# install minimal Xfce desktop with Icedove email and crypto helper tools
#  * include CPU firmware and automatic maintenance routines
#  * fix include recommendations of other packages (uuid, bash)
#  * apply security updates immediately after install
#  * exclude support for print via Bluetooth
tasksel tasksel/desktop multiselect xfce
tasksel tasksel/first multiselect laptop
d-i pkgsel/include string xfce4-session lightdm icedove enigmail parcimonie haveged firmware-linux unattended-upgrades uuid-runtime bash-completion -bluez-cups
d-i pkgsel/upgrade select safe-upgrade

# setup harddrive with full disk encryption
#  * overwrite any existing data without warning
partman-auto partman-auto/method string crypto
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-md/device_remove_md boolean true
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
d-i partman-auto/choose_recipe select multi
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true

# silence misc. questions
#  * attempt to auto-detect hardware
#  * domain name irrelevant on desktop host without MTA
#  * use CDN for package updates
#  * disable direct root login (use sudo instead)
#  * report usage statistics back to Debian developers
d-i netcfg/choose_interface select auto
d-i netcfg/get_domain string unassigned-domain
d-i mirror/country string manual
d-i mirror/http/hostname string http.debian.net
d-i mirror/http/directory string /debian
d-i clock-setup/utc boolean true
d-i clock-setup/ntp boolean true
d-i apt-setup/services-select multiselect security, updates
d-i apt-setup/security_host string security.debian.org
d-i passwd/root-login boolean false
popularity-contest popularity-contest/participate boolean true

# TODO
#  * fix mark auto-installed packages as such
#  * silence confusing question at initial XFCE login
#apt-mark auto $(apt-mark showmanual | grep '^lib') acpi acpi-support-base acpid adduser apt apt-utils aptitude-common base-files base-passwd bash bash-completion bsdmainutils bsdutils busybox coreutils cpio cron dash debconf debconf-i18n debian-archive-keyring debianutils diffutils dmidecode dpkg e2fslibs e2fsprogs findutils fonts-freefont-ttf gcc-4.7-base gnupg gpgv grep groff-base grub-common gzip hostname ifupdown initramfs-tools initscripts insserv install-info iproute iptables iputils-ping isc-dhcp-client isc-dhcp-common keyboard-configuration kmod laptop-detect linux-image-amd64 locales login logrotate lsb-base mawk mount multiarch-support ncurses-base ncurses-bin net-tools netbase netcat-traditional passwd pciutils perl-base procps readline-common rsyslog sed sensible-utils sysv-rc sysvinit sysvinit-utils tar tasksel tasksel-data traceroute tzdata udev usbutils util-linux uuid-runtime vim-common vim-tiny xz-utils zlib1g
#mkdir -p /etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml && cp /etc/xdg/xfce4/panel/default.xml /etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml