| 19 Nov 2024 |
 commiterate | Wondering if we should add NixOS tests that just make sure the systemd units are available when the package is added to systemd.packages. IIRC there's some systemd unit helpers in the NixOS test suites. | 04:25:41 |
| commiterate | Moved back to draft after some discussion with the NixOS systemd maintainer. There needs to be some upstream fixes because upstream is providing some weird spaghetti code again. | 04:44:53 |
 Arian | Amazon do anything sensible challenge: impossible | 10:57:36 |
| Arian | I wonder if they're aware that systemd can synthesize system units from devices? | 11:01:47 |
| Arian | Their udev rule should just set SYSTEMD_TAG+=1 | 11:02:07 |
| Arian | * I wonder if they're aware that systemd can synthesize systemd units from devices? | 11:02:41 |
| Arian | https://www.freedesktop.org/software/systemd/man/latest/systemd.device.html#SYSTEMD_WANTS= | 11:22:53 |
| Arian | hmm I dont also really understand why they need these policy routes | 13:35:58 |
| Arian | shouldn't linux already route egress packets correctly based on source IP anyway? | 13:36:16 |
| commiterate | unfortunately I'm not all that familiar with more systems level stuff in Linux, so not sure | 17:43:40 |
| commiterate | I assume systemd udev tags and systemctl start/stop don't mutate /etc like systemctl enable/disable does. | 17:53:03 |
| commiterate | Also it looks like unit removal on device hot-detach works as well. You just need to tag the remove udev rule with the systemd tag.
https://github.com/systemd/systemd/issues/7587#issuecomment-605497465 | 18:12:48 |
| Arian | Yeh and stopping the systemd unit can be done with BindsTo=blah.device if I recall correctly | 18:26:01 |
| Arian | i.e. idiomatic would be:
SUBSYSTEM=="net", ACTION=="add", ENV{ID_NET_DRIVER}=="vif|ena|ixgbevf", SYSTEMD_WANTS="policy-routes@.service refresh-policy-routes@.timer"
And then add
[Unit]
Description=Set up policy routes for %I
BindsTo=%i.device
After=%i.device
The script would then get the full sysfs path as an argument (e.g. /sys/devices/pci0000:00/0000:00:05.0/net/ens5) instead of just the device name so the scripts need to be adjusted slightly
| 18:47:27 |
| Arian | BUT by the way | 18:48:26 |
| Arian | systemctl enable --now works fine on NixOS if the units have no WantedBy in the [Install] section | 18:48:40 |
| Arian | it is just an alias for systemctl start in that case | 18:48:47 |
| Arian | so I actually think these scripts (Even though theyr'e ugly) will just work | 18:49:16 |
| Arian | There is nothing to patdch | 18:49:21 |
| commiterate | I see, I'll swap it out of draft then and put out a call for a maintainer. | 19:13:35 |
| Arian | Need to double check it. But I think it's the case | 19:24:41 |
| commiterate | Opened an issue upstream to request a change to systemd device units.
https://github.com/amazonlinux/amazon-ec2-net-utils/issues/112 | 19:37:45 |
| 20 Nov 2024 |
|  Inayet removed their profile picture. | 00:59:37 |
| 21 Nov 2024 |
| commiterate | CloudWatch Agent is finally in Nixpkgs: https://github.com/NixOS/nixpkgs/pull/337212
Tracker: https://nixpk.gs/pr-tracker.html?pr=337212 | 17:32:28 |
| Arian | In reply to @commiterate:matrix.org
CloudWatch Agent is finally in Nixpkgs: https://github.com/NixOS/nixpkgs/pull/337212
Tracker: https://nixpk.gs/pr-tracker.html?pr=337212 Nice. we can backport this to 24.11 given it's a new package | 18:23:52 |
| 23 Nov 2024 |
| commiterate | Hmm I might need to update it to let people specify paths to the configuration files.
That way people can write their own systemd oneshots which dynamically generate a file at runtime during boot (e.g. getting information from IMDS, SSM Parameter Store, Secrets Manager) instead of having to make 1 VM image per configuration (especially since each VM image is several GBs). | 19:08:09 |
| commiterate | PR: https://github.com/NixOS/nixpkgs/pull/358559 | 20:18:23 |
| commiterate | * Hmm I might need to update it to let people specify paths to the configuration files.
That way people can write their own systemd oneshots which dynamically generate a file at runtime during boot (e.g. getting information from IMDS, SSM Parameter Store, Secrets Manager) instead of having to make 1 VM image per configuration permutation (especially since each VM image is several GBs). | 20:18:54 |
| 24 Nov 2024 |
| commiterate | Hmm actually has a bug since I can't extract the desired run as user at build time. | 19:26:40 |
| commiterate | Fixed, though it means agent.run_as_user in the configuration file is no longer respected (i.e. can't change the user at runtime with a CW config file change) which is fine IMO. | 20:47:27 |
