From b8109568025b353a669f4297ec44c970073e3ff6 Mon Sep 17 00:00:00 2001 From: William Carroll Date: Tue, 28 Dec 2021 23:17:13 -0400 Subject: feat(wpcarro/terraform): Support SSH Supporting SSH turned-out to be a bit of a saga... Thank you @espes and @grfn for the pointers. Problem: When I originally setup my Google VM, I followed this tutorial, https://nixos.wiki/wiki/Install_NixOS_on_GCE, so I ended-up installing `nixos-20-03`: an older version of NixOS, (the newest version in `gsutils ls -l gs://nixos-images`). Critically, I missed this important footnote: > NOTE: Newer images (from 20.09 on) won't be available at the bucket above, and > will instead need to be found at > . It turns out that *newer* images include this script... https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/fetch-instance-ssh-keys.bash ...which reads the key, "sshKeys", from the Google metadata server and copies the value into /root/.ssh/authorized_keys. To make matters a bit misleading, the NixOS script expects the key to be "sshKeys", but Google deprecated that in favor of "ssh-keys" (hence why both versions appear in this commit). TL;DR: - upgrading to a newer NixOS image - adding an empty access_config block so Google will assign my VM an external IP - removing oslogin (not necessary to do, and I may add it back later) - adding my public SSH key as metadata Change-Id: If624fe77afd47b31fa7be0a1dd4a55512317eef0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4737 Tested-by: BuildkiteCI Reviewed-by: wpcarro Autosubmit: wpcarro --- users/wpcarro/terraform/gcp.tf | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'users/wpcarro/terraform') diff --git a/users/wpcarro/terraform/gcp.tf b/users/wpcarro/terraform/gcp.tf index a902f53e7360..92af096953cb 100644 --- a/users/wpcarro/terraform/gcp.tf +++ b/users/wpcarro/terraform/gcp.tf @@ -23,7 +23,7 @@ resource "google_compute_instance" "default" { initialize_params { size = 10 - image = "nixos-20-03" + image = "projects/nixos-cloud/global/images/nixos-image-20-09-3531-3858fbc08e6-x86-64-linux" } } @@ -31,13 +31,16 @@ resource "google_compute_instance" "default" { network = "default" subnetwork = "default" - access_config { - public_ptr_domain_name = "wpcarro.dev" - } + access_config {} } metadata = { - enable-oslogin = "TRUE" + # sshKeys is deprecated, but the GCE NixOS image relies on it, so we need + # both values: + # - deprecation: https://cloud.google.com/compute/docs/metadata/default-metadata-values + # - NixOS bug: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/fetch-instance-ssh-keys.bash#L14 + ssh-keys = "wpcarro:ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJkNQJBXekuSzZJ8+gxT+V1+eXTm3hYsfigllr/ARXkf wpcarro@gmail.com" + sshKeys = "wpcarro:ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJkNQJBXekuSzZJ8+gxT+V1+eXTm3hYsfigllr/ARXkf wpcarro@gmail.com" } service_account { -- cgit 1.4.1