diff options
Diffstat (limited to 'nixos/modules/virtualisation')
-rw-r--r-- | nixos/modules/virtualisation/amazon-image.nix | 33 | ||||
-rw-r--r-- | nixos/modules/virtualisation/google-compute-image.nix | 42 | ||||
-rw-r--r-- | nixos/modules/virtualisation/virtualbox-guest.nix | 5 | ||||
-rw-r--r-- | nixos/modules/virtualisation/virtualbox-image.nix | 3 |
4 files changed, 69 insertions, 14 deletions
diff --git a/nixos/modules/virtualisation/amazon-image.nix b/nixos/modules/virtualisation/amazon-image.nix index 9e64327c3ab..7d6109f212a 100644 --- a/nixos/modules/virtualisation/amazon-image.nix +++ b/nixos/modules/virtualisation/amazon-image.nix @@ -26,7 +26,7 @@ in '' mkdir $out diskImage=$out/nixos.img - ${pkgs.vmTools.qemu}/bin/qemu-img create -f raw $diskImage "4G" + ${pkgs.vmTools.qemu}/bin/qemu-img create -f raw $diskImage "8G" mv closure xchg/ ''; buildInputs = [ pkgs.utillinux pkgs.perl ]; @@ -34,16 +34,32 @@ in [ "closure" config.system.build.toplevel ]; } '' - # Create an empty filesystem and mount it. - ${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L nixos /dev/vda - ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda - mkdir /mnt - mount /dev/vda /mnt + ${if cfg.hvm then '' + # Create a single / partition. + ${pkgs.parted}/sbin/parted /dev/vda mklabel msdos + ${pkgs.parted}/sbin/parted /dev/vda -- mkpart primary ext2 1M -1s + . /sys/class/block/vda1/uevent + mknod /dev/vda1 b $MAJOR $MINOR + + # Create an empty filesystem and mount it. + ${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L nixos /dev/vda1 + ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1 + mkdir /mnt + mount /dev/vda1 /mnt + '' else '' + # Create an empty filesystem and mount it. + ${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L nixos /dev/vda + ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda + mkdir /mnt + mount /dev/vda /mnt + ''} # The initrd expects these directories to exist. mkdir /mnt/dev /mnt/proc /mnt/sys mount -o bind /proc /mnt/proc + mount -o bind /dev /mnt/dev + mount -o bind /sys /mnt/sys # Copy all paths in the closure to the filesystem. storePaths=$(perl ${pkgs.pathsFromGraph} /tmp/xchg/closure) @@ -73,9 +89,10 @@ in cp ${./amazon-config.nix} /mnt/etc/nixos/configuration.nix # Generate the GRUB menu. + ln -s vda /dev/xvda chroot /mnt ${config.system.build.toplevel}/bin/switch-to-configuration boot - umount /mnt/proc + umount /mnt/proc /mnt/dev /mnt/sys umount /mnt '' ); @@ -86,7 +103,7 @@ in boot.kernelModules = [ "xen-netfront" ]; # Generate a GRUB menu. Amazon's pv-grub uses this to boot our kernel/initrd. - boot.loader.grub.version = 1; + boot.loader.grub.version = if cfg.hvm then 2 else 1; boot.loader.grub.device = if cfg.hvm then "/dev/xvda" else "nodev"; boot.loader.grub.timeout = 0; boot.loader.grub.extraPerEntryConfig = "root (hd0${lib.optionalString cfg.hvm ",0"})"; diff --git a/nixos/modules/virtualisation/google-compute-image.nix b/nixos/modules/virtualisation/google-compute-image.nix index d55b7420243..9a4d11d550a 100644 --- a/nixos/modules/virtualisation/google-compute-image.nix +++ b/nixos/modules/virtualisation/google-compute-image.nix @@ -119,12 +119,28 @@ in 169.254.169.254 metadata.google.internal metadata ''; - systemd.services.fetch-root-authorized-keys = - { description = "Fetch authorized_keys for root user"; - - wantedBy = [ "multi-user.target" ]; + networking.usePredictableInterfaceNames = false; + + systemd.services.wait-metadata-online = { + description = "Wait for GCE metadata server to become reachable"; + wantedBy = [ "network-online.target" ]; + before = [ "network-online.target" ]; + path = [ pkgs.netcat ]; + script = '' + # wait for the metadata server to become available for up to 60 seconds + for counter in {1..30}; do sleep 2 && nc -vzw 2 metadata 80 && break; done + ''; + serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = true; + }; + + systemd.services.fetch-ssh-keys = + { description = "Fetch host keys and authorized_keys for root user"; + + wantedBy = [ "sshd.service" ]; before = [ "sshd.service" ]; - after = [ "network.target" ]; + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; path = [ pkgs.curl ]; script = @@ -144,6 +160,22 @@ in rm -f /root/key.pub /root/authorized-keys-metadata fi fi + + echo "obtaining SSH private host key..." + curl -o /root/ssh_host_ecdsa_key --retry-max-time 60 http://metadata/0.1/meta-data/attributes/ssh_host_ecdsa_key + if [ $? -eq 0 -a -e /root/ssh_host_ecdsa_key ]; then + mv -f /root/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key + echo "downloaded ssh_host_ecdsa_key" + chmod 600 /etc/ssh/ssh_host_ecdsa_key + fi + + echo "obtaining SSH public host key..." + curl -o /root/ssh_host_ecdsa_key.pub --retry-max-time 60 http://metadata/0.1/meta-data/attributes/ssh_host_ecdsa_key_pub + if [ $? -eq 0 -a -e /root/ssh_host_ecdsa_key.pub ]; then + mv -f /root/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub + echo "downloaded ssh_host_ecdsa_key.pub" + chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub + fi ''; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; diff --git a/nixos/modules/virtualisation/virtualbox-guest.nix b/nixos/modules/virtualisation/virtualbox-guest.nix index b3847daf12c..a5a4db79787 100644 --- a/nixos/modules/virtualisation/virtualbox-guest.nix +++ b/nixos/modules/virtualisation/virtualbox-guest.nix @@ -11,7 +11,6 @@ let in -optionalAttrs (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) # ugly... { ###### interface @@ -33,6 +32,10 @@ optionalAttrs (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) # ugly... ###### implementation config = mkIf cfg.enable { + assertions = [ { + assertion = pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64; + message = "Virtualbox not currently supported on ${pkgs.stdenv.system}"; + } ]; environment.systemPackages = [ kernel.virtualboxGuestAdditions ]; diff --git a/nixos/modules/virtualisation/virtualbox-image.nix b/nixos/modules/virtualisation/virtualbox-image.nix index 594b3e93ffe..2e30f4c62f9 100644 --- a/nixos/modules/virtualisation/virtualbox-image.nix +++ b/nixos/modules/virtualisation/virtualbox-image.nix @@ -51,6 +51,9 @@ with lib; set -f cp -prd $storePaths /mnt/nix/store/ + mkdir -p /mnt/etc/nix + echo 'build-users-group = ' > /mnt/etc/nix/nix.conf + # Register the paths in the Nix database. printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \ chroot /mnt ${config.nix.package}/bin/nix-store --load-db |