seansummers · July 20, 2025 00:07
diff --git a/gistfile1.txt b/gistfile1.txt
 # Terraform Modules

 Various modules that haven't found a home yet.
diff --git a/instance-type-for-requirements.tf b/instance-type-for-requirements.tf
 variable "architecture" {
  type    = string
  default = "arm64"
 }

 variable "ram_in_mb" {
  type        = number
  description = "RAM MB size for the instance type"
  default     = 8192
 }

 variable "network_performance" {
  type    = string
  default = "*10 Gigabit"
 }

 variable "require_instance_storage" {
  type    = bool
  default = true
 }

 terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = ">= 5.100"
    }
  }
 }

 locals {
  architecture        = var.architecture
  network_performance = var.network_performance == "" ? [] : [var.network_performance]
  ram_in_mb           = var.ram_in_mb == "" ? [] : [var.ram_in_mb]
 }

 data "aws_ec2_instance_types" "this" {
  filter {
    name   = "processor-info.supported-architecture"
    values = [local.architecture]
  }
  filter {
    name   = "network-info.network-performance"
    values = local.network_performance
  }
  filter {
    name   = "memory-info.size-in-mib"
    values = local.ram_in_mb
  }
  filter {
    name   = "instance-storage-info.disk.count"
    values = var.require_instance_storage ? [1] : []
  }
  filter {
    name   = "hypervisor"
    values = ["nitro"]
  }
  filter {
    name   = "current-generation"
    values = [true]
  }
 }

 output "instance_types" {
  value = data.aws_ec2_instance_types.this.instance_types
 }
diff --git a/main.tf b/main.tf
 terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
    }
    random = {
      source = "hashicorp/random"
    }
    terraform = {
      source = "terraform.io/builtin/terraform"
    }
  }
 }

 locals {
  vpc_id        = data.aws_vpc.this.id
  instance_type = module.instance-type.instance_types[0]
 }

 data "aws_vpc" "this" {
  default = true
 }

 module "instance-type" {
  source                   = "./instance-type-for-requirements"
  architecture             = "x86_64"
  ram_in_mb                = 32768
  require_instance_storage = true
 }

 module "subnets" {
  source = "./subnets-for-instance-type"

  instance_type = local.instance_type
  vpc_id        = local.vpc_id
 }

 resource "random_shuffle" "subnet" {
  input        = module.subnets.valid_subnets
  result_count = 1
 }

 data "terraform_data" "user_data" {
  input            = base64gzip(file("${path.root}/files/user_data.yaml"))
  triggers_replace = filemd5("${path.root}/files/user_data.yaml")
 }

 module "instance" {
  source  = "terraform-aws-modules/ec2-instance/aws"
  version = "~> 6.0"

  name                                = "sean-test-hyper"
  subnet_id                           = one(random_shuffle.subnet.result)
  instance_type                       = local.instance_type
  create_iam_instance_profile         = true
  user_data_base64                    = data.terraform_data.user_data.output
  ami_ssm_parameter                   = "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64"
  ignore_ami_changes                  = true
  user_data_replace_on_change         = true
  create_spot_instance                = true
  spot_instance_interruption_behavior = "terminate"
  spot_type                           = "persistent"
  spot_wait_for_fulfillment           = true
  iam_role_path                       = "/ec2/"
  create_security_group               = true
  iam_role_policies = {
    AdministratorAccess          = "arn:aws:iam::aws:policy/AdministratorAccess"
    AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
  }
 }

 output "instance-id" {
  value = module.instance.id
 }
diff --git a/subnets-for-instance-type.tf b/subnets-for-instance-type.tf
 variable "instance_type" {
  type        = string
  description = "EC2 Instance Type to locate valid AZs for"
 }

 variable "vpc_id" {
  type        = string
  description = "VPC to find subnets for the EC2 Instance Type (optional)"
  default     = ""
 }

 terraform {
  required_providers {
    terraform = {
      source = "terraform.io/builtin/terraform"
    }
    aws = {
      source  = "hashicorp/aws"
      version = ">= 6.4"
    }
  }
 }

 data "aws_region" "current" {}

 data "aws_subnets" "subnets-supporting-instance-type" {
  filter {
    name   = "vpc-id"
    values = var.vpc_id == "" ? [] : [var.vpc_id]
  }
  filter {
    name   = "availability-zone"
    values = data.aws_ec2_instance_type_offerings.azs-supporting-instance-type.locations
  }
 }

 data "aws_availability_zones" "current" {
  state = "available"
  filter {
    name   = "region-name"
    values = [data.aws_region.current.id]
  }
 }

 data "aws_ec2_instance_type_offerings" "azs-supporting-instance-type" {
  location_type = "availability-zone"
  filter {
    name   = "location"
    values = data.aws_availability_zones.current.names
  }
  filter {
    name   = "instance-type"
    values = [var.instance_type]
  }
 }

 output "valid_azs" {
  description = "Valid AZs for the given instance_type"
  value       = data.aws_ec2_instance_type_offerings.azs-supporting-instance-type.locations
 }

 output "valid_subnets" {
  description = "Valid subnet-ids for the given instance_type"
  value       = data.aws_subnets.subnets-supporting-instance-type.ids
 }
diff --git a/user_data.yaml b/user_data.yaml
 #cloud-config
 resize_rootfs: noblock
 repo_update: true
 repo_upgrade: all

 packages:
  - tmux
  - systemd-oomd-defaults
  - docker

 device_aliases:
  ephemeral0: /dev/nvme1n1

 disk_setup:
  ephemeral0:
    layout: [30, 70]
    overwrite: true

 # nvme broke in cloud-init < 24.2
 # but using device_aliases does everything but the ext4 mkfs
 fs_setup:
  - filesystem: swap
    device: ephemeral0.p1
    overwrite: true
    label: swap
    cmd: mkswap %(device)s
  - filesystem: ext4
    device: ephemeral0.p2
    overwrite: true
    label: data
    cmd: mkfs -t %(filesystem)s -L %(label)s %(device)s

 mounts:
  - [
      ephemeral0.p1,
      none,
      swap,
      "sw,auto,nofail,x-systemd.requires=cloud-init.service,x-systemd.makefs",
      "0",
      "0",
    ]
  - [
      ephemeral0.p2,
      /mnt,
      ext4,
      "defaults,auto,nofail,x-systemd.requires=cloud-init.service,x-systemd.makefs",
      "0",
      "2",
    ]

 write_files:
  - path: /etc/sysctl.d/99-site-optimizations.conf
    permissions: "0444"
    content: |
      vm.nr_hugepages = 1024
      vm.overcommit_memory = 2
      vm.swappiness = 10

 runcmd:
  - systemctl start mnt.mount --no-block
  - mkswap /dev/nvme1n1p1
  - swapon -a
  - sysctl -p /etc/sysctl.d/99-site-optimizations.conf
  - systemctl disable acpid.service --now
  - systemctl disable [email protected] --now
  - systemctl disable gssproxy.service --now
  - systemctl disable libstoragemgmt.service --now
  - systemctl disable [email protected] --now
  - systemctl enable systemd-oomd --now --no-block
  - systemctl enable docker --now --no-block
  - dnf remove acpid -y
  - [
      sh,
      -c,
      "curl -LsSf https://astral.sh/uv/install.sh | env UV_INSTALL_DIR=/usr/local/bin sh -s -- -v",
    ]
  - [sh, -c, "curl -LsSf https://install.duckdb.org | HOME=/root sh -s -- -v"]
  - [bash, -c, "$(curl -LsSf https://setup.vector.dev)"]
	# Terraform Modules

	Various modules that haven't found a home yet.
	variable "architecture" {
	type = string
	default = "arm64"
	}

	variable "ram_in_mb" {
	type = number
	description = "RAM MB size for the instance type"
	default = 8192
	}

	variable "network_performance" {
	type = string
	default = "*10 Gigabit"
	}

	variable "require_instance_storage" {
	type = bool
	default = true
	}

	terraform {
	required_providers {
	aws = {
	source = "hashicorp/aws"
	version = ">= 5.100"
	}
	}
	}

	locals {
	architecture = var.architecture
	network_performance = var.network_performance == "" ? [] : [var.network_performance]
	ram_in_mb = var.ram_in_mb == "" ? [] : [var.ram_in_mb]
	}

	data "aws_ec2_instance_types" "this" {
	filter {
	name = "processor-info.supported-architecture"
	values = [local.architecture]
	}
	filter {
	name = "network-info.network-performance"
	values = local.network_performance
	}
	filter {
	name = "memory-info.size-in-mib"
	values = local.ram_in_mb
	}
	filter {
	name = "instance-storage-info.disk.count"
	values = var.require_instance_storage ? [1] : []
	}
	filter {
	name = "hypervisor"
	values = ["nitro"]
	}
	filter {
	name = "current-generation"
	values = [true]
	}
	}

	output "instance_types" {
	value = data.aws_ec2_instance_types.this.instance_types
	}
	variable "instance_type" {
	type = string
	description = "EC2 Instance Type to locate valid AZs for"
	}

	variable "vpc_id" {
	type = string
	description = "VPC to find subnets for the EC2 Instance Type (optional)"
	default = ""
	}

	terraform {
	required_providers {
	terraform = {
	source = "terraform.io/builtin/terraform"
	}
	aws = {
	source = "hashicorp/aws"
	version = ">= 6.4"
	}
	}
	}

	data "aws_region" "current" {}

	data "aws_subnets" "subnets-supporting-instance-type" {
	filter {
	name = "vpc-id"
	values = var.vpc_id == "" ? [] : [var.vpc_id]
	}
	filter {
	name = "availability-zone"
	values = data.aws_ec2_instance_type_offerings.azs-supporting-instance-type.locations
	}
	}

	data "aws_availability_zones" "current" {
	state = "available"
	filter {
	name = "region-name"
	values = [data.aws_region.current.id]
	}
	}

	data "aws_ec2_instance_type_offerings" "azs-supporting-instance-type" {
	location_type = "availability-zone"
	filter {
	name = "location"
	values = data.aws_availability_zones.current.names
	}
	filter {
	name = "instance-type"
	values = [var.instance_type]
	}
	}

	output "valid_azs" {
	description = "Valid AZs for the given instance_type"
	value = data.aws_ec2_instance_type_offerings.azs-supporting-instance-type.locations
	}

	output "valid_subnets" {
	description = "Valid subnet-ids for the given instance_type"
	value = data.aws_subnets.subnets-supporting-instance-type.ids
	}
	#cloud-config
	resize_rootfs: noblock
	repo_update: true
	repo_upgrade: all

	packages:
	- tmux
	- systemd-oomd-defaults
	- docker

	device_aliases:
	ephemeral0: /dev/nvme1n1

	disk_setup:
	ephemeral0:
	layout: [30, 70]
	overwrite: true

	# nvme broke in cloud-init < 24.2
	# but using device_aliases does everything but the ext4 mkfs
	fs_setup:
	- filesystem: swap
	device: ephemeral0.p1
	overwrite: true
	label: swap
	cmd: mkswap %(device)s
	- filesystem: ext4
	device: ephemeral0.p2
	overwrite: true
	label: data
	cmd: mkfs -t %(filesystem)s -L %(label)s %(device)s

	mounts:
	- [
	ephemeral0.p1,
	none,
	swap,
	"sw,auto,nofail,x-systemd.requires=cloud-init.service,x-systemd.makefs",
	"0",
	"0",
	]
	- [
	ephemeral0.p2,
	/mnt,
	ext4,
	"defaults,auto,nofail,x-systemd.requires=cloud-init.service,x-systemd.makefs",
	"0",
	"2",
	]

	write_files:
	- path: /etc/sysctl.d/99-site-optimizations.conf
	permissions: "0444"
	content: \|
	vm.nr_hugepages = 1024
	vm.overcommit_memory = 2
	vm.swappiness = 10

	runcmd:
	- systemctl start mnt.mount --no-block
	- mkswap /dev/nvme1n1p1
	- swapon -a
	- sysctl -p /etc/sysctl.d/99-site-optimizations.conf
	- systemctl disable acpid.service --now
	- systemctl disable [email protected] --now
	- systemctl disable gssproxy.service --now
	- systemctl disable libstoragemgmt.service --now
	- systemctl disable [email protected] --now
	- systemctl enable systemd-oomd --now --no-block
	- systemctl enable docker --now --no-block
	- dnf remove acpid -y
	- [
	sh,
	-c,
	"curl -LsSf https://astral.sh/uv/install.sh \| env UV_INSTALL_DIR=/usr/local/bin sh -s -- -v",
	]
	- [sh, -c, "curl -LsSf https://install.duckdb.org \| HOME=/root sh -s -- -v"]
	- [bash, -c, "$(curl -LsSf https://setup.vector.dev)"]