hashi-pi.pkr.hcl (6682B)
1 variable "manifest" { 2 type = string 3 default = "manifest.json" 4 } 5 6 variable "authorized_keys" { 7 type = string 8 default = "" 9 } 10 11 variable "flash_device_path" { 12 type = string 13 default = "/dev/sda" 14 } 15 16 variable "hostname" { 17 type = string 18 default = "HashiPi0" 19 } 20 21 variable "img_name" { 22 type = string 23 default = "raspi.img" 24 } 25 26 variable "img_size" { 27 type = string 28 default = "4G" 29 } 30 31 variable "img_url" { 32 type = string 33 default = "https://downloads.raspberrypi.com/raspios_lite_arm64/images/raspios_lite_arm64-2025-10-02/2025-10-01-raspios-trixie-arm64-lite.img.xz" 34 } 35 36 variable "nomad_tls_ca" { 37 type = string 38 default = "./tls/nomad/nomad-agent-ca.pem" 39 } 40 variable "nomad_tls_ca_p12" { 41 type = string 42 default = "./tls/nomad/nomad-agent-ca.p12" 43 } 44 45 variable "nomad_tls_certs" { 46 type = string 47 default = "./tls/nomad/certs/" 48 } 49 50 variable "nomad_encrypt" { 51 type = string 52 default = "" 53 sensitive = true 54 } 55 56 variable "nomad_client" { 57 type = string 58 default = "true" 59 } 60 61 variable "nomad_jenkins_gid" { 62 type = string 63 default = "1312" 64 } 65 66 variable "nomad_jenkins_uid" { 67 type = string 68 default = "1312" 69 } 70 71 variable "nomad_nfs_mount" { 72 type = string 73 default = "" 74 } 75 76 variable "nomad_nfs_server" { 77 type = string 78 default = "" 79 } 80 81 variable "nomad_nfs_target" { 82 type = string 83 default = "" 84 } 85 86 variable "nomad_podman_driver_version" { 87 type = string 88 default = "0.6.3" 89 } 90 91 variable "nomad_server" { 92 type = string 93 default = "true" 94 } 95 96 variable "nomad_version" { 97 type = string 98 default = "1.10.5" 99 } 100 101 variable "username" { 102 type = string 103 default = "in0rdr" 104 } 105 106 variable "vault_addr" { 107 type = string 108 default = "https://vault.in0rdr.ch" 109 } 110 111 variable "vault_transit_server" { 112 type = string 113 default = "" 114 } 115 116 variable "vault_transit_token" { 117 type = string 118 default = "" 119 sensitive = true 120 } 121 122 variable "bao_version" { 123 type = string 124 default = "2.4.1" 125 } 126 127 variable "architecture" { 128 type = string 129 default = "arm64" 130 } 131 132 packer { 133 required_plugins { 134 qemu = { 135 version = ">= 1.1.0" 136 source = "github.com/hashicorp/qemu" 137 } 138 cross = { 139 version = ">= 1.1.3" 140 source = "github.com/michalfita/cross" 141 } 142 } 143 } 144 145 source "cross" "hashipi" { 146 file_checksum_type = "sha256" 147 file_checksum_url = "${var.img_url}.sha256" 148 file_target_extension = "xz" 149 file_unarchive_cmd = ["xz", "-d", "$ARCHIVE_PATH"] 150 file_urls = ["${var.img_url}"] 151 image_build_method = "resize" 152 image_chroot_env = ["PATH=/run/current-system/sw/bin:/run/current-system/sw/sbin:/usr/bin:/bin"] 153 image_partitions { 154 filesystem = "vfat" 155 mountpoint = "/boot" 156 name = "boot" 157 size = "256M" 158 start_sector = "8192" 159 type = "c" 160 } 161 image_partitions { 162 filesystem = "ext4" 163 mountpoint = "/" 164 name = "root" 165 size = "0" 166 start_sector = "532480" 167 type = "83" 168 } 169 image_path = "${var.img_name}" 170 image_size = "${var.img_size}" 171 image_type = "dos" 172 qemu_binary_destination_path = "/run/binfmt/aarch64-linux" 173 qemu_binary_source_path = "/run/binfmt/aarch64-linux" 174 } 175 176 source "qemu" "hashiintel" { 177 accelerator = "kvm" 178 boot_command = ["<esc><wait>", "install <wait>", " preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg <wait>", "debian-installer=en_US.UTF-8 <wait>", "auto <wait>", "locale=en_US.UTF-8 <wait>", "kbd-chooser/method=us <wait>", "keyboard-configuration/xkb-keymap=us <wait>", "netcfg/get_hostname={{ .Name }} <wait>", "netcfg/get_domain=libvirt <wait>", "fb=false <wait>", "debconf/frontend=noninteractive <wait>", "console-setup/ask_detect=false <wait>", "console-keymaps-at/keymap=us <wait>", "grub-installer/bootdev=/dev/sda <wait>", "pubkey=\"${var.authorized_keys}\" <wait>", "<enter><wait>"] 179 boot_wait = "5s" 180 disk_interface = "virtio" 181 disk_size = "14000" 182 format = "qcow2" 183 # headless = true 184 http_directory = "config" 185 iso_checksum = "file:http://pkg.adfinis-on-exoscale.ch/debian/dists/bookworm/main/installer-amd64/20230607%2Bdeb12u11/images/MD5SUMS" 186 iso_url = "http://pkg.adfinis-on-exoscale.ch/debian/dists/bookworm/main/installer-amd64/20230607%2Bdeb12u11/images/netboot/mini.iso" 187 memory = "1024" 188 net_device = "virtio-net" 189 output_directory = "${var.hostname}" 190 shutdown_command = "echo 'debian' | sudo -S shutdown -P now" 191 ssh_timeout = "15m" 192 ssh_username = "root" 193 ssh_private_key_file = "/home/andi/.ssh/id_ed25519" 194 vm_name = "${var.hostname}.qcow2" 195 } 196 197 build { 198 sources = ["source.cross.hashipi", "source.qemu.hashiintel"] 199 200 provisioner "shell" { 201 script = "bootstrap.sh" 202 environment_vars = [ 203 "ARCHITECTURE=${var.architecture}", 204 "HOSTNAME=${var.hostname}", 205 "USERNAME=${var.username}", 206 "AUTHORIZED_KEYS=${var.authorized_keys}", 207 "NOMAD_VERSION=${var.nomad_version}", 208 "BAO_VERSION=${var.bao_version}" 209 ] 210 } 211 212 provisioner "shell" { 213 inline = ["mkdir /tmp/tls"] 214 } 215 216 provisioner "file" { 217 destination = "/tmp/tls/nomad-agent-ca.pem" 218 source = "${var.nomad_tls_ca}" 219 } 220 provisioner "file" { 221 destination = "/tmp/tls/nomad-agent-ca.p12" 222 source = "${var.nomad_tls_ca_p12}" 223 } 224 225 provisioner "file" { 226 destination = "/tmp/tls/" 227 source = "${var.nomad_tls_certs}" 228 } 229 230 provisioner "shell" { 231 script = "nomad.sh" 232 remote_folder = "/home/${var.username}" 233 environment_vars = [ 234 "ARCHITECTURE=${var.architecture}", 235 "USERNAME=${var.username}", 236 "NFS_SERVER=${var.nomad_nfs_server}", 237 "NFS_MOUNT=${var.nomad_nfs_mount}", 238 "NFS_MOUNT_TARGET=${var.nomad_nfs_target}", 239 "NOMAD_ENCRYPT=${var.nomad_encrypt}", 240 "NOMAD_SERVER=${var.nomad_server}", 241 "NOMAD_CLIENT=${var.nomad_client}", 242 "NOMAD_PODMAN_DRIVER_VERSION=${var.nomad_podman_driver_version}", 243 "NOMAD_JENKINS_UID=${var.nomad_jenkins_uid}", 244 "NOMAD_JENKINS_GID=${var.nomad_jenkins_gid}", 245 "VAULT_ADDR=${var.vault_addr}" 246 ] 247 } 248 249 provisioner "shell" { 250 script = "openbao.sh" 251 remote_folder = "/home/${var.username}" 252 environment_vars = [ 253 "ARCHITECTURE=${var.architecture}", 254 "USERNAME=${var.username}", 255 "HOSTNAME=${var.hostname}", 256 "NOMAD_SERVER=${var.nomad_server}", 257 "VAULT_TRANSIT_SERVER=${var.vault_transit_server}", 258 "VAULT_TRANSIT_TOKEN=${var.vault_transit_token}" 259 ] 260 } 261 262 post-processor "manifest" { 263 output = "${var.manifest}" 264 strip_path = true 265 } 266 }