# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure("2") do |config|
# Fedora box is used for testing cgroup v2 support
  config.vm.box = "fedora/34-cloud-base"
  config.vm.provider :virtualbox do |v|
    v.memory = 2048
    v.cpus = 2
  end
  config.vm.provider :libvirt do |v|
    v.memory = 2048
    v.cpus = 2
  end
  config.vm.provision "shell", inline: <<-SHELL
    set -e -u -o pipefail
    # Work around dnf mirror failures by retrying a few times
    for i in $(seq 0 2); do
      sleep $i
      cat << EOF | dnf -y shell && break
config exclude kernel,kernel-core
config install_weak_deps false
update
install iptables gcc make golang-go glibc-static libseccomp-devel bats jq git-core criu
ts run
EOF
    done
    dnf clean all

    # Add a user for rootless tests
    useradd -u2000 -m -d/home/rootless -s/bin/bash rootless

    # Allow root to execute `ssh rootless@localhost` in tests/rootless.sh
    ssh-keygen -t ecdsa -N "" -f /root/rootless.key
    mkdir -m 0700 -p /home/rootless/.ssh
    cat /root/rootless.key.pub >> /home/rootless/.ssh/authorized_keys
    chown -R rootless.rootless /home/rootless

    # Delegate cgroup v2 controllers to rootless user via --systemd-cgroup
    mkdir -p /etc/systemd/system/user@.service.d
    cat > /etc/systemd/system/user@.service.d/delegate.conf << EOF
[Service]
# default: Delegate=pids memory
# NOTE: delegation of cpuset requires systemd >= 244 (Fedora >= 32, Ubuntu >= 20.04).
Delegate=yes
EOF
    systemctl daemon-reload
  SHELL
end