google-guest-agent: init at 20220104.00

pkgs/tools/virtualization/google-guest-agent/default.nix

@@ -0,0 +1,53 @@
+{ buildGoModule, fetchFromGitHub, fetchpatch, lib, coreutils, makeWrapper
+, google-guest-configs, google-guest-oslogin, iproute2, dhcp, procps
+}:
+
+buildGoModule rec {
+  pname = "guest-agent";
+  version = "20220104.00";
+
+  src = fetchFromGitHub {
+    owner = "GoogleCloudPlatform";
+    repo = pname;
+    rev = version;
+    sha256 = "sha256-BC2qpnGJU/D0z8jlmAEwvmFwBk1n0ZvqPBB6Zon9N/U=";
+  };
+
+  vendorSha256 = "sha256-YcWKSiN715Z9lmNAQx+sHEgxWnhFhenCNXBS7gdMV4M=";
+
+  patches = [ ./disable-etc-mutation.patch ];
+
+  nativeBuildInputs = [ makeWrapper ];
+
+  postPatch = ''
+    substitute ${./fix-paths.patch} fix-paths.patch \
+      --subst-var out \
+      --subst-var-by true "${coreutils}/bin/true"
+    patch -p1 < ./fix-paths.patch
+  '';
+
+  # We don't add `shadow` here; it's added to PATH if `mutableUsers` is enabled.
+  binPath = lib.makeBinPath [ google-guest-configs google-guest-oslogin iproute2 dhcp procps ];
+
+  # Skip tests which require networking.
+  preCheck = ''
+    rm google_guest_agent/wsfc_test.go
+  '';
+
+  postInstall = ''
+    mkdir -p $out/etc/systemd/system
+    cp *.service $out/etc/systemd/system
+    install -Dm644 instance_configs.cfg $out/etc/default/instance_configs.cfg
+
+    wrapProgram $out/bin/google_guest_agent \
+      --prefix PATH ":" "$binPath"
+  '';
+
+  meta = with lib; {
+    homepage = "https://github.com/GoogleCloudPlatform/guest-agent";
+    description = "Guest Agent for Google Compute Engine";
+    license = licenses.asl20;
+    platforms = platforms.linux;
+    maintainers = with maintainers; [ abbradar ];
+  };
+}

pkgs/tools/virtualization/google-guest-agent/disable-etc-mutation.patch

@@ -0,0 +1,54 @@
+From 2e8060f9ade13ba18ae5930c0781227bfcce11a5 Mon Sep 17 00:00:00 2001
+From: Nikolay Amiantov <ab@fmap.me>
+Date: Mon, 10 Jan 2022 22:16:38 +0300
+Subject: [PATCH] Disable accounts setup phase and oslogin
+
+On NixOS we set up necessary groups and sudoers rules declaratively,
+and have most of `/etc` directory read-only. This creates (harmless)
+error messages when trying to create google-sudoers file.
+
+"oslogin" daemon sets up configuration necessary for OS Login to
+work, including PAM, NSS and sudoers. On NixOS we perform all this
+configuration declaratively and have most of /etc mounted read-only.
+This creates (harmless) error messages when running the daemon.
+---
+ google_guest_agent/non_windows_accounts.go | 9 ---------
+ google_guest_agent/oslogin.go              | 2 +-
+ 2 files changed, 1 insertion(+), 10 deletions(-)
+
+diff --git a/google_guest_agent/non_windows_accounts.go b/google_guest_agent/non_windows_accounts.go
+index 81013e3..05b830f 100644
+--- a/google_guest_agent/non_windows_accounts.go
++++ b/google_guest_agent/non_windows_accounts.go
+@@ -104,15 +104,6 @@ func (a *accountsMgr) set() error {
+ 		sshKeys = make(map[string][]string)
+ 	}
+ 
+-	logger.Debugf("create sudoers file if needed")
+-	if err := createSudoersFile(); err != nil {
+-		logger.Errorf("Error creating google-sudoers file: %v.", err)
+-	}
+-	logger.Debugf("create sudoers group if needed")
+-	if err := createSudoersGroup(); err != nil {
+-		logger.Errorf("Error creating google-sudoers group: %v.", err)
+-	}
+-
+ 	mdkeys := newMetadata.Instance.Attributes.SSHKeys
+ 	if !newMetadata.Instance.Attributes.BlockProjectKeys {
+ 		mdkeys = append(mdkeys, newMetadata.Project.Attributes.SSHKeys...)
+diff --git a/google_guest_agent/oslogin.go b/google_guest_agent/oslogin.go
+index d05f733..980e84c 100644
+--- a/google_guest_agent/oslogin.go
++++ b/google_guest_agent/oslogin.go
+@@ -76,7 +76,7 @@ func (o *osloginMgr) timeout() bool {
+ }
+ 
+ func (o *osloginMgr) disabled(os string) bool {
+-	return os == "windows"
++	return true
+ }
+ 
+ func (o *osloginMgr) set() error {
+-- 
+2.34.1
+

pkgs/tools/virtualization/google-guest-agent/fix-paths.patch

@@ -0,0 +1,43 @@
+diff --git a/google-guest-agent.service b/google-guest-agent.service
+index 79b8e39..a39097b 100644
+--- a/google-guest-agent.service
++++ b/google-guest-agent.service
+@@ -14,7 +14,7 @@ PartOf=network.service networking.service NetworkManager.service systemd-network
+ 
+ [Service]
+ Type=notify
+-ExecStart=/usr/bin/google_guest_agent
++ExecStart=@out@/bin/google_guest_agent
+ OOMScoreAdjust=-999
+ Restart=always
+ 
+diff --git a/google-shutdown-scripts.service b/google-shutdown-scripts.service
+index 16bb9c2..ae02067 100644
+--- a/google-shutdown-scripts.service
++++ b/google-shutdown-scripts.service
+@@ -5,10 +5,10 @@ After=network-online.target rsyslog.service
+ 
+ [Service]
+ Type=oneshot
+-ExecStart=/bin/true
++ExecStart=@true@
+ RemainAfterExit=true
+ # This service does nothing on start, and runs shutdown scripts on stop.
+-ExecStop=/usr/bin/google_metadata_script_runner shutdown
++ExecStop=@out@/bin/google_metadata_script_runner shutdown
+ TimeoutStopSec=0
+ KillMode=process
+ 
+diff --git a/google-startup-scripts.service b/google-startup-scripts.service
+index dfc9838..2465265 100644
+--- a/google-startup-scripts.service
++++ b/google-startup-scripts.service
+@@ -6,7 +6,7 @@ Before=apt-daily.service
+ 
+ [Service]
+ Type=oneshot
+-ExecStart=/usr/bin/google_metadata_script_runner startup
++ExecStart=@out@/bin/google_metadata_script_runner startup
+ #TimeoutStartSec is ignored for Type=oneshot service units.
+ KillMode=process
+ 

pkgs/top-level/all-packages.nix

@@ -6109,6 +6109,8 @@ with pkgs;
 
   google-java-format = callPackage ../development/tools/google-java-format { };
 
+  google-guest-agent = callPackage ../tools/virtualization/google-guest-agent { };
+
   gdown = with python3Packages; toPythonApplication gdown;
 
   gopro = callPackage ../tools/video/gopro { };