# update guest
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get upgrade -y
apt-get autoremove -y

# install rc.local script
cat << 'EOL' | tee /etc/rc.local
#!/bin/sh -ef
#
test -f /etc/ssh/ssh_host_dsa_key || dpkg-reconfigure openssh-server
exit 0
EOL
chmod +x /etc/rc.local

# install the ansible user
echo '> create ansible user ...'
useradd -m ansible

# configure ansible user
echo '> configure ansible user ...'
mkdir -p /home/ansible/.ssh
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH9H3XK4IaK2pd8xegsbCm0at70kCi33vYkHDccV3Iyn" >> /home/ansible/.ssh/authorized_keys
chmod 700 /home/ansible/.ssh
chmod 600 /home/ansible/.ssh/authorized_keys
chown -R ansible:ansible /home/ansible

# configure sudo for ansible
echo "ansible ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/ansible

# cleaning logs
echo '> cleaning logs ...'
rm -rf /var/log/*

# cleans persistent udev rules
echo '> cleaning persistent udev rules ...'
if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then
  rm /etc/udev/rules.d/70-persistent-net.rules
fi

# cleans /tmp directories
echo '> cleaning /tmp directories ...'
rm -rf /tmp/*
rm -rf /var/tmp/*

# cleans SSH keys
echo '> cleaning ssh host keys ...'
rm -f /etc/ssh/ssh_host_*

# sets hostname to localhost
echo '> setting hostname to localhost ...'
cat /dev/null > /etc/hostname
hostnamectl set-hostname localhost

# cleans apt.
echo '> cleaning apt-get ...'
apt-get clean

# cleans the machine-id
echo '> cleaning the machine-id ...'
truncate -s 0 /etc/machine-id
rm /var/lib/dbus/machine-id
ln -s /etc/machine-id /var/lib/dbus/machine-id

# disable root login over ssh
sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config

# cleans shell history
echo '> cleaning shell history ...'
unset HISTFILE
history -cw
echo > ~/.bash_history

# all done
echo '> done.'
echo '> packer template build -- complete'