forked from fediversity/fediversity
unlog steps
Signed-off-by: Kiara Grouwstra <kiara@procolix.eu>
This commit is contained in:
parent
5ffc3be66b
commit
f68e42d5c0
SSH key fingerprint:
SHA256:COspvLoLJ5WC5rFb9ZDe5urVCkK4LJZOsjfF4duRJFU
8 changed files with 88 additions and 61 deletions
|
|
@ -369,6 +369,7 @@ let
|
|||
inherit
|
||||
args
|
||||
deployment-name
|
||||
httpBackend
|
||||
proxmox-user
|
||||
proxmox-password
|
||||
node-name
|
||||
|
|
|
|||
|
|
@ -9,7 +9,8 @@ let
|
|||
inherit system;
|
||||
overlays = [ overlay ];
|
||||
};
|
||||
overlay = _: _: {
|
||||
overlay = _: prev: {
|
||||
terraform-backend = prev.callPackage ../../modules/terraform-backend/package.nix { };
|
||||
inherit
|
||||
(import "${sources.proxmox-nixos}/pkgs" {
|
||||
craneLib = pkgs.callPackage "${sources.crane}/lib" { };
|
||||
|
|
|
|||
|
|
@ -6,7 +6,16 @@
|
|||
}:
|
||||
let
|
||||
inherit (pkgs) system;
|
||||
backendPort = builtins.toString 8080;
|
||||
httpBackend = rec {
|
||||
TF_HTTP_USERNAME = "basic";
|
||||
TF_HTTP_PASSWORD = "fake-secret";
|
||||
TF_HTTP_ADDRESS = "http://localhost:${backendPort}/state/project1/example";
|
||||
TF_HTTP_LOCK_ADDRESS = TF_HTTP_ADDRESS;
|
||||
TF_HTTP_UNLOCK_ADDRESS = TF_HTTP_ADDRESS;
|
||||
};
|
||||
deployment-config = {
|
||||
inherit httpBackend;
|
||||
inherit (import ./constants.nix) pathToRoot;
|
||||
nodeName = "pve";
|
||||
targetSystem = system;
|
||||
|
|
@ -22,8 +31,6 @@ let
|
|||
config = deployment-config;
|
||||
# opt not to pass `inputs`, as we could only pass serializable arguments through to its self-call
|
||||
})."tf-proxmox-deployment".tf-proxmox-host;
|
||||
# tracking non-tarball downloads seems unsupported still in npins:
|
||||
# https://github.com/andir/npins/issues/163
|
||||
in
|
||||
{
|
||||
_class = "nixosTest";
|
||||
|
|
@ -46,6 +53,7 @@ in
|
|||
password = "mytestpw";
|
||||
hashedPasswordFile = lib.mkForce null;
|
||||
};
|
||||
# https://github.com/SaumonNet/proxmox-nixos/blob/main/modules/proxmox-ve/default.nix
|
||||
services.proxmox-ve = {
|
||||
enable = true;
|
||||
ipAddress = "192.168.1.1";
|
||||
|
|
@ -59,6 +67,10 @@ in
|
|||
nodes.deployer =
|
||||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
../../modules/terraform-backend
|
||||
];
|
||||
|
||||
nix.nixPath = [
|
||||
(lib.concatStringsSep ":" (lib.mapAttrsToList (k: v: k + "=" + v) sources))
|
||||
];
|
||||
|
|
@ -87,6 +99,13 @@ in
|
|||
sources.nixpkgs
|
||||
pkgs.vte
|
||||
];
|
||||
services.terraform-backend = {
|
||||
enable = true;
|
||||
settings = {
|
||||
LISTEN_ADDR = ":${backendPort}";
|
||||
KMS_KEY = "tsjxw9NjKUBUlzbTnD7orqIAdEmpGYRARvxD51jtY+o=";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
extraTestScript = ''
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@
|
|||
lib,
|
||||
config,
|
||||
inputs,
|
||||
sources,
|
||||
...
|
||||
}:
|
||||
let
|
||||
|
|
@ -398,13 +399,13 @@ let
|
|||
type = submodule (
|
||||
tf-host:
|
||||
let
|
||||
raw = {
|
||||
# formatConfig = "${pkgs.nixos-generators}/share/nixos-generator/formats/raw.nix";
|
||||
formatConfig = "${pkgs.nixos-generators}/share/nixos-generator/formats/raw-efi.nix";
|
||||
formatAttr = "raw";
|
||||
fileExtension = ".img";
|
||||
};
|
||||
format = raw;
|
||||
# raw = {
|
||||
# # formatConfig = "${pkgs.nixos-generators}/share/nixos-generator/formats/raw.nix";
|
||||
# formatConfig = "${pkgs.nixos-generators}/share/nixos-generator/formats/raw-efi.nix";
|
||||
# formatAttr = "raw";
|
||||
# fileExtension = ".img";
|
||||
# };
|
||||
# format = raw;
|
||||
# qcow = {
|
||||
# formatConfig = "${pkgs.nixos-generators}/share/nixos-generator/formats/qcow.nix";
|
||||
# formatAttr = "qcow";
|
||||
|
|
@ -417,7 +418,7 @@ let
|
|||
# fileExtension = ".qcow2";
|
||||
# };
|
||||
# format = qcow-efi;
|
||||
inherit (format) formatConfig fileExtension formatAttr;
|
||||
# inherit (format) formatConfig fileExtension formatAttr;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
|
|
@ -458,6 +459,10 @@ let
|
|||
description = "the name of the ProxmoX node to use.";
|
||||
type = types.str;
|
||||
};
|
||||
httpBackend = mkOption {
|
||||
description = "environment variables to configure the TF HTTP back-end, see <https://developer.hashicorp.com/terraform/language/backend/http#configuration-variables>";
|
||||
type = types.attrsOf (types.either types.str types.int);
|
||||
};
|
||||
run = mkOption {
|
||||
type = types.package;
|
||||
# error: The option `tf-deployment.tf-host.run' is read-only, but it's set multiple times.
|
||||
|
|
@ -470,6 +475,7 @@ let
|
|||
module
|
||||
args
|
||||
deployment-name
|
||||
httpBackend
|
||||
root-path
|
||||
proxmox-user
|
||||
proxmox-password
|
||||
|
|
@ -541,7 +547,14 @@ let
|
|||
ssh_user = username;
|
||||
node_name = node-name;
|
||||
};
|
||||
tf-env = pkgs.callPackage ./run/tf-proxmox/tf-env.nix { };
|
||||
tf-env = pkgs.callPackage ./run/tf-env.nix {
|
||||
inherit httpBackend;
|
||||
tfPackage = pkgs.callPackage ./run/tf-proxmox/tf.nix { };
|
||||
tfDirs = [
|
||||
"deployment/run/tf-single-host"
|
||||
"deployment/run/tf-proxmox"
|
||||
];
|
||||
};
|
||||
proxmox-host = "192.168.51.81"; # root@fediversity-proxmox
|
||||
vm-names = [ "test14" ];
|
||||
vm_name = "test14";
|
||||
|
|
@ -555,7 +568,7 @@ let
|
|||
(pkgs.callPackage ./run/tf-proxmox/tf.nix { inherit sources; })
|
||||
])
|
||||
''
|
||||
set -xe
|
||||
set -e
|
||||
|
||||
# bash ./infra/proxmox-remove.sh \
|
||||
# --api-url "https://${proxmox-host}:8006/api2/json" \
|
||||
|
|
@ -580,6 +593,7 @@ let
|
|||
ls -l /tmp/${name}.qcow2
|
||||
|
||||
env ${toString (lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") environment)} \
|
||||
${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \
|
||||
TF_VAR_image=/tmp/${name}.qcow2 \
|
||||
tf_env=${tf-env} bash ./deployment/run/tf-proxmox/run.sh
|
||||
'';
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@ terraform {
|
|||
version = "= 0.81.0"
|
||||
}
|
||||
}
|
||||
backend "http" {
|
||||
}
|
||||
}
|
||||
|
||||
locals {
|
||||
|
|
@ -142,6 +144,7 @@ resource "proxmox_virtual_environment_vm" "nix_vm" {
|
|||
cache = "none"
|
||||
|
||||
# FIXME make the provider allow this as a distinct block to allow making this depend on VM id?
|
||||
# FIXME replace with an effectful ~~function~~template from vm_id replacing resource `proxmox_virtual_environment_file.upload`
|
||||
# import_from = "local:import/${proxmox_virtual_environment_vm.nix_vm.vm_id}-${local.dump_name}" # bogus import name to test if it would accept self-referential values here # may not refer to itself
|
||||
# import_from = "local:import/${local.dump_name}"
|
||||
import_from = proxmox_virtual_environment_file.upload.id
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env bash
|
||||
set -xeuo pipefail
|
||||
set -euo pipefail
|
||||
declare tf_env
|
||||
|
||||
export TF_LOG=info
|
||||
|
|
@ -8,4 +8,4 @@ export TF_LOG=info
|
|||
|
||||
cd "${tf_env}/deployment/run/tf-proxmox"
|
||||
# parallelism=1: limit OOM risk
|
||||
tofu apply --auto-approve -lock=false -input=false -parallelism=1
|
||||
tofu apply --auto-approve -input=false -parallelism=1
|
||||
|
|
|
|||
|
|
@ -1,33 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
pkgs,
|
||||
sources ? import ../../../npins,
|
||||
}:
|
||||
pkgs.stdenv.mkDerivation {
|
||||
name = "tf-repo";
|
||||
src =
|
||||
with lib.fileset;
|
||||
toSource {
|
||||
root = ../../../.;
|
||||
# don't copy ignored files
|
||||
fileset = intersection (gitTracked ../../../.) ../../../.;
|
||||
};
|
||||
buildInputs = [
|
||||
(pkgs.callPackage ./tf.nix { inherit sources; })
|
||||
(pkgs.callPackage ../tf-setup.nix { inherit sources; })
|
||||
];
|
||||
buildPhase = ''
|
||||
runHook preBuild
|
||||
for category in deployment/run/tf-single-host deployment/run/tf-proxmox; do
|
||||
pushd "$category"
|
||||
source setup
|
||||
popd
|
||||
done
|
||||
runHook postBuild
|
||||
'';
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
cp -r . $out
|
||||
runHook postInstall
|
||||
'';
|
||||
}
|
||||
|
|
@ -4,6 +4,8 @@
|
|||
sources ? import ../../../npins,
|
||||
...
|
||||
}:
|
||||
# FIXME centralize overlays
|
||||
# XXX using recent revision for https://github.com/NixOS/nixpkgs/pull/447849
|
||||
let
|
||||
mkProvider =
|
||||
args:
|
||||
|
|
@ -11,17 +13,37 @@ let
|
|||
{ mkProviderFetcher = { repo, ... }: sources.${repo}; } // args
|
||||
);
|
||||
in
|
||||
pkgs.opentofu.withPlugins (p: [
|
||||
p.external
|
||||
(mkProvider {
|
||||
owner = "bpg";
|
||||
repo = "terraform-provider-proxmox";
|
||||
# 0.82+ need go 1.25
|
||||
rev = "v0.81.0";
|
||||
spdx = "MPL-2.0";
|
||||
hash = null;
|
||||
vendorHash = "sha256-cpei22LkKqohlE76CQcIL5d7p+BjNcD6UQ8dl0WXUOc=";
|
||||
homepage = "https://registry.terraform.io/providers/bpg/proxmox";
|
||||
provider-source-address = "registry.opentofu.org/bpg/proxmox";
|
||||
(
|
||||
(pkgs.callPackage "${sources.nixpkgs-unstable}/pkgs/by-name/op/opentofu/package.nix" { })
|
||||
.overrideAttrs
|
||||
(old: rec {
|
||||
patches = (old.patches or [ ]) ++ [
|
||||
# TF with back-end poses a problem for nix: initialization involves both
|
||||
# mutation (nix: only inside build) and a network call (nix: not inside build)
|
||||
../../check/data-model-tf/02-opentofu-sandboxed-init.patch
|
||||
];
|
||||
# versions > 1.9.0 need go 1.24+
|
||||
version = "1.9.0";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "opentofu";
|
||||
repo = "opentofu";
|
||||
tag = "v${version}";
|
||||
hash = "sha256-e0ZzbQdex0DD7Bj9WpcVI5roh0cMbJuNr5nsSVaOSu4=";
|
||||
};
|
||||
vendorHash = "sha256-fMTbLSeW+pw6GK8/JLZzG2ER90ss2g1FSDX5+f292do=";
|
||||
})
|
||||
])
|
||||
).withPlugins
|
||||
(p: [
|
||||
p.external
|
||||
(mkProvider {
|
||||
owner = "bpg";
|
||||
repo = "terraform-provider-proxmox";
|
||||
# 0.82+ need go 1.25
|
||||
rev = "v0.81.0";
|
||||
spdx = "MPL-2.0";
|
||||
hash = null;
|
||||
vendorHash = "sha256-cpei22LkKqohlE76CQcIL5d7p+BjNcD6UQ8dl0WXUOc=";
|
||||
homepage = "https://registry.terraform.io/providers/bpg/proxmox";
|
||||
provider-source-address = "registry.opentofu.org/bpg/proxmox";
|
||||
})
|
||||
])
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue