terraform { required_providers { proxmox = { source = "bpg/proxmox" version = "= 0.76.1" } } } locals { dump_name = "vzdump-qemu-nixos-fediversity-${var.category}.vma.zst" } provider "proxmox" { endpoint = "https://${var.host}:8006/" insecure = true ssh { agent = true } # # Choose one authentication method: # api_token = var.virtual_environment_api_token # # OR username = var.proxmox_user password = var.proxmox_password # # OR # auth_ticket = var.virtual_environment_auth_ticket # csrf_prevention_token = var.virtual_environment_csrf_prevention_token } # FIXME move to host # FIXME add proxmox data "external" "base-hash" { program = ["sh", "-c", "echo \"{\\\"hash\\\":\\\"$(nix-hash ${path.module}/../common/nixos/base.nix)\\\"}\""] } # hash of our code directory, used to trigger re-deploy # FIXME calculate separately to reduce false positives data "external" "hash" { program = ["sh", "-c", "echo \"{\\\"hash\\\":\\\"$(nix-hash ..)\\\"}\""] } # FIXME move to host resource "terraform_data" "template" { # triggers_replace = [ # data.external.base-hash.result, # ] provisioner "local-exec" { working_dir = path.root # FIXME configure to use actual base image command = <<-EOF set -xeuo pipefail # XXX nixos-generate needs NIX_PATH to have `nixpkgs` set! nixos-generate -f proxmox -o /tmp/nixos-image # the above makes /tmp/nixos-image read-only, so our stable file name needs a different directory mkdir -p /tmp/proxmox-image ln -sf /tmp/nixos-image/vzdump-qemu-nixos-*.vma.zst /tmp/proxmox-image/${local.dump_name} EOF } } # FIXME move to host resource "proxmox_virtual_environment_file" "upload" { lifecycle { replace_triggered_by = [ terraform_data.template, ] } content_type = "images" datastore_id = "local" node_name = var.node_name overwrite = true source_file { path = "/tmp/proxmox-image/${local.dump_name}" file_name = local.dump_name } } # FIXME distinguish var.category data "proxmox_virtual_environment_vms" "nixos_base" { node_name = var.node_name filter { name = "template" values = [true] } # filter { # name = "node_name" # values = ["nixos-base"] # } } # resource "proxmox_virtual_environment_vm" "nix_vm" { # lifecycle { # replace_triggered_by = [ # proxmox_virtual_environment_file.upload, # ] # } # node_name = var.node_name # pool_id = var.pool_id # description = var.description # started = true # agent { # enabled = true # } # cpu { # type = "x86-64-v2-AES" # cores = var.cores # sockets = var.sockets # numa = true # } # memory { # dedicated = var.memory # } # efi_disk { # datastore_id = "linstor_storage" # type = "4m" # } # disk { # datastore_id = "linstor_storage" # interface = "scsi0" # discard = "on" # iothread = true # size = var.disk_size # ssd = true # } # clone { # datastore_id = "local" # node_name = data.proxmox_virtual_environment_vms.nixos_base.vms[0].node_name # invalid index: empty list # vm_id = data.proxmox_virtual_environment_vms.nixos_base.vms[0].vm_id # full = true # } # network_device { # model = "virtio" # bridge = "vnet1306" # } # operating_system { # type = "l26" # } # scsi_hardware = "virtio-scsi-single" # bios = "ovmf" # } # module "nixos-rebuild" { # depends_on = [ # proxmox_virtual_environment_vm.nix_vm # ] # source = "../tf-single-host" # system = var.system # username = var.ssh_user # host = proxmox_virtual_environment_vm.nix_vm.ipv4_addresses[0] # needs guest agent installed # module = var.module # args = var.args # key_file = var.key_file # deployment_name = var.deployment_name # root_path = var.root_path # ssh_opts = var.ssh_opts # deployment_type = var.deployment_type # }