diff options
author | Russell O'Connor <oconnorr@google.com> | 2014-12-30 14:10:32 -0500 |
---|---|---|
committer | Russell O'Connor <oconnorr@google.com> | 2015-01-06 12:06:54 -0500 |
commit | d1a58ef7c6873677fc95cbd46d405368e160ac2a (patch) | |
tree | 48f13ced7071cac5a9872ce062a8548e53e9cd0c /nixos/modules/virtualisation/google-compute-image.nix | |
parent | 3251948029aab3e268c081cb258a835711a86205 (diff) |
google-compute-image.nix: Try to download all SSH host keys from metadata server.
Diffstat (limited to 'nixos/modules/virtualisation/google-compute-image.nix')
-rw-r--r-- | nixos/modules/virtualisation/google-compute-image.nix | 28 |
1 files changed, 20 insertions, 8 deletions
diff --git a/nixos/modules/virtualisation/google-compute-image.nix b/nixos/modules/virtualisation/google-compute-image.nix index bee64866b52b..41c7dd62f3ed 100644 --- a/nixos/modules/virtualisation/google-compute-image.nix +++ b/nixos/modules/virtualisation/google-compute-image.nix @@ -152,14 +152,26 @@ in rm -f /root/key.pub /root/authorized-keys-metadata fi - echo "obtaining SSH private host key..." - ${wget} -O /root/ssh_host_ecdsa_key http://metadata/0.1/meta-data/attributes/ssh_host_ecdsa_key - if [ $? -eq 0 -a -e /root/ssh_host_ecdsa_key ]; then - mv -f /root/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key - echo "downloaded ssh_host_ecdsa_key" - chmod 600 /etc/ssh/ssh_host_ecdsa_key - ${config.programs.ssh.package}/bin/ssh-keygen -y -f /etc/ssh/ssh_host_ecdsa_key > /etc/ssh/ssh_host_ecdsa_key.pub - chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub + countKeys=0 + ${flip concatMapStrings config.services.openssh.hostKeys (k : + let kName = baseNameOf k.path; in '' + echo "trying to obtain SSH private host key ${kName}" + ${wget} -O /root/${kName} http://metadata/0.1/meta-data/attributes/${kName} && : + if [ $? -eq 0 -a -e /root/${kName} ]; then + countKeys=$((countKeys+1)) + mv -f /root/${kName} ${k.path} + echo "downloaded ${k.path}" + chmod 600 ${k.path} + ${config.programs.ssh.package}/bin/ssh-keygen -y -f ${k.path} > ${k.path}.pub + chmod 644 ${k.path}.pub + fi + rm -f /root/${kName} + '' + )} + + if [[ $countKeys -le 0 ]]; then + echo "failed to obtain any SSH private host keys." + false fi ''; serviceConfig.Type = "oneshot"; |