lessmost · December 18, 2020 09:54 · dgambo · Dec 18, 2020
diff --git a/Vagrantfile b/Vagrantfile
 # -*- mode: ruby -*-
 # vi: set ft=ruby :

 # Forked from https://gist.github.com/gabrielelana/9189eab5df963deba30f
 # Works with Vagrant 2.2.7 (trigger)

 # After the first `vagrant up` stop the VM and execute the following steps
 # Take the identifier of the storage you want to encrypt
 # > HDD_UUID=`VBoxManage showvminfo <VM_NAME> | grep 'SATA.*UUID' | sed 's/^.*UUID: \(.*\))/\1/'`
 # Store your usernname (whitespaces are not allowed) in a variable
 # > USERNAME="<YOUR_USER_NAME_WITHOUT_WHITESPACES>"
 # Encrypt the storage, enter the password when asked
 # > VBoxManage encryptmedium $HDD_UUID --newpassword - --newpasswordid $USERNAME --cipher "AES-XTS256-PLAIN64"
 # Store the username in a file named .password_id
 # > echo $USERNAME > .password_id
 # Now, the next time you start the VM you'll be asked for the same password

 # .password
 PASSWORD_PATH = ".password" 
 # .password_id
 PASSWORD_ID_PATH = ".password_id"

 # All Vagrant configuration is done below. The "2" in Vagrant.configure
 # configures the configuration version (we support older styles for
 # backwards compatibility). Please don't change it unless you know what
 # you're doing.
 Vagrant.configure("2") do |config|
  # The most common configuration options are documented and commented below.
  # For a complete reference, please see the online documentation at
  # https://docs.vagrantup.com.

  # Every Vagrant development environment requires a box. You can search for
  # boxes at https://vagrantcloud.com/search.
  config.vm.box = "archlinux/archlinux"

  # Disable automatic box update checking. If you disable this, then
  # boxes will only be checked for updates when the user runs
  # `vagrant box outdated`. This is not recommended.
  # config.vm.box_check_update = false

  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine. In the example below,
  # accessing "localhost:8080" will access port 80 on the guest machine.
  # NOTE: This will enable public access to the opened port
  # config.vm.network "forwarded_port", guest: 80, host: 8080

  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine and only allow access
  # via 127.0.0.1 to disable public access
  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"

  # Create a private network, which allows host-only access to the machine
  # using a specific IP.
  # config.vm.network "private_network", ip: "192.168.33.10"

  # Create a public network, which generally matched to bridged network.
  # Bridged networks make the machine appear as another physical device on
  # your network.
  # config.vm.network "public_network"

  # Share an additional folder to the guest VM. The first argument is
  # the path on the host to the actual folder. The second argument is
  # the path on the guest to mount the folder. And the optional third
  # argument is a set of non-required options.
  # config.vm.synced_folder "../data", "/vagrant_data"

  # Provider-specific configuration so you can fine-tune various
  # backing providers for Vagrant. These expose provider-specific options.
  # Example for VirtualBox:
  #
  # config.vm.provider "virtualbox" do |vb|
  #   # Display the VirtualBox GUI when booting the machine
  #   vb.gui = true
  #
  #   # Customize the amount of memory on the VM:
  #   vb.memory = "1024"
  # end
  #
  # View the documentation for the provider you are using for more
  # information on available options.

  # Enable provisioning with a shell script. Additional provisioners such as
  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
  # documentation for more information about their specific syntax and use.
  # config.vm.provision "shell", inline: <<-SHELL
  #   apt-get update
  #   apt-get install -y apache2
  # SHELL

  config.trigger.before :up do |trigger|
    trigger.info = "Log: Running before up trigger..."
    trigger.ruby do |env,machine|
      if File.exists?(PASSWORD_ID_PATH)
        unless File.exists?(PASSWORD_PATH)
          password_id = File.read(PASSWORD_ID_PATH).strip
          print "The VM is encrypted, please enter the password\n#{password_id}: "
          password = STDIN.noecho(&:gets).strip
          File.write(PASSWORD_PATH, password)
          puts ""
        end
      end
    end
  end

  config.trigger.after :up do |trigger|
    trigger.info = "Log: Running after up trigger..."
    trigger.ruby do |env,machine|
      File.delete(PASSWORD_PATH) if File.exists?(PASSWORD_PATH)
    end
  end

  config.trigger.after :destroy do |trigger|
    trigger.info = "Log: Running after destroy trigger..."
    trigger.ruby do |env,machine|
      File.delete(PASSWORD_ID_PATH) if File.exists?(PASSWORD_ID_PATH)
    end
  end

  config.vm.provider :virtualbox do |vb|
    # vb.name = "secure"
    vb.gui = false

    if File.exists?(PASSWORD_ID_PATH)
      password_id = File.read(PASSWORD_ID_PATH).strip
      vb.customize "post-boot", ["controlvm", :id, "addencpassword", password_id, PASSWORD_PATH, "--removeonsuspend", "yes"]
    end
  end
 end
	# -- mode: ruby --
	# vi: set ft=ruby :

	# Forked from https://gist.github.com/gabrielelana/9189eab5df963deba30f
	# Works with Vagrant 2.2.7 (trigger)

	# After the first `vagrant up` stop the VM and execute the following steps
	# Take the identifier of the storage you want to encrypt
	# > HDD_UUID=`VBoxManage showvminfo <VM_NAME> \| grep 'SATA.UUID' \| sed 's/^.UUID: \(.*\))/\1/'`
	# Store your usernname (whitespaces are not allowed) in a variable
	# > USERNAME="<YOUR_USER_NAME_WITHOUT_WHITESPACES>"
	# Encrypt the storage, enter the password when asked
	# > VBoxManage encryptmedium $HDD_UUID --newpassword - --newpasswordid $USERNAME --cipher "AES-XTS256-PLAIN64"
	# Store the username in a file named .password_id
	# > echo $USERNAME > .password_id
	# Now, the next time you start the VM you'll be asked for the same password

	# .password
	PASSWORD_PATH = ".password"
	# .password_id
	PASSWORD_ID_PATH = ".password_id"

	# All Vagrant configuration is done below. The "2" in Vagrant.configure
	# configures the configuration version (we support older styles for
	# backwards compatibility). Please don't change it unless you know what
	# you're doing.
	Vagrant.configure("2") do \|config\|
	# The most common configuration options are documented and commented below.
	# For a complete reference, please see the online documentation at
	# https://docs.vagrantup.com.

	# Every Vagrant development environment requires a box. You can search for
	# boxes at https://vagrantcloud.com/search.
	config.vm.box = "archlinux/archlinux"

	# Disable automatic box update checking. If you disable this, then
	# boxes will only be checked for updates when the user runs
	# `vagrant box outdated`. This is not recommended.
	# config.vm.box_check_update = false

	# Create a forwarded port mapping which allows access to a specific port
	# within the machine from a port on the host machine. In the example below,
	# accessing "localhost:8080" will access port 80 on the guest machine.
	# NOTE: This will enable public access to the opened port
	# config.vm.network "forwarded_port", guest: 80, host: 8080

	# Create a forwarded port mapping which allows access to a specific port
	# within the machine from a port on the host machine and only allow access
	# via 127.0.0.1 to disable public access
	# config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"

	# Create a private network, which allows host-only access to the machine
	# using a specific IP.
	# config.vm.network "private_network", ip: "192.168.33.10"

	# Create a public network, which generally matched to bridged network.
	# Bridged networks make the machine appear as another physical device on
	# your network.
	# config.vm.network "public_network"

	# Share an additional folder to the guest VM. The first argument is
	# the path on the host to the actual folder. The second argument is
	# the path on the guest to mount the folder. And the optional third
	# argument is a set of non-required options.
	# config.vm.synced_folder "../data", "/vagrant_data"

	# Provider-specific configuration so you can fine-tune various
	# backing providers for Vagrant. These expose provider-specific options.
	# Example for VirtualBox:
	#
	# config.vm.provider "virtualbox" do \|vb\|
	# # Display the VirtualBox GUI when booting the machine
	# vb.gui = true
	#
	# # Customize the amount of memory on the VM:
	# vb.memory = "1024"
	# end
	#
	# View the documentation for the provider you are using for more
	# information on available options.

	# Enable provisioning with a shell script. Additional provisioners such as
	# Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
	# documentation for more information about their specific syntax and use.
	# config.vm.provision "shell", inline: <<-SHELL
	# apt-get update
	# apt-get install -y apache2
	# SHELL

	config.trigger.before :up do \|trigger\|
	trigger.info = "Log: Running before up trigger..."
	trigger.ruby do \|env,machine\|
	if File.exists?(PASSWORD_ID_PATH)
	unless File.exists?(PASSWORD_PATH)
	password_id = File.read(PASSWORD_ID_PATH).strip
	print "The VM is encrypted, please enter the password\n#{password_id}: "
	password = STDIN.noecho(&:gets).strip
	File.write(PASSWORD_PATH, password)
	puts ""
	end
	end
	end
	end

	config.trigger.after :up do \|trigger\|
	trigger.info = "Log: Running after up trigger..."
	trigger.ruby do \|env,machine\|
	File.delete(PASSWORD_PATH) if File.exists?(PASSWORD_PATH)
	end
	end

	config.trigger.after :destroy do \|trigger\|
	trigger.info = "Log: Running after destroy trigger..."
	trigger.ruby do \|env,machine\|
	File.delete(PASSWORD_ID_PATH) if File.exists?(PASSWORD_ID_PATH)
	end
	end

	config.vm.provider :virtualbox do \|vb\|
	# vb.name = "secure"
	vb.gui = false

	if File.exists?(PASSWORD_ID_PATH)
	password_id = File.read(PASSWORD_ID_PATH).strip
	vb.customize "post-boot", ["controlvm", :id, "addencpassword", password_id, PASSWORD_PATH, "--removeonsuspend", "yes"]
	end
	end
	end