diff options
Diffstat (limited to 'nixos/modules/virtualisation/amazon-image.nix')
-rw-r--r-- | nixos/modules/virtualisation/amazon-image.nix | 95 |
1 files changed, 13 insertions, 82 deletions
diff --git a/nixos/modules/virtualisation/amazon-image.nix b/nixos/modules/virtualisation/amazon-image.nix index 12fe6fa444793..9751f5755f96d 100644 --- a/nixos/modules/virtualisation/amazon-image.nix +++ b/nixos/modules/virtualisation/amazon-image.nix @@ -10,11 +10,6 @@ with lib; let cfg = config.ec2; - metadataFetcher = import ./ec2-metadata-fetcher.nix { - inherit (pkgs) curl; - targetRoot = "$targetRoot/"; - wgetExtraOptions = "-q"; - }; in { @@ -31,18 +26,12 @@ in config = { assertions = [ - { assertion = cfg.hvm; - message = "Paravirtualized EC2 instances are no longer supported."; - } - { assertion = cfg.efi -> cfg.hvm; - message = "EC2 instances using EFI must be HVM instances."; - } { assertion = versionOlder config.boot.kernelPackages.kernel.version "5.17"; message = "ENA driver fails to build with kernel >= 5.17"; } ]; - boot.growPartition = cfg.hvm; + boot.growPartition = true; fileSystems."/" = mkIf (!cfg.zfs.enable) { device = "/dev/disk/by-label/nixos"; @@ -64,9 +53,9 @@ in boot.extraModulePackages = [ config.boot.kernelPackages.ena ]; - boot.initrd.kernelModules = [ "xen-blkfront" "xen-netfront" ]; - boot.initrd.availableKernelModules = [ "ixgbevf" "ena" "nvme" ]; - boot.kernelParams = mkIf cfg.hvm [ "console=ttyS0,115200n8" "random.trust_cpu=on" ]; + boot.initrd.kernelModules = [ "xen-blkfront" ]; + boot.initrd.availableKernelModules = [ "nvme" ]; + boot.kernelParams = [ "console=ttyS0,115200n8" "random.trust_cpu=on" ]; # Prevent the nouveau kernel module from being loaded, as it # interferes with the nvidia/nvidia-uvm modules needed for CUDA. @@ -74,10 +63,7 @@ in # boot. boot.blacklistedKernelModules = [ "nouveau" "xen_fbfront" ]; - # Generate a GRUB menu. Amazon's pv-grub uses this to boot our kernel/initrd. - boot.loader.grub.version = if cfg.hvm then 2 else 1; - boot.loader.grub.device = if (cfg.hvm && !cfg.efi) then "/dev/xvda" else "nodev"; - boot.loader.grub.extraPerEntryConfig = mkIf (!cfg.hvm) "root (hd0)"; + boot.loader.grub.device = if cfg.efi then "nodev" else "/dev/xvda"; boot.loader.grub.efiSupport = cfg.efi; boot.loader.grub.efiInstallAsRemovable = cfg.efi; boot.loader.timeout = 1; @@ -87,67 +73,14 @@ in terminal_input console serial ''; - boot.initrd.network.enable = true; - - # Mount all formatted ephemeral disks and activate all swap devices. - # We cannot do this with the ‘fileSystems’ and ‘swapDevices’ options - # because the set of devices is dependent on the instance type - # (e.g. "m1.small" has one ephemeral filesystem and one swap device, - # while "m1.large" has two ephemeral filesystems and no swap - # devices). Also, put /tmp and /var on /disk0, since it has a lot - # more space than the root device. Similarly, "move" /nix to /disk0 - # by layering a unionfs-fuse mount on top of it so we have a lot more space for - # Nix operations. - boot.initrd.postMountCommands = - '' - ${metadataFetcher} - - diskNr=0 - diskForUnionfs= - for device in /dev/xvd[abcde]*; do - if [ "$device" = /dev/xvda -o "$device" = /dev/xvda1 ]; then continue; fi - fsType=$(blkid -o value -s TYPE "$device" || true) - if [ "$fsType" = swap ]; then - echo "activating swap device $device..." - swapon "$device" || true - elif [ "$fsType" = ext3 ]; then - mp="/disk$diskNr" - diskNr=$((diskNr + 1)) - if mountFS "$device" "$mp" "" ext3; then - if [ -z "$diskForUnionfs" ]; then diskForUnionfs="$mp"; fi - fi - else - echo "skipping unknown device type $device" - fi - done - - if [ -n "$diskForUnionfs" ]; then - mkdir -m 755 -p $targetRoot/$diskForUnionfs/root - - mkdir -m 1777 -p $targetRoot/$diskForUnionfs/root/tmp $targetRoot/tmp - mount --bind $targetRoot/$diskForUnionfs/root/tmp $targetRoot/tmp - - if [ "$(cat "$metaDir/ami-manifest-path")" != "(unknown)" ]; then - mkdir -m 755 -p $targetRoot/$diskForUnionfs/root/var $targetRoot/var - mount --bind $targetRoot/$diskForUnionfs/root/var $targetRoot/var - - mkdir -p /unionfs-chroot/ro-nix - mount --rbind $targetRoot/nix /unionfs-chroot/ro-nix - - mkdir -m 755 -p $targetRoot/$diskForUnionfs/root/nix - mkdir -p /unionfs-chroot/rw-nix - mount --rbind $targetRoot/$diskForUnionfs/root/nix /unionfs-chroot/rw-nix - - unionfs -o allow_other,cow,nonempty,chroot=/unionfs-chroot,max_files=32768 /rw-nix=RW:/ro-nix=RO $targetRoot/nix - fi - fi - ''; - - boot.initrd.extraUtilsCommands = - '' - # We need swapon in the initrd. - copy_bin_and_libs ${pkgs.util-linux}/sbin/swapon - ''; + systemd.services.fetch-ec2-metadata = { + wantedBy = [ "multi-user.target" ]; + after = ["network-online.target"]; + path = [ pkgs.curl ]; + script = builtins.readFile ./ec2-metadata-fetcher.sh; + serviceConfig.Type = "oneshot"; + serviceConfig.StandardOutput = "journal+console"; + }; # Allow root logins only using the SSH key that the user specified # at instance creation time. @@ -166,8 +99,6 @@ in # Always include cryptsetup so that Charon can use it. environment.systemPackages = [ pkgs.cryptsetup ]; - boot.initrd.supportedFilesystems = [ "unionfs-fuse" ]; - # EC2 has its own NTP server provided by the hypervisor networking.timeServers = [ "169.254.169.123" ]; |