Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add nix option in terraform and fix run-nixos-anywhere.sh #310

Merged
merged 10 commits into from
Jul 1, 2024
Merged

Add nix option in terraform and fix run-nixos-anywhere.sh #310

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
cd251c1
Accept nix-option in terraform
misumisumi May 7, 2024
6d2efa2
Fix: an error where a directory could not be created when there were …
misumisumi May 7, 2024
289a315
Accept nix-option in terraform
misumisumi May 7, 2024
7adea33
Fix: an error where a directory could not be created when there were …
misumisumi May 7, 2024
7ec4bb4
update terraform documentation
Mic92 May 31, 2024
137aaf9
terraform/all-in-one: fix zfs decrypt example
Mic92 May 31, 2024
4f4b15f
Merge branch 'add-nix-option' of github.com:misumisumi/nixos-anywhere…
misumisumi Jun 15, 2024
43909cf
fix: format to json format
misumisumi Jun 15, 2024
16740dd
terraform/nix-build: use jsonencode function to pass parameter
Mic92 Jun 30, 2024
1cc98ac
Merge branch 'main' into add-nix-option
mergify[bot] Jul 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions terraform/all-in-one.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,7 @@ No resources.
| <a name="input_install_user"></a> [install\_user](#input_install_user) | SSH user used to connect to the target\_host, before installing NixOS. If null than the value of `target_host` is used | `string` | `null` | no |
| <a name="input_instance_id"></a> [instance\_id](#input_instance_id) | The instance id of the target\_host, used to track when to reinstall the machine | `string` | `null` | no |
| <a name="input_kexec_tarball_url"></a> [kexec\_tarball\_url](#input_kexec_tarball_url) | NixOS kexec installer tarball url | `string` | `null` | no |
| <a name="input_nix_options"></a> [nix\_options](#input_nix_options) | the options of nix | `map(string)` | `null` | no |
| <a name="input_nixos_partitioner_attr"></a> [nixos\_partitioner\_attr](#input_nixos_partitioner_attr) | Nixos partitioner and mount script i.e. your-flake#nixosConfigurations.your-evaluated-nixos.config.system.build.diskoNoDeps or just your-evaluated.config.system.build.diskNoDeps. `config.system.build.diskNoDeps` is provided by the disko nixos module | `string` | n/a | yes |
| <a name="input_nixos_system_attr"></a> [nixos\_system\_attr](#input_nixos_system_attr) | The nixos system to deploy i.e. your-flake#nixosConfigurations.your-evaluated-nixos.config.system.build.toplevel or just your-evaluated-nixos.config.system.build.toplevel if you are not using flakes | `string` | n/a | yes |
| <a name="input_no_reboot"></a> [no\_reboot](#input_no_reboot) | Do not reboot after installation | `bool` | `false` | no |
Expand All @@ -127,8 +128,8 @@ No resources.

## Outputs

| Name | Description |
| ----------------------------------------------------- | ---------------------------------------------------------- |
| <a name="output_result"></a> [result](#output_result) | The resulting store path from building `nixos_system_attr` |
| Name | Description |
| ----------------------------------------------------- | ----------- |
| <a name="output_result"></a> [result](#output_result) | n/a |

<!-- END_TF_DOCS -->
4 changes: 3 additions & 1 deletion terraform/all-in-one/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,14 @@ module "system-build" {
source = "../nix-build"
attribute = var.nixos_system_attr
file = var.file
nix_options = var.nix_options
}

module "partitioner-build" {
source = "../nix-build"
attribute = var.nixos_partitioner_attr
file = var.file
nix_options = var.nix_options
}

locals {
Expand Down Expand Up @@ -37,7 +39,7 @@ module "nixos-rebuild" {
module.install
]

# Do not execute this step if var.stop_after_disko == true
# Do not execute this step if var.stop_after_disko == true
count = var.stop_after_disko ? 0 : 1

source = "../nixos-rebuild"
Expand Down
6 changes: 6 additions & 0 deletions terraform/all-in-one/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,3 +101,9 @@ variable "no_reboot" {
description = "Do not reboot after installation"
default = false
}

variable "nix_options" {
type = map(string)
description = "the options of nix"
default = null
}
8 changes: 5 additions & 3 deletions terraform/install.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ No requirements.

## Modules

No modules..../joerg/.data/nvim/lazy/
No modules.

## Resources

Expand All @@ -63,14 +63,16 @@ No modules..../joerg/.data/nvim/lazy/

| Name | Description | Type | Default | Required |
| --------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------- | -------- | :------: |
| <a name="input_build_on_remote"></a> [build\_on\_remote](#input_build_on_remote) | Build the closure on the remote machine instead of building it locally and copying it over | `bool` | `false` | no |
| <a name="input_debug_logging"></a> [debug\_logging](#input_debug_logging) | Enable debug logging | `bool` | `false` | no |
| <a name="input_disk_encryption_key_scripts"></a> [disk\_encryption\_key\_scripts](#input_disk_encryption_key_scripts) | Each of these script files will be executed locally and the output of each of them will be made present at the given path to disko during installation. The keys will be not copied to the final system | <pre>list(object({<br> path = string<br> script = string<br> }))</pre> | `[]` | no |
| <a name="input_extra_environment"></a> [extra\_environment](#input_extra_environment) | Extra environment variables to be set during installation. This can be usefull to set extra variables for the extra\_files\_script or disk\_encryption\_key\_scripts | `map(string)` | `{}` | no |
| <a name="input_extra_files_script"></a> [extra\_files\_script](#input_extra_files_script) | A script file that prepares extra files to be copied to the target host during installation. The script expected to write all its files to the current directory. This directory is copied to the target host during installation to the / directory. | `string` | `null` | no |
| <a name="input_flake"></a> [flake](#input_flake) | The flake to install the system from | `string` | `""` | no |
| <a name="input_instance_id"></a> [instance\_id](#input_instance_id) | The instance id of the target\_host, used to track when to reinstall the machine | `string` | `null` | no |
| <a name="input_kexec_tarball_url"></a> [kexec\_tarball\_url](#input_kexec_tarball_url) | NixOS kexec installer tarball url | `string` | `null` | no |
| <a name="input_nixos_partitioner"></a> [nixos\_partitioner](#input_nixos_partitioner) | nixos partitioner and mount script | `string` | n/a | yes |
| <a name="input_nixos_system"></a> [nixos\_system](#input_nixos_system) | The nixos system to deploy | `string` | n/a | yes |
| <a name="input_nixos_partitioner"></a> [nixos\_partitioner](#input_nixos_partitioner) | nixos partitioner and mount script | `string` | `""` | no |
| <a name="input_nixos_system"></a> [nixos\_system](#input_nixos_system) | The nixos system to deploy | `string` | `""` | no |
| <a name="input_no_reboot"></a> [no\_reboot](#input_no_reboot) | Do not reboot the machine after installation | `bool` | `false` | no |
| <a name="input_ssh_private_key"></a> [ssh\_private\_key](#input_ssh_private_key) | Content of private key used to connect to the target\_host | `string` | `""` | no |
| <a name="input_stop_after_disko"></a> [stop\_after\_disko](#input_stop_after_disko) | Exit after disko formatting | `bool` | `false` | no |
Expand Down
2 changes: 1 addition & 1 deletion terraform/install/run-nixos-anywhere.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ while [[ $# -gt 0 ]]; do
echo "Script file '$2' is not executable"
exit 1
fi
mkdir "${tmpdir}/keys"
mkdir -p "${tmpdir}/keys"
"$2" >"${tmpdir}/keys/$keyIdx"
args+=("--disk-encryption-keys" "$1" "${tmpdir}/keys/$keyIdx")
shift
Expand Down
11 changes: 7 additions & 4 deletions terraform/nix-build.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ file.

- See [install](install.md) or [nixos-rebuild](nixos-rebuild.md)

<!-- BEGIN_TF_DOCS -->

## Requirements

No requirements.
Expand All @@ -29,10 +31,11 @@ No modules.

## Inputs

| Name | Description | Type | Default | Required |
| ------------------------------------------------------------ | -------------------------------------------------- | -------- | ------- | :------: |
| <a name="input_attribute"></a> [attribute](#input_attribute) | the attribute to build, can also be a flake | `string` | n/a | yes |
| <a name="input_file"></a> [file](#input_file) | the nix file to evaluate, if not run in flake mode | `string` | `null` | no |
| Name | Description | Type | Default | Required |
| ------------------------------------------------------------------- | -------------------------------------------------- | ------------- | ------- | :------: |
| <a name="input_attribute"></a> [attribute](#input_attribute) | the attribute to build, can also be a flake | `string` | n/a | yes |
| <a name="input_file"></a> [file](#input_file) | the nix file to evaluate, if not run in flake mode | `string` | `null` | no |
| <a name="input_nix_options"></a> [nix\_options](#input_nix_options) | the options of nix | `map(string)` | `null` | no |

## Outputs

Expand Down
4 changes: 4 additions & 0 deletions terraform/nix-build/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,12 @@
locals {
nix_options = var.nix_options == null ? "" : join(" ", [for k, v in var.nix_options : "--option ${k} ${v}"])
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess we already give up on quoting here already.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we not dump this as a json object here?
And than on the shell script side, we use jq to get the data back?
Than we can build up some array in bash instead with all quoting handled correctly.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I changed it to json format and handled it on the shell side.

}
data "external" "nix-build" {
program = [ "${path.module}/nix-build.sh" ]
query = {
attribute = var.attribute
file = var.file
nix_options = local.nix_options
}
}
output "result" {
Expand Down
8 changes: 4 additions & 4 deletions terraform/nix-build/nix-build.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
#!/usr/bin/env bash
set -efu

declare file attribute
eval "$(jq -r '@sh "attribute=\(.attribute) file=\(.file)"')"
declare file attribute nix_options
eval "$(jq -r '@sh "attribute=\(.attribute) file=\(.file) nix_options=\(.nix_options)"')"
if [[ -n ${file-} ]] && [[ -e ${file-} ]]; then
out=$(nix build --no-link --json -f "$file" "$attribute")
out=$(nix build --no-link --json $(echo "$nix_options") -f "$file" "$attribute")
Copy link
Member

@Mic92 Mic92 May 31, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shellcheck doesn't like this line.
Does jq handles the quoting here correctly?
If so, we can make shellcheck ignore this.

printf '%s' "$out" | jq -c '.[].outputs'
else
out=$(nix build --no-link --json "$attribute")
out=$(nix build --no-link --json $(echo "$nix_options") "$attribute")
printf '%s' "$out" | jq -c '.[].outputs'
fi
6 changes: 6 additions & 0 deletions terraform/nix-build/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,9 @@ variable "file" {
description = "the nix file to evaluate, if not run in flake mode"
default = null
}

variable "nix_options" {
type = map(string)
description = "the options of nix"
default = null
}
Loading