From dc158268f7bedccea096098a2fe020362e564f51 Mon Sep 17 00:00:00 2001 From: Jack Kelly Date: Fri, 8 Mar 2024 16:24:00 +1000 Subject: [PATCH] nixos/amazon-image: Enable Amazon SSM Agent by default Amazon-provided EC2 images do this. See: https://docs.aws.amazon.com/systems-manager/latest/userguide/ami-preinstalled-agent.html --- nixos/doc/manual/release-notes/rl-2405.section.md | 2 ++ nixos/modules/virtualisation/amazon-image.nix | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index b60a2eb1c868..64506cca5cb5 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -333,6 +333,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - [Lilypond](https://lilypond.org/index.html) and [Denemo](https://www.denemo.org) are now compiled with Guile 3.0. +- The EC2 image module now enables the [Amazon SSM Agent](https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html) by default. + - The following options of the Nextcloud module were moved into [`services.nextcloud.settings`](#opt-services.nextcloud.settings) and renamed to match the name from Nextcloud's `config.php`: - `logLevel` -> [`loglevel`](#opt-services.nextcloud.settings.loglevel), - `logType` -> [`log_type`](#opt-services.nextcloud.settings.log_type), diff --git a/nixos/modules/virtualisation/amazon-image.nix b/nixos/modules/virtualisation/amazon-image.nix index c7fe1bed5159..77730178422c 100644 --- a/nixos/modules/virtualisation/amazon-image.nix +++ b/nixos/modules/virtualisation/amazon-image.nix @@ -79,6 +79,10 @@ in serviceConfig.StandardOutput = "journal+console"; }; + # Amazon-issued AMIs include the SSM Agent by default, so we do the same. + # https://docs.aws.amazon.com/systems-manager/latest/userguide/ami-preinstalled-agent.html + services.amazon-ssm-agent.enable = true; + # Allow root logins only using the SSH key that the user specified # at instance creation time. services.openssh.enable = true;