hashi-pi.pkr.hcl (6933B)
1 variable "manifest" { 2 type = string 3 default = "manifest.json" 4 } 5 6 variable "authorized_keys" { 7 type = string 8 default = "" 9 } 10 11 variable "flash_device_path" { 12 type = string 13 default = "/dev/sda" 14 } 15 16 variable "hostname" { 17 type = string 18 default = "HashiPi0" 19 } 20 21 variable "img_name" { 22 type = string 23 default = "raspi.img" 24 } 25 26 variable "img_size" { 27 type = string 28 default = "4G" 29 } 30 31 variable "img_url" { 32 type = string 33 default = "https://downloads.raspberrypi.com/raspios_lite_arm64/images/raspios_lite_arm64-2025-10-02/2025-10-01-raspios-trixie-arm64-lite.img.xz" 34 } 35 36 variable "nomad_tls_ca" { 37 type = string 38 default = "./tls/nomad/nomad-agent-ca.pem" 39 } 40 variable "nomad_tls_ca_p12" { 41 type = string 42 default = "./tls/nomad/nomad-agent-ca.p12" 43 } 44 45 variable "nomad_tls_certs" { 46 type = string 47 default = "./tls/nomad/certs/" 48 } 49 50 variable "nomad_encrypt" { 51 type = string 52 default = "" 53 sensitive = true 54 } 55 56 variable "nomad_client" { 57 type = string 58 default = "true" 59 } 60 61 variable "nomad_jenkins_gid" { 62 type = string 63 default = "1312" 64 } 65 66 variable "nomad_jenkins_uid" { 67 type = string 68 default = "1312" 69 } 70 71 variable "nomad_nfs_mount" { 72 type = string 73 default = "" 74 } 75 76 variable "nomad_nfs_server" { 77 type = string 78 default = "" 79 } 80 81 variable "nomad_nfs_target" { 82 type = string 83 default = "" 84 } 85 86 variable "nomad_podman_driver_version" { 87 type = string 88 default = "0.6.3" 89 } 90 91 variable "nomad_server" { 92 type = string 93 default = "true" 94 } 95 96 variable "nomad_version" { 97 type = string 98 default = "1.10.5" 99 } 100 101 variable "username" { 102 type = string 103 default = "in0rdr" 104 } 105 106 variable "vault_addr" { 107 type = string 108 default = "https://vault.in0rdr.ch" 109 } 110 111 variable "bao_interface" { 112 type = string 113 default = "eth0" 114 } 115 116 variable "vault_transit_server" { 117 type = string 118 default = "" 119 } 120 121 variable "vault_transit_token" { 122 type = string 123 default = "" 124 sensitive = true 125 } 126 127 variable "bao_version" { 128 type = string 129 default = "2.4.1" 130 } 131 132 variable "architecture" { 133 type = string 134 default = "arm64" 135 } 136 137 packer { 138 required_plugins { 139 qemu = { 140 version = ">= 1.1.0" 141 source = "github.com/hashicorp/qemu" 142 } 143 cross = { 144 version = ">= 1.1.3" 145 source = "github.com/michalfita/cross" 146 } 147 } 148 } 149 150 source "cross" "hashipi" { 151 file_checksum_type = "sha256" 152 file_checksum_url = "${var.img_url}.sha256" 153 file_target_extension = "xz" 154 file_unarchive_cmd = ["xz", "-d", "$ARCHIVE_PATH"] 155 file_urls = ["${var.img_url}"] 156 image_build_method = "resize" 157 image_chroot_env = ["PATH=/run/current-system/sw/bin:/run/current-system/sw/sbin:/usr/bin:/bin"] 158 image_partitions { 159 filesystem = "vfat" 160 mountpoint = "/boot" 161 name = "boot" 162 size = "256M" 163 start_sector = "8192" 164 type = "c" 165 } 166 image_partitions { 167 filesystem = "ext4" 168 mountpoint = "/" 169 name = "root" 170 size = "0" 171 start_sector = "532480" 172 type = "83" 173 } 174 image_path = "${var.img_name}" 175 image_size = "${var.img_size}" 176 image_type = "dos" 177 qemu_binary_destination_path = "/run/binfmt/aarch64-linux" 178 qemu_binary_source_path = "/run/binfmt/aarch64-linux" 179 } 180 181 source "qemu" "hashiintel" { 182 accelerator = "kvm" 183 boot_command = ["<esc><wait>", "install <wait>", " preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg <wait>", "debian-installer=en_US.UTF-8 <wait>", "auto <wait>", "locale=en_US.UTF-8 <wait>", "kbd-chooser/method=us <wait>", "keyboard-configuration/xkb-keymap=us <wait>", "netcfg/get_hostname={{ .Name }} <wait>", "net.ifnames=0 <wait>", "fb=false <wait>", "debconf/frontend=noninteractive <wait>", "console-setup/ask_detect=false <wait>", "console-keymaps-at/keymap=us <wait>", "grub-installer/bootdev=/dev/sda <wait>", "pubkey=\"${var.authorized_keys}\" <wait>", "<enter><wait>"] 184 boot_wait = "5s" 185 disk_interface = "virtio" 186 disk_size = "14000" 187 format = "qcow2" 188 # headless = true 189 http_directory = "config" 190 iso_checksum = "file:https://pkg.adfinis-on-exoscale.ch/debian/dists/trixie/main/installer-amd64/current/images/MD5SUMS" 191 iso_url = "https://pkg.adfinis-on-exoscale.ch/debian/dists/trixie/main/installer-amd64/current/images/netboot/mini.iso" 192 memory = "1024" 193 net_device = "virtio-net" 194 output_directory = "${var.hostname}" 195 shutdown_command = "echo 'debian' | sudo -S shutdown -P now" 196 ssh_timeout = "15m" 197 ssh_username = "root" 198 ssh_private_key_file = "/home/andi/.ssh/id_ed25519" 199 vm_name = "${var.hostname}.qcow2" 200 } 201 202 build { 203 sources = ["source.cross.hashipi", "source.qemu.hashiintel"] 204 205 provisioner "shell" { 206 script = "bootstrap.sh" 207 environment_vars = [ 208 "ARCHITECTURE=${var.architecture}", 209 "HOSTNAME=${var.hostname}", 210 "USERNAME=${var.username}", 211 "AUTHORIZED_KEYS=${var.authorized_keys}", 212 "NOMAD_VERSION=${var.nomad_version}", 213 "BAO_VERSION=${var.bao_version}" 214 ] 215 } 216 217 provisioner "shell" { 218 inline = ["mkdir /tmp/tls"] 219 } 220 221 provisioner "file" { 222 destination = "/tmp/tls/nomad-agent-ca.pem" 223 source = "${var.nomad_tls_ca}" 224 } 225 provisioner "file" { 226 destination = "/tmp/tls/nomad-agent-ca.p12" 227 source = "${var.nomad_tls_ca_p12}" 228 } 229 230 provisioner "file" { 231 destination = "/tmp/tls/" 232 source = "${var.nomad_tls_certs}" 233 } 234 235 provisioner "shell" { 236 script = "nomad.sh" 237 remote_folder = "/home/${var.username}" 238 environment_vars = [ 239 "ARCHITECTURE=${var.architecture}", 240 "USERNAME=${var.username}", 241 "NFS_SERVER=${var.nomad_nfs_server}", 242 "NFS_MOUNT=${var.nomad_nfs_mount}", 243 "NFS_MOUNT_TARGET=${var.nomad_nfs_target}", 244 "NOMAD_ENCRYPT=${var.nomad_encrypt}", 245 "NOMAD_SERVER=${var.nomad_server}", 246 "NOMAD_CLIENT=${var.nomad_client}", 247 "NOMAD_PODMAN_DRIVER_VERSION=${var.nomad_podman_driver_version}", 248 "NOMAD_JENKINS_UID=${var.nomad_jenkins_uid}", 249 "NOMAD_JENKINS_GID=${var.nomad_jenkins_gid}", 250 "VAULT_ADDR=${var.vault_addr}" 251 ] 252 } 253 254 provisioner "shell" { 255 script = "openbao.sh" 256 remote_folder = "/home/${var.username}" 257 environment_vars = [ 258 "ARCHITECTURE=${var.architecture}", 259 "USERNAME=${var.username}", 260 "HOSTNAME=${var.hostname}", 261 "NOMAD_SERVER=${var.nomad_server}", 262 "VAULT_TRANSIT_SERVER=${var.vault_transit_server}", 263 "VAULT_TRANSIT_TOKEN=${var.vault_transit_token}" 264 "BAO_INTERFACE=${var.bao_interface}" 265 ] 266 } 267 268 provisioner "shell" { 269 script = "debian_postinstall.sh" 270 environment_vars = [ 271 "USERNAME=${var.username}", 272 "AUTHORIZED_KEYS=${var.authorized_keys}" 273 ] 274 } 275 276 post-processor "manifest" { 277 output = "${var.manifest}" 278 strip_path = true 279 } 280 }