use upstreamed version of terraform-backend

Signed-off-by: Kiara Grouwstra <kiara@procolix.eu>

deployment/check/common/nixosTest.nix

@@ -80,41 +80,44 @@ in
 
     acmeNodeIP = config.nodes.acme.networking.primaryIPAddress;
 
-    nodes =
+    nodes = lib.mkMerge [
       {
-        deployer = {
-          imports = [ ./deployerNode.nix ];
-          _module.args = { inherit inputs sources; };
-          enableAcme = config.enableAcme;
-          acmeNodeIP = config.nodes.acme.networking.primaryIPAddress;
-        };
+        deployer = lib.mkMerge [
+          {
+            imports = [ ./deployerNode.nix ];
+            _module.args = { inherit inputs sources; };
+            enableAcme = config.enableAcme;
+          }
+          (lib.mkIf config.enableAcme {
+            acmeNodeIP = config.nodes.acme.networking.primaryIPAddress;
+            security.acme = {
+              acceptTerms = true;
+              defaults.email = "test@test.com";
+              defaults.server = "https://acme.test/dir";
+            };
+            security.pki.certificateFiles = [
+              (import "${inputs.nixpkgs}/nixos/tests/common/acme/server/snakeoil-certs.nix").ca.cert
+            ];
+            networking.extraHosts = "${config.acmeNodeIP} acme.test";
+          })
+        ];
       }
-
-      //
-
-        (
-          if config.enableAcme then
-            {
-              acme = {
-                ## FIXME: This makes `nodes.acme` into a local resolver. Maybe this will
-                ## break things once we play with DNS?
-                imports = [ "${inputs.nixpkgs}/nixos/tests/common/acme/server" ];
-                ## We aren't testing ACME - we just want certificates.
-                systemd.services.pebble.environment.PEBBLE_VA_ALWAYS_VALID = "1";
-              };
-            }
-          else
-            { }
-        )
-
-      //
-
-        genAttrs config.targetMachines (_: {
-          imports = [ ./targetNode.nix ];
-          _module.args = { inherit inputs sources; };
-          enableAcme = config.enableAcme;
-          acmeNodeIP = if config.enableAcme then config.nodes.acme.networking.primaryIPAddress else null;
-        });
+      (lib.mkIf config.enableAcme {
+        acme = {
+          ## FIXME: This makes `nodes.acme` into a local resolver. Maybe this will
+          ## break things once we play with DNS?
+          imports = [ "${inputs.nixpkgs}/nixos/tests/common/acme/server" ];
+          ## We aren't testing ACME - we just want certificates.
+          systemd.services.pebble.environment.PEBBLE_VA_ALWAYS_VALID = "1";
+        };
+      })
+      (genAttrs config.targetMachines (_: {
+        imports = [ ./targetNode.nix ];
+        _module.args = { inherit inputs sources; };
+        enableAcme = config.enableAcme;
+        acmeNodeIP = if config.enableAcme then config.nodes.acme.networking.primaryIPAddress else null;
+      }))
+    ];
 
     testScript = ''
       ${forConcat (attrNames config.nodes) (n: ''

deployment/check/data-model-nixops4/constants.nix

@@ -4,6 +4,5 @@
   ];
   pathToRoot = ../../..;
   pathFromRoot = ./.;
-  enableAcme = true;
   useFlake = true;
 }

deployment/check/data-model-nixops4/default.nix

@@ -16,7 +16,6 @@ runNixOSTest {
     targetMachines
     pathToRoot
     pathFromRoot
-    enableAcme
     useFlake
     ;
 }

deployment/check/data-model-ssh/constants.nix

@@ -8,5 +8,4 @@
     name = "root";
   };
   pathFromRoot = "/deployment/check/data-model-ssh";
-  enableAcme = true;
 }

deployment/check/data-model-ssh/default.nix

@@ -16,6 +16,5 @@ runNixOSTest {
     targetMachines
     pathToRoot
     pathFromRoot
-    enableAcme
     ;
 }

deployment/check/data-model-tf/constants.nix

@@ -7,5 +7,4 @@
     name = "root";
   };
   pathFromRoot = "/deployment/check/data-model-tf";
-  enableAcme = true;
 }

deployment/check/data-model-tf/default.nix

@@ -6,7 +6,9 @@
 
 let
   overlay = _: prev: {
-    terraform-backend = prev.callPackage ../../modules/terraform-backend/package.nix { };
+    terraform-backend =
+      prev.callPackage "${sources.nixpkgs-unstable}/pkgs/by-name/te/terraform-backend/package.nix"
+        { };
     # FIXME centralize overlays
     # XXX using recent revision for https://github.com/NixOS/nixpkgs/pull/447849
     opentofu =
@@ -46,6 +48,5 @@ pkgs.testers.runNixOSTest {
     targetMachines
     pathToRoot
     pathFromRoot
-    enableAcme
     ;
 }

deployment/modules/terraform-backend/package.nix

@@ -1,32 +0,0 @@
-{
-  lib,
-  buildGoModule,
-  fetchFromGitHub,
-}:
-
-# FIXME upstream: https://github.com/NixOS/nixpkgs/pull/447753
-buildGoModule rec {
-  pname = "terraform-backend";
-  version = "0.1.3";
-
-  src = fetchFromGitHub {
-    owner = "nimbolus";
-    repo = "terraform-backend";
-    tag = "v${version}";
-    hash = "sha256-S3ih7dLSQs3xJMHyQyWy43OG1maizBPVT8IsrWcSRUM=";
-  };
-
-  vendorHash = "sha256-5L8MNhjEPI3OOmtHdkB9ZQp02d7nzPp5h0/gVHTiCws=";
-
-  ldflags = [
-    "-s"
-    "-w"
-  ];
-
-  meta = {
-    description = "State backend server which implements the Terraform HTTP backend API with pluggable modules for authentication, storage, locking and state encryption";
-    homepage = "https://github.com/nimbolus/terraform-backend";
-    license = lib.licenses.bsd3;
-    mainProgram = "cmd";
-  };
-}

npins/sources.json

@@ -189,9 +189,9 @@
       },
       "branch": "nixpkgs-unstable",
       "submodules": false,
-      "revision": "d7f52a7a640bc54c7bb414cca603835bf8dd4b10",
-      "url": "https://github.com/nixos/nixpkgs/archive/d7f52a7a640bc54c7bb414cca603835bf8dd4b10.tar.gz",
-      "hash": "0c9kjncpmbdx6gwww9fn81hyr3bngi4hg51g4n2q4808c321kf4j"
+      "revision": "2dad7af78a183b6c486702c18af8a9544f298377",
+      "url": "https://github.com/nixos/nixpkgs/archive/2dad7af78a183b6c486702c18af8a9544f298377.tar.gz",
+      "hash": "12icrzyc8h6yh5c60wdhaypzc17ygwz664h92jj112pf6whgi2id"
     },
     "proxmox-nixos": {
       "type": "Git",