Merge #72

72: Terraform module fixes r=Mic92 a=Mic92



Co-authored-by: Jörg Thalheim <joerg@thalheim.io>

Author: bors[bot]

src/nixos-anywhere.sh

@@ -308,7 +308,7 @@ if [[ -n ${extra_files-} ]]; then
   if [[ -d $extra_files ]]; then
     extra_files="$extra_files/"
   fi
-  rsync -rlpv -FF -e "ssh -i \"$ssh_key_dir\"/nixos-remote -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" "$extra_files" "${ssh_connection}:/mnt/"
+  rsync -rlpv -FF -e "ssh -i \"$ssh_key_dir\"/nixos-anywhere -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" "$extra_files" "${ssh_connection}:/mnt/"
 fi
 
 ssh_ <<SSH

terraform/all-in-one/main.tf

@@ -19,6 +19,8 @@ module "install" {
   nixos_partitioner      = module.partitioner-build.result.out
   nixos_system           = module.system-build.result.out
   ssh_private_key        = var.ssh_private_key
+  debug_logging          = var.debug_logging
+  instance_id            = var.instance_id
 }
 
 module "nixos-rebuild" {

terraform/all-in-one/variables.tf

@@ -7,18 +7,18 @@ variable "kexec_tarball_url" {
 # To make this re-usuable we maybe should accept a store path here?
 variable "nixos_partitioner_attr" {
   type        = string
-  description = "nixos partitioner and mount script"
+  description = "Nixos partitioner and mount script i.e. your-flake#nixosConfigurations.your-evaluated-nixos.config.system.build.diskoNoDeps or just your-evaluated.config.system.build.diskNoDeps. `config.system.build.diskNoDeps` is provided by the disko nixos module"
 }
 
 # To make this re-usuable we maybe should accept a store path here?
 variable "nixos_system_attr" {
   type        = string
-  description = "The nixos system to deploy"
+  description = "The nixos system to deploy i.e. your-flake#nixosConfigurations.your-evaluated-nixos.config.system.build.toplevel or just your-evaluated-nixos.config.system.build.toplevel if you are not using flakes"
 }
 
 variable "file" {
   type        = string
-  description = "file to get the nixos_system_attr and nixos_partitioner_attr from if they are not flakes."
+  description = "Nix file containing the nixos_system_attr and nixos_partitioner_attr. Use this if you are not using flake"
   default     = null
 }
 
@@ -39,8 +39,20 @@ variable "target_port" {
   default     = 22
 }
 
+variable "instance_id" {
+  type        = string
+  description = "The instance id of the target_host, used to track when to reinstall the machine"
+  default     = null
+}
+
 variable "ssh_private_key" {
   type        = string
   description = "Content of private key used to connect to the target_host"
   default     = null
 }
+
+variable "debug_logging" {
+  type        = bool
+  description = "Enable debug logging"
+  default     = false
+}

terraform/install/main.tf

@@ -1,8 +1,15 @@
+locals {
+  nixos_anywhere_flags = "${var.debug_logging ? "--debug" : ""} ${var.kexec_tarball_url != null ? "--kexec ${var.kexec_tarball_url}" : "" } --store-paths ${var.nixos_partitioner} ${var.nixos_system} ${var.target_user}@${var.target_host}"
+}
+
 resource "null_resource" "nixos-remote" {
+  triggers = {
+    instance_id = var.instance_id
+  }
   provisioner "local-exec" {
     environment = {
       SSH_PRIVATE_KEY = var.ssh_private_key
     }
-    command = "nix run ${path.module}#nixos-remote -- --store-paths ${var.nixos_partitioner} ${var.nixos_system} ${var.target_user}@${var.target_host}"
+    command = "nix run --extra-experimental-features 'nix-command flakes' ${path.module}#nixos-anywhere -- ${local.nixos_anywhere_flags}"
   }
 }

terraform/install/variables.tf

@@ -38,3 +38,15 @@ variable "ssh_private_key" {
   description = "Content of private key used to connect to the target_host"
   default     = ""
 }
+
+variable "instance_id" {
+  type        = string
+  description = "The instance id of the target_host, used to track when to reinstall the machine"
+  default     = null
+}
+
+variable "debug_logging" {
+  type        = bool
+  description = "Enable debug logging"
+  default     = false
+}

terraform/nix-build/nix-build.sh

@@ -3,7 +3,7 @@ set -efu
 
 declare file attribute
 eval "$(jq -r '@sh "attribute=\(.attribute) file=\(.file)"')"
-if [[ -e ${file+x} ]]; then
+if [[ -n ${file-} ]] && [[ -e ${file-} ]]; then
   out=$(nix build --no-link --json -f "$file" "$attribute")
   printf '%s' "$out" | jq -c '.[].outputs'
 else

terraform/nixos-rebuild/deploy.sh

@@ -28,7 +28,15 @@ if [[ -n ${SSH_KEY+x} && ${SSH_KEY} != "-" ]]; then
   sshOpts+=(-o "IdentityFile=${sshPrivateKeyFile}")
 fi
 
-NIX_SSHOPTS="${sshOpts[*]}" retry -t 10 -d 10 -- nix copy -s --experimental-features nix-command --to "ssh://$TARGET_HOST" "$NIXOS_SYSTEM"
+try=1
+until NIX_SSHOPTS="${sshOpts[*]}" nix copy -s --experimental-features nix-command --to "ssh://$TARGET_HOST" "$NIXOS_SYSTEM"; do
+  if [[ $try -gt 10 ]]; then
+    echo "retries exhausted" >&2
+    exit 1
+  fi
+  sleep 10
+  try=$((try + 1))
+done
 
 # shellcheck disable=SC2029
 ssh "${sshOpts[@]}" "$TARGET_HOST" "nix-env -p /nix/var/nix/profiles/system --set $(printf "%q" "$NIXOS_SYSTEM"); /nix/var/nix/profiles/system/bin/switch-to-configuration switch" || :