hashi-pi.pkr.hcl (5455B)
1 variable "authorized_keys" { 2 type = string 3 default = "" 4 } 5 6 variable "flash_device_path" { 7 type = string 8 default = "/dev/sda" 9 } 10 11 variable "hostname" { 12 type = string 13 default = "HashiPi0" 14 } 15 16 variable "img_name" { 17 type = string 18 default = "raspi.img" 19 } 20 21 variable "img_size" { 22 type = string 23 default = "4G" 24 } 25 26 variable "img_url" { 27 type = string 28 default = "https://downloads.raspberrypi.org/raspios_lite_arm64/images/raspios_lite_arm64-2024-03-15/2024-03-15-raspios-bookworm-arm64-lite.img.xz" 29 } 30 31 variable "nomad_tls_ca" { 32 type = string 33 default = "./tls/nomad/nomad-agent-ca.pem" 34 } 35 variable "nomad_tls_ca_p12" { 36 type = string 37 default = "./tls/nomad/nomad-agent-ca.p12" 38 } 39 40 variable "nomad_tls_certs" { 41 type = string 42 default = "./tls/nomad/certs/" 43 } 44 45 variable "nomad_encrypt" { 46 type = string 47 default = "" 48 sensitive = true 49 } 50 51 variable "nomad_client" { 52 type = string 53 default = "true" 54 } 55 56 variable "nomad_jenkins_gid" { 57 type = string 58 default = "1312" 59 } 60 61 variable "nomad_jenkins_uid" { 62 type = string 63 default = "1312" 64 } 65 66 variable "nomad_nfs_mount" { 67 type = string 68 default = "" 69 } 70 71 variable "nomad_nfs_server" { 72 type = string 73 default = "" 74 } 75 76 variable "nomad_nfs_target" { 77 type = string 78 default = "" 79 } 80 81 variable "nomad_podman_driver_version" { 82 type = string 83 default = "0.5.2" 84 } 85 86 variable "nomad_server" { 87 type = string 88 default = "true" 89 } 90 91 variable "nomad_version" { 92 type = string 93 default = "1.8.2" 94 } 95 96 variable "username" { 97 type = string 98 default = "in0rdr" 99 } 100 101 variable "vault_tls_ca_cert" { 102 type = string 103 default = "./tls/vault/ca/vault_ca.pem" 104 } 105 106 variable "vault_tls_ca_key" { 107 type = string 108 default = "./tls/vault/ca/vault_ca.key" 109 } 110 111 variable "vault_tls_subj_alt_name" { 112 type = string 113 default = "IP:127.0.0.1" 114 } 115 116 variable "vault_transit_server" { 117 type = string 118 default = "" 119 } 120 121 variable "vault_transit_token" { 122 type = string 123 default = "" 124 sensitive = true 125 } 126 127 variable "bao_version" { 128 type = string 129 default = "2.0.0-beta20240618" 130 } 131 132 source "arm" "hashipi" { 133 file_checksum_type = "sha256" 134 file_checksum_url = "${var.img_url}.sha256" 135 file_target_extension = "xz" 136 file_unarchive_cmd = ["xz", "-d", "$ARCHIVE_PATH"] 137 file_urls = ["${var.img_url}"] 138 image_build_method = "resize" 139 image_chroot_env = ["PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin"] 140 image_partitions { 141 filesystem = "vfat" 142 mountpoint = "/boot" 143 name = "boot" 144 size = "256M" 145 start_sector = "8192" 146 type = "c" 147 } 148 image_partitions { 149 filesystem = "ext4" 150 mountpoint = "/" 151 name = "root" 152 size = "0" 153 start_sector = "532480" 154 type = "83" 155 } 156 image_path = "${var.img_name}" 157 image_size = "${var.img_size}" 158 image_type = "dos" 159 qemu_binary_destination_path = "/usr/bin/qemu-aarch64-static" 160 qemu_binary_source_path = "/usr/bin/qemu-aarch64-static" 161 } 162 163 build { 164 sources = ["source.arm.hashipi"] 165 166 provisioner "file" { 167 destination = "/tmp/resizerootfs" 168 source = "arm-builder/scripts/resizerootfs/resizerootfs" 169 } 170 171 provisioner "file" { 172 destination = "/tmp/resizerootfs.service" 173 source = "arm-builder/scripts/resizerootfs/resizerootfs.service" 174 } 175 176 provisioner "shell" { 177 script = "bootstrap.sh" 178 environment_vars = [ 179 "HOSTNAME=${var.hostname}", 180 "USERNAME=${var.username}", 181 "AUTHORIZED_KEYS=${var.authorized_keys}", 182 "NOMAD_VERSION=${var.nomad_version}", 183 "BAO_VERSION=${var.bao_version}" 184 ] 185 } 186 187 provisioner "shell" { 188 inline = ["mkdir /tmp/tls"] 189 } 190 191 provisioner "file" { 192 destination = "/tmp/tls/nomad-agent-ca.pem" 193 source = "${var.nomad_tls_ca}" 194 } 195 provisioner "file" { 196 destination = "/tmp/tls/nomad-agent-ca.p12" 197 source = "${var.nomad_tls_ca_p12}" 198 } 199 200 provisioner "file" { 201 destination = "/tmp/tls/" 202 source = "${var.nomad_tls_certs}" 203 } 204 205 provisioner "shell" { 206 script = "nomad.sh" 207 remote_folder = "/home/${var.username}" 208 environment_vars = [ 209 "USERNAME=${var.username}", 210 "NFS_SERVER=${var.nomad_nfs_server}", 211 "NFS_MOUNT=${var.nomad_nfs_mount}", 212 "NFS_MOUNT_TARGET=${var.nomad_nfs_target}", 213 "NOMAD_ENCRYPT=${var.nomad_encrypt}", 214 "NOMAD_SERVER=${var.nomad_server}", 215 "NOMAD_CLIENT=${var.nomad_client}", 216 "NOMAD_PODMAN_DRIVER_VERSION=${var.nomad_podman_driver_version}", 217 "NOMAD_JENKINS_UID=${var.nomad_jenkins_uid}", 218 "NOMAD_JENKINS_GID=${var.nomad_jenkins_gid}" 219 ] 220 } 221 222 provisioner "file" { 223 destination = "/tmp/vault_ca.pem" 224 source = "${var.vault_tls_ca_cert}" 225 } 226 227 provisioner "file" { 228 destination = "/tmp/vault_ca.key" 229 source = "${var.vault_tls_ca_key}" 230 } 231 232 provisioner "shell" { 233 script = "openbah.sh" 234 remote_folder = "/home/${var.username}" 235 environment_vars = [ 236 "USERNAME=${var.username}", 237 "HOSTNAME=${var.hostname}", 238 "NOMAD_SERVER=${var.nomad_server}", 239 "VAULT_TLS_CA_CERT=/tmp/vault_ca.pem", 240 "VAULT_TLS_CA_KEY=/tmp/vault_ca.key", 241 "VAULT_TLS_SUBJ_ALT_NAME=${var.vault_tls_subj_alt_name}", 242 "VAULT_TRANSIT_SERVER=${var.vault_transit_server}", 243 "VAULT_TRANSIT_TOKEN=${var.vault_transit_token}" 244 ] 245 } 246 }