infra: pin nix (#17484)

2024-09-19 16:57:40 +03:00 · 2023-09-27 13:32:23 +02:00 · 2023-09-27 13:32:23 +02:00 · ee08d89f13
commit ee08d89f13
parent 8ef67285e5
4 changed files with 7 additions and 1 deletions
--- a/infra/ubuntu.tf
+++ b/infra/ubuntu.tf
@ -9,12 +9,14 @@ locals {
        disk_size  = 400,
        size       = 0,
        assignment = "default",
+        nix        = "su --command \"sh <(curl -sSfL https://nixos.org/nix/install) --daemon\" --login vsts"
      },
      {
        name       = "ci-u2",
        disk_size  = 400,
        size       = 0,
        assignment = "default",
+        nix        = "su --command \"sh <(curl -sSfL https://nixos.org/nix/install) --daemon\" --login vsts"
      },
    ],
    azure = [
@ -23,12 +25,14 @@ locals {
        disk_size  = 400,
        size       = 10,
        assignment = "default",
+        nix        = "su --command \"sh <(curl -sSfL https://releases.nixos.org/nix/nix-2.17.0/install) --daemon\" --login vsts"
      },
      {
        name       = "du2",
        disk_size  = 400,
        size       = 0,
        assignment = "default",
+        nix        = "su --command \"sh <(curl -sSfL https://releases.nixos.org/nix/nix-2.17.0/install) --daemon\" --login vsts"
      },
    ]
  }
--- a/infra/ubuntu_azure.tf
+++ b/infra/ubuntu_azure.tf
@ -28,6 +28,7 @@ resource "azurerm_linux_virtual_machine_scale_set" "ubuntu" {
    size         = local.ubuntu.azure[count.index].disk_size
    gcp_logging  = ""
    assignment   = local.ubuntu.azure[count.index].assignment
+    nix          = local.ubuntu.azure[count.index].nix
  }))

  source_image_reference {
--- a/infra/ubuntu_gcp.tf
+++ b/infra/ubuntu_gcp.tf
@ -55,6 +55,7 @@ curl -sSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
 curl -sSL https://dl.google.com/cloudagents/add-logging-agent-repo.sh | bash -s -- --also-install
 EOF
      assignment   = local.ubuntu.gcp[count.index].assignment
+      nix          = local.ubuntu.gcp[count.index].nix
    })

    shutdown-script = nonsensitive("#!/usr/bin/env bash\nset -euo pipefail\ncd /home/vsts/agent\nsu vsts <<SHUTDOWN_AGENT\nexport VSTS_AGENT_INPUT_TOKEN='${secret_resource.vsts-token.value}'\n./config.sh remove --unattended --auth PAT\nSHUTDOWN_AGENT\n    ")
--- a/infra/ubuntu_startup.sh
+++ b/infra/ubuntu_startup.sh
@ -198,7 +198,7 @@ chown --recursive root:root /home/vsts/agent/{*.sh,bin,externals}

 # This needs to run inside of a user with sudo access
 echo "vsts ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers.d/nix_installation
-su --command "sh <(curl -sSfL https://nixos.org/nix/install) --daemon" --login vsts
+${nix}
 rm /etc/sudoers.d/nix_installation

 # Note: the "hydra.da-int.net" string is now part of the name of the key for