diff --git a/ansible.cfg b/ansible.cfg index e75e998..a8aaf6b 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -19,6 +19,11 @@ vault_password_file = ./vault.secret # Ansible-Verhalten ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S +# Use the YAML callback plugin. +stdout_callback = yaml +# Use the stdout_callback when running ad-hoc commands. +bin_ansible_callbacks = True + [privilege_escalation] become = True become_method = sudo diff --git a/playbooks/heyer.systems/build_debian-minimal-image.yml b/playbooks/heyer.systems/build_debian-minimal-image.yml new file mode 100644 index 0000000..963af96 --- /dev/null +++ b/playbooks/heyer.systems/build_debian-minimal-image.yml @@ -0,0 +1,7 @@ +- name: Build Debian image for Proxmox using bootstrap-vz (local) + hosts: localhost + connection: local + gather_facts: false + + roles: + - create_image_debian-minimal \ No newline at end of file diff --git a/roles/create_image_debian-minimal/.gitignore b/roles/create_image_debian-minimal/.gitignore new file mode 100644 index 0000000..5ed0cb6 --- /dev/null +++ b/roles/create_image_debian-minimal/.gitignore @@ -0,0 +1 @@ +files/* \ No newline at end of file diff --git a/roles/create_image_debian-minimal/defaults/main.yml b/roles/create_image_debian-minimal/defaults/main.yml new file mode 100644 index 0000000..866c1e1 --- /dev/null +++ b/roles/create_image_debian-minimal/defaults/main.yml @@ -0,0 +1,14 @@ +--- +packer_version: "1.13.1" + +ssh_key_url: "https://skulldev.de/Skull-IT/trusted-ssh-keys/raw/branch/main/trusted-ssh-keys" + +image_output_dir: "/tmp/packer_images" + +debian_iso_url: "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.11.0-amd64-netinst.iso" +debian_iso_checksum_url: "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA256SUMS" +# https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA256SUMS +debian_iso_filename: "debian-12.11.0-amd64-netinst.iso" + +ssh_username: "localadmin" +ssh_password: "packer" \ No newline at end of file diff --git a/roles/create_image_debian-minimal/handlers/main.yml b/roles/create_image_debian-minimal/handlers/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/create_image_debian-minimal/meta/main.yml b/roles/create_image_debian-minimal/meta/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/create_image_debian-minimal/tasks/main.yml b/roles/create_image_debian-minimal/tasks/main.yml new file mode 100644 index 0000000..ddf8c42 --- /dev/null +++ b/roles/create_image_debian-minimal/tasks/main.yml @@ -0,0 +1,96 @@ +--- +- name: Ensure QEMU, KVM and dependencies are installed + ansible.builtin.apt: + name: + - qemu-system-x86 + - qemu-utils + - libvirt-daemon-system + - libvirt-clients + - bridge-utils + - virtinst + - virt-manager + - cpu-checker + - unzip + - curl + state: present + become: true + +- name: Download Packer + ansible.builtin.get_url: + url: "https://releases.hashicorp.com/packer/{{ packer_version }}/packer_{{ packer_version }}_linux_amd64.zip" + dest: "/tmp/packer.zip" + mode: '0644' + +- name: Unarchive Packer + ansible.builtin.unarchive: + src: /tmp/packer.zip + dest: /usr/local/bin/ + remote_src: yes + become: true + +- name: Ensure packer is executable + ansible.builtin.file: + path: /usr/local/bin/packer + mode: '0755' + owner: root + group: root + become: true + +- name: Create output directory for Packer images + ansible.builtin.file: + path: "{{ image_output_dir }}" + state: directory + mode: '0755' + become: true + +- name: Create HTTP directory inside output dir for preseed.cfg + ansible.builtin.file: + path: "{{ image_output_dir }}/http" + state: directory + mode: '0755' + become: true + +- name: Copy preseed.cfg template to HTTP directory + ansible.builtin.template: + src: preseed.cfg.j2 + dest: "{{ image_output_dir }}/http/preseed.cfg" + mode: '0644' + +- name: Download Debian ISO checksums + ansible.builtin.get_url: + url: "{{ debian_iso_checksum_url }}" + dest: /tmp/debian_sha256sums.txt + mode: '0644' + +- name: Extract checksum for ISO + ansible.builtin.shell: | + grep "{{ debian_iso_filename }}" /tmp/debian_sha256sums.txt | awk '{ print $1 }' + register: debian_iso_checksum_result + changed_when: false + +- name: Set fact with full checksum string + ansible.builtin.set_fact: + debian_iso_checksum: "sha256:{{ debian_iso_checksum_result.stdout }}" + +- name: Template Packer HCL config + ansible.builtin.template: + src: debian_minimal.pkr.hcl.j2 + dest: "{{ image_output_dir }}/debian_minimal.pkr.hcl" + +- name: Run `packer init` + ansible.builtin.command: packer init debian_minimal.pkr.hcl + args: + chdir: "{{ image_output_dir }}" + +- name: Run `packer build` + ansible.builtin.command: > + sh -c 'PACKER_LOG=1 PACKER_LOG_PATH=/tmp/packer.log packer build debian_minimal.pkr.hcl' + args: + chdir: "{{ image_output_dir }}" + +- name: Copy built image to role files directory + ansible.builtin.copy: + src: "{{ image_output_dir }}/debian-minimal/debian-minimal.qcow2" + dest: "{{ role_path }}/files/debian-minimal.qcow2" + remote_src: yes + become: true diff --git a/roles/create_image_debian-minimal/templates/debian_minimal.pkr.hcl.j2 b/roles/create_image_debian-minimal/templates/debian_minimal.pkr.hcl.j2 new file mode 100644 index 0000000..4c006b9 --- /dev/null +++ b/roles/create_image_debian-minimal/templates/debian_minimal.pkr.hcl.j2 @@ -0,0 +1,53 @@ +source "qemu" "debian" { + iso_url = "{{ debian_iso_url }}" + iso_checksum = "{{ debian_iso_checksum }}" + + output_directory = "{{ image_output_dir }}/debian-minimal" + vm_name = "debian-minimal.qcow2" + shutdown_command = "echo 'packer' | sudo -S shutdown -P now" + ssh_username = "{{ ssh_username }}" + ssh_password = "{{ ssh_password }}" + ssh_timeout = "60m" + disk_interface = "virtio" + format = "qcow2" + accelerator = "kvm" + + http_directory = "http" + + headless = true + + qemuargs = [ + ["-m", "2048M"], + ["-smp", "2"], + ["-cpu", "host"], + ["-device", "virtio-rng-pci"] + ] + + boot_wait = "15s" + + boot_command = [ + {% raw %} + "", + "", + "auto priority=critical interface=auto netcfg/disable_dhcp=false preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg debian-installer=de_DE locale=de_DE.UTF-8 keyboard-configuration/xkb-keymap=de keyboard-configuration/layoutcode=de keyboard-configuration/modelcode=pc105 keyboard-configuration/variant=de console-setup/ask_detect=false netcfg/get_hostname=debian fb=false debconf/frontend=noninteractive initrd=/install.amd/initrd.gz /install.amd/vmlinuz quiet " + {% endraw %} + ] + +} + +build { + sources = ["source.qemu.debian"] + + provisioner "shell" { + inline = [ + "export DEBIAN_FRONTEND=noninteractive", + + "sudo apt-get update -y", + "sudo apt-get install -y sudo curl vim", # 'passwd' ist eh schon da + + "sudo mkdir -p /root/.ssh", + "curl -fsSL '{{ ssh_key_url }}' | sudo tee /root/.ssh/authorized_keys", + "sudo chmod 600 /root/.ssh/authorized_keys" + ] + } +} diff --git a/roles/create_image_debian-minimal/templates/preseed.cfg.j2 b/roles/create_image_debian-minimal/templates/preseed.cfg.j2 new file mode 100644 index 0000000..00c721a --- /dev/null +++ b/roles/create_image_debian-minimal/templates/preseed.cfg.j2 @@ -0,0 +1,77 @@ +d-i partman/early_command string \ + debconf-set partman/confirm_write_new_label true; \ + debconf-set partman/confirm_nooverwrite true; \ + debconf-set partman/confirm true + +# Preseeding only locale sets language, country and locale. +d-i debian-installer/locale string de_DE.UTF-8 + +# Keyboard selection +d-i console-setup/ask_detect boolean false +d-i keyboard-configuration/xkb-keymap select de +d-i keyboard-configuration/layoutcode string de +d-i keyboard-configuration/variant string de +d-i keyboard-configuration/modelcode string pc105 + +# Clock and time zone setup +d-i clock-setup/utc boolean true +d-i time/zone string Europe/Berlin + +# Avoid that last message about the install being complete. +d-i finish-install/reboot_in_progress note + +# Partitioning +d-i partman-auto/method string lvm +d-i partman-auto-lvm/guided_size string max +d-i partman-lvm/device_remove_lvm boolean true +d-i partman-md/device_remove_md boolean true + +## This makes partman automatically partition without confirmation. +d-i partman-md/confirm boolean true +d-i partman-partitioning/confirm_write_new_label boolean true +d-i partman-auto/choose_recipe select atomic +d-i partman/choose_partition select finish +d-i partman-lvm/confirm boolean true +d-i partman-lvm/confirm_nooverwrite boolean true +d-i partman/confirm boolean true + +# Bootloader +d-i grub-installer/only_debian boolean true +d-i grub-installer/with_other_os boolean true +d-i grub-installer/bootdev string /dev/vda + +# Account setup + +## Root Account +d-i passwd/root-login boolean false + +## User Account +d-i passwd/user-fullname string heyeradmin +d-i passwd/user-uid string 1000 +d-i passwd/user-default-groups string sudo,adm,cdrom,dip,plugdev +d-i passwd/user-password password packer +d-i passwd/user-password-again password packer +d-i passwd/username string heyeradmin +d-i user-setup/allow-password-weak boolean true +d-i user-setup/encrypt-home boolean false + +d-i preseed/late_command string \ + in-target bash -c \ + 'echo "heyeradmin ALL=(ALL) NOPASSWD:ALL" >/etc/sudoers.d/99_heyeradmin && \ + chmod 440 /etc/sudoers.d/99_heyeradmin' + +# Hostname +d-i netcfg/get_hostname string debian +d-i netcfg/get_domain string localdomain +d-i netcfg/disable_dhcp boolean false + + +# Package selection +tasksel tasksel/first standard +d-i pkgsel/include string openssh-server build-essential +d-i pkgsel/update-policy select none +d-i pkgsel/upgrade select full-upgrade + +d-i partman/confirm_write_new_label boolean true +d-i partman/confirm_nooverwrite boolean true +d-i partman/confirm boolean true \ No newline at end of file diff --git a/roles/create_image_debian-minimal/vars/main.yml b/roles/create_image_debian-minimal/vars/main.yml new file mode 100644 index 0000000..e69de29