pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / virtualisation / oci-image.nix
at 25.11-pre 1.9 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 ... 6}: 7 8let 9 cfg = config.oci; 10in 11{ 12 imports = [ 13 ./oci-common.nix 14 ../image/file-options.nix 15 ]; 16 17 config = { 18 # Use a priority just below mkOptionDefault (1500) instead of lib.mkDefault 19 # to avoid breaking existing configs using that. 20 virtualisation.diskSize = lib.mkOverride 1490 (8 * 1024); 21 virtualisation.diskSizeAutoSupported = false; 22 23 system.nixos.tags = [ "oci" ]; 24 image.extension = "qcow2"; 25 system.build.image = config.system.build.OCIImage; 26 system.build.OCIImage = import ../../lib/make-disk-image.nix { 27 inherit config lib pkgs; 28 inherit (config.virtualisation) diskSize; 29 name = "oci-image"; 30 baseName = config.image.baseName; 31 configFile = ./oci-config-user.nix; 32 format = "qcow2"; 33 partitionTableType = if cfg.efi then "efi" else "legacy"; 34 }; 35 36 systemd.services.fetch-ssh-keys = { 37 description = "Fetch authorized_keys for root user"; 38 39 wantedBy = [ "sshd.service" ]; 40 before = [ "sshd.service" ]; 41 42 after = [ "network-online.target" ]; 43 wants = [ "network-online.target" ]; 44 45 path = [ 46 pkgs.coreutils 47 pkgs.curl 48 ]; 49 script = '' 50 mkdir -m 0700 -p /root/.ssh 51 if [ -f /root/.ssh/authorized_keys ]; then 52 echo "Authorized keys have already been downloaded" 53 else 54 echo "Downloading authorized keys from Instance Metadata Service v2" 55 curl -s -S -L \ 56 -H "Authorization: Bearer Oracle" \ 57 -o /root/.ssh/authorized_keys \ 58 http://169.254.169.254/opc/v2/instance/metadata/ssh_authorized_keys 59 chmod 600 /root/.ssh/authorized_keys 60 fi 61 ''; 62 serviceConfig = { 63 Type = "oneshot"; 64 RemainAfterExit = true; 65 StandardError = "journal+console"; 66 StandardOutput = "journal+console"; 67 }; 68 }; 69 }; 70}