diff options
author | Evgeny Egorochkin <phreedom@yandex.ru> | 2014-07-12 08:46:25 +0300 |
---|---|---|
committer | Evgeny Egorochkin <phreedom@yandex.ru> | 2014-07-12 08:47:03 +0300 |
commit | 64c01fdf81ab0b272dce208c3ded7b7784a04f3d (patch) | |
tree | 9bc6142b4658e4c51223cefb6508d7859523a231 | |
parent | 9d8ddd465d03b0a6889aa7fd643c8ebca76dda13 (diff) | |
download | nixpkgs-64c01fdf81ab0b272dce208c3ded7b7784a04f3d.tar nixpkgs-64c01fdf81ab0b272dce208c3ded7b7784a04f3d.tar.gz nixpkgs-64c01fdf81ab0b272dce208c3ded7b7784a04f3d.tar.bz2 nixpkgs-64c01fdf81ab0b272dce208c3ded7b7784a04f3d.tar.lz nixpkgs-64c01fdf81ab0b272dce208c3ded7b7784a04f3d.tar.xz nixpkgs-64c01fdf81ab0b272dce208c3ded7b7784a04f3d.tar.zst nixpkgs-64c01fdf81ab0b272dce208c3ded7b7784a04f3d.zip |
Google Compute Image: fetch host keys if possible
-rw-r--r-- | nixos/modules/virtualisation/google-compute-image.nix | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/nixos/modules/virtualisation/google-compute-image.nix b/nixos/modules/virtualisation/google-compute-image.nix index de5e3f5ced4..215ae146898 100644 --- a/nixos/modules/virtualisation/google-compute-image.nix +++ b/nixos/modules/virtualisation/google-compute-image.nix @@ -121,8 +121,8 @@ in networking.usePredictableInterfaceNames = false; - systemd.services.fetch-root-authorized-keys = - { description = "Fetch authorized_keys for root user"; + systemd.services.fetch-ssh-keys = + { description = "Fetch host keys and authorized_keys for root user"; wantedBy = [ "multi-user.target" ]; before = [ "sshd.service" ]; @@ -146,6 +146,22 @@ in rm -f /root/key.pub /root/authorized-keys-metadata fi fi + + echo "obtaining SSH private host key..." + curl -o /root/ssh_host_ecdsa_key http://metadata/0.1/meta-data/attributes/ssh_host_ecdsa_key + if [ $? -eq 0 -a -e /root/ssh_host_ecdsa_key ]; then + mv -f /root/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key + echo "downloaded ssh_host_ecdsa_key" + chmod 600 /etc/ssh/ssh_host_ecdsa_key + fi + + echo "obtaining SSH public host key..." + curl -o /root/ssh_host_ecdsa_key.pub http://metadata/0.1/meta-data/attributes/ssh_host_ecdsa_key_pub + if [ $? -eq 0 -a -e /root/ssh_host_ecdsa_key.pub ]; then + mv -f /root/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub + echo "downloaded ssh_host_ecdsa_key.pub" + chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub + fi ''; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; |