From 4142a521ba6affdd3d9b58d19f723c4d4eefe49a Mon Sep 17 00:00:00 2001
From: phg <mail@philip-henning.com>
Date: Sun, 8 Feb 2026 16:19:13 +0100
Subject: [PATCH] Add serial console support and enhance provisioning scripts
 for Debian 13 Trixie LUKS template

---
 debian/13-trixie-luks/debian-trixie.pkr.hcl | 100 ++++++++++++++++++--
 1 file changed, 90 insertions(+), 10 deletions(-)

diff --git a/debian/13-trixie-luks/debian-trixie.pkr.hcl b/debian/13-trixie-luks/debian-trixie.pkr.hcl
index cc36c1d..1c60656 100644
--- a/debian/13-trixie-luks/debian-trixie.pkr.hcl
+++ b/debian/13-trixie-luks/debian-trixie.pkr.hcl
@@ -45,6 +45,10 @@ source "proxmox-iso" "debian-13-trixie-luks" {
     efi_type          = "4m"
   }
 
+  serials = [
+    "socket"
+  ]
+
   # Download ISO
   boot_iso {
     type             = "scsi"
@@ -75,6 +79,7 @@ source "proxmox-iso" "debian-13-trixie-luks" {
     "<wait3>c<wait3>",
     "linux /install.amd/vmlinuz auto-install/enable=true priority=critical ",
     "DEBIAN_FRONTEND=text ",
+    "console=tty0 console=ttyS0,115200 earlyprintk=ttyS0,115200 consoleblank=0 ",
     "passwd/root-password='${var.default_root_passphrase}' ",
     "passwd/root-password-again='${var.default_root_passphrase}' ",
     "partman-crypto/passphrase='${var.default_luks_passphrase}' ",
@@ -101,21 +106,38 @@ build {
   name    = "debian-13-trixie-luks-image"
   sources = ["source.proxmox-iso.debian-13-trixie-luks"]
 
-  # Provisioning the VM Template for Cloud-Init Integration in Proxmox #1
+  # Install dependencies and default packages
   provisioner "shell" {
     inline = [
-      "rm /etc/ssh/ssh_host_*",
-      "truncate -s 0 /etc/machine-id",
-      "apt -y autoremove --purge 2> /dev/null",
-      "apt -y clean 2> /dev/null",
-      "apt -y autoclean 2> /dev/null",
-      "rm -rf /var/cache/apt/archives /var/lib/apt/lists/*",
-      "cloud-init clean",
-      "rm -f /etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg",
-      "sync"
+      "export DEBIAN_FRONTEND=noninteractive",
+      "apt-get update",
+      "apt-get install -y age apt-transport-https aria2 bat bc bmon btop ca-certificates curl duf eza fastfetch fzf git gnupg htop iftop iotop iperf jq lsof magic-wormhole mosh mtr ncdu parted progress pv ripgrep rsync smartmontools socat sudo tmux usbutils vim wget yq zsh zstd"
     ]
   }
 
+  # Install Tailscale
+  provisioner "shell" {
+    script = "debian/13-trixie-luks/scripts/tailscale.sh"
+  }
+
+  # Setup CrowdSec Repo
+  provisioner "shell" {
+    script = "debian/13-trixie-luks/scripts/crowdsec-repo-setup.sh"
+  }
+
+  # Install CrowdSec
+  provisioner "shell" {
+    inline = [
+      "apt-get install -y crowdsec",
+      "apt-get install -y crowdsec-firewall-bouncer-iptables"
+    ]
+  }
+
+  # Configure CrowdSec
+  provisioner "shell" {
+    script = "debian/13-trixie-luks/scripts/crowdsec-configuration.sh"
+  }
+
   # Provisioning the VM Template for Cloud-Init Integration in Proxmox #2
   provisioner "file" {
     source      = "debian/13-trixie-luks/files/99-pve.cfg"
@@ -137,4 +159,62 @@ build {
     source      = "debian/13-trixie-luks/files/debian.sources"
     destination = "/etc/apt/sources.list.d/debian.sources"
   }
+
+  provisioner "file" {
+    source      = "debian/13-trixie-luks/files/90-initial-login-setup.sh"
+    destination = "/etc/profile.d/90-initial-login-setup.sh"
+  }
+
+  provisioner "file" {
+    source      = "debian/13-trixie-luks/files/initial-setup.sh"
+    destination = "/usr/local/bin/initial-setup.sh"
+  }
+
+  provisioner "shell" {
+    inline = [
+      "chmod +x /usr/local/bin/initial-setup.sh"
+    ]
+  }
+
+  # Install Clevis
+  provisioner "shell" {
+    inline = [
+      "apt-get update",
+      "apt-get install -y clevis clevis-luks clevis-initramfs"
+    ]
+  }
+
+  # Setup Serial Console for xterm.js in Proxmox VE
+  provisioner "shell" {
+    inline = [
+      "sed -i 's/#\\?GRUB_CMDLINE_LINUX=.*\"/GRUB_CMDLINE_LINUX=\"console=tty0 console=ttyS0,115200 earlyprintk=ttyS0,115200 consoleblank=0\"/' /etc/default/grub",
+      "sed -i 's/#\\?GRUB_TERMINAL=.*/GRUB_TERMINAL=\"serial console\"/' /etc/default/grub",
+      "sed -i 's/#\\?GRUB_SERIAL_COMMAND=.*/GRUB_SERIAL_COMMAND=\"serial --speed=115200\"/' /etc/default/grub",
+      "update-grub"
+    ]
+  }
+
+  # Provisioning the VM Template for Cloud-Init Integration in Proxmox #1
+  provisioner "shell" {
+    inline = [
+      "rm /etc/ssh/ssh_host_*",
+      "truncate -s 0 /etc/machine-id",
+      "apt -y autoremove --purge 2> /dev/null",
+      "apt -y clean 2> /dev/null",
+      "apt -y autoclean 2> /dev/null",
+      "rm -rf /var/cache/apt/archives /var/lib/apt/lists/*",
+      "cloud-init clean",
+      "rm -f /etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg",
+      "sync"
+    ]
+  }
+
+  # Remove temporary settings and configuration for packer build
+  provisioner "shell" {
+    inline = [
+      "sed -i 's/^#\\?PermitRootLogin .*/PermitRootLogin no/' /etc/ssh/sshd_config",
+      "sed -i 's/^#\\?PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config",
+      "passwd -dl root"
+    ]
+  }
 }