# -*- mode: ruby -*-
# vi: set ft=ruby :

unless Vagrant.has_plugin?("vagrant-reload")
  raise 'vagrant-reload plugin is not installed!'
end

# hack: https://github.com/hashicorp/vagrant/issues/8878#issuecomment-345112810
class VagrantPlugins::ProviderVirtualBox::Action::Network
  def dhcp_server_matches_config?(dhcp_server, config)
    true
  end
end

Vagrant.configure("2") do |config|

  config.vm.box = "bento/ubuntu-20.04"

  config.vm.network "private_network", type: "dhcp"

  config.vm.synced_folder ".", "/vagrant", disabled: true

  if Vagrant.has_plugin?("vagrant-vbguest")
    config.vbguest.auto_update = false
  end

  config.vm.provider "virtualbox" do |vb|
    vb.customize ["modifyvm", :id, "--nictype1", "virtio" ]
    vb.customize ["modifyvm", :id, "--nicpromisc1", "allow-all"]
    vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
    vb.customize ["modifyvm", :id, "--natdnsproxy1", "on"]
    vb.customize ["modifyvm", :id, "--memory", 2048]
    vb.customize ["modifyvm", :id, "--cpus", 2]
    vb.customize ["modifyvm", :id, "--vram", 32]
    vb.customize ["modifyvm", :id, "--ioapic", "on"]
    vb.customize ["modifyvm", :id, "--nestedpaging", "on"]
    vb.customize ["modifyvm", :id, "--pae", "on"]
    vb.customize ["modifyvm", :id, "--hwvirtex", "on"]
    vb.customize ["modifyvm", :id, "--nested-hw-virt", "on"]
  end

  config.vm.provision "shell", inline: <<-STEP1
    export DEBIAN_FRONTEND=noninteractive
    export BEAT_VERSION=7.6.2
    apt-get update
    apt-get install -y auditd gnupg2 curl ca-certificates libcap2-bin libpcap0.8 python3-minimal python-is-python3
    curl -sSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -
    echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" >> /etc/apt/sources.list
    apt-get update
    for BEAT in auditbeat filebeat packetbeat metricbeat; do
      apt-get install -y $BEAT-oss=$BEAT_VERSION
    done;
  STEP1

  config.vm.provision "file", source: "./audit.rules", destination: "/tmp/audit.rules"

  config.vm.provision "file", source: "../beat_run.py", destination: "/tmp/beat_run.py"
  config.vm.provision "file", source: "../beat_config.py", destination: "/tmp/beat_config.py"
  config.vm.provision "file", source: "../beat_common.py", destination: "/tmp/beat_common.py"
  ["auditbeat","filebeat","packetbeat","metricbeat"].to_enum.with_index(1).each do |beat, i|
    config.vm.provision "file", source: "./#{beat}.yml", destination: "/tmp/#{beat}.yml"
  end

  config.vm.provision "shell", inline: <<-STEP2
    export DEBIAN_FRONTEND=noninteractive

    mv /tmp/beat*.py /usr/local/bin/
    chown root:root /usr/local/bin/beat*.py
    chmod 755 /usr/local/bin/beat_config.py /usr/local/bin/beat_run.py
    chmod 644 /usr/local/bin/beat_common.py

    filebeat modules enable system

    mv /tmp/audit.rules /etc/audit/rules.d/audit.rules
    find /etc/audit -type d -exec chmod 750 "{}" \\;
    find /etc/audit -type f -exec chmod 640 "{}" \\;

    for BEAT in auditbeat filebeat packetbeat metricbeat; do
      mkdir -p /opt/$BEAT
      mv /tmp/$BEAT.yml /opt/$BEAT/
      chown -R root:root /opt/$BEAT
      chmod 700 /opt/$BEAT
      chmod 600 /opt/$BEAT/*
    done;
  STEP2

  config.vm.provision :reload

end
