hermes-agent-packer/hermes.pkr.hcl

variable "vultr_api_key" {
  type      = string
  default   = env("VULTR_API_KEY")
  sensitive = true
}

variable "hermes_version" {
  type        = string
  default     = "v0.7.0"
  description = "Hermes Agent version to install (e.g. v0.7.0)"
}

variable "os_id" {
  type        = string
  default     = "2284"          # Ubuntu 24.04 LTS x64
  description = "Vultr OS ID"
}

variable "plan_id" {
  type    = string
  default = "vc2-2c-4gb"        # 2 vCPU / 4 GB — adjust to your marketplace tier
}

variable "region_id" {
  type    = string
  default = "ewr"               # New Jersey
}

packer {
  required_plugins {
    vultr = {
      version = ">=v2.3.2"
      source  = "github.com/vultr/vultr"
    }
  }
}

source "vultr" "hermes" {
  api_key              = var.vultr_api_key
  os_id                = var.os_id
  plan_id              = var.plan_id
  region_id            = var.region_id
  snapshot_description = "hermes-agent ${var.hermes_version} ${formatdate("YYYY-MM-DD-hhmm", timestamp())}"
  ssh_username         = "root"
  state_timeout        = "25m"
}

build {
  sources = ["source.vultr.hermes"]

  # ── Bake-time provisioning ──
  provisioner "shell" {
    environment_vars = [
      "DEBIAN_FRONTEND=noninteractive",
      "HERMES_VERSION=${var.hermes_version}",
    ]
    script = "scripts/provision.sh"
  }

  # ── Bake cloud-init into the image so it runs on first boot ──
  provisioner "file" {
    source      = "scripts/cloud-init.yaml"
    destination = "/etc/cloud/cloud.cfg.d/99-hermes.cfg"
  }

  # ── Vultr marketplace snapshot prep (must be last) ──
  provisioner "shell" {
    inline = [
      "rm -rf /tmp/* /var/tmp/*",
      "rm -f /root/.ssh/authorized_keys /etc/ssh/*key*",
      "touch /etc/ssh/revoked_keys",
      "chmod 600 /etc/ssh/revoked_keys",
      "find /var/log -mtime -1 -type f -exec truncate -s 0 {} \\;",
      "rm -rf /var/log/*.gz /var/log/*.[0-9] /var/log/*-????????",
      "echo '' > /var/log/auth.log",
      "cat /dev/null > /var/log/lastlog",
      "cat /dev/null > /var/log/wtmp",
      "rm -rf /var/lib/cloud/instances/*",
      "rm -f /var/lib/systemd/random-seed",
      "rm -f /etc/machine-id",
      "touch /etc/machine-id",
      "cat /dev/null > /root/.bash_history",
      "updatedb 2>/dev/null || true",
      "dd if=/dev/zero of=/zerofile bs=1M 2>/dev/null || true",
      "sync",
      "rm -f /zerofile",
      "sync",
      "fstrim / 2>/dev/null || true",
    ]
  }
}