Skip to content
Snippets Groups Projects
Select Git revision
  • 13e7eb0b8b80bc44f7485c4efd6f59f19ede534d
  • develop default protected
  • production protected
  • nixpkgs-upgrade-2025-06-16
  • nixpkgs-upgrade-2024-12-23
  • 190-our-regular-updates-fill-up-the-servers-boot-partitions
  • nixpkgs-upgrade-2024-10-14
  • hro-cloud protected
  • 162.flexible-grafana-module
  • nixpkgs-upgrade-2024-05-13
  • nixpkgs-upgrade-2024-04-22
  • nixpkgs-upgrade-2024-03-25
  • nixpkgs-upgrade-2024-03-18
  • nixpkgs-upgrade-2024-03-11
  • nixpkgs-upgrade-2024-03-04
  • 163.jp-to-ben-for-prod
  • nixpkgs-upgrade-2024-02-26
  • 164.grafana-alert-rules
  • 157.authorize-new-hro-key
  • nixpkgs-upgrade-2024-02-19
  • nixpkgs-upgrade-2024-02-12
21 results

vagrant-guest.nix

Blame
  • vagrant-guest.nix 2.87 KiB
    # Minimal configuration that vagrant depends on
    
    { config, pkgs, lib, ... }:
    let
      # Vagrant uses an insecure shared private key by default, but we
      # don't use the authorizedKeys attribute under users because it should be
      # removed on first boot and replaced with a random one. This script sets
      # the correct permissions and installs the temporary key if no
      # ~/.ssh/authorized_keys exists.
      install-vagrant-ssh-key = pkgs.writeScriptBin "install-vagrant-ssh-key" ''
        #!${pkgs.runtimeShell}
        if [ ! -e ~/.ssh/authorized_keys ]; then
          mkdir -m 0700 -p ~/.ssh
          echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" >> ~/.ssh/authorized_keys
          chmod 0600 ~/.ssh/authorized_keys
        fi
      '';
    in
    {
      # Services to enable:
    
      # Enable the OpenSSH daemon.
      services.openssh.enable = true;
    
      # Wireguard kernel module for Kernels < 5.6
      boot = lib.mkIf (lib.versionOlder pkgs.linuxPackages.kernel.version "5.6") {
        extraModulePackages = [ config.boot.kernelPackages.wireguard ] ;
      };
    
      # Enable DBus
      services.dbus.enable    = true;
    
      # Replace ntpd by timesyncd
      services.timesyncd.enable = true;
    
      # Packages for Vagrant
      environment.systemPackages = with pkgs; [
        findutils
        gnumake
        iputils
        jq
        nettools
        netcat
        nfs-utils
        rsync
      ];
    
      users.users.root = { password = "vagrant"; };
    
      # Creates a "vagrant" group & user with password-less sudo access
      users.groups.vagrant = {
        name = "vagrant";
        members = [ "vagrant" ];
      };
      users.extraUsers.vagrant = {
        isNormalUser    = true;
        createHome      = true;
        group           = "vagrant";
        extraGroups     = [ "users" "wheel" ];
        password        = "vagrant";
        home            = "/home/vagrant";
        useDefaultShell = true;
      };
    
      systemd.services.install-vagrant-ssh-key = {
        description = "Vagrant SSH key install (if needed)";
        after = [ "fs.target" ];
        wants = [ "fs.target" ];
        wantedBy = [ "multi-user.target" ];
        serviceConfig = {