Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add nix option in terraform and fix run-nixos-anywhere.sh #310

Merged
merged 10 commits into from
Jul 1, 2024
Merged

Add nix option in terraform and fix run-nixos-anywhere.sh #310

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
cd251c1
Accept nix-option in terraform
misumisumi May 7, 2024
6d2efa2
Fix: an error where a directory could not be created when there were …
misumisumi May 7, 2024
289a315
Accept nix-option in terraform
misumisumi May 7, 2024
7adea33
Fix: an error where a directory could not be created when there were …
misumisumi May 7, 2024
7ec4bb4
update terraform documentation
Mic92 May 31, 2024
137aaf9
terraform/all-in-one: fix zfs decrypt example
Mic92 May 31, 2024
4f4b15f
Merge branch 'add-nix-option' of github.com:misumisumi/nixos-anywhere…
misumisumi Jun 15, 2024
43909cf
fix: format to json format
misumisumi Jun 15, 2024
16740dd
terraform/nix-build: use jsonencode function to pass parameter
Mic92 Jun 30, 2024
1cc98ac
Merge branch 'main' into add-nix-option
mergify[bot] Jul 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 7 additions & 6 deletions terraform/all-in-one.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ mkdir -p etc/ssh var/lib/secrets
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"

umask 0177
sops --extract '["initrd_ssh_key"]' -d "$SCRIPT_DIR/secrets.yaml" >./var/lib/secrets/initrd_ssh_key
sops --extract '["initrd_ssh_key"]' --decrypt "$SCRIPT_DIR/secrets.yaml" >./var/lib/secrets/initrd_ssh_key

# restore umask
umask 0022
Expand All @@ -59,7 +59,7 @@ for keyname in ssh_host_rsa_key ssh_host_rsa_key.pub ssh_host_ed25519_key ssh_ho
else
umask 0177
fi
sops --extract '["'$keyname'"]' -d "$SCRIPT_DIR/secrets.yaml" >"./etc/ssh/$keyname"
sops --extract '["'$keyname'"]' --decrypt "$SCRIPT_DIR/secrets.yaml" >"./etc/ssh/$keyname"
done
```

Expand All @@ -72,7 +72,7 @@ set -euo pipefail

SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
cd "$SCRIPT_DIR"
sops --extract '["zfs-key"]' -d "$SCRIPT_DIR/secrets.yaml" >"./etc/ssh/$keyname"
sops --extract '["zfs-key"]' --decrypt "$SCRIPT_DIR/secrets.yaml"
```

## See also
Expand Down Expand Up @@ -117,6 +117,7 @@ No resources.
| <a name="input_install_user"></a> [install\_user](#input_install_user) | SSH user used to connect to the target\_host, before installing NixOS. If null than the value of `target_host` is used | `string` | `null` | no |
| <a name="input_instance_id"></a> [instance\_id](#input_instance_id) | The instance id of the target\_host, used to track when to reinstall the machine | `string` | `null` | no |
| <a name="input_kexec_tarball_url"></a> [kexec\_tarball\_url](#input_kexec_tarball_url) | NixOS kexec installer tarball url | `string` | `null` | no |
| <a name="input_nix_options"></a> [nix\_options](#input_nix_options) | the options of nix | `map(string)` | `null` | no |
| <a name="input_nixos_partitioner_attr"></a> [nixos\_partitioner\_attr](#input_nixos_partitioner_attr) | Nixos partitioner and mount script i.e. your-flake#nixosConfigurations.your-evaluated-nixos.config.system.build.diskoNoDeps or just your-evaluated.config.system.build.diskNoDeps. `config.system.build.diskNoDeps` is provided by the disko nixos module | `string` | n/a | yes |
| <a name="input_nixos_system_attr"></a> [nixos\_system\_attr](#input_nixos_system_attr) | The nixos system to deploy i.e. your-flake#nixosConfigurations.your-evaluated-nixos.config.system.build.toplevel or just your-evaluated-nixos.config.system.build.toplevel if you are not using flakes | `string` | n/a | yes |
| <a name="input_no_reboot"></a> [no\_reboot](#input_no_reboot) | Do not reboot after installation | `bool` | `false` | no |
Expand All @@ -127,8 +128,8 @@ No resources.

## Outputs

| Name | Description |
| ----------------------------------------------------- | ---------------------------------------------------------- |
| <a name="output_result"></a> [result](#output_result) | The resulting store path from building `nixos_system_attr` |
| Name | Description |
| ----------------------------------------------------- | ----------- |
| <a name="output_result"></a> [result](#output_result) | n/a |

<!-- END_TF_DOCS -->
4 changes: 3 additions & 1 deletion terraform/all-in-one/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,14 @@ module "system-build" {
source = "../nix-build"
attribute = var.nixos_system_attr
file = var.file
nix_options = var.nix_options
}

module "partitioner-build" {
source = "../nix-build"
attribute = var.nixos_partitioner_attr
file = var.file
nix_options = var.nix_options
}

locals {
Expand Down Expand Up @@ -37,7 +39,7 @@ module "nixos-rebuild" {
module.install
]

# Do not execute this step if var.stop_after_disko == true
# Do not execute this step if var.stop_after_disko == true
count = var.stop_after_disko ? 0 : 1

source = "../nixos-rebuild"
Expand Down
6 changes: 6 additions & 0 deletions terraform/all-in-one/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,3 +101,9 @@ variable "no_reboot" {
description = "Do not reboot after installation"
default = false
}

variable "nix_options" {
type = map(string)
description = "the options of nix"
default = null
}
8 changes: 5 additions & 3 deletions terraform/install.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ No requirements.

## Modules

No modules..../joerg/.data/nvim/lazy/
No modules.

## Resources

Expand All @@ -63,14 +63,16 @@ No modules..../joerg/.data/nvim/lazy/

| Name | Description | Type | Default | Required |
| --------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------- | -------- | :------: |
| <a name="input_build_on_remote"></a> [build\_on\_remote](#input_build_on_remote) | Build the closure on the remote machine instead of building it locally and copying it over | `bool` | `false` | no |
| <a name="input_debug_logging"></a> [debug\_logging](#input_debug_logging) | Enable debug logging | `bool` | `false` | no |
| <a name="input_disk_encryption_key_scripts"></a> [disk\_encryption\_key\_scripts](#input_disk_encryption_key_scripts) | Each of these script files will be executed locally and the output of each of them will be made present at the given path to disko during installation. The keys will be not copied to the final system | <pre>list(object({<br> path = string<br> script = string<br> }))</pre> | `[]` | no |
| <a name="input_extra_environment"></a> [extra\_environment](#input_extra_environment) | Extra environment variables to be set during installation. This can be usefull to set extra variables for the extra\_files\_script or disk\_encryption\_key\_scripts | `map(string)` | `{}` | no |
| <a name="input_extra_files_script"></a> [extra\_files\_script](#input_extra_files_script) | A script file that prepares extra files to be copied to the target host during installation. The script expected to write all its files to the current directory. This directory is copied to the target host during installation to the / directory. | `string` | `null` | no |
| <a name="input_flake"></a> [flake](#input_flake) | The flake to install the system from | `string` | `""` | no |
| <a name="input_instance_id"></a> [instance\_id](#input_instance_id) | The instance id of the target\_host, used to track when to reinstall the machine | `string` | `null` | no |
| <a name="input_kexec_tarball_url"></a> [kexec\_tarball\_url](#input_kexec_tarball_url) | NixOS kexec installer tarball url | `string` | `null` | no |
| <a name="input_nixos_partitioner"></a> [nixos\_partitioner](#input_nixos_partitioner) | nixos partitioner and mount script | `string` | n/a | yes |
| <a name="input_nixos_system"></a> [nixos\_system](#input_nixos_system) | The nixos system to deploy | `string` | n/a | yes |
| <a name="input_nixos_partitioner"></a> [nixos\_partitioner](#input_nixos_partitioner) | nixos partitioner and mount script | `string` | `""` | no |
| <a name="input_nixos_system"></a> [nixos\_system](#input_nixos_system) | The nixos system to deploy | `string` | `""` | no |
| <a name="input_no_reboot"></a> [no\_reboot](#input_no_reboot) | Do not reboot the machine after installation | `bool` | `false` | no |
| <a name="input_ssh_private_key"></a> [ssh\_private\_key](#input_ssh_private_key) | Content of private key used to connect to the target\_host | `string` | `""` | no |
| <a name="input_stop_after_disko"></a> [stop\_after\_disko](#input_stop_after_disko) | Exit after disko formatting | `bool` | `false` | no |
Expand Down
2 changes: 1 addition & 1 deletion terraform/install/run-nixos-anywhere.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ while [[ $# -gt 0 ]]; do
echo "Script file '$2' is not executable"
exit 1
fi
mkdir "${tmpdir}/keys"
mkdir -p "${tmpdir}/keys"
"$2" >"${tmpdir}/keys/$keyIdx"
args+=("--disk-encryption-keys" "$1" "${tmpdir}/keys/$keyIdx")
shift
Expand Down
11 changes: 7 additions & 4 deletions terraform/nix-build.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ file.

- See [install](install.md) or [nixos-rebuild](nixos-rebuild.md)

<!-- BEGIN_TF_DOCS -->

## Requirements

No requirements.
Expand All @@ -29,10 +31,11 @@ No modules.

## Inputs

| Name | Description | Type | Default | Required |
| ------------------------------------------------------------ | -------------------------------------------------- | -------- | ------- | :------: |
| <a name="input_attribute"></a> [attribute](#input_attribute) | the attribute to build, can also be a flake | `string` | n/a | yes |
| <a name="input_file"></a> [file](#input_file) | the nix file to evaluate, if not run in flake mode | `string` | `null` | no |
| Name | Description | Type | Default | Required |
| ------------------------------------------------------------------- | -------------------------------------------------- | ------------- | ------- | :------: |
| <a name="input_attribute"></a> [attribute](#input_attribute) | the attribute to build, can also be a flake | `string` | n/a | yes |
| <a name="input_file"></a> [file](#input_file) | the nix file to evaluate, if not run in flake mode | `string` | `null` | no |
| <a name="input_nix_options"></a> [nix\_options](#input_nix_options) | the options of nix | `map(string)` | `null` | no |

## Outputs

Expand Down
6 changes: 6 additions & 0 deletions terraform/nix-build/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,14 @@
locals {
nix_options = jsonencode({
options = { for k, v in var.nix_options : k => v }
})
}
data "external" "nix-build" {
program = [ "${path.module}/nix-build.sh" ]
query = {
attribute = var.attribute
file = var.file
nix_options = local.nix_options
}
}
output "result" {
Expand Down
13 changes: 8 additions & 5 deletions terraform/nix-build/nix-build.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,15 @@
#!/usr/bin/env bash
set -efu

declare file attribute
eval "$(jq -r '@sh "attribute=\(.attribute) file=\(.file)"')"
if [[ -n ${file-} ]] && [[ -e ${file-} ]]; then
out=$(nix build --no-link --json -f "$file" "$attribute")
declare file attribute nix_options
eval "$(jq -r '@sh "attribute=\(.attribute) file=\(.file) nix_options=\(.nix_options)"')"
options=$(echo "${nix_options}" | jq -r '.options | to_entries | map("--option \(.key) \(.value)") | join(" ")')
if [[ -n ${file-} ]] && [[ -e ${fileh-} ]]; then
# shellcheck disable=SC2086
out=$(nix build --no-link --json $options -f "$file" "$attribute")
printf '%s' "$out" | jq -c '.[].outputs'
else
out=$(nix build --no-link --json "$attribute")
# shellcheck disable=SC2086
out=$(nix build --no-link --json $options "$attribute")
printf '%s' "$out" | jq -c '.[].outputs'
fi
6 changes: 6 additions & 0 deletions terraform/nix-build/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,9 @@ variable "file" {
description = "the nix file to evaluate, if not run in flake mode"
default = null
}

variable "nix_options" {
type = map(string)
description = "the options of nix"
default = {}
}
Loading