refactor: replace Terraform binary with OpenTofu

OpenTofu is a drop-in replacement for Terraform, so aside from changing
the binary, it only needs some minor adjustments.
This commit is contained in:
Khue Doan 2024-11-24 00:09:15 +07:00
parent 47aefc54af
commit 21fac43e57
7 changed files with 20 additions and 22 deletions

View File

@ -15,8 +15,11 @@ repos:
hooks:
- id: yamllint
- repo: https://github.com/gruntwork-io/pre-commit
rev: v0.1.17
rev: v0.1.24
hooks:
- id: helmlint
- id: shellcheck
- id: terraform-fmt
- repo: https://github.com/tofuutils/pre-commit-opentofu
rev: v2.1.0
hooks:
- id: tofu_fmt

View File

@ -24,7 +24,7 @@ Terraform is stateful, which means it needs somewhere to store its state. Terraf
1. Sign up for a [Terraform Cloud](https://cloud.hashicorp.com/products/terraform) account
2. Create a workspace named `homelab-external`, this is the workspace where your homelab state will be stored.
3. Change the "Execution Mode" from "Remote" to "Local". This will ensure your local machine, which can access your lab, is the one executing the terraform plan rather than the cloud runners.
3. Change the "Execution Mode" from "Remote" to "Local". This will ensure your local machine, which can access your lab, is the one executing the Terraform plan rather than the cloud runners.
If you decide to use a [different Terraform backend](https://www.terraform.io/language/settings/backends#available-backends), you'll need to edit the `external/versions.tf` file as required.

View File

@ -3,21 +3,21 @@
default: apply
~/.terraform.d/credentials.tfrc.json:
terraform login
tofu login
terraform.tfvars:
cp terraform.tfvars.example ${@}
nvim ${@}
.terraform.lock.hcl: ~/.terraform.d/credentials.tfrc.json versions.tf terraform.tfvars
terraform init
tofu init
touch ${@}
namespaces:
ansible-playbook namespaces.yml
plan: .terraform.lock.hcl
terraform plan
tofu plan
apply: .terraform.lock.hcl namespaces
terraform apply -auto-approve
tofu apply -auto-approve

View File

@ -1,5 +1,5 @@
terraform {
required_version = "~> 1.8"
required_version = "~> 1.7"
backend "remote" {
hostname = "app.terraform.io"

View File

@ -5,11 +5,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
@ -20,11 +20,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1725001927,
"narHash": "sha256-eV+63gK0Mp7ygCR0Oy4yIYSNcum2VQwnZamHxYTNi+M=",
"lastModified": 1731797254,
"narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6e99f2a27d600612004fbd2c3282d614bfee6421",
"rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59",
"type": "github"
},
"original": {

View File

@ -9,12 +9,7 @@
outputs = { self, nixpkgs, flake-utils }:
flake-utils.lib.eachDefaultSystem (system:
let
# TODO remove unfree after removing Terraform
# (Source: https://xeiaso.net/blog/notes/nix-flakes-terraform-unfree-fix)
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
};
pkgs = import nixpkgs { inherit system; };
in
with pkgs;
{
@ -41,10 +36,10 @@
libisoburn
neovim
openssh
opentofu # Drop-in replacement for Terraform
p7zip
pre-commit
shellcheck
terraform # TODO replace with OpenTofu, Terraform is no longer FOSS
yamllint
(python3.withPackages (p: with p; [

View File

@ -24,7 +24,7 @@ func TestToolsVersions(t *testing.T) {
{"kubectl", "version", ">= 1.30.0, < 1.32.0"}, // https://kubernetes.io/releases/version-skew-policy/#kubectl
{"kustomize", "version", ">= 5.0.3, < 6.0.0"},
{"pre-commit", "--version", ">= 3.3.2, < 4.0.0"},
{"terraform", "--version", ">= 1.8.0, < 1.9.0"},
{"tofu", "--version", ">= 1.7.0, < 1.9.0"},
}
for _, tool := range tools {