forked from nix-community/nixos-anywhere
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
terraform: add
var.special_args
, see nix-community#413.
This PR adds a Terraform input variable named `special_args`. This allows passing in a JSON string from Terraform to expose to NixOS's `specialArgs` at build-time. This implementation extends the original `lib.nixosSystem` call to allow passing info without either use of `--impure` or having to stage to Git, thanks to @Mic92's suggestion at nix-community#414. Example usage: ```nix let servers = ...; variable = ...; data = ...; resource = ...; in { inherit variable data resource; module = lib.mapAttrs (server_name: _server_config: let in { # pin module version by nix flake inputs source = "github.com/numtide/nixos-anywhere?ref=${inputs.nixos-anywhere.sourceInfo.rev}/terraform/all-in-one"; ... special_args = lib.tfRef "jsonencode(${lib.strings.toJSON { tf = { inherit server_name; # all variables # var = lib.mapAttrs (k: _: lib.tfRef "var.${k}") variable; # non-sensitive variables var = lib.mapAttrs (k: _: lib.tfRef "var.${k}") (lib.filterAttrs (_k: v: !(v ? sensitive && v.sensitive)) variable); data = lib.mapAttrs (type: instances: lib.mapAttrs (k: _: tfRef "data.${type}.${k}") instances) data; resource = lib.mapAttrs (type: instances: lib.mapAttrs (k: _: tfRef "resource.${type}.${k}") instances) resource; server = lib.tfRef "resource.hcloud_server.${server_name}"; }; }})"; }) servers; } ``` You can then use these in your `nixosConfigurations`, in this example thru the `tf` argument.
- Loading branch information
1 parent
51d347d
commit be81995
Showing
7 changed files
with
47 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,15 +1,34 @@ | ||
#!/usr/bin/env bash | ||
set -efu | ||
|
||
declare file attribute nix_options | ||
eval "$(jq -r '@sh "attribute=\(.attribute) file=\(.file) nix_options=\(.nix_options)"')" | ||
declare file attribute nix_options special_args | ||
eval "$(jq -r '@sh "attribute=\(.attribute) file=\(.file) nix_options=\(.nix_options) special_args=\(.special_args)"')" | ||
options=$(echo "${nix_options}" | jq -r '.options | to_entries | map("--option \(.key) \(.value)") | join(" ")') | ||
if [[ -n ${file-} ]] && [[ -e ${file-} ]]; then | ||
# shellcheck disable=SC2086 | ||
out=$(nix build --no-link --json $options -f "$file" "$attribute") | ||
printf '%s' "$out" | jq -c '.[].outputs' | ||
else | ||
# shellcheck disable=SC2086 | ||
out=$(nix build --no-link --json $options "$attribute") | ||
printf '%s' "$out" | jq -c '.[].outputs' | ||
# pass the args in a pure fashion by extending the original config | ||
if [[ ${special_args-} != "{}" ]]; then | ||
rest="$(echo "${attribute}" | cut -d "#" -f 2)" | ||
# e.g. config_path=nixosConfigurations.aarch64-linux.myconfig | ||
config_path="${rest%.config.*}" | ||
# e.g. config_attribute=config.system.build.toplevel | ||
config_attribute="config.${rest#*.config.}" | ||
|
||
# grab flake nar from error message | ||
flake_rel="$(echo "${attribute}" | cut -d "#" -f 1)" | ||
# e.g. flake_rel="." | ||
flake_dir="$(readlink -f "${flake_rel}")" | ||
flake_nar="$(nix build --expr "builtins.getFlake ''git+file://${flake_dir}?narHash=sha256-0000000000000000000000000000000000000000000=''" 2>&1 | grep -Po "(?<=got ')sha256-[^']*(?=')")" | ||
# substitute variables into the template | ||
nix_expr="(builtins.getFlake ''file://${flake_dir}/flake.nix?narHash=${flake_nar}'').${config_path}.extendModules { specialArgs = builtins.fromJSON ''${special_args}''; }" | ||
# inject `special_args` into nixos config's `specialArgs` | ||
# shellcheck disable=SC2086 | ||
out=$(nix build --no-link --json ${options} --expr "${nix_expr}" "${config_attribute}") | ||
else | ||
# shellcheck disable=SC2086 | ||
out=$(nix build --no-link --json ${options} "$attribute") | ||
fi | ||
fi | ||
printf '%s' "$out" | jq -c '.[].outputs' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters