# Packer based PVE image templates
## Table of Contents
- [Packer based PVE image templates](#packer-based-pve-image-templates)
- [Table of Contents](#table-of-contents)
- [Repository structure](#repository-structure)
- [Templates](#templates)
- [Initial Setup](#initial-setup)
- [Create Token](#create-token)
- [Initialize Packer](#initialize-packer)
- [Build](#build)
- [Build LUKS encrypted Templates](#build-luks-encrypted-templates)
- [Setup new templates](#setup-new-templates)
- [ToDo](#todo)
## Repository structure
```shell
❯ la 4 -I .git
Name
./
├── _scripts/ Support scripts for building templates.
│ └── unlock-luks-after-install.py* Unlocks the LUKS encrypted Disk on the 1st Boot after installation.
├── debian/ Debian template definitions and assets (Packer templates, cloud-init/KS files, provisioning files).
│ └── 13-trixie-luks/ Template definition and assets for the Trixie template.
│ ├── files/ Files used for the file provisioner.
│ │ ├── 99-pve.cfg Configures the data sources for cloud-init.
│ │ └── debian.sources Debian package sources.
│ ├── http/ Files that Packer provides during build via http.
│ │ ├── ks.cfg Kickstart configuration.
│ │ ├── meta-data cloud-init configuration.
│ │ └── user-data cloud-init configuration.
│ ├── credentials.auto.pkrvars.hcl -> ../../credentials.auto.pkrvars.hcl Local secrets for Packer (API token, endpoints) used at build time.
│ ├── debian-trixie.pkr.hcl The build template.
│ ├── variables-common.pkr.hcl -> ../../variables-common.pkr.hcl Shared Packer variables used by templates.
│ └── variables.pkr.hcl Packer variables only used for this template.
├── OS/ Diretory to group templates for a specific OS.
│ └── version_number[-version_codename][-luks]/ Template definition and assets.
├── downloaded_iso_path/ Packer ISO cache directory (downloaded ISOs and lock files).
│ ├── OS.iso
│ ├── OS.iso.lock
│ ├── [...].iso
│ └── [...].iso.lock
├── .gitignore
├── credentials.auto.pkrvars.hcl Local secrets for Packer (API token, endpoints) used at build time.
├── mise.toml Task runner definitions for init/build/setup.
├── README.md
├── template-credentials.pkrvars.hcl Template to create `credentials.auto.pkrvars.hcl`.
└── variables-common.pkr.hcl Shared Packer variables used by templates.
```
## Templates
| Template ID | OS | Version | Path | LUKS encrypted? | Mac Address | IP Address |
| :---------- | :--------------------------------------------------------------------------------------------- | :-------- | :---------------------- | :-------------- | :---------------- | :---------------------- |
| 65000 | 
Debian | 13-trixie | `debian/13-trixie-luks` | ✅ | BC:24:11:00:13:37 | 192.168.9.29 (via DHCP) |
## Initial Setup
### Create Token
1. Copy `template-credentials.pkr.hcl` to `credentials.auto.pkrvars.hcl`
2. Open your Proxmox VE web interface & Login.
3. Navigate to: `Datacenter` -> `Permissions` -> `API Tokens`
4. **Click:** Add
5. **Configure in the dialog:**
1. **User:** `root@pam` (or the user you like, but It needs administrative permissions)
2. **Token ID:** `packer`
3. **Privilege Separation:** false
6. **Click:** Add
7. Copy the displayed Token ID and Token Secret to `credentials.auto.pkrvars.hcl`
### Initialize Packer
Run `packer init` to initialize Packer according to a HCL template
configuration. It's downloads and installs the required Plugins according to
the required_plugins block in Packer templates.
```shell
mise run init
```
## Build
To build a template run:
```shell
mise run build
```
## Build LUKS encrypted Templates
To build a template run:
```shell
mise run build-luks
```
## Setup new templates
Run:
```shell
mise run setup
```
E.g. `mise run setup debian 13-trixie` or `mise run setup nixos 25.11`.
## ToDo
- [x] Setup image with LUKS
- [ ] Setup dropbear
- [ ] Setup Clevis/Tang
- [ ] Lock down root user (remove password, prohibit all logins)
- [ ] Lock down SSH Server