mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-09-29 15:43:00 +00:00
Update create-gce.sh script. Set default option for GCE images to disable host key replacement by service.
This commit is contained in:
parent
207b429e4b
commit
748d96ffa3
@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
BUCKET_NAME="${BUCKET_NAME:-nixos-images}"
|
BUCKET_NAME="${BUCKET_NAME:-nixos-cloud-images}"
|
||||||
TIMESTAMP="$(date +%Y%m%d%H%M)"
|
TIMESTAMP="$(date +%Y%m%d%H%M)"
|
||||||
export TIMESTAMP
|
export TIMESTAMP
|
||||||
|
|
||||||
@ -19,5 +19,5 @@ img_name=$(basename "$img_path")
|
|||||||
img_id=$(echo "$img_name" | sed 's|.raw.tar.gz$||;s|\.|-|g;s|_|-|g')
|
img_id=$(echo "$img_name" | sed 's|.raw.tar.gz$||;s|\.|-|g;s|_|-|g')
|
||||||
if ! gsutil ls "gs://${BUCKET_NAME}/$img_name"; then
|
if ! gsutil ls "gs://${BUCKET_NAME}/$img_name"; then
|
||||||
gsutil cp "$img_path" "gs://${BUCKET_NAME}/$img_name"
|
gsutil cp "$img_path" "gs://${BUCKET_NAME}/$img_name"
|
||||||
|
gsutil acl ch -u AllUsers:R "gs://${BUCKET_NAME}/$img_name"
|
||||||
fi
|
fi
|
||||||
gcloud compute images create "$img_id" --source-uri "gs://${BUCKET_NAME}/$img_name"
|
|
||||||
|
@ -57,6 +57,12 @@ in
|
|||||||
# Always include cryptsetup so that NixOps can use it.
|
# Always include cryptsetup so that NixOps can use it.
|
||||||
environment.systemPackages = [ pkgs.cryptsetup ];
|
environment.systemPackages = [ pkgs.cryptsetup ];
|
||||||
|
|
||||||
|
# Make sure GCE image does not replace host key that NixOps sets
|
||||||
|
environment.etc."default/instance_configs.cfg".text = lib.mkDefault ''
|
||||||
|
[InstanceSetup]
|
||||||
|
set_host_keys = false
|
||||||
|
'';
|
||||||
|
|
||||||
# Rely on GCP's firewall instead
|
# Rely on GCP's firewall instead
|
||||||
networking.firewall.enable = mkDefault false;
|
networking.firewall.enable = mkDefault false;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user