use opentofu over terraform

[KiaraGrouwstra]

this PR replaces the use of terraform with the open-source fork opentofu, as suggested at #60.

it may be possible to refactor this to take out the ugly patch for the registry (may involve a change over at nixpkgs), but for now i wanted to focus on gathering feedback on the idea first.

while this implementation flat-out replaces the package, i actually hoped to maybe let the user choose, but came up blank with an elegant way to handle that kind of conditional here.

[yannham]

Cool to see support for OpenTofu! We should probably propose both terraform and opentofu in the output indeed.

To do so we'll have to pull anything that depends on either terraform in their own definition if not already the case (e.g. mkDevShell, while generateJsonSchema or terraformProviders are already in a let-binding), then make them functions taking a terraform package as an argument so that we can pass either opentofu or terraform, instead of relying on pkgs or the ambiant self.terraform.

Since flake outputs are notoriously not parametrizable, it's reasonable to duplicate each output that depends on terraform as a -terraform version and an -opentofu version.

Would that make sense somehow?

[KiaraGrouwstra]

@yannham thanks, that makes sense!
i now pushed commits to:

• parameterize the attributes, making opentofu the default rather than only option
• move out the registry patch, which needs opentofu: move the plugin patch from plugins to withPlugins NixOS/nixpkgs#369770

on merge of #68 i'll rebase on that as well.

[yannham]

Thanks, looks good overall, beside a few details. I understand that you would like to get #68 merged first, and then rebase? Note that the CI is failing on the later PR.

[KiaraGrouwstra]

@yannham:

Thanks, looks good overall, beside a few details. I understand that you would like to get #68 merged first, and then rebase? Note that the CI is failing on the later PR.

Thanks for your feedback!

On the CI, I seem able to reproduce the failure using main branch - this regression seems induced probably by a new nixos-unstable rather than by my PRs.

[KiaraGrouwstra]

hm, looks like a few dependencies cause the check to fail when updated - see #73, #74.

[KiaraGrouwstra]

rebased now

[yannham]

It just needs a nixpkgs-fmt flake.nix; we check formatting as part of the CI.

[KiaraGrouwstra]

thanks, done!

[btlogy]

Any idea why those CI checks are failing now?
Is it a failure to build only the age provider?

[yannham]

Is it a failure to build only the age provider?

It seems so. I wonder if that could be related to NixOS/nixpkgs#376262, which followed @KiaraGrouwstra PR to Nixpkgs. And it turns out the age provider is indeed missing a homepage attribute in its manifest (it's very minimal). So, it might be worth trying to update the flake.lock and to see if that fixes the issue.

[KiaraGrouwstra]

it seems i broke the check using NixOS/nixpkgs@ffacb08.
i think just reverting that would instead break the providers at run-time again tho, so trying to figure out how to make it work again now.

[GTrunSec]

@KiaraGrouwstra this is my fixed version: tao3k/omnibus@b16e2e1#diff-80903bc971e622f2452c1ab586eb74110575ac7d785224fb596d0c0706f88fefR19

make sure the required_providers { "${name}" = provider; }; change to registry.opentofu.org/xxx as well.

[KiaraGrouwstra]

@GTrunSec hm, all those manual overrides were sort of what i'd intended to address :(