Debian build works; Manual LUKS passphrase entry still required

debian/13-trixie/debian-trixie.pkr.hcl

@@ -32,7 +32,7 @@ source "proxmox-iso" "debian-13-trixie" {
   bios            = "ovmf"
   scsi_controller = "virtio-scsi-pci"
   disks {
-    disk_size    = "20G"
+    disk_size    = "30G"
     format       = "qcow2"
     storage_pool = "${var.disk_storage_pool}"
     type         = "virtio"
@@ -74,7 +74,7 @@ source "proxmox-iso" "debian-13-trixie" {
   boot_command = [
     "<wait3>c<wait3>",
     "linux /install.amd/vmlinuz auto-install/enable=true priority=critical ",
-    "DEBIAN_FRONTEND=text preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/ks.cfg noprompt<enter>",
+    "DEBIAN_FRONTEND=text preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg noprompt<enter>",
     "initrd /install.amd/initrd.gz<enter>",
     "DEBCONF_DEBUG=5<enter>",
     "boot<enter>"
@@ -82,6 +82,7 @@ source "proxmox-iso" "debian-13-trixie" {
 
   # PACKER Autoinstall Settings
   http_directory = "debian/13-trixie/http"
+  http_interface = "${var.source_proxmox_http_interface}"
 
   # SSH Settings
   ssh_username = "root"

debian/13-trixie/http/ks.cfg

@@ -1,78 +0,0 @@
-# Language
-d-i debian-installer/locale string en_US.UTF-8
-
-# Keyboard
-d-i keyboard-configuration/xkb-keymap select us
-
-d-i auto-install/enable boolean true
-d-i debian-installer/framebuffer boolean false
-
-# Network
-d-i netcfg/choose_interface select ens18
-d-i netcfg/get_hostname string debian_foobar
-d-i netcfg/get_domain string
-d-i netcfg/wireless_wep string
-d-i netcfg/disable_dhcp boolean false
-
-# Root Password
-d-i passwd/make-user boolean false
-d-i passwd/root-password password packer
-d-i passwd/root-password-again password packer
-
-# Turn CD Off
-d-i apt-setup/cdrom/set-first boolean false
-d-i apt-setup/cdrom/set-next boolean false
-d-i apt-setup/cdrom/set-failed boolean false
-
-d-i apt-setup/local0/repository string http://deb.debian.org/debian/ trixie main contrib non-free
-popularity-contest popularity-contest/participate boolean false
-
-### Mirror settings
-d-i mirror/country string manual
-d-i mirror/http/hostname string http.us.debian.org
-d-i mirror/http/directory string /debian
-d-i mirror/http/proxy string
-
-# Timezone
-d-i clock-setup/utc boolean true
-d-i time/zone string UTC
-d-i clock-setup/ntp boolean true
-
-# Storage
-d-i partman-auto/method string lvm
-d-i partman-auto-lvm/guided_size string max
-d-i partman-lvm/device_remove_lvm boolean true
-d-i partman-md/device_remove_md boolean true
-d-i partman-lvm/confirm boolean true
-d-i partman-lvm/confirm_nooverwrite boolean true
-d-i partman-auto/choose_recipe select atomic
-d-i partman-partitioning/confirm_write_new_label boolean true
-d-i partman/choose_partition select finish
-d-i partman/confirm boolean true
-d-i partman/confirm_nooverwrite boolean true
-
-# Software
-d-i debconf debconf/frontend select noninteractive
-tasksel tasksel/first multiselect standard, ssh-server
-
-d-i apt-setup/contrib boolean true
-d-i apt-setup/non-free boolean true
-d-i apt-setup/security_host string security.debian.org
-d-i apt-setup/services-select multiselect security, updates
-
-
-d-i pkgsel/include string qemu-guest-agent cloud-init curl vim
-d-i pkgsel/upgrade select full-upgrade
-d-i pkgsel/update-policy select none
-d-i pkgsel/updatedb boolean true
-
-d-i preseed/late_command string \
-    in-target sed -e 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' -i /etc/ssh/sshd_config
-
-# Bootloader
-d-i grub-installer/only_debian boolean true
-d-i grub-installer/with_other_os boolean true
-d-i grub-installer/bootdev  string default
-
-# Finish
-d-i finish-install/reboot_in_progress note

debian/13-trixie/http/preseed.cfg

@@ -0,0 +1,159 @@
+#_preseed_V1
+
+### Localization
+d-i debian-installer/locale string en_US.UTF-8
+d-i keyboard-configuration/xkb-keymap select us
+
+### Unattended
+d-i auto-install/enable boolean true
+d-i debconf/priority select critical
+d-i debian-installer/framebuffer boolean false
+
+### Network
+d-i netcfg/choose_interface select ens18
+d-i netcfg/get_hostname string debian-13-template
+d-i netcfg/get_domain string
+d-i netcfg/wireless_wep string
+d-i netcfg/disable_dhcp boolean false
+
+### Root Password (no user)
+d-i passwd/make-user boolean false
+d-i passwd/root-password password packer
+d-i passwd/root-password-again password packer
+
+### Mirror / APT
+d-i apt-setup/cdrom/set-first boolean false
+d-i apt-setup/cdrom/set-next boolean false
+d-i apt-setup/cdrom/set-failed boolean false
+
+d-i mirror/country string manual
+d-i mirror/http/hostname string ftp.de.debian.org
+d-i mirror/http/directory string /debian
+d-i mirror/http/proxy string
+
+# If you want an explicit suite:
+# d-i mirror/suite string trixie
+
+# Your extra repo line (updated to also include non-free-firmware for trixie)
+d-i apt-setup/local0/repository string http://ftp.de.debian.org/debian/ trixie main contrib non-free non-free-firmware
+popularity-contest popularity-contest/participate boolean false
+
+d-i apt-setup/contrib boolean true
+d-i apt-setup/non-free boolean true
+d-i apt-setup/non-free-firmware boolean true
+d-i apt-setup/security_host string security.debian.org
+d-i apt-setup/services-select multiselect security, updates
+
+### Timezone
+d-i clock-setup/utc boolean true
+d-i time/zone string UTC
+d-i clock-setup/ntp boolean true
+
+### Storage (UEFI + /boot + LUKS/LVM)
+# Pick first detected disk automatically
+d-i preseed/early_command string \
+  DISK="$(list-devices disk | head -n1)"; \
+  debconf-set partman-auto/disk "$DISK";
+
+# "crypto" = LVM within an encrypted partition  [oai_citation:3‡Debian](https://www.debian.org/releases/stable/amd64/apbs04.en.html)
+d-i partman-auto/method string crypto
+d-i partman-auto-lvm/guided_size string max
+d-i partman-auto-lvm/new_vg_name string vg0
+
+# Cleanup old metadata if present
+d-i partman-lvm/device_remove_lvm boolean true
+d-i partman-md/device_remove_md boolean true
+
+# Confirmations
+d-i partman-lvm/confirm boolean true
+d-i partman-lvm/confirm_nooverwrite boolean true
+d-i partman-md/confirm boolean true
+d-i partman-md/confirm_nooverwrite boolean true
+
+# LUKS password
+d-i partman-crypto/passphrase password packer
+d-i partman-crypto/passphrase-again password packer
+d-i partman-crypto/weak_passphrase boolean true
+d-i partman-crypto/confirm boolean true
+d-i partman-auto-crypto/erase_disks boolean false
+
+# Ensure GPT
+d-i partman-partitioning/choose_label select gpt
+d-i partman-partitioning/default_label string gpt
+
+# Force UEFI (if needed in your environment)
+d-i partman-efi/non_efi_system boolean true
+
+# Do NOT go back to partitioning menu if a partition/LV has no filesystem
+d-i partman-basicmethods/method_only boolean false
+
+# Accept installing without swap (answer "No" to the warning)
+d-i partman-basicfilesystems/no_swap boolean false
+d-i partman-basicfilesystems/no_swap seen true
+
+# Custom recipe
+# NOTE: Avoid putting comments inside this expert_recipe block; d-i can ignore it.  [oai_citation:4‡Unix & Linux Stack Exchange](https://unix.stackexchange.com/questions/796185/debian-preseed-install-auto-creates-swap)
+d-i partman-auto/choose_recipe select luks-lvm
+d-i partman-auto/expert_recipe string \
+  luks-lvm :: \
+    1075 1075 1075 fat32 \
+      $primary{ } \
+      $iflabel{ gpt } \
+      $reusemethod{ } \
+      method{ efi } \
+      format{ } \
+      filesystem{ fat32 } \
+      mountpoint{ /boot/efi } \
+    . \
+    1075 1075 1075 ext4 \
+      $primary{ } \
+      $defaultignore{ } \
+      method{ format } \
+      format{ } \
+      use_filesystem{ } \
+      filesystem{ ext4 } \
+      mountpoint{ /boot } \
+    . \
+    25770 25770 25770 ext4 \
+      $lvmok{ } \
+      lv_name{ root } \
+      method{ format } \
+      format{ } \
+      use_filesystem{ } \
+      filesystem{ ext4 } \
+      mountpoint{ / } \
+    . \
+    1 10000 -1 ext4 \
+      $lvmok{ } \
+      lv_name{ reserved } \
+      method{ keep } \
+    .
+
+d-i partman-partitioning/confirm_write_new_label boolean true
+d-i partman/choose_partition select finish
+d-i partman/confirm boolean true
+d-i partman/confirm_nooverwrite boolean true
+
+### Software
+d-i debconf/frontend select noninteractive
+tasksel tasksel/first multiselect standard, ssh-server
+
+d-i pkgsel/include string qemu-guest-agent cloud-init curl vim
+d-i pkgsel/upgrade select full-upgrade
+d-i pkgsel/update-policy select none
+d-i pkgsel/updatedb boolean true
+
+### Bootloader
+d-i grub-installer/only_debian boolean true
+d-i grub-installer/with_other_os boolean true
+d-i grub-installer/bootdev string default
+
+### Late command (single declaration; multiple commands chained)
+# 1) Remove filler LV so vg0 has free space after install
+# 2) Enable root ssh login (same intent as your original)
+d-i preseed/late_command string \
+  lvremove -f /dev/vg0/reserved || true; \
+  in-target sed -i 's/^#PermitRootLogin .*/PermitRootLogin yes/' /etc/ssh/sshd_config || true
+
+### Finish
+d-i finish-install/reboot_in_progress note

debian/13-trixie/http/user-data

@@ -6,7 +6,7 @@ autoinstall:
     layout: us
   ssh:
     install-server: true
-    allow-pw: true
+    allow-pw: false
     disable_root: true
     ssh_quiet_keygen: true
     allow_public_ssh_keys: true
@@ -26,7 +26,7 @@ autoinstall:
     users:
       - name: root
         groups: [adm, sudo]
-        lock-passwd: false
+        lock-passwd: true #Disable password login
         sudo: ALL=(ALL) NOPASSWD:ALL
         shell: /bin/bash
-        passwd: packer
+        passwd: "" # Remove password

variables-common.pkr.hcl

@@ -9,3 +9,9 @@ variable "proxmox_skip_tls_verify" {
   default     = false
   description = "Whether to skip TLS verification for Proxmox API"
 }
+
+variable "source_proxmox_http_interface" {
+  type        = string
+  default     = "en18"
+  description = "The network interface to use for the Proxmox HTTP source"
+}