hashi-pi.pkr.hcl (7331B)
1 variable "manifest" { 2 type = string 3 default = "manifest.json" 4 } 5 6 variable "authorized_keys" { 7 type = string 8 default = "" 9 } 10 11 variable "flash_device_path" { 12 type = string 13 default = "/dev/sda" 14 } 15 16 variable "hostname" { 17 type = string 18 default = "HashiPi0" 19 } 20 21 variable "img_name" { 22 type = string 23 default = "raspi.img" 24 } 25 26 variable "img_size" { 27 type = string 28 default = "4G" 29 } 30 31 variable "img_url" { 32 type = string 33 default = "https://downloads.raspberrypi.org/raspios_lite_arm64/images/raspios_lite_arm64-2024-03-15/2024-03-15-raspios-bookworm-arm64-lite.img.xz" 34 } 35 36 variable "nomad_tls_ca" { 37 type = string 38 default = "./tls/nomad/nomad-agent-ca.pem" 39 } 40 variable "nomad_tls_ca_p12" { 41 type = string 42 default = "./tls/nomad/nomad-agent-ca.p12" 43 } 44 45 variable "nomad_tls_certs" { 46 type = string 47 default = "./tls/nomad/certs/" 48 } 49 50 variable "nomad_encrypt" { 51 type = string 52 default = "" 53 sensitive = true 54 } 55 56 variable "nomad_client" { 57 type = string 58 default = "true" 59 } 60 61 variable "nomad_jenkins_gid" { 62 type = string 63 default = "1312" 64 } 65 66 variable "nomad_jenkins_uid" { 67 type = string 68 default = "1312" 69 } 70 71 variable "nomad_nfs_mount" { 72 type = string 73 default = "" 74 } 75 76 variable "nomad_nfs_server" { 77 type = string 78 default = "" 79 } 80 81 variable "nomad_nfs_target" { 82 type = string 83 default = "" 84 } 85 86 variable "nomad_podman_driver_version" { 87 type = string 88 default = "0.6.2" 89 } 90 91 variable "nomad_server" { 92 type = string 93 default = "true" 94 } 95 96 variable "nomad_version" { 97 type = string 98 default = "1.10.2" 99 } 100 101 variable "username" { 102 type = string 103 default = "in0rdr" 104 } 105 106 variable "vault_addr" { 107 type = string 108 default = "https://vault.in0rdr.ch" 109 } 110 111 variable "vault_tls_ca_cert" { 112 type = string 113 default = "./tls/vault/ca/vault_ca.pem" 114 } 115 116 variable "vault_tls_ca_key" { 117 type = string 118 default = "./tls/vault/ca/vault_ca.key" 119 } 120 121 variable "vault_tls_subj_alt_name" { 122 type = string 123 default = "IP:127.0.0.1" 124 } 125 126 variable "vault_transit_server" { 127 type = string 128 default = "" 129 } 130 131 variable "vault_transit_token" { 132 type = string 133 default = "" 134 sensitive = true 135 } 136 137 variable "bao_version" { 138 type = string 139 default = "2.2.2" 140 } 141 142 variable "architecture" { 143 type = string 144 default = "arm64" 145 } 146 147 packer { 148 required_plugins { 149 qemu = { 150 version = ">= 1.1.0" 151 source = "github.com/hashicorp/qemu" 152 } 153 cross = { 154 version = ">= 1.1.3" 155 source = "github.com/michalfita/cross" 156 } 157 } 158 } 159 160 source "cross" "hashipi" { 161 file_checksum_type = "sha256" 162 file_checksum_url = "${var.img_url}.sha256" 163 file_target_extension = "xz" 164 file_unarchive_cmd = ["xz", "-d", "$ARCHIVE_PATH"] 165 file_urls = ["${var.img_url}"] 166 image_build_method = "resize" 167 image_chroot_env = ["PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin"] 168 image_partitions { 169 filesystem = "vfat" 170 mountpoint = "/boot" 171 name = "boot" 172 size = "256M" 173 start_sector = "8192" 174 type = "c" 175 } 176 image_partitions { 177 filesystem = "ext4" 178 mountpoint = "/" 179 name = "root" 180 size = "0" 181 start_sector = "532480" 182 type = "83" 183 } 184 image_path = "${var.img_name}" 185 image_size = "${var.img_size}" 186 image_type = "dos" 187 qemu_binary_destination_path = "/usr/bin/qemu-aarch64-static" 188 qemu_binary_source_path = "/usr/bin/qemu-aarch64-static" 189 } 190 191 source "qemu" "hashiintel" { 192 accelerator = "kvm" 193 boot_command = ["<esc><wait>", "install <wait>", " preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg <wait>", "debian-installer=en_US.UTF-8 <wait>", "auto <wait>", "locale=en_US.UTF-8 <wait>", "kbd-chooser/method=us <wait>", "keyboard-configuration/xkb-keymap=us <wait>", "netcfg/get_hostname={{ .Name }} <wait>", "netcfg/get_domain=libvirt <wait>", "fb=false <wait>", "debconf/frontend=noninteractive <wait>", "console-setup/ask_detect=false <wait>", "console-keymaps-at/keymap=us <wait>", "grub-installer/bootdev=/dev/sda <wait>", "pubkey=\"${var.authorized_keys}\" <wait>", "<enter><wait>"] 194 boot_wait = "5s" 195 disk_interface = "virtio" 196 disk_size = "14000" 197 format = "qcow2" 198 # headless = true 199 http_directory = "config" 200 iso_checksum = "file:http://pkg.adfinis-on-exoscale.ch/debian/dists/bookworm/main/installer-amd64/20230607%2Bdeb12u11/images/MD5SUMS" 201 iso_url = "http://pkg.adfinis-on-exoscale.ch/debian/dists/bookworm/main/installer-amd64/20230607%2Bdeb12u11/images/netboot/mini.iso" 202 memory = "1024" 203 net_device = "virtio-net" 204 output_directory = "${var.hostname}" 205 shutdown_command = "echo 'debian' | sudo -S shutdown -P now" 206 ssh_timeout = "15m" 207 ssh_username = "root" 208 ssh_private_key_file = "/home/andi/.ssh/id_ed25519" 209 vm_name = "${var.hostname}.qcow2" 210 } 211 212 build { 213 sources = ["source.cross.hashipi", "source.qemu.hashiintel"] 214 215 provisioner "shell" { 216 script = "bootstrap.sh" 217 environment_vars = [ 218 "ARCHITECTURE=${var.architecture}", 219 "HOSTNAME=${var.hostname}", 220 "USERNAME=${var.username}", 221 "AUTHORIZED_KEYS=${var.authorized_keys}", 222 "NOMAD_VERSION=${var.nomad_version}", 223 "BAO_VERSION=${var.bao_version}" 224 ] 225 } 226 227 provisioner "shell" { 228 inline = ["mkdir /tmp/tls"] 229 } 230 231 provisioner "file" { 232 destination = "/tmp/tls/nomad-agent-ca.pem" 233 source = "${var.nomad_tls_ca}" 234 } 235 provisioner "file" { 236 destination = "/tmp/tls/nomad-agent-ca.p12" 237 source = "${var.nomad_tls_ca_p12}" 238 } 239 240 provisioner "file" { 241 destination = "/tmp/tls/" 242 source = "${var.nomad_tls_certs}" 243 } 244 245 provisioner "shell" { 246 script = "nomad.sh" 247 remote_folder = "/home/${var.username}" 248 environment_vars = [ 249 "ARCHITECTURE=${var.architecture}", 250 "USERNAME=${var.username}", 251 "NFS_SERVER=${var.nomad_nfs_server}", 252 "NFS_MOUNT=${var.nomad_nfs_mount}", 253 "NFS_MOUNT_TARGET=${var.nomad_nfs_target}", 254 "NOMAD_ENCRYPT=${var.nomad_encrypt}", 255 "NOMAD_SERVER=${var.nomad_server}", 256 "NOMAD_CLIENT=${var.nomad_client}", 257 "NOMAD_PODMAN_DRIVER_VERSION=${var.nomad_podman_driver_version}", 258 "NOMAD_JENKINS_UID=${var.nomad_jenkins_uid}", 259 "NOMAD_JENKINS_GID=${var.nomad_jenkins_gid}", 260 "VAULT_ADDR=${var.vault_addr}" 261 ] 262 } 263 264 provisioner "file" { 265 destination = "/tmp/vault_ca.pem" 266 source = "${var.vault_tls_ca_cert}" 267 } 268 269 provisioner "file" { 270 destination = "/tmp/vault_ca.key" 271 source = "${var.vault_tls_ca_key}" 272 } 273 274 provisioner "shell" { 275 script = "openbao.sh" 276 remote_folder = "/home/${var.username}" 277 environment_vars = [ 278 "ARCHITECTURE=${var.architecture}", 279 "USERNAME=${var.username}", 280 "HOSTNAME=${var.hostname}", 281 "NOMAD_SERVER=${var.nomad_server}", 282 "VAULT_TLS_CA_CERT=/tmp/vault_ca.pem", 283 "VAULT_TLS_CA_KEY=/tmp/vault_ca.key", 284 "VAULT_TLS_SUBJ_ALT_NAME=${var.vault_tls_subj_alt_name}", 285 "VAULT_TRANSIT_SERVER=${var.vault_transit_server}", 286 "VAULT_TRANSIT_TOKEN=${var.vault_transit_token}" 287 ] 288 } 289 290 post-processor "manifest" { 291 output = "${var.manifest}" 292 strip_path = true 293 } 294 }