nixos/modules/virtualisation/oci-image.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / virtualisation / oci-image.nix

at 24.11-pre 1.4 kB view raw

 1{ config, lib, pkgs, ... }:
 2
 3let
 4  cfg = config.oci;
 5in
 6{
 7  imports = [ ./oci-common.nix ];
 8
 9  config = {
10    system.build.OCIImage = import ../../lib/make-disk-image.nix {
11      inherit config lib pkgs;
12      name = "oci-image";
13      configFile = ./oci-config-user.nix;
14      format = "qcow2";
15      diskSize = 8192;
16      partitionTableType = if cfg.efi then "efi" else "legacy";
17    };
18
19    systemd.services.fetch-ssh-keys = {
20      description = "Fetch authorized_keys for root user";
21
22      wantedBy = [ "sshd.service" ];
23      before = [ "sshd.service" ];
24
25      after = [ "network-online.target" ];
26      wants = [ "network-online.target" ];
27
28      path  = [ pkgs.coreutils pkgs.curl ];
29      script = ''
30        mkdir -m 0700 -p /root/.ssh
31        if [ -f /root/.ssh/authorized_keys ]; then
32          echo "Authorized keys have already been downloaded"
33        else
34          echo "Downloading authorized keys from Instance Metadata Service v2"
35          curl -s -S -L \
36            -H "Authorization: Bearer Oracle" \
37            -o /root/.ssh/authorized_keys \
38            http://169.254.169.254/opc/v2/instance/metadata/ssh_authorized_keys
39          chmod 600 /root/.ssh/authorized_keys
40        fi
41      '';
42      serviceConfig = {
43        Type = "oneshot";
44        RemainAfterExit = true;
45        StandardError = "journal+console";
46        StandardOutput = "journal+console";
47      };
48    };
49  };
50}