diff --git a/modules/misc/news.nix b/modules/misc/news.nix index 66a57c37c..cd0e7ffd6 100644 --- a/modules/misc/news.nix +++ b/modules/misc/news.nix @@ -1237,6 +1237,13 @@ in A new module is available: 'programs.bacon'. ''; } + + { + time = "2023-09-30T07:47:23+00:00"; + message = '' + A new module is available: 'programs.awscli'. + ''; + } ]; }; } diff --git a/modules/modules.nix b/modules/modules.nix index a582b8fc1..889f486fc 100644 --- a/modules/modules.nix +++ b/modules/modules.nix @@ -57,6 +57,7 @@ let ./programs/atuin.nix ./programs/autojump.nix ./programs/autorandr.nix + ./programs/awscli.nix ./programs/bash.nix ./programs/bashmount.nix ./programs/bat.nix diff --git a/modules/programs/awscli.nix b/modules/programs/awscli.nix new file mode 100644 index 000000000..678216651 --- /dev/null +++ b/modules/programs/awscli.nix @@ -0,0 +1,67 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.programs.awscli; + iniFormat = pkgs.formats.ini { }; + +in { + meta.maintainers = [ lib.maintainers.anthonyroussel ]; + + options.programs.awscli = { + enable = lib.mkEnableOption "AWS CLI tool"; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.awscli2; + defaultText = lib.literalExpression "pkgs.awscli2"; + description = "Package providing {command}`aws`."; + }; + + settings = lib.mkOption { + type = lib.types.submodule { freeformType = iniFormat.type; }; + default = { }; + example = lib.literalExpression '' + { + "default" = { + region = "eu-west-3"; + output = "json"; + }; + }; + ''; + description = "Configuration written to {file}`$HOME/.aws/config`."; + }; + + credentials = lib.mkOption { + type = lib.types.submodule { freeformType = iniFormat.type; }; + default = { }; + example = lib.literalExpression '' + { + "default" = { + "credential_process" = "${pkgs.pass}/bin/pass show aws"; + }; + }; + ''; + description = '' + Configuration written to {file}`$HOME/.aws/credentials`. + + For security reasons, never store cleartext passwords here. + We recommend that you use `credential_process` option to retrieve + the IAM credentials from your favorite password manager during runtime, + or use AWS IAM Identity Center to get short-term credentials. + + See . + ''; + }; + }; + + config = lib.mkIf cfg.enable { + home.packages = [ cfg.package ]; + + home.file."${config.home.homeDirectory}/.aws/config".source = + iniFormat.generate "aws-config-${config.home.username}" cfg.settings; + + home.file."${config.home.homeDirectory}/.aws/credentials".source = + iniFormat.generate "aws-credentials-${config.home.username}" + cfg.credentials; + }; +} diff --git a/tests/default.nix b/tests/default.nix index 94921a3a6..202a0143b 100644 --- a/tests/default.nix +++ b/tests/default.nix @@ -170,6 +170,7 @@ import nmt { ./modules/misc/xsession ./modules/programs/abook ./modules/programs/autorandr + ./modules/programs/awscli ./modules/programs/beets # One test relies on services.mpd ./modules/programs/borgmatic ./modules/programs/boxxy diff --git a/tests/modules/programs/awscli/aws-config.conf b/tests/modules/programs/awscli/aws-config.conf new file mode 100644 index 000000000..0a901a7c4 --- /dev/null +++ b/tests/modules/programs/awscli/aws-config.conf @@ -0,0 +1,3 @@ +[default] +output=json +region=eu-west-3 diff --git a/tests/modules/programs/awscli/aws-credentials.conf b/tests/modules/programs/awscli/aws-credentials.conf new file mode 100644 index 000000000..76da05238 --- /dev/null +++ b/tests/modules/programs/awscli/aws-credentials.conf @@ -0,0 +1,2 @@ +[iam] +credential_process=pass show aws diff --git a/tests/modules/programs/awscli/awscli.nix b/tests/modules/programs/awscli/awscli.nix new file mode 100644 index 000000000..0a96990ad --- /dev/null +++ b/tests/modules/programs/awscli/awscli.nix @@ -0,0 +1,28 @@ +{ ... }: + +{ + programs = { + awscli = { + enable = true; + settings = { + default = { + output = "json"; + region = "eu-west-3"; + }; + }; + credentials = { iam = { credential_process = "pass show aws"; }; }; + }; + }; + + test.stubs.awscli2 = { }; + + nmt.script = '' + assertFileExists home-files/.aws/config + assertFileContent home-files/.aws/config \ + ${./aws-config.conf} + + assertFileExists home-files/.aws/credentials + assertFileContent home-files/.aws/credentials \ + ${./aws-credentials.conf} + ''; +} diff --git a/tests/modules/programs/awscli/default.nix b/tests/modules/programs/awscli/default.nix new file mode 100644 index 000000000..dc1734f70 --- /dev/null +++ b/tests/modules/programs/awscli/default.nix @@ -0,0 +1 @@ +{ awscli = ./awscli.nix; }