| 19 Nov 2024 |
 Arian | Amazon do anything sensible challenge: impossible | 10:57:36 |
| Arian | I wonder if they're aware that systemd can synthesize system units from devices? | 11:01:47 |
| Arian | Their udev rule should just set SYSTEMD_TAG+=1 | 11:02:07 |
| Arian | * I wonder if they're aware that systemd can synthesize systemd units from devices? | 11:02:41 |
| Arian | https://www.freedesktop.org/software/systemd/man/latest/systemd.device.html#SYSTEMD_WANTS= | 11:22:53 |
| Arian | hmm I dont also really understand why they need these policy routes | 13:35:58 |
| Arian | shouldn't linux already route egress packets correctly based on source IP anyway? | 13:36:16 |
 commiterate | unfortunately I'm not all that familiar with more systems level stuff in Linux, so not sure | 17:43:40 |
| commiterate | I assume systemd udev tags and systemctl start/stop don't mutate /etc like systemctl enable/disable does. | 17:53:03 |
| commiterate | Also it looks like unit removal on device hot-detach works as well. You just need to tag the remove udev rule with the systemd tag.
https://github.com/systemd/systemd/issues/7587#issuecomment-605497465 | 18:12:48 |
| Arian | Yeh and stopping the systemd unit can be done with BindsTo=blah.device if I recall correctly | 18:26:01 |
| Arian | i.e. idiomatic would be:
SUBSYSTEM=="net", ACTION=="add", ENV{ID_NET_DRIVER}=="vif|ena|ixgbevf", SYSTEMD_WANTS="policy-routes@.service refresh-policy-routes@.timer"
And then add
[Unit]
Description=Set up policy routes for %I
BindsTo=%i.device
After=%i.device
The script would then get the full sysfs path as an argument (e.g. /sys/devices/pci0000:00/0000:00:05.0/net/ens5) instead of just the device name so the scripts need to be adjusted slightly
| 18:47:27 |
| Arian | BUT by the way | 18:48:26 |
| Arian | systemctl enable --now works fine on NixOS if the units have no WantedBy in the [Install] section | 18:48:40 |
| Arian | it is just an alias for systemctl start in that case | 18:48:47 |
| Arian | so I actually think these scripts (Even though theyr'e ugly) will just work | 18:49:16 |
| Arian | There is nothing to patdch | 18:49:21 |
| commiterate | I see, I'll swap it out of draft then and put out a call for a maintainer. | 19:13:35 |
| Arian | Need to double check it. But I think it's the case | 19:24:41 |
| commiterate | Opened an issue upstream to request a change to systemd device units.
https://github.com/amazonlinux/amazon-ec2-net-utils/issues/112 | 19:37:45 |
| 20 Nov 2024 |
|  Inayet removed their profile picture. | 00:59:37 |
| 21 Nov 2024 |
| commiterate | CloudWatch Agent is finally in Nixpkgs: https://github.com/NixOS/nixpkgs/pull/337212
Tracker: https://nixpk.gs/pr-tracker.html?pr=337212 | 17:32:28 |
| Arian | In reply to @commiterate:matrix.org
CloudWatch Agent is finally in Nixpkgs: https://github.com/NixOS/nixpkgs/pull/337212
Tracker: https://nixpk.gs/pr-tracker.html?pr=337212 Nice. we can backport this to 24.11 given it's a new package | 18:23:52 |
| 23 Nov 2024 |
| commiterate | Hmm I might need to update it to let people specify paths to the configuration files.
That way people can write their own systemd oneshots which dynamically generate a file at runtime during boot (e.g. getting information from IMDS, SSM Parameter Store, Secrets Manager) instead of having to make 1 VM image per configuration (especially since each VM image is several GBs). | 19:08:09 |
| commiterate | PR: https://github.com/NixOS/nixpkgs/pull/358559 | 20:18:23 |
| commiterate | * Hmm I might need to update it to let people specify paths to the configuration files.
That way people can write their own systemd oneshots which dynamically generate a file at runtime during boot (e.g. getting information from IMDS, SSM Parameter Store, Secrets Manager) instead of having to make 1 VM image per configuration permutation (especially since each VM image is several GBs). | 20:18:54 |
| 24 Nov 2024 |
| commiterate | Hmm actually has a bug since I can't extract the desired run as user at build time. | 19:26:40 |
| commiterate | Fixed, though it means agent.run_as_user in the configuration file is no longer respected (i.e. can't change the user at runtime with a CW config file change) which is fine IMO. | 20:47:27 |
| 25 Nov 2024 |
| commiterate | Arian Any concerns with this Fluent Bit module before I try upstreaming it?
https://github.com/commiterate/nix-fluent-bit
Probably going to use it despite the CW Agent work due to the native systemd-journald support and better processing features. That and I'm a bit hesitant now that I've seen the spaghetti under the hood.
| 06:11:20 |
| commiterate | * Arian Any concerns with this Fluent Bit module before I try adding it to Nixpkgs?
https://github.com/commiterate/nix-fluent-bit
Probably going to use it despite the CW Agent work due to the native systemd-journald support and better processing features. That and I'm a bit hesitant now that I've seen the spaghetti under the hood.
| 06:11:31 |
