production-deb/variants/server.cfg

# server.cfg — sourced by build.sh
# Variant: headless, hardened, SSH-only. Drop-in replacement for veilor-server with
# forky kernel + my prefs.
#
# Server is "deploy at console" — admin sets LUKS passphrase + hostname in person.
# - INTERACTIVE_LUKS=1: omit partman-crypto/passphrase from preseed → d-i prompts
# - INTERACTIVE_HOSTNAME=1: omit netcfg/get_hostname → d-i prompts (overridable
#   via kernel cmdline `hostname=NAME` at boot)
# - USER_PW_PLAIN_DEFAULT=123: weak baked password + chage -d 0 forces rotate on
#   first SSH login. Yescrypt-random would block console-only first login.
# - PRESEED_PRIORITY=high: missing-preseed questions surface as prompts instead
#   of falling back to (potentially wrong) defaults.

VARIANT_NAME="server"
VARIANT_VOLID="S8N_SERVER"

GRUB_PARAMS="quiet"
PRESEED_PRIORITY="high"

INTERACTIVE_LUKS=1
INTERACTIVE_HOSTNAME=1
USER_PW_PLAIN_DEFAULT="123"

DEFAULT_DISK="/dev/nvme0n1"

TASKSEL_TASKS="standard, ssh-server"

PACKAGES_LIST="server.list"

POST_INSTALL_SCRIPTS=(
  "00-base.sh"
  "20-ssh.sh"
  "30-tailscale.sh"
)
fork: production-deb v0.1.0 from debian-s8ns-prefs-iso server variant Server-only canonical production Debian build. Drops laptop/vanilla variants. Interactive LUKS + hostname at install. user/123 forced rotate. DVD-1 offline base. S8N_LOGS log-capture partition. Lineage: forked from s8n/debian-s8ns-prefs-iso commit d4be55f. 2026-05-08 13:53:38 +01:00			`# server.cfg — sourced by build.sh`
			`# Variant: headless, hardened, SSH-only. Drop-in replacement for veilor-server with`
			`# forky kernel + my prefs.`
			`#`
			`# Server is "deploy at console" — admin sets LUKS passphrase + hostname in person.`
			`# - INTERACTIVE_LUKS=1: omit partman-crypto/passphrase from preseed → d-i prompts`
			`# - INTERACTIVE_HOSTNAME=1: omit netcfg/get_hostname → d-i prompts (overridable`
			# via kernel cmdline `hostname=NAME` at boot)
			`# - USER_PW_PLAIN_DEFAULT=123: weak baked password + chage -d 0 forces rotate on`
			`# first SSH login. Yescrypt-random would block console-only first login.`
			`# - PRESEED_PRIORITY=high: missing-preseed questions surface as prompts instead`
			`# of falling back to (potentially wrong) defaults.`

			`VARIANT_NAME="server"`
			`VARIANT_VOLID="S8N_SERVER"`

			`GRUB_PARAMS="quiet"`
			`PRESEED_PRIORITY="high"`

			`INTERACTIVE_LUKS=1`
			`INTERACTIVE_HOSTNAME=1`
			`USER_PW_PLAIN_DEFAULT="123"`

			`DEFAULT_DISK="/dev/nvme0n1"`

			`TASKSEL_TASKS="standard, ssh-server"`

			`PACKAGES_LIST="server.list"`

			`POST_INSTALL_SCRIPTS=(`
			`"00-base.sh"`
			`"20-ssh.sh"`
			`"30-tailscale.sh"`
			`)`