From aa9dbd358e097c1971d00b8cdc5d874fabdb73b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pr=C3=A9mel-Cabic=20Arnaud?= <arnaud.premelcabic@gmail.com>
Date: Wed, 8 May 2024 20:27:09 +0200
Subject: [PATCH] fix: preseed

---
 autoinstall/preseed.cfg |  53 +++++-----
 build.sh                |   0
 debian12.pkr.hcl        | 222 +++++++++-------------------------------
 3 files changed, 79 insertions(+), 196 deletions(-)
 create mode 100644 build.sh

diff --git a/autoinstall/preseed.cfg b/autoinstall/preseed.cfg
index 68d9f50..92ec851 100644
--- a/autoinstall/preseed.cfg
+++ b/autoinstall/preseed.cfg
@@ -1,7 +1,8 @@
 #_preseed_V1
-#### Contents of the preconfiguration file (for booksworm)
+#### Contents of the preconfiguration file (for bookworm)
+### Localization
 # Preseeding only locale sets language, country and locale.
-#d-i debian-installer/locale string en_US.UTF-8
+d-i debian-installer/locale string en_US.UTF-8
 
 # The values can also be preseeded individually for greater flexibility.
 d-i debian-installer/language string en
@@ -9,13 +10,12 @@ d-i debian-installer/country string FR
 d-i debian-installer/locale string en_US.UTF-8
 # Optionally specify additional locales to be generated.
 d-i localechooser/supported-locales multiselect en_US.UTF-8, fr_FR.UTF-8
-#d-i debian-installer/fallbacklocale select fr_FR.UTF-8
-#d-i debian-installer/locale select en_US.UTF-8
 
 # Keyboard selection.
 d-i keyboard-configuration/xkb-keymap select fr
 d-i console-keymaps-at/keymap select fr-latin9
 d-i debian-installer/keymap string fr-latin9
+# d-i keyboard-configuration/toggle select No toggling
 
 ### Network configuration
 # Disable network configuration entirely. This is useful for cdrom
@@ -27,13 +27,16 @@ d-i debian-installer/keymap string fr-latin9
 # skip displaying a list if there is more than one interface.
 d-i netcfg/choose_interface select auto
 
+# To pick a particular interface instead:
+#d-i netcfg/choose_interface select eth1
+
 # To set a different link detection timeout (default is 3 seconds).
 # Values are interpreted as seconds.
-d-i netcfg/link_wait_timeout string 5
+#d-i netcfg/link_wait_timeout string 10
 
 # If you have a slow dhcp server and the installer times out waiting for
 # it, this might be useful.
-d-i netcfg/dhcp_timeout string 60
+#d-i netcfg/dhcp_timeout string 60
 #d-i netcfg/dhcpv6_timeout string 60
 
 # Automatic network configuration is the default.
@@ -86,7 +89,7 @@ d-i netcfg/wireless_wep string
 # If non-free firmware is needed for the network or other hardware, you can
 # configure the installer to always try to load it, without prompting. Or
 # change to false to disable asking.
-d-i hw-detect/load_firmware boolean false
+d-i hw-detect/load_firmware boolean true
 
 ### Network console
 # Use the following settings if you wish to make use of the network-console
@@ -102,7 +105,7 @@ d-i hw-detect/load_firmware boolean false
 # If you select ftp, the mirror/country string does not need to be set.
 # Default value for the mirror protocol: http.
 #d-i mirror/protocol string ftp
-d-i mirror/country string FR
+d-i mirror/country string manual
 d-i mirror/http/hostname string deb.debian.org
 d-i mirror/http/directory string /debian
 d-i mirror/http/proxy string
@@ -115,24 +118,21 @@ d-i mirror/http/proxy string
 ### Account setup
 # Skip creation of a root account (normal user account will be able to
 # use sudo).
-d-i passwd/root-login boolean true
+d-i passwd/root-login boolean false
 # Alternatively, to skip creation of a normal user account.
-d-i passwd/make-user boolean false
+#d-i passwd/make-user boolean true
 
 # Root password, either in clear text
-d-i passwd/root-password password packer
-d-i passwd/root-password-again password packer
+#d-i passwd/root-password password packer
+#d-i passwd/root-password-again password packer
 # or encrypted using a crypt(3)  hash.
 #d-i passwd/root-password-crypted password [$6$vnNlrAnstgaHYy3U$G2cn0/JQ.U1ssiugJNT4HAbFoOdlduSigYF7wP8DdpJin6W9ddbbjJXPSAU98.8jLn18wSfDNkBqesxdz6pm50]
 
 # To create a normal user account.
-#d-i passwd/user-fullname string packer
-#d-i passwd/username string packer
-# Normal user's password, either in clear text
-#d-i passwd/user-password password packer
-#d-i passwd/user-password-again password packer
-# or encrypted using a crypt(3) hash.
-#d-i passwd/user-password-crypted password [$6$vnNlrAnstgaHYy3U$G2cn0/JQ.U1ssiugJNT4HAbFoOdlduSigYF7wP8DdpJin6W9ddbbjJXPSAU98.8jLn18wSfDNkBqesxdz6pm50]
+d-i passwd/user-fullname string debian
+d-i passwd/username string debian
+# mkpasswd -m sha-512 -S $(pwgen -ns 16 1) <password>
+d-i passwd/user-password-crypted password [$6$L90Sg2c4Ymxre7W0$2lXvpEfio6tlSreW7aYVQ3X2bO3ela0dw97jIgo4WdsWFczsFp/jLExku4Rfxoi9/uYwuzubusAS1waDCqhos1]
 # Create the first user with the specified UID instead of the default.
 #d-i passwd/user-uid string 1010
 
@@ -327,8 +327,8 @@ d-i apt-setup/cdrom/set-first boolean false
 # You can choose to install non-free firmware.
 #d-i apt-setup/non-free-firmware boolean true
 # You can choose to install non-free and contrib software.
-#d-i apt-setup/non-free boolean true
-#d-i apt-setup/contrib boolean true
+d-i apt-setup/non-free boolean true
+d-i apt-setup/contrib boolean true
 # Uncomment the following line, if you don't want to have the sources.list
 # entry for a DVD/BD installation image active in the installed system
 # (entries for netinst or CD images will be disabled anyway, regardless of
@@ -366,6 +366,7 @@ d-i apt-setup/security_host string security.debian.org
 # Uncomment this to add multiarch configuration for i386
 #d-i apt-setup/multiarch string i386
 
+
 ### Package selection
 tasksel tasksel/first multiselect standard, ssh-server
 
@@ -374,7 +375,7 @@ tasksel tasksel/first multiselect standard, ssh-server
 #d-i pkgsel/run_tasksel boolean false
 
 # Individual additional packages to install
-d-i pkgsel/include string ca-certificates cloud-init qemu-guest-agent sudo
+d-i pkgsel/include string ca-certificates cloud-init qemu-guest-agent sudo unattended-upgrades
 # Whether to upgrade packages after debootstrap.
 # Allowed values: none, safe-upgrade, full-upgrade
 d-i pkgsel/upgrade select safe-upgrade
@@ -450,6 +451,7 @@ d-i cdrom-detect/eject boolean true
 #   debconf-get-selections --installer > file
 #   debconf-get-selections >> file
 
+
 #### Advanced options
 ### Running custom commands during the installation
 # d-i preseeding is inherently not secure. Nothing in the installer checks
@@ -472,4 +474,9 @@ d-i cdrom-detect/eject boolean true
 # directly, or use the apt-install and in-target commands to easily install
 # packages and run commands in the target system.
 #d-i preseed/late_command string
-d-i preseed/late_command string in-target sed -e 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' -i /etc/ssh/sshd_config
\ No newline at end of file
+d-i preseed/late_command string \
+in-target sed -e 's/#PermitRootLogin prohibit-password/PermitRootLogin no/' -i /etc/ssh/sshd_config; \
+in-target sed -e 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/' -i /etc/ssh/sshd_config; \
+in-target sed -e 's/#PasswordAuthentication yes/PasswordAuthentication no/' -i /etc/ssh/sshd_config; \
+in-target sed -e 's/UsePAM yes/UsePAM no/' -i /etc/ssh/sshd_config; \
+in-target echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIERv00qRw1zq3dHoiRF1iOeXSREo4vhTwOGZYwKt5+3h' > /home/debian/.ssh/authorized_keys
diff --git a/build.sh b/build.sh
new file mode 100644
index 0000000..e69de29
diff --git a/debian12.pkr.hcl b/debian12.pkr.hcl
index b760ce8..603d473 100644
--- a/debian12.pkr.hcl
+++ b/debian12.pkr.hcl
@@ -7,55 +7,6 @@ packer {
   }
 }
 
-variable "bios_type" {
-  type = string
-}
-
-variable "boot_command" {
-  type = string
-}
-
-variable "boot_wait" {
-  type = string
-}
-
-variable "bridge_firewall" {
-  type    = bool
-  default = false
-}
-
-variable "bridge_name" {
-  type = string
-}
-
-variable "cloud_init" {
-  type = bool
-}
-
-variable "iso_file" {
-  type = string
-}
-
-variable "iso_storage_pool" {
-  type    = string
-  default = "local"
-}
-
-variable "machine_default_type" {
-  type    = string
-  default = "pc"
-}
-
-variable "network_model" {
-  type    = string
-  default = "virtio"
-}
-
-variable "os_type" {
-  type    = string
-  default = "l26"
-}
-
 variable "proxmox_api_token_id" {
   type = string
 }
@@ -73,153 +24,78 @@ variable "proxmox_node" {
   type = string
 }
 
-variable "qemu_agent_activation" {
-  type    = bool
-  default = true
-}
-
-variable "scsi_controller_type" {
-  type = string
-}
-
-variable "ssh_timeout" {
-  type = string
-}
-
-variable "tags" {
-  type = string
-}
-
-variable "io_thread" {
-  type = bool
-}
-
-variable "cpu_type" {
-  type    = string
-  default = "x86-64-v3"
-}
-
-variable "vm_info" {
-  type = string
-}
-
-variable "disk_discard" {
-  type    = bool
-  default = true
-}
-
-variable "disk_format" {
-  type    = string
-  default = "qcow2"
-}
-
-variable "disk_size" {
-  type    = string
-  default = "16G"
-}
-
-variable "disk_type" {
-  type    = string
-  default = "scsi"
-}
-
-variable "nb_core" {
-  type    = number
-  default = 1
-}
-
-variable "nb_cpu" {
-  type    = number
-  default = 1
-}
-
-variable "nb_ram" {
-  type    = number
-  default = 1024
-}
-
-variable "ssh_username" {
-  type = string
-}
-
-variable "ssh_password" {
-  type = string
-}
-
-variable "ssh_handshake_attempts" {
-  type = number
-}
-
-variable "storage_pool" {
-  type    = string
-  default = "local-zfs"
-}
-
-variable "vm_id" {
-  type    = number
-  default = 99999
-}
-
-variable "vm_name" {
-  type = string
-}
 
 locals {
   packer_timestamp = formatdate("YYYYMMDD-hhmm", timestamp())
+  storage_pool = "local-zfs"
+  vm_name = "pckr-deb12"
 }
 
 source "proxmox-iso" "debian12" {
-  bios                     = "${var.bios_type}"
-  boot_command             = ["${var.boot_command}"]
-  boot_wait                = "${var.boot_wait}"
-  cloud_init               = "${var.cloud_init}"
-  cloud_init_storage_pool  = "${var.storage_pool}"
+  bios                     = "ovmf"
+  boot_command             = [
+    "<wait><wait><wait>c<wait><wait><wait>",
+    "linux /install.amd/vmlinuz ",
+    "auto=true ",
+    "url=https://git.cloud.arnaud-pc.fr/ministicraft/packer-ministack/raw/branch/master/autoinstall/preseed.cfg ",
+    "hostname=${local.vm_name} ",
+    "domain=arnaud-pc.local ",
+    "interface=auto ",
+    "vga=788 noprompt quiet --<enter>",
+    "initrd /install.amd/initrd.gz<enter>",
+    "boot<enter>"
+  ]
+  boot_wait                = "10s"
+  cloud_init               = true
+  cloud_init_storage_pool  = local.storage_pool
   communicator             = "ssh"
-  cores                    = "${var.nb_core}"
-  cpu_type                 = "${var.cpu_type}"
-  http_directory           = "autoinstall"
+  cores                    = 1
+  cpu_type                 = "x86-64-v3"
   insecure_skip_tls_verify = true
-  iso_file                 = "${var.iso_file}"
-  machine                  = "${var.machine_default_type}"
-  memory                   = "${var.nb_ram}"
-  node                     = "${var.proxmox_node}"
-  os                       = "${var.os_type}"
+  iso_checksum             = "sha512:33c08e56c83d13007e4a5511b9bf2c4926c4aa12fd5dd56d493c0653aecbab380988c5bf1671dbaea75c582827797d98c4a611f7fb2b131fbde2c677d5258ec9"
+  iso_url                  = "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.5.0-amd64-netinst.iso"
+  iso_storage_pool         = "local"
+  iso_download_pve         = true
+  machine                  = "q35"
+  memory                   = 2048
+  node                     = "pve3"
+  os                       = "l26"
   proxmox_url              = "${var.proxmox_api_url}"
-  qemu_agent               = "${var.qemu_agent_activation}"
-  scsi_controller          = "${var.scsi_controller_type}"
-  sockets                  = "${var.nb_cpu}"
-  ssh_handshake_attempts   = "${var.ssh_handshake_attempts}"
+  qemu_agent               = true
+  scsi_controller          = "virtio-scsi-pci"
+  sockets                  = 1
+  ssh_handshake_attempts   = 6
   ssh_pty                  = true
-  ssh_timeout              = "${var.ssh_timeout}"
-  ssh_username             = "${var.ssh_username}"
-  ssh_password             = "${var.ssh_password}"
-  tags                     = "${var.tags}"
-  template_description     = "${var.vm_info} - ${local.packer_timestamp}"
+  ssh_timeout              = "10m"
+  ssh_username             = "debian"
+  ssh_private_key_file     = "/home/ministicraft/.ssh/id_ed25519"
+  tags                     = "debian-12;template"
+  template_description     = "Debian 12 Packer Template - ${local.packer_timestamp}"
   token                    = "${var.proxmox_api_token_secret}"
   unmount_iso              = true
   username                 = "${var.proxmox_api_token_id}"
-  vm_id                    = "${var.vm_id}"
-  vm_name                  = "${var.vm_name}"
+  vm_id                    = 99998
+  vm_name                  = local.vm_name
 
   efi_config {
-    efi_storage_pool  = "${var.storage_pool}"
+    efi_storage_pool  = "${local.storage_pool}"
     pre_enrolled_keys = false
     efi_type          = "4m"
   }
 
   disks {
-    discard      = "${var.disk_discard}"
-    disk_size    = "${var.disk_size}"
-    format       = "${var.disk_format}"
-    io_thread    = "${var.io_thread}"
-    storage_pool = "${var.storage_pool}"
-    type         = "${var.disk_type}"
+    discard      = true
+    disk_size    = "12G"
+    format       = "raw"
+    io_thread    = false
+    storage_pool = "${local.storage_pool}"
+    type         = "scsi"
   }
 
   network_adapters {
-    bridge   = "${var.bridge_name}"
-    firewall = "${var.bridge_firewall}"
-    model    = "${var.network_model}"
+    bridge   = "vmbr0"
+    firewall = false
+    model    = "virtio"
   }
 }