nixos/azure: clarify how users work in basic example

2 files changed, 10 insertions, 0 deletions

diff --git a/nixos/maintainers/scripts/azure-new/README.md b/nixos/maintainers/scripts/azure-new/README.md
index ee1fc682534..20e81c44ce5 100644
--- a/nixos/maintainers/scripts/azure-new/README.md
+++ b/nixos/maintainers/scripts/azure-new/README.md
@@ -33,3 +33,10 @@ img="/subscriptions/.../..." # use output from last command
 ...
 => booted
 ```
+
+## Future Work
+
+1. If the user specifies a hard-coded user, then the agent could be removed.
+   Probably has security benefits; definitely has closure-size benefits.
+   (It's likely the VM will need to be booted with a special flag. See:
+   https://github.com/Azure/azure-cli/issues/12775 for details.)
diff --git a/nixos/maintainers/scripts/azure-new/examples/basic/system.nix b/nixos/maintainers/scripts/azure-new/examples/basic/system.nix
index 5f98216d183..855bd3bab71 100644
--- a/nixos/maintainers/scripts/azure-new/examples/basic/system.nix
+++ b/nixos/maintainers/scripts/azure-new/examples/basic/system.nix
@@ -8,6 +8,9 @@ in
     "${modulesPath}/virtualisation/azure-image.nix"
   ];
 
+  ## NOTE: This is just an example of how to hard-code a user.
+  ## The normal Azure agent IS included and DOES provision a user based
+  ## on the information passed at VM creation time.
   users.users."${username}" = {
     isNormalUser = true;
     home = "/home/${username}";