summaryrefslogtreecommitdiff
path: root/roles/installer/debian
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2022-10-25 00:09:19 +0200
committerChristian Pointner <equinox@spreadspace.org>2022-10-25 00:09:24 +0200
commit9519c960415e6af12ed5fe875ede74366515d5de (patch)
treee30f37daa413fefb51ec7e6b021d0bd7cc2a4f85 /roles/installer/debian
parentadd new ch-pan (diff)
add support for kali linux (WIP)
Diffstat (limited to 'roles/installer/debian')
-rw-r--r--roles/installer/debian/fetch/defaults/main.yml1
-rw-r--r--roles/installer/debian/fetch/tasks/main.yml6
-rw-r--r--roles/installer/debian/fetch/tasks/verify-kali.yml33
-rw-r--r--roles/installer/debian/fetch/vars/main.yml12
-rw-r--r--roles/installer/debian/preseed/templates/preseed_kali-kali-rolling.cfg.j292
5 files changed, 138 insertions, 6 deletions
diff --git a/roles/installer/debian/fetch/defaults/main.yml b/roles/installer/debian/fetch/defaults/main.yml
index 1b9f8206..d42ee361 100644
--- a/roles/installer/debian/fetch/defaults/main.yml
+++ b/roles/installer/debian/fetch/defaults/main.yml
@@ -8,3 +8,4 @@ debian_installer_force_download: no
debian_installer_url:
debian: "http://{{ apt_repo_providers[apt_repo_provider].debian.host }}{{ apt_repo_providers[apt_repo_provider].debian.path }}"
ubuntu: "http://{{ apt_repo_providers[apt_repo_provider].ubuntu.host }}{{ apt_repo_providers[apt_repo_provider].ubuntu.path }}"
+ kali: "http://{{ apt_repo_providers[apt_repo_provider].kali.host }}{{ apt_repo_providers[apt_repo_provider].kali.path }}"
diff --git a/roles/installer/debian/fetch/tasks/main.yml b/roles/installer/debian/fetch/tasks/main.yml
index b0dd59a5..433f2631 100644
--- a/roles/installer/debian/fetch/tasks/main.yml
+++ b/roles/installer/debian/fetch/tasks/main.yml
@@ -15,6 +15,12 @@
changed_when: false
register: debian_installer_sha256sums
+ - loop: "{{ debian_installer_sha256sums.results }}"
+ loop_control:
+ label: "{{ item.item }}"
+ debug:
+ msg: "{{ debian_installer_base_url }}/{{ debian_installer_variant_path }}/{{ item.item }}"
+
- name: download installer files
loop: "{{ debian_installer_sha256sums.results }}"
loop_control:
diff --git a/roles/installer/debian/fetch/tasks/verify-kali.yml b/roles/installer/debian/fetch/tasks/verify-kali.yml
new file mode 100644
index 00000000..6c1c41cb
--- /dev/null
+++ b/roles/installer/debian/fetch/tasks/verify-kali.yml
@@ -0,0 +1,33 @@
+---
+- name: download Release and Signature file
+ loop:
+ - Release
+ - Release.gpg
+ get_url:
+ url: "{{ debian_installer_base_url | dirname | dirname | dirname | dirname }}/{{ item }}"
+ dest: "{{ debian_installer_target_dir }}/{{ item }}"
+ force: "{{ debian_installer_force_download }}"
+
+- name: verfiy signature of Release file
+ command: >-
+ gpgv --keyring "{{ installer_keyrings_path | default(installer_base_path+'/keyrings') }}/kali-archive.gpg"
+ "{{ debian_installer_target_dir }}/Release.gpg" "{{ debian_installer_target_dir }}/Release"
+ changed_when: False
+ register: debian_installer_gpg_result
+
+- debug:
+ var: debian_installer_gpg_result.stderr_lines
+
+### TODO: actually enable Signature verification!!!
+
+# - name: extract checksum file hash from Release file
+# command: grep -E "^ [0-9a-z]{64} .* main/installer-{{ debian_installer_arch }}/current/{{ [debian_installer_distro, debian_installer_codename] | di_images_path }}/SHA256SUMS$" "{{ debian_installer_target_dir }}/Release"
+# changed_when: false
+# register: debian_installer_release_sha256
+
+- name: download SHA256SUMS
+ get_url:
+ url: "{{ debian_installer_base_url }}/SHA256SUMS"
+ dest: "{{ debian_installer_target_dir }}/SHA256SUMS"
+# checksum: "sha256:{{ (debian_installer_release_sha256.stdout | trim).split(' ') | first }}"
+ force: "{{ debian_installer_force_download }}"
diff --git a/roles/installer/debian/fetch/vars/main.yml b/roles/installer/debian/fetch/vars/main.yml
index 989fc305..af02ac4b 100644
--- a/roles/installer/debian/fetch/vars/main.yml
+++ b/roles/installer/debian/fetch/vars/main.yml
@@ -2,19 +2,19 @@
debian_installer_base_url: "{{ debian_installer_url[debian_installer_distro] }}/dists/{{ [debian_installer_distro, debian_installer_codename] | di_dists_path }}/main/installer-{{ debian_installer_arch }}/current/{{ [debian_installer_distro, debian_installer_codename] | di_images_path }}"
_debian_installer_variant_path_:
- netboot: "netboot/{{ debian_installer_distro }}-installer/{{ debian_installer_arch }}"
+ netboot: "netboot/{{ (debian_installer_distro == 'ubuntu') | ternary('ubuntu', 'debian') }}-installer/{{ debian_installer_arch }}"
hd-media: "hd-media"
mini-iso: "netboot"
_debian_installer_variant_files_:
netboot:
- - linux
- - initrd.gz
+ - linux
+ - initrd.gz
hd-media:
- - vmlinuz
- - initrd.gz
+ - vmlinuz
+ - initrd.gz
mini-iso:
- - mini.iso
+ - mini.iso
debian_installer_variant_path: "{{ _debian_installer_variant_path_[debian_installer_variant] }}"
debian_installer_variant_files: "{{ _debian_installer_variant_files_[debian_installer_variant] }}"
diff --git a/roles/installer/debian/preseed/templates/preseed_kali-kali-rolling.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_kali-kali-rolling.cfg.j2
new file mode 100644
index 00000000..17a1732b
--- /dev/null
+++ b/roles/installer/debian/preseed/templates/preseed_kali-kali-rolling.cfg.j2
@@ -0,0 +1,92 @@
+#########################################################################
+# ansible-generated preseed file for Kali Rolling Release based machines
+#########################################################################
+
+d-i debian-installer/language string {{ debian_preseed_language }}
+d-i debian-installer/country string {{ debian_preseed_country }}
+d-i debian-installer/locale string {{ debian_preseed_locales | first }}
+
+d-i keyboard-configuration/xkb-keymap select {{ debian_preseed_keyboard_layout }}
+d-i console-keymaps-at/keymap select {{ debian_preseed_keyboard_layout }}
+
+d-i hw-detect/load_firmware boolean false
+
+d-i netcfg/choose_interface select {{ install_interface | default(network.primary.name) }}
+{% if (install_dhcp | default(false)) %}
+d-i netcfg/disable_dhcp boolean false
+d-i netcfg/disable_autoconfig boolean false
+{% else %}
+d-i netcfg/disable_dhcp boolean true
+d-i netcfg/disable_autoconfig boolean true
+d-i netcfg/get_ipaddress string {{ network.primary.address | ansible.utils.ipaddr('address') }}
+d-i netcfg/get_netmask string {{ network.primary.address | ansible.utils.ipaddr('netmask') }}
+d-i netcfg/get_gateway string {{ network.primary.gateway }}
+d-i netcfg/get_nameservers string {{ network.nameservers | join(' ') }}
+d-i netcfg/confirm_static boolean true
+{% endif %}
+
+d-i netcfg/hostname string {{ host_name }}
+d-i netcfg/get_hostname string {{ host_name }}
+d-i netcfg/domain string {{ network.domain }}
+d-i netcfg/get_domain string {{ network.domain }}
+d-i netcfg/wireless_wep string
+
+
+d-i mirror/country string manual
+d-i mirror/http/hostname string {{ apt_repo_providers[apt_repo_provider].kali.host }}
+d-i mirror/http/directory string {{ apt_repo_providers[apt_repo_provider].kali.path }}
+d-i mirror/http/proxy string
+
+
+d-i passwd/make-user boolean false
+d-i passwd/root-password password this-very-very-secure-password-will-be-removed-by-latecommand
+d-i passwd/root-password-again password this-very-very-secure-password-will-be-removed-by-latecommand
+
+
+d-i clock-setup/utc boolean true
+d-i time/zone string {{ debian_preseed_timezone }}
+d-i clock-setup/ntp boolean false
+
+
+{% if not debian_preseed_manual_partitioning %}
+{% include 'partman_config.j2' %}
+{% endif %}
+
+
+{% if debian_preseed_kernel_image is defined %}
+d-i base-installer/kernel/image string {{ debian_preseed_kernel_image }}
+{% endif %}
+
+d-i base-installer/install-recommends boolean false
+d-i apt-setup/services-select multiselect
+d-i apt-setup/enable-source-repositories boolean false
+
+tasksel tasksel/first multiselect {{ debian_preseed_install_tasks | join(', ') }}
+d-i pkgsel/include string openssh-server {{ python_basename }} {{ python_basename }}-apt
+d-i pkgsel/upgrade select safe-upgrade
+popularity-contest popularity-contest/participate boolean false
+
+d-i finish-install/reboot_in_progress note
+
+
+d-i preseed/late_command string \
+ lvremove -f {{ host_name }}/dummy; \
+ in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \
+ in-target bash -c "sed -e 's/^allow-hotplug/auto/' -i /etc/network/interfaces"; \
+ in-target bash -c "rm -f /etc/systemd/network/73-usb-net-by-mac.link /etc/systemd/network/99-default.link"; \
+{% if debian_preseed_force_net_ifnames_policy is defined %}
+ mkdir -p /target/etc/systemd/network; \
+ in-target bash -c "echo '[Match]' > /etc/systemd/network/90-namepolicy.link"; \
+ in-target bash -c "echo 'OriginalName=*' >> /etc/systemd/network/90-namepolicy.link"; \
+ in-target bash -c "echo '' >> /etc/systemd/network/90-namepolicy.link"; \
+ in-target bash -c "echo '[Link]' >> /etc/systemd/network/90-namepolicy.link"; \
+ in-target bash -c "echo 'NamePolicy={{ debian_preseed_force_net_ifnames_policy }}' >> /etc/systemd/network/90-namepolicy.link"; \
+ in-target bash -c "update-initramfs -u"; \
+{% endif %}
+ in-target bash -c "passwd -d root && passwd -l root"; \
+{% if ansible_port is defined %}
+ in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \
+{% endif %}
+ in-target bash -c "systemctl enable ssh"; \
+ mkdir -p -m 0700 /target/root/.ssh; \
+ cp /authorized_keys /target/root/.ssh/