msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity
Files
ea1dfd791bf217d89f9c2eda4f8ab58de0f88b046455c8550b99eed4a2172d9a
CISS.debian.live.builder/config/includes.chroot/preseed/.cfg/partitioning.cfg
Marc S. Weidner 3ad1726770
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Failing after 1m11s
Details
V8.03.400.2025.06.05 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-06-05 22:38:12 +02:00

360 lines
16 KiB
Bash
Raw Blame History

# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
###########################################################################################
# Partitioning CISS.partitioning #
###########################################################################################
# If the system has free space you can choose to only partition that space. This is only
# honoured if partman-auto/method is NOT set. Alternatively, choose 'use_entire_disk':
# d-i partman-auto/init_automatically_partition select biggest_free
# Alternatively, you may specify a disk to partition.
###d-i partman-auto/disk string /dev/sda
# In addition, you'll need to specify the method to use. Presently available methods are:
# - regular : use the usual partition types for your architecture
# - lvm : use LVM to partition the disk
# - crypto : use LVM within an encrypted partition
###d-i partman-auto/method string crypto
# When disk encryption is enabled, skip wiping the partitions beforehand:
###d-i partman-auto-crypto/erase_disks boolean false
# You can define the amount of space that will be used for the LVM volume group. It can
# either be a size with its unit (eg. 20 GB), a percentage of free space or 'max' keyword:
###d-i partman-auto-lvm/guided_size string max
# Name of the volume group for the new system:
###d-i partman-auto-lvm/new_vg_name string vg_ciss
# Force UEFI booting ('BIOS compatibility' will be lost). Default: false:
###d-i partman-efi/non_efi_system boolean false
# If one of the disks that are going to be automatically partitioned contains an old LVM
# configuration, the user will normally receive a warning. This can be preseeded away:
###d-i partman-lvm/device_remove_lvm boolean true
# The same applies to pre-existing software RAID array:
###d-i partman-md/device_remove_md boolean true
# And the same goes for the confirmation to write the lvm partitions:
###d-i partman-lvm/confirm boolean true
###d-i partman-lvm/confirm_nooverwrite boolean true
###########################################################################################
# This makes partman automatically partition without confirmation, provided that it was #
# told what to do using one of the methods specified. #
###########################################################################################
# The following debconfvariables are often important for the basic configuration and for #
# mounting after manual partitioning. These ensure that the installer does not attempt to #
# make changes or overwrite already mounted partitions. They help to 'switch off' the #
# installer when it tries to apply partitioning automatically. #
###########################################################################################
# Confirm whether you actually want to create a new partition table and write it to disk:
###d-i partman-partitioning/confirm_write_new_label boolean true
###d-i partman/choose_partition select finish
###d-i partman/confirm boolean true
###d-i partman/confirm_nooverwrite boolean true
# Ensure the partition table is GPT - this is required for EFI:
###d-i partman-partitioning/choose_label select gpt
###d-i partman-partitioning/default_label string gpt
# This setting ensures that partitions without a mount point do not trigger a warning dialogue.
###d-i partman-basicfilesystems/no_mount_point boolean true
# This setting tells the Debian installer not to issue a warning if no swap partition is set up.
###d-i partman-basicfilesystems/no_swap boolean true
# Encryption settings
# d-i partman-crypto/passphrase password < set by ./preseed/.ash/0_di_preseed_include_command.sh >
# d-i partman-crypto/passphrase-again password < set by ./preseed/.ash/0_di_preseed_include_command.sh >
###d-i partman-crypto/passphrase password DEFAULT
###d-i partman-crypto/passphrase-again password DEFAULT
###d-i partman-crypto/weak_passphrase boolean true
# https://preseed.debian.net/debian-preseed/bookworm/amd64-main-full.txt
###d-i partman-crypto/entropy entropy 256
# debconf-set-selections -c ./preseed/.cfg/partitioning.cfg: "warning: Unknown type entropy, skipping line" therefore as string:
###d-i partman-crypto/entropy string 256
# Are you sure you want to use a random key?
###d-i partman-crypto/use_random_for_nonswap boolean false
###########################################################################################
# This command is run immediately before the partitioner starts. It may be useful to #
# apply dynamic partitioner preseeding that depends on the state of the disks (which may #
# not be visible when preseed/early_command runs). #
###########################################################################################
# d-i partman/early_command string /sh /.ciss/install/.ash/2_di_partman_early_command.sh
###d-i partman-auto/expert_recipe string \
\
511MiB 511MiB 511MiB EFS \
label{ ESP } \
$defaultignore{ } \
$primary{ } \
$bootable{ } \
method{ efi } \
format{ } \
use_filesystem{ } \
filesystem{ EFS } \
device{ /dev/sda } \
mountpoint{ /boot } \
. \
rescue :: \
3584MiB 3584MiB 3584MiB ext4 \
label{ rescue } \
$defaultignore{ } \
$primary{ } \
method{ format } \
format{ } \
use_filesystem{ } \
filesystem{ ext4 } \
device{ /dev/sda } \
mountpoint{ /mnt/rescue } \
. \
crypt_boot :: \
4096MiB 4096MiB 4096MiB ext4 \
label{ boot } \
$defaultignore{ } \
$primary{ } \
method{ format } \
format{ } \
use_filesystem{ } \
filesystem{ ext4 } \
device{ /dev/sda } \
mountpoint{ /boot } \
. \
crypt_ephemeral_swap :: \
4096MiB 4096MiB 4096MiB none \
label{ crypt_swap } \
$defaultignore{ } \
$primary{ } \
method{ keep } \
device{ /dev/sda } \
. \
crypt_ephemeral_tmp :: \
4096MiB 4096MiB 4096MiB none \
label{ crypt_tmp } \
$defaultignore{ } \
$primary{ } \
method{ keep } \
device{ /dev/sda } \
. \
crypt_home :: \
32768MiB 32768MiB 32768MiB crypto \
$primary{ } \
method{ crypto } \
format{ } \
use_filesystem{ } \
filesystem{ btrfs } \
label{ btrfs_home } \
options/subvol{ @snapshots } \
device{ /dev/sda } \
mountpoint{ /home } \
. \
crypt_root :: \
32768MiB 32768MiB 32768MiB crypto \
$primary{ } \
method{ crypto } \
format{ } \
use_filesystem{ } \
filesystem{ btrfs } \
label{ btrfs_root } \
options/subvol{ @snapshots } \
device{ /dev/sda } \
mountpoint{ / } \
. \
crypt_usr :: \
40960MiB 40960MiB 40960MiB crypto \
$primary{ } \
method{ crypto } \
format{ } \
use_filesystem{ } \
filesystem{ btrfs } \
label{ btrfs_usr } \
options/subvol{ @snapshots } \
device{ /dev/sda } \
mountpoint{ /usr } \
. \
crypt_var :: \
40960MiB 40960MiB 40960MiB crypto \
$primary{ } \
method{ crypto } \
format{ } \
use_filesystem{ } \
filesystem{ btrfs } \
label{ btrfs_var } \
options/subvol{ @snapshots } \
device{ /dev/sda } \
mountpoint{ /var } \
. \
crypt_var_log :: \
16384MiB 16384MiB 16384MiB crypto \
$primary{ } \
method{ crypto } \
format{ } \
use_filesystem{ } \
filesystem{ btrfs } \
label{ btrfs_var_log } \
options/subvol{ @snapshots } \
device{ /dev/sda } \
mountpoint{ /var/log } \
. \
crypt_var_log_audit :: \
16384MiB 16384MiB 16384MiB crypto \
$primary{ } \
method{ crypto } \
format{ } \
use_filesystem{ } \
filesystem{ btrfs } \
label{ btrfs_var_log_audit } \
options/subvol{ @snapshots } \
device{ /dev/sda } \
mountpoint{ /var/log/audit } \
. \
crypt_var_tmp :: \
16384MiB 16384MiB 16384MiB crypto \
$primary{ } \
method{ crypto } \
format{ } \
use_filesystem{ } \
filesystem{ btrfs } \
label{ btrfs_var_tmp } \
options/subvol{ @snapshots } \
device{ /dev/sda } \
mountpoint{ /var/tmp } \
. \
installer_tmp :: \
1024MiB 16384MiB -1 ext4 \
$defaultignore{ } \
$primary{ } \
method{ format } \
format{ } \
use_filesystem{ } \
filesystem{ ext4 } \
mountpoint{ /tmp } \
device{ /dev/sda } \
label{ installer_tmp } \
.
###########################################################################################
#d-i partman-auto/choose_recipe select ciss-2025-btrfs-ultra
#d-i partman-auto/expert_recipe string \
ciss-2025-btrfs-ultra :: \
ESP : \
511 511 511 free \
$defaultignore{ } \
$primary{ } \
$bootable{ } \
method{ efi } format{ } \
label{ ESP } \
. \
boot : \
3584 3584 3584 ext4 \
$defaultignore{ } \
$primary{ } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /boot } \
label{ boot } \
. \
crypt_ephemeral_swap : \
4096 4096 4096 none \
$defaultignore{ } \
$primary{ } \
method{ keep } \
label{ crypt_sda3 } \
. \
crypt_ephemeral_tmp : \
4096 4096 4096 none \
$defaultignore{ } \
$primary{ } \
method{ keep } \
label{ crypt_sda4 } \
. \
lv_home : \
32768 32768 32768 btrfs \
$lvmok{ } \
lv_name{ lv_home } \
method{ format } format{ } \
use_filesystem{ } filesystem{ btrfs } \
label{ btrfs_home } \
options/subvol{ @snapshots } \
mountpoint{ /home } \
. \
lv_root : \
32768 32768 32768 btrfs \
$lvmok{ } \
lv_name{ lv_root } \
method{ format } format{ } \
use_filesystem{ } filesystem{ btrfs } \
label{ btrfs_root } \
options/subvol{ @snapshots } \
mountpoint{ / } \
. \
lv_usr : \
65536 65536 65536 btrfs \
$lvmok{ } } \
lv_name{ lv_usr } \
method{ format } format{ } \
use_filesystem{ } filesystem{ btrfs } \
label{ btrfs_usr } \
options/subvol{ @snapshots } \
mountpoint{ /usr } \
. \
lv_var : \
65536 65536 65536 btrfs \
$lvmok{ } \
lv_name{ lv_var } \
method{ format } format{ } \
use_filesystem{ } filesystem{ btrfs } \
label{ btrfs_var } \
options/subvol{ @snapshots } \
mountpoint{ /var } \
. \
lv_var_log : \
16384 16384 16384 btrfs \
$lvmok{ } \
lv_name{ lv_var_log } \
method{ format } format{ } \
use_filesystem{ } filesystem{ btrfs } \
label{ btrfs_var_log } \
options/subvol{ @snapshots } \
mountpoint{ /var/log } \
. \
lv_var_log_audit : \
16384 16384 16384 \
$lvmok{ } \
lv_name{ lv_var_log_audit } \
method{ format } format{ } \
use_filesystem{ } filesystem{ btrfs } \
label{ btrfs_var_log_audit } \
options/subvol{ @snapshots } \
mountpoint{ /var/log/audit } \
. \
lv_var_tmp : \
1 16384 -1 \
$lvmok{ } \
lv_name{ lv_var_tmp } \
method{ format } format{ } \
use_filesystem{ } filesystem{ btrfs } \
label{ btrfs_var_tmp } \
options/subvol{ @snapshots } \
mountpoint{ /var/tmp } \
. \
rescue : \
1024 8192 -1 \
$defaultignore{ } \
$primary{ } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /tmp } \
label{ rescue } \
.
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
Reference in New Issue View Git Blame Copy Permalink