pyrox.dev
Merge pull request #39654 from AmineChikhaoui/issue-38623
GCE: pull the ssh host keys from the metadata service as expected by NixOps.
authored by Rob Vermaas and committed by GitHub 41512bfd 773fe1fe
+13
-1
nixos/modules/virtualisation/google-compute-image.nix
+13
-1
nixos/modules/virtualisation/google-compute-image.nix
···
221
221
echo "Obtaining SSH keys..."
222
222
mkdir -m 0700 -p /root/.ssh
223
223
AUTH_KEYS=$(${mktemp})
224
-
${wget} -O $AUTH_KEYS --header="Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/attributes/sshKeys
224
+
${wget} -O $AUTH_KEYS http://metadata.google.internal/computeMetadata/v1/instance/attributes/sshKeys
225
225
if [ -s $AUTH_KEYS ]; then
226
226
227
227
# Read in key one by one, split in case Google decided
···
246
246
false
247
247
fi
248
248
rm -f $AUTH_KEYS
249
+
SSH_HOST_KEYS_DIR=$(${mktemp} -d)
250
+
${wget} -O $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key http://metadata.google.internal/computeMetadata/v1/instance/attributes/ssh_host_ed25519_key
251
+
${wget} -O $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key.pub http://metadata.google.internal/computeMetadata/v1/instance/attributes/ssh_host_ed25519_key_pub
252
+
if [ -s $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key -a -s $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key.pub ]; then
253
+
mv -f $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key* /etc/ssh/
254
+
chmod 600 /etc/ssh/ssh_host_ed25519_key
255
+
chmod 644 /etc/ssh/ssh_host_ed25519_key.pub
256
+
else
257
+
echo "Setup of ssh host keys from http://metadata.google.internal/computeMetadata/v1/instance/attributes/ failed."
258
+
false
259
+
fi
260
+
rm -f $SSH_HOST_KEYS_DIR
249
261
'';
250
262
serviceConfig.Type = "oneshot";
251
263
serviceConfig.RemainAfterExit = true;