From 21fac43e57af3ee9fe3f9f62cf6d021c0bf41013 Mon Sep 17 00:00:00 2001
From: Khue Doan <mail@khuedoan.com>
Date: Sun, 24 Nov 2024 00:09:15 +0700
Subject: [PATCH] refactor: replace Terraform binary with OpenTofu

OpenTofu is a drop-in replacement for Terraform, so aside from changing
the binary, it only needs some minor adjustments.
---
 .pre-commit-config.yaml                            |  7 +++++--
 docs/installation/production/external-resources.md |  2 +-
 external/Makefile                                  |  8 ++++----
 external/versions.tf                               |  2 +-
 flake.lock                                         | 12 ++++++------
 flake.nix                                          |  9 ++-------
 test/tools_test.go                                 |  2 +-
 7 files changed, 20 insertions(+), 22 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index ff729ae0..49180a13 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -15,8 +15,11 @@ repos:
     hooks:
       - id: yamllint
   - repo: https://github.com/gruntwork-io/pre-commit
-    rev: v0.1.17
+    rev: v0.1.24
     hooks:
       - id: helmlint
       - id: shellcheck
-      - id: terraform-fmt
+  - repo: https://github.com/tofuutils/pre-commit-opentofu
+    rev: v2.1.0
+    hooks:
+      - id: tofu_fmt
diff --git a/docs/installation/production/external-resources.md b/docs/installation/production/external-resources.md
index 0fd6aff4..23145d28 100644
--- a/docs/installation/production/external-resources.md
+++ b/docs/installation/production/external-resources.md
@@ -24,7 +24,7 @@ Terraform is stateful, which means it needs somewhere to store its state. Terraf
 
 1. Sign up for a [Terraform Cloud](https://cloud.hashicorp.com/products/terraform) account
 2. Create a workspace named `homelab-external`, this is the workspace where your homelab state will be stored.
-3. Change the "Execution Mode" from "Remote" to "Local". This will ensure your local machine, which can access your lab, is the one executing the terraform plan rather than the cloud runners.
+3. Change the "Execution Mode" from "Remote" to "Local". This will ensure your local machine, which can access your lab, is the one executing the Terraform plan rather than the cloud runners.
 
 If you decide to use a [different Terraform backend](https://www.terraform.io/language/settings/backends#available-backends), you'll need to edit the `external/versions.tf` file as required.
 
diff --git a/external/Makefile b/external/Makefile
index 873edec6..adc3fd0e 100644
--- a/external/Makefile
+++ b/external/Makefile
@@ -3,21 +3,21 @@
 default: apply
 
 ~/.terraform.d/credentials.tfrc.json:
-	terraform login
+	tofu login
 
 terraform.tfvars:
 	cp terraform.tfvars.example ${@}
 	nvim ${@}
 
 .terraform.lock.hcl: ~/.terraform.d/credentials.tfrc.json versions.tf terraform.tfvars
-	terraform init
+	tofu init
 	touch ${@}
 
 namespaces:
 	ansible-playbook namespaces.yml
 
 plan: .terraform.lock.hcl
-	terraform plan
+	tofu plan
 
 apply: .terraform.lock.hcl namespaces
-	terraform apply -auto-approve
+	tofu apply -auto-approve
diff --git a/external/versions.tf b/external/versions.tf
index e5af7345..909b5725 100644
--- a/external/versions.tf
+++ b/external/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 1.8"
+  required_version = "~> 1.7"
 
   backend "remote" {
     hostname     = "app.terraform.io"
diff --git a/flake.lock b/flake.lock
index 4fd50192..74c0019d 100644
--- a/flake.lock
+++ b/flake.lock
@@ -5,11 +5,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1710146030,
-        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
         "type": "github"
       },
       "original": {
@@ -20,11 +20,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1725001927,
-        "narHash": "sha256-eV+63gK0Mp7ygCR0Oy4yIYSNcum2VQwnZamHxYTNi+M=",
+        "lastModified": 1731797254,
+        "narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "6e99f2a27d600612004fbd2c3282d614bfee6421",
+        "rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index c203ab64..9a949ab7 100644
--- a/flake.nix
+++ b/flake.nix
@@ -9,12 +9,7 @@
   outputs = { self, nixpkgs, flake-utils }:
     flake-utils.lib.eachDefaultSystem (system:
       let
-        # TODO remove unfree after removing Terraform
-        # (Source: https://xeiaso.net/blog/notes/nix-flakes-terraform-unfree-fix)
-        pkgs = import nixpkgs {
-          inherit system;
-          config.allowUnfree = true;
-        };
+        pkgs = import nixpkgs { inherit system; };
       in
       with pkgs;
       {
@@ -41,10 +36,10 @@
             libisoburn
             neovim
             openssh
+            opentofu # Drop-in replacement for Terraform
             p7zip
             pre-commit
             shellcheck
-            terraform # TODO replace with OpenTofu, Terraform is no longer FOSS
             yamllint
 
             (python3.withPackages (p: with p; [
diff --git a/test/tools_test.go b/test/tools_test.go
index d2c95ab1..3aee71a1 100644
--- a/test/tools_test.go
+++ b/test/tools_test.go
@@ -24,7 +24,7 @@ func TestToolsVersions(t *testing.T) {
 		{"kubectl", "version", ">= 1.30.0, < 1.32.0"}, // https://kubernetes.io/releases/version-skew-policy/#kubectl
 		{"kustomize", "version", ">= 5.0.3, < 6.0.0"},
 		{"pre-commit", "--version", ">= 3.3.2, < 4.0.0"},
-		{"terraform", "--version", ">= 1.8.0, < 1.9.0"},
+		{"tofu", "--version", ">= 1.7.0, < 1.9.0"},
 	}
 
 	for _, tool := range tools {