-
Notifications
You must be signed in to change notification settings - Fork 34
/
ks-1804-minimalvm.cfg
199 lines (164 loc) · 6.66 KB
/
ks-1804-minimalvm.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
#
#Kickstart template for Ubuntu
#Platform: x86-64
#
# Customized for Server 18.04 minimal vm install
#
# See README.mkd for usage
# Load the minimal server preseed off cdrom
preseed preseed/file string /cdrom/preseed/ubuntu-server-minimalvm.seed
# OPTIONAL: Change hostname from default 'preseed'
# If your DHCP hands out a hostname that will take precedence over this
# see: https://bugs.launchpad.net/ubuntu/+source/preseed/+bug/1452202
#preseed netcfg/hostname string minimal-vm
# Use local proxy
# Setup a server with apt-cacher-ng and enter that hostname here
#preseed mirror/http/proxy string http://my-local-cache:3142/
#System language
lang en_US
#Language modules to install
langsupport en_US
#System keyboard
keyboard us
#System mouse
mouse
#System timezone
timezone America/New_York
#Root password
rootpw --disabled
#Initial user (user with sudo capabilities)
user ubuntu --fullname "Ubuntu" --password ChangeMe
#Reboot after installation
reboot
#Use text mode install
text
#Install OS instead of upgrade
install
#Installation media
cdrom
#Change console size to 1024x768x24
preseed debian-installer/add-kernel-opts string "vga=792"
#System bootloader configuration
bootloader --location=mbr
#Clear the Master Boot Record
zerombr yes
#Partition clearing information
# `--all` will give message in install log about only clearing first drive but
# this is still needed
clearpart --all --initlabel
#Advanced partition
# The last lv specified will take up the remaining space of the vg. To get
# around that add up all your disk sizes and set this value. It appears to
# factor in the size of non lvm partitions as well
preseed partman-auto-lvm/guided_size string 8192MB
part /boot --fstype=ext4 --size=512 --asprimary
part pv.1 --grow --size=1 --asprimary
volgroup vg0 pv.1
logvol / --fstype=ext4 --name=root --vgname=vg0 --size=1024
logvol /usr --fstype=ext4 --name=usr --vgname=vg0 --size=2048
logvol /var --fstype=ext4 --name=var --vgname=vg0 --size=1536
logvol /var/log --fstype=ext4 --name=var_log --vgname=vg0 --size=512
logvol swap --name=swap --vgname=vg0 --size=2048 --maxsize=2048
logvol /home --fstype=ext4 --name=home --vgname=vg0 --size=512
# Don't install recommended items by default
# This will also be set for built system at
# /etc/apt/apt.conf.d/00InstallRecommends
preseed base-installer/install-recommends boolean false
#System authorization infomation
auth --useshadow
#Network information
# If the system has a single interface the '--device' option isn't needed. If
# you do use it remember that in 18.04 the device names are different. For
# example I was seeing enp0s3 as the interface name. I haven't tested this
# but you should be able to specify 'interface=enp0s3' as a boot paramater and
# it will be passed through to installer. I have tested setting the device to
# 'auto' will have it automatically pick the first active interface
#network --bootproto=dhcp --device=enp0s3
network --bootproto=dhcp --device=auto
#Firewall configuration
# Not supported by ubuntu
#firewall --disabled --trust=eth0 --ssh
# Policy for applying updates. May be "none" (no automatic updates),
# "unattended-upgrades" (install security updates automatically), or
# "landscape" (manage system with Landscape).
preseed pkgsel/update-policy select unattended-upgrades
#Do not configure the X Window System
skipx
# Additional packages to install
# - Most of these would have installed if it wasn't for turning off
# install-recommends
# - software-properties-common provides add-apt-repository which is needed for
# adding additional PPAs. You can remove that if you don't plan on
# installing anything. The %post script needs it for adding git
# - Starting in 16.04 Ubuntu no longer installs python v2.7 by default.
# Instead the default version of python is v3.x. If you still need v2.7
# then add the `python` package to this list
# - Uncomment the open-vm-tools line if this is going to run in vmware and are
# not going to use vmware-tools that's distributed with it. Don't think the
# --no-install-recommends is needed to not install desktop tools but doesn't
# hurt anything
%packages
# -- required for %post --
vim
software-properties-common
# -- pretty much required --
gpg-agent # apt-key needs this when piping certs in through stdin
curl
openssh-server
net-tools # this includes commands like ifconfig and netstat
wget
man
# -- additional packages you'll likely want --
#open-vm-tools --no-install-recommends # only needed on vmware vms
#bash-completion # personally I always install it but not everyone uses bash
#chrony # default time server in 18.04. systemd will manage time if this doesn't
#haveged # helps keep entropy pool full on VMs
%post
# -- begin security hardening --
# Change default umask from 022 to 027 (not world readable)
sed -i -e 's/^\(UMASK\W*\)[0-9]\+$/\1027/' /etc/login.defs
# Add noatime to /
sed -i -e 's/\(errors=remount-ro\)/noatime,\1/' /etc/fstab
# Add noatime and nodev to everything else
sed -i -e 's/\(boot.*defaults\)/\1,noatime,nodev/' /etc/fstab
sed -i -e 's/\(home.*defaults\)/\1,noatime,nodev/' /etc/fstab
sed -i -e 's/\(usr.*defaults\)/\1,noatime,nodev/' /etc/fstab
# Remove nodev from this one if it causes issues for you
sed -i -e 's/\(var .*defaults\)/\1,noatime,nodev/' /etc/fstab
# Add noatime, nodev, and noexec to /var/log
sed -i -e 's/\(var\/log .*defaults\)/\1,noatime,nodev,noexec/' /etc/fstab
# Add line to enable noexec on /dev/shm
echo "none /dev/shm tmpfs defaults,noexec,nosuid,nodev 0 0" >>/etc/fstab
# -- end security hardening --
# Set some defaults for apt to keep things tidy
cat > /etc/apt/apt.conf.d/90local <<"_EOF_"
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::AutocleanInterval "1";
APT::Periodic::MaxSize "200";
Unattended-Upgrade::Remove-Unused-Dependencies "true";
#Acquire::http::Proxy "http://my-local-cache:3142";
_EOF_
# -- begin vim package customizations --
echo "set background=dark" >>/etc/vim/vimrc.local
# -- end vim package customizations --
# -- begin install git from 'Ubuntu Git Maintainers' PPA --
add-apt-repository -y ppa:git-core/ppa
apt-get -qq -y update
apt-get -qq -y install git
# -- end install git from 'Ubuntu Git Maintainers' PPA --
# -- begin set xdg base directories --
cat > /etc/profile.d/xdg_basedir.sh <<"_EOF_"
# Set XDG base directory global variables
# XDG_RUNTIME_HOME is set on user login
export XDG_DATA_HOME="${XDG_DATA_HOME:-"${HOME}/.local/share"}"
export XDG_CONFIG_HOME="${XDG_CONFIG_HOME:-"${HOME}/.config"}"
export XDG_CACHE_HOME="${XDG_CACHE_HOME:-"${HOME}/.cache"}"
_EOF_
chmod 0644 /etc/profile.d/xdg_basedir.sh
# -- end set xdg base directories --
# Clean up
apt-get -qq -y autoremove
apt-get clean
rm -f /var/cache/apt/*cache.bin
rm -rf /var/lib/apt/lists/*