diff options
author | Rob Vermaas <rob.vermaas@gmail.com> | 2018-04-06 10:56:56 +0200 |
---|---|---|
committer | Rob Vermaas <rob.vermaas@gmail.com> | 2018-04-06 10:57:31 +0200 |
commit | b894dd8b821d74b25911f63762c24024107d9372 (patch) | |
tree | 32c9d3dc2a8053ab564851062ffbf78a194f613e /nixos/modules/virtualisation/google-compute-image.nix | |
parent | 935526e181f5b0963616c6f558c2094c4d8690e3 (diff) |
Update create-gce.sh script. Set default option for GCE images to disable host key replacement by service.
(cherry picked from commit 748d96ffa3c51c3127bcdf23a88d54afad6406e9)
Diffstat (limited to 'nixos/modules/virtualisation/google-compute-image.nix')
-rw-r--r-- | nixos/modules/virtualisation/google-compute-image.nix | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/nixos/modules/virtualisation/google-compute-image.nix b/nixos/modules/virtualisation/google-compute-image.nix index eaf8b14cd8e1..559c30b9416a 100644 --- a/nixos/modules/virtualisation/google-compute-image.nix +++ b/nixos/modules/virtualisation/google-compute-image.nix @@ -57,6 +57,12 @@ in # Always include cryptsetup so that NixOps can use it. environment.systemPackages = [ pkgs.cryptsetup ]; + # Make sure GCE image does not replace host key that NixOps sets + environment.etc."default/instance_configs.cfg".text = lib.mkDefault '' + [InstanceSetup] + set_host_keys = false + ''; + # Rely on GCP's firewall instead networking.firewall.enable = mkDefault false; |