nixos/modules/virtualisation/azure-image.nix at 16.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / virtualisation / azure-image.nix
at 16.09-beta 4.8 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4let
  5  diskSize = "30720";
  6in
  7{
  8  system.build.azureImage =
  9    pkgs.vmTools.runInLinuxVM (
 10      pkgs.runCommand "azure-image"
 11        { preVM =
 12            ''
 13              mkdir $out
 14              diskImage=$out/$diskImageBase
 15
 16              cyl=$(((${diskSize}*1024*1024)/(512*63*255)))
 17              size=$(($cyl*255*63*512))              
 18              roundedsize=$((($size/(1024*1024)+1)*(1024*1024)))
 19              ${pkgs.vmTools.qemu-220}/bin/qemu-img create -f raw $diskImage $roundedsize
 20              mv closure xchg/
 21            '';
 22
 23          postVM =
 24            ''
 25              mkdir -p $out
 26              ${pkgs.vmTools.qemu-220}/bin/qemu-img convert -f raw -O vpc $diskImage $out/disk.vhd
 27              rm $diskImage
 28            '';
 29          diskImageBase = "nixos-image-${config.system.nixosLabel}-${pkgs.stdenv.system}.raw";
 30          buildInputs = [ pkgs.utillinux pkgs.perl ];
 31          exportReferencesGraph =
 32            [ "closure" config.system.build.toplevel ];
 33        }
 34        ''
 35          # Create partition table
 36          ${pkgs.parted}/sbin/parted /dev/vda mklabel msdos
 37          ${pkgs.parted}/sbin/parted /dev/vda mkpart primary ext4 1 ${diskSize}M
 38          ${pkgs.parted}/sbin/parted /dev/vda print
 39          . /sys/class/block/vda1/uevent
 40          mknod /dev/vda1 b $MAJOR $MINOR
 41
 42          # Create an empty filesystem and mount it.
 43          ${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L nixos /dev/vda1
 44          ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1
 45
 46          mkdir /mnt
 47          mount /dev/vda1 /mnt
 48
 49          # The initrd expects these directories to exist.
 50          mkdir /mnt/dev /mnt/proc /mnt/sys
 51
 52          mount --bind /proc /mnt/proc
 53          mount --bind /dev /mnt/dev
 54          mount --bind /sys /mnt/sys
 55
 56          # Copy all paths in the closure to the filesystem.
 57          storePaths=$(perl ${pkgs.pathsFromGraph} /tmp/xchg/closure)
 58
 59          mkdir -p /mnt/nix/store
 60          echo "copying everything (will take a while)..."
 61          cp -prd $storePaths /mnt/nix/store/
 62
 63          echo Register the paths in the Nix database.
 64          printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
 65              chroot /mnt ${config.nix.package.out}/bin/nix-store --load-db --option build-users-group ""
 66
 67          echo Create the system profile to allow nixos-rebuild to work.
 68          chroot /mnt ${config.nix.package.out}/bin/nix-env \
 69              -p /nix/var/nix/profiles/system --set ${config.system.build.toplevel} --option build-users-group ""
 70
 71          echo nixos-rebuild requires an /etc/NIXOS.
 72          mkdir -p /mnt/etc
 73          touch /mnt/etc/NIXOS
 74
 75          echo switch-to-configuration requires a /bin/sh
 76          mkdir -p /mnt/bin
 77          ln -s ${config.system.build.binsh}/bin/sh /mnt/bin/sh
 78
 79          echo Install a configuration.nix.
 80          mkdir -p /mnt/etc/nixos /mnt/boot/grub
 81          cp ${./azure-config-user.nix} /mnt/etc/nixos/configuration.nix
 82
 83          echo Generate the GRUB menu.
 84          ln -s vda /dev/sda
 85          chroot /mnt ${config.system.build.toplevel}/bin/switch-to-configuration boot
 86
 87          echo Almost done
 88          umount /mnt/proc /mnt/dev /mnt/sys
 89          umount /mnt
 90        ''
 91    );
 92
 93  imports = [ ./azure-common.nix ];
 94
 95  # Azure metadata is available as a CD-ROM drive.
 96  fileSystems."/metadata".device = "/dev/sr0";
 97
 98  systemd.services.fetch-ssh-keys =
 99    { description = "Fetch host keys and authorized_keys for root user";
100
101      wantedBy = [ "sshd.service" "waagent.service" ];
102      before = [ "sshd.service" "waagent.service" ];
103      after = [ "local-fs.target" ];
104
105      path  = [ pkgs.coreutils ];
106      script =
107        ''
108          eval "$(cat /metadata/CustomData.bin)"
109          if ! [ -z "$ssh_host_ecdsa_key" ]; then
110            echo "downloaded ssh_host_ecdsa_key"
111            echo "$ssh_host_ecdsa_key" > /etc/ssh/ssh_host_ed25519_key
112            chmod 600 /etc/ssh/ssh_host_ed25519_key
113          fi
114
115          if ! [ -z "$ssh_host_ecdsa_key_pub" ]; then
116            echo "downloaded ssh_host_ecdsa_key_pub"
117            echo "$ssh_host_ecdsa_key_pub" > /etc/ssh/ssh_host_ed25519_key.pub
118            chmod 644 /etc/ssh/ssh_host_ed25519_key.pub
119          fi
120
121          if ! [ -z "$ssh_root_auth_key" ]; then
122            echo "downloaded ssh_root_auth_key"
123            mkdir -m 0700 -p /root/.ssh
124            echo "$ssh_root_auth_key" > /root/.ssh/authorized_keys
125            chmod 600 /root/.ssh/authorized_keys
126          fi
127        '';
128      serviceConfig.Type = "oneshot";
129      serviceConfig.RemainAfterExit = true;
130      serviceConfig.StandardError = "journal+console";
131      serviceConfig.StandardOutput = "journal+console";
132     };
133
134}