diff --git a/roles/preseed/templates/preseed.cfg.j2 b/roles/preseed/templates/preseed.cfg.j2
new file mode 100644
index 0000000000000000000000000000000000000000..10037d7c59442f945e8da42387d1f04bbcf67c5e
--- /dev/null
+++ b/roles/preseed/templates/preseed.cfg.j2
@@ -0,0 +1,130 @@
+{% set overrides = preseed_server_overrides[item] | default({}) %}
+{% set network_auto = overrides["network_auto"] | default(preseed_network_auto) %}
+#
+# Pressed configuration file for Debian Jessie/Stretch installation for server {{ item }}.
+#
+
+
+### Localization configuration
+
+# Language.
+d-i debian-installer/language string {{ overrides.language | default(preseed_language) }}
+
+# Country.
+d-i debian-installer/country string {{ overrides.country | default(preseed_country) }}
+
+# Locale.
+d-i debian-installer/locale string {{ overrides.locale | default(preseed_locale) }}
+
+# Keyboard layout.
+d-i keyboard-configuration/xkb-keymap select {{ overrides.keymap | default(preseed_keymap) }}
+
+
+### Network configuration
+
+# Network interface to configure.
+d-i netcfg/choose_interface select {{ overrides.network_interface | default(preseed_network_interface) }}
+
+{% if network_auto -%}
+# DHCP network configuration.
+d-i netcfg/disable_autoconfig boolean false
+d-i netcfg/get_hostname string ignored-value
+d-i netcfg/get_domain string ignored-value
+{% else -%}
+# Manual network configuration.
+d-i netcfg/disable_autoconfig boolean true
+d-i netcfg/get_ipaddress string {{ overrides.ip | default(preseed_ip) }}
+d-i netcfg/get_netmask string {{ overrides.netmask | default(preseed_netmask) }}
+d-i netcfg/get_gateway string {{ overrides.gateway | default(preseed_gateway) }}
+d-i netcfg/get_nameservers string {{ overrides.dns | default(preseed_dns) }}
+d-i netcfg/confirm_static boolean true
+
+# Hostname and domain configuration.
+d-i netcfg/get_hostname string {{ overrides.hostname | default(preseed_hostname) }}
+d-i netcfg/get_domain string {{ overrides.domain | default(preseed_domain) }}
+{% endif -%}
+
+# Disable that annoying WEP key dialog.
+d-i netcfg/wireless_wep string
+
+
+### Mirror settings
+d-i mirror/protocol string http
+d-i mirror/country string manual
+d-i mirror/http/hostname string {{ overrides.mirror_hostname | default(preseed_mirror_hostname) }}
+d-i mirror/http/directory string {{ overrides.mirror_directory | default(preseed_mirror_directory) }}
+d-i mirror/http/proxy string {{ overrides.mirror_proxy | default(preseed_mirror_proxy) }}
+
+
+### Account setup
+# Skip creation of regular user account.
+d-i passwd/make-user boolean false
+
+# Set root password.
+d-i passwd/root-password password {{ overrides.root_password | default(preseed_root_password) }}
+d-i passwd/root-password-again password {{ overrides.root_password | default(preseed_root_password) }}
+
+
+### Clock and time zone setup
+
+# Hardware clock is UTC.
+d-i clock-setup/utc boolean true
+
+# Timezone.
+d-i time/zone string {{ overrides.timezone | default(preseed_timezone) }}
+
+# Use NTP to set the time during installation.
+d-i clock-setup/ntp boolean true
+
+
+### Partitioning
+
+# Use regular partitioning schema.
+d-i partman-auto/method string regular
+
+# All files in one partition.
+d-i partman-auto/choose_recipe select atomic
+
+# Wipe out all partitions.
+d-i partman-lvm/device_remove_lvm boolean true
+d-i partman-lvm/confirm_nooverwrite boolean true
+d-i partman-md/device_remove_md boolean true
+
+# Partition the disk without confirmation.
+d-i partman-partitioning/confirm_write_new_label boolean true
+d-i partman/choose_partition select finish
+d-i partman/confirm boolean true
+d-i partman/confirm_nooverwrite boolean true
+
+
+### Package selection
+
+# Install standard packages and SSH server.
+tasksel tasksel/first multiselect standard,ssh-server
+
+
+### Boot loader installation
+# This is fairly safe to set, it makes grub install automatically to the MBR
+# if no other operating system is detected on the machine.
+d-i grub-installer/only_debian boolean true
+
+# This one makes grub-installer install to the MBR if it also finds some other
+# OS, which is less safe as it might not be able to boot that other OS.
+d-i grub-installer/with_other_os boolean true
+
+# Due notably to potential USB sticks, the location of the MBR can not be
+# determined safely in general, so this needs to be specified:
+#d-i grub-installer/bootdev  string /dev/sda
+
+# To install to the first device (assuming it is not a USB stick):
+d-i grub-installer/bootdev  string default
+
+
+### Finishing up the installation
+
+# Deploy the Ansible ssh key to root's authorized_keys
+d-i preseed/late_command string mkdir -m 700 /target/root/.ssh/; echo "{{ ansible_key }}" > /target/root/.ssh/authorized_keys; chmod 600 /target/root/.ssh/authorized_keys
+
+# Avoid that last message about the install being complete.
+d-i finish-install/reboot_in_progress note
+