terraform: pin terraform and providers in separate flake

2023-02-05 10:33:16 +10:00 · 2023-02-05 10:33:16 +10:00 · f09e14935b
commit f09e14935b
parent 0d958270b6
4 changed files with 53 additions and 11 deletions
--- a/ci.nix
+++ b/ci.nix
@ -4,6 +4,7 @@
 }:
 let
  self = builtins.getFlake (toString ./.);
+  terraform = builtins.getFlake (toString ./terraform/.);
  inherit (self.inputs) nixpkgs;
  stripDomain = name: nixpkgs.lib.head (builtins.match "(.*).nix-community.org" name);
 in
@ -12,4 +13,5 @@ in
  # FIXME: maybe find a more generic solution here?
  devShell-x86_64 = self.outputs.devShells.x86_64-linux.default;
  devShell-aarch64 = self.outputs.devShells.aarch64-linux.default;
+  devShell-terraform-x86_64 = terraform.outputs.devShells.x86_64-linux.default;
 } // self.outputs.checks.x86_64-linux # mainly for treefmt at the moment...
--- a/shell.nix
+++ b/shell.nix
@ -5,17 +5,6 @@
 with pkgs;
 mkShellNoCC {
  buildInputs = [
-    (terraform.withPlugins (
-      p: [
-        p.cloudflare
-        p.external
-        p.gandi
-        p.hydra
-        p.null
-        p.sops
-        p.tfe
-      ]
-    ))
    jq
    sops
    ssh-to-age
--- a/terraform/flake.lock
+++ b/terraform/flake.lock
@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1676795730,
+        "narHash": "sha256-X69A9BdcPTySJJ7DqS4wc8b6eqGKi32jCSyaBsz4WB0=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "efc59894b1ba73cb745676616c56c780383d6788",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable-small",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/terraform/flake.nix
+++ b/terraform/flake.nix
@ -0,0 +1,24 @@
+{
+  description = "terraform devshell";
+
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable-small";
+
+  outputs = { nixpkgs, self }: {
+    devShells = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ]
+      (system: {
+        default = with nixpkgs.legacyPackages.${system}; mkShellNoCC {
+          packages = [
+            (terraform.withPlugins (p: [
+              p.cloudflare
+              p.external
+              p.gandi
+              p.hydra
+              p.null
+              p.sops
+              p.tfe
+            ]))
+          ];
+        };
+      });
+  };
+}