diff --git a/deployment/check/common/data-model.nix b/deployment/check/common/data-model.nix deleted file mode 100644 index 1c158455..00000000 --- a/deployment/check/common/data-model.nix +++ /dev/null @@ -1,408 +0,0 @@ -{ - config, - system, - inputs ? (import ../../../default.nix { }).inputs, # XXX can't be serialized - sources ? import ../../../npins, - ... -}@args: -# FIXME allow default values for `config` module parameters? - -let - # having this module's location (`self`) and (serializable) `args`, we know - # enough to make it re-call itself to extract different info elsewhere later. - # we use this to make a deployment script using the desired nixos config, - # which would otherwise not be serializable, while nix also makes it hard to - # produce its derivation to pass thru without a `nix-instantiate` call, - # which in turn would need to be passed the (unserializable) nixos config. - self = "deployment/check/common/data-model.nix"; - inherit (sources) nixpkgs; - pkgs = import nixpkgs { inherit system; }; - inherit (pkgs) lib; - deployment-config = config; - inherit (deployment-config) - nodeName - pathToRoot - targetSystem - sshOpts - key-file - httpBackend - node-name - bridge - vlanId - imageDatastoreId - vmDatastoreId - cdDatastoreId - ipv4Gateway - ipv4Address - ipv6Gateway - ipv6Address - ; - inherit (lib) mkOption types; - eval = - module: - (lib.evalModules { - specialArgs = { - inherit pkgs inputs sources; - }; - modules = [ - module - ../../data-model.nix - ]; - }).config; - fediversity = eval ( - { config, ... }: - { - config = { - resources.login-shell = { - description = "The operator needs to be able to log into the shell"; - request = - { ... }: - { - _class = "fediversity-resource-request"; - options = { - wheel = mkOption { - description = "Whether the login user needs root permissions"; - type = types.bool; - default = false; - }; - packages = mkOption { - description = "Packages that need to be available in the user environment"; - type = with types; attrsOf package; - }; - }; - }; - policy = - { config, ... }: - { - _class = "fediversity-resource-policy"; - options = { - username = mkOption { - description = "Username for the operator"; - type = types.str; # TODO: use the proper constraints from NixOS - }; - wheel = mkOption { - description = "Whether to allow login with root permissions"; - type = types.bool; - default = false; - }; - }; - config = { - resource-type = types.raw; # TODO: splice out the user type from NixOS - apply = - requests: - let - # Filter out requests that need wheel if policy doesn't allow it - validRequests = lib.filterAttrs ( - _name: req: !req.login-shell.wheel || config.wheel - ) requests.resources; - in - lib.optionalAttrs (validRequests != { }) { - ${config.username} = { - isNormalUser = true; - packages = - with lib; - attrValues (concatMapAttrs (_name: request: request.login-shell.packages) validRequests); - extraGroups = lib.optional config.wheel "wheel"; - password = "password"; - }; - }; - }; - }; - }; - applications.hello = - { ... }: - { - description = ''Command-line tool that will print "Hello, world!" on the terminal''; - module = - { ... }: - { - options.enable = lib.mkEnableOption "Hello in the shell"; - }; - implementation = cfg: { - resources = lib.optionalAttrs cfg.enable { - hello.login-shell = { - wheel = true; - packages.hello = pkgs.hello; - }; - }; - }; - }; - environments = - let - mkNixosConfiguration = - environment: requests: - { ... }: - { - imports = [ - ./data-model-options.nix - ../common/sharedOptions.nix - # tests need this, however outside tests this (and esp its import nixos-test-base) must not be used - ../common/targetNode.nix - "${nixpkgs}/nixos/modules/profiles/minimal.nix" - # "${nixpkgs}/nixos/modules/profiles/perlless.nix" # failed under disko - "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" - # systemd-repart - # ../../../infra/common/nixos/repart.nix - # disko - "${sources.disko}/module.nix" - ../../../infra/common/proxmox-qemu-vm.nix - ]; - - # # non-disko - # boot.loader.grub.enable = false; - # boot.loader.systemd-boot.enable = true; - - # boot.loader.efi.efiSysMountPoint = "/boot"; - # boot.loader.systemd-boot.edk2-uefi-shell.enable = true; - # boot.loader.efi.canTouchEfiVariables = true; - # # proxmox.qemuConf.bios == "ovmf"; - - # boot.growPartition = true; - # boot.loader.timeout = 1; - - nixpkgs.hostPlatform = "x86_64-linux"; - - system.stateVersion = "25.05"; - services.qemuGuest.enable = true; - systemd.services.qemu-guest-agent = { - wants = [ "network-online.target" ]; - after = [ "network-online.target" ]; - }; - - services.openssh = { - enable = true; - settings.PasswordAuthentication = false; - }; - networking = { - firewall.enable = false; - useDHCP = false; - usePredictableInterfaceNames = false; - useNetworkd = true; - nameservers = [ - "95.215.185.6" - "95.215.185.7" - "2a00:51c0::5fd7:b906" - "2a00:51c0::5fd7:b907" - ]; - }; - - security.sudo.wheelNeedsPassword = false; - nix.settings.trusted-users = [ "@wheel" ]; - - services.cloud-init = { - enable = true; - network.enable = true; - }; - - users.mutableUsers = false; - users.users = - { - root = { - # password = "password"; # cannot log in - # hashedPassword = "$y$j9T$QoArNaV2VrjPhQ6BMG1AA.$uq8jw0.g.dJwIfepqipxzeUD1ochgUs8A5QmVe4qbJ6"; # cannot log in - hashedPasswordFile = builtins.toString ( - pkgs.writeText "root-password" "$y$j9T$9g0NqdBsKvQ3ETOPPB0hW.$cIiG648jgA/eVqiCPJJZtI5JYiL6oODZtKI6.lCmJA/" - ); - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHTIqF4CAylSxKPiSo5JOPuocn0y2z38wOSsQ1MUaZ2" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFZsldWMEsajYysjYsEpNvMOjO4D8L21pTrfQS1T+Hfy" - ]; - }; - # can log in - kiara = { - isNormalUser = true; - extraGroups = [ "wheel" ]; - password = "password"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHTIqF4CAylSxKPiSo5JOPuocn0y2z38wOSsQ1MUaZ2" - ]; - }; - # cannot log in - operator = { - isNormalUser = true; - extraGroups = [ "wheel" ]; - password = "password"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHTIqF4CAylSxKPiSo5JOPuocn0y2z38wOSsQ1MUaZ2" - ]; - }; - } - // environment.config.resources."operator-environment".login-shell.apply { - resources = lib.filterAttrs (_name: value: value ? login-shell) ( - lib.concatMapAttrs ( - k': req: lib.mapAttrs' (k: lib.nameValuePair "${k'}.${k}") req.resources - ) requests - ); - }; - }; - in - { - single-nixos-vm-ssh = environment: { - resources."operator-environment".login-shell.username = "operator"; - implementation = - { - required-resources, - deployment-name, - }: - { - ssh-host = { - nixos-configuration = mkNixosConfiguration environment required-resources; - system = targetSystem; - ssh = { - username = "root"; - host = nodeName; - inherit key-file sshOpts; - }; - module = self; - inherit args deployment-name; - root-path = pathToRoot; - }; - }; - }; - single-nixos-vm-nixops4 = environment: { - resources."operator-environment".login-shell.username = "operator"; - implementation = - { - required-resources, - ... - }: - { - nixops4 = - { providers, ... }: - { - providers = { - inherit (inputs.nixops4.modules.nixops4Provider) local; - }; - resources.${nodeName} = { - type = providers.local.exec; - imports = [ - inputs.nixops4-nixos.modules.nixops4Resource.nixos - ../common/targetResource.nix - ]; - nixos.module = mkNixosConfiguration environment required-resources; - _module.args = { inherit inputs sources; }; - inherit (deployment-config) nodeName pathToRoot pathFromRoot; - }; - }; - }; - }; - single-nixos-vm-tf = environment: { - resources."operator-environment".login-shell.username = "operator"; - implementation = - { - required-resources, - deployment-name, - }: - { - tf-host = { - nixos-configuration = mkNixosConfiguration environment required-resources; - system = targetSystem; - ssh = { - username = "root"; - host = nodeName; - inherit key-file sshOpts; - }; - module = self; - inherit args deployment-name httpBackend; - root-path = pathToRoot; - }; - }; - }; - single-nixos-vm-tf-proxmox = environment: { - resources."operator-environment".login-shell = { - wheel = true; - username = "operator"; - }; - implementation = - { - required-resources, - deployment-name, - }: - { - tf-proxmox-host = { - nixos-configuration = mkNixosConfiguration environment required-resources; - system = targetSystem; - ssh = { - username = "root"; - host = nodeName; - inherit key-file sshOpts; - }; - module = self; - inherit - args - deployment-name - httpBackend - node-name - bridge - vlanId - imageDatastoreId - vmDatastoreId - cdDatastoreId - ipv4Gateway - ipv4Address - ipv6Gateway - ipv6Address - ; - root-path = pathToRoot; - }; - }; - }; - }; - }; - options = { - "example-configuration" = mkOption { - type = config.configuration; - default = { - enable = true; - applications.hello.enable = true; - }; - }; - "ssh-deployment" = - let - env = config.environments."single-nixos-vm-ssh"; - in - mkOption { - type = env.resource-mapping.output-type; - default = env.deployment { - deployment-name = "ssh-deployment"; - configuration = config."example-configuration"; - }; - }; - "nixops4-deployment" = - let - env = config.environments."single-nixos-vm-nixops4"; - in - mkOption { - type = env.resource-mapping.output-type; - default = env.deployment { - deployment-name = "nixops4-deployment"; - configuration = config."example-configuration"; - }; - }; - "tf-deployment" = - let - env = config.environments."single-nixos-vm-tf"; - in - mkOption { - type = env.resource-mapping.output-type; - default = env.deployment { - deployment-name = "tf-deployment"; - configuration = config."example-configuration"; - }; - }; - "tf-proxmox-deployment" = - let - env = config.environments."single-nixos-vm-tf-proxmox"; - in - mkOption { - type = env.resource-mapping.output-type; - default = env.deployment { - deployment-name = "tf-proxmox-deployment"; - configuration = config."example-configuration"; - }; - }; - }; - } - ); -in -fediversity diff --git a/deployment/check/common/utils.nix b/deployment/check/common/utils.nix index ba27c050..cbd087d6 100644 --- a/deployment/check/common/utils.nix +++ b/deployment/check/common/utils.nix @@ -1,4 +1,5 @@ { + pkgs, lib, sources ? import ../../../npins, ... @@ -10,16 +11,103 @@ { imports = [ ../common/sharedOptions.nix + # tests need this, however outside tests this (and esp its import nixos-test-base) must not be used ../common/targetNode.nix + "${sources.nixpkgs}/nixos/modules/profiles/minimal.nix" + # "${nixpkgs}/nixos/modules/profiles/perlless.nix" # failed under disko "${sources.nixpkgs}/nixos/modules/profiles/qemu-guest.nix" + # systemd-repart + # ../../../infra/common/nixos/repart.nix + # disko + "${sources.disko}/module.nix" + ../../../infra/common/proxmox-qemu-vm.nix ]; - users.users = environment.config.resources."operator-environment".login-shell.apply { - resources = lib.filterAttrs (_name: value: value ? login-shell) ( - lib.concatMapAttrs ( - k': req: lib.mapAttrs' (k: lib.nameValuePair "${k'}.${k}") req.resources - ) requests - ); + # # non-disko + # boot.loader.grub.enable = false; + # boot.loader.systemd-boot.enable = true; + + # boot.loader.efi.efiSysMountPoint = "/boot"; + # boot.loader.systemd-boot.edk2-uefi-shell.enable = true; + # boot.loader.efi.canTouchEfiVariables = true; + # # proxmox.qemuConf.bios == "ovmf"; + + # boot.growPartition = true; + # boot.loader.timeout = 1; + + nixpkgs.hostPlatform = "x86_64-linux"; + + system.stateVersion = "25.05"; + services.qemuGuest.enable = true; + systemd.services.qemu-guest-agent = { + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; }; + + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + }; + networking = { + firewall.enable = false; + useDHCP = false; + usePredictableInterfaceNames = false; + useNetworkd = true; + nameservers = [ + "95.215.185.6" + "95.215.185.7" + "2a00:51c0::5fd7:b906" + "2a00:51c0::5fd7:b907" + ]; + }; + + security.sudo.wheelNeedsPassword = false; + nix.settings.trusted-users = [ "@wheel" ]; + + services.cloud-init = { + enable = true; + network.enable = true; + }; + + users.mutableUsers = false; + users.users = + { + root = { + # password = "password"; # cannot log in + # hashedPassword = "$y$j9T$QoArNaV2VrjPhQ6BMG1AA.$uq8jw0.g.dJwIfepqipxzeUD1ochgUs8A5QmVe4qbJ6"; # cannot log in + hashedPasswordFile = builtins.toString ( + pkgs.writeText "root-password" "$y$j9T$9g0NqdBsKvQ3ETOPPB0hW.$cIiG648jgA/eVqiCPJJZtI5JYiL6oODZtKI6.lCmJA/" + ); + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHTIqF4CAylSxKPiSo5JOPuocn0y2z38wOSsQ1MUaZ2" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFZsldWMEsajYysjYsEpNvMOjO4D8L21pTrfQS1T+Hfy" + ]; + }; + # can log in + kiara = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + password = "password"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHTIqF4CAylSxKPiSo5JOPuocn0y2z38wOSsQ1MUaZ2" + ]; + }; + # cannot log in + operator = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + password = "password"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHTIqF4CAylSxKPiSo5JOPuocn0y2z38wOSsQ1MUaZ2" + ]; + }; + } + // environment.config.resources."operator-environment".login-shell.apply { + resources = lib.filterAttrs (_name: value: value ? login-shell) ( + lib.concatMapAttrs ( + k': req: lib.mapAttrs' (k: lib.nameValuePair "${k'}.${k}") req.resources + ) requests + ); + }; }; } diff --git a/deployment/check/data-model-tf-proxmox/data-model.nix b/deployment/check/data-model-tf-proxmox/data-model.nix new file mode 100644 index 00000000..a00dd6d7 --- /dev/null +++ b/deployment/check/data-model-tf-proxmox/data-model.nix @@ -0,0 +1,90 @@ +{ + config, + system, + sources ? import ../../../npins, + ... +}@args: +let + # inherit (args) sources; + self = "deployment/check/data-model-tf-proxmox/data-model.nix"; + inherit (sources) nixpkgs; + pkgs = import nixpkgs { inherit system; }; + inherit (pkgs) lib; + inherit (pkgs.callPackage ../common/utils.nix { inherit sources; }) mkNixosConfiguration; + inherit (config) + nodeName + pathToRoot + targetSystem + sshOpts + httpBackend + key-file + node-name + bridge + vlanId + imageDatastoreId + vmDatastoreId + cdDatastoreId + ipv4Gateway + ipv4Address + ipv6Gateway + ipv6Address + ; +in +(pkgs.callPackage ../../utils.nix { }).evalModel ( + { config, ... }: + { + imports = [ ../common/model.nix ]; + config = { + environments.default = environment: { + resources."operator-environment".login-shell = { + wheel = true; + username = "operator"; + }; + implementation = + { + required-resources, + deployment-name, + }: + { + tf-proxmox-host = { + nixos-configuration = mkNixosConfiguration environment required-resources; + system = targetSystem; + ssh = { + username = "root"; + host = nodeName; + inherit key-file sshOpts; + }; + module = self; + inherit + args + deployment-name + httpBackend + node-name + bridge + vlanId + imageDatastoreId + vmDatastoreId + cdDatastoreId + ipv4Gateway + ipv4Address + ipv6Gateway + ipv6Address + ; + root-path = pathToRoot; + }; + }; + }; + }; + options.default = + let + env = config.environments.default; + in + lib.mkOption { + type = env.resource-mapping.output-type; + default = env.deployment { + deployment-name = "default"; + configuration = config."example-configuration"; + }; + }; + } +) diff --git a/deployment/check/data-model-tf-proxmox/nixosTest.nix b/deployment/check/data-model-tf-proxmox/nixosTest.nix index dad9a93e..39ce13e7 100644 --- a/deployment/check/data-model-tf-proxmox/nixosTest.nix +++ b/deployment/check/data-model-tf-proxmox/nixosTest.nix @@ -14,38 +14,36 @@ let TF_HTTP_LOCK_ADDRESS = TF_HTTP_ADDRESS; TF_HTTP_UNLOCK_ADDRESS = TF_HTTP_ADDRESS; }; - deployment-config = { - inherit httpBackend; - inherit (import ./constants.nix) pathToRoot; - nodeName = "pve"; - targetSystem = system; - sshOpts = [ - "ProxyCommand=ssh -W %h:%p pve" - ]; - key-file = "/root/.ssh/id_ed25519"; - node-name = "pve"; - bridge = "br0"; - vlanId = 0; - imageDatastoreId = "local"; - vmDatastoreId = "local"; - cdDatastoreId = "local"; - ipv4Gateway = "192.168.10.1"; - ipv4Address = "192.168.10.236/24"; - ipv6Gateway = ""; - ipv6Address = ""; - }; # FIXME generate the image `nixos-generate` was to make, but now do it for a desired `-c configuration.nix` rather than whatever generic thing now deployment = - (import ../common/data-model.nix { - inherit system; - config = deployment-config; - # opt not to pass `inputs`, as we could only pass serializable arguments through to its self-call - })."tf-proxmox-deployment".tf-proxmox-host; + (import ./data-model.nix { + inherit sources system; + config = { + inherit httpBackend; + inherit (import ./constants.nix) pathToRoot; + nodeName = "pve"; + targetSystem = system; + sshOpts = [ + "ProxyCommand=ssh -W %h:%p pve" + ]; + key-file = "/root/.ssh/id_ed25519"; + node-name = "pve"; + bridge = "br0"; + vlanId = 0; + imageDatastoreId = "local"; + vmDatastoreId = "local"; + cdDatastoreId = "local"; + ipv4Gateway = "192.168.10.1"; + ipv4Address = "192.168.10.236/24"; + ipv6Gateway = ""; + ipv6Address = ""; + }; + }).default.tf-proxmox-host; in { _class = "nixosTest"; imports = [ - ../common/data-model-options.nix + ./options.nix ]; name = "deployment-model"; sourceFileset = lib.fileset.unions [ @@ -119,7 +117,7 @@ in pkgs.pve-manager pkgs.openssl pkgs.jq - (pkgs.callPackage ../../run/tf-proxmox/tf.nix { inherit sources; }) + (pkgs.callPackage ../../run/tf-proxmox/tf.nix { }) ]; # needed only when building from deployer diff --git a/deployment/check/data-model-tf-proxmox/options.nix b/deployment/check/data-model-tf-proxmox/options.nix new file mode 100644 index 00000000..3a865236 --- /dev/null +++ b/deployment/check/data-model-tf-proxmox/options.nix @@ -0,0 +1,78 @@ +{ + lib, + ... +}: +let + inherit (lib) mkOption types; +in +{ + options = { + targetSystem = mkOption { + type = types.str; + description = "name of the host to deploy to"; + }; + sshOpts = mkOption { + description = "Extra SSH options (`-o`) to use."; + type = types.listOf types.str; + default = [ ]; + example = "ConnectTimeout=60"; + }; + httpBackend = mkOption { + description = "environment variables to configure the TF HTTP back-end, see "; + type = types.attrsOf (types.either types.str types.int); + }; + key-file = mkOption { + type = types.str; + default = ""; + }; + node-name = mkOption { + description = "the name of the ProxmoX node to use."; + type = types.str; + }; + bridge = mkOption { + description = "The name of the network bridge (defaults to vmbr0)."; + type = types.str; + default = "vmbr0"; + }; + vlanId = mkOption { + description = "The VLAN identifier."; + type = types.int; + default = 0; + }; + imageDatastoreId = mkOption { + description = "ID of the datastore of the image."; + type = types.str; + default = "local"; + }; + vmDatastoreId = mkOption { + description = "ID of the datastore of the VM."; + type = types.str; + default = "local"; + }; + cdDatastoreId = mkOption { + description = "ID of the datastore of the virtual CD-rom drive to use for cloud-init."; + type = types.str; + default = "local"; + }; + ipv4Gateway = mkOption { + description = "Gateway for IPv4."; + type = types.str; + default = ""; + }; + ipv4Address = mkOption { + description = "IPv4 address."; + type = types.str; + default = ""; + }; + ipv6Gateway = mkOption { + description = "Gateway for IPv6."; + type = types.str; + default = ""; + }; + ipv6Address = mkOption { + description = "IPv6 address."; + type = types.str; + default = ""; + }; + }; +} diff --git a/deployment/check/data-model-tf/options.nix b/deployment/check/data-model-tf/options.nix index 3a865236..0e415cf7 100644 --- a/deployment/check/data-model-tf/options.nix +++ b/deployment/check/data-model-tf/options.nix @@ -21,58 +21,5 @@ in description = "environment variables to configure the TF HTTP back-end, see "; type = types.attrsOf (types.either types.str types.int); }; - key-file = mkOption { - type = types.str; - default = ""; - }; - node-name = mkOption { - description = "the name of the ProxmoX node to use."; - type = types.str; - }; - bridge = mkOption { - description = "The name of the network bridge (defaults to vmbr0)."; - type = types.str; - default = "vmbr0"; - }; - vlanId = mkOption { - description = "The VLAN identifier."; - type = types.int; - default = 0; - }; - imageDatastoreId = mkOption { - description = "ID of the datastore of the image."; - type = types.str; - default = "local"; - }; - vmDatastoreId = mkOption { - description = "ID of the datastore of the VM."; - type = types.str; - default = "local"; - }; - cdDatastoreId = mkOption { - description = "ID of the datastore of the virtual CD-rom drive to use for cloud-init."; - type = types.str; - default = "local"; - }; - ipv4Gateway = mkOption { - description = "Gateway for IPv4."; - type = types.str; - default = ""; - }; - ipv4Address = mkOption { - description = "IPv4 address."; - type = types.str; - default = ""; - }; - ipv6Gateway = mkOption { - description = "Gateway for IPv6."; - type = types.str; - default = ""; - }; - ipv6Address = mkOption { - description = "IPv6 address."; - type = types.str; - default = ""; - }; }; } diff --git a/deployment/data-model.nix b/deployment/data-model.nix index 372fe995..4b757d6c 100644 --- a/deployment/data-model.nix +++ b/deployment/data-model.nix @@ -3,7 +3,7 @@ lib, config, inputs, - sources, + sources ? import ../npins, ... }: let @@ -478,7 +478,7 @@ let pkgs.qemu pkgs.nixos-generators pkgs.httpie - (pkgs.callPackage ./run/tf-proxmox/tf.nix { inherit sources; }) + (pkgs.callPackage ./run/tf-proxmox/tf.nix { }) ]) '' set -e diff --git a/deployment/nixos.nix b/deployment/nixos.nix index 54d65812..aba1202f 100644 --- a/deployment/nixos.nix +++ b/deployment/nixos.nix @@ -1,9 +1,10 @@ { configuration, system, - sources ? import ../npins, + ... }: let + sources = import ../npins; eval = import "${sources.nixpkgs}/nixos/lib/eval-config.nix" { inherit system; specialArgs = { @@ -12,8 +13,8 @@ let modules = [ configuration ]; }; in - { - inherit (eval) pkgs config options; - system = eval.config.system.build.toplevel; - inherit (eval.config.system.build) vm vmWithBootLoader; - } +{ + inherit (eval) pkgs config options; + system = eval.config.system.build.toplevel; + inherit (eval.config.system.build) vm vmWithBootLoader; +} diff --git a/deployment/run/tf-proxmox/tf.nix b/deployment/run/tf-proxmox/tf.nix index ba39d186..bf4eea67 100644 --- a/deployment/run/tf-proxmox/tf.nix +++ b/deployment/run/tf-proxmox/tf.nix @@ -1,12 +1,11 @@ # FIXME: use overlays so this gets imported just once? { pkgs, - sources ? import ../../../npins, - ... }: # FIXME centralize overlays # XXX using recent revision for https://github.com/NixOS/nixpkgs/pull/447849 let + sources = import ../../../npins; mkProvider = args: pkgs.terraform-providers.mkProvider (