+4

nixos/doc/manual/release-notes/rl-2505.section.md

reviewed

··· 30 30 31 31 - [agorakit](https://github.com/agorakit/agorakit), an organization tool for citizens' collectives. Available with [services.agorakit](options.html#opt-services.agorakit.enable). 32 32 33 33 + - [waagent](https://github.com/Azure/WALinuxAgent), the Microsoft Azure Linux Agent (waagent) manages Linux provisioning and VM interaction with the Azure Fabric Controller. Available with [services.waagent](options.html#opt-services.waagent.enable). 34 34 + 33 35 - [mqtt-exporter](https://github.com/kpetremann/mqtt-exporter/), a Prometheus exporter for exposing messages from MQTT. Available as [services.prometheus.exporters.mqtt](#opt-services.prometheus.exporters.mqtt.enable). 34 36 35 37 - [Buffyboard](https://gitlab.postmarketos.org/postmarketOS/buffybox/-/tree/master/buffyboard), a framebuffer on-screen keyboard. Available as [services.buffyboard](option.html#opt-services.buffyboard). ··· 103 105 - `gkraken` software and `hardware.gkraken.enable` option have been removed, use `coolercontrol` via `programs.coolercontrol.enable` option instead. 104 106 105 107 - `nodePackages.ganache` has been removed, as the package has been deprecated by upstream. 108 108 + 109 109 + - `virtualisation.azure.agent` option provided by `azure-agent.nix` is replaced by `services.waagent`, and will be removed in a future release. 106 110 107 111 - `containerd` has been updated to v2, which contains breaking changes. See the [containerd 108 112 2.0](https://github.com/containerd/containerd/blob/main/docs/containerd-2.0.md) documentation for more

+1

nixos/modules/module-list.nix

reviewed

··· 1765 1765 ./virtualisation/virtualbox-host.nix 1766 1766 ./virtualisation/vmware-guest.nix 1767 1767 ./virtualisation/vmware-host.nix 1768 1768 + ./virtualisation/waagent.nix 1768 1769 ./virtualisation/waydroid.nix 1769 1770 ./virtualisation/xe-guest-utilities.nix 1770 1771 ./virtualisation/xen-dom0.nix

+53 -288

nixos/modules/virtualisation/azure-agent.nix

reviewed

··· 1 1 - { config, lib, pkgs, ... }: 1 1 + { lib, ... }: 2 2 3 3 with lib; 4 4 - let 5 5 - 6 6 - cfg = config.virtualisation.azure.agent; 7 7 - 8 8 - provisionedHook = pkgs.writeScript "provisioned-hook" '' 9 9 - #!${pkgs.runtimeShell} 10 10 - /run/current-system/systemd/bin/systemctl start provisioned.target 11 11 - ''; 12 12 - 13 13 - in 14 14 - { 4 4 + warn 5 5 + '' 6 6 + `virtualisation.azure.agent` provided by `azure-agent.nix` module has been replaced 7 7 + by `services.waagent` options, and will be removed in a future release. 8 8 + '' 9 9 + { 15 10 16 16 - ###### interface 17 17 - 18 18 - options.virtualisation.azure.agent = { 19 19 - enable = mkOption { 20 20 - default = false; 21 21 - description = "Whether to enable the Windows Azure Linux Agent."; 22 22 - }; 23 23 - verboseLogging = mkOption { 24 24 - default = false; 25 25 - description = "Whether to enable verbose logging."; 26 26 - }; 27 27 - mountResourceDisk = mkOption { 28 28 - default = true; 29 29 - description = "Whether the agent should format (ext4) and mount the resource disk to /mnt/resource."; 30 30 - }; 31 31 - }; 32 32 - 33 33 - ###### implementation 34 34 - 35 35 - config = lib.mkIf cfg.enable { 36 36 - assertions = [{ 37 37 - assertion = config.networking.networkmanager.enable == false; 38 38 - message = "Windows Azure Linux Agent is not compatible with NetworkManager"; 39 39 - }]; 40 40 - 41 41 - boot.initrd.kernelModules = [ "ata_piix" ]; 42 42 - networking.firewall.allowedUDPPorts = [ 68 ]; 43 43 - 44 44 - 45 45 - environment.etc."waagent.conf".text = '' 46 46 - # 47 47 - # Microsoft Azure Linux Agent Configuration 48 48 - # 49 49 - 50 50 - # Enable extension handling. Do not disable this unless you do not need password reset, 51 51 - # backup, monitoring, or any extension handling whatsoever. 52 52 - Extensions.Enabled=y 53 53 - 54 54 - # How often (in seconds) to poll for new goal states 55 55 - Extensions.GoalStatePeriod=6 56 56 - 57 57 - # Which provisioning agent to use. Supported values are "auto" (default), "waagent", 58 58 - # "cloud-init", or "disabled". 59 59 - Provisioning.Agent=auto 60 60 - 61 61 - # Password authentication for root account will be unavailable. 62 62 - Provisioning.DeleteRootPassword=n 63 63 - 64 64 - # Generate fresh host key pair. 65 65 - Provisioning.RegenerateSshHostKeyPair=n 66 66 - 67 67 - # Supported values are "rsa", "dsa", "ecdsa", "ed25519", and "auto". 68 68 - # The "auto" option is supported on OpenSSH 5.9 (2011) and later. 69 69 - Provisioning.SshHostKeyPairType=ed25519 70 70 - 71 71 - # Monitor host name changes and publish changes via DHCP requests. 72 72 - Provisioning.MonitorHostName=y 73 73 - 74 74 - # How often (in seconds) to monitor host name changes. 75 75 - Provisioning.MonitorHostNamePeriod=30 76 76 - 77 77 - # Decode CustomData from Base64. 78 78 - Provisioning.DecodeCustomData=n 79 79 - 80 80 - # Execute CustomData after provisioning. 81 81 - Provisioning.ExecuteCustomData=n 82 82 - 83 83 - # Algorithm used by crypt when generating password hash. 84 84 - #Provisioning.PasswordCryptId=6 85 85 - 86 86 - # Length of random salt used when generating password hash. 87 87 - #Provisioning.PasswordCryptSaltLength=10 88 88 - 89 89 - # Allow reset password of sys user 90 90 - Provisioning.AllowResetSysUser=n 91 91 - 92 92 - # Format if unformatted. If 'n', resource disk will not be mounted. 93 93 - ResourceDisk.Format=${if cfg.mountResourceDisk then "y" else "n"} 94 94 - 95 95 - # File system on the resource disk 96 96 - # Typically ext3 or ext4. FreeBSD images should use 'ufs2' here. 97 97 - ResourceDisk.Filesystem=ext4 98 98 - 99 99 - # Mount point for the resource disk 100 100 - ResourceDisk.MountPoint=/mnt/resource 101 101 - 102 102 - # Create and use swapfile on resource disk. 103 103 - ResourceDisk.EnableSwap=n 104 104 - 105 105 - # Size of the swapfile. 106 106 - ResourceDisk.SwapSizeMB=0 107 107 - 108 108 - # Comma-separated list of mount options. See mount(8) for valid options. 109 109 - ResourceDisk.MountOptions=None 110 110 - 111 111 - # Enable verbose logging (y|n) 112 112 - Logs.Verbose=${if cfg.verboseLogging then "y" else "n"} 113 113 - 114 114 - # Enable Console logging, default is y 115 115 - # Logs.Console=y 116 116 - 117 117 - # Enable periodic log collection, default is n 118 118 - Logs.Collect=n 119 119 - 120 120 - # How frequently to collect logs, default is each hour 121 121 - Logs.CollectPeriod=3600 122 122 - 123 123 - # Is FIPS enabled 124 124 - OS.EnableFIPS=n 125 125 - 126 126 - # Root device timeout in seconds. 127 127 - OS.RootDeviceScsiTimeout=300 128 128 - 129 129 - # How often (in seconds) to set the root device timeout. 130 130 - OS.RootDeviceScsiTimeoutPeriod=30 131 131 - 132 132 - # If "None", the system default version is used. 133 133 - OS.OpensslPath=${pkgs.openssl_3.bin}/bin/openssl 134 134 - 135 135 - # Set the SSH ClientAliveInterval 136 136 - # OS.SshClientAliveInterval=180 137 137 - 138 138 - # Set the path to SSH keys and configuration files 139 139 - OS.SshDir=/etc/ssh 140 140 - 141 141 - # If set, agent will use proxy server to access internet 142 142 - #HttpProxy.Host=None 143 143 - #HttpProxy.Port=None 144 144 - 145 145 - # Detect Scvmm environment, default is n 146 146 - # DetectScvmmEnv=n 147 147 - 148 148 - # 149 149 - # Lib.Dir=/var/lib/waagent 150 150 - 151 151 - # 152 152 - # DVD.MountPoint=/mnt/cdrom/secure 153 153 - 154 154 - # 155 155 - # Pid.File=/var/run/waagent.pid 156 156 - 157 157 - # 158 158 - # Extension.LogDir=/var/log/azure 159 159 - 160 160 - # 161 161 - # Home.Dir=/home 162 162 - 163 163 - # Enable RDMA management and set up, should only be used in HPC images 164 164 - OS.EnableRDMA=n 165 165 - 166 166 - # Enable checking RDMA driver version and update 167 167 - # OS.CheckRdmaDriver=y 168 168 - 169 169 - # Enable or disable goal state processing auto-update, default is enabled 170 170 - AutoUpdate.Enabled=n 171 171 - 172 172 - # Determine the update family, this should not be changed 173 173 - # AutoUpdate.GAFamily=Prod 174 174 - 175 175 - # Determine if the overprovisioning feature is enabled. If yes, hold extension 176 176 - # handling until inVMArtifactsProfile.OnHold is false. 177 177 - # Default is enabled 178 178 - EnableOverProvisioning=n 179 179 - 180 180 - # Allow fallback to HTTP if HTTPS is unavailable 181 181 - # Note: Allowing HTTP (vs. HTTPS) may cause security risks 182 182 - # OS.AllowHTTP=n 183 183 - 184 184 - # Add firewall rules to protect access to Azure host node services 185 185 - OS.EnableFirewall=n 186 186 - 187 187 - # How often (in seconds) to check the firewall rules 188 188 - OS.EnableFirewallPeriod=30 189 189 - 190 190 - # How often (in seconds) to remove the udev rules for persistent network interface 191 191 - # names (75-persistent-net-generator.rules and /etc/udev/rules.d/70-persistent-net.rules) 192 192 - OS.RemovePersistentNetRulesPeriod=30 193 193 - 194 194 - # How often (in seconds) to monitor for DHCP client restarts 195 195 - OS.MonitorDhcpClientRestartPeriod=30 196 196 - ''; 197 197 - 198 198 - services.udev.packages = [ pkgs.waagent ]; 199 199 - 200 200 - # Provide waagent-shipped udev rules in initrd too. 201 201 - boot.initrd.services.udev.packages = [ pkgs.waagent ]; 202 202 - # udev rules shell out to chmod, cut and readlink, which are all 203 203 - # provided by pkgs.coreutils, which is in services.udev.path, but not 204 204 - # boot.initrd.services.udev.binPackages. 205 205 - boot.initrd.services.udev.binPackages = [ pkgs.coreutils ]; 206 206 - 207 207 - networking.dhcpcd.persistent = true; 208 208 - 209 209 - services.logrotate = { 210 210 - enable = true; 211 211 - settings."/var/log/waagent.log" = { 212 212 - compress = true; 213 213 - frequency = "monthly"; 214 214 - rotate = 6; 215 215 - }; 216 216 - }; 217 217 - 218 218 - systemd.targets.provisioned = { 219 219 - description = "Services Requiring Azure VM provisioning to have finished"; 220 220 - }; 221 221 - 222 222 - systemd.services.consume-hypervisor-entropy = 223 223 - { 224 224 - description = "Consume entropy in ACPI table provided by Hyper-V"; 225 225 - 226 226 - wantedBy = [ "sshd.service" "waagent.service" ]; 227 227 - before = [ "sshd.service" "waagent.service" ]; 228 228 - 229 229 - path = [ pkgs.coreutils ]; 230 230 - script = 231 231 - '' 232 232 - echo "Fetching entropy..." 233 233 - cat /sys/firmware/acpi/tables/OEM0 > /dev/random 234 234 - ''; 235 235 - serviceConfig.Type = "oneshot"; 236 236 - serviceConfig.RemainAfterExit = true; 237 237 - serviceConfig.StandardError = "journal+console"; 238 238 - serviceConfig.StandardOutput = "journal+console"; 239 239 - }; 240 240 - 241 241 - systemd.services.waagent = { 242 242 - wantedBy = [ "multi-user.target" ]; 243 243 - after = [ "network-online.target" "sshd.service" ]; 244 244 - wants = [ "network-online.target" ]; 245 245 - 246 246 - path = [ 247 247 - pkgs.e2fsprogs 248 248 - pkgs.bash 249 249 - 250 250 - pkgs.findutils 251 251 - pkgs.gnugrep 252 252 - pkgs.gnused 253 253 - pkgs.iproute2 254 254 - pkgs.iptables 255 255 - 256 256 - # for hostname 257 257 - pkgs.nettools 258 258 - 259 259 - pkgs.openssh 260 260 - pkgs.openssl 261 261 - pkgs.parted 262 262 - 263 263 - # for pidof 264 264 - pkgs.procps 265 265 - 266 266 - # for useradd, usermod 267 267 - pkgs.shadow 268 268 - 269 269 - pkgs.util-linux # for (u)mount, fdisk, sfdisk, mkswap 270 270 - 271 271 - # waagent's Microsoft.OSTCExtensions.VMAccessForLinux needs Python 3 272 272 - pkgs.python39 273 273 - 274 274 - # waagent's Microsoft.CPlat.Core.RunCommandLinux needs lsof 275 275 - pkgs.lsof 276 276 - ]; 277 277 - description = "Windows Azure Agent Service"; 278 278 - unitConfig.ConditionPathExists = "/etc/waagent.conf"; 279 279 - serviceConfig = { 280 280 - ExecStart = "${pkgs.waagent}/bin/waagent -daemon"; 281 281 - Type = "simple"; 282 282 - }; 283 283 - }; 284 284 - 285 285 - # waagent will generate files under /etc/sudoers.d during provisioning 286 286 - security.sudo.extraConfig = '' 287 287 - #includedir /etc/sudoers.d 288 288 - ''; 289 289 - 290 290 - }; 291 291 - } 11 11 + imports = [ 12 12 + (mkRenamedOptionModule 13 13 + [ 14 14 + "virtualisation" 15 15 + "azure" 16 16 + "agent" 17 17 + "enable" 18 18 + ] 19 19 + [ 20 20 + "services" 21 21 + "waagent" 22 22 + "enable" 23 23 + ] 24 24 + ) 25 25 + (mkRenamedOptionModule 26 26 + [ 27 27 + "virtualisation" 28 28 + "azure" 29 29 + "agent" 30 30 + "verboseLogging" 31 31 + ] 32 32 + [ 33 33 + "services" 34 34 + "waagent" 35 35 + "settings" 36 36 + "Logs" 37 37 + "Verbose" 38 38 + ] 39 39 + ) 40 40 + (mkRenamedOptionModule 41 41 + [ 42 42 + "virtualisation" 43 43 + "azure" 44 44 + "agent" 45 45 + "mountResourceDisk" 46 46 + ] 47 47 + [ 48 48 + "services" 49 49 + "waagent" 50 50 + "settings" 51 51 + "ResourceDisk" 52 52 + "Format" 53 53 + ] 54 54 + ) 55 55 + ]; 56 56 + }

+364

nixos/modules/virtualisation/waagent.nix

reviewed

··· 1 1 + { 2 2 + config, 3 3 + lib, 4 4 + pkgs, 5 5 + ... 6 6 + }: 7 7 + 8 8 + with lib; 9 9 + let 10 10 + cfg = config.services.waagent; 11 11 + 12 12 + # Format for waagent.conf 13 13 + settingsFormat = { 14 14 + type = 15 15 + with types; 16 16 + let 17 17 + singleAtom = 18 18 + (nullOr (oneOf [ 19 19 + bool 20 20 + str 21 21 + int 22 22 + float 23 23 + ])) 24 24 + // { 25 25 + description = "atom (bool, string, int or float) or null"; 26 26 + }; 27 27 + atom = either singleAtom (listOf singleAtom) // { 28 28 + description = singleAtom.description + " or a list of them"; 29 29 + }; 30 30 + in 31 31 + attrsOf ( 32 32 + either atom (attrsOf atom) 33 33 + // { 34 34 + description = atom.description + "or an attribute set of them"; 35 35 + } 36 36 + ); 37 37 + generate = 38 38 + name: value: 39 39 + let 40 40 + # Transform non-attribute values 41 41 + transform = 42 42 + x: 43 43 + # Transform bool to "y" or "n" 44 44 + if (isBool x) then 45 45 + (if x then "y" else "n") 46 46 + # Concatenate list items with comma 47 47 + else if (isList x) then 48 48 + concatStringsSep "," (map transform x) 49 49 + else 50 50 + toString x; 51 51 + 52 52 + # Convert to format of waagent.conf 53 53 + recurse = 54 54 + path: value: 55 55 + if builtins.isAttrs value then 56 56 + pipe value [ 57 57 + (mapAttrsToList (k: v: recurse (path ++ [ k ]) v)) 58 58 + concatLists 59 59 + ] 60 60 + else 61 61 + [ 62 62 + { 63 63 + name = concatStringsSep "." path; 64 64 + inherit value; 65 65 + } 66 66 + ]; 67 67 + convert = 68 68 + attrs: 69 69 + pipe (recurse [ ] attrs) [ 70 70 + # Filter out null values and emoty lists 71 71 + (filter (kv: kv.value != null && kv.value != [ ])) 72 72 + # Transform to Key=Value form, then concatenate 73 73 + (map (kv: "${kv.name}=${transform kv.value}")) 74 74 + (concatStringsSep "\n") 75 75 + ]; 76 76 + in 77 77 + pkgs.writeText name (convert value); 78 78 + }; 79 79 + 80 80 + settingsType = types.submodule { 81 81 + freeformType = settingsFormat.type; 82 82 + options = { 83 83 + Provisioning = { 84 84 + Enable = mkOption { 85 85 + type = types.bool; 86 86 + default = !config.services.cloud-init.enable; 87 87 + defaultText = literalExpression "!config.services.cloud-init.enable"; 88 88 + description = '' 89 89 + Whether to enable provisioning functionality in the agent. 90 90 + 91 91 + If provisioning is disabled, SSH host and user keys in the image are preserved 92 92 + and configuration in the Azure provisioning API is ignored. 93 93 + 94 94 + Set to `false` if cloud-init is used for provisioning tasks. 95 95 + ''; 96 96 + }; 97 97 + 98 98 + Agent = mkOption { 99 99 + type = types.enum [ 100 100 + "auto" 101 101 + "waagent" 102 102 + "cloud-init" 103 103 + "disabled" 104 104 + ]; 105 105 + default = "auto"; 106 106 + description = '' 107 107 + Which provisioning agent to use. 108 108 + ''; 109 109 + }; 110 110 + }; 111 111 + 112 112 + ResourceDisk = { 113 113 + Format = mkEnableOption '' 114 114 + If set to `true`, waagent formats and mounts the resource disk that the platform provides, 115 115 + unless the file system type in `ResourceDisk.FileSystem` is set to `ntfs`. 116 116 + The agent makes a single Linux partition (ID 83) available on the disk. 117 117 + This partition isn't formatted if it can be successfully mounted. 118 118 + 119 119 + This configuration has no effect if resource disk is managed by cloud-init. 120 120 + ''; 121 121 + 122 122 + FileSystem = mkOption { 123 123 + type = types.str; 124 124 + default = "ext4"; 125 125 + description = '' 126 126 + The file system type for the resource disk. 127 127 + If the string is `X`, then `mkfs.X` should be present in the environment. 128 128 + You can add additional filesystem packages using `services.waagent.extraPackages`. 129 129 + 130 130 + This configuration has no effect if resource disk is managed by cloud-init. 131 131 + ''; 132 132 + }; 133 133 + 134 134 + MountPoint = mkOption { 135 135 + type = types.str; 136 136 + default = "/mnt/resource"; 137 137 + description = '' 138 138 + This option specifies the path at which the resource disk is mounted. 139 139 + The resource disk is a temporary disk and might be emptied when the VM is deprovisioned. 140 140 + 141 141 + This configuration has no effect if resource disk is managed by cloud-init. 142 142 + ''; 143 143 + }; 144 144 + 145 145 + MountOptions = mkOption { 146 146 + type = with types; listOf str; 147 147 + default = [ ]; 148 148 + example = [ 149 149 + "nodev" 150 150 + "nosuid" 151 151 + ]; 152 152 + description = '' 153 153 + This option specifies disk mount options to be passed to the `mount -o` command. 154 154 + For more information, see the `mount(8)` manual page. 155 155 + ''; 156 156 + }; 157 157 + 158 158 + EnableSwap = mkEnableOption '' 159 159 + If enabled, the agent creates a swap file (`/swapfile`) on the resource disk 160 160 + and adds it to the system swap space. 161 161 + 162 162 + This configuration has no effect if resource disk is managed by cloud-init. 163 163 + ''; 164 164 + 165 165 + SwapSizeMB = mkOption { 166 166 + type = types.int; 167 167 + default = 0; 168 168 + description = '' 169 169 + Specifies the size of the swap file in megabytes. 170 170 + 171 171 + This configuration has no effect if resource disk is managed by cloud-init. 172 172 + ''; 173 173 + }; 174 174 + }; 175 175 + 176 176 + Logs.Verbose = lib.mkEnableOption '' 177 177 + If you set this option, log verbosity is boosted. 178 178 + Waagent logs to `/var/log/waagent.log` and uses the system logrotate functionality to rotate logs. 179 179 + ''; 180 180 + 181 181 + OS = { 182 182 + EnableRDMA = lib.mkEnableOption '' 183 183 + If enabled, the agent attempts to install and then load an RDMA kernel driver 184 184 + that matches the version of the firmware on the underlying hardware. 185 185 + ''; 186 186 + 187 187 + RootDeviceScsiTimeout = lib.mkOption { 188 188 + type = types.nullOr types.int; 189 189 + default = 300; 190 190 + description = '' 191 191 + Configures the SCSI timeout in seconds on the OS disk and data drives. 192 192 + If set to `null`, the system defaults are used. 193 193 + ''; 194 194 + }; 195 195 + }; 196 196 + 197 197 + HttpProxy = { 198 198 + Host = lib.mkOption { 199 199 + type = types.nullOr types.str; 200 200 + default = null; 201 201 + description = '' 202 202 + If you set http proxy, waagent will use is proxy to access the Internet. 203 203 + ''; 204 204 + }; 205 205 + 206 206 + Port = lib.mkOption { 207 207 + type = types.nullOr types.int; 208 208 + default = null; 209 209 + description = '' 210 210 + If you set http proxy, waagent will use this proxy to access the Internet. 211 211 + ''; 212 212 + }; 213 213 + }; 214 214 + 215 215 + AutoUpdate.Enable = lib.mkEnableOption '' 216 216 + Enable or disable autoupdate for goal state processing. 217 217 + ''; 218 218 + }; 219 219 + }; 220 220 + in 221 221 + { 222 222 + options.services.waagent = { 223 223 + enable = lib.mkEnableOption '' 224 224 + Whether to enable the Windows Azure Linux Agent. 225 225 + ''; 226 226 + 227 227 + package = lib.mkPackageOption pkgs "waagent" { }; 228 228 + 229 229 + extraPackages = lib.mkOption { 230 230 + default = [ ]; 231 231 + description = '' 232 232 + Additional packages to add to the waagent {env}`PATH`. 233 233 + ''; 234 234 + example = lib.literalExpression "[ pkgs.powershell ]"; 235 235 + type = lib.types.listOf lib.types.package; 236 236 + }; 237 237 + 238 238 + settings = lib.mkOption { 239 239 + type = settingsType; 240 240 + default = { }; 241 241 + description = '' 242 242 + The waagent.conf configuration, see https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/agent-linux for documentation. 243 243 + ''; 244 244 + }; 245 245 + }; 246 246 + 247 247 + config = lib.mkIf cfg.enable { 248 248 + assertions = [ 249 249 + { 250 250 + assertion = (cfg.settings.HttpProxy.Host != null) -> (cfg.settings.HttpProxy.Port != null); 251 251 + message = "Option services.waagent.settings.HttpProxy.Port must be set if services.waagent.settings.HttpProxy.Host is set."; 252 252 + } 253 253 + ]; 254 254 + 255 255 + boot.initrd.kernelModules = [ "ata_piix" ]; 256 256 + networking.firewall.allowedUDPPorts = [ 68 ]; 257 257 + 258 258 + services.udev.packages = with pkgs; [ waagent ]; 259 259 + 260 260 + boot.initrd.services.udev = with pkgs; { 261 261 + # Provide waagent-shipped udev rules in initrd too. 262 262 + packages = [ waagent ]; 263 263 + # udev rules shell out to chmod, cut and readlink, which are all 264 264 + # provided by pkgs.coreutils, which is in services.udev.path, but not 265 265 + # boot.initrd.services.udev.binPackages. 266 266 + binPackages = [ coreutils ]; 267 267 + }; 268 268 + 269 269 + networking.dhcpcd.persistent = true; 270 270 + 271 271 + services.logrotate = { 272 272 + enable = true; 273 273 + settings."/var/log/waagent.log" = { 274 274 + compress = true; 275 275 + frequency = "monthly"; 276 276 + rotate = 6; 277 277 + }; 278 278 + }; 279 279 + 280 280 + # Write settings to /etc/waagent.conf 281 281 + environment.etc."waagent.conf".source = settingsFormat.generate "waagent.conf" cfg.settings; 282 282 + 283 283 + systemd.targets.provisioned = { 284 284 + description = "Services Requiring Azure VM provisioning to have finished"; 285 285 + }; 286 286 + 287 287 + systemd.services.consume-hypervisor-entropy = { 288 288 + description = "Consume entropy in ACPI table provided by Hyper-V"; 289 289 + 290 290 + wantedBy = [ 291 291 + "sshd.service" 292 292 + "waagent.service" 293 293 + ]; 294 294 + before = [ 295 295 + "sshd.service" 296 296 + "waagent.service" 297 297 + ]; 298 298 + 299 299 + path = [ pkgs.coreutils ]; 300 300 + script = '' 301 301 + echo "Fetching entropy..." 302 302 + cat /sys/firmware/acpi/tables/OEM0 > /dev/random 303 303 + ''; 304 304 + serviceConfig.Type = "oneshot"; 305 305 + serviceConfig.RemainAfterExit = true; 306 306 + serviceConfig.StandardError = "journal+console"; 307 307 + serviceConfig.StandardOutput = "journal+console"; 308 308 + }; 309 309 + 310 310 + systemd.services.waagent = { 311 311 + wantedBy = [ "multi-user.target" ]; 312 312 + after = [ 313 313 + "network-online.target" 314 314 + ] ++ lib.optionals config.services.cloud-init.enable [ "cloud-init.service" ]; 315 315 + wants = [ 316 316 + "network-online.target" 317 317 + "sshd.service" 318 318 + "sshd-keygen.service" 319 319 + ]; 320 320 + 321 321 + path = 322 322 + with pkgs; 323 323 + [ 324 324 + e2fsprogs 325 325 + bash 326 326 + findutils 327 327 + gnugrep 328 328 + gnused 329 329 + iproute2 330 330 + iptables 331 331 + openssh 332 332 + openssl 333 333 + parted 334 334 + 335 335 + # for hostname 336 336 + nettools 337 337 + # for pidof 338 338 + procps 339 339 + # for useradd, usermod 340 340 + shadow 341 341 + 342 342 + util-linux # for (u)mount, fdisk, sfdisk, mkswap 343 343 + # waagent's Microsoft.CPlat.Core.RunCommandLinux needs lsof 344 344 + lsof 345 345 + ] 346 346 + ++ cfg.extraPackages; 347 347 + description = "Windows Azure Agent Service"; 348 348 + unitConfig.ConditionPathExists = "/etc/waagent.conf"; 349 349 + serviceConfig = { 350 350 + ExecStart = "${lib.getExe cfg.package} -daemon"; 351 351 + Type = "simple"; 352 352 + Restart = "always"; 353 353 + Slice = "azure.slice"; 354 354 + CPUAccounting = true; 355 355 + MemoryAccounting = true; 356 356 + }; 357 357 + }; 358 358 + 359 359 + # waagent will generate files under /etc/sudoers.d during provisioning 360 360 + security.sudo.extraConfig = '' 361 361 + #includedir /etc/sudoers.d 362 362 + ''; 363 363 + }; 364 364 + }

+1

nixos/tests/all-tests.nix

reviewed

··· 1124 1124 vscode-remote-ssh = handleTestOn ["x86_64-linux"] ./vscode-remote-ssh.nix {}; 1125 1125 vscodium = discoverTests (import ./vscodium.nix); 1126 1126 vsftpd = handleTest ./vsftpd.nix {}; 1127 1127 + waagent = handleTest ./waagent.nix {}; 1127 1128 wakapi = handleTest ./wakapi.nix {}; 1128 1129 warzone2100 = handleTest ./warzone2100.nix {}; 1129 1130 wasabibackend = handleTest ./wasabibackend.nix {};

+72

nixos/tests/waagent.nix

reviewed

··· 1 1 + import ./make-test-python.nix ( 2 2 + { lib, pkgs, ... }: 3 3 + let 4 4 + confPath = "/etc/waagent.conf"; 5 5 + in 6 6 + { 7 7 + name = "waagent"; 8 8 + 9 9 + meta = { 10 10 + maintainers = with lib.maintainers; [ codgician ]; 11 11 + }; 12 12 + 13 13 + nodes.machine = { 14 14 + services.waagent = { 15 15 + enable = true; 16 16 + settings = { 17 17 + Provisioning = { 18 18 + Enable = false; 19 19 + Agent = "waagent"; 20 20 + DeleteRootPassword = false; 21 21 + RegenerateSshHostKeyPair = false; 22 22 + SshHostKeyPairType = "ed25519"; 23 23 + MonitorHostName = false; 24 24 + }; 25 25 + ResourceDisk = { 26 26 + Format = false; 27 27 + MountOptions = [ 28 28 + "compress=lzo" 29 29 + "mode=0600" 30 30 + ]; 31 31 + }; 32 32 + OS.RootDeviceScsiTimeout = 300; 33 33 + HttpProxy = { 34 34 + Host = null; 35 35 + Port = null; 36 36 + }; 37 37 + CGroups = { 38 38 + EnforceLimits = false; 39 39 + Excluded = [ ]; 40 40 + }; 41 41 + }; 42 42 + }; 43 43 + }; 44 44 + 45 45 + testScript = '' 46 46 + # Defined values should be reflected in waagent.conf 47 47 + machine.succeed("grep -q '^Provisioning.Enable=n$' '${confPath}'") 48 48 + machine.succeed("grep -q '^Provisioning.Agent=waagent$' '${confPath}'") 49 49 + machine.succeed("grep -q '^Provisioning.DeleteRootPassword=n$' '${confPath}'") 50 50 + machine.succeed("grep -q '^Provisioning.RegenerateSshHostKeyPair=n$' '${confPath}'") 51 51 + machine.succeed("grep -q '^Provisioning.SshHostKeyPairType=ed25519$' '${confPath}'") 52 52 + machine.succeed("grep -q '^Provisioning.MonitorHostName=n$' '${confPath}'") 53 53 + machine.succeed("grep -q '^ResourceDisk.Format=n$' '${confPath}'") 54 54 + machine.succeed("grep -q '^ResourceDisk.MountOptions=compress=lzo,mode=0600$' '${confPath}'") 55 55 + machine.succeed("grep -q '^OS.RootDeviceScsiTimeout=300$' '${confPath}'") 56 56 + 57 57 + # Undocumented options should also be supported 58 58 + machine.succeed("grep -q '^CGroups.EnforceLimits=n$' '${confPath}'") 59 59 + 60 60 + # Null values should be skipped and not exist in waagent.conf 61 61 + machine.fail("grep -q '^HttpProxy.Host=' '${confPath}'") 62 62 + machine.fail("grep -q '^HttpProxy.Port=' '${confPath}'") 63 63 + 64 64 + # Empty lists should be skipped and not exist in waagent.conf 65 65 + machine.fail("grep -q '^CGroups.Excluded=' '${confPath}'") 66 66 + 67 67 + # Test service start 68 68 + # Skip testing actual functionality due to lacking Azure infrasturcture 69 69 + machine.wait_for_unit("waagent.service") 70 70 + ''; 71 71 + } 72 72 + )

+13

pkgs/by-name/wa/waagent/package.nix

reviewed

··· 4 4 lib, 5 5 python3, 6 6 bash, 7 7 + gitUpdater, 8 8 + nixosTests, 7 9 }: 8 10 9 11 let ··· 63 65 64 66 dontWrapPythonPrograms = false; 65 67 68 68 + passthru = { 69 69 + tests = { 70 70 + inherit (nixosTests) waagent; 71 71 + }; 72 72 + updateScript = gitUpdater { 73 73 + rev-prefix = "v"; 74 74 + }; 75 75 + }; 76 76 + 66 77 meta = { 67 78 description = "Microsoft Azure Linux Agent (waagent)"; 68 79 mainProgram = "waagent"; ··· 71 82 manages Linux provisioning and VM interaction with the Azure 72 83 Fabric Controller''; 73 84 homepage = "https://github.com/Azure/WALinuxAgent"; 85 85 + maintainers = with lib.maintainers; [ codgician ]; 74 86 license = with lib.licenses; [ asl20 ]; 87 87 + platforms = lib.platforms.linux; 75 88 }; 76 89 }