movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-13 13:15:30 +03:00
Code Issues Projects Releases Packages Wiki Activity
801502 commits 224 branches 129 tags 6.7 GiB
Commit graph

115 commits

Author SHA1 Message Date
phaer
fdb144fb41 ec2/amazon-image: use system.build.image 
and rename:
- amazonImage.name -> image.baseName
 2024-12-16 15:35:21 +01:00
phaer
44520c1a05 amazon-image: update nixos-generators reference in README.md 2024-12-16 00:40:59 +01:00
phaer
c6da9ef32d modules/virtualisation: add unified diskSize opt 
See https://github.com/NixOS/nixpkgs/pull/339535 and https://github.com/NixOS/nixpkgs/pull/341058
 2024-10-27 12:28:37 +01:00
phaer
88b285c01d nixos/virtualisation: format image-related files 2024-10-18 13:32:50 +02:00
Martin Weinelt
4cec81a995
Revert "modules/virtualisation: add shared options, merge various diskSize options" (#340894) 
Breaks evaluation of all nixos tests, and is therefore a channel blocker.
 2024-09-10 03:12:55 +02:00
phaer
759de4c54d amazon-image: sizeMB -> virtualisation.diskSize 2024-09-05 15:56:25 +02:00
phaer
04fadac429 run nixfmt-rfc-style 2024-09-05 15:56:22 +02:00
Philip Taron
3ba72e2834
nixos/amazon-image: avoid top-level with statements in maintainers script 2024-07-15 22:02:39 -07:00
Sandro
729002e6ce
Merge pull request #264635 from baloo/baloo/amazon-image/pkg-reimport 2024-06-02 23:42:06 +02:00
Arian van Putten
a48cd7d56f nixos/amazon-image: Drop create-amis.sh script and update docs 
We replaced this with automation in https://github.com/NixOS/amis

Also add some docs how you can build the image yourself
 2024-05-25 10:01:02 +02:00
Arthur Gautier
69c2090e98 amazon-image: allow pkgs overrides 
By reimporting pkgs this drops overlays.

This reverts 0d3738cdcc
(`Fix the EC2 test`). Reasoning behind the reimport is blurry to me.
 2024-05-09 09:48:07 -07:00
stuebinm
6afb255d97 nixos: remove all uses of lib.mdDoc 
these changes were generated with nixq 0.0.2, by running

  nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
  nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
  nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix

two mentions of the mdDoc function remain in nixos/, both of which
are inside of comments.

Since lib.mdDoc is already defined as just id, this commit is a no-op as
far as Nix (and the built manual) is concerned.
 2024-04-13 10:07:35 -07:00
Arian van Putten
a1232992ac nixos/amazon-image: Take over maintainership 
I am actively working on bringing back Amazon Images for 24.05.
Please track progress in https://github.com/nixos/amis
 2024-02-09 18:02:40 +01:00
Robert Hensing
4d1f62836e scripts/create-amis.sh: Update region list 2023-12-05 18:30:52 +01:00
K900
a3dc53e3fc nixos/amazon-image: embiggen 
aarch64 no longer fits in 2GB, blocking channel updates
 2023-06-07 08:42:47 +03:00
figsoda
a31ca7f220 maintainers/scripts: fix typos 2023-05-19 22:31:04 -04:00
Raito Bezarius
f9c4838812 maintainers/scripts/ec2/amazon-image: use qemu_kvm (host arch) instead of qemu (all arches) 2023-04-28 23:51:07 +02:00
Linus Heckemann
24e33a4d2e nixos/ec2: remove paravirtualization-specific code 
Paravirtualized EC2 instances haven't been supported since 2017.
It's safe to remove this now.
 2022-11-23 17:18:18 +01:00
pennae
bd56368848 nixos/*: md-convert hidden plaintext options 
most of these are hidden because they're either part of a submodule that
doesn't have its type rendered (eg because the submodule type is used in
an either type) or because they are explicitly hidden. some of them are
merely hidden from nix-doc-munge by how their option is put together.
 2022-08-31 16:32:54 +02:00
Armando Santos
fdf74c7741
maintainers/create-amis.sh: Add more AWS regions 
Add all currently available AWS regions
 2022-05-17 10:20:30 +01:00
Graham Christensen
a8f41adbb7 amazon-image: use make-multi-disk-zfs-image 2022-04-07 15:28:28 -04:00
Timothy DeHerrera
f0aec20cd7
create-amis.sh: possible deprecation 2021-11-11 09:04:29 -07:00
Timothy DeHerrera
ed4170733c
amis: enable setting ami boot mode on registration 
This is important since legacy bios mode is still the default for Intel
and AMD based instances on AWS. That is, even if your image is setup to
use UEFI on the OS level, the AMI will still use BIOS unless the boot
mode is explicitly set during registration.
 2021-11-10 17:38:58 -07:00
Timothy DeHerrera
4d765caecd create_amis.sh: fix logic for non-zfs amis 2021-11-09 15:56:04 -08:00
Robert Hensing
0699530f08
Merge pull request #136909 from ncfavier/cleanup-defaults-examples 
nixos/doc: clean up defaults and examples
 2021-10-04 20:37:42 +02:00
Naïm Favier
2ddc335e6f
nixos/doc: clean up defaults and examples 2021-10-04 12:47:20 +02:00
Timothy DeHerrera
1c0a20efcf create-amis.sh: fix typo 2021-10-03 19:03:28 -07:00
Timothy DeHerrera
2d67b946b7 create-amis.sh: use status message 
The progress ID is fairly useless. Status message is more useful for
humans.
 2021-10-03 19:03:28 -07:00
Timothy DeHerrera
407998d15a create-amis.sh: add support for the ZFS AMIs 2021-10-03 19:03:28 -07:00
Timothy DeHerrera
1ff82fec9a create-amis.sh: allow uploading private AMIs 2021-10-03 19:03:28 -07:00
Timothy DeHerrera
0543f2d2f6 create-amis.sh: make vars overridable from env 2021-10-03 19:03:28 -07:00
Graham Christensen
71b3d18181 amazon images: extend the image-info.json to have a disks object 
Having a disks object with a dictionary of all the disks and their
properties makes it easier to process multi-disk images.

Note the rename of `label` to `system_label` is because `$label`i
is something of a special token to jq.
 2021-08-25 10:42:35 -04:00
Graham Christensen
bd38b059ea NixOS/amazonImageZfs: init 
Introduce an AWS EC2 AMI which supports aarch64 and x86_64 with a ZFS
root.

This uses `make-zfs-image` which implies two EBS volumes are needed
inside EC2, one for boot, one for root. It should not matter which
is identified `xvda` and which is `xvdb`, though I have always
uploaded `boot` as `xvda`.
 2021-08-25 10:42:35 -04:00
Luke Granger-Brown
87c3b7e767 amazonImage: make statically sized again 
For reasons we haven't been able to work out, the aarch64 EC2 image now
regularly exceeds the output image size on hydra.nixos.org. As a
workaround, set this back to being statically sized again.

The other images do seem to build - it's just a case of the EC2 image
now being too large (occasionally non-determinstically).
 2021-05-01 02:19:42 +00:00
lassulus
5aa4273e4f treewide: use auto diskSize for make-disk-image 
(cherry picked from commit f3aa040bcb)
 2021-04-24 14:49:07 -04:00
Luke Granger-Brown
4fb91cbafe Revert "treewide: use auto diskSize for make-disk-image" 
This reverts commit f3aa040bcb.
 2021-04-24 02:38:36 +00:00
Luke Granger-Brown
f521b12b0e Revert "nixos/amazon-image: (temporarily) use fixed disk size again" 
This reverts commit 6a8359a92a.
 2021-04-24 02:38:25 +00:00
Luke Granger-Brown
6a8359a92a nixos/amazon-image: (temporarily) use fixed disk size again 
As a temporary workaround for #120473 while the image builder is patched
to correctly look up disk sizes, partially revert
f3aa040bcb for EC2 disk images only.

We retain the type allowing "auto" but set the default back to the
previous value.
 2021-04-24 00:43:47 +00:00
lassulus
f3aa040bcb treewide: use auto diskSize for make-disk-image 2021-04-22 19:52:49 +02:00
Graham Christensen
7092dd52f8
amazonImage: Upload disks as GP3 for cheaper & faster IO (#109027) 
GP3 is always faster and cheaper than GP2, so sticking to GP2 is
leaving money on the table.

https://cloudwiry.com/ebs-gp3-vs-gp2-pricing-comparison/
 2021-01-11 13:54:40 -05:00
Graham Christensen
38a394bdee
Merge pull request #102174 from grahamc/ami-root-use-gpt 
AMI root partition table: use GPT to support >2T partitions
 2020-10-30 16:14:37 -04:00
Graham Christensen
d77ddf2a40
nixos.amazonAmi: use legacy+gpt disk images to support partitions >2T 2020-10-30 15:50:25 -04:00
Graham Christensen
74a577b293
create-amis: improve wording around the service name's IAM role 
Co-authored-by: Cole Helbling <cole.e.helbling@outlook.com>
 2020-10-30 12:40:17 -04:00
Graham Christensen
2bf1fc0345
create-amis: allow customizing the service role name 
The complete setup on the AWS end can be configured
with the following Terraform configuration. It generates
a ./credentials.sh which I just copy/pasted in to the
create-amis.sh script near the top. Note: the entire stack
of users and bucket can be destroyed at the end of the
import.

    variable "region" {
      type = string
    }
    variable "availability_zone" {
      type = string
    }

    provider "aws" {
      region = var.region
    }

    resource "aws_s3_bucket" "nixos-amis" {
      bucket_prefix = "nixos-amis-"
      lifecycle_rule {
        enabled = true
        abort_incomplete_multipart_upload_days = 1
        expiration {
          days = 7
        }
      }
    }

    resource "local_file" "credential-file" {
      file_permission = "0700"
      filename = "${path.module}/credentials.sh"
      sensitive_content = <<SCRIPT
    export service_role_name="${aws_iam_role.vmimport.name}"
    export bucket="${aws_s3_bucket.nixos-amis.bucket}"
    export AWS_ACCESS_KEY_ID="${aws_iam_access_key.uploader.id}"
    export AWS_SECRET_ACCESS_KEY="${aws_iam_access_key.uploader.secret}"
    SCRIPT
    }

    # The following resources are for the *uploader*
    resource "aws_iam_user" "uploader" {
      name = "nixos-amis-uploader"
    }

    resource "aws_iam_access_key" "uploader" {
      user = aws_iam_user.uploader.name
    }

    resource "aws_iam_user_policy" "upload-to-nixos-amis" {
      user = aws_iam_user.uploader.name

      policy = data.aws_iam_policy_document.upload-policy-document.json
    }

    data "aws_iam_policy_document" "upload-policy-document" {
      statement {
        effect = "Allow"

        actions = [
          "s3:ListBucket",
          "s3:GetBucketLocation",
        ]

        resources = [
          aws_s3_bucket.nixos-amis.arn
        ]
      }

      statement {
        effect = "Allow"

        actions = [
          "s3:PutObject",
          "s3:GetObject",
          "s3:DeleteObject",
        ]

        resources = [
          "${aws_s3_bucket.nixos-amis.arn}/*"
        ]
      }

      statement {
        effect = "Allow"
        actions = [
          "ec2:ImportSnapshot",
          "ec2:DescribeImportSnapshotTasks",
          "ec2:DescribeImportSnapshotTasks",
          "ec2:RegisterImage",
          "ec2:DescribeImages"
        ]
        resources = [
          "*"
        ]
      }
    }

    # The following resources are for the *vmimport service user*
    # See: https://docs.aws.amazon.com/vm-import/latest/userguide/vmie_prereqs.html#vmimport-role
    resource "aws_iam_role" "vmimport" {
      assume_role_policy = data.aws_iam_policy_document.vmimport-trust.json
    }

    resource "aws_iam_role_policy" "vmimport-access" {
      role = aws_iam_role.vmimport.id
      policy = data.aws_iam_policy_document.vmimport-access.json
    }

    data "aws_iam_policy_document" "vmimport-access" {
      statement {
        effect = "Allow"
        actions = [
          "s3:GetBucketLocation",
          "s3:GetObject",
          "s3:ListBucket",
        ]
        resources = [
          aws_s3_bucket.nixos-amis.arn,
          "${aws_s3_bucket.nixos-amis.arn}/*"
        ]
      }
      statement {
        effect = "Allow"
        actions = [
          "ec2:ModifySnapshotAttribute",
          "ec2:CopySnapshot",
          "ec2:RegisterImage",
          "ec2:Describe*"
        ]
        resources = [
          "*"
        ]
      }
    }

    data "aws_iam_policy_document" "vmimport-trust" {
      statement {
        effect = "Allow"
        principals {
          type = "Service"
          identifiers = [ "vmie.amazonaws.com" ]
        }

        actions = [
          "sts:AssumeRole"
        ]

        condition {
          test = "StringEquals"
          variable = "sts:ExternalId"
          values = [ "vmimport" ]
        }
      }
    }
 2020-10-30 12:12:08 -04:00
Graham Christensen
e253de8a77
create-amis.sh: log the full response if describing the import snapshot tasks fails 2020-10-30 12:08:01 -04:00
Graham Christensen
f92a883ddb
nixos ec2/create-amis.sh: shellcheck: $ is not needed in arithmetic 2020-10-30 12:08:01 -04:00
Graham Christensen
7dac8470cf
nixos ec2/create-amis.sh: shellcheck: explicitly make the additions to block_device_mappings single strings 2020-10-30 12:08:00 -04:00
Graham Christensen
a66a22ca54
nixos ec2/create-amis.sh: shellcheck: read without -r mangles backslashes 2020-10-30 12:08:00 -04:00
Graham Christensen
baf7ed3f24
nixos ec2/create-amis.sh: shellcheck: SC2155: Declare and assign separately to avoid masking return values. 2020-10-30 12:07:59 -04:00
Graham Christensen
f5994c208d
nixos ec2/create-amis.sh: shellcheck: quote state_dir reference 2020-10-30 12:07:59 -04:00