Update channel to 23.05 for nix packages

Vagrantfile

@@ -2,7 +2,11 @@
 # vi: set ft=ruby :
 
 unless ENV["VAGRANT_BYPASS_REQUIRED_PLUGINS"]
-  required_plugins = [ "vagrant-disksize", "vagrant-vbguest", "vagrant-reload" ]
+  required_plugins = [
+    "vagrant-disksize",
+    "vagrant-vbguest",
+    "vagrant-reload"
+  ]
   plugins_installed = required_plugins.reduce(true) do |pi, rp|
     pi && Vagrant.has_plugin?(rp)
   end
@@ -23,6 +27,7 @@ gui_enabled = ENV['VAGRANT_GUI'] || true
 # you're doing.
 Vagrant.configure("2") do |config|
   config.vm.box = "ubuntu/jammy64"
+  config.vbguest.auto_update = false
 
   # Disable automatic box update checking. If you disable this, then
   # boxes will only be checked for updates when the user runs
@@ -31,13 +36,13 @@ Vagrant.configure("2") do |config|
 
   # Create a private network, which allows host-only access to the machine
   # using a specific IP.
-  # config.vm.network "private_network", ip: "192.168.33.10"
+  config.vm.network "private_network", ip: "192.168.4.20"
 
   # Share a folder between guest and host for convenience
   config.vm.synced_folder File.join(".", "data"), "/media/data"
 
   # Use vagrant-disksize plugin to resize disk as desired
-  config.disksize.size = ENV["VAGRANT_DISKSIZE"] || "20GB"
+  config.disksize.size = ENV["VAGRANT_DISKSIZE"] || "40GB"
 
   config.vm.provider "virtualbox" do |vb|
     vb.memory = ENV['VAGRANT_MEMORY'] || 1024 * 8
@@ -68,26 +73,30 @@ Vagrant.configure("2") do |config|
   config.vm.define "test", autostart: false do |test|
   end
 
-  # Update apt and install custom specified packages
+  config.vm.provision :shell,
+    name: "Install Minimal XFCE",
+    path: "provisioners/install-xfce-minimal.sh" \
+      if gui_enabled
+
   config.vm.provision :shell,
     name: "Install APT Packages",
     path: "provisioners/install-apt-packages.sh"
 
-  # config.vm.provision :shell,
-  #   name: "Install Minimal XFCE",
-  #   path: "provisioners/install-xfce-minimal.sh" \
-  #     if gui_enabled
-
-  config.vm.provision :shell,
-    name: "Install Minimal KDE",
-    path: "provisioners/install-kde-minimal.sh" \
-      if gui_enabled
-
   config.vm.provision :shell,
     name: "Install Nix",
     path: "provisioners/install-nix.sh",
     privileged: false
 
+  config.vm.provision :shell,
+    name: "Install Nix Packages",
+    path: "provisioners/install-nix-packages-flakes.sh",
+    privileged: false
+
+  config.vm.provision :shell,
+    name: "Setup SSH keys",
+    path: "provisioners/setup-ssh-key.sh",
+    privileged: false
+
   config.vm.provision :shell,
     name: "Cleanup tasks",
     inline: <<~SHELLEND

kde-automation-notes.md

@@ -1,26 +0,0 @@
-Most of the settings in the Settings panel can be managed with kwriteconfig5
-
-Example:
-
-/usr/bin/kwriteconfig5 --file "/home/douge/.config/kwinrc" --group "TouchEdges" --key "Bottom" "None"
-
-or
-
-/usr/bin/kwriteconfig5 --file "/home/douge/.config/plasmarc" --group "KDE" --key "name" "breeze-dark"
-
-You have to know where the config item is stored and what it's named. Some of the application settings are stored in other files that can be manipulated with dconf.
-
-I really had to experiment to see what settings modified what files and how that setting was set. It was trial and error, checking what files were updated when I changed a setting by sorting files in ~/.config by changed date and then looking at that file.
-
----
-
-https://gist.github.com/Zren/d39728991f854c0a5a6a7f7b70d4444a
-
----
-
-https://zren.github.io/kde/
-
----
-
-kwriteconfig5
-kreadconfig5

provisioners/install-apt-packages.sh

@@ -4,8 +4,7 @@
 # A list of packages to install
 apt_packages=(
   # Docker setup
-  "docker"
+  "docker.io"
-  "docker-compose"
 
   # General utilities
   "dos2unix"
@@ -14,6 +13,7 @@ apt_packages=(
   "vim"
   "expect"
   "jq"
+  "xclip"
 
   # For encryption in git
   "git-crypt"
@@ -23,7 +23,6 @@ apt_packages=(
 install_apt_packages()
 {
   export DEBIAN_FRONTEND="noninteractive"
-  apt-get update
   if [ "${apt_packages[*]}" ]; then
     apt-get -qy install "${apt_packages[@]}"
   fi

provisioners/install-firefox.sh

@@ -1,8 +1,8 @@
 #!/usr/bin/env bash
-# Install firefox as a deb instead of a snap
+# Reference:https://askubuntu.com/questions/1399383/how-to-install-firefox-as-a-traditional-deb-package-without-snap-in-ubuntu-22
-# Reference: https://askubuntu.com/questions/1399383/how-to-install-firefox-as-a-traditional-deb-package-without-snap-in-ubuntu-22
+# Install firefox as a .deb
 
-add-apt-repository ppa:mozillateam/ppa
+add-apt-repository -y ppa:mozillateam/ppa
 
 echo '
 Package: *
@@ -15,6 +15,8 @@ Pin-Priority: -1
 ' | tee /etc/apt/preferences.d/mozilla-firefox
 
 snap remove firefox
-apt install firefox
+apt install -y --allow-downgrades firefox
+
 
 echo 'Unattended-Upgrade::Allowed-Origins:: "LP-PPA-mozillateam:${distro_codename}";' | tee /etc/apt/apt.conf.d/51unattended-upgrades-firefox
+#TODO: Fix root certificate trust issues

provisioners/install-kde-minimal.sh

@@ -1,19 +0,0 @@
-#!/usr/bin/env bash
-
-# Ensure that no interactive prompts are used
-export DEBIAN_FRONTEND=noninteractive
-
-# Additional pacakges to ensure a nice experience
-additional_packages=(
-  konsole
-  #firefox
-  pinentry-gtk2
-  pinentry-qt
-  policykit-desktop-privileges
-)
-apt-get install -qy "${additional_packages[@]}" || exit 1
-
-# Install a minimal kubuntu desktop
-# apt-get install --no-install-recommends -qy sddm || exit 1
-# apt-get install --no-install-recommends -qy kubuntu-desktop || exit 1
-apt-get install -qy kubuntu-desktop || exit 1

provisioners/install-nix-packages-flakes.sh

@@ -0,0 +1,90 @@
+#!/usr/bin/env bash
+# Installs packages to the nix profile using nix profile
+# Reference: https://nixos.org/manual/nixpkgs/stable/#sec-declarative-package-management
+
+set -ex
+
+nix_packages=(
+  # Personal tools
+  "vimHugeX"
+  "ranger"
+  "jq"
+  "yq"
+
+  "pass"
+  "gnupg"
+
+  # Professional tools
+  "kubernetes-helm"
+  "vault"
+  "kubectl"
+  "rancher"
+  "terraform"
+  "terragrunt"
+  "skopeo"
+  "awscli2"
+)
+
+
+mkdir -p ~/.config/nixpkgs/
+templated_insert=$(for nix_package in ${nix_packages[@]}; do echo "                $nix_package"; done)
+
+
+# Reference: https://discourse.nixos.org/t/nix-profile-in-combination-with-declarative-package-management/21228/9
+cat << EOF > ~/.config/nixpkgs/flake.nix
+{
+  description = "A declarative system installation";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05"; # also possible: `nixos-unstable`
+  };
+
+  outputs = { self, nixpkgs }:
+    let
+      supportedSystems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
+
+      # Generate a user-friendly version number.
+      version = builtins.substring 0 8 self.lastModifiedDate;
+
+      # Helper function to generate an attrset '{ x86_64-linux = f "x86_64-linux"; ... }'.
+      forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
+
+      # Nixpkgs instantiated for supported system types.
+      nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; });
+    in {
+      packages = forAllSystems (system:
+        let
+          pkgs = nixpkgsFor.\${system};
+        in {
+          default = self.packages.\${system}.myPackageCollection;
+          myPackageCollection = # libs and clis
+            let
+              pkgs = nixpkgs.legacyPackages.\${system}; # here we need just legacy packages
+            in pkgs.buildEnv {
+              name = "myPackages";
+              paths = with pkgs; [
+${templated_insert}
+              ];
+
+               extraOutputsToInstall = [ "man" "doc" ];
+            };
+        }); # packages
+    }; # outputs
+}
+EOF
+
+install_nix_packages()
+{
+  # The name of the package we are going to install, needed to check for presence/uninstall
+  package_name=packages.x86_64-linux.myPackageCollection
+  if [ "${nix_packages[*]}" ]; then
+    if nix profile list | cut -d' ' -f 2 | grep -q "${package_name}"; then
+      echo "Removing previous version of profile"
+      nix profile remove "${package_name}"
+    fi
+    echo "Installing profile"
+    nix profile install "${HOME}/.config/nixpkgs/flake.nix#myPackageCollection"
+  fi
+}
+
+install_nix_packages

provisioners/install-nix.sh

@@ -11,108 +11,7 @@ if [ -d /nix ]; then
 fi
 
 # Download the Nix installer and it's signature from NixOS.org
-curl -so install-nix https://releases.nixos.org/nix/nix-2.3.6/install
+curl -so install-nix https://releases.nixos.org/nix/nix-2.13.3/install
-curl -so install-nix.asc https://releases.nixos.org/nix/nix-2.3.6/install.asc
-
-# Verify the signature matches Eelco Dolstra's
-# Fetching from keyservers fails and is somewhat unreliable.
-# To avoid intermittent failures we have written the key out in this file
-gpg --import <<ENDOFKEY
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQENBFZu2zwBCADfatenjH3cvhlU6AeInvp4R0JmPBG942aghFj1Qh57smRcO5Bv
-y9mqrX3UDdmVvu58V3k1k9/GzPnAG1t+c7ohdymv/AMuNY4pE2sfxx7bX+mncTHX
-5wthipn8kTNm4WjREjCJM1Bm5sozzEZetED3+0/dWlnHl8b38evnLsD+WbSrDPVp
-o6M6Eg9IfMwTfcXzdmLmSnGolBWDQ9i1a0x0r3o+sDW5UTnr7jVP+zILcnOZ1Ewl
-Rn9OJ4Qg3ULM7WTMDYpKH4BO7RLR3aJgmsFAHp17vgUnzzFBZ10MCS3UOyUNoyph
-xo3belf7Q9nrHcSNbqSeQuBnW/vafAZUreAlABEBAAG0IkVlbGNvIERvbHN0cmEg
-PGVkb2xzdHJhQGdtYWlsLmNvbT6InAQQAQgABgUCVm7eGwAKCRB5/zQyg4B3jR4v
-A/0Qf7NWJNunUMj4BfpYK1qHdJjokdQOFKCfH98cRdqnvfp5c+U28fvAMzqpK0/x
-Y5Swx9Jy22rQzQ6gCszaAI7kf7WoHNYvvmsoex/BbMG/L8DA4tQhZ9rfOe1AXZpj
-7G8vbAvKXM4ozjRo6XIuifuNfPljHa4R/K78YkaZcA5D4IkBMwQQAQgAHRYhBKC+
-D73SopwhJ3qjxjb4RxTmmVkGBQJcSIjTAAoJEDb4RxTmmVkGNo4H/3G3LcMr1zje
-8uqTpxedZZrCRIc2JfsC9Q4UDYBmjwPWDe6DbBXi2gqQ5dmMFR9PVnAKRfJgySAw
-U2ebOqFRmJpRPfIgMjkitoJhk9ON/0qHUQjJPWgagnjeY85FcgNJdmy1CiOiCsDB
-T4qzPlIVDta1W5oc40nxDRQKLhe4wvEo+cqgzXYHO5fFu0FqWLRqhr6Z+Frq7qGA
-shEFKQeV6YwXEW/wVrjYOZSmi91HwsnDbM9shBrxJvE6byUd5uCMbx4d1tBZLG0X
-tlbuLOQ1SRBk4MOqzigqTR/Iw7Mu0kby/OQROcinSU5C/QwKsQq0mr6he1JrBq5k
-NCQZUwYiw9aJATkEEwEIACMFAlZu2zwCGyMHCwkIBwMCAQYVCAIJCgsEFgIDAQIe
-AQIXgAAKCRCBcLRybXGY3qwgCACJ6XE7zMlESoSQDbG52D+jh71mU1ndfU29jw7M
-kf+qUHZKbAqrCJ+G1sLUrS5q9cDt5rF213bOsj5irsiihTK/uO4yMdNmEtwVtHmJ
-WRDgx+kmZ4dcn8KFgrEPmYyP8LdZsJn3WgJI1nojKLl+9CP/r3U4Lir7L/Y0RRw4
-jwPxzDxcodsq1x4Vhz6dmZ06/dlms1NI3+SzMZWI00sqCek90NU+0un6+Ne1uaK2
-IUbYcv9Z9sn7caHZivVXLc711Yof757UCYi/tZaqZSNEVWmoL/Cvv8EtpJxZPxYo
-Xm+SyFSCrwTPX9y6LOyCzfBAhlaBcpArmeO/CdsqD5maH+4ZiQE8BBMBCAAmAhsj
-BwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AFAlZu3rQCGQEACgkQgXC0cm1xmN6u
-dQf/eqreNbZnA0s64/1E5TuqxK31ucxb1bCU2feQ7sLvO7fw1YcOZSgUHIwC6lXX
-bn8NZzM8jf7UjjFQ1vMXuMDBHXFOPkADMzV/NHp7sop7MNYJcXy3CtPlW076jSH8
-NLBtzIz6jbOnCtlUXzByuKWiY8rQVSArMzV/U34y8iKSiqEkqNb6p0+Oyw2eRiDM
-u5fQrNrDv66kB0j3Ee/cs/JvLWx6QwxDGZiXpJXJCj9kKIqpx4iL5YrA8S3JWJ1J
-jWj3Wjf3/vqmc+WKr7tZ/rDVAQOXi2mR+uFMtksLQAcTtyTyfJ0NvkhWe6HBZuBn
-Hb+GjPlK2vUun7zPdbRCacgEDokCHAQQAQoABgUCWsw9ZwAKCRD3SmDrBaUamKRp
-D/wKs2v+l0MB7BedrbuzGiU9p0NvZpHryt6gwwDZHO+dMnPqlUU9Qf4ZsMxyQz/k
-1rdUsI5ScSXqunXdthwqiZYuBsP2L2+48/gUzjZk971+BbWGp+ekrYKNgdtAIXLN
-HJJw6gJEjaDB3uS0D3s+UkCtCovDvwhzrbfVpJtBI52oJ/jSSU5LGMBXIj7s+HdN
-V1AZ7qs7o5Hp8ifpuyPYoNyyJyKzK4MnT3sDMPWuyR/dfpmuAoCrBPNky6tsDQwV
-117iHfxsL0AwM+lFpEgMPAlDONfMWuDdL8F85ODXVUE3IPXO12C+nhyO88BuUz3/
-jO1GYZDm2FM3ZMWN2Dtm3tEKJvD+D775ZPNgC5v5qFMNXy7M696XZqsHgfi4QJyI
-wQJTumCt2E0MpqDuWGOfFmq5dZxRooxPiruDviu05hdQMaWy+ulK3vD//9jXQycJ
-qC6h5DKDH12o6hSApRxAhxxQ4Jyejmt/41IdamMHO0yCYG3nwTOrDx8ftBGAbCaD
-2s/sjZ2hovok6y8XbBYJAtJYGsj+ykjfawV26Ghhf7c7JCXTyNWBXTNCMFIK9cA0
-9Nr387IPaSjwJVBxts0FYShwSOcBF8mddEBdKNhA0fouHiuLqm3URvZ5p6DCOv3E
-MwF6KCQR1R2gCAscBrAk00Sjji9BIirLhVP7Xn8y69JJFLQmRWVsY28gRG9sc3Ry
-YSA8ZWVsY28uZG9sc3RyYUB0d2VhZy5pbz6JAU4EEwEIADgWIQS1QdVTAScOC88V
-yl2BcLRybXGY3gUCXELt4gIbIwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRCB
-cLRybXGY3ujFCADfS5D1xHU8KH6TpqgssSggYVq62Wwn/Ga+4XPPetM+ajcXagyH
-6SwBmxlHICcnv9xC93ryiTI10P1ADJl+aBsI66wEdHBU+ty4RTDy4JZNUPtmRCk9
-LhScmtUO3ry/wtWkRLdJxP49hg7BbQvWoU0M6WODp7SJjPKPWNX64mzHBeOuy+Dq
-GCbMlpGNCvW8ahU/ewbm7+xwWmzqLDoWzXjHsdF4QdzMVM/vkAgWEP4y0wEqFASz
-IYaRGNEkBWU4OQVq5Bdm9+wWWAgsbM0FJAQl0GDqnz4QxWzxxCAAXdbh9F5ffafW
-YsA9bise4ZQLkvYo6iUnrcFm4dtZbT8iL3gptCtFZWxjbyBEb2xzdHJhIDxlZWxj
-by5kb2xzdHJhQGxvZ2ljYmxveC5jb20+iJwEEAEIAAYFAlZu3tMACgkQef80MoOA
-d40rOAP8D2ldRiSL4qSfpcx5NNlurxuYtDSBvk9y4FCO1FpWba3m2KPTWfvRiUKg
-f92f76U2ipjT/rkwZsMkfb+fvHjb2I8f7n6rjfrQBjK/WZEsVzOztN/2Ygdj0zbp
-tBHzPFtNzW4mkwDcksnMdYaoD9Vs2AY5cu722GoWRRfTl4ilLWSJATMEEAEIAB0W
-IQSgvg+90qKcISd6o8Y2+EcU5plZBgUCXEiI0wAKCRA2+EcU5plZBko6B/9Lc6WC
-yQN30V71BwlK160CHBp5xcNBxa3xLmYtH4Vvtj4/kSCFnSQtq2E8WJyiWrNawt7i
-Xiz5xmp5HJS0Oxo2GnqcHUU11fImJnWJ09n1rCU02KPBv9dYtNpExj6/g4ZsqK/W
-3hEGcuAxKimAqkwBIllVGuC44SLeZbVTdxvyk4NcVE75tAgU6sXb5MlD3cqarQrC
-0duVwV8g9RoQIOYzT5r8NOvHz8MIbnNcRkxSniPU2GL+5sVR0Dd41fH6lXfTotZX
-vrsH6FTDOcVsffu6gfQBjC05eyNUomfCYRrHMLjDD6ysFdBSJSfl8DsrSIXZhf9v
-Mzu/7FfBaHCCEMORiQE5BBMBCAAjBQJWbt6nAhsjBwsJCAcDAgEGFQgCCQoLBBYC
-AwECHgECF4AACgkQgXC0cm1xmN4b/wf8DApMV/jSPEpibekrUPQuYe3Z8cxBQuRm
-/nOPowtPEH/ShAevrCdRiob2nuEZWNoqZ2e5/+6ud07Hs9bslvcocDv1jeY1dof1
-idxfKhH3kfSpuD2XJhuzQBxBqOrIlCS/rdnW+Y9wOGD7+bs9QpcAIyAeQGLLkfgg
-AxaGYQ2Aev8pS7i3a/+lOWbFhcTe02I49KemCOJqBorG5FfILLNrDjO3EoutNGpu
-z6rZvc/BlymphWBoAdUmxgoObr7NYWgw9pI8WeE6C7bbSOO7p5aQspWXU7Hm17Dk
-zsVDpaJlyClllqK+DdKza5oWlBMe/P02jD3Y+0P/2rCCyQQwmH3DRYkCHAQQAQoA
-BgUCWsw9ZwAKCRD3SmDrBaUamFCJD/98oKmaADKaJbWprP9Jffh1YpgkGHUekIZ9
-480dl/LaupeZnjEIuzbg8VR9+6g+Z+obTZWLtP84+NxjpgI5R/4yJBueGMMhRkUK
-aUT5ict75cmwh4q+wCQMhxdHHJYW8Q91wKLA3XpHUkFH+KE37gREgSf8KReuhOPy
-J1PnOhF2u5UJrHWxEhhf++q1Vy+f66dGEetEpoM3xkZEHyqmZ3cnfg9DXsTmfD2m
-CnUBJ72xqVn1c9f1Sl9AML4eBKhjJyYllOBQTxE7tnlWz2YOXQAv6LTsIo8Zdg4/
-qaRwcGcDEfNUr47ZKhgugfZCmxV3maaOo2W0Zta/QrG/GZ2DkqI/+Mc84lD+1FBV
-cIXXY9qNe26KIshJi3jVRGVLN/uQ74KBJNUHMNAuRORhJbul4w9hep107TY9MBei
-aQf7dz3vKPzFWEEI+pkYnmRX70twBu4iJE832p+ExzjBaD/RuHQEJOA0qsf9RwES
-MGo2KQYx8kmujGwIvnMHaDIAdHl21YLwo1TJdXjaXA+1sZdZjinvm242F15nHu0a
-3pjwf+U6Al1+RL1261cnHIj1pyhcmO9ZeXvpauXQyW+qsmylUcbsZ5nAZDu+9/u1
-Cvrzuy1Q/H+QaF4XY45hjptj90YpLHonuidSgO8LJBZ2zAcgLEnid4BUWF9mIpPS
-vToa0E4+j7kBDQRWbts8AQgA0g556xc08dH5YNEjbCwEt1j+XoRnV4+GfbSJIXOl
-9joIgzRC4IaijvL8+4biWvX7HiybfvBKto0XB1AWLZRC3jWKX5p74I77UAcrD+VQ
-/roWQqlJBKbiQMlRYEsj/5Xnf72G90IP4DAFKvNl+rLChe+jUySA91BCtrYoP75S
-w1BE9CyzxEtm4WUzKAJdXI+ZTBttA2Nbqy+GSuzBs7fSKDwREJaZmVrosvmns+pQ
-VG4WPWf40l4mPguDQmZ9wSWZvBDkpG7AgHYDRYRGkMbAGsVfc6cScN2VsSTa6cbe
-eAEowKxMqx9RbY3WOq6aKAm0qDvow1nl7WwXwe8K0wQxfQARAQABiQEfBBgBCAAJ
-BQJWbts8AhsMAAoJEIFwtHJtcZjeuAAH/0YNz2Qe1IAEO5oqEZNFOccL4KxVPrBh
-WUen83/bC6PjOnOqv6q5ztAcms88WIKxBlfzIfq+dzJcbKVS/H7TEXgcaC+7EYW8
-sJVEsipNBtEZ3LQNJ5coDjm7WZygniah1lfXNuiritAXduK5FWNNndqGArEaeZ8S
-hzdo/Uyib9lOsBIL6xc2ZcnX5f+rTu02LCEtEb0FwCycZLEWYf8hG4k8uttIOZOC
-+CLk/k8dkBmPikMwUVTTV0CdT1cemQKdTaoAaK+kurF6FYXwcnjhRlHrisSt/tVM
-EwTw4LUM3MYf6qfjjvE4HlDwZal8th7ccoQp/flfJIuRv85xCcKK+PI=
-=oCTu
------END PGP PUBLIC KEY BLOCK-----
-ENDOFKEY
-gpg --verify ./install-nix.asc
 
 # Run the installer
 sh ./install-nix
@@ -126,4 +25,10 @@ fi
 EOF
 
 # Remove the installer and signature
-rm -f ./install-nix{,.asc}
+rm -f ./install-nix
+
+# Enable flakes and the nix command
+mkdir -p ~/.config/nix
+cat <<EOF > ~/.config/nix/nix.conf
+experimental-features = flakes nix-command
+EOF

provisioners/install-xfce-minimal.sh

@@ -3,13 +3,17 @@
 # Ensure that no interactive prompts are used
 export DEBIAN_FRONTEND=noninteractive
 
+apt-get update
+# Necessary starting in jammy jellyfish
+apt-get install -qy tasksel
+tasksel install xubuntu-desktop
+
 # Additional pacakges to ensure a nice experience
 additional_packages=(
   xfce4
   xfce4-terminal
   xfce4-whiskermenu-plugin
   menulibre
-  firefox
   pinentry-gtk2
   policykit-desktop-privileges
 )

provisioners/setup-ssh-key.sh

@@ -0,0 +1,69 @@
+#!/usr/bin/env bash
+# This script allows SSH keys to be stored off the vagrant machine in a persistent directory and consistently restored
+
+# These key location were chosen based off of current practices by the PV team
+key_locations=(
+  "/media/data"
+  "/media/data/keys"
+)
+preferred_key_location=${key_locations[1]}
+
+# These key types and their order are based on the order in which ssh will try to use them
+key_types=(
+  "id_rsa"
+  "id_dsa"
+  "id_ecdsa"
+  "id_ed25519"
+)
+
+# The place where ssh keys are ultimately place
+key_destination=/home/vagrant/.ssh
+mkdir -p ${key_destination}
+
+# Track if a key has been found
+key_found=""
+for location in "${key_locations[@]}"; do
+  for key in "${key_types[@]}"; do
+    pubkey="${key}.pub" # Check for public keys too
+
+    if [ -r "${location}/${key}" ] && [ -r "${location}/${pubkey}" ]; then
+      key_found="true"
+      key_path=${location}/${key}
+      pub_key_path=${location}/${pubkey}
+    fi
+
+    # Copy keys and append public key to authorized keys
+    if [ "${key_path}" ] && [ "${pub_key_path}" ]; then
+     cp "${key_path}" ~vagrant/.ssh/
+     cp "${pub_key_path}" ~vagrant/.ssh/
+     chmod 600 ~vagrant/.ssh/"$(basename "${pub_key_path}")" ~vagrant/.ssh/"$(basename "${key_path}")"
+     public_key=$(cat "${pub_key_path}")
+     if grep -q "${public_key}" ~vagrant/.ssh/authorized_keys; then
+       echo "Public key was found in authorized_keys file, skipping addition of this key..."
+     else
+       echo "Public key was not found in authorized_keys file, adding this key..."
+       cat "${pub_key_path}" >> ~vagrant/.ssh/authorized_keys
+     fi
+    fi
+  done
+  if [ ${key_found} ]; then
+    break
+  fi
+done
+
+# If no key is found, generate a passwordless rsa key and move it to /d/keys
+if [ ! ${key_found} ]; then
+  echo "No key found in known key locations."
+  echo "Creating ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub and copying to /d/keys"
+  ssh-keygen -b 4096 -f ~vagrant/.ssh/id_rsa -N ""
+  if [ -r "${preferred_key_location}" ]; then
+    mkdir -p ${preferred_key_location}
+    cp ~vagrant/.ssh/id_rsa ${preferred_key_location}
+    cp ~vagrant/.ssh/id_rsa.pub ${preferred_key_location}
+    cat ~vagrant/.ssh/id_rsa.pub >> ~vagrant/.ssh/authorized_hosts
+  else
+    echo "The preferred directory '${preferred_key_location}' directory doesn't exist."
+    echo "Something must be real messed up, bailing out"
+    exit 1
+  fi
+fi