forked from fediversity/fediversity
Compare commits
No commits in common. "9be8dd5ad96ee3bed72bfefd8b369899d184f413" and "9a0f60e81974b62238b4e61746b2b8e863dc1dc4" have entirely different histories.
9be8dd5ad9
...
9a0f60e819
7 changed files with 11 additions and 40 deletions
|
|
@ -21,9 +21,5 @@ in
|
||||||
default = [ ];
|
default = [ ];
|
||||||
example = "ConnectTimeout=60";
|
example = "ConnectTimeout=60";
|
||||||
};
|
};
|
||||||
httpBackend = mkOption {
|
|
||||||
description = "environment variables to configure the TF HTTP back-end, see <https://developer.hashicorp.com/terraform/language/backend/http#configuration-variables>";
|
|
||||||
type = types.attrsOf (types.either types.str types.int);
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,6 @@ let
|
||||||
pathToRoot
|
pathToRoot
|
||||||
targetSystem
|
targetSystem
|
||||||
sshOpts
|
sshOpts
|
||||||
httpBackend
|
|
||||||
;
|
;
|
||||||
inherit (lib) mkOption types;
|
inherit (lib) mkOption types;
|
||||||
eval =
|
eval =
|
||||||
|
|
@ -202,7 +201,7 @@ let
|
||||||
inherit sshOpts;
|
inherit sshOpts;
|
||||||
};
|
};
|
||||||
module = self;
|
module = self;
|
||||||
inherit args deployment-name httpBackend;
|
inherit args deployment-name;
|
||||||
root-path = pathToRoot;
|
root-path = pathToRoot;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -8,18 +8,10 @@ let
|
||||||
inherit (pkgs) system;
|
inherit (pkgs) system;
|
||||||
inherit (import ./constants.nix) pathToRoot;
|
inherit (import ./constants.nix) pathToRoot;
|
||||||
nodeName = "target";
|
nodeName = "target";
|
||||||
backendPort = builtins.toString 8080;
|
|
||||||
deployment-config = {
|
deployment-config = {
|
||||||
inherit nodeName pathToRoot;
|
inherit nodeName pathToRoot;
|
||||||
targetSystem = system;
|
targetSystem = system;
|
||||||
sshOpts = [ ];
|
sshOpts = [ ];
|
||||||
httpBackend = rec {
|
|
||||||
TF_HTTP_USERNAME = "basic";
|
|
||||||
TF_HTTP_PASSWORD = "fake-secret";
|
|
||||||
TF_HTTP_ADDRESS = "http://localhost:${backendPort}/state/project1/example";
|
|
||||||
TF_HTTP_LOCK_ADDRESS = TF_HTTP_ADDRESS;
|
|
||||||
TF_HTTP_UNLOCK_ADDRESS = TF_HTTP_ADDRESS;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
deploy =
|
deploy =
|
||||||
(import ../common/data-model.nix {
|
(import ../common/data-model.nix {
|
||||||
|
|
@ -62,8 +54,8 @@ in
|
||||||
services.terraform-backend = {
|
services.terraform-backend = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings = {
|
settings = {
|
||||||
|
LISTEN_ADDR = ":8080";
|
||||||
KMS_KEY = "l99yC7MhbuuraACQ8bjaU1rMrT6L4PXEYupX6BzhJvY=";
|
KMS_KEY = "l99yC7MhbuuraACQ8bjaU1rMrT6L4PXEYupX6BzhJvY=";
|
||||||
LISTEN_ADDR = ":${backendPort}";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -222,10 +222,6 @@ let
|
||||||
description = "The path to the root of the repository.";
|
description = "The path to the root of the repository.";
|
||||||
type = types.path;
|
type = types.path;
|
||||||
};
|
};
|
||||||
httpBackend = mkOption {
|
|
||||||
description = "environment variables to configure the TF HTTP back-end, see <https://developer.hashicorp.com/terraform/language/backend/http#configuration-variables>";
|
|
||||||
type = types.attrsOf (types.either types.str types.int);
|
|
||||||
};
|
|
||||||
run = mkOption {
|
run = mkOption {
|
||||||
type = types.package;
|
type = types.package;
|
||||||
# error: The option `tf-deployment.tf-host.run' is read-only, but it's set multiple times.
|
# error: The option `tf-deployment.tf-host.run' is read-only, but it's set multiple times.
|
||||||
|
|
@ -239,7 +235,6 @@ let
|
||||||
args
|
args
|
||||||
deployment-name
|
deployment-name
|
||||||
root-path
|
root-path
|
||||||
httpBackend
|
|
||||||
;
|
;
|
||||||
inherit (ssh)
|
inherit (ssh)
|
||||||
host
|
host
|
||||||
|
|
@ -265,7 +260,7 @@ let
|
||||||
deployment-type = "tf-host";
|
deployment-type = "tf-host";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
tf-env = pkgs.callPackage ./run/tf-single-host/tf-env.nix { inherit httpBackend; };
|
tf-env = pkgs.callPackage ./run/tf-single-host/tf-env.nix { };
|
||||||
in
|
in
|
||||||
pkgs.writers.writeBashBin "deploy-tf.sh"
|
pkgs.writers.writeBashBin "deploy-tf.sh"
|
||||||
(withPackages [
|
(withPackages [
|
||||||
|
|
@ -274,7 +269,6 @@ let
|
||||||
])
|
])
|
||||||
''
|
''
|
||||||
env ${toString (lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") environment)} \
|
env ${toString (lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") environment)} \
|
||||||
${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \
|
|
||||||
tf_env=${tf-env} bash ./deployment/run/tf-single-host/run.sh
|
tf_env=${tf-env} bash ./deployment/run/tf-single-host/run.sh
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -2,20 +2,7 @@
|
||||||
pkgs,
|
pkgs,
|
||||||
lib,
|
lib,
|
||||||
sources,
|
sources,
|
||||||
httpBackend,
|
|
||||||
}:
|
}:
|
||||||
let
|
|
||||||
toBash =
|
|
||||||
v:
|
|
||||||
lib.replaceStrings [ "\"" ] [ "\\\"" ] (
|
|
||||||
if lib.isPath v || builtins.isNull v then
|
|
||||||
toString v
|
|
||||||
else if lib.isString v then
|
|
||||||
v
|
|
||||||
else
|
|
||||||
lib.strings.toJSON v
|
|
||||||
);
|
|
||||||
in
|
|
||||||
pkgs.writeScriptBin "setup" ''
|
pkgs.writeScriptBin "setup" ''
|
||||||
set -e
|
set -e
|
||||||
# calculated pins
|
# calculated pins
|
||||||
|
|
@ -25,7 +12,5 @@ pkgs.writeScriptBin "setup" ''
|
||||||
rm -f .terraform.lock.hcl
|
rm -f .terraform.lock.hcl
|
||||||
# suppress warning on architecture-specific generated lock file:
|
# suppress warning on architecture-specific generated lock file:
|
||||||
# `Warning: Incomplete lock file information for providers`.
|
# `Warning: Incomplete lock file information for providers`.
|
||||||
env TF_HTTP_RETRY_MAX=1 TF_HTTP_RETRY_WAIT_MIN=0 \
|
|
||||||
${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \
|
|
||||||
tofu init -input=false 1>/dev/null
|
tofu init -input=false 1>/dev/null
|
||||||
''
|
''
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,11 @@
|
||||||
terraform {
|
terraform {
|
||||||
|
# TODO un-hardcode
|
||||||
backend "http" {
|
backend "http" {
|
||||||
|
username = "basic"
|
||||||
|
password = "fake-secret"
|
||||||
|
address = "http://localhost:8080/state/project1/example"
|
||||||
|
lock_address = "http://localhost:8080/state/project1/example"
|
||||||
|
unlock_address = "http://localhost:8080/state/project1/example"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,6 @@
|
||||||
{
|
{
|
||||||
lib,
|
lib,
|
||||||
pkgs,
|
pkgs,
|
||||||
httpBackend,
|
|
||||||
sources ? import ../../../npins,
|
sources ? import ../../../npins,
|
||||||
}:
|
}:
|
||||||
pkgs.stdenv.mkDerivation {
|
pkgs.stdenv.mkDerivation {
|
||||||
|
|
@ -11,11 +10,11 @@ pkgs.stdenv.mkDerivation {
|
||||||
toSource {
|
toSource {
|
||||||
root = ../../../.;
|
root = ../../../.;
|
||||||
# don't copy ignored files
|
# don't copy ignored files
|
||||||
fileset = gitTracked ../../../.;
|
fileset = intersection (gitTracked ../../../.) ../../../.;
|
||||||
};
|
};
|
||||||
buildInputs = [
|
buildInputs = [
|
||||||
(pkgs.callPackage ./tf.nix { inherit sources; })
|
(pkgs.callPackage ./tf.nix { inherit sources; })
|
||||||
(pkgs.callPackage ../tf-setup.nix { inherit sources httpBackend; })
|
(pkgs.callPackage ../tf-setup.nix { inherit sources; })
|
||||||
];
|
];
|
||||||
buildPhase = ''
|
buildPhase = ''
|
||||||
runHook preBuild
|
runHook preBuild
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue