diff --git a/modules/virtualisation/amazon-image.nix b/modules/virtualisation/amazon-image.nix index e834b392c6fa..f0f2545993b4 100644 --- a/modules/virtualisation/amazon-image.nix +++ b/modules/virtualisation/amazon-image.nix @@ -3,7 +3,7 @@ with pkgs.lib; { - system.build.ext2Image = + system.build.amazonImage = pkgs.vmTools.runInLinuxVM ( pkgs.runCommand "amazon-image" { preVM = @@ -12,7 +12,7 @@ with pkgs.lib; diskImage=$out/nixos.img qemu-img create -f raw $diskImage "1024M" ''; - buildInputs = [ pkgs.utillinux pkgs.perl pkgs.rsync ]; + buildInputs = [ pkgs.utillinux pkgs.perl ]; exportReferencesGraph = [ "closure" config.system.build.toplevel ]; } @@ -26,7 +26,7 @@ with pkgs.lib; storePaths=$(perl ${pkgs.pathsFromGraph} $ORIG_TMPDIR/closure) mkdir -p /mnt/nix/store - rsync -av $storePaths /mnt/nix/store/ + cp -prvd $storePaths /mnt/nix/store/ # Amazon assumes that there is a /sbin/init, so symlink it # to the stage 2 init script. Since we cannot set the path @@ -36,8 +36,67 @@ with pkgs.lib; ln -s ${config.system.build.bootStage2} /mnt/sbin/init ln -s ${config.system.build.toplevel} /mnt/system + set -x + sync umount /mnt + sync '' ); + # On EC2 we don't get to supply our own kernel, so we can't load any + # modules. However, dhclient fails if the ipv6 module isn't loaded, + # unless it's compiled without IPv6 support. So do that. + nixpkgs.config.packageOverrides = pkgsOld: + { dhcp = pkgs.lib.overrideDerivation pkgsOld.dhcp (oldAttrs: + { configureFlags = "--disable-dhcpv6"; + }); + }; + + # The root filesystem is mounted by Amazon's kernel/initrd. + fileSystems = [ ]; + + swapDevices = + [ { device = "/dev/sda2"; } ]; + + # There are no virtual consoles. + services.mingetty.ttys = [ ]; + + # Allow root logins only using the SSH key that the user specified + # at instance creation time. + services.sshd.enable = true; + #services.sshd.permitRootLogin = "without-password"; + + boot.postBootCommands = + '' + echo xyzzy_foobar | ${pkgs.pwdutils}/bin/passwd --stdin + ''; + + # Obtain the SSH key at startup time. + /* + jobs.fetchSSHKey = + { name = "fetch-ssh-key"; + + startOn = "ip-up"; + + task = true; + + script = + '' + set -x + echo "obtaining SSH key..." + mkdir -p /root/.ssh + ${pkgs.curl}/bin/curl --retry 3 --retry-delay 0 --fail \ + -o /root/key.pub \ + http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key + if [ $? -eq 0 -a -e /root/key.pub ]; then + if ! grep -q -f /root/key.pub /root/.ssh/authorized_keys; then + cat /root/key.pub >> /root/.ssh/authorized_keys + echo "new key added to authorized_keys" + fi + chmod 600 /root/.ssh/authorized_keys + rm -f /root/key.pub + fi + ''; + }; + */ } diff --git a/tests/amazon.nix b/tests/amazon.nix index a016b8947d1f..223bfb947d17 100644 --- a/tests/amazon.nix +++ b/tests/amazon.nix @@ -7,22 +7,6 @@ rec { services.httpd.enable = true; services.httpd.adminAddr = "e.dolstra@tudelft.nl"; services.httpd.documentRoot = "${pkgs.valgrind}/share/doc/valgrind/html"; - - nixpkgs.config.packageOverrides = pkgsOld: - { dhcp = pkgs.lib.overrideDerivation pkgsOld.dhcp (oldAttrs: - { configureFlags = "--disable-dhcpv6"; - }); - }; - - fileSystems = [ ]; - - swapDevices = - [ { device = "/dev/sda2"; } ]; - - services.sshd.enable = true; - services.sshd.permitRootLogin = "without-password"; - - services.mingetty.ttys = [ ]; }; config = (import ../lib/eval-config.nix {