Google Compute Image: fetch host keys if possible

2014-07-12 08:46:25 +03:00 · 2014-07-12 08:46:25 +03:00 · 64c01fdf81
parent 9d8ddd465d
commit 64c01fdf81
1 changed files with 18 additions and 2 deletions
--- a/nixos/modules/virtualisation/google-compute-image.nix
+++ b/nixos/modules/virtualisation/google-compute-image.nix
@ -121,8 +121,8 @@ in

  networking.usePredictableInterfaceNames = false;

-  systemd.services.fetch-root-authorized-keys =
-    { description = "Fetch authorized_keys for root user";
+  systemd.services.fetch-ssh-keys =
+    { description = "Fetch host keys and authorized_keys for root user";

      wantedBy = [ "multi-user.target" ];
      before = [ "sshd.service" ];
@ -146,6 +146,22 @@ in
                    rm -f /root/key.pub /root/authorized-keys-metadata
                fi
          fi
+
+          echo "obtaining SSH private host key..."
+          curl -o /root/ssh_host_ecdsa_key http://metadata/0.1/meta-data/attributes/ssh_host_ecdsa_key
+          if [ $? -eq 0 -a -e /root/ssh_host_ecdsa_key ]; then
+              mv -f /root/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key
+              echo "downloaded ssh_host_ecdsa_key"
+              chmod 600 /etc/ssh/ssh_host_ecdsa_key
+          fi
+
+          echo "obtaining SSH public host key..."
+          curl -o /root/ssh_host_ecdsa_key.pub http://metadata/0.1/meta-data/attributes/ssh_host_ecdsa_key_pub
+          if [ $? -eq 0 -a -e /root/ssh_host_ecdsa_key.pub ]; then
+              mv -f /root/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
+              echo "downloaded ssh_host_ecdsa_key.pub"
+              chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub
+          fi
        '';
      serviceConfig.Type = "oneshot";
      serviceConfig.RemainAfterExit = true;