| 13 Nov 2024 |
 Arian | * Hmm but GPT/BIOS hybrid image basically covers everything. Except for instances that boot from instance store instead of EBS but I think all those instance types are completely gone these days? | 18:55:00 |
 commiterate | BIOS v. UEFI is a specific case, but there's also other instance types which may need some out-of-tree drivers (e.g. NVIDIA GPU instances) which may need conflicting versions or just don't play nice with each other. | 18:56:00 |
| commiterate | CPU ISA will always require 1 AMI per ISA anyways but that's whatever | 18:57:08 |
| commiterate | it probably doesn't make much sense to have base AMIs beyond the CPU ISA permutations for maintenance reasons | 18:59:19 |
| Arian | Oh yeh | 19:00:19 |
|  Inayet joined the room. | 22:15:53 |
| 14 Nov 2024 |
| Arian | NixOS tip of the day:
let imds = ["169.254.169.254" "fd00:ec2::254"]; in
{
systemd.slices."-".sliceConfig.IPAddressDeny = imds;
systemd.services.my-service-that-needs-aws.serviceConfig.IPAddressAllow = imds;
}
| 10:18:18 |
| commiterate | I assume this is to restrict IMDS access. | 17:29:21 |
| Arian | Yeh | 17:49:14 |
| 15 Nov 2024 |
 colemickens | Arian: do you have ideas about how to potentially accommodate the EFI change without the change making it to 24.11, and without waiting 6 months for next release? | 22:33:05 |
| colemickens | I guess it could just be explicit opt-in until then. | 22:33:22 |
| Arian | Maybe we can upload two variants | 22:36:58 |
| 16 Nov 2024 |
| Arian | The thing is. Theoretically this isn't a breaking change if consumes all nicely set system.stateVersion in their configs | 10:42:15 |
| Arian | but the problem is: We ship an /etc/nixos/configuration.nix in the base image that doesn't have that set | 10:42:35 |
| Arian | so when people were relying on that; it would break | 10:42:40 |
| 17 Nov 2024 |
| colemickens | Arian: can I ask you some questions about server-optimized/runvf/stuff? Maybe in DM? | 02:32:46 |
 shift | In reply to @colemickens:matrix.org
Arian: can I ask you some questions about server-optimized/runvf/stuff? Maybe in DM? Moving things to DM is normally discouraged as it means anyone else can't find the solution to the problem. | 17:06:22 |
| Arian | It's kind of orthogonal to anything AWS :p | 17:09:21 |
| shift | Not really. You make the details specific enough for your case and no more. Keep it in public. Helps others. | 17:14:48 |
| 19 Nov 2024 |
| commiterate | Nevermind, one of the NixOS systemd maintainers said the [Install] section is completely unused by the NixOS systemd libs.
They recommended just packaging the patched systemd units in the amazon-ec2-net-utils repo into the package's $out and specifying the package in the systemd.packages NixOS option (similar to how udev rules are added).
Checking with them if that will respect [Install].
| 04:08:39 |
| commiterate | Pre-emptively moved to just adding the systemd units to $out and moved the PR from draft to ready. Just need a maintainer now. | 04:24:04 |
| commiterate | Wondering if we should add NixOS tests that just make sure the systemd units are available when the package is added to systemd.packages. IIRC there's some systemd unit helpers in the NixOS test suites. | 04:25:41 |
| commiterate | Moved back to draft after some discussion with the NixOS systemd maintainer. There needs to be some upstream fixes because upstream is providing some weird spaghetti code again. | 04:44:53 |
| Arian | Amazon do anything sensible challenge: impossible | 10:57:36 |
| Arian | I wonder if they're aware that systemd can synthesize system units from devices? | 11:01:47 |
| Arian | Their udev rule should just set SYSTEMD_TAG+=1 | 11:02:07 |
| Arian | * I wonder if they're aware that systemd can synthesize systemd units from devices? | 11:02:41 |
| Arian | https://www.freedesktop.org/software/systemd/man/latest/systemd.device.html#SYSTEMD_WANTS= | 11:22:53 |
| Arian | hmm I dont also really understand why they need these policy routes | 13:35:58 |
| Arian | shouldn't linux already route egress packets correctly based on source IP anyway? | 13:36:16 |
