pyrox.dev
1{ config, pkgs, lib, ... }:
2
3with lib;
4let
5 cfg = config.services.ssm-agent;
6
7 # The SSM agent doesn't pay attention to our /etc/os-release yet, and the lsb-release tool
8 # in nixpkgs doesn't seem to work properly on NixOS, so let's just fake the two fields SSM
9 # looks for. See https://github.com/aws/amazon-ssm-agent/issues/38 for upstream fix.
10 fake-lsb-release = pkgs.writeScriptBin "lsb_release" ''
11 #!${pkgs.stdenv.shell}
12
13 case "$1" in
14 -i) echo "nixos";;
15 -r) echo "${config.system.nixosVersion}";;
16 esac
17 '';
18in {
19 options.services.ssm-agent = {
20 enable = mkEnableOption "AWS SSM agent";
21
22 package = mkOption {
23 type = types.path;
24 description = "The SSM agent package to use";
25 default = pkgs.ssm-agent;
26 defaultText = "pkgs.ssm-agent";
27 };
28 };
29
30 config = mkIf cfg.enable {
31 systemd.services.ssm-agent = {
32 inherit (cfg.package.meta) description;
33 after = [ "network.target" ];
34 wantedBy = [ "multi-user.target" ];
35
36 path = [ fake-lsb-release ];
37 serviceConfig = {
38 ExecStart = "${cfg.package.bin}/bin/agent";
39 KillMode = "process";
40 Restart = "on-failure";
41 RestartSec = "15min";
42 };
43 };
44 };
45}
46