tvl-depot/ops/terraform/deploy-nixos/README.md
Florian Klink d32baeff6c chore(ops/terraform): add license information
This is the result of a `"reuse annotate --copyright "The TVL Authors"
--license MIT"` in that directory, making it conformant with the REUSE
Specification:

https://reuse.software/spec

Change-Id: I13e069b4621e8d5ccb7a09c12f772d70dea40a11
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10170
Autosubmit: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2023-12-05 12:31:25 +00:00

50 lines
1.4 KiB
Markdown

<!--
SPDX-FileCopyrightText: 2023 The TVL Authors
SPDX-License-Identifier: MIT
-->
deploy-nixos
============
This is a Terraform module to deploy a NixOS system closure to a
remote machine.
The system closure must be accessible by Nix-importing the repository
root and building a specific attribute
(e.g. `nix-build -A ops.machines.machine-name`).
The target machine must be accessible normally over SSH, and an SSH
key must be used for access.
Notably this module separates the evaluation of the system closure from building
and deploying it, and uses the closure's derivation hash to determine whether a
deploy is necessary.
## Usage example:
```terraform
module "deploy_somehost" {
source = "git::https://code.tvl.fyi/depot.git:/ops/terraform/deploy-nixos.git"
attrpath = "ops.nixos.somehost"
target_host = "somehost.tvl.su"
target_user = "someone"
target_user_ssh_key = tls_private_key.somehost.private_key_pem
}
```
## Future work
Several things can be improved about this module, for example:
* The repository root (relative to which the attribute path is evaluated) could
be made configurable.
* The remote system closure could be discovered to restore remote system state
after manual deploys on the target (i.e. "stomping" of changes).
More ideas and contributions are, of course, welcome.
## Acknowledgements
Development of this module was sponsored by [Resoptima](https://resoptima.com/).