-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrocky.pkrvars.hcl
57 lines (56 loc) · 2.41 KB
/
rocky.pkrvars.hcl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
# Packer variables for Rocky Linux
vmid = "1025"
vmname = "rocky"
vmdesc = "Rocky Linux Base Template"
isourl = "https://download.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-9.5-x86_64-boot.iso"
isochecksum = "file:https://download.rockylinux.org/pub/rocky/9/isos/x86_64/CHECKSUM"
isofile = "rocky.iso"
httpdir = "./http/rocky/"
bootwait = "10s"
bootcmd = [
"<up><wait>e<wait>",
"<down><down><end><wait>",
" console=ttyS0 net.ifnames=0 ipv6.disable=1 inst.cmdline inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/ks.cfg",
"<wait><f10>"
]
provisioner = [
# GRUB Configuration
"cp -f /tmp/base/grub /etc/default/grub",
"echo 'GRUB_CMDLINE_LINUX=\"console=ttyS0 net.ifnames=0 ipv6.disable=1 quiet\"' >> /etc/default/grub",
"echo 'GRUB_DISTRIBUTOR=\"Rocky Linux\"' >> /etc/default/grub",
"grub2-mkconfig -o /boot/grub2/grub.cfg",
"grub2-mkconfig -o /boot/efi/EFI/rocky/grub.cfg",
# Package Configuration
"cp -f /tmp/dnf.conf /etc/dnf/dnf.conf",
"dnf remove dejavu-sans-fonts firewalld gdisk langpacks-en linux-firmware man-db microcode_ctl polkit rsyslog sssd-client teamd vim-minimal xfsprogs -y",
"dnf config-manager --set-enabled crb",
"dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo",
"dnf config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo",
"dnf install epel-release -y",
"dnf install --nogpgcheck https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-$(rpm -E %rhel).noarch.rpm -y",
"dnf install --nogpgcheck https://mirrors.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-$(rpm -E %rhel).noarch.rpm -y",
"dnf update -y",
"dnf install cloud-init sudo -y",
# SSH hardening
"cp -f /tmp/base/sshd_config /etc/ssh/sshd_config",
"cp -f /tmp/base/ssh-banner /etc/ssh/ssh-banner",
# Foot term config
"mkdir -p /usr/share/terminfo/f",
"cp -f /tmp/base/foot /usr/share/terminfo/f/foot",
"cp -f /tmp/base/foot-direct /usr/share/terminfo/f/foot-direct",
# Enable Guest Agent
"systemctl start qemu-guest-agent",
"systemctl enable qemu-guest-agent",
# Setup cloud-init
"cp -f /tmp/base/99-pve.cfg /etc/cloud/cloud.cfg.d/99-pve.cfg",
"cloud-init clean --logs",
# Cleanup VM
"dnf autoremove -y",
"dnf clean all -y",
"truncate -s 0 /etc/machine-id",
"truncate -s 0 /etc/resolv.conf",
"rm -f /var/lib/systemd/random-seed",
"rm -rf /root/* /tmp/* /var/tmp/*",
"sync",
"passwd -l root"
]