Refactor Debian 13 Trixie Packer templates for LUKS support
- Removed obsolete variable files: variables-common.pkr.hcl and variables.pkr.hcl. - Updated debian-trixie.pkr.hcl to include local values for LUKS configuration. - Modified boot command to include LUKS arguments based on the enable_luks variable. - Enhanced initial-setup.sh to support LUKS detection and resizing. - Replaced preseed.cfg with preseed.cfg.pkrtpl for dynamic LUKS configuration. - Added enable_luks variable to control LUKS encryption during image build. - Introduced luks.pkrvars.hcl for LUKS-specific variable settings. - Updated mise.toml to support new variable file argument for Packer builds.
This commit is contained in:
parent
e57f2d977b
commit
eded7180dc
20 changed files with 281 additions and 2445 deletions
164
debian/13-trixie/http/preseed.cfg.pkrtpl
vendored
Normal file
164
debian/13-trixie/http/preseed.cfg.pkrtpl
vendored
Normal file
|
|
@ -0,0 +1,164 @@
|
|||
#_preseed_V1
|
||||
|
||||
### Localization
|
||||
d-i debian-installer/locale string en_US.UTF-8
|
||||
d-i keyboard-configuration/xkb-keymap select us
|
||||
|
||||
### Unattended
|
||||
d-i auto-install/enable boolean true
|
||||
d-i debconf/priority select critical
|
||||
d-i debian-installer/framebuffer boolean false
|
||||
|
||||
### Network
|
||||
d-i netcfg/choose_interface select ens18
|
||||
d-i netcfg/get_hostname string debian-13-template
|
||||
d-i netcfg/get_domain string
|
||||
d-i netcfg/wireless_wep string
|
||||
d-i netcfg/disable_dhcp boolean false
|
||||
|
||||
### Root Password (no user)
|
||||
d-i passwd/make-user boolean false
|
||||
# Root password is set via kernel cmdline in debian-trixie.pkr.hcl; these lines are ignored but left here for reference:
|
||||
# d-i passwd/root-password password "$PACKER_ROOT_PASS"
|
||||
# d-i passwd/root-password-again password "$PACKER_ROOT_PASS"
|
||||
|
||||
### Mirror / APT
|
||||
d-i apt-setup/cdrom/set-first boolean false
|
||||
d-i apt-setup/cdrom/set-next boolean false
|
||||
d-i apt-setup/cdrom/set-failed boolean false
|
||||
|
||||
d-i mirror/country string manual
|
||||
d-i mirror/http/hostname string ftp.de.debian.org
|
||||
d-i mirror/http/directory string /debian
|
||||
d-i mirror/http/proxy string
|
||||
|
||||
# If you want an explicit suite:
|
||||
# d-i mirror/suite string trixie
|
||||
|
||||
# Your extra repo line (updated to also include non-free-firmware for trixie)
|
||||
d-i apt-setup/local0/repository string http://ftp.de.debian.org/debian/ trixie main contrib non-free non-free-firmware
|
||||
popularity-contest popularity-contest/participate boolean false
|
||||
|
||||
d-i apt-setup/contrib boolean true
|
||||
d-i apt-setup/non-free boolean true
|
||||
d-i apt-setup/non-free-firmware boolean true
|
||||
d-i apt-setup/security_host string security.debian.org
|
||||
d-i apt-setup/services-select multiselect security, updates
|
||||
|
||||
### Timezone
|
||||
d-i clock-setup/utc boolean true
|
||||
d-i time/zone string UTC
|
||||
d-i clock-setup/ntp boolean true
|
||||
|
||||
### Storage (UEFI + /boot + LUKS/LVM)
|
||||
# Pick first detected disk automatically
|
||||
d-i preseed/early_command string \
|
||||
DISK="$(list-devices disk | head -n1)"; \
|
||||
debconf-set partman-auto/disk "$DISK";
|
||||
|
||||
# "crypto" = LVM within an encrypted partition [oai_citation:3‡Debian](https://www.debian.org/releases/stable/amd64/apbs04.en.html)
|
||||
# "lvm" = LVM without encryption
|
||||
d-i partman-auto/method string ${enable_luks ? "crypto" : "lvm"}
|
||||
d-i partman-auto-lvm/guided_size string max
|
||||
d-i partman-auto-lvm/new_vg_name string vg0
|
||||
|
||||
# Cleanup old metadata if present
|
||||
d-i partman-lvm/device_remove_lvm boolean true
|
||||
d-i partman-md/device_remove_md boolean true
|
||||
|
||||
# Confirmations
|
||||
d-i partman-lvm/confirm boolean true
|
||||
d-i partman-lvm/confirm_nooverwrite boolean true
|
||||
d-i partman-md/confirm boolean true
|
||||
d-i partman-md/confirm_nooverwrite boolean true
|
||||
|
||||
%{ if enable_luks ~}
|
||||
# LUKS password
|
||||
# LUKS passphrase is set via kernel cmdline in debian-trixie.pkr.hcl; these lines are ignored but left here for reference:
|
||||
# d-i partman-crypto/passphrase password "$PACKER_LUKS_PASS"
|
||||
# d-i partman-crypto/passphrase-again password "$PACKER_LUKS_PASS"
|
||||
d-i partman-crypto/weak_passphrase boolean true
|
||||
d-i partman-crypto/confirm boolean true
|
||||
d-i partman-auto-crypto/erase_disks boolean false
|
||||
%{ endif ~}
|
||||
|
||||
# Ensure GPT
|
||||
d-i partman-partitioning/choose_label select gpt
|
||||
d-i partman-partitioning/default_label string gpt
|
||||
|
||||
# Force UEFI (if needed in your environment)
|
||||
d-i partman-efi/non_efi_system boolean true
|
||||
|
||||
# Do NOT go back to partitioning menu if a partition/LV has no filesystem
|
||||
d-i partman-basicmethods/method_only boolean false
|
||||
|
||||
# Accept installing without swap (answer "No" to the warning)
|
||||
d-i partman-basicfilesystems/no_swap boolean false
|
||||
d-i partman-basicfilesystems/no_swap seen true
|
||||
|
||||
# Custom recipe
|
||||
# NOTE: Avoid putting comments inside this expert_recipe block; d-i can ignore it. [oai_citation:4‡Unix & Linux Stack Exchange](https://unix.stackexchange.com/questions/796185/debian-preseed-install-auto-creates-swap)
|
||||
d-i partman-auto/choose_recipe select debian-lvm
|
||||
d-i partman-auto/expert_recipe string \
|
||||
debian-lvm :: \
|
||||
1075 1075 1075 fat32 \
|
||||
$primary{ } \
|
||||
$iflabel{ gpt } \
|
||||
$reusemethod{ } \
|
||||
method{ efi } \
|
||||
format{ } \
|
||||
filesystem{ fat32 } \
|
||||
mountpoint{ /boot/efi } \
|
||||
. \
|
||||
1075 1075 1075 ext4 \
|
||||
$primary{ } \
|
||||
$defaultignore{ } \
|
||||
method{ format } \
|
||||
format{ } \
|
||||
use_filesystem{ } \
|
||||
filesystem{ ext4 } \
|
||||
mountpoint{ /boot } \
|
||||
. \
|
||||
25770 25770 -1 ext4 \
|
||||
$lvmok{ } \
|
||||
lv_name{ root } \
|
||||
method{ format } \
|
||||
format{ } \
|
||||
use_filesystem{ } \
|
||||
filesystem{ ext4 } \
|
||||
mountpoint{ / } \
|
||||
.
|
||||
|
||||
d-i partman-partitioning/confirm_write_new_label boolean true
|
||||
d-i partman/choose_partition select finish
|
||||
d-i partman/confirm boolean true
|
||||
d-i partman/confirm_nooverwrite boolean true
|
||||
|
||||
### Software
|
||||
d-i debconf/frontend select noninteractive
|
||||
tasksel tasksel/first multiselect standard, ssh-server
|
||||
|
||||
d-i pkgsel/include string cloud-init curl qemu-guest-agent sudo vim
|
||||
d-i pkgsel/upgrade select full-upgrade
|
||||
d-i pkgsel/update-policy select none
|
||||
d-i pkgsel/updatedb boolean true
|
||||
|
||||
### Bootloader
|
||||
d-i grub-installer/only_debian boolean true
|
||||
d-i grub-installer/with_other_os boolean true
|
||||
d-i grub-installer/bootdev string default
|
||||
|
||||
### Late command (single declaration; multiple commands chained)
|
||||
# 1) Remove filler LV so vg0 has free space after install
|
||||
# 2) Enable root ssh login (same intent as your original)
|
||||
d-i preseed/late_command string \
|
||||
lvremove -f /dev/vg0/reserved || true; \
|
||||
in-target sed -i 's/^#PermitRootLogin .*/PermitRootLogin yes/' /etc/ssh/sshd_config || true%{ if enable_luks }; \
|
||||
in-target curl -X POST "$INSTALL_FINISHED_INFORM_URL"%{ endif }
|
||||
|
||||
# Eject the installation media before rebooting
|
||||
d-i cdrom-detect/eject boolean true
|
||||
d-i cdrom-detect/eject seen true
|
||||
|
||||
### Finish
|
||||
d-i finish-install/reboot_in_progress note
|
||||
Loading…
Add table
Add a link
Reference in a new issue