Rename Debian 13 template

debian/13-trixie-luks/credentials.auto.pkrvars.hcl

@@ -0,0 +1 @@
+../../credentials.auto.pkrvars.hcl

debian/13-trixie-luks/debian-trixie.pkr.hcl

@@ -0,0 +1,135 @@
+packer {
+  required_plugins {
+    proxmox = {
+      version = "~> 1"
+      source  = "github.com/hashicorp/proxmox"
+    }
+  }
+}
+
+source "proxmox-iso" "debian-13-trixie" {
+  # Proxmox Connection Settings
+  proxmox_url = "${var.proxmox_api_url}"
+  username    = "${var.proxmox_api_token_id}"
+  token       = "${var.proxmox_api_token_secret}"
+
+  # Skip TLS Verification
+  insecure_skip_tls_verify = "${var.proxmox_skip_tls_verify}"
+
+  # VM General Settings
+  node                 = "${var.proxmox_node}"
+  vm_id                = "${var.template_vm_id}"
+  vm_name              = "debian-13-trixie-${local.timestamp}"
+  template_description = "Debian 13 Trixie, built with Packer on ${local.timestamp}"
+  os                   = "l26"
+  qemu_agent           = true
+
+  # VM Hardware Settings
+  machine         = "q35"
+  cpu_type        = "${var.template_cpu_type}"
+  cores           = 2
+  memory          = 2048
+  bios            = "ovmf"
+  scsi_controller = "virtio-scsi-pci"
+  disks {
+    disk_size    = "30G"
+    format       = "qcow2"
+    storage_pool = "${var.disk_storage_pool}"
+    type         = "virtio"
+  }
+
+  efi_config {
+    efi_storage_pool  = "${var.disk_storage_pool}"
+    pre_enrolled_keys = true
+    efi_format        = "raw"
+    efi_type          = "4m"
+  }
+
+  # Download ISO
+  boot_iso {
+    type             = "scsi"
+    iso_url          = "${var.iso_url}"
+    unmount          = true
+    iso_storage_pool = "${var.iso_storage_pool}"
+    iso_checksum     = "${var.iso_checksum}"
+  }
+
+  # VM Network Settings
+  network_adapters {
+    model       = "virtio"
+    mac_address = "${var.mac_address}"
+    bridge      = "${var.network_bridge}"
+    firewall    = "false"
+  }
+
+  # VM Cloud-Init Settings
+  cloud_init              = true
+  cloud_init_storage_pool = "${var.disk_storage_pool}"
+  cloud_init_disk_type    = "scsi"
+
+  # PACKER Boot Commands
+  boot         = "order=virtio0;scsi0"
+  boot_wait    = "10s"
+  communicator = "ssh"
+  boot_command = [
+    "<wait3>c<wait3>",
+    "linux /install.amd/vmlinuz auto-install/enable=true priority=critical ",
+    "INSTALL_FINISHED_INFORM_URL='http://{{ .HTTPIP }}:${var.install_finished_inform_port}/install_finished' ",
+    "DEBIAN_FRONTEND=text preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg noprompt<enter>",
+    "initrd /install.amd/initrd.gz<enter>",
+    "DEBCONF_DEBUG=5<enter>",
+    "boot<enter>"
+  ]
+
+  # PACKER Autoinstall Settings
+  http_directory = "debian/13-trixie/http"
+  http_interface = "${var.source_proxmox_http_interface}"
+
+  # SSH Settings
+  ssh_username = "root"
+  ssh_password = "packer"
+  ssh_timeout  = "20m"
+  ssh_pty      = true
+}
+
+build {
+  name    = "debian-13-trixie-image"
+  sources = ["source.proxmox-iso.debian-13-trixie"]
+
+  # Provisioning the VM Template for Cloud-Init Integration in Proxmox #1
+  provisioner "shell" {
+    inline = [
+      "rm /etc/ssh/ssh_host_*",
+      "truncate -s 0 /etc/machine-id",
+      "apt -y autoremove --purge 2> /dev/null",
+      "apt -y clean 2> /dev/null",
+      "apt -y autoclean 2> /dev/null",
+      "cloud-init clean",
+      "rm -f /etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg",
+      "rm -rf /var/cache/apt/archives /var/lib/apt/lists/*",
+      "sync"
+    ]
+  }
+
+  # Provisioning the VM Template for Cloud-Init Integration in Proxmox #2
+  provisioner "file" {
+    source      = "debian/13-trixie/files/99-pve.cfg"
+    destination = "/tmp/99-pve.cfg"
+  }
+
+  # Provisioning the VM Template for Cloud-Init Integration in Proxmox #3
+  provisioner "shell" {
+    inline = ["sudo cp /tmp/99-pve.cfg /etc/cloud/cloud.cfg.d/99-pve.cfg"]
+  }
+
+  # Remove CD-ROM entries from APT sources list
+  provisioner "shell" {
+    inline = ["sed -i '/cdrom/d' /etc/apt/sources.list"]
+  }
+
+  # Add custom APT sources list
+  provisioner "file" {
+    source      = "debian/13-trixie/files/debian.sources"
+    destination = "/etc/apt/sources.list.d/debian.sources"
+  }
+}

debian/13-trixie-luks/files/99-pve.cfg

@@ -0,0 +1 @@
+datasource_list: [ConfigDrive, NoCloud]

debian/13-trixie-luks/files/debian.sources

@@ -0,0 +1,17 @@
+Types: deb
+URIs: http://ftp.de.debian.org/debian/
+Suites: trixie
+Components: main contrib non-free non-free-firmware
+Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
+
+Types: deb
+URIs: http://ftp.de.debian.org/debian/
+Suites: trixie-updates
+Components: main contrib non-free non-free-firmware
+Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
+
+Types: deb
+URIs: http://security.debian.org/
+Suites: trixie-security
+Components: main contrib non-free non-free-firmware
+Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

debian/13-trixie-luks/http/preseed.cfg

@@ -0,0 +1,164 @@
+#_preseed_V1
+
+### Localization
+d-i debian-installer/locale string en_US.UTF-8
+d-i keyboard-configuration/xkb-keymap select us
+
+### Unattended
+d-i auto-install/enable boolean true
+d-i debconf/priority select critical
+d-i debian-installer/framebuffer boolean false
+
+### Network
+d-i netcfg/choose_interface select ens18
+d-i netcfg/get_hostname string debian-13-template
+d-i netcfg/get_domain string
+d-i netcfg/wireless_wep string
+d-i netcfg/disable_dhcp boolean false
+
+### Root Password (no user)
+d-i passwd/make-user boolean false
+d-i passwd/root-password password packer
+d-i passwd/root-password-again password packer
+
+### Mirror / APT
+d-i apt-setup/cdrom/set-first boolean false
+d-i apt-setup/cdrom/set-next boolean false
+d-i apt-setup/cdrom/set-failed boolean false
+
+d-i mirror/country string manual
+d-i mirror/http/hostname string ftp.de.debian.org
+d-i mirror/http/directory string /debian
+d-i mirror/http/proxy string
+
+# If you want an explicit suite:
+# d-i mirror/suite string trixie
+
+# Your extra repo line (updated to also include non-free-firmware for trixie)
+d-i apt-setup/local0/repository string http://ftp.de.debian.org/debian/ trixie main contrib non-free non-free-firmware
+popularity-contest popularity-contest/participate boolean false
+
+d-i apt-setup/contrib boolean true
+d-i apt-setup/non-free boolean true
+d-i apt-setup/non-free-firmware boolean true
+d-i apt-setup/security_host string security.debian.org
+d-i apt-setup/services-select multiselect security, updates
+
+### Timezone
+d-i clock-setup/utc boolean true
+d-i time/zone string UTC
+d-i clock-setup/ntp boolean true
+
+### Storage (UEFI + /boot + LUKS/LVM)
+# Pick first detected disk automatically
+d-i preseed/early_command string \
+  DISK="$(list-devices disk | head -n1)"; \
+  debconf-set partman-auto/disk "$DISK";
+
+# "crypto" = LVM within an encrypted partition  [oai_citation:3‡Debian](https://www.debian.org/releases/stable/amd64/apbs04.en.html)
+d-i partman-auto/method string crypto
+d-i partman-auto-lvm/guided_size string max
+d-i partman-auto-lvm/new_vg_name string vg0
+
+# Cleanup old metadata if present
+d-i partman-lvm/device_remove_lvm boolean true
+d-i partman-md/device_remove_md boolean true
+
+# Confirmations
+d-i partman-lvm/confirm boolean true
+d-i partman-lvm/confirm_nooverwrite boolean true
+d-i partman-md/confirm boolean true
+d-i partman-md/confirm_nooverwrite boolean true
+
+# LUKS password
+d-i partman-crypto/passphrase password packer
+d-i partman-crypto/passphrase-again password packer
+d-i partman-crypto/weak_passphrase boolean true
+d-i partman-crypto/confirm boolean true
+d-i partman-auto-crypto/erase_disks boolean false
+
+# Ensure GPT
+d-i partman-partitioning/choose_label select gpt
+d-i partman-partitioning/default_label string gpt
+
+# Force UEFI (if needed in your environment)
+d-i partman-efi/non_efi_system boolean true
+
+# Do NOT go back to partitioning menu if a partition/LV has no filesystem
+d-i partman-basicmethods/method_only boolean false
+
+# Accept installing without swap (answer "No" to the warning)
+d-i partman-basicfilesystems/no_swap boolean false
+d-i partman-basicfilesystems/no_swap seen true
+
+# Custom recipe
+# NOTE: Avoid putting comments inside this expert_recipe block; d-i can ignore it.  [oai_citation:4‡Unix & Linux Stack Exchange](https://unix.stackexchange.com/questions/796185/debian-preseed-install-auto-creates-swap)
+d-i partman-auto/choose_recipe select luks-lvm
+d-i partman-auto/expert_recipe string \
+  luks-lvm :: \
+    1075 1075 1075 fat32 \
+      $primary{ } \
+      $iflabel{ gpt } \
+      $reusemethod{ } \
+      method{ efi } \
+      format{ } \
+      filesystem{ fat32 } \
+      mountpoint{ /boot/efi } \
+    . \
+    1075 1075 1075 ext4 \
+      $primary{ } \
+      $defaultignore{ } \
+      method{ format } \
+      format{ } \
+      use_filesystem{ } \
+      filesystem{ ext4 } \
+      mountpoint{ /boot } \
+    . \
+    25770 25770 25770 ext4 \
+      $lvmok{ } \
+      lv_name{ root } \
+      method{ format } \
+      format{ } \
+      use_filesystem{ } \
+      filesystem{ ext4 } \
+      mountpoint{ / } \
+    . \
+    1 10000 -1 ext4 \
+      $lvmok{ } \
+      lv_name{ reserved } \
+      method{ keep } \
+    .
+
+d-i partman-partitioning/confirm_write_new_label boolean true
+d-i partman/choose_partition select finish
+d-i partman/confirm boolean true
+d-i partman/confirm_nooverwrite boolean true
+
+### Software
+d-i debconf/frontend select noninteractive
+tasksel tasksel/first multiselect standard, ssh-server
+
+d-i pkgsel/include string qemu-guest-agent cloud-init curl vim
+d-i pkgsel/upgrade select full-upgrade
+d-i pkgsel/update-policy select none
+d-i pkgsel/updatedb boolean true
+
+### Bootloader
+d-i grub-installer/only_debian boolean true
+d-i grub-installer/with_other_os boolean true
+d-i grub-installer/bootdev string default
+
+### Late command (single declaration; multiple commands chained)
+# 1) Remove filler LV so vg0 has free space after install
+# 2) Enable root ssh login (same intent as your original)
+d-i preseed/late_command string \
+  lvremove -f /dev/vg0/reserved || true; \
+  in-target sed -i 's/^#PermitRootLogin .*/PermitRootLogin yes/' /etc/ssh/sshd_config || true; \
+  in-target curl -X POST "$INSTALL_FINISHED_INFORM_URL"
+
+# Eject the installation media before rebooting
+d-i cdrom-detect/eject boolean true
+d-i cdrom-detect/eject seen true
+
+### Finish
+d-i finish-install/reboot_in_progress note

debian/13-trixie-luks/http/user-data

@@ -0,0 +1,32 @@
+#cloud-config
+autoinstall:
+  version: 1
+  locale: en_US
+  keyboard:
+    layout: us
+  ssh:
+    install-server: true
+    allow-pw: false
+    disable_root: true
+    ssh_quiet_keygen: true
+    allow_public_ssh_keys: true
+  apt:
+    preserve_sources_list: false
+  packages:
+    - qemu-guest-agent
+    - sudo
+  storage:
+    layout:
+      name: direct
+    swap:
+      size: 0
+  user-data:
+    package_upgrade: false
+    timezone: UTC
+    users:
+      - name: root
+        groups: [adm, sudo]
+        lock-passwd: true #Disable password login
+        sudo: ALL=(ALL) NOPASSWD:ALL
+        shell: /bin/bash
+        passwd: "" # Remove password

debian/13-trixie-luks/variables-common.pkr.hcl

@@ -0,0 +1 @@
+../../variables-common.pkr.hcl

debian/13-trixie-luks/variables.pkr.hcl

@@ -0,0 +1,82 @@
+# Secrets
+variable "proxmox_api_token_id" {
+  type        = string
+  sensitive   = true
+  description = "Proxmox API token ID in the format 'username@realm!tokenname'"
+}
+
+variable "proxmox_api_token_secret" {
+  type        = string
+  sensitive   = true
+  description = "Proxmox API token secret"
+}
+
+
+
+# Variables
+variable "template_vm_id" {
+  type        = string
+  default     = "65000"
+  description = "The VM ID of the Proxmox template to use for building the image"
+}
+
+variable "mac_address" {
+  type        = string
+  default     = "BC:24:11:00:13:37"
+  description = "The MAC address to assign to the VM's network adapter"
+}
+
+variable "iso_url" {
+  type        = string
+  default     = "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-13.3.0-amd64-netinst.iso"
+  description = "The URL to download the Debian 13 Trixie ISO"
+}
+
+variable "iso_checksum" {
+  type        = string
+  default     = "file:https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA256SUMS"
+  description = "ISO checksum (SHA256 or checksum file URL)"
+}
+
+variable "disk_storage_pool" {
+  type        = string
+  default     = "ceph-pool"
+  description = "The Proxmox storage pool to use for the VM disk"
+}
+
+variable "iso_storage_pool" {
+  type        = string
+  default     = "cephfs"
+  description = "The Proxmox storage pool to use for the ISO"
+}
+
+variable "template_cpu_type" {
+  type        = string
+  default     = "host"
+  description = "The CPU type for the Proxmox template"
+}
+
+variable "network_bridge" {
+  type        = string
+  default     = "vmbr9"
+  description = "The network bridge to attach the VM to"
+}
+
+variable "proxmox_node" {
+  type        = string
+  default     = "sbx0pve02"
+  description = "The Proxmox node to use for building the image"
+}
+
+variable "install_finished_inform_port" {
+  type        = string
+  default     = "10000"
+  description = "The server port to inform when installation is finished"
+}
+
+
+
+# local values
+local "timestamp" {
+  expression = formatdate("YYYYMMDD-hhMMss-ZZZ", timestamp())
+}