nixos/modules/virtualisation/amazon-image.nix at v206 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / virtualisation / amazon-image.nix
at v206 4.8 kB view raw
  1# Configuration for Amazon EC2 instances. (Note that this file is a
  2# misnomer - it should be "amazon-config.nix" or so, not
  3# "amazon-image.nix", since it's used not only to build images but
  4# also to reconfigure instances. However, we can't rename it because
  5# existing "configuration.nix" files on EC2 instances refer to it.)
  6
  7{ config, lib, pkgs, ... }:
  8
  9with lib;
 10
 11let cfg = config.ec2; in
 12
 13{
 14  imports = [ ../profiles/headless.nix ./ec2-data.nix ./amazon-grow-partition.nix ];
 15
 16  config = {
 17
 18    fileSystems."/" = {
 19      device = "/dev/disk/by-label/nixos";
 20      autoResize = true;
 21    };
 22
 23    boot.initrd.kernelModules = [ "xen-blkfront" ];
 24    boot.kernelModules = [ "xen-netfront" ];
 25    boot.kernelParams = mkIf cfg.hvm [ "console=ttyS0" ];
 26
 27    # Prevent the nouveau kernel module from being loaded, as it
 28    # interferes with the nvidia/nvidia-uvm modules needed for CUDA.
 29    # Also blacklist xen_fbfront to prevent a 30 second delay during
 30    # boot.
 31    boot.blacklistedKernelModules = [ "nouveau" "xen_fbfront" ];
 32
 33    # Generate a GRUB menu.  Amazon's pv-grub uses this to boot our kernel/initrd.
 34    boot.loader.grub.version = if cfg.hvm then 2 else 1;
 35    boot.loader.grub.device = if cfg.hvm then "/dev/xvda" else "nodev";
 36    boot.loader.grub.timeout = 0;
 37    boot.loader.grub.extraPerEntryConfig = mkIf (!cfg.hvm) "root (hd0)";
 38
 39    boot.initrd.postDeviceCommands =
 40      ''
 41        # Force udev to exit to prevent random "Device or resource busy
 42        # while trying to open /dev/xvda" errors from fsck.
 43        udevadm control --exit || true
 44        kill -9 -1
 45      '';
 46
 47    # Mount all formatted ephemeral disks and activate all swap devices.
 48    # We cannot do this with the ‘fileSystems’ and ‘swapDevices’ options
 49    # because the set of devices is dependent on the instance type
 50    # (e.g. "m1.large" has one ephemeral filesystem and one swap device,
 51    # while "m1.large" has two ephemeral filesystems and no swap
 52    # devices).  Also, put /tmp and /var on /disk0, since it has a lot
 53    # more space than the root device.  Similarly, "move" /nix to /disk0
 54    # by layering a unionfs-fuse mount on top of it so we have a lot more space for
 55    # Nix operations.
 56    boot.initrd.postMountCommands =
 57      ''
 58        diskNr=0
 59        diskForUnionfs=
 60        for device in /dev/xvd[abcde]*; do
 61            if [ "$device" = /dev/xvda -o "$device" = /dev/xvda1 ]; then continue; fi
 62            fsType=$(blkid -o value -s TYPE "$device" || true)
 63            if [ "$fsType" = swap ]; then
 64                echo "activating swap device $device..."
 65                swapon "$device" || true
 66            elif [ "$fsType" = ext3 ]; then
 67                mp="/disk$diskNr"
 68                diskNr=$((diskNr + 1))
 69                echo "mounting $device on $mp..."
 70                if mountFS "$device" "$mp" "" ext3; then
 71                    if [ -z "$diskForUnionfs" ]; then diskForUnionfs="$mp"; fi
 72                fi
 73            else
 74                echo "skipping unknown device type $device"
 75            fi
 76        done
 77
 78        if [ -n "$diskForUnionfs" ]; then
 79            mkdir -m 755 -p $targetRoot/$diskForUnionfs/root
 80
 81            mkdir -m 1777 -p $targetRoot/$diskForUnionfs/root/tmp $targetRoot/tmp
 82            mount --bind $targetRoot/$diskForUnionfs/root/tmp $targetRoot/tmp
 83
 84            if [ ! -e $targetRoot/.ebs ]; then
 85                mkdir -m 755 -p $targetRoot/$diskForUnionfs/root/var $targetRoot/var
 86                mount --bind $targetRoot/$diskForUnionfs/root/var $targetRoot/var
 87
 88                mkdir -p /unionfs-chroot/ro-nix
 89                mount --rbind $targetRoot/nix /unionfs-chroot/ro-nix
 90
 91                mkdir -m 755 -p $targetRoot/$diskForUnionfs/root/nix
 92                mkdir -p /unionfs-chroot/rw-nix
 93                mount --rbind $targetRoot/$diskForUnionfs/root/nix /unionfs-chroot/rw-nix
 94
 95                unionfs -o allow_other,cow,nonempty,chroot=/unionfs-chroot,max_files=32768 /rw-nix=RW:/ro-nix=RO $targetRoot/nix
 96            fi
 97        fi
 98      '';
 99
100    boot.initrd.extraUtilsCommands =
101      ''
102        # We need swapon in the initrd.
103        copy_bin_and_libs ${pkgs.utillinux}/sbin/swapon
104      '';
105
106    # Don't put old configurations in the GRUB menu.  The user has no
107    # way to select them anyway.
108    boot.loader.grub.configurationLimit = 0;
109
110    # Allow root logins only using the SSH key that the user specified
111    # at instance creation time.
112    services.openssh.enable = true;
113    services.openssh.permitRootLogin = "without-password";
114
115    # Force getting the hostname from EC2.
116    networking.hostName = mkDefault "";
117
118    # Always include cryptsetup so that Charon can use it.
119    environment.systemPackages = [ pkgs.cryptsetup ];
120
121    boot.initrd.supportedFilesystems = [ "unionfs-fuse" ];
122  };
123}