Merge pull request #541 from nix-community/terraform-integration-test

Add Terraform integration test for hetzner cloud

Author: Mic92

.gitignore

@@ -1,3 +1,13 @@
 result*
-/.direnv
+.direnv
 /docs/book
+
+# terraform
+.terraform.lock.hcl
+terraform/tests/hcloud/modules/ssh-key/test_key
+terraform/tests/hcloud/modules/ssh-key/test_key.pub
+terraform/tests/hcloud/test_key
+terraform/tests/hcloud/test_key.pub
+errored_test.tfstate
+errored_test.tfstate.backup
+terraform.tfstate

flake.nix

@@ -26,6 +26,7 @@
         ./src/flake-module.nix
         ./tests/flake-module.nix
         ./docs/flake-module.nix
+        ./terraform/flake-module.nix
         # allow to disable treefmt in downstream flakes
       ] ++ inputs.nixpkgs.lib.optional (inputs.treefmt-nix ? flakeModule) ./treefmt/flake-module.nix;
 

terraform/.envrc

@@ -0,0 +1 @@
+use flake .#terraform

terraform/all-in-one.md

@@ -1,17 +1,19 @@
 module "system-build" {
-  source = "../nix-build"
-  attribute = var.nixos_system_attr
-  file = var.file
-  nix_options = var.nix_options
-  special_args = var.special_args
+  source        = "../nix-build"
+  attribute     = var.nixos_system_attr
+  debug_logging = var.debug_logging
+  file          = var.file
+  nix_options   = var.nix_options
+  special_args  = var.special_args
 }
 
 module "partitioner-build" {
-  source = "../nix-build"
-  attribute = var.nixos_partitioner_attr
-  file = var.file
-  nix_options = var.nix_options
-  special_args = var.special_args
+  source        = "../nix-build"
+  attribute     = var.nixos_partitioner_attr
+  debug_logging = var.debug_logging
+  file          = var.file
+  nix_options   = var.nix_options
+  special_args  = var.special_args
 }
 
 locals {
@@ -20,26 +22,26 @@ locals {
 }
 
 module "install" {
-  source                       = "../install"
-  kexec_tarball_url            = var.kexec_tarball_url
-  target_user                  = local.install_user
-  target_host                  = var.target_host
-  target_port                  = local.install_port
-  nixos_partitioner            = module.partitioner-build.result.out
-  nixos_system                 = module.system-build.result.out
-  ssh_private_key              = var.install_ssh_key
-  debug_logging                = var.debug_logging
-  extra_files_script           = var.extra_files_script
-  disk_encryption_key_scripts  = var.disk_encryption_key_scripts
-  extra_environment            = var.extra_environment
-  instance_id                  = var.instance_id
-  phases                       = var.phases
-  nixos_generate_config_path   = var.nixos_generate_config_path
-  nixos_facter_path            = var.nixos_facter_path
-  build_on_remote              = var.build_on_remote
+  source                      = "../install"
+  kexec_tarball_url           = var.kexec_tarball_url
+  target_user                 = local.install_user
+  target_host                 = var.target_host
+  target_port                 = local.install_port
+  nixos_partitioner           = module.partitioner-build.result.out
+  nixos_system                = module.system-build.result.out
+  ssh_private_key             = var.install_ssh_key
+  debug_logging               = var.debug_logging
+  extra_files_script          = var.extra_files_script
+  disk_encryption_key_scripts = var.disk_encryption_key_scripts
+  extra_environment           = var.extra_environment
+  instance_id                 = var.instance_id
+  phases                      = var.phases
+  nixos_generate_config_path  = var.nixos_generate_config_path
+  nixos_facter_path           = var.nixos_facter_path
+  build_on_remote             = var.build_on_remote
   # deprecated attributes
-  stop_after_disko             = var.stop_after_disko
-  no_reboot                    = var.no_reboot
+  stop_after_disko = var.stop_after_disko
+  no_reboot        = var.no_reboot
 }
 
 module "nixos-rebuild" {
@@ -50,12 +52,12 @@ module "nixos-rebuild" {
   # Do not execute this step if var.stop_after_disko == true
   count = var.stop_after_disko ? 0 : 1
 
-  source = "../nixos-rebuild"
-  nixos_system = module.system-build.result.out
-  ssh_private_key = var.deployment_ssh_key
-  target_host = var.target_host
-  target_user = var.target_user
-  target_port = var.target_port
+  source             = "../nixos-rebuild"
+  nixos_system       = module.system-build.result.out
+  ssh_private_key    = var.deployment_ssh_key
+  target_host        = var.target_host
+  target_user        = var.target_user
+  target_port        = var.target_port
   install_bootloader = var.install_bootloader
 }
 

terraform/all-in-one/main.tf

@@ -1,7 +1,7 @@
 variable "kexec_tarball_url" {
-  type = string
+  type        = string
   description = "NixOS kexec installer tarball url"
-  default = null
+  default     = null
 }
 
 # To make this re-usable we maybe should accept a store path here?
@@ -100,8 +100,8 @@ variable "extra_files_script" {
 }
 
 variable "disk_encryption_key_scripts" {
-  type        = list(object({
-    path = string
+  type = list(object({
+    path   = string
     script = string
   }))
   description = "Each script will be executed locally. Output of each will be created at the given path to disko during installation. The keys will be not copied to the final system"
@@ -115,9 +115,9 @@ variable "extra_environment" {
 }
 
 variable "nix_options" {
-  type = map(string)
+  type        = map(string)
   description = "the options of nix"
-  default = {}
+  default     = {}
 }
 
 variable "nixos_generate_config_path" {
@@ -133,8 +133,8 @@ variable "nixos_facter_path" {
 }
 
 variable "special_args" {
-  type = any
-  default = {}
+  type        = any
+  default     = {}
   description = "A map exposed as NixOS's `specialArgs` thru a file."
 }
 
@@ -145,7 +145,7 @@ variable "build_on_remote" {
 }
 
 variable "install_bootloader" {
-  type = bool
+  type        = bool
   description = "Install/re-install the bootloader"
-  default = false
+  default     = false
 }

terraform/all-in-one/variables.tf

@@ -0,0 +1,47 @@
+{ inputs, ... }:
+{
+  flake.nixosConfigurations.terraform-test = inputs.nixpkgs.lib.nixosSystem {
+    system = "x86_64-linux";
+    modules = [
+      ../tests/modules/system-to-install.nix
+      inputs.disko.nixosModules.disko
+      (args: {
+        # Example usage of special args from terraform
+        networking.hostName = args.terraform.hostname or "nixos-anywhere";
+
+        # Create testable files in /etc based on terraform special_args
+        environment.etc = {
+          "terraform-config.json" = {
+            text = builtins.toJSON args.terraform or { };
+            mode = "0644";
+          };
+        };
+      })
+    ];
+  };
+
+  perSystem = { pkgs, ... }: {
+    devShells.terraform = pkgs.mkShell {
+      buildInputs = with pkgs; [
+        terraform-docs
+        (opentofu.withPlugins (p: [
+          p.tls
+          p.hcloud
+          p.local
+          p.external
+          p.null
+        ]))
+      ];
+
+      shellHook = ''
+        echo "🚀 Terraform development environment"
+        echo "Available tools:"
+        echo "  - terraform-docs"
+        echo "  - opentofu"
+        echo ""
+        echo "To run tests: cd terraform/tests && tofu test"
+        echo "To update docs: cd terraform && ./update-docs.sh"
+      '';
+    };
+  };
+}