msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m31s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-10-14 10:32:08 +01:00
parent e0879a4969
commit 77856e9436
6 changed files with 56 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
.preseed/preseed.yaml
View File

@@ -104,7 +104,7 @@ image: "linux-image-6.16.3+deb13-amd64"
# "linux-image-6.16.3+deb13-amd64"
needrun: false # Static linking to "${TARGET}/run" can cause problems if this data is "burned" into the target.
provider: "netcup" # MUST be one of "contabo", "hetzner", "netcup" or leave empty.
security_ext: "selinux" # MUST be one of "apparmor" or "selinux".
security_ext: "apparmor" # MUST be one of "apparmor" or "selinux".
################################################################################################################################
# Dropbear settings
@@ -509,6 +509,7 @@ network:
dhcp: 60 # If the dhcp server is slow, and the installer times out waiting for it, this might be useful.
linkwait: 3 # To set a different link detection timeout (default is 3 seconds).
static:
dns_dhcp_override: true # If you want to override the DNS settings of the DHCP server.
enable: true # If you want the preconfiguration file to work on systems both with and without a dhcp
# server, change 'network.static.enable' from "false" to "true" and configure the static
# configuration below.
@@ -820,6 +821,10 @@ ssh:
allow_hardening: true # For additional hardening of SSH connections via TCP wrapper: '/etc/hosts.allow'.
# If "allow_hardening" = "true", at least one 'allow_ipv4' MUST be provided.
allow_ipv4: # Provide Bastion / Jump-Server / static VPN-Exit-Nodes IPv4: will be added: 'f2ban-ignoreip'.
# Also, ufw will be configured to ufw aggressive approach:
# Any valid client communicating with the server should be going directly to the service ports
# opened in ufw (ssh, 80, ...). Any client touching other ports is treated as malicious and
# therefore is blocked access to ALL ports after 1 attempt.
- 202.61.246.50
allow_ipv6: # Provide Bastion / Jump-Server / static VPN-Exit-Nodes IPv6: will be added: 'f2ban-ignoreip'.
- 2a03:4000:53:f:abcd:9494:0:2