phg/packer
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactor Debian 13 Trixie Packer templates for LUKS support

Browse source 
- Removed obsolete variable files: variables-common.pkr.hcl and variables.pkr.hcl.
- Updated debian-trixie.pkr.hcl to include local values for LUKS configuration.
- Modified boot command to include LUKS arguments based on the enable_luks variable.
- Enhanced initial-setup.sh to support LUKS detection and resizing.
- Replaced preseed.cfg with preseed.cfg.pkrtpl for dynamic LUKS configuration.
- Added enable_luks variable to control LUKS encryption during image build.
- Introduced luks.pkrvars.hcl for LUKS-specific variable settings.
- Updated mise.toml to support new variable file argument for Packer builds.
This commit is contained in:
Philip Henning 2026-05-11 19:13:11 +02:00
parent e57f2d977b
commit eded7180dc
20 changed files with 281 additions and 2445 deletions
Download patch file Download diff file Expand all files Collapse all files

25
debian/13-trixie/http/preseed.cfg → debian/13-trixie/http/preseed.cfg.pkrtpl vendored
View file

@ -58,7 +58,7 @@ d-i preseed/early_command string \
# "crypto" = LVM within an encrypted partition [oai_citation:3‡Debian](https://www.debian.org/releases/stable/amd64/apbs04.en.html)
# "lvm" = LVM without encryption
d-i partman-auto/method string lvm
d-i partman-auto/method string ${enable_luks ? "crypto" : "lvm"}
d-i partman-auto-lvm/guided_size string max
d-i partman-auto-lvm/new_vg_name string vg0
@ -72,13 +72,15 @@ d-i partman-lvm/confirm_nooverwrite boolean true
d-i partman-md/confirm boolean true
d-i partman-md/confirm_nooverwrite boolean true
# # LUKS password
# # LUKS passphrase is set via kernel cmdline in debian-trixie.pkr.hcl; these lines are ignored but left here for reference:
# # d-i partman-crypto/passphrase password "$PACKER_LUKS_PASS"
# # d-i partman-crypto/passphrase-again password "$PACKER_LUKS_PASS"
# d-i partman-crypto/weak_passphrase boolean true
# d-i partman-crypto/confirm boolean true
# d-i partman-auto-crypto/erase_disks boolean false
%{ if enable_luks ~}
# LUKS password
# LUKS passphrase is set via kernel cmdline in debian-trixie.pkr.hcl; these lines are ignored but left here for reference:
# d-i partman-crypto/passphrase password "$PACKER_LUKS_PASS"
# d-i partman-crypto/passphrase-again password "$PACKER_LUKS_PASS"
d-i partman-crypto/weak_passphrase boolean true
d-i partman-crypto/confirm boolean true
d-i partman-auto-crypto/erase_disks boolean false
%{ endif ~}
# Ensure GPT
d-i partman-partitioning/choose_label select gpt
@ -96,9 +98,9 @@ d-i partman-basicfilesystems/no_swap seen true
# Custom recipe
# NOTE: Avoid putting comments inside this expert_recipe block; d-i can ignore it. [oai_citation:4‡Unix & Linux Stack Exchange](https://unix.stackexchange.com/questions/796185/debian-preseed-install-auto-creates-swap)
d-i partman-auto/choose_recipe select luks-lvm
d-i partman-auto/choose_recipe select debian-lvm
d-i partman-auto/expert_recipe string \
luks-lvm :: \
debian-lvm :: \
1075 1075 1075 fat32 \
$primary{ } \
$iflabel{ gpt } \
@ -151,7 +153,8 @@ d-i grub-installer/bootdev string default
# 2) Enable root ssh login (same intent as your original)
d-i preseed/late_command string \
lvremove -f /dev/vg0/reserved || true; \
in-target sed -i 's/^#PermitRootLogin .*/PermitRootLogin yes/' /etc/ssh/sshd_config || true
in-target sed -i 's/^#PermitRootLogin .*/PermitRootLogin yes/' /etc/ssh/sshd_config || true%{ if enable_luks }; \
in-target curl -X POST "$INSTALL_FINISHED_INFORM_URL"%{ endif }
# Eject the installation media before rebooting
d-i cdrom-detect/eject boolean true