]> Git — Sourcephile - sourcephile-nix.git/blob - nixpkgs/pkgs/installer/nixops-virtualbox/machine-configuration-nixops.nix
openvpn: fix tls-cipher
[sourcephile-nix.git] / nixpkgs / pkgs / installer / nixops-virtualbox / machine-configuration-nixops.nix
1 { config, ... }:
2
3 let
4
5 clientKeyPath = "/root/.vbox-nixops-client-key";
6
7 in {
8
9 imports = [ <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix> ];
10
11 services.openssh.enable = true;
12
13 systemd.services.get-vbox-nixops-client-key = {
14 description = "Get NixOps SSH Key";
15 wantedBy = [ "multi-user.target" ];
16 before = [ "sshd.service" ];
17 requires = [ "dev-vboxguest.device" ];
18 after = [ "dev-vboxguest.device" ];
19 path = [ config.boot.kernelPackages.virtualboxGuestAdditions ];
20 script = ''
21 set -o pipefail
22 VBoxControl -nologo guestproperty get /VirtualBox/GuestInfo/Charon/ClientPublicKey | sed 's/Value: //' > ${clientKeyPath}.tmp
23 mv ${clientKeyPath}.tmp ${clientKeyPath}
24
25 if [[ ! -f /etc/ssh/ssh_host_ed25519_key ]]; then
26 VBoxControl -nologo guestproperty get /VirtualBox/GuestInfo/NixOps/PrivateHostEd25519Key | sed 's/Value: //' > /etc/ssh/ssh_host_ed25519_key.tmp
27 mv /etc/ssh/ssh_host_ed25519_key.tmp /etc/ssh/ssh_host_ed25519_key
28 chmod 0600 /etc/ssh/ssh_host_ed25519_key
29 fi
30 '';
31 };
32
33 services.openssh.authorizedKeysFiles = [ ".vbox-nixops-client-key" ];
34
35 boot.vesa = false;
36
37 boot.loader.timeout = 1;
38
39 # VirtualBox doesn't seem to lease IP addresses persistently, so we
40 # may get a different IP address if dhcpcd is restarted. So don't
41 # restart dhcpcd.
42 systemd.services.dhcpcd.restartIfChanged = false;
43
44 # Useless there and CPU intensive.
45 documentation.nixos.enable = false;
46 }