separate postinst directory

install.sh

@@ -1,27 +1,39 @@
 #!/bin/sh
 
 # A script to install debian jessie on a KVM guest
+
+DOMAIN="dp-net.com" # See late.sh for more domain name hardcodes
 
-if [ $# -ne 1 ]
+if [ $# -lt 1 ]
 then
-	echo "Usage: $0 <guest-name>"
+	echo "Usage: $0 <guest-name> [mac-address]"
 	exit 1
 fi
+
+MAC="RANDOM"
+if [ $# -eq 2 ]
+then
+	MAC=$2
+fi
+
+tar cvfz postinst.tar.gz postinst
 
 virt-install \
 --connect=qemu:///system \
 --name=${1} \
 --ram=1024 \
---vcpus=4 \
---disk size=4,path=/var/lib/libvirt/images/${1}.img,bus=virtio,cache=none \
+--vcpus=2 \
+--disk size=16,path=/var/lib/libvirt/images/${1}.img,bus=virtio,cache=none \
 --initrd-inject=preseed.cfg \
 --initrd-inject=late.sh \
+--initrd-inject=postinst.tar.gz \
 --location http://ftp.de.debian.org/debian/dists/jessie/main/installer-amd64/ \
 --os-type=linux \
 --virt-type=kvm \
 --controller usb,model=none \
 --graphics none \
 --noautoconsole \
---network bridge=br0,mac=RANDOM,model=virtio \
---extra-args="auto=true hostname="${1}" domain=dp-net.com console=tty0 console=ttyS0,115200n8 serial"
+--network bridge=br0,mac=${MAC},model=virtio \
+--extra-args="auto=true hostname="${1}" domain="${DOMAIN}" console=tty0 console=ttyS0,115200n8 serial"
 
+rm postinst.tar.gz

late.sh

@@ -10,10 +10,22 @@ sed -i 's/%sudo\tALL=(ALL:ALL) ALL/%sudo\tALL=(ALL:ALL) NOPASSWD:ALL/g' /etc/sud
 # Empty message of the day.
 echo -n > /etc/motd
 
-# Install SSH key for root.
-mkdir -m700 /root/.ssh
-echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6Up5b2jDreGMmMbkLtbskCdFTIrEtJLvpzCg95p2wHaEpEEu4VqvibL216Wbyeg/b9+fOnLyRV2eNZZC3gaq7IZak3STsdbZg8K7I/1ECSO3sMeACLwvNUlZLXEBP16IOIJQ3DmxWHIK4+0ndX8W2f8hrPYBVVW5Rbr5vbR27stlXwBI2ZerCxRmfhjuKz5VGvc40nUCHCe0ZrqOJumFnX8EDiu9sbutJKiMVObjpD0ENld8rm/sHiuQi2ds2uKsZOMSbtrefzfnIUf+s2/2AgUA8OsR2SMwi2xfl1iYo8SzYQCdGn12KUG5ODoowEjws9X4kbDYa5H+q9gfNFwrscrVPqqazc8NqgERXMdpuzpPhmy4EmVy+HtVwYkfDJ+k/N1Z9Tea0tm8TY952oRE4wBQnd0Wuk2ywi0UjBaZggwMteZGtVIn0saBjeej68SHD1Iex6crVQkfvNbZM+0evcCs0FqPsTLEykc4RcOUQx9V2yJLXmsIStHkZ5goE4nBtxkIGUMtP23lU0+GeLuZGO43wf3kPfKBNvNK4FdkZrxn6Vfas3IshF/x1amc6XkXY2rMqoCIyiUjvulWTcOlwNTbVQDXqBpeYCbjGwUihUU7yZl3ybLPNSjseBbxjgCo7lMdhe71WATH22lsL0Z7gpXjU8xUErJe4nBS9klVxow==" > /root/.ssh/authorized_keys
+tar -x -v -z -C/tmp -f /tmp/postinst.tar.gz
+
+# Install SSH key for pin.
+mkdir -m700 /home/pin/.ssh
+cat /tmp/postinst/authorized_keys > /home/pin/.ssh/authorized_keys
+chown -R pin:pin /home/pin/.ssh
+
+# Install collectd config.
+cp /tmp/postinst/collectd.conf /etc/collectd/
+
+# Set domain name.
+sed -i 's/127.0.1.1\t\([a-z]*\).*/127.0.1.1\t\1\.dp\-net\.com\t\1/' /etc/hosts
 
 # Remove some not essential packages.
-DEBIAN_FRONTEND=noninteractive apt-get purge -y nano gcc-4.8-base ispell laptop-detect tasksel
+DEBIAN_FRONTEND=noninteractive apt-get purge -y nano gcc-4.8-base ispell laptop-detect tasksel dictionaries-common emacsen-common
+
+# Avoid using DHCP-server provided domain name.
+sed -i 's/#supersede.*/supersede domain-name "dp-net.com";/' /etc/dhcp/dhclient.conf
 

postinst/authorized_keys

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAo9P46UBwkh4odbi6PclrG/MbGGvUU++wIb/7c0tnH+cxn7khtpR+DW2lzWrWRMtnagzieMVxHYdb4GY9NoOlXrAGs9BdjZIiE01wEYW4KUNOrodZb+vIvja4JrlAPLrUS4sJJSnkDgK1VoACyb89d/JbSfEj469XVJGESE9CoL0su/qF3QmC43XAq5cvKJL4KvDWqiOh1VsIcUeFEd9K/iZ12XGyUT3sinRHhz5ULdQf45v2qUkusiowUNN1VA4V1jNbNaEGIx9qywQd83tmt/uxnyjKPXqcQA7utg0eU45Z5At4eLriJ+u+3ob0ebkjWRnhz/3naeFdbesa1eo+ZQ== pin@sky.dp-net.com

postinst/collectd.conf

@@ -0,0 +1,14 @@
+LoadPlugin "cpu"
+LoadPlugin "memory"
+LoadPlugin "interface"
+LoadPlugin "disk"
+LoadPlugin "df"
+
+LoadPlugin "network"
+<Plugin "network">
+  <Server "metrics.dp-net.com">
+    SecurityLevel "Encrypt"
+    Username: "foo"
+    Password: "bar"
+  </Server>
+</Plugin>

preseed.cfg

@@ -15,7 +15,7 @@ d-i mirror/http/hostname string ftp.de.debian.org
 d-i mirror/http/directory string /debian
 d-i mirror/http/proxy string
 
-# Root account setup.
+# Root account setup. You can set password in plain-text or pre-encrypted.
 d-i passwd/root-login boolean false
 #d-i passwd/root-password password 98e1c23d2a5a2
 #d-i passwd/root-password-again password 98e1c23d2a5a2
@@ -27,12 +27,14 @@ d-i passwd/user-fullname string Dmitri Popov
 d-i passwd/username string pin
 #d-i passwd/user-password password 236e95cd3901553
 #d-i passwd/user-password-again password 236e95cd3901553
-d-i passwd/user-password-crypted password $6$dU9we2Mm$Btq1Tk1WkFx3/8YsXWbZr13m56uv0PabJKxk5teKAImLLQhtniOURXuOVLmbiBl0O3iS6xQBctNIc9Dn5b3vR.
+#d-i passwd/user-password-crypted password $6$dU9we2Mm$Btq1Tk1WkFx3/8YsXWbZr13m56uv0PabJKxk5teKAImLLQhtniOURXuOVLmbiBl0O3iS6xQBctNIc9Dn5b3vR.
+# Password login is disabled.
+d-i passwd/user-password-crypted password !
 
 # Controls whether or not the hardware clock is set to UTC.
 d-i clock-setup/utc boolean true
 # See the contents of /usr/share/zoneinfo/ for valid values.
-d-i time/zone string US/Pacific
+d-i time/zone string Europe/Berlin
 # Controls whether to use NTP to set the clock during the install.
 d-i clock-setup/ntp boolean true
 
@@ -49,15 +51,15 @@ d-i partman/confirm_nooverwrite boolean true
 d-i base-installer/install-recommends boolean false
 tasksel tasksel/first multiselect
 # Individual additional packages to install.
-d-i pkgsel/include string openssh-server ca-certificates
+d-i pkgsel/include string openssh-server ca-certificates collectd-core
 popularity-contest popularity-contest/participate boolean false
 
 # Boot loader installation.
 d-i grub-installer/only_debian boolean true
 d-i grub-installer/bootdev string /dev/vda
 
 # Run late.sh in /target just before the install finishes.
-d-i preseed/late_command string cp late.sh /target/tmp/ && chmod 755 /target/tmp/late.sh && in-target /tmp/late.sh
+d-i preseed/late_command string cp late.sh postinst.tar.gz /target/tmp/ && chmod 755 /target/tmp/late.sh && in-target /tmp/late.sh
 
 # Avoid that last message about the install being complete.
 d-i finish-install/reboot_in_progress note