forked from fediversity/fediversity
		
	simpler data model, not sure it's desirable but at least it's consistent
This commit is contained in:
		
							parent
							
								
									f30c47c8ec
								
							
						
					
					
						commit
						078a49f54a
					
				
					 3 changed files with 23 additions and 27 deletions
				
			
		|  | @ -66,9 +66,7 @@ let | |||
|                   requests: | ||||
|                   let | ||||
|                     # Filter out requests that need wheel if policy doesn't allow it | ||||
|                     validRequests = lib.filterAttrs ( | ||||
|                       _name: req: !req.login-shell.wheel || config.wheel | ||||
|                     ) requests.resources; | ||||
|                     validRequests = lib.filterAttrs (_name: req: !req.login-shell.wheel || config.wheel) requests; | ||||
|                   in | ||||
|                   lib.optionalAttrs (validRequests != { }) { | ||||
|                     ${config.username} = { | ||||
|  | @ -94,7 +92,7 @@ let | |||
|             implementation = cfg: { | ||||
|               input = cfg; | ||||
|               output = lib.optionalAttrs cfg.enable { | ||||
|                 resources.hello.login-shell.packages.hello = pkgs.hello; | ||||
|                 "my".login-shell.packages.hello = pkgs.hello; | ||||
|               }; | ||||
|             }; | ||||
|           }; | ||||
|  | @ -125,9 +123,11 @@ let | |||
|                     else | ||||
|                       null; | ||||
| 
 | ||||
|                   users.users = environment.config.resources."operator-environment".login-shell.apply { | ||||
|                     resources = lib.filterAttrs (_name: value: value ? login-shell) requests; | ||||
|                   }; | ||||
|                   users.users = environment.config.resources."operator-environment".login-shell.apply ( | ||||
|                     lib.filterAttrs (_name: value: value ? login-shell) ( | ||||
|                       lib.concatMapAttrs (k': lib.mapAttrs' (k: v: lib.nameValuePair "${k'}.${k}" v)) requests | ||||
|                     ) | ||||
|                   ); | ||||
|                 }; | ||||
|             }; | ||||
|           }; | ||||
|  |  | |||
|  | @ -73,9 +73,7 @@ in | |||
|                         requests: | ||||
|                         let | ||||
|                           # Filter out requests that need wheel if policy doesn't allow it | ||||
|                           validRequests = lib.filterAttrs ( | ||||
|                             _name: req: !req.login-shell.wheel || config.wheel | ||||
|                           ) requests.resources; | ||||
|                           validRequests = lib.filterAttrs (_name: req: !req.login-shell.wheel || config.wheel) requests; | ||||
|                         in | ||||
|                         lib.optionalAttrs (validRequests != { }) { | ||||
|                           ${config.username} = { | ||||
|  | @ -101,7 +99,7 @@ in | |||
|                   implementation = cfg: { | ||||
|                     input = cfg; | ||||
|                     output = lib.optionalAttrs cfg.enable { | ||||
|                       resources.hello.login-shell.packages.hello = pkgs.hello; | ||||
|                       "my".login-shell.packages.hello = pkgs.hello; | ||||
|                     }; | ||||
|                   }; | ||||
|                 }; | ||||
|  | @ -125,9 +123,11 @@ in | |||
|                           nixos.module = | ||||
|                             { ... }: | ||||
|                             { | ||||
|                               users.users = config.resources."operator-environment".login-shell.apply { | ||||
|                                 resources = lib.filterAttrs (_name: value: value ? login-shell) requests; | ||||
|                               }; | ||||
|                               users.users = config.resources."operator-environment".login-shell.apply ( | ||||
|                                 lib.filterAttrs (_name: value: value ? login-shell) ( | ||||
|                                   lib.concatMapAttrs (k': lib.mapAttrs' (k: v: lib.nameValuePair "${k'}.${k}" v)) requests | ||||
|                                 ) | ||||
|                               ); | ||||
|                             }; | ||||
|                         }; | ||||
|                       }; | ||||
|  | @ -154,7 +154,7 @@ in | |||
|         resources = | ||||
|           fediversity.applications.hello.resources | ||||
|             fediversity."example-configuration".applications.hello; | ||||
|         hello-shell = resources.resources.hello.login-shell; | ||||
|         hello-shell = resources."my".login-shell; | ||||
|         environment = fediversity.environments.single-nixos-vm.resources."operator-environment".login-shell; | ||||
|         result = mkDeployment { | ||||
|           modules = [ | ||||
|  |  | |||
|  | @ -18,16 +18,12 @@ let | |||
|     ; | ||||
| 
 | ||||
|   functionType = import ./function.nix; | ||||
|   application-resources = submodule { | ||||
|     options.resources = mkOption { | ||||
|   # TODO: maybe transpose, and group the resources by type instead | ||||
|       type = attrsOf ( | ||||
|   application-resources = attrsOf ( | ||||
|     attrTag ( | ||||
|       lib.mapAttrs (_name: resource: mkOption { type = submodule resource.request; }) config.resources | ||||
|     ) | ||||
|   ); | ||||
|     }; | ||||
|   }; | ||||
|   nixos-configuration = mkOption { | ||||
|     description = "A NixOS configuration."; | ||||
|     type = raw; | ||||
|  | @ -93,7 +89,7 @@ in | |||
|                         description = "The type of resource this policy configures"; | ||||
|                         type = types.optionType; | ||||
|                       }; | ||||
|                       # TODO(@fricklerhandwerk): we may want to make the function type explict here: `request -> resource-type` | ||||
|                       # TODO(@fricklerhandwerk): we may want to make the function type explicit here: `attrsOf request -> resource-type` | ||||
|                       # and then also rename this to be consistent with the application's resource mapping | ||||
|                       options.apply = mkOption { | ||||
|                         description = "Apply the policy to a request"; | ||||
|  | @ -174,7 +170,7 @@ in | |||
|               type = submodule functionType; | ||||
|               readOnly = true; | ||||
|               default = { | ||||
|                 input-type = application-resources; | ||||
|                 input-type = attrsOf application-resources; | ||||
|                 output-type = deployment-type; | ||||
|               }; | ||||
|             }; | ||||
|  |  | |||
		Loading…
	
	Add table
		
		Reference in a new issue