From 1da2e9e4970ae13fac5b190a5b9ac8d5571deebc Mon Sep 17 00:00:00 2001 From: Kiara Grouwstra Date: Thu, 10 Apr 2025 09:00:21 +0200 Subject: [PATCH] special-args -> hermetic --- launch/.gitignore | 1 + launch/.terraform/modules/mastodon.deploy | 2 +- launch/.terraform/modules/modules.json | 2 +- .../deploy_nixos/nixos-deploy.sh | 2 - ...d to a Nix language value' for non-flakes) | 1 - .../deploy_nixos/nixos-deploy.sh | 2 - launch/.terraform/plugin_path | 1 + launch/README.md | 2 +- launch/main.tf | 17 +++++++ launch/mastodon.nix | 3 -- launch/module.auto.tfvars.json | 2 +- launch/peertube.nix | 3 -- launch/pixelfed.nix | 3 -- launch/terraform.tfstate | 1 - launch/terraform.tfstate.backup | 1 - launch/tf-env.nix | 2 +- launch/vm/main.tf | 49 ++++++++++++++----- npins/sources.json | 10 ++-- 18 files changed, 65 insertions(+), 39 deletions(-) delete mode 120000 launch/.terraform/modules/peertube.deploy~f00c14b (get TF in prod to the same 'installable ... does not correspond to a Nix language value' for non-flakes) delete mode 100644 launch/terraform.tfstate delete mode 100644 launch/terraform.tfstate.backup diff --git a/launch/.gitignore b/launch/.gitignore index 6ff139e0..42b97838 100644 --- a/launch/.gitignore +++ b/launch/.gitignore @@ -1,4 +1,5 @@ .auto.tfvars.json +module.auto.tfvars.json .terraform/ .terraform.tfstate.lock.info terraform.tfstate* diff --git a/launch/.terraform/modules/mastodon.deploy b/launch/.terraform/modules/mastodon.deploy index 4c479922..ec6dad7d 120000 --- a/launch/.terraform/modules/mastodon.deploy +++ b/launch/.terraform/modules/mastodon.deploy @@ -1 +1 @@ -/nix/store/xvgm4swq8yss14fmizx0dn288gf4zw7i-source \ No newline at end of file +/nix/store/8mh14khb56hqyslxhla0nzdzi2wp6wp7-source \ No newline at end of file diff --git a/launch/.terraform/modules/modules.json b/launch/.terraform/modules/modules.json index aa12893a..6526e512 100644 --- a/launch/.terraform/modules/modules.json +++ b/launch/.terraform/modules/modules.json @@ -1 +1 @@ -{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"mastodon","Source":"./vm","Dir":"vm"},{"Key":"mastodon.deploy","Source":"file:///nix/store/xvgm4swq8yss14fmizx0dn288gf4zw7i-source//deploy_nixos","Dir":".terraform/modules/mastodon.deploy/deploy_nixos"},{"Key":"peertube","Source":"./vm","Dir":"vm"},{"Key":"peertube.deploy","Source":"file:///nix/store/xvgm4swq8yss14fmizx0dn288gf4zw7i-source//deploy_nixos","Dir":".terraform/modules/peertube.deploy/deploy_nixos"},{"Key":"pixelfed","Source":"./vm","Dir":"vm"},{"Key":"pixelfed.deploy","Source":"file:///nix/store/xvgm4swq8yss14fmizx0dn288gf4zw7i-source//deploy_nixos","Dir":".terraform/modules/pixelfed.deploy/deploy_nixos"}]} +{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"mastodon","Source":"./vm","Dir":"vm"},{"Key":"mastodon.deploy","Source":"file:///nix/store/8mh14khb56hqyslxhla0nzdzi2wp6wp7-source//deploy_nixos","Dir":".terraform/modules/mastodon.deploy/deploy_nixos"},{"Key":"peertube","Source":"./vm","Dir":"vm"},{"Key":"peertube.deploy","Source":"file:///nix/store/8mh14khb56hqyslxhla0nzdzi2wp6wp7-source//deploy_nixos","Dir":".terraform/modules/peertube.deploy/deploy_nixos"},{"Key":"pixelfed","Source":"./vm","Dir":"vm"},{"Key":"pixelfed.deploy","Source":"file:///nix/store/8mh14khb56hqyslxhla0nzdzi2wp6wp7-source//deploy_nixos","Dir":".terraform/modules/pixelfed.deploy/deploy_nixos"}]} \ No newline at end of file diff --git a/launch/.terraform/modules/peertube.deploy/deploy_nixos/nixos-deploy.sh b/launch/.terraform/modules/peertube.deploy/deploy_nixos/nixos-deploy.sh index e0fcafb2..319651bb 100755 --- a/launch/.terraform/modules/peertube.deploy/deploy_nixos/nixos-deploy.sh +++ b/launch/.terraform/modules/peertube.deploy/deploy_nixos/nixos-deploy.sh @@ -95,8 +95,6 @@ setupControlPath() { ### Main ### -log "$(env)" - setupControlPath if [[ "${buildOnTarget:-false}" == true ]]; then diff --git a/launch/.terraform/modules/peertube.deploy~f00c14b (get TF in prod to the same 'installable ... does not correspond to a Nix language value' for non-flakes) b/launch/.terraform/modules/peertube.deploy~f00c14b (get TF in prod to the same 'installable ... does not correspond to a Nix language value' for non-flakes) deleted file mode 120000 index 17167407..00000000 --- a/launch/.terraform/modules/peertube.deploy~f00c14b (get TF in prod to the same 'installable ... does not correspond to a Nix language value' for non-flakes) +++ /dev/null @@ -1 +0,0 @@ -/nix/store/ca7wwzypz3lhvmrb2a1i72pf7d2vh6mw-source \ No newline at end of file diff --git a/launch/.terraform/modules/pixelfed.deploy/deploy_nixos/nixos-deploy.sh b/launch/.terraform/modules/pixelfed.deploy/deploy_nixos/nixos-deploy.sh index e0fcafb2..319651bb 100755 --- a/launch/.terraform/modules/pixelfed.deploy/deploy_nixos/nixos-deploy.sh +++ b/launch/.terraform/modules/pixelfed.deploy/deploy_nixos/nixos-deploy.sh @@ -95,8 +95,6 @@ setupControlPath() { ### Main ### -log "$(env)" - setupControlPath if [[ "${buildOnTarget:-false}" == true ]]; then diff --git a/launch/.terraform/plugin_path b/launch/.terraform/plugin_path index 9d621c4b..0a21d939 100644 --- a/launch/.terraform/plugin_path +++ b/launch/.terraform/plugin_path @@ -1,2 +1,3 @@ [ "/nix/store/mnqkwjg5v6sx86an34b4cn075h0lapz3-opentofu-1.8.7/libexec/terraform-providers" +] \ No newline at end of file diff --git a/launch/README.md b/launch/README.md index 237b293a..a3c83086 100644 --- a/launch/README.md +++ b/launch/README.md @@ -7,7 +7,7 @@ ```sh $ npins update terraform-nixos $ cd launch/ -$ echo "{\"terraform-nixos\": $(nix-instantiate --eval --json -E '(import ../npins).terraform-nixos.outPath')}" > .auto.tfvars.json +$ echo "{\"terraform-nixos\": $(nix-instantiate --eval --json -E '(import ../npins).terraform-nixos.outPath')}" > module.auto.tfvars.json ``` ### local development diff --git a/launch/main.tf b/launch/main.tf index e705d8e7..fc1a7692 100644 --- a/launch/main.tf +++ b/launch/main.tf @@ -51,6 +51,19 @@ variable "initialUser" { } } +# TODO: could this straight-up be added in the child module instead? +variable "ssh_private_key_file" { + type = string + description = "Path to private key used to connect to the target_host" + default = "" +} + +variable "deploy_environment" { + type = map(string) + description = "Extra environment variables to be set during deployment." + default = {} +} + # module "garage" { # source = "./vm" # count = var.mastodon.enable || var.pixelfed.enable || var.peertube.enable ? 1 : 0 @@ -59,6 +72,7 @@ variable "initialUser" { # config = "garage" # initialUser = var.initialUser # terraform-nixos = var.terraform-nixos +# ssh_private_key_file = var.ssh_private_key_file # } module "mastodon" { @@ -69,6 +83,7 @@ module "mastodon" { config = "mastodon" initialUser = var.initialUser terraform-nixos = var.terraform-nixos + ssh_private_key_file = var.ssh_private_key_file } module "pixelfed" { @@ -79,6 +94,7 @@ module "pixelfed" { config = "pixelfed" initialUser = var.initialUser terraform-nixos = var.terraform-nixos + ssh_private_key_file = var.ssh_private_key_file } module "peertube" { @@ -89,4 +105,5 @@ module "peertube" { config = "peertube" initialUser = var.initialUser terraform-nixos = var.terraform-nixos + ssh_private_key_file = var.ssh_private_key_file } diff --git a/launch/mastodon.nix b/launch/mastodon.nix index 43abbf40..26682f50 100644 --- a/launch/mastodon.nix +++ b/launch/mastodon.nix @@ -8,9 +8,6 @@ let }; in { - imports = [ - ./shared.nix - ]; fediversity = { mastodon = mastodonS3KeyConfig { inherit pkgs; } // { enable = true; diff --git a/launch/module.auto.tfvars.json b/launch/module.auto.tfvars.json index 50830494..0d108435 100644 --- a/launch/module.auto.tfvars.json +++ b/launch/module.auto.tfvars.json @@ -1 +1 @@ -{"terraform-nixos": "/nix/store/xvgm4swq8yss14fmizx0dn288gf4zw7i-source"} +{"terraform-nixos": "/nix/store/8mh14khb56hqyslxhla0nzdzi2wp6wp7-source"} diff --git a/launch/peertube.nix b/launch/peertube.nix index 4a650650..4124568a 100644 --- a/launch/peertube.nix +++ b/launch/peertube.nix @@ -8,9 +8,6 @@ let }; in { - imports = [ - ./shared.nix - ]; fediversity = { peertube = peertubeS3KeyConfig { inherit pkgs; } // { enable = true; diff --git a/launch/pixelfed.nix b/launch/pixelfed.nix index 28679801..75790409 100644 --- a/launch/pixelfed.nix +++ b/launch/pixelfed.nix @@ -8,9 +8,6 @@ let }; in { - imports = [ - ./shared.nix - ]; fediversity = { pixelfed = pixelfedS3KeyConfig { inherit pkgs; } // { enable = true; diff --git a/launch/terraform.tfstate b/launch/terraform.tfstate deleted file mode 100644 index 6786b6b2..00000000 --- a/launch/terraform.tfstate +++ /dev/null @@ -1 +0,0 @@ -{"version":4,"terraform_version":"1.9.0","serial":68,"lineage":"acbbbabc-b0fa-9ac4-7e96-aaa2cfc9b223","outputs":{},"resources":[{"module":"module.mastodon[0]","mode":"data","type":"external","name":"pins","provider":"provider[\"registry.opentofu.org/hashicorp/external\"]","instances":[{"schema_version":0,"attributes":{"id":"-","program":["nix","eval","--json","-f","./../npins/default.nix"],"query":null,"result":{"agenix":"/nix/store/glsqq1xn5al7d528hvlbm4hl3ladxmka-source","disko":"/nix/store/7wf9q0mb1i43x9dr1qlyfaraq15n6sii-source","flake-inputs":"/nix/store/fqln0bcp6mp75k4sl0cav2f0np60lwhj-source","htmx":"/nix/store/mwqqk0qmldzvv4xj9kq2lbah2flhc44z-source","nix-unit":"/nix/store/yc260i6cp4q4mivlhrrypis34yp138sw-source","nixpkgs":"/nix/store/g9chc50nd98bm0pxhyhyyhg8ldj2fzzp-source","terraform-nixos":"/nix/store/xvgm4swq8yss14fmizx0dn288gf4zw7i-source"},"working_dir":null},"sensitive_attributes":[]}]},{"module":"module.mastodon[0].module.deploy","mode":"data","type":"external","name":"nixos-instantiate","provider":"provider[\"registry.opentofu.org/hashicorp/external\"]","instances":[{"schema_version":0,"attributes":{"id":"-","program":[".terraform/modules/mastodon.deploy/deploy_nixos/nixos-instantiate.sh","nixpkgs=/nix/store/g9chc50nd98bm0pxhyhyyhg8ldj2fzzp-source:sources=./../npins","import /nix/store/g9chc50nd98bm0pxhyhyyhg8ldj2fzzp-source/nixos/lib/eval-config.nix {\n system = \"x86_64-linux\";\n specialArgs = {\n sources = import ./../npins;\n terraform = builtins.fromJSON ''{\"domain\":\"fediversity.net\",\"hostname\":\"test06\",\"initialUser\":{\"displayName\":\"Testy McTestface\",\"email\":\"test@test.com\",\"password\":\"testtest\",\"username\":\"test\"}}'';\n };\n modules = [\n ./mastodon.nix\n ./shared.nix\n ];\n}\n",".","false","--argstr","system","x86_64-linux","--arg","hermetic","true"],"query":null,"result":{"currentSystem":"x86_64-linux","drv_path":"/nix/store/q7xraxg5jnavc79dww1qn21ik7caxb48-nixos-system-test06-25.05pre777917.b7ba7f9f45c5.drv","out_path":"/nix/store/g00cvr7h06p0m7z53v7gx3zf5fyr10bc-nixos-system-test06-25.05pre777917.b7ba7f9f45c5","substituters":"https://cache.nixos.org/","trusted-public-keys":"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="},"working_dir":null},"sensitive_attributes":[]}]},{"module":"module.mastodon[0].module.deploy","mode":"managed","type":"null_resource","name":"deploy_nixos","provider":"provider[\"registry.opentofu.org/hashicorp/null\"]","instances":[{"status":"tainted","schema_version":0,"attributes":{"id":"4793704995569904675","triggers":{"deploy_nixos_drv":"/nix/store/q7xraxg5jnavc79dww1qn21ik7caxb48-nixos-system-test06-25.05pre777917.b7ba7f9f45c5.drv","deploy_nixos_keys":"44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a"}},"sensitive_attributes":[],"dependencies":["module.mastodon.data.external.pins","module.mastodon.module.deploy.data.external.nixos-instantiate"]}]}],"check_results":null} diff --git a/launch/terraform.tfstate.backup b/launch/terraform.tfstate.backup deleted file mode 100644 index 31f0d72c..00000000 --- a/launch/terraform.tfstate.backup +++ /dev/null @@ -1 +0,0 @@ -{"version":4,"terraform_version":"1.9.0","serial":67,"lineage":"acbbbabc-b0fa-9ac4-7e96-aaa2cfc9b223","outputs":{},"resources":[{"module":"module.mastodon[0]","mode":"data","type":"external","name":"pins","provider":"provider[\"registry.opentofu.org/hashicorp/external\"]","instances":[{"schema_version":0,"attributes":{"id":"-","program":["nix","eval","--json","-f","./../npins/default.nix"],"query":null,"result":{"agenix":"/nix/store/glsqq1xn5al7d528hvlbm4hl3ladxmka-source","disko":"/nix/store/7wf9q0mb1i43x9dr1qlyfaraq15n6sii-source","flake-inputs":"/nix/store/fqln0bcp6mp75k4sl0cav2f0np60lwhj-source","htmx":"/nix/store/mwqqk0qmldzvv4xj9kq2lbah2flhc44z-source","nix-unit":"/nix/store/yc260i6cp4q4mivlhrrypis34yp138sw-source","nixpkgs":"/nix/store/g9chc50nd98bm0pxhyhyyhg8ldj2fzzp-source","terraform-nixos":"/nix/store/xvgm4swq8yss14fmizx0dn288gf4zw7i-source"},"working_dir":null},"sensitive_attributes":[]}]},{"module":"module.mastodon[0].module.deploy","mode":"data","type":"external","name":"nixos-instantiate","provider":"provider[\"registry.opentofu.org/hashicorp/external\"]","instances":[{"schema_version":0,"attributes":{"id":"-","program":[".terraform/modules/mastodon.deploy/deploy_nixos/nixos-instantiate.sh","nixpkgs=/nix/store/g9chc50nd98bm0pxhyhyyhg8ldj2fzzp-source:sources=./../npins","import /nix/store/g9chc50nd98bm0pxhyhyyhg8ldj2fzzp-source/nixos/lib/eval-config.nix {\n system = \"x86_64-linux\";\n specialArgs = {\n sources = import ./../npins;\n terraform = builtins.fromJSON ''{\"domain\":\"fediversity.net\",\"hostname\":\"test06\",\"initialUser\":{\"displayName\":\"Testy McTestface\",\"email\":\"test@test.com\",\"password\":\"testtest\",\"username\":\"test\"}}'';\n };\n modules = [\n ./mastodon.nix\n ./shared.nix\n ];\n}\n",".","false","--argstr","system","x86_64-linux","--arg","hermetic","true"],"query":null,"result":{"currentSystem":"x86_64-linux","drv_path":"/nix/store/q7xraxg5jnavc79dww1qn21ik7caxb48-nixos-system-test06-25.05pre777917.b7ba7f9f45c5.drv","out_path":"/nix/store/g00cvr7h06p0m7z53v7gx3zf5fyr10bc-nixos-system-test06-25.05pre777917.b7ba7f9f45c5","substituters":"https://cache.nixos.org/","trusted-public-keys":"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="},"working_dir":null},"sensitive_attributes":[]}]},{"module":"module.mastodon[0].module.deploy","mode":"managed","type":"null_resource","name":"deploy_nixos","provider":"provider[\"registry.opentofu.org/hashicorp/null\"]","instances":[{"status":"tainted","schema_version":0,"attributes":{"id":"1197266561618904114","triggers":{"deploy_nixos_drv":"/nix/store/q7xraxg5jnavc79dww1qn21ik7caxb48-nixos-system-test06-25.05pre777917.b7ba7f9f45c5.drv","deploy_nixos_keys":"44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a"}},"sensitive_attributes":[],"dependencies":["module.mastodon.data.external.pins","module.mastodon.module.deploy.data.external.nixos-instantiate"]}]}],"check_results":null} diff --git a/launch/tf-env.nix b/launch/tf-env.nix index 3f68f3c6..2c720795 100644 --- a/launch/tf-env.nix +++ b/launch/tf-env.nix @@ -17,8 +17,8 @@ pkgs.stdenv.mkDerivation { # pass terraform-nixos path to TF through variable # when switching TF to nix take this directly from `inputs` # https://codeberg.org/kiara/e2ed-hetzner/commit/84b2a349d3e48ea2a17340bceff762d834fd4046 - echo "{\"terraform-nixos\": \"${sources.terraform-nixos}\"}" > .auto.tfvars.json + echo "{\"terraform-nixos\": \"${sources.terraform-nixos}\"}" > module.auto.tfvars.json # point to the relevant providers tofu init -input=false diff --git a/launch/vm/main.tf b/launch/vm/main.tf index c49a91bf..5ea1caf4 100644 --- a/launch/vm/main.tf +++ b/launch/vm/main.tf @@ -23,27 +23,50 @@ variable "initialUser" { }) } +variable "ssh_private_key_file" { + type = string + description = "Path to private key used to connect to the target_host" + default = "" +} + +variable "deploy_environment" { + type = map(string) + description = "Extra environment variables to be set during deployment." + default = {} +} + +locals { + system = "x86_64-linux" + nixpkgs = data.external.pins.result["nixpkgs"] + sources = "${path.root}/../npins" +} + module "deploy" { source = "${var.terraform-nixos}//deploy_nixos" + ssh_private_key_file = var.ssh_private_key_file target_host = "${var.hostname}.abundos.eu" target_user= "root" # FIXME: #24 - target_system = "x86_64-linux" - NIX_PATH = "nixpkgs=${data.external.pins.result["nixpkgs"]}:sources=${path.root}/../npins" - nixos_config = "${path.root}/${var.config}.nix" - extra_eval_args = [ - "--arg", - "specialArgs", - <<-EOT - { - sources = import ; + target_system = local.system + NIX_PATH = "nixpkgs=${local.nixpkgs}:sources=${local.sources}" + hermetic = true + config_pwd = path.root + config = <<-EOT + import ${data.external.pins.result["nixpkgs"]}/nixos/lib/eval-config.nix { + system = "${local.system}"; + specialArgs = { + sources = import ${path.root}/../npins; terraform = builtins.fromJSON ''${jsonencode({ domain = var.domain hostname = var.hostname initialUser = var.initialUser })}''; - } - EOT - ] + }; + modules = [ + ${path.root}/${var.config}.nix + ${path.root}/shared.nix + ]; + } + EOT # build_on_target = false # triggers = { # # pins = data.external.pins.result @@ -51,5 +74,5 @@ module "deploy" { } data "external" "pins" { - program = ["nix", "eval", "--json", "-f", "${path.root}/../npins/default.nix"] + program = ["nix", "eval", "--json", "-f", "${path.root}/../npins"] } diff --git a/npins/sources.json b/npins/sources.json index 21b4dcf0..24541c01 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -79,11 +79,11 @@ "owner": "KiaraGrouwstra", "repo": "terraform-nixos" }, - "branch": "special-args", - "revision": "e3e120e80dbbb53b4bfda4380d02e74eef4b5ffd", - "url": "https://github.com/KiaraGrouwstra/terraform-nixos/archive/e3e120e80dbbb53b4bfda4380d02e74eef4b5ffd.tar.gz", - "hash": "03z8xxsbkv2mwfkd8w6dj3jlckrsgbi5wpp680dlyrzlw78zvf8b" + "branch": "env-hermetic", + "revision": "cc28d99966d0c742265d1551c622383fd775dd30", + "url": "https://github.com/KiaraGrouwstra/terraform-nixos/archive/cc28d99966d0c742265d1551c622383fd775dd30.tar.gz", + "hash": "17a01my75ccxpn5h40w3855hkj2mkfm0q0chxwxcnq8g9hh67waj" } }, "version": 3 -} +} \ No newline at end of file