# Netboots
All things related to network booting, pxe etc...
# iPXE Setup
Explanation of how to use iPXE
# Load a remote script
This will load a boot script from a remote server
#!ipxe chain http://<webserver>/ipxe/boot
# Ubuntu 18.04 Auto install
#!ipxe
set base-url http://<webserver>
echo Starting Ubuntu 18.04 Installer
kernel -n 1804a ${base-url}/ipxe/ubuntu/1804/linux
initrd ${base-url}/ipxe/ubuntu/1804/initrd.gz
imgargs 1804a initrd=initrd.gz locale=en_GB console-setup/ask_detect=false debian-installer/keymap=gb domain=localdomain hostname=unassigned auto priority=critical netcfg/choose_interface=auto preseed/url=${base-url}/ipxe/ubuntu/1804/preseed.cfg
boot 1804a
See Preseed
# Boot Script
This is the boot script on the remote web server. Windows installations probably don't work due to driver issues.
#!ipxe
set base-url http://<webserver>
set menu-timeout 30000
set submenu-timeout ${menu-timeout}
isset ${menu-default} || set menu-default exit
:start
menu iPXE boot menu
item --gap -- ------------------------- Install Menu -----------------------------------
item ubuntu1604 Install Ubuntu 16.04 from public archive
item ubuntu1804 Install Ubuntu 18.04 from public archive
item server2012r2 Install Windows Server 2012 R2
item server2012r2wim Install Windows Server 2012 R2 using wimboot
item --gap -- ------------------------- Advanced options -------------------------------
item rescue64 Launch SYSRescue64
item shell Drop to iPXE shell
item reboot Reboot computer
item
item --key x exit Exit iPXE and continue BIOS boot
choose --timeout ${menu-timeout} --default ${menu-default} selected || goto cancel
set menu-timeout 0
goto ${selected}
:cancel
echo You cancelled the menu, dropping you to a shell
:shell
echo Type 'exit' to get the back to the menu
shell
set menu-timeout 0
set submenu-timeout 0
goto start
:failed
echo Booting failed, dropping to shell
goto shell
:reboot
reboot
:exit
exit
:rescue64
echo Starting SYSRescue64
initrd ${base-url}/ipxe/rescue/isolinux/initram.igz
chain ${base-url}/ipxe/rescue/isolinux/rescue64 dodhcp netboot=${base-url}/ipxe/rescue/sysrcd.dat || goto failed
:ubuntu1604
echo Starting Ubuntu 16.04 Installer
kernel ${base-url}/ipxe/ubuntu/1604/linux
initrd ${base-url}/ipxe/ubuntu/1604/initrd.gz
#imgargs linux auto=true url=${base-url}/ipxe/ubuntu/preseed.cfg
boot || goto failed
:ubuntu1804
echo Starting Ubuntu 18.04 Installer
kernel ${base-url}/ipxe/ubuntu/1804/linux
initrd ${base-url}/ipxe/ubuntu/1804/initrd.gz
#imgargs linux auto=true url=${base-url}/ipxe/ubuntu/preseed.cfg
boot || goto failed
:server2012r2
echo Starting Windows Server 2012 R2 Installer
sanboot --no-describe ${base-url}/ipxe/win/en_windows_server_2012_r2_x64_dvd_2707946.iso || goto failed
:server2012r2wim
echo Starting Windows Server 2012 R2 Installer
kernel ${base-url}/ipxe/wimboot
initrd ${base-url}/ipxe/win/iso/2012r2/x64/bootmgr bootmgr
initrd ${base-url}/ipxe/win/iso/2012r2/x64/boot/bcd BCD
initrd ${base-url}/ipxe/win/iso/2012r2/x64/boot/boot.sdi boot.sdi
initrd ${base-url}/ipxe/win/iso/2012r2/x64/sources/boot.wim boot.wim
boot || goto failed
# PXE Setup
Explanation of how the PXE installation is configured on the home network.
# TFTP Server
You will need a TFTP server to serve up the initial netboot files.
The Ubuntu files are available from the official repository
Contents of default file
default vesamenu.c32
path boot-screens/
prompt 0
timeout 150
ONTIMEOUT local
MENU TITLE Select a boot option
LABEL local
MENU LABEL Boot From ^Local Disk
LOCALBOOT 0
LABEL rescue64
MENU LABEL Launch ^Rescue64
KERNEL images/rescue/isolinux/rescue64
APPEND initrd=images/rescue/isolinux/initram.igz dodhcp netboot=http://192.168.10.250/rescue/sysrcd.dat
LABEL rescue
MENU LABEL Ubuntu 16.04 Rescue mode
kernel images/ubuntu/xenial/amd64/linux
append vga=788 initrd=images/ubuntu/xenial/amd64/initrd.gz rescue/enable=true --- quiet
MENU SEPARATOR
MENU BEGIN Install
MENU TITLE Select an OS to install
LABEL Go Back
MENU EXIT
LABEL Centos-7.0-x86_64
MENU LABEL Install CentOS 7.0 x86_64 (Manual attended install)
KERNEL images/centos/7.0/x86_64/vmlinuz
APPEND initrd=images/centos/7.0/x86_64/initrd.img ramdisk_size=100000 ip=dhcp inst.repo=http://centos.serverspace.co.uk/centos/7/os/x86_64
LABEL Ubuntu-16.04-Xenial
MENU LABEL Network Install Ubuntu 16.04 (^Xenial)
KERNEL images/ubuntu/xenial/amd64/linux
APPEND initrd=images/ubuntu/xenial/amd64/initrd.gz ramdisk_size=16432 locale=en_GB console-setup/ask_detect=false debian-installer/keymap=gb domain=localdomain hostname=unassigned auto url=http://192.168.10.250/dist/ubuntu/1604std.cfg
LABEL Ubuntu-16.04-Xenial-man
MENU LABEL Manual Network Install Ubuntu 16.04 (Xenial)
KERNEL images/ubuntu/xenial/amd64/linux
APPEND initrd=images/ubuntu/xenial/amd64/initrd.gz ramdisk_size=16432 locale=en_GB console-setup/ask_detect=false debian-installer/keymap=gb domain=localdomain hostname=unassigned
LABEL Ubuntu-18.04-BionicBeaver
MENU LABEL Network Install Ubuntu 18.04 (^Bionic Beaver)
KERNEL images/ubuntu/bionic/amd64/linux
APPEND initrd=images/ubuntu/bionic/amd64/initrd.gz ramdisk_size=16432 locale=en_GB console-setup/ask_detect=false debian-installer/keymap=gb domain=localdomain hostname=unassigned auto url=http://192.168.10.250/dist/ubuntu/1804std.cfg
MENU END
# Webserver
The webserver holds the installation files and the preseed script which will be specified in the TFTP section. E.g. http://192.168.10.250/dist/ubuntu/1604std.cfg
See Preseed
# DHCP Setup
DHCP has to be set up to point at your initial netboot server, which is a tftp server.
# Preseed
Example preseed scripts used in the current deployment. Passwords have been removed, see mkpasswd on how to generate a password.
# Ubuntu
# Ubuntu 16.04 Preseed Script
#### Contents of the preconfiguration file (for xenial)
### Localization
d-i debian-installer/locale string en_GB
# Keyboard selection.
# Disable automatic (interactive) keymap detection.
d-i console-setup/ask_detect boolean false
d-i keyboard-configuration/xkb-keymap select gb
### Network configuration
d-i netcfg/choose_interface select auto
d-i netcfg/get_hostname string unassigned
d-i netcfg/get_domain string localdomain
# Disable that annoying WEP key dialog.
d-i netcfg/wireless_wep string
### Mirror settings
d-i mirror/country string manual
d-i mirror/http/hostname string 192.168.10.250
d-i mirror/http/directory string /dist/ubuntu/ubuntu1604
d-i mirror/http/proxy string
d-i mirror/suite string xenial
### Account setup
# To create a normal user account.
d-i passwd/user-fullname string m00
d-i passwd/username string m00
d-i passwd/user-password-crypted password $6$<snip>
d-i user-setup/allow-password-weak boolean true
# Set to true if you want to encrypt the first user's home directory.
d-i user-setup/encrypt-home boolean false
### Clock and time zone setup
d-i clock-setup/utc boolean true
d-i time/zone string Europe/London
d-i clock-setup/ntp boolean true
d-i clock-setup/ntp-server string pool.ntp.org
### Partitioning
d-i partman-auto/disk string /dev/sda
d-i partman-auto/method string lvm
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-md/device_remove_md boolean true
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
d-i partman-auto-lvm/guided_size string max
d-i partman-auto/choose_recipe select atomic
d-i partman/default_filesystem string ext4
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
### Base system installation
d-i base-installer/install-recommends boolean true
d-i base-installer/kernel/image string linux-generic
### Package selection
tasksel tasksel/first multiselect standard
# Individual additional packages to install
d-i pkgsel/include string openssh-server open-vm-tools python-simplejson curl cifs-utils software-properties-common binutils
d-i pkgsel/upgrade select full-upgrade
d-i pkgsel/update-policy select unattended-upgrades
d-i grub-installer/only_debian boolean true
d-i grub-installer/bootdev string default
d-i finish-install/reboot_in_progress note
d-i cdrom-detect/eject boolean false
# in-target sh -c 'usermod -p "" m00'; \
# in-target sh -c 'passwd -e m00'; \
#### Advanced options
### Running custom commands during the installation
d-i preseed/late_command string \
in-target sh -c 'usermod -p "!" root'; \
in-target sh -c 'mkdir -p --mode=0700 /root/.ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5KaNzN+dE9ZU83seeXSJb5gX4xRANc7eHNbQuyMXvBGSP942UpHrKgmb2Hd+f1sxH5FeLaE82p4T5Hxa+YbSEKT6VQEiktqRDmTSjiTtl2GEjaDedi0UTXB/D8nZXIbsrfkAwdQ3DgSUi7X7bdPBK43ZFE81qIPzAvl0rKhrAgJcY1HFQhlNmMzxNhPWSG9s0OqmSviC1tGooicpBLr9ibBPiQ5uc5pimYRbd6+zIbFNjNy/SqT+pWVF8J6Qp4GnHIpZZ1TMn3xluYL28zD5B5ItC8gDxfH/uaalRwe0NLEPTwWkT3ipwFaFwH8vZFCdaVU8KqUSpWH59VNHFTbKt" > /root/.ssh/authorized_keys && chmod 0600 /root/.ssh/authorized_keys'; \
in-target sh -c 'mkdir -p --mode=0700 /home/m00/.ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5KaNzN+dE9ZU83seeXSJb5gX4xRANc7eHNbQuyMXvBGSP942UpHrKgmb2Hd+f1sxH5FeLaE82p4T5Hxa+YbSEKT6VQEiktqRDmTSjiTtl2GEjaDedi0UTXB/D8nZXIbsrfkAwdQ3DgSUi7X7bdPBK43ZFE81qIPzAvl0rKhrAgJcY1HFQhlNmMzxNhPWSG9s0OqmSviC1tGooicpBLr9ibBPiQ5uc5pimYRbd6+zIbFNjNy/SqT+pWVF8J6Qp4GnHIpZZ1TMn3xluYL28zD5B5ItC8gDxfH/uaalRwe0NLEPTwWkT3ipwFaFwH8vZFCdaVU8KqUSpWH59VNHFTbKt" > /home/m00/.ssh/authorized_keys && chmod 0600 /home/m00/.ssh/authorized_keys && chown -R m00:m00 /home/m00/.ssh'; \
in-target sh -c 'echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6NfziEHlyzmxiU1ftIMyx8Hh8CbgiawB+wZb02aJd0Uc3lrcm+YGVxCa2jXr9hTO/YT30u4r+X91wGRJblPwyt94OqnwbGmTT+awnwshWfI8h+SP64Y4C+O9vX6b7TCmIsiXBjY35x79QfjFjHkMIZETGrU2M0v8AgfnASPR2VZw89herazZSCcvDZzmg7onGxsNulzp0s6+ldJo27clD9lXfkYtH5oZJZ+60S+lSzcAgE/EkNCAC/XwMj/qoCH2CO/oS+PR+sittw7EwJCMkt7QkQtvTDyPaLA6i2vp7JyEx8KkdsTnZm4yRr9m/I9rk3tR4DS9oj2+MPL0sfkjhMmL0jpuQaQYQczYVNo5hhAFkiVQecXHPr4G9xz4MfUy02oWGqm0hYNuWXaD1VG8Ysg3sIJQOUL7mRpjcpXh3cqP1CYF2oyKwWJh8Mwxr8nnD+F3iFJrcYqA+tgbZ+WMHLTgROK/lGVzuDx73NI9g4K0kfXjxX4AFfLjwVJmOPzzxGnAftCGFrbjENUhiwF9wBh8t825mnlItAPXo7xImmQbjwKyR5m3HKtDbXiFCbtP9DyoocABphK7+9s7kTgJnD0hzW1GqMLlWFrxRWgQniJX/ChbEaZovaLdUncPrun3HFpqQk+Np0q+l8K0CW16PYjUkZNq7warhRZ1YcKHT2Q== ansible@blasteh.uk" >> /home/m00/.ssh/authorized_keys'; \
in-target sh -c 'sed -i "s/.*PermitRootLogin.*/PermitRootLogin prohibit-password/g" /etc/ssh/sshd_config'; \
in-target sh -c 'sed -i "s/.*PasswordAuthentication.*/PasswordAuthentication no/g" /etc/ssh/sshd_config'; \
in-target sh -c 'sed -i "s|192.168.10.250/dist/ubuntu/ubuntu1604|gb.archive.ubuntu.com/ubuntu|g" /etc/apt/sources.list'; \
in-target sh -c 'apt-get update && apt-get upgrade -y';
# Ubuntu 18.04 Preseed script for raid 1 (OVH)
#### Contents of the preconfiguration file (for bionic)
d-i debian-installer/locale string en_GB
d-i console-setup/ask_detect boolean false
d-i keyboard-configuration/xkb-keymap select gb
d-i netcfg/choose_interface select auto
d-i netcfg/get_hostname string unassigned
d-i netcfg/get_domain string localdomain
d-i netcfg/wireless_wep string
d-i mirror/country string manual
d-i mirror/http/hostname string archive.ubuntu.com
d-i mirror/http/directory string /ubuntu
d-i mirror/http/proxy string
d-i mirror/http/mirror select gb.archive.ubuntu.com
d-i passwd/make-user boolean false
d-i passwd/user-fullname string ubuntu
d-i passwd/username string ubuntu
d-i passwd/user-password-crypted password $6$<snip>
d-i user-setup/allow-password-weak boolean true
d-i user-setup/encrypt-home boolean false
d-i clock-setup/utc boolean true
d-i time/zone string Europe/London
d-i clock-setup/ntp boolean true
d-i clock-setup/ntp-server string pool.ntp.org
d-i partman-auto/disk string /dev/sda /dev/sdb
d-i partman-auto/method string raid
d-i partman-auto-raid/recipe string \
1 2 0 ext3 /boot /dev/sda1#/dev/sdb1 . \
1 2 0 swap - /dev/sda2#/dev/sdb2 . \
1 2 0 ext4 / /dev/sda3#/dev/sdb3 .
d-i partman-auto/expert_recipe string \
multiraid :: \
512 512 512 raid \
$primary{ } $bootable{ } \
method{ raid } \
$lvmignore{ } \
. \
1024 8000 4096 raid \
$primary{ } method{ raid } \
$lvmignore{ } \
. \
2048 10000 0 raid \
$primary{ } method{ raid } \
$lvmignore{ } \
.
d-i partman-md/device_remove_md boolean true
d-i partman-md/confirm boolean true
d-i partman-md/confirm_nooverwrite boolean true
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
d-i partman/default_filesystem string ext4
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
d-i partman/choose_partition select finish
d-i base-installer/install-recommends boolean true
d-i base-installer/kernel/image string linux-generic
tasksel tasksel/first multiselect standard
d-i pkgsel/include string openssh-server python-simplejson curl cifs-utils software-properties-common binutils
d-i pkgsel/upgrade select full-upgrade
d-i pkgsel/update-policy select unattended-upgrades
d-i grub-installer/only_debian boolean true
d-i grub-installer/bootdev string default
d-i finish-install/reboot_in_progress note
d-i cdrom-detect/eject boolean false
d-i preseed/late_command string \
in-target sh -c 'usermod -p "!" root'; \
in-target sh -c 'mkdir -p --mode=0700 /root/.ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5KaNzN+dE9ZU83seeXSJb5gX4xRANc7eHNbQuyMXvBGSP942UpHrKgmb2Hd+f1sxH5FeLaE82p4T5Hxa+YbSEKT6VQEiktqRDmTSjiTtl2GEjaDedi0UTXB/D8nZXIbsrfkAwdQ3DgSUi7X7bdPBK43ZFE81qIPzAvl0rKhrAgJcY1HFQhlNmMzxNhPWSG9s0OqmSviC1tGooicpBLr9ibBPiQ5uc5pimYRbd6+zIbFNjNy/SqT+pWVF8J6Qp4GnHIpZZ1TMn3xluYL28zD5B5ItC8gDxfH/uaalRwe0NLEPTwWkT3ipwFaFwH8vZFCdaVU8KqUSpWH59VNHFTbKt" > /root/.ssh/authorized_keys && chmod 0600 /root/.ssh/authorized_keys'; \
in-target sh -c 'echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6NfziEHlyzmxiU1ftIMyx8Hh8CbgiawB+wZb02aJd0Uc3lrcm+YGVxCa2jXr9hTO/YT30u4r+X91wGRJblPwyt94OqnwbGmTT+awnwshWfI8h+SP64Y4C+O9vX6b7TCmIsiXBjY35x79QfjFjHkMIZETGrU2M0v8AgfnASPR2VZw89herazZSCcvDZzmg7onGxsNulzp0s6+ldJo27clD9lXfkYtH5oZJZ+60S+lSzcAgE/EkNCAC/XwMj/qoCH2CO/oS+PR+sittw7EwJCMkt7QkQtvTDyPaLA6i2vp7JyEx8KkdsTnZm4yRr9m/I9rk3tR4DS9oj2+MPL0sfkjhMmL0jpuQaQYQczYVNo5hhAFkiVQecXHPr4G9xz4MfUy02oWGqm0hYNuWXaD1VG8Ysg3sIJQOUL7mRpjcpXh3cqP1CYF2oyKwWJh8Mwxr8nnD+F3iFJrcYqA+tgbZ+WMHLTgROK/lGVzuDx73NI9g4K0kfXjxX4AFfLjwVJmOPzzxGnAftCGFrbjENUhiwF9wBh8t825mnlItAPXo7xImmQbjwKyR5m3HKtDbXiFCbtP9DyoocABphK7+9s7kTgJnD0hzW1GqMLlWFrxRWgQniJX/ChbEaZovaLdUncPrun3HFpqQk+Np0q+l8K0CW16PYjUkZNq7warhRZ1YcKHT2Q== ansible@blasteh.uk" >> /root/.ssh/authorized_keys'; \
in-target sh -c 'sed -i "s/.*PermitRootLogin.*/PermitRootLogin prohibit-password/g" /etc/ssh/sshd_config'; \
in-target sh -c 'sed -i "s/.*PasswordAuthentication.*/PasswordAuthentication no/g" /etc/ssh/sshd_config'; \
in-target sh -c 'apt-get update && apt-get upgrade -y'; \
in-target sh -c 'wget -O - http://<webserver>/script/install.sh | bash';
# Ubuntu 18.04 Preseed Script
#### Contents of the preconfiguration file (for bionic)
### Localization
d-i debian-installer/locale string en_GB
# Keyboard selection.
# Disable automatic (interactive) keymap detection.
d-i console-setup/ask_detect boolean false
d-i keyboard-configuration/xkb-keymap select gb
### Network configuration
d-i netcfg/choose_interface select auto
d-i netcfg/get_hostname string unassigned
d-i netcfg/get_domain string localdomain
# Disable that annoying WEP key dialog.
d-i netcfg/wireless_wep string
### Mirror settings
#d-i mirror/country string manual
#d-i mirror/http/hostname string 192.168.10.250
#d-i mirror/http/directory string /dist/ubuntu/ubuntu1804
#d-i mirror/http/proxy string
#d-i mirror/suite string bionic
d-i mirror/country string manual
d-i mirror/http/hostname string archive.ubuntu.com
d-i mirror/http/directory string /ubuntu
d-i mirror/http/proxy string
# Alternatively: by default, the installer uses CC.archive.ubuntu.com where
# CC is the ISO-3166-2 code for the selected country. You can preseed this
# so that it does so without asking.
d-i mirror/http/mirror select gb.archive.ubuntu.com
### Account setup
# To create a normal user account.
d-i passwd/user-fullname string m00
d-i passwd/username string m00
d-i passwd/user-password-crypted password $6$<snip>
d-i user-setup/allow-password-weak boolean true
# Set to true if you want to encrypt the first user's home directory.
d-i user-setup/encrypt-home boolean false
### Clock and time zone setup
d-i clock-setup/utc boolean true
d-i time/zone string Europe/London
d-i clock-setup/ntp boolean true
d-i clock-setup/ntp-server string pool.ntp.org
### Partitioning
d-i partman-auto/disk string /dev/sda
d-i partman-auto/method string lvm
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-md/device_remove_md boolean true
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
d-i partman-auto-lvm/guided_size string max
d-i partman-auto/choose_recipe select atomic
d-i partman/default_filesystem string ext4
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
### Base system installation
d-i base-installer/install-recommends boolean true
d-i base-installer/kernel/image string linux-generic
### Package selection
tasksel tasksel/first multiselect standard
# Individual additional packages to install
d-i pkgsel/include string openssh-server open-vm-tools python-simplejson curl cifs-utils software-properties-common binutils
d-i pkgsel/upgrade select full-upgrade
d-i pkgsel/update-policy select unattended-upgrades
d-i grub-installer/only_debian boolean true
d-i grub-installer/bootdev string default
d-i finish-install/reboot_in_progress note
d-i cdrom-detect/eject boolean false
# in-target sh -c 'usermod -p "" m00'; \
# in-target sh -c 'passwd -e m00'; \
#### Advanced options
### Running custom commands during the installation
d-i preseed/late_command string \
in-target sh -c 'usermod -p "!" root'; \
in-target sh -c 'mkdir -p --mode=0700 /root/.ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5KaNzN+dE9ZU83seeXSJb5gX4xRANc7eHNbQuyMXvBGSP942UpHrKgmb2Hd+f1sxH5FeLaE82p4T5Hxa+YbSEKT6VQEiktqRDmTSjiTtl2GEjaDedi0UTXB/D8nZXIbsrfkAwdQ3DgSUi7X7bdPBK43ZFE81qIPzAvl0rKhrAgJcY1HFQhlNmMzxNhPWSG9s0OqmSviC1tGooicpBLr9ibBPiQ5uc5pimYRbd6+zIbFNjNy/SqT+pWVF8J6Qp4GnHIpZZ1TMn3xluYL28zD5B5ItC8gDxfH/uaalRwe0NLEPTwWkT3ipwFaFwH8vZFCdaVU8KqUSpWH59VNHFTbKt" > /root/.ssh/authorized_keys && chmod 0600 /root/.ssh/authorized_keys'; \
in-target sh -c 'mkdir -p --mode=0700 /home/m00/.ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5KaNzN+dE9ZU83seeXSJb5gX4xRANc7eHNbQuyMXvBGSP942UpHrKgmb2Hd+f1sxH5FeLaE82p4T5Hxa+YbSEKT6VQEiktqRDmTSjiTtl2GEjaDedi0UTXB/D8nZXIbsrfkAwdQ3DgSUi7X7bdPBK43ZFE81qIPzAvl0rKhrAgJcY1HFQhlNmMzxNhPWSG9s0OqmSviC1tGooicpBLr9ibBPiQ5uc5pimYRbd6+zIbFNjNy/SqT+pWVF8J6Qp4GnHIpZZ1TMn3xluYL28zD5B5ItC8gDxfH/uaalRwe0NLEPTwWkT3ipwFaFwH8vZFCdaVU8KqUSpWH59VNHFTbKt" > /home/m00/.ssh/authorized_keys && chmod 0600 /home/m00/.ssh/authorized_keys && chown -R m00:m00 /home/m00/.ssh'; \
in-target sh -c 'echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6NfziEHlyzmxiU1ftIMyx8Hh8CbgiawB+wZb02aJd0Uc3lrcm+YGVxCa2jXr9hTO/YT30u4r+X91wGRJblPwyt94OqnwbGmTT+awnwshWfI8h+SP64Y4C+O9vX6b7TCmIsiXBjY35x79QfjFjHkMIZETGrU2M0v8AgfnASPR2VZw89herazZSCcvDZzmg7onGxsNulzp0s6+ldJo27clD9lXfkYtH5oZJZ+60S+lSzcAgE/EkNCAC/XwMj/qoCH2CO/oS+PR+sittw7EwJCMkt7QkQtvTDyPaLA6i2vp7JyEx8KkdsTnZm4yRr9m/I9rk3tR4DS9oj2+MPL0sfkjhMmL0jpuQaQYQczYVNo5hhAFkiVQecXHPr4G9xz4MfUy02oWGqm0hYNuWXaD1VG8Ysg3sIJQOUL7mRpjcpXh3cqP1CYF2oyKwWJh8Mwxr8nnD+F3iFJrcYqA+tgbZ+WMHLTgROK/lGVzuDx73NI9g4K0kfXjxX4AFfLjwVJmOPzzxGnAftCGFrbjENUhiwF9wBh8t825mnlItAPXo7xImmQbjwKyR5m3HKtDbXiFCbtP9DyoocABphK7+9s7kTgJnD0hzW1GqMLlWFrxRWgQniJX/ChbEaZovaLdUncPrun3HFpqQk+Np0q+l8K0CW16PYjUkZNq7warhRZ1YcKHT2Q== ansible@blasteh.uk" >> /home/m00/.ssh/authorized_keys'; \
in-target sh -c 'sed -i "s/.*PermitRootLogin.*/PermitRootLogin prohibit-password/g" /etc/ssh/sshd_config'; \
in-target sh -c 'sed -i "s/.*PasswordAuthentication.*/PasswordAuthentication no/g" /etc/ssh/sshd_config'; \
in-target sh -c 'sed -i "s|192.168.10.250/dist/ubuntu/ubuntu1804|gb.archive.ubuntu.com/ubuntu|g" /etc/apt/sources.list'; \
in-target sh -c 'apt-get update && apt-get upgrade -y';
# Ubuntu 20.04
Don't really build these anymore, but I guess this is something:
#cloud-config
autoinstall:
apt:
geoip: true
preserve_sources_list: false
primary:
- arches: [amd64, i386]
uri: http://gb.archive.ubuntu.com/ubuntu
- arches: [default]
uri: http://ports.ubuntu.com/ubuntu-ports
identity: {hostname: localhost, password: <snip>,
realname: m00, username: m00}
keyboard: {layout: gb, toggle: null, variant: ''}
locale: en_GB
network:
ethernets:
ens160: {dhcp4: true}
version: 2
ssh:
allow-pw: false
authorized-keys:
- "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGDkEih4fsWSmYe0saDobo6R2dwNBx4gLTmUEoE4qwsBAAAABHNzaDo= m00-usba"
- "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFGtHLAZsVSVDbiYqhaX/g4KOZs3Axqcf9fWtWPmYxeLAAAABHNzaDo= m00-usbc"
install-server: true
storage:
config:
- {ptable: gpt, path: /dev/sda, wipe: superblock, preserve: false, name: '', grub_device: true,
type: disk, id: disk-sda}
- {device: disk-sda, size: 1048576, flag: bios_grub, number: 1, preserve: false,
grub_device: false, type: partition, id: partition-0}
- {device: disk-sda, size: 1073741824, wipe: superblock, flag: '', number: 2,
preserve: false, grub_device: false, type: partition, id: partition-1}
- {fstype: ext4, volume: partition-1, preserve: false, type: format, id: format-0}
- {device: disk-sda, size: -1, wipe: superblock, flag: '', number: 3,
preserve: false, grub_device: false, type: partition, id: partition-2}
- name: ubuntu-vg
devices: [partition-2]
preserve: false
type: lvm_volgroup
id: lvm_volgroup-0
- {name: ubuntu-lv, volgroup: lvm_volgroup-0, size: 100%, preserve: false,
type: lvm_partition, id: lvm_partition-0}
- {fstype: ext4, volume: lvm_partition-0, preserve: false, type: format, id: format-1}
- {device: format-1, path: /, type: mount, id: mount-1}
- {device: format-0, path: /boot, type: mount, id: mount-0}
version: 1
# Almalinux 9
lang en_GB.utf8
keyboard --xlayouts='gb'
timezone Etc/UTC --utc
rootpw --iscrypted <snip>
user --name=m00 --groups=wheel --iscrypted --password=<snip> --uid=5000 --gid=5000
reboot
text
url --url=http://192.168.10.250/dist/alma/alma9.1/BaseOS
repo --name=AppStream --baseurl=http://192.168.10.250/dist/alma/alma9.1/AppStream
#####
# Disk layout
#####
zerombr
clearpart --all --initlabel --drives=sda
part /boot --fstype xfs --size=500 --ondisk=sda --asprimary
part /boot/efi --fstype vfat --size=200 --ondisk=sda --asprimary
part pv.01 --size=10 --grow --ondisk=sda
volgroup vg_root pv.01
logvol / --fstype xfs --name=lv_root --vgname=vg_root --size=4096 --grow
skipx
firstboot --disable
authselect select minimal
selinux --enforcing
firewall --enabled --ssh
#####
# Packages
#####
%packages
@^minimal-environment
@standard
cloud-utils-growpart
git
setroubleshoot-server
vim-enhanced
whois
yum-utils
%end
#####
# Post-install scripts
#####
%post
echo "PermitRootLogin prohibit-password" > /etc/ssh/sshd_config.d/01-sshd_settings.conf
echo "PasswordAuthentication no" >> /etc/ssh/sshd_config.d/01-sshd_settings.conf
/usr/bin/sed -i "s/^%wheel\s*ALL=(ALL)\s*ALL/%wheel ALL=(ALL) NOPASSWD: ALL/g" /etc/sudoers
curl -fsSL https://tailscale.com/install.sh | sh
git clone --depth 1 https://github.com/junegunn/fzf.git /etc/skel/.fzf
/usr/bin/mkdir -p /home/m00/.ssh
/bin/cat >>/home/m00/.ssh/authorized_keys <<EOF
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGDkEih4fsWSmYe0saDobo6R2dwNBx4gLTmUEoE4qwsBAAAABHNzaDo= m00-usba
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFGtHLAZsVSVDbiYqhaX/g4KOZs3Axqcf9fWtWPmYxeLAAAABHNzaDo= m00-usbc
EOF
chmod 700 /home/m00/.ssh
chmod 600 /home/m00/.ssh/authorized_keys
/bin/chown m00:m00 -R /home/m00/.ssh
/usr/sbin/restorecon -R /home
/usr/bin/dnf update -y
/usr/bin/dnf kpatch auto
← Useful Links vscode →