diff --git a/effect.nix b/effect.nix
index 6da1702..e67264a 100644
--- a/effect.nix
+++ b/effect.nix
@@ -5,13 +5,13 @@
inherit (config.repo) ref;
in
{
- onPush.default.outputs.effects = withSystem "x86_64-linux" ({ hci-effects, pkgs, ... }:
+ onPush.default.outputs.effects = withSystem "x86_64-linux" ({ hci-effects, pkgs, self', ... }:
{
terraform-deploy =
hci-effects.runIf (pkgs.lib.hasPrefix "refs/heads/gh-readonly-queue/master/" ref)
(hci-effects.mkEffect {
name = "terraform-deploy";
- inputs = [ (builtins.getFlake (toString ./terraform/.)).outputs.devShells.x86_64-linux.default.nativeBuildInputs ];
+ inputs = [ self'.devShells.terraform.nativeBuildInputs ];
src = pkgs.lib.cleanSource ./.;
secretsMap.tf-secrets = "tf-secrets";
effectScript = ''
diff --git a/flake.lock b/flake.lock
index 58bad51..8e70766 100644
--- a/flake.lock
+++ b/flake.lock
@@ -160,6 +160,7 @@
"nur-update": "nur-update",
"sops-nix": "sops-nix",
"srvos": "srvos",
+ "tf-pkgs": "tf-pkgs",
"treefmt-nix": "treefmt-nix"
}
},
@@ -204,6 +205,22 @@
"type": "github"
}
},
+ "tf-pkgs": {
+ "locked": {
+ "lastModified": 1683212983,
+ "narHash": "sha256-4GwtXD3tBUtBAL20ygoOggZWgLdxU34VZ1vanbV64KI=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "5751551558d7896ffb30ff3d709b4943bb3eafa8",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "5751551558d7896ffb30ff3d709b4943bb3eafa8",
+ "type": "github"
+ }
+ },
"treefmt-nix": {
"inputs": {
"nixpkgs": [
diff --git a/flake.nix b/flake.nix
index b665009..3f04985 100644
--- a/flake.nix
+++ b/flake.nix
@@ -39,6 +39,8 @@
treefmt-nix.url = "github:numtide/treefmt-nix";
treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
+
+ tf-pkgs.url = "github:NixOS/nixpkgs/5751551558d7896ffb30ff3d709b4943bb3eafa8";
};
outputs = inputs @ { flake-parts, self, ... }:
@@ -75,7 +77,7 @@
hercules-ci.github-pages.branch = "master";
perSystem = { config, pkgs, ... }: {
- imports = [ ./dev/shell.nix ];
+ imports = [ ./dev/shell.nix ./terraform/shell.nix ];
treefmt.imports = [ ./dev/treefmt.nix ];
packages.pages = pkgs.runCommand "pages"
diff --git a/tasks.py b/tasks.py
index 4f3830a..a6f733f 100644
--- a/tasks.py
+++ b/tasks.py
@@ -95,18 +95,20 @@ def update_terraform(c):
"""
Update terraform devshell flake
"""
- with c.cd("terraform"):
- c.run(
- """
+ c.run(
+ """
system="$(nix eval --impure --raw --expr 'builtins.currentSystem')"
-old="$(nix build --no-link --print-out-paths ".#devShells.${system}.default")"
-nix flake update --commit-lock-file
-new="$(nix build --no-link --print-out-paths ".#devShells.${system}.default")"
+oldShell="$(nix build --no-link --print-out-paths ".#devShells.${system}.terraform")"
+oldRev="$(nix flake metadata --json | jq -r '.locks.nodes."tf-pkgs".locked.rev')"
+newRev="$(nix flake metadata --json | jq -r '.locks.nodes.nixpkgs.locked.rev')"
+sed -i "s|${oldRev}|${newRev}|" flake.nix
+nix flake lock --update-input tf-pkgs --commit-lock-file
+newShell="$(nix build --no-link --print-out-paths ".#devShells.${system}.terraform")"
commit="$(git log --pretty=format:%B -1)"
-diff="$(nix store diff-closures "${old}" "${new}" | awk -F ',' '/terraform/ && /→/ {print $1}')"
-git commit --amend -m "${commit}" -m "Terraform updates:" -m "${diff}"
+diff="$(nix store diff-closures "${oldShell}" "${newShell}" | awk -F ',' '/terraform/ && /→/ {print $1}')"
+git commit --all --amend -m "${commit}" -m "Terraform updates:" -m "${diff}"
"""
- )
+ )
@task
diff --git a/terraform/.envrc b/terraform/.envrc
index 3550a30..1d58f04 100644
--- a/terraform/.envrc
+++ b/terraform/.envrc
@@ -1 +1 @@
-use flake
+use flake .#terraform
diff --git a/terraform/flake.lock b/terraform/flake.lock
deleted file mode 100644
index f210567..0000000
--- a/terraform/flake.lock
+++ /dev/null
@@ -1,27 +0,0 @@
-{
- "nodes": {
- "nixpkgs": {
- "locked": {
- "lastModified": 1683212983,
- "narHash": "sha256-4GwtXD3tBUtBAL20ygoOggZWgLdxU34VZ1vanbV64KI=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "5751551558d7896ffb30ff3d709b4943bb3eafa8",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "nixos-unstable-small",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "root": {
- "inputs": {
- "nixpkgs": "nixpkgs"
- }
- }
- },
- "root": "root",
- "version": 7
-}
diff --git a/terraform/flake.nix b/terraform/flake.nix
deleted file mode 100644
index fc7016f..0000000
--- a/terraform/flake.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{
- description = "terraform devshell";
-
- inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable-small";
-
- outputs = { nixpkgs, self }: {
- devShells = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ]
- (system: {
- default = with nixpkgs.legacyPackages.${system}; mkShellNoCC {
- packages = [
- (terraform.withPlugins (p: [
- p.cloudflare
- p.external
- p.gandi
- p.hydra
- p.null
- p.sops
- p.tfe
- ]))
- ];
- };
- });
- };
-}
diff --git a/terraform/shell.nix b/terraform/shell.nix
new file mode 100644
index 0000000..c3de4f0
--- /dev/null
+++ b/terraform/shell.nix
@@ -0,0 +1,18 @@
+{ inputs', ... }:
+{
+ devShells = {
+ terraform = with inputs'.tf-pkgs.legacyPackages; mkShellNoCC {
+ packages = [
+ (terraform.withPlugins (p: [
+ p.cloudflare
+ p.external
+ p.gandi
+ p.hydra
+ p.null
+ p.sops
+ p.tfe
+ ]))
+ ];
+ };
+ };
+}