mdebray/tvl-depot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tvl-depot/ops/terraform/deploy-nixos
History
Florian Klink 508d67ad49 refactor(ops/terraform/deploy-nixos): argstr -> argstr_json 
At least terraform wants all parameters passed via JSON to be strings.
It can't accept maps.

This means, allowing to pass a `argstr` JSON dict isn't really possible.

However, terraform is perfectly able to JSON-encode a map. So accept a
`argstr_json` argument instead, which `jq` will JSON-decode before
further processing it.

I dropped `argstr` support again so the jq expression still fits on my
screen, if anyone else (started) using this, I'm happy to review a CL
adding this. We should probably move the jq expression to some multiline
format then, though.

Change-Id: I5ab7a1169ab7305d3ab02db31c27732d9d1ab4e8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11228
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2024-03-26 19:04:14 +00:00
..
main.tf docs(ops/terraform/deploy-nixos): document inputs and outputs 2024-03-22 13:31:00 +00:00
nix-eval.sh refactor(ops/terraform/deploy-nixos): argstr -> argstr_json 2024-03-26 19:04:14 +00:00
nixos-copy.sh chore(ops/terraform): add license information 2023-12-05 12:31:25 +00:00
README.md chore(ops/terraform): add license information 2023-12-05 12:31:25 +00:00

README.md

deploy-nixos

This is a Terraform module to deploy a NixOS system closure to a remote machine.

The system closure must be accessible by Nix-importing the repository root and building a specific attribute (e.g. nix-build -A ops.machines.machine-name).

The target machine must be accessible normally over SSH, and an SSH key must be used for access.

Notably this module separates the evaluation of the system closure from building and deploying it, and uses the closure's derivation hash to determine whether a deploy is necessary.

Usage example:

module "deploy_somehost" {
  source              = "git::https://code.tvl.fyi/depot.git:/ops/terraform/deploy-nixos.git"
  attrpath            = "ops.nixos.somehost"
  target_host         = "somehost.tvl.su"
  target_user         = "someone"
  target_user_ssh_key = tls_private_key.somehost.private_key_pem
}

Future work

Several things can be improved about this module, for example:

  • The repository root (relative to which the attribute path is evaluated) could be made configurable.

  • The remote system closure could be discovered to restore remote system state after manual deploys on the target (i.e. "stomping" of changes).

More ideas and contributions are, of course, welcome.

Acknowledgements

Development of this module was sponsored by Resoptima.