matt/pxe_server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init commit

Browse Source
This commit is contained in:
phermeys
2025-09-14 14:22:00 -07:00
commit 0fcf53e525
14 changed files with 1065 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
README.md Normal file
View File

@ -0,0 +1,5 @@
This is the playbook that generates a PXE server for Matt-Cloud Debian base images. The chicken-and-egg issue is that this playbook needs to be run on a base-image system.
Nah it's not that hard, just manually add the key to a bone-stock Debian system and the cosmos_init playbook will get it all back. Part of this playbook is generating an ISO file that can be written to a USB drive for creating base images identical to the PXE image.
I am not providing the base image files here, I want to keep that off the public internet. Expecially the keys and VPN configs.

35
defaults/main.yaml Normal file
View File

@ -0,0 +1,35 @@
---
# packages needed for PXE
pxe_packages:
- tftpd-hpa
- isc-dhcp-server
- apache2
- syslinux-common
- iptables-persistent
iso_packages:
- xorriso
- rsync
- syslinux
- binutils
- isolinux
deb13_src: "/opt/cosmos/deb13-source"
deb13_iso: "/opt/cosmos/deb13-iso"
iso_share: "/media/share/iso"
deb13_pxe: "/opt/cosmos/pxe"
archive_fresh: false
build_iso: false
deploy_iso: false
iso_only: false
configure_routing: true
cpu_architecture: "amd64"
# this is true because it will always be set in jenkins
refresh_only: true
...

206
tasks/build_iso.yaml Normal file
View File

@ -0,0 +1,206 @@
---
# https://gist.github.com/zuzzas/a1695344162ac7fa124e15855ce0768f
# http://askubuntu.com/questions/6684/preseeding-ubuntu-server
###############################################
# Install packages needed for ISO Building
###############################################
- name: Build ISO - APT - Install Packages
apt:
name:
- "{{ item }}"
state: present
loop: "{{ iso_packages }}"
when: not refresh_only or iso_only | bool
###############################################
# DEB13 Source ISO Extract
# Download the most recent ISO from debian
# Extract contents to local folder
###############################################
- name: Build ISO - Extract Source - Check ISO Directory
file:
path: "{{ iso_share }}"
state: directory
mode: '0755'
- name: Build ISO - Extract Source - Check Temp Directory
file:
path: "{{ deb13_pxe }}"
state: directory
mode: '0644'
- name: Build ISO - Extract Source - Check Extraction Directory
file:
path: "{{ deb13_iso }}"
state: directory
mode: '0644'
- name: Build ISO - Extract Source - Check Source Directory
file:
path: "{{ deb13_src }}"
state: directory
mode: '0644'
- name: Build ISO - Get Recent Debian Version
shell: |
curl -s https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/ | \
grep netinst | grep iso | grep -v -e edu -e mac | cut -d '"' -f 6
register: recent_version
- name: Build ISO - Display Recent Version
debug:
msg: "Current Debian ISO name: {{ recent_version.stdout_lines[0] }}"
- name: Build ISO - Extract Source - Download ISO
get_url:
url: "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/{{ recent_version.stdout_lines[0] }}"
dest: "{{ iso_share }}/deb13-master.iso"
mode: '0644'
register: deb13_iso_download
- name: show iso size
debug:
msg: "Debian Net ISO Size is {{ (deb13_iso_download.size | float ) / 1048576 }}MB"
- name: Build ISO - Extract Source - Mount ISO
shell: "mount -o loop {{ iso_share }}/deb13-master.iso {{ deb13_iso }}"
- name: Build ISO - Extract Source - Copy ISO data
shell: "rsync -a -H --exclude=TRANS.TBL {{ deb13_iso }}/ {{ deb13_src }}"
- name: Build ISO - Extract Source - Unmount ISO
shell: "umount {{ deb13_iso }}"
###############################################
# Copy Matt-Cloud Init Script et. al.
###############################################
###############################################
# DEB13 Source modify
# Copy preseed file to source
# copy cosmos-init data to source
# Add preseed to initrd
# Recompute checksums
###############################################
- name: Build ISO - Modify Source - Correct Permissions
shell: "chmod -R 755 {{ deb13_src }}"
- name: Build ISO - Modify Source - Copy Preseed
template:
src: preseed-usb.cfg.j2
dest: "{{ deb13_src }}/preseed.cfg"
mode: 0644
# Create cosmos folder
#
# copy files for preseed
# jenkins_key
# update_issue.sh
# permitrootlogin
# .bashrc
# stat.sh
# cosmos-client.conf
- name: Build ISO - Modify Source - Create Cosmos Folder
file:
path: "{{ deb13_src }}/cosmos"
state: directory
mode: '0755'
- name: build archive if needed
when: not archive_fresh | bool
ansible.builtin.archive:
path: "/var/jenkins_home/ansible/roles/pxe_server/files/init"
dest: "/var/jenkins_home/ansible/roles/pxe_server/files/cosmos-init.tar"
format: "tar"
delegate_to: localhost
# Copy Archive to Target
- name: Files - Copy cosmos-init.tar to target
copy:
src: /var/jenkins_home/ansible/roles/pxe_server/files/cosmos-init.tar
dest: "{{ deb13_src }}/cosmos/cosmos-init.tar"
mode: 0644
- name: Check archive size
shell: "ls -lah {{ deb13_src }}/cosmos/cosmos-init.tar | cut -d ' ' -f 5 "
register: archive_size_output
- name: Show archive size
debug:
msg: "cosmos-init.tar archive is {{ archive_size_output.stdout_lines[0] }}"
- name: Build ISO - Modify Source - remove GUI install option
shell: |
sed -i '/menuentry --hotkey=g '\''Graphical install'\'' {/,/^}/d' {{ deb13_src }}/boot/grub/grub.cfg
- name: Build ISO - Modify Source - edit isolinux/txt.cfg
shell: >
sed 's/initrd.gz/initrd.gz file=\/cdrom\/preseed.cfg/' -i /opt/cosmos/deb13-source/isolinux/txt.cfg
- name: Build ISO - Modify Source - add preseed to initrd
shell: |
ISODIR_WRITE={{ deb13_src }}/
mkdir $ISODIR_WRITE/irmod
cd $ISODIR_WRITE/irmod
gzip -d < $ISODIR_WRITE/install.amd/initrd.gz | \
cpio --extract --make-directories --no-absolute-filenames
cp $ISODIR_WRITE/preseed.cfg preseed.cfg
chown root:root preseed.cfg
chmod o+w $ISODIR_WRITE/install.amd/initrd.gz
find . | cpio -H newc --create | \
gzip -9 > $ISODIR_WRITE/install.amd/initrd.gz
chmod o-w $ISODIR_WRITE/install.amd/initrd.gz
cd $ISODIR_WRITE/
rm -fr $ISODIR_WRITE/irmod/
- name: Build ISO - Modify Source - fixing MD5 checksums
shell: |
cd {{ deb13_src }}/
md5sum $(find -type f) > {{ deb13_src }}/md5sum.txt
###############################################
# DEB12 Build ISO * 'burn' script
###############################################
- name: Build ISO - Build Deb13-MC.iso
shell: |
xorriso -as mkisofs \
-r \
-V "Deb13_MC" \
-o "{{ iso_share }}/Deb13-MC.iso" \
-J \
-isohybrid-mbr /usr/lib/ISOLINUX/isohdpfx.bin \
-partition_offset 16 \
-A "Debian 13 Matt-Cloud ISO" \
-b isolinux/isolinux.bin \
-c isolinux/boot.cat \
-no-emul-boot \
-boot-load-size 4 \
-boot-info-table \
-eltorito-alt-boot \
-e boot/grub/efi.img \
-no-emul-boot \
-isohybrid-gpt-basdat \
-append_partition 2 0xef {{ deb13_src }}/boot/grub/efi.img \
{{ deb13_src }}
- name: get iso size
shell: "ls -lah {{ iso_share }}/Deb13-MC.iso | cut -d ' ' -f 5"
register: iso_size_output
- name: show iso size
debug:
msg: "Deb13-MC.iso is {{ iso_size_output.stdout_lines[0] }}."
- name: Build ISO - Build 'burn' script
shell: "echo dd if={{ iso_share }}/Deb13-MC.iso of=CHANGE_TO_USB bs=16M status=progress oflag=sync > {{ iso_share }}/burn_deb.sh"
- name: Build ISO - Make 'burn' script executable
shell: "chmod +x {{ iso_share }}/burn_deb.sh"
...

164
tasks/config_pxe.yaml Normal file
View File

@ -0,0 +1,164 @@
---
###############################################
# Install packages needed for PXE
###############################################
- name: APT - Install Packages
apt:
name:
- "{{ item }}"
state: present
loop: "{{ pxe_packages }}"
when: not refresh_only | bool
###############################################
# DHCP Server
###############################################
# Stop DHCP server
- name: DHCP - Stop DHCP
service:
name: isc-dhcp-server
state: stopped
enabled: yes
# Copy DHCP config file 1
- name: DHCP - Copy dhcpd.conf
template:
src: dhcpd.conf.j2
dest: /etc/dhcp/dhcpd.conf
mode: 0644
# Copy DHCP config file 2
- name: DHCP - Copy isc-dhcp-server
template:
src: isc-dhcp-server.j2
dest: /etc/default/isc-dhcp-server
mode: 0644
# Start DHCP server
- name: DHCP - Start DHCP
service:
name: isc-dhcp-server
state: started
enabled: yes
# Download vendor list for dhcp-lease-list
- name: DHCP - Download vendor list for dhcp-lease-list
get_url:
url: "http://standards-oui.ieee.org/oui.txt"
dest: /usr/local/etc/oui.txt
mode: '0644'
###############################################
# TFTP Server
###############################################
# Stop TFTP Server
- name: TFTP - Stop TFTP
service:
name: tftpd-hpa
state: stopped
enabled: yes
# Create TFTP server folder structure
- name: TFTP - Create tftp directory
file:
path: /srv/tftp
state: directory
mode: '0755'
owner: tftp
group: tftp
# Copy TFTP Config File
- name: TFTP - Copy tftpd-hpa
template:
src: tftpd-hpa.j2
dest: /etc/default/tftpd-hpa
mode: 0644
# Start TFTP Server
- name: TFTP - Start TFTP
service:
name: tftpd-hpa
state: started
enabled: yes
###############################################
# Copy necessary files
###############################################
# Create destination folder for all the next stuff
- name: Files - Create debian-installer directory
file:
path: /var/www/html/debian-installer/amd64
state: directory
mode: '0755'
owner: www-data
group: www-data
## Old comments:
## Extract trixie debian netboot files
## These are from the syslinux-common package
## Some of the files from the trixie netboot archive
## are needed for this voodoo to all work
## This is one of the two files called in the grub bootloader
## This is the other file called in the grub bootloader
## Changing from bookworm to trixie, bookworm curl command:
## curl -L https://deb.debian.org/debian/dists/bookworm/main/installer-amd64/current/images/netboot/netboot.tar.gz | \
- name: Files - copy static files
shell: |
curl -L https://deb.debian.org/debian/dists/trixie/main/installer-amd64/current/images/netboot/netboot.tar.gz | \
tar xz -C /var/www/html/debian-installer/amd64
cp /usr/lib/syslinux/modules/bios/* /srv/tftp/
cp -R /var/www/html/debian-installer/amd64/debian-installer /srv/tftp/
cp /var/www/html/debian-installer/amd64/debian-installer/amd64/linux /srv/tftp/debian-installer/amd64/linux
cp /var/www/html/debian-installer/amd64/debian-installer/amd64/initrd.gz /srv/tftp/debian-installer/amd64/initrd.gz
register: static_files_output
# Oh Hai grub bootloader, I was just talking about you
- name: Files - copy the grub
block:
- name: Files - Copy grub.cfg to tftp
when: not deploy_iso | bool
template:
src: grub.cfg.j2
dest: /srv/tftp/debian-installer/amd64/grub/grub.cfg
mode: 0644
- name: Files - Copy grub-iso.cfg to tftp
when: deploy_iso | bool
template:
src: grub-iso.cfg.j2
dest: /srv/tftp/debian-installer/amd64/grub/grub.cfg
mode: 0644
# This is the preseed file for unattended server installation
# It's served from HTTP now because bollocks to weird TFTP foolishness
- name: Files - Copy server preseed to http
template:
src: preseed-server-v2.cfg.j2
dest: /var/www/html/preseed-server.cfg
mode: 0644
# Build Fresh Init Archive
- name: Files - Cosmos Init
ansible.builtin.archive:
path: "/var/jenkins_home/ansible/roles/pxe_server/files/init"
dest: "/var/jenkins_home/ansible/roles/pxe_server/files/cosmos-init.tar"
format: "tar"
delegate_to: localhost
# update archive_fresh
- name: update archive_fresh
set_fact:
archive_fresh: true
# Copy Archive to Target
- name: Files - Copy cosmos-init.tar to target
copy:
src: /var/jenkins_home/ansible/roles/pxe_server/files/cosmos-init.tar
dest: /var/www/html/cosmos-init.tar
mode: 0644
...

37
tasks/config_routing.yaml Normal file
View File

@ -0,0 +1,37 @@
---
###############################################
# Configure internet_interface to be gateway
###############################################
# Update sysctl.conf file to enable IP forwarding
- name: sysctl - enable IP forwarding
lineinfile:
path: /etc/sysctl.conf
regexp: '^net.ipv4.ip_forward='
line: 'net.ipv4.ip_forward=1'
# Apply sysctl changes
- name: sysctl - apply changes
shell: sysctl -p
# Set up NAT with iptables
- name: NAT - iptables
shell: iptables -t nat -A POSTROUTING -o {{ internet_interface }} -j MASQUERADE
# Set up Routing with IP Tables
- name: Routing - iptables
shell: |
iptables -A FORWARD -i {{ listen_interface }} -o {{ internet_interface }} -j ACCEPT
iptables -A FORWARD -i {{ internet_interface }} -o {{ listen_interface }} -m state --state RELATED,ESTABLISHED -j ACCEPT
# Make iptables rules persistent
- name: Persistence - iptables
shell: |
netfilter-persistent save
netfilter-persistent reload
...

22
tasks/main.yaml Normal file
View File

@ -0,0 +1,22 @@
---
# This role builds a pxe server and / or an ISO for the amd64 matt-cloud base image
- name: PXE Server - Architecture Warning
when: '"arm" in cpu_architecture'
debug:
msg: "Warning - ARM CPU Detected, will not proceed"
- name: PXE Server - Build PXE Functions
include_tasks: config_pxe.yaml
when: not iso_only | bool
- name: PXE Server - Set up routing
include_tasks: config_routing.yaml
when: configure_routing | bool and not iso_only | bool
- name: PXE Server - Build Deb12-MC.iso
include_tasks: build_iso.yaml
when: '"amd" in cpu_architecture'
...

9
templates/dhcpd.conf.j2 Executable file
View File

@ -0,0 +1,9 @@
subnet {{ dhcp_subnet }} netmask {{ dhcp_netmask }} {
range {{ dhcp_start }} {{ dhcp_end }};
option routers {{ router_ip }};
option domain-name-servers 8.8.8.8, 8.8.4.4;
next-server {{ server_ip }}; # IP of your PXE server
interface {{ listen_interface }};
filename "debian-installer/amd64/grubx64.efi";
}

163
templates/grub-iso.cfg.j2 Executable file
View File

@ -0,0 +1,163 @@
if loadfont $prefix/font.pf2 ; then
set gfxmode=800x600
set gfxpayload=keep
insmod efi_gop
insmod efi_uga
insmod video_bochs
insmod video_cirrus
insmod gfxterm
insmod png
terminal_output gfxterm
fi
if background_image /isolinux/splash.png; then
set color_normal=light-gray/black
set color_highlight=white/black
elif background_image /splash.png; then
set color_normal=light-gray/black
set color_highlight=white/black
else
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
fi
insmod play
play 960 440 1 0 4 440 1
set timeout=5
set default=0
menuentry 'Cosmos-Base - Debian 13' {
set background_color=black
linux /debian-installer/amd64/linux vga=788 priority=critical auto=true preseed/url=http://{{ server_ip }}/preseed-server.cfg
initrd /debian-installer/amd64/initrd.gz
}
#menuentry 'Cosmos-Base + KDE Plasma' {
# set background_color=black
# linux /debian-installer/amd64/linux vga=788 priority=critical auto=true preseed/url=http://{{ server_ip }}preseed-plasma.cfg
# initrd /debian-installer/amd64/initrd.gz
#}
menuentry 'Easeus Test 1' {
set isofile="/iso/easeus.iso"
loopback loop (tftp,{{ server_ip }})$isofile
linux /debian-installer/amd64/linux boot=casper iso-scan/filename=http://{{ server_ip }}$isofile noeject noprompt splash --
initrd /debian-installer/amd64/initrd.gz
}
menuentry "Easeus Test 2" {
set root="http,{{ server_ip }}"
set isofile="easeus.iso"
loopback loop0 ($root)/iso/$isofile
linux /debian-installer/amd64/linux boot=casper iso-scan/filename=${isofile} verbose noprompt noeject
initrd /debian-installer/amd64/initrd.gz
}
#menuentry 'Cosmos-Base + KDE Plasma' {
# set background_color=black
# linux /debian-installer/amd64/linux vga=788 priority=critical auto=true preseed/url=http://{{ server_ip }}preseed-plasma.cfg
# initrd /debian-installer/amd64/initrd.gz
#}
menuentry 'Install' {
set background_color=black
linux /debian-installer/amd64/linux vga=788 --- quiet
initrd /debian-installer/amd64/initrd.gz
}
submenu --hotkey=a 'Advanced options ...' {
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
set gfxpayload=keep
menuentry '... Expert install' {
set background_color=black
linux /debian-installer/amd64/linux priority=low vga=788 ---
initrd /debian-installer/amd64/initrd.gz
}
menuentry '... Rescue mode' {
set background_color=black
linux /debian-installer/amd64/linux vga=788 rescue/enable=true --- quiet
initrd /debian-installer/amd64/initrd.gz
}
menuentry '... Automated install' {
set background_color=black
linux /debian-installer/amd64/linux auto=true priority=critical vga=788 --- quiet
initrd /debian-installer/amd64/initrd.gz
}
submenu '... Desktop environment menu ...' {
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
set gfxpayload=keep
submenu '... GNOME desktop boot menu ...' {
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
set gfxpayload=keep
menuentry '... Install' {
set background_color=black
linux /debian-installer/amd64/linux desktop=gnome vga=788 --- quiet
initrd /debian-installer/amd64/initrd.gz
}
submenu '... GNOME advanced options ...' {
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
set gfxpayload=keep
menuentry '... Expert install' {
set background_color=black
linux /debian-installer/amd64/linux desktop=gnome priority=low vga=788 ---
initrd /debian-installer/amd64/initrd.gz
}
menuentry '... Automated install' {
set background_color=black
linux /debian-installer/amd64/linux desktop=gnome auto=true priority=critical vga=788 --- quiet
initrd /debian-installer/amd64/initrd.gz
}
}
}
submenu '... KDE Plasma desktop boot menu ...' {
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
set gfxpayload=keep
menuentry '... Install' {
set background_color=black
linux /debian-installer/amd64/linux desktop=kde vga=788 --- quiet
initrd /debian-installer/amd64/initrd.gz
}
submenu '... KDE Plasma advanced options ...' {
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
set gfxpayload=keep
menuentry '... Expert install' {
set background_color=black
linux /debian-installer/amd64/linux desktop=kde priority=low vga=788 ---
initrd /debian-installer/amd64/initrd.gz
}
menuentry '... Automated install' {
set background_color=black
linux /debian-installer/amd64/linux desktop=kde auto=true priority=critical vga=788 --- quiet
initrd /debian-installer/amd64/initrd.gz
}
}
}
submenu '... LXDE desktop boot menu ...' {
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
set gfxpayload=keep
menuentry '... Install' {
set background_color=black
linux /debian-installer/amd64/linux desktop=lxde vga=788 --- quiet
initrd /debian-installer/amd64/initrd.gz
}
submenu '... LXDE advanced options ...' {
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
set gfxpayload=keep
menuentry '... Expert install' {
set background_color=black
linux /debian-installer/amd64/linux desktop=lxde priority=low vga=788 ---
initrd /debian-installer/amd64/initrd.gz
}
menuentry '... Automated install' {
set background_color=black
linux /debian-installer/amd64/linux desktop=lxde auto=true priority=critical vga=788 --- quiet
initrd /debian-installer/amd64/initrd.gz
}
}
}
}
}

138
templates/grub.cfg.j2 Executable file
View File

@ -0,0 +1,138 @@
if loadfont $prefix/font.pf2 ; then
set gfxmode=800x600
set gfxpayload=keep
insmod efi_gop
insmod efi_uga
insmod video_bochs
insmod video_cirrus
insmod gfxterm
insmod png
terminal_output gfxterm
fi
if background_image /isolinux/splash.png; then
set color_normal=light-gray/black
set color_highlight=white/black
elif background_image /splash.png; then
set color_normal=light-gray/black
set color_highlight=white/black
else
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
fi
insmod play
play 960 440 1 0 4 440 1
set timeout=5
set default=0
menuentry 'Cosmos-Base Debian 13 Install' {
set background_color=black
linux /debian-installer/amd64/linux vga=788 priority=critical auto=true preseed/url=http://{{ server_ip }}/preseed-server.cfg
initrd /debian-installer/amd64/initrd.gz
}
menuentry 'Default Debian 13 Install' {
set background_color=black
linux /debian-installer/amd64/linux vga=788 --- quiet
initrd /debian-installer/amd64/initrd.gz
}
submenu --hotkey=a 'Advanced options ...' {
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
set gfxpayload=keep
menuentry '... Expert install' {
set background_color=black
linux /debian-installer/amd64/linux priority=low vga=788 ---
initrd /debian-installer/amd64/initrd.gz
}
menuentry '... Rescue mode' {
set background_color=black
linux /debian-installer/amd64/linux vga=788 rescue/enable=true --- quiet
initrd /debian-installer/amd64/initrd.gz
}
menuentry '... Automated install' {
set background_color=black
linux /debian-installer/amd64/linux auto=true priority=critical vga=788 --- quiet
initrd /debian-installer/amd64/initrd.gz
}
submenu '... Desktop environment menu ...' {
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
set gfxpayload=keep
submenu '... GNOME desktop boot menu ...' {
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
set gfxpayload=keep
menuentry '... Install' {
set background_color=black
linux /debian-installer/amd64/linux desktop=gnome vga=788 --- quiet
initrd /debian-installer/amd64/initrd.gz
}
submenu '... GNOME advanced options ...' {
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
set gfxpayload=keep
menuentry '... Expert install' {
set background_color=black
linux /debian-installer/amd64/linux desktop=gnome priority=low vga=788 ---
initrd /debian-installer/amd64/initrd.gz
}
menuentry '... Automated install' {
set background_color=black
linux /debian-installer/amd64/linux desktop=gnome auto=true priority=critical vga=788 --- quiet
initrd /debian-installer/amd64/initrd.gz
}
}
}
submenu '... KDE Plasma desktop boot menu ...' {
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
set gfxpayload=keep
menuentry '... Install' {
set background_color=black
linux /debian-installer/amd64/linux desktop=kde vga=788 --- quiet
initrd /debian-installer/amd64/initrd.gz
}
submenu '... KDE Plasma advanced options ...' {
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
set gfxpayload=keep
menuentry '... Expert install' {
set background_color=black
linux /debian-installer/amd64/linux desktop=kde priority=low vga=788 ---
initrd /debian-installer/amd64/initrd.gz
}
menuentry '... Automated install' {
set background_color=black
linux /debian-installer/amd64/linux desktop=kde auto=true priority=critical vga=788 --- quiet
initrd /debian-installer/amd64/initrd.gz
}
}
}
submenu '... LXDE desktop boot menu ...' {
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
set gfxpayload=keep
menuentry '... Install' {
set background_color=black
linux /debian-installer/amd64/linux desktop=lxde vga=788 --- quiet
initrd /debian-installer/amd64/initrd.gz
}
submenu '... LXDE advanced options ...' {
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
set gfxpayload=keep
menuentry '... Expert install' {
set background_color=black
linux /debian-installer/amd64/linux desktop=lxde priority=low vga=788 ---
initrd /debian-installer/amd64/initrd.gz
}
menuentry '... Automated install' {
set background_color=black
linux /debian-installer/amd64/linux desktop=lxde auto=true priority=critical vga=788 --- quiet
initrd /debian-installer/amd64/initrd.gz
}
}
}
}
}

2
templates/isc-dhcp-server.j2 Executable file
View File

@ -0,0 +1,2 @@
INTERFACESv4={{ listen_interface }}

97
templates/preseed-server-v2.cfg.j2 Executable file
View File

@ -0,0 +1,97 @@
# Preseed file for automated Debian installation
# Locale settings
d-i debian-installer/locale string en_US.UTF-8
d-i console-setup/ask_detect boolean false
d-i keyboard-configuration/xkb-keymap select us
# Network configuration
d-i netcfg/disable_dhcp6 boolean true
d-i netcfg/dhcp6_timeout string 1
d-i netcfg/choose_interface select auto
d-i netcfg/get_hostname string cosmos-base
d-i netcfg/get_domain string home.cosmos
# Mirror settings
d-i mirror/country string manual
d-i mirror/http/hostname string ftp.us.debian.org
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string
d-i mirror/codename string trixie
# Account setup
d-i passwd/root-password-crypted password {{ cosmos_root_password | password_hash('sha512') }}
d-i passwd/make-user boolean true
d-i passwd/user-fullname string Cosmos User
d-i passwd/username string cosmos
d-i passwd/user-password-crypted password {{ cosmos_password | password_hash('sha512') }}
# Clock and time zone setup
d-i clock-setup/utc boolean true
d-i time/zone string America/Los_Angeles
d-i clock-setup/ntp boolean true
# Partitioning - Regular working
# This does standard partitioning i.e. not LVM
# d-i partman-auto/method string regular
# Obviously this selects the disk
d-i partman-auto/disk select auto
# /dev/sda
# The atomic recipe creates a very simple partitioning scheme with just a single root partition and swap space.
d-i partman-auto/choose_recipe select atomic
# this top one is the magic one that made the prompt go away; huzzah
# This line tells the installer to finalize the partitioning setup.
# By selecting finish, you indicate that you have completed the partitioning and
# the installer should proceed to format the partitions and continue with the installation.
# It's part of the process to automate the steps without manual confirmation
d-i partman/choose_partition select finish
# This setting automatically confirms the partitioning changes,
# allowing the installer to proceed without asking for user confirmation.
# Setting this to true is important for fully automated installations,
# as it avoids stopping the installation process to ask if you want to write the changes to disk.
d-i partman/confirm boolean true
# This line automatically confirms overwriting existing partitions on the disk.
# By setting this to true, the installer will overwrite any existing data
# on the specified disk without prompting for user confirmation.
# This is useful for fully automated installations where you want to ensure that old data is removed.
d-i partman/confirm_nooverwrite boolean true
# Opt out of the popularity contest survey
popularity-contest popularity-contest/participate boolean false
# Package selection
tasksel tasksel/first multiselect standard, ssh-server
d-i pkgsel/include string openssh-server curl openvpn net-tools htop
d-i pkgsel/upgrade select none
d-i preseed/late_command string \
mkdir -p /target/root/.ssh; \
mkdir -p /target/root/.config/htop; \
mkdir -p /target/etc/openvpn/client; \
mkdir -p /target/opt/cosmos/init; \
in-target echo " * * * * * root /root/update_issue.sh" >> /etc/crontab; \
in-target curl -o /opt/cosmos/cosmos-init.tar -L http://{{ server_ip }}/cosmos-init.tar; \
in-target tar -xf /opt/cosmos/cosmos-init.tar -C /opt/cosmos; \
cp /target/opt/cosmos/init/jenkins_key.pub /target/root/.ssh/authorized_keys; \
cp /target/opt/cosmos/init/update_issue.sh /target/root/update_issue.sh; \
cp /target/opt/cosmos/init/update_issue.service /target/etc/systemd/system/update_issue.service; \
cp /target/opt/cosmos/init/.bashrc /target/root/.bashrc; \
cp /target/opt/cosmos/init/htoprc /target/root/.config/htop/htoprc; \
cp /target/opt/cosmos/init/stat.sh /target/root/stat.sh; \
cp /target/opt/cosmos/init/cosmos-client.ovpn /target/etc/openvpn/client/cosmos-client.conf; \
cp /target/opt/cosmos/init/00-update-issue.conf /target/etc/cron.d/update-issue; \
cp /target/opt/cosmos/init/00-root-allow.conf /target/etc/ssh/sshd_config.d/00-root-allow.conf; \
in-target chmod +x /root/update_issue.sh; \
in-target chmod +x /root/stat.sh; \
in-target systemctl enable update_issue.service; \
in-target systemctl enable openvpn-client@cosmos-client
# Grub installation
d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean false
# Reboot after installation
d-i finish-install/reboot_in_progress note
# Shutdown after installation
d-i debian-installer/exit/poweroff boolean true

81
templates/preseed-server.cfg.j2 Executable file
View File

@ -0,0 +1,81 @@
# Preseed file for automated Debian installation
# Locale settings
d-i debian-installer/locale string en_US.UTF-8
d-i console-setup/ask_detect boolean false
d-i keyboard-configuration/xkb-keymap select us
# Network configuration
d-i netcfg/disable_dhcp6 boolean true
d-i netcfg/dhcp6_timeout string 1
d-i netcfg/choose_interface select auto
d-i netcfg/get_hostname string cosmos-base
d-i netcfg/get_domain string home.cosmos
# Mirror settings
d-i mirror/country string manual
d-i mirror/http/hostname string deb.debian.org
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string
d-i mirror/codename string bookworm
# Account setup
d-i passwd/root-password-crypted password {{ cosmos_root_password | password_hash('sha512') }}
d-i passwd/make-user boolean true
d-i passwd/user-fullname string Cosmos User
d-i passwd/username string cosmos
d-i passwd/user-password-crypted password {{ cosmos_password | password_hash('sha512') }}
# Clock and time zone setup
d-i clock-setup/utc boolean true
d-i time/zone string America/Los_Angeles
d-i clock-setup/ntp boolean true
# Partitioning - Regular working
# This does standard partitioning i.e. not LVM
# d-i partman-auto/method string regular
# Obviously this selects the disk
d-i partman-auto/disk select auto
# /dev/sda
# The atomic recipe creates a very simple partitioning scheme with just a single root partition and swap space.
d-i partman-auto/choose_recipe select atomic
# this top one is the magic one that made the prompt go away; huzzah
# This line tells the installer to finalize the partitioning setup.
# By selecting finish, you indicate that you have completed the partitioning and
# the installer should proceed to format the partitions and continue with the installation.
# It's part of the process to automate the steps without manual confirmation
d-i partman/choose_partition select finish
# This setting automatically confirms the partitioning changes,
# allowing the installer to proceed without asking for user confirmation.
# Setting this to true is important for fully automated installations,
# as it avoids stopping the installation process to ask if you want to write the changes to disk.
d-i partman/confirm boolean true
# This line automatically confirms overwriting existing partitions on the disk.
# By setting this to true, the installer will overwrite any existing data
# on the specified disk without prompting for user confirmation.
# This is useful for fully automated installations where you want to ensure that old data is removed.
d-i partman/confirm_nooverwrite boolean true
# Opt out of the popularity contest survey
popularity-contest popularity-contest/participate boolean false
# Package selection
tasksel tasksel/first multiselect standard, ssh-server
d-i pkgsel/include string openssh-server curl
d-i pkgsel/upgrade select none
# Late command to download and execute a script
d-i preseed/late_command string \
in-target curl -o /root/cosmos-init.sh -L https://pxe:{{ pxe_auth }}@mattifactory.com/dhcp/cosmos-init.sh; \
in-target chmod +x /root/cosmos-init.sh; \
in-target /root/cosmos-init.sh
# Grub installation
d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean false
# Reboot after installation
d-i finish-install/reboot_in_progress note
# Shutdown after installation
d-i debian-installer/exit/poweroff boolean true

102
templates/preseed-usb.cfg.j2 Executable file
View File

@ -0,0 +1,102 @@
# Preseed file for automated Debian installation
# Locale settings
d-i debian-installer/locale string en_US.UTF-8
d-i console-setup/ask_detect boolean false
d-i keyboard-configuration/xkb-keymap select us
# Clock and time zone setup
d-i clock-setup/utc boolean true
d-i time/zone string America/Los_Angeles
d-i clock-setup/ntp boolean true
# Skip asking to scan additional CDs
d-i apt-setup/cdrom/set-first boolean false
d-i apt-setup/cdrom/set-failed boolean false
d-i apt-setup/cdrom/set-next boolean false
d-i cdrom-detect/eject boolean false
# Network configuration
d-i netcfg/disable_dhcp6 boolean true
d-i netcfg/dhcp6_timeout string 1
d-i netcfg/choose_interface select auto
d-i netcfg/get_hostname string cosmos-usb
d-i netcfg/get_domain string home.cosmos
# Mirror settings
d-i mirror/country string manual
d-i mirror/http/hostname string deb.debian.org
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string
d-i mirror/codename string trixie
# Account setup
d-i passwd/root-password-crypted password {{ cosmos_root_password | password_hash('sha512') }}
d-i passwd/make-user boolean true
d-i passwd/user-fullname string Cosmos User
d-i passwd/username string cosmos
d-i passwd/user-password-crypted password {{ cosmos_password | password_hash('sha512') }}
# Partitioning - Regular working
# This does standard partitioning i.e. not LVM
# d-i partman-auto/method string regular
# Obviously this selects the disk
d-i partman-auto/disk select auto
# /dev/sda
# The atomic recipe creates a very simple partitioning scheme with just a single root partition and swap space.
d-i partman-auto/choose_recipe select atomic
# this top one is the magic one that made the prompt go away; huzzah
# This line tells the installer to finalize the partitioning setup.
# By selecting finish, you indicate that you have completed the partitioning and
# the installer should proceed to format the partitions and continue with the installation.
# It's part of the process to automate the steps without manual confirmation
d-i partman/choose_partition select finish
# This setting automatically confirms the partitioning changes,
# allowing the installer to proceed without asking for user confirmation.
# Setting this to true is important for fully automated installations,
# as it avoids stopping the installation process to ask if you want to write the changes to disk.
d-i partman/confirm boolean true
# This line automatically confirms overwriting existing partitions on the disk.
# By setting this to true, the installer will overwrite any existing data
# on the specified disk without prompting for user confirmation.
# This is useful for fully automated installations where you want to ensure that old data is removed.
d-i partman/confirm_nooverwrite boolean true
# Grub installation
d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean false
# Opt out of the popularity contest survey
popularity-contest popularity-contest/participate boolean false
# Package selection
tasksel tasksel/first multiselect standard, ssh-server
d-i pkgsel/include string openssh-server curl openvpn net-tools resolvconf htop
d-i pkgsel/upgrade select none
d-i preseed/late_command string \
mkdir -p /target/root/.ssh; \
mkdir -p /target/root/.config/htop; \
mkdir -p /target/etc/openvpn/client; \
mkdir -p /target/opt/cosmos/init; \
cp /cdrom/cosmos/cosmos-init.tar /target/opt/cosmos/cosmos-init.tar; \
in-target tar -xf /opt/cosmos/cosmos-init.tar -C /opt/cosmos; \
cp /target/opt/cosmos/init/jenkins_key.pub /target/root/.ssh/authorized_keys; \
cp /target/opt/cosmos/init/update_issue.sh /target/root/update_issue.sh; \
cp /target/opt/cosmos/init/update_issue.service /target/etc/systemd/system/update_issue.service; \
cp /target/opt/cosmos/init/.bashrc /target/root/.bashrc; \
cp /target/opt/cosmos/init/htoprc /target/root/.config/htop/htoprc; \
cp /target/opt/cosmos/init/stat.sh /target/root/stat.sh; \
cp /target/opt/cosmos/init/cosmos-client.ovpn /target/etc/openvpn/client/cosmos-client.conf; \
cp /target/opt/cosmos/init/00-update-issue.conf /target/etc/cron.d/update-issue; \
cp /target/opt/cosmos/init/00-root-allow.conf /target/etc/ssh/sshd_config.d/00-root-allow.conf; \
in-target chmod +x /root/update_issue.sh; \
in-target chmod +x /root/stat.sh; \
in-target systemctl enable update_issue.service; \
in-target systemctl enable openvpn-client@cosmos-client
# Reboot after installation
d-i finish-install/reboot_in_progress note
# Shutdown after installation
d-i debian-installer/exit/poweroff boolean true

4
templates/tftpd-hpa.j2 Executable file
View File

@ -0,0 +1,4 @@
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/srv/tftp"
TFTP_ADDRESS="{{ server_ip }}:69"
TFTP_OPTIONS="--secure --verbose"