tim/homelab-packer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Tim Unkrig
2023-10-12 10:51:18 +02:00
commit 5368205cb8
8 changed files with 403 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cloudinit/99-pve.cfg Normal file
View File

@@ -0,0 +1 @@
datasource_list: [ NoCloud, ConfigDrive ]

123
cloudinit/cloud.cfg Normal file
View File

@@ -0,0 +1,123 @@
# The top level settings are used as module
# and system configuration.
# Update the contents of /etc/hosts. This will use the name you
# specified when creating the VM in proxmox
manage_etc_hosts: true
# A set of users which may be applied and/or used by various modules
# when a 'default' entry is found it will reference the 'default_user'
# from the distro configuration specified below
users:
- default
# If this is set, 'root' will not be able to ssh in and they
# will get a message to login instead as the above $user (debian)
disable_root: true
# Change default root password from the preseed file to a random one
chpasswd:
list: |
root:RANDOM
# Update apt database on first boot (run 'apt-get update')
apt_update: true
# Upgrade the instance on first boot
apt_upgrade: true
# Reboot after package install/update if necessary
apt_reboot_if_required: true
# Install useful packages
packages:
- vim
# Write out new SSH daemon configuration. Standard debian 11 configuration
# apart from forbidding root login and disabling password authentication
write_files:
- path: /etc/ssh/sshd_config
content: |
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
# The modules that run in the 'init' stage
cloud_init_modules:
- migrator
- seed_random
- bootcmd
- write-files
- growpart
- resizefs
- disk_setup
- mounts
- set_hostname
- update_hostname
- update_etc_hosts
- ca-certs
- rsyslog
- users-groups
- ssh
# The modules that run in the 'config' stage
cloud_config_modules:
- emit_upstart
- ssh-import-id
- locale
- set-passwords
- grub-dpkg
- apt-pipelining
- apt-configure
- ntp
- timezone
- disable-ec2-metadata
- runcmd
- byobu
# The modules that run in the 'final' stage
cloud_final_modules:
- package-update-upgrade-install
- scripts-vendor
- scripts-per-once
- scripts-per-boot
- scripts-per-instance
- scripts-user
- ssh-authkey-fingerprints
- final-message
# System and/or distro specific settings
# (not accessible to handlers/transforms)
system_info:
# This will affect which distro class gets used
distro: debian
# Default user name + that default users groups (if added/used)
default_user:
name: debian
lock_passwd: True
gecos: Debian
groups: [adm, audio, cdrom, dialout, dip, floppy, netdev, plugdev, sudo, video]
sudo: ["ALL=(ALL) NOPASSWD:ALL"]
shell: /bin/bash
# Don't forget to add your public key here
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHRYu07KxH1k+RvQ0JjDeLslwEgmWNdU5xtgYXCHoG7L tim@matabi
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6xkvp6hi1jat9640TMk3q3YwrsmwCDTmnMJTCsrCPn45JahGOA+nE8hrb75yd0WQb8Khn/prWfwWDaXzxg70pDuznlXfOnvATB0zPdNJngEM3vmo2U1bCnICCxKWRiGTH10LHb8ZGy0rRNDubryRWsIcxE4Vrp07e+suPkLjd55dKEsxz5G0lK7dMmEHlMy0Cy4tVBQlws0kFLtWLu3xL0TGRvhM0nrKNyHlRlOgWN1FIymukkpXLT71YwMidTr2y7fhmYP6qZB/2tKJT/4GzKsvfyHmzKxZgRXOJCUiu1mb9WIJ4wGDX9KVkAoCmH6yK1XulEib9+OeskolyYsdYGmpSFcFb9/6eHLEA94inHqe5xzLNnZMotzkEGy0xPH61c0TrUV5J8JU6jKtnl+F2VRPeemw7Y3nNDqka2O0U9AQDchjoHl7VvAWcV7XUyS9L/ve8FsHNRXpG9t6AJWd92MOPs2F9jXGbVDwwNrRhDp1emc0yKi4KxsSNlF+gvC4uD+p2IWhWoQSY4BYvxwK063fvTTu3xNUPL8EV8oX4E2+IzKJwwOIRawyjJuEfIGUA27ye7VrCkc/LOgpHU/lM7NzutBMBTKLJb012BncvZ14B6R3LeUuCKqN8qrhv2tbW4UIzhhn1g1+Wov7PFAOC/i6oDqsxOWh2heEX2UMKQQ== tim@matabi
# Other config here will be given to the distro class and/or path classes
paths:
cloud_dir: /var/lib/cloud/
templates_dir: /etc/cloud/templates/
upstart_dir: /etc/init/
package_mirrors:
- arches: [default]
failsafe:
primary: http://deb.debian.org/debian
security: http://security.debian.org/
ssh_svcname: ssh

14
debian-bookworm.build.pkr.hcl Normal file
View File

@@ -0,0 +1,14 @@
# Build Definition to create the VM Template
build {
sources = ["source.proxmox-iso.debian-12-bookworm-cloudinit-template"]
provisioner "file" {
destination = "/etc/cloud/cloud.cfg"
source = "cloudinit/cloud.cfg"
}
provisioner "file" {
destination = "/etc/cloud/cloud.cfg.d/99-pve.cfg"
source = "cloudinit/99-pve.cfg"
}
}

8
debian-bookworm.config.pkr.hcl Normal file
View File

@@ -0,0 +1,8 @@
packer {
required_plugins {
proxmox = {
version = ">= 1.1.3"
source = "github.com/hashicorp/proxmox"
}
}
}

59
debian-bookworm.source.pkr.hcl Normal file
View File

@@ -0,0 +1,59 @@
# Resource Definiation for the VM Template
source "proxmox-iso" "debian-12-bookworm-cloudinit-template" {
# Proxmox Connection Settings
proxmox_url = var.proxmox_api_url
username = var.proxmox_api_token_id
token = var.proxmox_api_token_secret
insecure_skip_tls_verify = true
# VM General Settings
node = "proxmox" # add your proxmox node
vm_id = "9999"
vm_name = "debian-12-bookworm-cloudinit-template"
template_description = "Debian 12 Bookworm cloudinit template"
# iso_url = "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.2.0-amd64-netinst.iso"
# iso_checksum = "23ab444503069d9ef681e3028016250289a33cc7bab079259b73100daee0af66"
iso_file = "local:iso/debian-12.2.0-amd64-netinst.iso"
iso_storage_pool = "local"
unmount_iso = true
# VM Settings
machine = "q35"
# bios = "ovmf"
os = "l26"
qemu_agent = true
cores = "1"
cpu_type = "host"
memory = "2048"
cloud_init = true
cloud_init_storage_pool = "local"
scsi_controller = "virtio-scsi-pci"
disks {
disk_size = "8G"
format = "qcow2"
storage_pool = "local"
type = "virtio"
}
network_adapters {
model = "virtio"
bridge = "vmbr0"
firewall = "false"
}
# PACKER Boot Commands
# boot_command = ["<wait><esc><wait>auto url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg<enter>"]
boot_command = ["<esc><wait>auto url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg<enter>"]
boot_wait = "15s"
# PACKER Autoinstall Settings
http_directory = "http"
http_port_min = 8802
http_port_max = 8802
ssh_username = "root"
ssh_password = "debian"
ssh_timeout = "20m"
}

12
debian-bookworm.variables.pkr.hcl Normal file
View File

@@ -0,0 +1,12 @@
variable "proxmox_api_url" {
type = string
}
variable "proxmox_api_token_id" {
type = string
}
variable "proxmox_api_token_secret" {
type = string
sensitive = true
}

183
http/preseed.cfg Normal file
View File

@@ -0,0 +1,183 @@
#### Contents of the preconfiguration file (for buster)
#
# The configuration fragments used in this file are also available as an
# example preconfiguration file from:
# https://www.debian.org/releases/buster/example-preseed.txt
#
# Some more preseed files that contain the full list of available preseed
# options:
# https://preseed.debian.net/debian-preseed/
# More about preseeding: https://wiki.debian.org/DebianInstaller/Preseed
### Localization
d-i debian-installer/locale string en_DE.UTF-8
# Keyboard selection
d-i keyboard-configuration/xkb-keymap select de
### Network configuration
# netcfg will choose an interface that has link if possible. This makes it
# skip displaying a list if there is more than one interface.
d-i netcfg/choose_interface select auto
# Any hostname and domain names assigned from dhcp take precedence over
# values set here. However, setting the values still prevents the questions
# from being shown, even if values come from dhcp.
d-i netcfg/get_hostname string unassigned-hostname
d-i netcfg/get_domain string unassigned-domain
# If you want to force a hostname, regardless of what either the DHCP
# server returns or what the reverse DNS entry for the IP is, uncomment
# and adjust the following line.
#d-i netcfg/hostname string somehost
# Disable that annoying WEP key dialog.
d-i netcfg/wireless_wep string
### Mirror settings
# If you select ftp, the mirror/country string does not need to be set.
#d-i mirror/protocol string ftp
d-i mirror/country string Germany
d-i mirror/http/hostname string ftp.de.debian.org
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string
### Account setup
# Skip creation of a normal user account.
d-i passwd/make-user boolean false
# Root password
d-i passwd/root-password password debian
d-i passwd/root-password-again password debian
### Clock and time zone setup
# Controls whether or not the hardware clock is set to UTC.
d-i clock-setup/utc boolean true
# You may set this to any valid setting for $TZ; see the contents of
# /usr/share/zoneinfo/ for valid values.
d-i time/zone string Europe/Berlin
# Controls whether to use NTP to set the clock during the install
d-i clock-setup/ntp boolean true
### Partitioning
# If the system has only one disk the installer will default to using that,
# but otherwise the device name must be given in traditional, non-devfs
# format (so e.g. /dev/sda and not e.g. /dev/discs/disc0/disc).
# For example, to use the first SCSI/SATA hard disk:
d-i partman-auto/disk string /dev/vda
# In addition, you'll need to specify the method to use.
# The presently available methods are:
# - regular: use the usual partition types for your architecture
# - lvm: use LVM to partition the disk
# - crypto: use LVM within an encrypted partition
d-i partman-auto/method string regular
# You can define the amount of space that will be used for the LVM volume
# group. It can either be a size with its unit (eg. 20 GB), a percentage of
# free space or the 'max' keyword.
d-i partman-auto-lvm/guided_size string max
# If one of the disks that are going to be automatically partitioned
# contains an old LVM configuration, the user will normally receive a
# warning. This can be preseeded away...
d-i partman-lvm/device_remove_lvm boolean true
# The same applies to pre-existing software RAID array:
d-i partman-md/device_remove_md boolean true
# And the same goes for the confirmation to write the lvm partitions.
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
# You can choose one of the three predefined partitioning recipes:
# - atomic: all files in one partition
# - home: separate /home partition
# - multi: separate /home, /var, and /tmp partitions
d-i partman-auto/choose_recipe select atomic
# This makes partman automatically partition without confirmation, provided
# that you told it what to do using one of the methods above.
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
### Package selection
tasksel tasksel/first multiselect standard, ssh-server
# Individual additional packages to install (space separated).
# qemu-guest-agent must be installed for the packer proxmox builder to
# work or else the build will fail.
d-i pkgsel/include string qemu-guest-agent cloud-init
# Whether to upgrade packages after debootstrap.
# Allowed values: none, safe-upgrade, full-upgrade
#d-i pkgsel/upgrade select none
# Some versions of the installer can report back on what software you have
# installed, and what software you use. The default is not to report back,
# but sending reports helps the project determine what software is most
# popular and include it on CDs.
popularity-contest popularity-contest/participate boolean false
### Boot loader installation
# Grub is the default boot loader (for x86). If you want lilo installed
# instead, uncomment this:
#d-i grub-installer/skip boolean true
# To also skip installing lilo, and install no bootloader, uncomment this
# too:
#d-i lilo-installer/skip boolean true
# This is fairly safe to set, it makes grub install automatically to the MBR
# if no other operating system is detected on the machine.
d-i grub-installer/only_debian boolean true
# This one makes grub-installer install to the MBR if it also finds some other
# OS, which is less safe as it might not be able to boot that other OS.
d-i grub-installer/with_other_os boolean true
# Due notably to potential USB sticks, the location of the MBR can not be
# determined safely in general, so this needs to be specified:
d-i grub-installer/bootdev string /dev/vda
# To install to the first device (assuming it is not a USB stick):
#d-i grub-installer/bootdev string default
### Finishing up the installation
# Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note
#### Advanced options
### Running custom commands during the installation
# d-i preseeding is inherently not secure. Nothing in the installer checks
# for attempts at buffer overflows or other exploits of the values of a
# preconfiguration file like this one. Only use preconfiguration files from
# trusted locations! To drive that home, and because it's generally useful,
# here's a way to run any shell command you'd like inside the installer,
# automatically.
# This first command is run as early as possible, just after
# preseeding is read.
#d-i preseed/early_command string anna-install some-udeb
# This command is run immediately before the partitioner starts. It may be
# useful to apply dynamic partitioner preseeding that depends on the state
# of the disks (which may not be visible when preseed/early_command runs).
#d-i partman/early_command \
# string debconf-set partman-auto/disk "$(list-devices disk | head -n1)"
# This command is run just before the install finishes, but when there is
# still a usable /target directory. You can chroot to /target and use it
# directly, or use the apt-install and in-target commands to easily install
# packages and run commands in the target system.
#d-i preseed/late_command string apt-install zsh; in-target chsh -s /bin/zsh
d-i preseed/late_command string in-target sed -e 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' -i /etc/ssh/sshd_config

3
variables.auto.pkrvars.hcl Normal file
View File

@@ -0,0 +1,3 @@
proxmox_api_url = "https://10.20.1.250:8006/api2/json"
proxmox_api_token_id = "root@pam!terraform"
proxmox_api_token_secret = "5da78dbe-0d78-48e5-81a3-5eaa35ff052e"