Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow to pass arguments to a hermetic configuration if it's a function #54

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Allow to pass arguments to a hermetic configuration if it's a function #54

wants to merge 1 commit into from

Conversation

tomferon
Copy link

It adds a variable arguments which is passed to the result of import configuration (requires hermetic) if it's a function. So we can write a configuration like the following.

module "deploy_nixos" {
  source               = "github.com/tomferon/terraform-nixos//deploy_nixos?ref=8d095e9903380ffbe068f053090ad68dd31cc174"
  config               = "${path.module}/servers/serverA.nix"
  hermetic             = true
  # ...

  arguments = {
    vpnKeys = {
      serverB = wireguard_asymmetric_key.serverB.public_key
    }
  }

  keys = {
    wireguard_private_key = wireguard_asymmetric_key.serverA.private_key
  }
}

with serverA.nix such as

{ vpnKeys }:

let
  sources = import ./sources.nix;

in
import sources.nixos {
  configuration = {
    # Something using vpnKeys.serverB
  };
}

@tomferon tomferon force-pushed the passing-arguments branch from 8d095e9 to caa6191 Compare June 12, 2021 12:19
@pingiun
Copy link
Contributor

pingiun commented Jun 15, 2021

In my configuration I solved this by using a templated file, but this method seems much better. I'll test out your PR

@pingiun
Copy link
Contributor

pingiun commented Jun 15, 2021

This worked great on my configuration! I would recommend merging this

@loafofpiecrust
Copy link

loafofpiecrust commented Jun 16, 2021
edited
Loading

I made a simpler similar branch that does this here. I can then do extra_eval_args = [ "--arg" "configArgs" "..." ]; but the inputs don't update on subsequent runs of terraform plan when they are resource attributes like ${aws_instance.mongodb.public_dns}. Changes to the configuration are detected and applied correctly, but with old values of the attributes that don't apply anymore. The code for this PR looks like it uses a very similar approach, but is this issue solved here?

tomprince
tomprince reviewed Jan 19, 2022
View reviewed changes
deploy_nixos/main.tf
@@ -81,6 +81,12 @@ variable "triggers" {
default = {}
}

variable "arguments" {
type = map(any)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
type = map(any)
type = any

According to https://www.terraform.io/language/expressions/type-constraints (and testing), map(any) requires that all values be of the same type. This will (for example) coerce boolean values to strings, if any of the values are strings.

@exarkun
Copy link
Contributor

exarkun commented Mar 9, 2022

I am using this to manage production systems now. It is nicer than what I was doing before which involved interpolating a JSON string into a Nix template file with Terrraform's template feature and then calling out to another Nix source file (so that most of the Nix is kept safe from the Terraform templating system).

Is there anything I can do to help get this merged?

@abbradar
Copy link

I have my fork of this which allows passing arguments to flakes and impure configurations too: https://github.com/abbradar/terraform-nixos/tree/passing-arguments.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomprince tomprince tomprince left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@tomferon @pingiun @loafofpiecrust @exarkun @abbradar @tomprince