pyrox.dev / nixpkgs
lol
fork atom

azure-image: fix, split into bootstrap and regular configurations

Conflicts:
nixos/modules/virtualisation/azure-image.nix

Evgeny Egorochkin 2fe90843 db991a40

options
unified split
Changed files
+61 -31
nixos
modules
virtualisation
azure-common.nix
azure-image.nix
+60
nixos/modules/virtualisation/azure-common.nix 
···

       

       
1

       
+

       
{ config, lib, pkgs, ... }:


     

       

       
2

       
+

       



     

       

       
3

       
+

       
with lib;


     

       

       
4

       
+

       
{


     

       

       
5

       
+

       
  imports = [ ../profiles/headless.nix ];


     

       

       
6

       
+

       



     

       

       
7

       
+

       
  boot.kernelParams = [ "console=ttyS0" "earlyprintk=ttyS0" "rootdelay=300" "panic=1" "boot.panic_on_fail" ];


     

       

       
8

       
+

       
  boot.initrd.kernelModules = [ "hv_vmbus" "hv_netvsc" "hv_utils" "hv_storvsc" ];


     

       

       
9

       
+

       



     

       

       
10

       
+

       
  # Generate a GRUB menu. 


     

       

       
11

       
+

       
  boot.loader.grub.device = "/dev/sda";


     

       

       
12

       
+

       
  boot.loader.grub.version = 2;


     

       

       
13

       
+

       
  boot.loader.grub.timeout = 0;


     

       

       
14

       
+

       



     

       

       
15

       
+

       
  # Don't put old configurations in the GRUB menu.  The user has no


     

       

       
16

       
+

       
  # way to select them anyway.


     

       

       
17

       
+

       
  boot.loader.grub.configurationLimit = 0;


     

       

       
18

       
+

       



     

       

       
19

       
+

       
  fileSystems."/".device = "/dev/disk/by-label/nixos";


     

       

       
20

       
+

       



     

       

       
21

       
+

       
  # Allow root logins only using the SSH key that the user specified


     

       

       
22

       
+

       
  # at instance creation time, ping client connections to avoid timeouts


     

       

       
23

       
+

       
  services.openssh.enable = true;


     

       

       
24

       
+

       
  services.openssh.permitRootLogin = "without-password";


     

       

       
25

       
+

       
  services.openssh.extraConfig = ''


     

       

       
26

       
+

       
    ClientAliveInterval 180


     

       

       
27

       
+

       
  '';


     

       

       
28

       
+

       



     

       

       
29

       
+

       
  # Force getting the hostname from Azure


     

       

       
30

       
+

       
  networking.hostName = mkDefault "";


     

       

       
31

       
+

       



     

       

       
32

       
+

       
  # Always include cryptsetup so that NixOps can use it.


     

       

       
33

       
+

       
  environment.systemPackages = [ pkgs.cryptsetup ];


     

       

       
34

       
+

       



     

       

       
35

       
+

       
  networking.usePredictableInterfaceNames = false;


     

       

       
36

       
+

       



     

       

       
37

       
+

       
  services.udev.extraRules = ''


     

       

       
38

       
+

       
    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:0", ATTR{removable}=="0", SYMLINK+="disk/by-lun/0",


     

       

       
39

       
+

       
    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:1", ATTR{removable}=="0", SYMLINK+="disk/by-lun/1",


     

       

       
40

       
+

       
    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:2", ATTR{removable}=="0", SYMLINK+="disk/by-lun/2"


     

       

       
41

       
+

       
    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:3", ATTR{removable}=="0", SYMLINK+="disk/by-lun/3"


     

       

       
42

       
+

       



     

       

       
43

       
+

       
    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:4", ATTR{removable}=="0", SYMLINK+="disk/by-lun/4"


     

       

       
44

       
+

       
    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:5", ATTR{removable}=="0", SYMLINK+="disk/by-lun/5"


     

       

       
45

       
+

       
    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:6", ATTR{removable}=="0", SYMLINK+="disk/by-lun/6"


     

       

       
46

       
+

       
    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:7", ATTR{removable}=="0", SYMLINK+="disk/by-lun/7"


     

       

       
47

       
+

       



     

       

       
48

       
+

       
    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:8", ATTR{removable}=="0", SYMLINK+="disk/by-lun/8"


     

       

       
49

       
+

       
    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:9", ATTR{removable}=="0", SYMLINK+="disk/by-lun/9"


     

       

       
50

       
+

       
    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:10", ATTR{removable}=="0", SYMLINK+="disk/by-lun/10"


     

       

       
51

       
+

       
    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:11", ATTR{removable}=="0", SYMLINK+="disk/by-lun/11"


     

       

       
52

       
+

       



     

       

       
53

       
+

       
    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:12", ATTR{removable}=="0", SYMLINK+="disk/by-lun/12"


     

       

       
54

       
+

       
    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:13", ATTR{removable}=="0", SYMLINK+="disk/by-lun/13"


     

       

       
55

       
+

       
    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:14", ATTR{removable}=="0", SYMLINK+="disk/by-lun/14"


     

       

       
56

       
+

       
    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:15", ATTR{removable}=="0", SYMLINK+="disk/by-lun/15"


     

       

       
57

       
+

       



     

       

       
58

       
+

       
  '';


     

       

       
59

       
+

       



     

       

       
60

       
+

       
}
+1 -31
nixos/modules/virtualisation/azure-image.nix 
···

       
5

       
5

       
 

       
  diskSize = "4096";


     

       
6

       
6

       
 

       
in


     

       
7

       
7

       
 

       
{


     

       
8

       

       
-

       
  imports = [ ../profiles/headless.nix ];


     

       
9

       

       
-

       



     

       
10

       
8

       
 

       
  system.build.azureImage =


     

       
11

       
9

       
 

       
    pkgs.vmTools.runInLinuxVM (


     

       
12

       
10

       
 

       
      pkgs.runCommand "azure-image"


     
···

       
24

       
22

       
 

       



     

       
25

       
23

       
 

       
          postVM =


     

       
26

       
24

       
 

       
            ''


     

       
27

       

       
-

       
              echo Converting


     

       
28

       
25

       
 

       
              mkdir -p $out


     

       
29

       
26

       
 

       
              ${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -O vpc $diskImage $out/disk.vhd


     

       
30

       
27

       
 

       
              rm $diskImage


     
···

       
93

       
90

       
 

       
        ''


     

       
94

       
91

       
 

       
    );


     

       
95

       
92

       
 

       



     

       
96

       

       
-

       
  fileSystems."/".device = "/dev/disk/by-label/nixos";


     

       

       
93

       
+

       
  imports = [ ./azure-common.nix ];


     

       
97

       
94

       
 

       



     

       
98

       
95

       
 

       
  # Azure metadata is available as a CD-ROM drive.


     

       
99

       
96

       
 

       
  fileSystems."/metadata".device = "/dev/sr0";


     

       
100

       
97

       
 

       



     

       
101

       

       
-

       
  boot.kernelParams = [ "console=ttyS0" "earlyprintk=ttyS0" "rootdelay=300" "panic=1" "boot.panic_on_fail" ];


     

       
102

       

       
-

       
  boot.initrd.kernelModules = [ "hv_vmbus" "hv_netvsc" "hv_utils" "hv_storvsc" ];


     

       
103

       

       
-

       



     

       
104

       

       
-

       
  # Generate a GRUB menu. 


     

       
105

       

       
-

       
  boot.loader.grub.device = "/dev/sda";


     

       
106

       

       
-

       
  boot.loader.grub.version = 2;


     

       
107

       

       
-

       
  boot.loader.grub.timeout = 0;


     

       
108

       

       
-

       



     

       
109

       

       
-

       
  # Don't put old configurations in the GRUB menu.  The user has no


     

       
110

       

       
-

       
  # way to select them anyway.


     

       
111

       

       
-

       
  boot.loader.grub.configurationLimit = 0;


     

       
112

       

       
-

       



     

       
113

       

       
-

       
  # Allow root logins only using the SSH key that the user specified


     

       
114

       

       
-

       
  # at instance creation time.


     

       
115

       

       
-

       
  services.openssh.enable = true;


     

       
116

       

       
-

       
  services.openssh.permitRootLogin = "without-password";


     

       
117

       

       
-

       



     

       
118

       

       
-

       
  # Force getting the hostname from Azure


     

       
119

       

       
-

       
  networking.hostName = mkDefault "";


     

       
120

       

       
-

       



     

       
121

       

       
-

       
  # Always include cryptsetup so that NixOps can use it.


     

       
122

       

       
-

       
  environment.systemPackages = [ pkgs.cryptsetup ];


     

       
123

       

       
-

       



     

       
124

       
98

       
 

       
  systemd.services.fetch-ssh-keys =


     

       
125

       
99

       
 

       
    { description = "Fetch host keys and authorized_keys for root user";


     

       
126

       
100

       
 

       



     
···

       
156

       
130

       
 

       
      serviceConfig.StandardError = "journal+console";


     

       
157

       
131

       
 

       
      serviceConfig.StandardOutput = "journal+console";


     

       
158

       
132

       
 

       
     };


     

       
159

       

       
-

       



     

       
160

       

       
-

       
  networking.usePredictableInterfaceNames = false;


     

       
161

       

       
-

       



     

       
162

       

       
-

       
  #users.extraUsers.root.openssh.authorizedKeys.keys = [ (builtins.readFile <ssh-pub-key>) ];


     

       
163

       
133

       
 

       



     

       
164

       
134

       
 

       
}