| 14 Sep 2024 |
 Arian | There's also no need for UKIs. You can just put a classic systemd-boot bootloader entry on the ESP as well | 08:06:21 |
| Arian | https://github.com/NixOS/amis/blob/main/modules/amazon-image.nix | 08:07:01 |
 commiterate | yeah I have a non-UKI version in a local file I haven't pushed. Didn't get the root partition mount working yet since I got distracted with the EC2 SSH utils stuff (need to get EC2 Instance Connect working for the GitLab auto-scaling AWS runners) | 08:07:29 |
| Arian | This is missing the nix store path registration part though | 08:07:31 |
| Arian | So can do like a boot.postBootCommands =
nix-store --load-db < /nix/store/registration
| 08:10:30 |
| Arian | Someone made the bash script work with nix too | 08:10:52 |
| Arian | Did you see that? Though a go version does sound better tbh | 08:11:07 |
| Arian | Anyhow thanks for all the help on this. Nice to have another person trying to make this nicer. | 08:12:07 |
| commiterate | yeah I saw a PR for macOS support that happens to also cover Nix | 08:12:39 |
| commiterate | though it seems like the repo's kind of abandoned | 08:12:58 |
| Arian | https://github.com/NixOS/amis/pull/114 | 08:13:41 |
| commiterate | I'm meeting with some AWS TAMs on Tuesday to go over a few feature requests. I need to drag some AWS PM and engineer aliases out of them so the feature requests don't get lost in the system | 08:13:45 |
| commiterate | oh huh | 08:13:51 |
| Arian | We also have TAMs here so if we can bundle forces to get something roadmapped that helps us lemme know | 08:14:25 |
| commiterate | ah they're relying on the fixup phase patching | 08:14:36 |
| Arian | Though I'm on PTO until 23rd :) | 08:14:39 |
| commiterate | I was going to try that at first and then just thought it would somehow be easier to rewrite | 08:14:50 |
| commiterate | extremely wrong with the crypto stuff and the undocumented IMDS endpoints for instance connect | 08:15:05 |
| commiterate | * that was extremely wrong with the crypto stuff and the undocumented IMDS endpoints for instance connect | 08:15:11 |
| Arian | It uses buildFHSEnv which basically makes the binary think it's running on a normal distro | 08:15:43 |
| Arian | It's hacky | 08:15:51 |
| Arian | But works :) | 08:15:55 |
| commiterate | * that was extremely wrong with the cryptography stuff and the undocumented IMDS endpoints for instance connect | 08:17:23 |
| Arian | Just didn't have time to test it. But if it works we can add it to nixpkgs | 08:17:40 |
| commiterate | that'll probably happen faster than them taking ownership of the Go reimplementation | 08:18:10 |
| commiterate | I don't know how understaffed the instance connect distributed API side is (I think they own the library. The Nitro side definitely doesn't since I was on the sister team) | 08:19:22 |
| commiterate | * I don't know how understaffed the instance connect distributed API side is (I think they own the library. The Nitro side definitely doesn't from what I know being on the sister team) | 08:20:10 |
| commiterate | * I don't know how understaffed the instance connect distributed API side is (I think they own the library. The Nitro side definitely doesn't from what I know having been on the sister team) | 08:20:48 |
| Arian | Must say I'm not super impressed with the quality of both eic or ssm.
But eic is definitely conceptually simpler.
The ssm codebase is really massive which kind of freaks me out sometimes.
| 08:21:31 |
| Arian | Also ssm doesn't integrate with PAM. Whilst ssh gets all these things right | 08:22:00 |
