223 lines
6.8 KiB
HCL
223 lines
6.8 KiB
HCL
packer {
|
|
required_plugins {
|
|
proxmox = {
|
|
version = "~> 1"
|
|
source = "github.com/hashicorp/proxmox"
|
|
}
|
|
}
|
|
}
|
|
|
|
source "proxmox-iso" "debian-13-trixie-luks" {
|
|
# Proxmox Connection Settings
|
|
proxmox_url = "${var.proxmox_api_url}"
|
|
username = "${var.proxmox_api_token_id}"
|
|
token = "${var.proxmox_api_token_secret}"
|
|
|
|
# Skip TLS Verification
|
|
insecure_skip_tls_verify = "${var.proxmox_skip_tls_verify}"
|
|
|
|
# VM General Settings
|
|
node = "${var.proxmox_node}"
|
|
vm_id = "${var.template_vm_id}"
|
|
vm_name = "debian-13-trixie-luks-${local.timestamp}"
|
|
template_description = "Debian 13 Trixie, LUKS encrypted, built with Packer on ${local.timestamp}\n\nLUKS default passphrase: `${var.default_luks_passphrase}`"
|
|
os = "l26"
|
|
qemu_agent = true
|
|
|
|
# VM Hardware Settings
|
|
machine = "q35"
|
|
cpu_type = "${var.template_cpu_type}"
|
|
cores = 2
|
|
memory = 2048
|
|
ballooning_minimum = 2048
|
|
bios = "ovmf"
|
|
scsi_controller = "virtio-scsi-single"
|
|
disks {
|
|
disk_size = "30G"
|
|
format = "qcow2"
|
|
storage_pool = "${var.disk_storage_pool}"
|
|
type = "scsi" # VirtIO-SCSI better maintained as virtio-blk has been deprecated in Proxmox VE 7.4+ and may cause issues with newer Linux kernels
|
|
io_thread = true
|
|
ssd = true
|
|
}
|
|
|
|
efi_config {
|
|
efi_storage_pool = "${var.disk_storage_pool}"
|
|
pre_enrolled_keys = true
|
|
efi_format = "raw"
|
|
efi_type = "4m"
|
|
}
|
|
|
|
serials = [
|
|
"socket"
|
|
]
|
|
|
|
# Download ISO
|
|
boot_iso {
|
|
type = "scsi"
|
|
iso_url = "${var.iso_url}"
|
|
unmount = true
|
|
iso_storage_pool = "${var.iso_storage_pool}"
|
|
iso_checksum = "${var.iso_checksum}"
|
|
}
|
|
|
|
# VM Network Settings
|
|
network_adapters {
|
|
model = "virtio"
|
|
mac_address = "${var.mac_address}"
|
|
bridge = "${var.network_bridge}"
|
|
firewall = "true"
|
|
}
|
|
|
|
# VM Cloud-Init Settings
|
|
cloud_init = true
|
|
cloud_init_storage_pool = "${var.disk_storage_pool}"
|
|
cloud_init_disk_type = "scsi"
|
|
|
|
# PACKER Boot Commands
|
|
boot = "order=scsi0;scsi1"
|
|
boot_wait = "10s"
|
|
communicator = "ssh"
|
|
boot_command = [
|
|
"<wait3>c<wait3>",
|
|
"linux /install.amd/vmlinuz auto-install/enable=true priority=critical ",
|
|
"DEBIAN_FRONTEND=text ",
|
|
"console=tty0 console=ttyS0,115200 earlyprintk=ttyS0,115200 consoleblank=0 ",
|
|
"passwd/root-password='${var.default_root_passphrase}' ",
|
|
"passwd/root-password-again='${var.default_root_passphrase}' ",
|
|
"partman-crypto/passphrase='${var.default_luks_passphrase}' ",
|
|
"partman-crypto/passphrase-again='${var.default_luks_passphrase}' ",
|
|
"INSTALL_FINISHED_INFORM_URL='http://{{ .HTTPIP }}:${var.install_finished_inform_port}/install_finished' ",
|
|
"preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg noprompt<enter>",
|
|
"initrd /install.amd/initrd.gz<enter>",
|
|
"DEBCONF_DEBUG=5<enter>",
|
|
"boot<enter>"
|
|
]
|
|
|
|
# PACKER Autoinstall Settings
|
|
http_directory = "debian/13-trixie-luks/http"
|
|
http_interface = "${var.source_proxmox_http_interface}"
|
|
|
|
# SSH Settings
|
|
ssh_username = "root"
|
|
ssh_password = "${var.default_root_passphrase}"
|
|
ssh_timeout = "20m"
|
|
ssh_pty = true
|
|
}
|
|
|
|
build {
|
|
name = "debian-13-trixie-luks-image"
|
|
sources = ["source.proxmox-iso.debian-13-trixie-luks"]
|
|
|
|
# Install dependencies and default packages
|
|
provisioner "shell" {
|
|
inline = [
|
|
"export DEBIAN_FRONTEND=noninteractive",
|
|
"apt-get update",
|
|
"apt-get install -y age apt-transport-https aria2 bat bc bmon btop ca-certificates curl duf eza fastfetch fzf git gnupg htop iftop iotop iperf jq lsof magic-wormhole mosh mtr ncdu parted progress pv ripgrep rsync smartmontools socat sudo tmux usbutils vim wget yq zsh zstd"
|
|
]
|
|
}
|
|
|
|
# Install Tailscale
|
|
provisioner "shell" {
|
|
script = "debian/13-trixie-luks/scripts/tailscale.sh"
|
|
}
|
|
|
|
# Setup CrowdSec Repo
|
|
provisioner "shell" {
|
|
script = "debian/13-trixie-luks/scripts/crowdsec-repo-setup.sh"
|
|
}
|
|
|
|
# Install CrowdSec
|
|
provisioner "shell" {
|
|
inline = [
|
|
"apt-get install -y crowdsec",
|
|
"apt-get install -y crowdsec-firewall-bouncer-iptables"
|
|
]
|
|
}
|
|
|
|
# Configure CrowdSec
|
|
provisioner "shell" {
|
|
script = "debian/13-trixie-luks/scripts/crowdsec-configuration.sh"
|
|
}
|
|
|
|
# Provisioning the VM Template for Cloud-Init Integration in Proxmox #2
|
|
provisioner "file" {
|
|
source = "debian/13-trixie-luks/files/99-pve.cfg"
|
|
destination = "/tmp/99-pve.cfg"
|
|
}
|
|
|
|
# Provisioning the VM Template for Cloud-Init Integration in Proxmox #3
|
|
provisioner "shell" {
|
|
inline = ["sudo cp /tmp/99-pve.cfg /etc/cloud/cloud.cfg.d/99-pve.cfg"]
|
|
}
|
|
|
|
# Remove CD-ROM entries from APT sources list
|
|
provisioner "shell" {
|
|
inline = ["sed -i '/cdrom/d' /etc/apt/sources.list"]
|
|
}
|
|
|
|
# Add custom APT sources list
|
|
provisioner "file" {
|
|
source = "debian/13-trixie-luks/files/debian.sources"
|
|
destination = "/etc/apt/sources.list.d/debian.sources"
|
|
}
|
|
|
|
provisioner "file" {
|
|
source = "debian/13-trixie-luks/files/90-initial-login-setup.sh"
|
|
destination = "/etc/profile.d/90-initial-login-setup.sh"
|
|
}
|
|
|
|
provisioner "file" {
|
|
source = "debian/13-trixie-luks/files/initial-setup.sh"
|
|
destination = "/usr/local/bin/initial-setup.sh"
|
|
}
|
|
|
|
provisioner "shell" {
|
|
inline = [
|
|
"chmod +x /usr/local/bin/initial-setup.sh"
|
|
]
|
|
}
|
|
|
|
# Install Clevis
|
|
provisioner "shell" {
|
|
inline = [
|
|
"apt-get update",
|
|
"apt-get install -y clevis clevis-luks clevis-initramfs"
|
|
]
|
|
}
|
|
|
|
# Setup Serial Console for xterm.js in Proxmox VE
|
|
provisioner "shell" {
|
|
inline = [
|
|
"sed -i 's/#\\?GRUB_CMDLINE_LINUX=.*\"/GRUB_CMDLINE_LINUX=\"console=tty0 console=ttyS0,115200 earlyprintk=ttyS0,115200 consoleblank=0\"/' /etc/default/grub",
|
|
"sed -i 's/#\\?GRUB_TERMINAL=.*/GRUB_TERMINAL=\"serial console\"/' /etc/default/grub",
|
|
"sed -i 's/#\\?GRUB_SERIAL_COMMAND=.*/GRUB_SERIAL_COMMAND=\"serial --speed=115200\"/' /etc/default/grub",
|
|
"update-grub"
|
|
]
|
|
}
|
|
|
|
# Provisioning the VM Template for Cloud-Init Integration in Proxmox #1
|
|
provisioner "shell" {
|
|
inline = [
|
|
"rm /etc/ssh/ssh_host_*",
|
|
"truncate -s 0 /etc/machine-id",
|
|
"apt -y autoremove --purge 2> /dev/null",
|
|
"apt -y clean 2> /dev/null",
|
|
"apt -y autoclean 2> /dev/null",
|
|
"rm -rf /var/cache/apt/archives /var/lib/apt/lists/*",
|
|
"cloud-init clean",
|
|
"rm -f /etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg",
|
|
"sync"
|
|
]
|
|
}
|
|
|
|
# Remove temporary settings and configuration for packer build
|
|
provisioner "shell" {
|
|
inline = [
|
|
"sed -i 's/^#\\?PermitRootLogin .*/PermitRootLogin no/' /etc/ssh/sshd_config",
|
|
"sed -i 's/^#\\?PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config",
|
|
"passwd -dl root"
|
|
]
|
|
}
|
|
}
|