Add packaging for vagrant box and cleanup step

debian-13/Makefile

@@ -1,10 +1,9 @@
-.PHONY: install clean
+.PHONY: default base vagrant clean
 
 HEADLESS ?= true
 
-default: install
+default:
-
+	@echo "Please run 'make base' or 'make vagrant'"
-install: base
 
 base:
 	PKR_VAR_headless="$(HEADLESS)" packer build x86_64-qemu-base.pkr.hcl
@@ -12,5 +11,8 @@ base:
 vagrant:
 	PKR_VAR_headless="$(HEADLESS)" packer build x86_64-qemu-vagrant.pkr.hcl
 
+package:
+	./scripts/package.sh
+
 clean:
 	rm -rf ./builds

debian-13/README.md

@@ -1,24 +1,34 @@
 # Debian Trixie Builds
 
 This directory contains Packer configuration for building Debian 13 (Trixie)
-images
 
-## Usage
+### Overview
 
-Build the image:
+These builds use a multi-stage Packer workflow:
 
-```
+- The first stage creates a minimal base image from the installer ISO
-make
+- The second stage reuses that base image to produce a Vagrant-ready box
-```
 
-Remove build artifacts:
+### Usage
 
-```
+Build the base qemu image:
-make clean
-```
 
-Build with a visible VM console for debugging:
+    make base
 
-```
+Build vagrant image:
-make HEADLESS=false
+
-```
+    make vagrant
+
+Package vagrant box:
+
+    make package
+
+Build with visible console:
+
+    make base HEADLESS=false
+
+### Publishing
+
+Built boxes from this configuration are published at
+[krislamo.org/debian13](https://portal.cloud.hashicorp.com/vagrant/discover/krislamo.org/debian13)
+on Vagrant Cloud

debian-13/scripts/clean.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+set -eux
+
+export DEBIAN_FRONTEND=noninteractive
+apt-get clean -y
+apt-get autoclean -y
+rm -f /var/lib/dhcpcd/*
+rm -rf /var/cache/apt/archives/*
+rm -rf /var/lib/apt/lists/*
+rm -rf /var/tmp/* /var/tmp/.[!.]*
+
+truncate -s 0 /var/log/wtmp
+
+dd if=/dev/zero of=/EMPTY bs=1M || true
+sync
+rm -rf /EMPTY

debian-13/scripts/networkd.sh

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+install -d -m 755 -o root -g root /etc/systemd/network
+cat > /etc/systemd/network/lan0.network << 'EOF'
+[Match]
+Name=e*
+Type=ether
+
+[Network]
+DHCP=ipv4
+EOF
+
+chown root:root /etc/systemd/network/lan0.network
+chmod 644 /etc/systemd/network/lan0.network
+
+mv /etc/network/interfaces /etc/network/interfaces.save
+mv /etc/network/interfaces.d /etc/network/interfaces.d.save
+systemctl enable systemd-networkd
+systemctl disable networking

debian-13/scripts/package.sh

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+set -xu
+
+IMG_DIR="./builds/qemu/debian-13-64-vagrant"
+if [ ! -f "$IMG_DIR/debian-13-64-vagrant" ]; then
+	echo "[ERROR]: debian-13-64-vagrant doesn't exist"
+	exit 1
+fi
+
+cat > "$IMG_DIR/metadata.json" <<EOF
+{"provider":"libvirt","format":"qcow2","virtual_size":100}
+EOF
+
+cat > "$IMG_DIR/Vagrantfile" <<'EOF'
+Vagrant.configure("2") do |config|
+  config.vm.synced_folder ".", "/vagrant", type: "nfs", nfs_version: 4
+end
+EOF
+
+mkdir -p ./builds/vagrant
+
+if [ ! -f ./builds/vagrant/box.img ]; then
+	cp -l $IMG_DIR/debian-13-64-vagrant \
+		$IMG_DIR/box.img
+fi
+
+if [ ! -f ./builds/vagrant/debian-13-64-vagrant.box ]; then
+	tar -C "$IMG_DIR" -cvzf ./builds/vagrant/debian-13-64-vagrant.box \
+		box.img metadata.json Vagrantfile
+	exit 0
+fi
+
+echo "[ERROR]: debian-13-64-vagrant.box already exists"
+exit 1

debian-13/scripts/vagrant.sh

@@ -3,9 +3,9 @@ set -eu
 
 export DEBIAN_FRONTEND=noninteractive
 apt-get update
-apt-get install -y openssl curl sudo
+apt-get install -y qemu-guest-agent nfs-common openssl curl sudo vim
 
-useradd -m -p "$(openssl passwd -1 vagrant)" vagrant
+useradd -m -s /bin/bash -p "$(openssl passwd -1 vagrant)" vagrant
 
 echo "vagrant ALL=(ALL) NOPASSWD:ALL" >/etc/sudoers.d/vagrant
 chmod 440 /etc/sudoers.d/vagrant
@@ -15,6 +15,7 @@ BASE_GH_URL="https://raw.githubusercontent.com/hashicorp/vagrant/refs/heads"
 curl -fsSL "${BASE_GH_URL}/main/keys/vagrant.pub" \
 	-o /home/vagrant/.ssh/authorized_keys
 chmod 600 /home/vagrant/.ssh/authorized_keys
+chown vagrant:vagrant /home/vagrant/.ssh/authorized_keys
 
 sed -i 's/PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
 passwd -d root

debian-13/x86_64-qemu-base.pkr.hcl

@@ -69,7 +69,9 @@ build {
 
   provisioner "shell" {
     scripts = [
-      "scripts/aptupdate.sh",
+      "scripts/upgrade.sh",
+      "scripts/networkd.sh",
+      "scripts/clean.sh"
     ]
   }
 }

debian-13/x86_64-qemu-vagrant.pkr.hcl

@@ -39,7 +39,7 @@ source "qemu" "debian-13-64-vagrant" {
   ssh_username      = "root"
   ssh_password      = var.ssh_password
   ssh_timeout       = "60m"
-  vm_name           = "debian-13-64-base"
+  vm_name           = "debian-13-64-vagrant"
   net_device        = "virtio-net"
   boot_wait         = "5s"
 }
@@ -50,7 +50,8 @@ build {
 
   provisioner "shell" {
     scripts = [
-      "scripts/vagrant.sh"
+      "scripts/vagrant.sh",
+      "scripts/clean.sh"
     ]
   }
 }