feat: use flake and terranix

this changes not breaking our workflow: * nix-shell refer to shell.nix * nix develop refer to flake.nix#devShells * TODO: rewrite *.tf to .nix
evilfactorylabs · Dec 27, 2022 · 6516001 · 6516001
1 parent bdbf99a
commit 6516001
Show file tree

Hide file tree

Showing 5 changed files with 238 additions and 14 deletions.
diff --git a/.envrc.example b/.envrc.example
@@ -1,5 +1,9 @@
+# legacy nix
 use_nix
 
+# 👇 uncomment when you want to use flake
+# use flake
+
 export TF_VAR_do_token=
 export TF_VAR_linode_token=
 export TF_VAR_namecheap_username=

diff --git a/.gitignore b/.gitignore
@@ -8,6 +8,7 @@ terraform.tfstate.*
 
 ### direnv ###
 .direnv
-.envrc
 
 # End of https://www.toptal.com/developers/gitignore/api/direnv
+result
+config.tf.json
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -0,0 +1,72 @@
+{
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs";
+
+    # terranix modules
+    terranix = {
+      url = "github:terranix/terranix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    # Other sources / nix utilities
+    flake-compat = { url = "github:edolstra/flake-compat"; flake = false; };
+    flake-utils.url = "github:numtide/flake-utils";
+  };
+
+  outputs = { self, nixpkgs, flake-utils, terranix, flake-compat }:
+    flake-utils.lib.eachDefaultSystem (system:
+      let
+        pkgs = nixpkgs.legacyPackages.${system};
+        terraform = pkgs.terraform;
+        terraformConfiguration = terranix.lib.terranixConfiguration {
+          inherit system;
+          modules = [
+            # TODO rewrite *.tf to .nix 
+            # see https://terranix.org/documentation/terranix-vs-hcl/
+          ];
+        };
+      in
+      {
+        defaultPackage = terraformConfiguration;
+
+        # nix develop
+        devShell = pkgs.mkShell {
+          buildInputs = with pkgs;[
+            terraform
+            terranix.defaultPackage.${system}
+
+            tfsec
+            terrascan
+
+            ripgrep
+            bat
+          ];
+        };
+
+        # nix run ".#apply"
+        apps.apply = {
+          type = "app";
+          program = toString (pkgs.writers.writeBash "apply" ''
+            if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi
+            cp ${terraformConfiguration} config.tf.json \
+              && ${terraform}/bin/terraform init \
+              && ${terraform}/bin/terraform apply
+          '');
+        };
+
+        # nix run ".#destroy"
+        apps.destroy = {
+          type = "app";
+          program = toString (pkgs.writers.writeBash "destroy" ''
+            if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi
+            cp ${terraformConfiguration} config.tf.json \
+              && ${terraform}/bin/terraform init \
+              && ${terraform}/bin/terraform destroy
+          '');
+        };
+
+        # nix run
+        # every run will be generated config.tf.json
+        defaultApp = self.apps.${system}.apply;
+      });
+}
diff --git a/shell.nix b/shell.nix
@@ -1,13 +1,14 @@
-with import <nixpkgs> {};
-
-pkgs.mkShell {
-  name = "area13";
-
-  buildInputs = [
-    terraform
-    tfsec
-    terrascan
-    ripgrep
-    bat
-  ];
-}
+# See https://nixos.wiki/wiki/Flakes#Using_flakes_project_from_a_legacy_Nix
+(import
+  (
+    let
+      lock = builtins.fromJSON (builtins.readFile ./flake.lock);
+    in
+    fetchTarball {
+      url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
+      sha256 = lock.nodes.flake-compat.locked.narHash;
+    }
+  )
+  {
+    src = ./.;
+  }).shellNix