provision image through Terraform

.terraform.lock.hcl

@@ -0,0 +1,43 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/local" {
+  version = "2.5.2"
+  hashes = [
+    "h1:JlMZD6nYqJ8sSrFfEAH0Vk/SL8WLZRmFaMUF9PJK5wM=",
+    "zh:136299545178ce281c56f36965bf91c35407c11897f7082b3b983d86cb79b511",
+    "zh:3b4486858aa9cb8163378722b642c57c529b6c64bfbfc9461d940a84cd66ebea",
+    "zh:4855ee628ead847741aa4f4fc9bed50cfdbf197f2912775dd9fe7bc43fa077c0",
+    "zh:4b8cd2583d1edcac4011caafe8afb7a95e8110a607a1d5fb87d921178074a69b",
+    "zh:52084ddaff8c8cd3f9e7bcb7ce4dc1eab00602912c96da43c29b4762dc376038",
+    "zh:71562d330d3f92d79b2952ffdda0dad167e952e46200c767dd30c6af8d7c0ed3",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:805f81ade06ff68fa8b908d31892eaed5c180ae031c77ad35f82cb7a74b97cf4",
+    "zh:8b6b3ebeaaa8e38dd04e56996abe80db9be6f4c1df75ac3cccc77642899bd464",
+    "zh:ad07750576b99248037b897de71113cc19b1a8d0bc235eb99173cc83d0de3b1b",
+    "zh:b9f1c3bfadb74068f5c205292badb0661e17ac05eb23bfe8bd809691e4583d0e",
+    "zh:cc4cbcd67414fefb111c1bf7ab0bc4beb8c0b553d01719ad17de9a047adff4d1",
+  ]
+}
+
+provider "registry.terraform.io/kreuzwerker/docker" {
+  version     = "3.0.2"
+  constraints = "~> 3.0.1"
+  hashes = [
+    "h1:cT2ccWOtlfKYBUE60/v2/4Q6Stk1KYTNnhxSck+VPlU=",
+    "zh:15b0a2b2b563d8d40f62f83057d91acb02cd0096f207488d8b4298a59203d64f",
+    "zh:23d919de139f7cd5ebfd2ff1b94e6d9913f0977fcfc2ca02e1573be53e269f95",
+    "zh:38081b3fe317c7e9555b2aaad325ad3fa516a886d2dfa8605ae6a809c1072138",
+    "zh:4a9c5065b178082f79ad8160243369c185214d874ff5048556d48d3edd03c4da",
+    "zh:5438ef6afe057945f28bce43d76c4401254073de01a774760169ac1058830ac2",
+    "zh:60b7fadc287166e5c9873dfe53a7976d98244979e0ab66428ea0dea1ebf33e06",
+    "zh:61c5ec1cb94e4c4a4fb1e4a24576d5f39a955f09afb17dab982de62b70a9bdd1",
+    "zh:a38fe9016ace5f911ab00c88e64b156ebbbbfb72a51a44da3c13d442cd214710",
+    "zh:c2c4d2b1fd9ebb291c57f524b3bf9d0994ff3e815c0cd9c9bcb87166dc687005",
+    "zh:d567bb8ce483ab2cf0602e07eae57027a1a53994aba470fa76095912a505533d",
+    "zh:e83bf05ab6a19dd8c43547ce9a8a511f8c331a124d11ac64687c764ab9d5a792",
+    "zh:e90c934b5cd65516fbcc454c89a150bfa726e7cf1fe749790c7480bbeb19d387",
+    "zh:f05f167d2eaf913045d8e7b88c13757e3cf595dd5cd333057fdafc7c4b7fed62",
+    "zh:fcc9c1cea5ce85e8bcb593862e699a881bd36dffd29e2e367f82d15368659c3d",
+  ]
+}

ctl.sh

@@ -6,12 +6,8 @@ function info {
 
 function build {
   function image {
-    local image_config=${1:-$(ls  packer | fzf)}
-    [[ -z "$image_config" ]] && die "Config not found"
-    docker run --rm --privileged \
-      -v /dev:/dev \
-      -v ${PWD}:/build mkaczanowski/packer-builder-arm:latest \
-      build packer/${image_config}
+    terraform apply
+    docker logs -f $(docker ps -q -f name=packer-builder-arm)
   }
   ${@:-info}
 }

main.tf

@@ -0,0 +1,37 @@
+locals {
+  packer_variables_file = "variables.pkrvars.hcl"
+}
+
+resource "local_file" "packer_variables" {
+  filename = local.packer_variables_file
+  content = <<-EOT
+    scripts = ${jsonencode(var.provisioning_scripts)}
+  EOT
+}
+
+resource "docker_image" "packer" {
+  name         = var.packer_image
+  keep_locally = true
+}
+
+resource "docker_container" "packer" {
+  image = docker_image.packer.image_id
+  name  = "packer-builder-arm"
+  rm = true
+  tty = true
+  stdin_open = true
+  privileged = true
+  command = [
+    "build", 
+    "-var-file=${local.packer_variables_file}",
+    var.packer_config
+  ]
+  volumes {
+    container_path = "/dev"
+    host_path = "/dev"
+  }
+  volumes {
+    container_path = "/build"
+    host_path = "${path.cwd}"
+  }
+}

packer/raspios.pkr.hcl

@@ -1,60 +0,0 @@
-variable "image_url" {
-  type    = string
-  default = "https://downloads.raspberrypi.com/raspios_lite_arm64/images/raspios_lite_arm64-2024-11-19/2024-11-19-raspios-bookworm-arm64-lite.img.xz"
-}
-
-source "arm" "raspios-arm64" {
-  file_urls                 = ["${var.image_url}"]
-  file_checksum_url         = "${var.image_url}.sha256"
-  file_checksum_type        = "sha256"
-  file_target_extension     = "xz"
-  file_unarchive_cmd        = ["xz", "--decompress", "$ARCHIVE_PATH"]
-  image_build_method        = "resize"
-  image_path                = "raspios-arm64.img"
-  image_size                = "4G"
-  image_type                = "dos"
-
-  image_partitions {
-    name        = "boot"
-    type        = "c"
-    start_sector = "8192"
-    filesystem  = "vfat"
-    size        = "256M"
-    mountpoint  = "/boot"
-  }
-
-  image_partitions {
-    name        = "root"
-    type        = "83"
-    start_sector = "532480"
-    filesystem  = "ext4"
-    size        = "0"
-    mountpoint  = "/"
-  }
-
-  image_chroot_env = ["PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin"]
-  qemu_binary_source_path      = "/usr/bin/qemu-aarch64-static"
-  qemu_binary_destination_path = "/usr/bin/qemu-aarch64-static"
-}
-
-build {
-  sources = ["source.arm.raspios-arm64"]
-
-  provisioner "file" {
-    source = "rootfs/lib/systemd/system/firstboot.service"
-    destination = "/lib/systemd/system/firstboot.service"
-  }
-
-  provisioner "file" {
-    source = "rootfs/lib/firstboot.sh"
-    destination = "/lib/firstboot.sh"
-  }
-
-  provisioner "shell" {
-    scripts = [
-      "scripts/pi.sh",
-      "scripts/docker.sh",
-      "scripts/hashi.sh"
-    ]
-  }
-}

providers.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    docker = {
+      source = "kreuzwerker/docker"
+      version = "~> 3.0.1"
+    }
+  }
+}

rootfs/lib/firstboot.sh

@@ -1,7 +0,0 @@
-#!/usr/bin/env bash
-
-# Generate a unique hostname
-NEW_HOSTNAME="rpi-$(cat /proc/cpuinfo | grep Serial | cut -d ' ' -f 2 | tail -c 5)"
-echo "$NEW_HOSTNAME" > /etc/hostname
-sed -i "s/raspberrypi/$NEW_HOSTNAME/g" /etc/hosts
-hostname "$NEW_HOSTNAME"

rootfs/lib/systemd/system/firstboot.service

@@ -1,14 +0,0 @@
-[Unit]
-Description=FirstBoot
-After=network.target apt-daily.service apt-daily-upgrade.service
-Before=rc-local.service
-ConditionFileNotEmpty=/lib/firstboot.sh
-
-[Service]
-ExecStart=/bin/bash /lib/firstboot.sh
-ExecStartPost=/bin/mv /lib/firstboot.sh /lib/firstboot.sh.done
-Type=oneshot
-RemainAfterExit=no
-
-[Install]
-WantedBy=multi-user.target

scripts/docker.sh

@@ -1,7 +0,0 @@
-#!/usr/bin/env bash
-
-curl -fsSL https://get.docker.com -o get-docker.sh
-sudo sh ./get-docker.sh
-rm get-docker.sh
-
-usermod -aG docker pi

scripts/hashi.sh

@@ -1,12 +0,0 @@
-#!/usr/bin/env bash
-
-# install hashistack
-wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
-echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
-sudo apt update
-sudo apt install -y nomad consul
-
-# install CNI plugins
-curl -L -o /tmp/cni-plugins.tgz "https://github.com/containernetworking/plugins/releases/download/v1.0.0/cni-plugins-linux-$([ $(uname -m) = aarch64 ] && echo arm64 || echo amd64)"-v1.0.0.tgz
-sudo mkdir -p /opt/cni/bin
-sudo tar -C /opt/cni/bin -xzf /tmp/cni-plugins.tgz

scripts/pi.sh

@@ -1,10 +0,0 @@
-#!/usr/bin/env bash
-
-# enable ssh
-touch /boot/ssh.txt
-
-# configure user
-echo 'pi:$6$c70VpvPsVNCG0YR5$l5vWWLsLko9Kj65gcQ8qvMkuOoRkEagI90qi3F/Y7rm8eNYZHW8CY6BOIKwMH7a3YYzZYL90zf304cAHLFaZE0' > /boot/userconf.txt
-
-# enable firstboot.service
-cd /etc/systemd/system/multi-user.target.wants && ln -s /lib/systemd/system/firstboot.service .

variables.tf

@@ -0,0 +1,13 @@
+variable "packer_image" {
+  type = string
+  default  = "mkaczanowski/packer-builder-arm:latest"
+}
+
+variable "packer_config" {
+  type = string
+}
+
+variable "provisioning_scripts" {
+  type = list(string)
+  default = []
+}