hashi-pi.pkr.hcl (5577B)
1 variable "authorized_keys" { 2 type = string 3 default = "" 4 } 5 6 variable "flash_device_path" { 7 type = string 8 default = "/dev/sda" 9 } 10 11 variable "hostname" { 12 type = string 13 default = "HashiPi0" 14 } 15 16 variable "img_name" { 17 type = string 18 default = "raspi.img" 19 } 20 21 variable "img_size" { 22 type = string 23 default = "4G" 24 } 25 26 variable "img_url" { 27 type = string 28 default = "https://downloads.raspberrypi.org/raspios_lite_arm64/images/raspios_lite_arm64-2024-03-15/2024-03-15-raspios-bookworm-arm64-lite.img.xz" 29 } 30 31 variable "nomad_tls_ca" { 32 type = string 33 default = "./tls/nomad/nomad-agent-ca.pem" 34 } 35 variable "nomad_tls_ca_p12" { 36 type = string 37 default = "./tls/nomad/nomad-agent-ca.p12" 38 } 39 40 variable "nomad_tls_certs" { 41 type = string 42 default = "./tls/nomad/certs/" 43 } 44 45 variable "nomad_encrypt" { 46 type = string 47 default = "" 48 sensitive = true 49 } 50 51 variable "nomad_client" { 52 type = string 53 default = "true" 54 } 55 56 variable "nomad_jenkins_gid" { 57 type = string 58 default = "1312" 59 } 60 61 variable "nomad_jenkins_uid" { 62 type = string 63 default = "1312" 64 } 65 66 variable "nomad_nfs_mount" { 67 type = string 68 default = "" 69 } 70 71 variable "nomad_nfs_server" { 72 type = string 73 default = "" 74 } 75 76 variable "nomad_nfs_target" { 77 type = string 78 default = "" 79 } 80 81 variable "nomad_podman_driver_version" { 82 type = string 83 default = "0.5.2" 84 } 85 86 variable "nomad_server" { 87 type = string 88 default = "true" 89 } 90 91 variable "nomad_version" { 92 type = string 93 default = "1.8.2" 94 } 95 96 variable "username" { 97 type = string 98 default = "in0rdr" 99 } 100 101 variable "vault_addr" { 102 type = string 103 default = "https://vault.in0rdr.ch" 104 } 105 106 variable "vault_tls_ca_cert" { 107 type = string 108 default = "./tls/vault/ca/vault_ca.pem" 109 } 110 111 variable "vault_tls_ca_key" { 112 type = string 113 default = "./tls/vault/ca/vault_ca.key" 114 } 115 116 variable "vault_tls_subj_alt_name" { 117 type = string 118 default = "IP:127.0.0.1" 119 } 120 121 variable "vault_transit_server" { 122 type = string 123 default = "" 124 } 125 126 variable "vault_transit_token" { 127 type = string 128 default = "" 129 sensitive = true 130 } 131 132 variable "bao_version" { 133 type = string 134 default = "2.0.0-beta20240618" 135 } 136 137 source "arm" "hashipi" { 138 file_checksum_type = "sha256" 139 file_checksum_url = "${var.img_url}.sha256" 140 file_target_extension = "xz" 141 file_unarchive_cmd = ["xz", "-d", "$ARCHIVE_PATH"] 142 file_urls = ["${var.img_url}"] 143 image_build_method = "resize" 144 image_chroot_env = ["PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin"] 145 image_partitions { 146 filesystem = "vfat" 147 mountpoint = "/boot" 148 name = "boot" 149 size = "256M" 150 start_sector = "8192" 151 type = "c" 152 } 153 image_partitions { 154 filesystem = "ext4" 155 mountpoint = "/" 156 name = "root" 157 size = "0" 158 start_sector = "532480" 159 type = "83" 160 } 161 image_path = "${var.img_name}" 162 image_size = "${var.img_size}" 163 image_type = "dos" 164 qemu_binary_destination_path = "/usr/bin/qemu-aarch64-static" 165 qemu_binary_source_path = "/usr/bin/qemu-aarch64-static" 166 } 167 168 build { 169 sources = ["source.arm.hashipi"] 170 171 provisioner "file" { 172 destination = "/tmp/resizerootfs" 173 source = "arm-builder/scripts/resizerootfs/resizerootfs" 174 } 175 176 provisioner "file" { 177 destination = "/tmp/resizerootfs.service" 178 source = "arm-builder/scripts/resizerootfs/resizerootfs.service" 179 } 180 181 provisioner "shell" { 182 script = "bootstrap.sh" 183 environment_vars = [ 184 "HOSTNAME=${var.hostname}", 185 "USERNAME=${var.username}", 186 "AUTHORIZED_KEYS=${var.authorized_keys}", 187 "NOMAD_VERSION=${var.nomad_version}", 188 "BAO_VERSION=${var.bao_version}" 189 ] 190 } 191 192 provisioner "shell" { 193 inline = ["mkdir /tmp/tls"] 194 } 195 196 provisioner "file" { 197 destination = "/tmp/tls/nomad-agent-ca.pem" 198 source = "${var.nomad_tls_ca}" 199 } 200 provisioner "file" { 201 destination = "/tmp/tls/nomad-agent-ca.p12" 202 source = "${var.nomad_tls_ca_p12}" 203 } 204 205 provisioner "file" { 206 destination = "/tmp/tls/" 207 source = "${var.nomad_tls_certs}" 208 } 209 210 provisioner "shell" { 211 script = "nomad.sh" 212 remote_folder = "/home/${var.username}" 213 environment_vars = [ 214 "USERNAME=${var.username}", 215 "NFS_SERVER=${var.nomad_nfs_server}", 216 "NFS_MOUNT=${var.nomad_nfs_mount}", 217 "NFS_MOUNT_TARGET=${var.nomad_nfs_target}", 218 "NOMAD_ENCRYPT=${var.nomad_encrypt}", 219 "NOMAD_SERVER=${var.nomad_server}", 220 "NOMAD_CLIENT=${var.nomad_client}", 221 "NOMAD_PODMAN_DRIVER_VERSION=${var.nomad_podman_driver_version}", 222 "NOMAD_JENKINS_UID=${var.nomad_jenkins_uid}", 223 "NOMAD_JENKINS_GID=${var.nomad_jenkins_gid}", 224 "VAULT_ADDR=${var.vault_addr}" 225 ] 226 } 227 228 provisioner "file" { 229 destination = "/tmp/vault_ca.pem" 230 source = "${var.vault_tls_ca_cert}" 231 } 232 233 provisioner "file" { 234 destination = "/tmp/vault_ca.key" 235 source = "${var.vault_tls_ca_key}" 236 } 237 238 provisioner "shell" { 239 script = "openbao.sh" 240 remote_folder = "/home/${var.username}" 241 environment_vars = [ 242 "USERNAME=${var.username}", 243 "HOSTNAME=${var.hostname}", 244 "NOMAD_SERVER=${var.nomad_server}", 245 "VAULT_TLS_CA_CERT=/tmp/vault_ca.pem", 246 "VAULT_TLS_CA_KEY=/tmp/vault_ca.key", 247 "VAULT_TLS_SUBJ_ALT_NAME=${var.vault_tls_subj_alt_name}", 248 "VAULT_TRANSIT_SERVER=${var.vault_transit_server}", 249 "VAULT_TRANSIT_TOKEN=${var.vault_transit_token}" 250 ] 251 } 252 }