Update create-gce.sh script. Set default option for GCE images to disable host key replacement by service.

(cherry picked from commit 748d96ffa3c51c3127bcdf23a88d54afad6406e9)
2018-04-06 10:56:56 +02:00 · 2018-04-06 10:56:56 +02:00 · b894dd8b82
parent 935526e181
commit b894dd8b82
2 changed files with 8 additions and 2 deletions
--- a/nixos/maintainers/scripts/gce/create-gce.sh
+++ b/nixos/maintainers/scripts/gce/create-gce.sh
@ -3,7 +3,7 @@

 set -euo pipefail

-BUCKET_NAME="${BUCKET_NAME:-nixos-images}"
+BUCKET_NAME="${BUCKET_NAME:-nixos-cloud-images}"
 TIMESTAMP="$(date +%Y%m%d%H%M)"
 export TIMESTAMP

@ -19,5 +19,5 @@ img_name=$(basename "$img_path")
 img_id=$(echo "$img_name" | sed 's|.raw.tar.gz$||;s|\.|-|g;s|_|-|g')
 if ! gsutil ls "gs://${BUCKET_NAME}/$img_name"; then
  gsutil cp "$img_path" "gs://${BUCKET_NAME}/$img_name"
+  gsutil acl ch -u AllUsers:R "gs://${BUCKET_NAME}/$img_name"
 fi
-gcloud compute images create "$img_id" --source-uri "gs://${BUCKET_NAME}/$img_name"
--- a/nixos/modules/virtualisation/google-compute-image.nix
+++ b/nixos/modules/virtualisation/google-compute-image.nix
@ -57,6 +57,12 @@ in
  # Always include cryptsetup so that NixOps can use it.
  environment.systemPackages = [ pkgs.cryptsetup ];

+  # Make sure GCE image does not replace host key that NixOps sets
+  environment.etc."default/instance_configs.cfg".text = lib.mkDefault ''
+    [InstanceSetup]
+    set_host_keys = false
+  '';
+
  # Rely on GCP's firewall instead
  networking.firewall.enable = mkDefault false;