commit 4e7a971fe47604db31f9ae75fd1bc7347e5c66ca · pyrox.dev/nixpkgs

nixos/doc/manual/release-notes/rl-2505.section.md

···

       30
       30
        
       

     

       31
       31
        
       - [agorakit](https://github.com/agorakit/agorakit), an organization tool for citizens' collectives. Available with [services.agorakit](options.html#opt-services.agorakit.enable).

     

       32
       32
        
       

     

       33
       33
       +
       - [waagent](https://github.com/Azure/WALinuxAgent), the Microsoft Azure Linux Agent (waagent) manages Linux provisioning and VM interaction with the Azure Fabric Controller. Available with [services.waagent](options.html#opt-services.waagent.enable).

     

       34
       34
       +
       

     

       33
       35
        
       - [mqtt-exporter](https://github.com/kpetremann/mqtt-exporter/), a Prometheus exporter for exposing messages from MQTT. Available as [services.prometheus.exporters.mqtt](#opt-services.prometheus.exporters.mqtt.enable).

     

       34
       36
        
       

     

       35
       37
        
       - [Buffyboard](https://gitlab.postmarketos.org/postmarketOS/buffybox/-/tree/master/buffyboard), a framebuffer on-screen keyboard. Available as [services.buffyboard](option.html#opt-services.buffyboard).

     
···

       103
       105
        
       - `gkraken` software and `hardware.gkraken.enable` option have been removed, use `coolercontrol` via `programs.coolercontrol.enable` option instead.

     

       104
       106
        
       

     

       105
       107
        
       - `nodePackages.ganache` has been removed, as the package has been deprecated by upstream.

     

       108
       108
       +
       

     

       109
       109
       +
       - `virtualisation.azure.agent` option provided by `azure-agent.nix` is replaced by `services.waagent`, and will be removed in a future release.

     

       106
       110
        
       

     

       107
       111
        
       - `containerd` has been updated to v2, which contains breaking changes. See the [containerd

     

       108
       112
        
         2.0](https://github.com/containerd/containerd/blob/main/docs/containerd-2.0.md) documentation for more

nixos/modules/module-list.nix

···

       1765
       1765
        
         ./virtualisation/virtualbox-host.nix

     

       1766
       1766
        
         ./virtualisation/vmware-guest.nix

     

       1767
       1767
        
         ./virtualisation/vmware-host.nix

     

       1768
       1768
       +
         ./virtualisation/waagent.nix

     

       1768
       1769
        
         ./virtualisation/waydroid.nix

     

       1769
       1770
        
         ./virtualisation/xe-guest-utilities.nix

     

       1770
       1771
        
         ./virtualisation/xen-dom0.nix

+53 -288

nixos/modules/virtualisation/azure-agent.nix

···

       1
       1
       -
       { config, lib, pkgs, ... }:

     

       1
       1
       +
       { lib, ... }:

     

       2
       2
        
       

     

       3
       3
        
       with lib;

     

       4
       4
       -
       let

     

       5
       5
       -
       

     

       6
       6
       -
         cfg = config.virtualisation.azure.agent;

     

       7
       7
       -
       

     

       8
       8
       -
         provisionedHook = pkgs.writeScript "provisioned-hook" ''

     

       9
       9
       -
           #!${pkgs.runtimeShell}

     

       10
       10
       -
           /run/current-system/systemd/bin/systemctl start provisioned.target

     

       11
       11
       -
         '';

     

       12
       12
       -
       

     

       13
       13
       -
       in

     

       14
       14
       -
       {

     

       4
       4
       +
       warn

     

       5
       5
       +
         ''

     

       6
       6
       +
           `virtualisation.azure.agent` provided by `azure-agent.nix` module has been replaced

     

       7
       7
       +
           by `services.waagent` options, and will be removed in a future release.

     

       8
       8
       +
         ''

     

       9
       9
       +
         {

     

       15
       10
        
       

     

       16
       16
       -
         ###### interface

     

       17
       17
       -
       

     

       18
       18
       -
         options.virtualisation.azure.agent = {

     

       19
       19
       -
           enable = mkOption {

     

       20
       20
       -
             default = false;

     

       21
       21
       -
             description = "Whether to enable the Windows Azure Linux Agent.";

     

       22
       22
       -
           };

     

       23
       23
       -
           verboseLogging = mkOption {

     

       24
       24
       -
             default = false;

     

       25
       25
       -
             description = "Whether to enable verbose logging.";

     

       26
       26
       -
           };

     

       27
       27
       -
           mountResourceDisk = mkOption {

     

       28
       28
       -
             default = true;

     

       29
       29
       -
             description = "Whether the agent should format (ext4) and mount the resource disk to /mnt/resource.";

     

       30
       30
       -
           };

     

       31
       31
       -
         };

     

       32
       32
       -
       

     

       33
       33
       -
         ###### implementation

     

       34
       34
       -
       

     

       35
       35
       -
         config = lib.mkIf cfg.enable {

     

       36
       36
       -
           assertions = [{

     

       37
       37
       -
             assertion = config.networking.networkmanager.enable == false;

     

       38
       38
       -
             message = "Windows Azure Linux Agent is not compatible with NetworkManager";

     

       39
       39
       -
           }];

     

       40
       40
       -
       

     

       41
       41
       -
           boot.initrd.kernelModules = [ "ata_piix" ];

     

       42
       42
       -
           networking.firewall.allowedUDPPorts = [ 68 ];

     

       43
       43
       -
       

     

       44
       44
       -
       

     

       45
       45
       -
           environment.etc."waagent.conf".text = ''

     

       46
       46
       -
               #

     

       47
       47
       -
               # Microsoft Azure Linux Agent Configuration

     

       48
       48
       -
               #

     

       49
       49
       -
       

     

       50
       50
       -
               # Enable extension handling. Do not disable this unless you do not need password reset,

     

       51
       51
       -
               # backup, monitoring, or any extension handling whatsoever.

     

       52
       52
       -
               Extensions.Enabled=y

     

       53
       53
       -
       

     

       54
       54
       -
               # How often (in seconds) to poll for new goal states

     

       55
       55
       -
               Extensions.GoalStatePeriod=6

     

       56
       56
       -
       

     

       57
       57
       -
               # Which provisioning agent to use. Supported values are "auto" (default), "waagent",

     

       58
       58
       -
               # "cloud-init", or "disabled".

     

       59
       59
       -
               Provisioning.Agent=auto

     

       60
       60
       -
       

     

       61
       61
       -
               # Password authentication for root account will be unavailable.

     

       62
       62
       -
               Provisioning.DeleteRootPassword=n

     

       63
       63
       -
       

     

       64
       64
       -
               # Generate fresh host key pair.

     

       65
       65
       -
               Provisioning.RegenerateSshHostKeyPair=n

     

       66
       66
       -
       

     

       67
       67
       -
               # Supported values are "rsa", "dsa", "ecdsa", "ed25519", and "auto".

     

       68
       68
       -
               # The "auto" option is supported on OpenSSH 5.9 (2011) and later.

     

       69
       69
       -
               Provisioning.SshHostKeyPairType=ed25519

     

       70
       70
       -
       

     

       71
       71
       -
               # Monitor host name changes and publish changes via DHCP requests.

     

       72
       72
       -
               Provisioning.MonitorHostName=y

     

       73
       73
       -
       

     

       74
       74
       -
               # How often (in seconds) to monitor host name changes.

     

       75
       75
       -
               Provisioning.MonitorHostNamePeriod=30

     

       76
       76
       -
       

     

       77
       77
       -
               # Decode CustomData from Base64.

     

       78
       78
       -
               Provisioning.DecodeCustomData=n

     

       79
       79
       -
       

     

       80
       80
       -
               # Execute CustomData after provisioning.

     

       81
       81
       -
               Provisioning.ExecuteCustomData=n

     

       82
       82
       -
       

     

       83
       83
       -
               # Algorithm used by crypt when generating password hash.

     

       84
       84
       -
               #Provisioning.PasswordCryptId=6

     

       85
       85
       -
       

     

       86
       86
       -
               # Length of random salt used when generating password hash.

     

       87
       87
       -
               #Provisioning.PasswordCryptSaltLength=10

     

       88
       88
       -
       

     

       89
       89
       -
               # Allow reset password of sys user

     

       90
       90
       -
               Provisioning.AllowResetSysUser=n

     

       91
       91
       -
       

     

       92
       92
       -
               # Format if unformatted. If 'n', resource disk will not be mounted.

     

       93
       93
       -
               ResourceDisk.Format=${if cfg.mountResourceDisk then "y" else "n"}

     

       94
       94
       -
       

     

       95
       95
       -
               # File system on the resource disk

     

       96
       96
       -
               # Typically ext3 or ext4. FreeBSD images should use 'ufs2' here.

     

       97
       97
       -
               ResourceDisk.Filesystem=ext4

     

       98
       98
       -
       

     

       99
       99
       -
               # Mount point for the resource disk

     

       100
       100
       -
               ResourceDisk.MountPoint=/mnt/resource

     

       101
       101
       -
       

     

       102
       102
       -
               # Create and use swapfile on resource disk.

     

       103
       103
       -
               ResourceDisk.EnableSwap=n

     

       104
       104
       -
       

     

       105
       105
       -
               # Size of the swapfile.

     

       106
       106
       -
               ResourceDisk.SwapSizeMB=0

     

       107
       107
       -
       

     

       108
       108
       -
               # Comma-separated list of mount options. See mount(8) for valid options.

     

       109
       109
       -
               ResourceDisk.MountOptions=None

     

       110
       110
       -
       

     

       111
       111
       -
               # Enable verbose logging (y|n)

     

       112
       112
       -
               Logs.Verbose=${if cfg.verboseLogging then "y" else "n"}

     

       113
       113
       -
       

     

       114
       114
       -
               # Enable Console logging, default is y

     

       115
       115
       -
               # Logs.Console=y

     

       116
       116
       -
       

     

       117
       117
       -
               # Enable periodic log collection, default is n

     

       118
       118
       -
               Logs.Collect=n

     

       119
       119
       -
       

     

       120
       120
       -
               # How frequently to collect logs, default is each hour

     

       121
       121
       -
               Logs.CollectPeriod=3600

     

       122
       122
       -
       

     

       123
       123
       -
               # Is FIPS enabled

     

       124
       124
       -
               OS.EnableFIPS=n

     

       125
       125
       -
       

     

       126
       126
       -
               # Root device timeout in seconds.

     

       127
       127
       -
               OS.RootDeviceScsiTimeout=300

     

       128
       128
       -
       

     

       129
       129
       -
               # How often (in seconds) to set the root device timeout.

     

       130
       130
       -
               OS.RootDeviceScsiTimeoutPeriod=30

     

       131
       131
       -
       

     

       132
       132
       -
               # If "None", the system default version is used.

     

       133
       133
       -
               OS.OpensslPath=${pkgs.openssl_3.bin}/bin/openssl

     

       134
       134
       -
       

     

       135
       135
       -
               # Set the SSH ClientAliveInterval

     

       136
       136
       -
               # OS.SshClientAliveInterval=180

     

       137
       137
       -
       

     

       138
       138
       -
               # Set the path to SSH keys and configuration files

     

       139
       139
       -
               OS.SshDir=/etc/ssh

     

       140
       140
       -
       

     

       141
       141
       -
               # If set, agent will use proxy server to access internet

     

       142
       142
       -
               #HttpProxy.Host=None

     

       143
       143
       -
               #HttpProxy.Port=None

     

       144
       144
       -
       

     

       145
       145
       -
               # Detect Scvmm environment, default is n

     

       146
       146
       -
               # DetectScvmmEnv=n

     

       147
       147
       -
       

     

       148
       148
       -
               #

     

       149
       149
       -
               # Lib.Dir=/var/lib/waagent

     

       150
       150
       -
       

     

       151
       151
       -
               #

     

       152
       152
       -
               # DVD.MountPoint=/mnt/cdrom/secure

     

       153
       153
       -
       

     

       154
       154
       -
               #

     

       155
       155
       -
               # Pid.File=/var/run/waagent.pid

     

       156
       156
       -
       

     

       157
       157
       -
               #

     

       158
       158
       -
               # Extension.LogDir=/var/log/azure

     

       159
       159
       -
       

     

       160
       160
       -
               #

     

       161
       161
       -
               # Home.Dir=/home

     

       162
       162
       -
       

     

       163
       163
       -
               # Enable RDMA management and set up, should only be used in HPC images

     

       164
       164
       -
               OS.EnableRDMA=n

     

       165
       165
       -
       

     

       166
       166
       -
               # Enable checking RDMA driver version and update

     

       167
       167
       -
               # OS.CheckRdmaDriver=y

     

       168
       168
       -
       

     

       169
       169
       -
               # Enable or disable goal state processing auto-update, default is enabled

     

       170
       170
       -
               AutoUpdate.Enabled=n

     

       171
       171
       -
       

     

       172
       172
       -
               # Determine the update family, this should not be changed

     

       173
       173
       -
               # AutoUpdate.GAFamily=Prod

     

       174
       174
       -
       

     

       175
       175
       -
               # Determine if the overprovisioning feature is enabled. If yes, hold extension

     

       176
       176
       -
               # handling until inVMArtifactsProfile.OnHold is false.

     

       177
       177
       -
               # Default is enabled

     

       178
       178
       -
               EnableOverProvisioning=n

     

       179
       179
       -
       

     

       180
       180
       -
               # Allow fallback to HTTP if HTTPS is unavailable

     

       181
       181
       -
               # Note: Allowing HTTP (vs. HTTPS) may cause security risks

     

       182
       182
       -
               # OS.AllowHTTP=n

     

       183
       183
       -
       

     

       184
       184
       -
               # Add firewall rules to protect access to Azure host node services

     

       185
       185
       -
               OS.EnableFirewall=n

     

       186
       186
       -
       

     

       187
       187
       -
               # How often (in seconds) to check the firewall rules

     

       188
       188
       -
               OS.EnableFirewallPeriod=30

     

       189
       189
       -
       

     

       190
       190
       -
               # How often (in seconds) to remove the udev rules for persistent network interface

     

       191
       191
       -
               # names (75-persistent-net-generator.rules and /etc/udev/rules.d/70-persistent-net.rules)

     

       192
       192
       -
               OS.RemovePersistentNetRulesPeriod=30

     

       193
       193
       -
       

     

       194
       194
       -
               # How often (in seconds) to monitor for DHCP client restarts

     

       195
       195
       -
               OS.MonitorDhcpClientRestartPeriod=30

     

       196
       196
       -
           '';

     

       197
       197
       -
       

     

       198
       198
       -
           services.udev.packages = [ pkgs.waagent ];

     

       199
       199
       -
       

     

       200
       200
       -
           # Provide waagent-shipped udev rules in initrd too.

     

       201
       201
       -
           boot.initrd.services.udev.packages = [ pkgs.waagent ];

     

       202
       202
       -
           # udev rules shell out to chmod, cut and readlink, which are all

     

       203
       203
       -
           # provided by pkgs.coreutils, which is in services.udev.path, but not

     

       204
       204
       -
           # boot.initrd.services.udev.binPackages.

     

       205
       205
       -
           boot.initrd.services.udev.binPackages = [ pkgs.coreutils ];

     

       206
       206
       -
       

     

       207
       207
       -
           networking.dhcpcd.persistent = true;

     

       208
       208
       -
       

     

       209
       209
       -
           services.logrotate = {

     

       210
       210
       -
             enable = true;

     

       211
       211
       -
             settings."/var/log/waagent.log" = {

     

       212
       212
       -
               compress = true;

     

       213
       213
       -
               frequency = "monthly";

     

       214
       214
       -
               rotate = 6;

     

       215
       215
       -
             };

     

       216
       216
       -
           };

     

       217
       217
       -
       

     

       218
       218
       -
           systemd.targets.provisioned = {

     

       219
       219
       -
             description = "Services Requiring Azure VM provisioning to have finished";

     

       220
       220
       -
           };

     

       221
       221
       -
       

     

       222
       222
       -
           systemd.services.consume-hypervisor-entropy =

     

       223
       223
       -
             {

     

       224
       224
       -
               description = "Consume entropy in ACPI table provided by Hyper-V";

     

       225
       225
       -
       

     

       226
       226
       -
               wantedBy = [ "sshd.service" "waagent.service" ];

     

       227
       227
       -
               before = [ "sshd.service" "waagent.service" ];

     

       228
       228
       -
       

     

       229
       229
       -
               path = [ pkgs.coreutils ];

     

       230
       230
       -
               script =

     

       231
       231
       -
                 ''

     

       232
       232
       -
                   echo "Fetching entropy..."

     

       233
       233
       -
                   cat /sys/firmware/acpi/tables/OEM0 > /dev/random

     

       234
       234
       -
                 '';

     

       235
       235
       -
               serviceConfig.Type = "oneshot";

     

       236
       236
       -
               serviceConfig.RemainAfterExit = true;

     

       237
       237
       -
               serviceConfig.StandardError = "journal+console";

     

       238
       238
       -
               serviceConfig.StandardOutput = "journal+console";

     

       239
       239
       -
             };

     

       240
       240
       -
       

     

       241
       241
       -
           systemd.services.waagent = {

     

       242
       242
       -
             wantedBy = [ "multi-user.target" ];

     

       243
       243
       -
             after = [ "network-online.target" "sshd.service" ];

     

       244
       244
       -
             wants = [ "network-online.target" ];

     

       245
       245
       -
       

     

       246
       246
       -
             path = [

     

       247
       247
       -
               pkgs.e2fsprogs

     

       248
       248
       -
               pkgs.bash

     

       249
       249
       -
       

     

       250
       250
       -
               pkgs.findutils

     

       251
       251
       -
               pkgs.gnugrep

     

       252
       252
       -
               pkgs.gnused

     

       253
       253
       -
               pkgs.iproute2

     

       254
       254
       -
               pkgs.iptables

     

       255
       255
       -
       

     

       256
       256
       -
               # for hostname

     

       257
       257
       -
               pkgs.nettools

     

       258
       258
       -
       

     

       259
       259
       -
               pkgs.openssh

     

       260
       260
       -
               pkgs.openssl

     

       261
       261
       -
               pkgs.parted

     

       262
       262
       -
       

     

       263
       263
       -
               # for pidof

     

       264
       264
       -
               pkgs.procps

     

       265
       265
       -
       

     

       266
       266
       -
               # for useradd, usermod

     

       267
       267
       -
               pkgs.shadow

     

       268
       268
       -
       

     

       269
       269
       -
               pkgs.util-linux # for (u)mount, fdisk, sfdisk, mkswap

     

       270
       270
       -
       

     

       271
       271
       -
               # waagent's Microsoft.OSTCExtensions.VMAccessForLinux needs Python 3

     

       272
       272
       -
               pkgs.python39

     

       273
       273
       -
       

     

       274
       274
       -
               # waagent's Microsoft.CPlat.Core.RunCommandLinux needs lsof

     

       275
       275
       -
               pkgs.lsof

     

       276
       276
       -
             ];

     

       277
       277
       -
             description = "Windows Azure Agent Service";

     

       278
       278
       -
             unitConfig.ConditionPathExists = "/etc/waagent.conf";

     

       279
       279
       -
             serviceConfig = {

     

       280
       280
       -
               ExecStart = "${pkgs.waagent}/bin/waagent -daemon";

     

       281
       281
       -
               Type = "simple";

     

       282
       282
       -
             };

     

       283
       283
       -
           };

     

       284
       284
       -
       

     

       285
       285
       -
           # waagent will generate files under /etc/sudoers.d during provisioning

     

       286
       286
       -
           security.sudo.extraConfig = ''

     

       287
       287
       -
             #includedir /etc/sudoers.d

     

       288
       288
       -
           '';

     

       289
       289
       -
       

     

       290
       290
       -
         };

     

       291
       291
       -
       }

     

       11
       11
       +
           imports = [

     

       12
       12
       +
             (mkRenamedOptionModule

     

       13
       13
       +
               [

     

       14
       14
       +
                 "virtualisation"

     

       15
       15
       +
                 "azure"

     

       16
       16
       +
                 "agent"

     

       17
       17
       +
                 "enable"

     

       18
       18
       +
               ]

     

       19
       19
       +
               [

     

       20
       20
       +
                 "services"

     

       21
       21
       +
                 "waagent"

     

       22
       22
       +
                 "enable"

     

       23
       23
       +
               ]

     

       24
       24
       +
             )

     

       25
       25
       +
             (mkRenamedOptionModule

     

       26
       26
       +
               [

     

       27
       27
       +
                 "virtualisation"

     

       28
       28
       +
                 "azure"

     

       29
       29
       +
                 "agent"

     

       30
       30
       +
                 "verboseLogging"

     

       31
       31
       +
               ]

     

       32
       32
       +
               [

     

       33
       33
       +
                 "services"

     

       34
       34
       +
                 "waagent"

     

       35
       35
       +
                 "settings"

     

       36
       36
       +
                 "Logs"

     

       37
       37
       +
                 "Verbose"

     

       38
       38
       +
               ]

     

       39
       39
       +
             )

     

       40
       40
       +
             (mkRenamedOptionModule

     

       41
       41
       +
               [

     

       42
       42
       +
                 "virtualisation"

     

       43
       43
       +
                 "azure"

     

       44
       44
       +
                 "agent"

     

       45
       45
       +
                 "mountResourceDisk"

     

       46
       46
       +
               ]

     

       47
       47
       +
               [

     

       48
       48
       +
                 "services"

     

       49
       49
       +
                 "waagent"

     

       50
       50
       +
                 "settings"

     

       51
       51
       +
                 "ResourceDisk"

     

       52
       52
       +
                 "Format"

     

       53
       53
       +
               ]

     

       54
       54
       +
             )

     

       55
       55
       +
           ];

     

       56
       56
       +
         }

+364

nixos/modules/virtualisation/waagent.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         pkgs,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       7
       7
       +
       

     

       8
       8
       +
       with lib;

     

       9
       9
       +
       let

     

       10
       10
       +
         cfg = config.services.waagent;

     

       11
       11
       +
       

     

       12
       12
       +
         # Format for waagent.conf

     

       13
       13
       +
         settingsFormat = {

     

       14
       14
       +
           type =

     

       15
       15
       +
             with types;

     

       16
       16
       +
             let

     

       17
       17
       +
               singleAtom =

     

       18
       18
       +
                 (nullOr (oneOf [

     

       19
       19
       +
                   bool

     

       20
       20
       +
                   str

     

       21
       21
       +
                   int

     

       22
       22
       +
                   float

     

       23
       23
       +
                 ]))

     

       24
       24
       +
                 // {

     

       25
       25
       +
                   description = "atom (bool, string, int or float) or null";

     

       26
       26
       +
                 };

     

       27
       27
       +
               atom = either singleAtom (listOf singleAtom) // {

     

       28
       28
       +
                 description = singleAtom.description + " or a list of them";

     

       29
       29
       +
               };

     

       30
       30
       +
             in

     

       31
       31
       +
             attrsOf (

     

       32
       32
       +
               either atom (attrsOf atom)

     

       33
       33
       +
               // {

     

       34
       34
       +
                 description = atom.description + "or an attribute set of them";

     

       35
       35
       +
               }

     

       36
       36
       +
             );

     

       37
       37
       +
           generate =

     

       38
       38
       +
             name: value:

     

       39
       39
       +
             let

     

       40
       40
       +
               # Transform non-attribute values

     

       41
       41
       +
               transform =

     

       42
       42
       +
                 x:

     

       43
       43
       +
                 # Transform bool to "y" or "n"

     

       44
       44
       +
                 if (isBool x) then

     

       45
       45
       +
                   (if x then "y" else "n")

     

       46
       46
       +
                 # Concatenate list items with comma

     

       47
       47
       +
                 else if (isList x) then

     

       48
       48
       +
                   concatStringsSep "," (map transform x)

     

       49
       49
       +
                 else

     

       50
       50
       +
                   toString x;

     

       51
       51
       +
       

     

       52
       52
       +
               # Convert to format of waagent.conf

     

       53
       53
       +
               recurse =

     

       54
       54
       +
                 path: value:

     

       55
       55
       +
                 if builtins.isAttrs value then

     

       56
       56
       +
                   pipe value [

     

       57
       57
       +
                     (mapAttrsToList (k: v: recurse (path ++ [ k ]) v))

     

       58
       58
       +
                     concatLists

     

       59
       59
       +
                   ]

     

       60
       60
       +
                 else

     

       61
       61
       +
                   [

     

       62
       62
       +
                     {

     

       63
       63
       +
                       name = concatStringsSep "." path;

     

       64
       64
       +
                       inherit value;

     

       65
       65
       +
                     }

     

       66
       66
       +
                   ];

     

       67
       67
       +
               convert =

     

       68
       68
       +
                 attrs:

     

       69
       69
       +
                 pipe (recurse [ ] attrs) [

     

       70
       70
       +
                   # Filter out null values and emoty lists

     

       71
       71
       +
                   (filter (kv: kv.value != null && kv.value != [ ]))

     

       72
       72
       +
                   # Transform to Key=Value form, then concatenate

     

       73
       73
       +
                   (map (kv: "${kv.name}=${transform kv.value}"))

     

       74
       74
       +
                   (concatStringsSep "\n")

     

       75
       75
       +
                 ];

     

       76
       76
       +
             in

     

       77
       77
       +
             pkgs.writeText name (convert value);

     

       78
       78
       +
         };

     

       79
       79
       +
       

     

       80
       80
       +
         settingsType = types.submodule {

     

       81
       81
       +
           freeformType = settingsFormat.type;

     

       82
       82
       +
           options = {

     

       83
       83
       +
             Provisioning = {

     

       84
       84
       +
               Enable = mkOption {

     

       85
       85
       +
                 type = types.bool;

     

       86
       86
       +
                 default = !config.services.cloud-init.enable;

     

       87
       87
       +
                 defaultText = literalExpression "!config.services.cloud-init.enable";

     

       88
       88
       +
                 description = ''

     

       89
       89
       +
                   Whether to enable provisioning functionality in the agent.

     

       90
       90
       +
       

     

       91
       91
       +
                   If provisioning is disabled, SSH host and user keys in the image are preserved

     

       92
       92
       +
                   and configuration in the Azure provisioning API is ignored.

     

       93
       93
       +
       

     

       94
       94
       +
                   Set to `false` if cloud-init is used for provisioning tasks.

     

       95
       95
       +
                 '';

     

       96
       96
       +
               };

     

       97
       97
       +
       

     

       98
       98
       +
               Agent = mkOption {

     

       99
       99
       +
                 type = types.enum [

     

       100
       100
       +
                   "auto"

     

       101
       101
       +
                   "waagent"

     

       102
       102
       +
                   "cloud-init"

     

       103
       103
       +
                   "disabled"

     

       104
       104
       +
                 ];

     

       105
       105
       +
                 default = "auto";

     

       106
       106
       +
                 description = ''

     

       107
       107
       +
                   Which provisioning agent to use.

     

       108
       108
       +
                 '';

     

       109
       109
       +
               };

     

       110
       110
       +
             };

     

       111
       111
       +
       

     

       112
       112
       +
             ResourceDisk = {

     

       113
       113
       +
               Format = mkEnableOption ''

     

       114
       114
       +
                 If set to `true`, waagent formats and mounts the resource disk that the platform provides,

     

       115
       115
       +
                 unless the file system type in `ResourceDisk.FileSystem` is set to `ntfs`.

     

       116
       116
       +
                 The agent makes a single Linux partition (ID 83) available on the disk.

     

       117
       117
       +
                 This partition isn't formatted if it can be successfully mounted.

     

       118
       118
       +
       

     

       119
       119
       +
                 This configuration has no effect if resource disk is managed by cloud-init.

     

       120
       120
       +
               '';

     

       121
       121
       +
       

     

       122
       122
       +
               FileSystem = mkOption {

     

       123
       123
       +
                 type = types.str;

     

       124
       124
       +
                 default = "ext4";

     

       125
       125
       +
                 description = ''

     

       126
       126
       +
                   The file system type for the resource disk.

     

       127
       127
       +
                   If the string is `X`, then `mkfs.X` should be present in the environment.

     

       128
       128
       +
                   You can add additional filesystem packages using `services.waagent.extraPackages`.

     

       129
       129
       +
       

     

       130
       130
       +
                   This configuration has no effect if resource disk is managed by cloud-init.

     

       131
       131
       +
                 '';

     

       132
       132
       +
               };

     

       133
       133
       +
       

     

       134
       134
       +
               MountPoint = mkOption {

     

       135
       135
       +
                 type = types.str;

     

       136
       136
       +
                 default = "/mnt/resource";

     

       137
       137
       +
                 description = ''

     

       138
       138
       +
                   This option specifies the path at which the resource disk is mounted.

     

       139
       139
       +
                   The resource disk is a temporary disk and might be emptied when the VM is deprovisioned.

     

       140
       140
       +
       

     

       141
       141
       +
                   This configuration has no effect if resource disk is managed by cloud-init.

     

       142
       142
       +
                 '';

     

       143
       143
       +
               };

     

       144
       144
       +
       

     

       145
       145
       +
               MountOptions = mkOption {

     

       146
       146
       +
                 type = with types; listOf str;

     

       147
       147
       +
                 default = [ ];

     

       148
       148
       +
                 example = [

     

       149
       149
       +
                   "nodev"

     

       150
       150
       +
                   "nosuid"

     

       151
       151
       +
                 ];

     

       152
       152
       +
                 description = ''

     

       153
       153
       +
                   This option specifies disk mount options to be passed to the `mount -o` command.

     

       154
       154
       +
                   For more information, see the `mount(8)` manual page.

     

       155
       155
       +
                 '';

     

       156
       156
       +
               };

     

       157
       157
       +
       

     

       158
       158
       +
               EnableSwap = mkEnableOption ''

     

       159
       159
       +
                 If enabled, the agent creates a swap file (`/swapfile`) on the resource disk

     

       160
       160
       +
                 and adds it to the system swap space.

     

       161
       161
       +
       

     

       162
       162
       +
                 This configuration has no effect if resource disk is managed by cloud-init.

     

       163
       163
       +
               '';

     

       164
       164
       +
       

     

       165
       165
       +
               SwapSizeMB = mkOption {

     

       166
       166
       +
                 type = types.int;

     

       167
       167
       +
                 default = 0;

     

       168
       168
       +
                 description = ''

     

       169
       169
       +
                   Specifies the size of the swap file in megabytes.

     

       170
       170
       +
       

     

       171
       171
       +
                   This configuration has no effect if resource disk is managed by cloud-init.

     

       172
       172
       +
                 '';

     

       173
       173
       +
               };

     

       174
       174
       +
             };

     

       175
       175
       +
       

     

       176
       176
       +
             Logs.Verbose = lib.mkEnableOption ''

     

       177
       177
       +
               If you set this option, log verbosity is boosted.

     

       178
       178
       +
               Waagent logs to `/var/log/waagent.log` and uses the system logrotate functionality to rotate logs.

     

       179
       179
       +
             '';

     

       180
       180
       +
       

     

       181
       181
       +
             OS = {

     

       182
       182
       +
               EnableRDMA = lib.mkEnableOption ''

     

       183
       183
       +
                 If enabled, the agent attempts to install and then load an RDMA kernel driver

     

       184
       184
       +
                 that matches the version of the firmware on the underlying hardware.

     

       185
       185
       +
               '';

     

       186
       186
       +
       

     

       187
       187
       +
               RootDeviceScsiTimeout = lib.mkOption {

     

       188
       188
       +
                 type = types.nullOr types.int;

     

       189
       189
       +
                 default = 300;

     

       190
       190
       +
                 description = ''

     

       191
       191
       +
                   Configures the SCSI timeout in seconds on the OS disk and data drives.

     

       192
       192
       +
                   If set to `null`, the system defaults are used.

     

       193
       193
       +
                 '';

     

       194
       194
       +
               };

     

       195
       195
       +
             };

     

       196
       196
       +
       

     

       197
       197
       +
             HttpProxy = {

     

       198
       198
       +
               Host = lib.mkOption {

     

       199
       199
       +
                 type = types.nullOr types.str;

     

       200
       200
       +
                 default = null;

     

       201
       201
       +
                 description = ''

     

       202
       202
       +
                   If you set http proxy, waagent will use is proxy to access the Internet.

     

       203
       203
       +
                 '';

     

       204
       204
       +
               };

     

       205
       205
       +
       

     

       206
       206
       +
               Port = lib.mkOption {

     

       207
       207
       +
                 type = types.nullOr types.int;

     

       208
       208
       +
                 default = null;

     

       209
       209
       +
                 description = ''

     

       210
       210
       +
                   If you set http proxy, waagent will use this proxy to access the Internet.

     

       211
       211
       +
                 '';

     

       212
       212
       +
               };

     

       213
       213
       +
             };

     

       214
       214
       +
       

     

       215
       215
       +
             AutoUpdate.Enable = lib.mkEnableOption ''

     

       216
       216
       +
               Enable or disable autoupdate for goal state processing.

     

       217
       217
       +
             '';

     

       218
       218
       +
           };

     

       219
       219
       +
         };

     

       220
       220
       +
       in

     

       221
       221
       +
       {

     

       222
       222
       +
         options.services.waagent = {

     

       223
       223
       +
           enable = lib.mkEnableOption ''

     

       224
       224
       +
             Whether to enable the Windows Azure Linux Agent.

     

       225
       225
       +
           '';

     

       226
       226
       +
       

     

       227
       227
       +
           package = lib.mkPackageOption pkgs "waagent" { };

     

       228
       228
       +
       

     

       229
       229
       +
           extraPackages = lib.mkOption {

     

       230
       230
       +
             default = [ ];

     

       231
       231
       +
             description = ''

     

       232
       232
       +
               Additional packages to add to the waagent {env}`PATH`.

     

       233
       233
       +
             '';

     

       234
       234
       +
             example = lib.literalExpression "[ pkgs.powershell ]";

     

       235
       235
       +
             type = lib.types.listOf lib.types.package;

     

       236
       236
       +
           };

     

       237
       237
       +
       

     

       238
       238
       +
           settings = lib.mkOption {

     

       239
       239
       +
             type = settingsType;

     

       240
       240
       +
             default = { };

     

       241
       241
       +
             description = ''

     

       242
       242
       +
               The waagent.conf configuration, see https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/agent-linux for documentation.

     

       243
       243
       +
             '';

     

       244
       244
       +
           };

     

       245
       245
       +
         };

     

       246
       246
       +
       

     

       247
       247
       +
         config = lib.mkIf cfg.enable {

     

       248
       248
       +
           assertions = [

     

       249
       249
       +
             {

     

       250
       250
       +
               assertion = (cfg.settings.HttpProxy.Host != null) -> (cfg.settings.HttpProxy.Port != null);

     

       251
       251
       +
               message = "Option services.waagent.settings.HttpProxy.Port must be set if services.waagent.settings.HttpProxy.Host is set.";

     

       252
       252
       +
             }

     

       253
       253
       +
           ];

     

       254
       254
       +
       

     

       255
       255
       +
           boot.initrd.kernelModules = [ "ata_piix" ];

     

       256
       256
       +
           networking.firewall.allowedUDPPorts = [ 68 ];

     

       257
       257
       +
       

     

       258
       258
       +
           services.udev.packages = with pkgs; [ waagent ];

     

       259
       259
       +
       

     

       260
       260
       +
           boot.initrd.services.udev = with pkgs; {

     

       261
       261
       +
             # Provide waagent-shipped udev rules in initrd too.

     

       262
       262
       +
             packages = [ waagent ];

     

       263
       263
       +
             # udev rules shell out to chmod, cut and readlink, which are all

     

       264
       264
       +
             # provided by pkgs.coreutils, which is in services.udev.path, but not

     

       265
       265
       +
             # boot.initrd.services.udev.binPackages.

     

       266
       266
       +
             binPackages = [ coreutils ];

     

       267
       267
       +
           };

     

       268
       268
       +
       

     

       269
       269
       +
           networking.dhcpcd.persistent = true;

     

       270
       270
       +
       

     

       271
       271
       +
           services.logrotate = {

     

       272
       272
       +
             enable = true;

     

       273
       273
       +
             settings."/var/log/waagent.log" = {

     

       274
       274
       +
               compress = true;

     

       275
       275
       +
               frequency = "monthly";

     

       276
       276
       +
               rotate = 6;

     

       277
       277
       +
             };

     

       278
       278
       +
           };

     

       279
       279
       +
       

     

       280
       280
       +
           # Write settings to /etc/waagent.conf

     

       281
       281
       +
           environment.etc."waagent.conf".source = settingsFormat.generate "waagent.conf" cfg.settings;

     

       282
       282
       +
       

     

       283
       283
       +
           systemd.targets.provisioned = {

     

       284
       284
       +
             description = "Services Requiring Azure VM provisioning to have finished";

     

       285
       285
       +
           };

     

       286
       286
       +
       

     

       287
       287
       +
           systemd.services.consume-hypervisor-entropy = {

     

       288
       288
       +
             description = "Consume entropy in ACPI table provided by Hyper-V";

     

       289
       289
       +
       

     

       290
       290
       +
             wantedBy = [

     

       291
       291
       +
               "sshd.service"

     

       292
       292
       +
               "waagent.service"

     

       293
       293
       +
             ];

     

       294
       294
       +
             before = [

     

       295
       295
       +
               "sshd.service"

     

       296
       296
       +
               "waagent.service"

     

       297
       297
       +
             ];

     

       298
       298
       +
       

     

       299
       299
       +
             path = [ pkgs.coreutils ];

     

       300
       300
       +
             script = ''

     

       301
       301
       +
               echo "Fetching entropy..."

     

       302
       302
       +
               cat /sys/firmware/acpi/tables/OEM0 > /dev/random

     

       303
       303
       +
             '';

     

       304
       304
       +
             serviceConfig.Type = "oneshot";

     

       305
       305
       +
             serviceConfig.RemainAfterExit = true;

     

       306
       306
       +
             serviceConfig.StandardError = "journal+console";

     

       307
       307
       +
             serviceConfig.StandardOutput = "journal+console";

     

       308
       308
       +
           };

     

       309
       309
       +
       

     

       310
       310
       +
           systemd.services.waagent = {

     

       311
       311
       +
             wantedBy = [ "multi-user.target" ];

     

       312
       312
       +
             after = [

     

       313
       313
       +
               "network-online.target"

     

       314
       314
       +
             ] ++ lib.optionals config.services.cloud-init.enable [ "cloud-init.service" ];

     

       315
       315
       +
             wants = [

     

       316
       316
       +
               "network-online.target"

     

       317
       317
       +
               "sshd.service"

     

       318
       318
       +
               "sshd-keygen.service"

     

       319
       319
       +
             ];

     

       320
       320
       +
       

     

       321
       321
       +
             path =

     

       322
       322
       +
               with pkgs;

     

       323
       323
       +
               [

     

       324
       324
       +
                 e2fsprogs

     

       325
       325
       +
                 bash

     

       326
       326
       +
                 findutils

     

       327
       327
       +
                 gnugrep

     

       328
       328
       +
                 gnused

     

       329
       329
       +
                 iproute2

     

       330
       330
       +
                 iptables

     

       331
       331
       +
                 openssh

     

       332
       332
       +
                 openssl

     

       333
       333
       +
                 parted

     

       334
       334
       +
       

     

       335
       335
       +
                 # for hostname

     

       336
       336
       +
                 nettools

     

       337
       337
       +
                 # for pidof

     

       338
       338
       +
                 procps

     

       339
       339
       +
                 # for useradd, usermod

     

       340
       340
       +
                 shadow

     

       341
       341
       +
       

     

       342
       342
       +
                 util-linux # for (u)mount, fdisk, sfdisk, mkswap

     

       343
       343
       +
                 # waagent's Microsoft.CPlat.Core.RunCommandLinux needs lsof

     

       344
       344
       +
                 lsof

     

       345
       345
       +
               ]

     

       346
       346
       +
               ++ cfg.extraPackages;

     

       347
       347
       +
             description = "Windows Azure Agent Service";

     

       348
       348
       +
             unitConfig.ConditionPathExists = "/etc/waagent.conf";

     

       349
       349
       +
             serviceConfig = {

     

       350
       350
       +
               ExecStart = "${lib.getExe cfg.package} -daemon";

     

       351
       351
       +
               Type = "simple";

     

       352
       352
       +
               Restart = "always";

     

       353
       353
       +
               Slice = "azure.slice";

     

       354
       354
       +
               CPUAccounting = true;

     

       355
       355
       +
               MemoryAccounting = true;

     

       356
       356
       +
             };

     

       357
       357
       +
           };

     

       358
       358
       +
       

     

       359
       359
       +
           # waagent will generate files under /etc/sudoers.d during provisioning

     

       360
       360
       +
           security.sudo.extraConfig = ''

     

       361
       361
       +
             #includedir /etc/sudoers.d

     

       362
       362
       +
           '';

     

       363
       363
       +
         };

     

       364
       364
       +
       }

nixos/tests/all-tests.nix

···

       1124
       1124
        
         vscode-remote-ssh = handleTestOn ["x86_64-linux"] ./vscode-remote-ssh.nix {};

     

       1125
       1125
        
         vscodium = discoverTests (import ./vscodium.nix);

     

       1126
       1126
        
         vsftpd = handleTest ./vsftpd.nix {};

     

       1127
       1127
       +
         waagent = handleTest ./waagent.nix {};

     

       1127
       1128
        
         wakapi = handleTest ./wakapi.nix {};

     

       1128
       1129
        
         warzone2100 = handleTest ./warzone2100.nix {};

     

       1129
       1130
        
         wasabibackend = handleTest ./wasabibackend.nix {};

+72

nixos/tests/waagent.nix

···

       1
       1
       +
       import ./make-test-python.nix (

     

       2
       2
       +
         { lib, pkgs, ... }:

     

       3
       3
       +
         let

     

       4
       4
       +
           confPath = "/etc/waagent.conf";

     

       5
       5
       +
         in

     

       6
       6
       +
         {

     

       7
       7
       +
           name = "waagent";

     

       8
       8
       +
       

     

       9
       9
       +
           meta = {

     

       10
       10
       +
             maintainers = with lib.maintainers; [ codgician ];

     

       11
       11
       +
           };

     

       12
       12
       +
       

     

       13
       13
       +
           nodes.machine = {

     

       14
       14
       +
             services.waagent = {

     

       15
       15
       +
               enable = true;

     

       16
       16
       +
               settings = {

     

       17
       17
       +
                 Provisioning = {

     

       18
       18
       +
                   Enable = false;

     

       19
       19
       +
                   Agent = "waagent";

     

       20
       20
       +
                   DeleteRootPassword = false;

     

       21
       21
       +
                   RegenerateSshHostKeyPair = false;

     

       22
       22
       +
                   SshHostKeyPairType = "ed25519";

     

       23
       23
       +
                   MonitorHostName = false;

     

       24
       24
       +
                 };

     

       25
       25
       +
                 ResourceDisk = {

     

       26
       26
       +
                   Format = false;

     

       27
       27
       +
                   MountOptions = [

     

       28
       28
       +
                     "compress=lzo"

     

       29
       29
       +
                     "mode=0600"

     

       30
       30
       +
                   ];

     

       31
       31
       +
                 };

     

       32
       32
       +
                 OS.RootDeviceScsiTimeout = 300;

     

       33
       33
       +
                 HttpProxy = {

     

       34
       34
       +
                   Host = null;

     

       35
       35
       +
                   Port = null;

     

       36
       36
       +
                 };

     

       37
       37
       +
                 CGroups = {

     

       38
       38
       +
                   EnforceLimits = false;

     

       39
       39
       +
                   Excluded = [ ];

     

       40
       40
       +
                 };

     

       41
       41
       +
               };

     

       42
       42
       +
             };

     

       43
       43
       +
           };

     

       44
       44
       +
       

     

       45
       45
       +
           testScript = ''

     

       46
       46
       +
             # Defined values should be reflected in waagent.conf

     

       47
       47
       +
             machine.succeed("grep -q '^Provisioning.Enable=n$' '${confPath}'")

     

       48
       48
       +
             machine.succeed("grep -q '^Provisioning.Agent=waagent$' '${confPath}'")

     

       49
       49
       +
             machine.succeed("grep -q '^Provisioning.DeleteRootPassword=n$' '${confPath}'")

     

       50
       50
       +
             machine.succeed("grep -q '^Provisioning.RegenerateSshHostKeyPair=n$' '${confPath}'")

     

       51
       51
       +
             machine.succeed("grep -q '^Provisioning.SshHostKeyPairType=ed25519$' '${confPath}'")

     

       52
       52
       +
             machine.succeed("grep -q '^Provisioning.MonitorHostName=n$' '${confPath}'")

     

       53
       53
       +
             machine.succeed("grep -q '^ResourceDisk.Format=n$' '${confPath}'")

     

       54
       54
       +
             machine.succeed("grep -q '^ResourceDisk.MountOptions=compress=lzo,mode=0600$' '${confPath}'")

     

       55
       55
       +
             machine.succeed("grep -q '^OS.RootDeviceScsiTimeout=300$' '${confPath}'")

     

       56
       56
       +
       

     

       57
       57
       +
             # Undocumented options should also be supported

     

       58
       58
       +
             machine.succeed("grep -q '^CGroups.EnforceLimits=n$' '${confPath}'")

     

       59
       59
       +
       

     

       60
       60
       +
             # Null values should be skipped and not exist in waagent.conf

     

       61
       61
       +
             machine.fail("grep -q '^HttpProxy.Host=' '${confPath}'")

     

       62
       62
       +
             machine.fail("grep -q '^HttpProxy.Port=' '${confPath}'")

     

       63
       63
       +
       

     

       64
       64
       +
             # Empty lists should be skipped and not exist in waagent.conf

     

       65
       65
       +
             machine.fail("grep -q '^CGroups.Excluded=' '${confPath}'")

     

       66
       66
       +
       

     

       67
       67
       +
             # Test service start

     

       68
       68
       +
             # Skip testing actual functionality due to lacking Azure infrasturcture

     

       69
       69
       +
             machine.wait_for_unit("waagent.service")

     

       70
       70
       +
           '';

     

       71
       71
       +
         }

     

       72
       72
       +
       )

+13

pkgs/by-name/wa/waagent/package.nix

···

       4
       4
        
         lib,

     

       5
       5
        
         python3,

     

       6
       6
        
         bash,

     

       7
       7
       +
         gitUpdater,

     

       8
       8
       +
         nixosTests,

     

       7
       9
        
       }:

     

       8
       10
        
       

     

       9
       11
        
       let

     
···

       63
       65
        
       

     

       64
       66
        
         dontWrapPythonPrograms = false;

     

       65
       67
        
       

     

       68
       68
       +
         passthru = {

     

       69
       69
       +
           tests = {

     

       70
       70
       +
             inherit (nixosTests) waagent;

     

       71
       71
       +
           };

     

       72
       72
       +
           updateScript = gitUpdater {

     

       73
       73
       +
             rev-prefix = "v";

     

       74
       74
       +
           };

     

       75
       75
       +
         };

     

       76
       76
       +
       

     

       66
       77
        
         meta = {

     

       67
       78
        
           description = "Microsoft Azure Linux Agent (waagent)";

     

       68
       79
        
           mainProgram = "waagent";

     
···

       71
       82
        
             manages Linux provisioning and VM interaction with the Azure

     

       72
       83
        
             Fabric Controller'';

     

       73
       84
        
           homepage = "https://github.com/Azure/WALinuxAgent";

     

       85
       85
       +
           maintainers = with lib.maintainers; [ codgician ];

     

       74
       86
        
           license = with lib.licenses; [ asl20 ];

     

       87
       87
       +
           platforms = lib.platforms.linux;

     

       75
       88
        
         };

     

       76
       89
        
       }