git.delta.rocks / jrsonnet / refs/commits / 8fa5c73b5fe4

difftreelog

feat use fleet-tf

usksyzorYaroslav Bolyukin2025-10-01parent: #1b17cca.patch.diff
in: trunk

10 files changed

modifiedcmds/fleet/Cargo.tomldiffbeforeafterboth
--- a/cmds/fleet/Cargo.toml
+++ b/cmds/fleet/Cargo.toml
@@ -45,10 +45,10 @@
 human-repr = { version = "1.1", optional = true }
 indicatif = { version = "0.18", optional = true }
 nom = "8.0.0"
+opentelemetry = "0.30.0"
+opentelemetry_sdk = "0.30.0"
 tracing-indicatif = { version = "0.3", optional = true }
 tracing-opentelemetry = "0.31.0"
-opentelemetry = "0.30.0"
-opentelemetry_sdk = "0.30.0"
 
 [features]
 default = []
modifiedcmds/fleet/src/cmds/tf.rsdiffbeforeafterboth
--- a/cmds/fleet/src/cmds/tf.rs
+++ b/cmds/fleet/src/cmds/tf.rs
@@ -38,7 +38,7 @@
 		{
 			debug!("generating terraform configs");
 			let system = &config.local_system;
-			let config = &config.config_field;
+			let config = &config.flake_outputs;
 			let data = nix_go!(config.tf({ system }));
 			let data: PathBuf = spawn_blocking(move || data.build("out"))
 				.await
modifiedcrates/fleet-base/src/host.rsdiffbeforeafterboth
--- a/crates/fleet-base/src/host.rs
+++ b/crates/fleet-base/src/host.rs
@@ -34,6 +34,8 @@
 	pub nix_args: Vec<OsString>,
 	/// fleet_config.config
 	pub config_field: Value,
+	/// flake.output
+	pub flake_outputs: Value,
 	// TODO: Remove with connectivity refactor
 	pub localhost: String,
modifiedcrates/fleet-base/src/opts.rsdiffbeforeafterboth
--- a/crates/fleet-base/src/opts.rs
+++ b/crates/fleet-base/src/opts.rs
@@ -267,6 +267,7 @@
 		Ok(Config(Arc::new(FleetConfigInternals {
 			directory,
 			data,
+			flake_outputs: flake,
 			local_system: self.local_system.clone(),
 			nix_args,
 			config_field,
modifiedcrates/fleet-shared/src/encoding.rsdiffbeforeafterboth
--- a/crates/fleet-shared/src/encoding.rs
+++ b/crates/fleet-shared/src/encoding.rs
@@ -1,5 +1,7 @@
 use std::{
-	collections::BTreeMap, fmt::{self, Display}, str::FromStr
+	collections::BTreeMap,
+	fmt::{self, Display},
+	str::FromStr,
 };
 
 use base64::engine::{Engine, general_purpose::STANDARD_NO_PAD};
modifiedcrates/nix-eval/src/logging.ccdiffbeforeafterboth
--- a/crates/nix-eval/src/logging.cc
+++ b/crates/nix-eval/src/logging.cc
@@ -9,12 +9,14 @@
 
   bool isVerbose() override { return true; }
   void log(Verbosity lvl, std::string_view s) override {
-    rust::Slice<const unsigned char> str(reinterpret_cast<const unsigned char*>(s.data()), s.size());
+    rust::Slice<const unsigned char> str(
+        reinterpret_cast<const unsigned char *>(s.data()), s.size());
     emit_log(lvl, str);
   }
   void logEI(const ErrorInfo &ei) override {
     auto s = ei.msg.str();
-    rust::Slice<const unsigned char> str(reinterpret_cast<const unsigned char*>(s.data()), s.size());
+    rust::Slice<const unsigned char> str(
+        reinterpret_cast<const unsigned char *>(s.data()), s.size());
     emit_log(ei.level, str);
   }
 
@@ -27,7 +29,8 @@
         b->add_int_field(f.i);
       } else if (f.type == Logger::Field::tString) {
         auto s = &f.s;
-        rust::Slice<const unsigned char> str(reinterpret_cast<const unsigned char*>(s->data()), s->size());
+        rust::Slice<const unsigned char> str(
+            reinterpret_cast<const unsigned char *>(s->data()), s->size());
         b->add_string_field(str);
       } else {
         unreachable();
@@ -45,7 +48,8 @@
         b->add_int_field(f.i);
       } else if (f.type == Logger::Field::tString) {
         auto s = &f.s;
-        rust::Slice<const unsigned char> str(reinterpret_cast<const unsigned char*>(s->data()), s->size());
+        rust::Slice<const unsigned char> str(
+            reinterpret_cast<const unsigned char *>(s->data()), s->size());
         b->add_string_field(str);
       } else {
         unreachable();
modifiedflake.lockdiffbeforeafterboth
--- a/flake.lock
+++ b/flake.lock
@@ -71,6 +71,31 @@
         "url": "https://flakehub.com/f/hercules-ci/flake-parts/0.1"
       }
     },
+    "fleet-tf": {
+      "inputs": {
+        "flake-parts": [
+          "flake-parts"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "shelly": [
+          "shelly"
+        ]
+      },
+      "locked": {
+        "lastModified": 1759080490,
+        "owner": "CertainLach",
+        "repo": "fleet-tf",
+        "rev": "878bd8c23933d628bf750378bbe527b841901c3d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "CertainLach",
+        "repo": "fleet-tf",
+        "type": "github"
+      }
+    },
     "git-hooks-nix": {
       "inputs": {
         "flake-compat": "flake-compat",
@@ -183,6 +208,7 @@
       "inputs": {
         "crane": "crane",
         "flake-parts": "flake-parts",
+        "fleet-tf": "fleet-tf",
         "nix": "nix",
         "nixpkgs": "nixpkgs_2",
         "rust-overlay": "rust-overlay",
modifiedflake.nixdiffbeforeafterboth
before · flake.nix
1{2  description = "NixOS cluster configuration management";34  inputs = {5    nixpkgs.url = "github:nixos/nixpkgs/release-25.05";6    rust-overlay = {7      url = "github:oxalica/rust-overlay";8      inputs.nixpkgs.follows = "nixpkgs";9    };10    flake-parts = {11      url = "github:hercules-ci/flake-parts";12      inputs.nixpkgs-lib.follows = "nixpkgs";13    };14    crane.url = "github:ipetkov/crane";15    shelly.url = "github:CertainLach/shelly";16    treefmt-nix = {17      url = "github:numtide/treefmt-nix";18      inputs.nixpkgs.follows = "nixpkgs";19    };20    # DeterminateSystem's nix fork is controversial, but I don't mind it,21    # and it has lazy-trees support which is useful for fleet.22    nix.url = "github:deltarocks/nix/fleet";23  };24  outputs =25    inputs:26    inputs.flake-parts.lib.mkFlake27      {28        inherit inputs;29      }30      {31        imports = [ inputs.shelly.flakeModule ];32        flake = rec {33          lib =34            (import ./lib {35              inherit (inputs.nixpkgs) lib;36            })37            // {38              fleetConfiguration = throw "function-based interface is deprecated, use flake-parts syntax instead";39            };40          flakeModules.default = import ./lib/flakePart.nix {41            inherit (inputs) crane;42          };43          flakeModule = flakeModules.default;4445          fleetModules.tf = ./modules/extras/tf.nix;4647          # Used to test nix-eval bindings48          testData = {49            testObj = {50              v = "Hello";51            };52            testString = "hello";53          };5455          # To be used with https://github.com/NixOS/nix/pull/889256          schemas =57            let58              inherit (inputs.nixpkgs.lib) mapAttrs;59            in60            {61              fleetConfigurations = {62                version = 1;63                doc = ''64                  The `fleetConfigurations` flake output defines fleet cluster configurations.65                '';66                inventory = output: {67                  children = mapAttrs (configName: cluster: {68                    what = "fleet cluster configuration";6970                    children = mapAttrs (hostName: host: {71                      what = "host [${host.system}]";72                    }) cluster.config.hosts;73                    # It is possible to implement this inventory right now, but I want to74                    # get rid of `fleet.nix` file in the future.75                    # children.secrets = { };76                  }) output;77                };78              };79            };80        };81        # Supported and tested list of deployment targets.82        systems = [83          "x86_64-linux"84          "aarch64-linux"85          "armv7l-linux"86          "armv6l-linux"87        ];88        perSystem =89          {90            config,91            system,92            pkgs,93            self,94            inputs',95            ...96          }:97          let98            inherit (lib.attrsets) mapAttrs';99            inherit (lib.lists) elem;100            # Can also be built for darwin, through it is not usual to deploy nixos systems from macos machines.101            # I have no hardware for such testing, thus only adding machines I actually have and use.102            #103            # It is not possible to deploy any host from armv6/armv7 hardware, and I don't think it even makes sense.104            deployerSystems = [105              "aarch64-linux"106              "x86_64-linux"107            ];108            deployerSystem = elem system deployerSystems;109            lib = pkgs.lib;110            rust = pkgs.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;111            craneLib = (inputs.crane.mkLib pkgs).overrideToolchain rust;112            treefmt = (inputs.treefmt-nix.lib.evalModule pkgs ./treefmt.nix).config.build;113          in114          {115            _module.args.pkgs = import inputs.nixpkgs {116              inherit system;117              overlays = [ (inputs.rust-overlay.overlays.default) (final: prev: {118                boehmgc = prev.boehmgc.overrideAttrs (prevAttrs: {119                  configureFlags = prevAttrs.configureFlags ++ [120                    "--enable-gc-assertions"121                  ];122                });123              }) ];124            };125            # Reference fleet package should be built with nightly rust, specified in rust-toolchain.toml.126            packages = lib.mkIf deployerSystem (127              let128                packages = pkgs.callPackages ./pkgs {129                  inherit craneLib inputs';130                };131              in132              packages // { default = packages.fleet; }133            );134            # fleet-install-secrets will not be built normally, because they are not ran directly by user most of the time.135            # checks there build packages for default nixpkgs rustPlatform packages.136            checks =137              let138                nixpkgsCraneLib = inputs.crane.mkLib pkgs;139                packages = pkgs.callPackages ./pkgs {140                  craneLib = nixpkgsCraneLib;141                  inherit inputs;142                };143                prefixAttrs =144                  prefix: attrs:145                  mapAttrs' (name: value: {146                    name = "${prefix}${name}";147                    value = value.overrideAttrs (prev: {148                      pname = "${prefix}${prev.pname}";149                    });150                  }) attrs;151              in152              # fleet-install-secrets is installed to remote systems, thus needs to work153              # with rust in nixpkgs.154              (prefixAttrs "nixpkgs-" {155                inherit (packages) fleet-install-secrets;156              })157              // {158                formatting = treefmt.check self;159              };160            # TODO: It should be possible to move lib.mkIf to default attribute, instead of disabling the whole161            # devShells block, yet nix flake check fails here, due to no default shell found. It is nix or flake-parts bug?162            shelly.shells.default = lib.mkIf deployerSystem {163              factory = craneLib.devShell;164              packages = with pkgs; [165                rust166                cargo-edit167                cargo-udeps168                cargo-fuzz169                cargo-watch170                cargo-outdated171172                pkg-config173                openssl174                rustPlatform.bindgenHook175                inputs'.nix.packages.nix-expr-c176                inputs'.nix.packages.nix-flake-c177                inputs'.nix.packages.nix-fetchers-c178              ];179              environment.PROTOC = "${pkgs.protobuf}/bin/protoc";180            };181            formatter = treefmt.wrapper;182          };183      };184}
addedmodules/extras/tf-bootstrap.nixdiffbeforeafterboth
--- /dev/null
+++ b/modules/extras/tf-bootstrap.nix
@@ -0,0 +1,37 @@
+{
+  lib,
+  inputs',
+  pkgs,
+  config,
+  ...
+}:
+let
+  inherit (lib.options) mkOption mkPackageOption;
+  inherit (lib.types) listOf package functionTo;
+in
+{
+  options = {
+    tf.package = mkPackageOption pkgs "terraform" {
+      extraDescription = "Terraform package to use";
+    };
+    tf.providers = mkOption {
+      description = "List of used terraform providers";
+      type = functionTo (listOf package);
+      default = _: [ ];
+    };
+    tf.finalPackage = mkOption {
+      description = "Terraform package with all providers";
+      type = package;
+    };
+  };
+  config = {
+    tf.finalPackage = inputs'.fleet-tf.packages.terraform-locked.override {
+      inherit (config.tf) providers;
+      terraform = config.tf.package;
+    };
+    shelly.shells.default = {
+      packages = [ config.tf.finalPackage ];
+    };
+    packages.terraform = config.tf.finalPackage;
+  };
+}
modifiedmodules/extras/tf.nixdiffbeforeafterboth
--- a/modules/extras/tf.nix
+++ b/modules/extras/tf.nix
@@ -11,6 +11,7 @@
   inherit (fleetLib.options) mkDataOption;
 in
 {
+
   options = {
     tf = mkOption {
       type = deferredModule;
@@ -18,7 +19,7 @@
         module: system:
         inputs.terranix.lib.terranixConfiguration {
           inherit system;
-          pkgs = config.nixpkgs.buildUsing.legacyPackages.${system};
+          pkgs = inputs.nixpkgs.legacyPackages.${system};
           modules = [
             module
           ];
@@ -35,6 +36,8 @@
   };
 
   config = {
+    flake.tf = config.tf;
+
     tf.output.fleet = {
       value = {
         managed = true;
@@ -43,6 +46,8 @@
       # will be somehow processed by fleet tf.
       sensitive = true;
     };
-    hosts = config.data.extra.terraformHosts;
+    fleetConfigurations.default.hosts = config.data.extra.terraformHosts;
+
+    perSystem.imports = [ ./tf-bootstrap.nix ];
   };
 }