Debian build works; Manual LUKS passphrase entry still required

debian/13-trixie/debian-trixie.pkr.hcl

@@ -82,6 +82,7 @@ source "proxmox-iso" "debian-13-trixie" {
 
   # PACKER Autoinstall Settings
   http_directory = "debian/13-trixie/http"
+  http_interface = "${var.source_proxmox_http_interface}"
 
   # SSH Settings
   ssh_username = "root"

debian/13-trixie/http/preseed.cfg

@@ -1,78 +1,159 @@
-# Language
+#_preseed_V1
-d-i debian-installer/locale string en_US.UTF-8
 
-# Keyboard
+### Localization
+d-i debian-installer/locale string en_US.UTF-8
 d-i keyboard-configuration/xkb-keymap select us
 
+### Unattended
 d-i auto-install/enable boolean true
+d-i debconf/priority select critical
 d-i debian-installer/framebuffer boolean false
 
-# Network
+### Network
 d-i netcfg/choose_interface select ens18
-d-i netcfg/get_hostname string debian_foobar
+d-i netcfg/get_hostname string debian-13-template
 d-i netcfg/get_domain string
 d-i netcfg/wireless_wep string
 d-i netcfg/disable_dhcp boolean false
 
-# Root Password
+### Root Password (no user)
 d-i passwd/make-user boolean false
 d-i passwd/root-password password packer
 d-i passwd/root-password-again password packer
 
-# Turn CD Off
+### Mirror / APT
 d-i apt-setup/cdrom/set-first boolean false
 d-i apt-setup/cdrom/set-next boolean false
 d-i apt-setup/cdrom/set-failed boolean false
 
-d-i apt-setup/local0/repository string http://deb.debian.org/debian/ trixie main contrib non-free
-popularity-contest popularity-contest/participate boolean false
-
-### Mirror settings
 d-i mirror/country string manual
 d-i mirror/http/hostname string ftp.de.debian.org
 d-i mirror/http/directory string /debian
 d-i mirror/http/proxy string
 
-# Timezone
+# If you want an explicit suite:
+# d-i mirror/suite string trixie
+
+# Your extra repo line (updated to also include non-free-firmware for trixie)
+d-i apt-setup/local0/repository string http://ftp.de.debian.org/debian/ trixie main contrib non-free non-free-firmware
+popularity-contest popularity-contest/participate boolean false
+
+d-i apt-setup/contrib boolean true
+d-i apt-setup/non-free boolean true
+d-i apt-setup/non-free-firmware boolean true
+d-i apt-setup/security_host string security.debian.org
+d-i apt-setup/services-select multiselect security, updates
+
+### Timezone
 d-i clock-setup/utc boolean true
 d-i time/zone string UTC
 d-i clock-setup/ntp boolean true
 
-# Storage
+### Storage (UEFI + /boot + LUKS/LVM)
-d-i partman-auto/method string lvm
+# Pick first detected disk automatically
+d-i preseed/early_command string \
+  DISK="$(list-devices disk | head -n1)"; \
+  debconf-set partman-auto/disk "$DISK";
+
+# "crypto" = LVM within an encrypted partition  [oai_citation:3‡Debian](https://www.debian.org/releases/stable/amd64/apbs04.en.html)
+d-i partman-auto/method string crypto
 d-i partman-auto-lvm/guided_size string max
+d-i partman-auto-lvm/new_vg_name string vg0
+
+# Cleanup old metadata if present
 d-i partman-lvm/device_remove_lvm boolean true
 d-i partman-md/device_remove_md boolean true
+
+# Confirmations
 d-i partman-lvm/confirm boolean true
 d-i partman-lvm/confirm_nooverwrite boolean true
-d-i partman-auto/choose_recipe select atomic
+d-i partman-md/confirm boolean true
+d-i partman-md/confirm_nooverwrite boolean true
+
+# LUKS password
+d-i partman-crypto/passphrase password packer
+d-i partman-crypto/passphrase-again password packer
+d-i partman-crypto/weak_passphrase boolean true
+d-i partman-crypto/confirm boolean true
+d-i partman-auto-crypto/erase_disks boolean false
+
+# Ensure GPT
+d-i partman-partitioning/choose_label select gpt
+d-i partman-partitioning/default_label string gpt
+
+# Force UEFI (if needed in your environment)
+d-i partman-efi/non_efi_system boolean true
+
+# Do NOT go back to partitioning menu if a partition/LV has no filesystem
+d-i partman-basicmethods/method_only boolean false
+
+# Accept installing without swap (answer "No" to the warning)
+d-i partman-basicfilesystems/no_swap boolean false
+d-i partman-basicfilesystems/no_swap seen true
+
+# Custom recipe
+# NOTE: Avoid putting comments inside this expert_recipe block; d-i can ignore it.  [oai_citation:4‡Unix & Linux Stack Exchange](https://unix.stackexchange.com/questions/796185/debian-preseed-install-auto-creates-swap)
+d-i partman-auto/choose_recipe select luks-lvm
+d-i partman-auto/expert_recipe string \
+  luks-lvm :: \
+    1075 1075 1075 fat32 \
+      $primary{ } \
+      $iflabel{ gpt } \
+      $reusemethod{ } \
+      method{ efi } \
+      format{ } \
+      filesystem{ fat32 } \
+      mountpoint{ /boot/efi } \
+    . \
+    1075 1075 1075 ext4 \
+      $primary{ } \
+      $defaultignore{ } \
+      method{ format } \
+      format{ } \
+      use_filesystem{ } \
+      filesystem{ ext4 } \
+      mountpoint{ /boot } \
+    . \
+    25770 25770 25770 ext4 \
+      $lvmok{ } \
+      lv_name{ root } \
+      method{ format } \
+      format{ } \
+      use_filesystem{ } \
+      filesystem{ ext4 } \
+      mountpoint{ / } \
+    . \
+    1 10000 -1 ext4 \
+      $lvmok{ } \
+      lv_name{ reserved } \
+      method{ keep } \
+    .
+
 d-i partman-partitioning/confirm_write_new_label boolean true
 d-i partman/choose_partition select finish
 d-i partman/confirm boolean true
 d-i partman/confirm_nooverwrite boolean true
 
-# Software
+### Software
-d-i debconf debconf/frontend select noninteractive
+d-i debconf/frontend select noninteractive
 tasksel tasksel/first multiselect standard, ssh-server
 
-d-i apt-setup/contrib boolean true
-d-i apt-setup/non-free boolean true
-d-i apt-setup/security_host string security.debian.org
-d-i apt-setup/services-select multiselect security, updates
-
-
 d-i pkgsel/include string qemu-guest-agent cloud-init curl vim
 d-i pkgsel/upgrade select full-upgrade
 d-i pkgsel/update-policy select none
 d-i pkgsel/updatedb boolean true
 
-d-i preseed/late_command string \
+### Bootloader
-    in-target sed -e 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' -i /etc/ssh/sshd_config
-
-# Bootloader
 d-i grub-installer/only_debian boolean true
 d-i grub-installer/with_other_os boolean true
-d-i grub-installer/bootdev  string default
+d-i grub-installer/bootdev string default
 
-# Finish
+### Late command (single declaration; multiple commands chained)
+# 1) Remove filler LV so vg0 has free space after install
+# 2) Enable root ssh login (same intent as your original)
+d-i preseed/late_command string \
+  lvremove -f /dev/vg0/reserved || true; \
+  in-target sed -i 's/^#PermitRootLogin .*/PermitRootLogin yes/' /etc/ssh/sshd_config || true
+
+### Finish
 d-i finish-install/reboot_in_progress note

variables-common.pkr.hcl

@@ -9,3 +9,9 @@ variable "proxmox_skip_tls_verify" {
   default     = false
   description = "Whether to skip TLS verification for Proxmox API"
 }
+
+variable "source_proxmox_http_interface" {
+  type        = string
+  default     = "en18"
+  description = "The network interface to use for the Proxmox HTTP source"
+}