public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add ec2.metadata (default false) option whether to allow access to EC2 metadata API.

Browse Source
This commit is contained in:
Rob Vermaas 2012-11-21 12:19:38 -05:00
parent 0f15d75017
commit f0a6911929
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
modules/virtualisation/ec2-data.nix
View File

@ -5,8 +5,19 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
with pkgs.lib; with pkgs.lib;
let
options = {
ec2.metadata = mkOption {
type = types.bool;
default = false;
description = ''
Whether to allow access to EC2 metadata.
'';
};
};
in
{ {
require = [options];
jobs.fetchEC2Data = jobs.fetchEC2Data =
{ name = "fetch-ec2-data"; { name = "fetch-ec2-data";
@ -56,9 +67,11 @@ with pkgs.lib;
echo "$key_pub" > /etc/ssh/ssh_host_dsa_key.pub echo "$key_pub" > /etc/ssh/ssh_host_dsa_key.pub
fi fi
${optionalString (! config.ec2.metadata) ''
# Since the user data is sensitive, prevent it from being # Since the user data is sensitive, prevent it from being
# accessed from now on. # accessed from now on.
ip route add blackhole 169.254.169.254/32 ip route add blackhole 169.254.169.254/32
''}
''; '';
}; };