200 lines
6.7 KiB
INI
200 lines
6.7 KiB
INI
#
|
|
#Kickstart template for Ubuntu
|
|
#Platform: x86-64
|
|
#
|
|
# Customized for Server 18.04 minimal vm install
|
|
#
|
|
# See README.mkd for usage
|
|
|
|
# Load the minimal server preseed off cdrom
|
|
preseed preseed/file string /cdrom/preseed/ubuntu-server-minimalvm.seed
|
|
|
|
# OPTIONAL: Change hostname from default 'preseed'
|
|
# If your DHCP hands out a hostname that will take precedence over this
|
|
# see: https://bugs.launchpad.net/ubuntu/+source/preseed/+bug/1452202
|
|
#preseed netcfg/hostname string minimal-vm
|
|
|
|
# Use local proxy
|
|
# Setup a server with apt-cacher-ng and enter that hostname here
|
|
#preseed mirror/http/proxy string http://my-local-cache:3142/
|
|
|
|
#System language
|
|
lang en_US
|
|
|
|
#Language modules to install
|
|
langsupport en_US
|
|
|
|
#System keyboard
|
|
keyboard us
|
|
|
|
#System mouse
|
|
mouse
|
|
|
|
#System timezone
|
|
timezone America/New_York
|
|
|
|
#Root password
|
|
rootpw --disabled
|
|
|
|
#Initial user (user with sudo capabilities)
|
|
user ubuntu --fullname "Ubuntu" --password ChangeMe
|
|
|
|
#Reboot after installation
|
|
reboot
|
|
|
|
#Use text mode install
|
|
text
|
|
|
|
#Install OS instead of upgrade
|
|
install
|
|
|
|
#Installation media
|
|
cdrom
|
|
|
|
#Change console size to 1024x768x24
|
|
preseed debian-installer/add-kernel-opts string "vga=792"
|
|
|
|
#System bootloader configuration
|
|
bootloader --location=mbr
|
|
|
|
#Clear the Master Boot Record
|
|
zerombr yes
|
|
|
|
#Partition clearing information
|
|
# `--all` will give message in install log about only clearing first drive but
|
|
# this is still needed
|
|
clearpart --all --initlabel
|
|
|
|
#Advanced partition
|
|
# The last lv specified will take up the remaining space of the vg. To get
|
|
# around that add up all your disk sizes and set this value. It appears to
|
|
# factor in the size of non lvm partitions as well
|
|
preseed partman-auto-lvm/guided_size string 8192MB
|
|
part /boot --fstype=ext4 --size=512 --asprimary
|
|
part pv.1 --grow --size=1 --asprimary
|
|
volgroup vg0 pv.1
|
|
logvol / --fstype=ext4 --name=root --vgname=vg0 --size=1024
|
|
logvol /usr --fstype=ext4 --name=usr --vgname=vg0 --size=2048
|
|
logvol /var --fstype=ext4 --name=var --vgname=vg0 --size=1536
|
|
logvol /var/log --fstype=ext4 --name=var_log --vgname=vg0 --size=512
|
|
logvol swap --name=swap --vgname=vg0 --size=2048 --maxsize=2048
|
|
logvol /home --fstype=ext4 --name=home --vgname=vg0 --size=512
|
|
|
|
# Don't install recommended items by default
|
|
# This will also be set for built system at
|
|
# /etc/apt/apt.conf.d/00InstallRecommends
|
|
preseed base-installer/install-recommends boolean false
|
|
|
|
#System authorization infomation
|
|
auth --useshadow
|
|
|
|
#Network information
|
|
# If the system has a single interface the '--device' option isn't needed. If
|
|
# you do use it remember that in 18.04 the device names are different. For
|
|
# example I was seeing enp0s3 as the interface name. I haven't tested this
|
|
# but you should be able to specify 'interface=enp0s3' as a boot paramater and
|
|
# it will be passed through to installer. I have tested setting the device to
|
|
# 'auto' will have it automatically pick the first active interface
|
|
#network --bootproto=dhcp --device=enp0s3
|
|
network --bootproto=dhcp --device=auto
|
|
|
|
#Firewall configuration
|
|
# Not supported by ubuntu
|
|
#firewall --disabled --trust=eth0 --ssh
|
|
|
|
|
|
# Policy for applying updates. May be "none" (no automatic updates),
|
|
# "unattended-upgrades" (install security updates automatically), or
|
|
# "landscape" (manage system with Landscape).
|
|
preseed pkgsel/update-policy select unattended-upgrades
|
|
|
|
#Do not configure the X Window System
|
|
skipx
|
|
|
|
# Additional packages to install
|
|
# - Most of these would have installed if it wasn't for turning off
|
|
# install-recommends
|
|
# - software-properties-common provides add-apt-repository which is needed for
|
|
# adding additional PPAs. You can remove that if you don't plan on
|
|
# installing anything. The %post script needs it for adding git
|
|
# - Starting in 16.04 Ubuntu no longer installs python v2.7 by default.
|
|
# Instead the default version of python is v3.x. If you still need v2.7
|
|
# then add the `python` package to this list
|
|
# - Uncomment the open-vm-tools line if this is going to run in vmware and are
|
|
# not going to use vmware-tools that's distributed with it. Don't think the
|
|
# --no-install-recommends is needed to not install desktop tools but doesn't
|
|
# hurt anything
|
|
%packages
|
|
# -- required for %post --
|
|
vim
|
|
software-properties-common
|
|
# -- pretty much required --
|
|
gpg-agent # apt-key needs this when piping certs in through stdin
|
|
curl
|
|
openssh-server
|
|
net-tools # this includes commands like ifconfig and netstat
|
|
wget
|
|
man
|
|
# -- additional packages you'll likely want --
|
|
#open-vm-tools --no-install-recommends # only needed on vmware vms
|
|
#bash-completion # personally I always install it but not everyone uses bash
|
|
#chrony # default time server in 18.04. systemd will manage time if this doesn't
|
|
#haveged # helps keep entropy pool full on VMs
|
|
|
|
|
|
%post
|
|
# -- begin security hardening --
|
|
# Change default umask from 022 to 027 (not world readable)
|
|
sed -i -e 's/^\(UMASK\W*\)[0-9]\+$/\1027/' /etc/login.defs
|
|
|
|
# Add noatime to /
|
|
sed -i -e 's/\(errors=remount-ro\)/noatime,\1/' /etc/fstab
|
|
# Add noatime and nodev to everything else
|
|
sed -i -e 's/\(boot.*defaults\)/\1,noatime,nodev/' /etc/fstab
|
|
sed -i -e 's/\(home.*defaults\)/\1,noatime,nodev/' /etc/fstab
|
|
sed -i -e 's/\(usr.*defaults\)/\1,noatime,nodev/' /etc/fstab
|
|
# Remove nodev from this one if it causes issues for you
|
|
sed -i -e 's/\(var .*defaults\)/\1,noatime,nodev/' /etc/fstab
|
|
# Add noatime, nodev, and noexec to /var/log
|
|
sed -i -e 's/\(var\/log .*defaults\)/\1,noatime,nodev,noexec/' /etc/fstab
|
|
# Add line to enable noexec on /dev/shm
|
|
echo "none /dev/shm tmpfs defaults,noexec,nosuid,nodev 0 0" >>/etc/fstab
|
|
# -- end security hardening --
|
|
|
|
# Set some defaults for apt to keep things tidy
|
|
cat > /etc/apt/apt.conf.d/90local <<"_EOF_"
|
|
APT::Periodic::Update-Package-Lists "1";
|
|
APT::Periodic::Unattended-Upgrade "1";
|
|
APT::Periodic::AutocleanInterval "1";
|
|
APT::Periodic::MaxSize "200";
|
|
Unattended-Upgrade::Remove-Unused-Dependencies "true";
|
|
#Acquire::http::Proxy "http://my-local-cache:3142";
|
|
_EOF_
|
|
|
|
# -- begin vim package customizations --
|
|
echo "set background=dark" >>/etc/vim/vimrc.local
|
|
# -- end vim package customizations --
|
|
|
|
# -- begin install git from 'Ubuntu Git Maintainers' PPA --
|
|
add-apt-repository -y ppa:git-core/ppa
|
|
apt-get -qq -y update
|
|
apt-get -qq -y install git
|
|
# -- end install git from 'Ubuntu Git Maintainers' PPA --
|
|
|
|
# -- begin set xdg base directories --
|
|
cat > /etc/profile.d/xdg_basedir.sh <<"_EOF_"
|
|
# Set XDG base directory global variables
|
|
# XDG_RUNTIME_HOME is set on user login
|
|
export XDG_DATA_HOME="${XDG_DATA_HOME:-"${HOME}/.local/share"}"
|
|
export XDG_CONFIG_HOME="${XDG_CONFIG_HOME:-"${HOME}/.config"}"
|
|
export XDG_CACHE_HOME="${XDG_CACHE_HOME:-"${HOME}/.cache"}"
|
|
_EOF_
|
|
chmod 0644 /etc/profile.d/xdg_basedir.sh
|
|
# -- end set xdg base directories --
|
|
|
|
# Clean up
|
|
apt-get -qq -y autoremove
|
|
apt-get clean
|
|
rm -f /var/cache/apt/*cache.bin
|
|
rm -rf /var/lib/apt/lists/*
|