nixpkgs/nixos/modules/virtualisation/azure-image.nix

{ config, lib, pkgs, ... }:

with lib;
let
  diskSize = "30720";
in
{
  system.build.azureImage =
    pkgs.vmTools.runInLinuxVM (
      pkgs.runCommand "azure-image"
        { preVM =
            ''
              mkdir $out
              diskImage=$out/$diskImageBase

              cyl=$(((${diskSize}*1024*1024)/(512*63*255)))
              size=$(($cyl*255*63*512))              
              roundedsize=$((($size/(1024*1024)+1)*(1024*1024)))
              ${pkgs.vmTools.qemu-220}/bin/qemu-img create -f raw $diskImage $roundedsize
              mv closure xchg/
            '';

          postVM =
            ''
              mkdir -p $out
              ${pkgs.vmTools.qemu-220}/bin/qemu-img convert -f raw -O vpc $diskImage $out/disk.vhd
              rm $diskImage
            '';
          diskImageBase = "nixos-image-${config.system.nixosLabel}-${pkgs.stdenv.system}.raw";
          buildInputs = [ pkgs.utillinux pkgs.perl ];
          exportReferencesGraph =
            [ "closure" config.system.build.toplevel ];
        }
        ''
          # Create partition table
          ${pkgs.parted}/sbin/parted /dev/vda mklabel msdos
          ${pkgs.parted}/sbin/parted /dev/vda mkpart primary ext4 1 ${diskSize}M
          ${pkgs.parted}/sbin/parted /dev/vda print
          . /sys/class/block/vda1/uevent
          mknod /dev/vda1 b $MAJOR $MINOR

          # Create an empty filesystem and mount it.
          ${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L nixos /dev/vda1
          ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1

          mkdir /mnt
          mount /dev/vda1 /mnt

          # The initrd expects these directories to exist.
          mkdir /mnt/dev /mnt/proc /mnt/sys

          mount --bind /proc /mnt/proc
          mount --bind /dev /mnt/dev
          mount --bind /sys /mnt/sys

          # Copy all paths in the closure to the filesystem.
          storePaths=$(perl ${pkgs.pathsFromGraph} /tmp/xchg/closure)

          mkdir -p /mnt/nix/store
          echo "copying everything (will take a while)..."
          cp -prd $storePaths /mnt/nix/store/

          echo Register the paths in the Nix database.
          printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
              chroot /mnt ${config.nix.package.out}/bin/nix-store --load-db --option build-users-group ""

          echo Create the system profile to allow nixos-rebuild to work.
          chroot /mnt ${config.nix.package.out}/bin/nix-env \
              -p /nix/var/nix/profiles/system --set ${config.system.build.toplevel} --option build-users-group ""

          echo nixos-rebuild requires an /etc/NIXOS.
          mkdir -p /mnt/etc
          touch /mnt/etc/NIXOS

          echo switch-to-configuration requires a /bin/sh
          mkdir -p /mnt/bin
          ln -s ${config.system.build.binsh}/bin/sh /mnt/bin/sh

          echo Install a configuration.nix.
          mkdir -p /mnt/etc/nixos /mnt/boot/grub
          cp ${./azure-config-user.nix} /mnt/etc/nixos/configuration.nix

          echo Generate the GRUB menu.
          ln -s vda /dev/sda
          chroot /mnt ${config.system.build.toplevel}/bin/switch-to-configuration boot

          echo Almost done
          umount /mnt/proc /mnt/dev /mnt/sys
          umount /mnt
        ''
    );

  imports = [ ./azure-common.nix ];

  # Azure metadata is available as a CD-ROM drive.
  fileSystems."/metadata".device = "/dev/sr0";

  systemd.services.fetch-ssh-keys =
    { description = "Fetch host keys and authorized_keys for root user";

      wantedBy = [ "sshd.service" "waagent.service" ];
      before = [ "sshd.service" "waagent.service" ];
      after = [ "local-fs.target" ];

      path  = [ pkgs.coreutils ];
      script =
        ''
          eval "$(cat /metadata/CustomData.bin)"
          if ! [ -z "$ssh_host_ecdsa_key" ]; then
            echo "downloaded ssh_host_ecdsa_key"
            echo "$ssh_host_ecdsa_key" > /etc/ssh/ssh_host_ed25519_key
            chmod 600 /etc/ssh/ssh_host_ed25519_key
          fi

          if ! [ -z "$ssh_host_ecdsa_key_pub" ]; then
            echo "downloaded ssh_host_ecdsa_key_pub"
            echo "$ssh_host_ecdsa_key_pub" > /etc/ssh/ssh_host_ed25519_key.pub
            chmod 644 /etc/ssh/ssh_host_ed25519_key.pub
          fi

          if ! [ -z "$ssh_root_auth_key" ]; then
            echo "downloaded ssh_root_auth_key"
            mkdir -m 0700 -p /root/.ssh
            echo "$ssh_root_auth_key" > /root/.ssh/authorized_keys
            chmod 600 /root/.ssh/authorized_keys
          fi
        '';
      serviceConfig.Type = "oneshot";
      serviceConfig.RemainAfterExit = true;
      serviceConfig.StandardError = "journal+console";
      serviceConfig.StandardOutput = "journal+console";
     };

}
Initial configuration + image generation script for Micro$oft Azure. Work in progress for #3986. 2014-09-06 21:37:46 +02:00			`{ config, lib, pkgs, ... }:`

			`with lib;`
			`let`
virtualization/azure: fixes azure-agent: add option for verbose logging azure-agent: disable ssh host key regeneration azure-common: set verbose logging on azure-image: increase size to 30GB 2016-03-10 23:15:52 -08:00			`diskSize = "30720";`
Initial configuration + image generation script for Micro$oft Azure. Work in progress for #3986. 2014-09-06 21:37:46 +02:00			`in`
			`{`
			`system.build.azureImage =`
			`pkgs.vmTools.runInLinuxVM (`
			`pkgs.runCommand "azure-image"`
			`{ preVM =`
			`''`
			`mkdir $out`
			`diskImage=$out/$diskImageBase`

			`cyl=$(((${diskSize}10241024)/(51263255)))`
			`size=$(($cyl25563*512))`
			`roundedsize=$((($size/(10241024)+1)(1024*1024)))`
azure: package qemu @ 2.2.0 This commit packages qemu-220. This package is qemu-2.2.0 and is only used with Azure. 2016-02-18 17:30:06 -08:00			`${pkgs.vmTools.qemu-220}/bin/qemu-img create -f raw $diskImage $roundedsize`
Initial configuration + image generation script for Micro$oft Azure. Work in progress for #3986. 2014-09-06 21:37:46 +02:00			`mv closure xchg/`
			`'';`

			`postVM =`
			`''`
			`mkdir -p $out`
virtualization/azure: make the image dynamic again since azure-cli upload bug is fixed 2016-03-13 00:48:53 +02:00			`${pkgs.vmTools.qemu-220}/bin/qemu-img convert -f raw -O vpc $diskImage $out/disk.vhd`
Initial configuration + image generation script for Micro$oft Azure. Work in progress for #3986. 2014-09-06 21:37:46 +02:00			`rm $diskImage`
			`'';`
nixos: introduce system.nixosLabel option and use it where appropriate Setting nixosVersion to something custom is useful for meaningful GRUB menus and /nix/store paths, but actuallly changing it rebulids the whole system path (because of `nixos-version` script and manual pages). Also, changing it is not a particularly good idea because you can then be differentitated from other NixOS users by a lot of programs that read /etc/os-release. This patch introduces an alternative option that does all you want from nixosVersion, but rebuilds only the very top system level and /etc while using your label in the names of system /nix/store paths, GRUB and other boot loaders' menus, getty greetings and so on. 2015-09-18 16:50:48 +00:00			`diskImageBase = "nixos-image-${config.system.nixosLabel}-${pkgs.stdenv.system}.raw";`
Initial configuration + image generation script for Micro$oft Azure. Work in progress for #3986. 2014-09-06 21:37:46 +02:00			`buildInputs = [ pkgs.utillinux pkgs.perl ];`
			`exportReferencesGraph =`
			`[ "closure" config.system.build.toplevel ];`
			`}`
			`''`
			`# Create partition table`
			`${pkgs.parted}/sbin/parted /dev/vda mklabel msdos`
			`${pkgs.parted}/sbin/parted /dev/vda mkpart primary ext4 1 ${diskSize}M`
			`${pkgs.parted}/sbin/parted /dev/vda print`
			`. /sys/class/block/vda1/uevent`
			`mknod /dev/vda1 b $MAJOR $MINOR`

			`# Create an empty filesystem and mount it.`
			`${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L nixos /dev/vda1`
			`${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1`

			`mkdir /mnt`
			`mount /dev/vda1 /mnt`

			`# The initrd expects these directories to exist.`
			`mkdir /mnt/dev /mnt/proc /mnt/sys`

			`mount --bind /proc /mnt/proc`
			`mount --bind /dev /mnt/dev`
			`mount --bind /sys /mnt/sys`

			`# Copy all paths in the closure to the filesystem.`
			`storePaths=$(perl ${pkgs.pathsFromGraph} /tmp/xchg/closure)`

			`mkdir -p /mnt/nix/store`
			`echo "copying everything (will take a while)..."`
			`cp -prd $storePaths /mnt/nix/store/`

azure: add a job to download ssh host and root keys if they are made available via "custom data"; see #3986 2015-02-16 16:54:30 +02:00			`echo Register the paths in the Nix database.`
Initial configuration + image generation script for Micro$oft Azure. Work in progress for #3986. 2014-09-06 21:37:46 +02:00			`printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure \| \`
treewide: Use correct output in ${config.nix.package}/bin 2016-04-24 13:57:19 +03:00			`chroot /mnt ${config.nix.package.out}/bin/nix-store --load-db --option build-users-group ""`
Initial configuration + image generation script for Micro$oft Azure. Work in progress for #3986. 2014-09-06 21:37:46 +02:00
azure: add a job to download ssh host and root keys if they are made available via "custom data"; see #3986 2015-02-16 16:54:30 +02:00			`echo Create the system profile to allow nixos-rebuild to work.`
treewide: Use correct output in ${config.nix.package}/bin 2016-04-24 13:57:19 +03:00			`chroot /mnt ${config.nix.package.out}/bin/nix-env \`
azure: add a job to download ssh host and root keys if they are made available via "custom data"; see #3986 2015-02-16 16:54:30 +02:00			`-p /nix/var/nix/profiles/system --set ${config.system.build.toplevel} --option build-users-group ""`
Initial configuration + image generation script for Micro$oft Azure. Work in progress for #3986. 2014-09-06 21:37:46 +02:00
azure: add a job to download ssh host and root keys if they are made available via "custom data"; see #3986 2015-02-16 16:54:30 +02:00			`echo nixos-rebuild requires an /etc/NIXOS.`
Initial configuration + image generation script for Micro$oft Azure. Work in progress for #3986. 2014-09-06 21:37:46 +02:00			`mkdir -p /mnt/etc`
			`touch /mnt/etc/NIXOS`

azure: add a job to download ssh host and root keys if they are made available via "custom data"; see #3986 2015-02-16 16:54:30 +02:00			`echo switch-to-configuration requires a /bin/sh`
Initial configuration + image generation script for Micro$oft Azure. Work in progress for #3986. 2014-09-06 21:37:46 +02:00			`mkdir -p /mnt/bin`
			`ln -s ${config.system.build.binsh}/bin/sh /mnt/bin/sh`

azure: add a job to download ssh host and root keys if they are made available via "custom data"; see #3986 2015-02-16 16:54:30 +02:00			`echo Install a configuration.nix.`
Initial configuration + image generation script for Micro$oft Azure. Work in progress for #3986. 2014-09-06 21:37:46 +02:00			`mkdir -p /mnt/etc/nixos /mnt/boot/grub`
azure-image: provide configuration.nix which allows nixos-rebuild to build a working generation and add helpful comments 2016-03-03 03:58:51 +02:00			`cp ${./azure-config-user.nix} /mnt/etc/nixos/configuration.nix`
Initial configuration + image generation script for Micro$oft Azure. Work in progress for #3986. 2014-09-06 21:37:46 +02:00
azure: add a job to download ssh host and root keys if they are made available via "custom data"; see #3986 2015-02-16 16:54:30 +02:00			`echo Generate the GRUB menu.`
Initial configuration + image generation script for Micro$oft Azure. Work in progress for #3986. 2014-09-06 21:37:46 +02:00			`ln -s vda /dev/sda`
			`chroot /mnt ${config.system.build.toplevel}/bin/switch-to-configuration boot`

azure: add a job to download ssh host and root keys if they are made available via "custom data"; see #3986 2015-02-16 16:54:30 +02:00			`echo Almost done`
Initial configuration + image generation script for Micro$oft Azure. Work in progress for #3986. 2014-09-06 21:37:46 +02:00			`umount /mnt/proc /mnt/dev /mnt/sys`
			`umount /mnt`
			`''`
			`);`

azure-image: fix, split into bootstrap and regular configurations Conflicts: nixos/modules/virtualisation/azure-image.nix 2015-05-03 20:18:18 +03:00			`imports = [ ./azure-common.nix ];`
Initial configuration + image generation script for Micro$oft Azure. Work in progress for #3986. 2014-09-06 21:37:46 +02:00
Azure: Mount metadata 'CD' on /metadata 2014-09-06 21:53:10 +02:00			`# Azure metadata is available as a CD-ROM drive.`
			`fileSystems."/metadata".device = "/dev/sr0";`

azure: add a job to download ssh host and root keys if they are made available via "custom data"; see #3986 2015-02-16 16:54:30 +02:00			`systemd.services.fetch-ssh-keys =`
			`{ description = "Fetch host keys and authorized_keys for root user";`

Azure image: update ssh key type, start before the Azure agent 2015-12-09 07:39:17 +02:00			`wantedBy = [ "sshd.service" "waagent.service" ];`
			`before = [ "sshd.service" "waagent.service" ];`
azure: add a job to download ssh host and root keys if they are made available via "custom data"; see #3986 2015-02-16 16:54:30 +02:00			`after = [ "local-fs.target" ];`

			`path = [ pkgs.coreutils ];`
			`script =`
			`''`
azure-image: azure resource manager doesn't base64-encode custom data, unlike azure service manager 2016-01-10 11:35:44 +02:00			`eval "$(cat /metadata/CustomData.bin)"`
azure: add a job to download ssh host and root keys if they are made available via "custom data"; see #3986 2015-02-16 16:54:30 +02:00			`if ! [ -z "$ssh_host_ecdsa_key" ]; then`
			`echo "downloaded ssh_host_ecdsa_key"`
Azure image: update ssh key type, start before the Azure agent 2015-12-09 07:39:17 +02:00			`echo "$ssh_host_ecdsa_key" > /etc/ssh/ssh_host_ed25519_key`
			`chmod 600 /etc/ssh/ssh_host_ed25519_key`
azure: add a job to download ssh host and root keys if they are made available via "custom data"; see #3986 2015-02-16 16:54:30 +02:00			`fi`

			`if ! [ -z "$ssh_host_ecdsa_key_pub" ]; then`
			`echo "downloaded ssh_host_ecdsa_key_pub"`
Azure image: update ssh key type, start before the Azure agent 2015-12-09 07:39:17 +02:00			`echo "$ssh_host_ecdsa_key_pub" > /etc/ssh/ssh_host_ed25519_key.pub`
			`chmod 644 /etc/ssh/ssh_host_ed25519_key.pub`
azure: add a job to download ssh host and root keys if they are made available via "custom data"; see #3986 2015-02-16 16:54:30 +02:00			`fi`

			`if ! [ -z "$ssh_root_auth_key" ]; then`
			`echo "downloaded ssh_root_auth_key"`
			`mkdir -m 0700 -p /root/.ssh`
			`echo "$ssh_root_auth_key" > /root/.ssh/authorized_keys`
			`chmod 600 /root/.ssh/authorized_keys`
			`fi`
			`'';`
			`serviceConfig.Type = "oneshot";`
			`serviceConfig.RemainAfterExit = true;`
			`serviceConfig.StandardError = "journal+console";`
			`serviceConfig.StandardOutput = "journal+console";`
			`};`

Initial configuration + image generation script for Micro$oft Azure. Work in progress for #3986. 2014-09-06 21:37:46 +02:00			`}`