diff --git a/.gitignore b/.gitignore index ca81eef..1c4192b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,6 @@ # Project /credentials.auto.pkrvars.hcl /downloaded_iso_path -overwrite-if.auto.pkrvars.hcl # Linux *~ diff --git a/README.md b/README.md index 2e6542b..460671f 100644 --- a/README.md +++ b/README.md @@ -105,15 +105,13 @@ Run: mise run setup ``` -E.g. `mise run setup debian 13-trixie` or `mise run setup debian 13-trixie-luks`. +E.g. `mise run setup debian 13-trixie` or `mise run setup nixos 25.11`. ## ToDo - [ ] Debian 13 with LUKS - [x] Setup image with LUKS - - [ ] Automated unlock from packer on 1st boot after installation - [ ] Setup dropbear - [ ] Setup Clevis/Tang - - [x] Copy initial setup script, to expand the disk and do various setup steps - - [x] Lock down root user (remove password, prohibit all logins) - - [x] Lock down SSH Server + - [ ] Lock down root user (remove password, prohibit all logins) + - [ ] Lock down SSH Server diff --git a/debian/13-trixie-luks/debian-trixie.pkr.hcl b/debian/13-trixie-luks/debian-trixie.pkr.hcl index 7fb60a1..1c60656 100644 --- a/debian/13-trixie-luks/debian-trixie.pkr.hcl +++ b/debian/13-trixie-luks/debian-trixie.pkr.hcl @@ -25,20 +25,17 @@ source "proxmox-iso" "debian-13-trixie-luks" { qemu_agent = true # VM Hardware Settings - machine = "q35" - cpu_type = "${var.template_cpu_type}" - cores = 2 - memory = 2048 - ballooning_minimum = 2048 - bios = "ovmf" - scsi_controller = "virtio-scsi-single" + machine = "q35" + cpu_type = "${var.template_cpu_type}" + cores = 2 + memory = 2048 + bios = "ovmf" + scsi_controller = "virtio-scsi-pci" disks { disk_size = "30G" format = "qcow2" storage_pool = "${var.disk_storage_pool}" - type = "scsi" # VirtIO-SCSI better maintained as virtio-blk has been deprecated in Proxmox VE 7.4+ and may cause issues with newer Linux kernels - io_thread = true - ssd = true + type = "virtio" } efi_config { @@ -66,7 +63,7 @@ source "proxmox-iso" "debian-13-trixie-luks" { model = "virtio" mac_address = "${var.mac_address}" bridge = "${var.network_bridge}" - firewall = "true" + firewall = "false" } # VM Cloud-Init Settings @@ -75,7 +72,7 @@ source "proxmox-iso" "debian-13-trixie-luks" { cloud_init_disk_type = "scsi" # PACKER Boot Commands - boot = "order=scsi0;scsi1" + boot = "order=virtio0;scsi0" boot_wait = "10s" communicator = "ssh" boot_command = [ diff --git a/debian/13-trixie-luks/variables.pkr.hcl b/debian/13-trixie-luks/variables.pkr.hcl index 346e5c3..b5344c6 100644 --- a/debian/13-trixie-luks/variables.pkr.hcl +++ b/debian/13-trixie-luks/variables.pkr.hcl @@ -1,3 +1,18 @@ +# Secrets +variable "proxmox_api_token_id" { + type = string + sensitive = true + description = "Proxmox API token ID in the format 'username@realm!tokenname'" +} + +variable "proxmox_api_token_secret" { + type = string + sensitive = true + description = "Proxmox API token secret" +} + + + # Variables variable "template_vm_id" { type = string diff --git a/variables-common.pkr.hcl b/variables-common.pkr.hcl index 22aab38..76c7358 100644 --- a/variables-common.pkr.hcl +++ b/variables-common.pkr.hcl @@ -16,19 +16,6 @@ variable "source_proxmox_http_interface" { description = "The network interface to use for the Proxmox HTTP source" } -# Secrets -variable "proxmox_api_token_id" { - type = string - sensitive = true - description = "Proxmox API token ID in the format 'username@realm!tokenname'" -} - -variable "proxmox_api_token_secret" { - type = string - sensitive = true - description = "Proxmox API token secret" -} - variable "default_luks_passphrase" { type = string default = "packer"