simpler data model, not sure it's desirable but at least it's consistent

2025-08-26 17:31:53 +02:00 · 2025-08-26 17:31:53 +02:00 · 078a49f54a
commit 078a49f54a
parent f30c47c8ec
3 changed files with 23 additions and 27 deletions
--- a/deployment/check/data-model/deployment.nix
+++ b/deployment/check/data-model/deployment.nix
@ -66,9 +66,7 @@ let
                  requests:
                  let
                    # Filter out requests that need wheel if policy doesn't allow it
-                    validRequests = lib.filterAttrs (
-                      _name: req: !req.login-shell.wheel || config.wheel
-                    ) requests.resources;
+                    validRequests = lib.filterAttrs (_name: req: !req.login-shell.wheel || config.wheel) requests;
                  in
                  lib.optionalAttrs (validRequests != { }) {
                    ${config.username} = {
@ -94,7 +92,7 @@ let
            implementation = cfg: {
              input = cfg;
              output = lib.optionalAttrs cfg.enable {
-                resources.hello.login-shell.packages.hello = pkgs.hello;
+                "my".login-shell.packages.hello = pkgs.hello;
              };
            };
          };
@ -125,9 +123,11 @@ let
                    else
                      null;

-                  users.users = environment.config.resources."operator-environment".login-shell.apply {
-                    resources = lib.filterAttrs (_name: value: value ? login-shell) requests;
-                  };
+                  users.users = environment.config.resources."operator-environment".login-shell.apply (
+                    lib.filterAttrs (_name: value: value ? login-shell) (
+                      lib.concatMapAttrs (k': lib.mapAttrs' (k: v: lib.nameValuePair "${k'}.${k}" v)) requests
+                    )
+                  );
                };
            };
          };
--- a/deployment/data-model-test.nix
+++ b/deployment/data-model-test.nix
@ -73,9 +73,7 @@ in
                        requests:
                        let
                          # Filter out requests that need wheel if policy doesn't allow it
-                          validRequests = lib.filterAttrs (
-                            _name: req: !req.login-shell.wheel || config.wheel
-                          ) requests.resources;
+                          validRequests = lib.filterAttrs (_name: req: !req.login-shell.wheel || config.wheel) requests;
                        in
                        lib.optionalAttrs (validRequests != { }) {
                          ${config.username} = {
@ -101,7 +99,7 @@ in
                  implementation = cfg: {
                    input = cfg;
                    output = lib.optionalAttrs cfg.enable {
-                      resources.hello.login-shell.packages.hello = pkgs.hello;
+                      "my".login-shell.packages.hello = pkgs.hello;
                    };
                  };
                };
@ -125,9 +123,11 @@ in
                          nixos.module =
                            { ... }:
                            {
-                              users.users = config.resources."operator-environment".login-shell.apply {
-                                resources = lib.filterAttrs (_name: value: value ? login-shell) requests;
-                              };
+                              users.users = config.resources."operator-environment".login-shell.apply (
+                                lib.filterAttrs (_name: value: value ? login-shell) (
+                                  lib.concatMapAttrs (k': lib.mapAttrs' (k: v: lib.nameValuePair "${k'}.${k}" v)) requests
+                                )
+                              );
                            };
                        };
                      };
@ -154,7 +154,7 @@ in
        resources =
          fediversity.applications.hello.resources
            fediversity."example-configuration".applications.hello;
-        hello-shell = resources.resources.hello.login-shell;
+        hello-shell = resources."my".login-shell;
        environment = fediversity.environments.single-nixos-vm.resources."operator-environment".login-shell;
        result = mkDeployment {
          modules = [
--- a/deployment/data-model.nix
+++ b/deployment/data-model.nix
@ -18,16 +18,12 @@ let
    ;

  functionType = import ./function.nix;
-  application-resources = submodule {
-    options.resources = mkOption {
-      # TODO: maybe transpose, and group the resources by type instead
-      type = attrsOf (
-        attrTag (
-          lib.mapAttrs (_name: resource: mkOption { type = submodule resource.request; }) config.resources
-        )
-      );
-    };
-  };
+  # TODO: maybe transpose, and group the resources by type instead
+  application-resources = attrsOf (
+    attrTag (
+      lib.mapAttrs (_name: resource: mkOption { type = submodule resource.request; }) config.resources
+    )
+  );
  nixos-configuration = mkOption {
    description = "A NixOS configuration.";
    type = raw;
@ -93,7 +89,7 @@ in
                        description = "The type of resource this policy configures";
                        type = types.optionType;
                      };
-                      # TODO(@fricklerhandwerk): we may want to make the function type explict here: `request -> resource-type`
+                      # TODO(@fricklerhandwerk): we may want to make the function type explicit here: `attrsOf request -> resource-type`
                      # and then also rename this to be consistent with the application's resource mapping
                      options.apply = mkOption {
                        description = "Apply the policy to a request";
@ -174,7 +170,7 @@ in
              type = submodule functionType;
              readOnly = true;
              default = {
-                input-type = application-resources;
+                input-type = attrsOf application-resources;
                output-type = deployment-type;
              };
            };