summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJonas Smedegaard <dr@jones.dk>2016-11-03 03:14:23 +0100
committerJonas Smedegaard <dr@jones.dk>2016-11-03 03:14:23 +0100
commit0a97b4afe545aa6ef9169b9d953668562de2f028 (patch)
tree079c4f08836fa51514e82a8473b4b2ac1d77ab9a
parentfc904ad70cc13181c0d84c8a782d81e5b698fb3d (diff)
Misc.1.0b1
-rw-r--r--Makefile117
-rw-r--r--SHOPPING7
-rw-r--r--TODO79
-rw-r--r--nodes/gateway.yml48
-rw-r--r--nodes/netinst.yml38
-rwxr-xr-xskel/multistrap-configure.sh92
-rwxr-xr-xskel/multistrap-hooks/completion_50_configscript.sh1
-rw-r--r--skel/preseed.cfg.in21
8 files changed, 368 insertions, 35 deletions
diff --git a/Makefile b/Makefile
index 590025f..5ea84db 100644
--- a/Makefile
+++ b/Makefile
@@ -104,6 +104,12 @@ images-di = $(foreach suite,$(suites),\
$(foreach node,plain $(nodes),\
$(patsubst %,images/$(suite)/d-i/$(node)/%.img.gz,$(di-firmwares))))
+# erase block size of sdcard, in power-of-two megabytes
+segmentsize ?= 4
+
+# boot partition size, in power-of-two megabytes
+bootsize ?= $(shell echo $$(( ( 200 / $(segmentsize) + 1 ) * $(segmentsize) )) )
+
GZIP = pigz
GUNZIP = unpigz
@@ -117,6 +123,10 @@ this-fakeroot-fakeroot-pseudo = fakeroot-pseudo -i'$(1)' -s'$(1)'
MOUNT_FAT = fusefat -o rw+
UMOUNT_FAT = fusermount -u
+# TODO: avoid sudo when fuse2fs proven reliable
+MOUNT_EXT = $(if $(sudo),$(sudo) mount,/usr/sbin/fuse2fs)
+UMOUNT_EXT = $(if $(sudo),$(sudo) umount,fusermount -u)
+
all: $(checksumfiles) $(images-di) $(info)
sign: $(signfiles)
@@ -172,10 +182,14 @@ images/$(1)/d-i/$(2)/$(3).img.gz: images/$(1)/d-i/$(2)/%.img.gz: \
zcat $$^ | $(GZIP) --rsyncable > $$@~
mv -f $$@~ $$@
@$(call this-warnings,$(1))
-
-# Bootstrap-contained firmware depend on bootstrapped plain system itself
-partition/$(1)/$(2)/armhf/rootfs/usr/lib/u-boot/$(3)/u-boot-sunxi-with-spl.bin: \
- partition/$(1)/$(2)/armhf/rootfs
+images/$(1)/local/$(2)/$(3).img.gz: \
+ $(call this-partdir,$(1))/$(2)/local/firmware_4M_200Mext2.$(3).img \
+ partition/$(1)/$(2)/armhf/$(3)/boot_200Mext2.img \
+ partition/$(1)/$(2)/armhf/rootfs.img
+ mkdir -p $$(dir $$@)
+ cat $$^ | $(GZIP) --rsyncable > $$@~
+ mv -f $$@~ $$@
+ @$(call this-warnings,$(1))
# Compose firmware from bootstrapped system
$(call this-partdir,$(1))/$(2)/d-i/firmware.$(3).img: \
@@ -187,6 +201,60 @@ $(call this-partdir,$(1))/$(2)/d-i/firmware.$(3).img: \
cat $$< >> $$@~
truncate -s 1M $$@~
mv -f $$@~ $$@
+
+# Boot partition
+# TODO: extract boot.cmd variables from rootfs
+partition/$(1)/$(2)/armhf/$(3)/boot_200Mext2.img: \
+ partition/$(1)/$(2)/armhf/rootfs/usr/lib/linux-image-4.7.0-1-armmp-lpae/sun7i-a20-olinuxino-lime2.dtb \
+ partition/$(1)/$(2)/armhf/$(3)/boot.cmd
+ mkdir -p $$(dir $$@)
+ /usr/sbin/mkfs.ext2 $$@~ $(bootsize)M
+ mkdir -p $$@.mnt
+ $(MOUNT_EXT) $$@~ $$@.mnt
+ $(or $(SUDO),$(call this-fakeroot,partition/$(1)/$(2)/armhf/rootfs.state)) \
+ chown root: $$@.mnt
+ $(or $(SUDO),$(call this-fakeroot,partition/$(1)/$(2)/armhf/rootfs.state)) \
+ install -D \
+ -t $$@.mnt \
+ partition/$(1)/$(2)/armhf/rootfs/boot/*-4.7.0-1-armmp-lpae
+ $(or $(SUDO),$(call this-fakeroot,partition/$(1)/$(2)/armhf/rootfs.state)) \
+ install -D \
+ -t $$@.mnt/dtbs/4.7.0-1-armmp-lpae \
+ partition/$(1)/$(2)/armhf/rootfs/usr/lib/linux-image-4.7.0-1-armmp-lpae/sun7i-a20-olinuxino-lime2.dtb
+ mkimage -C gzip -A arm -T script -d partition/$(1)/$(2)/armhf/$(3)/boot.cmd $$(dir $$@)/boot.scr
+ $(or $(SUDO),$(call this-fakeroot,partition/$(1)/$(2)/armhf/rootfs.state)) \
+ cp $$(dir $$@)/boot.scr $$@.mnt/boot.scr
+ $(UMOUNT_EXT) "$$@.mnt"
+ mv -f $$@~ $$@
+partition/$(1)/$(2)/armhf/$(3)/boot.cmd: \
+ partition/$(1)/$(2)/armhf/rootfs/etc/flash-kernel/bootscript/bootscr.sunxi \
+ partition/$(1)/$(2)/armhf/rootfs.img.uuid
+ $(eval bootargs += $(if $(noscreen),console=tty1))
+ mkdir -p $$(dir $$@)
+ perl -p \
+ -e "s'@@LINUX_KERNEL_CMDLINE_DEFAULTS@@'$(bootargs)'g;" \
+ -e "s'@@LINUX_KERNEL_CMDLINE@@'quiet'g;" \
+ -e "s'@@UBOOT_ENV_EXTRA@@''g;" \
+ -e "s'@@KERNEL_VERSION@@'4.7.0-1-armmp-lpae'g;" \
+ $$< >$$@~
+ sed -i '2asetenv bootargs root=/dev/disk/by-uuid/'"$$$$(cat partition/$(1)/$(2)/armhf/rootfs.img.uuid)" $$@~
+ mv -f $$@~ $$@
+
+$(call this-partdir,$(1))/$(2)/local/firmware_4M_200Mext2.$(3).img: \
+ partition/$(1)/$(2)/armhf/rootfs/usr/lib/u-boot/$(3)/u-boot-sunxi-with-spl.bin \
+ partition/$(1)/$(2)/armhf/rootfs.size
+ mkdir -p $$(dir $$@)
+ dd if=/dev/zero of=$$@~ bs=1M count=0 seek=$$$$(( $(segmentsize) + $(bootsize) + $$$$(cat partition/$(1)/$(2)/armhf/rootfs.size) / 1024 / 1024 ))
+ /usr/sbin/parted -s $$@~ -- \
+ mklabel msdos \
+ mkpart primary ext2 $(segmentsize)MiB $$$$(( ( $(segmentsize) + $(bootsize) ) * 1024 * 1024 - 1 ))B \
+ toggle 1 boot \
+ mkpart primary ext2 $$$$(( ( $(segmentsize) + $(bootsize) ) * 1024 * 1024 ))B 100%
+ truncate -s 8K $$@~
+ cat $$< >> $$@~
+ truncate -s 4M $$@~
+ mv -f $$@~ $$@
+ touch $$@
endef
$(foreach suite,$(suites),\
$(foreach node,plain $(nodes),\
@@ -235,7 +303,7 @@ partition/$(1)/$(2)/$(3)/multistrap.conf: \
skel/multistrap.conf.in
$$(eval pkglist += $$(shell perl -0777 -ne 's/ \\\n / /; print m,^d-i pkgsel/include string ([^\n]*),m' $$<))
$(if $(fakeroot),$$(eval pkg = libfakeroot))
- $(if $(eatmydata),$$(eval pkg = libeatmydata))
+ $(if $(eatmydata),$$(eval pkg = libeatmydata1))
$(time-$(1):%=$$(eval pkg += libfaketime))
$$(eval pkg += $$(pkglist))
perl -p \
@@ -251,12 +319,47 @@ partition/$(1)/$(2)/$(3)/multistrap.conf: \
skel/multistrap.conf.in > $$@
# Bootstrap system
+# TODO: Stop manually run hooks when faketime supports chroot: bug#778462
+partition/$(1)/$(2)/$(3)/rootfs.img.uuid: \
+ partition/$(1)/$(2)/$(3)/rootfs.img
+ /usr/sbin/blkid $$< | perl -ne '/UUID="([^"]+)/ and print $$$$1' > $$@~
+ mv -f $$@~ $$@
+partition/$(1)/$(2)/$(3)/rootfs.img: \
+ partition/$(1)/$(2)/$(3)/rootfs \
+ partition/$(1)/$(2)/$(3)/rootfs.size
+ /usr/sbin/mkfs.ext4 $$@~ $$$$(( $$$$(cat "$$<.size") / 1024 ))k
+ mkdir -p $$@.mnt
+ $(MOUNT_EXT) $$@~ $$@.mnt
+ $(or $(SUDO),$(call this-fakeroot,$$<.state)) \
+ rsync -aHS --numeric-ids --info=progress2 \
+ $(and $(SUDO),$(fakeroot),-e "$(call this-fakeroot,$$<.state)") \
+ --exclude '/boot' \
+ --exclude '/var/cache/apt/archives/*.deb' \
+ --exclude multistrap-configure.sh \
+ --exclude tmp/preseeds \
+ $$</ $$@.mnt/
+ $(UMOUNT_EXT) "$$@.mnt"
+ mv -f $$@~ $$@
+ touch $$@
+partition/$(1)/$(2)/$(3)/rootfs.size: \
+ partition/$(1)/$(2)/$(3)/rootfs
+ echo $$$$(( ( $$$$( $(call this-fakeroot,$$<.state) du -s "$$<" | cut -f 1 ) / 1024 / $(segmentsize) + 1 ) * $(segmentsize) * 1024 * 1024 )) > $$@~
+ mv -f $$@~ $$@
partition/$(1)/$(2)/$(3)/rootfs: \
partition/$(1)/$(2)/$(3)/multistrap.conf
$(call this-fakeroot,$$@.state) \
$(eatmydata) $(time-$(1):%=faketime %) /usr/sbin/multistrap --no-auth -f $$< -d "$$@"
$(call this-fakeroot,$$@.state) \
$(eatmydata) run-parts --regex '^completion' --arg "$$@" skel/multistrap-hooks
+# TODO: why doesn't this work?!?
+#partition/$(1)/$(2)/$(3)/rootfs/%: \
+# partition/$(1)/$(2)/$(3)/rootfs
+partition/$(1)/$(2)/$(3)/rootfs/etc/flash-kernel/bootscript/bootscr.sunxi: \
+ partition/$(1)/$(2)/$(3)/rootfs
+partition/$(1)/$(2)/$(3)/rootfs/usr/lib/linux-image-4.7.0-1-armmp-lpae/sun7i-a20-olinuxino-lime2.dtb: \
+ partition/$(1)/$(2)/$(3)/rootfs
+partition/$(1)/$(2)/$(3)/rootfs/usr/lib/u-boot/A20-OLinuXino-Lime2/u-boot-sunxi-with-spl.bin: \
+ partition/$(1)/$(2)/$(3)/rootfs
endef
$(foreach suite,$(suites),\
$(foreach node,plain $(nodes),\
@@ -316,6 +419,10 @@ endef
$(foreach suite,$(suites),\
$(eval $(call SUITE_template,$(suite))))
+#%.img.gz: %.img
+# $(GZIP) -c --rsyncable $< > $@~
+# mv -f $@~ $@
+
clean::
$(SUDO) rm -rf --one-file-system images imageparts partition
rm -f *.htm *.html *.css
diff --git a/SHOPPING b/SHOPPING
new file mode 100644
index 0000000..1f7c750
--- /dev/null
+++ b/SHOPPING
@@ -0,0 +1,7 @@
+ * WWAN - robust men langsom og ikke 3G (problem med 3 net?)
+ + Telefon: Nokia 6021
+ <http://www.altimobiler.dk/120-brugt-nokia-6021>
+ + Datakabel: Nokia CA-42
+ <http://www.gooby.dk/shop/nokia-orig-datakabel-ca-42-bulk-p-8999.html>
+ * Ethernet Switch
+ + Netgear GS105
diff --git a/TODO b/TODO
index 11aa11c..a934f6a 100644
--- a/TODO
+++ b/TODO
@@ -1,37 +1,80 @@
-Now, crucial:
+Final release
+-------------
+
+ * Network
+ + Setup dyndns
+
+ * Security
+ + Reset crypto (ssh, gnupg, monkeysphere, rng)
+
+ * Packages
+ + Fix /etc/apt/sources.list
+ + Avoid exim
+ + Avoid apt-listbugs (to save space by not needing Ruby)
+ + Upgrade system
+
+ * UI
+ + Set console=tty1 at kernel prompt
+ + Fix set default locale to C.UTF-8.
+
+ * Images
+ + Create website box.redpill.dk
+
+
+Point releases
+--------------
* Core
- + Validate with GnuPG downloads of installer parts
- + Check [U-boot modification needs][] with Karsten Merker, mentioned
- in <https://lists.debian.org/debian-devel/2015/09/msg00233.html>.
+ + Test kernel 4.8 support for UCS-2 sdcards
+
* Network
- + Tweak ethernet to enable when cable plugged in
- + Tweak ethernet to use dhcp
+ Use mDNS
+ + Setup MTA
+
+ * Packages
+ + Use localepurge, preserving no locales
+ + Use systemd most possible (not cron openntpd rsyslogd)
+ + Set hostname before configuring ssl-cert, to avoid this:
+ hostname: Name or service not known
+ make-ssl-cert: Could not get FQDN, using "auryn".
+ make-ssl-cert: You may want to fix your /etc/hosts and/or DNS setup and run
+ make-ssl-cert: make-ssl-cert generate-default-snakeoil --force-overwrite
+ make-ssl-cert: again.
-Now, optional:
+ * Security
+ + Validate with GnuPG downloads of installer parts
+ + Reset UUIDs (partitions, machine-ID, popularity-contest)
+ + Use UUIDs in fstab
+ + Ensure build host hostname/domain didn't leak into target system
+
+ * UI
+ + Tweak mc.
+ + Tweak apt-listchanges
+
+ * Images
+ + Generate images at morla.jones.dk
+
+
+Ideas
+-----
* Core
+ Maybe use bilibop or flashybrid
+
* Images
+ Sneakernet: add-on partition/image with all needed udebs and debs
+ Full: add-on partition/image with full sources
- + Optimize for concrete µSD card geometry:
- - Resolve Erase Block size (EBS) and Page size (PS) with flashbench
- - Extract/download/create Allwinner/U-boot "MBR"
- - Extract debian-installer partition from downloaded image
- - Partition µSD card, aligned to multiplum of EBS
- - Format partition as ext4 with stride=PS and stripe-width=EBS
- - Add Allwinner/U-boot "MBR" to µSD card
+ + Resolve Erase Block size (EBS) and Page size (PS) with flashbench
+ + Format partition as ext4 with stride=PS and stripe-width=EBS
<https://thelastmaimou.wordpress.com/2013/05/04/magic-soup-ext4-with-ssd-stripes-and-strides/>
<https://thelastmaimou.wordpress.com/2013/05/19/optimizing-arch-linux-image-installation-on-the-raspberry-pi/>
- - ...or maybe _avoid_ tuning stripe/stride, as mentioned at
+ + ...or maybe _avoid_ tuning stripe/stride, as mentioned at
<https://www.mayrhofer.eu.org/ssd-linux-benchmark>
According to <https://lwn.net/Articles/428584/> SDHC registers
preferred erase size to sysfs, so this should work:
test -e /sys/block/mmcblk0/device/preferred_erase_size \
&& parted -s -a optimal /dev/mmcblk0 -- mklabel msdos \
mkpart primary ext2 $(cat /sys/block/mmcblk0/device/preferred_erase_size)B 100%
- - maybe try make use of flashbench open-au tests as described in
- above LWN article and summarized at
- <https://lists.linaro.org/pipermail/flashbench-results/2014-July/000479.html>
+ + maybe try make use of flashbench open-au tests as described in
+ above LWN article and summarized at
+ <https://lists.linaro.org/pipermail/flashbench-results/2014-July/000479.html>
diff --git a/nodes/gateway.yml b/nodes/gateway.yml
new file mode 100644
index 0000000..1b41340
--- /dev/null
+++ b/nodes/gateway.yml
@@ -0,0 +1,48 @@
+# SOHO LAN gateway w/ masquerading firewall on LIME2 box
+# TODO: include caching DNS
+# TODO: adapt iface and dhcpd configs
+# TODO: Enable routing
+# TODO: Disable password-based remote login
+# TODO: Add and bootstrap Monkeysphere
+classes:
+ - Console.setup
+ - Console.filemanager
+ - Admin.etc.functions
+ - Admin
+ - Admin.auto
+ - Service.ssh
+ - Service.dhcp.isc.server.authoritative
+ - Service.dhcp.client
+ - Service.log
+ - Service.mail.mta.postfix
+ - Service.time.openntpd.force
+ - Hardware.motherboard.olimex.lime2
+ - Hardware.harden
+ - Hardware.net.interfaces.reset
+ - Framework.pkg.apt.autoremove-suggests
+ - Framework.pkg.apt.avoid-removals
+ - Framework.pkg.apt.aptitude.advance-on-action
+ - Framework.pkg.apt.aptitude.list-suite
+ - Framework.pkg.apt.proxy.reset
+ - Framework.pkg.apt.source.reset
+parameters:
+ doc:
+ gateway:
+ pkg:
+ - include Zeroconf - core features (IPv4ALL and mDNS)
+ - include network management service NetworkManager
+ - include firewall service FirewallD
+ - include bandwidth-saving remote shell service MoSH
+ tweak:
+ pkg:
+ - systemd-sysv
+ - avahi-autoipd
+ - network-manager
+ - firewalld
+ - mosh
+ - debconf-utils
+ - iftop
+ - locales
+ - rsync
+ - sudo
+ - wget
diff --git a/nodes/netinst.yml b/nodes/netinst.yml
new file mode 100644
index 0000000..dad1602
--- /dev/null
+++ b/nodes/netinst.yml
@@ -0,0 +1,38 @@
+# minimal setup mimicking debian-installer netinst install, for LIME2 box
+# TODO: avoid irqbalance
+# TODO: inspect full package list of netinst install (not only /etc changes)
+classes:
+ - Hardware.motherboard.olimex.lime2
+parameters:
+ pkg:
+ - systemd-sysv
+ - locales
+ - sudo
+ - wget
+ - nano
+ - vim-tiny
+ - ifupdown
+ - adduser
+ - logrotate
+ - rsyslog
+ - cron
+ - netbase
+ - discover
+ - console-setup
+ - popularity-contest
+ - libfakeroot
+ pkg-avoid:
+ - gnupg
+ - gnupg2
+ - gnupg1
+ - libsasl2-modules
+ - exim4-base
+ - xdg-user-dirs
+ - bash-completion
+# - irqbalance
+ - uuid-runtime
+ - xml-core
+ - ca-certificates
+ - dbus
+ - xz-utils
+ - libpam-cap
diff --git a/skel/multistrap-configure.sh b/skel/multistrap-configure.sh
index 6fda79a..84d3d29 100755
--- a/skel/multistrap-configure.sh
+++ b/skel/multistrap-configure.sh
@@ -12,6 +12,8 @@
set -e
+set -x
+
# silence locale noise (esp. from perl)
export LC_ALL=C LANGUAGE=C LANG=C \
@@ -24,9 +26,6 @@ export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true
# preseed debconf questions
cat /tmp/preseeds/* 2>&- | debconf-set-selections
-# configure packages
-dpkg --configure -a
-
cat <<'EOF' >debconf-get
#!/bin/sh
# multistrap debconf wrapper to mimic d-i convenience command
@@ -35,12 +34,97 @@ debconf-show d-i | grep -Po "(?<=. $1: ).*"
EOF
chmod +x debconf-get
+# add hostname file
+# FIXME: resolve from debconf
+cat <<'EOF' > /etc/hostname
+hamlet
+EOF
+
+# replace(!) hosts file
+# FIXME: resolve from debconf
+cat <<'EOF' > /etc/hosts
+127.0.0.1 localhost
+127.0.1.1 hamlet.jones.dk hamlet
+
+# The following lines are desirable for IPv6 capable hosts
+::1 localhost ip6-localhost ip6-loopback
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
+EOF
+
+# add fstab file
+# FIXME: resolve from debconf
+# TODO: use UUID
+# : enable swap
+cat <<'EOF' > /etc/fstab
+# /etc/fstab: static file system information.
+#
+# Use 'blkid' to print the universally unique identifier for a
+# device; this may be used with UUID= as a more robust way to name devices
+# that works even if disks are added and removed. See fstab(5).
+#
+# <file system> <mount point> <type> <options> <dump> <pass>
+# / was on /dev/mmcblk0p2 during installation
+/dev/mmcblk0p2 / ext4 errors=remount-ro 0 1
+# /boot was on /dev/mmcblk0p1 during installation
+/dev/mmcblk0p1 /boot ext2 defaults 0 2
+# swap was on /dev/mmcblk0p5 during installation
+#/dev/mmcblk0p5 none swap sw 0 0
+EOF
+
+# configure packages
+dpkg --configure -a
+
./debconf-get preseed/late_command \
| PATH="$PATH:." perl -0777 -n \
-e 's,chroot\s+/target\s+,,g;' \
-e 's,/target/,/,g;' \
-e 's,\$'"''"'\{,\$\{,g;' \
- -e 'system($_) == 0 or die "Broken late_command:\n$_"'
+ -e 's,^\s+,,;' \
+ -e 'system($_) == 0 or die "Broken late_command:\n$_" if ($_);'
+
+# Create user account
+# FIXME: resolve from debconf
+adduser --disabled-login --gecos 'Debian User' --add_extra_groups debian && echo debian:insecure | chpasswd
+
+# sudo-enable initial user account
+# FIXME: resolve from debconf
+adduser debian sudo
+
+# FIXME: do this far more flexible!
+cat <<'EOF' > /root/init-network-settings
+#!/bin/sh
+
+# Add static-IP internal first-port ethernet connection
+# network-manager 1.2:
+nmcli connection add type ethernet con-name eth0-static ifname eth0 -- ipv4.addresses 192.168.1.1 ipv4.method manual connection.zone internal
+nmcli connection modify eth0-static connection.autoconnect on
+# network-manager 1.4:
+#nmcli connection add type ethernet con-name eth0-static ifname eth0 ip4 192.168.1.1 ipv4.method manual autoconnect on connection.zone internal
+
+# Add dynamic-IP external wildcard ethernet connection
+# network-manager 1.2:
+nmcli connection add type ethernet con-name dhcp ifname '*' connection.zone external
+nmcli connection modify dhcp connection.autoconnect on
+# network-manager 1.4:
+#nmcli connection add type ethernet con-name dhcp ifname '*' autoconnect on connection.zone external
+
+# Add dynamic-IP external WWAN connection (hardcoded provider for now)
+# network-manager 1.2:
+nmcli connection add ifname '*' autoconnect yes type gsm apn data.tre.dk -- connection.id gsm-tre.dk-noauth connection.zone external gsm.password-flags 1
+#nmcli connection add ifname '*' autoconnect yes type gsm apn internet -- connection.id gsm-internet-noauth connection.zone external gsm.password-flags 1
+# network-manager 1.4:
+#nmcli connection add ifname '' autoconnect yes type gsm apn data.tre.dk connection.id gsm-tre.dk-noauth connection.zone external gsm.password-flags 1
+##nmcli connection add ifname '' autoconnect yes type gsm apn internet connection.id gsm-internet-noauth connection.zone external gsm.password-flags 1
+
+# Permit mosh from anywhere:
+firewall-cmd --permanent --zone external --add-service mosh
+firewall-cmd --permanent --zone internal --add-service mosh
+firewall-cmd --reload
+
+echo 'Network settings applied succesfully!'
+EOF
+chmod a+x /root/init-network-settings
rm -f ./debconf-get
diff --git a/skel/multistrap-hooks/completion_50_configscript.sh b/skel/multistrap-hooks/completion_50_configscript.sh
index 31e3896..d272529 100755
--- a/skel/multistrap-hooks/completion_50_configscript.sh
+++ b/skel/multistrap-hooks/completion_50_configscript.sh
@@ -21,6 +21,7 @@
# * /usr/bin/c_rehash
set -e
+set -x
fs="$1"
# TODO: replace with multiarch-safe method
diff --git a/skel/preseed.cfg.in b/skel/preseed.cfg.in
index 08952ab..4ef0125 100644
--- a/skel/preseed.cfg.in
+++ b/skel/preseed.cfg.in
@@ -7,12 +7,13 @@ tasksel tasksel/first multiselect
d-i pkgsel/include string [% pkglist %]
# localization
-# * use English (South Africa) by default
-# * enable official regional languages of South Africa
-# * setup us style keyboard
-d-i debian-installer/locale string da_DK
-d-i localechooser/supported-locales multiselect da_DK.UTF-8
+d-i debian-installer/country string DK
+s-i debian-installer/language string en
+#d-i debian-installer/locale string da_DK
+#d-i localechooser/supported-locales multiselect da_DK.UTF-8
d-i keyboard-configuration/xkb-keymap select dk
+locales locales/default_environment_locale string C.UTF-8
+locales locales/locales_to_be_generated multiselect da_DK.UTF-8 UTF-8
# silence misc. questions
# * attempt to auto-detect hardware
@@ -21,9 +22,9 @@ d-i keyboard-configuration/xkb-keymap select dk
# * report usage statistics back to Debian developers
# * restart libc-based services without asking
d-i netcfg/choose_interface select auto
-d-i netcfg/get_hostname string hamlet
-d-i netcfg/get_domain string homebase.dk
-d-i netcfg/hostname string hamlet
+d-i netcfg/get_hostname string gateway
+d-i netcfg/get_domain string localnet
+d-i netcfg/hostname string gateway
d-i passwd/root-login boolean false
popularity-contest popularity-contest/participate boolean true
libc6 libraries/restart-without-asking boolean true
@@ -50,6 +51,10 @@ d-i partman/confirm_nooverwrite boolean true
# enable unattended-upgrades
unattended-upgrades unattended-upgrades/enable_auto_updates boolean true
+# mail transfer agent
+postfix postfix/mailname string gateway.localnet
+postfix postfix/main_mailer_type string Local only
+
[% tweakdesc %]
d-i preseed/late_command string set -e;\
suite=[% suite %][% IF pkgautolist %];\