| 25 Oct 2021 |
 David Arnold (blaggacao) | nix eval --json .#my-gce-env | tf ... | 17:29:10 |
 genadij.udarov | I'd like to avoid the tfstate thingy... | 17:29:18 |
| David Arnold (blaggacao) | You swap tfstate for nixops state. | 17:29:42 |
| David Arnold (blaggacao) |
- most providers do only keep state for speed and can fully recover from a lost state through the remot APIs.
| 17:30:16 |
| David Arnold (blaggacao) | * + most providers do only keep state for speed and can fully recover from a lost state through the remote APIs. | 17:31:04 |
| genadij.udarov | Ah, makes sense. It would be great if I could use cloud provider as a source of truth using labels/tags/whatnot. I guess the tech is not here yet. :-D
Speaking of nix eval, should I write the .#my-gce-env output (that's the term in flake, right) myself, or are there some libs to do so? | 17:31:06 |
| genadij.udarov | In reply to @blaggacao:matrix.org
- most providers do only keep state for speed and can fully recover from a lost state through the remote APIs.
Interesting. Didn't know about that. | 17:31:39 |
| David Arnold (blaggacao) | You can use terranix, but I'd recommend doing copy-hcl / pasta-json-nix directly from the upstream docs. | 17:31:59 |
| David Arnold (blaggacao) | This gives you a significantly increased body of documentation. | 17:32:20 |
| genadij.udarov | upstream docs being tf docs, right? | 17:32:39 |
| David Arnold (blaggacao) | The obly trick is: "copy-hcl / pasta-nix-json` | 17:32:43 |
| David Arnold (blaggacao) | * The only trick is: "copy-hcl / pasta-nix-json` | 17:32:50 |
| David Arnold (blaggacao) | That transformation is really obvious after ~1/2 hour of playing. | 17:33:22 |
| David Arnold (blaggacao) | * That transformation is really _obvious_ after ~1/2 hour of playing. | 17:33:37 |
| genadij.udarov | Thanks! | 17:37:21 |
| David Arnold (blaggacao) | You should be able to use cloud providers as a source of truth with terraform data resources. | 17:38:33 |
| David Arnold (blaggacao) | You need to make a trade-off decision, though how much exogenous information you want to accept / can't avoid in your gitops workflow. | 17:39:18 |
| David Arnold (blaggacao) | I'd say: exoginous is ok if you can't avoid it.
Exogenous is ok for those "efimeral" envs that you spoke of. | 17:40:09 |
| David Arnold (blaggacao) | * I'd say: exogenous is ok if you can't avoid it.
Exogenous is ok for those "efimeral" envs that you spoke of. | 17:40:17 |
| genadij.udarov | In reply to @blaggacao:matrix.org
You should be able to use cloud providers as a source of truth with terraform data resources. So the tf contents would be like data ... resource { if data is null }? I've got some tf experience, but have never thought of / encountered such pattern. | 17:41:14 |
| David Arnold (blaggacao) | I can't really tell, but I can add this: TF, as well as nomia, provide CRUD-luke semantics on remote resources. | 17:42:19 |
| David Arnold (blaggacao) | * I can't really tell, but I can add this: TF, as well as `nomia`, provide CRUD-like semantics on remote resources. | 17:42:28 |
| David Arnold (blaggacao) | There are limitations to the stack-depths, though. | 17:42:54 |
| David Arnold (blaggacao) | As in nix (without IFD), you only have two stages: eval / build. I think TF also has a similar limitation and there is no recursive TF or such thing. | 17:43:42 |
| David Arnold (blaggacao) | A similarity, which is not a coincidence on a very fundamental level. | 17:44:24 |
| genadij.udarov | True. Back in the day, tf used to rely solely on tfstate to decide what API calls to do. I guess I could hack something that would generate tfstate from nix, if I'd need to. :-D
Thanks for the input, I think I'll be able to start hacking a PoC now. | 17:46:22 |
| David Arnold (blaggacao) | Cool! Just make sure you don't needlessly allow exogenous data to be input intor your gitops capsule. | 17:47:08 |
 @timdeh:matrix.org | I wonder if committing the tfstate file would be a possible solution 🤔 | 17:47:26 |
| David Arnold (blaggacao) | * Cool! Just make sure you don't _needlessly_ allow exogenous data to be input into your gitops capsule. | 17:47:26 |
| David Arnold (blaggacao) | If it doesn't hold secrets, yes. | 17:47:44 |
