diff options
| author | Yang, Bo <bo@preemo.io> | 2023-11-08 20:50:26 +0000 |
|---|---|---|
| committer | Jörg Thalheim <Mic92@users.noreply.github.com> | 2023-11-14 19:47:27 +0100 |
| commit | bff548fef1c7bb8537d28814bdc3248de4c85bf3 (patch) | |
| tree | 15409db6735d7057d1232f42971bf35d40d7c785 /nixos/modules/virtualisation | |
| parent | e1cb1dc257d2f6760d302ebaf1de8d1054a6785c (diff) | |
| download | nixlib-bff548fef1c7bb8537d28814bdc3248de4c85bf3.tar nixlib-bff548fef1c7bb8537d28814bdc3248de4c85bf3.tar.gz nixlib-bff548fef1c7bb8537d28814bdc3248de4c85bf3.tar.bz2 nixlib-bff548fef1c7bb8537d28814bdc3248de4c85bf3.tar.lz nixlib-bff548fef1c7bb8537d28814bdc3248de4c85bf3.tar.xz nixlib-bff548fef1c7bb8537d28814bdc3248de4c85bf3.tar.zst nixlib-bff548fef1c7bb8537d28814bdc3248de4c85bf3.zip | |
waagent: enable provisioning
Diffstat (limited to 'nixos/modules/virtualisation')
| -rw-r--r-- | nixos/modules/virtualisation/azure-agent.nix | 9 | ||||
| -rw-r--r-- | nixos/modules/virtualisation/azure-image.nix | 37 |
2 files changed, 7 insertions, 39 deletions
diff --git a/nixos/modules/virtualisation/azure-agent.nix b/nixos/modules/virtualisation/azure-agent.nix index a88b78bc9821..e712fac17a46 100644 --- a/nixos/modules/virtualisation/azure-agent.nix +++ b/nixos/modules/virtualisation/azure-agent.nix @@ -61,7 +61,7 @@ in # Which provisioning agent to use. Supported values are "auto" (default), "waagent", # "cloud-init", or "disabled". - Provisioning.Agent=disabled + Provisioning.Agent=auto # Password authentication for root account will be unavailable. Provisioning.DeleteRootPassword=n @@ -246,7 +246,7 @@ in pkgs.bash # waagent's Microsoft.OSTCExtensions.VMAccessForLinux needs Python 3 - pkgs.python3 + pkgs.python39 # waagent's Microsoft.CPlat.Core.RunCommandLinux needs lsof pkgs.lsof @@ -259,5 +259,10 @@ in }; }; + # waagent will generate files under /etc/sudoers.d during provisioning + security.sudo.extraConfig = '' + #includedir /etc/sudoers.d + ''; + }; } diff --git a/nixos/modules/virtualisation/azure-image.nix b/nixos/modules/virtualisation/azure-image.nix index 39c6cab5980a..d909680cca1f 100644 --- a/nixos/modules/virtualisation/azure-image.nix +++ b/nixos/modules/virtualisation/azure-image.nix @@ -37,42 +37,5 @@ in inherit config lib pkgs; }; - # Azure metadata is available as a CD-ROM drive. - fileSystems."/metadata".device = "/dev/sr0"; - - systemd.services.fetch-ssh-keys = { - description = "Fetch host keys and authorized_keys for root user"; - - wantedBy = [ "sshd.service" "waagent.service" ]; - before = [ "sshd.service" "waagent.service" ]; - - path = [ pkgs.coreutils ]; - script = - '' - eval "$(cat /metadata/CustomData.bin)" - if ! [ -z "$ssh_host_ecdsa_key" ]; then - echo "downloaded ssh_host_ecdsa_key" - echo "$ssh_host_ecdsa_key" > /etc/ssh/ssh_host_ed25519_key - chmod 600 /etc/ssh/ssh_host_ed25519_key - fi - - if ! [ -z "$ssh_host_ecdsa_key_pub" ]; then - echo "downloaded ssh_host_ecdsa_key_pub" - echo "$ssh_host_ecdsa_key_pub" > /etc/ssh/ssh_host_ed25519_key.pub - chmod 644 /etc/ssh/ssh_host_ed25519_key.pub - fi - - if ! [ -z "$ssh_root_auth_key" ]; then - echo "downloaded ssh_root_auth_key" - mkdir -m 0700 -p /root/.ssh - echo "$ssh_root_auth_key" > /root/.ssh/authorized_keys - chmod 600 /root/.ssh/authorized_keys - fi - ''; - serviceConfig.Type = "oneshot"; - serviceConfig.RemainAfterExit = true; - serviceConfig.StandardError = "journal+console"; - serviceConfig.StandardOutput = "journal+console"; - }; }; } |