chore: remove unused packages from qemu build

ansible/playbook.yml

@@ -198,7 +198,7 @@
         - collect-binaries
       when: debpkg_mode
 
-    - name: Install osquery from nixpkgs binary cache
+    - name: Purge snapd
       become: yes
       shell: |
         apt autoremove -y --purge snapd

ansible/vars.yml

@@ -9,9 +9,9 @@ postgres_major:
 
 # Full version strings for each major version
 postgres_release:
-  postgresorioledb-17: "17.5.1.009-orioledb"
-  postgres17: "17.4.1.066"
-  postgres15: "15.8.1.123"
+  postgresorioledb-17: "17.5.1.010-orioledb"
+  postgres17: "17.4.1.067"
+  postgres15: "15.8.1.124"
 
 # Non Postgres Extensions
 pgbouncer_release: "1.19.0"

qemu-arm64-nix.pkr.hcl

@@ -74,17 +74,23 @@ source "qemu" "cloudimg" {
   format         = "qcow2"
   headless       = true
   http_directory = "http"
+  # TODO (darora): switch to minimal images
+  # iso_checksum   = "file:https://cloud-images.ubuntu.com/minimal/releases/noble/release/SHA256SUMS"
+  # iso_url        = "https://cloud-images.ubuntu.com/minimal/releases/noble/release/ubuntu-24.04-minimal-cloudimg-arm64.img"
   iso_checksum   = "file:https://cloud-images.ubuntu.com/noble/current/SHA256SUMS"
   iso_url        = "https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-arm64.img"
   memory         = 40000
+  qemu_img_args {
+    convert = ["-o", "compression_type=zstd"]
+  }
   qemu_binary    = "qemu-system-aarch64"
   qemuargs = [
     ["-machine", "virt,gic-version=3"],
     ["-cpu", "host"],
     ["-device", "virtio-gpu-pci"],
     ["-drive", "if=pflash,format=raw,id=ovmf_code,readonly=on,file=/usr/share/AAVMF/AAVMF_CODE.fd"],
     ["-drive", "if=pflash,format=raw,id=ovmf_vars,file=AAVMF_VARS.fd"],
-    ["-drive", "file=output-cloudimg/packer-cloudimg,format=qcow2"],
+    ["-drive", "file=output-cloudimg/packer-cloudimg,if=virtio,format=qcow2,discard=on,detect-zeroes=unmap"],
     ["-drive", "file=seeds-cloudimg.iso,format=raw"],
     ["--enable-kvm"]
   ]

scripts/90-cleanup-qemu.sh

@@ -42,15 +42,47 @@ elif [ -n "$(command -v apt-get)" ]; then
 
   source /etc/os-release
 
-  apt-get -y update
-  apt-get -y upgrade
+  apt-mark manual libevent-2.1-7t64
+
+  apt-get remove -y --purge ansible-core apport appstream bash-completion bcache-tools bind9-dnsutils bind9-host bind9-libs bolt btrfs-progs byobu command-not-found console-setup distro-info eject fonts-ubuntu-console friendly-recovery ftp fwupd gawk gdisk keyboard-configuration libvolume-key1 libssl-dev lvm2 lxd-agent-loader man-db mdadm modemmanager mtd-utils nano netcat-openbsd nfs-common ntfs-3g parted pastebinit screen strace thin-provisioning-tools tmux usb-modeswitch vim vim-runtime wget whiptail xfsprogs
+
+  apt remove -y --purge libc6-dev linux-libc-dev libevent-dev libpcre3-dev libsystemd-dev packagekit multipath-tools unattended-upgrades plymouth gnupg open-vm-tools xauth lxd-installer publicsuffix libclang-cpp18 python3-twisted python-babel-localedata libicu74 python3-pygments fonts-dejavu* python3-botocore
+
+  apt-get remove -y --purge linux-headers*
+
+  # remove old kernels
+  # CURRENT_KERNEL="$(uname -r | sed 's/-generic//')"
+  # INSTALLED_KERNELS=$(dpkg -l | awk '{print $2}' | grep -Eo 'linux-(image|headers|modules|tools)-[0-9]+' | sed -E 's/linux-(image|modules|tools)-//' | sort -Vu)
+  # REMOVE_KERNELS=$(echo "$INSTALLED_KERNELS" | grep -v -e "$CURRENT_KERNEL")
+  # for VER in $REMOVE_KERNELS; do
+  #     for PREFIX in linux-image linux-modules linux-tools; do
+  #         for PKG in $(dpkg -l | awk '{print $2}' | grep "^$PREFIX-$VER"); do
+  #             apt-get purge -y "$PKG"
+  #         done
+  #     done
+  # done
+  # update-grub
+
   apt-get -y autoremove
   apt-get -y autoclean
+
+  apt-get -y update
+  apt-get -y upgrade
+
 fi
+
+systemctl set-default multi-user.target
+systemctl disable [email protected]
+systemctl mask [email protected]
+systemctl mask graphical.target
+
 rm -rf /tmp/* /var/tmp/*
 history -c
 cat /dev/null > /root/.bash_history
 unset HISTFILE
+
+journalctl --rotate
+journalctl --vacuum-time=1s
 find /var/log -mtime -1 -type f -exec truncate -s 0 {} \;
 rm -rf /var/log/*.gz /var/log/*.[0-9] /var/log/*-????????
 rm -rf /var/lib/cloud/instances/*
@@ -60,3 +92,14 @@ chmod 600 /etc/ssh/revoked_keys
 
 cat /dev/null > /var/log/lastlog
 cat /dev/null > /var/log/wtmp
+
+dd if=/dev/zero of=/zerofile &
+  PID=$!
+  while [ -d /proc/$PID ]
+    do
+      printf "."
+      sleep 5
+    done
+sync; rm /zerofile; sync
+
+fstrim /