# There are two sets of parameters you can use as the append line:
# The minimum required is:
# hostname=x2gobroker1 domain=x2go.example.com
# url=http://192.168.0.224/preseed_x2gobroker1
# (all in one line, and without the leading "#" marks)
# If you only use these, you will have to answer a few questions
# - mainly regarding country, keyboard and locale - interactively.
# For a fully automated installation, add these parameters 
# *in addition to the ones listed above*
# (again, all in one line, and without the leading "#" marks):
# priority=critical netcfg/use_dhcp=true netcfg/choose_interface=eth0 
# debian-installer/locale=de_DE keymap=de-latin1
# debian-installer/locale=de_DE.UTF-8 DEBCONF_DEBUG=5

# We prefer to stay anonymous ;-)
popularity-contest popularity-contest/participate boolean false

# Load non-free firmware, if possible
d-i hw-detect/load_firmware boolean true

# Repository
# CHANGE THIS to your nearest mirror
d-i     mirror/http/hostname    string ftp.de.debian.org
d-i     mirror/http/directory   string /debian/
d-i     mirror/suite            string jessie

# Post install APT setup
d-i     apt-setup/uri_type      select d-i
# CHANGE THIS to your nearest mirror
d-i     apt-setup/hostname      string ftp.de.debian.org
d-i     apt-setup/directory     string /debian/
d-i     apt-setup/another       boolean false
d-i     apt-setup/security-updates      boolean true
d-i     finish-install/reboot_in_progress note
d-i     prebaseconfig/reboot_in_progress        note

d-i     apt-setup/non-free 	boolean true
d-i     apt-setup/contrib 	boolean true

# Network-related settings
# Every hostname and domain name assigned via DHCP  
# takes priority over these values 
# however, if they are left empty, the installer will query them interactively 
d-i     netcfg/get_hostname     string  x2gobroker1
d-i     netcfg/get_domain       string  x2go.example.com
d-i     netcfg/disable_dhcp     boolean false
d-i     mirror/http/proxy      string
d-i     netcfg/choose_interface select eth0
d-i     netcfg/wireless_wep     string

# Partitioning and Bootloader settings
d-i     partman-auto/disk               string /dev/sda
d-i     partman-auto/method             string regular

# Do not use UUIDs in fstab (and not in bootloader config, either)
d-i partman/mount_style string traditional

# This silences an interactive "are you sure?" query
d-i	partman/confirm	boolean	true
d-i     partman-partitioning/confirm_write_new_label boolean true
d-i     partman/choose_partition select finish
d-i     partman/confirm_nooverwrite boolean true
d-i     partman-lvm/device_remove_lvm boolean true
d-i     partman-lvm/confirm boolean true
d-i     partman-md/device_remove_md boolean true
d-i     partman-md/confirm boolean true

d-i partman-auto/choose_recipe select atomic
#d-i partman-auto/choose_recipe select home
#d-i partman-auto/choose_recipe select multi

d-i debian-installer/add-kernel-opts string nomodeset gfxpayload=vga=normal

d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean true
d-i grub-installer/bootdev  string /dev/sda

# Country, keyboard, locale settings - CHANGE THIS
d-i 	debian-installer/locale string de_DE
d-i     debian-installer/keymap select de-latin1
d-i     debian-installer/keymap string de-latin1

d-i     languagechooser/language-name-fb    select German
d-i     countrychooser/country-name select Germany
d-i     console-setup/layoutcode string de_DE
d-i     debian-installer/locale             select de_DE.UTF-8

# Time zone settings - CHANGE THIS
d-i     tzconfig/gmt            boolean false
d-i     tzconfig/choose_country_zone/Europe select Berlin
d-i     tzconfig/choose_country_zone_single boolean true
d-i	time/zone	select	Europe/Berlin
d-i	clock-setup/utc	boolean	true
d-i	mirror/country	string	manual
d-i     clock-setup/ntp boolean false

# Root Account
# this says "start" in MD5 - CHANGE THIS
d-i	passwd/root-password-crypted    passwd    $1$ekONVtC5$rTbjMaMA6cqFpbWu7UXWN.

# Do not create a regular user account when installing a server
d-i passwd/make-user boolean false
#d-i	passwd/user-fullname            string Local User
#d-i	passwd/username                 string localuser
#d-i	passwd/user-password-crypted    passwd $1$ekONVtC5$rTbjMaMA6cqFpbWu7UXWN.


# Additional repositories, local[0-9] available
# this is where we add the X2Go repo
d-i apt-setup/local0/repository string \
       http://packages.x2go.org/debian jessie main
d-i apt-setup/local0/comment string X2Go Repository

# URL to the public key of the local repository; you must provide a key or
# apt will complain about the unauthenticated repository and so the
# sources.list line will be left commented out

# When this key doesn't work any more, switch entries
#d-i apt-setup/local0/key string http://packages.x2go.org/pub.key
d-i apt-setup/local0/key string http://packages.x2go.org/debian-old-pub.key

# Task and Package Selection
tasksel	tasksel/first	multiselect	ssh-server
d-i	pkgsel/include	string		ssh \
console-setup \
debconf-i18n \
ldap-utils \
libnss-ldapd \
libpam-ldapd \
mc \
nslcd \
ntp \
postgresql-client-9.4 \
postgresql-client-common \
rsync \
screen \
sysvinit-core \
sysvinit-utils \
unattended-upgrades \
vim \
x2go-keyring \
x2gobroker \
x2gobroker-agent \
x2gobroker-authservice \
x2gobroker-daemon \
x2gobroker-loadchecker \
x2gobroker-ssh

# Commands to be executed after package installation
# Note: The only way to insert comments below is to add an "echo COMMENT"
d-i preseed/late_command string echo "COMMENT: Begin Post-Install Setup/Config" ;\
 echo "COMMENT: Configure SSH" ;\
 mkdir -p /target/root/.ssh ; \
 chmod 700 /target/root/.ssh ;\
 touch /target/root/.ssh/authorized_keys ; \
 chmod 600 /target/root/.ssh/authorized_keys ;\
 sed -i '/^PermitRootLogin/c PermitRootLogin without-password' /target/etc/ssh/sshd_config ;\
 echo "COMMENT: Insert your own SSH public key here" ;\
 echo "COMMENT: User echo -n as shown so multiline echo doesn't add Newlines when appending" ;\
 echo -n 'ssh-rsa AAAAB3blahblahblah' >>/target/root/.ssh/authorized_keys ;\
 echo -n 'blahblahblahOQ== SSH Key Comment here' >>/target/root/.ssh/authorized_keys ;\
 echo "COMMENT: Fixing shortcomings of netcfg here..." ;\
 sed -i "s/$(cat /etc/hostname)/x2gobroker1/" /target/etc/hosts ;\
 echo "x2gobroker1" >/target/etc/hostname ;\
 echo "COMMENT: Fix ends here." ;\
 echo "COMMENT: This is said to be required for LDAP UID/GID sync." ;\
 sed -i '/^NEED_IMAPD/cNEED_IMAPD=yes' /target/etc/default/nfs-common ;\
 echo "COMMENT: This fixes some annoyances regarding UTF-8 and MidnightCommander" ;\
 echo "export LANG=de_DE.UTF-8" >>/target/etc/bash.bashrc ;\
 echo "export NCURSES_NO_UTF8_ACS=1" >>/target/etc/bash.bashrc ;\
 echo "COMMENT: This is for homedir autocreation." ;\
 echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\
 echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\
 echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\
 echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\
 echo "COMMENT: This makes sure error messages during bootup remain on screen." ;\
 sed -i -e '/^1/ s/getty/getty --noclear/' /target/etc/inittab ;\
 echo "COMMENT: This is so /home gets mounted from nfs1" ;\
 echo -e 'nfs1:/export/home\t/home\tnfs\tsoft,intr,rsize=8192,wsize=8192\t0\t0' >>/target/etc/fstab ;\
 echo "COMMENT: This is so dnsmasq on ldap1 is queried for DNS first" ;\
 sed 's/#prepend domain-name-servers 127.0.0.1;/prepend domain-name-servers 192.168.154.146;/' -i /target/etc/dhcp/dhclient.conf ;\
 echo "COMMENT: This removes the cdrom entry from sources list (left behind by installer)" ;\
 sed -i '/^#* *deb cdrom/d' /target/etc/apt/sources.list ;\
 echo "COMMENT: This patches the x2gobroker configuration files the way we need them to be for our demo." ;\
 sed -i -e '/^host=/chost=x2goserver1.x2go.example.com,x2goserver2.x2go.example.com' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^fullscreen=/cfullscreen=true' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^#default-agent-query-mode/adefault-agent-query-mode=SSH' /target/etc/x2go/x2gobroker.conf ;\
 sed -i -e '/^#default-use-load-checker/adefault-use-load-checker=true' /target/etc/x2go/x2gobroker.conf ;\
 sed -i -e 's/localhost-kde/localhost-lxde/g' -e 's/=KDE/=LXDE/g' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e 's/localhost-shadow/localhost-xfce/g' -e 's/=SHADOW/=XFCE/g' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e "/# don't even try/d" /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e 's/ - localhost/ - X2GoFarm/g' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e 's/localhost-/x2gofarm-/g' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^command=LXDE/aacl-any-order=deny-allow' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^command=LXDE/aacl-groups-deny=ALL' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^command=LXDE/aacl-groups-allow=group-a' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^command=XFCE/aacl-any-order=deny-allow' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^command=XFCE/aacl-groups-deny=ALL' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^command=XFCE/aacl-groups-allow=group-b' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^### EXAMPLES:/i[x2goserver1-shadow]' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^### EXAMPLES:/iname=SHADOW - X2GoServer1' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^### EXAMPLES:/ihost=x2goserver1.x2go.example.com' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^### EXAMPLES:/icommand=SHADOW' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^### EXAMPLES:/iusebrokerpass=true' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^### EXAMPLES:/i ' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^### EXAMPLES:/i[x2goserver2-shadow]' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^### EXAMPLES:/iname=SHADOW - X2GoServer2' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^### EXAMPLES:/ihost=x2goserver2.x2go.example.com' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^### EXAMPLES:/icommand=SHADOW' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^### EXAMPLES:/iusebrokerpass=true' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^### EXAMPLES:/i ' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^command=SHADOW/aacl-any-order=deny-allow' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^command=SHADOW/aacl-groups-deny=ALL' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^command=SHADOW/aacl-groups-allow=group-shadow' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 echo "COMMENT: These patches fix bugs that are still present in the current stable release" ;\
 sed -i -e 's/if pam.pam:/if hasattr(pam, "pam"):/' /target/usr/sbin/x2gobroker-authservice /target/usr/lib/python2.7/dist-packages/x2gobroker/authmechs/pam_authmech.py ;\
 sed -i -e "s/'hostname'/'hostaddr'/" /target/usr/sbin/x2gobroker-testagent ;\
 echo "COMMENT: This enables the HTTP Session Broker for SystemD and SysVinit systems" ;\
 sed -i '/#DAEMON_BIND_ADDRESS=127.0.0.1:8080/aDAEMON_BIND_ADDRESS=*:8080' /target/etc/default/x2gobroker-daemon /target/etc/x2go/broker/defaults.conf ;\
 echo "COMMENT: This patches rc.local so the following set of commands is run" ;\
 echo "COMMENT: exactly *once* - at the first boot after installation." ;\
 echo "COMMENT: First, remove the 'exit 0'" ;\
 sed -i '/^exit 0/d' /target/etc/rc.local ;\
 echo "COMMENT: This is so /bin/sh points to /bin/bash instead of /bin/dash" ;\
 echo "COMMENT: As the standard shell of our LDAP users is set to /bin/sh." ;\
 echo 'dpkg-reconfigure -pcritical dash' >>/target/etc/rc.local ;\
 echo "COMMENT: This is the cleanup job for the dpkg-reconfigure call, so it doesn't run more than once." ;\
 echo 'sed -i -e "/dpkg/d" /etc/rc.local' >>/target/etc/rc.local ;\
 echo "COMMENT: We're cheating here:" ;\
 echo "COMMENT: We're calling the pubkeyauthorizer on x2gobroker, rather than from each x2goserver." ;\
 echo "COMMENT: That way, we don't have to open :8080 for anything more than localhost." ;\
 echo 'x2gobroker-pubkeyauthorizer --broker-url http://localhost:8080/pubkeys/' >>/target/etc/rc.local ;\
 echo "COMMENT: Now we create a directory (watch permissions/ownership!) on the NFS share, and dump the generated key file there." ;\
 echo 'mkdir -p /home/root/x2gobroker' >>/target/etc/rc.local ;\
 echo 'chmod 700 /home/root #x2gobroker' >>/target/etc/rc.local ;\
 echo 'chown -R root:root /home/root #x2gobroker' >>/target/etc/rc.local ;\
 echo 'cp -a /var/lib/x2gobroker/.ssh /home/root/x2gobroker' >>/target/etc/rc.local ;\
 echo "COMMENT: This is the cleanup job for the pubkeyauthorizer stuff, so it doesn't run more than once." ;\
 echo 'sed -i -e "/x2gobroker/d" /etc/rc.local' >>/target/etc/rc.local ;\
 echo "COMMENT: Finally, rc.local must terminate with 'exit 0' again." ;\
 echo 'exit 0' >>/target/etc/rc.local ;\
 echo "COMMENT: Make sure x2gobroker has a key pair available at first boot" ;\
 in-target x2gobroker-keygen ;\
 echo "COMMENT: Finally, take out the trash (yes, this includes systemd)" ;\
 in-target apt-get purge -y systemd systemd-shim ;\
 in-target apt-get autoremove --purge -y ;\
 in-target apt-get clean ;\
 echo "End Post-Install Setup/Config"

# Shut down and power off after installation
d-i debian-installer/exit/poweroff boolean true

# preseed key-value pairs for the packages we intend to install
dash	dash/sh	boolean	false
exim4-config exim4/no_config boolean true
libnss-ldapd	libnss-ldapd/nsswitch	multiselect	passwd, shadow, group, hosts, services, networks, protocols, rpc, ethers, netgroup
libnss-ldapd	libnss-ldapd/clean_nsswitch	boolean	false
libpam-runtime  libpam-runtime/profiles multiselect     unix, ldap
mdadm   mdadm/autostart boolean false
mdadm   mdadm/mail_to   string  root
mdadm   mdadm/initrdstart       string  all
mdadm   mdadm/initrdstart_notinconf     boolean true
mdadm   mdadm/autocheck boolean true
mdadm   mdadm/start_daemon      boolean true
nslcd   nslcd/ldap-bindpw       password
nslcd   nslcd/ldap-sasl-secprops        string
nslcd   nslcd/ldap-sasl-krb5-ccname     string  /var/run/nslcd/nslcd.tkt
nslcd   nslcd/ldap-sasl-authcid string
nslcd   nslcd/ldap-binddn       string
nslcd   nslcd/ldap-cacertfile   string  /etc/ssl/certs/ca-certificates.crt
nslcd   nslcd/ldap-sasl-authzid string
nslcd   nslcd/ldap-uris string  ldap://ldap1.x2go.example.com/
nslcd   nslcd/ldap-sasl-mech    select
nslcd   nslcd/ldap-auth-type    select  none
nslcd   nslcd/ldap-base string  dc=x2go,dc=example,dc=com
nslcd   nslcd/ldap-sasl-realm   string
nslcd   nslcd/ldap-reqcert      select
nslcd   nslcd/ldap-starttls     boolean false
x2gobroker-ssh x2gobroker-ssh/group-x2gobroker-users string x2gobroker-users
x2gobroker-ssh x2gobroker-ssh/group-does-not-exist note
x2gobroker-ssh x2gobroker-ssh/use-existing-group boolean false
x2gobroker-ssh x2gobroker-ssh/create-group boolean true
x2gobroker-ssh x2gobroker-ssh/manual-setup-required boolean false
x2gobroker-ssh x2gobroker-ssh/del-last-group-x2gobroker-users boolean false
x2gobroker-ssh x2gobroker-ssh/last-group-x2gobroker-users string x2gobroker-users