diff options
| -rw-r--r-- | chaos-at-home/ch-testvm-prometheus.yml | 12 | ||||
| -rw-r--r-- | files/common/keyrings/debian-bookworm.gpg | bin | 0 -> 36853 bytes | |||
| -rw-r--r-- | roles/apt-repo/base/defaults/main.yml | 10 | ||||
| -rw-r--r-- | roles/installer/debian/preseed/templates/preseed_debian-bookworm.cfg.j2 | 96 |
4 files changed, 104 insertions, 14 deletions
diff --git a/chaos-at-home/ch-testvm-prometheus.yml b/chaos-at-home/ch-testvm-prometheus.yml index 2087cdb9..9a1191ad 100644 --- a/chaos-at-home/ch-testvm-prometheus.yml +++ b/chaos-at-home/ch-testvm-prometheus.yml @@ -7,15 +7,3 @@ - role: core/sshd/base - role: core/zsh - role: core/ntp - -- name: Payload Setup - hosts: ch-testvm-prometheus - roles: - - role: apt-repo/spreadspace - - role: nginx/base - - role: monitoring/prometheus/ca - - role: monitoring/prometheus/server - - role: monitoring/prometheus/exporter - #- role: monitoring/prometheus/alertmanager - #- role: monitoring/grafana - - role: monitoring/landingpage diff --git a/files/common/keyrings/debian-bookworm.gpg b/files/common/keyrings/debian-bookworm.gpg Binary files differnew file mode 100644 index 00000000..23153bcc --- /dev/null +++ b/files/common/keyrings/debian-bookworm.gpg diff --git a/roles/apt-repo/base/defaults/main.yml b/roles/apt-repo/base/defaults/main.yml index a5102fc4..37ff5e88 100644 --- a/roles/apt-repo/base/defaults/main.yml +++ b/roles/apt-repo/base/defaults/main.yml @@ -1,10 +1,16 @@ --- +_apt_repo_base_components_debian_: + until_bullseye: + - main + after_bullseye: + - main + - non-free-firmware + apt_repo_base_components: ubuntu: - main - universe - debian: - - main + debian: "{{ ((ansible_distribution_major_version | int) <= 11) | ternary(_apt_repo_base_components_debian_.until_bullseye, _apt_repo_base_components_debian_.after_bullseye) }}" raspbian: - main - rpi diff --git a/roles/installer/debian/preseed/templates/preseed_debian-bookworm.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_debian-bookworm.cfg.j2 new file mode 100644 index 00000000..96c23d86 --- /dev/null +++ b/roles/installer/debian/preseed/templates/preseed_debian-bookworm.cfg.j2 @@ -0,0 +1,96 @@ +######################################################################### +# ansible-generated preseed file for Debian bookworm based machines +######################################################################### + +d-i debian-installer/language string {{ debian_preseed_language }} +d-i debian-installer/country string {{ debian_preseed_country }} +d-i debian-installer/locale string {{ debian_preseed_locales | first }} +d-i localechooser/preferred-locale string {{ debian_preseed_locales | first }} +d-i localechooser/supported-locales multiselect {{ debian_preseed_locales | join(', ') }} + +d-i keyboard-configuration/xkb-keymap select {{ debian_preseed_keyboard_layout }} +d-i keyboard-configuration/layoutcode string {{ debian_preseed_keyboard_layout }} +d-i keyboard-configuration/variantcode string {{ debian_preseed_keyboard_variant }} + +d-i hw-detect/load_firmware boolean false + +d-i netcfg/choose_interface select {{ install_interface | default(network.primary.name) }} +{% if (install_dhcp | default(false)) %} +d-i netcfg/disable_dhcp boolean false +d-i netcfg/disable_autoconfig boolean false +{% else %} +d-i netcfg/disable_dhcp boolean true +d-i netcfg/disable_autoconfig boolean true +d-i netcfg/get_ipaddress string {{ network.primary.address | ansible.utils.ipaddr('address') }} +d-i netcfg/get_netmask string {{ network.primary.address | ansible.utils.ipaddr('netmask') }} +d-i netcfg/get_gateway string {{ network.primary.gateway }} +d-i netcfg/get_nameservers string {{ network.nameservers | join(' ') }} +d-i netcfg/confirm_static boolean true +{% endif %} + +d-i netcfg/hostname string {{ host_name }} +d-i netcfg/get_hostname string {{ host_name }} +d-i netcfg/domain string {{ network.domain }} +d-i netcfg/get_domain string {{ network.domain }} +d-i netcfg/wireless_wep string + + +d-i mirror/country string manual +d-i mirror/http/hostname string {{ apt_repo_providers[apt_repo_provider].debian.host }} +d-i mirror/http/directory string {{ apt_repo_providers[apt_repo_provider].debian.path }} +d-i mirror/http/proxy string + + +d-i passwd/make-user boolean false +d-i passwd/root-password password this-very-very-secure-password-will-be-removed-by-latecommand +d-i passwd/root-password-again password this-very-very-secure-password-will-be-removed-by-latecommand + + +d-i clock-setup/utc boolean true +d-i time/zone string {{ debian_preseed_timezone }} +d-i clock-setup/ntp boolean false + + +{% if not debian_preseed_manual_partitioning %} +{% include 'partman_config.j2' %} +{% endif %} + + +{% if debian_preseed_kernel_image is defined %} +d-i base-installer/kernel/image string {{ debian_preseed_kernel_image }} +{% endif %} + +d-i base-installer/install-recommends boolean false +d-i apt-setup/security_host string {{ apt_repo_providers[apt_repo_provider].debian_security.host }} +d-i apt-setup/security_path string {{ apt_repo_providers[apt_repo_provider].debian_security.path }} + +tasksel tasksel/first multiselect {{ debian_preseed_install_tasks | join(', ') }} +d-i pkgsel/include string openssh-server {{ python_basename }} {{ python_basename }}-apt +d-i pkgsel/upgrade select safe-upgrade +popularity-contest popularity-contest/participate boolean false + +d-i finish-install/reboot_in_progress note +{% if debian_preseed_poweroff_when_done %} +d-i debian-installer/exit/poweroff boolean true +{% endif %} + + +d-i preseed/late_command string \ + lvremove -f {{ host_name }}/dummy; \ + in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \ + in-target bash -c "sed -e 's/^allow-hotplug/auto/' -i /etc/network/interfaces"; \ +{% if debian_preseed_force_net_ifnames_policy is defined %} + mkdir -p /target/etc/systemd/network; \ + in-target bash -c "echo '[Match]' > /etc/systemd/network/90-namepolicy.link"; \ + in-target bash -c "echo 'OriginalName=*' >> /etc/systemd/network/90-namepolicy.link"; \ + in-target bash -c "echo '' >> /etc/systemd/network/90-namepolicy.link"; \ + in-target bash -c "echo '[Link]' >> /etc/systemd/network/90-namepolicy.link"; \ + in-target bash -c "echo 'NamePolicy={{ debian_preseed_force_net_ifnames_policy }}' >> /etc/systemd/network/90-namepolicy.link"; \ + in-target bash -c "update-initramfs -u"; \ +{% endif %} + in-target bash -c "passwd -d root && passwd -l root"; \ +{% if ansible_port is defined %} + in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \ +{% endif %} + mkdir -p -m 0700 /target/root/.ssh; \ + cp /authorized_keys /target/root/.ssh/ |