Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore/nixify terra #10

Open
wants to merge 18 commits into
base: main
Choose a base branch
from
Open

chore/nixify terra #10

wants to merge 18 commits into from

Conversation

r17x
Copy link
Member

@r17x r17x commented Dec 27, 2022

  • chore: update git ignores
  • feat: use flake and terranix
  • chore: pre-commit
    • handle *.nix files in commit
    • handle *.tf files in commit
  • terraform configuration over nix and generated config.tf.json

Commands Based on flake.nix

  • nix build
    • generate config.tf.json from *.nix modules that configured in import modules
  • nix run .#build
    • cp result to config.tf.json
  • nix run .#apply
    • under the hood it's run terraform init && terraform apply and generated (when nothing) config.tf.json
  • nix run .#destroy
    • under the hood it's run terraform init && terraform destroy and generated (when nothing) config.tf.json
  • nix develop (pure shell environment) - You don't need to setup anymore (see devShells in flake.nix)
    • nix develop -C $SHELL - if you want to impure shell environment - which is mean area13 environment + your computer environment.

@r17x r17x mentioned this pull request Dec 27, 2022
r17x added 2 commits December 27, 2022 14:18
this changes not breaking our workflow:
* nix-shell refer to shell.nix
* nix develop refer to flake.nix#devShells
* TODO: rewrite *.tf to .nix
@r17x r17x force-pushed the chore/nixify-terra branch from 6516001 to 49d7eb2 Compare December 27, 2022 07:19
)
{
src = ./.;
}).shellNix
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if you want to changes shell, please update in flake.nix at attribute devShell that run same function as before in shell.nix (mkShell).

@r17x r17x requested a review from faultables December 27, 2022 07:41
@r17x
Copy link
Member Author

r17x commented Dec 27, 2022

@faultables could you continue this branch ?

@faultables
Copy link
Member

@faultables could you continue this branch ?

gw pelajari tentang terranix dulu since both hcl and nix offer declarative configuration but with their own dsl

@faultables
Copy link
Member

tantangannya ini kita pakai atlantis yg technically cuma buat jalanin terraform apply di server-side. problemnya atlantis ga kenal terranix. tp i guess pre workflow hooks bisa membantu

@r17x
Copy link
Member Author

r17x commented Dec 28, 2022

@faultables berarti kita commit aja hasil generated dari terranix, outputnya itu config.tf.json dimana udah dikumpulin semua.

do_vpc.nix
do_XXX.nix
   |------> config.tf.json


# nix flake check
checks = {
pre-commit-check = pre-commit-hooks.lib.${system}.run {
Copy link
Member Author

@r17x r17x Dec 28, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Example pre-commit @faultables

image

@@ -0,0 +1 @@
{}
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here's a file will be used for terraform apply @faultables

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

{} bakalan terisi berdasarkan modules = [] pada flake.nix:31:33 @faultables

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nah eventually harus jalanin nix build ini somewhere kan (local/CI/atlantis server)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@faultables development mode generated config.tf.json trus push ke repository ini.

atlantis referensinya kerepo ini. so, terraform apply jadi possible diatlantis.

@faultables
Copy link
Member

ok gimme a sec

@faultables
Copy link
Member

CleanShot 2022-12-28 at 11 12 11

@r17x
Copy link
Member Author

r17x commented Dec 28, 2022

@faultables yes, in /nix/store and area13/config.tf.json.

@faultables
Copy link
Member

itu dia gan unless kita ga buat symlink. jadi harus:

a) run nix-build(1) di local
b) run di CI—migrate si atlantis
c) ajarin atlantis terranix

@r17x
Copy link
Member Author

r17x commented Dec 28, 2022

c) itu mksdnya gimana @faultables

pkg atlantis ada nih
image

@faultables
Copy link
Member

flow yg sekarang itu seperti ini

CleanShot 2022-12-28 at 11 29 24

@faultables
Copy link
Member

klo rewrite *.tf ke *.nix pakai terranix, berarti si terraform harus ngerti apa yang mau dia lakuin kan, nah dalam kasus ini, source of truth nya adalah file config.tf.json

untuk generate config.tf.json ini harus jalanin nix build, klo config.tf.json di generate di local, ini paling gampang, tapi ada extra step yang harus dilakukan di local. dan juga versioning config.tf.json via git plus via nix agak redundant

klo di CI, ini kita bisa ga perlu pakai atlantis, dan /nix/store/xxx-config.tf.json bisa di store sebagai artifact atau mungkin release. extra step nya bikin github actions

klo jalanin nix-build nya di server tempat atlantis jalan, ini cuma butuh setup si server tersebut bisa pakai flake, dan setup prehook untuk atlantis sebelum dia melakukan pekerjaannya (e.g jalanin terranix ... sebelum doi terraform plan)

@faultables
Copy link
Member

gw coba ajarin atlantis buat pakai terranix

@faultables
Copy link
Member

atlantis plan

1 similar comment
@faultables
Copy link
Member

atlantis plan

@anakmagang
Copy link
Member

Ran Plan for dir: . workspace: area13

/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/etc/atlantis/.atlantis/bin
warning: Git tree '/etc/atlantis/.atlantis/repos/evilfactorylabs/area13/10/area13' is dirty


No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.
  • ▶️ To apply this plan, comment:
    • atlantis apply -w area13
  • 🚮 To delete this plan click here
  • 🔁 To plan this project again, comment:
    • atlantis plan -w area13

  • ⏩ To apply all unapplied plans from this pull request, comment:
    • atlantis apply
  • 🚮 To delete all plans and locks for the PR, comment:
    • atlantis unlock

@faultables
Copy link
Member

@faultables gak perlu pakai -o harusya

defaultnya bakal generate result kan dan no sure terraform tau itu

@r17x
Copy link
Member Author

r17x commented Dec 28, 2022

@faultables check comment ini #10 (comment)

@anakmagang
Copy link
Member

Ran Plan for dir: . workspace: area13

Plan Error

Show Output
running "export PATH=/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:$PATH; nix build; nix run .#build" in "/etc/atlantis/.atlantis/repos/evilfactorylabs/area13/10/area13": exit status 1: running "export PATH=/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:$PATH; nix build; nix run .#build" in "/etc/atlantis/.atlantis/repos/evilfactorylabs/area13/10/area13": 
warning: Git tree '/etc/atlantis/.atlantis/repos/evilfactorylabs/area13/10/area13' is dirty
error: syntax error, unexpected ')', expecting ';'

       at /nix/store/67jnjzj1b4c18arq6wxjp8h0c26gncfb-source/flake.nix:118:12:

          117|             defaultApp = self.apps.${system}.apply;
          118|           });
             |            ^
          119|         }
warning: Git tree '/etc/atlantis/.atlantis/repos/evilfactorylabs/area13/10/area13' is dirty
error: syntax error, unexpected ')', expecting ';'

       at /nix/store/67jnjzj1b4c18arq6wxjp8h0c26gncfb-source/flake.nix:118:12:

          117|             defaultApp = self.apps.${system}.apply;
          118|           });
             |            ^
          119|         }


@anakmagang
Copy link
Member

Ran Plan for dir: . workspace: area13

warning: Git tree '/etc/atlantis/.atlantis/repos/evilfactorylabs/area13/10/area13' is dirty
warning: Git tree '/etc/atlantis/.atlantis/repos/evilfactorylabs/area13/10/area13' is dirty
this derivation will be built:
  /nix/store/cwvgwc1jfwxfgxg5ki450j0ir0wpl656-apply.drv
building '/nix/store/cwvgwc1jfwxfgxg5ki450j0ir0wpl656-apply.drv'...


No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.
  • ▶️ To apply this plan, comment:
    • atlantis apply -w area13
  • 🚮 To delete this plan click here
  • 🔁 To plan this project again, comment:
    • atlantis plan -w area13

  • ⏩ To apply all unapplied plans from this pull request, comment:
    • atlantis apply
  • 🚮 To delete all plans and locks for the PR, comment:
    • atlantis unlock

@anakmagang
Copy link
Member

Ran Plan for dir: . workspace: area13

Plan Error

Show Output
running "/usr/bin/terraform init -input=false" in "/etc/atlantis/.atlantis/repos/evilfactorylabs/area13/10/area13": exit status 1
warning: Git tree '/etc/atlantis/.atlantis/repos/evilfactorylabs/area13/10/area13' is dirty
this derivation will be built:
  /nix/store/88wbh2i8mv3k7wv2n3nr215j5cn4f20n-config.tf.json.drv
building '/nix/store/88wbh2i8mv3k7wv2n3nr215j5cn4f20n-config.tf.json.drv'...
warning: Git tree '/etc/atlantis/.atlantis/repos/evilfactorylabs/area13/10/area13' is dirty
this derivation will be built:
  /nix/store/2wr04q69pq6qdb0kdgfks6cd60f56vba-apply.drv
building '/nix/store/2wr04q69pq6qdb0kdgfks6cd60f56vba-apply.drv'...

There are some problems with the configuration, described below.

The Terraform configuration must be valid before initialization so that
Terraform can determine which modules and providers need to be installed.
╷
│ Error: Duplicate resource "digitalocean_vpc" configuration
│ 
│   on do_vpc.tf line 1:
│    1: resource "digitalocean_vpc" "default_sgp" {
│ 
│ A digitalocean_vpc resource named "default_sgp" was already declared at
│ config.tf.json:4,22-23. Resource names must be unique per type in each
│ module.
╵


@anakmagang
Copy link
Member

Ran Plan for dir: . workspace: area13

Show Output
warning: Git tree '/etc/atlantis/.atlantis/repos/evilfactorylabs/area13/10/area13' is dirty
this derivation will be built:
  /nix/store/607rwwzq15wjmqrvc5z9np3xcghwgr0y-config.tf.json.drv
building '/nix/store/607rwwzq15wjmqrvc5z9np3xcghwgr0y-config.tf.json.drv'...
warning: Git tree '/etc/atlantis/.atlantis/repos/evilfactorylabs/area13/10/area13' is dirty
this derivation will be built:
  /nix/store/5wlq1bl5lrm4vprhm7xz9nim3lwmbjq2-apply.drv
building '/nix/store/5wlq1bl5lrm4vprhm7xz9nim3lwmbjq2-apply.drv'...


Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create

Terraform will perform the following actions:

  # digitalocean_vpc.dummy_sgp will be created
+ resource "digitalocean_vpc" "dummy_sgp" {
      + created_at = (known after apply)
      + default    = (known after apply)
      + id         = (known after apply)
      + ip_range   = "10.105.69.0/20"
      + name       = "dummy-sgp"
      + region     = "sgp1"
      + urn        = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

  • ▶️ To apply this plan, comment:
    • atlantis apply -w area13
  • 🚮 To delete this plan click here
  • 🔁 To plan this project again, comment:
    • atlantis plan -w area13
Plan: 1 to add, 0 to change, 0 to destroy.
  • ⏩ To apply all unapplied plans from this pull request, comment:
    • atlantis apply
  • 🚮 To delete all plans and locks for the PR, comment:
    • atlantis unlock

@faultables
Copy link
Member

not bad

@r17x
Copy link
Member Author

r17x commented Dec 28, 2022

@faultables command init pada atlatis.yaml itu ngelakukan apa sih under the hoodnya?

@faultables
Copy link
Member

gw pengen strukturnya direktorinya kek gini:

.
├── digitalocean
├── digitalocean.nix
├── linode
├── linode.nix
├── aws
├── aws.nix
├── xhamster
├── github
└── shell.nix

jadi di flake.nix nya kek gini misalnya:

modules = [ ./variables.nix ./outputs.nix ./digitalocean.nix ./linode.nix ./aws.nix ];

@r17x
Copy link
Member Author

r17x commented Dec 28, 2022

Replied for #10 (comment) @faultables

Bisa aja

@faultables
Copy link
Member

@faultables command init pada atlatis.yaml itu ngelakukan apa sih under the hoodnya?

terraform init harusnya

@faultables
Copy link
Member

Replied for #10 (comment) @faultables

Bisa aja

nice

@faultables
Copy link
Member

jan lupa rebase banyak commit messages keramat

@r17x
Copy link
Member Author

r17x commented Dec 28, 2022

@faultables

terraform init harusnya

LOL kita bisa bikin over nix dan hanya jalanin nix run aja.

nice

sisa masukin filePath nya (seperti digambar)

image

@faultables
Copy link
Member

@faultables

terraform init harusnya

LOL kita bisa bikin over nix dan hanya jalanin nix run aja.

ga sesimple itu kek nya ada manage lock state or something

nice

sisa masukin filePath nya (seperti digambar)

image

gw ga tau cara kek

import dns as do_dns from './digitalocean/dns.nix'
import vpc as do_vpc from './digitalocean/vpc.nix'

@r17x
Copy link
Member Author

r17x commented Dec 28, 2022

@faultables

gw ga tau cara kek

Kenapa harus dibuat dns as do_dns ?

ekspektasi di config.tf.json hasilnya kek gimana?

@faultables
Copy link
Member

@faultables

gw ga tau cara kek

Kenapa harus dibuat dns as do_dns ?

ekspektasi di config.tf.json hasilnya kek gimana?

klo misalnya nix handle collision (e.g bisa define sebagai dict yg mana digitalocean.dns dan linode.dns adalah 2 hal yang berbeda) ga pakai "import alias" pun ga masalah

@r17x
Copy link
Member Author

r17x commented Dec 28, 2022

contoh digitalocean dan linode dong ? @faultables

@faultables
Copy link
Member

itu yg pakai prefix do_ dan linode_

@faultables
Copy link
Member

ini blocker nya apa ya? karena ini nge-block #11

@faultables
Copy link
Member

atlantis unlock

@anakmagang
Copy link
Member

All Atlantis locks for this PR have been unlocked and plans discarded

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants