nixos/ssm-agent: conf files written to /etc

ssm-agent expects files in /etc/amazon/ssm. The pkg substitutes a location in the nix store for those default files, but if we ever want to adjust this configuration on NixOS, we'd need the ability to modify that file. This change to the nixos module writes copies of the default files from the nix store to /etc/amazon/ssm. Future versions can add config, but right now this would allow users to at least write out a text value to environment.etc."amazon/ssm/amazon-ssm-agent.json".text to provide their own config.
2021-05-08 16:03:38 -07:00 · 2021-05-08 16:03:38 -07:00 · bf92d0ec37
parent 27b4fd19ed
commit bf92d0ec37
2 changed files with 15 additions and 7 deletions
--- a/nixos/modules/services/misc/ssm-agent.nix
+++ b/nixos/modules/services/misc/ssm-agent.nix
@ -22,8 +22,8 @@ in {
    package = mkOption {
      type = types.path;
      description = "The SSM agent package to use";
-      default = pkgs.ssm-agent;
-      defaultText = "pkgs.ssm-agent";
+      default = pkgs.ssm-agent.override { overrideEtc = false; };
+      defaultText = "pkgs.ssm-agent.override { overrideEtc = false; }";
    };
  };

@ -37,8 +37,10 @@ in {
      serviceConfig = {
        ExecStart = "${cfg.package}/bin/amazon-ssm-agent";
        KillMode = "process";
-        Restart = "on-failure";
-        RestartSec = "15min";
+        # We want this restating pretty frequently. It could be our only means
+        # of accessing the instance.
+        Restart = "always";
+        RestartSec = "1min";
      };
    };

@ -62,5 +64,10 @@ in {
      isNormalUser = true;
      group = "ssm-user";
    };
+
+    environment.etc."amazon/ssm/seelog.xml".source = "${cfg.package}/seelog.xml.template";
+
+    environment.etc."amazon/ssm/amazon-ssm-agent.json".source =  "${cfg.package}/etc/amazon/ssm/amazon-ssm-agent.json.template";
+
  };
 }
--- a/pkgs/applications/networking/cluster/ssm-agent/default.nix
+++ b/pkgs/applications/networking/cluster/ssm-agent/default.nix
@ -8,6 +8,7 @@
 , dmidecode
 , util-linux
 , bashInteractive
+, overrideEtc ? true
 }:

 let
@ -63,10 +64,10 @@ buildGoPackage rec {
    substituteInPlace agent/session/shell/shell_unix.go \
        --replace '"script"' '"${util-linux}/bin/script"'

-    substituteInPlace agent/appconfig/constants_unix.go \
-        --replace '"/etc/amazon/ssm/"' '"${placeholder "out"}/etc/amazon/ssm/"'
-
    echo "${version}" > VERSION
+  '' + lib.optionalString overrideEtc ''
+    substituteInPlace agent/appconfig/constants_unix.go \
+      --replace '"/etc/amazon/ssm/"' '"${placeholder "out"}/etc/amazon/ssm/"'
  '';

  preBuild = ''