nixos/modules/virtualisation/openstack-config.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / virtualisation / openstack-config.nix
at 25.11-pre 2.7 kB view raw
 1{
 2  config,
 3  pkgs,
 4  lib,
 5  ...
 6}:
 7
 8# image metadata:
 9# hw_firmware_type=uefi
10
11let
12  inherit (lib) mkIf mkDefault;
13  cfg = config.openstack;
14  metadataFetcher = import ./openstack-metadata-fetcher.nix {
15    targetRoot = "/";
16    wgetExtraOptions = "--retry-connrefused";
17  };
18in
19{
20  imports = [
21    ../profiles/qemu-guest.nix
22
23    # Note: While we do use the headless profile, we also explicitly
24    # turn on the serial console on tty1 below.
25    # Note that I could not find any documentation indicating tty1 was
26    # the correct choice. I picked tty1 because that is what one
27    # particular host was using.
28    ../profiles/headless.nix
29
30    # The Openstack Metadata service exposes data on an EC2 API also.
31    ./ec2-data.nix
32    ./amazon-init.nix
33  ];
34
35  config = {
36    fileSystems."/" = mkIf (!cfg.zfs.enable) {
37      device = "/dev/disk/by-label/nixos";
38      fsType = "ext4";
39      autoResize = true;
40    };
41
42    fileSystems."/boot" = mkIf (cfg.efi || cfg.zfs.enable) {
43      # The ZFS image uses a partition labeled ESP whether or not we're
44      # booting with EFI.
45      device = "/dev/disk/by-label/ESP";
46      fsType = "vfat";
47    };
48
49    boot.growPartition = true;
50    boot.kernelParams = [ "console=tty1" ];
51    boot.loader.grub.device = if (!cfg.efi) then "/dev/vda" else "nodev";
52    boot.loader.grub.efiSupport = cfg.efi;
53    boot.loader.grub.efiInstallAsRemovable = cfg.efi;
54    boot.loader.timeout = 1;
55    boot.loader.grub.extraConfig = ''
56      serial --unit=1 --speed=115200 --word=8 --parity=no --stop=1
57      terminal_output console serial
58      terminal_input console serial
59    '';
60
61    services.zfs.expandOnBoot = mkIf cfg.zfs.enable (lib.mkDefault "all");
62    boot.zfs.devNodes = mkIf cfg.zfs.enable "/dev/";
63
64    # Allow root logins
65    services.openssh = {
66      enable = true;
67      settings.PermitRootLogin = "prohibit-password";
68      settings.PasswordAuthentication = mkDefault false;
69    };
70
71    # Enable the serial console on tty1
72    systemd.services."serial-getty@tty1".enable = true;
73
74    # Force getting the hostname from Openstack metadata.
75    networking.hostName = mkDefault "";
76
77    systemd.services.openstack-init = {
78      path = [ pkgs.wget ];
79      description = "Fetch Metadata on startup";
80      wantedBy = [ "multi-user.target" ];
81      before = [
82        "apply-ec2-data.service"
83        "amazon-init.service"
84      ];
85      wants = [ "network-online.target" ];
86      after = [ "network-online.target" ];
87      script = metadataFetcher;
88      restartIfChanged = false;
89      unitConfig.X-StopOnRemoval = false;
90      serviceConfig = {
91        Type = "oneshot";
92        RemainAfterExit = true;
93      };
94    };
95  };
96}