EC2: Don't blackhole 169.254.169.254

https://github.com/NixOS/nixops/issues/267
2015-06-30 17:03:11 +02:00 · 2015-06-30 17:03:11 +02:00 · 32b9ca3219
parent 16406e63b3
commit 32b9ca3219
1 changed files with 0 additions and 10 deletions
--- a/nixos/modules/virtualisation/ec2-data.nix
+++ b/nixos/modules/virtualisation/ec2-data.nix
@ -31,8 +31,6 @@ with lib;

        script =
          ''
-            ip route del blackhole 169.254.169.254/32 || true
-
            wget="wget -q --retry-connrefused -O -"

            ${optionalString (config.networking.hostName == "") ''
@ -67,14 +65,6 @@ with lib;
                (umask 077; echo "$key" > /etc/ssh/ssh_host_dsa_key)
                echo "$key_pub" > /etc/ssh/ssh_host_dsa_key.pub
            fi
-
-            ${optionalString (! config.ec2.metadata) ''
-              # Since the user data is sensitive, prevent it from
-              # being accessed from now on. FIXME: remove at some
-              # point, since current NixOps no longer relies on
-              # metadata secrecy.
-              ip route add blackhole 169.254.169.254/32
-            ''}
          '';

        serviceConfig.Type = "oneshot";