Help auditing best-practices on a flake using terranix + kubenix


I’m quite new to nix, immediately fell in love with it, and saw its potential to help generate a lot of boilerplate around kubernetes and terraform.

So I went ahead and tried to integrate both tools: GitHub - docteurklein/kubenix-test (don’t mind the repo name :)), using and behind the hood.

I took inspiration of anything I could find, like this fresh nixconf prez.

Please note that it’s highly opinionated for my use-case, which is a typical web-app running http endpoints and background workers (backed by GCP - pubsub, GKE, …).

The idea is:
I’m using lib.evalModules to represent the high level components of my stack:

  • a “worker” is an abstract object representing a process consuming a message queue
  • a “service” is an object aiming at serving (http) endpoints

From those high-level descriptions, I infer the corresponding resources:

Each “worker” is:

  • projected as a terraform resource to create a gcp pubsub subscription
  • projected as a kube Deployment object which receives the name of the subscription (created above) as an env var

Each “service” is similarly projected as a kube Deployement + Service.

So here is my question:
In order to bridge the outputs generated by terraform and pass them to kubernetes, I’m not sure if what I’ve done is correct or if there is a better way.

Indeed I’m git-versioning the tfoutput file (generated by terraform) after I nix run terraform -- apply, so that it is visible to the flake.

That allows me to expose those outputs to the kubenix config.
I struggled a bit with modules and submodules, and I’m not sure if what I’m doing makes sense, or is idiomatic to nix. Maybe I should have used an IFD or something?

What do you think?
Is there something obvious I’m missing to make this easier?
PS: the source is all available here: GitHub - docteurklein/kubenix-test

Thanks a lot!