cadey
/
paranix-configs
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

aws image upload 

Signed-off-by: Christine Dodrill <me@christine.website>
This commit is contained in:
Cadey Ratio 2021-08-11 13:00:00 -04:00
parent 80236629ec
commit 60cbc2f070
9 changed files with 269 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
shell.nix
View File

@ -1,10 +1,10 @@
{ pkgs ? import <nixpkgs> {} }: { pkgs ? import <nixpkgs> {} }:
pkgs.mkShell { pkgs.mkShell {
buildInputs = [ buildInputs = with pkgs; [
pkgs.hello terraform
niv
# keep this line if you use bash bashInteractive
pkgs.bashInteractive
]; ];
} }

1
terraform/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.terraform

2
terraform/aws_image/.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
result
.terraform

38
terraform/aws_image/.terraform.lock.hcl Normal file
View File

@ -0,0 +1,38 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/aws" {
version = "3.53.0"
hashes = [
"h1:oRCCzfwGCDNyuhIJ8kCg0N7h4W2WESm37o2GIt0ETpQ=",
"zh:35a77c79170b0cf3fb7eb835f3ce0b715aeeceda0a259e96e49fed5a30cf6646",
"zh:519d5470a932b1ec9a0fe08876c5e0f0f84f8e506b652c051e4ab708be081e89",
"zh:58cfa5b454602d57c47acd15c2ad166a012574742cdbcf950787ce79b6510218",
"zh:5fc3c0162335a730701c0175809250233f45f1021da8fa52c73635e4c08372d8",
"zh:6790f9d6261eb4bd5cdd7cd9125f103befce2ba127f9ba46eef83585b86e1d11",
"zh:76e1776c3bf9568d520f78419ec143c081f653b8df4fb22577a8c4a35d3315f9",
"zh:ca8ed88d0385e45c35223ace59b1bf77d81cd2154d5416e63a3dddaf0def30e6",
"zh:d002562c4a89a9f1f6cd8d854fad3c66839626fc260e5dde5267f6d34dbd97a4",
"zh:da5e47fb769e90a2f16c90fd0ba95d62da3d76eb006823664a5c6e96188731b0",
"zh:dfe7f33ec252ea550e090975a5f10940c27302bebb5559957957937b069646ea",
"zh:fa91574605ddce726e8a4e421297009a9dabe023106e139ac46da49c8285f2fe",
]
}
provider "registry.terraform.io/hashicorp/null" {
version = "3.1.0"
hashes = [
"h1:vpC6bgUQoJ0znqIKVFevOdq+YQw42bRq0u+H3nto8nA=",
"zh:02a1675fd8de126a00460942aaae242e65ca3380b5bb192e8773ef3da9073fd2",
"zh:53e30545ff8926a8e30ad30648991ca8b93b6fa496272cd23b26763c8ee84515",
"zh:5f9200bf708913621d0f6514179d89700e9aa3097c77dac730e8ba6e5901d521",
"zh:9ebf4d9704faba06b3ec7242c773c0fbfe12d62db7d00356d4f55385fc69bfb2",
"zh:a6576c81adc70326e4e1c999c04ad9ca37113a6e925aefab4765e5a5198efa7e",
"zh:a8a42d13346347aff6c63a37cda9b2c6aa5cc384a55b2fe6d6adfa390e609c53",
"zh:c797744d08a5307d50210e0454f91ca4d1c7621c68740441cf4579390452321d",
"zh:cecb6a304046df34c11229f20a80b24b1603960b794d68361a67c5efe58e62b8",
"zh:e1371aa1e502000d9974cfaff5be4cfa02f47b17400005a16f14d2ef30dc2a70",
"zh:fc39cc1fe71234a0b0369d5c5c7f876c71b956d23d7d6f518289737a001ba69b",
"zh:fea4227271ebf7d9e2b61b89ce2328c7262acd9fd190e1fd6d15a591abfa848e",
]
}

118
terraform/aws_image/main.tf Normal file
View File

@ -0,0 +1,118 @@
provider "aws" {
region = "us-east-1"
}
terraform {
backend "s3" {
bucket = "xeserv-tf-state-paranoid"
key = "aws_image"
region = "us-east-1"
}
}
resource "aws_s3_bucket" "images" {
bucket = "xeserv-ami-images"
acl = "private"
tags = {
Name = "Xeserv AMI Images"
}
}
resource "aws_iam_role" "vmimport" {
name = "vmimport"
assume_role_policy = file("./vmie-trust-policy.json")
}
resource "aws_iam_role_policy" "vmimport_policy" {
name = "vmimport"
role = aws_iam_role.vmimport.id
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:GetBucketLocation"
],
"Resource": [
"${aws_s3_bucket.images.arn}",
"${aws_s3_bucket.images.arn}/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject",
"s3:GetBucketAcl"
],
"Resource": [
"${aws_s3_bucket.images.arn}",
"${aws_s3_bucket.images.arn}/*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
],
"Resource": "*"
}
]
}
EOF
}
resource "aws_s3_bucket_object" "nixos_21_05" {
bucket = aws_s3_bucket.images.bucket
key = "nixos-21.05-paranoid.vhd"
source = "./result/nixos.vhd"
etag = filemd5("./result/nixos.vhd")
}
resource "aws_ebs_snapshot_import" "nixos_21_05" {
disk_container {
format = "VHD"
user_bucket {
s3_bucket = aws_s3_bucket.images.bucket
s3_key = aws_s3_bucket_object.nixos_21_05.key
}
}
role_name = aws_iam_role.vmimport.name
tags = {
Name = "NixOS-21.05"
}
}
resource "aws_ami" "nixos_21_05" {
name = "nixos_21_05"
architecture = "x86_64"
virtualization_type = "hvm"
root_device_name = "/dev/xvda"
ena_support = true
sriov_net_support = "simple"
ebs_block_device {
device_name = "/dev/xvda"
snapshot_id = aws_ebs_snapshot_import.nixos_21_05.id
volume_size = 40 # you can go as low as 8 GB, but 40 is a nice number
delete_on_termination = true
volume_type = "gp3"
}
}
output "nixos_21_05_ami" {
value = aws_ami.nixos_21_05.id
}

15
terraform/aws_image/vmie-trust-policy.json Normal file
View File

@ -0,0 +1,15 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "vmie.amazonaws.com" },
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals":{
"sts:Externalid": "vmimport"
}
}
}
]
}

20
terraform/bootstrap/.terraform.lock.hcl Normal file
View File

@ -0,0 +1,20 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/aws" {
version = "3.53.0"
hashes = [
"h1:oRCCzfwGCDNyuhIJ8kCg0N7h4W2WESm37o2GIt0ETpQ=",
"zh:35a77c79170b0cf3fb7eb835f3ce0b715aeeceda0a259e96e49fed5a30cf6646",
"zh:519d5470a932b1ec9a0fe08876c5e0f0f84f8e506b652c051e4ab708be081e89",
"zh:58cfa5b454602d57c47acd15c2ad166a012574742cdbcf950787ce79b6510218",
"zh:5fc3c0162335a730701c0175809250233f45f1021da8fa52c73635e4c08372d8",
"zh:6790f9d6261eb4bd5cdd7cd9125f103befce2ba127f9ba46eef83585b86e1d11",
"zh:76e1776c3bf9568d520f78419ec143c081f653b8df4fb22577a8c4a35d3315f9",
"zh:ca8ed88d0385e45c35223ace59b1bf77d81cd2154d5416e63a3dddaf0def30e6",
"zh:d002562c4a89a9f1f6cd8d854fad3c66839626fc260e5dde5267f6d34dbd97a4",
"zh:da5e47fb769e90a2f16c90fd0ba95d62da3d76eb006823664a5c6e96188731b0",
"zh:dfe7f33ec252ea550e090975a5f10940c27302bebb5559957957937b069646ea",
"zh:fa91574605ddce726e8a4e421297009a9dabe023106e139ac46da49c8285f2fe",
]
}

12
terraform/bootstrap/bootstrap.tf Normal file
View File

@ -0,0 +1,12 @@
provider "aws" {
region = "us-east-1"
}
resource "aws_s3_bucket" "bucket" {
bucket = "xeserv-tf-state-paranoid"
acl = "private"
tags = {
Name = "Terraform State"
}
}

59
terraform/bootstrap/terraform.tfstate Normal file
View File

@ -0,0 +1,59 @@
{
"version": 4,
"terraform_version": "1.0.4",
"serial": 1,
"lineage": "f70bcdee-6de7-dd3f-6e7f-749ded4ad6b1",
"outputs": {},
"resources": [
{
"mode": "managed",
"type": "aws_s3_bucket",
"name": "bucket",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"acceleration_status": "",
"acl": "private",
"arn": "arn:aws:s3:::xeserv-tf-state-paranoid",
"bucket": "xeserv-tf-state-paranoid",
"bucket_domain_name": "xeserv-tf-state-paranoid.s3.amazonaws.com",
"bucket_prefix": null,
"bucket_regional_domain_name": "xeserv-tf-state-paranoid.s3.amazonaws.com",
"cors_rule": [],
"force_destroy": false,
"grant": [],
"hosted_zone_id": "Z3AQBSTGFYJSTF",
"id": "xeserv-tf-state-paranoid",
"lifecycle_rule": [],
"logging": [],
"object_lock_configuration": [],
"policy": null,
"region": "us-east-1",
"replication_configuration": [],
"request_payer": "BucketOwner",
"server_side_encryption_configuration": [],
"tags": {
"Name": "Terraform State"
},
"tags_all": {
"Name": "Terraform State"
},
"versioning": [
{
"enabled": false,
"mfa_delete": false
}
],
"website": [],
"website_domain": null,
"website_endpoint": null
},
"sensitive_attributes": [],
"private": "bnVsbA=="
}
]
}
]
}