Wout Mertens
0666ee4739
Merge pull request #6732 from oconnorr/master
...
Use mktemp to create temporary files to hold ssh host keys and authorized keys
2015-06-02 20:34:43 +02:00
William A. Kennington III
aa5d6922c5
Revert "Set boot.loader.grub.configurationLimit to 1 for gce/azure/amazon images. Setting to 0 results in empty grub config."
...
The issue was that grub was not building the default entry which would
leave systems unbootable. This can now be safely reverted as the default
entry is being built once again.
This reverts commit fd1fb0403c
.
2015-05-29 13:26:51 -07:00
Russell O'Connor
29b7d76ec8
Remove use of && in fetch-ssh-keys service.
...
Scripts are run with -e so will abort when a command fails.
2015-05-29 19:53:58 +00:00
Russell O'Connor
4744e3541a
[GCE] Put temp files for fetch-ssh-keys service in /run
2015-05-29 19:53:57 +00:00
Russell O'Connor
1badfabc4d
Use mktemp to create temporary files to hold ssh host keys and authorized keys when downloading them from the metadata server.
2015-05-29 19:53:57 +00:00
Rob Vermaas
fd1fb0403c
Set boot.loader.grub.configurationLimit to 1 for gce/azure/amazon images. Setting to 0 results in empty grub config.
2015-05-29 19:36:16 +00:00
Rob Vermaas
cbb14299c9
GCE image: Remove some unnecessary lib prefixes.
2015-03-26 09:15:09 +00:00
Rob Vermaas
80202fbd25
GCE image: Add some recommended sysctl settings. Disable OS level firewall by default for GCE images (GCE provides external firewall). Disable passwordAuthentication. Related to issue #6991 .
2015-03-26 09:09:40 +00:00
Rob Vermaas
24e0565407
Only start fetch-keys for GCE image after ip-up.
2015-02-27 10:48:15 +00:00
Rob Vermaas
e4928b8955
GCE image: Pass header to metadata service calls.
2015-02-26 19:20:43 +00:00
Eelco Dolstra
efa8fc2b0a
Paranoia
2015-01-15 18:37:55 +01:00
Russell O'Connor
d1a58ef7c6
google-compute-image.nix: Try to download all SSH host keys from metadata server.
2015-01-06 12:06:54 -05:00
Russell O'Connor
3251948029
Generate SSH host public key from the private key.
2015-01-05 15:20:55 -05:00
Russell O'Connor
d1cbbff1e3
Call wget directly in fetch-ssh-keys service.
2015-01-05 15:20:55 -05:00
Russell O'Connor
6382e16014
google-compute-image.nix: unconditionally clean up /root/key.pub /root/authorized-keys-metadata
2015-01-05 15:18:02 -05:00
Russell O'Connor
b19ab1f046
google-comute-image.nix: set umask 077 when downloading private keys from the metadata server.
2015-01-05 15:01:49 -05:00
Russell O'Connor
e548a4330d
google-compute-image.nix: use internal google NTP server.
2015-01-05 12:45:23 -05:00
Rob Vermaas
ea9530b5c7
Fix GCE image build.
...
(cherry picked from commit 98af87cd4abb0cd77e8a51cfdf6913a92d088784)
2015-01-05 09:35:35 +01:00
Rob Vermaas
3566807e76
Google Compute image:
...
Removed the 'wait for GCE metadata service' job, as it was causing
issues with the metadata service (likely some firewall or something).
In stead, use wget with retries (including connection refused) in
stead or curl for fetching the SSH keys. Also made the stdout/-err
of this job appear in the console.
2014-08-01 15:25:50 +02:00
Evgeny Egorochkin
2660e19b73
Google Compute config: add a unit to wait for the metadata server to become available
2014-07-20 14:07:46 +03:00
Evgeny Egorochkin
64c01fdf81
Google Compute Image: fetch host keys if possible
2014-07-12 08:47:03 +03:00
Evgeny Egorochkin
9d8ddd465d
Google Compute Image needs the interface to be named eth0 for google tools to work properly
2014-07-12 08:47:03 +03:00
Eelco Dolstra
4fc151b5a3
nixos-install: Ask the user to set a root password
...
This removes the need to have an initially empty root password.
2014-05-09 00:52:02 +02:00
Eelco Dolstra
29027fd1e1
Rewrite ‘with pkgs.lib’ -> ‘with lib’
...
Using pkgs.lib on the spine of module evaluation is problematic
because the pkgs argument depends on the result of module
evaluation. To prevent an infinite recursion, pkgs and some of the
modules are evaluated twice, which is inefficient. Using ‘with lib’
prevents this problem.
2014-04-14 16:26:48 +02:00
Rob Vermaas
020d3b299c
Make the GCE image use 100G as disk size (maximum).
2014-03-21 15:18:03 +01:00
Rob Vermaas
af6c571a7e
Increase size of GCE image. Use disk.raw as name inside tar.gz, as this is compulsory.
2014-03-21 14:56:00 +01:00
Rickard Nilsson
d5211b0e0e
Make initialRootPassword overrideable in all virtualisation modules, not just virtualbox.
2014-02-24 18:05:26 +01:00
Rob Vermaas
61d346eaaf
Google Compute image: fix punctuation in description, give disk image proper name with version and revision.
2013-12-12 12:48:09 +01:00
Rob Vermaas
ee8a58a72f
Remove a hardcoded SSH public key from the Google Compute image.
2013-12-11 16:18:12 +01:00
Rob Vermaas
f7b256a221
Add initial configuration for Google Compute Engine
2013-12-11 15:32:27 +01:00