ditch hermetic to simplify - still gets infinite recursion

special_args -> nix_path + module
2025-04-13 13:36:04 +02:00 · 2025-04-13 13:16:57 +02:00
3 changed files with 63 additions and 16 deletions
--- a/launch/main.tf
+++ b/launch/main.tf
@ -109,24 +109,20 @@ module "deploy" {
  target_system = local.system
  NIX_PATH = join(":", [for name, path in local.pins : "${name}=${path}"])
  deploy_environment = var.deploy_environment
-  hermetic = true
  config_pwd = path.root
  config = <<-EOT
-    let
+    {
      terraform = builtins.fromJSON ''${jsonencode({
        domain = var.domain
        hostname = each.value.hostname
        initialUser = var.initialUser
      })}'';
-    in
-    import <nixpkgs/nixos/lib/eval-config.nix> {
-      system = "${local.system}";
-      specialArgs = { inherit terraform; };
-      modules = [
-        # ${path.root}/options.nix
+      imports = [
+        ${path.root}/options.nix
        ${path.root}/shared.nix
        ${path.root}/${each.key}.nix
-        # (terraform)
+        # FIXME: get VM details from TF
+        ${path.root}./infra/test-machines/${each.value.hostname}
      ];
    }
  EOT
--- a/launch/options.nix
+++ b/launch/options.nix
@ -0,0 +1,53 @@
+{
+  lib,
+  ...
+}:
+let
+  inherit (lib) types mkOption;
+  inherit (types) str enum submodule;
+in
+{
+  options.terraform = {
+    domain = mkOption {
+      type = enum [
+        "fediversity.net"
+      ];
+      description = ''
+        Apex domain under which the services will be deployed.
+      '';
+      default = "fediversity.net";
+    };
+    hostname = mkOption {
+      type = str;
+      description = ''
+        Internal name of the host, e.g. test01
+      '';
+    };
+    initialUser = mkOption {
+      description = ''
+        Some services require an initial user to access them.
+        This option sets the credentials for such an initial user.
+      '';
+      type = submodule {
+        options = {
+          displayName = mkOption {
+            type = str;
+            description = "Display name of the user";
+          };
+          username = mkOption {
+            type = str;
+            description = "Username for login";
+          };
+          email = mkOption {
+            type = str;
+            description = "User's email address";
+          };
+          password = mkOption {
+            type = str;
+            description = "Password for login";
+          };
+        };
+      };
+    };
+  };
+}
--- a/launch/shared.nix
+++ b/launch/shared.nix
@ -1,10 +1,10 @@
 {
  pkgs,
-  terraform,
+  config,
  ...
 }:
 let
-  inherit (terraform) hostname;
+  inherit (config.terraform) hostname domain initialUser;
 in
 {
  imports = [
@ -12,17 +12,15 @@ in
    <agenix/modules/age.nix>
    ../services/fediversity
    ./resource.nix
-    # FIXME: get VM details from TF
-    ../infra/test-machines/${hostname}
  ];
  fediversityVm.name = hostname;
  fediversity = {
-    inherit (terraform) domain;
+    inherit domain;
    temp.initialUser = {
-      inherit (terraform.initialUser) username email displayName;
+      inherit (initialUser) username email displayName;
      # FIXME: disgusting, but nvm, this is going to be replaced by
      # proper central authentication at some point
-      passwordFile = pkgs.writeText "password" terraform.initialUser.password;
+      passwordFile = pkgs.writeText "password" initialUser.password;
    };
  };
 }
Author	SHA1	Message	Date
Kiara Grouwstra	1f5977468c	ditch hermetic to simplify - still gets infinite recursion	2025-04-13 13:36:04 +02:00
Kiara Grouwstra	9f689faa32	special_args -> nix_path + module	2025-04-13 13:16:57 +02:00