summary refs log tree commit diff
path: root/nixos/modules/virtualisation/google-compute-image.nix
diff options
context:
space:
mode:
authorRussell O'Connor <oconnorr@google.com>2015-03-23 21:45:40 +0000
committerRussell O'Connor <oconnorr@google.com>2015-05-29 19:53:57 +0000
commit4744e3541ad2308625afd1d0ac53329efd947e6a (patch)
treecf00e9ca9efa44d2d60d9850330a9210af665723 /nixos/modules/virtualisation/google-compute-image.nix
parent1badfabc4ddb6b487005cf4a8447b5d1111cd72c (diff)
downloadnixlib-4744e3541ad2308625afd1d0ac53329efd947e6a.tar
nixlib-4744e3541ad2308625afd1d0ac53329efd947e6a.tar.gz
nixlib-4744e3541ad2308625afd1d0ac53329efd947e6a.tar.bz2
nixlib-4744e3541ad2308625afd1d0ac53329efd947e6a.tar.lz
nixlib-4744e3541ad2308625afd1d0ac53329efd947e6a.tar.xz
nixlib-4744e3541ad2308625afd1d0ac53329efd947e6a.tar.zst
nixlib-4744e3541ad2308625afd1d0ac53329efd947e6a.zip
[GCE] Put temp files for fetch-ssh-keys service in /run
Diffstat (limited to 'nixos/modules/virtualisation/google-compute-image.nix')
-rw-r--r--nixos/modules/virtualisation/google-compute-image.nix9


1 files changed, 5 insertions, 4 deletions
diff --git a/nixos/modules/virtualisation/google-compute-image.nix b/nixos/modules/virtualisation/google-compute-image.nix
index 25bdd9569dee..cdcd7e5a126c 100644
--- a/nixos/modules/virtualisation/google-compute-image.nix
+++ b/nixos/modules/virtualisation/google-compute-image.nix
@@ -137,7 +137,8 @@ in
       after = [ "network-online.target" "ip-up.target" ];
       wants = [ "network-online.target" "ip-up.target" ];
 
-      script = let wget = "${pkgs.wget}/bin/wget --retry-connrefused -t 15 --waitretry=10 --header='Metadata-Flavor: Google'"; in
+      script = let wget = "${pkgs.wget}/bin/wget --retry-connrefused -t 15 --waitretry=10 --header='Metadata-Flavor: Google'";
+                   mktemp = "mktemp --tmpdir=/run"; in
         ''
           # When dealing with cryptographic keys, we want to keep things private.
           umask 077
@@ -145,10 +146,10 @@ in
           if ! [ -e /root/.ssh/authorized_keys ]; then
               echo "obtaining SSH key..."
               mkdir -m 0700 -p /root/.ssh
-              AUTH_KEYS=$(mktemp) && {
+              AUTH_KEYS=$(${mktemp}) && {
                 ${wget} -O $AUTH_KEYS http://metadata.google.internal/0.1/meta-data/authorized-keys
                 if [ $? -eq 0 -a -e $AUTH_KEYS ]; then
-                    KEY_PUB=$(mktemp) && {
+                    KEY_PUB=$(${mktemp}) && {
                       cat $AUTH_KEYS | cut -d: -f2- > $KEY_PUB
                       if ! grep -q -f $KEY_PUB /root/.ssh/authorized_keys; then
                           cat $KEY_PUB >> /root/.ssh/authorized_keys
@@ -165,7 +166,7 @@ in
           countKeys=0
           ${flip concatMapStrings config.services.openssh.hostKeys (k :
             let kName = baseNameOf k.path; in ''
-              PRIV_KEY=$(mktemp) && {
+              PRIV_KEY=$(${mktemp}) && {
                 echo "trying to obtain SSH private host key ${kName}"
                 ${wget} -O $PRIV_KEY http://metadata.google.internal/0.1/meta-data/attributes/${kName} && :
                 if [ $? -eq 0 -a -e $PRIV_KEY ]; then

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-03 05:45:44 +0000