Introducing Build Profiles

This is a big update, directly related to issue #37 (build profiles), reorganizes 'variables.yaml' into base, version, and arch core profiles, which are merged (and optionally tweaked) in build profiles.  Foundations are also laid to progress issues #28 (aarch64 AMIs), #22 (Setup CI), #20 (update generate/cleanup scripts), and #23 (retention policy).

Although there are still a couple of improvements I'm working on with regards to setup-ami.sh improvements, building AMIs from profiles is working...

make PROFILE=test -- all builds of the test profile
make PROFILE=test BUILD=test-edge-x86_64 -- just the edge build of the test profile

...and I'm hoping to get some feedback with what's been done so far.

24 files changed, 566 insertions, 250 deletions

diff --git a/Makefile b/Makefile
index a624e9e..acfb9f2 100644
--- a/Makefile
+++ b/Makefile
@@ -1,44 +1,28 @@
-.PHONY: ami
-
-ami: convert
-        packer build -var-file=build/variables.json build/alpine-ami.json
-
-edge: convert
-        @echo '{ "version": "edge", "release": "edge", "revision": "'-`date +%Y%m%d%H%M%S`'" }' > build/edge.json
-        packer build -var-file=build/variables.json -var-file=build/edge.json build/alpine-ami.json
-
-convert: build/convert
-        [ -f variables.yaml ] || cp variables.yaml-default variables.yaml
-        build/convert variables.yaml > build/variables.json
-        build/convert alpine-ami.yaml > build/alpine-ami.json
-
-build/convert:
-        [ -d ".py3" ] || python3 -m venv .py3
-        .py3/bin/pip install pyyaml boto3
-
-        [ -d "build" ] || mkdir build
-
-        # Make stupid simple little YAML/JSON converter so we can maintain our
-        # packer configs in a sane format that allows comments but also use packer
-        # which only supports JSON
-        @echo "#!`pwd`/.py3/bin/python" > build/convert
-        @echo "import yaml, json, sys" >> build/convert
-        @echo "y = yaml.full_load(open(sys.argv[1]))" >> build/convert
-        @echo "for k in ['ami_access','deploy_regions','add_repos','add_pkgs','add_svcs']:" >> build/convert
-        @echo "  if k in y and isinstance(y[k], list):" >> build/convert
-        @echo "    y[k] = ','.join(str(x) for x in y[k])" >> build/convert
-        @echo "  if k in y and isinstance(y[k], dict):" >> build/convert
-        @echo "    y[k] = ':'.join(str(l) + '=' + ','.join(str(s) for s in ss) for l, ss in y[k].items())" >> build/convert
-        @echo "json.dump(y, sys.stdout, indent=4, separators=(',', ': '))" >> build/convert
-        @chmod +x build/convert
-
-%.py: %.py.in
-        sed "s|@PYTHON@|#!`pwd`/.py3/bin/python|" $< > $@
+ALL_SCRIPTS := $(wildcard scripts/*)
+ALL_PROFILES := $(shell find profiles -name '*.yaml' -type f)
+CORE_PROFILES := $(shell for i in base version arch; do ls profiles/$$i/*.yaml | sort -V; done)
+PROFILE := default
+BUILD :=
+
+.PHONY: amis
+amis: build build/profile build/packer.json
+        build/make-amis $(BUILD)
+
+build: $(SCRIPTS)
+        [ -d build ] || mkdir build
+        python3 -m venv build/.py3
+        build/.py3/bin/pip install pyyaml boto3
+        (cd build; for i in $(ALL_SCRIPTS); do ln -sf ../$$i .; done)
+
+build/profile: build build/resolve-profile.py $(ALL_PROFILES)
+        cat $(CORE_PROFILES) profiles/$(PROFILE).yaml | build/resolve-profile.py $(PROFILE)
+
+build/packer.json: build build/yaml2json.py packer.yaml
+        build/yaml2json.py packer.yaml > build/packer.json
+
+%.py: %.py.in build
+        sed "s|@PYTHON@|#!`pwd`/build/.py3/bin/python|" $< > $@
         chmod +x $@
 
-.PHONY: clean
 clean:
-        rm -rf build .py3 scrub-old-amis.py gen-readme.py
-
-distclean: clean
-        rm -f variables.yaml
+        rm -rf build scrub-old-amis.py gen-readme.py
diff --git a/alpine-ami.yaml b/alpine-ami.yaml
deleted file mode 100644
index 1505055..0000000
--- a/alpine-ami.yaml
+++ /dev/null
@@ -1,70 +0,0 @@
-variables:
-
-  # NOTE:  Configuration is done with a 'variables.yaml' file.  If it doesn't
-  # exist, default configuration is copied from 'variables.yaml-default'.
-
-  # NOTE:  Changing arch/version/release may require modifying 'make_ami.sh'.
-  arch: x86_64
-  version: "3.9"
-  release: "3.9.3"
-  revision: ""
-
-builders:
-  - type: "amazon-ebssurrogate"
-
-    ### Builder Instance Details
-
-    region: "{{user `region`}}"
-    subnet_id: "{{user `subnet`}}"
-    security_group_id: "{{user `security_group`}}"
-    instance_type: "t3.nano"
-    associate_public_ip_address: "{{user `public_ip`}}"
-    launch_block_device_mappings:
-      - volume_type: "gp2"
-        device_name: "/dev/xvdf"
-        delete_on_termination: "true"
-        volume_size: "{{user `volume_size`}}"
-    ssh_username: "ec2-user"
-    source_ami_filter:
-      # use the latest Amazon Linux AMI
-      filters:
-        virtualization-type: "hvm"
-        root-device-type: "ebs"
-        architecture: "x86_64"
-        name: "amzn2-ami-hvm-2.0.*-gp2"
-      owners:
-        - "137112412989"
-      most_recent: "true"
-
-    ### AMI Build Details
-
-    ami_name: "{{user `ami_name_prefix`}}{{user `release`}}{{user `revision`}}-{{user `arch`}}{{user `ami_name_suffix`}}"
-    ami_description: "{{user `ami_desc_prefix`}}{{user `release`}}{{user `revision`}} {{user `arch`}}{{user `ami_desc_suffix`}}"
-    ami_virtualization_type: "hvm"
-    ami_root_device:
-      source_device_name: "/dev/xvdf"
-      device_name: "/dev/xvda"
-      delete_on_termination: "true"
-      volume_size: "{{user `volume_size`}}"
-      volume_type: "gp2"
-    encrypt_boot: "{{user `encrypt_ami`}}"
-    ena_support: "true"
-    sriov_support: "true"
-    ami_groups: "{{user `ami_access`}}"
-    ami_regions: "{{user `deploy_regions`}}"
-
-
-provisioners:
-  - type: "file"
-    source: "nvme/"
-    destination: "/tmp"
-  - type: "shell"
-    script: "make_ami.sh"
-    environment_vars:
-      - "VERSION={{user `version`}}"
-      - "RELEASE={{user `release`}}"
-      - "REVISION={{user `revision`}}"
-      - "ADD_REPOS='{{user `add_repos`}}'"
-      - "ADD_PKGS='{{user `add_pkgs`}}'"
-      - "ADD_SVCS='{{user `add_svcs`}}'"
-    execute_command: 'sudo sh -c "{{ .Vars }} {{ .Path }}"'
diff --git a/packer.yaml b/packer.yaml
new file mode 100644
index 0000000..75ac5b2
--- /dev/null
+++ b/packer.yaml
@@ -0,0 +1,73 @@
+builders:
+  - type: amazon-ebssurrogate
+
+    ### Builder Instance Details
+
+    region: '{{user `build_region`}}'
+    subnet_id: '{{user `build_subnet`}}'
+    security_group_id: '{{user `build_security_group`}}'
+    instance_type: '{{user `build_instance_type`}}'
+    associate_public_ip_address: '{{user `build_public_ip`}}'
+    source_ami_filter:
+      # use the latest Amazon Linux AMI
+      owners:
+        - '{{user `build_ami_owner`}}'
+      most_recent: '{{user `build_ami_latest`}}'
+      filters:
+        virtualization-type: hvm
+        root-device-type: ebs
+        architecture: '{{user `build_arch`}}'
+        name: '{{user `build_ami_name`}}'
+    launch_block_device_mappings:
+      - volume_type: gp2
+        device_name: /dev/xvdf
+        delete_on_termination:  'true'
+        volume_size: '{{user `ami_volume_size`}}'
+    ssh_username: '{{user `build_user`}}'
+
+    ### AMI Build Details
+
+    ami_name: '{{user `ami_name_prefix`}}{{user `release`}}-{{user `revision`}}-{{user `arch`}}{{user `ami_name_suffix`}}'
+    ami_description: '{{user `ami_desc_prefix`}}{{user `release`}}-{{user `revision`}} {{user `arch`}}{{user `ami_desc_suffix`}}'
+    ami_virtualization_type: hvm
+    ami_root_device:
+      volume_type: gp2
+      source_device_name: /dev/xvdf
+      device_name: /dev/xvda
+      delete_on_termination: 'true'
+      volume_size: '{{user `ami_volume_size`}}'
+    encrypt_boot: '{{user `ami_encrypt`}}'
+    ena_support: 'true'
+    sriov_support: 'true'
+    ami_groups: '{{user `ami_access`}}'
+    ami_regions: '{{user `ami_regions`}}'
+
+
+provisioners:
+  - type: file
+    source: nvme/
+    destination: /tmp
+  - type: shell
+    script: setup-ami.sh
+    environment_vars:
+      - "VERSION='{{user `version`}}'"
+      - "RELEASE='{{user `release`}}'"
+      - "REVISION='{{user `revision`}}'"
+      - "ARCH='{{user `arch`}}'"
+      - "REPOS='{{user `repos`}}'"
+      - "PKGS='{{user `pkgs`}}'"
+      - "SVCS='{{user `svcs`}}'"
+    execute_command: 'sudo sh -c "{{ .Vars }} {{ .Path }}"'
+
+
+post-processors:
+  - type:   manifest
+    output: 'profile/{{user `profile_build`}}/manifest.json'
+    custom_data:
+      profile:     '{{user `profile`}}'
+      build:       '{{user `profile_build`}}'
+      arch:        '{{user `arch`}}'
+      version:     '{{user `version`}}'
+      release:     '{{user `release`}}'
+      revision:    '{{user `revision`}}'
+      end_of_life: '{{user `end_of_life`}}'
diff --git a/profiles/alpine-amis.yaml b/profiles/alpine-amis.yaml
new file mode 100644
index 0000000..119601f
--- /dev/null
+++ b/profiles/alpine-amis.yaml
@@ -0,0 +1,48 @@
+### Profile for Building the Publically-Available Alpine Linux AMIs
+
+# Profile overrides
+alpine-amis: &alpine-amis
+  revision: '1'
+  build_region: us-west-2
+  build_subnet: subnet-b80c36e2
+  ami_access:
+    - all
+  ami_regions:
+    - ap-northeast-1
+    - ap-northeast-2
+#    - ap-northeast-3 # skipped, available by subscription only
+    - ap-southeast-1
+    - ap-southeast-2
+    - ap-south-1
+    - ca-central-1
+    - eu-central-1
+    - eu-north-1
+    - eu-west-1
+    - eu-west-2
+    - eu-west-3
+    - sa-east-1
+    - us-east-1
+    - us-east-2
+    - us-west-1
+    - us-west-2
+
+# Build definitions
+builds:
+  current-x86_64:
+    <<: *_base-current
+    <<: *_version-current
+    <<: *_x86_64-current
+    <<: *alpine-amis
+    repos:
+      <<: *_base-current-repos
+      <<: *_version-current-repos
+      <<: *_x86_64-current-repos
+    pkgs:
+      <<: *_base-current-pkgs
+      <<: *_version-current-pkgs
+      <<: *_x86_64-current-pkgs
+    svcs:
+      <<: *_base-current-svcs
+      <<: *_version-current-svcs
+      <<: *_x86_64-current-svcs
+
diff --git a/profiles/arch/aarch64-3.9.yaml b/profiles/arch/aarch64-3.9.yaml
new file mode 100644
index 0000000..c7ec980
--- /dev/null
+++ b/profiles/arch/aarch64-3.9.yaml
@@ -0,0 +1,13 @@
+### aarch64 Version 3.9 Variables
+
+_aarch64-3.9: &_aarch64-3_9
+  # Architecture
+  arch:                 aarch64
+  build_arch:           arm64
+  build_instance_type:  a1.medium
+  bootloader:           grub
+
+  # aarch64 repos/pkgs/svcs for 3.9
+  repos: &_aarch64-3_9-repos {}
+  pkgs: &_aarch64-3_9-pkgs {}
+  svcs: &_aarch64-3_9-svcs {}
diff --git a/profiles/arch/aarch64-current.yaml b/profiles/arch/aarch64-current.yaml
new file mode 100644
index 0000000..1b4e624
--- /dev/null
+++ b/profiles/arch/aarch64-current.yaml
@@ -0,0 +1,12 @@
+### aarch64 Current Version Variables
+
+_aarch64-current: &_aarch64-current
+  # currently from 3.9
+  <<: *_aarch64-3_9
+  # re-anchor for current
+  repos: &_aarch64-current-repos
+    <<: *_aarch64-3_9-repos
+  pkgs: &_aarch64-current-pkgs
+    <<: *_aarch64-3_9-pkgs
+  svcs: &_aarch64-current-svcs
+    <<: *_aarch64-3_9-svcs
diff --git a/profiles/arch/aarch64-edge.yaml b/profiles/arch/aarch64-edge.yaml
new file mode 100644
index 0000000..97d76e2
--- /dev/null
+++ b/profiles/arch/aarch64-edge.yaml
@@ -0,0 +1,18 @@
+### aarch64 Edge Variables
+
+_aarch64-edge: &_aarch64-edge
+  # base on current (for now)
+  <<: *_aarch64-current
+  # overrides (if any)
+
+  # aarch64 repos/pkgs/svcs for edge
+  repos: &_aarch64-edge-repos
+    <<: *_aarch64-current-repos
+    # overrides (if any)
+  pkgs: &_aarch64-edge-pkgs
+    <<: *_aarch64-current-pkgs
+    # overrides (if any)
+  svcs: &_aarch64-edge-svcs
+    <<: *_aarch64-current-svcs
+    # overrides (if any)
+
diff --git a/profiles/arch/x86_64-3.9.yaml b/profiles/arch/x86_64-3.9.yaml
new file mode 100644
index 0000000..79b8908
--- /dev/null
+++ b/profiles/arch/x86_64-3.9.yaml
@@ -0,0 +1,13 @@
+### x86_64 Version 3.9 Variables
+
+_x86_64-3.9: &_x86_64-3_9
+  # Architecture
+  arch:       x86_64
+  build_arch: x86_64
+  bootloader: syslinux
+
+  # x86_64 repos/pkgs/svcs for 3.9
+  repos: &_x86_64-3_9-repos {}
+  pkgs: &_x86_64-3_9-pkgs {}
+  svcs: &_x86_64-3_9-svcs {}
+
diff --git a/profiles/arch/x86_64-current.yaml b/profiles/arch/x86_64-current.yaml
new file mode 100644
index 0000000..6dc5555
--- /dev/null
+++ b/profiles/arch/x86_64-current.yaml
@@ -0,0 +1,13 @@
+### x86_64 Current Version Variables
+
+_x86_64-current: &_x86_64-current
+  # Current is 3.9
+  <<: *_x86_64-3_9
+  # re-anchor for current
+  repos: &_x86_64-current-repos
+    <<: *_x86_64-3_9-repos
+  pkgs: &_x86_64-current-pkgs
+    <<: *_x86_64-3_9-pkgs
+  svcs: &_x86_64-current-svcs
+    <<: *_x86_64-3_9-svcs
+
diff --git a/profiles/arch/x86_64-edge.yaml b/profiles/arch/x86_64-edge.yaml
new file mode 100644
index 0000000..2e2f1d2
--- /dev/null
+++ b/profiles/arch/x86_64-edge.yaml
@@ -0,0 +1,18 @@
+### x86_64 Edge Variables
+
+_x86_64-edge: &_x86_64-edge
+  # base from current (at the moment)
+  <<: *_x86_64-current
+  # overrides (if any)
+
+  # x86_64 repos/pkgs/svcs for edge
+  repos: &_x86_64-edge-repos
+    <<: *_x86_64-current-repos
+    # overrides (if any)
+  pkgs: &_x86_64-edge-pkgs
+    <<: *_x86_64-current-pkgs
+    # overrides (if any)
+  svcs: &_x86_64-edge-svcs
+    <<: *_x86_64-current-pkgs
+    # overrides (if any)
+
diff --git a/profiles/base/1.yaml b/profiles/base/1.yaml
new file mode 100644
index 0000000..29c7354
--- /dev/null
+++ b/profiles/base/1.yaml
@@ -0,0 +1,78 @@
+### Base Variables, Revsion #1
+
+_base-1: &_base-1
+  # Profile/Build
+  profile:
+  profile_build:
+
+  # Versioning
+  version:
+  release:
+  end_of_life:
+  revision:
+
+  # Architecture
+  arch:
+  build_arch:
+
+  # Builder-instance
+  build_region:
+  build_subnet:
+  build_security_group:
+  build_instance_type:  t3.nano
+  build_public_ip:      ''
+  build_user:           ec2-user
+  build_ami_name:       amzn2-ami-hvm-2.0.*-gp2
+  build_ami_owner:      '137112412989'
+  build_ami_latest:     'true'
+
+  # AMI build/deploy
+  ami_name_prefix:  alpine-ami-
+  ami_name_suffix:  ''
+  ami_desc_prefix:  'Alpine Linux '
+  ami_desc_suffix:  ' - https://github.com/mcrute/alpine-ec2-ami'
+  ami_volume_size:  '1'
+  ami_encrypt:      'false'
+  ami_user:         alpine
+  ami_access:
+  ami_regions:
+
+  # AMI configuration
+  bootloader:
+  repos: &_base-1-repos {}
+  pkgs: &_base-1-pkgs
+    linux-virt:
+    alpine-mirrors:
+    chrony:
+    haveged:
+    nvme-cli:
+    openssh:
+    sudo:
+    tiny-ec2-bootstrap:
+    tzdata:
+  svcs: &_base-1-svcs
+    # sysinit
+    devfs:     sysinit
+    dmesg:     sysinit
+    hwdrivers: sysinit
+    mdev:      sysinit
+    # boot
+    acpid:    boot
+    bootmisc: boot
+    haveged:  boot
+    hostname: boot
+    hwclock:  boot
+    modules:  boot
+    swap:     boot
+    sysctl:   boot
+    syslog:   boot
+    # default
+    chronyd:
+    networking:
+    sshd:
+    tiny-ec2-bootstrap:
+    # shutdown
+    killprocs: shutdown
+    mount-ro:  shutdown
+    savecache: shutdown
+
diff --git a/profiles/base/current.yaml b/profiles/base/current.yaml
new file mode 100644
index 0000000..7f5e33d
--- /dev/null
+++ b/profiles/base/current.yaml
@@ -0,0 +1,13 @@
+### Current Revision Base Variables
+
+_base-current: &_base-current
+  # Current base revision
+  <<: *_base-1
+  # re-anchor for current
+  repos: &_base-current-repos
+    <<: *_base-1-repos
+  pkgs: &_base-current-pkgs
+    <<: *_base-1-pkgs
+  svcs: &_base-current-svcs
+    <<: *_base-1-svcs
+
diff --git a/profiles/base/edge.yaml b/profiles/base/edge.yaml
new file mode 100644
index 0000000..efd3442
--- /dev/null
+++ b/profiles/base/edge.yaml
@@ -0,0 +1,18 @@
+### Edge Base Variables
+
+_base-edge: &_base-edge
+  # base from current (at the moment)
+  <<: *_base-current
+  # overrides (if any)
+
+  # base repos/pkgs/svcs for edge
+  repos: &_base-edge-repos
+    <<: *_base-current-repos
+    # overrides (if any)
+  pkgs: &_base-edge-pkgs
+    <<: *_base-current-pkgs
+    # overrides (if any)
+  svcs: &_base-edge-svcs
+    <<: *_base-current-svcs
+    # overrides (if any)
+
diff --git a/profiles/test.yaml b/profiles/test.yaml
new file mode 100644
index 0000000..bcb21e1
--- /dev/null
+++ b/profiles/test.yaml
@@ -0,0 +1,48 @@
+### Profile for Testing Builds
+
+# Profile overrides
+test: &test
+  build_region: us-west-2
+  build_subnet: subnet-033a30d7b5220d177
+  ami_regions:
+    - us-east-1
+    - us-west-2
+
+# Build definitions
+builds:
+  test-current-x86_64:
+    <<: *_base-current
+    <<: *_version-current
+    <<: *_x86_64-current
+    repos:
+      <<: *_base-current-repos
+      <<: *_version-current-repos
+      <<: *_x86_64-current-repos
+    pkgs:
+      <<: *_base-current-pkgs
+      <<: *_version-current-pkgs
+      <<: *_x86_64-current-pkgs
+    svcs:
+      <<: *_base-current-svcs
+      <<: *_version-current-svcs
+      <<: *_x86_64-current-svcs
+    <<: *test
+    revision: 'test'
+  test-edge-x86_64:
+    <<: *_base-edge
+    <<: *_version-edge
+    <<: *_x86_64-edge
+    repos:
+      <<: *_base-edge-repos
+      <<: *_version-edge-repos
+      <<: *_x86_64-edge-repos
+    pkgs:
+      <<: *_base-edge-pkgs
+      <<: *_version-edge-pkgs
+      <<: *_x86_64-edge-pkgs
+    svcs:
+      <<: *_base-edge-svcs
+      <<: *_version-edge-svcs
+      <<: *_x86_64-edge-svcs
+    <<: *test
+
diff --git a/profiles/version/3.9.yaml b/profiles/version/3.9.yaml
new file mode 100644
index 0000000..40c2307
--- /dev/null
+++ b/profiles/version/3.9.yaml
@@ -0,0 +1,15 @@
+### Version 3.9 Variables
+
+_version-3.9: &_version-3_9
+  # Versioning
+  version:      '3.9'
+  release:      '3.9.3'
+  #end_of_life:  'YYYY-MM-DD'  # set when known
+
+  # version repos/pkgs/svcs for 3.9
+  repos: &_version-3_9-repos
+    "http://dl-cdn.alpinelinux.org/alpine/v3.9/main":
+    "http://dl-cdn.alpinelinux.org/alpine/v3.9/community":
+  pkgs: &_version-3_9-pkgs {}
+  svcs: &_version-3_9-svcs {}
+
diff --git a/profiles/version/current.yaml b/profiles/version/current.yaml
new file mode 100644
index 0000000..855972c
--- /dev/null
+++ b/profiles/version/current.yaml
@@ -0,0 +1,13 @@
+### Current Version Variables
+
+_version-current: &_version-current
+  # from latest version
+  <<: *_version-3_9
+  # re-anchor for current
+  repos: &_version-current-repos
+    <<: *_version-3_9-repos
+  pkgs: &_version-current-pkgs
+    <<: *_version-3_9-pkgs
+  svcs: &_version-current-svcs
+    <<: *_version-3_9-svcs
+
diff --git a/profiles/version/edge.yaml b/profiles/version/edge.yaml
new file mode 100644
index 0000000..528d56c
--- /dev/null
+++ b/profiles/version/edge.yaml
@@ -0,0 +1,23 @@
+### Edge Version Variables
+
+_version-edge: &_version-edge
+  # from current version
+  <<: *_version-current
+  # overrides
+  version:      edge
+  release:      edge
+  end_of_life:  '@TODAY@'
+  revision:     '@NOW@'
+
+  # version repos/pkgs/svcs for edge
+  repos: &_version-edge-repos
+    http://dl-cdn.alpinelinux.org/alpine/edge/main:
+    http://dl-cdn.alpinelinux.org/alpine/edge/community:
+    http://dl-cdn.alpinelinux.org/alpine/edge/testing:
+  pkgs: &_version-edge-pkgs
+    <<: *_version-current-pkgs
+    # overrides (if any)
+  svcs: &_version-edge-svcs
+    <<: *_version-current-svcs
+    # overrides (if any)
+
diff --git a/scripts/make-amis b/scripts/make-amis
new file mode 100755
index 0000000..e0a699e
--- /dev/null
+++ b/scripts/make-amis
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+cd build
+
+# if no build(s) specified, do all profile's builds!
+[ $# -gt 0 ] && BUILDS="$@" || BUILDS=$(ls profile)
+
+for B in $BUILDS
+do
+  BUILD="profile/$B"
+  ( packer build -var-file=$BUILD/vars.json packer.json; echo $? >$BUILD/exit ) | tee $BUILD/output
+  echo "=-> $(cat $BUILD/exit) <-="
+done
diff --git a/nvme/nvme-ebs-links b/scripts/nvme/nvme-ebs-links
index f2c470b..f2c470b 100755
--- a/nvme/nvme-ebs-links
+++ b/scripts/nvme/nvme-ebs-links
diff --git a/nvme/nvme-ebs-mdev.conf b/scripts/nvme/nvme-ebs-mdev.conf
index c30b6fd..c30b6fd 100644
--- a/nvme/nvme-ebs-mdev.conf
+++ b/scripts/nvme/nvme-ebs-mdev.conf
diff --git a/scripts/resolve-profile.py.in b/scripts/resolve-profile.py.in
new file mode 100644
index 0000000..7312957
--- /dev/null
+++ b/scripts/resolve-profile.py.in
@@ -0,0 +1,82 @@
+@PYTHON@
+
+import json, os, shutil, sys, time, yaml
+
+profile = sys.argv[1]
+
+# where we store profile's builds
+profile_dir = os.path.join( os.path.dirname(os.path.realpath(__file__)), 'profile')
+
+# fold these list vars down to scalar
+fold_list_keys = [
+    'ami_access', 'ami_regions'
+]
+
+# parse stdin yaml and resolve refs
+builds = yaml.full_load(sys.stdin.read())['builds']
+
+# clean out any old builds
+if os.path.exists(profile_dir):
+    shutil.rmtree(profile_dir)
+os.makedirs(profile_dir)
+
+# for each build
+for bk, b in builds.items():
+
+    # make profile build directory
+    build_dir = os.path.join(profile_dir, bk)
+    os.makedirs(build_dir)
+    vars_file = os.path.join(build_dir, 'vars.json')
+
+    # populate profile build vars
+    b['profile'] = profile
+    b['profile_build'] = bk
+
+    # edge-related temporal substitutions
+    if b['end_of_life'] == '@TODAY@':
+        b['end_of_life'] = time.strftime('%Y-%m-%d', time.gmtime())
+    if b['revision'] == '@NOW@':
+        b['revision'] = time.strftime('%Y%m%d%H%M%S', time.gmtime())
+
+    # fold list vars to scalars
+    for k in fold_list_keys:
+        if k in b and isinstance(b[k], list):
+            b[k] = ','.join(str(x) for x in b[k])
+
+    # fold 'repos' hash to scalar
+    repos = []
+    for repo, v in b['repos'].items():
+        if v == None:                   # repo without alias
+            repos.append(repo)
+        elif v != False:                # repo with alias (False == skip repo)
+            v.lstrip('@')
+            repos.append(f"@{v} {repo}")
+    b['repos'] = ','.join(str(x) for x in repos)
+
+    # fold 'pkgs' hash to scalar
+    pkgs = []
+    for pkg, v in b['pkgs'].items():
+        if v == None:                   # unpinned package
+            pkgs.append(pkg)
+        elif v != False:                # repo-pinned package (False == skip package)
+            v.lstrip('@')
+            pkgs.append(f'{pkg}@{v}')
+    b['pkgs'] = ','.join(str(x) for x in pkgs)
+
+    # fold 'svcs' hash to scalar
+    svcs = {
+        'sysinit': [],
+        'boot': [],
+        'default': [],
+        'shutdown': []
+    }
+    for svc, v in b['svcs'].items():
+        if v == None:                   # service in default runlevel
+            svcs['default'].append(svc)
+        elif v != False:                # service in specified runlevel (False == skip service)
+            svcs[v].append(svc)
+    b['svcs'] = ':'.join(str(l) + '=' + ','.join(str(s) for s in ss) for l, ss in svcs.items())
+
+    # write build def json file
+    with open(vars_file, 'w') as out:
+        json.dump(b, out, indent=4, separators=(',', ': '))
diff --git a/make_ami.sh b/scripts/setup-ami.sh
index d6c65f7..4102c0f 100755
--- a/make_ami.sh
+++ b/scripts/setup-ami.sh
@@ -3,12 +3,7 @@
 
 set -eu
 
-MIN_VERSION="3.9"
-MIN_RELEASE="3.9.0"
-
-: ${VERSION:="${MIN_VERSION}"}   # unless otherwise specified
-: ${RELEASE:="${MIN_RELEASE}"}   # unless otherwise specified
-
+# TODO: profile-ize these
 : ${APK_TOOLS_URI:="https://github.com/alpinelinux/apk-tools/releases/download/v2.10.3/apk-tools-2.10.3-x86_64-linux.tar.gz"}
 : ${APK_TOOLS_SHA256:="4d0b2cda606720624589e6171c374ec6d138867e03576d9f518dddde85c33839"}
 : ${ALPINE_KEYS:="http://dl-cdn.alpinelinux.org/alpine/v3.9/main/x86_64/alpine-keys-2.1-r1.apk"}
@@ -76,25 +71,11 @@ make_filesystem() {
 }
 
 setup_repositories() {
-    local target="$1"     # target directory
-    local add_repos="$2"  # extra repo lines, comma separated
+    local target="$1"   # target directory
+    local repos="$2"    # repositories
 
     mkdir -p "$target"/etc/apk/keys
-
-    if [ "$VERSION" = 'edge' ]; then
-        cat > "$target"/etc/apk/repositories <<EOF
-http://dl-cdn.alpinelinux.org/alpine/edge/main
-http://dl-cdn.alpinelinux.org/alpine/edge/community
-http://dl-cdn.alpinelinux.org/alpine/edge/testing
-EOF
-    else
-        cat > "$target"/etc/apk/repositories <<EOF
-http://dl-cdn.alpinelinux.org/alpine/v$VERSION/main
-http://dl-cdn.alpinelinux.org/alpine/v$VERSION/community
-EOF
-    fi
-
-    echo "$add_repos" | tr , "\012" >> "$target"/etc/apk/repositories
+    echo "$repos" > "$target"/etc/apk/repositories
 }
 
 fetch_keys() {
@@ -132,25 +113,11 @@ setup_chroot() {
 
 install_core_packages() {
     local target="$1"    # target directory
-    local add_pkgs="$2"  # extra packages, space separated
+    local pkgs="$2"      # packages, space separated
 
-    # Most from: https://git.alpinelinux.org/cgit/alpine-iso/tree/alpine-virt.packages
-    #
-    # sudo - to allow alpine user to become root, disallow root SSH logins
-    # tiny-ec2-bootstrap - to bootstrap system from EC2 metadata
-    #
-    chroot "$target" apk --no-cache add \
-        linux-virt \
-        alpine-mirrors \
-        chrony \
-        haveged \
-        nvme-cli \
-        openssh \
-        sudo \
-        tiny-ec2-bootstrap \
-        tzdata \
-        $(echo "$add_pkgs" | tr , ' ')
+    chroot "$target" apk --no-cache add $pkgs
 
+    # TODO: use BOOTSTRAP
     chroot "$target" apk --no-cache add --no-scripts syslinux
 
     # Disable starting getty for physical ttys because they're all inaccessible
@@ -171,6 +138,7 @@ setup_mdev() {
     sed -n -i -e '/# fallback/r /tmp/nvme-ebs-mdev.conf' -e 1x -e '2,${x;p}' -e '${x;p}' "$target"/etc/mdev.conf
 }
 
+# TODO: use alpine-conf setup-*?
 create_initfs() {
     local target="$1"
 
@@ -186,6 +154,7 @@ create_initfs() {
     chroot "$target" /sbin/mkinitfs $(basename $(find "$target"/lib/modules/* -maxdepth 0))
 }
 
+# TODO: use alpine-conf setup-*?
 setup_extlinux() {
     local target="$1"
 
@@ -209,6 +178,7 @@ setup_extlinux() {
         "$target"/etc/update-extlinux.conf
 }
 
+# TODO: use alpine-conf setup-*?
 install_extlinux() {
     local target="$1"
 
@@ -239,20 +209,14 @@ EOF
 
 enable_services() {
     local target="$1"
-    local add_svcs="$2"
-
-    rc_add "$target" default chronyd networking sshd tiny-ec2-bootstrap
-    rc_add "$target" sysinit devfs dmesg hwdrivers mdev
-    rc_add "$target" boot acpid bootmisc haveged hostname hwclock modules swap sysctl syslog
-    rc_add "$target" shutdown killprocs mount-ro savecache
+    local svcs="$2"
 
-    if [ -n "$add_svcs" ]; then
-        local lvl_svcs; for lvl_svcs in $(echo "$add_svcs" | tr : ' '); do
-            rc_add "$target" $(echo "$lvl_svcs" | tr =, ' ')
-        done
-    fi
+    local lvl_svcs; for lvl_svcs in $svcs; do
+        rc_add "$target" $(echo "$lvl_svcs" | tr =, ' ')
+    done
 }
 
+# TODO: allow profile to specify alternate ALPINE_USER
 create_alpine_user() {
     local target="$1"
 
@@ -312,14 +276,9 @@ version_sorted() {
 }
 
 main() {
-    [ "$VERSION" != 'edge' ] && {
-        version_sorted $MIN_VERSION $VERSION || die "Minimum Alpine version is '$MIN_RELEASE'"
-        version_sorted $MIN_RELEASE $RELEASE || die "Minimum Alpine release is '$MIN_RELEASE'"
-    }
-
-    local add_repos="$ADD_REPOS"
-    local add_pkgs="$ADD_PKGS"
-    local add_svcs="$ADD_SVCS"
+    local repos=$(echo "$REPOS" | tr , "\n")
+    local pkgs=$(echo "$PKGS" | tr , ' ')
+    local svcs=$(echo "$SVCS" | tr : ' ')
 
     local device="/dev/xvdf"
     local target="/mnt/target"
@@ -335,7 +294,7 @@ main() {
     make_filesystem "$device" "$target"
 
     einfo "Configuring Alpine repositories"
-    setup_repositories "$target" "$add_repos"
+    setup_repositories "$target" "$repos"
 
     einfo "Fetching Alpine signing keys"
     fetch_keys "$target"
@@ -346,7 +305,7 @@ main() {
     setup_chroot "$target"
 
     einfo "Installing core packages"
-    install_core_packages "$target" "$add_pkgs"
+    install_core_packages "$target" "$pkgs"
 
     einfo "Configuring and enabling boot loader"
     create_initfs "$target"
@@ -357,7 +316,7 @@ main() {
     setup_mdev "$target"
     setup_fstab "$target"
     setup_networking "$target"
-    enable_services "$target" "$add_svcs"
+    enable_services "$target" "$svcs"
     create_alpine_user "$target"
     configure_ntp "$target"
 
diff --git a/scripts/yaml2json.py.in b/scripts/yaml2json.py.in
new file mode 100644
index 0000000..ec9c8e8
--- /dev/null
+++ b/scripts/yaml2json.py.in
@@ -0,0 +1,9 @@
+@PYTHON@
+
+# Simple little YAML/JSON converter so we can maintain our Packer configs in a
+# sane format that allows comments but also use Packer which only supports JSON
+
+import yaml, json, sys
+
+y = yaml.full_load(open(sys.argv[1]))
+json.dump(y, sys.stdout, indent=4, separators=(',', ': '))
diff --git a/variables.yaml-default b/variables.yaml-default
deleted file mode 100644
index 0cd3cc2..0000000
--- a/variables.yaml-default
+++ /dev/null
@@ -1,77 +0,0 @@
-### Builder-Instance Options ###
-
-# Region to build in, if we initiate a build from outside AWS
-region:
-
-# Subnet ID in which the builder instance is to be launched.  VPC will be
-# automatically determined.
-subnet:
-
-# Optional security group to apply to the builder instance
-security_group:
-
-# By default, public IPs are assigned (or not) per the subnet's configuration.
-# Set to "true" or "false" to explicitly override the subnet's public IP auto-
-# assign configuration.
-public_ip: ""
-
-
-### Build Options ###
-
-# Uncomment/increment every for every rebuild of an Alpine release;
-# re-comment/zero for every new Alpine release
-#revision: "-1"
-
-# AMI name prefix and suffix
-ami_name_prefix: "alpine-ami-"
-ami_name_suffix: ""
-
-# AMI description prefix and suffix
-ami_desc_prefix: "Alpine Linux "
-ami_desc_suffix: " - https://github.com/mcrute/alpine-ec2-ami"
-
-# List of custom lines to add to /etc/apk/repositories
-add_repos:
-#  - "@my-repo http://my-repo.tld/path"
-
-# List of additional packages to add to the AMI.
-add_pkgs:
-#  - package-name
-
-# Additional services to start at the specified level
-add_svcs:
-#  boot:
-#    - service1
-#  default:
-#    - service2
-
-# Size of the AMI image (in GiB).
-volume_size: "1"
-
-# Encrypt the AMI?
-encrypt_ami: "false"
-
-# List of groups that should have access to the AMI.  However, only two
-# values are currently supported: 'all' for public, '' or unset for private.
-ami_access:
-  - "all"
-
-# List of regions to where the AMI should be copied
-deploy_regions:
-  - "us-east-1"
-  - "us-east-2"
-  - "us-west-1"
-  - "us-west-2"
-  - "ca-central-1"
-  - "eu-central-1"
-  - "eu-north-1"
-  - "eu-west-1"
-  - "eu-west-2"
-  - "eu-west-3"
-  - "ap-northeast-1"
-  - "ap-northeast-2"
-#  - "ap-northeast-3" # skipped, available by subscription only
-  - "ap-southeast-1"
-  - "ap-southeast-2"
-  - "ap-south-1"
-  - "sa-east-1"