diff options
| author | Griffin Smith <grfn@gws.fyi> | 2021-12-27T03·37-0500 |
|---|---|---|
| committer | clbot <clbot@tvl.fyi> | 2021-12-27T03·46+0000 |
| commit | 784e35bf553bc7f426aa2f663db6d32121431590 (patch) | |
| tree | bf9de60f8d49113d6d450c1e868aaf4ae3f55219 /users/grfn/terraform/workspace.nix | |
| parent | 503ac8c78253b8339fd99719a3c02658ddf6e70e (diff) | |
feat(grfn/bbbg): Production deployment r/3456
Start of a production deployment of the app with nixos+terraform, using provisioners and null-resources to provision nixos machines a'la espes. Change-Id: I2ddaed76d0037dadbf9fc9e2ee27e9e67a852228 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4695 Reviewed-by: grfn <grfn@gws.fyi> Autosubmit: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI
Diffstat (limited to '')
| -rw-r--r-- | users/grfn/terraform/workspace.nix | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/users/grfn/terraform/workspace.nix b/users/grfn/terraform/workspace.nix new file mode 100644 index 0000000000..c2a0fdb977 --- /dev/null +++ b/users/grfn/terraform/workspace.nix @@ -0,0 +1,104 @@ +{ pkgs, depot, ... }: +name: { plugins }: module_tf: + +let + + inherit (pkgs) lib runCommandNoCC writeText writeScript; + inherit (lib) filterAttrsRecursive; + + allPlugins = (p: plugins p ++ (with p; [ + external + local + tls + p.null + ])); + + tf = pkgs.terraform.withPlugins allPlugins; + + cleanTerraform = filterAttrsRecursive (k: _: ! (builtins.elem k [ + "__readTree" + "__readTreeChildren" + ])); + + plugins_tf = { + terraform.required_providers = (builtins.listToAttrs (map (p: { + name = lib.last (lib.splitString "/" p.provider-source-address); + value = { + source = p.provider-source-address; + version = p.version; + }; + }) (allPlugins pkgs.terraform.plugins))); + }; + + + module_tf' = module_tf // { + inherit (depot.users.grfn.terraform) globals; + plugins = plugins_tf; + }; + + module = runCommandNoCC "module" {} '' + mkdir $out + ${lib.concatStrings (lib.mapAttrsToList (k: config_tf: + (let + # TODO: filterAttrsRecursive? + configJson = writeText "${k}.tf.json" + (builtins.toJSON (cleanTerraform config_tf)); + in '' + ${pkgs.jq}/bin/jq . ${configJson} > $out/${lib.escapeShellArg k}.tf.json + '')) + (cleanTerraform module_tf'))} + ''; + + + tfcmd = writeScript "${name}-tfcmd" '' + set -e + dir="''${TF_STATE_ROOT:-$HOME/tfstate}/${name}" + cd "$dir" + rm -f *.json + cp ${module}/*.json . + exec ${tf}/bin/terraform "$(basename "$0")" + ''; + + init = writeScript "${name}-init" '' + set -e + dir="''${TF_STATE_ROOT:-$HOME/tfstate}/${name}" + [ -d "$dir" ] || mkdir -p "$dir" + cd "$dir" + rm -f *.json + cp ${module}/*.json . + exec ${tf}/bin/terraform init + ''; + + # TODO: import (-config) + tfcmds = runCommandNoCC "${name}-tfcmds" {} '' + mkdir -p $out/bin + ln -s ${init} $out/bin/init + ln -s ${tfcmd} $out/bin/validate + ln -s ${tfcmd} $out/bin/plan + ln -s ${tfcmd} $out/bin/apply + ln -s ${tfcmd} $out/bin/destroy + ''; + +in { + inherit name module; + terraform = tf; + cmds = tfcmds; + + # run = { + # init = depot.nix.nixRunWrapper "init" tfcmds; + # validate = depot.nix.nixRunWrapper "validate" tfcmds; + # plan = depot.nix.nixRunWrapper "plan" tfcmds; + # apply = depot.nix.nixRunWrapper "apply" tfcmds; + # destroy = depot.nix.nixRunWrapper "destroy" tfcmds; + # }; + + test = runCommandNoCC "${name}-test" {} '' + set -e + export TF_STATE_ROOT=$(pwd) + ${tfcmds}/bin/init + ${tfcmds}/bin/validate + touch $out + ''; + + meta.targets = [ "module" "test" ]; +} |