LordVeovis/vm.pkr.hcl

## vm.pkr.hcl
packer {
  required_plugins {
    hyperv = {
      source  = "github.com/hashicorp/hyperv"
      version = "~> 1"
    }
  }
}

variable "lukspwd" {
    type    = string
    default = "proutprout"
}

source "hyperv-iso" "vm" {
  iso_url               = "https://dl-cdn.alpinelinux.org/alpine/v3.21/releases/x86_64/alpine-virt-3.21.2-x86_64.iso"
  iso_checksum          = "sha256:e877549fb113ba93f89f3755742f3e5178ae66fb345bf6a74a9ddbe1e8bd2ec6"
  enable_dynamic_memory = true
  enable_secure_boot    = false
  cpus                  = "2"
  memory                = "2048"
  disk_size             = "16384"
  generation            = "2"
  switch_name           = "Default Switch"
  vm_name               = "packer-forticlient"
  communicator          = "ssh"
  ssh_username          = "packer"
  ssh_password          = "packer"
  shutdown_command      = "echo 'packer' | sudo -S shutdown -P now"
  boot_wait             = "5s"
  boot_keygroup_interval = "20ms"
  #ssh_timeout           = "1h"
  boot_command          = [
    "root<enter><wait>",
    "mkdir /mnt/floppy<enter><wait>",
    #"mount -t vfat -o ro /dev/fd0 /mnt/floppy<enter><wait2>",
    "setup-hostname proutprout<enter><wait>",
    "setup-interfaces -ar<enter><wait2>",
    "setup-timezone Europe/Paris<enter><wait>",
    "setup-ntp chrony<enter><wait6><enter>",
    "setup-apkrepos -1<enter><wait>",
    "apk update<enter><wait>",
    "setup-sshd openssh<enter><wait>",
    "apk add lvm2 cryptsetup e2fsprogs parted mkinitfs dosfstools blkid<enter><wait>",
    "parted -a opt /dev/sda<enter><wait>",
    "mklabel gpt<enter><wait>",
    "mkpart primary fat32 0% 200M<enter><wait>",
    "name 1 esp<enter><wait>",
    "set 1 esp on<enter><wait>",
    "mkpart primary ext4 200M 100%<enter><wait>",
    "name 2 crypto-luks<enter><wait>",
    "quit<enter><wait>",
    "dd if=/dev/urandom of=/dev/sda2 bs=1M count=16<enter><wait>",
    #"cryptsetup -vq -c aes-xts-plain64 -s 256 --hash sha512 --pbkdf argon2id --pbkdf-force-iterations 4 --pbkdf-memory 65536 --pbkdf-parallel 4 --use-random luksFormat /dev/sda2<enter><wait>",
    # pbkdf2 et sha256 car grub: https://www.gnu.org/software/grub/manual/grub/grub.pdf page 82
    "cryptsetup -vq -c aes-xts-plain64 -s 256 --hash sha256 --pbkdf pbkdf2 --use-random luksFormat /dev/sda2<enter><wait>",
    "${var.lukspwd}<enter><wait5>",
    "cryptsetup open /dev/sda2 lvmcrypt<enter><wait>",
    "${var.lukspwd}<enter><wait2>",
    "pvcreate /dev/mapper/lvmcrypt<enter><wait>",
    "vgcreate vg0 /dev/mapper/lvmcrypt<enter><wait>",
    "lvcreate -L 2G vg0 -n boot<enter><wait>",
    "lvcreate -l 100%FREE vg0 -n root<enter><wait>",
    "lvscan<enter><wait>",
    "mkfs.ext4 /dev/vg0/root<enter><wait>",
    "mkfs.ext4 /dev/vg0/boot<enter><wait>",
    "mkfs.fat -F32 /dev/sda1<enter><wait>",
    "mount -t ext4 /dev/vg0/root /mnt/<enter><wait>",
    "mkdir -v /mnt/boot<enter><wait>",
    "mount -t ext4 /dev/vg0/boot /mnt/boot<enter><wait>",
    "mkdir -v /mnt/boot/efi<enter><wait>",
    "mount -t vfat /dev/sda1 /mnt/boot/efi<enter><wait>",
    "mkdir /etc/default && echo 'GRUB_ENABLE_CRYPTODISK=y' >> /etc/default/grub<enter><wait>",
    #"sed -i s/virtio/cryptsetup/ /etc/mkinitfs/mkinitfs.conf<enter><wait>",
    "sed -i -e '/^features=/ s/\"$/ cryptsetup cryptkey kms\"/' /etc/mkinitfs/mkinitfs.conf<enter><wait>",
    "setup-disk -m sys /mnt<enter><wait60>",
    "sed -i -e '/^features=/ s/\"$/ cryptkey kms\"/' /mnt/etc/mkinitfs/mkinitfs.conf<enter><wait>",
    "sed -i -e '/^GRUB_CMDLINE_LINUX_DEFAULT=/ s/\"$/ cryptkey\"/' /mnt/etc/default/grub<enter><wait>",
    "touch /mnt/crypto_keyfile.bin<enter><wait>",
    "chmod 600 /mnt/crypto_keyfile.bin<enter><wait>",
    "dd bs=512 count=4 if=/dev/urandom of=/mnt/crypto_keyfile.bin<enter><wait>",
    "cryptsetup luksAddKey /dev/sda2 /mnt/crypto_keyfile.bin<enter><wait>",
    "${var.lukspwd}<enter><wait9>",
    "mkinitfs -c /mnt/etc/mkinitfs/mkinitfs.conf -b /mnt/ $(ls /mnt/lib/modules/)<enter><wait2>",
    "blkid -s UUID -o value /dev/sda2 > /mnt/uuid<enter><wait>",
    "vgdisplay vg0 | grep 'VG UUID' | awk '{print $3}' > /mnt/uuid_vg0<enter><wait>",
    "lvdisplay /dev/vg0/boot | grep 'LV UUID' | awk '{print $3}' > /mnt/uuid_vg0_boot<enter><wait>",
    "mount -t proc /proc /mnt/proc<enter><wait>",
    "mount --rbind /dev /mnt/dev<enter><wait>",
    "mount --make-rslave /mnt/dev<enter><wait>",
    "mount --rbind /sys /mnt/sys<enter><wait>",
    "chroot /mnt<enter><wait>",
    "source /etc/profile<enter><wait>",
    "export PS1=\"(chroot) $PS1\"<enter><wait>",
    "apk add grub grub-efi efibootmgr lvm2 cryptsetup blkid<enter><wait>",
    "echo 'GRUB_ENABLE_CRYPTODISK=y' >> /etc/default/grub<enter><wait>",
    "grub-mkconfig -o /boot/grub/grub.cfg<enter><wait>",
    #"echo 'GRUB_PRELOAD_MODULES=\"luks cryptodisk part_gpt lvm\"' >> /etc/default/grub",
    #"blkid -s UUID -o value /dev/sda2 > /mnt/uuid && cp uuid /mnt/tmp/<enter><wait>",
    #"${var.lukspwd}<enter><wait>",
    #"sed -i 's/cryptdm=/cryptdm=lvmcrypt cryptkey/' /etc/default/grub<enter><wait>",
    #"echo 'GRUB_ENABLE_CRYPTODISK=y' >> /etc/default/grub<enter><wait>",
    #"echo 'GRUB_PRELOAD_MODULES=\"luks cryptodisk part_gpt lvm\"' >> /etc/default/grub<enter><wait>",
    #"cat > /root/grub-pre.cfg << EOF<enter><wait>",
    #"set crypto_uuid=00001<enter><wait>",
    #"cryptomount -u $crypto_uuid<enter><wait>",
    #"set root='lvmid/00002/00003'<enter><wait>",
    #"set prefix=($root)/boot/grub<enter><wait>",
    #"insmod normal<enter><wait>",
    #"normal<enter><wait>",
    #"EOF<enter><wait>",
    #"grub-mkimage -p /boot/grub -O x86_64-efi -c /root/grub-pre.cfg -o /tmp/grubx64.efi luks2 part_gpt cryptodisk lvm ext2 gcry_rijndael pbkdf2 gcry_sha512<enter><wait>",
    #"install -v /tmp/grubx64.efi /boot/efi/EFI/grub/<enter><wait>",
    #"grub-mkconfig -o /boot/grub/grub.cfg<enter><wait>",
    "exit<enter><wait>",
    #"umount -l /mnt/dev<enter><wait>",
    #"umount -l /mnt/proc<enter><wait>",
    #"umount -l /mnt/sys<enter><wait>",
    #"umount /mnt/boot/efi<enter><wait>",
    #"umount /mnt/boot<enter><wait>",
    #"umount /mnt<enter><wait>",
    #"vgchange -a n<enter><wait>",
    #"cryptsetup close lvmcrypt<enter><wait>",
    #"reboot<enter><wait>"
    #"setup-keymap fr fr<enter><wait>"
  ]
}

build {
  sources = ["sources.hyperv-iso.vm"]


}
	packer {
	required_plugins {
	hyperv = {
	source = "github.com/hashicorp/hyperv"
	version = "~> 1"
	}
	}
	}

	variable "lukspwd" {
	type = string
	default = "proutprout"
	}

	source "hyperv-iso" "vm" {
	iso_url = "https://dl-cdn.alpinelinux.org/alpine/v3.21/releases/x86_64/alpine-virt-3.21.2-x86_64.iso"
	iso_checksum = "sha256:e877549fb113ba93f89f3755742f3e5178ae66fb345bf6a74a9ddbe1e8bd2ec6"
	enable_dynamic_memory = true
	enable_secure_boot = false
	cpus = "2"
	memory = "2048"
	disk_size = "16384"
	generation = "2"
	switch_name = "Default Switch"
	vm_name = "packer-forticlient"
	communicator = "ssh"
	ssh_username = "packer"
	ssh_password = "packer"
	shutdown_command = "echo 'packer' \| sudo -S shutdown -P now"
	boot_wait = "5s"
	boot_keygroup_interval = "20ms"
	#ssh_timeout = "1h"
	boot_command = [
	"root<enter><wait>",
	"mkdir /mnt/floppy<enter><wait>",
	#"mount -t vfat -o ro /dev/fd0 /mnt/floppy<enter><wait2>",
	"setup-hostname proutprout<enter><wait>",
	"setup-interfaces -ar<enter><wait2>",
	"setup-timezone Europe/Paris<enter><wait>",
	"setup-ntp chrony<enter><wait6><enter>",
	"setup-apkrepos -1<enter><wait>",
	"apk update<enter><wait>",
	"setup-sshd openssh<enter><wait>",
	"apk add lvm2 cryptsetup e2fsprogs parted mkinitfs dosfstools blkid<enter><wait>",
	"parted -a opt /dev/sda<enter><wait>",
	"mklabel gpt<enter><wait>",
	"mkpart primary fat32 0% 200M<enter><wait>",
	"name 1 esp<enter><wait>",
	"set 1 esp on<enter><wait>",
	"mkpart primary ext4 200M 100%<enter><wait>",
	"name 2 crypto-luks<enter><wait>",
	"quit<enter><wait>",
	"dd if=/dev/urandom of=/dev/sda2 bs=1M count=16<enter><wait>",
	#"cryptsetup -vq -c aes-xts-plain64 -s 256 --hash sha512 --pbkdf argon2id --pbkdf-force-iterations 4 --pbkdf-memory 65536 --pbkdf-parallel 4 --use-random luksFormat /dev/sda2<enter><wait>",
	# pbkdf2 et sha256 car grub: https://www.gnu.org/software/grub/manual/grub/grub.pdf page 82
	"cryptsetup -vq -c aes-xts-plain64 -s 256 --hash sha256 --pbkdf pbkdf2 --use-random luksFormat /dev/sda2<enter><wait>",
	"${var.lukspwd}<enter><wait5>",
	"cryptsetup open /dev/sda2 lvmcrypt<enter><wait>",
	"${var.lukspwd}<enter><wait2>",
	"pvcreate /dev/mapper/lvmcrypt<enter><wait>",
	"vgcreate vg0 /dev/mapper/lvmcrypt<enter><wait>",
	"lvcreate -L 2G vg0 -n boot<enter><wait>",
	"lvcreate -l 100%FREE vg0 -n root<enter><wait>",
	"lvscan<enter><wait>",
	"mkfs.ext4 /dev/vg0/root<enter><wait>",
	"mkfs.ext4 /dev/vg0/boot<enter><wait>",
	"mkfs.fat -F32 /dev/sda1<enter><wait>",
	"mount -t ext4 /dev/vg0/root /mnt/<enter><wait>",
	"mkdir -v /mnt/boot<enter><wait>",
	"mount -t ext4 /dev/vg0/boot /mnt/boot<enter><wait>",
	"mkdir -v /mnt/boot/efi<enter><wait>",
	"mount -t vfat /dev/sda1 /mnt/boot/efi<enter><wait>",
	"mkdir /etc/default && echo 'GRUB_ENABLE_CRYPTODISK=y' >> /etc/default/grub<enter><wait>",
	#"sed -i s/virtio/cryptsetup/ /etc/mkinitfs/mkinitfs.conf<enter><wait>",
	"sed -i -e '/^features=/ s/\"$/ cryptsetup cryptkey kms\"/' /etc/mkinitfs/mkinitfs.conf<enter><wait>",
	"setup-disk -m sys /mnt<enter><wait60>",
	"sed -i -e '/^features=/ s/\"$/ cryptkey kms\"/' /mnt/etc/mkinitfs/mkinitfs.conf<enter><wait>",
	"sed -i -e '/^GRUB_CMDLINE_LINUX_DEFAULT=/ s/\"$/ cryptkey\"/' /mnt/etc/default/grub<enter><wait>",
	"touch /mnt/crypto_keyfile.bin<enter><wait>",
	"chmod 600 /mnt/crypto_keyfile.bin<enter><wait>",
	"dd bs=512 count=4 if=/dev/urandom of=/mnt/crypto_keyfile.bin<enter><wait>",
	"cryptsetup luksAddKey /dev/sda2 /mnt/crypto_keyfile.bin<enter><wait>",
	"${var.lukspwd}<enter><wait9>",
	"mkinitfs -c /mnt/etc/mkinitfs/mkinitfs.conf -b /mnt/ $(ls /mnt/lib/modules/)<enter><wait2>",
	"blkid -s UUID -o value /dev/sda2 > /mnt/uuid<enter><wait>",
	"vgdisplay vg0 \| grep 'VG UUID' \| awk '{print $3}' > /mnt/uuid_vg0<enter><wait>",
	"lvdisplay /dev/vg0/boot \| grep 'LV UUID' \| awk '{print $3}' > /mnt/uuid_vg0_boot<enter><wait>",
	"mount -t proc /proc /mnt/proc<enter><wait>",
	"mount --rbind /dev /mnt/dev<enter><wait>",
	"mount --make-rslave /mnt/dev<enter><wait>",
	"mount --rbind /sys /mnt/sys<enter><wait>",
	"chroot /mnt<enter><wait>",
	"source /etc/profile<enter><wait>",
	"export PS1=\"(chroot) $PS1\"<enter><wait>",
	"apk add grub grub-efi efibootmgr lvm2 cryptsetup blkid<enter><wait>",
	"echo 'GRUB_ENABLE_CRYPTODISK=y' >> /etc/default/grub<enter><wait>",
	"grub-mkconfig -o /boot/grub/grub.cfg<enter><wait>",
	#"echo 'GRUB_PRELOAD_MODULES=\"luks cryptodisk part_gpt lvm\"' >> /etc/default/grub",
	#"blkid -s UUID -o value /dev/sda2 > /mnt/uuid && cp uuid /mnt/tmp/<enter><wait>",
	#"${var.lukspwd}<enter><wait>",
	#"sed -i 's/cryptdm=/cryptdm=lvmcrypt cryptkey/' /etc/default/grub<enter><wait>",
	#"echo 'GRUB_ENABLE_CRYPTODISK=y' >> /etc/default/grub<enter><wait>",
	#"echo 'GRUB_PRELOAD_MODULES=\"luks cryptodisk part_gpt lvm\"' >> /etc/default/grub<enter><wait>",
	#"cat > /root/grub-pre.cfg << EOF<enter><wait>",
	#"set crypto_uuid=00001<enter><wait>",
	#"cryptomount -u $crypto_uuid<enter><wait>",
	#"set root='lvmid/00002/00003'<enter><wait>",
	#"set prefix=($root)/boot/grub<enter><wait>",
	#"insmod normal<enter><wait>",
	#"normal<enter><wait>",
	#"EOF<enter><wait>",
	#"grub-mkimage -p /boot/grub -O x86_64-efi -c /root/grub-pre.cfg -o /tmp/grubx64.efi luks2 part_gpt cryptodisk lvm ext2 gcry_rijndael pbkdf2 gcry_sha512<enter><wait>",
	#"install -v /tmp/grubx64.efi /boot/efi/EFI/grub/<enter><wait>",
	#"grub-mkconfig -o /boot/grub/grub.cfg<enter><wait>",
	"exit<enter><wait>",
	#"umount -l /mnt/dev<enter><wait>",
	#"umount -l /mnt/proc<enter><wait>",
	#"umount -l /mnt/sys<enter><wait>",
	#"umount /mnt/boot/efi<enter><wait>",
	#"umount /mnt/boot<enter><wait>",
	#"umount /mnt<enter><wait>",
	#"vgchange -a n<enter><wait>",
	#"cryptsetup close lvmcrypt<enter><wait>",
	#"reboot<enter><wait>"
	#"setup-keymap fr fr<enter><wait>"
	]
	}

	build {
	sources = ["sources.hyperv-iso.vm"]


	}
No results found