Refactor VM hardware settings and update disk type to SCSI for better compatibility with Proxmox VE 7.4+

.gitignore

@@ -1,6 +1,7 @@
 # Project
 /credentials.auto.pkrvars.hcl
 /downloaded_iso_path
+overwrite-if.auto.pkrvars.hcl
 
 # Linux
 *~

README.md

@@ -105,13 +105,15 @@ Run:
 mise run setup <distribution name> <version>
 ```
 
-E.g. `mise run setup debian 13-trixie` or `mise run setup nixos 25.11`.
+E.g. `mise run setup debian 13-trixie` or `mise run setup debian 13-trixie-luks`.
 
 ## ToDo
 
 - [ ] Debian 13 with LUKS
   - [x] Setup image with LUKS
+  - [ ] Automated unlock from packer on 1st boot after installation
   - [ ] Setup dropbear
   - [ ] Setup Clevis/Tang
-  - [ ] Lock down root user (remove password, prohibit all logins)
+  - [x] Copy initial setup script, to expand the disk and do various setup steps
-  - [ ] Lock down SSH Server
+  - [x] Lock down root user (remove password, prohibit all logins)
+  - [x] Lock down SSH Server

debian/13-trixie-luks/debian-trixie.pkr.hcl

@@ -25,17 +25,20 @@ source "proxmox-iso" "debian-13-trixie-luks" {
   qemu_agent           = true
 
   # VM Hardware Settings
-  machine         = "q35"
+  machine            = "q35"
-  cpu_type        = "${var.template_cpu_type}"
+  cpu_type           = "${var.template_cpu_type}"
-  cores           = 2
+  cores              = 2
-  memory          = 2048
+  memory             = 2048
-  bios            = "ovmf"
+  ballooning_minimum = 2048
-  scsi_controller = "virtio-scsi-pci"
+  bios               = "ovmf"
+  scsi_controller    = "virtio-scsi-single"
   disks {
     disk_size    = "30G"
     format       = "qcow2"
     storage_pool = "${var.disk_storage_pool}"
-    type         = "virtio"
+    type         = "scsi" # VirtIO-SCSI better maintained as virtio-blk has been deprecated in Proxmox VE 7.4+ and may cause issues with newer Linux kernels
+    io_thread    = true
+    ssd          = true
   }
 
   efi_config {
@@ -63,7 +66,7 @@ source "proxmox-iso" "debian-13-trixie-luks" {
     model       = "virtio"
     mac_address = "${var.mac_address}"
     bridge      = "${var.network_bridge}"
-    firewall    = "false"
+    firewall    = "true"
   }
 
   # VM Cloud-Init Settings
@@ -72,7 +75,7 @@ source "proxmox-iso" "debian-13-trixie-luks" {
   cloud_init_disk_type    = "scsi"
 
   # PACKER Boot Commands
-  boot         = "order=virtio0;scsi0"
+  boot         = "order=scsi0;scsi1"
   boot_wait    = "10s"
   communicator = "ssh"
   boot_command = [

debian/13-trixie-luks/variables.pkr.hcl

@@ -1,18 +1,3 @@
-# Secrets
-variable "proxmox_api_token_id" {
-  type        = string
-  sensitive   = true
-  description = "Proxmox API token ID in the format 'username@realm!tokenname'"
-}
-
-variable "proxmox_api_token_secret" {
-  type        = string
-  sensitive   = true
-  description = "Proxmox API token secret"
-}
-
-
-
 # Variables
 variable "template_vm_id" {
   type        = string

variables-common.pkr.hcl

@@ -16,6 +16,19 @@ variable "source_proxmox_http_interface" {
   description = "The network interface to use for the Proxmox HTTP source"
 }
 
+# Secrets
+variable "proxmox_api_token_id" {
+  type        = string
+  sensitive   = true
+  description = "Proxmox API token ID in the format 'username@realm!tokenname'"
+}
+
+variable "proxmox_api_token_secret" {
+  type        = string
+  sensitive   = true
+  description = "Proxmox API token secret"
+}
+
 variable "default_luks_passphrase" {
   type        = string
   default     = "packer"