terranix: init #14

Merged
raito merged 1 commit from terranix-init into main 2024-07-04 11:42:21 +00:00
3 changed files with 145 additions and 3 deletions
Showing only changes of commit e422da8f83 - Show all commits

1
.gitignore vendored
View file

@ -1,2 +1,3 @@
result
.gcroots
config.tf.json

View file

@ -23,6 +23,38 @@
"type": "github"
}
},
"bats-assert": {
"flake": false,
"locked": {
"lastModified": 1636059754,
"narHash": "sha256-ewME0l27ZqfmAwJO4h5biTALc9bDLv7Bl3ftBzBuZwk=",
"owner": "bats-core",
"repo": "bats-assert",
"rev": "34551b1d7f8c7b677c1a66fc0ac140d6223409e5",
"type": "github"
},
"original": {
"owner": "bats-core",
"repo": "bats-assert",
"type": "github"
}
},
"bats-support": {
"flake": false,
"locked": {
"lastModified": 1548869839,
"narHash": "sha256-Gr4ntadr42F2Ks8Pte2D4wNDbijhujuoJi4OPZnTAZU=",
"owner": "bats-core",
"repo": "bats-support",
"rev": "d140a65044b2d6810381935ae7f0c94c7023c8c3",
"type": "github"
},
"original": {
"owner": "bats-core",
"repo": "bats-support",
"type": "github"
}
},
"colmena": {
"inputs": {
"flake-compat": "flake-compat",
@ -115,6 +147,21 @@
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1634851050,
"narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c91f3de5adaf1de973b797ef7485e441a65b8935",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -230,6 +277,21 @@
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1636823747,
"narHash": "sha256-oWo1nElRAOZqEf90Yek2ixdHyjD+gqtS/pAgwaQ9UhQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f6a2ed2082d9a51668c86ba27d0b5496f7a2ea93",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixpkgs",
"type": "github"
}
},
"pre-commit-hooks": {
"flake": false,
"locked": {
@ -255,7 +317,8 @@
"hydra",
"nix"
],
"nixpkgs": "nixpkgs"
"nixpkgs": "nixpkgs",
"terranix": "terranix"
}
},
"stable": {
@ -288,6 +351,43 @@
"repo": "default",
"type": "github"
}
},
"terranix": {
"inputs": {
"bats-assert": "bats-assert",
"bats-support": "bats-support",
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_2",
"terranix-examples": "terranix-examples"
},
"locked": {
"lastModified": 1695406838,
"narHash": "sha256-xiUfVD6rtsVWFotVtUW3Q1nQh4obKzgvpN1wqZuGXvM=",
"owner": "terranix",
"repo": "terranix",
"rev": "fc9077ca02ab5681935dbf0ecd725c4d889b9275",
"type": "github"
},
"original": {
"owner": "terranix",
"repo": "terranix",
"type": "github"
}
},
"terranix-examples": {
"locked": {
"lastModified": 1636300201,
"narHash": "sha256-0n1je1WpiR6XfCsvi8ZK7GrpEnMl+DpwhWaO1949Vbc=",
"owner": "terranix",
"repo": "terranix-examples",
"rev": "a934aa1cf88f6bd6c6ddb4c77b77ec6e1660bd5e",
"type": "github"
},
"original": {
"owner": "terranix",
"repo": "terranix-examples",
"type": "github"
}
}
},
"root": "root",

View file

@ -3,6 +3,7 @@
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
terranix.url = "github:terranix/terranix";
agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs";
@ -16,10 +17,50 @@
lix.follows = "hydra/nix";
};
outputs = { nixpkgs, ... } @ inputs: {
outputs = { self, nixpkgs, terranix, ... } @ inputs:
let
system = "x86_64-linux";
pkgs = import nixpkgs {
localSystem = system;
overlays = [
inputs.hydra.overlays.default
inputs.lix.overlays.default
];
};
lib = pkgs.lib;
terraform = pkgs.opentofu;
terraformCfg = terranix.lib.terranixConfiguration {
inherit system;
modules = [ ];
};
in
{
apps.${system} = {
apply = {
type = "app";
program = toString (pkgs.writers.writeBash "apply" ''
set -eo pipefail
raito marked this conversation as resolved Outdated

rm -f ignores failure anyway, so you don't need to check if it exists.

`rm -f` ignores failure anyway, so you don't need to check if it exists.
rm -f config.tf.json
raito marked this conversation as resolved Outdated

We could also ln -snf, then we don't even have to remove it first?

We could also `ln -snf`, then we don't even have to remove it first?
cp ${terraformCfg} config.tf.json
raito marked this conversation as resolved Outdated

set -eo pipefail rather than chaining &&?

`set -eo pipefail` rather than chaining `&&`?
${lib.getExe terraform} init
${lib.getExe terraform} apply
'');
};
raito marked this conversation as resolved Outdated

Is this something we anticipate doing regularly? oO

Is this something we anticipate doing regularly? oO
Outdated
Review

I just did it out of symmetry.

I just did it out of symmetry.
# nix run ".#destroy"
destroy = {
type = "app";
program = toString (pkgs.writers.writeBash "destroy" ''
set -eo pipefail
ln -snf ${terraformCfg} config.tf.json
${lib.getExe terraform} init
${lib.getExe terraform} destroy
'');
};
};
defaultApp.${system} = self.apps.${system}.apply;
colmena = {
meta.nixpkgs = import nixpkgs {
system = "x86_64-linux";
localSystem = system;
overlays = [
inputs.hydra.overlays.default
inputs.lix.overlays.default