Commit Graph

37 Commits

Author SHA1 Message Date
Anmol Sethi
6891bb1c59
openssh: support prohibit-password for permitRootLogin
See 1dc8d93ce6

I also made it the default.
2016-10-01 13:23:56 -04:00
Alexander Ried
27bc34f1e4 treewide: deprecate ip-up.target (#18319)
Systemd upstream provides targets for networking. This also includes a target network-online.target.

In this PR I remove / replace most occurrences since some of them were even wrong and could delay startup.
2016-09-10 18:03:59 +02:00
Tuomas Tynkkynen
74a3a2cd7e treewide: Use makeBinPath 2016-08-23 01:18:10 +03:00
Eelco Dolstra
32bed83b18 Remove boot.loader.grub.timeout and boot.loader.gummiboot.timeout
There is a generic boot.loader.timeout option.
2016-05-25 11:39:17 +02:00
Tuomas Tynkkynen
60f5659dad treewide: Use correct output in ${config.nix.package}/bin 2016-04-25 16:44:37 +02:00
Jan Malakhovski
119c8f91e7 nixos: introduce system.nixosLabel option and use it where appropriate
Setting nixosVersion to something custom is useful for meaningful GRUB
menus and /nix/store paths, but actuallly changing it rebulids the
whole system path (because of `nixos-version` script and manual
pages). Also, changing it is not a particularly good idea because you
can then be differentitated from other NixOS users by a lot of
programs that read /etc/os-release.

This patch introduces an alternative option that does all you want
from nixosVersion, but rebuilds only the very top system level and
/etc while using your label in the names of system /nix/store paths,
GRUB and other boot loaders' menus, getty greetings and so on.
2016-01-08 22:26:15 +00:00
Jan Malakhovski
a153de28bb nixos: rename some outputs for better discoverability in /nix/store 2015-09-18 19:00:20 +00:00
Wout Mertens
0666ee4739 Merge pull request #6732 from oconnorr/master
Use mktemp to create temporary files to hold ssh host keys and authorized keys
2015-06-02 20:34:43 +02:00
William A. Kennington III
aa5d6922c5 Revert "Set boot.loader.grub.configurationLimit to 1 for gce/azure/amazon images. Setting to 0 results in empty grub config."
The issue was that grub was not building the default entry which would
leave systems unbootable. This can now be safely reverted as the default
entry is being built once again.

This reverts commit fd1fb0403c.
2015-05-29 13:26:51 -07:00
Russell O'Connor
29b7d76ec8 Remove use of && in fetch-ssh-keys service.
Scripts are run with -e so will abort when a command fails.
2015-05-29 19:53:58 +00:00
Russell O'Connor
4744e3541a [GCE] Put temp files for fetch-ssh-keys service in /run 2015-05-29 19:53:57 +00:00
Russell O'Connor
1badfabc4d Use mktemp to create temporary files to hold ssh host keys and authorized keys when downloading them from the metadata server. 2015-05-29 19:53:57 +00:00
Rob Vermaas
fd1fb0403c Set boot.loader.grub.configurationLimit to 1 for gce/azure/amazon images. Setting to 0 results in empty grub config. 2015-05-29 19:36:16 +00:00
Rob Vermaas
cbb14299c9 GCE image: Remove some unnecessary lib prefixes. 2015-03-26 09:15:09 +00:00
Rob Vermaas
80202fbd25 GCE image: Add some recommended sysctl settings. Disable OS level firewall by default for GCE images (GCE provides external firewall). Disable passwordAuthentication. Related to issue #6991. 2015-03-26 09:09:40 +00:00
Rob Vermaas
24e0565407 Only start fetch-keys for GCE image after ip-up. 2015-02-27 10:48:15 +00:00
Rob Vermaas
e4928b8955 GCE image: Pass header to metadata service calls. 2015-02-26 19:20:43 +00:00
Eelco Dolstra
efa8fc2b0a Paranoia 2015-01-15 18:37:55 +01:00
Russell O'Connor
d1a58ef7c6 google-compute-image.nix: Try to download all SSH host keys from metadata server. 2015-01-06 12:06:54 -05:00
Russell O'Connor
3251948029 Generate SSH host public key from the private key. 2015-01-05 15:20:55 -05:00
Russell O'Connor
d1cbbff1e3 Call wget directly in fetch-ssh-keys service. 2015-01-05 15:20:55 -05:00
Russell O'Connor
6382e16014 google-compute-image.nix: unconditionally clean up /root/key.pub /root/authorized-keys-metadata 2015-01-05 15:18:02 -05:00
Russell O'Connor
b19ab1f046 google-comute-image.nix: set umask 077 when downloading private keys from the metadata server. 2015-01-05 15:01:49 -05:00
Russell O'Connor
e548a4330d google-compute-image.nix: use internal google NTP server. 2015-01-05 12:45:23 -05:00
Rob Vermaas
ea9530b5c7 Fix GCE image build.
(cherry picked from commit 98af87cd4a)
2015-01-05 09:35:35 +01:00
Rob Vermaas
3566807e76 Google Compute image:
Removed the 'wait for GCE metadata service' job, as it was causing
issues with the metadata service (likely some firewall or something).
In stead, use wget with retries (including connection refused) in
stead or curl for fetching the SSH keys. Also made the stdout/-err
of this job appear in the console.
2014-08-01 15:25:50 +02:00
Evgeny Egorochkin
2660e19b73 Google Compute config: add a unit to wait for the metadata server to become available 2014-07-20 14:07:46 +03:00
Evgeny Egorochkin
64c01fdf81 Google Compute Image: fetch host keys if possible 2014-07-12 08:47:03 +03:00
Evgeny Egorochkin
9d8ddd465d Google Compute Image needs the interface to be named eth0 for google tools to work properly 2014-07-12 08:47:03 +03:00
Eelco Dolstra
4fc151b5a3 nixos-install: Ask the user to set a root password
This removes the need to have an initially empty root password.
2014-05-09 00:52:02 +02:00
Eelco Dolstra
29027fd1e1 Rewrite ‘with pkgs.lib’ -> ‘with lib’
Using pkgs.lib on the spine of module evaluation is problematic
because the pkgs argument depends on the result of module
evaluation. To prevent an infinite recursion, pkgs and some of the
modules are evaluated twice, which is inefficient. Using ‘with lib’
prevents this problem.
2014-04-14 16:26:48 +02:00
Rob Vermaas
020d3b299c Make the GCE image use 100G as disk size (maximum). 2014-03-21 15:18:03 +01:00
Rob Vermaas
af6c571a7e Increase size of GCE image. Use disk.raw as name inside tar.gz, as this is compulsory. 2014-03-21 14:56:00 +01:00
Rickard Nilsson
d5211b0e0e Make initialRootPassword overrideable in all virtualisation modules, not just virtualbox. 2014-02-24 18:05:26 +01:00
Rob Vermaas
61d346eaaf Google Compute image: fix punctuation in description, give disk image proper name with version and revision. 2013-12-12 12:48:09 +01:00
Rob Vermaas
ee8a58a72f Remove a hardcoded SSH public key from the Google Compute image. 2013-12-11 16:18:12 +01:00
Rob Vermaas
f7b256a221 Add initial configuration for Google Compute Engine 2013-12-11 15:32:27 +01:00