Add option ec2.hvm, to set some boot configuration specific for EC2 HVM instances.

(cherry picked from commit 35c76d9173)

Conflicts:
	nixos/modules/virtualisation/amazon-image.nix

nixos/modules/virtualisation/amazon-image.nix

@@ -1,10 +1,24 @@
 { config, lib, pkgs, ... }:
 
 with lib;
-
+let
+  cfg = config.ec2;
+in
 {
   imports = [ ../profiles/headless.nix ./ec2-data.nix ];
 
+  options = {
+    ec2 = {
+      hvm = mkOption {
+        default = false;
+        description = ''
+          Whether the EC2 instance is a HVM instance.
+        '';
+      };
+    };
+  };
+
+  config = {
     system.build.amazonImage =
       pkgs.vmTools.runInLinuxVM (
         pkgs.runCommand "amazon-image"
@@ -70,13 +84,12 @@ with lib;
 
     boot.initrd.kernelModules = [ "xen-blkfront" ];
     boot.kernelModules = [ "xen-netfront" ];
-  boot.kernelParams = [ "console=ttyS0" ];
 
     # Generate a GRUB menu.  Amazon's pv-grub uses this to boot our kernel/initrd.
     boot.loader.grub.version = 1;
-  boot.loader.grub.device = "nodev";
+    boot.loader.grub.device = if cfg.hvm then "/dev/xvda" else "nodev";
     boot.loader.grub.timeout = 0;
-  boot.loader.grub.extraPerEntryConfig = "root (hd0)";
+    boot.loader.grub.extraPerEntryConfig = "root (hd0${lib.optionalString cfg.hvm ",0"})";
 
     boot.initrd.postDeviceCommands =
       ''
@@ -161,4 +174,10 @@ with lib;
     environment.systemPackages = [ pkgs.cryptsetup ];
 
     boot.initrd.supportedFilesystems = [ "unionfs-fuse" ];
+
+    # Prevent logging in as root without a password.  This doesn't really matter,
+    # since the only PAM services that allow logging in with a null
+    # password are local ones that are inaccessible on EC2 machines.
+    security.initialRootPassword = mkDefault "!";
+  };
 }