about summary refs log tree commit diff
path: root/ops/terraform/deploy-nixos
AgeCommit message (Collapse)AuthorFilesLines
2024-06-10 r/8240 docs(ops/terraform/deploy-nixos): document variables in READMEFlorian Klink1-3/+9
Give some more context about what these mean. Mostly copied from the descriptions in nix-eval.sh Change-Id: I845f4227206f7035bcd185a708c14877a040c46a Reviewed-on: https://cl.tvl.fyi/c/depot/+/11778 Tested-by: BuildkiteCI Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com> Autosubmit: flokli <flokli@flokli.de> Reviewed-by: flokli <flokli@flokli.de>
2024-03-26 r/7783 refactor(ops/terraform/deploy-nixos): argstr -> argstr_jsonFlorian Klink1-3/+3
At least terraform wants all parameters passed via JSON to be strings. It can't accept maps. This means, allowing to pass a `argstr` JSON dict isn't really possible. However, terraform is perfectly able to JSON-encode a map. So accept a `argstr_json` argument instead, which `jq` will JSON-decode before further processing it. I dropped `argstr` support again so the jq expression still fits on my screen, if anyone else (started) using this, I'm happy to review a CL adding this. We should probably move the jq expression to some multiline format then, though. Change-Id: I5ab7a1169ab7305d3ab02db31c27732d9d1ab4e8 Reviewed-on: https://cl.tvl.fyi/c/depot/+/11228 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2024-03-26 r/7782 feat(ops/terraform/deploy-nixos): add `build` parameterFlorian Klink1-1/+10
If this is set to true (and only then), also invoke `nix-build` on the previously-instantiated .drv to cause builds/substitutions on the local machine. There's no terraform example for this in here, but this is useful if you want to perform builds locally, for example to upload nix-built blobs elsewhere through terraform. Change-Id: Idcf7b8527aa9c27f6f9ca60ca607c29d82e1cce9 Reviewed-on: https://cl.tvl.fyi/c/depot/+/11215 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2024-03-24 r/7780 feat(ops/terraform/deploy-nixos): add outPath output parameterFlorian Klink1-1/+5
We already did all the instantiation, grabbing the calculated output path too is cheap. Change-Id: Id591865c65159409da739f706a9de29a9f50456a Reviewed-on: https://cl.tvl.fyi/c/depot/+/11214 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de>
2024-03-22 r/7760 docs(ops/terraform/deploy-nixos): document inputs and outputsFlorian Klink3-22/+35
This documents the input and output format, and also removes some references to Terraform and evaluating NixOS system configurations. It can be used to evaluate anything. Change-Id: I8492cc3e386f89b299469c78e586644ee82a708f Reviewed-on: https://cl.tvl.fyi/c/depot/+/11213 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2024-03-14 r/7690 feat(ops/terraform/deploy-nixos): support argstr mapFlorian Klink1-3/+3
This allows setting argstr to a map of keys and values. We use jq to construct "--argstr k v" arguments, which are passed to nix-instantiate. Change-Id: I720a597ca2276364bc7005c156064d938f143041 Reviewed-on: https://cl.tvl.fyi/c/depot/+/11141 Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su>
2024-03-14 r/7689 refactor(ops/terraform/deploy-nixos): downcase bash variablesFlorian Klink1-4/+5
These are not environment variables, so let's shout less. Change-Id: I3132844937ee78b7230a46afc0240e0225a99f3e Reviewed-on: https://cl.tvl.fyi/c/depot/+/11140 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de>
2023-12-05 r/7111 chore(ops/terraform): add license informationFlorian Klink4-0/+20
This is the result of a `"reuse annotate --copyright "The TVL Authors" --license MIT"` in that directory, making it conformant with the REUSE Specification: https://reuse.software/spec Change-Id: I13e069b4621e8d5ccb7a09c12f772d70dea40a11 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10170 Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2023-05-16 r/6143 feat(ops/terraform/deploy-nixos): make target_user_ssh_key optionalFlorian Klink2-9/+14
In case `target_user_ssh_key` points to an empty string, nixos-copy.sh just doesn't set `IdentityFile=` at all. This allows using deploy-nixos without any explicitly passed ssh keys, but picking up whatever ssh setup the user has configured locally. Change-Id: If335ce8434627e61da13bf6923b9767085af08a5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8576 Autosubmit: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-03-08 r/5902 fix(ops/terraform): s/TARGET_ADDRESS/TARGET_HOSTFlorian Klink1-1/+1
We missed renaming this as well while iterating over https://cl.tvl.fyi/c/depot/+/7950. Change-Id: I704d3b60bb3beb1a2148e27bdd4a49075a6649b3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8230 Autosubmit: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-03-03 r/5872 feat(ops/terraform): add trigger to deploy-nixos, remove target_nameFlorian Klink2-10/+8
This allows passing in custom triggers to trigger a (re)deploy. For example, a caller can put an AWS instance ID into the triggers to cause a redeploy whenever the instance ID has changed. The `target_name` terraform variable was doing something similar, but `triggers` is more generic, allowing multiple triggers, without having to stringify them. We also don't need to trigger on the attrpath - it can be changed, and as long as it still evaluates to the same `data.external.nixos_system.result.drv` (which is checked on every plan), no redeploy needs to be made. Change-Id: I94ce787a50830b87b6f53c08e042e4abe4036bdd Reviewed-on: https://cl.tvl.fyi/c/depot/+/8191 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: flokli <flokli@flokli.de>
2023-03-03 r/5871 feat(ops/terraform): allow specifying an entrypoint for the attrsetFlorian Klink2-5/+15
This adds an additional parameter `entrypoint`, pointing to a .nix file (or a directory containing a `default.nix` file) that's providing the attribute path asked for. If not set / kept at the default (empty string), it falls back to the root dir of the repository as before. Change-Id: I2e63114f21660c842153ac15424b3491d66624d2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8190 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de>
2023-03-03 r/5867 feat(ops/terraform): add module for deploying NixOS system closuresVincent Ambo4-0/+182
This module makes it fairly easy to deploy NixOS system closures using Terraform, while properly separating the evaluation of a derivation (to determine whether a deploy is needed) from the building and copying of the closure itself. This has been on my stack for a while. It was originally developed for Resoptima, who agreed to open-sourcing it in depot back when we completed our work with them. Their contribution has been acknowledged in the README. Co-Authored-By: Florian Klink <flokli@flokli.de> Change-Id: Ica4c170658cd25f1fb7072c9a45735fcc4351474 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7950 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI