| 17 Nov 2024 |
 Arian | It's kind of orthogonal to anything AWS :p | 17:09:21 |
 shift | Not really. You make the details specific enough for your case and no more. Keep it in public. Helps others. | 17:14:48 |
| 19 Nov 2024 |
 commiterate | Nevermind, one of the NixOS systemd maintainers said the [Install] section is completely unused by the NixOS systemd libs.
They recommended just packaging the patched systemd units in the amazon-ec2-net-utils repo into the package's $out and specifying the package in the systemd.packages NixOS option (similar to how udev rules are added).
Checking with them if that will respect [Install].
| 04:08:39 |
| commiterate | Pre-emptively moved to just adding the systemd units to $out and moved the PR from draft to ready. Just need a maintainer now. | 04:24:04 |
| commiterate | Wondering if we should add NixOS tests that just make sure the systemd units are available when the package is added to systemd.packages. IIRC there's some systemd unit helpers in the NixOS test suites. | 04:25:41 |
| commiterate | Moved back to draft after some discussion with the NixOS systemd maintainer. There needs to be some upstream fixes because upstream is providing some weird spaghetti code again. | 04:44:53 |
| Arian | Amazon do anything sensible challenge: impossible | 10:57:36 |
| Arian | I wonder if they're aware that systemd can synthesize system units from devices? | 11:01:47 |
| Arian | Their udev rule should just set SYSTEMD_TAG+=1 | 11:02:07 |
| Arian | * I wonder if they're aware that systemd can synthesize systemd units from devices? | 11:02:41 |
| Arian | https://www.freedesktop.org/software/systemd/man/latest/systemd.device.html#SYSTEMD_WANTS= | 11:22:53 |
| Arian | hmm I dont also really understand why they need these policy routes | 13:35:58 |
| Arian | shouldn't linux already route egress packets correctly based on source IP anyway? | 13:36:16 |
| commiterate | unfortunately I'm not all that familiar with more systems level stuff in Linux, so not sure | 17:43:40 |
| commiterate | I assume systemd udev tags and systemctl start/stop don't mutate /etc like systemctl enable/disable does. | 17:53:03 |
| commiterate | Also it looks like unit removal on device hot-detach works as well. You just need to tag the remove udev rule with the systemd tag.
https://github.com/systemd/systemd/issues/7587#issuecomment-605497465 | 18:12:48 |
| Arian | Yeh and stopping the systemd unit can be done with BindsTo=blah.device if I recall correctly | 18:26:01 |
| Arian | i.e. idiomatic would be:
SUBSYSTEM=="net", ACTION=="add", ENV{ID_NET_DRIVER}=="vif|ena|ixgbevf", SYSTEMD_WANTS="policy-routes@.service refresh-policy-routes@.timer"
And then add
[Unit]
Description=Set up policy routes for %I
BindsTo=%i.device
After=%i.device
The script would then get the full sysfs path as an argument (e.g. /sys/devices/pci0000:00/0000:00:05.0/net/ens5) instead of just the device name so the scripts need to be adjusted slightly
| 18:47:27 |
| Arian | BUT by the way | 18:48:26 |
| Arian | systemctl enable --now works fine on NixOS if the units have no WantedBy in the [Install] section | 18:48:40 |
| Arian | it is just an alias for systemctl start in that case | 18:48:47 |
| Arian | so I actually think these scripts (Even though theyr'e ugly) will just work | 18:49:16 |
| Arian | There is nothing to patdch | 18:49:21 |
| commiterate | I see, I'll swap it out of draft then and put out a call for a maintainer. | 19:13:35 |
| Arian | Need to double check it. But I think it's the case | 19:24:41 |
| commiterate | Opened an issue upstream to request a change to systemd device units.
https://github.com/amazonlinux/amazon-ec2-net-utils/issues/112 | 19:37:45 |
| 20 Nov 2024 |
|  Inayet removed their profile picture. | 00:59:37 |
| 21 Nov 2024 |
| commiterate | CloudWatch Agent is finally in Nixpkgs: https://github.com/NixOS/nixpkgs/pull/337212
Tracker: https://nixpk.gs/pr-tracker.html?pr=337212 | 17:32:28 |
| Arian | In reply to @commiterate:matrix.org
CloudWatch Agent is finally in Nixpkgs: https://github.com/NixOS/nixpkgs/pull/337212
Tracker: https://nixpk.gs/pr-tracker.html?pr=337212 Nice. we can backport this to 24.11 given it's a new package | 18:23:52 |
| 23 Nov 2024 |
| commiterate | Hmm I might need to update it to let people specify paths to the configuration files.
That way people can write their own systemd oneshots which dynamically generate a file at runtime during boot (e.g. getting information from IMDS, SSM Parameter Store, Secrets Manager) instead of having to make 1 VM image per configuration (especially since each VM image is several GBs). | 19:08:09 |
