forked from fediversity/fediversity
		
	simpler data model, not sure it's desirable but at least it's consistent
This commit is contained in:
		
							parent
							
								
									ee045f98a1
								
							
						
					
					
						commit
						17f6d3269b
					
				
					 3 changed files with 23 additions and 27 deletions
				
			
		|  | @ -66,9 +66,7 @@ let | ||||||
|                   requests: |                   requests: | ||||||
|                   let |                   let | ||||||
|                     # Filter out requests that need wheel if policy doesn't allow it |                     # Filter out requests that need wheel if policy doesn't allow it | ||||||
|                     validRequests = lib.filterAttrs ( |                     validRequests = lib.filterAttrs (_name: req: !req.login-shell.wheel || config.wheel) requests; | ||||||
|                       _name: req: !req.login-shell.wheel || config.wheel |  | ||||||
|                     ) requests.resources; |  | ||||||
|                   in |                   in | ||||||
|                   lib.optionalAttrs (validRequests != { }) { |                   lib.optionalAttrs (validRequests != { }) { | ||||||
|                     ${config.username} = { |                     ${config.username} = { | ||||||
|  | @ -94,7 +92,7 @@ let | ||||||
|             implementation = cfg: { |             implementation = cfg: { | ||||||
|               input = cfg; |               input = cfg; | ||||||
|               output = lib.optionalAttrs cfg.enable { |               output = lib.optionalAttrs cfg.enable { | ||||||
|                 resources.hello.login-shell.packages.hello = pkgs.hello; |                 "my".login-shell.packages.hello = pkgs.hello; | ||||||
|               }; |               }; | ||||||
|             }; |             }; | ||||||
|           }; |           }; | ||||||
|  | @ -125,9 +123,11 @@ let | ||||||
|                     else |                     else | ||||||
|                       null; |                       null; | ||||||
| 
 | 
 | ||||||
|                   users.users = environment.config.resources."operator-environment".login-shell.apply { |                   users.users = environment.config.resources."operator-environment".login-shell.apply ( | ||||||
|                     resources = lib.filterAttrs (_name: value: value ? login-shell) requests; |                     lib.filterAttrs (_name: value: value ? login-shell) ( | ||||||
|                   }; |                       lib.concatMapAttrs (k': lib.mapAttrs' (k: v: lib.nameValuePair "${k'}.${k}" v)) requests | ||||||
|  |                     ) | ||||||
|  |                   ); | ||||||
|                 }; |                 }; | ||||||
|             }; |             }; | ||||||
|           }; |           }; | ||||||
|  |  | ||||||
|  | @ -73,9 +73,7 @@ in | ||||||
|                         requests: |                         requests: | ||||||
|                         let |                         let | ||||||
|                           # Filter out requests that need wheel if policy doesn't allow it |                           # Filter out requests that need wheel if policy doesn't allow it | ||||||
|                           validRequests = lib.filterAttrs ( |                           validRequests = lib.filterAttrs (_name: req: !req.login-shell.wheel || config.wheel) requests; | ||||||
|                             _name: req: !req.login-shell.wheel || config.wheel |  | ||||||
|                           ) requests.resources; |  | ||||||
|                         in |                         in | ||||||
|                         lib.optionalAttrs (validRequests != { }) { |                         lib.optionalAttrs (validRequests != { }) { | ||||||
|                           ${config.username} = { |                           ${config.username} = { | ||||||
|  | @ -101,7 +99,7 @@ in | ||||||
|                   implementation = cfg: { |                   implementation = cfg: { | ||||||
|                     input = cfg; |                     input = cfg; | ||||||
|                     output = lib.optionalAttrs cfg.enable { |                     output = lib.optionalAttrs cfg.enable { | ||||||
|                       resources.hello.login-shell.packages.hello = pkgs.hello; |                       "my".login-shell.packages.hello = pkgs.hello; | ||||||
|                     }; |                     }; | ||||||
|                   }; |                   }; | ||||||
|                 }; |                 }; | ||||||
|  | @ -125,9 +123,11 @@ in | ||||||
|                           nixos.module = |                           nixos.module = | ||||||
|                             { ... }: |                             { ... }: | ||||||
|                             { |                             { | ||||||
|                               users.users = config.resources."operator-environment".login-shell.apply { |                               users.users = config.resources."operator-environment".login-shell.apply ( | ||||||
|                                 resources = lib.filterAttrs (_name: value: value ? login-shell) requests; |                                 lib.filterAttrs (_name: value: value ? login-shell) ( | ||||||
|                               }; |                                   lib.concatMapAttrs (k': lib.mapAttrs' (k: v: lib.nameValuePair "${k'}.${k}" v)) requests | ||||||
|  |                                 ) | ||||||
|  |                               ); | ||||||
|                             }; |                             }; | ||||||
|                         }; |                         }; | ||||||
|                       }; |                       }; | ||||||
|  | @ -154,7 +154,7 @@ in | ||||||
|         resources = |         resources = | ||||||
|           fediversity.applications.hello.resources |           fediversity.applications.hello.resources | ||||||
|             fediversity."example-configuration".applications.hello; |             fediversity."example-configuration".applications.hello; | ||||||
|         hello-shell = resources.resources.hello.login-shell; |         hello-shell = resources."my".login-shell; | ||||||
|         environment = fediversity.environments.single-nixos-vm.resources."operator-environment".login-shell; |         environment = fediversity.environments.single-nixos-vm.resources."operator-environment".login-shell; | ||||||
|         result = mkDeployment { |         result = mkDeployment { | ||||||
|           modules = [ |           modules = [ | ||||||
|  |  | ||||||
|  | @ -18,16 +18,12 @@ let | ||||||
|     ; |     ; | ||||||
| 
 | 
 | ||||||
|   functionType = import ./function.nix; |   functionType = import ./function.nix; | ||||||
|   application-resources = submodule { |   # TODO: maybe transpose, and group the resources by type instead | ||||||
|     options.resources = mkOption { |   application-resources = attrsOf ( | ||||||
|       # TODO: maybe transpose, and group the resources by type instead |     attrTag ( | ||||||
|       type = attrsOf ( |       lib.mapAttrs (_name: resource: mkOption { type = submodule resource.request; }) config.resources | ||||||
|         attrTag ( |     ) | ||||||
|           lib.mapAttrs (_name: resource: mkOption { type = submodule resource.request; }) config.resources |   ); | ||||||
|         ) |  | ||||||
|       ); |  | ||||||
|     }; |  | ||||||
|   }; |  | ||||||
|   nixos-configuration = mkOption { |   nixos-configuration = mkOption { | ||||||
|     description = "A NixOS configuration."; |     description = "A NixOS configuration."; | ||||||
|     type = raw; |     type = raw; | ||||||
|  | @ -93,7 +89,7 @@ in | ||||||
|                         description = "The type of resource this policy configures"; |                         description = "The type of resource this policy configures"; | ||||||
|                         type = types.optionType; |                         type = types.optionType; | ||||||
|                       }; |                       }; | ||||||
|                       # TODO(@fricklerhandwerk): we may want to make the function type explict here: `request -> resource-type` |                       # TODO(@fricklerhandwerk): we may want to make the function type explicit here: `attrsOf request -> resource-type` | ||||||
|                       # and then also rename this to be consistent with the application's resource mapping |                       # and then also rename this to be consistent with the application's resource mapping | ||||||
|                       options.apply = mkOption { |                       options.apply = mkOption { | ||||||
|                         description = "Apply the policy to a request"; |                         description = "Apply the policy to a request"; | ||||||
|  | @ -174,7 +170,7 @@ in | ||||||
|               type = submodule functionType; |               type = submodule functionType; | ||||||
|               readOnly = true; |               readOnly = true; | ||||||
|               default = { |               default = { | ||||||
|                 input-type = application-resources; |                 input-type = attrsOf application-resources; | ||||||
|                 output-type = deployment-type; |                 output-type = deployment-type; | ||||||
|               }; |               }; | ||||||
|             }; |             }; | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		
		Reference in a new issue