depot/third_party/nixpkgs/nixos/modules/virtualisation/azure-image.nix
Default email 5e7c2d6cef Project import generated by Copybara.
GitOrigin-RevId: f99e5f03cc0aa231ab5950a15ed02afec45ed51a
2023-10-09 21:29:22 +02:00

78 lines
2.4 KiB
Nix

{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.virtualisation.azureImage;
in
{
imports = [ ./azure-common.nix ];
options = {
virtualisation.azureImage.diskSize = mkOption {
type = with types; either (enum [ "auto" ]) int;
default = "auto";
example = 2048;
description = lib.mdDoc ''
Size of disk image. Unit is MB.
'';
};
virtualisation.azureImage.contents = mkOption {
type = with types; listOf attrs;
default = [ ];
description = lib.mdDoc ''
Extra contents to add to the image.
'';
};
};
config = {
system.build.azureImage = import ../../lib/make-disk-image.nix {
name = "azure-image";
postVM = ''
${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -o subformat=fixed,force_size -O vpc $diskImage $out/disk.vhd
rm $diskImage
'';
configFile = ./azure-config-user.nix;
format = "raw";
inherit (cfg) diskSize contents;
inherit config lib pkgs;
};
# Azure metadata is available as a CD-ROM drive.
fileSystems."/metadata".device = "/dev/sr0";
systemd.services.fetch-ssh-keys = {
description = "Fetch host keys and authorized_keys for root user";
wantedBy = [ "sshd.service" "waagent.service" ];
before = [ "sshd.service" "waagent.service" ];
path = [ pkgs.coreutils ];
script =
''
eval "$(cat /metadata/CustomData.bin)"
if ! [ -z "$ssh_host_ecdsa_key" ]; then
echo "downloaded ssh_host_ecdsa_key"
echo "$ssh_host_ecdsa_key" > /etc/ssh/ssh_host_ed25519_key
chmod 600 /etc/ssh/ssh_host_ed25519_key
fi
if ! [ -z "$ssh_host_ecdsa_key_pub" ]; then
echo "downloaded ssh_host_ecdsa_key_pub"
echo "$ssh_host_ecdsa_key_pub" > /etc/ssh/ssh_host_ed25519_key.pub
chmod 644 /etc/ssh/ssh_host_ed25519_key.pub
fi
if ! [ -z "$ssh_root_auth_key" ]; then
echo "downloaded ssh_root_auth_key"
mkdir -m 0700 -p /root/.ssh
echo "$ssh_root_auth_key" > /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
fi
'';
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
serviceConfig.StandardError = "journal+console";
serviceConfig.StandardOutput = "journal+console";
};
};
}