I like my Linux installs heavily customized and security hardened, to the extent that copying over /home
won't cut it, but not so much that it breaks when updating Debian. Whenever someone mentions reinstalling Linux, I am instinctively nervous thinking about the work it would take for me to get from a vanilla install to my current configuration.
It started a couple of years ago, when dreading the work of configuring Debian to my taste on a new laptop, I decided to instead just shrink my existing install to match the new laptop's drive and dd it over. I later made a VM from my install, stripped out personal files and obvious junk, and condensed it to a 30 GB raw disk image, which I then deployed on the rest of my machines.
That was still a bit too janky, so once my configuration and installed packages stabilized, I bit the bullet, spun up a new VM, and painstakingly replicated my configuration from a fresh copy of Debian. I finished with a 24 GB raw disk image, which I can now deploy as a "fresh" yet pre-configured install, whether to prepare new machines, make new VMs, fix broken installs, or just because I want to.
All that needs to be done after dd'ing the image to a new disk is:
- Some machines: boot grubx64.efi/shimx64.efi from Ventoy and "bless" the new install with
grub-install
andupdate-grub
- Reencrypt LUKS root partition with new password
- Configure user and GRUB passwords
- Set hostname
- Install updates and drivers as needed
- Configure for high DPI if needed
I'm interested to hear if any of you have a similar workflow or any feedback on mine.
You could try using Hashicorp's Packer to generate images repeatably (usually more meant for cloud images though). Or NixOS (like others have mention), or Guix (like NixOS, but better in some ways, worse in others). You could make it an Ansible playbook, which would let you both make configured images, and just configure machines that already have an OS.
I do something similar with archiso, fwiw, but that only works with Arch Linux.
Would you want to change your distribution, or just keep Debian with some tools to automate?
Ansible playbook is perfect for this. All your configuration is repeatable, whether on a running system or a new one. Plus you can start with a completely fresh newest version image and apply from there, instead of starting from a soon-to-be outdated custom image.