From 26adce03fe90b22aa5bfc73e5c0fbf962be90faf Mon Sep 17 00:00:00 2001 From: Kiara Grouwstra Date: Thu, 31 Jul 2025 15:52:44 +0200 Subject: [PATCH 1/2] fix linter gripes --- deployment/data-model-test.nix | 6 +++--- deployment/data-model.nix | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/deployment/data-model-test.nix b/deployment/data-model-test.nix index 7c11f687..2a1c182b 100644 --- a/deployment/data-model-test.nix +++ b/deployment/data-model-test.nix @@ -165,7 +165,7 @@ in } ); resources = fediversity.applications.hello.resources fediversity.example-configuration.applications.hello; - hello-shell = (resources).resources.hello.login-shell; + hello-shell = resources.resources.hello.login-shell; environment = fediversity.environments.single-nixos-vm.resources.operator-environment.login-shell; result = mkDeployment { modules = [ @@ -174,7 +174,7 @@ in }; in - rec { + { number-of-resources = with lib; length (attrNames fediversity.resources); inherit (fediversity) example-configuration; hello-package-exists = hello-shell.packages ? hello; @@ -186,7 +186,7 @@ in in { inherit (operator) isNormalUser; - packages = with lib; map (p: "${p.pname}") operator.packages; + packages = map (p: "${p.pname}") operator.packages; extraGroups = operator.extraGroups; }; deployment = { diff --git a/deployment/data-model.nix b/deployment/data-model.nix index 10256d30..a5562f93 100644 --- a/deployment/data-model.nix +++ b/deployment/data-model.nix @@ -76,7 +76,7 @@ in # TODO(@fricklerhandwerk): do we need a function type here as well, or is it in the way? options.apply = mkOption { description = "Apply the policy to a request"; - type = with types; functionTo policy.config.resource-type; + type = functionTo policy.config.resource-type; }; }) ]; -- 2.48.1 From 742cafc426a3b38173047fdefc6f34511fd0bd15 Mon Sep 17 00:00:00 2001 From: Kiara Grouwstra Date: Thu, 31 Jul 2025 15:54:31 +0200 Subject: [PATCH 2/2] put `config` stuff in an attrset --- deployment/data-model-test.nix | 42 +++++++++++++++++++--------------- 1 file changed, 23 insertions(+), 19 deletions(-) diff --git a/deployment/data-model-test.nix b/deployment/data-model-test.nix index 2a1c182b..5b4b9259 100644 --- a/deployment/data-model-test.nix +++ b/deployment/data-model-test.nix @@ -45,8 +45,10 @@ in description = "Any options from NixOS"; }; }; - config.resource-type = types.raw; # TODO: what's the type of a NixOS configuration? - config.apply = requests: lib.mkMerge (requests ++ [ config.extra-config ]); + config = { + resource-type = types.raw; # TODO: what's the type of a NixOS configuration? + apply = requests: lib.mkMerge (requests ++ [ config.extra-config ]); + }; }; }; resources.login-shell = { @@ -82,24 +84,26 @@ in default = false; }; }; - config.resource-type = types.raw; # TODO: splice out the user type from NixOS - config.apply = - requests: - let - # Filter out requests that need wheel if policy doesn't allow it - validRequests = lib.filterAttrs ( - _name: req: !req.login-shell.wheel || config.wheel - ) requests.resources; - in - lib.optionalAttrs (validRequests != { }) { - ${config.username} = { - isNormalUser = true; - packages = - with lib; - attrValues (concatMapAttrs (_name: request: request.login-shell.packages) validRequests); - extraGroups = lib.optional config.wheel "wheel"; + config = { + resource-type = types.raw; # TODO: splice out the user type from NixOS + apply = + requests: + let + # Filter out requests that need wheel if policy doesn't allow it + validRequests = lib.filterAttrs ( + _name: req: !req.login-shell.wheel || config.wheel + ) requests.resources; + in + lib.optionalAttrs (validRequests != { }) { + ${config.username} = { + isNormalUser = true; + packages = + with lib; + attrValues (concatMapAttrs (_name: request: request.login-shell.packages) validRequests); + extraGroups = lib.optional config.wheel "wheel"; + }; }; - }; + }; }; }; applications.hello = -- 2.48.1