Add experimental Void guest workflow and vsock agent

Make iterating on a Firecracker-friendly Void guest practical without replacing the Debian default image path. Add local Void rootfs build/register/verify plumbing, a language-agnostic dev package baseline, and guest SSH/work-disk hardening so new images use the runtime bundle key, keep a normal root bash environment, and repair stale nested /root layouts on restart. Replace the guest PING/PONG responder with an HTTP /healthz agent over vsock, rename the runtime bundle and config surface from ping helper to agent while still accepting the legacy keys, and route the post-SSH reminder through the new vm.health path. Validated with GOCACHE=/tmp/banger-gocache go test ./..., make build, bash -n customize.sh make-rootfs-void.sh, and git diff --check.
2026-03-19 14:51:25 -03:00 · 2026-03-19 14:51:25 -03:00 · 3ed78fdcfc
commit 3ed78fdcfc
parent c8d9a122f9
42 changed files with 2222 additions and 388 deletions
--- a/customize.sh
+++ b/customize.sh
@ -68,7 +68,10 @@ FC_BIN="$RUNTIME_DIR/firecracker"
 KERNEL="$(bundle_path default_kernel "$RUNTIME_DIR/wtf/root/boot/vmlinux-6.8.0-94-generic")"
 INITRD="$(bundle_path default_initrd "$RUNTIME_DIR/wtf/root/boot/initrd.img-6.8.0-94-generic")"
 SSH_KEY="$RUNTIME_DIR/id_ed25519"
-VSOCK_PING_HELPER="$(bundle_path vsock_ping_helper_path "$RUNTIME_DIR/banger-vsock-pingd")"
+VSOCK_AGENT="$(bundle_path vsock_agent_path "$RUNTIME_DIR/banger-vsock-agent")"
+if [[ "$VSOCK_AGENT" == "$RUNTIME_DIR/banger-vsock-agent" && ! -x "$VSOCK_AGENT" ]]; then
+  VSOCK_AGENT="$(bundle_path vsock_ping_helper_path "$RUNTIME_DIR/banger-vsock-pingd")"
+fi

 BR_DEV="br-fc"
 BR_IP="172.16.0.1"
@ -213,8 +216,8 @@ if [[ ! -f "$PACKAGES_FILE" ]]; then
  log "package manifest not found: $PACKAGES_FILE"
  exit 1
 fi
-if [[ ! -x "$VSOCK_PING_HELPER" ]]; then
-  log "vsock ping helper not found or not executable: $VSOCK_PING_HELPER"
+if [[ ! -x "$VSOCK_AGENT" ]]; then
+  log "vsock agent not found or not executable: $VSOCK_AGENT"
  log "run 'make build' or refresh the runtime bundle"
  exit 1
 fi
@ -393,9 +396,9 @@ if [[ "$SSH_READY" -ne 1 ]]; then
 fi

 log "configuring guest"
-log "installing vsock ping helper"
+log "installing vsock agent"
 scp -i "$SSH_KEY" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
-  "$VSOCK_PING_HELPER" "root@${GUEST_IP}:/usr/local/bin/banger-vsock-pingd" >/dev/null
+  "$VSOCK_AGENT" "root@${GUEST_IP}:/usr/local/bin/banger-vsock-agent" >/dev/null

 ssh -i "$SSH_KEY" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
  "root@${GUEST_IP}" bash -lc "set -e
@ -436,31 +439,31 @@ if [[ \"$INSTALL_DOCKER\" == \"1\" ]]; then
  fi
 fi
 rm -f /root/get-docker /root/get-docker.sh /tmp/get-docker /tmp/get-docker.sh
-chmod 0755 /usr/local/bin/banger-vsock-pingd
+chmod 0755 /usr/local/bin/banger-vsock-agent
 mkdir -p /etc/modules-load.d /etc/systemd/system
 cat > /etc/modules-load.d/banger-vsock.conf <<'EOF'
 vsock
 vmw_vsock_virtio_transport
 EOF
 chmod 0644 /etc/modules-load.d/banger-vsock.conf
-cat > /etc/systemd/system/banger-vsock-pingd.service <<'EOF'
+cat > /etc/systemd/system/banger-vsock-agent.service <<'EOF'
 [Unit]
-Description=Banger vsock ping responder
+Description=Banger vsock agent
 After=network.target

 [Service]
 Type=simple
-ExecStart=/usr/local/bin/banger-vsock-pingd
+ExecStart=/usr/local/bin/banger-vsock-agent
 Restart=on-failure
 RestartSec=1

 [Install]
 WantedBy=multi-user.target
 EOF
-chmod 0644 /etc/systemd/system/banger-vsock-pingd.service
+chmod 0644 /etc/systemd/system/banger-vsock-agent.service
 if command -v systemctl >/dev/null 2>&1; then
  systemctl daemon-reload || true
-  systemctl enable --now banger-vsock-pingd.service || true
+  systemctl enable --now banger-vsock-agent.service || true
 fi
 git config --system init.defaultBranch main
 "