 | NixOS AWS | 64 Members |
| 16 Servers |
| NixOS AWS | 64 Members |
| 16 Servers |
| Sender | Message | Time |
|---|---|---|
| 10 Oct 2024 | ||
 p4cmanus3r joined the room. | 13:25:15 | |
| 11 Oct 2024 | ||
 commiterate | Would it matter given that to use the new AMI, they're either replacing the root volume or launching a new instance? | 02:33:55 |
| commiterate | * Would it matter given that to use the new AMI, they're either replacing the root volume (which has both the ESP and root partitions) or launching a new instance? | 02:39:19 |
 Arian | If you use a new AMI it is no problem | 06:29:24 |
| Arian | Problem is people doing nixos-rebuild switch on an existing instance | 06:29:51 |
| Arian | commiterate: do you know if we need the AWS networkd stuff for EC2 instance connect endpoint? | 13:32:35 |
| Arian | IIRC it works by adding a new ENI to the instance. I don't think our AMI manages that ENI so idk if it works out of the box | 13:32:53 |
| Arian | ah nope just works! sick | 19:46:55 |
| commiterate | In reply to @arianvp:matrix.org Wait are the AMIs tracking the ami repo for something? If they | 21:55:02 |
| commiterate | In reply to @arianvp:matrix.org* Wait are the AMIs tracking the ami repo for something? If they | 21:56:00 |
| commiterate | * Wait are the AMIs tracking the ami repo for something? If they | 21:56:35 |
| commiterate | * Wait are the AMIs' If they | 21:57:02 |
| commiterate | Nope. EIC itself just works by having an OpenSSH AuthorizedKeysCommand program which calls IMDS (has EIC endpoints that return SSH keys, just like regular EC2 Key Pairs). | 21:58:30 |
| commiterate | I need to follow up next week to see if they're willing to take ownership of my Go rewrite over the existing Bash script abomination. https://github.com/commiterate/amazon-ec2-ssh-utils | 21:59:12 |
| commiterate | * I need to follow up next week to see if they're willing to take ownership of my Go rewrite to replace the existing Bash script abomination. https://github.com/commiterate/amazon-ec2-ssh-utils | 21:59:55 |
| commiterate | * Nope. EIC itself just works by having an OpenSSH AuthorizedKeysCommand program which calls IMDS (has EIC endpoints that return SSH keys, just like regular EC2 Key Pairs) and just writes an OpenSSH authorized keys file contents to stdout. | 22:02:02 |
| commiterate | * Nope. EIC itself just works by having an OpenSSH AuthorizedKeysCommand program which calls IMDS (has EIC endpoints that return SSH keys, just like regular EC2 Key Pairs) and just writes OpenSSH authorized keys file contents to stdout. | 22:02:15 |
| commiterate | * Nope. EIC itself works inside the instance by having an OpenSSH AuthorizedKeysCommand program which calls IMDS (has EIC endpoints that return SSH keys, just like regular EC2 Key Pairs) and just writes OpenSSH authorized keys file contents to stdout. | 22:33:29 |
| Arian | The Ami is built from nixpkgs repo | 23:20:45 |
| Arian | The configuration.nix should pull in modules/virtualisation/Amazon-Image.nix which i need to change for the non-bios support | 23:22:01 |
| Arian | If it suddenly gets changed when someone pulls nixpkgs it will try to install grub on a non-existent ESP and fail | 23:23:08 |
| Arian | So I think I'll need to conditionalize those bits on stateVersion | 23:23:41 |
| commiterate | ah yeah that's a bit cursed then | 23:28:52 |
| commiterate | one day we'll move to systemd-repart | 23:29:28 |
| commiterate | * one day we'll move to systemd-repart for a fully self-contained image | 23:31:06 |
| Arian | That's why I'm making this change. As repart can't make bios images | 23:44:11 |
| Arian | * That's why I'm making this change. As repart can't make mbr partition tables | 23:44:24 |
| Arian | So I want to make sure all images are GPT Partition tables. Then I can move to repart builder later | 23:44:42 |
| 13 Oct 2024 | ||
| Arian | urgh bad news | 13:22:36 |
| Arian | the NixOS config we ship in the base image doesn't set stateVersion | 13:22:50 |