====== X2Go Session Broker Demo Environment Setup ======

===== Purpose of this document =====

This document takes you through the steps required to set up a simple X2Go Session Broker demo environment, consisting of a test client (x2goclient1.x2go.example.com) and the following servers:
  * ldap1.x2go.example.com - an LDAP server for centralized authentication
  * nfs1.x2go.example.com - an NFS server to have central home directories
  * pg1.x2go.example.com - a postgres server for the X2Go session database
  * x2gobroker1.x2go.example.com - an X2Go Broker Server, because that's what this demo is all about
  * x2goserver1.x2go.example.com - an X2Go Server, so the broker has a server it can direct clients to
  * x2goserver2.x2go.example.com - another X2Go Server, for loadbalancing

<note warning>

**DO NOT EVER USE THIS IN A PRODUCTION ENVIRONMENT!
YOU WILL HURT YOURSELF VERY BADLY IF YOU IGNORE THIS WARNING!**

These instructions violate almost every "best practice"/standard there is!

They are meant to get an X2Go Session Broker demo enviroment set up, fast. 

Nothing more, nothing less.

This setup has the following shortcomings:
  * Massive lack of security:
    * Unencrypted LDAP connections
    * All passwords - users, database admin, root, are set to the value "start"
    * SSH keyfile login is only enforced for the root account
  * No redundancy for critical components
    * Only a single LDAP server, no replication
    * Only a single NFS server
    * Only a single Postgres server
    * Only a single X2Go Session Broker server
    * No RAID1/RAID5/RAID6 setup for any system
  * No backup
  * No monitoring/alerting
  * No easy manageability/heavy abuse of LDAP:
    * LDAP settings are converted from local settings on the "ldap1" server
    * what ends up in LDAP this way is not something you want to work with in a production environment
    * it will be faster to set up a new LDAP server with the proper settings for your production environment than to base your server on this demo and trying to "clean up" afterwards
    * Also, no user-friendly tool to manage LDAP settings is installed by default.
</note>
===== Setting up the systems =====
  * These installations use the Debian preseed mechanism.
    * Thus, obviously, you will require a Debian ISO image.
    * We used the [[http://cdimage.debian.org/debian-cd/current/i386/iso-cd/debian-8.7.1-i386-netinst.iso|Debian 8.7.1, i386, netinst iso image]] - however, any [[https://cdimage.debian.org/mirror/cdimage/archive/|Debian 8.x iso image]] of the i386 or amd64 variety should do.
    * Preseed files can be included into a custom iso image, but for beginners, this may seem rather complicated - That's why we suggest using a web server to store them instead.
    * If you don't have Apache/Lighttpd, or any other web server installed, you can spawn a temporary one using python (you need to be root to run it on the default "web" port 80):<code>cd /directory/where/you/keep/the/preseed_files && python -m SimpleHTTPServer 80</code>
  * Please review the content of each preseed-file. You will have to change the IP addresses, for example.
  * If you have control over your DHCP server, we strongly suggest assigning fixed IPs to the MAC addresses of the machines you use - however, if you can't do that:
    * change each preseed file from DHCP to static IPs
    * edit the list in preseed_ldap1 so names and IPs match again
  * You should set up the systems in the order that they are listed here.
  * Each system will power down once the installation is complete. **DO NOT** power any one of them up until ALL of them are completely installed and shut down!
  * Once installed, power them up in exactly the same sequence - and **WAIT** until bootup is complete before powering up the next!

==== Preseeding - Manual Steps ====
These are the steps you have to perform manually:
  * {{:doc:howto:ldap1-1.png?200|}} Boot the ISO. It will beep at you, and the option "Install" will be highlighted.
  * {{:doc:howto:ldap1-2.png?200|}} Hit the TAB key (the key to the left <- of the "Q" key on most keyboards), and enter <code> auto url=http://your-web-server/preseed_namegoeshere hostname=namegoeshere domain=x2go.example.com</code> behind the part that says <code>--- quiet</code>
  * You can either choose to confirm this by pressing the ENTER key, or add further options as listed in each preseed file's comment header.
  * If you choose not to add further options, a few questions will be asked interactively, namely, the ones you can see in these screenshots:

{{:doc:howto:ldap1-3.png?200|}} {{:doc:howto:ldap1-4.png?200|}} {{:doc:howto:ldap1-5.png?200|}} {{:doc:howto:ldap1-6.png?200|}} {{:doc:howto:ldap1-7.png?200|}} {{:doc:howto:ldap1-8.png?200|}}

<note tip>Each entry below contains a hint regarding the minimum requirements for the individual system. If you're using virtual machines, and are low on disk space, feel free to assign sparse files/growing disk images. The systems don't really need that much space right away, but if you assign smaller sizes, the installer might become confused and partition the virtual disk in unexpected ways.</note>
<note tip>If you click on the name of a preseed file, like "preseed_ldap1" below, you will be offered to download it - that's easier than copy-pasting each file.</note>
==== ldap1.x2go.example.com ====
  * Minimum RAM required: 256MB
  * Minimum disk space required: 4 GB
  * Also required: any supported eth0 network interface

<file - preseed_ldap1>
# There are two sets of parameters you can use as the append line:
# The minimum required is:
# hostname=ldap1 domain=x2go.example.com
# url=http://192.168.0.224/preseed_ldap1
# (all in one line, and without the leading "#" marks)
# If you only use these, you will have to answer a few questions
# - mainly regarding country, keyboard and locale - interactively.
# For a fully automated installation, add these parameters 
# *in addition to the ones listed above*
# (again, all in one line, and without the leading "#" marks):
# priority=critical netcfg/use_dhcp=true netcfg/choose_interface=eth0 
# debian-installer/locale=de_DE keymap=de-latin1
# debian-installer/locale=de_DE.UTF-8 DEBCONF_DEBUG=5

# We prefer to stay anonymous ;-)
popularity-contest popularity-contest/participate boolean false

# Load non-free firmware, if possible
d-i hw-detect/load_firmware boolean true

# Repository
# CHANGE THIS to your nearest mirror
d-i     mirror/http/hostname    string ftp.de.debian.org
d-i     mirror/http/directory   string /debian/
d-i     mirror/suite            string jessie

# Post install APT setup
d-i     apt-setup/uri_type      select d-i
# CHANGE THIS to your nearest mirror
d-i     apt-setup/hostname      string ftp.de.debian.org
d-i     apt-setup/directory     string /debian/
d-i     apt-setup/another       boolean false
d-i     apt-setup/security-updates      boolean true
d-i     finish-install/reboot_in_progress note
d-i     prebaseconfig/reboot_in_progress        note

d-i     apt-setup/non-free 	boolean true
d-i     apt-setup/contrib 	boolean true

# Network-related settings
# Every hostname and domain name assigned via DHCP  
# takes priority over these values 
# however, if they are left empty, the installer will query them interactively 
d-i     netcfg/get_hostname     string  ldap1
d-i     netcfg/get_domain       string  x2go.example.com
d-i     netcfg/disable_dhcp     boolean false
d-i     mirror/http/proxy      string
d-i     netcfg/choose_interface select eth0
d-i     netcfg/wireless_wep     string

# Partitioning and Bootloader settings
d-i     partman-auto/disk               string /dev/sda
d-i     partman-auto/method             string regular

# Do not use UUIDs in fstab (and not in bootloader config, either)
d-i partman/mount_style string traditional

# This silences an interactive "are you sure?" query
d-i	partman/confirm	boolean	true
d-i     partman-partitioning/confirm_write_new_label boolean true
d-i     partman/choose_partition select finish
d-i     partman/confirm_nooverwrite boolean true
d-i     partman-lvm/device_remove_lvm boolean true
d-i     partman-lvm/confirm boolean true
d-i     partman-md/device_remove_md boolean true
d-i     partman-md/confirm boolean true

d-i partman-auto/choose_recipe select atomic
#d-i partman-auto/choose_recipe select home
#d-i partman-auto/choose_recipe select multi

d-i debian-installer/add-kernel-opts string nomodeset gfxpayload=vga=normal

d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean true
d-i grub-installer/bootdev  string /dev/sda

# Country, keyboard, locale settings - CHANGE THIS
d-i 	debian-installer/locale string de_DE
d-i     debian-installer/keymap select de-latin1
d-i     debian-installer/keymap string de-latin1

d-i     languagechooser/language-name-fb    select German
d-i     countrychooser/country-name select Germany
d-i     console-setup/layoutcode string de_DE
d-i     debian-installer/locale             select de_DE.UTF-8

# Time zone settings - CHANGE THIS
d-i     tzconfig/gmt            boolean false
d-i     tzconfig/choose_country_zone/Europe select Berlin
d-i     tzconfig/choose_country_zone_single boolean true
d-i	time/zone	select	Europe/Berlin
d-i	clock-setup/utc	boolean	true
d-i	mirror/country	string	manual
d-i     clock-setup/ntp boolean false

# Root Account
# this says "start" in MD5 - CHANGE THIS
d-i	passwd/root-password-crypted    passwd    $1$ekONVtC5$rTbjMaMA6cqFpbWu7UXWN.

# Do not create a regular user account when installing a server
d-i passwd/make-user boolean false
#d-i	passwd/user-fullname            string Local User
#d-i	passwd/username                 string localuser
#d-i	passwd/user-password-crypted    passwd $1$ekONVtC5$rTbjMaMA6cqFpbWu7UXWN.

# Task and Package Selection
tasksel	tasksel/first	multiselect	ssh-server
d-i	pkgsel/include	string		ssh \
console-setup \
debconf-i18n \
dnsmasq \
dnsmasq-base \
ldap-utils \
libnss-ldapd \
libpam-ldapd \
mc \
migrationtools \
nslcd \
ntp \
rsync \
screen \
slapd \
sysvinit-core \
sysvinit-utils \
unattended-upgrades \
vim

# Commands to be executed after package installation
# Note: The only way to insert comments below is to add an "echo COMMENT"
d-i preseed/late_command string echo "COMMENT: Begin Post-Install Setup/Config" ;\
 echo "COMMENT: Configure SSH" ;\
 mkdir -p /target/root/.ssh ; \
 chmod 700 /target/root/.ssh ;\
 touch /target/root/.ssh/authorized_keys ; \
 chmod 600 /target/root/.ssh/authorized_keys ;\
 sed -i '/^PermitRootLogin/c PermitRootLogin without-password' /target/etc/ssh/sshd_config ;\
 echo "COMMENT: Insert your own SSH public key here" ;\
 echo "COMMENT: User echo -n as shown so multiline echo doesn't add Newlines when appending" ;\
 echo -n 'ssh-rsa AAAAB3blahblahblah' >>/target/root/.ssh/authorized_keys ;\
 echo -n 'blahblahblahOQ== SSH Key Comment here' >>/target/root/.ssh/authorized_keys ;\
 echo "COMMENT: Fixing shortcomings of netcfg here..." ;\
 sed -i "s/$(cat /etc/hostname)/ldap1/" /target/etc/hosts ;\
 echo "ldap1" >/target/etc/hostname ;\
 echo "COMMENT: Fix ends here." ;\
 echo "COMMENT: This is said to be required for LDAP UID/GID sync." ;\
 sed -i '/^NEED_IMAPD/cNEED_IMAPD=yes' /target/etc/default/nfs-common ;\
 echo "COMMENT: These are our IP-FQDN-Hostname mappings that will be picked up by dnsmasq" ;\
 echo -e '192.168.154.146\tldap1.x2go.example.com\tldap1'>> /target/etc/hosts ;\
 echo -e '192.168.154.147\tnfs1.x2go.example.com\tnfs1'>> /target/etc/hosts ;\
 echo -e '192.168.154.148\tx2gobroker1.x2go.example.com\tx2gobroker1'>> /target/etc/hosts ;\
 echo -e '192.168.154.149\tx2goserver1.x2go.example.com\tx2goserver1'>> /target/etc/hosts ;\
 echo -e '192.168.154.150\tx2goserver2.x2go.example.com\tx2goserver2'>> /target/etc/hosts ;\
 echo -e '192.168.154.151\tpg1.x2go.example.com\tpg1'>> /target/etc/hosts ;\
 echo "COMMENT: This fixes some annoyances regarding UTF-8 and MidnightCommander" ;\
 echo "export LANG=de_DE.UTF-8" >>/target/etc/bash.bashrc ;\
 echo "export NCURSES_NO_UTF8_ACS=1" >>/target/etc/bash.bashrc ;\
 echo "COMMENT: This is for homedir autocreation." ;\
 echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\
 echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\
 echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\
 echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\
 echo "COMMENT: This makes sure error messages during bootup remain on screen." ;\
 sed -i -e '/^1/ s/getty/getty --noclear/' /target/etc/inittab ;\
 echo "COMMENT: This removes the cdrom entry from sources list (left behind by installer)" ;\
 sed -i '/^#* *deb cdrom/d' /target/etc/apt/sources.list ;\
 echo "COMMENT: This patches rc.local so the following set of commands is run" ;\
 echo "COMMENT: exactly *once* - at the first boot after installation." ;\
 echo "COMMENT: First, remove the 'exit 0'" ;\
 sed -i '/^exit 0/d' /target/etc/rc.local ;\
 echo "COMMENT: This automagically injects all local users, groups, etc. into LDAP" ;\
 echo "COMMENT: Yes, this is a mess, ugly, a dirty hack, etc - but remember, this isn't" ;\
 echo "COMMENT: about maintainability - it is to get a small, simple, static LDAP setup up" ;\
 echo "COMMENT: and running so you don't have to bother with LDAP when all you want to do is" ;\
 echo "COMMENT: test-drive the broker setup." ;\
 echo '(cd /usr/share/migrationtools && LDAP_BASEDN="dc=x2go,dc=example,dc=com" LDAPHOST="ldap1" LDAP_BINDDN="cn=admin,dc=x2go,dc=example,dc=com" LDAP_BINDCRED="start" LDAP_PROFILE="no" LDAPADD="/usr/bin/ldapadd -c" ETC_ALIASES=/dev/null ./migrate_all_online.sh || true)' >>/target/etc/rc.local ;\
 echo "COMMENT: This is the cleanup job for the LDAP migration, so it doesn't run more than once." ;\
 echo 'sed -i -e "/LDAP/d" /etc/rc.local' >>/target/etc/rc.local ;\
 echo "COMMENT: This is so /bin/sh points to /bin/bash instead of /bin/dash" ;\
 echo "COMMENT: As the standard shell of our LDAP users is set to /bin/sh." ;\
 echo 'dpkg-reconfigure -pcritical dash' >>/target/etc/rc.local ;\
 echo "COMMENT: This is the cleanup job for the dpkg-reconfigure call, so it doesn't run more than once." ;\
 echo 'sed -i -e "/dpkg/d" /etc/rc.local' >>/target/etc/rc.local ;\
 echo "COMMENT: Finally, rc.local must terminate with 'exit 0' again." ;\
 echo 'exit 0' >>/target/etc/rc.local ;\
 echo "COMMENT: Now we set the default shell, create groups, create users, and add them to groups" ;\
 in-target useradd -D -s /bin/bash ;\
 in-target addgroup x2gobroker-users ;\
 in-target addgroup x2godesktopsharing ;\
 in-target addgroup x2gousers ;\
 in-target addgroup group-shadow ;\
 in-target addgroup group-a ;\
 in-target addgroup group-b ;\
 in-target useradd user1 -G users,x2gousers,x2gobroker-users,group-shadow ;\
 in-target useradd user2 -G users,x2gousers,x2gobroker-users,group-a ;\
 in-target useradd user3 -G users,x2gousers,x2gobroker-users,group-a ;\
 in-target useradd user4 -G users,x2gousers,x2gobroker-users,group-b ;\
 in-target useradd user5 -G users,x2gousers,x2gobroker-users,group-b ;\
 echo "COMMENT: Users will need passwords to log in, so we set them as well." ;\
 echo "user1:start" | chroot /target /usr/sbin/chpasswd ;\
 echo "user2:start" | chroot /target /usr/sbin/chpasswd ;\
 echo "user3:start" | chroot /target /usr/sbin/chpasswd ;\
 echo "user4:start" | chroot /target /usr/sbin/chpasswd ;\
 echo "user5:start" | chroot /target /usr/sbin/chpasswd ;\
 echo "COMMENT: Finally, take out the trash (yes, this includes systemd)" ;\
 in-target apt-get purge -y systemd systemd-shim ;\
 in-target apt-get autoremove --purge -y ;\
 in-target apt-get clean ;\
 echo "End Post-Install Setup/Config"

# Shut down and power off after installation
d-i debian-installer/exit/poweroff boolean true

# preseed key-value pairs for the packages we intend to install
dash	dash/sh	boolean	false
exim4-config exim4/no_config boolean true
libnss-ldapd	libnss-ldapd/nsswitch	multiselect	group, hosts, netgroup, passwd, shadow
libnss-ldapd	libnss-ldapd/clean_nsswitch	boolean	false
libpam-runtime  libpam-runtime/profiles multiselect     unix, ldap
mdadm   mdadm/autostart boolean false
mdadm   mdadm/mail_to   string  root
mdadm   mdadm/initrdstart       string  all
mdadm   mdadm/initrdstart_notinconf     boolean true
mdadm   mdadm/autocheck boolean true
mdadm   mdadm/start_daemon      boolean true
nslcd   nslcd/ldap-bindpw       password
nslcd   nslcd/ldap-sasl-secprops        string
nslcd   nslcd/ldap-sasl-krb5-ccname     string  /var/run/nslcd/nslcd.tkt
nslcd   nslcd/ldap-sasl-authcid string
nslcd   nslcd/ldap-binddn       string
nslcd   nslcd/ldap-cacertfile   string  /etc/ssl/certs/ca-certificates.crt
nslcd   nslcd/ldap-sasl-authzid string
nslcd   nslcd/ldap-uris string  ldap://ldap1.x2go.example.com/
nslcd   nslcd/ldap-sasl-mech    select
nslcd   nslcd/ldap-auth-type    select  none
nslcd   nslcd/ldap-base string  dc=x2go,dc=example,dc=com
nslcd   nslcd/ldap-sasl-realm   string
nslcd   nslcd/ldap-reqcert      select
nslcd   nslcd/ldap-starttls     boolean false
slapd	slapd/password1	password	start
slapd	slapd/internal/generated_adminpw	password	start
slapd	slapd/password2	password	start
slapd	slapd/internal/adminpw	password	start
slapd	slapd/purge_database	boolean	false
slapd	slapd/invalid_config	boolean	true
slapd	slapd/password_mismatch	note	
slapd	slapd/domain	string	x2go.example.com
#slapd	slapd/upgrade_slapcat_failure	error	
slapd	slapd/unsafe_selfwrite_acl	note	
slapd	slapd/dump_database	select	when needed
slapd	shared/organization	string	X2Go LDAP Example Environment
slapd	slapd/backend	select	MDB
slapd	slapd/no_configuration	boolean	false
slapd	slapd/allow_ldap_v2	boolean	false
slapd	slapd/dump_database_destdir	string	/var/backups/slapd-VERSION
slapd	slapd/move_old_database	boolean	true

</file>

==== nfs1.x2go.example.com ====
  * Minimum RAM required: 256MB
  * Minimum disk space required: 20 GB
  * Also required: any supported eth0 network interface

<file - preseed_nfs1>
# There are two sets of parameters you can use as the append line:
# The minimum required is:
# hostname=nfs1 domain=x2go.example.com
# url=http://192.168.0.224/preseed_nfs1
# (all in one line, and without the leading "#" marks)
# If you only use these, you will have to answer a few questions
# - mainly regarding country, keyboard and locale - interactively.
# For a fully automated installation, add these parameters 
# *in addition to the ones listed above*
# (again, all in one line, and without the leading "#" marks):
# priority=critical netcfg/use_dhcp=true netcfg/choose_interface=eth0 
# debian-installer/locale=de_DE keymap=de-latin1
# debian-installer/locale=de_DE.UTF-8 DEBCONF_DEBUG=5

# We prefer to stay anonymous ;-)
popularity-contest popularity-contest/participate boolean false

# Load non-free firmware, if possible
d-i hw-detect/load_firmware boolean true

# Repository
# CHANGE THIS to your nearest mirror
d-i     mirror/http/hostname    string ftp.de.debian.org
d-i     mirror/http/directory   string /debian/
d-i     mirror/suite            string jessie

# Post install APT setup
d-i     apt-setup/uri_type      select d-i
# CHANGE THIS to your nearest mirror
d-i     apt-setup/hostname      string ftp.de.debian.org
d-i     apt-setup/directory     string /debian/
d-i     apt-setup/another       boolean false
d-i     apt-setup/security-updates      boolean true
d-i     finish-install/reboot_in_progress note
d-i     prebaseconfig/reboot_in_progress        note

d-i     apt-setup/non-free 	boolean true
d-i     apt-setup/contrib 	boolean true

# Network-related settings
# Every hostname and domain name assigned via DHCP  
# takes priority over these values 
# however, if they are left empty, the installer will query them interactively 
d-i     netcfg/get_hostname     string  nfs1
d-i     netcfg/get_domain       string  x2go.example.com
d-i     netcfg/disable_dhcp     boolean false
d-i     mirror/http/proxy      string
d-i     netcfg/choose_interface select eth0
d-i     netcfg/wireless_wep     string

# Partitioning and Bootloader settings
d-i     partman-auto/disk               string /dev/sda
d-i     partman-auto/method             string regular

# Do not use UUIDs in fstab (and not in bootloader config, either)
d-i partman/mount_style string traditional

# This silences an interactive "are you sure?" query
d-i	partman/confirm	boolean	true
d-i     partman-partitioning/confirm_write_new_label boolean true
d-i     partman/choose_partition select finish
d-i     partman/confirm_nooverwrite boolean true
d-i     partman-lvm/device_remove_lvm boolean true
d-i     partman-lvm/confirm boolean true
d-i     partman-md/device_remove_md boolean true
d-i     partman-md/confirm boolean true

#d-i partman-auto/choose_recipe select atomic
d-i partman-auto/choose_recipe select home
#d-i partman-auto/choose_recipe select multi

d-i debian-installer/add-kernel-opts string nomodeset gfxpayload=vga=normal

d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean true
d-i grub-installer/bootdev  string /dev/sda

# Country, keyboard, locale settings - CHANGE THIS
d-i 	debian-installer/locale string de_DE
d-i     debian-installer/keymap select de-latin1
d-i     debian-installer/keymap string de-latin1

d-i     languagechooser/language-name-fb    select German
d-i     countrychooser/country-name select Germany
d-i     console-setup/layoutcode string de_DE
d-i     debian-installer/locale             select de_DE.UTF-8

# Time zone settings - CHANGE THIS
d-i     tzconfig/gmt            boolean false
d-i     tzconfig/choose_country_zone/Europe select Berlin
d-i     tzconfig/choose_country_zone_single boolean true
d-i	time/zone	select	Europe/Berlin
d-i	clock-setup/utc	boolean	true
d-i	mirror/country	string	manual
d-i     clock-setup/ntp boolean false

# Root Account
# this says "start" in MD5 - CHANGE THIS
d-i	passwd/root-password-crypted    passwd    $1$ekONVtC5$rTbjMaMA6cqFpbWu7UXWN.

# Do not create a regular user account when installing a server
d-i passwd/make-user boolean false
#d-i	passwd/user-fullname            string Local User
#d-i	passwd/username                 string localuser
#d-i	passwd/user-password-crypted    passwd $1$ekONVtC5$rTbjMaMA6cqFpbWu7UXWN.

# Task and Package Selection
tasksel	tasksel/first	multiselect	ssh-server
d-i	pkgsel/include	string		ssh \
console-setup \
debconf-i18n \
ldap-utils \
libnfsidmap2 \
libnss-ldapd \
libpam-ldapd \
mc \
nfs-common \
nfs-kernel-server \
nslcd \
ntp \
rsync \
screen \
sysvinit-core \
sysvinit-utils \
unattended-upgrades \
vim

# Commands to be executed after package installation
# Note: The only way to insert comments below is to add an "echo COMMENT"
d-i preseed/late_command string echo "COMMENT: Begin Post-Install Setup/Config" ;\
 echo "COMMENT: Configure SSH" ;\
 mkdir -p /target/root/.ssh ; \
 chmod 700 /target/root/.ssh ;\
 touch /target/root/.ssh/authorized_keys ; \
 chmod 600 /target/root/.ssh/authorized_keys ;\
 sed -i '/^PermitRootLogin/c PermitRootLogin without-password' /target/etc/ssh/sshd_config ;\
 echo "COMMENT: Insert your own SSH public key here" ;\
 echo "COMMENT: User echo -n as shown so multiline echo doesn't add Newlines when appending" ;\
 echo -n 'ssh-rsa AAAAB3blahblahblah' >>/target/root/.ssh/authorized_keys ;\
 echo -n 'blahblahblahOQ== SSH Key Comment here' >>/target/root/.ssh/authorized_keys ;\
 echo "COMMENT: Fixing shortcomings of netcfg here..." ;\
 sed -i "s/$(cat /etc/hostname)/nfs1/" /target/etc/hosts ;\
 echo "nfs1" >/target/etc/hostname ;\
 echo "COMMENT: Fix ends here." ;\
 echo "COMMENT: This is said to be required for LDAP UID/GID sync." ;\
 sed -i '/^NEED_IMAPD/cNEED_IMAPD=yes' /target/etc/default/nfs-common ;\
 echo "COMMENT: This fixes some annoyances regarding UTF-8 and MidnightCommander" ;\
 echo "export LANG=de_DE.UTF-8" >>/target/etc/bash.bashrc ;\
 echo "export NCURSES_NO_UTF8_ACS=1" >>/target/etc/bash.bashrc ;\
 echo "COMMENT: This is for homedir autocreation." ;\
 echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\
 echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\
 echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\
 echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\
 echo "COMMENT: This makes sure error messages during bootup remain on screen." ;\
 sed -i -e '/^1/ s/getty/getty --noclear/' /target/etc/inittab ;\
 echo "COMMENT: This is so the nfsd will export /home" ;\
 mkdir -p /target/export/home ;\
 echo -e '/home\t/export/home\tnone\tbind\t0\t0' >>/target/etc/fstab ;\
 echo -e '/export/home\t192.168.0.0/16(rw,sync,no_subtree_check,no_root_squash)' >>/target/etc/exports ;\
 echo "COMMENT: This is so dnsmasq on ldap1 is queried for DNS first" ;\
 sed 's/#prepend domain-name-servers 127.0.0.1;/prepend domain-name-servers 192.168.154.146;/' -i /target/etc/dhcp/dhclient.conf ;\
 echo "COMMENT: This removes the cdrom entry from sources list (left behind by installer)" ;\
 sed -i '/^#* *deb cdrom/d' /target/etc/apt/sources.list ;\
 echo "COMMENT: This patches rc.local so the following set of commands is run" ;\
 echo "COMMENT: exactly *once* - at the first boot after installation." ;\
 echo "COMMENT: First, remove the 'exit 0'" ;\
 sed -i '/^exit 0/d' /target/etc/rc.local ;\
 echo "COMMENT: This is so /bin/sh points to /bin/bash instead of /bin/dash" ;\
 echo "COMMENT: As the standard shell of our LDAP users is set to /bin/sh." ;\
 echo 'dpkg-reconfigure -pcritical dash' >>/target/etc/rc.local ;\
 echo "COMMENT: This is the cleanup job for the dpkg-reconfigure call, so it doesn't run more than once." ;\
 echo 'sed -i -e "/dpkg/d" /etc/rc.local' >>/target/etc/rc.local ;\
 echo "COMMENT: Finally, rc.local must terminate with 'exit 0' again." ;\
 echo 'exit 0' >>/target/etc/rc.local ;\
 echo "COMMENT: Finally, take out the trash (yes, this includes systemd)" ;\
 in-target apt-get purge -y systemd systemd-shim ;\
 in-target apt-get autoremove --purge -y ;\
 in-target apt-get clean ;\
 echo "End Post-Install Setup/Config"

# Shut down and power off after installation
d-i debian-installer/exit/poweroff boolean true

# preseed key-value pairs for the packages we intend to install
dash	dash/sh	boolean	false
exim4-config exim4/no_config boolean true
libnss-ldapd	libnss-ldapd/nsswitch	multiselect	passwd, shadow, group, hosts, services, networks, protocols, rpc, ethers, netgroup
libnss-ldapd	libnss-ldapd/clean_nsswitch	boolean	false
libpam-runtime  libpam-runtime/profiles multiselect     unix, ldap
mdadm   mdadm/autostart boolean false
mdadm   mdadm/mail_to   string  root
mdadm   mdadm/initrdstart       string  all
mdadm   mdadm/initrdstart_notinconf     boolean true
mdadm   mdadm/autocheck boolean true
mdadm   mdadm/start_daemon      boolean true
nslcd   nslcd/ldap-bindpw       password
nslcd   nslcd/ldap-sasl-secprops        string
nslcd   nslcd/ldap-sasl-krb5-ccname     string  /var/run/nslcd/nslcd.tkt
nslcd   nslcd/ldap-sasl-authcid string
nslcd   nslcd/ldap-binddn       string
nslcd   nslcd/ldap-cacertfile   string  /etc/ssl/certs/ca-certificates.crt
nslcd   nslcd/ldap-sasl-authzid string
nslcd   nslcd/ldap-uris string  ldap://ldap1.x2go.example.com/
nslcd   nslcd/ldap-sasl-mech    select
nslcd   nslcd/ldap-auth-type    select  none
nslcd   nslcd/ldap-base string  dc=x2go,dc=example,dc=com
nslcd   nslcd/ldap-sasl-realm   string
nslcd   nslcd/ldap-reqcert      select
nslcd   nslcd/ldap-starttls     boolean false
</file>

==== pg1.x2go.example.com ====
  * Minimum RAM required: 256MB
  * Minimum disk space required: 20 GB
  * Also required: any supported eth0 network interface

<file - preseed_pg1>
# There are two sets of parameters you can use as the append line:
# The minimum required is:
# hostname=pg1 domain=x2go.example.com
# url=http://192.168.0.224/preseed_pg1
# (all in one line, and without the leading "#" marks)
# If you only use these, you will have to answer a few questions
# - mainly regarding country, keyboard and locale - interactively.
# For a fully automated installation, add these parameters 
# *in addition to the ones listed above*
# (again, all in one line, and without the leading "#" marks):
# priority=critical netcfg/use_dhcp=true netcfg/choose_interface=eth0 
# debian-installer/locale=de_DE keymap=de-latin1
# debian-installer/locale=de_DE.UTF-8 DEBCONF_DEBUG=5

# We prefer to stay anonymous ;-)
popularity-contest popularity-contest/participate boolean false

# Load non-free firmware, if possible
d-i hw-detect/load_firmware boolean true

# Repository
# CHANGE THIS to your nearest mirror
d-i     mirror/http/hostname    string ftp.de.debian.org
d-i     mirror/http/directory   string /debian/
d-i     mirror/suite            string jessie

# Post install APT setup
d-i     apt-setup/uri_type      select d-i
# CHANGE THIS to your nearest mirror
d-i     apt-setup/hostname      string ftp.de.debian.org
d-i     apt-setup/directory     string /debian/
d-i     apt-setup/another       boolean false
d-i     apt-setup/security-updates      boolean true
d-i     finish-install/reboot_in_progress note
d-i     prebaseconfig/reboot_in_progress        note

d-i     apt-setup/non-free 	boolean true
d-i     apt-setup/contrib 	boolean true

# Network-related settings
# Every hostname and domain name assigned via DHCP  
# takes priority over these values 
# however, if they are left empty, the installer will query them interactively 
d-i     netcfg/get_hostname     string  pg1
d-i     netcfg/get_domain       string  x2go.example.com
d-i     netcfg/disable_dhcp     boolean false
d-i     mirror/http/proxy      string
d-i     netcfg/choose_interface select eth0
d-i     netcfg/wireless_wep     string

# Partitioning and Bootloader settings
d-i     partman-auto/disk               string /dev/sda
d-i     partman-auto/method             string regular

# Do not use UUIDs in fstab (and not in bootloader config, either)
d-i partman/mount_style string traditional

# This silences an interactive "are you sure?" query
d-i	partman/confirm	boolean	true
d-i     partman-partitioning/confirm_write_new_label boolean true
d-i     partman/choose_partition select finish
d-i     partman/confirm_nooverwrite boolean true
d-i     partman-lvm/device_remove_lvm boolean true
d-i     partman-lvm/confirm boolean true
d-i     partman-md/device_remove_md boolean true
d-i     partman-md/confirm boolean true

#d-i partman-auto/choose_recipe select atomic
#d-i partman-auto/choose_recipe select home
d-i partman-auto/choose_recipe select multi

d-i debian-installer/add-kernel-opts string nomodeset gfxpayload=vga=normal

d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean true
d-i grub-installer/bootdev  string /dev/sda

# Country, keyboard, locale settings - CHANGE THIS
d-i 	debian-installer/locale string de_DE
d-i     debian-installer/keymap select de-latin1
d-i     debian-installer/keymap string de-latin1

d-i     languagechooser/language-name-fb    select German
d-i     countrychooser/country-name select Germany
d-i     console-setup/layoutcode string de_DE
d-i     debian-installer/locale             select de_DE.UTF-8

# Time zone settings - CHANGE THIS
d-i     tzconfig/gmt            boolean false
d-i     tzconfig/choose_country_zone/Europe select Berlin
d-i     tzconfig/choose_country_zone_single boolean true
d-i	time/zone	select	Europe/Berlin
d-i	clock-setup/utc	boolean	true
d-i	mirror/country	string	manual
d-i     clock-setup/ntp boolean false

# Root Account
# this says "start" in MD5 - CHANGE THIS
d-i	passwd/root-password-crypted    passwd    $1$ekONVtC5$rTbjMaMA6cqFpbWu7UXWN.

# Do not create a regular user account when installing a server
d-i passwd/make-user boolean false
#d-i	passwd/user-fullname            string Local User
#d-i	passwd/username                 string localuser
#d-i	passwd/user-password-crypted    passwd $1$ekONVtC5$rTbjMaMA6cqFpbWu7UXWN.

# Task and Package Selection
tasksel	tasksel/first	multiselect	ssh-server
d-i	pkgsel/include	string		ssh \
console-setup \
debconf-i18n \
ldap-utils \
libnss-ldapd \
libpam-ldapd \
mc \
nslcd \
ntp \
postgresql \
rsync \
screen \
sysvinit-core \
sysvinit-utils \
unattended-upgrades \
vim

# Commands to be executed after package installation
# Note: The only way to insert comments below is to add an "echo COMMENT"
d-i preseed/late_command string echo "COMMENT: Begin Post-Install Setup/Config" ;\
 echo "COMMENT: Configure SSH" ;\
 mkdir -p /target/root/.ssh ; \
 chmod 700 /target/root/.ssh ;\
 touch /target/root/.ssh/authorized_keys ; \
 chmod 600 /target/root/.ssh/authorized_keys ;\
 sed -i '/^PermitRootLogin/c PermitRootLogin without-password' /target/etc/ssh/sshd_config ;\
 echo "COMMENT: Insert your own SSH public key here" ;\
 echo "COMMENT: User echo -n as shown so multiline echo doesn't add Newlines when appending" ;\
 echo -n 'ssh-rsa AAAAB3blahblahblah' >>/target/root/.ssh/authorized_keys ;\
 echo -n 'blahblahblahOQ== SSH Key Comment here' >>/target/root/.ssh/authorized_keys ;\
 echo "COMMENT: Fixing shortcomings of netcfg here..." ;\
 sed -i "s/$(cat /etc/hostname)/pg1/" /target/etc/hosts ;\
 echo "pg1" >/target/etc/hostname ;\
 echo "COMMENT: Fix ends here." ;\
 echo "COMMENT: This is said to be required for LDAP UID/GID sync." ;\
 sed -i '/^NEED_IMAPD/cNEED_IMAPD=yes' /target/etc/default/nfs-common ;\
 echo "COMMENT: This fixes some annoyances regarding UTF-8 and MidnightCommander" ;\
 echo "export LANG=de_DE.UTF-8" >>/target/etc/bash.bashrc ;\
 echo "export NCURSES_NO_UTF8_ACS=1" >>/target/etc/bash.bashrc ;\
 echo "COMMENT: This is for homedir autocreation." ;\
 echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\
 echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\
 echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\
 echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\
 echo "COMMENT: This makes sure error messages during bootup remain on screen." ;\
 sed -i -e '/^1/ s/getty/getty --noclear/' /target/etc/inittab ;\
 echo "COMMENT: This is so dnsmasq on ldap1 is queried for DNS first" ;\
 sed 's/#prepend domain-name-servers 127.0.0.1;/prepend domain-name-servers 192.168.154.146;/' -i /target/etc/dhcp/dhclient.conf ;\
 echo "COMMENT: This removes the cdrom entry from sources list (left behind by installer)" ;\
 sed -i '/^#* *deb cdrom/d' /target/etc/apt/sources.list ;\
 echo "COMMENT: This patches rc.local so the following set of commands is run" ;\
 echo "COMMENT: exactly *once* - at the first boot after installation." ;\
 echo "COMMENT: First, remove the 'exit 0'" ;\
 sed -i '/^exit 0/d' /target/etc/rc.local ;\
 echo "COMMENT: Set a password for the postgres admin user" ;\
 echo 'su postgres -c "psql -c \"alter user postgres encrypted password '\''start'\'';\"" || true' >>/target/etc/rc.local ;\
 echo "COMMENT: Tell postgres to listen for and accept connections from our network" ;\
 echo 'for pgconf in /etc/postgresql/*/main/pg_hba.conf ; do' >>/target/etc/rc.local ;\
 echo -e "sed -i -e \"/^port/ilisten_addresses='*'\" \$(dirname \$pgconf)/postgresql.conf #postgres" >>/target/etc/rc.local ;\
 echo -e "echo 'host\tall\tall\t192.168.0.0/16\tmd5' >>\$pgconf #postgres" >>/target/etc/rc.local ;\
 echo 'done #postgres' >>/target/etc/rc.local ;\
 echo "COMMENT: Restart postgresql service so changes take effect without requiring another reboot" ;\
 echo 'service postgresql restart ' >>/target/etc/rc.local ;\
 echo "COMMENT: This is the cleanup job for the postgres stuff, so it doesn't run more than once." ;\
 echo 'sed -i -e "/postgres/d" /etc/rc.local' >>/target/etc/rc.local ;\
 echo "COMMENT: This is so /bin/sh points to /bin/bash instead of /bin/dash" ;\
 echo "COMMENT: As the standard shell of our LDAP users is set to /bin/sh." ;\
 echo 'dpkg-reconfigure -pcritical dash' >>/target/etc/rc.local ;\
 echo "COMMENT: This is the cleanup job for the dpkg-reconfigure call, so it doesn't run more than once." ;\
 echo 'sed -i -e "/dpkg/d" /etc/rc.local' >>/target/etc/rc.local ;\
 echo "COMMENT: Finally, rc.local must terminate with 'exit 0' again." ;\
 echo 'exit 0' >>/target/etc/rc.local ;\
 echo "COMMENT: Finally, take out the trash (yes, this includes systemd)" ;\
 in-target apt-get purge -y systemd systemd-shim ;\
 in-target apt-get autoremove --purge -y ;\
 in-target apt-get clean ;\
 echo "End Post-Install Setup/Config"

# Shut down and power off after installation
d-i debian-installer/exit/poweroff boolean true

# preseed key-value pairs for the packages we intend to install
dash	dash/sh	boolean	false
exim4-config exim4/no_config boolean true
libnss-ldapd	libnss-ldapd/nsswitch	multiselect	passwd, shadow, group, hosts, services, networks, protocols, rpc, ethers, netgroup
libnss-ldapd	libnss-ldapd/clean_nsswitch	boolean	false
libpam-runtime  libpam-runtime/profiles multiselect     unix, ldap
mdadm   mdadm/autostart boolean false
mdadm   mdadm/mail_to   string  root
mdadm   mdadm/initrdstart       string  all
mdadm   mdadm/initrdstart_notinconf     boolean true
mdadm   mdadm/autocheck boolean true
mdadm   mdadm/start_daemon      boolean true
nslcd   nslcd/ldap-bindpw       password
nslcd   nslcd/ldap-sasl-secprops        string
nslcd   nslcd/ldap-sasl-krb5-ccname     string  /var/run/nslcd/nslcd.tkt
nslcd   nslcd/ldap-sasl-authcid string
nslcd   nslcd/ldap-binddn       string
nslcd   nslcd/ldap-cacertfile   string  /etc/ssl/certs/ca-certificates.crt
nslcd   nslcd/ldap-sasl-authzid string
nslcd   nslcd/ldap-uris string  ldap://ldap1.x2go.example.com/
nslcd   nslcd/ldap-sasl-mech    select
nslcd   nslcd/ldap-auth-type    select  none
nslcd   nslcd/ldap-base string  dc=x2go,dc=example,dc=com
nslcd   nslcd/ldap-sasl-realm   string
nslcd   nslcd/ldap-reqcert      select
nslcd   nslcd/ldap-starttls     boolean false
</file>

==== x2gobroker1.x2go.example.com ====
  * Minimum RAM required: 256MB
  * Minimum disk space required: 4 GB
  * Also required: any supported eth0 network interface

<file - preseed_x2gobroker1>
# There are two sets of parameters you can use as the append line:
# The minimum required is:
# hostname=x2gobroker1 domain=x2go.example.com
# url=http://192.168.0.224/preseed_x2gobroker1
# (all in one line, and without the leading "#" marks)
# If you only use these, you will have to answer a few questions
# - mainly regarding country, keyboard and locale - interactively.
# For a fully automated installation, add these parameters 
# *in addition to the ones listed above*
# (again, all in one line, and without the leading "#" marks):
# priority=critical netcfg/use_dhcp=true netcfg/choose_interface=eth0 
# debian-installer/locale=de_DE keymap=de-latin1
# debian-installer/locale=de_DE.UTF-8 DEBCONF_DEBUG=5

# We prefer to stay anonymous ;-)
popularity-contest popularity-contest/participate boolean false

# Load non-free firmware, if possible
d-i hw-detect/load_firmware boolean true

# Repository
# CHANGE THIS to your nearest mirror
d-i     mirror/http/hostname    string ftp.de.debian.org
d-i     mirror/http/directory   string /debian/
d-i     mirror/suite            string jessie

# Post install APT setup
d-i     apt-setup/uri_type      select d-i
# CHANGE THIS to your nearest mirror
d-i     apt-setup/hostname      string ftp.de.debian.org
d-i     apt-setup/directory     string /debian/
d-i     apt-setup/another       boolean false
d-i     apt-setup/security-updates      boolean true
d-i     finish-install/reboot_in_progress note
d-i     prebaseconfig/reboot_in_progress        note

d-i     apt-setup/non-free 	boolean true
d-i     apt-setup/contrib 	boolean true

# Network-related settings
# Every hostname and domain name assigned via DHCP  
# takes priority over these values 
# however, if they are left empty, the installer will query them interactively 
d-i     netcfg/get_hostname     string  x2gobroker1
d-i     netcfg/get_domain       string  x2go.example.com
d-i     netcfg/disable_dhcp     boolean false
d-i     mirror/http/proxy      string
d-i     netcfg/choose_interface select eth0
d-i     netcfg/wireless_wep     string

# Partitioning and Bootloader settings
d-i     partman-auto/disk               string /dev/sda
d-i     partman-auto/method             string regular

# Do not use UUIDs in fstab (and not in bootloader config, either)
d-i partman/mount_style string traditional

# This silences an interactive "are you sure?" query
d-i	partman/confirm	boolean	true
d-i     partman-partitioning/confirm_write_new_label boolean true
d-i     partman/choose_partition select finish
d-i     partman/confirm_nooverwrite boolean true
d-i     partman-lvm/device_remove_lvm boolean true
d-i     partman-lvm/confirm boolean true
d-i     partman-md/device_remove_md boolean true
d-i     partman-md/confirm boolean true

d-i partman-auto/choose_recipe select atomic
#d-i partman-auto/choose_recipe select home
#d-i partman-auto/choose_recipe select multi

d-i debian-installer/add-kernel-opts string nomodeset gfxpayload=vga=normal

d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean true
d-i grub-installer/bootdev  string /dev/sda

# Country, keyboard, locale settings - CHANGE THIS
d-i 	debian-installer/locale string de_DE
d-i     debian-installer/keymap select de-latin1
d-i     debian-installer/keymap string de-latin1

d-i     languagechooser/language-name-fb    select German
d-i     countrychooser/country-name select Germany
d-i     console-setup/layoutcode string de_DE
d-i     debian-installer/locale             select de_DE.UTF-8

# Time zone settings - CHANGE THIS
d-i     tzconfig/gmt            boolean false
d-i     tzconfig/choose_country_zone/Europe select Berlin
d-i     tzconfig/choose_country_zone_single boolean true
d-i	time/zone	select	Europe/Berlin
d-i	clock-setup/utc	boolean	true
d-i	mirror/country	string	manual
d-i     clock-setup/ntp boolean false

# Root Account
# this says "start" in MD5 - CHANGE THIS
d-i	passwd/root-password-crypted    passwd    $1$ekONVtC5$rTbjMaMA6cqFpbWu7UXWN.

# Do not create a regular user account when installing a server
d-i passwd/make-user boolean false
#d-i	passwd/user-fullname            string Local User
#d-i	passwd/username                 string localuser
#d-i	passwd/user-password-crypted    passwd $1$ekONVtC5$rTbjMaMA6cqFpbWu7UXWN.


# Additional repositories, local[0-9] available
# this is where we add the X2Go repo
d-i apt-setup/local0/repository string \
       http://packages.x2go.org/debian jessie main
d-i apt-setup/local0/comment string X2Go Repository

# URL to the public key of the local repository; you must provide a key or
# apt will complain about the unauthenticated repository and so the
# sources.list line will be left commented out

# When this key doesn't work any more, switch entries
#d-i apt-setup/local0/key string http://packages.x2go.org/pub.key
d-i apt-setup/local0/key string http://packages.x2go.org/debian-old-pub.key

# Task and Package Selection
tasksel	tasksel/first	multiselect	ssh-server
d-i	pkgsel/include	string		ssh \
console-setup \
debconf-i18n \
ldap-utils \
libnss-ldapd \
libpam-ldapd \
mc \
nslcd \
ntp \
postgresql-client-9.4 \
postgresql-client-common \
rsync \
screen \
sysvinit-core \
sysvinit-utils \
unattended-upgrades \
vim \
x2go-keyring \
x2gobroker \
x2gobroker-agent \
x2gobroker-authservice \
x2gobroker-daemon \
x2gobroker-loadchecker \
x2gobroker-ssh

# Commands to be executed after package installation
# Note: The only way to insert comments below is to add an "echo COMMENT"
d-i preseed/late_command string echo "COMMENT: Begin Post-Install Setup/Config" ;\
 echo "COMMENT: Configure SSH" ;\
 mkdir -p /target/root/.ssh ; \
 chmod 700 /target/root/.ssh ;\
 touch /target/root/.ssh/authorized_keys ; \
 chmod 600 /target/root/.ssh/authorized_keys ;\
 sed -i '/^PermitRootLogin/c PermitRootLogin without-password' /target/etc/ssh/sshd_config ;\
 echo "COMMENT: Insert your own SSH public key here" ;\
 echo "COMMENT: User echo -n as shown so multiline echo doesn't add Newlines when appending" ;\
 echo -n 'ssh-rsa AAAAB3blahblahblah' >>/target/root/.ssh/authorized_keys ;\
 echo -n 'blahblahblahOQ== SSH Key Comment here' >>/target/root/.ssh/authorized_keys ;\
 echo "COMMENT: Fixing shortcomings of netcfg here..." ;\
 sed -i "s/$(cat /etc/hostname)/x2gobroker1/" /target/etc/hosts ;\
 echo "x2gobroker1" >/target/etc/hostname ;\
 echo "COMMENT: Fix ends here." ;\
 echo "COMMENT: This is said to be required for LDAP UID/GID sync." ;\
 sed -i '/^NEED_IMAPD/cNEED_IMAPD=yes' /target/etc/default/nfs-common ;\
 echo "COMMENT: This fixes some annoyances regarding UTF-8 and MidnightCommander" ;\
 echo "export LANG=de_DE.UTF-8" >>/target/etc/bash.bashrc ;\
 echo "export NCURSES_NO_UTF8_ACS=1" >>/target/etc/bash.bashrc ;\
 echo "COMMENT: This is for homedir autocreation." ;\
 echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\
 echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\
 echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\
 echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\
 echo "COMMENT: This makes sure error messages during bootup remain on screen." ;\
 sed -i -e '/^1/ s/getty/getty --noclear/' /target/etc/inittab ;\
 echo "COMMENT: This is so /home gets mounted from nfs1" ;\
 echo -e 'nfs1:/export/home\t/home\tnfs\tsoft,intr,rsize=8192,wsize=8192\t0\t0' >>/target/etc/fstab ;\
 echo "COMMENT: This is so dnsmasq on ldap1 is queried for DNS first" ;\
 sed 's/#prepend domain-name-servers 127.0.0.1;/prepend domain-name-servers 192.168.154.146;/' -i /target/etc/dhcp/dhclient.conf ;\
 echo "COMMENT: This removes the cdrom entry from sources list (left behind by installer)" ;\
 sed -i '/^#* *deb cdrom/d' /target/etc/apt/sources.list ;\
 echo "COMMENT: This patches the x2gobroker configuration files the way we need them to be for our demo." ;\
 sed -i -e '/^host=/chost=x2goserver1.x2go.example.com,x2goserver2.x2go.example.com' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^fullscreen=/cfullscreen=true' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^#default-agent-query-mode/adefault-agent-query-mode=SSH' /target/etc/x2go/x2gobroker.conf ;\
 sed -i -e '/^#default-use-load-checker/adefault-use-load-checker=true' /target/etc/x2go/x2gobroker.conf ;\
 sed -i -e 's/localhost-kde/localhost-lxde/g' -e 's/=KDE/=LXDE/g' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e 's/localhost-shadow/localhost-xfce/g' -e 's/=SHADOW/=XFCE/g' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e "/# don't even try/d" /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e 's/ - localhost/ - X2GoFarm/g' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e 's/localhost-/x2gofarm-/g' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^command=LXDE/aacl-any-order=deny-allow' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^command=LXDE/aacl-groups-deny=ALL' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^command=LXDE/aacl-groups-allow=group-a' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^command=XFCE/aacl-any-order=deny-allow' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^command=XFCE/aacl-groups-deny=ALL' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^command=XFCE/aacl-groups-allow=group-b' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^### EXAMPLES:/i[x2goserver1-shadow]' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^### EXAMPLES:/iname=SHADOW - X2GoServer1' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^### EXAMPLES:/ihost=x2goserver1.x2go.example.com' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^### EXAMPLES:/icommand=SHADOW' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^### EXAMPLES:/iusebrokerpass=true' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^### EXAMPLES:/i ' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^### EXAMPLES:/i[x2goserver2-shadow]' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^### EXAMPLES:/iname=SHADOW - X2GoServer2' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^### EXAMPLES:/ihost=x2goserver2.x2go.example.com' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^### EXAMPLES:/icommand=SHADOW' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^### EXAMPLES:/iusebrokerpass=true' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^### EXAMPLES:/i ' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^command=SHADOW/aacl-any-order=deny-allow' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^command=SHADOW/aacl-groups-deny=ALL' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 sed -i -e '/^command=SHADOW/aacl-groups-allow=group-shadow' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 echo "COMMENT: These patches fix bugs that are still present in the current stable release" ;\
 sed -i -e 's/if pam.pam:/if hasattr(pam, "pam"):/' /target/usr/sbin/x2gobroker-authservice /target/usr/lib/python2.7/dist-packages/x2gobroker/authmechs/pam_authmech.py ;\
 sed -i -e "s/'hostname'/'hostaddr'/" /target/usr/sbin/x2gobroker-testagent ;\
 echo "COMMENT: This enables the HTTP Session Broker for SystemD and SysVinit systems" ;\
 sed -i '/#DAEMON_BIND_ADDRESS=127.0.0.1:8080/aDAEMON_BIND_ADDRESS=*:8080' /target/etc/default/x2gobroker-daemon /target/etc/x2go/broker/defaults.conf ;\
 echo "COMMENT: This patches rc.local so the following set of commands is run" ;\
 echo "COMMENT: exactly *once* - at the first boot after installation." ;\
 echo "COMMENT: First, remove the 'exit 0'" ;\
 sed -i '/^exit 0/d' /target/etc/rc.local ;\
 echo "COMMENT: This is so /bin/sh points to /bin/bash instead of /bin/dash" ;\
 echo "COMMENT: As the standard shell of our LDAP users is set to /bin/sh." ;\
 echo 'dpkg-reconfigure -pcritical dash' >>/target/etc/rc.local ;\
 echo "COMMENT: This is the cleanup job for the dpkg-reconfigure call, so it doesn't run more than once." ;\
 echo 'sed -i -e "/dpkg/d" /etc/rc.local' >>/target/etc/rc.local ;\
 echo "COMMENT: We're cheating here:" ;\
 echo "COMMENT: We're calling the pubkeyauthorizer on x2gobroker, rather than from each x2goserver." ;\
 echo "COMMENT: That way, we don't have to open :8080 for anything more than localhost." ;\
 echo 'x2gobroker-pubkeyauthorizer --broker-url http://localhost:8080/pubkeys/' >>/target/etc/rc.local ;\
 echo "COMMENT: Now we create a directory (watch permissions/ownership!) on the NFS share, and dump the generated key file there." ;\
 echo 'mkdir -p /home/root/x2gobroker' >>/target/etc/rc.local ;\
 echo 'chmod 700 /home/root #x2gobroker' >>/target/etc/rc.local ;\
 echo 'chown -R root:root /home/root #x2gobroker' >>/target/etc/rc.local ;\
 echo 'cp -a /var/lib/x2gobroker/.ssh /home/root/x2gobroker' >>/target/etc/rc.local ;\
 echo "COMMENT: This is the cleanup job for the pubkeyauthorizer stuff, so it doesn't run more than once." ;\
 echo 'sed -i -e "/x2gobroker/d" /etc/rc.local' >>/target/etc/rc.local ;\
 echo "COMMENT: Finally, rc.local must terminate with 'exit 0' again." ;\
 echo 'exit 0' >>/target/etc/rc.local ;\
 echo "COMMENT: Make sure x2gobroker has a key pair available at first boot" ;\
 in-target x2gobroker-keygen ;\
 echo "COMMENT: Finally, take out the trash (yes, this includes systemd)" ;\
 in-target apt-get purge -y systemd systemd-shim ;\
 in-target apt-get autoremove --purge -y ;\
 in-target apt-get clean ;\
 echo "End Post-Install Setup/Config"

# Shut down and power off after installation
d-i debian-installer/exit/poweroff boolean true

# preseed key-value pairs for the packages we intend to install
dash	dash/sh	boolean	false
exim4-config exim4/no_config boolean true
libnss-ldapd	libnss-ldapd/nsswitch	multiselect	passwd, shadow, group, hosts, services, networks, protocols, rpc, ethers, netgroup
libnss-ldapd	libnss-ldapd/clean_nsswitch	boolean	false
libpam-runtime  libpam-runtime/profiles multiselect     unix, ldap
mdadm   mdadm/autostart boolean false
mdadm   mdadm/mail_to   string  root
mdadm   mdadm/initrdstart       string  all
mdadm   mdadm/initrdstart_notinconf     boolean true
mdadm   mdadm/autocheck boolean true
mdadm   mdadm/start_daemon      boolean true
nslcd   nslcd/ldap-bindpw       password
nslcd   nslcd/ldap-sasl-secprops        string
nslcd   nslcd/ldap-sasl-krb5-ccname     string  /var/run/nslcd/nslcd.tkt
nslcd   nslcd/ldap-sasl-authcid string
nslcd   nslcd/ldap-binddn       string
nslcd   nslcd/ldap-cacertfile   string  /etc/ssl/certs/ca-certificates.crt
nslcd   nslcd/ldap-sasl-authzid string
nslcd   nslcd/ldap-uris string  ldap://ldap1.x2go.example.com/
nslcd   nslcd/ldap-sasl-mech    select
nslcd   nslcd/ldap-auth-type    select  none
nslcd   nslcd/ldap-base string  dc=x2go,dc=example,dc=com
nslcd   nslcd/ldap-sasl-realm   string
nslcd   nslcd/ldap-reqcert      select
nslcd   nslcd/ldap-starttls     boolean false
x2gobroker-ssh x2gobroker-ssh/group-x2gobroker-users string x2gobroker-users
x2gobroker-ssh x2gobroker-ssh/group-does-not-exist note
x2gobroker-ssh x2gobroker-ssh/use-existing-group boolean false
x2gobroker-ssh x2gobroker-ssh/create-group boolean true
x2gobroker-ssh x2gobroker-ssh/manual-setup-required boolean false
x2gobroker-ssh x2gobroker-ssh/del-last-group-x2gobroker-users boolean false
x2gobroker-ssh x2gobroker-ssh/last-group-x2gobroker-users string x2gobroker-users
</file>

==== x2goserver1.x2go.example.com ====
  * Minimum RAM required: 256MB
  * Minimum disk space required: 8 GB
  * Also required: any supported eth0 network interface

<file - preseed_x2goserver1>
# There are two sets of parameters you can use as the append line:
# The minimum required is:
# hostname=x2goserver1 domain=x2go.example.com
# url=http://192.168.0.224/preseed_x2goserver1
# (all in one line, and without the leading "#" marks)
# If you only use these, you will have to answer a few questions
# - mainly regarding country, keyboard and locale - interactively.
# For a fully automated installation, add these parameters 
# *in addition to the ones listed above*
# (again, all in one line, and without the leading "#" marks):
# priority=critical netcfg/use_dhcp=true netcfg/choose_interface=eth0 
# debian-installer/locale=de_DE keymap=de-latin1
# debian-installer/locale=de_DE.UTF-8 DEBCONF_DEBUG=5

# We prefer to stay anonymous ;-)
popularity-contest popularity-contest/participate boolean false

# Load non-free firmware, if possible
d-i hw-detect/load_firmware boolean true

# Repository
# CHANGE THIS to your nearest mirror
d-i     mirror/http/hostname    string ftp.de.debian.org
d-i     mirror/http/directory   string /debian/
d-i     mirror/suite            string jessie

# Post install APT setup
d-i     apt-setup/uri_type      select d-i
# CHANGE THIS to your nearest mirror
d-i     apt-setup/hostname      string ftp.de.debian.org
d-i     apt-setup/directory     string /debian/
d-i     apt-setup/another       boolean false
d-i     apt-setup/security-updates      boolean true
d-i     finish-install/reboot_in_progress note
d-i     prebaseconfig/reboot_in_progress        note

d-i     apt-setup/non-free 	boolean true
d-i     apt-setup/contrib 	boolean true

# Network-related settings
# Every hostname and domain name assigned via DHCP  
# takes priority over these values 
# however, if they are left empty, the installer will query them interactively 
d-i     netcfg/get_hostname     string  x2goserver1
d-i     netcfg/get_domain       string  x2go.example.com
d-i     netcfg/disable_dhcp     boolean false
d-i     mirror/http/proxy      string
d-i     netcfg/choose_interface select eth0
d-i     netcfg/wireless_wep     string

# Partitioning and Bootloader settings
d-i     partman-auto/disk               string /dev/sda
d-i     partman-auto/method             string regular

# Do not use UUIDs in fstab (and not in bootloader config, either)
d-i partman/mount_style string traditional

# This silences an interactive "are you sure?" query
d-i	partman/confirm	boolean	true
d-i     partman-partitioning/confirm_write_new_label boolean true
d-i     partman/choose_partition select finish
d-i     partman/confirm_nooverwrite boolean true
d-i     partman-lvm/device_remove_lvm boolean true
d-i     partman-lvm/confirm boolean true
d-i     partman-md/device_remove_md boolean true
d-i     partman-md/confirm boolean true

d-i partman-auto/choose_recipe select atomic
#d-i partman-auto/choose_recipe select home
#d-i partman-auto/choose_recipe select multi

d-i debian-installer/add-kernel-opts string nomodeset gfxpayload=vga=normal

d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean true
d-i grub-installer/bootdev  string /dev/sda

# Country, keyboard, locale settings - CHANGE THIS
d-i 	debian-installer/locale string de_DE
d-i     debian-installer/keymap select de-latin1
d-i     debian-installer/keymap string de-latin1

d-i     languagechooser/language-name-fb    select German
d-i     countrychooser/country-name select Germany
d-i     console-setup/layoutcode string de_DE
d-i     debian-installer/locale             select de_DE.UTF-8

# Time zone settings - CHANGE THIS
d-i     tzconfig/gmt            boolean false
d-i     tzconfig/choose_country_zone/Europe select Berlin
d-i     tzconfig/choose_country_zone_single boolean true
d-i	time/zone	select	Europe/Berlin
d-i	clock-setup/utc	boolean	true
d-i	mirror/country	string	manual
d-i     clock-setup/ntp boolean false

# Root Account
# this says "start" in MD5 - CHANGE THIS
d-i	passwd/root-password-crypted    passwd    $1$ekONVtC5$rTbjMaMA6cqFpbWu7UXWN.

# Do not create a regular user account when installing a server
d-i passwd/make-user boolean false
#d-i	passwd/user-fullname            string Local User
#d-i	passwd/username                 string localuser
#d-i	passwd/user-password-crypted    passwd $1$ekONVtC5$rTbjMaMA6cqFpbWu7UXWN.


# Additional repositories, local[0-9] available
# this is where we add the X2Go repo
d-i apt-setup/local0/repository string \
       http://packages.x2go.org/debian jessie main
d-i apt-setup/local0/comment string X2Go Repository

# URL to the public key of the local repository; you must provide a key or
# apt will complain about the unauthenticated repository and so the
# sources.list line will be left commented out

# When this key doesn't work any more, switch entries
#d-i apt-setup/local0/key string http://packages.x2go.org/pub.key
d-i apt-setup/local0/key string http://packages.x2go.org/debian-old-pub.key

# Task and Package Selection
tasksel	tasksel/first	multiselect	standard, xfce-desktop, mate-desktop, lxde-desktop
d-i	pkgsel/include	string		ssh \
console-setup \
cups-client \
cups-x2go \
debconf-i18n \
gimp \
ldap-utils \
libnss-ldapd \
libpam-ldapd \
libreoffice \
mc \
nslcd \
ntp \
pidgin \
postgresql-client-9.4 \
postgresql-client-common \
rsync \
screen \
sysvinit-core \
sysvinit-utils \
unattended-upgrades \
vim \
x2go-keyring \
x2gobroker-agent \
x2goserver \
x2goserver-extensions \
x2goserver-printing \
x2goserver-xsession

# Commands to be executed after package installation
# Note: The only way to insert comments below is to add an "echo COMMENT"
d-i preseed/late_command string echo "COMMENT: Begin Post-Install Setup/Config" ;\
 echo "COMMENT: Configure SSH" ;\
 mkdir -p /target/root/.ssh ; \
 chmod 700 /target/root/.ssh ;\
 touch /target/root/.ssh/authorized_keys ; \
 chmod 600 /target/root/.ssh/authorized_keys ;\
 sed -i '/^PermitRootLogin/c PermitRootLogin without-password' /target/etc/ssh/sshd_config ;\
 echo "COMMENT: Insert your own SSH public key here" ;\
 echo "COMMENT: User echo -n as shown so multiline echo doesn't add Newlines when appending" ;\
 echo -n 'ssh-rsa AAAAB3blahblahblah' >>/target/root/.ssh/authorized_keys ;\
 echo -n 'blahblahblahOQ== SSH Key Comment here' >>/target/root/.ssh/authorized_keys ;\
 echo "COMMENT: Fixing shortcomings of netcfg here..." ;\
 sed -i "s/$(cat /etc/hostname)/x2goserver1/" /target/etc/hosts ;\
 echo "x2goserver1" >/target/etc/hostname ;\
 echo "COMMENT: Fix ends here." ;\
 echo "COMMENT: This is said to be required for LDAP UID/GID sync." ;\
 sed -i '/^NEED_IMAPD/cNEED_IMAPD=yes' /target/etc/default/nfs-common ;\
 echo "COMMENT: This fixes some annoyances regarding UTF-8 and MidnightCommander" ;\
 echo "export LANG=de_DE.UTF-8" >>/target/etc/bash.bashrc ;\
 echo "export NCURSES_NO_UTF8_ACS=1" >>/target/etc/bash.bashrc ;\
 echo "COMMENT: This is for homedir autocreation." ;\
 echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\
 echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\
 echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\
 echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\
 echo "COMMENT: This makes sure error messages during bootup remain on screen." ;\
 sed -i -e '/^1/ s/getty/getty --noclear/' /target/etc/inittab ;\
 echo "COMMENT: This is so /home gets mounted from nfs1" ;\
 echo -e 'nfs1:/export/home\t/home\tnfs\tsoft,intr,rsize=8192,wsize=8192\t0\t0' >>/target/etc/fstab ;\
 echo "COMMENT: This is so dnsmasq on ldap1 is queried for DNS first" ;\
 sed 's/#prepend domain-name-servers 127.0.0.1;/prepend domain-name-servers 192.168.154.146;/' -i /target/etc/dhcp/dhclient.conf ;\
 echo "COMMENT: This removes the cdrom entry from sources list (left behind by installer)" ;\
 sed -i '/^#* *deb cdrom/d' /target/etc/apt/sources.list ;\
 echo "COMMENT: This tells X2GoServer to use the postgres backend on pg1" ;\
 sed -i -e '/^host/chost=pg1.x2go.example.com' -e '/^backend/cbackend=postgres' /target/etc/x2go/x2gosql/sql ;\
 echo "COMMENT: This tells x2godbadmin which password to use for db/user creation" ;\
 echo 'start' > /target/etc/x2go/x2gosql/passwords/pgadmin ;\
 echo "COMMENT: This disables the graphical login - we don't need it on a server." ;\
 cat /dev/null > /target/etc/X11/default-display-manager ;\
 echo "COMMENT: This patches rc.local so the following set of commands is run" ;\
 echo "COMMENT: exactly *once* - at the first boot after installation." ;\
 echo "COMMENT: First, remove the 'exit 0'" ;\
 sed -i '/^exit 0/d' /target/etc/rc.local ;\
 echo "COMMENT: This is so /bin/sh points to /bin/bash instead of /bin/dash" ;\
 echo "COMMENT: As the standard shell of our LDAP users is set to /bin/sh." ;\
 echo 'dpkg-reconfigure -pcritical dash' >>/target/etc/rc.local ;\
 echo "COMMENT: This is the cleanup job for the dpkg-reconfigure call, so it doesn't run more than once." ;\
 echo 'sed -i -e "/dpkg/d" /etc/rc.local' >>/target/etc/rc.local ;\
 echo "COMMENT: This loop waits until the LDAP connection has been established." ;\
 echo 'while ! getent passwd user1 | grep -q user1 ; do # homedir creation for x2godbadmin command' >>/target/etc/rc.local ;\
 echo -e "\techo 'Waiting for LDAP connection ...' # homedir creation for x2godbadmin command" >>/target/etc/rc.local ;\
 echo -e "\tsleep 1 # homedir creation for x2godbadmin command" >>/target/etc/rc.local ;\
 echo 'done # homedir creation for x2godbadmin command' >>/target/etc/rc.local ;\
 echo "COMMENT: Now we're creating home directories for our users." ;\
 echo "COMMENT: if we wouldn't have waited, this would fail." ;\
 echo "COMMENT: We're doing this on x2goserver1 and not ldap1 because" ;\
 echo "COMMENT: ldap1 doesn't mount /home via NFS, plus it might be" ;\
 echo "COMMENT: up and running before nfs1 has finished booting." ;\
 echo 'su user1 -s /bin/true # homedir creation for x2godbadmin command' >>/target/etc/rc.local ;\
 echo 'su user2 -s /bin/true # homedir creation for x2godbadmin command' >>/target/etc/rc.local ;\
 echo 'su user3 -s /bin/true # homedir creation for x2godbadmin command' >>/target/etc/rc.local ;\
 echo 'su user4 -s /bin/true # homedir creation for x2godbadmin command' >>/target/etc/rc.local ;\
 echo 'su user5 -s /bin/true # homedir creation for x2godbadmin command' >>/target/etc/rc.local ;\
 echo "COMMENT: Now let's create the database on pg1." ;\
 echo 'x2godbadmin --createdb' >>/target/etc/rc.local ;\
 echo "COMMENT: --addgroup seems to suggest that all users in this group" ;\
 echo "COMMENT: would be auto-added.  Sadly, this doesn't work, at least" ;\
 echo "COMMENT: there is no trace of any user in the database on pg1 afterwards." ;\
 echo '# x2godbadmin --addgroup users # fixme - does not seem to work' >>/target/etc/rc.local ;\
 echo "COMMENT: So let's add the users one by one:" ;\
 echo 'x2godbadmin --adduser user1' >>/target/etc/rc.local ;\
 echo 'x2godbadmin --adduser user2' >>/target/etc/rc.local ;\
 echo 'x2godbadmin --adduser user3' >>/target/etc/rc.local ;\
 echo 'x2godbadmin --adduser user4' >>/target/etc/rc.local ;\
 echo 'x2godbadmin --adduser user5' >>/target/etc/rc.local ;\
 echo "COMMENT: This is the cleanup job for the x2godbadmin stuff, so it doesn't run more than once." ;\
 echo 'sed -i -e "/x2godbadmin/d" /etc/rc.local' >>/target/etc/rc.local ;\
 echo "COMMENT: This is the routine that 'fakes' what x2go-pubkeyauthorizer does" ;\
 echo "COMMENT: by copying the authorized_keys file created on x2gobroker to its destination." ;\
 echo 'if [ -s /home/root/x2gobroker/.ssh/authorized_keys ] ; then' >>/target/etc/rc.local ;\
 echo -e "\t"'cp -a /home/root/x2gobroker/.ssh /var/lib/x2gobroker/' >>/target/etc/rc.local ;\
 echo "COMMENT: This is the cleanup job for the x2gobroker stuff, so it doesn't run more than once." ;\
 echo "COMMENT: Note that it will only run if the authorized_keys file has been found." ;\
 echo -e "\t"'sed -i -e "/x2gobroker/d" /etc/rc.local' >>/target/etc/rc.local ;\
 echo 'fi #x2gobroker' >>/target/etc/rc.local ;\
 echo "COMMENT: Finally, rc.local must terminate with 'exit 0' again." ;\
 echo 'exit 0' >>/target/etc/rc.local ;\
 echo "COMMENT: Finally, take out the trash - sadly, systemd must stay because of MATE and LXDE." ;\
 in-target apt-get autoremove --purge -y ;\
 in-target apt-get clean ;\
 echo "End Post-Install Setup/Config"

# Shut down and power off after installation
d-i debian-installer/exit/poweroff boolean true

# preseed key-value pairs for the packages we intend to install
dash	dash/sh	boolean	false
exim4-config exim4/no_config boolean true
libnss-ldapd	libnss-ldapd/nsswitch	multiselect	passwd, shadow, group, hosts, services, networks, protocols, rpc, ethers, netgroup
libnss-ldapd	libnss-ldapd/clean_nsswitch	boolean	false
libpam-runtime  libpam-runtime/profiles multiselect     unix, ldap
mdadm   mdadm/autostart boolean false
mdadm   mdadm/mail_to   string  root
mdadm   mdadm/initrdstart       string  all
mdadm   mdadm/initrdstart_notinconf     boolean true
mdadm   mdadm/autocheck boolean true
mdadm   mdadm/start_daemon      boolean true
nslcd   nslcd/ldap-bindpw       password
nslcd   nslcd/ldap-sasl-secprops        string
nslcd   nslcd/ldap-sasl-krb5-ccname     string  /var/run/nslcd/nslcd.tkt
nslcd   nslcd/ldap-sasl-authcid string
nslcd   nslcd/ldap-binddn       string
nslcd   nslcd/ldap-cacertfile   string  /etc/ssl/certs/ca-certificates.crt
nslcd   nslcd/ldap-sasl-authzid string
nslcd   nslcd/ldap-uris string  ldap://ldap1.x2go.example.com/
nslcd   nslcd/ldap-sasl-mech    select
nslcd   nslcd/ldap-auth-type    select  none
nslcd   nslcd/ldap-base string  dc=x2go,dc=example,dc=com
nslcd   nslcd/ldap-sasl-realm   string
nslcd   nslcd/ldap-reqcert      select
nslcd   nslcd/ldap-starttls     boolean false
</file>

==== x2goserver2.x2go.example.com ====
  * Minimum RAM required: 256MB
  * Minimum disk space required: 8 GB
  * Also required: any supported eth0 network interface

<file - preseed_x2goserver2>
# There are two sets of parameters you can use as the append line:
# The minimum required is:
# hostname=x2goserver2 domain=x2go.example.com
# url=http://192.168.0.224/preseed_x2goserver2
# (all in one line, and without the leading "#" marks)
# If you only use these, you will have to answer a few questions
# - mainly regarding country, keyboard and locale - interactively.
# For a fully automated installation, add these parameters 
# *in addition to the ones listed above*
# (again, all in one line, and without the leading "#" marks):
# priority=critical netcfg/use_dhcp=true netcfg/choose_interface=eth0 
# debian-installer/locale=de_DE keymap=de-latin1
# debian-installer/locale=de_DE.UTF-8 DEBCONF_DEBUG=5

# We prefer to stay anonymous ;-)
popularity-contest popularity-contest/participate boolean false

# Load non-free firmware, if possible
d-i hw-detect/load_firmware boolean true

# Repository
# CHANGE THIS to your nearest mirror
d-i     mirror/http/hostname    string ftp.de.debian.org
d-i     mirror/http/directory   string /debian/
d-i     mirror/suite            string jessie

# Post install APT setup
d-i     apt-setup/uri_type      select d-i
# CHANGE THIS to your nearest mirror
d-i     apt-setup/hostname      string ftp.de.debian.org
d-i     apt-setup/directory     string /debian/
d-i     apt-setup/another       boolean false
d-i     apt-setup/security-updates      boolean true
d-i     finish-install/reboot_in_progress note
d-i     prebaseconfig/reboot_in_progress        note

d-i     apt-setup/non-free 	boolean true
d-i     apt-setup/contrib 	boolean true

# Network-related settings
# Every hostname and domain name assigned via DHCP  
# takes priority over these values 
# however, if they are left empty, the installer will query them interactively 
d-i     netcfg/get_hostname     string  x2goserver2
d-i     netcfg/get_domain       string  x2go.example.com
d-i     netcfg/disable_dhcp     boolean false
d-i     mirror/http/proxy      string
d-i     netcfg/choose_interface select eth0
d-i     netcfg/wireless_wep     string

# Partitioning and Bootloader settings
d-i     partman-auto/disk               string /dev/sda
d-i     partman-auto/method             string regular

# Do not use UUIDs in fstab (and not in bootloader config, either)
d-i partman/mount_style string traditional

# This silences an interactive "are you sure?" query
d-i	partman/confirm	boolean	true
d-i     partman-partitioning/confirm_write_new_label boolean true
d-i     partman/choose_partition select finish
d-i     partman/confirm_nooverwrite boolean true
d-i     partman-lvm/device_remove_lvm boolean true
d-i     partman-lvm/confirm boolean true
d-i     partman-md/device_remove_md boolean true
d-i     partman-md/confirm boolean true

d-i partman-auto/choose_recipe select atomic
#d-i partman-auto/choose_recipe select home
#d-i partman-auto/choose_recipe select multi

d-i debian-installer/add-kernel-opts string nomodeset gfxpayload=vga=normal

d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean true
d-i grub-installer/bootdev  string /dev/sda

# Country, keyboard, locale settings - CHANGE THIS
d-i 	debian-installer/locale string de_DE
d-i     debian-installer/keymap select de-latin1
d-i     debian-installer/keymap string de-latin1

d-i     languagechooser/language-name-fb    select German
d-i     countrychooser/country-name select Germany
d-i     console-setup/layoutcode string de_DE
d-i     debian-installer/locale             select de_DE.UTF-8

# Time zone settings - CHANGE THIS
d-i     tzconfig/gmt            boolean false
d-i     tzconfig/choose_country_zone/Europe select Berlin
d-i     tzconfig/choose_country_zone_single boolean true
d-i	time/zone	select	Europe/Berlin
d-i	clock-setup/utc	boolean	true
d-i	mirror/country	string	manual
d-i     clock-setup/ntp boolean false

# Root Account
# this says "start" in MD5 - CHANGE THIS
d-i	passwd/root-password-crypted    passwd    $1$ekONVtC5$rTbjMaMA6cqFpbWu7UXWN.

# Do not create a regular user account when installing a server
d-i passwd/make-user boolean false
#d-i	passwd/user-fullname            string Local User
#d-i	passwd/username                 string localuser
#d-i	passwd/user-password-crypted    passwd $1$ekONVtC5$rTbjMaMA6cqFpbWu7UXWN.


# Additional repositories, local[0-9] available
# this is where we add the X2Go repo
d-i apt-setup/local0/repository string \
       http://packages.x2go.org/debian jessie main
d-i apt-setup/local0/comment string X2Go Repository

# URL to the public key of the local repository; you must provide a key or
# apt will complain about the unauthenticated repository and so the
# sources.list line will be left commented out

# When this key doesn't work any more, switch entries
#d-i apt-setup/local0/key string http://packages.x2go.org/pub.key
d-i apt-setup/local0/key string http://packages.x2go.org/debian-old-pub.key

# Task and Package Selection
tasksel	tasksel/first	multiselect	standard, xfce-desktop, mate-desktop, lxde-desktop
d-i	pkgsel/include	string		ssh \
console-setup \
cups-client \
cups-x2go \
debconf-i18n \
gimp \
ldap-utils \
libnss-ldapd \
libpam-ldapd \
libreoffice \
mc \
nslcd \
ntp \
pidgin \
postgresql-client-9.4 \
postgresql-client-common \
rsync \
screen \
sysvinit-core \
sysvinit-utils \
unattended-upgrades \
vim \
x2go-keyring \
x2gobroker-agent \
x2goserver \
x2goserver-extensions \
x2goserver-printing \
x2goserver-xsession

# Commands to be executed after package installation
# Note: The only way to insert comments below is to add an "echo COMMENT"
d-i preseed/late_command string echo "COMMENT: Begin Post-Install Setup/Config" ;\
 echo "COMMENT: Configure SSH" ;\
 mkdir -p /target/root/.ssh ; \
 chmod 700 /target/root/.ssh ;\
 touch /target/root/.ssh/authorized_keys ; \
 chmod 600 /target/root/.ssh/authorized_keys ;\
 sed -i '/^PermitRootLogin/c PermitRootLogin without-password' /target/etc/ssh/sshd_config ;\
 echo "COMMENT: Insert your own SSH public key here" ;\
 echo "COMMENT: User echo -n as shown so multiline echo doesn't add Newlines when appending" ;\
 echo -n 'ssh-rsa AAAAB3blahblahblah' >>/target/root/.ssh/authorized_keys ;\
 echo -n 'blahblahblahOQ== SSH Key Comment here' >>/target/root/.ssh/authorized_keys ;\
 echo "COMMENT: Fixing shortcomings of netcfg here..." ;\
 sed -i "s/$(cat /etc/hostname)/x2goserver2/" /target/etc/hosts ;\
 echo "x2goserver2" >/target/etc/hostname ;\
 echo "COMMENT: Fix ends here." ;\
 echo "COMMENT: This is said to be required for LDAP UID/GID sync." ;\
 sed -i '/^NEED_IMAPD/cNEED_IMAPD=yes' /target/etc/default/nfs-common ;\
 echo "COMMENT: This fixes some annoyances regarding UTF-8 and MidnightCommander" ;\
 echo "export LANG=de_DE.UTF-8" >>/target/etc/bash.bashrc ;\
 echo "export NCURSES_NO_UTF8_ACS=1" >>/target/etc/bash.bashrc ;\
 echo "COMMENT: This is for homedir autocreation." ;\
 echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\
 echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\
 echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\
 echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\
 echo "COMMENT: This makes sure error messages during bootup remain on screen." ;\
 sed -i -e '/^1/ s/getty/getty --noclear/' /target/etc/inittab ;\
 echo "COMMENT: This is so /home gets mounted from nfs1" ;\
 echo -e 'nfs1:/export/home\t/home\tnfs\tsoft,intr,rsize=8192,wsize=8192\t0\t0' >>/target/etc/fstab ;\
 echo "COMMENT: This is so dnsmasq on ldap1 is queried for DNS first" ;\
 sed 's/#prepend domain-name-servers 127.0.0.1;/prepend domain-name-servers 192.168.154.146;/' -i /target/etc/dhcp/dhclient.conf ;\
 echo "COMMENT: This removes the cdrom entry from sources list (left behind by installer)" ;\
 sed -i '/^#* *deb cdrom/d' /target/etc/apt/sources.list ;\
 echo "COMMENT: This tells X2GoServer to use the postgres backend on pg1" ;\
 sed -i -e '/^host/chost=pg1.x2go.example.com' -e '/^backend/cbackend=postgres' /target/etc/x2go/x2gosql/sql ;\
 echo "COMMENT: This disables the graphical login - we don't need it on a server." ;\
 cat /dev/null > /target/etc/X11/default-display-manager ;\
 echo "COMMENT: This patches rc.local so the following set of commands is run" ;\
 echo "COMMENT: exactly *once* - at the first boot after installation." ;\
 echo "COMMENT: First, remove the 'exit 0'" ;\
 sed -i '/^exit 0/d' /target/etc/rc.local ;\
 echo "COMMENT: This is so /bin/sh points to /bin/bash instead of /bin/dash" ;\
 echo "COMMENT: As the standard shell of our LDAP users is set to /bin/sh." ;\
 echo 'dpkg-reconfigure -pcritical dash' >>/target/etc/rc.local ;\
 echo "COMMENT: This is the cleanup job for the dpkg-reconfigure call, so it doesn't run more than once." ;\
 echo 'sed -i -e "/dpkg/d" /etc/rc.local' >>/target/etc/rc.local ;\
 echo "COMMENT: This is the routine that 'fakes' what x2go-pubkeyauthorizer does" ;\
 echo "COMMENT: by copying the authorized_keys file created on x2gobroker to its destination." ;\
 echo 'if [ -s /home/root/x2gobroker/.ssh/authorized_keys ] ; then' >>/target/etc/rc.local ;\
 echo -e "\t"'cp -a /home/root/x2gobroker/.ssh /var/lib/x2gobroker/' >>/target/etc/rc.local ;\
 echo "COMMENT: This is the cleanup job for the x2gobroker stuff, so it doesn't run more than once." ;\
 echo "COMMENT: Note that it will only run if the authorized_keys file has been found." ;\
 echo -e "\t"'sed -i -e "/x2gobroker/d" /etc/rc.local' >>/target/etc/rc.local ;\
 echo 'fi #x2gobroker' >>/target/etc/rc.local ;\
 echo "COMMENT: Finally, rc.local must terminate with 'exit 0' again." ;\
 echo 'exit 0' >>/target/etc/rc.local ;\
 echo "COMMENT: Finally, take out the trash - sadly, systemd must stay because of MATE and LXDE." ;\
 in-target apt-get autoremove --purge -y ;\
 in-target apt-get clean ;\
 echo "End Post-Install Setup/Config"

# Shut down and power off after installation
d-i debian-installer/exit/poweroff boolean true

# preseed key-value pairs for the packages we intend to install
dash	dash/sh	boolean	false
exim4-config exim4/no_config boolean true
libnss-ldapd	libnss-ldapd/nsswitch	multiselect	passwd, shadow, group, hosts, services, networks, protocols, rpc, ethers, netgroup
libnss-ldapd	libnss-ldapd/clean_nsswitch	boolean	false
libpam-runtime  libpam-runtime/profiles multiselect     unix, ldap
mdadm   mdadm/autostart boolean false
mdadm   mdadm/mail_to   string  root
mdadm   mdadm/initrdstart       string  all
mdadm   mdadm/initrdstart_notinconf     boolean true
mdadm   mdadm/autocheck boolean true
mdadm   mdadm/start_daemon      boolean true
nslcd   nslcd/ldap-bindpw       password
nslcd   nslcd/ldap-sasl-secprops        string
nslcd   nslcd/ldap-sasl-krb5-ccname     string  /var/run/nslcd/nslcd.tkt
nslcd   nslcd/ldap-sasl-authcid string
nslcd   nslcd/ldap-binddn       string
nslcd   nslcd/ldap-cacertfile   string  /etc/ssl/certs/ca-certificates.crt
nslcd   nslcd/ldap-sasl-authzid string
nslcd   nslcd/ldap-uris string  ldap://ldap1.x2go.example.com/
nslcd   nslcd/ldap-sasl-mech    select
nslcd   nslcd/ldap-auth-type    select  none
nslcd   nslcd/ldap-base string  dc=x2go,dc=example,dc=com
nslcd   nslcd/ldap-sasl-realm   string
nslcd   nslcd/ldap-reqcert      select
nslcd   nslcd/ldap-starttls     boolean false
</file>

==== x2goclient1.x2go.example.com ====
  * Minimum RAM required: 256MB
  * Minimum disk space required: 4 GB
  * Also required: any supported eth0 network interface

<file - preseed_x2goclient1>
# There are two sets of parameters you can use as the append line:
# The minimum required is:
# hostname=x2goclient1 domain=x2go.example.com
# url=http://192.168.0.224/preseed_x2goclient1
# (all in one line, and without the leading "#" marks)
# If you only use these, you will have to answer a few questions
# - mainly regarding country, keyboard and locale - interactively.
# For a fully automated installation, add these parameters 
# *in addition to the ones listed above*
# (again, all in one line, and without the leading "#" marks):
# priority=critical netcfg/use_dhcp=true netcfg/choose_interface=eth0 
# debian-installer/locale=de_DE keymap=de-latin1
# debian-installer/locale=de_DE.UTF-8 DEBCONF_DEBUG=5

# We prefer to stay anonymous ;-)
popularity-contest popularity-contest/participate boolean false

# Load non-free firmware, if possible
d-i hw-detect/load_firmware boolean true

# Repository
# CHANGE THIS to your nearest mirror
d-i     mirror/http/hostname    string ftp.de.debian.org
d-i     mirror/http/directory   string /debian/
d-i     mirror/suite            string jessie

# Post install APT setup
d-i     apt-setup/uri_type      select d-i
# CHANGE THIS to your nearest mirror
d-i     apt-setup/hostname      string ftp.de.debian.org
d-i     apt-setup/directory     string /debian/
d-i     apt-setup/another       boolean false
d-i     apt-setup/security-updates      boolean true
d-i     finish-install/reboot_in_progress note
d-i     prebaseconfig/reboot_in_progress        note

d-i     apt-setup/non-free 	boolean true
d-i     apt-setup/contrib 	boolean true

# Network-related settings
# Every hostname and domain name assigned via DHCP  
# takes priority over these values 
# however, if they are left empty, the installer will query them interactively 
d-i     netcfg/get_hostname     string  x2goclient1
d-i     netcfg/get_domain       string  x2go.example.com
d-i     netcfg/disable_dhcp     boolean false
d-i     mirror/http/proxy      string
d-i     netcfg/choose_interface select eth0
d-i     netcfg/wireless_wep     string

# Partitioning and Bootloader settings
d-i     partman-auto/disk               string /dev/sda
d-i     partman-auto/method             string regular

# Do not use UUIDs in fstab (and not in bootloader config, either)
d-i partman/mount_style string traditional

# This silences an interactive "are you sure?" query
d-i	partman/confirm	boolean	true
d-i     partman-partitioning/confirm_write_new_label boolean true
d-i     partman/choose_partition select finish
d-i     partman/confirm_nooverwrite boolean true
d-i     partman-lvm/device_remove_lvm boolean true
d-i     partman-lvm/confirm boolean true
d-i     partman-md/device_remove_md boolean true
d-i     partman-md/confirm boolean true

d-i partman-auto/choose_recipe select atomic
#d-i partman-auto/choose_recipe select home
#d-i partman-auto/choose_recipe select multi

d-i debian-installer/add-kernel-opts string nomodeset gfxpayload=vga=normal

d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean true
d-i grub-installer/bootdev  string /dev/sda

# Country, keyboard, locale settings - CHANGE THIS
d-i 	debian-installer/locale string de_DE
d-i     debian-installer/keymap select de-latin1
d-i     debian-installer/keymap string de-latin1

d-i     languagechooser/language-name-fb    select German
d-i     countrychooser/country-name select Germany
d-i     console-setup/layoutcode string de_DE
d-i     debian-installer/locale             select de_DE.UTF-8

# Time zone settings - CHANGE THIS
d-i     tzconfig/gmt            boolean false
d-i     tzconfig/choose_country_zone/Europe select Berlin
d-i     tzconfig/choose_country_zone_single boolean true
d-i	time/zone	select	Europe/Berlin
d-i	clock-setup/utc	boolean	true
d-i	mirror/country	string	manual
d-i     clock-setup/ntp boolean false

# Root Account
# this says "start" in MD5 - CHANGE THIS
d-i	passwd/root-password-crypted    passwd    $1$ekONVtC5$rTbjMaMA6cqFpbWu7UXWN.

# On this client system, we want to create a local user
d-i passwd/make-user boolean true
d-i	passwd/user-fullname            string Local User
d-i	passwd/username                 string localuser
d-i	passwd/user-password-crypted    passwd $1$ekONVtC5$rTbjMaMA6cqFpbWu7UXWN.


# Additional repositories, local[0-9] available
# this is where we add the X2Go repo
d-i apt-setup/local0/repository string \
       http://packages.x2go.org/debian jessie main
d-i apt-setup/local0/comment string X2Go Repository

# URL to the public key of the local repository; you must provide a key or
# apt will complain about the unauthenticated repository and so the
# sources.list line will be left commented out

# When this key doesn't work any more, switch entries
#d-i apt-setup/local0/key string http://packages.x2go.org/pub.key
d-i apt-setup/local0/key string http://packages.x2go.org/debian-old-pub.key

# Task and Package Selection
tasksel	tasksel/first	multiselect	ssh-server
d-i	pkgsel/include	string		ssh \
console-setup \
debconf-i18n \
lightdm \
lxde-core \
lxtask \
lxlauncher \
mc \
ntp \
screen \
sysvinit-core \
sysvinit-utils \
unattended-upgrades \
vim \
x2goclient

# Commands to be executed after package installation
# Note: The only way to insert comments below is to add an "echo COMMENT"
d-i preseed/late_command string echo "COMMENT: Begin Post-Install Setup/Config" ;\
 echo "COMMENT: Configure SSH" ;\
 mkdir -p /target/root/.ssh ; \
 chmod 700 /target/root/.ssh ;\
 touch /target/root/.ssh/authorized_keys ; \
 chmod 600 /target/root/.ssh/authorized_keys ;\
 sed -i '/^PermitRootLogin/c PermitRootLogin without-password' /target/etc/ssh/sshd_config ;\
 echo "COMMENT: Insert your own SSH public key here" ;\
 echo "COMMENT: User echo -n as shown so multiline echo doesn't add Newlines when appending" ;\
 echo -n 'ssh-rsa AAAAB3blahblahblah' >>/target/root/.ssh/authorized_keys ;\
 echo -n 'blahblahblahOQ== SSH Key Comment here' >>/target/root/.ssh/authorized_keys ;\
 echo "COMMENT: Fixing shortcomings of netcfg here..." ;\
 sed -i "s/$(cat /etc/hostname)/x2goclient1/" /target/etc/hosts ;\
 echo "x2goclient1" >/target/etc/hostname ;\
 echo "COMMENT: Fix ends here." ;\
 echo "COMMENT: This fixes some annoyances regarding UTF-8 and MidnightCommander" ;\
 echo "export LANG=de_DE.UTF-8" >>/target/etc/bash.bashrc ;\
 echo "export NCURSES_NO_UTF8_ACS=1" >>/target/etc/bash.bashrc ;\
 echo "COMMENT: This makes sure error messages during bootup remain on screen." ;\
 sed -i -e '/^1/ s/getty/getty --noclear/' /target/etc/inittab ;\
 echo "COMMENT: This is so dnsmasq on ldap1 is queried for DNS first" ;\
 sed 's/#prepend domain-name-servers 127.0.0.1;/prepend domain-name-servers 192.168.154.146;/' -i /target/etc/dhcp/dhclient.conf ;\
 echo "COMMENT: This removes the cdrom entry from sources list (left behind by installer)" ;\
 sed -i '/^#* *deb cdrom/d' /target/etc/apt/sources.list ;\
 echo "COMMENT: This patches rc.local so the following set of commands is run" ;\
 echo "COMMENT: exactly *once* - at the first boot after installation." ;\
 echo "COMMENT: First, remove the 'exit 0'" ;\
 sed -i '/^exit 0/d' /target/etc/rc.local ;\
 echo "COMMENT: This is so /bin/sh points to /bin/bash instead of /bin/dash" ;\
 echo "COMMENT: As the standard shell of our users is set to /bin/sh." ;\
 echo 'dpkg-reconfigure -pcritical dash' >>/target/etc/rc.local ;\
 echo "COMMENT: This is the cleanup job for the dpkg-reconfigure call, so it doesn't run more than once." ;\
 echo 'sed -i -e "/dpkg/d" /etc/rc.local' >>/target/etc/rc.local ;\
 echo "COMMENT: Finally, rc.local must terminate with 'exit 0' again." ;\
 echo 'exit 0' >>/target/etc/rc.local ;\
 echo "COMMENT: Finally, take out the trash - sadly, systemd must stay because of MATE and LXDE." ;\
 in-target apt-get autoremove --purge -y ;\
 in-target apt-get clean ;\
 echo "COMMENT: This last step creates an X2GoClient-in-Broker-Mode desktop entry" ;\
 mkdir /target/home/localuser/Desktop ;\ echo '[Desktop Entry]' >>/target/home/localuser/Desktop/x2goclient-broker-ssh.desktop ;\
 echo 'Version=1.0' >>/target/home/localuser/Desktop/x2goclient-broker-ssh.desktop ;\
 echo 'Terminal=false' >>/target/home/localuser/Desktop/x2goclient-broker-ssh.desktop ;\
 echo 'Icon=x2goclient' >>/target/home/localuser/Desktop/x2goclient-broker-ssh.desktop ;\
 echo 'Type=Application' >>/target/home/localuser/Desktop/x2goclient-broker-ssh.desktop ;\
 echo 'Categories=Internet' >>/target/home/localuser/Desktop/x2goclient-broker-ssh.desktop ;\
 echo 'Exec=x2goclient --broker-url=ssh://x2gobroker1.x2go.example.com:/usr/bin/x2gobroker-ssh --add-to-known-hosts' >>/target/home/localuser/Desktop/x2goclient-broker-ssh.desktop ;\
 echo 'Name=X2GoClient in SSH Broker Mode' >>/target/home/localuser/Desktop/x2goclient-broker-ssh.desktop ;\
 echo 'GenericName=X2GoClient in SSH Broker Mode' >>/target/home/localuser/Desktop/x2goclient-broker-ssh.desktop ;\
 echo 'Comment=Starts X2GoClient in SSH Broker Mode' >>/target/home/localuser/Desktop/x2goclient-broker-ssh.desktop ;\
 echo 'StartupNotify=true' >>/target/home/localuser/Desktop/x2goclient-broker-ssh.desktop ;\
 echo '[Desktop Entry]' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\
 echo 'Version=1.0' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\
 echo 'Terminal=false' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\
 echo 'Icon=x2goclient' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\
 echo 'Type=Application' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\
 echo 'Categories=Internet' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\
 echo 'Exec=x2goclient --broker-url=http://x2gobroker1.x2go.example.com:8080/plain/inifile --add-to-known-hosts' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\
 echo 'Name=X2GoClient in HTTP Broker Mode' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\
 echo 'GenericName=X2GoClient in HTTP Broker Mode' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\
 echo 'Comment=Starts X2GoClient in HTTP Broker Mode' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\
 echo 'StartupNotify=true' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\

 echo "End Post-Install Setup/Config"

# Shut down and power off after installation
d-i debian-installer/exit/poweroff boolean true

# preseed key-value pairs for the packages we intend to install
dash	dash/sh	boolean	false
exim4-config exim4/no_config boolean true
mdadm   mdadm/autostart boolean false
mdadm   mdadm/mail_to   string  root
mdadm   mdadm/initrdstart       string  all
mdadm   mdadm/initrdstart_notinconf     boolean true
mdadm   mdadm/autocheck boolean true
mdadm   mdadm/start_daemon      boolean true
</file>