c3750079f7
This adds an additional parameter `entrypoint`, pointing to a .nix file (or a directory containing a `default.nix` file) that's providing the attribute path asked for. If not set / kept at the default (empty string), it falls back to the root dir of the repository as before. Change-Id: I2e63114f21660c842153ac15424b3491d66624d2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8190 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de> |
||
|---|---|---|
| .. | ||
| main.tf | ||
| nixos-copy.sh | ||
| nixos-eval.sh | ||
| README.md | ||
deploy-nixos
This is a Terraform module to deploy a NixOS system closure to a remote machine.
The system closure must be accessible by Nix-importing the repository
root and building a specific attribute
(e.g. nix-build -A ops.machines.machine-name).
The target machine must be accessible normally over SSH, and an SSH key must be used for access.
Notably this module separates the evaluation of the system closure from building and deploying it, and uses the closure's derivation hash to determine whether a deploy is necessary.
Usage example:
module "deploy_somehost" {
source = "git::https://code.tvl.fyi/depot.git:/ops/terraform/deploy-nixos.git"
attrpath = "ops.nixos.somehost"
target_name = "somehost"
target_host = "somehost.tvl.su"
target_user = "someone"
target_user_ssh_key = tls_private_key.somehost.private_key_pem
}
Future work
Several things can be improved about this module, for example:
-
The repository root (relative to which the attribute path is evaluated) could be made configurable.
-
The remote system closure could be discovered to restore remote system state after manual deploys on the target (i.e. "stomping" of changes).
More ideas and contributions are, of course, welcome.
Acknowledgements
Development of this module was sponsored by Resoptima.