diff --git a/packages/by-name/cloud-api-adaptor/package.nix b/packages/by-name/cloud-api-adaptor/package.nix index ab008d7ba..3d5115c9f 100644 --- a/packages/by-name/cloud-api-adaptor/package.nix +++ b/packages/by-name/cloud-api-adaptor/package.nix @@ -9,6 +9,10 @@ libvirt, writeShellApplication, gnugrep, + iproute2, + iptables, + sysctl, + gawk, runCommand, # List of supported cloud providers @@ -86,6 +90,21 @@ buildGoModule rec { "SC2153" ]; }; + + setup-nat-for-imds = writeShellApplication { + name = "setup-nat-for-imds"; + runtimeInputs = [ + iproute2 + iptables + sysctl + gawk + ]; + text = builtins.readFile "${cloud-api-adaptor.src}/src/cloud-api-adaptor/podvm/files/usr/local/bin/setup-nat-for-imds.sh"; + meta = { + mainProgram = "peerpod-imds-nat"; + homepage = "https://github.com/confidential-containers/cloud-api-adaptor/blob/main/src/cloud-api-adaptor/podvm/files/usr/local/bin/setup-nat-for-imds.sh"; + }; + }; }; meta = { diff --git a/packages/nixos/azure.nix b/packages/nixos/azure.nix index 612b48e76..88f625e02 100644 --- a/packages/nixos/azure.nix +++ b/packages/nixos/azure.nix @@ -72,10 +72,7 @@ in services.udev.extraRules = azure-storage-rules; systemd.services.azure-readiness-report = { - wantedBy = [ - "basic.target" - "multi-user.target" - ]; + wantedBy = [ "multi-user.target" ]; wants = [ "network-online.target" ]; after = [ "network-online.target" ]; description = "Azure Readiness Report"; @@ -85,5 +82,21 @@ in ExecStart = "${lib.getExe pkgs.azure-no-agent}"; }; }; + + systemd.services.setup-nat-for-imds = { + wantedBy = [ "multi-user.target" ]; + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + description = "Setup NAT for IMDS"; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = "yes"; + # TODO: Find out why just ordering this after network-online.target + # isn't sufficient. (Errors with saying that the network is unreachable) + Restart = "on-failure"; + RestartSec = "5s"; + ExecStart = "${lib.getExe pkgs.cloud-api-adaptor.setup-nat-for-imds}"; + }; + }; }; }