deployment/check/common/data-model.nix

@@ -209,11 +209,6 @@ let
                 security.sudo.wheelNeedsPassword = false;
                 nix.settings.trusted-users = [ "@wheel" ];
 
-                services.cloud-init = {
-                  enable = true;
-                  network.enable = true;
-                };
-
                 users.mutableUsers = false;
                 users.users =
                   {

deployment/check/data-model-tf-proxmox/nixosTest.nix

@@ -94,7 +94,6 @@ in
         deployment.run
         pkgs.pve-manager
         pkgs.openssl
-        pkgs.jq
         (pkgs.callPackage ../../run/tf-proxmox/tf.nix { inherit sources; })
       ];
 
@@ -133,37 +132,15 @@ in
     pve.succeed("mkdir -p /run/pve")
     assert "Proxmox" in pve.succeed("curl -s -i -k https://localhost:8006")
 
+    # pve.succeed("pvesh set /access/password --userid root@pam --password mypwdlol --confirmation-password mytestpw 1>&2")
+    # pve.succeed("curl -s -i -k -d '{\"userid\":\"root@pam\",\"password\":\"mypwdhaha\",\"confirmation-password\":\"mypwdlol\"}' -X PUT https://localhost:8006/api2/json/access/password 1>&2")
     cert = pve.succeed("cat /etc/pve/pve-root-ca.pem").strip()
 
-    # set up proxmox
-    pm_token = pve.succeed("""
-      set -e
-      pvesh create /pools --poolid Fediversity
-      pvesh set /storage/local --content "vztmpl,rootdir,backup,snippets,import,iso,images" 1>/dev/null
-      pvesh create /access/groups --groupid "roots"
-      pvesh set /access/users/root@pam --enable 1 --groups "roots"
-      pvesh set /access/acl --path "/" --roles "Administrator" --groups "roots"
-      pvesh create /access/users/root@pam/token/mytoken --privsep 0 --output-format json | jq -r .value
-    """).strip()
-    # FIXME pass separate privileges rather than disabling privsep
-
     # skip indent for EOF
     deployer.succeed(f"""
     cat > /etc/ssl/certs/pve-root-ca.pem <<EOF
     {cert}
     EOF
-
-    mkdir -p /root/.ssh
-    cat > /root/.ssh/id_ed25519 <<EOF
-    -----BEGIN OPENSSH PRIVATE KEY-----
-    b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
-    QyNTUxOQAAACBWbJXVjBLGo2MrI2LBKTbzDozuA/C9taU630EtU/h38gAAAJDAOy8uwDsv
-    LgAAAAtzc2gtZWQyNTUxOQAAACBWbJXVjBLGo2MrI2LBKTbzDozuA/C9taU630EtU/h38g
-    AAAECcF8xjLavgWePoVx45Euewsh6Kw07L6QDDy3WXFCn4bFZsldWMEsajYysjYsEpNvMO
-    jO4D8L21pTrfQS1T+HfyAAAAC2tpYXJhQG5peG9zAQI=
-    -----END OPENSSH PRIVATE KEY-----
-    EOF
-    chmod 600 /root/.ssh/id_ed25519
     """)
 
     deployer.succeed("""
@@ -180,19 +157,10 @@ in
     """)
 
     with subtest("Run the deployment"):
-
-      ip = deployer.succeed(f"""
-        export SSL_CERT_FILE=/tmp/pve-ca-bundle.crt
-        export PROXMOX_VE_API_TOKEN="root@pam!mytoken={pm_token}"
-        ${lib.getExe deployment.run} | jq -r '.ipv4.value[0]'
-        # ${lib.getExe deployment.run} >&2
-      """).strip()
-
       deployer.succeed(f"""
-        ssh -i "/root/.ssh/id_ed25519" \
+        export SSL_CERT_FILE=/tmp/pve-ca-bundle.crt
-        -o StrictHostKeyChecking=no \
+        ${lib.getExe deployment.run} >&2
-        -o BatchMode=yes \
-        root@{ip} hello >&2
       """)
+      # target.succeed("su - operator -c hello 1>&2")
   '';
 }

deployment/data-model.nix

@@ -509,8 +509,8 @@ let
                   # .qcow2 is around half the size of .raw, on top of supporting backups - be it apparently at the cost of performance
                   qemu-img convert -f raw -O qcow2 -C "${raw}" /tmp/${name}.qcow2
 
-                  # ls -l ${raw}
+                  ls -l ${raw}
-                  # ls -l /tmp/${name}.qcow2
+                  ls -l /tmp/${name}.qcow2
 
                   env ${toString (lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") environment)} \
                   ${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \

deployment/run/tf-proxmox/main.tf

@@ -182,8 +182,8 @@ resource "null_resource" "wait_for_ssh" {
   ]
   provisioner "local-exec" {
     command = <<-EOT
-      for i in $(seq 1 30); do
+      for i in $(seq 1 10); do
-        if ssh -vvv \
+        if ssh \
         -i "${var.key_file}" \
         -o BatchMode=yes \
         -o StrictHostKeyChecking=no \

deployment/run/tf-proxmox/run.sh

@@ -2,10 +2,11 @@
 set -euo pipefail
 declare tf_env
 
+export TF_LOG=info
 # # on upload explodes RAM use + logs file content, causing timeout
 # export TF_LOG=debug
 
 cd "${tf_env}/deployment/run/tf-proxmox"
 # parallelism=1: limit OOM risk
-TF_LOG=info tofu apply --auto-approve -input=false -parallelism=1 >&2
+tofu apply --auto-approve -input=false -parallelism=1
-TF_LOG=error tofu output -json
+tofu output -json