diff --git a/deployment/data-model-test.nix b/deployment/data-model-test.nix index 7a94ddc9..95e11ec2 100644 --- a/deployment/data-model-test.nix +++ b/deployment/data-model-test.nix @@ -35,7 +35,7 @@ in }; policy = - { config, ... }: + { ... }: { _class = "fediversity-resource-policy"; @@ -45,7 +45,7 @@ in }; apply = mkOption { type = with types; functionTo raw; - default = requests: lib.mkMerge (requests ++ [ config.extra-config ]); + default = policy: requests: lib.mkMerge (requests ++ [ policy.extra-config ]); }; }; }; @@ -70,7 +70,7 @@ in }; }; policy = - { config, ... }: + { ... }: { _class = "fediversity-resource-policy"; options = { @@ -86,16 +86,16 @@ in apply = mkOption { type = with types; functionTo raw; # TODO: splice out the user type from NixOS default = - requests: + policy: requests: let # Filter out requests that need wheel if policy doesn't allow it - validRequests = lib.filterAttrs (_name: req: !req.wheel || config.wheel) requests; + validRequests = lib.filterAttrs (_name: req: !req.wheel || policy.wheel) requests; in lib.optionalAttrs (validRequests != { }) { - ${config.username} = { + ${policy.username} = { isNormalUser = true; packages = with lib; concatMap (request: attrValues request.packages) (attrValues validRequests); - extraGroups = lib.optional config.wheel "wheel"; + extraGroups = lib.optional policy.wheel "wheel"; }; }; }; @@ -121,25 +121,23 @@ in dummy.login-shell.packages.hello = pkgs.hello; }; }; - environments.single-nixos-vm = - { ... }: - { - _class = "fediversity-environment"; - resources.shell.login-shell.username = "operator"; - implementation = requests: { - _class = "nixos"; - users.users = ( - config.resources.login-shell.policy.apply ( - lib.concatMapAttrs ( - _application: resources: - lib.mapAttrs (_k: lib.getAttr "login-shell") ( - lib.filterAttrs (_name: value: value ? login-shell) resources - ) - ) requests - ) - ); - }; + environments.single-nixos-vm = environment: { + _class = "fediversity-environment"; + resources.shell.login-shell.username = "operator"; + implementation = requests: { + _class = "nixos"; + users.users = ( + config.resources.login-shell.policy.apply environment.config.resources.shell.login-shell ( + lib.concatMapAttrs ( + _application: resources: + lib.mapAttrs (_k: lib.getAttr "login-shell") ( + lib.filterAttrs (_name: value: value ? login-shell) resources + ) + ) requests + ) + ); }; + }; }; options = { example-configuration = mkOption {