Skip to content

Commit

Permalink
Merge pull request #384 from nix-community/terraform-fixes
Browse files Browse the repository at this point in the history 
Terraform fixes
  • Loading branch information
@Mic92
Mic92 authored Sep 16, 2024
2 parents fadbb63 + b699b30 commit 9db169c
Show file tree
Hide file tree
Showing 8 changed files with 97 additions and 71 deletions.
22 changes: 15 additions & 7 deletions docs/reference.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,21 +33,23 @@ Options:
set an ssh option
* -L, --print-build-logs
print full build logs
* --env-password
set a password used by ssh-copy-id, the password should be set by
the environment variable SSHPASS
* -s, --store-paths <disko-script> <nixos-system>
set the store paths to the disko-script and nixos-system directly
if this is give, flake is not needed
* --no-reboot
do not reboot after installation, allowing further customization of the target installation.
if this is given, flake is not needed
* --kexec <path>
use another kexec tarball to bootstrap NixOS
* --kexec-extra-flags
extra flags to add into the call to kexec, e.g. "--no-sync"
* --post-kexec-ssh-port <ssh_port>
after kexec is executed, use a custom ssh port to connect. Defaults to 22
* --copy-host-keys
copy over existing /etc/ssh/ssh_host_* host keys to the installation
* --stop-after-disko
exit after disko formatting, you can then proceed to install manually or some other way
* --extra-files <file...>
files to copy into the new nixos installation
* --extra-files <path>
path to a directory to copy into the root of the new nixos installation.
Copied files will be owned by root.
* --disk-encryption-keys <remote_path> <local_path>
copy the contents of the file or pipe in local_path to remote_path in the installer environment,
after kexec but before installation. Can be repeated.
Expand All @@ -63,6 +65,12 @@ Options:
build the closure on the remote machine instead of locally and copy-closuring it
* --vm-test
build the system and test the disk configuration inside a VM without installing it to the target.
* --phases
comma separated list of phases to run. Default is: kexec,disko,install,reboot
kexec: kexec into the nixos installer
disko: first unmount and destroy all filesystems on the disks we want to format, then run the create and mount mode
install: install the system
reboot: reboot the machine
```

## Explanation of known error messages
Expand Down
43 changes: 22 additions & 21 deletions terraform/all-in-one.md
View file

Large diffs are not rendered by default.

4 changes: 3 additions & 1 deletion terraform/all-in-one/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,13 @@ module "install" {
nixos_system = module.system-build.result.out
ssh_private_key = var.install_ssh_key
debug_logging = var.debug_logging
stop_after_disko = var.stop_after_disko
extra_files_script = var.extra_files_script
disk_encryption_key_scripts = var.disk_encryption_key_scripts
extra_environment = var.extra_environment
instance_id = var.instance_id
phases = var.phases
# deprecated attributes
stop_after_disko = var.stop_after_disko
no_reboot = var.no_reboot
}

Expand Down
20 changes: 13 additions & 7 deletions terraform/all-in-one/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,10 +77,22 @@ variable "debug_logging" {

variable "stop_after_disko" {
type = bool
description = "Exit after disko formatting"
description = "DEPRECATED: Use `phases` instead. Exit after disko formatting"
default = false
}

variable "no_reboot" {
type = bool
description = "DEPRECATED: Use `phases` instead. Do not reboot after installation"
default = false
}

variable "phases" {
type = set(string)
description = "Phases to run"
default = ["kexec", "disko", "install", "reboot"]
}

variable "extra_files_script" {
type = string
description = "A script that should place files in the current directory that will be copied to the targets / directory"
Expand All @@ -102,12 +114,6 @@ variable "extra_environment" {
default = {}
}

variable "no_reboot" {
type = bool
description = "Do not reboot after installation"
default = false
}

variable "nix_options" {
type = map(string)
description = "the options of nix"
Expand Down
38 changes: 20 additions & 18 deletions terraform/install.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,24 +61,26 @@ No modules.

## Inputs

| Name | Description | Type | Default | Required |
| --------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------- | -------- | :------: |
| <a name="input_build_on_remote"></a> [build\_on\_remote](#input_build_on_remote) | Build the closure on the remote machine instead of building it locally and copying it over | `bool` | `false` | no |
| <a name="input_debug_logging"></a> [debug\_logging](#input_debug_logging) | Enable debug logging | `bool` | `false` | no |
| <a name="input_disk_encryption_key_scripts"></a> [disk\_encryption\_key\_scripts](#input_disk_encryption_key_scripts) | Each script will be executed locally. Output of each will be created at the given path to disko during installation. The keys will be not copied to the final system | <pre>list(object({<br> path = string<br> script = string<br> }))</pre> | `[]` | no |
| <a name="input_extra_environment"></a> [extra\_environment](#input_extra_environment) | Extra environment variables to be set during installation. This can be useful to set extra variables for the extra\_files\_script or disk\_encryption\_key\_scripts | `map(string)` | `{}` | no |
| <a name="input_extra_files_script"></a> [extra\_files\_script](#input_extra_files_script) | A script that should place files in the current directory that will be copied to the targets / directory | `string` | `null` | no |
| <a name="input_flake"></a> [flake](#input_flake) | The flake to install the system from | `string` | `""` | no |
| <a name="input_instance_id"></a> [instance\_id](#input_instance_id) | The instance id of the target\_host, used to track when to reinstall the machine | `string` | `null` | no |
| <a name="input_kexec_tarball_url"></a> [kexec\_tarball\_url](#input_kexec_tarball_url) | NixOS kexec installer tarball url | `string` | `null` | no |
| <a name="input_nixos_partitioner"></a> [nixos\_partitioner](#input_nixos_partitioner) | nixos partitioner and mount script | `string` | `""` | no |
| <a name="input_nixos_system"></a> [nixos\_system](#input_nixos_system) | The nixos system to deploy | `string` | `""` | no |
| <a name="input_no_reboot"></a> [no\_reboot](#input_no_reboot) | Do not reboot the machine after installation | `bool` | `false` | no |
| <a name="input_ssh_private_key"></a> [ssh\_private\_key](#input_ssh_private_key) | Content of private key used to connect to the target\_host | `string` | `""` | no |
| <a name="input_stop_after_disko"></a> [stop\_after\_disko](#input_stop_after_disko) | Exit after disko formatting | `bool` | `false` | no |
| <a name="input_target_host"></a> [target\_host](#input_target_host) | DNS host to deploy to | `string` | n/a | yes |
| <a name="input_target_port"></a> [target\_port](#input_target_port) | SSH port used to connect to the target\_host | `number` | `22` | no |
| <a name="input_target_user"></a> [target\_user](#input_target_user) | SSH user used to connect to the target\_host | `string` | `"root"` | no |
| Name | Description | Type | Default | Required |
| --------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------- | ----------------------------------------------------------------------- | :------: |
| <a name="input_build_on_remote"></a> [build\_on\_remote](#input_build_on_remote) | Build the closure on the remote machine instead of building it locally and copying it over | `bool` | `false` | no |
| <a name="input_debug_logging"></a> [debug\_logging](#input_debug_logging) | Enable debug logging | `bool` | `false` | no |
| <a name="input_disk_encryption_key_scripts"></a> [disk\_encryption\_key\_scripts](#input_disk_encryption_key_scripts) | Each script will be executed locally. Output of each will be created at the given path to disko during installation. The keys will be not copied to the final system | <pre>list(object({<br> path = string<br> script = string<br> }))</pre> | `[]` | no |
| <a name="input_extra_environment"></a> [extra\_environment](#input_extra_environment) | Extra environment variables to be set during installation. This can be useful to set extra variables for the extra\_files\_script or disk\_encryption\_key\_scripts | `map(string)` | `{}` | no |
| <a name="input_extra_files_script"></a> [extra\_files\_script](#input_extra_files_script) | A script that should place files in the current directory that will be copied to the targets / directory | `string` | `null` | no |
| <a name="input_flake"></a> [flake](#input_flake) | The flake to install the system from | `string` | `""` | no |
| <a name="input_instance_id"></a> [instance\_id](#input_instance_id) | The instance id of the target\_host, used to track when to reinstall the machine | `string` | `null` | no |
| <a name="input_kexec_tarball_url"></a> [kexec\_tarball\_url](#input_kexec_tarball_url) | NixOS kexec installer tarball url | `string` | `null` | no |
| <a name="input_nixos_partitioner"></a> [nixos\_partitioner](#input_nixos_partitioner) | nixos partitioner and mount script | `string` | `""` | no |
| <a name="input_nixos_system"></a> [nixos\_system](#input_nixos_system) | The nixos system to deploy | `string` | `""` | no |
| <a name="input_no_reboot"></a> [no\_reboot](#input_no_reboot) | DEPRECATED: Use `phases` instead. Do not reboot after installation | `bool` | `false` | no |
| <a name="input_phases"></a> [phases](#input_phases) | Phases to run | `list(string)` | <pre>[<br> "kexec",<br> "disko",<br> "install",<br> "reboot"<br>]</pre> | no |
| <a name="input_ssh_private_key"></a> [ssh\_private\_key](#input_ssh_private_key) | Content of private key used to connect to the target\_host | `string` | `""` | no |
| <a name="input_stop_after_disko"></a> [stop\_after\_disko](#input_stop_after_disko) | DEPRECATED: Use `phases` instead. Exit after disko formatting | `bool` | `false` | no |
| <a name="input_target_host"></a> [target\_host](#input_target_host) | DNS host to deploy to | `string` | n/a | yes |
| <a name="input_target_pass"></a> [target\_pass](#input_target_pass) | Password used to connect to the target\_host | `string` | `null` | no |
| <a name="input_target_port"></a> [target\_port](#input_target_port) | SSH port used to connect to the target\_host | `number` | `22` | no |
| <a name="input_target_user"></a> [target\_user](#input_target_user) | SSH user used to connect to the target\_host | `string` | `"root"` | no |

## Outputs

Expand Down
Loading

0 comments on commit 9db169c

Please sign in to comment.