Packer based PVE image templates

Table of Contents

• Packer based PVE image templates
  • Table of Contents
  • Repository structure
  • Initial Setup
    • Create Token
    • Initialize Packer
  • Build
  • Setup new templates
  • ToDo

Repository structure

❯ la 4 -I .git
Name
 ./
├──  debian/                                                                     Debian template definitions and assets (Packer templates, cloud-init/KS files, provisioning files).
│   └──  13-trixie/                                                              Template definition and assets for the Trixie template.
│       ├──  files/                                                              Files used for the file provisioner.
│       │   ├── 󱁻 99-pve.cfg                                                      Configures the data sources for cloud-init.
│       │   └──  debian.sources                                                  Debian package sources.
│       ├──  http/                                                               Files that Packer provides during build via http.
│       │   ├── 󱁻 ks.cfg                                                          Kickstart configuration.
│       │   ├── 󰡯 meta-data                                                       cloud-init configuration.
│       │   └── 󰡯 user-data                                                       cloud-init configuration.
│       ├──  credentials.auto.pkrvars.hcl -> ../../credentials.auto.pkrvars.hcl  Local secrets for Packer (API token, endpoints) used at build time.
│       ├──  debian-trixie.pkr.hcl                                               The build template.
│       ├──  variables-common.pkr.hcl -> ../../variables-common.pkr.hcl          Shared Packer variables used by templates.
│       └──  variables.pkr.hcl                                                   Packer variables only used for this template
├──  downloaded_iso_path/                                                        Packer ISO cache directory (downloaded ISOs and lock files).
│   ├──  dfbf02854ab0b0b828230f78a14eab621dcc09a8.iso
│   └──  dfbf02854ab0b0b828230f78a14eab621dcc09a8.iso.lock
├── 󰊢 .gitignore
├──  credentials.auto.pkrvars.hcl                                                Local secrets for Packer (API token, endpoints) used at build time.
├──  mise.toml                                                                   Task runner definitions for init/build/setup.
├── 󰂺 README.md
├──  template-credentials.pkrvars.hcl                                            Template to create `credentials.auto.pkrvars.hcl`.
└──  variables-common.pkr.hcl                                                    Shared Packer variables used by templates.

Initial Setup

Create Token

1. Copy template-credentials.pkr.hcl to credentials.auto.pkrvars.hcl
2. Open your Proxmox VE web interface & Login.
3. Navigate to: Datacenter -> Permissions -> API Tokens
4. Click: Add
5. Configure in the dialog:
   1. User: root@pam (or the user you like, but It needs administrative permissions)
   2. Token ID: packer
   3. Privilege Separation: false
6. Click: Add
7. Copy the displayed Token ID and Token Secret to credentials.auto.pkrvars.hcl

Initialize Packer

Run packer init to initialize Packer according to a HCL template configuration. It's downloads and installs the required Plugins according to the required_plugins block in Packer templates.

mise run init <path-to-template-directory>

Build

To build a template run:

mise run build <path-to-template-directory>

Setup new templates

Run:

mise run setup <distribution name> <version>

E.g. mise run setup debian 13-trixie or mise run setup nixos 25.11.

ToDo

• Setup image with LUKS (check if the passphrase slots can be empty to be set later during provision)
• Setup dropbear
• Setup Clevis/Tang
• Lock down root user (remove password, prohibit all logins)
• Lock down SSH Server