diff --git a/infra/operator/main.tf b/infra/operator/main.tf index 474b79ea..5203e78b 100644 --- a/infra/operator/main.tf +++ b/infra/operator/main.tf @@ -77,6 +77,10 @@ module "nixos" { ${path.root}/../../machines/operator/${inst.hostname} ${path.module}/${name}.nix ]; + } + EOF + config_nix_base = <<-EOF + { ## FIXME: switch root authentication to users with password-less sudo, see #24 users.users.root.openssh.authorizedKeys.keys = let keys = import ../../keys; diff --git a/infra/sync-nix/main.tf b/infra/sync-nix/main.tf index a2f51b9c..3c4c6692 100644 --- a/infra/sync-nix/main.tf +++ b/infra/sync-nix/main.tf @@ -153,6 +153,7 @@ resource "terraform_data" "nixos" { # - `data` always runs, which is slow for deploy and especially build. triggers_replace = [ data.external.hash.result, + var.config_nix_base, var.config_nix, var.config_tf, ] @@ -180,14 +181,14 @@ resource "terraform_data" "nixos" { 'let os = import { system = "${local.system}"; - configuration = - ${var.config_nix} // - # template parameters passed in from TF thru json - builtins.fromJSON "${replace(jsonencode(var.config_tf), "\"", "\\\"")}" // - { - # nix path for debugging - nix.nixPath = [ "${local.nix_path}" ]; - }; + configuration = { + # nix path for debugging + nix.nixPath = [ "${local.nix_path}" ]; + } + // ${var.config_nix_base} + // ${var.config_nix} + # template parameters passed in from TF thru json + // builtins.fromJSON "${replace(jsonencode(local.config_tf), "\"", "\\\"")}"; }; in # info we want to get back out diff --git a/infra/sync-nix/variables.tf b/infra/sync-nix/variables.tf index 1bb32b06..bd3d9819 100644 --- a/infra/sync-nix/variables.tf +++ b/infra/sync-nix/variables.tf @@ -32,8 +32,15 @@ variable "disk_size" { default = 32 } +variable "config_nix_base" { + type = string + description = "Nix configuration to be used in the deployed VM as well as the base install." + default = "{}" +} + variable "config_nix" { type = string + description = "Nix configuration to be used in the deployed VM." default = "{}" }