# SPDX-Version: 3.0 # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileCopyrightText: 2024–2025; WEIDNER, Marc S.; # SPDX-FileType: SOURCE # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu ########################################################################################### # Partitioning CISS.partitioning # ########################################################################################### # If the system has free space you can choose to only partition that space. This is only # honoured if partman-auto/method is NOT set. Alternatively, choose 'use_entire_disk': # d-i partman-auto/init_automatically_partition select biggest_free # Alternatively, you may specify a disk to partition. ###d-i partman-auto/disk string /dev/sda # In addition, you'll need to specify the method to use. Presently available methods are: # - regular : use the usual partition types for your architecture # - lvm : use LVM to partition the disk # - crypto : use LVM within an encrypted partition ###d-i partman-auto/method string crypto # When disk encryption is enabled, skip wiping the partitions beforehand: ###d-i partman-auto-crypto/erase_disks boolean false # You can define the amount of space that will be used for the LVM volume group. It can # either be a size with its unit (eg. 20 GB), a percentage of free space or 'max' keyword: ###d-i partman-auto-lvm/guided_size string max # Name of the volume group for the new system: ###d-i partman-auto-lvm/new_vg_name string vg_ciss # Force UEFI booting ('BIOS compatibility' will be lost). Default: false: ###d-i partman-efi/non_efi_system boolean false # If one of the disks that are going to be automatically partitioned contains an old LVM # configuration, the user will normally receive a warning. This can be preseeded away: ###d-i partman-lvm/device_remove_lvm boolean true # The same applies to pre-existing software RAID array: ###d-i partman-md/device_remove_md boolean true # And the same goes for the confirmation to write the lvm partitions: ###d-i partman-lvm/confirm boolean true ###d-i partman-lvm/confirm_nooverwrite boolean true ########################################################################################### # This makes partman automatically partition without confirmation, provided that it was # # told what to do using one of the methods specified. # ########################################################################################### # The following debconfvariables are often important for the basic configuration and for # # mounting after manual partitioning. These ensure that the installer does not attempt to # # make changes or overwrite already mounted partitions. They help to 'switch off' the # # installer when it tries to apply partitioning automatically. # ########################################################################################### # Confirm whether you actually want to create a new partition table and write it to disk: ###d-i partman-partitioning/confirm_write_new_label boolean true ###d-i partman/choose_partition select finish ###d-i partman/confirm boolean true ###d-i partman/confirm_nooverwrite boolean true # Ensure the partition table is GPT - this is required for EFI: ###d-i partman-partitioning/choose_label select gpt ###d-i partman-partitioning/default_label string gpt # This setting ensures that partitions without a mount point do not trigger a warning dialogue. ###d-i partman-basicfilesystems/no_mount_point boolean true # This setting tells the Debian installer not to issue a warning if no swap partition is set up. ###d-i partman-basicfilesystems/no_swap boolean true # Encryption settings # d-i partman-crypto/passphrase password < set by ./preseed/.ash/0_di_preseed_include_command.sh > # d-i partman-crypto/passphrase-again password < set by ./preseed/.ash/0_di_preseed_include_command.sh > ###d-i partman-crypto/passphrase password DEFAULT ###d-i partman-crypto/passphrase-again password DEFAULT ###d-i partman-crypto/weak_passphrase boolean true # https://preseed.debian.net/debian-preseed/bookworm/amd64-main-full.txt ###d-i partman-crypto/entropy entropy 256 # debconf-set-selections -c ./preseed/.cfg/partitioning.cfg: "warning: Unknown type entropy, skipping line" therefore as string: ###d-i partman-crypto/entropy string 256 # Are you sure you want to use a random key? ###d-i partman-crypto/use_random_for_nonswap boolean false ########################################################################################### # This command is run immediately before the partitioner starts. It may be useful to # # apply dynamic partitioner preseeding that depends on the state of the disks (which may # # not be visible when preseed/early_command runs). # ########################################################################################### # d-i partman/early_command string /sh /.ciss/install/.ash/2_di_partman_early_command.sh ###d-i partman-auto/expert_recipe string \ \ 511MiB 511MiB 511MiB EFS \ label{ ESP } \ $defaultignore{ } \ $primary{ } \ $bootable{ } \ method{ efi } \ format{ } \ use_filesystem{ } \ filesystem{ EFS } \ device{ /dev/sda } \ mountpoint{ /boot } \ . \ rescue :: \ 3584MiB 3584MiB 3584MiB ext4 \ label{ rescue } \ $defaultignore{ } \ $primary{ } \ method{ format } \ format{ } \ use_filesystem{ } \ filesystem{ ext4 } \ device{ /dev/sda } \ mountpoint{ /mnt/rescue } \ . \ crypt_boot :: \ 4096MiB 4096MiB 4096MiB ext4 \ label{ boot } \ $defaultignore{ } \ $primary{ } \ method{ format } \ format{ } \ use_filesystem{ } \ filesystem{ ext4 } \ device{ /dev/sda } \ mountpoint{ /boot } \ . \ crypt_ephemeral_swap :: \ 4096MiB 4096MiB 4096MiB none \ label{ crypt_swap } \ $defaultignore{ } \ $primary{ } \ method{ keep } \ device{ /dev/sda } \ . \ crypt_ephemeral_tmp :: \ 4096MiB 4096MiB 4096MiB none \ label{ crypt_tmp } \ $defaultignore{ } \ $primary{ } \ method{ keep } \ device{ /dev/sda } \ . \ crypt_home :: \ 32768MiB 32768MiB 32768MiB crypto \ $primary{ } \ method{ crypto } \ format{ } \ use_filesystem{ } \ filesystem{ btrfs } \ label{ btrfs_home } \ options/subvol{ @snapshots } \ device{ /dev/sda } \ mountpoint{ /home } \ . \ crypt_root :: \ 32768MiB 32768MiB 32768MiB crypto \ $primary{ } \ method{ crypto } \ format{ } \ use_filesystem{ } \ filesystem{ btrfs } \ label{ btrfs_root } \ options/subvol{ @snapshots } \ device{ /dev/sda } \ mountpoint{ / } \ . \ crypt_usr :: \ 40960MiB 40960MiB 40960MiB crypto \ $primary{ } \ method{ crypto } \ format{ } \ use_filesystem{ } \ filesystem{ btrfs } \ label{ btrfs_usr } \ options/subvol{ @snapshots } \ device{ /dev/sda } \ mountpoint{ /usr } \ . \ crypt_var :: \ 40960MiB 40960MiB 40960MiB crypto \ $primary{ } \ method{ crypto } \ format{ } \ use_filesystem{ } \ filesystem{ btrfs } \ label{ btrfs_var } \ options/subvol{ @snapshots } \ device{ /dev/sda } \ mountpoint{ /var } \ . \ crypt_var_log :: \ 16384MiB 16384MiB 16384MiB crypto \ $primary{ } \ method{ crypto } \ format{ } \ use_filesystem{ } \ filesystem{ btrfs } \ label{ btrfs_var_log } \ options/subvol{ @snapshots } \ device{ /dev/sda } \ mountpoint{ /var/log } \ . \ crypt_var_log_audit :: \ 16384MiB 16384MiB 16384MiB crypto \ $primary{ } \ method{ crypto } \ format{ } \ use_filesystem{ } \ filesystem{ btrfs } \ label{ btrfs_var_log_audit } \ options/subvol{ @snapshots } \ device{ /dev/sda } \ mountpoint{ /var/log/audit } \ . \ crypt_var_tmp :: \ 16384MiB 16384MiB 16384MiB crypto \ $primary{ } \ method{ crypto } \ format{ } \ use_filesystem{ } \ filesystem{ btrfs } \ label{ btrfs_var_tmp } \ options/subvol{ @snapshots } \ device{ /dev/sda } \ mountpoint{ /var/tmp } \ . \ installer_tmp :: \ 1024MiB 16384MiB -1 ext4 \ $defaultignore{ } \ $primary{ } \ method{ format } \ format{ } \ use_filesystem{ } \ filesystem{ ext4 } \ mountpoint{ /tmp } \ device{ /dev/sda } \ label{ installer_tmp } \ . ########################################################################################### #d-i partman-auto/choose_recipe select ciss-2025-btrfs-ultra #d-i partman-auto/expert_recipe string \ ciss-2025-btrfs-ultra :: \ ESP : \ 511 511 511 free \ $defaultignore{ } \ $primary{ } \ $bootable{ } \ method{ efi } format{ } \ label{ ESP } \ . \ boot : \ 3584 3584 3584 ext4 \ $defaultignore{ } \ $primary{ } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /boot } \ label{ boot } \ . \ crypt_ephemeral_swap : \ 4096 4096 4096 none \ $defaultignore{ } \ $primary{ } \ method{ keep } \ label{ crypt_sda3 } \ . \ crypt_ephemeral_tmp : \ 4096 4096 4096 none \ $defaultignore{ } \ $primary{ } \ method{ keep } \ label{ crypt_sda4 } \ . \ lv_home : \ 32768 32768 32768 btrfs \ $lvmok{ } \ lv_name{ lv_home } \ method{ format } format{ } \ use_filesystem{ } filesystem{ btrfs } \ label{ btrfs_home } \ options/subvol{ @snapshots } \ mountpoint{ /home } \ . \ lv_root : \ 32768 32768 32768 btrfs \ $lvmok{ } \ lv_name{ lv_root } \ method{ format } format{ } \ use_filesystem{ } filesystem{ btrfs } \ label{ btrfs_root } \ options/subvol{ @snapshots } \ mountpoint{ / } \ . \ lv_usr : \ 65536 65536 65536 btrfs \ $lvmok{ } } \ lv_name{ lv_usr } \ method{ format } format{ } \ use_filesystem{ } filesystem{ btrfs } \ label{ btrfs_usr } \ options/subvol{ @snapshots } \ mountpoint{ /usr } \ . \ lv_var : \ 65536 65536 65536 btrfs \ $lvmok{ } \ lv_name{ lv_var } \ method{ format } format{ } \ use_filesystem{ } filesystem{ btrfs } \ label{ btrfs_var } \ options/subvol{ @snapshots } \ mountpoint{ /var } \ . \ lv_var_log : \ 16384 16384 16384 btrfs \ $lvmok{ } \ lv_name{ lv_var_log } \ method{ format } format{ } \ use_filesystem{ } filesystem{ btrfs } \ label{ btrfs_var_log } \ options/subvol{ @snapshots } \ mountpoint{ /var/log } \ . \ lv_var_log_audit : \ 16384 16384 16384 \ $lvmok{ } \ lv_name{ lv_var_log_audit } \ method{ format } format{ } \ use_filesystem{ } filesystem{ btrfs } \ label{ btrfs_var_log_audit } \ options/subvol{ @snapshots } \ mountpoint{ /var/log/audit } \ . \ lv_var_tmp : \ 1 16384 -1 \ $lvmok{ } \ lv_name{ lv_var_tmp } \ method{ format } format{ } \ use_filesystem{ } filesystem{ btrfs } \ label{ btrfs_var_tmp } \ options/subvol{ @snapshots } \ mountpoint{ /var/tmp } \ . \ rescue : \ 1024 8192 -1 \ $defaultignore{ } \ $primary{ } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /tmp } \ label{ rescue } \ . # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh