commit 5368205cb87320b0af83bf266f388b5e5ef448e3 Author: Tim Unkrig Date: Thu Oct 12 10:51:18 2023 +0200 Initial commit diff --git a/cloudinit/99-pve.cfg b/cloudinit/99-pve.cfg new file mode 100644 index 0000000..3b655fc --- /dev/null +++ b/cloudinit/99-pve.cfg @@ -0,0 +1 @@ +datasource_list: [ NoCloud, ConfigDrive ] \ No newline at end of file diff --git a/cloudinit/cloud.cfg b/cloudinit/cloud.cfg new file mode 100644 index 0000000..53e3c46 --- /dev/null +++ b/cloudinit/cloud.cfg @@ -0,0 +1,123 @@ +# The top level settings are used as module +# and system configuration. + +# Update the contents of /etc/hosts. This will use the name you +# specified when creating the VM in proxmox +manage_etc_hosts: true + +# A set of users which may be applied and/or used by various modules +# when a 'default' entry is found it will reference the 'default_user' +# from the distro configuration specified below +users: + - default + +# If this is set, 'root' will not be able to ssh in and they +# will get a message to login instead as the above $user (debian) +disable_root: true + +# Change default root password from the preseed file to a random one +chpasswd: + list: | + root:RANDOM + +# Update apt database on first boot (run 'apt-get update') +apt_update: true + +# Upgrade the instance on first boot +apt_upgrade: true + +# Reboot after package install/update if necessary +apt_reboot_if_required: true + +# Install useful packages +packages: + - vim + +# Write out new SSH daemon configuration. Standard debian 11 configuration +# apart from forbidding root login and disabling password authentication +write_files: + - path: /etc/ssh/sshd_config + content: | + PermitRootLogin no + PubkeyAuthentication yes + PasswordAuthentication no + PermitEmptyPasswords no + ChallengeResponseAuthentication no + UsePAM yes + X11Forwarding yes + PrintMotd no + AcceptEnv LANG LC_* + Subsystem sftp /usr/lib/openssh/sftp-server + +# The modules that run in the 'init' stage +cloud_init_modules: + - migrator + - seed_random + - bootcmd + - write-files + - growpart + - resizefs + - disk_setup + - mounts + - set_hostname + - update_hostname + - update_etc_hosts + - ca-certs + - rsyslog + - users-groups + - ssh + +# The modules that run in the 'config' stage +cloud_config_modules: + - emit_upstart + - ssh-import-id + - locale + - set-passwords + - grub-dpkg + - apt-pipelining + - apt-configure + - ntp + - timezone + - disable-ec2-metadata + - runcmd + - byobu + +# The modules that run in the 'final' stage +cloud_final_modules: + - package-update-upgrade-install + - scripts-vendor + - scripts-per-once + - scripts-per-boot + - scripts-per-instance + - scripts-user + - ssh-authkey-fingerprints + - final-message + +# System and/or distro specific settings +# (not accessible to handlers/transforms) +system_info: + # This will affect which distro class gets used + distro: debian + # Default user name + that default users groups (if added/used) + default_user: + name: debian + lock_passwd: True + gecos: Debian + groups: [adm, audio, cdrom, dialout, dip, floppy, netdev, plugdev, sudo, video] + sudo: ["ALL=(ALL) NOPASSWD:ALL"] + shell: /bin/bash + # Don't forget to add your public key here + ssh_authorized_keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHRYu07KxH1k+RvQ0JjDeLslwEgmWNdU5xtgYXCHoG7L tim@matabi + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6xkvp6hi1jat9640TMk3q3YwrsmwCDTmnMJTCsrCPn45JahGOA+nE8hrb75yd0WQb8Khn/prWfwWDaXzxg70pDuznlXfOnvATB0zPdNJngEM3vmo2U1bCnICCxKWRiGTH10LHb8ZGy0rRNDubryRWsIcxE4Vrp07e+suPkLjd55dKEsxz5G0lK7dMmEHlMy0Cy4tVBQlws0kFLtWLu3xL0TGRvhM0nrKNyHlRlOgWN1FIymukkpXLT71YwMidTr2y7fhmYP6qZB/2tKJT/4GzKsvfyHmzKxZgRXOJCUiu1mb9WIJ4wGDX9KVkAoCmH6yK1XulEib9+OeskolyYsdYGmpSFcFb9/6eHLEA94inHqe5xzLNnZMotzkEGy0xPH61c0TrUV5J8JU6jKtnl+F2VRPeemw7Y3nNDqka2O0U9AQDchjoHl7VvAWcV7XUyS9L/ve8FsHNRXpG9t6AJWd92MOPs2F9jXGbVDwwNrRhDp1emc0yKi4KxsSNlF+gvC4uD+p2IWhWoQSY4BYvxwK063fvTTu3xNUPL8EV8oX4E2+IzKJwwOIRawyjJuEfIGUA27ye7VrCkc/LOgpHU/lM7NzutBMBTKLJb012BncvZ14B6R3LeUuCKqN8qrhv2tbW4UIzhhn1g1+Wov7PFAOC/i6oDqsxOWh2heEX2UMKQQ== tim@matabi + # Other config here will be given to the distro class and/or path classes + paths: + cloud_dir: /var/lib/cloud/ + templates_dir: /etc/cloud/templates/ + upstart_dir: /etc/init/ + package_mirrors: + - arches: [default] + failsafe: + primary: http://deb.debian.org/debian + security: http://security.debian.org/ + ssh_svcname: ssh \ No newline at end of file diff --git a/debian-bookworm.build.pkr.hcl b/debian-bookworm.build.pkr.hcl new file mode 100644 index 0000000..4a5b1a9 --- /dev/null +++ b/debian-bookworm.build.pkr.hcl @@ -0,0 +1,14 @@ +# Build Definition to create the VM Template +build { + sources = ["source.proxmox-iso.debian-12-bookworm-cloudinit-template"] + + provisioner "file" { + destination = "/etc/cloud/cloud.cfg" + source = "cloudinit/cloud.cfg" + } + + provisioner "file" { + destination = "/etc/cloud/cloud.cfg.d/99-pve.cfg" + source = "cloudinit/99-pve.cfg" + } +} \ No newline at end of file diff --git a/debian-bookworm.config.pkr.hcl b/debian-bookworm.config.pkr.hcl new file mode 100644 index 0000000..8e2c503 --- /dev/null +++ b/debian-bookworm.config.pkr.hcl @@ -0,0 +1,8 @@ +packer { + required_plugins { + proxmox = { + version = ">= 1.1.3" + source = "github.com/hashicorp/proxmox" + } + } +} \ No newline at end of file diff --git a/debian-bookworm.source.pkr.hcl b/debian-bookworm.source.pkr.hcl new file mode 100644 index 0000000..58dc3b1 --- /dev/null +++ b/debian-bookworm.source.pkr.hcl @@ -0,0 +1,59 @@ +# Resource Definiation for the VM Template +source "proxmox-iso" "debian-12-bookworm-cloudinit-template" { + + # Proxmox Connection Settings + proxmox_url = var.proxmox_api_url + username = var.proxmox_api_token_id + token = var.proxmox_api_token_secret + insecure_skip_tls_verify = true + + # VM General Settings + node = "proxmox" # add your proxmox node + vm_id = "9999" + vm_name = "debian-12-bookworm-cloudinit-template" + template_description = "Debian 12 Bookworm cloudinit template" + # iso_url = "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.2.0-amd64-netinst.iso" + # iso_checksum = "23ab444503069d9ef681e3028016250289a33cc7bab079259b73100daee0af66" + iso_file = "local:iso/debian-12.2.0-amd64-netinst.iso" + iso_storage_pool = "local" + unmount_iso = true + + # VM Settings + machine = "q35" + # bios = "ovmf" + os = "l26" + qemu_agent = true + cores = "1" + cpu_type = "host" + memory = "2048" + cloud_init = true + cloud_init_storage_pool = "local" + + scsi_controller = "virtio-scsi-pci" + disks { + disk_size = "8G" + format = "qcow2" + storage_pool = "local" + type = "virtio" + } + + network_adapters { + model = "virtio" + bridge = "vmbr0" + firewall = "false" + } + + # PACKER Boot Commands + # boot_command = ["auto url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg"] + boot_command = ["auto url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg"] + boot_wait = "15s" + + # PACKER Autoinstall Settings + http_directory = "http" + http_port_min = 8802 + http_port_max = 8802 + + ssh_username = "root" + ssh_password = "debian" + ssh_timeout = "20m" +} \ No newline at end of file diff --git a/debian-bookworm.variables.pkr.hcl b/debian-bookworm.variables.pkr.hcl new file mode 100644 index 0000000..47cbf7f --- /dev/null +++ b/debian-bookworm.variables.pkr.hcl @@ -0,0 +1,12 @@ +variable "proxmox_api_url" { + type = string +} + +variable "proxmox_api_token_id" { + type = string +} + +variable "proxmox_api_token_secret" { + type = string + sensitive = true +} \ No newline at end of file diff --git a/http/preseed.cfg b/http/preseed.cfg new file mode 100644 index 0000000..a6b4e70 --- /dev/null +++ b/http/preseed.cfg @@ -0,0 +1,183 @@ +#### Contents of the preconfiguration file (for buster) +# +# The configuration fragments used in this file are also available as an +# example preconfiguration file from: +# https://www.debian.org/releases/buster/example-preseed.txt +# +# Some more preseed files that contain the full list of available preseed +# options: +# https://preseed.debian.net/debian-preseed/ + +# More about preseeding: https://wiki.debian.org/DebianInstaller/Preseed + +### Localization +d-i debian-installer/locale string en_DE.UTF-8 + +# Keyboard selection +d-i keyboard-configuration/xkb-keymap select de + +### Network configuration + +# netcfg will choose an interface that has link if possible. This makes it +# skip displaying a list if there is more than one interface. +d-i netcfg/choose_interface select auto + +# Any hostname and domain names assigned from dhcp take precedence over +# values set here. However, setting the values still prevents the questions +# from being shown, even if values come from dhcp. +d-i netcfg/get_hostname string unassigned-hostname +d-i netcfg/get_domain string unassigned-domain + +# If you want to force a hostname, regardless of what either the DHCP +# server returns or what the reverse DNS entry for the IP is, uncomment +# and adjust the following line. +#d-i netcfg/hostname string somehost + +# Disable that annoying WEP key dialog. +d-i netcfg/wireless_wep string + +### Mirror settings + +# If you select ftp, the mirror/country string does not need to be set. +#d-i mirror/protocol string ftp +d-i mirror/country string Germany +d-i mirror/http/hostname string ftp.de.debian.org +d-i mirror/http/directory string /debian +d-i mirror/http/proxy string + +### Account setup + +# Skip creation of a normal user account. +d-i passwd/make-user boolean false + +# Root password +d-i passwd/root-password password debian +d-i passwd/root-password-again password debian + +### Clock and time zone setup + +# Controls whether or not the hardware clock is set to UTC. +d-i clock-setup/utc boolean true + +# You may set this to any valid setting for $TZ; see the contents of +# /usr/share/zoneinfo/ for valid values. +d-i time/zone string Europe/Berlin + +# Controls whether to use NTP to set the clock during the install +d-i clock-setup/ntp boolean true + +### Partitioning + +# If the system has only one disk the installer will default to using that, +# but otherwise the device name must be given in traditional, non-devfs +# format (so e.g. /dev/sda and not e.g. /dev/discs/disc0/disc). +# For example, to use the first SCSI/SATA hard disk: +d-i partman-auto/disk string /dev/vda + +# In addition, you'll need to specify the method to use. +# The presently available methods are: +# - regular: use the usual partition types for your architecture +# - lvm: use LVM to partition the disk +# - crypto: use LVM within an encrypted partition +d-i partman-auto/method string regular + +# You can define the amount of space that will be used for the LVM volume +# group. It can either be a size with its unit (eg. 20 GB), a percentage of +# free space or the 'max' keyword. +d-i partman-auto-lvm/guided_size string max + +# If one of the disks that are going to be automatically partitioned +# contains an old LVM configuration, the user will normally receive a +# warning. This can be preseeded away... +d-i partman-lvm/device_remove_lvm boolean true +# The same applies to pre-existing software RAID array: +d-i partman-md/device_remove_md boolean true +# And the same goes for the confirmation to write the lvm partitions. +d-i partman-lvm/confirm boolean true +d-i partman-lvm/confirm_nooverwrite boolean true + +# You can choose one of the three predefined partitioning recipes: +# - atomic: all files in one partition +# - home: separate /home partition +# - multi: separate /home, /var, and /tmp partitions +d-i partman-auto/choose_recipe select atomic + +# This makes partman automatically partition without confirmation, provided +# that you told it what to do using one of the methods above. +d-i partman-partitioning/confirm_write_new_label boolean true +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true + +### Package selection +tasksel tasksel/first multiselect standard, ssh-server + +# Individual additional packages to install (space separated). +# qemu-guest-agent must be installed for the packer proxmox builder to +# work or else the build will fail. +d-i pkgsel/include string qemu-guest-agent cloud-init +# Whether to upgrade packages after debootstrap. +# Allowed values: none, safe-upgrade, full-upgrade +#d-i pkgsel/upgrade select none + +# Some versions of the installer can report back on what software you have +# installed, and what software you use. The default is not to report back, +# but sending reports helps the project determine what software is most +# popular and include it on CDs. +popularity-contest popularity-contest/participate boolean false + +### Boot loader installation + +# Grub is the default boot loader (for x86). If you want lilo installed +# instead, uncomment this: +#d-i grub-installer/skip boolean true +# To also skip installing lilo, and install no bootloader, uncomment this +# too: +#d-i lilo-installer/skip boolean true + +# This is fairly safe to set, it makes grub install automatically to the MBR +# if no other operating system is detected on the machine. +d-i grub-installer/only_debian boolean true + +# This one makes grub-installer install to the MBR if it also finds some other +# OS, which is less safe as it might not be able to boot that other OS. +d-i grub-installer/with_other_os boolean true + +# Due notably to potential USB sticks, the location of the MBR can not be +# determined safely in general, so this needs to be specified: +d-i grub-installer/bootdev string /dev/vda +# To install to the first device (assuming it is not a USB stick): +#d-i grub-installer/bootdev string default + +### Finishing up the installation + +# Avoid that last message about the install being complete. +d-i finish-install/reboot_in_progress note + +#### Advanced options + +### Running custom commands during the installation + +# d-i preseeding is inherently not secure. Nothing in the installer checks +# for attempts at buffer overflows or other exploits of the values of a +# preconfiguration file like this one. Only use preconfiguration files from +# trusted locations! To drive that home, and because it's generally useful, +# here's a way to run any shell command you'd like inside the installer, +# automatically. + +# This first command is run as early as possible, just after +# preseeding is read. +#d-i preseed/early_command string anna-install some-udeb + +# This command is run immediately before the partitioner starts. It may be +# useful to apply dynamic partitioner preseeding that depends on the state +# of the disks (which may not be visible when preseed/early_command runs). +#d-i partman/early_command \ +# string debconf-set partman-auto/disk "$(list-devices disk | head -n1)" + +# This command is run just before the install finishes, but when there is +# still a usable /target directory. You can chroot to /target and use it +# directly, or use the apt-install and in-target commands to easily install +# packages and run commands in the target system. +#d-i preseed/late_command string apt-install zsh; in-target chsh -s /bin/zsh +d-i preseed/late_command string in-target sed -e 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' -i /etc/ssh/sshd_config \ No newline at end of file diff --git a/variables.auto.pkrvars.hcl b/variables.auto.pkrvars.hcl new file mode 100644 index 0000000..9058ab1 --- /dev/null +++ b/variables.auto.pkrvars.hcl @@ -0,0 +1,3 @@ +proxmox_api_url = "https://10.20.1.250:8006/api2/json" +proxmox_api_token_id = "root@pam!terraform" +proxmox_api_token_secret = "5da78dbe-0d78-48e5-81a3-5eaa35ff052e" \ No newline at end of file