mirror of
https://github.com/nix-community/nixos-anywhere.git
synced 2024-10-26 16:30:39 +03:00
terraform: init modules
This commit is contained in:
parent
1b976d803c
commit
411fb9bd76
31
terraform/all-in-one/main.tf
Normal file
31
terraform/all-in-one/main.tf
Normal file
@ -0,0 +1,31 @@
|
||||
module "system-build" {
|
||||
source = "../nix-build"
|
||||
attribute = var.nixos_system_attr
|
||||
file = var.file
|
||||
}
|
||||
|
||||
module "partitioner-build" {
|
||||
source = "../nix-build"
|
||||
attribute = var.nixos_partitioner_attr
|
||||
file = var.file
|
||||
}
|
||||
|
||||
module "install" {
|
||||
source = "../install"
|
||||
kexec_tarball_url = var.kexec_tarball_url
|
||||
target_user = var.target_user
|
||||
target_host = var.target_host
|
||||
target_port = var.target_port
|
||||
nixos_partitioner = module.partitioner-build.result.out
|
||||
nixos_system = module.system-build.result.out
|
||||
ssh_private_key = var.ssh_private_key
|
||||
}
|
||||
|
||||
module "nixos-rebuild" {
|
||||
depends_on = [
|
||||
module.install
|
||||
]
|
||||
source = "../nixos-rebuild"
|
||||
nixos_system = module.system-build.result.out
|
||||
target_host = var.target_host
|
||||
}
|
46
terraform/all-in-one/variables.tf
Normal file
46
terraform/all-in-one/variables.tf
Normal file
@ -0,0 +1,46 @@
|
||||
variable "kexec_tarball_url" {
|
||||
type = string
|
||||
description = "NixOS kexec installer tarball url"
|
||||
default = null
|
||||
}
|
||||
|
||||
# To make this re-usuable we maybe should accept a store path here?
|
||||
variable "nixos_partitioner_attr" {
|
||||
type = string
|
||||
description = "nixos partitioner and mount script"
|
||||
}
|
||||
|
||||
# To make this re-usuable we maybe should accept a store path here?
|
||||
variable "nixos_system_attr" {
|
||||
type = string
|
||||
description = "The nixos system to deploy"
|
||||
}
|
||||
|
||||
variable "file" {
|
||||
type = string
|
||||
description = "file to get the nixos_system_attr and nixos_partitioner_attr from if they are not flakes."
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "target_host" {
|
||||
type = string
|
||||
description = "DNS host to deploy to"
|
||||
}
|
||||
|
||||
variable "target_user" {
|
||||
type = string
|
||||
description = "SSH user used to connect to the target_host, before installing NixOS"
|
||||
default = "root"
|
||||
}
|
||||
|
||||
variable "target_port" {
|
||||
type = number
|
||||
description = "SSH port used to connect to the target_host, before installing NixOS"
|
||||
default = 22
|
||||
}
|
||||
|
||||
variable "ssh_private_key" {
|
||||
type = string
|
||||
description = "Content of private key used to connect to the target_host"
|
||||
default = null
|
||||
}
|
8
terraform/install/main.tf
Normal file
8
terraform/install/main.tf
Normal file
@ -0,0 +1,8 @@
|
||||
resource "null_resource" "nixos-remote" {
|
||||
provisioner "local-exec" {
|
||||
environment = {
|
||||
SSH_PRIVATE_KEY = var.ssh_private_key
|
||||
}
|
||||
command = "nix run ${path.module}#nixos-remote -- --store-paths ${var.nixos_partitioner} ${var.nixos_system} ${var.target_user}@${var.target_host}"
|
||||
}
|
||||
}
|
5
terraform/install/providers.tf
Normal file
5
terraform/install/providers.tf
Normal file
@ -0,0 +1,5 @@
|
||||
terraform {
|
||||
required_providers {
|
||||
null = { source = "hashicorp/null" }
|
||||
}
|
||||
}
|
40
terraform/install/variables.tf
Normal file
40
terraform/install/variables.tf
Normal file
@ -0,0 +1,40 @@
|
||||
variable "kexec_tarball_url" {
|
||||
type = string
|
||||
description = "NixOS kexec installer tarball url"
|
||||
default = null
|
||||
}
|
||||
|
||||
# To make this re-usuable we maybe should accept a store path here?
|
||||
variable "nixos_partitioner" {
|
||||
type = string
|
||||
description = "nixos partitioner and mount script"
|
||||
}
|
||||
|
||||
# To make this re-usuable we maybe should accept a store path here?
|
||||
variable "nixos_system" {
|
||||
type = string
|
||||
description = "The nixos system to deploy"
|
||||
}
|
||||
|
||||
variable "target_host" {
|
||||
type = string
|
||||
description = "DNS host to deploy to"
|
||||
}
|
||||
|
||||
variable "target_user" {
|
||||
type = string
|
||||
description = "SSH user used to connect to the target_host"
|
||||
default = "root"
|
||||
}
|
||||
|
||||
variable "target_port" {
|
||||
type = number
|
||||
description = "SSH port used to connect to the target_host"
|
||||
default = 22
|
||||
}
|
||||
|
||||
variable "ssh_private_key" {
|
||||
type = string
|
||||
description = "Content of private key used to connect to the target_host"
|
||||
default = ""
|
||||
}
|
10
terraform/nix-build/main.tf
Normal file
10
terraform/nix-build/main.tf
Normal file
@ -0,0 +1,10 @@
|
||||
data "external" "nix-build" {
|
||||
program = [ "${path.module}/nix-build.sh" ]
|
||||
query = {
|
||||
attribute = var.attribute
|
||||
file = var.file
|
||||
}
|
||||
}
|
||||
output "result" {
|
||||
value = data.external.nix-build.result
|
||||
}
|
12
terraform/nix-build/nix-build.sh
Executable file
12
terraform/nix-build/nix-build.sh
Executable file
@ -0,0 +1,12 @@
|
||||
#!/usr/bin/env bash
|
||||
set -efu
|
||||
|
||||
declare file attribute
|
||||
eval "$(jq -r '@sh "attribute=\(.attribute) file=\(.file)"')"
|
||||
if [[ -e ${file+x} ]]; then
|
||||
out=$(nix build --no-link --json -f "$file" "$attribute")
|
||||
printf '%s' "$out" | jq -c '.[].outputs'
|
||||
else
|
||||
out=$(nix build --no-link --json "$attribute")
|
||||
printf '%s' "$out" | jq -c '.[].outputs'
|
||||
fi
|
10
terraform/nix-build/variables.tf
Normal file
10
terraform/nix-build/variables.tf
Normal file
@ -0,0 +1,10 @@
|
||||
variable "attribute" {
|
||||
type = string
|
||||
description = "the attribute to build, can also be a flake"
|
||||
}
|
||||
|
||||
variable "file" {
|
||||
type = string
|
||||
description = "the nix file to evaluate, if not run in flake mode"
|
||||
default = null
|
||||
}
|
34
terraform/nixos-rebuild/deploy.sh
Executable file
34
terraform/nixos-rebuild/deploy.sh
Executable file
@ -0,0 +1,34 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -uex -o pipefail
|
||||
|
||||
if [ "$#" -ne 3 ]; then
|
||||
echo "USAGE: $0 NIXOS_SYSTEM TARGET_HOST TARGET_PORT" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
NIXOS_SYSTEM=$1
|
||||
TARGET_HOST=$2
|
||||
TARGET_PORT=$3
|
||||
shift 3
|
||||
|
||||
workDir=$(mktemp -d)
|
||||
trap 'rm -rf "$workDir"' EXIT
|
||||
|
||||
sshOpts=(-p "${TARGET_PORT}")
|
||||
sshOpts+=(-o UserKnownHostsFile=/dev/null)
|
||||
sshOpts+=(-o StrictHostKeyChecking=no)
|
||||
|
||||
if [[ -n ${SSH_KEY+x} && ${SSH_KEY} != "-" ]]; then
|
||||
sshPrivateKeyFile="$workDir/ssh_key"
|
||||
trap 'rm "$sshPrivateKeyFile"' EXIT
|
||||
echo "$SSH_KEY" >"$sshPrivateKeyFile"
|
||||
chmod 0700 "$sshPrivateKeyFile"
|
||||
unset SSH_AUTH_SOCK # don't use system agent if key was supplied
|
||||
sshOpts+=(-o "IdentityFile=${sshPrivateKeyFile}")
|
||||
fi
|
||||
|
||||
NIX_SSHOPTS="${sshOpts[*]}" retry -t 10 -d 10 -- nix copy -s --experimental-features nix-command --to "ssh://$TARGET_HOST" "$NIXOS_SYSTEM"
|
||||
|
||||
# shellcheck disable=SC2029
|
||||
ssh "${sshOpts[@]}" "$TARGET_HOST" "nix-env -p /nix/var/nix/profiles/system --set $(printf "%q" "$NIXOS_SYSTEM"); /nix/var/nix/profiles/system/bin/switch-to-configuration switch" || :
|
8
terraform/nixos-rebuild/main.tf
Normal file
8
terraform/nixos-rebuild/main.tf
Normal file
@ -0,0 +1,8 @@
|
||||
resource "null_resource" "nixos-rebuild" {
|
||||
triggers = {
|
||||
store_path = var.nixos_system
|
||||
}
|
||||
provisioner "local-exec" {
|
||||
command = "${path.module}/deploy.sh ${var.nixos_system} root@${var.target_host} ${var.target_port}"
|
||||
}
|
||||
}
|
15
terraform/nixos-rebuild/variables.tf
Normal file
15
terraform/nixos-rebuild/variables.tf
Normal file
@ -0,0 +1,15 @@
|
||||
variable "nixos_system" {
|
||||
type = string
|
||||
description = "The nixos system to deploy"
|
||||
}
|
||||
|
||||
variable "target_host" {
|
||||
type = string
|
||||
description = "DNS host to deploy to"
|
||||
}
|
||||
|
||||
variable "target_port" {
|
||||
type = number
|
||||
description = "SSH port used to connect to the target_host"
|
||||
default = 22
|
||||
}
|
Loading…
Reference in New Issue
Block a user