#### Debian Preseed Configuration
#### Based on: https://www.debian.org/releases/stable/example-preseed.txt
#### For automated Debian 13 (Trixie) installation
####
#### Usage:
####   1. Host this file on a web server accessible during installation
####   2. Boot from Debian installer with: auto url=http://yourserver/debian-preseed.cfg
####   3. Or append to kernel boot params: preseed/url=http://yourserver/debian-preseed.cfg
####
#### Note: This file is in a public repository - DO NOT include sensitive passwords!
####       Change default passwords immediately after installation!
####
#### Documentation: https://wiki.debian.org/DebianInstaller/Preseed
####
#### Variables you should customize:
####   - d-i passwd/root-password-crypted
####   - d-i passwd/user-fullname
####   - d-i passwd/username
####   - d-i passwd/user-password-crypted
####   - d-i netcfg/get_hostname
####   - d-i time/zone

### Localization
d-i debian-installer/locale string en_US.UTF-8
d-i keyboard-configuration/xkb-keymap select us

### Network configuration
d-i netcfg/choose_interface select auto
d-i netcfg/get_hostname string debian-server
d-i netcfg/get_domain string localdomain

# Disable WEP key dialog
d-i netcfg/wireless_wep string

### Mirror settings
d-i mirror/country string manual
d-i mirror/http/hostname string deb.debian.org
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string

### Account setup
# Root password
d-i passwd/root-login boolean true
# Generate crypted password with: mkpasswd -m sha-512
# Default below is "debian123" - CHANGE THIS!
d-i passwd/root-password-crypted password $6$rounds=656000$saltsaltsal$8VHQqLaOXQhUbBBl3U4lHPB7RQ9CkAw1EW4SQPbQ6mQ7k4KYpVzYdQxJ0yLqC8nZvWx1gQ9kJ8yL1qC8nZ

# Regular user account
d-i passwd/user-fullname string Ansible User
d-i passwd/username string ansible
# User password (crypted): "ansible123" - CHANGE THIS!
d-i passwd/user-password-crypted password $6$rounds=656000$saltsaltsal$8VHQqLaOXQhUbBBl3U4lHPB7RQ9CkAw1EW4SQPbQ6mQ7k4KYpVzYdQxJ0yLqC8nZvWx1gQ9kJ8yL1qC8nZ
d-i passwd/user-default-groups string sudo,adm,cdrom,dip,plugdev

### Clock and time zone setup
d-i clock-setup/utc boolean true
d-i time/zone string Europe/Oslo
d-i clock-setup/ntp boolean true
d-i clock-setup/ntp-server string pool.ntp.org

### Partitioning
# Use LVM partitioning
d-i partman-auto/method string lvm
d-i partman-auto-lvm/guided_size string max

# Remove existing LVM/RAID
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-md/device_remove_md boolean true
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true

# Choose partitioning scheme (atomic = all files in one partition)
d-i partman-auto/choose_recipe select atomic

# Confirm partitioning
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true

### Base system installation
d-i base-installer/install-recommends boolean false
d-i base-installer/kernel/image string linux-image-amd64

### Apt setup
d-i apt-setup/non-free-firmware boolean true
d-i apt-setup/non-free boolean true
d-i apt-setup/contrib boolean true
d-i apt-setup/services-select multiselect security, updates
d-i apt-setup/security_host string security.debian.org

### Package selection
tasksel tasksel/first multiselect standard, ssh-server

# Additional packages
d-i pkgsel/include string \
    sudo \
    curl \
    wget \
    vim \
    git \
    htop \
    tmux \
    rsync \
    ca-certificates \
    gnupg \
    lsb-release \
    python3 \
    python3-apt \
    openssh-server \
    qemu-guest-agent

# Upgrade packages after debootstrap
d-i pkgsel/upgrade select full-upgrade

# Disable popularity contest
popularity-contest popularity-contest/participate boolean false

### Boot loader installation
d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean true
d-i grub-installer/bootdev string default

### Finishing up the installation
d-i finish-install/reboot_in_progress note

### Late commands
# Configure system before first boot
d-i preseed/late_command string \
    in-target mkdir -p /root/.ssh; \
    in-target chmod 700 /root/.ssh; \
    in-target mkdir -p /home/ansible/.ssh; \
    in-target chmod 700 /home/ansible/.ssh; \
    in-target chown -R ansible:ansible /home/ansible/.ssh; \
    in-target sed -i 's/^#*PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config; \
    in-target sed -i 's/^#*PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config; \
    in-target systemctl disable cloud-init 2>/dev/null || true; \
    in-target systemctl mask cloud-init 2>/dev/null || true;