From fc5b1525d726ebbc6871280d1019b9848ecbe3bb Mon Sep 17 00:00:00 2001
From: phg <mail@philip-henning.com>
Date: Thu, 12 Feb 2026 19:12:27 +0100
Subject: [PATCH 1/4] Move Proxmox API token variables to
 variables-common.pkr.hcl for better organization

---
 debian/13-trixie-luks/variables.pkr.hcl | 15 ---------------
 variables-common.pkr.hcl                | 13 +++++++++++++
 2 files changed, 13 insertions(+), 15 deletions(-)

diff --git a/debian/13-trixie-luks/variables.pkr.hcl b/debian/13-trixie-luks/variables.pkr.hcl
index b5344c6..346e5c3 100644
--- a/debian/13-trixie-luks/variables.pkr.hcl
+++ b/debian/13-trixie-luks/variables.pkr.hcl
@@ -1,18 +1,3 @@
-# Secrets
-variable "proxmox_api_token_id" {
-  type        = string
-  sensitive   = true
-  description = "Proxmox API token ID in the format 'username@realm!tokenname'"
-}
-
-variable "proxmox_api_token_secret" {
-  type        = string
-  sensitive   = true
-  description = "Proxmox API token secret"
-}
-
-
-
 # Variables
 variable "template_vm_id" {
   type        = string
diff --git a/variables-common.pkr.hcl b/variables-common.pkr.hcl
index 76c7358..22aab38 100644
--- a/variables-common.pkr.hcl
+++ b/variables-common.pkr.hcl
@@ -16,6 +16,19 @@ variable "source_proxmox_http_interface" {
   description = "The network interface to use for the Proxmox HTTP source"
 }
 
+# Secrets
+variable "proxmox_api_token_id" {
+  type        = string
+  sensitive   = true
+  description = "Proxmox API token ID in the format 'username@realm!tokenname'"
+}
+
+variable "proxmox_api_token_secret" {
+  type        = string
+  sensitive   = true
+  description = "Proxmox API token secret"
+}
+
 variable "default_luks_passphrase" {
   type        = string
   default     = "packer"

From 3ddad7b3e48ee76a527258b3dd49d3a6f50aee6a Mon Sep 17 00:00:00 2001
From: phg <mail@philip-henning.com>
Date: Thu, 12 Feb 2026 19:13:38 +0100
Subject: [PATCH 2/4] Add overwrite-if.auto.pkrvars.hcl to .gitignore, since
 these options are specific for each pc where packer is running on

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index 1c4192b..ca81eef 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,7 @@
 # Project
 /credentials.auto.pkrvars.hcl
 /downloaded_iso_path
+overwrite-if.auto.pkrvars.hcl
 
 # Linux
 *~

From c063b79e1b7cd6ef11cbe4e80a20a46abd708dae Mon Sep 17 00:00:00 2001
From: phg <mail@philip-henning.com>
Date: Thu, 12 Feb 2026 19:13:47 +0100
Subject: [PATCH 3/4] Update README.md with LUKS setup examples and ToDo
 enhancements

---
 README.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 460671f..2e6542b 100644
--- a/README.md
+++ b/README.md
@@ -105,13 +105,15 @@ Run:
 mise run setup <distribution name> <version>
 ```
 
-E.g. `mise run setup debian 13-trixie` or `mise run setup nixos 25.11`.
+E.g. `mise run setup debian 13-trixie` or `mise run setup debian 13-trixie-luks`.
 
 ## ToDo
 
 - [ ] Debian 13 with LUKS
   - [x] Setup image with LUKS
+  - [ ] Automated unlock from packer on 1st boot after installation
   - [ ] Setup dropbear
   - [ ] Setup Clevis/Tang
-  - [ ] Lock down root user (remove password, prohibit all logins)
-  - [ ] Lock down SSH Server
+  - [x] Copy initial setup script, to expand the disk and do various setup steps
+  - [x] Lock down root user (remove password, prohibit all logins)
+  - [x] Lock down SSH Server

From 775215f230c20eb9255ede6c23d73b2b57d6bd59 Mon Sep 17 00:00:00 2001
From: phg <mail@philip-henning.com>
Date: Thu, 12 Feb 2026 19:13:58 +0100
Subject: [PATCH 4/4] Refactor VM hardware settings and update disk type to
 SCSI for better compatibility with Proxmox VE 7.4+

---
 debian/13-trixie-luks/debian-trixie.pkr.hcl | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/debian/13-trixie-luks/debian-trixie.pkr.hcl b/debian/13-trixie-luks/debian-trixie.pkr.hcl
index 1c60656..7fb60a1 100644
--- a/debian/13-trixie-luks/debian-trixie.pkr.hcl
+++ b/debian/13-trixie-luks/debian-trixie.pkr.hcl
@@ -25,17 +25,20 @@ source "proxmox-iso" "debian-13-trixie-luks" {
   qemu_agent           = true
 
   # VM Hardware Settings
-  machine         = "q35"
-  cpu_type        = "${var.template_cpu_type}"
-  cores           = 2
-  memory          = 2048
-  bios            = "ovmf"
-  scsi_controller = "virtio-scsi-pci"
+  machine            = "q35"
+  cpu_type           = "${var.template_cpu_type}"
+  cores              = 2
+  memory             = 2048
+  ballooning_minimum = 2048
+  bios               = "ovmf"
+  scsi_controller    = "virtio-scsi-single"
   disks {
     disk_size    = "30G"
     format       = "qcow2"
     storage_pool = "${var.disk_storage_pool}"
-    type         = "virtio"
+    type         = "scsi" # VirtIO-SCSI better maintained as virtio-blk has been deprecated in Proxmox VE 7.4+ and may cause issues with newer Linux kernels
+    io_thread    = true
+    ssd          = true
   }
 
   efi_config {
@@ -63,7 +66,7 @@ source "proxmox-iso" "debian-13-trixie-luks" {
     model       = "virtio"
     mac_address = "${var.mac_address}"
     bridge      = "${var.network_bridge}"
-    firewall    = "false"
+    firewall    = "true"
   }
 
   # VM Cloud-Init Settings
@@ -72,7 +75,7 @@ source "proxmox-iso" "debian-13-trixie-luks" {
   cloud_init_disk_type    = "scsi"
 
   # PACKER Boot Commands
-  boot         = "order=virtio0;scsi0"
+  boot         = "order=scsi0;scsi1"
   boot_wait    = "10s"
   communicator = "ssh"
   boot_command = [