hashi-pi.pkr.hcl - hashipi - Raspberry Pi home lab with Nomad and OpenBao

hashi-pi.pkr.hcl (7126B)
      1 variable "manifest" {
      2   type    = string
      3   default = "manifest.json"
      4 }
      5 
      6 variable "authorized_keys" {
      7   type    = string
      8   default = ""
      9 }
     10 
     11 variable "flash_device_path" {
     12   type    = string
     13   default = "/dev/sda"
     14 }
     15 
     16 variable "hostname" {
     17   type    = string
     18   default = "HashiPi0"
     19 }
     20 
     21 variable "img_name" {
     22   type    = string
     23   default = "raspi.img"
     24 }
     25 
     26 variable "img_size" {
     27   type    = string
     28   default = "4G"
     29 }
     30 
     31 variable "img_url" {
     32   type    = string
     33   default = "https://downloads.raspberrypi.com/raspios_lite_arm64/images/raspios_lite_arm64-2025-10-02/2025-10-01-raspios-trixie-arm64-lite.img.xz"
     34 }
     35 
     36 variable "nomad_tls_ca" {
     37   type    = string
     38   default = "./tls/nomad/nomad-agent-ca.pem"
     39 }
     40 variable "nomad_tls_ca_p12" {
     41   type    = string
     42   default = "./tls/nomad/nomad-agent-ca.p12"
     43 }
     44 
     45 variable "nomad_tls_certs" {
     46   type    = string
     47   default = "./tls/nomad/certs/"
     48 }
     49 
     50 variable "nomad_encrypt" {
     51   type      = string
     52   default   = ""
     53   sensitive = true
     54 }
     55 
     56 variable "nomad_client" {
     57   type    = string
     58   default = "true"
     59 }
     60 
     61 variable "nomad_jenkins_gid" {
     62   type    = string
     63   default = "1312"
     64 }
     65 
     66 variable "nomad_jenkins_uid" {
     67   type    = string
     68   default = "1312"
     69 }
     70 
     71 variable "nomad_nfs_mount" {
     72   type    = string
     73   default = ""
     74 }
     75 
     76 variable "nomad_nfs_server" {
     77   type    = string
     78   default = ""
     79 }
     80 
     81 variable "nomad_nfs_target" {
     82   type    = string
     83   default = ""
     84 }
     85 
     86 variable "nomad_podman_driver_version" {
     87   type    = string
     88   default = "0.6.3"
     89 }
     90 
     91 variable "nomad_server" {
     92   type    = string
     93   default = "true"
     94 }
     95 
     96 variable "nomad_version" {
     97   type    = string
     98   default = "1.10.5"
     99 }
    100 
    101 variable "username" {
    102   type    = string
    103   default = "in0rdr"
    104 }
    105 
    106 variable "vault_addr" {
    107   type    = string
    108   default = "https://vault.in0rdr.ch"
    109 }
    110 
    111 variable "bao_interface" {
    112   type    = string
    113   default = "eth0"
    114 }
    115 
    116 variable "vault_transit_server" {
    117   type    = string
    118   default = ""
    119 }
    120 
    121 variable "vault_transit_token" {
    122   type      = string
    123   default   = ""
    124   sensitive = true
    125 }
    126 
    127 variable "bao_version" {
    128   type    = string
    129   default = "2.4.1"
    130 }
    131 
    132 variable "architecture" {
    133   type    = string
    134   default = "arm64"
    135 }
    136 
    137 variable "gatus_external_endpoint_token" {
    138   type    = string
    139 }
    140 
    141 packer {
    142   required_plugins {
    143     qemu = {
    144       version = ">= 1.1.0"
    145       source  = "github.com/hashicorp/qemu"
    146     }
    147     cross = {
    148       version = ">= 1.1.3"
    149       source  = "github.com/michalfita/cross"
    150     }
    151   }
    152 }
    153 
    154 source "cross" "hashipi" {
    155   file_checksum_type    = "sha256"
    156   file_checksum_url     = "${var.img_url}.sha256"
    157   file_target_extension = "xz"
    158   file_unarchive_cmd    = ["xz", "-d", "$ARCHIVE_PATH"]
    159   file_urls             = ["${var.img_url}"]
    160   image_build_method    = "resize"
    161   image_chroot_env      = ["PATH=/run/current-system/sw/bin:/run/current-system/sw/sbin:/usr/bin:/bin"]
    162   image_partitions {
    163     filesystem   = "vfat"
    164     mountpoint   = "/boot"
    165     name         = "boot"
    166     size         = "256M"
    167     start_sector = "8192"
    168     type         = "c"
    169   }
    170   image_partitions {
    171     filesystem   = "ext4"
    172     mountpoint   = "/"
    173     name         = "root"
    174     size         = "0"
    175     start_sector = "532480"
    176     type         = "83"
    177   }
    178   image_path                   = "${var.img_name}"
    179   image_size                   = "${var.img_size}"
    180   image_type                   = "dos"
    181   qemu_binary_destination_path = "/run/binfmt/aarch64-linux"
    182   qemu_binary_source_path      = "/run/binfmt/aarch64-linux"
    183 }
    184 
    185 source "qemu" "hashiintel" {
    186   accelerator      = "kvm"
    187   boot_command     = ["<esc><wait>", "install <wait>", " preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg <wait>", "debian-installer=en_US.UTF-8 <wait>", "auto <wait>", "locale=en_US.UTF-8 <wait>", "kbd-chooser/method=us <wait>", "keyboard-configuration/xkb-keymap=us <wait>", "netcfg/get_hostname={{ .Name }} <wait>", "net.ifnames=0 <wait>", "fb=false <wait>", "debconf/frontend=noninteractive <wait>", "console-setup/ask_detect=false <wait>", "console-keymaps-at/keymap=us <wait>", "grub-installer/bootdev=/dev/sda <wait>", "pubkey=\"${var.authorized_keys}\" <wait>", "<enter><wait>"]
    188   boot_wait        = "5s"
    189   disk_interface   = "virtio"
    190   disk_size        = "14000"
    191   format           = "qcow2"
    192   #  headless         = true
    193   qemuargs = [
    194     ["-cpu", "qemu64,+sse4.2"],
    195   ]
    196   http_directory   = "config"
    197   iso_checksum     = "file:https://pkg.adfinis-on-exoscale.ch/debian/dists/trixie/main/installer-amd64/current/images/MD5SUMS"
    198   iso_url          = "https://pkg.adfinis-on-exoscale.ch/debian/dists/trixie/main/installer-amd64/current/images/netboot/mini.iso"
    199   memory           = "1024"
    200   net_device       = "virtio-net"
    201   output_directory = "${var.hostname}"
    202   shutdown_command = "echo 'debian' | sudo -S shutdown -P now"
    203   ssh_timeout      = "15m"
    204   ssh_username     = "root"
    205   ssh_private_key_file = "/home/andi/.ssh/id_ed25519"
    206   vm_name          = "${var.hostname}.qcow2"
    207 }
    208 
    209 build {
    210   sources = ["source.cross.hashipi", "source.qemu.hashiintel"]
    211 
    212   provisioner "shell" {
    213     script = "bootstrap.sh"
    214     environment_vars = [
    215       "ARCHITECTURE=${var.architecture}",
    216       "GATUS_EXTERNAL_ENDPOINT_TOKEN=${var.gatus_external_endpoint_token}",
    217       "HOSTNAME=${var.hostname}",
    218       "USERNAME=${var.username}",
    219       "AUTHORIZED_KEYS=${var.authorized_keys}",
    220       "NOMAD_VERSION=${var.nomad_version}",
    221       "BAO_VERSION=${var.bao_version}"
    222     ]
    223   }
    224 
    225   provisioner "shell" {
    226     inline = ["mkdir /tmp/tls"]
    227   }
    228 
    229   provisioner "file" {
    230     destination = "/tmp/tls/nomad-agent-ca.pem"
    231     source      = "${var.nomad_tls_ca}"
    232   }
    233   provisioner "file" {
    234     destination = "/tmp/tls/nomad-agent-ca.p12"
    235     source      = "${var.nomad_tls_ca_p12}"
    236   }
    237 
    238   provisioner "file" {
    239     destination = "/tmp/tls/"
    240     source      = "${var.nomad_tls_certs}"
    241   }
    242 
    243   provisioner "shell" {
    244     script        = "nomad.sh"
    245     remote_folder = "/home/${var.username}"
    246     environment_vars = [
    247       "ARCHITECTURE=${var.architecture}",
    248       "USERNAME=${var.username}",
    249       "NFS_SERVER=${var.nomad_nfs_server}",
    250       "NFS_MOUNT=${var.nomad_nfs_mount}",
    251       "NFS_MOUNT_TARGET=${var.nomad_nfs_target}",
    252       "NOMAD_ENCRYPT=${var.nomad_encrypt}",
    253       "NOMAD_SERVER=${var.nomad_server}",
    254       "NOMAD_CLIENT=${var.nomad_client}",
    255       "NOMAD_PODMAN_DRIVER_VERSION=${var.nomad_podman_driver_version}",
    256       "NOMAD_JENKINS_UID=${var.nomad_jenkins_uid}",
    257       "NOMAD_JENKINS_GID=${var.nomad_jenkins_gid}",
    258       "VAULT_ADDR=${var.vault_addr}"
    259     ]
    260   }
    261 
    262   provisioner "shell" {
    263     script = "openbao.sh"
    264     remote_folder = "/home/${var.username}"
    265     environment_vars = [
    266       "ARCHITECTURE=${var.architecture}",
    267       "USERNAME=${var.username}",
    268       "HOSTNAME=${var.hostname}",
    269       "NOMAD_SERVER=${var.nomad_server}",
    270       "VAULT_TRANSIT_SERVER=${var.vault_transit_server}",
    271       "VAULT_TRANSIT_TOKEN=${var.vault_transit_token}",
    272       "BAO_INTERFACE=${var.bao_interface}"
    273     ]
    274   }
    275 
    276   provisioner "shell" {
    277     script = "debian_postinstall.sh"
    278     environment_vars = [
    279       "USERNAME=${var.username}",
    280       "AUTHORIZED_KEYS=${var.authorized_keys}"
    281     ]
    282   }
    283 
    284   post-processor "manifest" {
    285     output     = "${var.manifest}"
    286     strip_path = true
    287   }
    288 }
	hashipi Raspberry Pi home lab with Nomad and OpenBao
	git clone https://git.in0rdr.ch/hashipi.git
	Log \| Files \| Refs \| Pull requests \|Archive \| README