add terraform integration test

Author: Mic92

.gitignore

@@ -4,3 +4,5 @@ result*
 
 # terraform
 .terraform.lock.hcl
+terraform/tests/hcloud/modules/ssh-key/test_key
+terraform/tests/hcloud/modules/ssh-key/test_key.pub

terraform/flake-module.nix

@@ -1,4 +1,13 @@
+{ inputs, ... }:
 {
+  flake.nixosConfigurations.terraform-test = inputs.nixpkgs.lib.nixosSystem {
+    system = "x86_64-linux";
+    modules = [
+      ../tests/modules/system-to-install.nix
+      inputs.disko.nixosModules.disko
+    ];
+  };
+
   perSystem = { pkgs, ... }: {
     devShells.terraform = pkgs.mkShell {
       buildInputs = with pkgs; [

terraform/tests/README.md

@@ -0,0 +1,116 @@
+# NixOS Anywhere Terraform Tests
+
+This directory contains tests for the `nixos-anywhere` Terraform modules using
+OpenTofu's built-in testing framework.
+
+## Test Structure
+
+```
+terraform/tests/
+├── main.tf                        # Core configuration for validation tests
+├── nixos-anywhere.tftest.hcl      # Basic validation tests (no external deps)
+├── nix-build-special-args.tftest.hcl # Nix build module tests with special_args
+├── hcloud-deployment.tftest.hcl   # Hetzner Cloud integration tests
+├── hcloud/                        # Hetzner Cloud deployment configuration
+    ├── main.tf
+```
+
+### For Hetzner Cloud Tests (Optional)
+
+- Hetzner Cloud account with API token
+
+## Running Tests
+
+### Basic Validation Tests (No External Dependencies)
+
+```bash
+# Enter development environment
+nix develop .#terraform
+
+# Initialize and run validation tests
+cd terraform/tests
+tofu init
+tofu test
+
+# Run Specific Test File
+tofu test -filter=nixos-anywhere.tftest.hcl
+```
+
+**Current Status:** Tests available for nixos-anywhere module and nix-build
+module
+
+### Hetzner Cloud Integration Tests
+
+```bash
+# Set your Hetzner Cloud token
+export TF_VAR_hcloud_token="your-64-character-hcloud-token"
+
+# Run Hetzner Cloud tests
+tofu test -filter hcloud-deployment.tftest.hcl
+```
+
+**Note:** These tests will fail if no valid token is provided.
+
+## Test Categories
+
+### 1. Validation Tests (`nixos-anywhere.tftest.hcl`)
+
+- **Purpose:** Validate configuration structure and variables
+- **Dependencies:** None (nixos-anywhere module only)
+- **Duration:** 30-60 seconds
+- **Cost:** Free
+
+### 2. Nix Build Special Args Tests (`nix-build-special-args.tftest.hcl`)
+
+- **Purpose:** Test nix-build module with special_args functionality
+- **Dependencies:** None (nix-build module only)
+- **Duration:** 30-60 seconds
+- **Cost:** Free
+
+### 3. Hetzner Cloud Tests (`hcloud-deployment.tftest.hcl`)
+
+- **Purpose:** Test complete deployment workflow
+- **Dependencies:** Valid Hetzner Cloud token
+- **Duration:** 5 minutes (apply tests)
+- **Cost:** ~€ 0.006 per hour
+
+## Usage Examples
+
+### Environment Variables
+
+```bash
+export TF_VAR_hcloud_token="your-token"
+export TF_VAR_test_name_prefix="my-test"
+```
+
+### Variable File (Optional)
+
+Create `terraform.tfvars`:
+
+```hcl
+hcloud_token = "your-token-here"
+test_name_prefix = "tftest-nixos-anywhere"
+```
+
+## Cleanup
+
+OpenTofu test automatically cleans up resources. Manual cleanup if needed:
+
+```bash
+# List test resources
+hcloud server list | grep tftest-nixos-anywhere
+hcloud ssh-key list | grep tftest-nixos-anywhere
+
+# Force cleanup
+hcloud server delete <server-id>
+hcloud ssh-key delete <key-id>
+```
+
+## Development
+
+### Test Best Practices
+
+- Use `command = plan` for validation tests
+- Use `command = apply` sparingly for integration tests
+- Include proper assertions with clear error messages
+- Make tests conditional based on available credentials

terraform/tests/hcloud-deployment.tftest.hcl

@@ -0,0 +1,26 @@
+# Terraform Test Configuration for nixos-anywhere Hetzner Cloud deployment
+# Run with: tofu test -var="hcloud_token=your-token-here"
+# These tests require a valid Hetzner Cloud API token
+
+variables {
+  test_name_prefix = "tftest-nixos-anywhere"
+}
+
+run "test_hcloud_deployment_apply" {
+  command = apply
+
+  module {
+    source = "./hcloud"
+  }
+
+  variables {
+    nixos_system_attr      = "github:nix-community/nixos-anywhere-examples#nixosConfigurations.hetzner-cloud.config.system.build.toplevel"
+    nixos_partitioner_attr = "github:nix-community/nixos-anywhere-examples#nixosConfigurations.hetzner-cloud.config.system.build.diskoNoDeps"
+    debug_logging          = true
+  }
+
+  assert {
+    condition     = output.nixos_anywhere_result != null
+    error_message = "nixos-anywhere deployment should produce a result"
+  }
+}

terraform/tests/hcloud/main.tf

@@ -0,0 +1,110 @@
+terraform {
+  required_providers {
+    hcloud = {
+      source  = "hetznercloud/hcloud"
+      version = "~> 1.45"
+    }
+    tls = {
+      source  = "hashicorp/tls"
+      version = "~> 4.0"
+    }
+    local = {
+      source  = "hashicorp/local"
+      version = "~> 2.4"
+    }
+  }
+}
+
+provider "hcloud" {
+  token = var.hcloud_token
+}
+
+variable "hcloud_token" {
+  description = "Hetzner Cloud API token (64 characters)"
+  type        = string
+  sensitive   = true
+}
+
+variable "test_name_prefix" {
+  description = "Prefix for test resource names"
+  type        = string
+  default     = "tftest-nixos-anywhere"
+}
+
+variable "nixos_system_attr" {
+  description = "NixOS system attribute to deploy"
+  type        = string
+}
+
+variable "nixos_partitioner_attr" {
+  description = "NixOS partitioner attribute"
+  type        = string
+}
+
+
+variable "debug_logging" {
+  description = "Enable debug logging"
+  type        = bool
+  default     = false
+}
+
+# Generate SSH key pair
+resource "tls_private_key" "test_key" {
+  algorithm = "ED25519"
+}
+
+# Save private key to file
+resource "local_file" "private_key" {
+  content         = tls_private_key.test_key.private_key_openssh
+  filename        = "${path.root}/test_key"
+  file_permission = "0600"
+}
+
+# Save public key to file
+resource "local_file" "public_key" {
+  content  = tls_private_key.test_key.public_key_openssh
+  filename = "${path.root}/test_key.pub"
+}
+
+# Create Hetzner Cloud SSH key
+resource "hcloud_ssh_key" "test_key" {
+  name       = "${var.test_name_prefix}-deployment-key"
+  public_key = tls_private_key.test_key.public_key_openssh
+}
+
+# Create test server
+resource "hcloud_server" "test_server" {
+  name        = "${var.test_name_prefix}-server"
+  image       = "ubuntu-22.04"
+  server_type = "cx22"
+  location    = "nbg1"
+  ssh_keys    = [hcloud_ssh_key.test_key.id]
+
+  labels = {
+    purpose  = "nixos-anywhere-test"
+    test_run = replace(replace(replace(timestamp(), ":", "-"), "T", "-"), "Z", "")
+  }
+}
+
+# nixos-anywhere all-in-one module
+module "nixos_anywhere" {
+  source = "../../all-in-one"
+
+  nixos_system_attr      = var.nixos_system_attr
+  nixos_partitioner_attr = var.nixos_partitioner_attr
+  target_host            = hcloud_server.test_server.ipv4_address
+  target_port            = 22
+  target_user            = "root"
+  debug_logging          = var.debug_logging
+  deployment_ssh_key     = tls_private_key.test_key.private_key_openssh
+  install_ssh_key        = tls_private_key.test_key.private_key_openssh
+
+  special_args = {
+    extraPublicKeys = [tls_private_key.test_key.public_key_openssh]
+  }
+}
+
+output "nixos_anywhere_result" {
+  description = "nixos-anywhere module result"
+  value       = module.nixos_anywhere.result
+}

terraform/tests/main.tf

@@ -0,0 +1,87 @@
+terraform {
+  required_providers {
+    external = {
+      source  = "hashicorp/external"
+      version = "~> 2.3"
+    }
+    null = {
+      source  = "hashicorp/null"
+      version = "~> 3.2"
+    }
+  }
+}
+
+variable "nixos_system_attr" {
+  description = "NixOS system attribute to deploy"
+  type        = string
+  default     = ""
+}
+
+variable "nixos_partitioner_attr" {
+  description = "NixOS partitioner attribute"
+  type        = string
+  default     = ""
+}
+
+variable "target_host" {
+  description = "Target host for deployment"
+  type        = string
+  default     = "test.example.com"
+}
+
+variable "target_port" {
+  description = "Target SSH port"
+  type        = number
+  default     = 22
+}
+
+variable "target_user" {
+  description = "Target SSH user"
+  type        = string
+  default     = "root"
+}
+
+variable "debug_logging" {
+  description = "Enable debug logging"
+  type        = bool
+  default     = false
+}
+
+variable "phases" {
+  description = "Deployment phases to run"
+  type        = set(string)
+  default     = ["kexec", "disko", "install"]
+}
+
+variable "build_on_remote" {
+  description = "Build on remote machine"
+  type        = bool
+  default     = false
+}
+
+variable "install_ssh_key" {
+  description = "SSH private key for installation"
+  type        = string
+  default     = ""
+  sensitive   = true
+}
+
+# nixos-anywhere all-in-one module
+module "nixos_anywhere" {
+  source = "../all-in-one"
+
+  nixos_system_attr      = var.nixos_system_attr
+  nixos_partitioner_attr = var.nixos_partitioner_attr
+  target_host            = var.target_host
+  target_port            = var.target_port
+  target_user            = var.target_user
+  debug_logging          = var.debug_logging
+  phases                 = var.phases
+  build_on_remote        = var.build_on_remote
+  install_ssh_key        = var.install_ssh_key
+}
+
+output "nixos_anywhere_result" {
+  description = "nixos-anywhere module result"
+  value       = module.nixos_anywhere.result
+}