noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2025-04-24 18:32:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: noah:0582b4a1475b19636766da4b66a398a4423858c9
Branches Tags
noah:master
noah:platform
noah:home-manager-fix
noah:immich-proxy
noah:microcode
noah:nixd
noah:eblume-mole
noah:language-checks
noah:keyd-2.4.3
noah:sway
noah:nixosmodules
noah:unfree-predicate-by-pkgs
noah:darwin-ssl
noah:pre-platform
noah:begin-nixos
noah:begin-nix
noah:neovim-lua
noah:pre-nix
noah:legacy
..
compare: noah:e561d5984b9c569d0b0fd2d020c075fe45ef57ea
Branches Tags
noah:master
noah:platform
noah:home-manager-fix
noah:immich-proxy
noah:microcode
noah:nixd
noah:eblume-mole
noah:language-checks
noah:keyd-2.4.3
noah:sway
noah:nixosmodules
noah:unfree-predicate-by-pkgs
noah:darwin-ssl
noah:pre-platform
noah:begin-nixos
noah:begin-nix
noah:neovim-lua
noah:pre-nix
noah:legacy

No commits in common. "0582b4a1475b19636766da4b66a398a4423858c9" and "e561d5984b9c569d0b0fd2d020c075fe45ef57ea" have entirely different histories.
0582b4a147 ... e561d5984b

2 changed files with 1 additions and 47 deletions
Show Stats Expand all files Collapse all files

46
hosts/arrow/aws/ec2.tf
View File

@ -1,6 +1,5 @@
resource "aws_instance" "instance" { resource "aws_instance" "instance" {
ami = aws_ami.image.id ami = aws_ami.image.id
iam_instance_profile = aws_iam_instance_profile.instance.name
instance_type = var.ec2_size instance_type = var.ec2_size
vpc_security_group_ids = [aws_security_group.instance.id] vpc_security_group_ids = [aws_security_group.instance.id]
@ -22,14 +21,6 @@ resource "aws_security_group" "instance" {
description = "Allow SSH and HTTPS" description = "Allow SSH and HTTPS"
vpc_id = data.aws_vpc.vpc.id vpc_id = data.aws_vpc.vpc.id
ingress {
description = "Ping"
from_port = -1
to_port = -1
protocol = "icmp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress { ingress {
description = "SSH" description = "SSH"
from_port = 22 from_port = 22
@ -54,40 +45,3 @@ resource "aws_security_group" "instance" {
ipv6_cidr_blocks = ["::/0"] ipv6_cidr_blocks = ["::/0"]
} }
} }
# Setup IAM for the instance to use SSM
data "aws_iam_policy_document" "ec2_assume_role" {
statement {
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["ec2.amazonaws.com"]
}
}
}
data "aws_iam_policy_document" "instance_profile" {
statement {
actions = [
"s3:ListAllMyBuckets",
]
resources = ["*"]
}
}
resource "aws_iam_role" "instance_profile" {
name = "nixos"
assume_role_policy = data.aws_iam_policy_document.ec2_assume_role.json
inline_policy {
name = "instance-profile"
policy = data.aws_iam_policy_document.instance_profile.json
}
}
resource "aws_iam_role_policy_attachment" "instance_ssm" {
role = aws_iam_role.instance_profile.name
policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
}
resource "aws_iam_instance_profile" "instance" {
name = "nixos"
role = aws_iam_role.instance_profile.name
}

2
hosts/arrow/aws/image.tf
View File

@ -75,7 +75,7 @@ resource "aws_ebs_snapshot_import" "image" {
# Convert to AMI # Convert to AMI
resource "aws_ami" "image" { resource "aws_ami" "image" {
description = "Created with NixOS." description = "Created with NixOS."
name = replace(basename(data.aws_s3_object.image.key), "/\\.vhd$/", "") name = replace(basename(local.image_file), "/\\.vhd$/", "")
virtualization_type = "hvm" virtualization_type = "hvm"
root_device_name = "/dev/xvda" root_device_name = "/dev/xvda"
ena_support = true ena_support = true