From dbca46d05205bdaab07d4faf1899a6452f34dd0f Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Sun, 29 Jan 2023 19:44:23 +0300 Subject: feat(ops/terraform): add module for deploying NixOS system closures This module makes it fairly easy to deploy NixOS system closures using Terraform, while properly separating the evaluation of a derivation (to determine whether a deploy is needed) from the building and copying of the closure itself. This has been on my stack for a while. It was originally developed for Resoptima, who agreed to open-sourcing it in depot back when we completed our work with them. Their contribution has been acknowledged in the README. Co-Authored-By: Florian Klink Change-Id: Ica4c170658cd25f1fb7072c9a45735fcc4351474 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7950 Reviewed-by: tazjin Tested-by: BuildkiteCI --- ops/terraform/deploy-nixos/nixos-eval.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100755 ops/terraform/deploy-nixos/nixos-eval.sh (limited to 'ops/terraform/deploy-nixos/nixos-eval.sh') diff --git a/ops/terraform/deploy-nixos/nixos-eval.sh b/ops/terraform/deploy-nixos/nixos-eval.sh new file mode 100755 index 0000000000..dd15784b1b --- /dev/null +++ b/ops/terraform/deploy-nixos/nixos-eval.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash +# +# Builds a NixOS system configuration at the given attribute path. +set -ueo pipefail + +# Load input variables from Terraform. jq's @sh format takes care of +# escaping. +eval "$(jq -r '@sh "ATTRPATH=\(.attrpath)"')" + +# Evaluate the system derivation. +# TODO: configurable REPO_ROOT +REPO_ROOT=$(git rev-parse --show-toplevel) +SYSTEM_DRV=$(nix-instantiate -A "${ATTRPATH}" "${REPO_ROOT}") + +# Return system derivation back to Terraform. +jq -n --arg drv "$SYSTEM_DRV" '{"drv":$drv}' -- cgit 1.4.1