terraform: init modules

2024-08-17 04:10:36 +03:00 · 2023-01-13 16:06:08 +01:00 · 2023-01-13 16:06:08 +01:00 · 411fb9bd76
commit 411fb9bd76
parent 1b976d803c
11 changed files with 219 additions and 0 deletions
--- a/terraform/all-in-one/main.tf
+++ b/terraform/all-in-one/main.tf
@ -0,0 +1,31 @@
+module "system-build" {
+  source = "../nix-build"
+  attribute = var.nixos_system_attr
+  file = var.file
+}
+
+module "partitioner-build" {
+  source = "../nix-build"
+  attribute = var.nixos_partitioner_attr
+  file = var.file
+}
+
+module "install" {
+  source                 = "../install"
+  kexec_tarball_url      = var.kexec_tarball_url
+  target_user            = var.target_user
+  target_host            = var.target_host
+  target_port            = var.target_port
+  nixos_partitioner      = module.partitioner-build.result.out
+  nixos_system           = module.system-build.result.out
+  ssh_private_key        = var.ssh_private_key
+}
+
+module "nixos-rebuild" {
+  depends_on = [
+    module.install
+  ]
+  source = "../nixos-rebuild"
+  nixos_system = module.system-build.result.out
+  target_host = var.target_host
+}
--- a/terraform/all-in-one/variables.tf
+++ b/terraform/all-in-one/variables.tf
@ -0,0 +1,46 @@
+variable "kexec_tarball_url" {
+  type = string
+  description = "NixOS kexec installer tarball url"
+  default = null
+}
+
+# To make this re-usuable we maybe should accept a store path here?
+variable "nixos_partitioner_attr" {
+  type        = string
+  description = "nixos partitioner and mount script"
+}
+
+# To make this re-usuable we maybe should accept a store path here?
+variable "nixos_system_attr" {
+  type        = string
+  description = "The nixos system to deploy"
+}
+
+variable "file" {
+  type        = string
+  description = "file to get the nixos_system_attr and nixos_partitioner_attr from if they are not flakes."
+  default     = null
+}
+
+variable "target_host" {
+  type        = string
+  description = "DNS host to deploy to"
+}
+
+variable "target_user" {
+  type        = string
+  description = "SSH user used to connect to the target_host, before installing NixOS"
+  default     = "root"
+}
+
+variable "target_port" {
+  type        = number
+  description = "SSH port used to connect to the target_host, before installing NixOS"
+  default     = 22
+}
+
+variable "ssh_private_key" {
+  type        = string
+  description = "Content of private key used to connect to the target_host"
+  default     = null
+}
--- a/terraform/install/main.tf
+++ b/terraform/install/main.tf
@ -0,0 +1,8 @@
+resource "null_resource" "nixos-remote" {
+  provisioner "local-exec" {
+    environment = {
+      SSH_PRIVATE_KEY = var.ssh_private_key
+    }
+    command = "nix run ${path.module}#nixos-remote -- --store-paths ${var.nixos_partitioner} ${var.nixos_system} ${var.target_user}@${var.target_host}"
+  }
+}
--- a/terraform/install/providers.tf
+++ b/terraform/install/providers.tf
@ -0,0 +1,5 @@
+terraform {
+  required_providers {
+    null       = { source = "hashicorp/null" }
+  }
+}
--- a/terraform/install/variables.tf
+++ b/terraform/install/variables.tf
@ -0,0 +1,40 @@
+variable "kexec_tarball_url" {
+  type        = string
+  description = "NixOS kexec installer tarball url"
+  default     = null
+}
+
+# To make this re-usuable we maybe should accept a store path here?
+variable "nixos_partitioner" {
+  type        = string
+  description = "nixos partitioner and mount script"
+}
+
+# To make this re-usuable we maybe should accept a store path here?
+variable "nixos_system" {
+  type        = string
+  description = "The nixos system to deploy"
+}
+
+variable "target_host" {
+  type        = string
+  description = "DNS host to deploy to"
+}
+
+variable "target_user" {
+  type        = string
+  description = "SSH user used to connect to the target_host"
+  default     = "root"
+}
+
+variable "target_port" {
+  type        = number
+  description = "SSH port used to connect to the target_host"
+  default     = 22
+}
+
+variable "ssh_private_key" {
+  type        = string
+  description = "Content of private key used to connect to the target_host"
+  default     = ""
+}
--- a/terraform/nix-build/main.tf
+++ b/terraform/nix-build/main.tf
@ -0,0 +1,10 @@
+data "external" "nix-build" {
+  program = [ "${path.module}/nix-build.sh" ]
+  query = {
+    attribute = var.attribute
+    file = var.file
+  }
+}
+output "result" {
+  value = data.external.nix-build.result
+}
--- a/terraform/nix-build/nix-build.sh
+++ b/terraform/nix-build/nix-build.sh
@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+set -efu
+
+declare file attribute
+eval "$(jq -r '@sh "attribute=\(.attribute) file=\(.file)"')"
+if [[ -e ${file+x} ]]; then
+  out=$(nix build --no-link --json -f "$file" "$attribute")
+  printf '%s' "$out" | jq -c '.[].outputs'
+else
+  out=$(nix build --no-link --json "$attribute")
+  printf '%s' "$out" | jq -c '.[].outputs'
+fi
--- a/terraform/nix-build/variables.tf
+++ b/terraform/nix-build/variables.tf
@ -0,0 +1,10 @@
+variable "attribute" {
+  type = string
+  description = "the attribute to build, can also be a flake"
+}
+
+variable "file" {
+  type = string
+  description = "the nix file to evaluate, if not run in flake mode"
+  default = null
+}
--- a/terraform/nixos-rebuild/deploy.sh
+++ b/terraform/nixos-rebuild/deploy.sh
@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+set -uex -o pipefail
+
+if [ "$#" -ne 3 ]; then
+  echo "USAGE: $0 NIXOS_SYSTEM TARGET_HOST TARGET_PORT" >&2
+  exit 1
+fi
+
+NIXOS_SYSTEM=$1
+TARGET_HOST=$2
+TARGET_PORT=$3
+shift 3
+
+workDir=$(mktemp -d)
+trap 'rm -rf "$workDir"' EXIT
+
+sshOpts=(-p "${TARGET_PORT}")
+sshOpts+=(-o UserKnownHostsFile=/dev/null)
+sshOpts+=(-o StrictHostKeyChecking=no)
+
+if [[ -n ${SSH_KEY+x} && ${SSH_KEY} != "-" ]]; then
+  sshPrivateKeyFile="$workDir/ssh_key"
+  trap 'rm "$sshPrivateKeyFile"' EXIT
+  echo "$SSH_KEY" >"$sshPrivateKeyFile"
+  chmod 0700 "$sshPrivateKeyFile"
+  unset SSH_AUTH_SOCK # don't use system agent if key was supplied
+  sshOpts+=(-o "IdentityFile=${sshPrivateKeyFile}")
+fi
+
+NIX_SSHOPTS="${sshOpts[*]}" retry -t 10 -d 10 -- nix copy -s --experimental-features nix-command --to "ssh://$TARGET_HOST" "$NIXOS_SYSTEM"
+
+# shellcheck disable=SC2029
+ssh "${sshOpts[@]}" "$TARGET_HOST" "nix-env -p /nix/var/nix/profiles/system --set $(printf "%q" "$NIXOS_SYSTEM"); /nix/var/nix/profiles/system/bin/switch-to-configuration switch" || :
--- a/terraform/nixos-rebuild/main.tf
+++ b/terraform/nixos-rebuild/main.tf
@ -0,0 +1,8 @@
+resource "null_resource" "nixos-rebuild" {
+  triggers = {
+    store_path = var.nixos_system
+  }
+  provisioner "local-exec" {
+    command = "${path.module}/deploy.sh ${var.nixos_system} root@${var.target_host} ${var.target_port}"
+  }
+}
--- a/terraform/nixos-rebuild/variables.tf
+++ b/terraform/nixos-rebuild/variables.tf
@ -0,0 +1,15 @@
+variable "nixos_system" {
+  type        = string
+  description = "The nixos system to deploy"
+}
+
+variable "target_host" {
+  type        = string
+  description = "DNS host to deploy to"
+}
+
+variable "target_port" {
+  type        = number
+  description = "SSH port used to connect to the target_host"
+  default     = 22
+}