Graham Christensen
|
2bf1fc0345
|
create-amis: allow customizing the service role name
The complete setup on the AWS end can be configured
with the following Terraform configuration. It generates
a ./credentials.sh which I just copy/pasted in to the
create-amis.sh script near the top. Note: the entire stack
of users and bucket can be destroyed at the end of the
import.
variable "region" {
type = string
}
variable "availability_zone" {
type = string
}
provider "aws" {
region = var.region
}
resource "aws_s3_bucket" "nixos-amis" {
bucket_prefix = "nixos-amis-"
lifecycle_rule {
enabled = true
abort_incomplete_multipart_upload_days = 1
expiration {
days = 7
}
}
}
resource "local_file" "credential-file" {
file_permission = "0700"
filename = "${path.module}/credentials.sh"
sensitive_content = <<SCRIPT
export service_role_name="${aws_iam_role.vmimport.name}"
export bucket="${aws_s3_bucket.nixos-amis.bucket}"
export AWS_ACCESS_KEY_ID="${aws_iam_access_key.uploader.id}"
export AWS_SECRET_ACCESS_KEY="${aws_iam_access_key.uploader.secret}"
SCRIPT
}
# The following resources are for the *uploader*
resource "aws_iam_user" "uploader" {
name = "nixos-amis-uploader"
}
resource "aws_iam_access_key" "uploader" {
user = aws_iam_user.uploader.name
}
resource "aws_iam_user_policy" "upload-to-nixos-amis" {
user = aws_iam_user.uploader.name
policy = data.aws_iam_policy_document.upload-policy-document.json
}
data "aws_iam_policy_document" "upload-policy-document" {
statement {
effect = "Allow"
actions = [
"s3:ListBucket",
"s3:GetBucketLocation",
]
resources = [
aws_s3_bucket.nixos-amis.arn
]
}
statement {
effect = "Allow"
actions = [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
]
resources = [
"${aws_s3_bucket.nixos-amis.arn}/*"
]
}
statement {
effect = "Allow"
actions = [
"ec2:ImportSnapshot",
"ec2:DescribeImportSnapshotTasks",
"ec2:DescribeImportSnapshotTasks",
"ec2:RegisterImage",
"ec2:DescribeImages"
]
resources = [
"*"
]
}
}
# The following resources are for the *vmimport service user*
# See: https://docs.aws.amazon.com/vm-import/latest/userguide/vmie_prereqs.html#vmimport-role
resource "aws_iam_role" "vmimport" {
assume_role_policy = data.aws_iam_policy_document.vmimport-trust.json
}
resource "aws_iam_role_policy" "vmimport-access" {
role = aws_iam_role.vmimport.id
policy = data.aws_iam_policy_document.vmimport-access.json
}
data "aws_iam_policy_document" "vmimport-access" {
statement {
effect = "Allow"
actions = [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
]
resources = [
aws_s3_bucket.nixos-amis.arn,
"${aws_s3_bucket.nixos-amis.arn}/*"
]
}
statement {
effect = "Allow"
actions = [
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
]
resources = [
"*"
]
}
}
data "aws_iam_policy_document" "vmimport-trust" {
statement {
effect = "Allow"
principals {
type = "Service"
identifiers = [ "vmie.amazonaws.com" ]
}
actions = [
"sts:AssumeRole"
]
condition {
test = "StringEquals"
variable = "sts:ExternalId"
values = [ "vmimport" ]
}
}
}
|
2020-10-30 12:12:08 -04:00 |
|
|
Graham Christensen
|
e253de8a77
|
create-amis.sh: log the full response if describing the import snapshot tasks fails
|
2020-10-30 12:08:01 -04:00 |
|
|
Graham Christensen
|
f92a883ddb
|
nixos ec2/create-amis.sh: shellcheck: $ is not needed in arithmetic
|
2020-10-30 12:08:01 -04:00 |
|
|
Graham Christensen
|
7dac8470cf
|
nixos ec2/create-amis.sh: shellcheck: explicitly make the additions to block_device_mappings single strings
|
2020-10-30 12:08:00 -04:00 |
|
|
Graham Christensen
|
a66a22ca54
|
nixos ec2/create-amis.sh: shellcheck: read without -r mangles backslashes
|
2020-10-30 12:08:00 -04:00 |
|
|
Graham Christensen
|
baf7ed3f24
|
nixos ec2/create-amis.sh: shellcheck: SC2155: Declare and assign separately to avoid masking return values.
|
2020-10-30 12:07:59 -04:00 |
|
|
Graham Christensen
|
f5994c208d
|
nixos ec2/create-amis.sh: shellcheck: quote state_dir reference
|
2020-10-30 12:07:59 -04:00 |
|
|
Graham Christensen
|
c76692192a
|
nixos ec2/create-amis.sh: shellcheck: quote region references
|
2020-10-30 12:07:49 -04:00 |
|
StigP
|
4512dac960
|
Merge pull request #99444 from etu/aldo-upgrade
aldo: 0.7.7 -> 0.7.8
|
2020-10-28 13:23:42 +00:00 |
|
Anderson Torres
|
c3feda093d
|
Merge pull request #101569 from AndersonTorres/megafix
Fixing some URLs
|
2020-10-28 10:15:26 -03:00 |
|
Jörg Thalheim
|
c5ef62db67
|
Merge pull request #97975 from 06kellyjac/deno_1.4.0
|
2020-10-28 14:06:23 +01:00 |
|
Marek Mahut
|
40926647b1
|
Merge pull request #101926 from stovemeerkat/submit/metabase-0.37.0.2
metabase: 0.36.4 -> 0.37.0.2
|
2020-10-28 13:51:26 +01:00 |
|
Niklas Hambüchen
|
c06f86d591
|
Merge pull request #101879 from sikmir/cloudcompare
cloudcompare: 2.11.0 → 2.11.2
|
2020-10-28 13:43:31 +01:00 |
|
Mario Rodas
|
8385452994
|
Merge pull request #101919 from r-ryantm/auto-update/python3.7-Eve
python37Packages.eve: 1.1.3 -> 1.1.4
|
2020-10-28 07:27:27 -05:00 |
|
Nikolay Korotkiy
|
59645d2e42
|
cloudcompare: 2.11.0 → 2.11.2
|
2020-10-28 13:24:55 +01:00 |
|
stovemeerkat
|
4c7982a2c5
|
metabase: 0.36.4 -> 0.37.0.2
|
2020-10-28 13:02:30 +01:00 |
|
Emery Hemingway
|
17a9d2187d
|
vix: init at 0.1.2
|
2020-10-28 12:34:43 +01:00 |
|
R. RyanTM
|
6d6ed15508
|
python37Packages.eve: 1.1.3 -> 1.1.4
|
2020-10-28 11:21:17 +00:00 |
|
|
Mario Rodas
|
023ff35f38
|
Merge pull request #101746 from oyren/update-portfolio
portfolio: 0.48.1 -> 0.49.0
|
2020-10-28 06:18:01 -05:00 |
|
|
Mario Rodas
|
ec2f49dc8c
|
Merge pull request #101842 from helsinki-systems/litecli-1.4.1
litecli: 1.3.2 -> 1.4.1
|
2020-10-28 06:16:48 -05:00 |
|
|
Mario Rodas
|
10400f179f
|
Merge pull request #101846 from stigtsp/package/rakudo-2020.10
rakudo: 2020.09 -> 2020.10
|
2020-10-28 06:15:52 -05:00 |
|
|
Mario Rodas
|
742e5e5f67
|
Merge pull request #101912 from marsam/update-nodejs-10_x
nodejs-10_x: 10.22.1 -> 10.23.0
|
2020-10-28 06:14:25 -05:00 |
|
|
Jörg Thalheim
|
afd599e647
|
Merge pull request #101875 from lovesegfault/ccls-20201025
ccls: 0.20190823 -> 0.20201025
|
2020-10-28 11:57:30 +01:00 |
|
|
Mario Rodas
|
a151124ca3
|
Merge pull request #101896 from r-ryantm/auto-update/python3.7-chalice
python37Packages.chalice: 1.21.2 -> 1.21.3
|
2020-10-28 05:29:16 -05:00 |
|
|
Mario Rodas
|
b69f140a80
|
Merge pull request #100043 from marsam/update-starship
starship: 0.45.2 -> 0.46.2
|
2020-10-28 05:22:54 -05:00 |
|
|
Mario Rodas
|
5b4331e2c9
|
Merge pull request #99949 from marsam/update-micro
micro: 2.0.7 -> 2.0.8
|
2020-10-28 05:22:00 -05:00 |
|
Maximilian Bosch
|
3d04e9a779
|
Merge pull request #101669 from Zopieux/nxdomain
nxdomain: init at 1.0.1
|
2020-10-28 10:49:50 +01:00 |
|
|
Mario Rodas
|
10a713e540
|
Merge pull request #101891 from punkeel/patch-1
nodejs-14_x: 14.14.0 -> 14.15.0
|
2020-10-28 04:24:28 -05:00 |
|
|
Mario Rodas
|
8989bf1e62
|
Merge pull request #101895 from r-ryantm/auto-update/python3.7-apprise
python37Packages.apprise: 0.8.7 -> 0.8.9
|
2020-10-28 03:59:25 -05:00 |
|
Frederik Rietdijk
|
1489c07cb7
|
teams: work around screen sharing bug
|
2020-10-28 09:39:16 +01:00 |
|
|
R. RyanTM
|
533965957e
|
python37Packages.py-multibase: 1.0.1 -> 1.0.3
|
2020-10-28 00:08:16 -07:00 |
|
|
R. RyanTM
|
1ecbf98eee
|
python37Packages.cchardet: 2.1.6 -> 2.1.7
|
2020-10-28 00:06:06 -07:00 |
|
|
R. RyanTM
|
a8025a3129
|
python37Packages.snowflake-connector-python: 2.3.3 -> 2.3.4
|
2020-10-27 23:38:53 -07:00 |
|
Daniël de Kok
|
a36a70c2af
|
Merge pull request #99164 from danieldk/tensorflow2-cuda-capabilities
python3Packages.tensorflow_2: update CUDA capabilities
|
2020-10-28 06:55:06 +01:00 |
|
|
R. RyanTM
|
91a190aa77
|
python37Packages.chalice: 1.21.2 -> 1.21.3
|
2020-10-28 05:28:48 +00:00 |
|
Vincent Laporte
|
ef45e1161e
|
ocamlPackages.ezjsonm: 0.6.0 → 1.2.0
|
2020-10-28 06:28:44 +01:00 |
|
|
R. RyanTM
|
34ab3fbaa2
|
python37Packages.apprise: 0.8.7 -> 0.8.9
|
2020-10-28 05:17:55 +00:00 |
|
|
Mario Rodas
|
83d9ca8268
|
nodejs-10_x: 10.22.1 -> 10.23.0
https://github.com/nodejs/node/releases/tag/v10.23.0
|
2020-10-28 04:20:00 +00:00 |
|
Maxime Guerreiro
|
0bd06ce0de
|
nodejs-14_x: 14.14.0 -> 14.15.0
https://github.com/nodejs/node/releases/tag/v14.15.0
|
2020-10-28 03:34:52 +01:00 |
|
Andreas Rammhold
|
c127653b72
|
Merge pull request #101887 from jonringer/minor-release-notes-adjustment
nixos/docs/rl-2009.xml: grafana: description, example agreement
|
2020-10-28 02:38:55 +01:00 |
|
|
Mario Rodas
|
b437b6b405
|
Merge pull request #101681 from r-ryantm/auto-update/lucky-cli
lucky-cli: 0.23.1 -> 0.24.0
|
2020-10-27 20:29:14 -05:00 |
|
MetaDark
|
da11534a4e
|
pythonPackages.debugpy: 1.0.0 -> 1.1.0
|
2020-10-27 18:27:08 -07:00 |
|
|
Mario Rodas
|
5594fe0c39
|
Merge pull request #101685 from woffs/btrfsprogs59
btrfs-progs: 5.7 -> 5.9
|
2020-10-27 20:03:53 -05:00 |
|
|
Mario Rodas
|
144ec0c514
|
Merge pull request #101706 from r-ryantm/auto-update/netdata
netdata: 1.25.0 -> 1.26.0
|
2020-10-27 19:56:15 -05:00 |
|
|
Mario Rodas
|
5b27ea8d02
|
Merge pull request #101714 from r-ryantm/auto-update/oneDNN
oneDNN: 1.6.3 -> 1.6.4
|
2020-10-27 19:51:53 -05:00 |
|
Jonathan Ringer
|
3963954fc8
|
nixos/docs/rl-2009.xml: grafana: description, example agreement
|
2020-10-27 17:50:39 -07:00 |
|
|
Mario Rodas
|
f9a8f295b0
|
Merge pull request #101701 from r-ryantm/auto-update/moosefs
moosefs: 3.0.114 -> 3.0.115
|
2020-10-27 19:48:26 -05:00 |
|
|
Andreas Rammhold
|
05e1e75e26
|
Merge pull request #101867 from mweinelt/blueman
blueman: 2.1.3 -> 2.1.4
|
2020-10-28 01:39:46 +01:00 |
|
|
Mario Rodas
|
9fce5c704a
|
Merge pull request #101779 from dbirks/update-helm
kubernetes-helm: 3.3.4 -> 3.4.0
|
2020-10-27 19:27:24 -05:00 |
|
Jonathan Ringer
|
f175726bd2
|
Merge pull request #101874 from davidak/fix-release-notes
doc: improve 20.09 release notes
|
2020-10-27 17:26:53 -07:00 |
|