Skip to content

Commit c4b1ee6

Browse files
ixmatusixmatus
committed
Add support for hermetic nixos configurations
This change adds a Terraform variable `hermetic` and supporting logic to the Nix expression evaluated by `nix-instantiate` to better support users that need to evaluate configurations that supply their own pinned nixpkgs or wrap eval-modules to customize module special args.
1 parent 071610a commit c4b1ee6

File tree

2 files changed

+28
-7
lines changed

2 files changed

+28
-7
lines changed

deploy_nixos/main.tf

+8-1
Original file line numberDiff line numberDiff line change
@@ -93,6 +93,12 @@ variable "target_system" {
9393
default = "x86_64-linux"
9494
}
9595

96+
variable "hermetic" {
97+
type = bool
98+
description = "Treat the provided nixos configuration as a hermetic expression and do not evaluate using the ambient system nixpkgs. Useful if you customize eval-modules or use a pinned nixpkgs."
99+
default = false
100+
}
101+
96102
# --------------------------------------------------------------------------
97103

98104
locals {
@@ -122,7 +128,8 @@ data "external" "nixos-instantiate" {
122128
var.config_pwd == "" ? "." : var.config_pwd,
123129
# end of positional arguments
124130
# start of pass-through arguments
125-
"--argstr", "system", var.target_system
131+
"--argstr", "system", var.target_system,
132+
"--arg", "hermetic", var.hermetic
126133
],
127134
var.extra_eval_args,
128135
)

deploy_nixos/nixos-instantiate.sh

+20-6
Original file line numberDiff line numberDiff line change
@@ -8,17 +8,31 @@ config_pwd=$3
88
shift 3
99

1010
# Building the command
11+
nixExpression=<<EOF
12+
13+
EOF
14+
1115
command=(nix-instantiate --show-trace --expr '
12-
{ system, configuration, ... }:
16+
{ system, configuration, hermetic ? false, ... }:
1317
let
14-
os = import <nixpkgs/nixos> { inherit system configuration; };
15-
inherit (import <nixpkgs/lib>) concatStringsSep;
18+
os =
19+
if hermetic
20+
then import configuration
21+
else import <nixpkgs/nixos> { inherit system configuration; };
22+
23+
inherit (os.pkgs) lib;
24+
1625
in {
17-
substituters = concatStringsSep " " os.config.nix.binaryCaches;
18-
trusted-public-keys = concatStringsSep " " os.config.nix.binaryCachePublicKeys;
26+
inherit (builtins) currentSystem;
27+
28+
substituters =
29+
lib.concatStringsSep " " os.config.nix.binaryCaches;
30+
31+
trusted-public-keys =
32+
lib.concatStringsSep " " os.config.nix.binaryCachePublicKeys;
33+
1934
drv_path = os.system.drvPath;
2035
out_path = os.system;
21-
inherit (builtins) currentSystem;
2236
}')
2337

2438
if [[ -f "$config" ]]; then

0 commit comments

Comments
 (0)