diff --git a/terraform/all-in-one.md b/terraform/all-in-one.md
index c30e41b7..7bc5b089 100644
--- a/terraform/all-in-one.md
+++ b/terraform/all-in-one.md
@@ -110,6 +110,7 @@ No resources.
| [debug\_logging](#input_debug_logging) | Enable debug logging | `bool` | `false` | no |
| [deployment\_ssh\_key](#input_deployment_ssh_key) | Content of private key used to deploy to the target\_host after initial installation. To ensure maximum security, it is advisable to connect to your host using ssh-agent instead of relying on this variable | `string` | `null` | no |
| [disk\_encryption\_key\_scripts](#input_disk_encryption_key_scripts) | Each script will be executed locally. Output of each will be created at the given path to disko during installation. The keys will be not copied to the final system | list(object({
path = string
script = string
})) | `[]` | no |
+| [extra\_build\_env\_vars](#input_extra_build_env_vars) | Extra environment variables to be passed to the build. If set, evaluation will use `--impure`. | `map(string)` | `{}` | no |
| [extra\_environment](#input_extra_environment) | Extra environment variables to be set during installation. This can be useful to set extra variables for the extra\_files\_script or disk\_encryption\_key\_scripts | `map(string)` | `{}` | no |
| [extra\_files\_script](#input_extra_files_script) | A script that should place files in the current directory that will be copied to the targets / directory | `string` | `null` | no |
| [file](#input_file) | Nix file containing the nixos\_system\_attr and nixos\_partitioner\_attr. Use this if you are not using flake | `string` | `null` | no |
diff --git a/terraform/all-in-one/main.tf b/terraform/all-in-one/main.tf
index 5689c64d..923a1652 100644
--- a/terraform/all-in-one/main.tf
+++ b/terraform/all-in-one/main.tf
@@ -3,6 +3,7 @@ module "system-build" {
attribute = var.nixos_system_attr
file = var.file
nix_options = var.nix_options
+ extra_build_env_vars = var.extra_build_env_vars
}
module "partitioner-build" {
@@ -10,6 +11,7 @@ module "partitioner-build" {
attribute = var.nixos_partitioner_attr
file = var.file
nix_options = var.nix_options
+ extra_build_env_vars = var.extra_build_env_vars
}
locals {
diff --git a/terraform/all-in-one/variables.tf b/terraform/all-in-one/variables.tf
index 981c4f8c..32caf67e 100644
--- a/terraform/all-in-one/variables.tf
+++ b/terraform/all-in-one/variables.tf
@@ -131,3 +131,9 @@ variable "nixos_facter_path" {
description = "Path to which to write a `facter.json` generated by `nixos-facter`."
default = ""
}
+
+variable "extra_build_env_vars" {
+ type = map(string)
+ description = "Extra environment variables to be passed to the build. If set, evaluation will use `--impure`."
+ default = {}
+}
diff --git a/terraform/nix-build.md b/terraform/nix-build.md
index f64098a9..42308a00 100644
--- a/terraform/nix-build.md
+++ b/terraform/nix-build.md
@@ -31,11 +31,12 @@ No modules.
## Inputs
-| Name | Description | Type | Default | Required |
-| ------------------------------------------------------------------- | -------------------------------------------------- | ------------- | ------- | :------: |
-| [attribute](#input_attribute) | the attribute to build, can also be a flake | `string` | n/a | yes |
-| [file](#input_file) | the nix file to evaluate, if not run in flake mode | `string` | `null` | no |
-| [nix\_options](#input_nix_options) | the options of nix | `map(string)` | `{}` | no |
+| Name | Description | Type | Default | Required |
+| ------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------- | ------------- | ------- | :------: |
+| [attribute](#input_attribute) | the attribute to build, can also be a flake | `string` | n/a | yes |
+| [extra\_build\_env\_vars](#input_extra_build_env_vars) | Extra environment variables to be passed to the build. If set, evaluation will use `--impure`. | `map(string)` | `{}` | no |
+| [file](#input_file) | the nix file to evaluate, if not run in flake mode | `string` | `null` | no |
+| [nix\_options](#input_nix_options) | the options of nix | `map(string)` | `{}` | no |
## Outputs
diff --git a/terraform/nix-build/main.tf b/terraform/nix-build/main.tf
index de73e5eb..2bb33b4d 100644
--- a/terraform/nix-build/main.tf
+++ b/terraform/nix-build/main.tf
@@ -9,6 +9,7 @@ data "external" "nix-build" {
attribute = var.attribute
file = var.file
nix_options = local.nix_options
+ environment = jsonencode(var.extra_build_env_vars)
}
}
output "result" {
diff --git a/terraform/nix-build/nix-build.sh b/terraform/nix-build/nix-build.sh
index 8e5babca..abf39422 100755
--- a/terraform/nix-build/nix-build.sh
+++ b/terraform/nix-build/nix-build.sh
@@ -1,15 +1,24 @@
#!/usr/bin/env bash
set -efu
-declare file attribute nix_options
-eval "$(jq -r '@sh "attribute=\(.attribute) file=\(.file) nix_options=\(.nix_options)"')"
+declare file attribute nix_options environment
+eval "$(jq -r '@sh "attribute=\(.attribute) file=\(.file) nix_options=\(.nix_options) environment=\(.environment)"')"
options=$(echo "${nix_options}" | jq -r '.options | to_entries | map("--option \(.key) \(.value)") | join(" ")')
+vars=$(echo "${environment}" | jq -r "to_entries | map(\"\(.key)='\(.value)'\") | join(\" \")")
if [[ -n ${file-} ]] && [[ -e ${file-} ]]; then
# shellcheck disable=SC2086
- out=$(nix build --no-link --json $options -f "$file" "$attribute")
+ if [[ -n ${vars-} ]]; then
+ out=$(eval "env ${vars} nix build --no-link --json --impure $options -f '$file' '$attribute'")
+ else
+ out=$(nix build --no-link --json $options -f "$file" "$attribute")
+ fi
printf '%s' "$out" | jq -c '.[].outputs'
else
# shellcheck disable=SC2086
- out=$(nix build --no-link --json $options "$attribute")
+ if [[ -n ${vars-} ]]; then
+ out=$(eval "env ${vars} nix build --no-link --json --impure $options '$attribute'")
+ else
+ out=$(nix build --no-link --json $options "$attribute")
+ fi
printf '%s' "$out" | jq -c '.[].outputs'
fi
diff --git a/terraform/nix-build/variables.tf b/terraform/nix-build/variables.tf
index d5b9daf4..3678a59e 100644
--- a/terraform/nix-build/variables.tf
+++ b/terraform/nix-build/variables.tf
@@ -14,3 +14,9 @@ variable "nix_options" {
description = "the options of nix"
default = {}
}
+
+variable "extra_build_env_vars" {
+ type = map(string)
+ description = "Extra environment variables to be passed to the build. If set, evaluation will use `--impure`."
+ default = {}
+}
diff --git a/terraform/update-docs.sh b/terraform/update-docs.sh
index b67d98ad..e408e970 100755
--- a/terraform/update-docs.sh
+++ b/terraform/update-docs.sh
@@ -4,7 +4,7 @@ set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
cd "$SCRIPT_DIR"
files=()
-find "${SCRIPT_DIR}"/* -type d | while read -r i; do
+find "${SCRIPT_DIR}"/* -maxdepth 1 -type d | while read -r i; do
module_name=$(basename "$i")
markdown_file="${SCRIPT_DIR}/${module_name}.md"
terraform-docs --config "${SCRIPT_DIR}/.terraform-docs.yml" markdown table --output-file "${markdown_file}" --output-mode inject "${module_name}"