packer { required_plugins { proxmox = { version = "~> 1" source = "github.com/hashicorp/proxmox" } } } source "proxmox-iso" "debian-13-trixie-luks" { # Proxmox Connection Settings proxmox_url = "${var.proxmox_api_url}" username = "${var.proxmox_api_token_id}" token = "${var.proxmox_api_token_secret}" # Skip TLS Verification insecure_skip_tls_verify = "${var.proxmox_skip_tls_verify}" # VM General Settings node = "${var.proxmox_node}" vm_id = "${var.template_vm_id}" vm_name = "debian-13-trixie-luks-${local.timestamp}" template_description = "Debian 13 Trixie, LUKS encrypted, built with Packer on ${local.timestamp}\n\nLUKS default passphrase: `${var.default_luks_passphrase}`" os = "l26" qemu_agent = true # VM Hardware Settings machine = "q35" cpu_type = "${var.template_cpu_type}" cores = 2 memory = 2048 ballooning_minimum = 2048 bios = "ovmf" scsi_controller = "virtio-scsi-single" disks { disk_size = "30G" format = "qcow2" storage_pool = "${var.disk_storage_pool}" type = "scsi" # VirtIO-SCSI better maintained as virtio-blk has been deprecated in Proxmox VE 7.4+ and may cause issues with newer Linux kernels io_thread = true ssd = true } efi_config { efi_storage_pool = "${var.disk_storage_pool}" pre_enrolled_keys = true efi_format = "raw" efi_type = "4m" } serials = [ "socket" ] # Download ISO boot_iso { type = "scsi" iso_url = "${var.iso_url}" unmount = true iso_storage_pool = "${var.iso_storage_pool}" iso_checksum = "${var.iso_checksum}" } # VM Network Settings network_adapters { model = "virtio" mac_address = "${var.mac_address}" bridge = "${var.network_bridge}" firewall = "true" } # VM Cloud-Init Settings cloud_init = true cloud_init_storage_pool = "${var.disk_storage_pool}" cloud_init_disk_type = "scsi" # PACKER Boot Commands boot = "order=scsi0;scsi1" boot_wait = "10s" communicator = "ssh" boot_command = [ "c", "linux /install.amd/vmlinuz auto-install/enable=true priority=critical ", "DEBIAN_FRONTEND=text ", "console=tty0 console=ttyS0,115200 earlyprintk=ttyS0,115200 consoleblank=0 ", "passwd/root-password='${var.default_root_passphrase}' ", "passwd/root-password-again='${var.default_root_passphrase}' ", "partman-crypto/passphrase='${var.default_luks_passphrase}' ", "partman-crypto/passphrase-again='${var.default_luks_passphrase}' ", "INSTALL_FINISHED_INFORM_URL='http://{{ .HTTPIP }}:${var.install_finished_inform_port}/install_finished' ", "preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg noprompt", "initrd /install.amd/initrd.gz", "DEBCONF_DEBUG=5", "boot" ] # PACKER Autoinstall Settings http_directory = "debian/13-trixie-luks/http" http_interface = "${var.source_proxmox_http_interface}" # SSH Settings ssh_username = "root" ssh_password = "${var.default_root_passphrase}" ssh_timeout = "20m" ssh_pty = true } build { name = "debian-13-trixie-luks-image" sources = ["source.proxmox-iso.debian-13-trixie-luks"] # Install dependencies and default packages provisioner "shell" { inline = [ "export DEBIAN_FRONTEND=noninteractive", "apt-get update", "apt-get install -y age apt-transport-https aria2 bat bc bmon btop ca-certificates curl duf eza fastfetch fzf git gnupg htop iftop iotop iperf jq lsof magic-wormhole mosh mtr ncdu parted progress pv ripgrep rsync smartmontools socat sudo tmux usbutils vim wget yq zsh zstd" ] } # Install Tailscale provisioner "shell" { script = "debian/13-trixie-luks/scripts/tailscale.sh" } # Setup CrowdSec Repo provisioner "shell" { script = "debian/13-trixie-luks/scripts/crowdsec-repo-setup.sh" } # Install CrowdSec provisioner "shell" { inline = [ "apt-get install -y crowdsec", "apt-get install -y crowdsec-firewall-bouncer-iptables" ] } # Configure CrowdSec provisioner "shell" { script = "debian/13-trixie-luks/scripts/crowdsec-configuration.sh" } # Provisioning the VM Template for Cloud-Init Integration in Proxmox #2 provisioner "file" { source = "debian/13-trixie-luks/files/99-pve.cfg" destination = "/tmp/99-pve.cfg" } # Provisioning the VM Template for Cloud-Init Integration in Proxmox #3 provisioner "shell" { inline = ["sudo cp /tmp/99-pve.cfg /etc/cloud/cloud.cfg.d/99-pve.cfg"] } # Remove CD-ROM entries from APT sources list provisioner "shell" { inline = ["sed -i '/cdrom/d' /etc/apt/sources.list"] } # Add custom APT sources list provisioner "file" { source = "debian/13-trixie-luks/files/debian.sources" destination = "/etc/apt/sources.list.d/debian.sources" } provisioner "file" { source = "debian/13-trixie-luks/files/90-initial-login-setup.sh" destination = "/etc/profile.d/90-initial-login-setup.sh" } provisioner "file" { source = "debian/13-trixie-luks/files/initial-setup.sh" destination = "/usr/local/bin/initial-setup.sh" } provisioner "shell" { inline = [ "chmod +x /usr/local/bin/initial-setup.sh" ] } # Install Clevis provisioner "shell" { inline = [ "apt-get update", "apt-get install -y clevis clevis-luks clevis-initramfs" ] } # Setup Serial Console for xterm.js in Proxmox VE provisioner "shell" { inline = [ "sed -i 's/#\\?GRUB_CMDLINE_LINUX=.*\"/GRUB_CMDLINE_LINUX=\"console=tty0 console=ttyS0,115200 earlyprintk=ttyS0,115200 consoleblank=0\"/' /etc/default/grub", "sed -i 's/#\\?GRUB_TERMINAL=.*/GRUB_TERMINAL=\"serial console\"/' /etc/default/grub", "sed -i 's/#\\?GRUB_SERIAL_COMMAND=.*/GRUB_SERIAL_COMMAND=\"serial --speed=115200\"/' /etc/default/grub", "update-grub" ] } # Provisioning the VM Template for Cloud-Init Integration in Proxmox #1 provisioner "shell" { inline = [ "rm /etc/ssh/ssh_host_*", "truncate -s 0 /etc/machine-id", "apt -y autoremove --purge 2> /dev/null", "apt -y clean 2> /dev/null", "apt -y autoclean 2> /dev/null", "rm -rf /var/cache/apt/archives /var/lib/apt/lists/*", "cloud-init clean", "rm -f /etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg", "sync" ] } # Remove temporary settings and configuration for packer build provisioner "shell" { inline = [ "sed -i 's/^#\\?PermitRootLogin .*/PermitRootLogin no/' /etc/ssh/sshd_config", "sed -i 's/^#\\?PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config", "passwd -dl root" ] } }