forked from lnussbaum/qemu-debian-create-image
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathsetup-for-vagrant-base-box
executable file
·62 lines (59 loc) · 2.32 KB
/
setup-for-vagrant-base-box
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#! /bin/sh
# Additional setup for qemu-debian-create-image for Vagrant Base Box
#
# Usage: setup-for-vagrant-base-box MNT_DIR DISK
#
# Based on example at:
# https://gist.github.com/lpenz/35a60d560888ae0d74b714506f73c53d
#
# Vagrant Base Box requirements:
#
# https://www.vagrantup.com/docs/boxes/base.html
#
# - "vagrant" user (by convention with "vagrant" password)
# - with "vagrant insecure public key" in ~vagrant/.ssh/authorized_keys
# (from https://github.com/hashicorp/vagrant/tree/master/keys)
# - and passwordless sudo access for vagrant user
# - by convention "root" password is set to "vagrant"
# - for performance ssh "UseDNS no"
#
# Written by Ewen McNeill <[email protected]>, 2018-03-02
# Updated by Ewen McNeill <[email protected]>, 2024-03-12
#---------------------------------------------------------------------------
MNT_DIR="$1"
DISK="$2"
if [ -z "${MNT_DIR}" -o -z "${DISK}" ]; then
echo "Usage: $0 MNT_DIR DISK" >&2
exit 1
fi
echo "Configuring as Vagrant base box..."
sudo chroot "${MNT_DIR}" /bin/sh -c '
set -e -x
: basic config
sed -i "s|^.*UseDNS.*$|UseDNS no|;" /etc/ssh/sshd_config
:
: vagrant user setup
adduser --disabled-password --gecos "Vagrant Automation" vagrant
mkdir -m 0700 /home/vagrant/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" > /home/vagrant/.ssh/authorized_keys
chmod 0600 /home/vagrant/.ssh/authorized_keys
chown -R vagrant:vagrant /home/vagrant
:
: root and sudo setup
echo "vagrant:vagrant" | chpasswd
echo "root:vagrant" | chpasswd
echo "vagrant ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/10-vagrant
chmod 0400 /etc/sudoers.d/10-vagrant
:
: re-enable the ssh-rsa for the old vagrant insecure key
if [ -d /etc/ssh/sshd_config.d ]; then
cat <<EOF >/etc/ssh/sshd_config.d/permit-legacy-ssh-rsa.conf
# Permit the legacy ssh-rsa to accomodate the old Vagrant insecure key
# which is an algorihm disabled by default in modern OpenSSH
#
# See https://github.com/hashicorp/vagrant/issues/11783
PubkeyAcceptedAlgorithms +ssh-rsa
EOF
fi
'
exit 0