nixpkgs/nixos/modules/virtualisation/amazon-init.nix

{ config, pkgs, ... }:

let
  script = ''
    #!${pkgs.runtimeShell} -eu

    echo "attempting to fetch configuration from EC2 user data..."

    export HOME=/root
    export PATH=${pkgs.lib.makeBinPath [ config.nix.package pkgs.systemd pkgs.gnugrep pkgs.gnused config.system.build.nixos-rebuild]}:$PATH
    export NIX_PATH=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels

    userData=/etc/ec2-metadata/user-data

    if [ -s "$userData" ]; then
      # If the user-data looks like it could be a nix expression,
      # copy it over. Also, look for a magic three-hash comment and set
      # that as the channel.
      if sed '/^\(#\|SSH_HOST_.*\)/d' < "$userData" | grep -q '\S'; then
        channels="$(grep '^###' "$userData" | sed 's|###\s*||')"
        printf "%s" "$channels" | while read channel; do
          echo "writing channel: $channel"
        done

        if [[ -n "$channels" ]]; then
          printf "%s" "$channels" > /root/.nix-channels
          nix-channel --update
        fi

        echo "setting configuration from EC2 user data"
        cp "$userData" /etc/nixos/configuration.nix
      else
        echo "user data does not appear to be a Nix expression; ignoring"
        exit
      fi
    else
      echo "no user data is available"
      exit
    fi

    nixos-rebuild switch
  '';
in {
  systemd.services.amazon-init = {
    inherit script;
    description = "Reconfigure the system from EC2 userdata on startup";

    wantedBy = [ "multi-user.target" ];
    after = [ "multi-user.target" ];
    requires = [ "network-online.target" ];
 
    restartIfChanged = false;
    unitConfig.X-StopOnRemoval = false;

    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
    };
  };
}
amazon-init NixOS module: fix (I think) race condition with network The initialization code is now a systemd service that explicitly waits for network-online, so the occasional failure I was seeing because the `nixos-rebuild` couldn't get anything from the binary cache should stop. I hope! 2017-02-15 22:32:45 +00:00			`{ config, pkgs, ... }:`
Initial attempt at configuring from EC2 userdata (with input from cstrahan). Now with VM tests! 2015-04-10 06:06:52 +02:00
			`let`
amazon-init NixOS module: fix (I think) race condition with network The initialization code is now a systemd service that explicitly waits for network-online, so the occasional failure I was seeing because the `nixos-rebuild` couldn't get anything from the binary cache should stop. I hope! 2017-02-15 22:32:45 +00:00			`script = ''`
nixos: Move uses of stdenv.shell to runtimeShell. 2018-03-01 14:38:53 -05:00			`#!${pkgs.runtimeShell} -eu`
Initial attempt at configuring from EC2 userdata (with input from cstrahan). Now with VM tests! 2015-04-10 06:06:52 +02:00
amazon-init.nix: Don't run nixos-rebuild if we don't have to 2016-02-04 15:15:19 +01:00			`echo "attempting to fetch configuration from EC2 user data..."`
Initial attempt at configuring from EC2 userdata (with input from cstrahan). Now with VM tests! 2015-04-10 06:06:52 +02:00
amazon-init NixOS module: fix (I think) race condition with network The initialization code is now a systemd service that explicitly waits for network-online, so the occasional failure I was seeing because the `nixos-rebuild` couldn't get anything from the binary cache should stop. I hope! 2017-02-15 22:32:45 +00:00			`export HOME=/root`
amazon-init.nix: Use makeBinPath This also fixes the incorrect use of 'dev' outputs from config.nix.package and pkgs.systemd. 2016-04-24 14:00:31 +03:00			`export PATH=${pkgs.lib.makeBinPath [ config.nix.package pkgs.systemd pkgs.gnugrep pkgs.gnused config.system.build.nixos-rebuild]}:$PATH`
Initial attempt at configuring from EC2 userdata (with input from cstrahan). Now with VM tests! 2015-04-10 06:06:52 +02:00			`export NIX_PATH=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels`

Fetch all EC2 metadata / user data in the initrd Since we're already fetching one datum, we may as well fetch the others needed by fetch-ec2-data. This also eliminates the dependency on wget. 2016-02-04 15:42:49 +01:00			`userData=/etc/ec2-metadata/user-data`
Initial attempt at configuring from EC2 userdata (with input from cstrahan). Now with VM tests! 2015-04-10 06:06:52 +02:00
Fetch all EC2 metadata / user data in the initrd Since we're already fetching one datum, we may as well fetch the others needed by fetch-ec2-data. This also eliminates the dependency on wget. 2016-02-04 15:42:49 +01:00			`if [ -s "$userData" ]; then`
Initial attempt at configuring from EC2 userdata (with input from cstrahan). Now with VM tests! 2015-04-10 06:06:52 +02:00			`# If the user-data looks like it could be a nix expression,`
			`# copy it over. Also, look for a magic three-hash comment and set`
			`# that as the channel.`
			`if sed '/^\(#\\|SSH_HOST_.*\)/d' < "$userData" \| grep -q '\S'; then`
			`channels="$(grep '^###' "$userData" \| sed 's\|###\s*\|\|')"`
			`printf "%s" "$channels" \| while read channel; do`
			`echo "writing channel: $channel"`
			`done`

			`if [[ -n "$channels" ]]; then`
			`printf "%s" "$channels" > /root/.nix-channels`
			`nix-channel --update`
			`fi`

amazon-init.nix: Don't run nixos-rebuild if we don't have to 2016-02-04 15:15:19 +01:00			`echo "setting configuration from EC2 user data"`
Initial attempt at configuring from EC2 userdata (with input from cstrahan). Now with VM tests! 2015-04-10 06:06:52 +02:00			`cp "$userData" /etc/nixos/configuration.nix`
			`else`
amazon-init.nix: Don't run nixos-rebuild if we don't have to 2016-02-04 15:15:19 +01:00			`echo "user data does not appear to be a Nix expression; ignoring"`
			`exit`
Initial attempt at configuring from EC2 userdata (with input from cstrahan). Now with VM tests! 2015-04-10 06:06:52 +02:00			`fi`
			`else`
Fetch all EC2 metadata / user data in the initrd Since we're already fetching one datum, we may as well fetch the others needed by fetch-ec2-data. This also eliminates the dependency on wget. 2016-02-04 15:42:49 +01:00			`echo "no user data is available"`
amazon-init.nix: Don't run nixos-rebuild if we don't have to 2016-02-04 15:15:19 +01:00			`exit`
Initial attempt at configuring from EC2 userdata (with input from cstrahan). Now with VM tests! 2015-04-10 06:06:52 +02:00			`fi`

			`nixos-rebuild switch`
			`'';`
			`in {`
amazon-init NixOS module: fix (I think) race condition with network The initialization code is now a systemd service that explicitly waits for network-online, so the occasional failure I was seeing because the `nixos-rebuild` couldn't get anything from the binary cache should stop. I hope! 2017-02-15 22:32:45 +00:00			`systemd.services.amazon-init = {`
			`inherit script;`
			`description = "Reconfigure the system from EC2 userdata on startup";`

amazon-init.service: fix starting services at startup We now make it happen later in the boot process so that multi-user has already activated, so as to not run afoul of the logic in switch-to-configuration.pl. It's not my favorite solution, but at least it works. Also added a check to the VM test to catch the failure so we don't break in future. Fixes #23121 2017-02-27 16:51:36 +00:00			`wantedBy = [ "multi-user.target" ];`
			`after = [ "multi-user.target" ];`
amazon-init NixOS module: fix (I think) race condition with network The initialization code is now a systemd service that explicitly waits for network-online, so the occasional failure I was seeing because the `nixos-rebuild` couldn't get anything from the binary cache should stop. I hope! 2017-02-15 22:32:45 +00:00			`requires = [ "network-online.target" ];`

			`restartIfChanged = false;`
			`unitConfig.X-StopOnRemoval = false;`

			`serviceConfig = {`
			`Type = "oneshot";`
			`RemainAfterExit = true;`
			`};`
			`};`
Initial attempt at configuring from EC2 userdata (with input from cstrahan). Now with VM tests! 2015-04-10 06:06:52 +02:00			`}`
amazon-init NixOS module: fix (I think) race condition with network The initialization code is now a systemd service that explicitly waits for network-online, so the occasional failure I was seeing because the `nixos-rebuild` couldn't get anything from the binary cache should stop. I hope! 2017-02-15 22:32:45 +00:00