# server.cfg — sourced by build.sh
# Variant: headless, hardened, SSH-only. Drop-in replacement for veilor-server with
# forky kernel + my prefs.
#
# Server is "deploy at console" — admin sets LUKS passphrase + hostname in person.
# - INTERACTIVE_LUKS=1: omit partman-crypto/passphrase from preseed → d-i prompts
# - INTERACTIVE_HOSTNAME=1: omit netcfg/get_hostname → d-i prompts (overridable
#   via kernel cmdline `hostname=NAME` at boot)
# - USER_PW_PLAIN_DEFAULT=123: weak baked password + chage -d 0 forces rotate on
#   first SSH login. Yescrypt-random would block console-only first login.
# - PRESEED_PRIORITY=high: missing-preseed questions surface as prompts instead
#   of falling back to (potentially wrong) defaults.

VARIANT_NAME="server"
VARIANT_VOLID="S8N_SERVER"

GRUB_PARAMS="quiet"
PRESEED_PRIORITY="high"

INTERACTIVE_LUKS=1
INTERACTIVE_HOSTNAME=1
USER_PW_PLAIN_DEFAULT="123"

DEFAULT_DISK="/dev/nvme0n1"

TASKSEL_TASKS="standard, ssh-server"

PACKAGES_LIST="server.list"

POST_INSTALL_SCRIPTS=(
  "00-base.sh"
  "20-ssh.sh"
  "30-tailscale.sh"
)