split into two stages and fix provisioner

.gitignore

@@ -1 +1,3 @@
-packer_cache/
+packer_cache/
+output/
+*.retry

Makefile

@@ -0,0 +1,18 @@
+ROOT_PASSWORD=uuunifi
+OUTPUT_IMAGE=$(shell find output/base -type f -name '*.ova' | head -1)
+
+all: output/unifi/
+
+output/base/:
+	packer build -var root_password=$(ROOT_PASSWORD) base.json
+
+output/unifi/: output/base/
+	packer build -var root_password=$(ROOT_PASSWORD) \
+		-var source_image=$(OUTPUT_IMAGE) provision.json
+
+clean: clean_base clean_provisioned
+clean_base:
+	rm -r output/base
+clean_provisioned:
+	rm -r output/unifi
+.PHONY: all clean

http/answers

@@ -16,4 +16,4 @@ APKREPOSOPTS="-1"
 SSHDOPTS="-c openssh"
 NTPOPTS="-c chrony"
 
-DISKOPTS="-m sys /dev/vda"
+DISKOPTS="-m sys /dev/sda"

provision.json

@@ -0,0 +1,42 @@
+{
+  "variables": {
+    "source_image": null,
+    "root_password": null,
+
+    "boot_wait": "10s",
+    "output_directory": "output/unifi/"
+  },
+  "builders": [
+    {
+      "type": "virtualbox-ovf",
+      "format": "ova",
+
+      "source_path": "{{user `source_image`}}",
+      "checksum_type": "none",
+
+      "output_directory": "{{user `output_directory`}}",
+
+      "boot_wait": "{{user `boot_wait`}}",
+      "shutdown_command": "echo '{{user `root_password`}}' | sudo -S poweroff",
+
+      "communicator": "ssh",
+      "ssh_username": "root",
+      "ssh_password": "{{user `root_password`}}"
+    }
+  ],
+  "provisioners": [
+    {
+      "type": "shell",
+      "inline": [
+        "apk update",
+        "apk add python sudo"
+      ]
+    },
+    {
+      "type": "ansible",
+      "extra_arguments": [],
+      "user": "root",
+      "playbook_file": "./setup.yml"
+    }
+  ]
+}

setup.yml

@@ -0,0 +1,69 @@
+- hosts: default
+  debugger: on_failed
+  vars:
+    unifi_software_url: https://dl.ubnt.com/unifi/5.10.21/UniFi.unix.zip
+  tasks:
+    - replace:
+        path: /etc/apk/repositories
+        regexp: '^#(.*v\d+.\d+/community.*)$'
+        replace: '\1'
+    - apk:
+        name: openjdk8-jre
+        state: present
+        update_cache: yes
+    - apk:
+        name: '{{item}}'
+        state: present
+      loop:
+        - shadow
+        - mongodb
+        - s6
+        - unzip
+    - user:
+        name: unifi
+        home: /srv/unifi
+    - get_url:
+        url: '{{unifi_software_url}}'
+        dest: /tmp/UniFi.unix.zip
+    - command: unzip /tmp/UniFi.unix.zip
+      args:
+        chdir: /tmp
+        warn: false
+    - shell: mv /tmp/UniFi/* /srv/unifi
+    - command: rm /srv/unifi/bin/mongod
+    - file:
+        path: /srv/unifi
+        owner: unifi
+        mode: o-rwx
+        recurse: yes
+    - file:
+        dest: /srv/unifi/bin/mongod
+        src: /usr/bin/mongod
+        state: link
+    - file:
+        path: /etc/unifi/log
+        state: directory
+    - template:
+        src: templates/unifi/run
+        dest: /etc/unifi/run
+        mode: 755
+    - template:
+        src: templates/unifi/log/run
+        dest: /etc/unifi/log/run
+        mode: 755
+    - user:
+        name: log
+        home: /var/log
+    - file:
+        path: /var/log/unifi
+        state: directory
+        owner: log
+        mode: 750
+    - template:
+        src: templates/init.d/unifi
+        dest: /etc/init.d/unifi
+        mode: 755
+    - service:
+        name: unifi
+        state: started
+        enabled: yes

templates/init.d/unifi

@@ -0,0 +1,16 @@
+#!/sbin/openrc-run
+
+name="unifi"
+supervisor=s6
+s6_service_path="${RC_SVCDIR}/s6-scan/${name}"
+
+depend() {
+	need net s6-svscan
+	after firewall
+}
+
+start_pre() {
+        if [ ! -L "${RC_SVCDIR}/s6-scan/${name}" ]; then
+	        ln -s "/etc/${name}" "${RC_SVCDIR}/s6-scan/${name}"
+	fi
+}

templates/unifi/log/run

@@ -0,0 +1,5 @@
+#!/bin/ash
+
+log_user='log'
+
+exec s6-setuidgid $log_user s6-log -b n20 s1000000 t /var/log/unifi

templates/unifi/run

@@ -0,0 +1,19 @@
+#!/bin/ash
+
+user='unifi'
+group='unifi'
+
+exec 2>&1
+
+base='/srv/unifi'
+
+if [ -d $base ]; then
+    cd $base
+    chown -R $user:$group .
+    version=`head -1 webapps/ROOT/app-unifi/.version`
+    echo "Starting UniFi Controller $version"
+    exec s6-setuidgid $user java -jar lib/ace.jar start
+else
+    echo "Missing $base ... aborting"
+    touch down
+fi