verify checksum on upload

Signed-off-by: Kiara Grouwstra <kiara@procolix.eu>

deployment/data-model.nix

@@ -367,10 +367,12 @@ let
 
                   ls -l ${raw} >&2
                   ls -l /tmp/${name}.qcow2 >&2
+                  checksum="$(sha256sum /tmp/${name}.qcow2 | cut -d " " -f1)"
 
                   env ${toString (lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") environment)} \
                   ${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \
                   TF_VAR_image=/tmp/${name}.qcow2 \
+                  TF_VAR_checksum="$checksum" \
                   tf_env=${tf-env} bash ./deployment/run/tf-proxmox-template/run.sh
                 '';
           };

deployment/run/tf-proxmox-template/main.tf

@@ -53,8 +53,7 @@ resource "proxmox_virtual_environment_file" "upload" {
   source_file {
     path = var.image
     file_name = local.dump_name
-    # FIXME compute and pass hash (so identical builds don't trigger drift)
-    # checksum = "sha256"
+    checksum = var.checksum
   }
 }
 

deployment/run/tf-proxmox-template/variables.tf

@@ -24,3 +24,8 @@ variable "category" {
   description = "Category to be used in naming the base image."
   default = "test"
 }
+
+variable "checksum" {
+  type = string
+  description = "The SHA256 checksum of the source file."
+}