phg/packer
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
HCP Packer based VM templates for PVE
33 commits 1 branch 0 tags 166 KiB
Find a file
Exact
phg 775215f230 Refactor VM hardware settings and update disk type to SCSI for better compatibility with Proxmox VE 7.4+
2026-02-12 19:13:58 +01:00
_scripts Configure LUKS and root password via kernel boot options 2026-02-07 10:11:53 +01:00
debian/13-trixie-luks Refactor VM hardware settings and update disk type to SCSI for better compatibility with Proxmox VE 7.4+ 2026-02-12 19:13:58 +01:00
.gitignore Add overwrite-if.auto.pkrvars.hcl to .gitignore, since these options are specific for each pc where packer is running on 2026-02-12 19:13:38 +01:00
mise.toml Add LUKS wait seconds flag to build-luks task 2026-02-06 08:45:41 +01:00
README.md Update README.md with LUKS setup examples and ToDo enhancements 2026-02-12 19:13:47 +01:00
template-credentials.pkrvars.hcl initial commit 2026-01-24 00:59:25 +01:00
variables-common.pkr.hcl Move Proxmox API token variables to variables-common.pkr.hcl for better organization 2026-02-12 19:12:27 +01:00

README.md

Packer based PVE image templates

Table of Contents

Templates

Template ID OS Version Path LUKS encrypted? Mac Address IP Address
65000 Debian logo Debian 13-trixie debian/13-trixie-luks BC:24:11:00:13:37 192.168.9.29 (via DHCP)

Repository structure

 la 4 -I .git
Name
 ./
├──  _scripts/                                                                   Support scripts for building templates.
│   └──  unlock-luks-after-install.py*                                           Unlocks the LUKS encrypted Disk on the 1st Boot after installation.
├──  debian/                                                                     Debian template definitions and assets (Packer templates, cloud-init/KS files, provisioning files).
│   └──  13-trixie-luks/                                                         Template definition and assets for the Trixie template.
│       ├──  files/                                                              Files used for the file provisioner.
│       │   ├── 󱁻 99-pve.cfg                                                      Configures the data sources for cloud-init.
│       │   └──  debian.sources                                                  Debian package sources.
│       ├──  http/                                                               Files that Packer provides during build via http.
│       │   ├── 󱁻 ks.cfg                                                          Kickstart configuration.
│       │   ├── 󰡯 meta-data                                                       cloud-init configuration.
│       │   └── 󰡯 user-data                                                       cloud-init configuration.
│       ├──  credentials.auto.pkrvars.hcl -> ../../credentials.auto.pkrvars.hcl  Local secrets for Packer (API token, endpoints) used at build time.
│       ├──  debian-trixie.pkr.hcl                                               The build template.
│       ├──  variables-common.pkr.hcl -> ../../variables-common.pkr.hcl          Shared Packer variables used by templates.
│       └──  variables.pkr.hcl                                                   Packer variables only used for this template.
├──  OS/                                                                         Diretory to group templates for a specific OS.
│   └──  version_number[-version_codename][-luks]/                               Template definition and assets.
├──  downloaded_iso_path/                                                        Packer ISO cache directory (downloaded ISOs and lock files).
│   ├──  OS.iso
│   ├──  OS.iso.lock
│   ├──  [...].iso
│   └──  [...].iso.lock
├── 󰊢 .gitignore
├──  credentials.auto.pkrvars.hcl                                                Local secrets for Packer (API token, endpoints) used at build time.
├──  mise.toml                                                                   Task runner definitions for init/build/setup.
├── 󰂺 README.md
├──  template-credentials.pkrvars.hcl                                            Template to create `credentials.auto.pkrvars.hcl`.
└──  variables-common.pkr.hcl                                                    Shared Packer variables used by templates.

Initial Setup

Create Token

  1. Copy template-credentials.pkr.hcl to credentials.auto.pkrvars.hcl
  2. Open your Proxmox VE web interface & Login.
  3. Navigate to: Datacenter -> Permissions -> API Tokens
  4. Click: Add
  5. Configure in the dialog:
    1. User: root@pam (or the user you like, but It needs administrative permissions)
    2. Token ID: packer
    3. Privilege Separation: false
  6. Click: Add
  7. Copy the displayed Token ID and Token Secret to credentials.auto.pkrvars.hcl

Initialize Packer

Run packer init to initialize Packer according to a HCL template configuration. It's downloads and installs the required Plugins according to the required_plugins block in Packer templates.

mise run init <path-to-template-directory>

Build

To build a template run:

mise run build <path-to-template-directory>

Build LUKS encrypted Templates

To build a template run:

mise run build-luks <path-to-template-directory>

Setup new templates

Run:

mise run setup <distribution name> <version>

E.g. mise run setup debian 13-trixie or mise run setup debian 13-trixie-luks.

ToDo

  • Debian 13 with LUKS
    • Setup image with LUKS
    • Automated unlock from packer on 1st boot after installation
    • Setup dropbear
    • Setup Clevis/Tang
    • Copy initial setup script, to expand the disk and do various setup steps
    • Lock down root user (remove password, prohibit all logins)
    • Lock down SSH Server