pyrox.dev
1# Minimal configuration that vagrant depends on
2
3{ config, pkgs, ... }:
4let
5 # Vagrant uses an insecure shared private key by default, but we
6 # don't use the authorizedKeys attribute under users because it should be
7 # removed on first boot and replaced with a random one. This script sets
8 # the correct permissions and installs the temporary key if no
9 # ~/.ssh/authorized_keys exists.
10 install-vagrant-ssh-key = pkgs.writeScriptBin "install-vagrant-ssh-key" ''
11 #!${pkgs.runtimeShell}
12 if [ ! -e ~/.ssh/authorized_keys ]; then
13 mkdir -m 0700 -p ~/.ssh
14 echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" >> ~/.ssh/authorized_keys
15 chmod 0600 ~/.ssh/authorized_keys
16 fi
17 '';
18in
19{
20 # Enable the OpenSSH daemon.
21 services.openssh.enable = true;
22
23 # Packages used by Vagrant
24 environment.systemPackages = with pkgs; [
25 findutils
26 iputils
27 nettools
28 netcat
29 nfs-utils
30 rsync
31 ];
32
33 users.extraUsers.vagrant = {
34 isNormalUser = true;
35 createHome = true;
36 description = "Vagrant user account";
37 extraGroups = [ "users" "wheel" ];
38 home = "/home/vagrant";
39 password = "vagrant";
40 useDefaultShell = true;
41 uid = 1000;
42 };
43
44 systemd.services.install-vagrant-ssh-key = {
45 description = "Vagrant SSH key install (if needed)";
46 after = [ "fs.target" ];
47 wants = [ "fs.target" ];
48 wantedBy = [ "multi-user.target" ];
49 serviceConfig = {
50 ExecStart = "${install-vagrant-ssh-key}/bin/install-vagrant-ssh-key";
51 User = "vagrant";
52 # So it won't be (needlessly) restarted:
53 RemainAfterExit = true;
54 };
55 };
56
57 security.sudo.wheelNeedsPassword = false;
58}