more comments

ignore generated tf lock
2025-04-17 13:52:46 +02:00 · 2025-04-17 13:52:09 +02:00
5 changed files with 5 additions and 13 deletions
--- a/launch/.gitignore
+++ b/launch/.gitignore
@ -1,5 +1,7 @@
+# generated
 .auto.tfvars.json
 .npins.json
 .terraform/
+.terraform.lock.hcl
 .terraform.tfstate.lock.info
 terraform.tfstate*
--- a/launch/.terraform.lock.hcl
+++ b/launch/.terraform.lock.hcl
@ -1,9 +0,0 @@
-# This file is maintained automatically by "tofu init".
-# Manual edits may be lost in future updates.
-
-provider "registry.opentofu.org/hashicorp/external" {
-  version = "2.3.4"
-  hashes = [
-    "h1:HfVaWMC7Tz+tRfoWZtGCX2MATcgX3HsexoirWdi/voo=",
-  ]
-}
--- a/launch/options.nix
+++ b/launch/options.nix
@ -1,3 +1,4 @@
+# TODO: could (part of) this be generated somehow?
 {
  lib,
  ...
--- a/launch/resource.nix
+++ b/launch/resource.nix
@ -10,7 +10,7 @@ let
  inherit (lib.strings) removeSuffix;

  secretsPrefix = ../secrets;
-  secrets = import (secretsPrefix + "/secrets.nix");
+  secrets = import "${secretsPrefix}/secrets.nix";
  keys = import ../keys;

 in
@ -35,8 +35,7 @@ in
    }
  ) secrets;

-  ## FIXME: Remove direct root authentication once the NixOps4 NixOS provider
-  ## supports users with password-less sudo.
+  ## FIXME: switch root authentication to users with password-less sudo, see #24
  users.users.root.openssh.authorizedKeys.keys = attrValues keys.contributors ++ [
    # allow our panel vm access to the test machines
    keys.panel
--- a/launch/tf-env.nix
+++ b/launch/tf-env.nix
@ -19,7 +19,6 @@ pkgs.stdenv.mkDerivation {
    runHook preBuild
    pushd launch/
    echo '${lib.strings.toJSON sources}' > .npins.json
-    rm .terraform.lock.hcl
    tofu init -input=false
    popd
    runHook postBuild
Author	SHA1	Message	Date
Kiara Grouwstra	428b1d4e3a	more comments	2025-04-17 13:52:46 +02:00
Kiara Grouwstra	4c6fa980f7	ignore generated tf lock	2025-04-17 13:52:09 +02:00