diff options
author | AmineChikhaoui <amine.chikhaoui91@gmail.com> | 2018-04-28 16:52:46 +0100 |
---|---|---|
committer | AmineChikhaoui <amine.chikhaoui91@gmail.com> | 2018-04-28 16:52:46 +0100 |
commit | 3b8c7424d1948e52bc2afe0e41e3b64db3f2c22b (patch) | |
tree | cf58e55c57a4cdbd4f4a8a6d5703e5b8195ea7de /nixos/modules/virtualisation | |
parent | 1b1b76f70a9dbf59ad8e833f9de3a60f14cf5471 (diff) | |
download | nixlib-3b8c7424d1948e52bc2afe0e41e3b64db3f2c22b.tar nixlib-3b8c7424d1948e52bc2afe0e41e3b64db3f2c22b.tar.gz nixlib-3b8c7424d1948e52bc2afe0e41e3b64db3f2c22b.tar.bz2 nixlib-3b8c7424d1948e52bc2afe0e41e3b64db3f2c22b.tar.lz nixlib-3b8c7424d1948e52bc2afe0e41e3b64db3f2c22b.tar.xz nixlib-3b8c7424d1948e52bc2afe0e41e3b64db3f2c22b.tar.zst nixlib-3b8c7424d1948e52bc2afe0e41e3b64db3f2c22b.zip |
pull the ssh host keys from the metadata service as expected by NixOps.
Issues: #38623 https://github.com/NixOS/nixops/issues/930.
Diffstat (limited to 'nixos/modules/virtualisation')
-rw-r--r-- | nixos/modules/virtualisation/google-compute-image.nix | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/nixos/modules/virtualisation/google-compute-image.nix b/nixos/modules/virtualisation/google-compute-image.nix index 0b6bec786da4..e0d8027c67aa 100644 --- a/nixos/modules/virtualisation/google-compute-image.nix +++ b/nixos/modules/virtualisation/google-compute-image.nix @@ -221,7 +221,7 @@ in echo "Obtaining SSH keys..." mkdir -m 0700 -p /root/.ssh AUTH_KEYS=$(${mktemp}) - ${wget} -O $AUTH_KEYS --header="Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/attributes/sshKeys + ${wget} -O $AUTH_KEYS http://metadata.google.internal/computeMetadata/v1/instance/attributes/sshKeys if [ -s $AUTH_KEYS ]; then # Read in key one by one, split in case Google decided @@ -246,6 +246,17 @@ in false fi rm -f $AUTH_KEYS + SSH_HOST_KEYS_DIR=$(${mktemp} -d) + ${wget} -O $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key http://metadata.google.internal/computeMetadata/v1/instance/attributes/ssh_host_ed25519_key + ${wget} -O $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key.pub http://metadata.google.internal/computeMetadata/v1/instance/attributes/ssh_host_ed25519_key_pub + if [ -s $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key -a -s $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key.pub ]; then + mv -f $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key* /etc/ssh/ + chmod 600 /etc/ssh/ssh_host_ed25519_key + chmod 644 /etc/ssh/ssh_host_ed25519_key.pub + else + echo "Setup of ssh host keys from http://metadata.google.internal/computeMetadata/v1/instance/attributes/ failed." + fi + rm -f $SSH_HOST_KEYS_DIR/* ''; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; |