94 lines
4.4 KiB
Markdown
94 lines
4.4 KiB
Markdown
# Packer based PVE image templates
|
||
|
||
## Table of Contents
|
||
|
||
- [Packer based PVE image templates](#packer-based-pve-image-templates)
|
||
- [Table of Contents](#table-of-contents)
|
||
- [Repository structure](#repository-structure)
|
||
- [Initial Setup](#initial-setup)
|
||
- [Create Token](#create-token)
|
||
- [Initialize Packer](#initialize-packer)
|
||
- [Build](#build)
|
||
- [Setup new templates](#setup-new-templates)
|
||
- [ToDo](#todo)
|
||
|
||
## Repository structure
|
||
|
||
```shell
|
||
❯ la 4 -I .git
|
||
Name
|
||
./
|
||
├── debian/ Debian template definitions and assets (Packer templates, cloud-init/KS files, provisioning files).
|
||
│ └── 13-trixie/ Template definition and assets for the Trixie template.
|
||
│ ├── files/ Files used for the file provisioner.
|
||
│ │ ├── 99-pve.cfg Configures the data sources for cloud-init.
|
||
│ │ └── debian.sources Debian package sources.
|
||
│ ├── http/ Files that Packer provides during build via http.
|
||
│ │ ├── ks.cfg Kickstart configuration.
|
||
│ │ ├── meta-data cloud-init configuration.
|
||
│ │ └── user-data cloud-init configuration.
|
||
│ ├── credentials.auto.pkrvars.hcl -> ../../credentials.auto.pkrvars.hcl Local secrets for Packer (API token, endpoints) used at build time.
|
||
│ ├── debian-trixie.pkr.hcl The build template.
|
||
│ ├── variables-common.pkr.hcl -> ../../variables-common.pkr.hcl Shared Packer variables used by templates.
|
||
│ └── variables.pkr.hcl Packer variables only used for this template
|
||
├── downloaded_iso_path/ Packer ISO cache directory (downloaded ISOs and lock files).
|
||
│ ├── dfbf02854ab0b0b828230f78a14eab621dcc09a8.iso
|
||
│ └── dfbf02854ab0b0b828230f78a14eab621dcc09a8.iso.lock
|
||
├── .gitignore
|
||
├── credentials.auto.pkrvars.hcl Local secrets for Packer (API token, endpoints) used at build time.
|
||
├── mise.toml Task runner definitions for init/build/setup.
|
||
├── README.md
|
||
├── template-credentials.pkrvars.hcl Template to create `credentials.auto.pkrvars.hcl`.
|
||
└── variables-common.pkr.hcl Shared Packer variables used by templates.
|
||
```
|
||
|
||
## Initial Setup
|
||
|
||
### Create Token
|
||
|
||
1. Copy `template-credentials.pkr.hcl` to `credentials.auto.pkrvars.hcl`
|
||
2. Open your Proxmox VE web interface & Login.
|
||
3. Navigate to: `Datacenter` -> `Permissions` -> `API Tokens`
|
||
4. **Click:** Add
|
||
5. **Configure in the dialog:**
|
||
1. **User:** `root@pam` (or the user you like, but It needs administrative permissions)
|
||
2. **Token ID:** `packer`
|
||
3. **Privilege Separation:** false
|
||
6. **Click:** Add
|
||
7. Copy the displayed Token ID and Token Secret to `credentials.auto.pkrvars.hcl`
|
||
|
||
### Initialize Packer
|
||
|
||
Run `packer init` to initialize Packer according to a HCL template
|
||
configuration. It's downloads and installs the required Plugins according to
|
||
the required_plugins block in Packer templates.
|
||
|
||
```shell
|
||
mise run init <path-to-template-directory>
|
||
```
|
||
|
||
## Build
|
||
|
||
To build a template run:
|
||
|
||
```shell
|
||
mise run build <path-to-template-directory>
|
||
```
|
||
|
||
## Setup new templates
|
||
|
||
Run:
|
||
|
||
```shell
|
||
mise run setup <distribution name> <version>
|
||
```
|
||
|
||
E.g. `mise run setup debian 13-trixie` or `mise run setup nixos 25.11`.
|
||
|
||
## ToDo
|
||
|
||
- [ ] Setup image with LUKS (check if the passphrase slots can be empty to be set later during provision)
|
||
- [ ] Setup dropbear
|
||
- [ ] Setup Clevis/Tang
|
||
- [ ] Lock down root user (remove password, prohibit all logins)
|
||
- [ ] Lock down SSH Server
|