# Packer based PVE image templates ## Table of Contents - [Packer based PVE image templates](#packer-based-pve-image-templates) - [Table of Contents](#table-of-contents) - [Repository structure](#repository-structure) - [Initial Setup](#initial-setup) - [Create Token](#create-token) - [Initialize Packer](#initialize-packer) - [Build](#build) - [Setup new templates](#setup-new-templates) - [ToDo](#todo) ## Repository structure ```shell ❯ la 4 -I .git Name  ./ ├──  debian/ Debian template definitions and assets (Packer templates, cloud-init/KS files, provisioning files). │ └──  13-trixie/ Template definition and assets for the Trixie template. │ ├──  files/ Files used for the file provisioner. │ │ ├── 󱁻 99-pve.cfg Configures the data sources for cloud-init. │ │ └──  debian.sources Debian package sources. │ ├──  http/ Files that Packer provides during build via http. │ │ ├── 󱁻 ks.cfg Kickstart configuration. │ │ ├── 󰡯 meta-data cloud-init configuration. │ │ └── 󰡯 user-data cloud-init configuration. │ ├──  credentials.auto.pkrvars.hcl -> ../../credentials.auto.pkrvars.hcl Local secrets for Packer (API token, endpoints) used at build time. │ ├──  debian-trixie.pkr.hcl The build template. │ ├──  variables-common.pkr.hcl -> ../../variables-common.pkr.hcl Shared Packer variables used by templates. │ └──  variables.pkr.hcl Packer variables only used for this template ├──  downloaded_iso_path/ Packer ISO cache directory (downloaded ISOs and lock files). │ ├──  dfbf02854ab0b0b828230f78a14eab621dcc09a8.iso │ └──  dfbf02854ab0b0b828230f78a14eab621dcc09a8.iso.lock ├── 󰊢 .gitignore ├──  credentials.auto.pkrvars.hcl Local secrets for Packer (API token, endpoints) used at build time. ├──  mise.toml Task runner definitions for init/build/setup. ├── 󰂺 README.md ├──  template-credentials.pkrvars.hcl Template to create `credentials.auto.pkrvars.hcl`. └──  variables-common.pkr.hcl Shared Packer variables used by templates. ``` ## Initial Setup ### Create Token 1. Copy `template-credentials.pkr.hcl` to `credentials.auto.pkrvars.hcl` 2. Open your Proxmox VE web interface & Login. 3. Navigate to: `Datacenter` -> `Permissions` -> `API Tokens` 4. **Click:** Add 5. **Configure in the dialog:** 1. **User:** `root@pam` (or the user you like, but It needs administrative permissions) 2. **Token ID:** `packer` 3. **Privilege Separation:** false 6. **Click:** Add 7. Copy the displayed Token ID and Token Secret to `credentials.auto.pkrvars.hcl` ### Initialize Packer Run `packer init` to initialize Packer according to a HCL template configuration. It's downloads and installs the required Plugins according to the required_plugins block in Packer templates. ```shell mise run init ``` ## Build To build a template run: ```shell mise run build ``` ## Setup new templates Run: ```shell mise run setup ``` E.g. `mise run setup debian 13-trixie` or `mise run setup nixos 25.11`. ## ToDo - [ ] Setup image with LUKS (check if the passphrase slots can be empty to be set later during provision) - [ ] Setup dropbear - [ ] Setup Clevis/Tang - [ ] Lock down root user (remove password, prohibit all logins) - [ ] Lock down SSH Server