| blob | 1856b16f3d175c430ad8a0d159002743ff00fd07 |
1 {
2 config,
3 lib,
4 pkgs,
5 ...
6 }:
8 let
9 cfg = config.oci;
10 in
11 {
12 imports = [
13 ./oci-common.nix
14 ../image/file-options.nix
15 ];
17 config = {
18 # Use a priority just below mkOptionDefault (1500) instead of lib.mkDefault
19 # to avoid breaking existing configs using that.
20 virtualisation.diskSize = lib.mkOverride 1490 (8 * 1024);
21 virtualisation.diskSizeAutoSupported = false;
23 system.nixos.tags = [ "oci" ];
24 image.extension = "qcow2";
25 system.build.image = config.system.build.OCIImage;
26 system.build.OCIImage = import ../../lib/make-disk-image.nix {
27 inherit config lib pkgs;
28 inherit (config.virtualisation) diskSize;
29 name = "oci-image";
30 baseName = config.image.baseName;
31 configFile = ./oci-config-user.nix;
32 format = "qcow2";
33 partitionTableType = if cfg.efi then "efi" else "legacy";
34 };
36 systemd.services.fetch-ssh-keys = {
37 description = "Fetch authorized_keys for root user";
39 wantedBy = [ "sshd.service" ];
40 before = [ "sshd.service" ];
42 after = [ "network-online.target" ];
43 wants = [ "network-online.target" ];
45 path = [
46 pkgs.coreutils
47 pkgs.curl
48 ];
49 script = ''
50 mkdir -m 0700 -p /root/.ssh
51 if [ -f /root/.ssh/authorized_keys ]; then
52 echo "Authorized keys have already been downloaded"
53 else
54 echo "Downloading authorized keys from Instance Metadata Service v2"
55 curl -s -S -L \
56 -H "Authorization: Bearer Oracle" \
57 -o /root/.ssh/authorized_keys \
58 http://169.254.169.254/opc/v2/instance/metadata/ssh_authorized_keys
59 chmod 600 /root/.ssh/authorized_keys
60 fi
61 '';
62 serviceConfig = {
63 Type = "oneshot";
64 RemainAfterExit = true;
65 StandardError = "journal+console";
66 StandardOutput = "journal+console";
67 };
68 };
69 };
70 }