mv acme logic out of panel test

deployment/check/data-model-ssh/data-model.nix

@@ -5,6 +5,7 @@
   ...
 }@args:
 let
+  self = "deployment/check/data-model-ssh/data-model.nix";
   inherit (sources) nixpkgs;
   pkgs = import nixpkgs { inherit system; };
   inherit (pkgs) lib;
@@ -39,7 +40,7 @@ in
                 key-file = null;
                 inherit sshOpts;
               };
-              caller = "deployment/check/data-model-ssh/data-model.nix";
+              module = self;
               inherit args deployment-name;
               root-path = pathToRoot;
             };

deployment/check/data-model-ssh/nixosTest.nix

@@ -19,6 +19,10 @@ let
 in
 {
   _class = "nixosTest";
+  imports = [
+    ./options.nix
+  ];
+
   name = "deployment-model";
   sourceFileset = lib.fileset.unions [
     ../../data-model.nix
@@ -27,6 +31,7 @@ in
     ../../run/ssh-single-host/run.sh
     ../../../npins/default.nix
     ../../../npins/sources.json
+    ./options.nix
     ./constants.nix
   ];
 

deployment/check/data-model-ssh/options.nix

@@ -0,0 +1,15 @@
+{
+  lib,
+  ...
+}:
+let
+  inherit (lib) mkOption types;
+in
+{
+  options = {
+    targetSystem = mkOption {
+      type = types.str;
+      description = "name of the host to deploy to";
+    };
+  };
+}

deployment/check/data-model-tf/data-model.nix

@@ -5,6 +5,7 @@
   ...
 }@args:
 let
+  self = "deployment/check/data-model-tf/data-model.nix";
   inherit (sources) nixpkgs;
   pkgs = import nixpkgs { inherit system; };
   inherit (pkgs) lib;
@@ -39,7 +40,7 @@ in
                 key-file = null;
                 inherit sshOpts;
               };
-              caller = "deployment/check/data-model-tf/data-model.nix";
+              module = self;
               inherit args deployment-name httpBackend;
               root-path = pathToRoot;
             };

deployment/check/data-model-tf/nixosTest.nix

@@ -28,6 +28,10 @@ let
 in
 {
   _class = "nixosTest";
+  imports = [
+    ./options.nix
+  ];
+
   name = "deployment-model";
   sourceFileset = lib.fileset.unions [
     ../../run/tf-single-host/run.sh

deployment/check/data-model-tf/options.nix

@@ -0,0 +1,25 @@
+{
+  lib,
+  ...
+}:
+let
+  inherit (lib) mkOption types;
+in
+{
+  options = {
+    targetSystem = mkOption {
+      type = types.str;
+      description = "name of the host to deploy to";
+    };
+    sshOpts = mkOption {
+      description = "Extra SSH options (`-o`) to use.";
+      type = types.listOf types.str;
+      default = [ ];
+      example = "ConnectTimeout=60";
+    };
+    httpBackend = mkOption {
+      description = "environment variables to configure the TF HTTP back-end, see <https://developer.hashicorp.com/terraform/language/backend/http#configuration-variables>";
+      type = types.attrsOf (types.either types.str types.int);
+    };
+  };
+}

deployment/check/proxmox/proxmoxTest.nix

@@ -15,7 +15,7 @@ in
 {
   name = "proxmox-basic";
 
-  nodes.pve =
+  nodes.mypve =
     { sources, ... }:
     {
       imports = [
@@ -44,41 +44,41 @@ in
     };
 
   testScript = ''
-    pve.start()
-    pve.wait_for_unit("pveproxy.service")
-    assert "running" in pve.succeed("pveproxy status")
+    machine.start()
+    machine.wait_for_unit("pveproxy.service")
+    assert "running" in machine.succeed("pveproxy status")
 
     # Copy Iso
-    pve.succeed("mkdir -p /var/lib/vz/template/iso/")
-    pve.succeed("cp ${minimalIso} /var/lib/vz/template/iso/minimal.iso")
+    machine.succeed("mkdir -p /var/lib/vz/template/iso/")
+    machine.succeed("cp ${minimalIso} /var/lib/vz/template/iso/minimal.iso")
 
     # Declarative VM creation
-    pve.wait_for_unit("multi-user.target")
-    pve.succeed("qm stop 100 --timeout 0")
+    machine.wait_for_unit("multi-user.target")
+    machine.succeed("qm stop 100 --timeout 0")
 
     # Seabios VM creation
-    pve.succeed(
+    machine.succeed(
       "qm create 101 --kvm 0 --bios seabios -cdrom local:iso/minimal.iso",
       "qm start 101",
       "qm stop 101 --timeout 0"
     )
 
     # Legacy ovmf vm creation
-    pve.succeed(
+    machine.succeed(
       "qm create 102 --kvm 0 --bios ovmf -cdrom local:iso/minimal.iso",
       "qm start 102",
       "qm stop 102 --timeout 0"
     )
 
     # UEFI ovmf vm creation
-    pve.succeed(
+    machine.succeed(
       "qm create 103 --kvm 0 --bios ovmf --efidisk0 local:4,efitype=4m -cdrom local:iso/minimal.iso",
       "qm start 103",
       "qm stop 103 --timeout 0"
     )
 
     # UEFI ovmf vm creation with secure boot
-    pve.succeed(
+    machine.succeed(
       "qm create 104 --kvm 0 --bios ovmf --efidisk0 local:4,efitype=4m,pre-enrolled-keys=1 -cdrom local:iso/minimal.iso",
       "qm start 104",
       "qm stop 104 --timeout 0"

deployment/data-model.nix

@@ -30,13 +30,13 @@ let
   writeConfig =
     {
       system,
-      caller,
+      module,
       root-path,
       deployment-type,
       deployment-name,
       args,
     }:
-    # having a `caller` location and (serializable) `args`, we know
+    # having a `module` location and (serializable) `args`, we know
     # enough to call it again to extract different info elsewhere later.
     # we use this to make a deployment script using the desired nixos config,
     # which would otherwise not be serializable, while nix also makes it hard to
@@ -46,7 +46,7 @@ let
       pkgs.writers.writeText "configuration.nix" ''
         import ${root-path}/deployment/nixos.nix {
           system = "${system}";
-          configuration = (import "${root-path}/${caller}" (builtins.fromJSON "${
+          configuration = (import "${root-path}/${module}" (builtins.fromJSON "${
             lib.replaceStrings [ "\"" ] [ "\\\"" ] (lib.strings.toJSON args)
           }")).${deployment-name}.${deployment-type}.nixos-configuration;
         }
@@ -121,8 +121,8 @@ let
           };
           inherit nixos-configuration;
           ssh = host-ssh;
-          caller = mkOption {
-            description = "The calling module to obtain the NixOS configuration from.";
+          module = mkOption {
+            description = "The module to call to obtain the NixOS configuration from.";
             type = types.str;
           };
           args = mkOption {
@@ -147,7 +147,7 @@ let
                 inherit (ssh-host.config)
                   system
                   ssh
-                  caller
+                  module
                   args
                   deployment-name
                   root-path
@@ -168,7 +168,7 @@ let
                   nixos_conf = writeConfig {
                     inherit
                       system
-                      caller
+                      module
                       args
                       deployment-name
                       root-path
@@ -204,8 +204,8 @@ let
           };
           inherit nixos-configuration;
           ssh = host-ssh;
-          caller = mkOption {
-            description = "The calling module to obtain the NixOS configuration from.";
+          module = mkOption {
+            description = "The module to call to obtain the NixOS configuration from.";
             type = types.str;
           };
           args = mkOption {
@@ -233,7 +233,7 @@ let
                 inherit (tf-host.config)
                   system
                   ssh
-                  caller
+                  module
                   args
                   deployment-name
                   root-path
@@ -255,7 +255,7 @@ let
                   nixos_conf = writeConfig {
                     inherit
                       system
-                      caller
+                      module
                       args
                       deployment-name
                       root-path

deployment/run/ssh-single-host/run.sh

@@ -1,33 +1,23 @@
 #! /usr/bin/env bash
 set -xeuo pipefail
 declare username host key_file ssh_opts nixos_conf
-readarray -t ssh_opts < <(echo "$ssh_opts" | jq -r '.[]')
+IFS=" " read -r -a ssh_opts <<< "$( (echo "$ssh_opts" | jq -r '@sh') | tr -d \'\")"
 
 # DEPLOY
-sshOptsInit=(
+sshOpts=(
   -o BatchMode=yes
   -o StrictHostKeyChecking=no
 )
+for ssh_opt in "${ssh_opts[@]}"; do
+  sshOpts+=(
+    -o "$ssh_opt"
+  )
+done
 if [[ -n "$key_file" ]]; then
-  sshOptsInit+=(
+  sshOpts+=(
     -i "$key_file"
   )
 fi
-# [@] will quote variables containing spaces itself
-sshOptsAt=("${sshOptsInit[@]}")
-for ssh_opt in "${ssh_opts[@]}"; do
-  sshOptsAt+=(
-    -o "${ssh_opt}"
-  )
-done
-# [*] needs manual quoting
-sshOptsAsterisk=("${sshOptsInit[@]}")
-for ssh_opt in "${ssh_opts[@]}"; do
-  sshOptsAsterisk+=(
-    -o "\"${ssh_opt}\""
-  )
-done
-
 destination="$username@$host"
 
 command=(nix-instantiate --show-trace "${nixos_conf}")
@@ -42,9 +32,9 @@ command=(nix-instantiate --show-trace "${nixos_conf}")
 # FIXME explore import/readFile as ways to instantiate the derivation, potentially allowing to realize the store path up-front from Nix?
 outPath=$(nix-store --realize "$("${command[@]}" -A config.system.build.toplevel.drvPath --eval --strict --json | jq -r '.')")
 # deploy the config by nix-copy-closure
-NIX_SSHOPTS="${sshOptsAsterisk[*]}" nix-copy-closure --to "$destination" "$outPath" --gzip --use-substitutes
+NIX_SSHOPTS="${sshOpts[*]}" nix-copy-closure --to "$destination" "$outPath" --gzip --use-substitutes
 # switch the remote host to the config
 # shellcheck disable=SC2029
-ssh "${sshOptsAt[@]}" "$destination" "nix-env --profile /nix/var/nix/profiles/system --set $outPath"
+ssh "${sshOpts[@]}" "$destination" "nix-env --profile /nix/var/nix/profiles/system --set $outPath"
 # shellcheck disable=SC2029
-ssh -o "ConnectTimeout=5" -o "ServerAliveInterval=1" "${sshOptsAt[@]}" "$destination" "nohup env $outPath/bin/switch-to-configuration switch &" 2>&1
+ssh -o "ConnectTimeout=1" -o "ServerAliveInterval=1" "${sshOpts[@]}" "$destination" "nohup $outPath/bin/switch-to-configuration switch &" 2>&1

deployment/run/tf-single-host/run.sh

@@ -1,7 +1,9 @@
 #! /usr/bin/env bash
-set -euo pipefail
+set -xeuo pipefail
 declare tf_env
 
+export TF_LOG=info
+
 cd "${tf_env}/deployment/run/tf-single-host"
 # parallelism=1: limit OOM risk
 tofu apply --auto-approve -parallelism=1