Skip to content

Commit d04f3b1

Browse files
EnzimeMic92
Enzime
authored and
Mic92
committed
terraform/install: fix build_on_remote = false
Due to the Terraform variables being passed to `run-nixos-anywhere.sh` via environment variables, these environment variables wound up getting passed to `nixos-anywhere`. `nixos-anywhere` would then read the value `false` which would break everything as it expects the variable to be unset or set to `y`, leading to `disko_script` not being set.
1 parent 1283995 commit d04f3b1

File tree

2 files changed

+43
-32
lines changed

2 files changed

+43
-32
lines changed

terraform/install/main.tf

Lines changed: 17 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,21 @@
11
locals {
22
disk_encryption_key_scripts = [for k in var.disk_encryption_key_scripts : "\"${k.path}\" \"${k.script}\""]
3+
arguments = jsonencode({
4+
ssh_private_key = var.ssh_private_key
5+
stop_after_disko = var.stop_after_disko
6+
debug_logging = var.debug_logging
7+
kexec_tarball_url = var.kexec_tarball_url
8+
nixos_partitioner = var.nixos_partitioner
9+
nixos_system = var.nixos_system
10+
target_user = var.target_user
11+
target_host = var.target_host
12+
target_port = var.target_port
13+
target_pass = var.target_pass
14+
extra_files_script = var.extra_files_script
15+
no_reboot = var.no_reboot
16+
build_on_remote = var.build_on_remote
17+
flake = var.flake
18+
})
319
}
420

521
resource "null_resource" "nixos-remote" {
@@ -8,20 +24,7 @@ resource "null_resource" "nixos-remote" {
824
}
925
provisioner "local-exec" {
1026
environment = merge({
11-
SSH_PRIVATE_KEY = var.ssh_private_key
12-
SSHPASS = var.target_pass
13-
stop_after_disko = var.stop_after_disko
14-
debug_logging = var.debug_logging
15-
kexec_tarball_url = var.kexec_tarball_url
16-
nixos_partitioner = var.nixos_partitioner
17-
nixos_system = var.nixos_system
18-
target_user = var.target_user
19-
target_host = var.target_host
20-
target_port = var.target_port
21-
extra_files_script = var.extra_files_script
22-
no_reboot = var.no_reboot
23-
build_on_remote = var.build_on_remote
24-
flake = var.flake
27+
ARGUMENTS = local.arguments
2528
}, var.extra_environment)
2629
command = "${path.module}/run-nixos-anywhere.sh ${join(" ", local.disk_encryption_key_scripts)}"
2730
quiet = var.debug_logging

terraform/install/run-nixos-anywhere.sh

Lines changed: 26 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -2,28 +2,36 @@
22
set -euo pipefail
33

44
SCRIPT_DIR="$(realpath "$(dirname "${BASH_SOURCE[0]}")")"
5+
6+
declare -A input
7+
8+
while IFS= read -r -d '' key && IFS= read -r -d '' value; do
9+
input[$key]=$value
10+
done < <(jq -j 'to_entries[] | (.key, "\u0000", .value, "\u0000")' <<<$ARGUMENTS)
11+
512
args=()
613

7-
if [[ ${debug_logging-} == "true" ]]; then
14+
if [[ ${input[debug_logging]} == "true" ]]; then
815
set -x
16+
declare -p input
917
args+=("--debug")
1018
fi
11-
if [[ ${stop_after_disko-} == "true" ]]; then
19+
if [[ ${input[stop_after_disko]} == "true" ]]; then
1220
args+=("--stop-after-disko")
1321
fi
14-
if [[ ${kexec_tarball_url-} != "" ]]; then
15-
args+=("--kexec" "${kexec_tarball_url}")
22+
if [[ ${input[kexec_tarball_url]} != "null" ]]; then
23+
args+=("--kexec" "${input[kexec_tarball_url]}")
1624
fi
17-
if [[ ${no_reboot-} == "true" ]]; then
25+
if [[ ${input[no_reboot]} == "true" ]]; then
1826
args+=("--no-reboot")
1927
fi
20-
if [[ ${build_on_remote-} == "true" ]]; then
28+
if [[ ${input[build_on_remote]} == "true" ]]; then
2129
args+=("--build-on-remote")
2230
fi
23-
if [[ -n ${flake-} ]]; then
24-
args+=("--flake" "${flake}")
31+
if [[ -n ${input[flake]} ]]; then
32+
args+=("--flake" "${input[flake]}")
2533
else
26-
args+=("--store-paths" "${nixos_partitioner}" "${nixos_system}")
34+
args+=("--store-paths" "${input[nixos_partitioner]}" "${input[nixos_system]}")
2735
fi
2836
if [[ -n ${SSHPASS-} ]]; then
2937
args+=("--env-password")
@@ -35,25 +43,25 @@ cleanup() {
3543
}
3644
trap cleanup EXIT
3745

38-
if [[ ${extra_files_script-} != "" ]]; then
39-
if [[ ! -f ${extra_files_script} ]]; then
40-
echo "extra_files_script '${extra_files_script}' does not exist"
46+
if [[ ${input[extra_files_script]} != "null" ]]; then
47+
if [[ ! -f ${input[extra_files_script]} ]]; then
48+
echo "extra_files_script '${input[extra_files_script]}' does not exist"
4149
exit 1
4250
fi
43-
if [[ ! -x ${extra_files_script} ]]; then
44-
echo "extra_files_script '${extra_files_script}' is not executable"
51+
if [[ ! -x ${input[extra_files_script]} ]]; then
52+
echo "extra_files_script '${input[extra_files_script]}' is not executable"
4553
exit 1
4654
fi
47-
extra_files_script=$(realpath "${extra_files_script}")
55+
extra_files_script=$(realpath "${input[extra_files_script]}")
4856
mkdir "${tmpdir}/extra-files"
4957
pushd "${tmpdir}/extra-files"
5058
$extra_files_script
5159
popd
5260
args+=("--extra-files" "${tmpdir}/extra-files")
5361
fi
5462

55-
args+=("-p" "${target_port}")
56-
args+=("${target_user}@${target_host}")
63+
args+=("-p" "${input[target_port]}")
64+
args+=("${input[target_user]}@${input[target_host]}")
5765

5866
keyIdx=0
5967
while [[ $# -gt 0 ]]; do
@@ -73,4 +81,4 @@ while [[ $# -gt 0 ]]; do
7381
keyIdx=$((keyIdx + 1))
7482
done
7583

76-
nix run --extra-experimental-features 'nix-command flakes' "path:${SCRIPT_DIR}/../..#nixos-anywhere" -- "${args[@]}"
84+
SSH_PASS=${input[target_pass]} SSH_PRIVATE_KEY="${input[ssh_private_key]}" nix run --extra-experimental-features 'nix-command flakes' "path:${SCRIPT_DIR}/../..#nixos-anywhere" -- "${args[@]}"

0 commit comments

Comments
 (0)