mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-09-21 12:38:41 +03:00
* Added an Upstart job to fetch the SSH key for logging into the root
account of the VM. However, it doesn't work yet (the machine doesn't boot properly and there is no console output). So use a hard-coded password for now (very dangerous!). svn path=/nixos/trunk/; revision=19589
This commit is contained in:
parent
97668574dc
commit
3e3448a7df
@ -3,7 +3,7 @@
|
||||
with pkgs.lib;
|
||||
|
||||
{
|
||||
system.build.ext2Image =
|
||||
system.build.amazonImage =
|
||||
pkgs.vmTools.runInLinuxVM (
|
||||
pkgs.runCommand "amazon-image"
|
||||
{ preVM =
|
||||
@ -12,7 +12,7 @@ with pkgs.lib;
|
||||
diskImage=$out/nixos.img
|
||||
qemu-img create -f raw $diskImage "1024M"
|
||||
'';
|
||||
buildInputs = [ pkgs.utillinux pkgs.perl pkgs.rsync ];
|
||||
buildInputs = [ pkgs.utillinux pkgs.perl ];
|
||||
exportReferencesGraph =
|
||||
[ "closure" config.system.build.toplevel ];
|
||||
}
|
||||
@ -26,7 +26,7 @@ with pkgs.lib;
|
||||
storePaths=$(perl ${pkgs.pathsFromGraph} $ORIG_TMPDIR/closure)
|
||||
|
||||
mkdir -p /mnt/nix/store
|
||||
rsync -av $storePaths /mnt/nix/store/
|
||||
cp -prvd $storePaths /mnt/nix/store/
|
||||
|
||||
# Amazon assumes that there is a /sbin/init, so symlink it
|
||||
# to the stage 2 init script. Since we cannot set the path
|
||||
@ -36,8 +36,67 @@ with pkgs.lib;
|
||||
ln -s ${config.system.build.bootStage2} /mnt/sbin/init
|
||||
ln -s ${config.system.build.toplevel} /mnt/system
|
||||
|
||||
set -x
|
||||
sync
|
||||
umount /mnt
|
||||
sync
|
||||
''
|
||||
);
|
||||
|
||||
# On EC2 we don't get to supply our own kernel, so we can't load any
|
||||
# modules. However, dhclient fails if the ipv6 module isn't loaded,
|
||||
# unless it's compiled without IPv6 support. So do that.
|
||||
nixpkgs.config.packageOverrides = pkgsOld:
|
||||
{ dhcp = pkgs.lib.overrideDerivation pkgsOld.dhcp (oldAttrs:
|
||||
{ configureFlags = "--disable-dhcpv6";
|
||||
});
|
||||
};
|
||||
|
||||
# The root filesystem is mounted by Amazon's kernel/initrd.
|
||||
fileSystems = [ ];
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/sda2"; } ];
|
||||
|
||||
# There are no virtual consoles.
|
||||
services.mingetty.ttys = [ ];
|
||||
|
||||
# Allow root logins only using the SSH key that the user specified
|
||||
# at instance creation time.
|
||||
services.sshd.enable = true;
|
||||
#services.sshd.permitRootLogin = "without-password";
|
||||
|
||||
boot.postBootCommands =
|
||||
''
|
||||
echo xyzzy_foobar | ${pkgs.pwdutils}/bin/passwd --stdin
|
||||
'';
|
||||
|
||||
# Obtain the SSH key at startup time.
|
||||
/*
|
||||
jobs.fetchSSHKey =
|
||||
{ name = "fetch-ssh-key";
|
||||
|
||||
startOn = "ip-up";
|
||||
|
||||
task = true;
|
||||
|
||||
script =
|
||||
''
|
||||
set -x
|
||||
echo "obtaining SSH key..."
|
||||
mkdir -p /root/.ssh
|
||||
${pkgs.curl}/bin/curl --retry 3 --retry-delay 0 --fail \
|
||||
-o /root/key.pub \
|
||||
http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key
|
||||
if [ $? -eq 0 -a -e /root/key.pub ]; then
|
||||
if ! grep -q -f /root/key.pub /root/.ssh/authorized_keys; then
|
||||
cat /root/key.pub >> /root/.ssh/authorized_keys
|
||||
echo "new key added to authorized_keys"
|
||||
fi
|
||||
chmod 600 /root/.ssh/authorized_keys
|
||||
rm -f /root/key.pub
|
||||
fi
|
||||
'';
|
||||
};
|
||||
*/
|
||||
}
|
||||
|
@ -7,22 +7,6 @@ rec {
|
||||
services.httpd.enable = true;
|
||||
services.httpd.adminAddr = "e.dolstra@tudelft.nl";
|
||||
services.httpd.documentRoot = "${pkgs.valgrind}/share/doc/valgrind/html";
|
||||
|
||||
nixpkgs.config.packageOverrides = pkgsOld:
|
||||
{ dhcp = pkgs.lib.overrideDerivation pkgsOld.dhcp (oldAttrs:
|
||||
{ configureFlags = "--disable-dhcpv6";
|
||||
});
|
||||
};
|
||||
|
||||
fileSystems = [ ];
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/sda2"; } ];
|
||||
|
||||
services.sshd.enable = true;
|
||||
services.sshd.permitRootLogin = "without-password";
|
||||
|
||||
services.mingetty.ttys = [ ];
|
||||
};
|
||||
|
||||
config = (import ../lib/eval-config.nix {
|
||||
|
Loading…
Reference in New Issue
Block a user