| Commit message (Collapse) | Author | Age |
|
|
|
| |
isNull "is deprecated; just write e == null instead" says the Nix manual
|
|
|
|
|
| |
* move GCE system configuration to `google-compute-config.nix`
* remove `fetch-ssh-keys` service (disabled in comment)
|
|
|
| |
Fixes https://github.com/NixOS/nixpkgs/issues/49700
|
| |
|
|
|
|
| |
The list of corresponding NixOS services are also updated
|
|
|
|
| |
It is deprecated and will be removed after 18.09.
|
| |
|
|
|
|
| |
the temporary ssh host keys file/directory.
|
| |
|
| |
|
|
|
|
| |
Issues: #38623 https://github.com/NixOS/nixops/issues/930.
|
| |
|
|
|
|
|
|
| |
host key replacement by service.
(cherry picked from commit 748d96ffa3c51c3127bcdf23a88d54afad6406e9)
|
|
|
|
| |
(cherry picked from commit ac3437aa061e80604d28aa3dd09013417f3193b1)
|
| |
|
|\
| |
| | |
Fix ssh keys retrieval in GCE instances
|
| |
| |
| |
| |
| |
| | |
Seems the google compute metadata service behavior changed a bit
recently which caused this issue ?
see: https://cloud.google.com/compute/docs/storing-retrieving-metadata
|
|/
|
| |
Move it from being a profile
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a few google-specific services to setup the machine.
Accounts are now dynamically created using the google-accounts-daemon,
which allows to click on the "SSH" button in the console and have it
working.
The NixOS image now supports the userdata startup and shutdown scripts.
Misc:
* add all the google services from https://github.com/GoogleCloudPlatform/compute-image-packages/tree/master/google_compute_engine_init/systemd
* add udev rules for disk labels
* synched sysctl rules with https://github.com/GoogleCloudPlatform/compute-image-packages/blob/master/google_config/sysctl/11-gce-network-security.conf
|
| |
|
|
|
|
| |
This restores behavior of image generation before f1708a9d7d79e2bf2961fc648625578b23b3460f
|
| |
|
|
|
|
|
|
|
|
|
| |
when users of nixops specified a larger root disk via
deployment.gce.rootDiskSize
1GB is the smallest possible size as GCP doesn't support
fractions of GB for RAW images, see
https://cloud.google.com/compute/docs/images/import-existing-image#requirements
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Having fixed the Google Compute Engine image build process's copying
of store paths in PR #24264, I ran `nixos-rebuild --upgrade switch`...
and the GCE image broke again, because it sets the NixOS configuration
option for the sysctl variable `kernel.yama.ptrace_scope` to
`mkDefault "1"`, i.e., with override priority 1000, and now the
`sysctl` module sets the same option to `mkDefault "0"` (this was
changed in commit 86721a5f78718caf10c578e9501f8b4d19c0eb44).
This patch raises the override priority of the Google Compute Engine
image configuration's definition of the Yama sysctl option to 500
(still lower than the priority of an unmodified option definition).
I have tested that this patch allows the Google Compute Engine image
to again build successfully for me.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In `nixos/modules/virtualisation/google-compute-image.nix`, copy store
paths with `rsync -a` rather than `cp -prd`, because `rsync` seems
better able to handle the hard-links that may be present in the store,
whereas `cp` may fail to copy them.
I have tested that the Google Compute Engine image builds successfully
for me with this patch, whereas it did not without this patch.
This is the same fix applied for Azure images in commit
097ef6e435d5b3fcde92e67abbaaaaaf05c0723d.
Fixes #23973.
|
| |
|
|
|
|
|
|
|
|
| |
- most nixos user only require time synchronisation,
while ntpd implements a battery-included ntp server (1,215 LOCs of C-Code vs 64,302)
- timesyncd support ntp server per interface (if configured through dhcp for instance)
- timesyncd is already included in the systemd package, switching to it would
save a little disk space (1,5M)
|
|
|
|
|
|
| |
See https://github.com/openssh/openssh-portable/commit/1dc8d93ce69d6565747eb44446ed117187621b26
I also made it the default.
|
|
|
|
|
| |
Systemd upstream provides targets for networking. This also includes a target network-online.target.
In this PR I remove / replace most occurrences since some of them were even wrong and could delay startup.
|
| |
|
|
|
|
| |
There is a generic boot.loader.timeout option.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Setting nixosVersion to something custom is useful for meaningful GRUB
menus and /nix/store paths, but actuallly changing it rebulids the
whole system path (because of `nixos-version` script and manual
pages). Also, changing it is not a particularly good idea because you
can then be differentitated from other NixOS users by a lot of
programs that read /etc/os-release.
This patch introduces an alternative option that does all you want
from nixosVersion, but rebuilds only the very top system level and
/etc while using your label in the names of system /nix/store paths,
GRUB and other boot loaders' menus, getty greetings and so on.
|
| |
|
|\
| |
| | |
Use mktemp to create temporary files to hold ssh host keys and authorized keys
|
| |
| |
| |
| | |
Scripts are run with -e so will abort when a command fails.
|
| | |
|
| |
| |
| |
| | |
keys when downloading them from the metadata server.
|
|/
|
|
|
|
|
|
|
|
| |
images. Setting to 0 results in empty grub config."
The issue was that grub was not building the default entry which would
leave systems unbootable. This can now be safely reverted as the default
entry is being built once again.
This reverts commit fd1fb0403c406d1c3aca07735bb247e0643bdb0d.
|
|
|
|
| |
Setting to 0 results in empty grub config.
|
| |
|
|
|
|
| |
by default for GCE images (GCE provides external firewall). Disable passwordAuthentication. Related to issue #6991.
|
| |
|
| |
|
| |
|
|
|
|
| |
server.
|
| |
|
| |
|
|
|
|
| |
/root/authorized-keys-metadata
|