Configure LUKS and root password via kernel boot options

2026-02-07 10:11:53 +01:00 · 2026-02-07 10:11:53 +01:00 · cea8812dbd
commit cea8812dbd
parent 9d6ce38c8e
4 changed files with 38 additions and 9 deletions
--- a/debian/13-trixie-luks/debian-trixie.pkr.hcl
+++ b/debian/13-trixie-luks/debian-trixie.pkr.hcl
@ -74,8 +74,13 @@ source "proxmox-iso" "debian-13-trixie-luks" {
  boot_command = [
    "<wait3>c<wait3>",
    "linux /install.amd/vmlinuz auto-install/enable=true priority=critical ",
+    "DEBIAN_FRONTEND=text ",
+    "passwd/root-password='${var.default_root_passphrase}' ",
+    "passwd/root-password-again='${var.default_root_passphrase}' ",
+    "partman-crypto/passphrase='${var.default_luks_passphrase}' ",
+    "partman-crypto/passphrase-again='${var.default_luks_passphrase}' ",
    "INSTALL_FINISHED_INFORM_URL='http://{{ .HTTPIP }}:${var.install_finished_inform_port}/install_finished' ",
-    "DEBIAN_FRONTEND=text preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg noprompt<enter>",
+    "preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg noprompt<enter>",
    "initrd /install.amd/initrd.gz<enter>",
    "DEBCONF_DEBUG=5<enter>",
    "boot<enter>"
@ -87,7 +92,7 @@ source "proxmox-iso" "debian-13-trixie-luks" {

  # SSH Settings
  ssh_username = "root"
-  ssh_password = "packer"
+  ssh_password = "${var.default_root_passphrase}"
  ssh_timeout  = "20m"
  ssh_pty      = true
 }
@ -104,9 +109,9 @@ build {
      "apt -y autoremove --purge 2> /dev/null",
      "apt -y clean 2> /dev/null",
      "apt -y autoclean 2> /dev/null",
+      "rm -rf /var/cache/apt/archives /var/lib/apt/lists/*",
      "cloud-init clean",
      "rm -f /etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg",
-      "rm -rf /var/cache/apt/archives /var/lib/apt/lists/*",
      "sync"
    ]
  }
--- a/debian/13-trixie-luks/http/preseed.cfg
+++ b/debian/13-trixie-luks/http/preseed.cfg
@ -18,8 +18,9 @@ d-i netcfg/disable_dhcp boolean false

 ### Root Password (no user)
 d-i passwd/make-user boolean false
-d-i passwd/root-password password packer
-d-i passwd/root-password-again password packer
+# Root password is set via kernel cmdline in debian-trixie.pkr.hcl; these lines are ignored but left here for reference:
+# d-i passwd/root-password password "$PACKER_ROOT_PASS"
+# d-i passwd/root-password-again password "$PACKER_ROOT_PASS"

 ### Mirror / APT
 d-i apt-setup/cdrom/set-first boolean false
@ -71,8 +72,9 @@ d-i partman-md/confirm boolean true
 d-i partman-md/confirm_nooverwrite boolean true

 # LUKS password
-d-i partman-crypto/passphrase password packer
-d-i partman-crypto/passphrase-again password packer
+# LUKS passphrase is set via kernel cmdline in debian-trixie.pkr.hcl; these lines are ignored but left here for reference:
+# d-i partman-crypto/passphrase password "$PACKER_LUKS_PASS"
+# d-i partman-crypto/passphrase-again password "$PACKER_LUKS_PASS"
 d-i partman-crypto/weak_passphrase boolean true
 d-i partman-crypto/confirm boolean true
 d-i partman-auto-crypto/erase_disks boolean false