forked from fediversity/fediversity
Compare commits
2 commits
8fbd60b4f7
...
9f7b74a43d
| Author | SHA1 | Date | |
|---|---|---|---|
9f7b74a43d
|
|||
| d5218ca66c |
7 changed files with 97 additions and 30 deletions
|
|
@ -8,12 +8,8 @@
|
|||
let
|
||||
inherit (pkgs) system;
|
||||
backendPort = builtins.toString 8080;
|
||||
tfBackend = fragment: rec {
|
||||
TF_HTTP_USERNAME = "basic";
|
||||
TF_HTTP_PASSWORD = "fake-secret";
|
||||
TF_HTTP_LOCK_ADDRESS = TF_HTTP_ADDRESS;
|
||||
TF_HTTP_UNLOCK_ADDRESS = TF_HTTP_ADDRESS;
|
||||
TF_HTTP_ADDRESS = "http://localhost:${backendPort}/state/${fragment}";
|
||||
tfBackend = fragment: {
|
||||
address = "http://localhost:${backendPort}/state/${fragment}";
|
||||
};
|
||||
template-deployment =
|
||||
(import ./setups/template.nix {
|
||||
|
|
|
|||
|
|
@ -17,13 +17,7 @@ let
|
|||
inherit nodeName pathToRoot;
|
||||
targetSystem = system;
|
||||
sshOpts = [ ];
|
||||
httpBackend = rec {
|
||||
TF_HTTP_USERNAME = "basic";
|
||||
TF_HTTP_PASSWORD = "fake-secret";
|
||||
TF_HTTP_ADDRESS = "http://localhost:${backendPort}/state/project1/example";
|
||||
TF_HTTP_LOCK_ADDRESS = TF_HTTP_ADDRESS;
|
||||
TF_HTTP_UNLOCK_ADDRESS = TF_HTTP_ADDRESS;
|
||||
};
|
||||
httpBackend.address = "http://localhost:${backendPort}/state/project1/example";
|
||||
};
|
||||
}).default.tf-host.run;
|
||||
in
|
||||
|
|
|
|||
|
|
@ -74,6 +74,91 @@ let
|
|||
description = "A NixOS configuration.";
|
||||
type = raw;
|
||||
};
|
||||
httpBackend = mkOption {
|
||||
description = "environment variables to configure the TF HTTP back-end, see <https://developer.hashicorp.com/terraform/language/backend/http#configuration-variables>";
|
||||
type = types.submodule (http-backend: {
|
||||
options = {
|
||||
value = mkOption {
|
||||
readOnly = true;
|
||||
default = lib.mapAttrs' (k: v: lib.nameValuePair "TF_HTTP_${lib.toUpper k}" (builtins.toString v)) {
|
||||
inherit (http-backend.config)
|
||||
address
|
||||
update_method
|
||||
lock_address
|
||||
lock_method
|
||||
unlock_address
|
||||
unlock_method
|
||||
username
|
||||
password
|
||||
skip_cert_verification
|
||||
retry_max
|
||||
retry_wait_min
|
||||
retry_wait_max
|
||||
;
|
||||
};
|
||||
};
|
||||
address = mkOption {
|
||||
description = "The address of the REST endpoint";
|
||||
type = str;
|
||||
};
|
||||
update_method = mkOption {
|
||||
description = "HTTP method to use when updating state.";
|
||||
type = str;
|
||||
default = "POST";
|
||||
};
|
||||
lock_address = mkOption {
|
||||
description = "The address of the lock REST endpoint.";
|
||||
type = str;
|
||||
default = http-backend.config.address;
|
||||
};
|
||||
lock_method = mkOption {
|
||||
description = "The HTTP method to use when locking.";
|
||||
type = str;
|
||||
default = "LOCK";
|
||||
};
|
||||
unlock_address = mkOption {
|
||||
description = "The address of the unlock REST endpoint.";
|
||||
type = str;
|
||||
default = http-backend.config.address;
|
||||
};
|
||||
unlock_method = mkOption {
|
||||
description = "The HTTP method to use when unlocking.";
|
||||
type = str;
|
||||
default = "UNLOCK";
|
||||
};
|
||||
username = mkOption {
|
||||
description = "The username for HTTP basic authentication.";
|
||||
type = str;
|
||||
default = "basic";
|
||||
};
|
||||
password = mkOption {
|
||||
description = "The password for HTTP basic authentication.";
|
||||
type = str;
|
||||
default = "fake-secret";
|
||||
};
|
||||
skip_cert_verification = mkOption {
|
||||
description = "Whether to skip TLS verification.";
|
||||
type = str;
|
||||
default = "false";
|
||||
};
|
||||
retry_max = mkOption {
|
||||
description = "The number of HTTP request retries.";
|
||||
type = types.int;
|
||||
default = 2;
|
||||
};
|
||||
retry_wait_min = mkOption {
|
||||
description = "The minimum time in seconds to wait between HTTP request attempts.";
|
||||
type = types.int;
|
||||
default = 1;
|
||||
};
|
||||
retry_wait_max = mkOption {
|
||||
description = "The maximum time in seconds to wait between HTTP request attempts.";
|
||||
type = types.int;
|
||||
default = 30;
|
||||
};
|
||||
};
|
||||
});
|
||||
};
|
||||
host-ssh = mkOption {
|
||||
description = "SSH connection info to connect to a single host.";
|
||||
type = submodule {
|
||||
|
|
@ -195,7 +280,7 @@ let
|
|||
description = "The architecture of the system to deploy to.";
|
||||
type = types.str;
|
||||
};
|
||||
inherit nixos-configuration;
|
||||
inherit httpBackend nixos-configuration;
|
||||
ssh = host-ssh;
|
||||
caller = mkOption {
|
||||
description = "The calling module to obtain the NixOS configuration from.";
|
||||
|
|
@ -213,10 +298,6 @@ let
|
|||
description = "The path to the root of the repository.";
|
||||
type = types.path;
|
||||
};
|
||||
httpBackend = mkOption {
|
||||
description = "environment variables to configure the TF HTTP back-end, see <https://developer.hashicorp.com/terraform/language/backend/http#configuration-variables>";
|
||||
type = types.attrsOf (types.either types.str types.int);
|
||||
};
|
||||
run = mkOption {
|
||||
type = types.package;
|
||||
# error: The option `tf-deployment.tf-host.run' is read-only, but it's set multiple times.
|
||||
|
|
@ -278,16 +359,12 @@ let
|
|||
description = "The architecture of the system to deploy to.";
|
||||
type = types.str;
|
||||
};
|
||||
inherit nixos-configuration;
|
||||
inherit httpBackend nixos-configuration;
|
||||
ssh = host-ssh;
|
||||
node-name = mkOption {
|
||||
description = "the name of the ProxmoX node to use.";
|
||||
type = types.str;
|
||||
};
|
||||
httpBackend = mkOption {
|
||||
description = "environment variables to configure the TF HTTP back-end, see <https://developer.hashicorp.com/terraform/language/backend/http#configuration-variables>";
|
||||
type = types.attrsOf (types.either types.str types.int);
|
||||
};
|
||||
imageDatastoreId = mkOption {
|
||||
description = "ID of the datastore of the image.";
|
||||
type = types.str;
|
||||
|
|
@ -366,7 +443,7 @@ let
|
|||
description = "The architecture of the system to deploy to.";
|
||||
type = types.str;
|
||||
};
|
||||
inherit nixos-configuration;
|
||||
inherit httpBackend nixos-configuration;
|
||||
ssh = host-ssh;
|
||||
caller = mkOption {
|
||||
description = "The calling module to obtain the NixOS configuration from.";
|
||||
|
|
@ -388,10 +465,6 @@ let
|
|||
description = "the name of the ProxmoX node to use.";
|
||||
type = types.str;
|
||||
};
|
||||
httpBackend = mkOption {
|
||||
description = "environment variables to configure the TF HTTP back-end, see <https://developer.hashicorp.com/terraform/language/backend/http#configuration-variables>";
|
||||
type = types.attrsOf (types.either types.str types.int);
|
||||
};
|
||||
bridge = mkOption {
|
||||
description = "The name of the network bridge (defaults to vmbr0).";
|
||||
type = types.str;
|
||||
|
|
|
|||
|
|
@ -17,6 +17,6 @@ pkgs.writeScriptBin "setup" ''
|
|||
# suppress warning on architecture-specific generated lock file:
|
||||
# `Warning: Incomplete lock file information for providers`.
|
||||
env TF_HTTP_RETRY_MAX=1 TF_HTTP_RETRY_WAIT_MIN=0 \
|
||||
${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \
|
||||
${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend.value)} \
|
||||
tofu init -input=false 1>/dev/null
|
||||
''
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ rec {
|
|||
)
|
||||
)
|
||||
} \
|
||||
${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \
|
||||
${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend.value)} \
|
||||
'';
|
||||
tfPackage = pkgs.callPackage ./run/${directory}/tf.nix { };
|
||||
tf-env = pkgs.callPackage ./run/tf-env.nix {
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ in
|
|||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
system.stateVersion = "24.05"; # do not change
|
||||
nixpkgs.hostPlatform = mkDefault "x86_64-linux";
|
||||
nix.gc.automatic = mkDefault true;
|
||||
|
||||
## This is just nice to have, but it is also particularly important for the
|
||||
## Forgejo CI runners because the Nix configuration in the actions is directly
|
||||
|
|
|
|||
|
|
@ -44,4 +44,7 @@
|
|||
|
||||
## For the Docker mode of the runner.
|
||||
virtualisation.docker.enable = true;
|
||||
|
||||
# we should probably prevent CI from trashing CI builds
|
||||
nix.gc.automatic = false;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue