diff --git a/docs/labs/libvirt.md b/docs/labs/libvirt.md
index 1b582bfe88..846f491968 100644
--- a/docs/labs/libvirt.md
+++ b/docs/labs/libvirt.md
@@ -92,6 +92,7 @@ These documents contain box-building recipes using the **netlab libvirt** utilit
 * [FRRouting](frr.md) (Debian VM with preinstalled **frr** package)
 * [Juniper vPTX](vptx.md)
 * [Juniper vSRX 3.0](vsrx.md)
+* [Custom Linux boxes](linux.md)
 * [Mikrotik RouterOS 7](routeros7.md) - based on the original [Mikrotik RouterOS](http://stefano.dscnet.org/a/mikrotik_vagrant/) by [Stefano Sasso](http://stefano.dscnet.org)
 * [OpenBSD](openbsd.md)
 * [Sonic](sonic.md)
diff --git a/docs/labs/linux.md b/docs/labs/linux.md
index 68844b63d6..c6369c0229 100644
--- a/docs/labs/linux.md
+++ b/docs/labs/linux.md
@@ -3,7 +3,7 @@
 
 You can run Linux hosts or routers in virtual machines or containers. The default image used for a Linux virtual machine is Ubuntu 24.04, and the default container image is a Python 3.13 container running on Alpine Linux (use the **‌netlab show images --device linux** command to display the actual defaults).
 
-To use any other Linux distribution or container, or to start a home-built Vagrant box or Docker container, add **image** attribute with the name of Vagrant box or Docker container to the node data[^GL]. The only requirements for a Linux virtual machine is working Python environment (to support Ansible playbooks used in **netlab initial** command) and the presence of **ip** command used in initial device configuration. Docker containers have no requirements ([see below](clab-linux))
+To use any other Linux distribution or container, or to start a home-built Vagrant box or Docker container, add **image** attribute with the name of Vagrant box or Docker container to the node data[^GL]. The only requirements for a Linux virtual machine are a working Python environment (to support Ansible playbooks used in **netlab initial** command) and the presence of **ip** command used in initial device configuration. Docker containers have no requirements ([see below](clab-linux))
 
 ```eval_rst
 .. contents:: More Details
@@ -14,6 +14,13 @@ To use any other Linux distribution or container, or to start a home-built Vagra
 
 [^GL]: You can also set the **defaults.devices.linux._provider_.image** attribute to change the Vagrant box or Docker container for all Linux hosts in your lab.
 
+(linux-build)=
+## Building a Custom Vagrant Box
+
+You can use the `netlab libvirt package linux` command to build a Custom Vagrant box from a Linux **qcow2** file that includes the `cloud-init`  service. The build process uses the local `cloud-init` data to create the `vagrant` user and its default SSH keys.
+
+After the Linux VM boots, log in as user `vagrant` (password `vagrant`), install any other software you want to have in the VM, change its settings if needed, and shut down the VM with `sudo poweroff`. After the VM is powered off, _netlab_ takes over and creates a Vagrant box from the modified VM disk.
+
 (linux-hosts)=
 ## Hosts File
 
diff --git a/netsim/devices/linux.yml b/netsim/devices/linux.yml
index fcfd90c8d8..315d3e9da2 100644
--- a/netsim/devices/linux.yml
+++ b/netsim/devices/linux.yml
@@ -20,6 +20,9 @@ features:
     roles: [ host ]
 libvirt:
   image: bento/ubuntu-24.04
+  create_image: netlab/linux
+  create_template: frr.xml.j2
+  create_iso: linux
   group_vars:
     netlab_linux_distro: ubuntu
   features:
diff --git a/netsim/install/libvirt/linux/meta-data b/netsim/install/libvirt/linux/meta-data
new file mode 100644
index 0000000000..ee22d7620d
--- /dev/null
+++ b/netsim/install/libvirt/linux/meta-data
@@ -0,0 +1 @@
+local-hostname: linux
diff --git a/netsim/install/libvirt/linux/user-data.j2 b/netsim/install/libvirt/linux/user-data.j2
new file mode 100644
index 0000000000..8e99e92db4
--- /dev/null
+++ b/netsim/install/libvirt/linux/user-data.j2
@@ -0,0 +1,28 @@
+#cloud-config
+hostname: linux
+fqdn: lab.local
+ssh_pwauth: true
+disable_root: false
+datasource_list: [ NoCloud, None ]
+ssh_authorized_keys:
+- ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
+- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1YdxBpNlzxDqfJyw/QKow1F+wvG9hXGoqiysfJOn5Y vagrant insecure public key
+
+users:
+# Preserve default distro user
+- default
+# Create Vagrant user with disabled password
+- name: vagrant
+  plain_text_passwd: vagrant
+  doas: ["permit nopass vagrant"]
+  sudo: ["ALL=(ALL) NOPASSWD:ALL"]
+  shell: /bin/sh
+  ssh_authorized_keys:
+  - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
+  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1YdxBpNlzxDqfJyw/QKow1F+wvG9hXGoqiysfJOn5Y vagrant insecure public key
+
+chpasswd:
+  expire: false
+  list: |
+    root:vagrant
+    vagrant:vagrant