factor out TF run.sh (#552)

Reviewed-on: fediversity/fediversity#552
2025-10-26 20:46:45 +01:00 · 2025-10-26 20:46:45 +01:00 · d1611a0946
commit d1611a0946
parent 7a890ccd44
8 changed files with 67 additions and 93 deletions
--- a/deployment/check/data-model-tf-proxmox/nixosTest.nix
+++ b/deployment/check/data-model-tf-proxmox/nixosTest.nix
@ -59,8 +59,6 @@ in
  _class = "nixosTest";
  name = "deployment-model";
  sourceFileset = lib.fileset.unions [
-    ../../run/tf-proxmox-template/run.sh
-    ../../run/tf-proxmox-vm/run.sh
    ../../run/tf-proxmox-vm/await-ssh.sh
  ];

--- a/deployment/check/data-model-tf/data-model.nix
+++ b/deployment/check/data-model-tf/data-model.nix
@ -42,7 +42,7 @@ in
              ssh = {
                username = "root";
                host = nodeName;
-                key-file = null;
+                key-file = "";
                inherit sshOpts;
              };
              caller = "deployment/check/data-model-tf/data-model.nix";
--- a/deployment/check/data-model-tf/nixosTest.nix
+++ b/deployment/check/data-model-tf/nixosTest.nix
@ -30,9 +30,6 @@ in
 {
  _class = "nixosTest";
  name = "deployment-model";
-  sourceFileset = lib.fileset.unions [
-    ../../run/tf-single-host/run.sh
-  ];

  nodes.deployer =
    { ... }:
@ -71,7 +68,7 @@ in
      deployer.wait_for_unit("multi-user.target")
      deployer.succeed("curl -u basic:fake-secret -X GET http://localhost:8080/state/project1/example")
      output = deployer.fail("""
-        ${lib.getExe deploy}
+        ${lib.getExe deploy} 2>&1
      """)
      assert "Timeout, server ${nodeName} not responding" in output
      target.wait_for_unit("multi-user.target")
--- a/deployment/data-model.nix
+++ b/deployment/data-model.nix
@ -19,15 +19,7 @@ let
    str
    submodule
    ;
-  inherit (pkgs.callPackage ./utils.nix { }) toBash;
-  withPackages = packages: {
-    makeWrapperArgs = [
-      "--prefix"
-      "PATH"
-      ":"
-      "${lib.makeBinPath packages}"
-    ];
-  };
+  inherit (pkgs.callPackage ./utils.nix { }) toBash withPackages tfApply;
  writeConfig =
    {
      system,
@ -246,6 +238,10 @@ let
                  key-file
                  sshOpts
                  ;
+              in
+              tfApply {
+                inherit httpBackend;
+                directory = "tf-single-host";
                environment = {
                  key_file = key-file;
                  ssh_opts = sshOpts;
@ -264,22 +260,7 @@ let
                    deployment-type = "tf-host";
                  };
                };
-                tf-env = pkgs.callPackage ./run/tf-env.nix {
-                  inherit httpBackend;
-                  tfPackage = pkgs.callPackage ./run/tf-single-host/tf.nix { };
-                  tfDirs = [ "deployment/run/tf-single-host" ];
-                };
-              in
-              pkgs.writers.writeBashBin "deploy-tf.sh"
-                (withPackages [
-                  pkgs.jq
-                  (pkgs.callPackage ./run/tf-single-host/tf.nix { })
-                ])
-                ''
-                  env ${toString (lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") environment)} \
-                  ${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \
-                  tf_env=${tf-env} bash ./deployment/run/tf-single-host/run.sh
-                '';
+              };
          };
        };
      });
@ -344,19 +325,10 @@ let
                  node_name = node-name;
                  image_datastore_id = imageDatastoreId;
                };
-                tf-env = pkgs.callPackage ./run/tf-env.nix {
-                  inherit httpBackend;
-                  tfPackage = pkgs.callPackage ./run/tf-proxmox-template/tf.nix { };
-                  tfDirs = [
-                    "deployment/run/tf-proxmox-template"
-                  ];
-                };
              in
              lib.trace (lib.strings.toJSON environment) pkgs.writers.writeBashBin "deploy-tf-proxmox-template.sh"
                (withPackages [
-                  pkgs.jq
                  pkgs.qemu
-                  (pkgs.callPackage ./run/tf-proxmox-vm/tf.nix { })
                ])
                ''
                  set -e
@ -369,11 +341,13 @@ let
                  ls -l /tmp/${name}.qcow2 >&2
                  checksum="$(sha256sum /tmp/${name}.qcow2 | cut -d " " -f1)"

-                  env ${toString (lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") environment)} \
-                  ${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \
+                  env \
                  TF_VAR_image=/tmp/${name}.qcow2 \
                  TF_VAR_checksum="$checksum" \
-                  tf_env=${tf-env} bash ./deployment/run/tf-proxmox-template/run.sh
+                  ${lib.getExe (tfApply {
+                    inherit httpBackend environment;
+                    directory = "tf-proxmox-template";
+                  })}
                '';
          };
        };
@ -531,33 +505,12 @@ let
                  ipv6_gateway = ipv6Gateway;
                  ipv6_address = ipv6Address;
                };
-                tf-env = pkgs.callPackage ./run/tf-env.nix {
-                  inherit httpBackend;
-                  tfPackage = pkgs.callPackage ./run/tf-proxmox-vm/tf.nix { };
-                  tfDirs = [
-                    "deployment/run/tf-single-host"
-                    "deployment/run/tf-proxmox-vm"
-                  ];
-                };
              in
-              lib.trace (lib.strings.toJSON environment) pkgs.writers.writeBashBin "deploy-tf-proxmox-vm.sh"
-                (withPackages [
-                  pkgs.jq
-                  pkgs.qemu
-                  (pkgs.callPackage ./run/tf-proxmox-vm/tf.nix { })
-                ])
-                ''
-                  set -e
-                  env ${
-                    toString (
-                      lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") (
-                        lib.filterAttrs (_: v: v != null) environment
-                      )
-                    )
-                  } \
-                  ${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \
-                  tf_env=${tf-env} bash ./deployment/run/tf-proxmox-vm/run.sh
-                '';
+              lib.trace (lib.strings.toJSON environment) (tfApply {
+                inherit httpBackend environment;
+                directory = "tf-proxmox-vm";
+                dependentDirs = [ "tf-single-host" ];
+              });
          };
        };
      });
--- a/deployment/run/tf-proxmox-template/run.sh
+++ b/deployment/run/tf-proxmox-template/run.sh
@ -1,7 +0,0 @@
-#! /usr/bin/env bash
-set -euo pipefail
-declare tf_env
-
-cd "${tf_env}/deployment/run/tf-proxmox-template"
-tofu apply --auto-approve -input=false -parallelism=1 >&2
-tofu output -json
--- a/deployment/run/tf-proxmox-vm/run.sh
+++ b/deployment/run/tf-proxmox-vm/run.sh
@ -1,8 +0,0 @@
-#! /usr/bin/env bash
-set -euo pipefail
-declare tf_env
-
-cd "${tf_env}/deployment/run/tf-proxmox-vm"
-# parallelism=1: limit OOM risk
-tofu apply --auto-approve -input=false -parallelism=1 >&2
-tofu output -json
--- a/deployment/run/tf-single-host/run.sh
+++ b/deployment/run/tf-single-host/run.sh
@ -1,7 +0,0 @@
-#! /usr/bin/env bash
-set -euo pipefail
-declare tf_env
-
-cd "${tf_env}/deployment/run/tf-single-host"
-# parallelism=1: limit OOM risk
-tofu apply --auto-approve -parallelism=1
--- a/deployment/utils.nix
+++ b/deployment/utils.nix
@ -4,7 +4,7 @@
  inputs ? null,
  ...
 }:
-{
+rec {
  evalModel =
    module:
    (lib.evalModules {
@ -17,6 +17,7 @@
        module
      ];
    }).config;
+
  toBash =
    v:
    lib.replaceStrings [ "\"" ] [ "\\\"" ] (
@ -27,4 +28,51 @@
      else
        lib.strings.toJSON v
    );
+
+  withPackages = packages: {
+    makeWrapperArgs = [
+      "--prefix"
+      "PATH"
+      ":"
+      "${lib.makeBinPath packages}"
+    ];
+  };
+
+  tfApply =
+    {
+      directory,
+      httpBackend,
+      dependentDirs ? [ ],
+      environment ? { },
+      # limit OOM risk
+      parallelism ? 1,
+    }:
+    let
+      env-vars = ''
+        ${
+          toString (
+            lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") (
+              lib.filterAttrs (_: v: v != null) environment
+            )
+          )
+        } \
+        ${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \
+      '';
+      tfPackage = pkgs.callPackage ./run/${directory}/tf.nix { };
+      tf-env = pkgs.callPackage ./run/tf-env.nix {
+        inherit httpBackend tfPackage;
+        tfDirs = lib.lists.map (dir: "deployment/run/${dir}") ([ directory ] ++ dependentDirs);
+      };
+    in
+    pkgs.writers.writeBashBin "tf-apply.sh"
+      (withPackages [
+        tfPackage
+        pkgs.jq
+      ])
+      ''
+        set -e
+        dir="${tf-env}/deployment/run/${directory}"
+        env ${env-vars} tofu -chdir="$dir" apply --auto-approve -parallelism=${builtins.toString parallelism} >&2
+        env ${env-vars} tofu -chdir="$dir" output -json
+      '';
 }