From cbe05fc32912ef3591f66c9a963b36c8335ada20c985e32dcf9510ab98e7ee8a Mon Sep 17 00:00:00 2001
From: Johannes Kastl <opensuse_buildservice@ojkastl.de>
Date: Wed, 15 Oct 2025 14:31:53 +0200
Subject: [PATCH 1/3] kiwi-templates-Minimal/_multibuild: enable Vagrant flavor

---
 kiwi-templates-Minimal/_multibuild | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kiwi-templates-Minimal/_multibuild b/kiwi-templates-Minimal/_multibuild
index 18d0b3f..37cc4d0 100644
--- a/kiwi-templates-Minimal/_multibuild
+++ b/kiwi-templates-Minimal/_multibuild
@@ -4,6 +4,7 @@
   <flavor>kvm</flavor>
   <flavor>kvm-encrypt</flavor>
   <flavor>VMware</flavor>
+  <flavor>Vagrant</flavor>
   <flavor>MS-HyperV</flavor>
   <flavor>Cloud</flavor>
   <flavor>RaspberryPi</flavor>
-- 
2.51.1


From 1f36049f05e608897a6c9e7d54e443f3fb2d8095b743f5f1c274f1cac08131cb Mon Sep 17 00:00:00 2001
From: Johannes Kastl <opensuse_buildservice@ojkastl.de>
Date: Wed, 15 Oct 2025 14:31:53 +0200
Subject: [PATCH 2/3] kiwi-templates-Minimal/Minimal.kiwi: add Vagrant flavor

---
 kiwi-templates-Minimal/Minimal.kiwi | 42 +++++++++++++++++++++++++----
 1 file changed, 37 insertions(+), 5 deletions(-)

diff --git a/kiwi-templates-Minimal/Minimal.kiwi b/kiwi-templates-Minimal/Minimal.kiwi
index fae6642..d7db39e 100644
--- a/kiwi-templates-Minimal/Minimal.kiwi
+++ b/kiwi-templates-Minimal/Minimal.kiwi
@@ -13,6 +13,7 @@
         <profile name="kvm" description="Minimal for KVM" arch="aarch64"/>
         <profile name="kvm-encrypt" description="Minimal for KVM (Encrypted)" arch="aarch64"/>
         <profile name="VMware" description="Minimal for VMware" arch="x86_64"/>
+        <profile name="Vagrant" description="Minimal for Vagrant" arch="x86_64"/>
         <profile name="MS-HyperV" description="Minimal for Hyper-V" arch="aarch64,x86_64"/>
         <profile name="Cloud" description="Minimal for Cloud" arch="aarch64,x86_64"/>
         <profile name="RaspberryPi" description="Minimal for the Raspberry Pi" arch="aarch64"/>
@@ -133,6 +134,32 @@
             </machine>
         </type>
     </preferences>
+    <preferences profiles="Vagrant">
+        <version>16.0.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>openSUSE</bootsplash-theme>
+        <bootloader-theme>openSUSE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <type image="oem" filesystem="btrfs" format="vagrant" firmware="uefi" efipartsize="512" bootpartition="false" bootkernel="custom" devicepersistency="by-uuid" btrfs_quota_groups="true" btrfs_root_is_snapshot="true" bundle_format="%N-VM.%A-%I">
+            <bootloader name="grub2"/>
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <volume name="tmp"/>
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/i386-pc"/>
+                <volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">24</size>
+            <vagrantconfig provider="libvirt" virtualsize="24"/>
+            <machine memory="1024" HWversion="10" guestOS="sles-64">
+                <vmnic interface="0" driver="vmxnet3" mode="nat"/>
+            </machine>
+        </type>
+    </preferences>
     <preferences profiles="Cloud">
         <version>16.0.0</version>
         <packagemanager>zypper</packagemanager>
@@ -443,7 +470,7 @@
         <package name="grub2-s390x-emu" arch="s390x"/>
         <package name="blog" arch="s390x"/>
     </packages>
-    <packages type="image" profiles="kvm-and-xen,kvm-and-xen-sap,kvm-and-xen-encrypt,kvm,kvm-encrypt,VMware,VMware-sap,MS-HyperV,MS-HyperV-sap,RaspberryPi,s390x-kvm,s390x-dasd,s390x-fba,ppc64le-4096-raw,ppc64le-4096-qcow2">
+    <packages type="image" profiles="kvm-and-xen,kvm-and-xen-sap,kvm-and-xen-encrypt,kvm,kvm-encrypt,VMware,VMware-sap,Vagrant,MS-HyperV,MS-HyperV-sap,RaspberryPi,s390x-kvm,s390x-dasd,s390x-fba,ppc64le-4096-raw,ppc64le-4096-qcow2">
         <package name="btrfsprogs"/>
         <package name="btrfsmaintenance"/>
         <package name="snapper-zypp-plugin"/>
@@ -453,11 +480,11 @@
         <package name="firewalld"/>
         <package name="openSUSE-repos-Leap"/>
     </packages>
-    <packages type="image" profiles="kvm-and-xen,kvm-and-xen-sap,kvm-and-xen-encrypt,kvm,kvm-encrypt,VMware,VMware-sap,MS-HyperV,MS-HyperV-sap,Cloud,Cloud-sap">
+    <packages type="image" profiles="kvm-and-xen,kvm-and-xen-sap,kvm-and-xen-encrypt,kvm,kvm-encrypt,VMware,VMware-sap,Vagrant,MS-HyperV,MS-HyperV-sap,Cloud,Cloud-sap">
         <package name="shim" arch="aarch64,x86_64"/>
     </packages>
     <!-- Plain GRUB -->
-    <packages type="image" profiles="kvm-and-xen,kvm-and-xen-sap,kvm,VMware,VMware-sap,MS-HyperV,MS-HyperV-sap,Cloud,Cloud-sap,RaspberryPi,s390x-kvm,s390x-Cloud,s390x-dasd,s390x-dasd-Cloud,s390x-fba,s390x-fba-Cloud,ppc64le-4096-raw,ppc64le-4096-qcow2">
+    <packages type="image" profiles="kvm-and-xen,kvm-and-xen-sap,kvm,VMware,VMware-sap,Vagrant,MS-HyperV,MS-HyperV-sap,Cloud,Cloud-sap,RaspberryPi,s390x-kvm,s390x-Cloud,s390x-dasd,s390x-dasd-Cloud,s390x-fba,s390x-fba-Cloud,ppc64le-4096-raw,ppc64le-4096-qcow2">
         <package name="grub2"/>
         <package name="grub2-branding-openSUSE" arch="aarch64,x86_64"/>
         <package name="grub2-arm64-efi" arch="aarch64"/>
@@ -467,7 +494,7 @@
         <package name="grub2-powerpc-ieee1275" arch="ppc64le"/>
     </packages>
     <!-- GRUB + btrfs integration -->
-    <packages type="image" profiles="kvm-and-xen,kvm-and-xen-sap,kvm,VMware,VMware-sap,MS-HyperV,MS-HyperV-sap,RaspberryPi,s390x-kvm,s390x-dasd,s390x-fba">
+    <packages type="image" profiles="kvm-and-xen,kvm-and-xen-sap,kvm,VMware,VMware-sap,Vagrant,MS-HyperV,MS-HyperV-sap,RaspberryPi,s390x-kvm,s390x-dasd,s390x-fba">
         <package name="grub2-snapper-plugin"/>
     </packages>
     <!-- GRUB with BLS + btrfs integration -->
@@ -498,6 +525,11 @@
         <package name="open-vm-tools" arch="x86_64"/>
         <package name="kernel-default-base"/>
     </packages>
+    <packages type="image" profiles="Vagrant">
+        <package name="kernel-default-base"/>
+        <package name="nfs-client"/>
+        <package name="sudo"/>
+    </packages>
     <packages type="image" profiles="Cloud,Cloud-sap,s390x-Cloud,s390x-dasd-Cloud,s390x-fcp-Cloud">
         <package name="cloud-init"/>
         <package name="cloud-init-config-suse"/>
@@ -527,7 +559,7 @@
         <package name="glibc-locale-base"/>
         <package name="ca-certificates-mozilla"/>
     </packages>
-    <packages type="bootstrap" profiles="kvm-and-xen,kvm-and-xen-encrypt,kvm,kvm-encrypt,VMware,MS-HyperV,Cloud,RaspberryPi,s390x-kvm,s390x-Cloud,s390x-dasd,s390x-dasd-Cloud,s390x-fcp,s390x-fcp-Cloud">
+    <packages type="bootstrap" profiles="kvm-and-xen,kvm-and-xen-encrypt,kvm,kvm-encrypt,VMware,Vagrant,MS-HyperV,Cloud,RaspberryPi,s390x-kvm,s390x-Cloud,s390x-dasd,s390x-dasd-Cloud,s390x-fcp,s390x-fcp-Cloud">
         <package name="Leap-release"/>
     </packages>
     <packages type="image" profiles="s390x-fcp,s390x-fcp-Cloud">
-- 
2.51.1


From 41b35f1d95bd92ae2e2464a04bfd5da6ec5d456186c767a26b11f09512610eab Mon Sep 17 00:00:00 2001
From: Johannes Kastl <opensuse_buildservice@ojkastl.de>
Date: Wed, 15 Oct 2025 14:31:53 +0200
Subject: [PATCH 3/3] kiwi-templates-Minimal/config.sh: add Vagrant handling

---
 kiwi-templates-Minimal/config.sh | 84 ++++++++++++++++++++++++++++++++
 1 file changed, 84 insertions(+)

diff --git a/kiwi-templates-Minimal/config.sh b/kiwi-templates-Minimal/config.sh
index eb496bb..8114dae 100644
--- a/kiwi-templates-Minimal/config.sh
+++ b/kiwi-templates-Minimal/config.sh
@@ -64,6 +64,81 @@ baseSetRunlevel 3
 #--------------------------------------
 suseImportBuildKey
 
+#======================================
+# Vagrant
+#--------------------------------------
+function vagrantSetup {
+    # This function configures the image to work as a vagrant box.
+    # These are the following steps:
+    # - add the vagrant user
+    # - add the vagrant user to /etc/sudoers
+    # - insert the insecure vagrant ssh key
+    # - create the default /vagrant share
+    # - apply some recommended ssh settings
+
+    echo "Add user vagrant"
+    # create vagrant user
+    useradd vagrant
+
+    # insert the default insecure ssh key from here:
+    # https://github.com/hashicorp/vagrant/blob/master/keys/vagrant.pub
+    mkdir -p /home/vagrant/.ssh/
+    chmod 0700 /home/vagrant/.ssh/
+    echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" > /home/vagrant/.ssh/authorized_keys
+    chmod 0600 /home/vagrant/.ssh/authorized_keys
+    chown -R vagrant:vagrant /home/vagrant/
+
+    # apply recommended ssh settings for vagrant boxes
+    SSHD_CONFIG=/etc/ssh/sshd_config.d/99-vagrant.conf
+    if [[ ! -d "$(dirname ${SSHD_CONFIG})" ]]; then
+        SSHD_CONFIG=/etc/ssh/sshd_config
+        # prepend the settings, so that they take precedence
+        echo -e "UseDNS no\nGSSAPIAuthentication no\n$(cat ${SSHD_CONFIG})" > ${SSHD_CONFIG}
+    else
+        echo -e "UseDNS no\nGSSAPIAuthentication no" > ${SSHD_CONFIG}
+    fi
+
+    # vagrant assumes that it can sudo without a password
+    # => add the vagrant user to the sudoers list
+    echo "vagrant ALL=(ALL)NOPASSWD:ALL" > /etc/sudoers.d/vagrant
+    visudo -cf /etc/sudoers.d/vagrant
+    chmod 440 /etc/sudoers.d/vagrant
+
+    # the default shared folder
+    mkdir -p /vagrant
+    chown -R vagrant:vagrant /vagrant
+
+    # SSH service
+    baseInsertService sshd
+
+    # start vboxsf service only if the guest tools are present
+    if rpm -q virtualbox-guest-tools 2> /dev/null; then
+        echo vboxsf > /etc/modules-load.d/vboxsf.conf
+    fi
+
+    # drop any network udev rules for libvirt, so that the networks are called
+    # ethX
+    # this is not required for Virtualbox as it handles networking differently
+    # and doesn't need this hack
+    if [ "${kiwi_profiles}" != "virtualbox" ]; then
+        rm -f /etc/udev/rules.d/*-net.rules
+    fi
+
+    # setup DHCP on eth0 properly
+    mkdir /etc/sysconfig/network/
+    cat << EOF > /etc/sysconfig/network/ifcfg-eth0
+STARTMODE=auto
+BOOTPROTO=dhcp
+EOF
+}
+
+#======================================
+# Configure Vagrant specifics
+#--------------------------------------
+if [[ "$kiwi_profiles" == *"Vagrant"* ]]; then
+vagrantSetup
+fi
+
 #======================================
 # Enable sshd
 #--------------------------------------
@@ -82,6 +157,15 @@ if [[ "$kiwi_profiles" =~ s390x-(dasd|fba|fcp) ]]; then
     systemctl enable systemd-firstboot
     # Enable prompting for the root password
     echo 'root:!unprovisioned' | chpasswd -e
+elif [[ "$kiwi_profiles" =~ Vagrant ]]; then
+
+    echo "Disable jeos-firstboot.service for Vagrant boxes"
+    systemctl disable jeos-firstboot.service
+    systemctl mask jeos-firstboot.service
+    echo "Disable systemd-firstboot.service for Vagrant boxes"
+    systemctl disable systemd-firstboot.service
+    systemctl mask systemd-firstboot.service
+
 elif rpm -q --whatprovides jeos-firstboot >/dev/null; then
     # Enable jeos-firstboot
     mkdir -p /var/lib/YaST2
-- 
2.51.1