hashi-pi.pkr.hcl (7145B)
1 variable "manifest" { 2 type = string 3 default = "manifest.json" 4 } 5 6 variable "authorized_keys" { 7 type = string 8 default = "" 9 } 10 11 variable "flash_device_path" { 12 type = string 13 default = "/dev/sda" 14 } 15 16 variable "hostname" { 17 type = string 18 default = "HashiPi0" 19 } 20 21 variable "img_name" { 22 type = string 23 default = "raspi.img" 24 } 25 26 variable "img_size" { 27 type = string 28 default = "4G" 29 } 30 31 variable "img_url" { 32 type = string 33 default = "https://downloads.raspberrypi.org/raspios_lite_arm64/images/raspios_lite_arm64-2024-03-15/2024-03-15-raspios-bookworm-arm64-lite.img.xz" 34 } 35 36 variable "nomad_tls_ca" { 37 type = string 38 default = "./tls/nomad/nomad-agent-ca.pem" 39 } 40 variable "nomad_tls_ca_p12" { 41 type = string 42 default = "./tls/nomad/nomad-agent-ca.p12" 43 } 44 45 variable "nomad_tls_certs" { 46 type = string 47 default = "./tls/nomad/certs/" 48 } 49 50 variable "nomad_encrypt" { 51 type = string 52 default = "" 53 sensitive = true 54 } 55 56 variable "nomad_client" { 57 type = string 58 default = "true" 59 } 60 61 variable "nomad_jenkins_gid" { 62 type = string 63 default = "1312" 64 } 65 66 variable "nomad_jenkins_uid" { 67 type = string 68 default = "1312" 69 } 70 71 variable "nomad_nfs_mount" { 72 type = string 73 default = "" 74 } 75 76 variable "nomad_nfs_server" { 77 type = string 78 default = "" 79 } 80 81 variable "nomad_nfs_target" { 82 type = string 83 default = "" 84 } 85 86 variable "nomad_podman_driver_version" { 87 type = string 88 default = "0.6.2" 89 } 90 91 variable "nomad_server" { 92 type = string 93 default = "true" 94 } 95 96 variable "nomad_version" { 97 type = string 98 default = "1.9.1" 99 } 100 101 variable "username" { 102 type = string 103 default = "in0rdr" 104 } 105 106 variable "vault_addr" { 107 type = string 108 default = "https://vault.in0rdr.ch" 109 } 110 111 variable "vault_tls_ca_cert" { 112 type = string 113 default = "./tls/vault/ca/vault_ca.pem" 114 } 115 116 variable "vault_tls_ca_key" { 117 type = string 118 default = "./tls/vault/ca/vault_ca.key" 119 } 120 121 variable "vault_tls_subj_alt_name" { 122 type = string 123 default = "IP:127.0.0.1" 124 } 125 126 variable "vault_transit_server" { 127 type = string 128 default = "" 129 } 130 131 variable "vault_transit_token" { 132 type = string 133 default = "" 134 sensitive = true 135 } 136 137 variable "bao_version" { 138 type = string 139 default = "2.0.0-beta20240618" 140 } 141 142 packer { 143 required_plugins { 144 qemu = { 145 version = ">= 1.1.0" 146 source = "github.com/hashicorp/qemu" 147 } 148 cross = { 149 version = ">= 1.1.3" 150 source = "github.com/michalfita/cross" 151 } 152 } 153 } 154 155 source "cross" "hashipi" { 156 file_checksum_type = "sha256" 157 file_checksum_url = "${var.img_url}.sha256" 158 file_target_extension = "xz" 159 file_unarchive_cmd = ["xz", "-d", "$ARCHIVE_PATH"] 160 file_urls = ["${var.img_url}"] 161 image_build_method = "resize" 162 image_chroot_env = ["PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin"] 163 image_partitions { 164 filesystem = "vfat" 165 mountpoint = "/boot" 166 name = "boot" 167 size = "256M" 168 start_sector = "8192" 169 type = "c" 170 } 171 image_partitions { 172 filesystem = "ext4" 173 mountpoint = "/" 174 name = "root" 175 size = "0" 176 start_sector = "532480" 177 type = "83" 178 } 179 image_path = "${var.img_name}" 180 image_size = "${var.img_size}" 181 image_type = "dos" 182 qemu_binary_destination_path = "/usr/bin/qemu-aarch64-static" 183 qemu_binary_source_path = "/usr/bin/qemu-aarch64-static" 184 } 185 186 source "qemu" "hashiintel" { 187 accelerator = "kvm" 188 boot_command = ["<esc><wait>", "install <wait>", " preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg <wait>", "debian-installer=en_US.UTF-8 <wait>", "auto <wait>", "locale=en_US.UTF-8 <wait>", "kbd-chooser/method=us <wait>", "keyboard-configuration/xkb-keymap=us <wait>", "netcfg/get_hostname={{ .Name }} <wait>", "netcfg/get_domain=libvirt <wait>", "fb=false <wait>", "debconf/frontend=noninteractive <wait>", "console-setup/ask_detect=false <wait>", "console-keymaps-at/keymap=us <wait>", "grub-installer/bootdev=/dev/sda <wait>", "pubkey=\"${var.authorized_keys}\" <wait>", "<enter><wait>"] 189 boot_wait = "5s" 190 disk_interface = "virtio" 191 disk_size = "14000" 192 format = "qcow2" 193 # headless = true 194 http_directory = "config" 195 iso_checksum = "file:http://pkg.adfinis-on-exoscale.ch/debian/dists/bookworm/main/installer-amd64/20230607%2Bdeb12u9/images/MD5SUMS" 196 iso_url = "http://pkg.adfinis-on-exoscale.ch/debian/dists/bookworm/main/installer-amd64/20230607%2Bdeb12u9/images/netboot/mini.iso" 197 memory = "1024" 198 net_device = "virtio-net" 199 output_directory = "${var.hostname}" 200 shutdown_command = "echo 'debian' | sudo -S shutdown -P now" 201 ssh_timeout = "15m" 202 ssh_username = "in0rdr" 203 ssh_private_key_file = "/home/andi/.ssh/id_rsa" 204 vm_name = "${var.hostname}.qcow2" 205 } 206 207 build { 208 sources = ["source.cross.hashipi", "source.qemu.hashiintel"] 209 210 provisioner "shell" { 211 script = "bootstrap.sh" 212 environment_vars = [ 213 "HOSTNAME=${var.hostname}", 214 "USERNAME=${var.username}", 215 "AUTHORIZED_KEYS=${var.authorized_keys}", 216 "NOMAD_VERSION=${var.nomad_version}", 217 "BAO_VERSION=${var.bao_version}" 218 ] 219 } 220 221 provisioner "shell" { 222 inline = ["mkdir /tmp/tls"] 223 } 224 225 provisioner "file" { 226 destination = "/tmp/tls/nomad-agent-ca.pem" 227 source = "${var.nomad_tls_ca}" 228 } 229 provisioner "file" { 230 destination = "/tmp/tls/nomad-agent-ca.p12" 231 source = "${var.nomad_tls_ca_p12}" 232 } 233 234 provisioner "file" { 235 destination = "/tmp/tls/" 236 source = "${var.nomad_tls_certs}" 237 } 238 239 provisioner "shell" { 240 script = "nomad.sh" 241 remote_folder = "/home/${var.username}" 242 environment_vars = [ 243 "USERNAME=${var.username}", 244 "NFS_SERVER=${var.nomad_nfs_server}", 245 "NFS_MOUNT=${var.nomad_nfs_mount}", 246 "NFS_MOUNT_TARGET=${var.nomad_nfs_target}", 247 "NOMAD_ENCRYPT=${var.nomad_encrypt}", 248 "NOMAD_SERVER=${var.nomad_server}", 249 "NOMAD_CLIENT=${var.nomad_client}", 250 "NOMAD_PODMAN_DRIVER_VERSION=${var.nomad_podman_driver_version}", 251 "NOMAD_JENKINS_UID=${var.nomad_jenkins_uid}", 252 "NOMAD_JENKINS_GID=${var.nomad_jenkins_gid}", 253 "VAULT_ADDR=${var.vault_addr}" 254 ] 255 } 256 257 provisioner "file" { 258 destination = "/tmp/vault_ca.pem" 259 source = "${var.vault_tls_ca_cert}" 260 } 261 262 provisioner "file" { 263 destination = "/tmp/vault_ca.key" 264 source = "${var.vault_tls_ca_key}" 265 } 266 267 provisioner "shell" { 268 script = "openbao.sh" 269 remote_folder = "/home/${var.username}" 270 environment_vars = [ 271 "USERNAME=${var.username}", 272 "HOSTNAME=${var.hostname}", 273 "NOMAD_SERVER=${var.nomad_server}", 274 "VAULT_TLS_CA_CERT=/tmp/vault_ca.pem", 275 "VAULT_TLS_CA_KEY=/tmp/vault_ca.key", 276 "VAULT_TLS_SUBJ_ALT_NAME=${var.vault_tls_subj_alt_name}", 277 "VAULT_TRANSIT_SERVER=${var.vault_transit_server}", 278 "VAULT_TRANSIT_TOKEN=${var.vault_transit_token}" 279 ] 280 } 281 282 post-processor "manifest" { 283 output = "${var.manifest}" 284 strip_path = true 285 } 286 }