Add new template for debian trixie without luks encryption; fix disk resizing on first boot; set default user and ssh keys for cloud init

2026-05-11 17:50:49 +02:00 · 2026-05-11 17:50:49 +02:00 · e57f2d977b
commit e57f2d977b
parent 775215f230
19 changed files with 2341 additions and 17 deletions
--- a/debian/13-trixie/debian-trixie.pkr.hcl
+++ b/debian/13-trixie/debian-trixie.pkr.hcl
@ -0,0 +1,233 @@
+packer {
+  required_plugins {
+    proxmox = {
+      version = "~> 1"
+      source  = "github.com/hashicorp/proxmox"
+    }
+  }
+}
+
+source "proxmox-iso" "debian-13-trixie" {
+  # Proxmox Connection Settings
+  proxmox_url = "${var.proxmox_api_url}"
+  username    = "${var.proxmox_api_token_id}"
+  token       = "${var.proxmox_api_token_secret}"
+
+  # Skip TLS Verification
+  insecure_skip_tls_verify = "${var.proxmox_skip_tls_verify}"
+
+  # VM General Settings
+  node                 = "${var.proxmox_node}"
+  vm_id                = "${var.template_vm_id}"
+  vm_name              = "debian-13-trixie-${local.timestamp}"
+  template_description = "Debian 13 Trixie, built with Packer on ${local.timestamp}"
+  os                   = "l26"
+  qemu_agent           = true
+
+  # VM Hardware Settings
+  machine            = "q35"
+  cpu_type           = "${var.template_cpu_type}"
+  cores              = 2
+  memory             = 2048
+  ballooning_minimum = 2048
+  bios               = "ovmf"
+  scsi_controller    = "virtio-scsi-single"
+  disks {
+    disk_size    = "30G"
+    format       = "raw"
+    storage_pool = "${var.disk_storage_pool}"
+    type         = "scsi" # VirtIO-SCSI better maintained as virtio-blk has been deprecated in Proxmox VE 7.4+ and may cause issues with newer Linux kernels
+    io_thread    = true
+    ssd          = true
+  }
+
+  efi_config {
+    efi_storage_pool  = "${var.disk_storage_pool}"
+    pre_enrolled_keys = true
+    efi_format        = "raw"
+    efi_type          = "4m"
+  }
+
+  serials = [
+    "socket"
+  ]
+
+  # Download ISO
+  boot_iso {
+    type             = "scsi"
+    iso_url          = "${var.iso_url}"
+    unmount          = true
+    iso_storage_pool = "${var.iso_storage_pool}"
+    iso_checksum     = "${var.iso_checksum}"
+  }
+
+  # VM Network Settings
+  network_adapters {
+    model       = "virtio"
+    mac_address = "${var.mac_address}"
+    bridge      = "${var.network_bridge}"
+    firewall    = "true"
+  }
+
+  # VM Cloud-Init Settings
+  cloud_init              = true
+  cloud_init_storage_pool = "${var.disk_storage_pool}"
+  cloud_init_disk_type    = "scsi"
+
+  # PACKER Boot Commands
+  boot         = "order=scsi0;scsi1"
+  boot_wait    = "10s"
+  communicator = "ssh"
+  boot_command = [
+    "<wait3>c<wait3>",
+    "linux /install.amd/vmlinuz auto-install/enable=true priority=critical ",
+    "DEBIAN_FRONTEND=text ",
+    "console=tty0 console=ttyS0,115200 earlyprintk=ttyS0,115200 consoleblank=0 ",
+    "passwd/root-password='${var.default_root_passphrase}' ",
+    "passwd/root-password-again='${var.default_root_passphrase}' ",
+    "preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg noprompt<enter>",
+    "initrd /install.amd/initrd.gz<enter>",
+    "DEBCONF_DEBUG=5<enter>",
+    "boot<enter>"
+  ]
+  # Static IP
+  # boot_command = [
+  #   "<wait3>c<wait3>",
+  #   "linux /install.amd/vmlinuz auto-install/enable=true priority=critical ",
+  #   "DEBIAN_FRONTEND=text ",
+  #   "console=tty0 console=ttyS0,115200 earlyprintk=ttyS0,115200 consoleblank=0 ",
+  #   "passwd/root-password='${var.default_root_passphrase}' ",
+  #   "passwd/root-password-again='${var.default_root_passphrase}' ",
+  #   "netcfg/disable_autoconfig=true ",
+  #   "netcfg/get_ipaddress=172.16.2.254 ",
+  #   "netcfg/get_netmask=255.255.255.0 ",
+  #   "netcfg/get_gateway=172.16.2.3 ",
+  #   "netcfg/get_nameservers=172.16.2.3 ",
+  #   "netcfg/confirm_static=true ",
+  #   "netcfg/get_hostname=debian-installer ",
+  #   "netcfg/get_domain=local ",
+  #   "preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg noprompt<enter>",
+  #   "initrd /install.amd/initrd.gz<enter>",
+  #   "DEBCONF_DEBUG=5<enter>",
+  #   "boot<enter>"
+  # ]
+
+  # PACKER Autoinstall Settings
+  http_directory = "debian/13-trixie/http"
+  http_interface = "${var.source_proxmox_http_interface}"
+
+  # SSH Settings
+  ssh_username = "root"
+  ssh_password = "${var.default_root_passphrase}"
+  ssh_timeout  = "20m"
+  ssh_pty      = true
+}
+
+build {
+  name    = "debian-13-trixie-image"
+  sources = ["source.proxmox-iso.debian-13-trixie"]
+
+  # Install dependencies and default packages
+  provisioner "shell" {
+    inline = [
+      "export DEBIAN_FRONTEND=noninteractive",
+      "apt-get update",
+      "apt-get install -y age apt-transport-https aria2 bat bc bmon btop ca-certificates curl duf eza fastfetch fzf gdisk git gnupg htop iftop iotop iperf jq lsof magic-wormhole mosh mtr ncdu parted progress pv ripgrep rsync smartmontools socat sudo tmux usbutils vim wget yq zsh zstd"
+    ]
+  }
+
+  # Install Tailscale
+  provisioner "shell" {
+    script = "debian/13-trixie/scripts/tailscale.sh"
+  }
+
+  # Setup CrowdSec Repo
+  provisioner "shell" {
+    script = "debian/13-trixie/scripts/crowdsec-repo-setup.sh"
+  }
+
+  # Install CrowdSec
+  provisioner "shell" {
+    inline = [
+      "apt-get install -y crowdsec",
+      "apt-get install -y crowdsec-firewall-bouncer-iptables"
+    ]
+  }
+
+  # Configure CrowdSec
+  provisioner "shell" {
+    script = "debian/13-trixie/scripts/crowdsec-configuration.sh"
+  }
+
+  # Provisioning the VM Template for Cloud-Init Integration in Proxmox #2
+  provisioner "file" {
+    source      = "debian/13-trixie/files/99-pve.cfg"
+    destination = "/tmp/99-pve.cfg"
+  }
+
+  # Provisioning the VM Template for Cloud-Init Integration in Proxmox #3
+  provisioner "shell" {
+    inline = ["sudo cp /tmp/99-pve.cfg /etc/cloud/cloud.cfg.d/99-pve.cfg"]
+  }
+
+  # Remove APT sources.list
+  provisioner "shell" {
+    inline = ["rm -f /etc/apt/sources.list /etc/apt/sources.list~"]
+  }
+
+  # Add custom APT sources
+  provisioner "file" {
+    source      = "debian/13-trixie/files/debian.sources"
+    destination = "/etc/apt/sources.list.d/debian.sources"
+  }
+
+  provisioner "file" {
+    source      = "debian/13-trixie/files/90-initial-login-setup.sh"
+    destination = "/etc/profile.d/90-initial-login-setup.sh"
+  }
+
+  provisioner "file" {
+    source      = "debian/13-trixie/files/initial-setup.sh"
+    destination = "/usr/local/bin/initial-setup.sh"
+  }
+
+  provisioner "shell" {
+    inline = [
+      "chmod +x /usr/local/bin/initial-setup.sh"
+    ]
+  }
+
+  # Setup Serial Console for xterm.js in Proxmox VE
+  provisioner "shell" {
+    inline = [
+      "sed -i 's/#\\?GRUB_CMDLINE_LINUX=.*\"/GRUB_CMDLINE_LINUX=\"console=tty0 console=ttyS0,115200 earlyprintk=ttyS0,115200 consoleblank=0\"/' /etc/default/grub",
+      "sed -i 's/#\\?GRUB_TERMINAL=.*/GRUB_TERMINAL=\"serial console\"/' /etc/default/grub",
+      "sed -i 's/#\\?GRUB_SERIAL_COMMAND=.*/GRUB_SERIAL_COMMAND=\"serial --speed=115200\"/' /etc/default/grub",
+      "update-grub"
+    ]
+  }
+
+  # Provisioning the VM Template for Cloud-Init Integration in Proxmox #1
+  provisioner "shell" {
+    inline = [
+      "rm /etc/ssh/ssh_host_*",
+      "truncate -s 0 /etc/machine-id",
+      "apt -y autoremove --purge 2> /dev/null",
+      "apt -y clean 2> /dev/null",
+      "apt -y autoclean 2> /dev/null",
+      "rm -rf /var/cache/apt/archives /var/lib/apt/lists/*",
+      "cloud-init clean",
+      "rm -f /etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg",
+      "sync"
+    ]
+  }
+
+  # Remove temporary settings and configuration for packer build
+  provisioner "shell" {
+    inline = [
+      "sed -i 's/^#\\?PermitRootLogin .*/PermitRootLogin no/' /etc/ssh/sshd_config",
+      "sed -i 's/^#\\?PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config",
+      "passwd -dl root"
+    ]
+  }
+}