2019-01-28 10:59:18 +00:00
|
|
|
{ pkgs, lib, ... }:
|
2017-02-24 21:17:52 +00:00
|
|
|
|
|
|
|
|
with lib;
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
imports = [
|
|
|
|
|
../profiles/qemu-guest.nix
|
|
|
|
|
../profiles/headless.nix
|
2019-01-28 10:59:18 +00:00
|
|
|
# The Openstack Metadata service exposes data on an EC2 API also.
|
|
|
|
|
./ec2-data.nix
|
2019-01-28 13:44:41 +00:00
|
|
|
./amazon-init.nix
|
2017-02-24 21:17:52 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
config = {
|
2017-02-24 21:19:53 +00:00
|
|
|
fileSystems."/" = {
|
|
|
|
|
device = "/dev/disk/by-label/nixos";
|
|
|
|
|
autoResize = true;
|
|
|
|
|
};
|
|
|
|
|
|
2018-01-06 13:52:51 +00:00
|
|
|
boot.growPartition = true;
|
2017-02-24 21:17:52 +00:00
|
|
|
boot.kernelParams = [ "console=ttyS0" ];
|
|
|
|
|
boot.loader.grub.device = "/dev/vda";
|
|
|
|
|
boot.loader.timeout = 0;
|
|
|
|
|
|
|
|
|
|
# Allow root logins
|
2017-09-11 17:33:33 +01:00
|
|
|
services.openssh = {
|
|
|
|
|
enable = true;
|
|
|
|
|
permitRootLogin = "prohibit-password";
|
|
|
|
|
passwordAuthentication = mkDefault false;
|
|
|
|
|
};
|
|
|
|
|
|
2019-01-28 10:59:18 +00:00
|
|
|
systemd.services.nova-init = {
|
|
|
|
|
path = [ pkgs.wget ];
|
|
|
|
|
description = "Fetch Metadata on startup";
|
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
2019-01-28 13:44:41 +00:00
|
|
|
before = [ "apply-ec2-data.service" "amazon-init.service"];
|
2019-01-28 10:59:18 +00:00
|
|
|
wants = [ "network-online.target" ];
|
|
|
|
|
after = [ "network-online.target" ];
|
|
|
|
|
script =
|
|
|
|
|
''
|
|
|
|
|
metaDir=/etc/ec2-metadata
|
|
|
|
|
mkdir -m 0755 -p "$metaDir"
|
2017-02-24 21:17:52 +00:00
|
|
|
|
2019-01-28 10:59:18 +00:00
|
|
|
echo "getting Openstack instance metadata (via EC2 API)..."
|
|
|
|
|
if ! [ -e "$metaDir/ami-manifest-path" ]; then
|
|
|
|
|
wget --retry-connrefused -O "$metaDir/ami-manifest-path" http://169.254.169.254/1.0/meta-data/ami-manifest-path
|
|
|
|
|
fi
|
2017-02-24 21:17:52 +00:00
|
|
|
|
2019-01-28 10:59:18 +00:00
|
|
|
if ! [ -e "$metaDir/user-data" ]; then
|
|
|
|
|
wget --retry-connrefused -O "$metaDir/user-data" http://169.254.169.254/1.0/user-data && chmod 600 "$metaDir/user-data"
|
|
|
|
|
fi
|
2017-02-24 21:17:52 +00:00
|
|
|
|
2019-01-28 10:59:18 +00:00
|
|
|
if ! [ -e "$metaDir/hostname" ]; then
|
|
|
|
|
wget --retry-connrefused -O "$metaDir/hostname" http://169.254.169.254/1.0/meta-data/hostname
|
|
|
|
|
fi
|
2017-02-24 21:17:52 +00:00
|
|
|
|
2019-01-28 10:59:18 +00:00
|
|
|
if ! [ -e "$metaDir/public-keys-0-openssh-key" ]; then
|
|
|
|
|
wget --retry-connrefused -O "$metaDir/public-keys-0-openssh-key" http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key
|
|
|
|
|
fi
|
|
|
|
|
'';
|
|
|
|
|
restartIfChanged = false;
|
|
|
|
|
unitConfig.X-StopOnRemoval = false;
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
Type = "oneshot";
|
|
|
|
|
RemainAfterExit = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
2017-02-24 21:17:52 +00:00
|
|
|
};
|
|
|
|
|
}
|
