| 6 Nov 2024 |
 Arian | Or use it as inspiration | 13:06:05 |
 tuxiqae | FML, wanted the ability to build a one-shot with Nix + Terranix that'll automatically provision the resources and start the instance | 13:11:41 |
| Arian | You can import snapshots with Terraform | 13:15:56 |
| Arian | And register the image too | 13:16:02 |
| Arian | aws_ebs_snapshot_import resource | 13:16:35 |
| Arian | Combine with aws_s3_bucket_item resource and aws_ami resource and you're done | 13:17:00 |
| Arian | Something like https://gist.github.com/arianvp/14dd40742c24894bb312ac3f5b90b433 | 13:21:29 |
| tuxiqae | Yeah, but in order to import a snapshot I'd have to first provision a VM and then export that
I wanted to just automatically create an image and upload that :( | 13:30:30 |
| Arian | No ? | 13:31:05 |
| tuxiqae | :O | 13:31:17 |
| Arian | This example is literally importing from local disk? | 13:31:35 |
| Arian | Just like import image | 13:31:38 |
| Arian | See line 4 | 13:32:07 |
| Arian | That's pointing to your local disk image you built | 13:32:28 |
| Arian | You upload the image to S3. Then import it as a snapshot. Then register the snapshot as an image | 13:32:45 |
| tuxiqae | But that'd mean that I'd have to provision a running image first, wouldn't it? | 14:00:26 |
| Arian | You just point that to your nix image build | 14:01:36 |
| Arian | This is just doing what upload-ami does but in terraform | 14:01:52 |
| Arian | You upload the image you built to s3. Import it to EBS. Then register the ebs snapshot as an image | 14:02:21 |
| Arian | There's no ec2 instances involved. | 14:02:34 |
| Arian | Not sure what you mean with "provision a running image' | 14:02:56 |
| tuxiqae | Ah, I see, I'll give it a look soon, thanks | 14:04:32 |
| Arian | So you'd point line 4 to the image that you built with disko | 14:05:52 |
|  colemickens joined the room. | 17:19:49 |
| colemickens | 👋 | 17:19:55 |
| Arian | Hello! Welcome | 17:56:15 |
| Arian | @commiterate:matrix.org do you happen to know if its possible for us to register the nixos AMIs in the public ssm parameter store like Ubuntu does? | 17:57:08 |
| Arian | Like. It lives in the /Amazon namespace. Idk how they got access to that. | 17:57:22 |
 commiterate | I don't think creation of public SSM parameters is allowed. It's basically an AWS-internal thing.
SSM parameters can only be shared across accounts with AWS RAM. RAM only supports accounts, organizational units, or organizations (so no public option). They don't support resource-level IAM policies so we can't add one with a Principal: "*".
| 22:50:06 |
| commiterate | Wait nevermind, they do support resource-level policies.
https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PutResourcePolicy.html | 22:52:11 |
