provision image through Terraform

examples/raspios/.terraform.lock.hcl

@@ -0,0 +1,43 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/local" {
+  version = "2.5.2"
+  hashes = [
+    "h1:JlMZD6nYqJ8sSrFfEAH0Vk/SL8WLZRmFaMUF9PJK5wM=",
+    "zh:136299545178ce281c56f36965bf91c35407c11897f7082b3b983d86cb79b511",
+    "zh:3b4486858aa9cb8163378722b642c57c529b6c64bfbfc9461d940a84cd66ebea",
+    "zh:4855ee628ead847741aa4f4fc9bed50cfdbf197f2912775dd9fe7bc43fa077c0",
+    "zh:4b8cd2583d1edcac4011caafe8afb7a95e8110a607a1d5fb87d921178074a69b",
+    "zh:52084ddaff8c8cd3f9e7bcb7ce4dc1eab00602912c96da43c29b4762dc376038",
+    "zh:71562d330d3f92d79b2952ffdda0dad167e952e46200c767dd30c6af8d7c0ed3",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:805f81ade06ff68fa8b908d31892eaed5c180ae031c77ad35f82cb7a74b97cf4",
+    "zh:8b6b3ebeaaa8e38dd04e56996abe80db9be6f4c1df75ac3cccc77642899bd464",
+    "zh:ad07750576b99248037b897de71113cc19b1a8d0bc235eb99173cc83d0de3b1b",
+    "zh:b9f1c3bfadb74068f5c205292badb0661e17ac05eb23bfe8bd809691e4583d0e",
+    "zh:cc4cbcd67414fefb111c1bf7ab0bc4beb8c0b553d01719ad17de9a047adff4d1",
+  ]
+}
+
+provider "registry.terraform.io/kreuzwerker/docker" {
+  version     = "3.0.2"
+  constraints = "~> 3.0.1"
+  hashes = [
+    "h1:cT2ccWOtlfKYBUE60/v2/4Q6Stk1KYTNnhxSck+VPlU=",
+    "zh:15b0a2b2b563d8d40f62f83057d91acb02cd0096f207488d8b4298a59203d64f",
+    "zh:23d919de139f7cd5ebfd2ff1b94e6d9913f0977fcfc2ca02e1573be53e269f95",
+    "zh:38081b3fe317c7e9555b2aaad325ad3fa516a886d2dfa8605ae6a809c1072138",
+    "zh:4a9c5065b178082f79ad8160243369c185214d874ff5048556d48d3edd03c4da",
+    "zh:5438ef6afe057945f28bce43d76c4401254073de01a774760169ac1058830ac2",
+    "zh:60b7fadc287166e5c9873dfe53a7976d98244979e0ab66428ea0dea1ebf33e06",
+    "zh:61c5ec1cb94e4c4a4fb1e4a24576d5f39a955f09afb17dab982de62b70a9bdd1",
+    "zh:a38fe9016ace5f911ab00c88e64b156ebbbbfb72a51a44da3c13d442cd214710",
+    "zh:c2c4d2b1fd9ebb291c57f524b3bf9d0994ff3e815c0cd9c9bcb87166dc687005",
+    "zh:d567bb8ce483ab2cf0602e07eae57027a1a53994aba470fa76095912a505533d",
+    "zh:e83bf05ab6a19dd8c43547ce9a8a511f8c331a124d11ac64687c764ab9d5a792",
+    "zh:e90c934b5cd65516fbcc454c89a150bfa726e7cf1fe749790c7480bbeb19d387",
+    "zh:f05f167d2eaf913045d8e7b88c13757e3cf595dd5cd333057fdafc7c4b7fed62",
+    "zh:fcc9c1cea5ce85e8bcb593862e699a881bd36dffd29e2e367f82d15368659c3d",
+  ]
+}

examples/raspios/main.tf

@@ -0,0 +1,9 @@
+module "raspios" {
+  source = "../../"
+  packer_config = "packer/raspios.pkr.hcl"
+  provisioning_scripts = [
+    "scripts/pi.sh",
+    "scripts/docker.sh",
+    "scripts/hashi.sh"
+  ]
+}

examples/raspios/packer/raspios.pkr.hcl

@@ -0,0 +1,66 @@
+variable "image_url" {
+  type    = string
+  default = "https://downloads.raspberrypi.com/raspios_lite_arm64/images/raspios_lite_arm64-2024-11-19/2024-11-19-raspios-bookworm-arm64-lite.img.xz"
+}
+
+variable "image_path" {
+  type    = string
+  default = "raspios-arm64.img"
+}
+
+variable "scripts" {
+  type = list(string)
+  default = []
+}
+
+source "arm" "raspios-arm64" {
+  file_urls             = ["${var.image_url}"]
+  file_checksum_url     = "${var.image_url}.sha256"
+  file_checksum_type    = "sha256"
+  file_target_extension = "xz"
+  file_unarchive_cmd    = ["xz", "--decompress", "$ARCHIVE_PATH"]
+  image_build_method    = "resize"
+  image_path            = var.image_path
+  image_size            = "4G"
+  image_type            = "dos"
+
+  image_partitions {
+    name         = "boot"
+    type         = "c"
+    start_sector = "8192"
+    filesystem   = "vfat"
+    size         = "256M"
+    mountpoint   = "/boot"
+  }
+
+  image_partitions {
+    name         = "root"
+    type         = "83"
+    start_sector = "532480"
+    filesystem   = "ext4"
+    size         = "0"
+    mountpoint   = "/"
+  }
+
+  image_chroot_env = ["PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin"]
+  qemu_binary_source_path      = "/usr/bin/qemu-aarch64-static"
+  qemu_binary_destination_path = "/usr/bin/qemu-aarch64-static"
+}
+
+build {
+  sources = ["source.arm.raspios-arm64"]
+
+  provisioner "file" {
+    source = "rootfs/lib/systemd/system/firstboot.service"
+    destination = "/lib/systemd/system/firstboot.service"
+  }
+
+  provisioner "file" {
+    source = "rootfs/lib/firstboot.sh"
+    destination = "/lib/firstboot.sh"
+  }
+
+  provisioner "shell" {
+    scripts = var.scripts
+  }
+}

examples/raspios/rootfs/lib/firstboot.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+# Generate a unique hostname
+NEW_HOSTNAME="rpi-$(cat /proc/cpuinfo | grep Serial | cut -d ' ' -f 2 | tail -c 5)"
+echo "$NEW_HOSTNAME" > /etc/hostname
+sed -i "s/raspberrypi/$NEW_HOSTNAME/g" /etc/hosts
+hostname "$NEW_HOSTNAME"

examples/raspios/rootfs/lib/systemd/system/firstboot.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=FirstBoot
+After=network.target apt-daily.service apt-daily-upgrade.service
+Before=rc-local.service
+ConditionFileNotEmpty=/lib/firstboot.sh
+
+[Service]
+ExecStart=/bin/bash /lib/firstboot.sh
+ExecStartPost=/bin/mv /lib/firstboot.sh /lib/firstboot.sh.done
+Type=oneshot
+RemainAfterExit=no
+
+[Install]
+WantedBy=multi-user.target

examples/raspios/scripts/docker.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+curl -fsSL https://get.docker.com -o get-docker.sh
+sudo sh ./get-docker.sh
+rm get-docker.sh
+
+usermod -aG docker pi

examples/raspios/scripts/hashi.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+# install hashistack
+wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
+echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
+sudo apt update
+sudo apt install -y nomad consul
+
+# install CNI plugins
+curl -L -o /tmp/cni-plugins.tgz "https://github.com/containernetworking/plugins/releases/download/v1.0.0/cni-plugins-linux-$([ $(uname -m) = aarch64 ] && echo arm64 || echo amd64)"-v1.0.0.tgz
+sudo mkdir -p /opt/cni/bin
+sudo tar -C /opt/cni/bin -xzf /tmp/cni-plugins.tgz

examples/raspios/scripts/pi.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+# enable ssh
+touch /boot/ssh.txt
+
+# configure user
+echo 'pi:$6$c70VpvPsVNCG0YR5$l5vWWLsLko9Kj65gcQ8qvMkuOoRkEagI90qi3F/Y7rm8eNYZHW8CY6BOIKwMH7a3YYzZYL90zf304cAHLFaZE0' > /boot/userconf.txt
+
+# enable firstboot.service
+cd /etc/systemd/system/multi-user.target.wants && ln -s /lib/systemd/system/firstboot.service .

examples/raspios/variables.pkrvars.hcl

@@ -0,0 +1 @@
+scripts = ["scripts/pi.sh","scripts/docker.sh","scripts/hashi.sh"]