kalbasit/aws.nix

## aws.nix
  resources = {
    ec2SecurityGroups = {
      ssh-in = {
        inherit accessKeyId region;

        description = "Allow incoming SSH connection from anywhere";
        rules = [
          { fromPort = 22; toPort = 22; protocol = "tcp"; sourceIp = "0.0.0.0/0"; }
          # TODO(low): https://github.com/NixOS/nixops/issues/683
          # {fromPort = 22; toPort = 22; protocol = "tcp"; sourceIp = "::/0"; }
        ];
      };

      http-in = {
        inherit accessKeyId region;

        description = "Allow incoming HTTP connection from anywhere";
        rules = [
          { fromPort = 80; toPort = 80; protocol = "tcp"; sourceIp = "0.0.0.0/0"; }
          # TODO(low): https://github.com/NixOS/nixops/issues/683
          # {fromPort = 80; toPort = 80; protocol = "tcp"; sourceIp = "::/0"; }
        ];
      };

      backend-http-in = { resources, ... }: {
        inherit accessKeyId region;

        description = "Allow backend HTTP connection from HTTP servers";
        rules = [
          { fromPort = 8080; toPort = 8080; protocol = "tcp"; sourceGroup = { inherit ownerId; groupName = resources.ec2SecurityGroups.http-in.name; }; }
          # TODO(low): https://github.com/NixOS/nixops/issues/683
          # {fromPort = 80; toPort = 80; protocol = "tcp"; sourceIp = "::/0"; }
        ];
      };

      redis-in = { resources, ... }: {
        inherit accessKeyId region;

        description = "Allow incoming Redis connection from backend HTTP hosts";
        rules = [
          { fromPort = 6379; toPort = 6379; protocol = "tcp"; sourceGroup = { inherit ownerId; groupName = resources.ec2SecurityGroups.backend-http-in.name; }; }
          # TODO(low): https://github.com/NixOS/nixops/issues/683
          # {fromPort = 80; toPort = 80; protocol = "tcp"; sourceIp = "::/0"; }
        ];
      };
    };
  };
	resources = {
	ec2SecurityGroups = {
	ssh-in = {
	inherit accessKeyId region;

	description = "Allow incoming SSH connection from anywhere";
	rules = [
	{ fromPort = 22; toPort = 22; protocol = "tcp"; sourceIp = "0.0.0.0/0"; }
	# TODO(low): https://github.com/NixOS/nixops/issues/683
	# {fromPort = 22; toPort = 22; protocol = "tcp"; sourceIp = "::/0"; }
	];
	};

	http-in = {
	inherit accessKeyId region;

	description = "Allow incoming HTTP connection from anywhere";
	rules = [
	{ fromPort = 80; toPort = 80; protocol = "tcp"; sourceIp = "0.0.0.0/0"; }
	# TODO(low): https://github.com/NixOS/nixops/issues/683
	# {fromPort = 80; toPort = 80; protocol = "tcp"; sourceIp = "::/0"; }
	];
	};

	backend-http-in = { resources, ... }: {
	inherit accessKeyId region;

	description = "Allow backend HTTP connection from HTTP servers";
	rules = [
	{ fromPort = 8080; toPort = 8080; protocol = "tcp"; sourceGroup = { inherit ownerId; groupName = resources.ec2SecurityGroups.http-in.name; }; }
	# TODO(low): https://github.com/NixOS/nixops/issues/683
	# {fromPort = 80; toPort = 80; protocol = "tcp"; sourceIp = "::/0"; }
	];
	};

	redis-in = { resources, ... }: {
	inherit accessKeyId region;

	description = "Allow incoming Redis connection from backend HTTP hosts";
	rules = [
	{ fromPort = 6379; toPort = 6379; protocol = "tcp"; sourceGroup = { inherit ownerId; groupName = resources.ec2SecurityGroups.backend-http-in.name; }; }
	# TODO(low): https://github.com/NixOS/nixops/issues/683
	# {fromPort = 80; toPort = 80; protocol = "tcp"; sourceIp = "::/0"; }
	];
	};
	};
	};