diff --git a/deployment/data-model.nix b/deployment/data-model.nix index 86eac2d7..4118994f 100644 --- a/deployment/data-model.nix +++ b/deployment/data-model.nix @@ -29,6 +29,33 @@ let else lib.strings.toJSON v ); + withPackages = packages: { + makeWrapperArgs = [ + "--prefix" + "PATH" + ":" + "${lib.makeBinPath packages}" + ]; + }; + writeConfig = + { + system, + module, + root-path, + deployment-type, + deployment-name, + args, + }: + builtins.toString ( + pkgs.writers.writeText "configuration.nix" '' + import ${root-path}/deployment/nixos.nix { + system = "${system}"; + configuration = (import "${root-path}/${module}" (builtins.fromJSON "${ + lib.replaceStrings [ "\"" ] [ "\\\"" ] (lib.strings.toJSON args) + }")).${deployment-name}.${deployment-type}.nixos-configuration; + } + '' + ); functionType = submodule ./function.nix; application-resources = submodule { @@ -85,6 +112,8 @@ let }; }; }; + # FIXME allow custom deployment types + # FIXME make deployments environment resources? deployment-type = attrTag { ssh-host = mkOption { description = "A deployment by SSH to update a single existing NixOS host."; @@ -134,30 +163,27 @@ let ; environment = { key_file = key-file; - deployment_name = deployment-name; - root_path = root-path; ssh_opts = sshOpts; inherit - system host username - module - args ; - deployment_type = "ssh-host"; + nixos_conf = writeConfig { + inherit + system + module + args + deployment-name + root-path + ; + deployment-type = "ssh-host"; + }; }; in pkgs.writers.writeBashBin "deploy-sh.sh" - { - makeWrapperArgs = [ - "--prefix" - "PATH" - ":" - "${lib.makeBinPath [ - pkgs.jq - ]}" - ]; - } + (withPackages [ + pkgs.jq + ]) '' env ${ toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") environment) @@ -219,32 +245,29 @@ let ; environment = { key_file = key-file; - deployment_name = deployment-name; - root_path = root-path; ssh_opts = sshOpts; inherit - system host username - module - args ; - deployment_type = "tf-host"; + nixos_conf = writeConfig { + inherit + system + module + args + deployment-name + root-path + ; + deployment-type = "tf-host"; + }; }; tf-env = pkgs.callPackage ./run/tf-single-host/tf-env.nix { }; in pkgs.writers.writeBashBin "deploy-tf.sh" - { - makeWrapperArgs = [ - "--prefix" - "PATH" - ":" - "${lib.makeBinPath [ - pkgs.jq - (pkgs.callPackage ./run/tf-single-host/tf.nix { inherit sources; }) - ]}" - ]; - } + (withPackages [ + pkgs.jq + (pkgs.callPackage ./run/tf-single-host/tf.nix { inherit sources; }) + ]) '' env ${toString (lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") environment)} \ tf_env=${tf-env} bash ./deployment/run/tf-single-host/run.sh diff --git a/deployment/run/ssh-single-host/run.sh b/deployment/run/ssh-single-host/run.sh index a0662b4c..83ecaa61 100755 --- a/deployment/run/ssh-single-host/run.sh +++ b/deployment/run/ssh-single-host/run.sh @@ -1,6 +1,6 @@ #! /usr/bin/env bash set -xeuo pipefail -declare username host system module args deployment_name deployment_type key_file root_path ssh_opts +declare username host key_file ssh_opts nixos_conf IFS=" " read -r -a ssh_opts <<< "$( (echo "$ssh_opts" | jq -r '@sh') | tr -d \'\")" # DEPLOY @@ -20,18 +20,16 @@ if [[ -n "$key_file" ]]; then fi destination="$username@$host" -command=(nix-instantiate --show-trace --expr " - import $root_path/deployment/nixos.nix { - system = \"$system\"; - configuration = (import \"$root_path/$module\" (builtins.fromJSON ''$args'')).$deployment_name.$deployment_type.nixos-configuration; - } -") +command=(nix-instantiate --show-trace "${nixos_conf}") # INSTANTIATE # instantiate the config in /nix/store "${command[@]}" -A out_path # get the realized derivation to deploy +"${command[@]}" --show-trace --eval --strict --json + +# FIXME explore import/readFile as ways to instantiate the derivation, potentially allowing to realize the store path up-front from Nix? outPath=$(nix-store --realize "$("${command[@]}" --show-trace --eval --strict --json | jq -r '.drv_path')") # deploy the config by nix-copy-closure NIX_SSHOPTS="${sshOpts[*]}" nix-copy-closure --to "$destination" "$outPath" --gzip --use-substitutes diff --git a/deployment/run/tf-single-host/main.tf b/deployment/run/tf-single-host/main.tf index c05add7c..be76b19f 100644 --- a/deployment/run/tf-single-host/main.tf +++ b/deployment/run/tf-single-host/main.tf @@ -18,11 +18,8 @@ resource "terraform_data" "nixos" { # - `data` always runs, which is slow for deploy and especially build. triggers_replace = [ data.external.hash.result, + var.nixos_conf, var.host, - var.module, - var.args, - var.root_path, - var.deployment_type, ] provisioner "local-exec" { @@ -33,17 +30,11 @@ resource "terraform_data" "nixos" { # so are generally discouraged in TF. working_dir = path.root environment = { - system = var.system + nixos_conf = var.nixos_conf username = var.username host = var.host - module = var.module - host = var.host - args = var.args key_file = var.key_file - deployment_name = var.deployment_name - root_path = var.root_path ssh_opts = var.ssh_opts - deployment_type = var.deployment_type } # TODO: refactor back to command="ignoreme" interpreter=concat([]) to protect sensitive data from error logs? # TODO: build on target? diff --git a/deployment/run/tf-single-host/variables.tf b/deployment/run/tf-single-host/variables.tf index 32948210..f152f8d8 100644 --- a/deployment/run/tf-single-host/variables.tf +++ b/deployment/run/tf-single-host/variables.tf @@ -1,7 +1,6 @@ -variable "system" { - description = "The architecture of the system to deploy to." +variable "nixos_conf" { + description = "The path to the NixOS configuration to deploy." type = string - default = "x86_64-linux" } variable "username" { @@ -15,40 +14,13 @@ variable "host" { type = string } -variable "module" { - description = "The module to call to obtain the NixOS configuration from." - type = string -} - -variable "args" { - description = "The arguments with which to call the module to obtain the NixOS configuration." - type = string - default = "{}" -} - variable "key_file" { description = "path to the user's SSH private key" type = string } -variable "deployment_name" { - description = "The name of the deployment for which to obtain the NixOS configuration." - type = string -} - -variable "root_path" { - description = "The path to the root of the repository." - type = string -} - variable "ssh_opts" { description = "Extra SSH options (`-o`) to use." type = string default = "[]" } - -variable "deployment_type" { - description = "A `deployment-type` from the Fediversity data model, for grabbing the desired NixOS configuration." - type = string - default = "tf-host" -}