Max Hausch
|
45d88250f2
|
motion 4.3.1 -> 4.3.2
|
2020-10-30 17:12:37 +01:00 |
|
Graham Christensen
|
2bf1fc0345
|
create-amis: allow customizing the service role name
The complete setup on the AWS end can be configured
with the following Terraform configuration. It generates
a ./credentials.sh which I just copy/pasted in to the
create-amis.sh script near the top. Note: the entire stack
of users and bucket can be destroyed at the end of the
import.
variable "region" {
type = string
}
variable "availability_zone" {
type = string
}
provider "aws" {
region = var.region
}
resource "aws_s3_bucket" "nixos-amis" {
bucket_prefix = "nixos-amis-"
lifecycle_rule {
enabled = true
abort_incomplete_multipart_upload_days = 1
expiration {
days = 7
}
}
}
resource "local_file" "credential-file" {
file_permission = "0700"
filename = "${path.module}/credentials.sh"
sensitive_content = <<SCRIPT
export service_role_name="${aws_iam_role.vmimport.name}"
export bucket="${aws_s3_bucket.nixos-amis.bucket}"
export AWS_ACCESS_KEY_ID="${aws_iam_access_key.uploader.id}"
export AWS_SECRET_ACCESS_KEY="${aws_iam_access_key.uploader.secret}"
SCRIPT
}
# The following resources are for the *uploader*
resource "aws_iam_user" "uploader" {
name = "nixos-amis-uploader"
}
resource "aws_iam_access_key" "uploader" {
user = aws_iam_user.uploader.name
}
resource "aws_iam_user_policy" "upload-to-nixos-amis" {
user = aws_iam_user.uploader.name
policy = data.aws_iam_policy_document.upload-policy-document.json
}
data "aws_iam_policy_document" "upload-policy-document" {
statement {
effect = "Allow"
actions = [
"s3:ListBucket",
"s3:GetBucketLocation",
]
resources = [
aws_s3_bucket.nixos-amis.arn
]
}
statement {
effect = "Allow"
actions = [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
]
resources = [
"${aws_s3_bucket.nixos-amis.arn}/*"
]
}
statement {
effect = "Allow"
actions = [
"ec2:ImportSnapshot",
"ec2:DescribeImportSnapshotTasks",
"ec2:DescribeImportSnapshotTasks",
"ec2:RegisterImage",
"ec2:DescribeImages"
]
resources = [
"*"
]
}
}
# The following resources are for the *vmimport service user*
# See: https://docs.aws.amazon.com/vm-import/latest/userguide/vmie_prereqs.html#vmimport-role
resource "aws_iam_role" "vmimport" {
assume_role_policy = data.aws_iam_policy_document.vmimport-trust.json
}
resource "aws_iam_role_policy" "vmimport-access" {
role = aws_iam_role.vmimport.id
policy = data.aws_iam_policy_document.vmimport-access.json
}
data "aws_iam_policy_document" "vmimport-access" {
statement {
effect = "Allow"
actions = [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
]
resources = [
aws_s3_bucket.nixos-amis.arn,
"${aws_s3_bucket.nixos-amis.arn}/*"
]
}
statement {
effect = "Allow"
actions = [
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
]
resources = [
"*"
]
}
}
data "aws_iam_policy_document" "vmimport-trust" {
statement {
effect = "Allow"
principals {
type = "Service"
identifiers = [ "vmie.amazonaws.com" ]
}
actions = [
"sts:AssumeRole"
]
condition {
test = "StringEquals"
variable = "sts:ExternalId"
values = [ "vmimport" ]
}
}
}
|
2020-10-30 12:12:08 -04:00 |
|
Graham Christensen
|
e253de8a77
|
create-amis.sh: log the full response if describing the import snapshot tasks fails
|
2020-10-30 12:08:01 -04:00 |
|
Graham Christensen
|
f92a883ddb
|
nixos ec2/create-amis.sh: shellcheck: $ is not needed in arithmetic
|
2020-10-30 12:08:01 -04:00 |
|
Graham Christensen
|
7dac8470cf
|
nixos ec2/create-amis.sh: shellcheck: explicitly make the additions to block_device_mappings single strings
|
2020-10-30 12:08:00 -04:00 |
|
Graham Christensen
|
a66a22ca54
|
nixos ec2/create-amis.sh: shellcheck: read without -r mangles backslashes
|
2020-10-30 12:08:00 -04:00 |
|
Graham Christensen
|
baf7ed3f24
|
nixos ec2/create-amis.sh: shellcheck: SC2155: Declare and assign separately to avoid masking return values.
|
2020-10-30 12:07:59 -04:00 |
|
Graham Christensen
|
f5994c208d
|
nixos ec2/create-amis.sh: shellcheck: quote state_dir reference
|
2020-10-30 12:07:59 -04:00 |
|
Graham Christensen
|
c76692192a
|
nixos ec2/create-amis.sh: shellcheck: quote region references
|
2020-10-30 12:07:49 -04:00 |
|
Marek Mahut
|
242441fea2
|
Merge pull request #101847 from mmilata/python-trezor-udev-linux
python3Packages.trezor: make udev rules dependency linux-only
|
2020-10-30 17:00:09 +01:00 |
|
Jörg Thalheim
|
46731b8886
|
Merge pull request #100814 from unode/samtools
|
2020-10-30 16:44:27 +01:00 |
|
Daniël de Kok
|
44177770f3
|
Merge pull request #102089 from r-ryantm/auto-update/1password
_1password-gui: 0.9.0 -> 0.9.1
|
2020-10-30 16:39:08 +01:00 |
|
Jörg Thalheim
|
6793ec82ca
|
Merge pull request #101948 from matthew-piziak/tdlib-169
|
2020-10-30 16:34:47 +01:00 |
|
Zak B. Elep
|
52c05c8791
|
perlPackages.NetAsyncWebSocket: init at 0.13
|
2020-10-30 23:17:17 +08:00 |
|
Peter Hoeg
|
05d95cfe79
|
kdeconnect: avoid double-wrapping the binary
|
2020-10-30 22:34:02 +08:00 |
|
Peter Hoeg
|
dfd29f9d7c
|
zanshin: broken before the 20.08.2 upgrade
|
2020-10-30 22:34:02 +08:00 |
|
Peter Hoeg
|
0d25246f4d
|
kdeconnect: part of kdeApplications
|
2020-10-30 22:34:02 +08:00 |
|
Peter Hoeg
|
d87b88361a
|
okular: add missing dependency
|
2020-10-30 22:34:02 +08:00 |
|
Peter Hoeg
|
7ac898fec2
|
kdeApplications: 20.08.1 -> 20.08.2
|
2020-10-30 22:34:02 +08:00 |
|
WilliButz
|
a3c16e973a
|
Merge pull request #102094 from Frostman/blackbox-exporter-0.18.0
blackbox-exporter: 0.17.0 -> 0.18.0
|
2020-10-30 15:11:58 +01:00 |
|
Zak B. Elep
|
489c73671a
|
perlPackages.NetAsyncHTTP: init at 0.47
|
2020-10-30 22:11:30 +08:00 |
|
Mario Rodas
|
e250fef768
|
Merge pull request #99920 from ericdallo/add-dart-to-flutter
flutter: Bump and add dart cache to flutter
|
2020-10-30 08:56:54 -05:00 |
|
Pierre Bourdon
|
ee36b1cd5b
|
plover.dev: fix Qt version pinning
Issue report: https://github.com/NixOS/nixpkgs/issues/65399#issuecomment-719066888
Similar issues in #98067.
Plover seems to work fine with Qt > 5.14 so this is an easy way to fix
the problem (as opposed to keeping the pinning and making it work with
PyQt).
|
2020-10-30 14:55:16 +01:00 |
|
WilliButz
|
207804705d
|
grafana: 7.3.0 -> 7.3.1
https://github.com/grafana/grafana/releases/tag/v7.3.1
|
2020-10-30 14:53:59 +01:00 |
|
Vincent Laporte
|
bb38f0570d
|
ocamlPackages.curly: unstable-2019-11-14 → 0.2.0
|
2020-10-30 14:36:21 +01:00 |
|
Tim Steinbach
|
95b36ade44
|
oh-my-zsh: 2020-10-27 -> 2020-10-29
|
2020-10-30 09:34:22 -04:00 |
|
Tim Steinbach
|
8ed2e118b1
|
linux_latest-libre: 17724 -> 17744
|
2020-10-30 09:33:44 -04:00 |
|
Tim Steinbach
|
7882c1ae5a
|
linux: 4.19.153 -> 4.19.154
|
2020-10-30 09:33:25 -04:00 |
|
Mario Rodas
|
6ef08a6d21
|
Merge pull request #102148 from marsam/update-tmux
tmux: 3.1b -> 3.1c
|
2020-10-30 08:20:54 -05:00 |
|
Eric Dallo
|
bee3fb885f
|
flutter: Add dart cache to flutter
|
2020-10-30 09:58:06 -03:00 |
|
Mario Rodas
|
ebe09a7ccc
|
Merge pull request #102039 from r-ryantm/auto-update/croc
croc: 8.5.2 -> 8.6.5
|
2020-10-30 07:50:58 -05:00 |
|
Mario Rodas
|
088865c946
|
Merge pull request #102050 from r-ryantm/auto-update/emplace
emplace: 0.3.7 -> 0.3.8
|
2020-10-30 07:49:42 -05:00 |
|
Mario Rodas
|
86f445bcc9
|
Merge pull request #102058 from r-ryantm/auto-update/flyctl
flyctl: 0.0.144 -> 0.0.145
|
2020-10-30 07:48:45 -05:00 |
|
Mario Rodas
|
8464bd73df
|
Merge pull request #102065 from r-ryantm/auto-update/fsmon
fsmon: 1.8.1 -> 1.8.2
|
2020-10-30 07:47:36 -05:00 |
|
Mario Rodas
|
d3a4ebdb95
|
Merge pull request #102074 from r-ryantm/auto-update/geoipupdate
geoipupdate: 4.3.0 -> 4.5.0
|
2020-10-30 07:45:30 -05:00 |
|
Mario Rodas
|
74c402d75d
|
Merge pull request #102079 from r-ryantm/auto-update/gosec
gosec: 2.4.0 -> 2.5.0
|
2020-10-30 07:44:59 -05:00 |
|
Mario Rodas
|
543c744d0d
|
Merge pull request #102082 from r-ryantm/auto-update/batsignal
batsignal: 1.1.2 -> 1.1.3
|
2020-10-30 07:44:06 -05:00 |
|
Mario Rodas
|
1429b00ba0
|
Merge pull request #102075 from siraben/mozwire-0.7.0
mozwire: 0.5.2 -> 0.7.0
|
2020-10-30 07:43:35 -05:00 |
|
Mario Rodas
|
0e7968639a
|
Merge pull request #102080 from r-ryantm/auto-update/gotestsum
gotestsum: 0.5.4 -> 0.6.0
|
2020-10-30 07:42:24 -05:00 |
|
Mario Rodas
|
52ae8c3cd0
|
Merge pull request #102110 from r-ryantm/auto-update/consul
consul: 1.8.4 -> 1.8.5
|
2020-10-30 07:41:33 -05:00 |
|
Mario Rodas
|
40a6a3b1b2
|
Merge pull request #102118 from r-ryantm/auto-update/cargo-audit
cargo-audit: 0.12.1 -> 0.13.1
|
2020-10-30 07:40:31 -05:00 |
|
Mario Rodas
|
879dc6a6bc
|
tmux: 3.1b -> 3.1c
|
2020-10-30 07:16:00 -05:00 |
|
Michael Raskin
|
193636b3ea
|
Merge pull request #102105 from r-ryantm/auto-update/abcl
abcl: 1.7.1 -> 1.8.0
|
2020-10-30 12:09:14 +00:00 |
|
Ash
|
525e15efae
|
gajim: strictDeps = false (#102141)
* gajim: strictDeps = false
Without this it doesn't find GSettings schemas, which causes it to crash when (for example) you try to change your avatar.
|
2020-10-30 12:04:28 +00:00 |
|
Jörg Thalheim
|
d420c85a55
|
Merge pull request #102123 from lopsided98/nginx-conf-cross
writers.writeNginxConfig: fix cross-compilation
|
2020-10-30 12:45:04 +01:00 |
|
Vincent Laporte
|
557094a10c
|
ocamlPackages.ocp-build: 1.99.19-beta → 1.99.21-beta
|
2020-10-30 11:39:15 +01:00 |
|
Vincent Laporte
|
7f8f1fc182
|
ocamlPackages.re: use released source rather than a git snapshot
This fixes the version information in the META file
|
2020-10-30 11:39:15 +01:00 |
|
Dennis Gosnell
|
add6a1ef1f
|
Merge pull request #102117 from cdepillabout/spago-0.17
spago: 0.16.0 -> 0.17.0
|
2020-10-30 18:57:02 +09:00 |
|
Daniël de Kok
|
7e4d5a8360
|
Merge pull request #101668 from Maxwell-lt/update/mullvad-2020.6
mullvad-vpn: 2020.5 -> 2020.6
|
2020-10-30 10:46:35 +01:00 |
|
Timo Kaufmann
|
40a92fe2b9
|
Merge pull request #102139 from alex-eyre/master
Remove mildlyincompetent from the maintainers list
|
2020-10-30 09:37:13 +01:00 |
|