noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2024-09-19 21:44:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

switch to uploading image to s3 without tf

Browse Source
This commit is contained in:
Noah Masur 2024-05-07 15:12:21 -04:00
parent de766b6893
commit e561d5984b
No known key found for this signature in database
3 changed files with 24 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
.github/workflows/arrow-aws.yml vendored
View File

@ -67,25 +67,18 @@ jobs:
- name: Install Nix - name: Install Nix
if: inputs.rebuild && inputs.action != 'destroy' if: inputs.rebuild && inputs.action != 'destroy'
uses: cachix/install-nix-action@v20 uses: cachix/install-nix-action@v20
with:
extra_nix_config: |
substituters = s3://${{ secrets.NIX_CACHE_BUCKET }} https://cache.nixos.org/
trusted-public-keys = ${{ secrets.NIX_CACHE_BUCKET }}:KJLT83NgyLjjX+YOJxFNflmw3/IPwW+y21cpgVv+Kwc= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
# Build the image # Build the image
- name: Build Image - name: Build Image
if: inputs.rebuild && inputs.action != 'destroy' if: inputs.rebuild && inputs.action != 'destroy'
run: nix build .#arrow-aws run: nix build .#arrow-aws
# Copy the image to S3 - name: Upload Image to S3
- name: Upload Image to Cache if: inputs.rebuild && inputs.action != 'destroy'
env:
NIX_CACHE_PRIVATE_KEY: ${{ secrets.NIX_CACHE_PRIVATE_KEY }}
run: | run: |
echo "$NIX_CACHE_PRIVATE_KEY" > cache.key aws s3 cp \
nix store sign --key-file cache.key $(readlink result) result/nixos-amazon-image-*.vhd \
nix copy --to s3://${{ secrets.NIX_CACHE_BUCKET }} $(readlink result) s3://${{ secrets.IMAGES_BUCKET }}/arrow.vhd \
rm cache.key
# Installs the Terraform binary and some other accessory functions. # Installs the Terraform binary and some other accessory functions.
- name: Setup Terraform - name: Setup Terraform

2
hosts/arrow/aws/ec2.tf
View File

@ -17,7 +17,7 @@ data "aws_vpc" "vpc" {
} }
resource "aws_security_group" "instance" { resource "aws_security_group" "instance" {
name = "t2-aws-nixos-test" name = "aws-nixos"
description = "Allow SSH and HTTPS" description = "Allow SSH and HTTPS"
vpc_id = data.aws_vpc.vpc.id vpc_id = data.aws_vpc.vpc.id

30
hosts/arrow/aws/image.tf
View File

@ -1,13 +1,19 @@
locals { # locals {
image_file = one(fileset(path.root, "../../../result/nixos-amazon-image-*.vhd")) # image_file = one(fileset(path.root, "../../../result/nixos-amazon-image-*.vhd"))
} # }
#
# # Upload image to S3
# resource "aws_s3_object" "image" {
# bucket = var.images_bucket
# key = basename(local.image_file)
# source = local.image_file
# etag = filemd5(local.image_file)
# }
# Upload image to S3 # Use existing image in S3
resource "aws_s3_object" "image" { data "aws_s3_object" "image" {
bucket = var.images_bucket bucket = var.images_bucket
key = basename(local.image_file) key = "arrow.vhd"
source = local.image_file
etag = filemd5(local.image_file)
} }
# Setup IAM access for the VM Importer # Setup IAM access for the VM Importer
@ -29,8 +35,8 @@ data "aws_iam_policy_document" "vmimport" {
"s3:ListBucket", "s3:ListBucket",
] ]
resources = [ resources = [
"arn:aws:s3:::${aws_s3_object.image.bucket}", "arn:aws:s3:::${data.aws_s3_object.image.bucket}",
"arn:aws:s3:::${aws_s3_object.image.bucket}/*", "arn:aws:s3:::${data.aws_s3_object.image.bucket}/*",
] ]
} }
statement { statement {
@ -58,8 +64,8 @@ resource "aws_ebs_snapshot_import" "image" {
disk_container { disk_container {
format = "VHD" format = "VHD"
user_bucket { user_bucket {
s3_bucket = aws_s3_object.image.bucket s3_bucket = data.aws_s3_object.image.bucket
s3_key = aws_s3_object.image.key s3_key = data.aws_s3_object.image.key
} }
} }