nixos/modules/virtualisation/openstack-config.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / virtualisation / openstack-config.nix
at 24.11-pre 2.7 kB view raw
 1{ config, pkgs, lib, ... }:
 2
 3# image metadata:
 4# hw_firmware_type=uefi
 5
 6let
 7  inherit (lib) mkIf mkDefault;
 8  cfg = config.openstack;
 9  metadataFetcher = import ./openstack-metadata-fetcher.nix {
10    targetRoot = "/";
11    wgetExtraOptions = "--retry-connrefused";
12  };
13in
14{
15  imports = [
16    ../profiles/qemu-guest.nix
17
18    # Note: While we do use the headless profile, we also explicitly
19    # turn on the serial console on tty1 below.
20    # Note that I could not find any documentation indicating tty1 was
21    # the correct choice. I picked tty1 because that is what one
22    # particular host was using.
23    ../profiles/headless.nix
24
25    # The Openstack Metadata service exposes data on an EC2 API also.
26    ./ec2-data.nix
27    ./amazon-init.nix
28  ];
29
30  config = {
31    fileSystems."/" = mkIf (!cfg.zfs.enable) {
32      device = "/dev/disk/by-label/nixos";
33      fsType = "ext4";
34      autoResize = true;
35    };
36
37    fileSystems."/boot" = mkIf (cfg.efi || cfg.zfs.enable) {
38      # The ZFS image uses a partition labeled ESP whether or not we're
39      # booting with EFI.
40      device = "/dev/disk/by-label/ESP";
41      fsType = "vfat";
42    };
43
44    boot.growPartition = true;
45    boot.kernelParams = [ "console=tty1" ];
46    boot.loader.grub.device = if (!cfg.efi) then "/dev/vda" else "nodev";
47    boot.loader.grub.efiSupport = cfg.efi;
48    boot.loader.grub.efiInstallAsRemovable = cfg.efi;
49    boot.loader.timeout = 1;
50    boot.loader.grub.extraConfig = ''
51      serial --unit=1 --speed=115200 --word=8 --parity=no --stop=1
52      terminal_output console serial
53      terminal_input console serial
54    '';
55
56    services.zfs.expandOnBoot = mkIf cfg.zfs.enable (lib.mkDefault "all");
57    boot.zfs.devNodes = mkIf cfg.zfs.enable "/dev/";
58
59    # Allow root logins
60    services.openssh = {
61      enable = true;
62      settings.PermitRootLogin = "prohibit-password";
63      settings.PasswordAuthentication = mkDefault false;
64    };
65
66    users.users.root.initialPassword = "foobar";
67
68    # Enable the serial console on tty1
69    systemd.services."serial-getty@tty1".enable = true;
70
71    # Force getting the hostname from Openstack metadata.
72    networking.hostName = mkDefault "";
73
74    systemd.services.openstack-init = {
75      path = [ pkgs.wget ];
76      description = "Fetch Metadata on startup";
77      wantedBy = [ "multi-user.target" ];
78      before = [ "apply-ec2-data.service" "amazon-init.service" ];
79      wants = [ "network-online.target" ];
80      after = [ "network-online.target" ];
81      script = metadataFetcher;
82      restartIfChanged = false;
83      unitConfig.X-StopOnRemoval = false;
84      serviceConfig = {
85        Type = "oneshot";
86        RemainAfterExit = true;
87      };
88    };
89  };
90}