diff options
| author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2012-11-30 16:12:04 +0100 |
|---|---|---|
| committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2012-11-30 16:12:04 +0100 |
| commit | b1da38f5649e8d6d666ed8c8873e960ffbd14589 (patch) | |
| tree | f58b4c9acef8ea102bdfbfa39e33695f2b814ff6 /modules/virtualisation | |
| parent | 3c6e0fd594801617d77ce78e01d8b066aeb5982e (diff) | |
| parent | 7435db4f898233f9615b7818c07bbbcf30d44d63 (diff) | |
| download | nixlib-b1da38f5649e8d6d666ed8c8873e960ffbd14589.tar nixlib-b1da38f5649e8d6d666ed8c8873e960ffbd14589.tar.gz nixlib-b1da38f5649e8d6d666ed8c8873e960ffbd14589.tar.bz2 nixlib-b1da38f5649e8d6d666ed8c8873e960ffbd14589.tar.lz nixlib-b1da38f5649e8d6d666ed8c8873e960ffbd14589.tar.xz nixlib-b1da38f5649e8d6d666ed8c8873e960ffbd14589.tar.zst nixlib-b1da38f5649e8d6d666ed8c8873e960ffbd14589.zip | |
Merge remote-tracking branch 'origin/master' into systemd
Diffstat (limited to 'modules/virtualisation')
| -rw-r--r-- | modules/virtualisation/ec2-data.nix | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/modules/virtualisation/ec2-data.nix b/modules/virtualisation/ec2-data.nix index 6ca89dd7ac5b..33b8c1e516dc 100644 --- a/modules/virtualisation/ec2-data.nix +++ b/modules/virtualisation/ec2-data.nix @@ -5,8 +5,19 @@ { config, pkgs, ... }: with pkgs.lib; - +let + options = { + ec2.metadata = mkOption { + type = types.bool; + default = false; + description = '' + Whether to allow access to EC2 metadata. + ''; + }; + }; +in { + require = [options]; boot.systemd.services."fetch-ec2-data" = { description = "Fetch EC2 Data"; @@ -56,9 +67,11 @@ with pkgs.lib; echo "$key_pub" > /etc/ssh/ssh_host_dsa_key.pub fi + ${optionalString (! config.ec2.metadata) '' # Since the user data is sensitive, prevent it from being # accessed from now on. ip route add blackhole 169.254.169.254/32 + ''} ''; serviceConfig.Type = "oneshot"; |