From 2a268a343620ddf23e03e2bcb52222d0a547a152 Mon Sep 17 00:00:00 2001
From: Matt Kaar <mkaar@cert.org>
Date: Fri, 3 Feb 2023 11:21:58 -0500
Subject: [PATCH 01/12] Automate dev environment setup

- Add enable-dev-mode script that installs XFCE, VS Code and other
  development tools
- Expand hard drive to 40G
- Fix Helm apt repo error
---
 foundry/scripts/enable-dev-mode | 73 +++++++++++++++++++++++++++++++++
 setup-appliance                 |  4 +-
 variables.pkr.hcl               |  2 +-
 3 files changed, 76 insertions(+), 3 deletions(-)
 create mode 100755 foundry/scripts/enable-dev-mode

diff --git a/foundry/scripts/enable-dev-mode b/foundry/scripts/enable-dev-mode
new file mode 100755
index 0000000..7192db1
--- /dev/null
+++ b/foundry/scripts/enable-dev-mode
@@ -0,0 +1,73 @@
+#!/bin/bash -e
+#
+# Copyright 2022 Carnegie Mellon University.
+# Released under a BSD (SEI)-style license, please see LICENSE.md in the
+# project root or contact permission@sei.cmu.edu for full terms.
+#
+# Install window manager, VS Code, and other development tools
+
+USER_SESSION_PATH=/var/lib/AccountsService/users/foundry
+
+if [[ $UID == 0 ]]; then
+    echo "Please run this script without sudo:"
+    echo "$1 $2"
+    exit 1
+fi
+
+echo
+echo "Installing XFCE window manager, VS Code, and other development tools..."
+echo
+
+# Install repositories
+wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > packages.microsoft.gpg
+sudo install -D -o root -g root -m 644 packages.microsoft.gpg /etc/apt/keyrings/packages.microsoft.gpg
+sudo sh -c 'echo "deb [arch=amd64,arm64,armhf signed-by=/etc/apt/keyrings/packages.microsoft.gpg] https://packages.microsoft.com/repos/code stable main" > /etc/apt/sources.list.d/vscode.list'
+rm -f packages.microsoft.gpg
+sudo apt-get update
+
+# Install XCFE window manager
+sudo apt-get install -y task-xfce-desktop open-vm-tools-desktop
+
+# Remove light-locker as workaround for lock screen input issue:
+# https://bugs.launchpad.net/ubuntu/+source/xfce4-screensaver/+bug/1875025
+sudo apt-get purge -y light-locker
+sudo apt-get autoremove -y
+
+# Fix "Failed to start session" during XFCE login:
+# https://askubuntu.com/a/1414650
+if [ -e $USER_SESSION_PATH ]; then
+    sudo sed -i -r "s/(Session=).*/\1xfce/g" $USER_SESSION_PATH
+else
+    sudo bash -c "cat > $USER_SESSION_PATH <<EOF
+[User]
+Session=xfce
+XSession=xfce
+Icon=/home/foundry/.face
+SystemAccount=false
+EOF"
+fi
+
+# Install Tailscale for remote access
+curl -fsSL https://tailscale.com/install.sh | sh
+
+# Install VS Code
+sudo apt-get install -y code
+code --install-extension Angular.ng-template
+code --install-extension GitHub.vscode-pull-request-github
+code --install-extension ms-kubernetes-tools.vscode-kubernetes-tools
+code --install-extension ms-dotnettools.csharp
+
+if [[ "$1" == "--vim" ]]; then
+  code --install-extension vscodevim.vim
+  echo
+  echo "--vim option enabled. Prepare to dominate."
+else
+  echo
+  echo "It's never too late to learn. https://vim-adventures.com/"
+  echo
+  echo "Run '$0 --vim' when you're ready for prime time."
+fi
+
+echo
+echo "Dev mode enabled. Reboot to start the XFCE window manager."
+echo
diff --git a/setup-appliance b/setup-appliance
index 3f4bc66..c485e78 100644
--- a/setup-appliance
+++ b/setup-appliance
@@ -19,8 +19,8 @@ sed -i -r 's/(\/swap\.img.*)/#\1/' /etc/fstab
 # Add new repositories and upgrade existing Ubuntu packages
 curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
 echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
-curl https://baltocdn.com/helm/signing.asc | sudo apt-key add -
-echo "deb https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list
+curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | sudo tee /etc/apt/keyrings/helm.gpg > /dev/null
+echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list
 apt-get update
 apt-get full-upgrade -y
 
diff --git a/variables.pkr.hcl b/variables.pkr.hcl
index e7ff727..93c2fc7 100644
--- a/variables.pkr.hcl
+++ b/variables.pkr.hcl
@@ -53,7 +53,7 @@ locals {
   "<f10><wait>"
   ]
   cpus             = 2
-  disk_size        = 30000
+  disk_size        = 40000
   iso_url          = "https://releases.ubuntu.com/22.04/ubuntu-22.04.1-live-server-amd64.iso"
   iso_checksum     = "sha256:10f19c5b2b8d6db711582e0e27f5116296c34fe4b313ba45f9b201a5007056cb"
   memory           = 4096

From ba91faa6133b0871e03ffbebefa34e45d03b02f2 Mon Sep 17 00:00:00 2001
From: Matt Kaar <mkaar@cert.org>
Date: Mon, 6 Feb 2023 11:14:27 -0500
Subject: [PATCH 02/12] Disable screensaver and lock screen in dev mode

- Disable screensaver and lock screen for XFCE
- Use local UMD Ubuntu mirror due to main site outage
---
 foundry/scripts/enable-dev-mode | 4 ++++
 variables.pkr.hcl               | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/foundry/scripts/enable-dev-mode b/foundry/scripts/enable-dev-mode
index 7192db1..419d627 100755
--- a/foundry/scripts/enable-dev-mode
+++ b/foundry/scripts/enable-dev-mode
@@ -33,6 +33,10 @@ sudo apt-get install -y task-xfce-desktop open-vm-tools-desktop
 sudo apt-get purge -y light-locker
 sudo apt-get autoremove -y
 
+# Disable screensaver and lock screen
+xfconf-query -c xfce4-screensaver -np /saver/enabled -t bool -s false
+xfconf-query -c xfce4-screensaver -np /lock/enabled -t bool -s false
+
 # Fix "Failed to start session" during XFCE login:
 # https://askubuntu.com/a/1414650
 if [ -e $USER_SESSION_PATH ]; then
diff --git a/variables.pkr.hcl b/variables.pkr.hcl
index 93c2fc7..ca5b965 100644
--- a/variables.pkr.hcl
+++ b/variables.pkr.hcl
@@ -54,7 +54,7 @@ locals {
   ]
   cpus             = 2
   disk_size        = 40000
-  iso_url          = "https://releases.ubuntu.com/22.04/ubuntu-22.04.1-live-server-amd64.iso"
+  iso_url          = "https://mirror.umd.edu/ubuntu-iso/jammy/ubuntu-22.04.1-live-server-amd64.iso"
   iso_checksum     = "sha256:10f19c5b2b8d6db711582e0e27f5116296c34fe4b313ba45f9b201a5007056cb"
   memory           = 4096
   shutdown_command = "echo '${var.ssh_password}'|sudo -S shutdown -P now"

From cf97b3a9f82a991f3142d2dc396f4f6b1d318980 Mon Sep 17 00:00:00 2001
From: Matt Kaar <66427159+sei-mkaar@users.noreply.github.com>
Date: Mon, 6 Feb 2023 12:28:02 -0500
Subject: [PATCH 03/12] Increase VirtualBox build time

---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 754dfe9..02aedad 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -32,7 +32,7 @@ jobs:
       env:
         GITHUB_PULL_REQUEST: ${{ github.event.number }}
       with:
-        timeout_minutes: 40
+        timeout_minutes: 45
         max_attempts: 5
         command: ./build-appliance virtualbox
 

From 25c6a6c4961d53c89bd07e1ee05c498549507c01 Mon Sep 17 00:00:00 2001
From: Matt Kaar <66427159+sei-mkaar@users.noreply.github.com>
Date: Mon, 6 Feb 2023 15:26:48 -0500
Subject: [PATCH 04/12] Shorten build timeouts

---
 .github/workflows/build.yml | 4 ++--
 foundry-appliance.pkr.hcl   | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 02aedad..fbc4854 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -28,11 +28,11 @@ jobs:
       run: sed -i '' '/localhostreachable/d' foundry-appliance.pkr.hcl
 
     - name: Build VirtualBox OVF image
-      uses: nick-invision/retry@v2
+      uses: nick-fields/retry@v2
       env:
         GITHUB_PULL_REQUEST: ${{ github.event.number }}
       with:
-        timeout_minutes: 45
+        timeout_minutes: 40
         max_attempts: 5
         command: ./build-appliance virtualbox
 
diff --git a/foundry-appliance.pkr.hcl b/foundry-appliance.pkr.hcl
index f5a55cb..8be9257 100644
--- a/foundry-appliance.pkr.hcl
+++ b/foundry-appliance.pkr.hcl
@@ -14,7 +14,7 @@ source "virtualbox-iso" "foundry-appliance" {
   rtc_time_base        = "UTC"
   shutdown_command     = "${local.shutdown_command}"
   ssh_password         = "${var.ssh_password}"
-  ssh_timeout          = "30m"
+  ssh_timeout          = "10m"
   ssh_username         = "${var.ssh_username}"
   vboxmanage           = [
                            ["modifyvm", "{{.Name}}", "--nat-localhostreachable1", "on"],
@@ -37,7 +37,7 @@ source "vmware-iso" "foundry-appliance" {
   output_directory     = "output-vmware"
   shutdown_command     = "${local.shutdown_command}"
   ssh_password         = "${var.ssh_password}"
-  ssh_timeout          = "30m"
+  ssh_timeout          = "10m"
   ssh_username         = "${var.ssh_username}"
   version              = "14"
   vm_name              = "foundry-appliance-${var.appliance_version}"
@@ -62,7 +62,7 @@ source "vsphere-iso" "foundry-appliance" {
   RAM              = "${local.memory}"
   shutdown_command = "${local.shutdown_command}"
   ssh_password     = "${var.ssh_password}"
-  ssh_timeout      = "30m"
+  ssh_timeout      = "10m"
   ssh_username     = "${var.ssh_username}"
   storage {
     disk_size             = "${local.disk_size}"

From be65483f633b4a83b3cbfb1e8d15c22a203d2dff Mon Sep 17 00:00:00 2001
From: Matt Kaar <66427159+sei-mkaar@users.noreply.github.com>
Date: Mon, 6 Feb 2023 17:08:23 -0500
Subject: [PATCH 05/12] Force build during CI retry attempts

---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index fbc4854..134ab74 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -34,7 +34,7 @@ jobs:
       with:
         timeout_minutes: 40
         max_attempts: 5
-        command: ./build-appliance virtualbox
+        command: ./build-appliance virtualbox -force
 
     - name: Get build_name from OVF file
       run: echo "build_name=$(sh -c "find . -name '*.ovf' | xargs basename -s '.ovf'")" >> $GITHUB_ENV

From 4b0a559cdaaa81ecd7ca53bdd5244425b0a13c41 Mon Sep 17 00:00:00 2001
From: Matt Kaar <66427159+sei-mkaar@users.noreply.github.com>
Date: Mon, 6 Feb 2023 17:15:21 -0500
Subject: [PATCH 06/12] Update CI build actions

---
 .github/workflows/build.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 134ab74..bd7e726 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -13,10 +13,10 @@ jobs:
     runs-on: macos-12
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     - name: Packer cache
-      uses: actions/cache@v2
+      uses: actions/cache@v3
       with:
         path: ~/.cache/packer
         key: ${{ runner.os }}-packer

From f889157d52ab8102c2bf5788f9f4168331622cbe Mon Sep 17 00:00:00 2001
From: Matt Kaar <mkaar@cert.org>
Date: Mon, 6 Feb 2023 17:30:46 -0500
Subject: [PATCH 07/12] Revert Ubuntu ISO mirror

---
 variables.pkr.hcl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/variables.pkr.hcl b/variables.pkr.hcl
index ca5b965..835af9d 100644
--- a/variables.pkr.hcl
+++ b/variables.pkr.hcl
@@ -54,7 +54,7 @@ locals {
   ]
   cpus             = 2
   disk_size        = 40000
-  iso_url          = "https://mirror.umd.edu/ubuntu-iso/jammy/ubuntu-22.04.1-live-server-amd64.iso"
+  iso_url          = "https://releases.ubuntu.com/jammy/ubuntu-22.04.1-live-server-amd64.iso"
   iso_checksum     = "sha256:10f19c5b2b8d6db711582e0e27f5116296c34fe4b313ba45f9b201a5007056cb"
   memory           = 4096
   shutdown_command = "echo '${var.ssh_password}'|sudo -S shutdown -P now"

From 42ab1e30b01357f1d1f9ecc39409252c89730989 Mon Sep 17 00:00:00 2001
From: Matt Kaar <66427159+sei-mkaar@users.noreply.github.com>
Date: Mon, 6 Feb 2023 18:12:02 -0500
Subject: [PATCH 08/12] Dial back SSH timeout changes

---
 foundry-appliance.pkr.hcl | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/foundry-appliance.pkr.hcl b/foundry-appliance.pkr.hcl
index 8be9257..0e64e32 100644
--- a/foundry-appliance.pkr.hcl
+++ b/foundry-appliance.pkr.hcl
@@ -14,7 +14,7 @@ source "virtualbox-iso" "foundry-appliance" {
   rtc_time_base        = "UTC"
   shutdown_command     = "${local.shutdown_command}"
   ssh_password         = "${var.ssh_password}"
-  ssh_timeout          = "10m"
+  ssh_timeout          = "15m"
   ssh_username         = "${var.ssh_username}"
   vboxmanage           = [
                            ["modifyvm", "{{.Name}}", "--nat-localhostreachable1", "on"],
@@ -37,7 +37,7 @@ source "vmware-iso" "foundry-appliance" {
   output_directory     = "output-vmware"
   shutdown_command     = "${local.shutdown_command}"
   ssh_password         = "${var.ssh_password}"
-  ssh_timeout          = "10m"
+  ssh_timeout          = "15m"
   ssh_username         = "${var.ssh_username}"
   version              = "14"
   vm_name              = "foundry-appliance-${var.appliance_version}"
@@ -62,7 +62,7 @@ source "vsphere-iso" "foundry-appliance" {
   RAM              = "${local.memory}"
   shutdown_command = "${local.shutdown_command}"
   ssh_password     = "${var.ssh_password}"
-  ssh_timeout      = "10m"
+  ssh_timeout      = "15m"
   ssh_username     = "${var.ssh_username}"
   storage {
     disk_size             = "${local.disk_size}"

From cf6f43fa1700402abfe51e3591b1ae0d8b505596 Mon Sep 17 00:00:00 2001
From: Matt Kaar <mkaar@cert.org>
Date: Mon, 6 Feb 2023 21:34:44 -0500
Subject: [PATCH 09/12] Enable external postgresql access in dev mode

---
 foundry/ingress-nginx.values.yaml | 5 +++--
 foundry/scripts/enable-dev-mode   | 4 ++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/foundry/ingress-nginx.values.yaml b/foundry/ingress-nginx.values.yaml
index c826f3f..278adc1 100644
--- a/foundry/ingress-nginx.values.yaml
+++ b/foundry/ingress-nginx.values.yaml
@@ -205,10 +205,10 @@ controller:
 
   # -- The update strategy to apply to the Deployment or DaemonSet
   ##
-  updateStrategy: {}
+  updateStrategy:
   #  rollingUpdate:
   #    maxUnavailable: 1
-  #  type: RollingUpdate
+    type: Recreate
 
   # -- `minReadySeconds` to avoid killing pods before we are ready
   ##
@@ -907,6 +907,7 @@ imagePullSecrets: []
 ##
 tcp:
   2049: "common/nfs-server-provisioner:2049"
+  #5432: "common/postgresql:5432"
 
 # -- UDP service key:value pairs
 ## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md
diff --git a/foundry/scripts/enable-dev-mode b/foundry/scripts/enable-dev-mode
index 419d627..c85c9b5 100755
--- a/foundry/scripts/enable-dev-mode
+++ b/foundry/scripts/enable-dev-mode
@@ -54,6 +54,10 @@ fi
 # Install Tailscale for remote access
 curl -fsSL https://tailscale.com/install.sh | sh
 
+# Enable external PostgreSQL access
+sed -i -r "s/#(5432:)/\1/" ~/foundry/ingress-nginx.values.yaml
+helm upgrade -n foundry -f ~/foundry/ingress-nginx.values.yaml ingress-nginx ingress-nginx/ingress-nginx
+
 # Install VS Code
 sudo apt-get install -y code
 code --install-extension Angular.ng-template

From 3eaeedf0792d766a97d5d42c08a56523963d2363 Mon Sep 17 00:00:00 2001
From: Matt Kaar <mkaar@cert.org>
Date: Tue, 7 Feb 2023 08:16:49 -0500
Subject: [PATCH 10/12] Install VirtualBox Guest Additions

Increase VRAM for dev mode
---
 foundry-appliance.pkr.hcl |  2 ++
 setup-appliance           | 10 +++++++++-
 variables.pkr.hcl         |  2 +-
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/foundry-appliance.pkr.hcl b/foundry-appliance.pkr.hcl
index 0e64e32..35e0977 100644
--- a/foundry-appliance.pkr.hcl
+++ b/foundry-appliance.pkr.hcl
@@ -17,6 +17,7 @@ source "virtualbox-iso" "foundry-appliance" {
   ssh_timeout          = "15m"
   ssh_username         = "${var.ssh_username}"
   vboxmanage           = [
+                           ["modifyvm", "{{.Name}}", "--vram", "${local.video_memory}"],
                            ["modifyvm", "{{.Name}}", "--nat-localhostreachable1", "on"],
   ]
   vm_name              = "foundry-appliance-${var.appliance_version}"
@@ -70,6 +71,7 @@ source "vsphere-iso" "foundry-appliance" {
   }
   username       = "${var.vsphere_username}"
   vcenter_server = "${var.vcenter_server}"
+  video_ram      = "${local.video_memory}"
   vm_name        = "foundry-appliance-${var.appliance_version}"
 }
 
diff --git a/setup-appliance b/setup-appliance
index c485e78..f9a57f8 100644
--- a/setup-appliance
+++ b/setup-appliance
@@ -58,7 +58,15 @@ network:
 EOF
 netplan apply
 
-apt-get install -y dnsmasq avahi-daemon jq nfs-common sshpass kubectl helm pwgen
+apt-get install -y dnsmasq avahi-daemon jq nfs-common sshpass kubectl helm pwgen build-essential
+
+# Install VirtualBox Guest Additions
+if [ -f "~/VBoxGuestAdditions.iso" ]; then
+    mount -o loop ~/VBoxGuestAdditions.iso /mnt
+    /mnt/VBoxLinuxAdditions.run
+    umount /mnt
+    rm ~/VBoxGuestAdditions.iso
+fi
 
 # Install k3s
 mkdir -p /etc/rancher/k3s
diff --git a/variables.pkr.hcl b/variables.pkr.hcl
index 835af9d..38181ad 100644
--- a/variables.pkr.hcl
+++ b/variables.pkr.hcl
@@ -58,4 +58,4 @@ locals {
   iso_checksum     = "sha256:10f19c5b2b8d6db711582e0e27f5116296c34fe4b313ba45f9b201a5007056cb"
   memory           = 4096
   shutdown_command = "echo '${var.ssh_password}'|sudo -S shutdown -P now"
-}
+  video_memory     = 32

From 70e1c56509a140c27850e287b7777d25aa06e966 Mon Sep 17 00:00:00 2001
From: Matt Kaar <66427159+sei-mkaar@users.noreply.github.com>
Date: Tue, 7 Feb 2023 08:45:40 -0500
Subject: [PATCH 11/12] Update variables.pkr.hcl

---
 variables.pkr.hcl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/variables.pkr.hcl b/variables.pkr.hcl
index 38181ad..de8bf69 100644
--- a/variables.pkr.hcl
+++ b/variables.pkr.hcl
@@ -59,3 +59,4 @@ locals {
   memory           = 4096
   shutdown_command = "echo '${var.ssh_password}'|sudo -S shutdown -P now"
   video_memory     = 32
+}

From 4ad802f9398758cc731f977b318579cc1187dbe9 Mon Sep 17 00:00:00 2001
From: Matt Kaar <66427159+sei-mkaar@users.noreply.github.com>
Date: Tue, 7 Feb 2023 19:58:08 -0500
Subject: [PATCH 12/12] Dial in timeout value

---
 foundry-appliance.pkr.hcl | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/foundry-appliance.pkr.hcl b/foundry-appliance.pkr.hcl
index 35e0977..eb95b39 100644
--- a/foundry-appliance.pkr.hcl
+++ b/foundry-appliance.pkr.hcl
@@ -14,7 +14,7 @@ source "virtualbox-iso" "foundry-appliance" {
   rtc_time_base        = "UTC"
   shutdown_command     = "${local.shutdown_command}"
   ssh_password         = "${var.ssh_password}"
-  ssh_timeout          = "15m"
+  ssh_timeout          = "20m"
   ssh_username         = "${var.ssh_username}"
   vboxmanage           = [
                            ["modifyvm", "{{.Name}}", "--vram", "${local.video_memory}"],
@@ -38,7 +38,7 @@ source "vmware-iso" "foundry-appliance" {
   output_directory     = "output-vmware"
   shutdown_command     = "${local.shutdown_command}"
   ssh_password         = "${var.ssh_password}"
-  ssh_timeout          = "15m"
+  ssh_timeout          = "20m"
   ssh_username         = "${var.ssh_username}"
   version              = "14"
   vm_name              = "foundry-appliance-${var.appliance_version}"
@@ -63,7 +63,7 @@ source "vsphere-iso" "foundry-appliance" {
   RAM              = "${local.memory}"
   shutdown_command = "${local.shutdown_command}"
   ssh_password     = "${var.ssh_password}"
-  ssh_timeout      = "15m"
+  ssh_timeout      = "20m"
   ssh_username     = "${var.ssh_username}"
   storage {
     disk_size             = "${local.disk_size}"