3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

61 commits

Author SHA1 Message Date
zimbatm 9fb79868ab google-compute-engine: 20180510 -> 20180905
The list of corresponding NixOS services are also updated
2018-09-26 11:48:16 +02:00
John Ericson 2c2f1e37d4 reewide: Purge all uses stdenv.system and top-level system
It is deprecated and will be removed after 18.09.
2018-08-30 17:20:32 -04:00
AmineChikhaoui 1398d0c312
avoid redundant rm calls 2018-06-04 10:23:40 +01:00
AmineChikhaoui 95c05343ce
revert 4a86f8c9ab and properly remove
the temporary ssh host keys file/directory.
2018-05-31 12:49:15 +01:00
AmineChikhaoui f514a68969
barf if pulling the ssh host keys fails 2018-04-28 17:07:54 +01:00
AmineChikhaoui 4a86f8c9ab
remove the entire temporary directory 2018-04-28 17:06:25 +01:00
AmineChikhaoui 3b8c7424d1
pull the ssh host keys from the metadata service as expected by NixOps.
Issues: #38623 https://github.com/NixOS/nixops/issues/930.
2018-04-28 16:52:46 +01:00
Wout Mertens fc6ab8dfa7
google-compute-image: provide correct MTU 2018-04-08 08:46:42 +02:00
Rob Vermaas b894dd8b82
Update create-gce.sh script. Set default option for GCE images to disable host key replacement by service.
(cherry picked from commit 748d96ffa3)
2018-04-06 10:57:31 +02:00
Rob Vermaas ced3a201e3
gce: needs bigger diskSize
(cherry picked from commit ac3437aa06)
2018-04-05 12:19:05 +02:00
Jan Malakhovski 2e6b796761 nixos: rename config.system.nixos* -> config.system.nixos.* 2018-02-18 12:56:30 +00:00
Rob Vermaas 38538f3206
Merge pull request #33423 from AmineChikhaoui/gce-ssh-keys
Fix ssh keys retrieval in GCE instances
2018-01-18 13:06:00 +01:00
zimbatm eddf30cc93
nixos: introduce boot.growPartition (#33521)
Move it from being a profile
2018-01-06 13:52:51 +00:00
AmineChikhaoui 5dba59d494
Fixes https://github.com/NixOS/nixops/issues/756.
Seems the google compute metadata service behavior changed a bit
recently which caused this issue ?
see: https://cloud.google.com/compute/docs/storing-retrieving-metadata
2018-01-04 16:50:05 +01:00
Rob Vermaas 0783efb41c
google-instance-setup: add openssh to path 2017-09-15 10:43:09 +00:00
zimbatm c93d68b6ed google-compute-image module: use google services
This adds a few google-specific services to setup the machine.

Accounts are now dynamically created using the google-accounts-daemon,
which allows to click on the "SSH" button in the console and have it
working.

The NixOS image now supports the userdata startup and shutdown scripts.

Misc:
* add all the google services from https://github.com/GoogleCloudPlatform/compute-image-packages/tree/master/google_compute_engine_init/systemd
* add udev rules for disk labels
* synched sysctl rules with https://github.com/GoogleCloudPlatform/compute-image-packages/blob/master/google_config/sysctl/11-gce-network-security.conf
2017-07-15 19:36:38 +01:00
Mateusz Kowalczyk a2c900dc87 GCE-service: Update fetch-ssh-keys API usage 2017-05-20 22:54:07 +01:00
Jörg Thalheim 9d3c118320
google-compute-image: append .raw.tar.gz suffix
This restores behavior of image generation before f1708a9d7d
2017-04-26 16:40:38 +02:00
Dan Peebles 9fae0f3f38 google-compute-image: switch to use the common make-disk-image.nix 2017-04-24 18:38:10 +00:00
Clemens Fruhwirth 72ec884cc6 Make GCE image as small as possible and incorporate partition growing
when users of nixops specified a larger root disk via
deployment.gce.rootDiskSize

1GB is the smallest possible size as GCP doesn't support
fractions of GB for RAW images, see
https://cloud.google.com/compute/docs/images/import-existing-image#requirements
2017-03-27 17:41:42 +02:00
c74d a4ac5506f5 google-compute-image: fix Yama LSM option conflict
Having fixed the Google Compute Engine image build process's copying
of store paths in PR #24264, I ran `nixos-rebuild --upgrade switch`...
and the GCE image broke again, because it sets the NixOS configuration
option for the sysctl variable `kernel.yama.ptrace_scope` to
`mkDefault "1"`, i.e., with override priority 1000, and now the
`sysctl` module sets the same option to `mkDefault "0"` (this was
changed in commit 86721a5f78).

This patch raises the override priority of the Google Compute Engine
image configuration's definition of the Yama sysctl option to 500
(still lower than the priority of an unmodified option definition).

I have tested that this patch allows the Google Compute Engine image
to again build successfully for me.
2017-03-26 21:09:58 +02:00
c74d e0e520a519 google-compute-image: copy store paths with rsync
In `nixos/modules/virtualisation/google-compute-image.nix`, copy store
paths with `rsync -a` rather than `cp -prd`, because `rsync` seems
better able to handle the hard-links that may be present in the store,
whereas `cp` may fail to copy them.

I have tested that the Google Compute Engine image builds successfully
for me with this patch, whereas it did not without this patch.

This is the same fix applied for Azure images in commit
097ef6e435.

Fixes #23973.
2017-03-24 02:14:10 +01:00
Dan Peebles 15c05ad213 google-compute-image.nix: fix evaluation failure 2017-02-22 23:51:57 +00:00
Jörg Thalheim 1590461887 ntp: make timesyncd the new default
- most nixos user only require time synchronisation,
  while ntpd implements a battery-included ntp server (1,215 LOCs of C-Code vs 64,302)
- timesyncd support ntp server per interface (if configured through dhcp for instance)
- timesyncd is already included in the systemd package, switching to it would
  save a little disk space (1,5M)
2016-12-17 00:00:45 +01:00
Anmol Sethi 6891bb1c59
openssh: support prohibit-password for permitRootLogin
See 1dc8d93ce6

I also made it the default.
2016-10-01 13:23:56 -04:00
Alexander Ried 27bc34f1e4 treewide: deprecate ip-up.target (#18319)
Systemd upstream provides targets for networking. This also includes a target network-online.target.

In this PR I remove / replace most occurrences since some of them were even wrong and could delay startup.
2016-09-10 18:03:59 +02:00
Tuomas Tynkkynen 74a3a2cd7e treewide: Use makeBinPath 2016-08-23 01:18:10 +03:00
Eelco Dolstra 32bed83b18 Remove boot.loader.grub.timeout and boot.loader.gummiboot.timeout
There is a generic boot.loader.timeout option.
2016-05-25 11:39:17 +02:00
Tuomas Tynkkynen 60f5659dad treewide: Use correct output in ${config.nix.package}/bin 2016-04-25 16:44:37 +02:00
Jan Malakhovski 119c8f91e7 nixos: introduce system.nixosLabel option and use it where appropriate
Setting nixosVersion to something custom is useful for meaningful GRUB
menus and /nix/store paths, but actuallly changing it rebulids the
whole system path (because of `nixos-version` script and manual
pages). Also, changing it is not a particularly good idea because you
can then be differentitated from other NixOS users by a lot of
programs that read /etc/os-release.

This patch introduces an alternative option that does all you want
from nixosVersion, but rebuilds only the very top system level and
/etc while using your label in the names of system /nix/store paths,
GRUB and other boot loaders' menus, getty greetings and so on.
2016-01-08 22:26:15 +00:00
Jan Malakhovski a153de28bb nixos: rename some outputs for better discoverability in /nix/store 2015-09-18 19:00:20 +00:00
Wout Mertens 0666ee4739 Merge pull request #6732 from oconnorr/master
Use mktemp to create temporary files to hold ssh host keys and authorized keys
2015-06-02 20:34:43 +02:00
William A. Kennington III aa5d6922c5 Revert "Set boot.loader.grub.configurationLimit to 1 for gce/azure/amazon images. Setting to 0 results in empty grub config."
The issue was that grub was not building the default entry which would
leave systems unbootable. This can now be safely reverted as the default
entry is being built once again.

This reverts commit fd1fb0403c.
2015-05-29 13:26:51 -07:00
Russell O'Connor 29b7d76ec8 Remove use of && in fetch-ssh-keys service.
Scripts are run with -e so will abort when a command fails.
2015-05-29 19:53:58 +00:00
Russell O'Connor 4744e3541a [GCE] Put temp files for fetch-ssh-keys service in /run 2015-05-29 19:53:57 +00:00
Russell O'Connor 1badfabc4d Use mktemp to create temporary files to hold ssh host keys and authorized keys when downloading them from the metadata server. 2015-05-29 19:53:57 +00:00
Rob Vermaas fd1fb0403c Set boot.loader.grub.configurationLimit to 1 for gce/azure/amazon images. Setting to 0 results in empty grub config. 2015-05-29 19:36:16 +00:00
Rob Vermaas cbb14299c9 GCE image: Remove some unnecessary lib prefixes. 2015-03-26 09:15:09 +00:00
Rob Vermaas 80202fbd25 GCE image: Add some recommended sysctl settings. Disable OS level firewall by default for GCE images (GCE provides external firewall). Disable passwordAuthentication. Related to issue #6991. 2015-03-26 09:09:40 +00:00
Rob Vermaas 24e0565407 Only start fetch-keys for GCE image after ip-up. 2015-02-27 10:48:15 +00:00
Rob Vermaas e4928b8955 GCE image: Pass header to metadata service calls. 2015-02-26 19:20:43 +00:00
Eelco Dolstra efa8fc2b0a Paranoia 2015-01-15 18:37:55 +01:00
Russell O'Connor d1a58ef7c6 google-compute-image.nix: Try to download all SSH host keys from metadata server. 2015-01-06 12:06:54 -05:00
Russell O'Connor 3251948029 Generate SSH host public key from the private key. 2015-01-05 15:20:55 -05:00
Russell O'Connor d1cbbff1e3 Call wget directly in fetch-ssh-keys service. 2015-01-05 15:20:55 -05:00
Russell O'Connor 6382e16014 google-compute-image.nix: unconditionally clean up /root/key.pub /root/authorized-keys-metadata 2015-01-05 15:18:02 -05:00
Russell O'Connor b19ab1f046 google-comute-image.nix: set umask 077 when downloading private keys from the metadata server. 2015-01-05 15:01:49 -05:00
Russell O'Connor e548a4330d google-compute-image.nix: use internal google NTP server. 2015-01-05 12:45:23 -05:00
Rob Vermaas ea9530b5c7 Fix GCE image build.
(cherry picked from commit 98af87cd4a)
2015-01-05 09:35:35 +01:00
Rob Vermaas 3566807e76 Google Compute image:
Removed the 'wait for GCE metadata service' job, as it was causing
issues with the metadata service (likely some firewall or something).
In stead, use wget with retries (including connection refused) in
stead or curl for fetching the SSH keys. Also made the stdout/-err
of this job appear in the console.
2014-08-01 15:25:50 +02:00