diff --git a/flake.nix b/flake.nix index 8d1e0be7..0406335b 100644 --- a/flake.nix +++ b/flake.nix @@ -41,7 +41,6 @@ pkgs = import nixpkgs {inherit system;}; }; ghaf-infra-shell = importExpectingSystem ./shell.nix; - terraform-shell = importExpectingSystem ./terraform/shell.nix; templateTargets = import ./hosts/templates/targets.nix {inherit nixpkgs disko;}; in { # nix fmt @@ -51,8 +50,6 @@ devShells = forEachSystem (system: { # nix develop default = ghaf-infra-shell system; - # nix develop .#terraform - terraform = terraform-shell system; }); # NixOS configuration entrypoint diff --git a/shell.nix b/shell.nix index 2fe1c976..640e510e 100644 --- a/shell.nix +++ b/shell.nix @@ -17,6 +17,7 @@ pkgs.mkShell { NIX_CONFIG = "extra-experimental-features = nix-command flakes"; nativeBuildInputs = with pkgs; [ + azure-cli git nix nixos-rebuild @@ -30,6 +31,11 @@ pkgs.mkShell { reuse sops ssh-to-age - terraform + (terraform.withPlugins (p: [ + p.azurerm + p.external + p.null + p.sops + ])) ]; } diff --git a/terraform/README.md b/terraform/README.md index 1983dfa6..094dafde 100644 --- a/terraform/README.md +++ b/terraform/README.md @@ -6,7 +6,7 @@ SPDX-License-Identifier: Apache-2.0 # Ghaf-infra: Terraform -This project uses terraform to automate the creation of infrastructure resources. The inteded usage together with NixOS configurations in the main [flake.nix](../flake.nix) is as follows: +This project uses terraform to automate the creation of infrastructure resources. The intended usage together with NixOS configurations in the main [flake.nix](../flake.nix) is as follows: - We use the terraform configuration in this directory for the inital setup of the infrastructure resources (VMs, networks, etc.) - We use the NixOS configurations in [flake.nix](../flake.nix) to [install](../README.md#install) NixOS on the VMs - We maintain the infrastructure by [deploying](../README.md#deploy) changes to the NixOS configurations via [flake.nix](../flake.nix) @@ -23,15 +23,18 @@ $ git clone https://github.com/tiiuae/ghaf-infra.git $ cd ghaf-infra ``` -All commands in this document are executed from terraform nix-shell inside the `terraform` directory. +All commands in this document are executed from nix-shell inside the `terraform` directory. -Bootstrap terraform nix-shell with the required dependencies: +Bootstrap nix-shell with the required dependencies: ```bash -$ cd terraform +# Start a nix-shell with required dependencies: $ nix-shell # Authenticate with az login: $ az login + +# Terraform comands are executed under the terraform directory: +$ cd terraform/ ``` ## Initializing Azure Storage @@ -41,14 +44,14 @@ This project stores the terraform state in a remote storage in an azure storage When starting a new infrastructure you need to initialize the terraform state storage: ```bash -$ cd azure-storage/ +$ cd azure-storage $ terraform init $ terraform apply ``` ## Terraform workflow -Following describes the intended workflow, with commands executed from the terraform nix-shell. +Following describes the intended workflow, with commands executed from the nix-shell. First, change the terraform code by modifying the relevant files in this directory. Then: diff --git a/terraform/shell.nix b/terraform/shell.nix deleted file mode 100644 index 8d56a27e..00000000 --- a/terraform/shell.nix +++ /dev/null @@ -1,28 +0,0 @@ -# SPDX-FileCopyrightText: 2023 Technology Innovation Institute (TII) -# -# SPDX-License-Identifier: Apache-2.0 -{ - pkgs ? - # If pkgs is not defined, instanciate nixpkgs from locked commit - let - lock = (builtins.fromJSON (builtins.readFile ../flake.lock)).nodes.nixpkgs.locked; - nixpkgs = fetchTarball { - url = "https://github.com/nixos/nixpkgs/archive/${lock.rev}.tar.gz"; - sha256 = lock.narHash; - }; - in - import nixpkgs {overlays = [];}, - ... -}: -pkgs.mkShell { - packages = [ - pkgs.sops - pkgs.azure-cli - (pkgs.terraform.withPlugins (p: [ - p.azurerm - p.external - p.null - p.sops - ])) - ]; -}