project-wide: Working DNS setup + referencing tf.nix from hostConfig

default.nix

@@ -7,7 +7,7 @@ rec {
     defaultFile = "nixos.nix";
   };
 
-  hosts = import ./lib/hosts.nix { inherit pkgs sources witch profiles; };
+  hosts = import ./lib/hosts.nix { inherit pkgs sources witch profiles; inherit (deploy) tf;  };
 
   inherit (pkgs) lib;
 

lib/deploy.nix

@@ -15,9 +15,10 @@ let
     tfEval ({ config, ... }: {
       imports =
         mapAttrsToList (name: host: import (../hosts + "/${name}/meta.nix"))
-        hosts;
+        hosts ++ [{ config = mkMerge (mapAttrsToList (_: host: mapAttrs (_: mkMerge) host.config.deploy.tf.out.set) hosts); }];
 
-      deps = {
+        deps = {
+        select.allProviders = true;
         enable = true;
         select.hclPaths =
           (map (name: config.resources."${name}_system_switch".out.hclPathStr)
@@ -62,11 +63,13 @@ let
         value.shellCommand = "bitw get infra/rfc2136 -f password";
       };
 
+      dns.zones."kittywit.ch." = { provider = "dns"; };
+
       providers.hcloud = { inputs.token = config.variables.hcloud_token.ref; };
 
       providers.dns = {
         inputs.update = {
-          server = "45.129.95.255";
+          server = "ns1.as207960.net";
           key_name = config.variables.glauca_key.ref;
           key_secret = config.variables.glauca_secret.ref;
           key_algorithm = "hmac-sha512";

lib/hosts.nix

@@ -1,4 +1,4 @@
-{ pkgs, hostsDir ? ../hosts, profiles, pkgsPath ? ../pkgs, sources ? { }
+{ pkgs, tf, hostsDir ? ../hosts, profiles, pkgsPath ? ../pkgs, sources ? { }
 , witch ? { } }:
 
 with pkgs.lib;
@@ -27,7 +27,7 @@ rec {
         else
           { })
       ];
-      specialArgs = { inherit sources profiles witch hostName; };
+      specialArgs = { inherit sources tf profiles witch hostName; };
     })) hostNames);
 
   groupNames = unique (concatLists

modules/nixos/default.nix

@@ -3,6 +3,7 @@
 {
   imports = [
     ./deploy
+    ./tf-glue
     (sources.tf-nix + "/modules/nixos/secrets.nix")
     (sources.tf-nix + "/modules/nixos/secrets-users.nix")
   ];

modules/nixos/tf-glue/default.nix

@@ -0,0 +1,30 @@
+{ config, lib, ... }: with lib; let
+  cfg = config.deploy.tf;
+  unmergedValues = types.mkOptionType {
+    name = "unmergedValues";
+    merge = loc: defs: map (def: def.value) defs;
+  };
+in {
+  options.deploy.tf = mkOption {
+    type = types.submodule {
+      freeformType = types.attrsOf unmergedValues;
+
+      options = {
+        attrs = mkOption {
+          type = types.listOf types.str;
+          default = [ ];
+        };
+        out.set = mkOption {
+          type = types.unspecified;
+        };
+      };
+    };
+  };
+
+  config = {
+    deploy.tf = {
+      attrs = [ "out" "attrs" ];
+      out.set = removeAttrs cfg cfg.attrs;
+    }; 
+  };
+}

nix/sources.json

@@ -124,10 +124,10 @@
         "homepage": null,
         "owner": "arcnmx",
         "repo": "tf-nix",
-        "rev": "f8388c58aa7759dede5163a011fb1a08e7c27fc8",
+        "rev": "f4fe8c91d7048340ac5ff018c70736db4e92ce25",
-        "sha256": "0n0cp2hz00naz78dxi3b7ayrjv4l0001sc1k08w01aw2p400wpyc",
+        "sha256": "1qjpj0xwwxhc2qj8ciscqz60x7wgsaw72zza61hckh0qc9xdwx6w",
         "type": "tarball",
-        "url": "https://github.com/arcnmx/tf-nix/archive/f8388c58aa7759dede5163a011fb1a08e7c27fc8.tar.gz",
+        "url": "https://github.com/arcnmx/tf-nix/archive/f4fe8c91d7048340ac5ff018c70736db4e92ce25.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     }
 }