From 0fcf53e525d019d7076d9654659fc73819bbec97 Mon Sep 17 00:00:00 2001 From: phermeys Date: Sun, 14 Sep 2025 14:22:00 -0700 Subject: [PATCH] init commit --- README.md | 5 + defaults/main.yaml | 35 +++++ tasks/build_iso.yaml | 206 +++++++++++++++++++++++++++++ tasks/config_pxe.yaml | 164 +++++++++++++++++++++++ tasks/config_routing.yaml | 37 ++++++ tasks/main.yaml | 22 +++ templates/dhcpd.conf.j2 | 9 ++ templates/grub-iso.cfg.j2 | 163 +++++++++++++++++++++++ templates/grub.cfg.j2 | 138 +++++++++++++++++++ templates/isc-dhcp-server.j2 | 2 + templates/preseed-server-v2.cfg.j2 | 97 ++++++++++++++ templates/preseed-server.cfg.j2 | 81 ++++++++++++ templates/preseed-usb.cfg.j2 | 102 ++++++++++++++ templates/tftpd-hpa.j2 | 4 + 14 files changed, 1065 insertions(+) create mode 100644 README.md create mode 100644 defaults/main.yaml create mode 100644 tasks/build_iso.yaml create mode 100644 tasks/config_pxe.yaml create mode 100644 tasks/config_routing.yaml create mode 100644 tasks/main.yaml create mode 100755 templates/dhcpd.conf.j2 create mode 100755 templates/grub-iso.cfg.j2 create mode 100755 templates/grub.cfg.j2 create mode 100755 templates/isc-dhcp-server.j2 create mode 100755 templates/preseed-server-v2.cfg.j2 create mode 100755 templates/preseed-server.cfg.j2 create mode 100755 templates/preseed-usb.cfg.j2 create mode 100755 templates/tftpd-hpa.j2 diff --git a/README.md b/README.md new file mode 100644 index 0000000..f536e97 --- /dev/null +++ b/README.md @@ -0,0 +1,5 @@ +This is the playbook that generates a PXE server for Matt-Cloud Debian base images. The chicken-and-egg issue is that this playbook needs to be run on a base-image system. + +Nah it's not that hard, just manually add the key to a bone-stock Debian system and the cosmos_init playbook will get it all back. Part of this playbook is generating an ISO file that can be written to a USB drive for creating base images identical to the PXE image. + +I am not providing the base image files here, I want to keep that off the public internet. Expecially the keys and VPN configs. \ No newline at end of file diff --git a/defaults/main.yaml b/defaults/main.yaml new file mode 100644 index 0000000..5768b76 --- /dev/null +++ b/defaults/main.yaml @@ -0,0 +1,35 @@ +--- + +# packages needed for PXE +pxe_packages: + - tftpd-hpa + - isc-dhcp-server + - apache2 + - syslinux-common + - iptables-persistent + +iso_packages: + - xorriso + - rsync + - syslinux + - binutils + - isolinux + +deb13_src: "/opt/cosmos/deb13-source" + +deb13_iso: "/opt/cosmos/deb13-iso" + +iso_share: "/media/share/iso" + +deb13_pxe: "/opt/cosmos/pxe" + +archive_fresh: false + +build_iso: false +deploy_iso: false +iso_only: false +configure_routing: true +cpu_architecture: "amd64" +# this is true because it will always be set in jenkins +refresh_only: true +... \ No newline at end of file diff --git a/tasks/build_iso.yaml b/tasks/build_iso.yaml new file mode 100644 index 0000000..95e5a96 --- /dev/null +++ b/tasks/build_iso.yaml @@ -0,0 +1,206 @@ +--- +# https://gist.github.com/zuzzas/a1695344162ac7fa124e15855ce0768f +# http://askubuntu.com/questions/6684/preseeding-ubuntu-server + +############################################### +# Install packages needed for ISO Building +############################################### + +- name: Build ISO - APT - Install Packages + apt: + name: + - "{{ item }}" + state: present + loop: "{{ iso_packages }}" + when: not refresh_only or iso_only | bool + +############################################### +# DEB13 Source ISO Extract +# Download the most recent ISO from debian +# Extract contents to local folder +############################################### + +- name: Build ISO - Extract Source - Check ISO Directory + file: + path: "{{ iso_share }}" + state: directory + mode: '0755' + +- name: Build ISO - Extract Source - Check Temp Directory + file: + path: "{{ deb13_pxe }}" + state: directory + mode: '0644' + +- name: Build ISO - Extract Source - Check Extraction Directory + file: + path: "{{ deb13_iso }}" + state: directory + mode: '0644' + +- name: Build ISO - Extract Source - Check Source Directory + file: + path: "{{ deb13_src }}" + state: directory + mode: '0644' + +- name: Build ISO - Get Recent Debian Version + shell: | + curl -s https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/ | \ + grep netinst | grep iso | grep -v -e edu -e mac | cut -d '"' -f 6 + register: recent_version + +- name: Build ISO - Display Recent Version + debug: + msg: "Current Debian ISO name: {{ recent_version.stdout_lines[0] }}" + +- name: Build ISO - Extract Source - Download ISO + get_url: + url: "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/{{ recent_version.stdout_lines[0] }}" + dest: "{{ iso_share }}/deb13-master.iso" + mode: '0644' + register: deb13_iso_download + +- name: show iso size + debug: + msg: "Debian Net ISO Size is {{ (deb13_iso_download.size | float ) / 1048576 }}MB" + +- name: Build ISO - Extract Source - Mount ISO + shell: "mount -o loop {{ iso_share }}/deb13-master.iso {{ deb13_iso }}" + +- name: Build ISO - Extract Source - Copy ISO data + shell: "rsync -a -H --exclude=TRANS.TBL {{ deb13_iso }}/ {{ deb13_src }}" + +- name: Build ISO - Extract Source - Unmount ISO + shell: "umount {{ deb13_iso }}" + +############################################### +# Copy Matt-Cloud Init Script et. al. +############################################### +############################################### +# DEB13 Source modify +# Copy preseed file to source +# copy cosmos-init data to source +# Add preseed to initrd +# Recompute checksums +############################################### + +- name: Build ISO - Modify Source - Correct Permissions + shell: "chmod -R 755 {{ deb13_src }}" + +- name: Build ISO - Modify Source - Copy Preseed + template: + src: preseed-usb.cfg.j2 + dest: "{{ deb13_src }}/preseed.cfg" + mode: 0644 + +# Create cosmos folder +# +# copy files for preseed +# jenkins_key +# update_issue.sh +# permitrootlogin +# .bashrc +# stat.sh +# cosmos-client.conf +- name: Build ISO - Modify Source - Create Cosmos Folder + file: + path: "{{ deb13_src }}/cosmos" + state: directory + mode: '0755' + +- name: build archive if needed + when: not archive_fresh | bool + ansible.builtin.archive: + path: "/var/jenkins_home/ansible/roles/pxe_server/files/init" + dest: "/var/jenkins_home/ansible/roles/pxe_server/files/cosmos-init.tar" + format: "tar" + delegate_to: localhost + + # Copy Archive to Target +- name: Files - Copy cosmos-init.tar to target + copy: + src: /var/jenkins_home/ansible/roles/pxe_server/files/cosmos-init.tar + dest: "{{ deb13_src }}/cosmos/cosmos-init.tar" + mode: 0644 + +- name: Check archive size + shell: "ls -lah {{ deb13_src }}/cosmos/cosmos-init.tar | cut -d ' ' -f 5 " + register: archive_size_output + +- name: Show archive size + debug: + msg: "cosmos-init.tar archive is {{ archive_size_output.stdout_lines[0] }}" + +- name: Build ISO - Modify Source - remove GUI install option + shell: | + sed -i '/menuentry --hotkey=g '\''Graphical install'\'' {/,/^}/d' {{ deb13_src }}/boot/grub/grub.cfg + +- name: Build ISO - Modify Source - edit isolinux/txt.cfg + shell: > + sed 's/initrd.gz/initrd.gz file=\/cdrom\/preseed.cfg/' -i /opt/cosmos/deb13-source/isolinux/txt.cfg + +- name: Build ISO - Modify Source - add preseed to initrd + shell: | + ISODIR_WRITE={{ deb13_src }}/ + mkdir $ISODIR_WRITE/irmod + cd $ISODIR_WRITE/irmod + gzip -d < $ISODIR_WRITE/install.amd/initrd.gz | \ + cpio --extract --make-directories --no-absolute-filenames + cp $ISODIR_WRITE/preseed.cfg preseed.cfg + chown root:root preseed.cfg + chmod o+w $ISODIR_WRITE/install.amd/initrd.gz + find . | cpio -H newc --create | \ + gzip -9 > $ISODIR_WRITE/install.amd/initrd.gz + chmod o-w $ISODIR_WRITE/install.amd/initrd.gz + cd $ISODIR_WRITE/ + rm -fr $ISODIR_WRITE/irmod/ + +- name: Build ISO - Modify Source - fixing MD5 checksums + shell: | + cd {{ deb13_src }}/ + md5sum $(find -type f) > {{ deb13_src }}/md5sum.txt + +############################################### +# DEB12 Build ISO * 'burn' script +############################################### + +- name: Build ISO - Build Deb13-MC.iso + shell: | + xorriso -as mkisofs \ + -r \ + -V "Deb13_MC" \ + -o "{{ iso_share }}/Deb13-MC.iso" \ + -J \ + -isohybrid-mbr /usr/lib/ISOLINUX/isohdpfx.bin \ + -partition_offset 16 \ + -A "Debian 13 Matt-Cloud ISO" \ + -b isolinux/isolinux.bin \ + -c isolinux/boot.cat \ + -no-emul-boot \ + -boot-load-size 4 \ + -boot-info-table \ + -eltorito-alt-boot \ + -e boot/grub/efi.img \ + -no-emul-boot \ + -isohybrid-gpt-basdat \ + -append_partition 2 0xef {{ deb13_src }}/boot/grub/efi.img \ + {{ deb13_src }} + +- name: get iso size + shell: "ls -lah {{ iso_share }}/Deb13-MC.iso | cut -d ' ' -f 5" + register: iso_size_output + +- name: show iso size + debug: + msg: "Deb13-MC.iso is {{ iso_size_output.stdout_lines[0] }}." + +- name: Build ISO - Build 'burn' script + shell: "echo dd if={{ iso_share }}/Deb13-MC.iso of=CHANGE_TO_USB bs=16M status=progress oflag=sync > {{ iso_share }}/burn_deb.sh" + +- name: Build ISO - Make 'burn' script executable + shell: "chmod +x {{ iso_share }}/burn_deb.sh" + + +... + diff --git a/tasks/config_pxe.yaml b/tasks/config_pxe.yaml new file mode 100644 index 0000000..373a61a --- /dev/null +++ b/tasks/config_pxe.yaml @@ -0,0 +1,164 @@ +--- + + +############################################### +# Install packages needed for PXE +############################################### +- name: APT - Install Packages + apt: + name: + - "{{ item }}" + state: present + loop: "{{ pxe_packages }}" + when: not refresh_only | bool + +############################################### +# DHCP Server +############################################### +# Stop DHCP server +- name: DHCP - Stop DHCP + service: + name: isc-dhcp-server + state: stopped + enabled: yes + +# Copy DHCP config file 1 +- name: DHCP - Copy dhcpd.conf + template: + src: dhcpd.conf.j2 + dest: /etc/dhcp/dhcpd.conf + mode: 0644 + +# Copy DHCP config file 2 +- name: DHCP - Copy isc-dhcp-server + template: + src: isc-dhcp-server.j2 + dest: /etc/default/isc-dhcp-server + mode: 0644 + +# Start DHCP server +- name: DHCP - Start DHCP + service: + name: isc-dhcp-server + state: started + enabled: yes + +# Download vendor list for dhcp-lease-list +- name: DHCP - Download vendor list for dhcp-lease-list + get_url: + url: "http://standards-oui.ieee.org/oui.txt" + dest: /usr/local/etc/oui.txt + mode: '0644' + +############################################### +# TFTP Server +############################################### + +# Stop TFTP Server +- name: TFTP - Stop TFTP + service: + name: tftpd-hpa + state: stopped + enabled: yes + +# Create TFTP server folder structure +- name: TFTP - Create tftp directory + file: + path: /srv/tftp + state: directory + mode: '0755' + owner: tftp + group: tftp + +# Copy TFTP Config File +- name: TFTP - Copy tftpd-hpa + template: + src: tftpd-hpa.j2 + dest: /etc/default/tftpd-hpa + mode: 0644 + +# Start TFTP Server +- name: TFTP - Start TFTP + service: + name: tftpd-hpa + state: started + enabled: yes + +############################################### +# Copy necessary files +############################################### + +# Create destination folder for all the next stuff +- name: Files - Create debian-installer directory + file: + path: /var/www/html/debian-installer/amd64 + state: directory + mode: '0755' + owner: www-data + group: www-data + +## Old comments: +## Extract trixie debian netboot files +## These are from the syslinux-common package +## Some of the files from the trixie netboot archive +## are needed for this voodoo to all work +## This is one of the two files called in the grub bootloader +## This is the other file called in the grub bootloader +## Changing from bookworm to trixie, bookworm curl command: +## curl -L https://deb.debian.org/debian/dists/bookworm/main/installer-amd64/current/images/netboot/netboot.tar.gz | \ +- name: Files - copy static files + shell: | + curl -L https://deb.debian.org/debian/dists/trixie/main/installer-amd64/current/images/netboot/netboot.tar.gz | \ + tar xz -C /var/www/html/debian-installer/amd64 + cp /usr/lib/syslinux/modules/bios/* /srv/tftp/ + cp -R /var/www/html/debian-installer/amd64/debian-installer /srv/tftp/ + cp /var/www/html/debian-installer/amd64/debian-installer/amd64/linux /srv/tftp/debian-installer/amd64/linux + cp /var/www/html/debian-installer/amd64/debian-installer/amd64/initrd.gz /srv/tftp/debian-installer/amd64/initrd.gz + register: static_files_output + +# Oh Hai grub bootloader, I was just talking about you +- name: Files - copy the grub + block: + - name: Files - Copy grub.cfg to tftp + when: not deploy_iso | bool + template: + src: grub.cfg.j2 + dest: /srv/tftp/debian-installer/amd64/grub/grub.cfg + mode: 0644 + + - name: Files - Copy grub-iso.cfg to tftp + when: deploy_iso | bool + template: + src: grub-iso.cfg.j2 + dest: /srv/tftp/debian-installer/amd64/grub/grub.cfg + mode: 0644 + +# This is the preseed file for unattended server installation +# It's served from HTTP now because bollocks to weird TFTP foolishness +- name: Files - Copy server preseed to http + template: + src: preseed-server-v2.cfg.j2 + dest: /var/www/html/preseed-server.cfg + mode: 0644 + +# Build Fresh Init Archive +- name: Files - Cosmos Init + ansible.builtin.archive: + path: "/var/jenkins_home/ansible/roles/pxe_server/files/init" + dest: "/var/jenkins_home/ansible/roles/pxe_server/files/cosmos-init.tar" + format: "tar" + delegate_to: localhost + +# update archive_fresh +- name: update archive_fresh + set_fact: + archive_fresh: true + +# Copy Archive to Target +- name: Files - Copy cosmos-init.tar to target + copy: + src: /var/jenkins_home/ansible/roles/pxe_server/files/cosmos-init.tar + dest: /var/www/html/cosmos-init.tar + mode: 0644 +... + diff --git a/tasks/config_routing.yaml b/tasks/config_routing.yaml new file mode 100644 index 0000000..6c702fb --- /dev/null +++ b/tasks/config_routing.yaml @@ -0,0 +1,37 @@ +--- + + +############################################### +# Configure internet_interface to be gateway +############################################### + +# Update sysctl.conf file to enable IP forwarding +- name: sysctl - enable IP forwarding + lineinfile: + path: /etc/sysctl.conf + regexp: '^net.ipv4.ip_forward=' + line: 'net.ipv4.ip_forward=1' + +# Apply sysctl changes +- name: sysctl - apply changes + shell: sysctl -p + +# Set up NAT with iptables +- name: NAT - iptables + shell: iptables -t nat -A POSTROUTING -o {{ internet_interface }} -j MASQUERADE + +# Set up Routing with IP Tables +- name: Routing - iptables + shell: | + iptables -A FORWARD -i {{ listen_interface }} -o {{ internet_interface }} -j ACCEPT + iptables -A FORWARD -i {{ internet_interface }} -o {{ listen_interface }} -m state --state RELATED,ESTABLISHED -j ACCEPT + +# Make iptables rules persistent +- name: Persistence - iptables + shell: | + netfilter-persistent save + netfilter-persistent reload + + +... + diff --git a/tasks/main.yaml b/tasks/main.yaml new file mode 100644 index 0000000..41f6c87 --- /dev/null +++ b/tasks/main.yaml @@ -0,0 +1,22 @@ +--- +# This role builds a pxe server and / or an ISO for the amd64 matt-cloud base image + +- name: PXE Server - Architecture Warning + when: '"arm" in cpu_architecture' + debug: + msg: "Warning - ARM CPU Detected, will not proceed" + +- name: PXE Server - Build PXE Functions + include_tasks: config_pxe.yaml + when: not iso_only | bool + +- name: PXE Server - Set up routing + include_tasks: config_routing.yaml + when: configure_routing | bool and not iso_only | bool + +- name: PXE Server - Build Deb12-MC.iso + include_tasks: build_iso.yaml + when: '"amd" in cpu_architecture' + +... + diff --git a/templates/dhcpd.conf.j2 b/templates/dhcpd.conf.j2 new file mode 100755 index 0000000..b9d0e25 --- /dev/null +++ b/templates/dhcpd.conf.j2 @@ -0,0 +1,9 @@ + +subnet {{ dhcp_subnet }} netmask {{ dhcp_netmask }} { + range {{ dhcp_start }} {{ dhcp_end }}; + option routers {{ router_ip }}; + option domain-name-servers 8.8.8.8, 8.8.4.4; + next-server {{ server_ip }}; # IP of your PXE server + interface {{ listen_interface }}; + filename "debian-installer/amd64/grubx64.efi"; +} diff --git a/templates/grub-iso.cfg.j2 b/templates/grub-iso.cfg.j2 new file mode 100755 index 0000000..d22469c --- /dev/null +++ b/templates/grub-iso.cfg.j2 @@ -0,0 +1,163 @@ +if loadfont $prefix/font.pf2 ; then + set gfxmode=800x600 + set gfxpayload=keep + insmod efi_gop + insmod efi_uga + insmod video_bochs + insmod video_cirrus + insmod gfxterm + insmod png + terminal_output gfxterm +fi + +if background_image /isolinux/splash.png; then + set color_normal=light-gray/black + set color_highlight=white/black +elif background_image /splash.png; then + set color_normal=light-gray/black + set color_highlight=white/black +else + set menu_color_normal=cyan/blue + set menu_color_highlight=white/blue +fi + +insmod play +play 960 440 1 0 4 440 1 +set timeout=5 +set default=0 +menuentry 'Cosmos-Base - Debian 13' { + set background_color=black + linux /debian-installer/amd64/linux vga=788 priority=critical auto=true preseed/url=http://{{ server_ip }}/preseed-server.cfg + initrd /debian-installer/amd64/initrd.gz +} +#menuentry 'Cosmos-Base + KDE Plasma' { +# set background_color=black +# linux /debian-installer/amd64/linux vga=788 priority=critical auto=true preseed/url=http://{{ server_ip }}preseed-plasma.cfg +# initrd /debian-installer/amd64/initrd.gz +#} + +menuentry 'Easeus Test 1' { + set isofile="/iso/easeus.iso" + loopback loop (tftp,{{ server_ip }})$isofile + linux /debian-installer/amd64/linux boot=casper iso-scan/filename=http://{{ server_ip }}$isofile noeject noprompt splash -- + initrd /debian-installer/amd64/initrd.gz +} + +menuentry "Easeus Test 2" { +set root="http,{{ server_ip }}" +set isofile="easeus.iso" +loopback loop0 ($root)/iso/$isofile +linux /debian-installer/amd64/linux boot=casper iso-scan/filename=${isofile} verbose noprompt noeject +initrd /debian-installer/amd64/initrd.gz +} + +#menuentry 'Cosmos-Base + KDE Plasma' { +# set background_color=black +# linux /debian-installer/amd64/linux vga=788 priority=critical auto=true preseed/url=http://{{ server_ip }}preseed-plasma.cfg +# initrd /debian-installer/amd64/initrd.gz +#} +menuentry 'Install' { + set background_color=black + linux /debian-installer/amd64/linux vga=788 --- quiet + initrd /debian-installer/amd64/initrd.gz +} +submenu --hotkey=a 'Advanced options ...' { + set menu_color_normal=cyan/blue + set menu_color_highlight=white/blue + set gfxpayload=keep + menuentry '... Expert install' { + set background_color=black + linux /debian-installer/amd64/linux priority=low vga=788 --- + initrd /debian-installer/amd64/initrd.gz + } + menuentry '... Rescue mode' { + set background_color=black + linux /debian-installer/amd64/linux vga=788 rescue/enable=true --- quiet + initrd /debian-installer/amd64/initrd.gz + } + menuentry '... Automated install' { + set background_color=black + linux /debian-installer/amd64/linux auto=true priority=critical vga=788 --- quiet + initrd /debian-installer/amd64/initrd.gz + } + submenu '... Desktop environment menu ...' { + set menu_color_normal=cyan/blue + set menu_color_highlight=white/blue + set gfxpayload=keep + submenu '... GNOME desktop boot menu ...' { + set menu_color_normal=cyan/blue + set menu_color_highlight=white/blue + set gfxpayload=keep + menuentry '... Install' { + set background_color=black + linux /debian-installer/amd64/linux desktop=gnome vga=788 --- quiet + initrd /debian-installer/amd64/initrd.gz + } + submenu '... GNOME advanced options ...' { + set menu_color_normal=cyan/blue + set menu_color_highlight=white/blue + set gfxpayload=keep + menuentry '... Expert install' { + set background_color=black + linux /debian-installer/amd64/linux desktop=gnome priority=low vga=788 --- + initrd /debian-installer/amd64/initrd.gz + } + menuentry '... Automated install' { + set background_color=black + linux /debian-installer/amd64/linux desktop=gnome auto=true priority=critical vga=788 --- quiet + initrd /debian-installer/amd64/initrd.gz + } + } + } + submenu '... KDE Plasma desktop boot menu ...' { + set menu_color_normal=cyan/blue + set menu_color_highlight=white/blue + set gfxpayload=keep + menuentry '... Install' { + set background_color=black + linux /debian-installer/amd64/linux desktop=kde vga=788 --- quiet + initrd /debian-installer/amd64/initrd.gz + } + submenu '... KDE Plasma advanced options ...' { + set menu_color_normal=cyan/blue + set menu_color_highlight=white/blue + set gfxpayload=keep + menuentry '... Expert install' { + set background_color=black + linux /debian-installer/amd64/linux desktop=kde priority=low vga=788 --- + initrd /debian-installer/amd64/initrd.gz + } + menuentry '... Automated install' { + set background_color=black + linux /debian-installer/amd64/linux desktop=kde auto=true priority=critical vga=788 --- quiet + initrd /debian-installer/amd64/initrd.gz + } + } + } + submenu '... LXDE desktop boot menu ...' { + set menu_color_normal=cyan/blue + set menu_color_highlight=white/blue + set gfxpayload=keep + menuentry '... Install' { + set background_color=black + linux /debian-installer/amd64/linux desktop=lxde vga=788 --- quiet + initrd /debian-installer/amd64/initrd.gz + } + submenu '... LXDE advanced options ...' { + set menu_color_normal=cyan/blue + set menu_color_highlight=white/blue + set gfxpayload=keep + menuentry '... Expert install' { + set background_color=black + linux /debian-installer/amd64/linux desktop=lxde priority=low vga=788 --- + initrd /debian-installer/amd64/initrd.gz + } + menuentry '... Automated install' { + set background_color=black + linux /debian-installer/amd64/linux desktop=lxde auto=true priority=critical vga=788 --- quiet + initrd /debian-installer/amd64/initrd.gz + } + } + } + } +} \ No newline at end of file diff --git a/templates/grub.cfg.j2 b/templates/grub.cfg.j2 new file mode 100755 index 0000000..a83b7d5 --- /dev/null +++ b/templates/grub.cfg.j2 @@ -0,0 +1,138 @@ +if loadfont $prefix/font.pf2 ; then + set gfxmode=800x600 + set gfxpayload=keep + insmod efi_gop + insmod efi_uga + insmod video_bochs + insmod video_cirrus + insmod gfxterm + insmod png + terminal_output gfxterm +fi + +if background_image /isolinux/splash.png; then + set color_normal=light-gray/black + set color_highlight=white/black +elif background_image /splash.png; then + set color_normal=light-gray/black + set color_highlight=white/black +else + set menu_color_normal=cyan/blue + set menu_color_highlight=white/blue +fi + +insmod play +play 960 440 1 0 4 440 1 +set timeout=5 +set default=0 +menuentry 'Cosmos-Base Debian 13 Install' { + set background_color=black + linux /debian-installer/amd64/linux vga=788 priority=critical auto=true preseed/url=http://{{ server_ip }}/preseed-server.cfg + initrd /debian-installer/amd64/initrd.gz +} + +menuentry 'Default Debian 13 Install' { + set background_color=black + linux /debian-installer/amd64/linux vga=788 --- quiet + initrd /debian-installer/amd64/initrd.gz +} +submenu --hotkey=a 'Advanced options ...' { + set menu_color_normal=cyan/blue + set menu_color_highlight=white/blue + set gfxpayload=keep + menuentry '... Expert install' { + set background_color=black + linux /debian-installer/amd64/linux priority=low vga=788 --- + initrd /debian-installer/amd64/initrd.gz + } + menuentry '... Rescue mode' { + set background_color=black + linux /debian-installer/amd64/linux vga=788 rescue/enable=true --- quiet + initrd /debian-installer/amd64/initrd.gz + } + menuentry '... Automated install' { + set background_color=black + linux /debian-installer/amd64/linux auto=true priority=critical vga=788 --- quiet + initrd /debian-installer/amd64/initrd.gz + } + submenu '... Desktop environment menu ...' { + set menu_color_normal=cyan/blue + set menu_color_highlight=white/blue + set gfxpayload=keep + submenu '... GNOME desktop boot menu ...' { + set menu_color_normal=cyan/blue + set menu_color_highlight=white/blue + set gfxpayload=keep + menuentry '... Install' { + set background_color=black + linux /debian-installer/amd64/linux desktop=gnome vga=788 --- quiet + initrd /debian-installer/amd64/initrd.gz + } + submenu '... GNOME advanced options ...' { + set menu_color_normal=cyan/blue + set menu_color_highlight=white/blue + set gfxpayload=keep + menuentry '... Expert install' { + set background_color=black + linux /debian-installer/amd64/linux desktop=gnome priority=low vga=788 --- + initrd /debian-installer/amd64/initrd.gz + } + menuentry '... Automated install' { + set background_color=black + linux /debian-installer/amd64/linux desktop=gnome auto=true priority=critical vga=788 --- quiet + initrd /debian-installer/amd64/initrd.gz + } + } + } + submenu '... KDE Plasma desktop boot menu ...' { + set menu_color_normal=cyan/blue + set menu_color_highlight=white/blue + set gfxpayload=keep + menuentry '... Install' { + set background_color=black + linux /debian-installer/amd64/linux desktop=kde vga=788 --- quiet + initrd /debian-installer/amd64/initrd.gz + } + submenu '... KDE Plasma advanced options ...' { + set menu_color_normal=cyan/blue + set menu_color_highlight=white/blue + set gfxpayload=keep + menuentry '... Expert install' { + set background_color=black + linux /debian-installer/amd64/linux desktop=kde priority=low vga=788 --- + initrd /debian-installer/amd64/initrd.gz + } + menuentry '... Automated install' { + set background_color=black + linux /debian-installer/amd64/linux desktop=kde auto=true priority=critical vga=788 --- quiet + initrd /debian-installer/amd64/initrd.gz + } + } + } + submenu '... LXDE desktop boot menu ...' { + set menu_color_normal=cyan/blue + set menu_color_highlight=white/blue + set gfxpayload=keep + menuentry '... Install' { + set background_color=black + linux /debian-installer/amd64/linux desktop=lxde vga=788 --- quiet + initrd /debian-installer/amd64/initrd.gz + } + submenu '... LXDE advanced options ...' { + set menu_color_normal=cyan/blue + set menu_color_highlight=white/blue + set gfxpayload=keep + menuentry '... Expert install' { + set background_color=black + linux /debian-installer/amd64/linux desktop=lxde priority=low vga=788 --- + initrd /debian-installer/amd64/initrd.gz + } + menuentry '... Automated install' { + set background_color=black + linux /debian-installer/amd64/linux desktop=lxde auto=true priority=critical vga=788 --- quiet + initrd /debian-installer/amd64/initrd.gz + } + } + } + } +} \ No newline at end of file diff --git a/templates/isc-dhcp-server.j2 b/templates/isc-dhcp-server.j2 new file mode 100755 index 0000000..151c4bd --- /dev/null +++ b/templates/isc-dhcp-server.j2 @@ -0,0 +1,2 @@ + +INTERFACESv4={{ listen_interface }} diff --git a/templates/preseed-server-v2.cfg.j2 b/templates/preseed-server-v2.cfg.j2 new file mode 100755 index 0000000..11b6b4b --- /dev/null +++ b/templates/preseed-server-v2.cfg.j2 @@ -0,0 +1,97 @@ +# Preseed file for automated Debian installation + +# Locale settings +d-i debian-installer/locale string en_US.UTF-8 +d-i console-setup/ask_detect boolean false +d-i keyboard-configuration/xkb-keymap select us + +# Network configuration +d-i netcfg/disable_dhcp6 boolean true +d-i netcfg/dhcp6_timeout string 1 +d-i netcfg/choose_interface select auto +d-i netcfg/get_hostname string cosmos-base +d-i netcfg/get_domain string home.cosmos + +# Mirror settings +d-i mirror/country string manual +d-i mirror/http/hostname string ftp.us.debian.org +d-i mirror/http/directory string /debian +d-i mirror/http/proxy string +d-i mirror/codename string trixie + +# Account setup +d-i passwd/root-password-crypted password {{ cosmos_root_password | password_hash('sha512') }} +d-i passwd/make-user boolean true +d-i passwd/user-fullname string Cosmos User +d-i passwd/username string cosmos +d-i passwd/user-password-crypted password {{ cosmos_password | password_hash('sha512') }} + +# Clock and time zone setup +d-i clock-setup/utc boolean true +d-i time/zone string America/Los_Angeles +d-i clock-setup/ntp boolean true + +# Partitioning - Regular working +# This does standard partitioning i.e. not LVM +# d-i partman-auto/method string regular +# Obviously this selects the disk +d-i partman-auto/disk select auto +# /dev/sda +# The atomic recipe creates a very simple partitioning scheme with just a single root partition and swap space. +d-i partman-auto/choose_recipe select atomic +# this top one is the magic one that made the prompt go away; huzzah +# This line tells the installer to finalize the partitioning setup. +# By selecting finish, you indicate that you have completed the partitioning and +# the installer should proceed to format the partitions and continue with the installation. +# It's part of the process to automate the steps without manual confirmation +d-i partman/choose_partition select finish +# This setting automatically confirms the partitioning changes, +# allowing the installer to proceed without asking for user confirmation. +# Setting this to true is important for fully automated installations, +# as it avoids stopping the installation process to ask if you want to write the changes to disk. +d-i partman/confirm boolean true +# This line automatically confirms overwriting existing partitions on the disk. +# By setting this to true, the installer will overwrite any existing data +# on the specified disk without prompting for user confirmation. +# This is useful for fully automated installations where you want to ensure that old data is removed. +d-i partman/confirm_nooverwrite boolean true + +# Opt out of the popularity contest survey +popularity-contest popularity-contest/participate boolean false + +# Package selection +tasksel tasksel/first multiselect standard, ssh-server +d-i pkgsel/include string openssh-server curl openvpn net-tools htop +d-i pkgsel/upgrade select none + +d-i preseed/late_command string \ + mkdir -p /target/root/.ssh; \ + mkdir -p /target/root/.config/htop; \ + mkdir -p /target/etc/openvpn/client; \ + mkdir -p /target/opt/cosmos/init; \ + in-target echo " * * * * * root /root/update_issue.sh" >> /etc/crontab; \ + in-target curl -o /opt/cosmos/cosmos-init.tar -L http://{{ server_ip }}/cosmos-init.tar; \ + in-target tar -xf /opt/cosmos/cosmos-init.tar -C /opt/cosmos; \ + cp /target/opt/cosmos/init/jenkins_key.pub /target/root/.ssh/authorized_keys; \ + cp /target/opt/cosmos/init/update_issue.sh /target/root/update_issue.sh; \ + cp /target/opt/cosmos/init/update_issue.service /target/etc/systemd/system/update_issue.service; \ + cp /target/opt/cosmos/init/.bashrc /target/root/.bashrc; \ + cp /target/opt/cosmos/init/htoprc /target/root/.config/htop/htoprc; \ + cp /target/opt/cosmos/init/stat.sh /target/root/stat.sh; \ + cp /target/opt/cosmos/init/cosmos-client.ovpn /target/etc/openvpn/client/cosmos-client.conf; \ + cp /target/opt/cosmos/init/00-update-issue.conf /target/etc/cron.d/update-issue; \ + cp /target/opt/cosmos/init/00-root-allow.conf /target/etc/ssh/sshd_config.d/00-root-allow.conf; \ + in-target chmod +x /root/update_issue.sh; \ + in-target chmod +x /root/stat.sh; \ + in-target systemctl enable update_issue.service; \ + in-target systemctl enable openvpn-client@cosmos-client + +# Grub installation +d-i grub-installer/only_debian boolean true +d-i grub-installer/with_other_os boolean false + +# Reboot after installation +d-i finish-install/reboot_in_progress note + +# Shutdown after installation +d-i debian-installer/exit/poweroff boolean true \ No newline at end of file diff --git a/templates/preseed-server.cfg.j2 b/templates/preseed-server.cfg.j2 new file mode 100755 index 0000000..0a9f6cd --- /dev/null +++ b/templates/preseed-server.cfg.j2 @@ -0,0 +1,81 @@ +# Preseed file for automated Debian installation + +# Locale settings +d-i debian-installer/locale string en_US.UTF-8 +d-i console-setup/ask_detect boolean false +d-i keyboard-configuration/xkb-keymap select us + +# Network configuration +d-i netcfg/disable_dhcp6 boolean true +d-i netcfg/dhcp6_timeout string 1 +d-i netcfg/choose_interface select auto +d-i netcfg/get_hostname string cosmos-base +d-i netcfg/get_domain string home.cosmos + +# Mirror settings +d-i mirror/country string manual +d-i mirror/http/hostname string deb.debian.org +d-i mirror/http/directory string /debian +d-i mirror/http/proxy string +d-i mirror/codename string bookworm + +# Account setup +d-i passwd/root-password-crypted password {{ cosmos_root_password | password_hash('sha512') }} +d-i passwd/make-user boolean true +d-i passwd/user-fullname string Cosmos User +d-i passwd/username string cosmos +d-i passwd/user-password-crypted password {{ cosmos_password | password_hash('sha512') }} + +# Clock and time zone setup +d-i clock-setup/utc boolean true +d-i time/zone string America/Los_Angeles +d-i clock-setup/ntp boolean true + +# Partitioning - Regular working +# This does standard partitioning i.e. not LVM +# d-i partman-auto/method string regular +# Obviously this selects the disk +d-i partman-auto/disk select auto +# /dev/sda +# The atomic recipe creates a very simple partitioning scheme with just a single root partition and swap space. +d-i partman-auto/choose_recipe select atomic +# this top one is the magic one that made the prompt go away; huzzah +# This line tells the installer to finalize the partitioning setup. +# By selecting finish, you indicate that you have completed the partitioning and +# the installer should proceed to format the partitions and continue with the installation. +# It's part of the process to automate the steps without manual confirmation +d-i partman/choose_partition select finish +# This setting automatically confirms the partitioning changes, +# allowing the installer to proceed without asking for user confirmation. +# Setting this to true is important for fully automated installations, +# as it avoids stopping the installation process to ask if you want to write the changes to disk. +d-i partman/confirm boolean true +# This line automatically confirms overwriting existing partitions on the disk. +# By setting this to true, the installer will overwrite any existing data +# on the specified disk without prompting for user confirmation. +# This is useful for fully automated installations where you want to ensure that old data is removed. +d-i partman/confirm_nooverwrite boolean true + +# Opt out of the popularity contest survey +popularity-contest popularity-contest/participate boolean false + +# Package selection +tasksel tasksel/first multiselect standard, ssh-server +d-i pkgsel/include string openssh-server curl +d-i pkgsel/upgrade select none + +# Late command to download and execute a script +d-i preseed/late_command string \ + in-target curl -o /root/cosmos-init.sh -L https://pxe:{{ pxe_auth }}@mattifactory.com/dhcp/cosmos-init.sh; \ + in-target chmod +x /root/cosmos-init.sh; \ + in-target /root/cosmos-init.sh + +# Grub installation +d-i grub-installer/only_debian boolean true +d-i grub-installer/with_other_os boolean false + +# Reboot after installation +d-i finish-install/reboot_in_progress note + +# Shutdown after installation +d-i debian-installer/exit/poweroff boolean true \ No newline at end of file diff --git a/templates/preseed-usb.cfg.j2 b/templates/preseed-usb.cfg.j2 new file mode 100755 index 0000000..e869c9a --- /dev/null +++ b/templates/preseed-usb.cfg.j2 @@ -0,0 +1,102 @@ +# Preseed file for automated Debian installation + +# Locale settings +d-i debian-installer/locale string en_US.UTF-8 +d-i console-setup/ask_detect boolean false +d-i keyboard-configuration/xkb-keymap select us + +# Clock and time zone setup +d-i clock-setup/utc boolean true +d-i time/zone string America/Los_Angeles +d-i clock-setup/ntp boolean true + +# Skip asking to scan additional CDs +d-i apt-setup/cdrom/set-first boolean false +d-i apt-setup/cdrom/set-failed boolean false +d-i apt-setup/cdrom/set-next boolean false +d-i cdrom-detect/eject boolean false + +# Network configuration +d-i netcfg/disable_dhcp6 boolean true +d-i netcfg/dhcp6_timeout string 1 +d-i netcfg/choose_interface select auto +d-i netcfg/get_hostname string cosmos-usb +d-i netcfg/get_domain string home.cosmos + +# Mirror settings +d-i mirror/country string manual +d-i mirror/http/hostname string deb.debian.org +d-i mirror/http/directory string /debian +d-i mirror/http/proxy string +d-i mirror/codename string trixie + +# Account setup +d-i passwd/root-password-crypted password {{ cosmos_root_password | password_hash('sha512') }} +d-i passwd/make-user boolean true +d-i passwd/user-fullname string Cosmos User +d-i passwd/username string cosmos +d-i passwd/user-password-crypted password {{ cosmos_password | password_hash('sha512') }} + +# Partitioning - Regular working +# This does standard partitioning i.e. not LVM +# d-i partman-auto/method string regular +# Obviously this selects the disk +d-i partman-auto/disk select auto +# /dev/sda +# The atomic recipe creates a very simple partitioning scheme with just a single root partition and swap space. +d-i partman-auto/choose_recipe select atomic +# this top one is the magic one that made the prompt go away; huzzah +# This line tells the installer to finalize the partitioning setup. +# By selecting finish, you indicate that you have completed the partitioning and +# the installer should proceed to format the partitions and continue with the installation. +# It's part of the process to automate the steps without manual confirmation +d-i partman/choose_partition select finish +# This setting automatically confirms the partitioning changes, +# allowing the installer to proceed without asking for user confirmation. +# Setting this to true is important for fully automated installations, +# as it avoids stopping the installation process to ask if you want to write the changes to disk. +d-i partman/confirm boolean true +# This line automatically confirms overwriting existing partitions on the disk. +# By setting this to true, the installer will overwrite any existing data +# on the specified disk without prompting for user confirmation. +# This is useful for fully automated installations where you want to ensure that old data is removed. +d-i partman/confirm_nooverwrite boolean true + +# Grub installation +d-i grub-installer/only_debian boolean true +d-i grub-installer/with_other_os boolean false + +# Opt out of the popularity contest survey +popularity-contest popularity-contest/participate boolean false + +# Package selection +tasksel tasksel/first multiselect standard, ssh-server +d-i pkgsel/include string openssh-server curl openvpn net-tools resolvconf htop +d-i pkgsel/upgrade select none + +d-i preseed/late_command string \ + mkdir -p /target/root/.ssh; \ + mkdir -p /target/root/.config/htop; \ + mkdir -p /target/etc/openvpn/client; \ + mkdir -p /target/opt/cosmos/init; \ + cp /cdrom/cosmos/cosmos-init.tar /target/opt/cosmos/cosmos-init.tar; \ + in-target tar -xf /opt/cosmos/cosmos-init.tar -C /opt/cosmos; \ + cp /target/opt/cosmos/init/jenkins_key.pub /target/root/.ssh/authorized_keys; \ + cp /target/opt/cosmos/init/update_issue.sh /target/root/update_issue.sh; \ + cp /target/opt/cosmos/init/update_issue.service /target/etc/systemd/system/update_issue.service; \ + cp /target/opt/cosmos/init/.bashrc /target/root/.bashrc; \ + cp /target/opt/cosmos/init/htoprc /target/root/.config/htop/htoprc; \ + cp /target/opt/cosmos/init/stat.sh /target/root/stat.sh; \ + cp /target/opt/cosmos/init/cosmos-client.ovpn /target/etc/openvpn/client/cosmos-client.conf; \ + cp /target/opt/cosmos/init/00-update-issue.conf /target/etc/cron.d/update-issue; \ + cp /target/opt/cosmos/init/00-root-allow.conf /target/etc/ssh/sshd_config.d/00-root-allow.conf; \ + in-target chmod +x /root/update_issue.sh; \ + in-target chmod +x /root/stat.sh; \ + in-target systemctl enable update_issue.service; \ + in-target systemctl enable openvpn-client@cosmos-client + +# Reboot after installation +d-i finish-install/reboot_in_progress note + +# Shutdown after installation +d-i debian-installer/exit/poweroff boolean true \ No newline at end of file diff --git a/templates/tftpd-hpa.j2 b/templates/tftpd-hpa.j2 new file mode 100755 index 0000000..6338296 --- /dev/null +++ b/templates/tftpd-hpa.j2 @@ -0,0 +1,4 @@ +TFTP_USERNAME="tftp" +TFTP_DIRECTORY="/srv/tftp" +TFTP_ADDRESS="{{ server_ip }}:69" +TFTP_OPTIONS="--secure --verbose"