for built system at # /etc/apt/apt.conf.d/00InstallRecommends preseed base-installer/install-recommends boolean false #System authorization infomation auth --useshadow #Network information # If the system has a single interface the '--device' option isn't needed. If # you do use it remember that in 18.04 the device names are different. For # example I was seeing enp0s3 as the interface name. I haven't tested this # but you should be able to specify 'interface=enp0s3' as a boot paramater and # it will be passed through to installer. I have tested setting the device to # 'auto' will have it automatically pick the first active interface #network --bootproto=dhcp --device=enp0s3 network --bootproto=dhcp --device=auto #Firewall configuration # Not supported by ubuntu #firewall --disabled --trust=eth0 --ssh # Policy for applying updates. May be "none" (no automatic updates), # "unattended-upgrades" (install security updates automatically), or # "landscape" (manage system with Landscape). preseed pkgsel/update-policy select unattended-upgrades #Do not configure the X Window System skipx # Additional packages to install # - Most of these would have installed if it wasn't for turning off # install-recommends # - software-properties-common provides add-apt-repository which is needed for # adding additional PPAs. You can remove that if you don't plan on # installing anything. The %post script needs it for adding git # - Starting in 16.04 Ubuntu no longer installs python v2.7 by default. # Instead the default version of python is v3.x. If you still need v2.7 # then add the `python` package to this list # - Uncomment the open-vm-tools line if this is going to run in vmware and are # not going to use vmware-tools that's distributed with it. Don't think the # --no-install-recommends is needed to not install desktop tools but doesn't # hurt anything %packages # -- required for %post -- vim software-properties-common # -- pretty much required -- gpg-agent # apt-key needs this when piping certs in through stdin curl openssh-server net-tools # this includes commands like ifconfig and netstat wget man # -- additional packages you'll likely want -- #open-vm-tools --no-install-recommends # only needed on vmware vms #bash-completion # personally I always install it but not everyone uses bash #chrony # default time server in 18.04. systemd will manage time if this doesn't #haveged # helps keep entropy pool full on VMs %post # -- begin security hardening -- # Change default umask from 022 to 027 (not world readable) sed -i -e 's/^\(UMASK\W*\)[0-9]\+$/\1027/' /etc/login.defs # Add noatime to / sed -i -e 's/\(errors=remount-ro\)/noatime,\1/' /etc/fstab # Add noatime and nodev to everything else sed -i -e 's/\(boot.*defaults\)/\1,noatime,nodev/' /etc/fstab sed -i -e 's/\(home.*defaults\)/\1,noatime,nodev/' /etc/fstab sed -i -e 's/\(usr.*defaults\)/\1,noatime,nodev/' /etc/fstab # Remove nodev from this one if it causes issues for you sed -i -e 's/\(var .*defaults\)/\1,noatime,nodev/' /etc/fstab # Add noatime, nodev, and noexec to /var/log sed -i -e 's/\(var\/log .*defaults\)/\1,noatime,nodev,noexec/' /etc/fstab # Add line to enable noexec on /dev/shm echo "none /dev/shm tmpfs defaults,noexec,nosuid,nodev 0 0" >>/etc/fstab # -- end security hardening -- # Set some defaults for apt to keep things tidy cat > /etc/apt/apt.conf.d/90local <<"_EOF_" APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Unattended-Upgrade "1"; APT::Periodic::AutocleanInterval "1"; APT::Periodic::MaxSize "200"; Unattended-Upgrade::Remove-Unused-Dependencies "true"; #Acquire::http::Proxy "http://my-local-cache:3142"; _EOF_ # -- begin vim package customizations -- echo "set background=dark" >>/etc/vim/vimrc.local # -- end vim package customizations -- # -- begin install git from 'Ubuntu Git Maintainers' PPA -- add-apt-repository -y ppa:git-core/ppa apt-get -qq -y update apt-get -qq -y install git # -- end install git from 'Ubuntu Git Maintainers' PPA -- # -- begin set xdg base directories -- cat > /etc/profile.d/xdg_basedir.sh <<"_EOF_" # Set XDG base directory global variables # XDG_RUNTIME_HOME is set on user login export XDG_DATA_HOME="${XDG_DATA_HOME:-"${HOME}/.local/share"}" export XDG_CONFIG_HOME="${XDG_CONFIG_HOME:-"${HOME}/.config"}" export XDG_CACHE_HOME="${XDG_CACHE_HOME:-"${HOME}/.cache"}" _EOF_ chmod 0644 /etc/profile.d/xdg_basedir.sh # -- end set xdg base directories -- # Clean up apt-get -qq -y autoremove apt-get clean rm -f /var/cache/apt/*cache.bin rm -rf /var/lib/apt/lists/*