{ lib, config, pkgs, inputs, ... }: let inherit (import ./constants.nix) pathToRoot pathFromRoot; inherit (pkgs) system; # escapedJson = v: lib.replaceStrings [ "\"" ] [ "\\\\\"" ] (lib.strings.toJSON v); deployment-config = { inherit pathToRoot pathFromRoot; inherit (config) enableAcme; acmeNodeIP = if config.enableAcme then config.nodes.acme.networking.primaryIPAddress else null; nodeName = "target"; }; inherit ((import ../common/data-model.nix { inherit system inputs; config = deployment-config; })."tf-deployment".tf-host.ssh ) host username # key-file ; tf-vars = { inherit host username system; config_nix = lib.strings.toJSON deployment-config; # config_nix = escapedJson deployment-config; # config_tf = ; }; tf-env = pkgs.callPackage ./tf-env.nix { }; in { _class = "nixosTest"; imports = [ ../common/data-model-options.nix ]; name = "deployment-model"; sourceFileset = lib.fileset.unions [ ../../data-model.nix ../../function.nix ../common/data-model.nix ../common/data-model-options.nix ./constants.nix ./main.tf ./variables.tf ./deploy.sh ]; nodes.deployer = { pkgs, ... }: { # nixpkgs.config.allowUnfree = lib.mkForce true; environment.systemPackages = with pkgs; [ (pkgs.callPackage ./tf.nix { }) jq ]; # needed only when building from deployer system.extraDependenciesFromModule = { pkgs, ... }: { environment.systemPackages = with pkgs; [ hello ]; }; }; extraTestScript = '' with subtest("ssh: Check the status before deployment"): target.fail("hello 1>&2") with subtest("ssh: Run the deployment"): deployer.succeed(""" set -xeuo pipefail ${lib.concatStringsSep "\n" (lib.mapAttrsToList (k: v: ''export TF_VAR_${k}='${v}';'') tf-vars)} export TF_LOG=info cd "${tf-env}/deployment/check/data-model-tf" # parallelism=1: limit OOM risk tofu apply --auto-approve -lock=false -parallelism=1 """) target.wait_for_unit("multi-user.target") target.succeed("su - operator -c hello 1>&2") ''; }