Skull-IT/iac_stack
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: Skull-IT:ac11f5800300aaa8644c7c167b6e42759a47a220
Branches Tags
Skull-IT:main
..
compare: Skull-IT:e0da502c59df6c86bb152480b684ef40c2f13995
Branches Tags
Skull-IT:main

No commits in common. "ac11f5800300aaa8644c7c167b6e42759a47a220" and "e0da502c59df6c86bb152480b684ef40c2f13995" have entirely different histories.
ac11f58003 ... e0da502c59

10 changed files with 0 additions and 253 deletions
Show stats Expand all files Collapse all files

5
ansible.cfg
View file

@ -19,11 +19,6 @@ vault_password_file = ./vault.secret
# Ansible-Verhalten # Ansible-Verhalten
ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S
# Use the YAML callback plugin.
stdout_callback = yaml
# Use the stdout_callback when running ad-hoc commands.
bin_ansible_callbacks = True
[privilege_escalation] [privilege_escalation]
become = True become = True
become_method = sudo become_method = sudo

7
playbooks/heyer.systems/build_debian-minimal-image.yml
View file

@ -1,7 +0,0 @@
- name: Build Debian image for Proxmox using bootstrap-vz (local)
hosts: localhost
connection: local
gather_facts: false
roles:
- create_image_debian-minimal

1
roles/create_image_debian-minimal/.gitignore vendored
View file

@ -1 +0,0 @@
files/*

14
roles/create_image_debian-minimal/defaults/main.yml
View file

@ -1,14 +0,0 @@
---
packer_version: "1.13.1"
ssh_key_url: "https://skulldev.de/Skull-IT/trusted-ssh-keys/raw/branch/main/trusted-ssh-keys"
image_output_dir: "/tmp/packer_images"
debian_iso_url: "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.11.0-amd64-netinst.iso"
debian_iso_checksum_url: "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA256SUMS"
# https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA256SUMS
debian_iso_filename: "debian-12.11.0-amd64-netinst.iso"
ssh_username: "localadmin"
ssh_password: "packer"

0
roles/create_image_debian-minimal/handlers/main.yml
View file

0
roles/create_image_debian-minimal/meta/main.yml
View file

96
roles/create_image_debian-minimal/tasks/main.yml
View file

@ -1,96 +0,0 @@
---
- name: Ensure QEMU, KVM and dependencies are installed
ansible.builtin.apt:
name:
- qemu-system-x86
- qemu-utils
- libvirt-daemon-system
- libvirt-clients
- bridge-utils
- virtinst
- virt-manager
- cpu-checker
- unzip
- curl
state: present
become: true
- name: Download Packer
ansible.builtin.get_url:
url: "https://releases.hashicorp.com/packer/{{ packer_version }}/packer_{{ packer_version }}_linux_amd64.zip"
dest: "/tmp/packer.zip"
mode: '0644'
- name: Unarchive Packer
ansible.builtin.unarchive:
src: /tmp/packer.zip
dest: /usr/local/bin/
remote_src: yes
become: true
- name: Ensure packer is executable
ansible.builtin.file:
path: /usr/local/bin/packer
mode: '0755'
owner: root
group: root
become: true
- name: Create output directory for Packer images
ansible.builtin.file:
path: "{{ image_output_dir }}"
state: directory
mode: '0755'
become: true
- name: Create HTTP directory inside output dir for preseed.cfg
ansible.builtin.file:
path: "{{ image_output_dir }}/http"
state: directory
mode: '0755'
become: true
- name: Copy preseed.cfg template to HTTP directory
ansible.builtin.template:
src: preseed.cfg.j2
dest: "{{ image_output_dir }}/http/preseed.cfg"
mode: '0644'
- name: Download Debian ISO checksums
ansible.builtin.get_url:
url: "{{ debian_iso_checksum_url }}"
dest: /tmp/debian_sha256sums.txt
mode: '0644'
- name: Extract checksum for ISO
ansible.builtin.shell: |
grep "{{ debian_iso_filename }}" /tmp/debian_sha256sums.txt | awk '{ print $1 }'
register: debian_iso_checksum_result
changed_when: false
- name: Set fact with full checksum string
ansible.builtin.set_fact:
debian_iso_checksum: "sha256:{{ debian_iso_checksum_result.stdout }}"
- name: Template Packer HCL config
ansible.builtin.template:
src: debian_minimal.pkr.hcl.j2
dest: "{{ image_output_dir }}/debian_minimal.pkr.hcl"
- name: Run `packer init`
ansible.builtin.command: packer init debian_minimal.pkr.hcl
args:
chdir: "{{ image_output_dir }}"
- name: Run `packer build`
ansible.builtin.command: >
sh -c 'PACKER_LOG=1 PACKER_LOG_PATH=/tmp/packer.log packer build debian_minimal.pkr.hcl'
args:
chdir: "{{ image_output_dir }}"
- name: Copy built image to role files directory
ansible.builtin.copy:
src: "{{ image_output_dir }}/debian-minimal/debian-minimal.qcow2"
dest: "{{ role_path }}/files/debian-minimal.qcow2"
remote_src: yes
become: true

53
roles/create_image_debian-minimal/templates/debian_minimal.pkr.hcl.j2
View file

@ -1,53 +0,0 @@
source "qemu" "debian" {
iso_url = "{{ debian_iso_url }}"
iso_checksum = "{{ debian_iso_checksum }}"
output_directory = "{{ image_output_dir }}/debian-minimal"
vm_name = "debian-minimal.qcow2"
shutdown_command = "echo 'packer' | sudo -S shutdown -P now"
ssh_username = "{{ ssh_username }}"
ssh_password = "{{ ssh_password }}"
ssh_timeout = "60m"
disk_interface = "virtio"
format = "qcow2"
accelerator = "kvm"
http_directory = "http"
headless = true
qemuargs = [
["-m", "2048M"],
["-smp", "2"],
["-cpu", "host"],
["-device", "virtio-rng-pci"]
]
boot_wait = "15s"
boot_command = [
{% raw %}
"<esc><wait>",
"<esc><wait>",
"auto priority=critical interface=auto netcfg/disable_dhcp=false preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg debian-installer=de_DE locale=de_DE.UTF-8 keyboard-configuration/xkb-keymap=de keyboard-configuration/layoutcode=de keyboard-configuration/modelcode=pc105 keyboard-configuration/variant=de console-setup/ask_detect=false netcfg/get_hostname=debian fb=false debconf/frontend=noninteractive initrd=/install.amd/initrd.gz /install.amd/vmlinuz quiet <enter>"
{% endraw %}
]
}
build {
sources = ["source.qemu.debian"]
provisioner "shell" {
inline = [
"export DEBIAN_FRONTEND=noninteractive",
"sudo apt-get update -y",
"sudo apt-get install -y sudo curl vim", # 'passwd' ist eh schon da
"sudo mkdir -p /root/.ssh",
"curl -fsSL '{{ ssh_key_url }}' | sudo tee /root/.ssh/authorized_keys",
"sudo chmod 600 /root/.ssh/authorized_keys"
]
}
}

77
roles/create_image_debian-minimal/templates/preseed.cfg.j2
View file

@ -1,77 +0,0 @@
d-i partman/early_command string \
debconf-set partman/confirm_write_new_label true; \
debconf-set partman/confirm_nooverwrite true; \
debconf-set partman/confirm true
# Preseeding only locale sets language, country and locale.
d-i debian-installer/locale string de_DE.UTF-8
# Keyboard selection
d-i console-setup/ask_detect boolean false
d-i keyboard-configuration/xkb-keymap select de
d-i keyboard-configuration/layoutcode string de
d-i keyboard-configuration/variant string de
d-i keyboard-configuration/modelcode string pc105
# Clock and time zone setup
d-i clock-setup/utc boolean true
d-i time/zone string Europe/Berlin
# Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note
# Partitioning
d-i partman-auto/method string lvm
d-i partman-auto-lvm/guided_size string max
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-md/device_remove_md boolean true
## This makes partman automatically partition without confirmation.
d-i partman-md/confirm boolean true
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman-auto/choose_recipe select atomic
d-i partman/choose_partition select finish
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
d-i partman/confirm boolean true
# Bootloader
d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean true
d-i grub-installer/bootdev string /dev/vda
# Account setup
## Root Account
d-i passwd/root-login boolean false
## User Account
d-i passwd/user-fullname string heyeradmin
d-i passwd/user-uid string 1000
d-i passwd/user-default-groups string sudo,adm,cdrom,dip,plugdev
d-i passwd/user-password password packer
d-i passwd/user-password-again password packer
d-i passwd/username string heyeradmin
d-i user-setup/allow-password-weak boolean true
d-i user-setup/encrypt-home boolean false
d-i preseed/late_command string \
in-target bash -c \
'echo "heyeradmin ALL=(ALL) NOPASSWD:ALL" >/etc/sudoers.d/99_heyeradmin && \
chmod 440 /etc/sudoers.d/99_heyeradmin'
# Hostname
d-i netcfg/get_hostname string debian
d-i netcfg/get_domain string localdomain
d-i netcfg/disable_dhcp boolean false
# Package selection
tasksel tasksel/first standard
d-i pkgsel/include string openssh-server build-essential
d-i pkgsel/update-policy select none
d-i pkgsel/upgrade select full-upgrade
d-i partman/confirm_write_new_label boolean true
d-i partman/confirm_nooverwrite boolean true
d-i partman/confirm boolean true

0
roles/create_image_debian-minimal/vars/main.yml
View file