terraform-nixos
terraform-nixos copied to clipboard
nix-community
Allow to pass arguments to a hermetic configuration if it's a function
It adds a variable arguments which is passed to the result of import configuration (requires hermetic) if it's a function. So we can write a configuration like the following.
module "deploy_nixos" {
source = "github.com/tomferon/terraform-nixos//deploy_nixos?ref=8d095e9903380ffbe068f053090ad68dd31cc174"
config = "${path.module}/servers/serverA.nix"
hermetic = true
# ...
arguments = {
vpnKeys = {
serverB = wireguard_asymmetric_key.serverB.public_key
}
}
keys = {
wireguard_private_key = wireguard_asymmetric_key.serverA.private_key
}
}
with serverA.nix such as
{ vpnKeys }:
let
sources = import ./sources.nix;
in
import sources.nixos {
configuration = {
# Something using vpnKeys.serverB
};
}
In my configuration I solved this by using a templated file, but this method seems much better. I'll test out your PR
I made a simpler similar branch that does this here. I can then do extra_eval_args = [ "--arg" "configArgs" "..." ]; but the inputs don't update on subsequent runs of terraform plan when they are resource attributes like ${aws_instance.mongodb.public_dns}. Changes to the configuration are detected and applied correctly, but with old values of the attributes that don't apply anymore. The code for this PR looks like it uses a very similar approach, but is this issue solved here?
I am using this to manage production systems now. It is nicer than what I was doing before which involved interpolating a JSON string into a Nix template file with Terrraform's template feature and then calling out to another Nix source file (so that most of the Nix is kept safe from the Terraform templating system).
Is there anything I can do to help get this merged?
I have my fork of this which allows passing arguments to flakes and impure configurations too: https://github.com/abbradar/terraform-nixos/tree/passing-arguments.
