diff --git a/deployment/check/data-model-tf/nixosTest.nix b/deployment/check/data-model-tf/nixosTest.nix index c38705cf..07581b9c 100644 --- a/deployment/check/data-model-tf/nixosTest.nix +++ b/deployment/check/data-model-tf/nixosTest.nix @@ -17,13 +17,7 @@ let inherit nodeName pathToRoot; targetSystem = system; sshOpts = [ ]; - httpBackend = rec { - TF_HTTP_USERNAME = "basic"; - TF_HTTP_PASSWORD = "fake-secret"; - TF_HTTP_ADDRESS = "http://localhost:${backendPort}/state/project1/example"; - TF_HTTP_LOCK_ADDRESS = TF_HTTP_ADDRESS; - TF_HTTP_UNLOCK_ADDRESS = TF_HTTP_ADDRESS; - }; + httpBackend.address = "http://localhost:${backendPort}/state/project1/example"; }; }).default.tf-host.run; in diff --git a/deployment/data-model.nix b/deployment/data-model.nix index 4973fcba..3efe927d 100644 --- a/deployment/data-model.nix +++ b/deployment/data-model.nix @@ -74,6 +74,91 @@ let description = "A NixOS configuration."; type = raw; }; + httpBackend = mkOption { + description = "environment variables to configure the TF HTTP back-end, see "; + type = types.submodule (http-backend: { + options = { + value = mkOption { + readOnly = true; + default = lib.mapAttrs' (k: v: lib.nameValuePair "TF_HTTP_${lib.toUpper k}" (builtins.toString v)) { + inherit (http-backend.config) + address + update_method + lock_address + lock_method + unlock_address + unlock_method + username + password + skip_cert_verification + retry_max + retry_wait_min + retry_wait_max + ; + }; + }; + address = mkOption { + description = "The address of the REST endpoint"; + type = str; + }; + update_method = mkOption { + description = "HTTP method to use when updating state."; + type = str; + default = "POST"; + }; + lock_address = mkOption { + description = "The address of the lock REST endpoint."; + type = str; + default = http-backend.config.address; + }; + lock_method = mkOption { + description = "The HTTP method to use when locking."; + type = str; + default = "LOCK"; + }; + unlock_address = mkOption { + description = "The address of the unlock REST endpoint."; + type = str; + default = http-backend.config.address; + }; + unlock_method = mkOption { + description = "The HTTP method to use when unlocking."; + type = str; + default = "UNLOCK"; + }; + username = mkOption { + description = "The username for HTTP basic authentication."; + type = str; + default = "basic"; + }; + password = mkOption { + description = "The password for HTTP basic authentication."; + type = str; + default = "fake-secret"; + }; + skip_cert_verification = mkOption { + description = "Whether to skip TLS verification."; + type = str; + default = "false"; + }; + retry_max = mkOption { + description = "The number of HTTP request retries."; + type = types.int; + default = 2; + }; + retry_wait_min = mkOption { + description = "The minimum time in seconds to wait between HTTP request attempts."; + type = types.int; + default = 1; + }; + retry_wait_max = mkOption { + description = "The maximum time in seconds to wait between HTTP request attempts."; + type = types.int; + default = 30; + }; + }; + }); + }; host-ssh = mkOption { description = "SSH connection info to connect to a single host."; type = submodule { @@ -195,7 +280,7 @@ let description = "The architecture of the system to deploy to."; type = types.str; }; - inherit nixos-configuration; + inherit httpBackend nixos-configuration; ssh = host-ssh; caller = mkOption { description = "The calling module to obtain the NixOS configuration from."; @@ -213,10 +298,6 @@ let description = "The path to the root of the repository."; type = types.path; }; - httpBackend = mkOption { - description = "environment variables to configure the TF HTTP back-end, see "; - type = types.attrsOf (types.either types.str types.int); - }; run = mkOption { type = types.package; # error: The option `tf-deployment.tf-host.run' is read-only, but it's set multiple times. @@ -278,16 +359,12 @@ let description = "The architecture of the system to deploy to."; type = types.str; }; - inherit nixos-configuration; + inherit httpBackend nixos-configuration; ssh = host-ssh; node-name = mkOption { description = "the name of the ProxmoX node to use."; type = types.str; }; - httpBackend = mkOption { - description = "environment variables to configure the TF HTTP back-end, see "; - type = types.attrsOf (types.either types.str types.int); - }; imageDatastoreId = mkOption { description = "ID of the datastore of the image."; type = types.str; @@ -366,7 +443,7 @@ let description = "The architecture of the system to deploy to."; type = types.str; }; - inherit nixos-configuration; + inherit httpBackend nixos-configuration; ssh = host-ssh; caller = mkOption { description = "The calling module to obtain the NixOS configuration from."; @@ -388,10 +465,6 @@ let description = "the name of the ProxmoX node to use."; type = types.str; }; - httpBackend = mkOption { - description = "environment variables to configure the TF HTTP back-end, see "; - type = types.attrsOf (types.either types.str types.int); - }; bridge = mkOption { description = "The name of the network bridge (defaults to vmbr0)."; type = types.str; diff --git a/deployment/run/tf-setup.nix b/deployment/run/tf-setup.nix index 37328fe5..ae141e76 100644 --- a/deployment/run/tf-setup.nix +++ b/deployment/run/tf-setup.nix @@ -17,6 +17,6 @@ pkgs.writeScriptBin "setup" '' # suppress warning on architecture-specific generated lock file: # `Warning: Incomplete lock file information for providers`. env TF_HTTP_RETRY_MAX=1 TF_HTTP_RETRY_WAIT_MIN=0 \ - ${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \ + ${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend.value)} \ tofu init -input=false 1>/dev/null '' diff --git a/deployment/utils.nix b/deployment/utils.nix index 82b32b70..123669e4 100644 --- a/deployment/utils.nix +++ b/deployment/utils.nix @@ -56,7 +56,7 @@ rec { ) ) } \ - ${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \ + ${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend.value)} \ ''; tfPackage = pkgs.callPackage ./run/${directory}/tf.nix { }; tf-env = pkgs.callPackage ./run/tf-env.nix {