From 1ccda4faee6e03e59c7780dd3095dc9b9470b8d9 Mon Sep 17 00:00:00 2001
From: Tom Prince <tom.prince@private.storage>
Date: Mon, 27 Sep 2021 12:48:44 -0600
Subject: [PATCH] local-grid: Use upstream `vagrant-guest.nix`.
It looks like this may have been originally copied from a newer nixpkgs
since it wasn't in our nixpkgs fork.
The differences I can see:
- Details of `sudoer` file, some of which appear to be duplicates.
- `jq` and `gnumake` are not on the system path
- `vagrant` user is in group `users` instead of `vagrant`.
---
morph/lib/hardware-virtual.nix | 6 ++-
morph/lib/vagrant-guest.nix | 86 ----------------------------------
2 files changed, 5 insertions(+), 87 deletions(-)
delete mode 100644 morph/lib/vagrant-guest.nix
diff --git a/morph/lib/hardware-virtual.nix b/morph/lib/hardware-virtual.nix
index cf158279..2f306778 100644
--- a/morph/lib/hardware-virtual.nix
+++ b/morph/lib/hardware-virtual.nix
@@ -1,6 +1,10 @@
{ publicIPv4, ... }:
+{ modulesPath, ... }:
{
- imports = [ ./vagrant-guest.nix ];
+ imports = [
+ # modulesPath points at the upstream nixos/modules directory.
+ "${modulesPath}/virtualisation/vagrant-guest.nix"
+ ];
virtualisation.virtualbox.guest.enable = true;
diff --git a/morph/lib/vagrant-guest.nix b/morph/lib/vagrant-guest.nix
deleted file mode 100644
index 2d768427..00000000
--- a/morph/lib/vagrant-guest.nix
+++ /dev/null
@@ -1,86 +0,0 @@
-# Minimal configuration that vagrant depends on
-
-{ config, pkgs, lib, ... }:
-let
- # Vagrant uses an insecure shared private key by default, but we
- # don't use the authorizedKeys attribute under users because it should be
- # removed on first boot and replaced with a random one. This script sets
- # the correct permissions and installs the temporary key if no
- # ~/.ssh/authorized_keys exists.
- install-vagrant-ssh-key = pkgs.writeScriptBin "install-vagrant-ssh-key" ''
- #!${pkgs.runtimeShell}
- if [ ! -e ~/.ssh/authorized_keys ]; then
- mkdir -m 0700 -p ~/.ssh
- echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" >> ~/.ssh/authorized_keys
- chmod 0600 ~/.ssh/authorized_keys
- fi
- '';
-in
-{
- # Services to enable:
-
- # Enable the OpenSSH daemon.
- services.openssh.enable = true;
-
- # Enable DBus
- services.dbus.enable = true;
-
- # Replace ntpd by timesyncd
- services.timesyncd.enable = true;
-
- # Packages for Vagrant
- environment.systemPackages = with pkgs; [
- findutils
- gnumake
- iputils
- jq
- nettools
- netcat
- nfs-utils
- rsync
- ];
-
- users.users.root = { password = "vagrant"; };
-
- # Creates a "vagrant" group & user with password-less sudo access
- users.groups.vagrant = {
- name = "vagrant";
- members = [ "vagrant" ];
- };
- users.extraUsers.vagrant = {
- isNormalUser = true;
- createHome = true;
- group = "vagrant";
- extraGroups = [ "users" "wheel" ];
- password = "vagrant";
- home = "/home/vagrant";
- useDefaultShell = true;
- };
-
- systemd.services.install-vagrant-ssh-key = {
- description = "Vagrant SSH key install (if needed)";
- after = [ "fs.target" ];
- wants = [ "fs.target" ];
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- ExecStart = "${install-vagrant-ssh-key}/bin/install-vagrant-ssh-key";
- User = "vagrant";
- # So it won't be (needlessly) restarted:
- RemainAfterExit = true;
- };
- };
-
- security.sudo.wheelNeedsPassword = false;
-
- security.sudo.extraConfig =
- ''
- Defaults:root,%wheel env_keep+=LOCALE_ARCHIVE
- Defaults:root,%wheel env_keep+=NIX_PATH
- Defaults:root,%wheel env_keep+=TERMINFO_DIRS
- Defaults env_keep+=SSH_AUTH_SOCK
- Defaults lecture = never
- root ALL=(ALL) SETENV: ALL
- %wheel ALL=(ALL) NOPASSWD: ALL, SETENV: ALL
- '';
-}
-
--
GitLab