Merge pull request #542 from nix-community/digital-ocean

Add integration test for Digital ocean

Author: Mic92

.gitignore

@@ -4,10 +4,8 @@ result*
 
 # terraform
 .terraform.lock.hcl
-terraform/tests/hcloud/modules/ssh-key/test_key
-terraform/tests/hcloud/modules/ssh-key/test_key.pub
-terraform/tests/hcloud/test_key
-terraform/tests/hcloud/test_key.pub
+test_key
+test_key.pub
 errored_test.tfstate
 errored_test.tfstate.backup
 terraform.tfstate

terraform/flake-module.nix

@@ -25,11 +25,12 @@
       buildInputs = with pkgs; [
         terraform-docs
         (opentofu.withPlugins (p: [
-          p.tls
+          p.digitalocean
+          p.external
           p.hcloud
           p.local
-          p.external
           p.null
+          p.tls
         ]))
       ];
 

terraform/tests/README.md

@@ -7,17 +7,21 @@ OpenTofu's built-in testing framework.
 
 ```
 terraform/tests/
-├── main.tf                        # Core configuration for validation tests
-├── nixos-anywhere.tftest.hcl      # Basic validation tests (no external deps)
+├── main.tf                           # Core configuration for validation tests
+├── nixos-anywhere.tftest.hcl         # Basic validation tests (no external deps)
 ├── nix-build-special-args.tftest.hcl # Nix build module tests with special_args
-├── hcloud-deployment.tftest.hcl   # Hetzner Cloud integration tests
-├── hcloud/                        # Hetzner Cloud deployment configuration
+├── hcloud-deployment.tftest.hcl      # Hetzner Cloud integration tests
+├── digitalocean-deployment.tftest.hcl # DigitalOcean integration tests
+├── hcloud/                           # Hetzner Cloud deployment configuration
+│   ├── main.tf
+├── digitalocean/                     # DigitalOcean deployment configuration
     ├── main.tf
 ```
 
-### For Hetzner Cloud Tests (Optional)
+### For Cloud Provider Tests (Optional)
 
 - Hetzner Cloud account with API token
+- DigitalOcean account with API token
 
 ## Running Tests
 
@@ -39,7 +43,9 @@ tofu test -filter=nixos-anywhere.tftest.hcl
 **Current Status:** Tests available for nixos-anywhere module and nix-build
 module
 
-### Hetzner Cloud Integration Tests
+### Cloud Provider Integration Tests
+
+#### Hetzner Cloud
 
 ```bash
 # Set your Hetzner Cloud token
@@ -49,6 +55,16 @@ export TF_VAR_hcloud_token="your-64-character-hcloud-token"
 tofu test -filter hcloud-deployment.tftest.hcl
 ```
 
+#### DigitalOcean
+
+```bash
+# Set your DigitalOcean token
+export TF_VAR_digitalocean_token="your-digitalocean-api-token"
+
+# Run DigitalOcean tests
+tofu test -filter digitalocean-deployment.tftest.hcl
+```
+
 **Note:** These tests will fail if no valid token is provided.
 
 ## Test Categories
@@ -74,12 +90,20 @@ tofu test -filter hcloud-deployment.tftest.hcl
 - **Duration:** 5 minutes (apply tests)
 - **Cost:** ~€ 0.006 per hour
 
+### 4. DigitalOcean Tests (`digitalocean-deployment.tftest.hcl`)
+
+- **Purpose:** Test complete deployment workflow
+- **Dependencies:** Valid DigitalOcean API token
+- **Duration:** 5 minutes (apply tests)
+- **Cost:** ~$0,02679 per hour
+
 ## Usage Examples
 
 ### Environment Variables
 
 ```bash
-export TF_VAR_hcloud_token="your-token"
+export TF_VAR_hcloud_token="your-hcloud-token"
+export TF_VAR_digitalocean_token="your-digitalocean-token"
 export TF_VAR_test_name_prefix="my-test"
 ```
 
@@ -88,14 +112,17 @@ export TF_VAR_test_name_prefix="my-test"
 Create `terraform.tfvars`:
 
 ```hcl
-hcloud_token = "your-token-here"
+hcloud_token = "your-hcloud-token-here"
+digitalocean_token = "your-digitalocean-token-here"
 test_name_prefix = "tftest-nixos-anywhere"
 ```
 
 ## Cleanup
 
 OpenTofu test automatically cleans up resources. Manual cleanup if needed:
 
+### Hetzner Cloud
+
 ```bash
 # List test resources
 hcloud server list | grep tftest-nixos-anywhere
@@ -106,6 +133,18 @@ hcloud server delete <server-id>
 hcloud ssh-key delete <key-id>
 ```
 
+### DigitalOcean
+
+```bash
+# List test resources
+doctl compute droplet list | grep tftest-nixos-anywhere
+doctl compute ssh-key list | grep tftest-nixos-anywhere
+
+# Force cleanup
+doctl compute droplet delete <droplet-id>
+doctl compute ssh-key delete <key-id>
+```
+
 ## Development
 
 ### Test Best Practices

terraform/tests/digitalocean-deployment.tftest.hcl

@@ -0,0 +1,26 @@
+# Terraform Test Configuration for nixos-anywhere DigitalOcean deployment
+# Run with: tofu test -var="digitalocean_token=your-token-here"
+# These tests require a valid DigitalOcean API token
+
+variables {
+  test_name_prefix = "tftest-nixos-anywhere"
+}
+
+run "test_digitalocean_deployment_apply" {
+  command = apply
+
+  module {
+    source = "./digitalocean"
+  }
+
+  variables {
+    nixos_system_attr      = "github:nix-community/nixos-anywhere-examples#nixosConfigurations.digitalocean.config.system.build.toplevel"
+    nixos_partitioner_attr = "github:nix-community/nixos-anywhere-examples#nixosConfigurations.digitalocean.config.system.build.diskoNoDeps"
+    debug_logging          = true
+  }
+
+  assert {
+    condition     = output.nixos_anywhere_result != null
+    error_message = "nixos-anywhere deployment should produce a result"
+  }
+}

terraform/tests/digitalocean/main.tf

@@ -0,0 +1,135 @@
+terraform {
+  required_providers {
+    digitalocean = {
+      source  = "digitalocean/digitalocean"
+      version = "~> 2.34"
+    }
+    tls = {
+      source  = "hashicorp/tls"
+      version = "~> 4.0"
+    }
+    local = {
+      source  = "hashicorp/local"
+      version = "~> 2.4"
+    }
+  }
+}
+
+provider "digitalocean" {
+  token = var.digitalocean_token
+}
+
+variable "digitalocean_token" {
+  description = "DigitalOcean API token"
+  type        = string
+  sensitive   = true
+}
+
+variable "test_name_prefix" {
+  description = "Prefix for test resource names"
+  type        = string
+  default     = "tftest-nixos-anywhere"
+}
+
+variable "nixos_system_attr" {
+  description = "NixOS system attribute to deploy"
+  type        = string
+}
+
+variable "nixos_partitioner_attr" {
+  description = "NixOS partitioner attribute"
+  type        = string
+}
+
+variable "debug_logging" {
+  description = "Enable debug logging"
+  type        = bool
+  default     = false
+}
+
+# Generate SSH key pair
+resource "tls_private_key" "test_key" {
+  algorithm = "ED25519"
+}
+
+# Save private key to file
+resource "local_file" "private_key" {
+  content         = tls_private_key.test_key.private_key_openssh
+  filename        = "${path.root}/test_key"
+  file_permission = "0600"
+}
+
+# Save public key to file
+resource "local_file" "public_key" {
+  content  = tls_private_key.test_key.public_key_openssh
+  filename = "${path.root}/test_key.pub"
+}
+
+# Create DigitalOcean SSH key
+resource "digitalocean_ssh_key" "test_key" {
+  name       = "${var.test_name_prefix}-deployment-key"
+  public_key = tls_private_key.test_key.public_key_openssh
+}
+
+# Create test droplet
+# Note: Using s-2vcpu-2gb (minimum 2GB RAM required for nixos-anywhere kexec)
+# DigitalOcean uses /dev/vda for disk devices (handled by digitalocean config)
+resource "digitalocean_droplet" "test_server" {
+  name     = "${var.test_name_prefix}-server"
+  image    = "ubuntu-22-04-x64"
+  size     = "s-2vcpu-2gb"
+  region   = "nyc3"
+  ssh_keys = [digitalocean_ssh_key.test_key.id]
+
+  tags = [
+    "nixos-anywhere-test",
+    replace(replace(replace(timestamp(), ":", "-"), "T", "-"), "Z", "")
+  ]
+}
+
+# nixos-anywhere all-in-one module
+# Uses digitalocean configuration from nixos-anywhere-examples which:
+# - Sets disk device to /dev/vda (DigitalOcean standard)
+# - Configures cloud-init for network setup
+# - Disables DHCP in favor of cloud-init provisioning
+module "nixos_anywhere" {
+  source = "../../all-in-one"
+
+  nixos_system_attr      = var.nixos_system_attr
+  nixos_partitioner_attr = var.nixos_partitioner_attr
+  target_host            = digitalocean_droplet.test_server.ipv4_address
+  target_port            = 22
+  target_user            = "root"
+  debug_logging          = var.debug_logging
+  deployment_ssh_key     = tls_private_key.test_key.private_key_openssh
+  install_ssh_key        = tls_private_key.test_key.private_key_openssh
+
+  special_args = {
+    extraPublicKeys = [tls_private_key.test_key.public_key_openssh]
+  }
+}
+
+output "nixos_anywhere_result" {
+  description = "nixos-anywhere module result"
+  value       = module.nixos_anywhere.result
+}
+
+output "droplet_ip" {
+  description = "DigitalOcean droplet public IP address"
+  value       = digitalocean_droplet.test_server.ipv4_address
+}
+
+output "droplet_id" {
+  description = "DigitalOcean droplet ID for cleanup"
+  value       = digitalocean_droplet.test_server.id
+}
+
+output "ssh_key_id" {
+  description = "DigitalOcean SSH key ID for cleanup"
+  value       = digitalocean_ssh_key.test_key.id
+}
+
+output "ssh_connection_command" {
+  description = "SSH command to connect to the deployed server"
+  value       = "ssh -i ${local_file.private_key.filename} root@${digitalocean_droplet.test_server.ipv4_address}"
+}

terraform/tests/hcloud/main.tf

@@ -77,7 +77,7 @@ resource "hcloud_server" "test_server" {
   name        = "${var.test_name_prefix}-server"
   image       = "ubuntu-22.04"
   server_type = "cx22"
-  location    = "nbg1"
+  location    = "hel1"
   ssh_keys    = [hcloud_ssh_key.test_key.id]
 
   labels = {

terraform/tests/terraform.tfvars.example

@@ -5,6 +5,10 @@
 # Get this from https://console.hetzner.cloud/
 hcloud_token = "your-hcloud-token-here"
 
+# Required: DigitalOcean API token
+# Get this from https://cloud.digitalocean.com/account/api/tokens
+digitalocean_token = "your-digitalocean-token-here"
+
 # Optional: Prefix for test resource names
 # This helps identify and clean up test resources
 test_name_prefix = "tftest-nixos-anywhere"