terraform-nixos #1

Closed

kiara wants to merge 57 commits from terraform-nixos into tf

pull from: terraform-nixos

merge into: kiara:tf

kiara:main

kiara:data-model-tf-proxmox

kiara:bash-proxmox-specify-node

kiara:bash-proxmox-experimental

kiara:reusable-nixos-template

kiara:skip-path-from-root

kiara:tests-thru-flake

kiara:factor-out-nixos-conf

kiara:fix-provision-proxmox

kiara:document-function

kiara:peertube-credentials

kiara:data-model-name

kiara:allow-empty-password

kiara:panel-add-git

kiara:dedupe-tests

kiara:break-down-nix-flake-check

kiara:fix-formatting

kiara:deployment-path

kiara:data-model-tf-test

kiara:data-model-test-deployment-plain

kiara:fix-data-model

kiara:data-model-factor-out-wrapper

kiara:mv-submodule

kiara:data-model-tf-template

kiara:data-model-ssh-template

kiara:proxmox-test

kiara:data-model-add-classes

kiara:data-model-refactor-deployments

kiara:data-model-test-shb

kiara:data-model-check-inputs

kiara:data-model-deployment-types

kiara:data-model-type-nixos-module

kiara:fix-env-apply-call

kiara:woodpecker

kiara:attic

kiara:attic-infra

kiara:ci-manual-trigger

kiara:reflexive-function

kiara:data-model-modular-function-application

kiara:data-model-test-tf

kiara:data-model-tf

kiara:attic-woodpecker

kiara:infra-tf

kiara:tofu

kiara:upstream-python-packages

kiara:random-hostname

kiara:repro-data-model-deployment-recursion

kiara:data-model-test-deployment

kiara:unwire-module-functions

kiara:repro-broken-module-function-input-check

kiara:data-model-fix-root-class

kiara:data-model-classes

kiara:fricklerhandwerk-data-model-as-diagram

kiara:repro-username-type-error

kiara:fix-submodule-type

kiara:data-model-deployment-nixos

kiara:data-model-repro-default-issue

kiara:data-model-import-issue-nixops4-nixos

kiara:data-model-mock-nixops4deployment

kiara:data-model-rm-arg

kiara:data-model-as-diagram

kiara:data-model-hack-arg

kiara:data-model-mock-deployment

kiara:npins-verbose

kiara:verbose-updater

kiara:ci-in-nix-docker

kiara:test-pixelfed

kiara:note-scope-secrets

kiara:use-application-model

kiara:icewind

kiara:ci-container

kiara:access-cache-from-runner

kiara:kiara

kiara:attic-extra-dependencies

kiara:icewind-container

kiara:application-config-type-check-attempts

kiara:data-model-revamp

kiara:rm-flake-shell

kiara:use-revamped-data-model

kiara:data-model-runtime-environment

kiara:data-model-deployment-test

kiara:forgejo-ci-vpn

kiara:data-model-migration

kiara:domain-data-model

kiara:data-model-deployment

kiara:data-model-runtime-configuration

kiara:nix-path-for-runner

kiara:destructure-packages

kiara:ignore-tf

kiara:model-application

kiara:rm-sample-secret

kiara:purge-double-hash

kiara:simplify-binpath

kiara:configurable-flake

kiara:check-runner-ip

kiara:check-runner-cpu

kiara:tofu-test

kiara:proxmox

kiara:some-regressions

kiara:de-flake

kiara:kill-disko

kiara:depends_on

kiara:sectarian

kiara:bulma

kiara:tofu-mv-key

kiara:nix-path

kiara:tf

kiara:bash-deploy

kiara:generate-module-options-rebase

kiara:deploy-button-online

kiara:rm-enable-field

kiara:online-manage-py

kiara:stitching

kiara:stitch

kiara:add-missing-migration

kiara:revert-versioned-forms

kiara:form

kiara:form-wip

kiara:auth

Conversation 1 Commits 57 Files changed 34 +801 -46

kiara commented 2025-04-10 08:46:46 +02:00

Owner

Copy link

intended to swap out nixos-anywhere for terraform-nixos, over:

• don't need nixos-anywhere to install nixos; we preload nixos to VMs
• awkward non-flake usage
• seemed not to pick up on config changes, as observed by test VMs
  losing their panel keys after TF sync

however, it seems that terraform-nixos has so far had its own flaws:

todo on terraform-nixos:

• get terraform-nixos to work deployed by either:
  • pass on ssh info
  • figure out why terraform-nixos's ssh also needs SSH_AUTH_SOCK - not fixed by removing ssh options
• preventing redeploy on no-op - data item data.external.nixos-instantiate still re-evaluates each time
  • [ ] output using a random id, i.e. forcing to push even on no changes (resources rerun on trigger changes)
• cleanup
  • rm unneeded top-level variables
  • [ ] solve jq / <nixpkgs> thing
  • rebase
  • documentation

intended to swap out nixos-anywhere for terraform-nixos, over: - [ ] don't need nixos-anywhere to install nixos; we preload nixos to VMs - [ ] [awkward non-flake usage](https://nix-community.github.io/nixos-anywhere/howtos/use-without-flakes.html#3-set-nixos-version-to-use) - [ ] seemed not to pick up on config changes, as observed by test VMs losing their panel keys after TF sync however, it seems that terraform-nixos has so far had its own flaws: todo on terraform-nixos: - [x] get terraform-nixos to work deployed by either: - [x] pass on ssh info - [ ] figure out why terraform-nixos's ssh also needs `SSH_AUTH_SOCK` - not fixed by removing ssh options - [x] preventing redeploy on no-op - data item `data.external.nixos-instantiate` still re-evaluates each time - ~~[ ] output using a random id, i.e. forcing to push even on no changes (resources rerun on trigger changes)~~ - [ ] cleanup - ~~rm unneeded top-level variables~~ - ~~[ ] solve jq / `<nixpkgs>` thing~~ - [x] rebase - [ ] documentation

kiara added 29 commits 2025-04-10 08:46:47 +02:00

allow accessing test vms from fedi201, closes #286 (#297) ... c69f1f52e0

Reviewed-on: Fediversity/Fediversity#297
Co-authored-by: Kiara Grouwstra <kiara@procolix.eu>
Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>

set NIX_PATH, enables use of <nixpkgs> c27ec0a5b1

allow accessing test vms from fedi201's machine ssh key, closes #286 f947e17d96

tf 3eb6d93216

deduplicate flake inputs 231c564c7a

make re-exports explicit again be03794f5f

Revert "deduplicate flake inputs" ... fa770d4ef3

This reverts commit 95769084ce.

switch launch shell to root flake's nixpkgs, see #279 d599d5b640

use flake-sourced nixos-anywhere in tf, to reproduce modules for nix 817c724557

properly pass repo dir for prod, be it with hard-coded TF init c1aa71e319

move tf init out of python over read-only nix env b3e783d4a5

skip tf lock in views.py over read-only nix env 225f2a5be6

specify XDG_CACHE_HOME, workaround to error writing to /var/empty/.cache c841c4e9fd

update 727b62f588

document updating TF module 195a8d4de8

get TF in prod to the same 'installable ... does not correspond to a Nix language value' for non-flakes ... 29664fef8c

seemingly gets further when a similar command is tried from terminal.
as per https://github.com/NixOS/nix/issues/8752#issuecomment-1694714693,
this may have to do with aligning the current working directory.

rm launch flake, as i seem to have reached similar progress without it b4a65169c6

update nixos-anywhere to fix error 'installable ... does not correspond to a Nix language value' fc4fc60982

rm comment de27ec1fb2

untrack TF generated provider/module stuff - local dev now requires following launch/README.md 0350f68427

for now gitignore .auto.tfvars.json used to track TF module of nixos-anywhere ... 76e0594956

in case we want that file for something else, we can move this (and its
ignore) to something separate.

use a mutable HOME in TF for nixos-anywhere to make a .ssh dir in - will this not backfire? e02e399a02

change ssh user to root c93f16bcb2

update nixpkgs to unstable - resolves manual deploy error on bootloader already on newer version 182106cd89

update mastodon host 3270cc89e7

use root user as in #301 - given #297 seems to actually deploy! 551e860b5b

leave subprocess user implicit eb3b1425d0

add ssh key to not need root user 2b0ee4e52d

nixos-anywhere -> terraform-nixos ... 79e58e21f4

intended to swap out nixos-anywhere for terraform-nixos, over:

- don't need nixos-anywhere to install nixos; we preload nixos to VMs
- [awkward non-flake
usage](https://nix-community.github.io/nixos-anywhere/howtos/use-without-flakes.html#3-set-nixos-version-to-use)
-  seemed not to pick up on config changes, as observed by test VMs
losing their panel keys after TF sync

however, it seems that terraform-nixos has its own flaws:

- its output using a random id, i.e. forcing to push even on no changes
- so far did not get ssh authentication to work

kiara referenced this pull request from fediversity/fediversity 2025-04-10 08:47:14 +02:00

WIP: deploy button: tf #274

kiara added 1 commit 2025-04-10 09:00:31 +02:00

special-args -> hermetic 1da2e9e497

kiara added 1 commit 2025-04-10 09:04:06 +02:00

un-track .terraform ce0e8e39f2

kiara added 1 commit 2025-04-10 10:07:39 +02:00

rm .auto.tfvars.json, as the local ssh key and socket are not relevant deployed 4f83f51e17

kiara added 1 commit 2025-04-10 11:12:46 +02:00

point deployed TF to panel ssh key 8f785d7582

kiara added 1 commit 2025-04-10 14:01:15 +02:00

document dev process 8a50680b9f

kiara added 1 commit 2025-04-12 09:33:28 +02:00

use proper logger f87275e384

kiara added 1 commit 2025-04-12 09:56:06 +02:00

log to file 1a8d940a90

kiara added 1 commit 2025-04-12 10:27:18 +02:00

local vars 265d79aeef

kiara added 2 commits 2025-04-12 11:36:31 +02:00

pass vars separately 553753218e

Revert "log to file" ... b0942bd174

This reverts commit 1a8d940a90.

kiara added 3 commits 2025-04-12 13:38:27 +02:00

get ssh socket in prod a41405775e

pass deploy env vars thru 81011d0062

fix logging levels so info gets shown too, not just warn 9c53abfb4c

kiara added 2 commits 2025-04-12 14:11:17 +02:00

switch subprocess output to logger d4860c8aed

Reapply "log to file" ... 1983508fb1

This reverts commit b0942bd174.

kiara added 2 commits 2025-04-12 14:36:45 +02:00

Revert "Reapply "log to file"" ... 60093212d7

This reverts commit 1983508fb1.

Revert "switch subprocess output to logger" ... 45c53ec150

This reverts commit d4860c8aed.

kiara added 1 commit 2025-04-12 16:46:13 +02:00

configure debug printing 2cc96eb530

kiara added 2 commits 2025-04-12 22:18:29 +02:00

get terraform-nixos working deployed 3418d0e76d

simplify tf d955e39f4c

kiara added 1 commit 2025-04-13 13:11:16 +02:00

merge tf modules ef214ced10

kiara added 2 commits 2025-04-13 13:36:20 +02:00

special_args -> nix_path + module 9f689faa32

ditch hermetic to simplify - still gets infinite recursion 1f5977468c

kiara added 2 commits 2025-04-13 21:14:43 +02:00

limit parallelism for testing to prevent out-of-memory errors 385c811a39

in-source tf deployment logic 6a4eb90658

kiara added 2 commits 2025-04-13 21:44:24 +02:00

update peertube vm c91361e7d5

null_resource -> terraform_data 6a105c2fce

kiara added 1 commit 2025-04-13 21:53:27 +02:00

rm depends_on a746ec50cd

kiara commented 2025-04-13 22:48:54 +02:00

Author

Owner

Copy link

closing in favor of Fediversity/Fediversity#307

closing in favor of https://git.fediversity.eu/Fediversity/Fediversity/pulls/307

kiara closed this pull request 2025-04-13 22:48:54 +02:00

Pull request closed

Please reopen this pull request to perform a merge.

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: kiara/Fediversity#1

No description provided.