From 42ee27f737325d29787f8ec6b7a56bfb2d8b8e4d Mon Sep 17 00:00:00 2001 From: Kiara Grouwstra Date: Tue, 26 Aug 2025 17:31:58 +0200 Subject: [PATCH] Revert "simpler data model, not sure it's desirable but at least it's consistent" This reverts commit ede5b4db111b49182d37e2c6667c42225a09fea4. --- deployment/check/data-model/deployment.nix | 14 +++++++------- deployment/data-model-test.nix | 16 ++++++++-------- deployment/data-model.nix | 20 ++++++++++++-------- 3 files changed, 27 insertions(+), 23 deletions(-) diff --git a/deployment/check/data-model/deployment.nix b/deployment/check/data-model/deployment.nix index 76abe204..27de537b 100644 --- a/deployment/check/data-model/deployment.nix +++ b/deployment/check/data-model/deployment.nix @@ -66,7 +66,9 @@ let requests: let # Filter out requests that need wheel if policy doesn't allow it - validRequests = lib.filterAttrs (_name: req: !req.login-shell.wheel || config.wheel) requests; + validRequests = lib.filterAttrs ( + _name: req: !req.login-shell.wheel || config.wheel + ) requests.resources; in lib.optionalAttrs (validRequests != { }) { ${config.username} = { @@ -92,7 +94,7 @@ let implementation = cfg: { input = cfg; output = lib.optionalAttrs cfg.enable { - "my".login-shell.packages.hello = pkgs.hello; + resources.hello.login-shell.packages.hello = pkgs.hello; }; }; }; @@ -123,11 +125,9 @@ let else null; - users.users = environment.config.resources."operator-environment".login-shell.apply ( - lib.filterAttrs (_name: value: value ? login-shell) ( - lib.concatMapAttrs (k': lib.mapAttrs' (k: v: lib.nameValuePair "${k'}.${k}" v)) requests - ) - ); + users.users = environment.config.resources."operator-environment".login-shell.apply { + resources = lib.filterAttrs (_name: value: value ? login-shell) requests; + }; }; }; }; diff --git a/deployment/data-model-test.nix b/deployment/data-model-test.nix index 69a4408c..b875a324 100644 --- a/deployment/data-model-test.nix +++ b/deployment/data-model-test.nix @@ -73,7 +73,9 @@ in requests: let # Filter out requests that need wheel if policy doesn't allow it - validRequests = lib.filterAttrs (_name: req: !req.login-shell.wheel || config.wheel) requests; + validRequests = lib.filterAttrs ( + _name: req: !req.login-shell.wheel || config.wheel + ) requests.resources; in lib.optionalAttrs (validRequests != { }) { ${config.username} = { @@ -99,7 +101,7 @@ in implementation = cfg: { input = cfg; output = lib.optionalAttrs cfg.enable { - "my".login-shell.packages.hello = pkgs.hello; + resources.hello.login-shell.packages.hello = pkgs.hello; }; }; }; @@ -123,11 +125,9 @@ in nixos.module = { ... }: { - users.users = config.resources."operator-environment".login-shell.apply ( - lib.filterAttrs (_name: value: value ? login-shell) ( - lib.concatMapAttrs (k': lib.mapAttrs' (k: v: lib.nameValuePair "${k'}.${k}" v)) requests - ) - ); + users.users = config.resources."operator-environment".login-shell.apply { + resources = lib.filterAttrs (_name: value: value ? login-shell) requests; + }; }; }; }; @@ -154,7 +154,7 @@ in resources = fediversity.applications.hello.resources fediversity."example-configuration".applications.hello; - hello-shell = resources."my".login-shell; + hello-shell = resources.resources.hello.login-shell; environment = fediversity.environments.single-nixos-vm.resources."operator-environment".login-shell; result = mkDeployment { modules = [ diff --git a/deployment/data-model.nix b/deployment/data-model.nix index 21ad803e..581daa8a 100644 --- a/deployment/data-model.nix +++ b/deployment/data-model.nix @@ -18,12 +18,16 @@ let ; functionType = import ./function.nix; - # TODO: maybe transpose, and group the resources by type instead - application-resources = attrsOf ( - attrTag ( - lib.mapAttrs (_name: resource: mkOption { type = submodule resource.request; }) config.resources - ) - ); + application-resources = submodule { + options.resources = mkOption { + # TODO: maybe transpose, and group the resources by type instead + type = attrsOf ( + attrTag ( + lib.mapAttrs (_name: resource: mkOption { type = submodule resource.request; }) config.resources + ) + ); + }; + }; nixos-configuration = mkOption { description = "A NixOS configuration."; type = raw; @@ -89,7 +93,7 @@ in description = "The type of resource this policy configures"; type = types.optionType; }; - # TODO(@fricklerhandwerk): we may want to make the function type explicit here: `attrsOf request -> resource-type` + # TODO(@fricklerhandwerk): we may want to make the function type explict here: `request -> resource-type` # and then also rename this to be consistent with the application's resource mapping options.apply = mkOption { description = "Apply the policy to a request"; @@ -170,7 +174,7 @@ in type = submodule functionType; readOnly = true; default = { - input-type = attrsOf application-resources; + input-type = application-resources; output-type = deployment-type; }; };