diff options
author | Rob Vermaas <rob.vermaas@gmail.com> | 2018-05-03 17:16:26 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-05-03 17:16:26 +0200 |
commit | 41512bfdae18add49e185d01df9720bcf599ac0f (patch) | |
tree | 13a5a66386b6926880e977ebf596357275d33b67 /nixos/modules/virtualisation | |
parent | 773fe1fefa3672a6a350ca87b5b919db62817f3c (diff) | |
parent | f514a6896919f090cd811ebd9866ace1bb4b2b54 (diff) | |
download | nixpkgs-41512bfdae18add49e185d01df9720bcf599ac0f.tar nixpkgs-41512bfdae18add49e185d01df9720bcf599ac0f.tar.gz nixpkgs-41512bfdae18add49e185d01df9720bcf599ac0f.tar.bz2 nixpkgs-41512bfdae18add49e185d01df9720bcf599ac0f.tar.lz nixpkgs-41512bfdae18add49e185d01df9720bcf599ac0f.tar.xz nixpkgs-41512bfdae18add49e185d01df9720bcf599ac0f.tar.zst nixpkgs-41512bfdae18add49e185d01df9720bcf599ac0f.zip |
Merge pull request #39654 from AmineChikhaoui/issue-38623
GCE: pull the ssh host keys from the metadata service as expected by NixOps.
Diffstat (limited to 'nixos/modules/virtualisation')
-rw-r--r-- | nixos/modules/virtualisation/google-compute-image.nix | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/nixos/modules/virtualisation/google-compute-image.nix b/nixos/modules/virtualisation/google-compute-image.nix index 0b6bec786da..374a8433235 100644 --- a/nixos/modules/virtualisation/google-compute-image.nix +++ b/nixos/modules/virtualisation/google-compute-image.nix @@ -221,7 +221,7 @@ in echo "Obtaining SSH keys..." mkdir -m 0700 -p /root/.ssh AUTH_KEYS=$(${mktemp}) - ${wget} -O $AUTH_KEYS --header="Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/attributes/sshKeys + ${wget} -O $AUTH_KEYS http://metadata.google.internal/computeMetadata/v1/instance/attributes/sshKeys if [ -s $AUTH_KEYS ]; then # Read in key one by one, split in case Google decided @@ -246,6 +246,18 @@ in false fi rm -f $AUTH_KEYS + SSH_HOST_KEYS_DIR=$(${mktemp} -d) + ${wget} -O $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key http://metadata.google.internal/computeMetadata/v1/instance/attributes/ssh_host_ed25519_key + ${wget} -O $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key.pub http://metadata.google.internal/computeMetadata/v1/instance/attributes/ssh_host_ed25519_key_pub + if [ -s $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key -a -s $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key.pub ]; then + mv -f $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key* /etc/ssh/ + chmod 600 /etc/ssh/ssh_host_ed25519_key + chmod 644 /etc/ssh/ssh_host_ed25519_key.pub + else + echo "Setup of ssh host keys from http://metadata.google.internal/computeMetadata/v1/instance/attributes/ failed." + false + fi + rm -f $SSH_HOST_KEYS_DIR ''; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; |