in TF distinguish base from regular config

2025-05-11 13:54:57 +02:00 · 2025-05-11 13:54:57 +02:00 · eeb3970fda
commit eeb3970fda
parent 1cb5296ecb
3 changed files with 20 additions and 8 deletions
--- a/infra/operator/main.tf
+++ b/infra/operator/main.tf
@ -77,6 +77,10 @@ module "nixos" {
          ${path.root}/../../machines/operator/${inst.hostname}
          ${path.module}/${name}.nix
        ];
+      }
+    EOF
+    config_nix_base = <<-EOF
+      {
        ## FIXME: switch root authentication to users with password-less sudo, see #24
        users.users.root.openssh.authorizedKeys.keys = let
          keys = import ../../keys;
--- a/infra/sync-nix/main.tf
+++ b/infra/sync-nix/main.tf
@ -153,6 +153,7 @@ resource "terraform_data" "nixos" {
  # - `data` always runs, which is slow for deploy and especially build.
  triggers_replace = [
    data.external.hash.result,
+    var.config_nix_base,
    var.config_nix,
    var.config_tf,
  ]
@ -180,14 +181,14 @@ resource "terraform_data" "nixos" {
        'let
          os = import <nixpkgs/nixos> {
            system = "${local.system}";
-            configuration =
-              ${var.config_nix} //
-              # template parameters passed in from TF thru json
-              builtins.fromJSON "${replace(jsonencode(var.config_tf), "\"", "\\\"")}" //
-              {
-                # nix path for debugging
-                nix.nixPath = [ "${local.nix_path}" ];
-              };
+            configuration = {
+              # nix path for debugging
+              nix.nixPath = [ "${local.nix_path}" ];
+            }
+            // ${var.config_nix_base}
+            // ${var.config_nix}
+            # template parameters passed in from TF thru json
+            // builtins.fromJSON "${replace(jsonencode(local.config_tf), "\"", "\\\"")}";
          };
        in
        # info we want to get back out
--- a/infra/sync-nix/variables.tf
+++ b/infra/sync-nix/variables.tf
@ -32,8 +32,15 @@ variable "disk_size" {
  default = 32
 }

+variable "config_nix_base" {
+  type = string
+  description = "Nix configuration to be used in the deployed VM as well as the base install."
+  default = "{}"
+}
+
 variable "config_nix" {
  type = string
+  description = "Nix configuration to be used in the deployed VM."
  default = "{}"
 }