summary refs log tree commit diff
path: root/nixos/modules/virtualisation
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/virtualisation')
-rw-r--r--nixos/modules/virtualisation/amazon-image.nix33
-rw-r--r--nixos/modules/virtualisation/google-compute-image.nix42
-rw-r--r--nixos/modules/virtualisation/virtualbox-guest.nix5
-rw-r--r--nixos/modules/virtualisation/virtualbox-image.nix3
4 files changed, 69 insertions, 14 deletions
diff --git a/nixos/modules/virtualisation/amazon-image.nix b/nixos/modules/virtualisation/amazon-image.nix
index 9e64327c3ab..7d6109f212a 100644
--- a/nixos/modules/virtualisation/amazon-image.nix
+++ b/nixos/modules/virtualisation/amazon-image.nix
@@ -26,7 +26,7 @@ in
               ''
                 mkdir $out
                 diskImage=$out/nixos.img
-                ${pkgs.vmTools.qemu}/bin/qemu-img create -f raw $diskImage "4G"
+                ${pkgs.vmTools.qemu}/bin/qemu-img create -f raw $diskImage "8G"
                 mv closure xchg/
               '';
             buildInputs = [ pkgs.utillinux pkgs.perl ];
@@ -34,16 +34,32 @@ in
               [ "closure" config.system.build.toplevel ];
           }
           ''
-            # Create an empty filesystem and mount it.
-            ${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L nixos /dev/vda
-            ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda
-            mkdir /mnt
-            mount /dev/vda /mnt
+            ${if cfg.hvm then ''
+              # Create a single / partition.
+              ${pkgs.parted}/sbin/parted /dev/vda mklabel msdos
+              ${pkgs.parted}/sbin/parted /dev/vda -- mkpart primary ext2 1M -1s
+              . /sys/class/block/vda1/uevent
+              mknod /dev/vda1 b $MAJOR $MINOR
+
+              # Create an empty filesystem and mount it.
+              ${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L nixos /dev/vda1
+              ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1
+              mkdir /mnt
+              mount /dev/vda1 /mnt
+            '' else ''
+              # Create an empty filesystem and mount it.
+              ${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L nixos /dev/vda
+              ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda
+              mkdir /mnt
+              mount /dev/vda /mnt
+            ''}
 
             # The initrd expects these directories to exist.
             mkdir /mnt/dev /mnt/proc /mnt/sys
 
             mount -o bind /proc /mnt/proc
+            mount -o bind /dev /mnt/dev
+            mount -o bind /sys /mnt/sys
 
             # Copy all paths in the closure to the filesystem.
             storePaths=$(perl ${pkgs.pathsFromGraph} /tmp/xchg/closure)
@@ -73,9 +89,10 @@ in
             cp ${./amazon-config.nix} /mnt/etc/nixos/configuration.nix
 
             # Generate the GRUB menu.
+            ln -s vda /dev/xvda
             chroot /mnt ${config.system.build.toplevel}/bin/switch-to-configuration boot
 
-            umount /mnt/proc
+            umount /mnt/proc /mnt/dev /mnt/sys
             umount /mnt
           ''
       );
@@ -86,7 +103,7 @@ in
     boot.kernelModules = [ "xen-netfront" ];
 
     # Generate a GRUB menu.  Amazon's pv-grub uses this to boot our kernel/initrd.
-    boot.loader.grub.version = 1;
+    boot.loader.grub.version = if cfg.hvm then 2 else 1;
     boot.loader.grub.device = if cfg.hvm then "/dev/xvda" else "nodev";
     boot.loader.grub.timeout = 0;
     boot.loader.grub.extraPerEntryConfig = "root (hd0${lib.optionalString cfg.hvm ",0"})";
diff --git a/nixos/modules/virtualisation/google-compute-image.nix b/nixos/modules/virtualisation/google-compute-image.nix
index d55b7420243..9a4d11d550a 100644
--- a/nixos/modules/virtualisation/google-compute-image.nix
+++ b/nixos/modules/virtualisation/google-compute-image.nix
@@ -119,12 +119,28 @@ in
     169.254.169.254 metadata.google.internal metadata
   '';
 
-  systemd.services.fetch-root-authorized-keys =
-    { description = "Fetch authorized_keys for root user";
-
-      wantedBy = [ "multi-user.target" ];
+  networking.usePredictableInterfaceNames = false;
+
+  systemd.services.wait-metadata-online = {
+    description = "Wait for GCE metadata server to become reachable";
+    wantedBy = [ "network-online.target" ];
+    before = [ "network-online.target" ];
+    path = [ pkgs.netcat ];
+    script = ''
+      # wait for the metadata server to become available for up to 60 seconds
+      for counter in {1..30}; do sleep 2 && nc -vzw 2 metadata 80 && break; done
+    '';
+    serviceConfig.Type = "oneshot";
+    serviceConfig.RemainAfterExit = true;
+  };
+
+  systemd.services.fetch-ssh-keys =
+    { description = "Fetch host keys and authorized_keys for root user";
+
+      wantedBy = [ "sshd.service" ];
       before = [ "sshd.service" ];
-      after = [ "network.target" ];
+      after = [ "network-online.target" ];
+      wants = [ "network-online.target" ];
 
       path  = [ pkgs.curl ];
       script =
@@ -144,6 +160,22 @@ in
                     rm -f /root/key.pub /root/authorized-keys-metadata
                 fi
           fi
+
+          echo "obtaining SSH private host key..."
+          curl -o /root/ssh_host_ecdsa_key  --retry-max-time 60 http://metadata/0.1/meta-data/attributes/ssh_host_ecdsa_key
+          if [ $? -eq 0 -a -e /root/ssh_host_ecdsa_key ]; then
+              mv -f /root/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key
+              echo "downloaded ssh_host_ecdsa_key"
+              chmod 600 /etc/ssh/ssh_host_ecdsa_key
+          fi
+
+          echo "obtaining SSH public host key..."
+          curl -o /root/ssh_host_ecdsa_key.pub --retry-max-time 60 http://metadata/0.1/meta-data/attributes/ssh_host_ecdsa_key_pub
+          if [ $? -eq 0 -a -e /root/ssh_host_ecdsa_key.pub ]; then
+              mv -f /root/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
+              echo "downloaded ssh_host_ecdsa_key.pub"
+              chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub
+          fi
         '';
       serviceConfig.Type = "oneshot";
       serviceConfig.RemainAfterExit = true;
diff --git a/nixos/modules/virtualisation/virtualbox-guest.nix b/nixos/modules/virtualisation/virtualbox-guest.nix
index b3847daf12c..a5a4db79787 100644
--- a/nixos/modules/virtualisation/virtualbox-guest.nix
+++ b/nixos/modules/virtualisation/virtualbox-guest.nix
@@ -11,7 +11,6 @@ let
 
 in
 
-optionalAttrs (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) # ugly...
 {
 
   ###### interface
@@ -33,6 +32,10 @@ optionalAttrs (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) # ugly...
   ###### implementation
 
   config = mkIf cfg.enable {
+    assertions = [ {
+      assertion = pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64;
+      message = "Virtualbox not currently supported on ${pkgs.stdenv.system}";
+    } ];
 
     environment.systemPackages = [ kernel.virtualboxGuestAdditions ];
 
diff --git a/nixos/modules/virtualisation/virtualbox-image.nix b/nixos/modules/virtualisation/virtualbox-image.nix
index 594b3e93ffe..2e30f4c62f9 100644
--- a/nixos/modules/virtualisation/virtualbox-image.nix
+++ b/nixos/modules/virtualisation/virtualbox-image.nix
@@ -51,6 +51,9 @@ with lib;
           set -f
           cp -prd $storePaths /mnt/nix/store/
 
+          mkdir -p /mnt/etc/nix
+          echo 'build-users-group = ' > /mnt/etc/nix/nix.conf
+
           # Register the paths in the Nix database.
           printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
               chroot /mnt ${config.nix.package}/bin/nix-store --load-db
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-05 11:19:42 +0000