ZFS-root.conf.packerci

#
# Pre-configuration for ZFS-root.sh
# Any vars not set here will be prompted for
#

#
#       DANGER ZONE
#
# wipe_fresh - are going to NUKE this system for a new install ?
#   y - Will query for disks to use and totally wipe them
#   n - Only creates a new dataset under <pool>/ROOT/<suite>
#       This is then selectable under zfsbootmenu
#
WIPE_FRESH=y

#
# Proxy config - apt-cacher-ng
#
PROXY=""

#
# Main username and comment
#
USERNAME="packer"
UCOMMENT="packer CI"
UPASSWORD="packer"

#
# Space-separated list of github users from which to pull SSH keys
#
AUTHKEYS=""

#
# System name, main zfs pool name, boot pool name
#
MYHOSTNAME="packerubuntu"
POOLNAME="packerubuntu"

#
# What version of Ubuntu to install
# jammy, focal, bionic
#
SUITE="noble"

#
# If multidisk, select main pool raid level
# single, mirror, raidz1, raidz2, raidz3
#
RAIDLEVEL="mirror"

#
# Enable UEFI SecureBoot if available
# NOTE: System must be in SecureBoot Setup mode
#       For VirtualBox delete the VM .nvram file
#       For other systems see the UEFI SecureBoot config section in the bios
#
SECUREBOOT=n

#
# Enable auto-signing of rEFInd and ZFSBootMenu .efi bundles when changes are made
# NOTE: Without auto-signing, YOU must manage the signing of the .efi bundles and
#       any other bootables in /boot/efi/EFI
#       Forgetting to sign new bundles or mistakes may render the system unbootable
AUTOSIGN=n

#
# Swap size in megabytes - if HIBERNATE or LUKS set then this
# is a partition otherise it's a zfs dataset.
# Set to 0 to disable swap
#
SIZE_SWAP=300

#
# Disk encryption and passphrase if ZFSENC or LUKS
# NOENC, ZFSENC, LUKS
#
# If Disk encryption is enabled with ZFSENC or LUKS, then also decide
# on enabling Dropbear for remote unlocking.
# NOTE: Trap for young players ...
#       Dropbear expects to see the network when the system boots.
#       If it's NOT there (eg. laptop with docking station unplugged)
#       then it might sit waiting until timout for the network to show up.
#       RTNETLINK answers: File exists will appear and it will just sit ...
# So, do not enable Dropbear for laptops
#
# For ZFS encryption, the passphrase is stored in /etc/zfs/zroot.key and /etc/zfs/zroot.homekey
# zroot.key is for the root datasets, zroot.homekey for the home datasets
# This is so the user can change the key for home so it's different from root
# See `zfs change-key` command
# It is safe to store the keys there as they're not visible until the main root
# dataset is unlocked
#
# NOTE: If DROPBEAR is set to y here, then ZFSBOOTMENU_BINARY_TYPE below will
#       be forced to LOCAL so the zfsbootmenu initramfs can be rebuilt to include
#       Dropbear
#
DISCENC="NOENC"
PASSPHRASE="password"
DROPBEAR=y

#
# For zfsbootmenu there are 3 different ways to install
#   EFI    : Uses a single EFI image - for UEFI systems only
#   KERNEL : Same binary but with the vmlinuz/initrd extracted
#            Can be used with legacy non-UEFI systems as well as UEFI systems
#   LOCAL  : Built and install from the git repo
#
# The EFI image precludes a working syslinux config though - that requires
# a vmlunuz/initrd set to work.  In general the KERNEL option is most flexible.
# If you KNOW you won't use the install in a non-UEFI system later, then the
# EFI image is simplest.
#
# NOTE: If Dropbear is required for remote unlocking of LUKS or ZFS enecryption
#       then you must select LOCAL.  This is because Dropbear must be included
#       in the initramfs for zfsbootmenu.  If DROPBEAR above is set to y, then
#       any value here will be overridden to LOCAL
#
ZFSBOOTMENU_BINARY_TYPE=KERNEL

#
# For the zfsbootmenu repo type you can choose
#   TAGGED : Pulls the latest stable tagged release
#   GIT    : Pulls the latest full repo, which may be in flux
#
ZFSBOOTMENU_REPO_TYPE=TAGGED

#
# Any extra options to add to the ZFSBootMenu boot command-line.  Some motherboards
# (looking at you Supermicro X10) have problems when the ZBM default hook
# 90-xhci-unbind.sh runs, as it kills power to the USB ports.  For those we
# disable that hook script.
# See https://docs.zfsbootmenu.org/en/v3.0.x/man/zfsbootmenu.7.html
#
ZFSBOOTMENU_CMDLINE=""

#
# Basic options for install
# See script for descriptions
# Be sure to set ALL vars here to y or n, otherwise script will prompt for them
#
RESCUE=y
GOOGLE=n
HWE=y
ZREPL=y
HIBERNATE=n
DELAY=n
SOF=n
GNOME=n
KDE=n
NEON=n
XFCE=n

# If you have Nvidia video HW and you *know* which version of driver you want
# it can be preset here. Leaving undefined will cause the script to prompt.
# The package installed will be : nvidia-driver-${NVIDIA}
#
# none for no driver
# 390 or 470 for legacy driver
# 530 for current latest, or whatever version you prefer
NVIDIA=none

# If installing Sound Open Firmware binaries (mostly for laptops) choose
# the version here.  Defaults to 2024.06
# SOF_VERSION=2024.06
SOF_VERSION=2025.05.1

#
# Below are additional options that can be set that do NOT have a menu process
# to ask for their values.  Less-likely to be used, and larger ones that are not
# conducive to entering via keyboard ...
#

# Any SSH pubkey to add to new system main user
# This can be in addition to the Github user keys specified above
#
# SSHPUBKEY="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3uB7roSJ3EYs9hBAQiUZ9Of53Lm3+JZ6ZVokZnp3CRoRfuVT3zND7DAQYSCo+0MZaaydGB1JrWQfgLImWouiC4bsZEzNhnX6uYQ8qSL8zxsK7xOfeVocP+FHdkKcB85giQFp/onuNwHBWLXw9iC2Z/rrbjN2dPSaDKFWQT7ukE2vqt9TQ6mMpYFBCiHpJUfSxXjgjL7Y1MN58QCJ+PesQEY8hh1DzRBwgY0lY9LYAdrqWwj6AIPPawZTcJnNAwz9wO3a8hAS6i9dK+zHDtSIlArevmP8mpcqhpHEtKZ4TbAel7YRtbvY+w7pENbXQiiNMRkdZ28m6FJAFlIHv/wMpUhgZG3SyfFTDg33VhVFlS0qzvIYjTxMPjGLT4oBXK3+CSBuZKwE3xG39S/oTu++feTCtSu5VZZm9rkzrE77tIoWfGi0eGbfJURP9F9q96F0YuNUAS+gnCw5LzR48sMjqXcUpNHVRwi8XE7TDgl7Fk4JHfJelL3LBjFsZC7uaLmy8I1tk+87xTFd0VyG0cAaX/jMbWn1XGVo1V1uXFYRVmfyiPcJBhUaPQ6z1QDXQzsQLed9nQL9qFFPyjoL0zN7Fp+AVka0kPNhkEl0HIL8KqU7cuoypSeA7EO8Qxk7ay8nSP1PLlYzVUZEvEleBjPHTzO6YZxNMRLZSljp8BoY+lw== Johnny Bravo
# ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDl1qOVMnby/J2RhBwYpsnyfkAGGU1FzvuCXdpoF8xrnKeYtGmJe41V/YzfWKDNfBytAL4rQRdjEAZGfoq/Rwsloz3swBDegM/Y8A+BLYMqRyMJUT1A654aAKvJIHouvLYJk/e6m/6zP6DRsItLpZbCodUt3LaQbMPexk+qydsR1INpDngK181HHHkrIzWFNu3tk8RC/IITrbozww6vId/47P5C5bB/b16izWbXuBKD5ik3I8oZYUNLsP/ZSOMmANmKIewLxn0LeL3fmQjMXST4tJxJdstmNRZsdOwWSNc8nE/Yt7b4WcraE9FWCB8GiHPOd4jlMSYulic1AfNuJpIob0hoGcgwdpahoBiZ0AEPp4knmDV9mfF6rJBVJSQKio2Ths6go6qfZd4klfYFj8vPSBjfEPiYu6YVm2npWobx6pdTTX4vSJ5y25hJ3+VkYvCtOztLvkLRnNBCiNaVWY+rVn+Us/8d4LSi3F4qit4YiBLwFe9WHbDj+RZKTL9JKWrAZO9cgK7AHpWi2swcofExUTNWxx74KnRO1kpWO2KC3H367eK9tXMyRfc86PCxJI9/Ch4+Q8OQ3s11kq9LMm5+zS27G75jaWrgnBWiItjNe3XaUChoDhSat6X17kfv0jGtxPSTF7g6bzOmWl8t357PjxuBy0Vuk3DqTUN7Dh0tjQ== John Smith"

###################################################
# Specify the host key for the new root-on-zfs system ?
# Can be the RSA or ECDSA key from /etc/ssh
# Leave blank for no specific key - ie: use whatever is generated by the openssh installation
# Be sure to use SINGLE quotes for private key
HOST_ECDSA_KEY='-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIO+XmG1AGCiQUejcjS/aVMGaocBe7TCsEmLctyNoJWFqoAoGCCqGSM49
AwEHoUQDQgAEMG1kiuILJZsxJCi1j5xOrA2CpNETWQ5rA94tgjsX6aqpI8re1pwa
/rnYIYrCL/JafwsmlqKG/HfrkvgozqVn/A==
-----END EC PRIVATE KEY-----'
# Be sure to use DOUBLE quotes for public key
HOST_ECDSA_KEY_PUB="ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDBtZIriCyWbMSQotY+cTqwNgqTRE1kOawPeLYI7F+mqqSPK3tacGv652CGKwi/yWn8LJpaihvx365L4KM6lZ/w= root@installerbox"
# Be sure to use SINGLE quotes for private key
HOST_RSA_KEY='-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAzCR0pGQ2ITL2KSgzeASWCGgP+mNQRv+Z7VlOCyjmVctODDl3
SiMHdsLRyhcP1M9jfTBEncKrt4AQIt1f1bjAG4kNEgh18dMUYWtIIZ3HlGP+Ieux
EixkakZ2o1qnhmfPG7W3pnw6UHwwZw3Qg6H760PWAmU12gG3YOEuq9DKmBdw2i80
jqcGGREj+BIdROuPKdH+n3DGE0phQ+NwQzMU77czPh1XwcLBGGpEvvk1zbavyqv5
dunsz3msMuJZH2oBE2PeWr8E2x+nNQ2XZIZdHJD8WJMiPBvHUBYMo7CSEAzwdWcs
g8f4umes/LKakv9/h4e47dOOzU1xFwCNo9lOnQIDAQABAoIBAQCPL8Lgy6lr/+LJ
W3k+ZXkWzGboqWBVbFL7N/iVu0pUQxWrXWNejNNfaabcqPBhxFV0Kbb3MORhAWJQ
EhZ2Qe/9YFPaojSYOgXBjw45BgJHAxvtjvPUW27TXDk6uwtmKsoKFZuLGveMHI+W
uQnYSnX4vswNQhBTqYCGY2vo97oikoyTLGEPURbyNpc1NOI7TGuOXHmOAEhw7WN8
jd1wTm2TEjdqMO6Zk03VJn9h5yu6sR7siqEkzIF5p/sfOXoA2Iwh3Sazrsv63R2p
XBYhnfnrM3UuEd4cKGJjXrv1gxNu1AKGKdq34izjKw/YKJhGRuiLh+9gdMva2TcV
dqOqfYQBAoGBAPm2ocF2Hn10Ud/UkcqQc2uPV7+bHhNALzHG5YeXH9vHJq/rm9D8
UFt3OBneaZMXCWRSl1dTlidmt+yl2wk0JyWFmEHZK2wDu+qcRPKT6y4Du+7QRBQY
IwrBHWi8reCbM/wL+s8cEGFt19ip6jw1K1JIxkTtC2vtG0ayPATJJyexAoGBANFI
IAEnZuf3zqECjdNfSr8ITMIfLZhDs/oPBzWUkwMm9jaIi+cf96hSlLFhMWANZOM6
i2x/68AHT9hINqo25cJeQB0UqLeHaU2JDAKn3LOLtCu7D0bpZKbAVFVgd3XsYrRJ
z5+Zz80WyXa+pHTqnrhTP0xkvCCmbWjz+Q5T9jytAoGBAKAOzvmpE3wITd5xaw1y
r3iXBYCcFZfzQQzf1wmk9Vey+/oww8wdnggyj3QNWpBcaLm0MqtXuVwB/AwkdxQc
KKdlTSWP5MQ0VIPZrFvsMgdpf1FgjvJuUi+3fnk+zxizgougxh9wdpNsi7ilmK0E
y4LPgL53TiXccepLnirXIFDRAoGAXLzaOcitCCO+c4i/Migq5iYWZXsNaEiwCyH3
rt2Mm7v7JMUzQZLf2r3lWAjaqVamGy8JM2YoIKrczdmKJ7k17QB45qoN7W3a0tnk
8ZRS71j72NkGdwTbbi0R8ddSeHXsczm2AGJXO+laEv19wLVq6gExrneBCfLVzsk1
1wyLs+0CgYEAuux1i+/7TMh1LyaiNbqQt4uzlDR+EWnbOBTtku9cE7u/dHuy1roE
QA4S2UhEX0sXdekqsFsIS/Qo3+H9pLC8mAZ1X0sQl102z2Cks1WVruodf8tF58iu
FCMSOeHX+wYqyZSm1zLDONoneY5B3zu1Grc8dZRJSons3iaXWl7zj3M=
-----END RSA PRIVATE KEY-----'
# Be sure to use DOUBLE quotes for public key
HOST_RSA_KEY_PUB="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMJHSkZDYhMvYpKDN4BJYIaA/6Y1BG/5ntWU4LKOZVy04MOXdKIwd2wtHKFw/Uz2N9MESdwqu3gBAi3V/VuMAbiQ0SCHXx0xRha0ghnceUY/4h67ESLGRqRnajWqeGZ88btbemfDpQfDBnDdCDofvrQ9YCZTXaAbdg4S6r0MqYF3DaLzSOpwYZESP4Eh1E648p0f6fcMYTSmFD43BDMxTvtzM+HVfBwsEYakS++TXNtq/Kq/l26ezPeawy4lkfagETY95avwTbH6c1DZdkhl0ckPxYkyI8G8dQFgyjsJIQDPB1ZyyDx/i6Z6z8spqS/3+Hh7jt047NTXEXAI2j2U6d root@installerbox"
###################################################