kiara/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity

restore data model with { resources } wrappers, this time working

Browse source
This commit is contained in:
Kiara Grouwstra 2025-08-26 23:31:48 +02:00
parent 078a49f54a
commit 64905f0b1c
Signed by: kiara
SSH key fingerprint: SHA256:COspvLoLJ5WC5rFb9ZDe5urVCkK4LJZOsjfF4duRJFU
3 changed files with 36 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
deployment/check/data-model/deployment.nix
View file

@ -66,7 +66,9 @@ let
requests: requests:
let let
# Filter out requests that need wheel if policy doesn't allow it # Filter out requests that need wheel if policy doesn't allow it
validRequests = lib.filterAttrs (_name: req: !req.login-shell.wheel || config.wheel) requests; validRequests = lib.filterAttrs (
_name: req: !req.login-shell.wheel || config.wheel
) requests.resources;
in in
lib.optionalAttrs (validRequests != { }) { lib.optionalAttrs (validRequests != { }) {
${config.username} = { ${config.username} = {
@ -91,8 +93,8 @@ let
}; };
implementation = cfg: { implementation = cfg: {
input = cfg; input = cfg;
output = lib.optionalAttrs cfg.enable { output.resources = lib.optionalAttrs cfg.enable {
"my".login-shell.packages.hello = pkgs.hello; hello.login-shell.packages.hello = pkgs.hello;
}; };
}; };
}; };
@ -123,16 +125,18 @@ let
else else
null; null;
users.users = environment.config.resources."operator-environment".login-shell.apply ( users.users = environment.config.resources."operator-environment".login-shell.apply {
lib.filterAttrs (_name: value: value ? login-shell) ( resources = lib.filterAttrs (_name: value: value ? login-shell) (
lib.concatMapAttrs (k': lib.mapAttrs' (k: v: lib.nameValuePair "${k'}.${k}" v)) requests lib.concatMapAttrs (
) k': req: lib.mapAttrs' (k: lib.nameValuePair "${k'}.${k}") req.resources
) requests
); );
}; };
}; };
}; };
}; };
}; };
};
options = { options = {
"example-configuration" = mkOption { "example-configuration" = mkOption {
type = config.configuration; type = config.configuration;

20
deployment/data-model-test.nix
View file

@ -73,7 +73,9 @@ in
requests: requests:
let let
# Filter out requests that need wheel if policy doesn't allow it # Filter out requests that need wheel if policy doesn't allow it
validRequests = lib.filterAttrs (_name: req: !req.login-shell.wheel || config.wheel) requests; validRequests = lib.filterAttrs (
_name: req: !req.login-shell.wheel || config.wheel
) requests.resources;
in in
lib.optionalAttrs (validRequests != { }) { lib.optionalAttrs (validRequests != { }) {
${config.username} = { ${config.username} = {
@ -98,8 +100,8 @@ in
}; };
implementation = cfg: { implementation = cfg: {
input = cfg; input = cfg;
output = lib.optionalAttrs cfg.enable { output.resources = lib.optionalAttrs cfg.enable {
"my".login-shell.packages.hello = pkgs.hello; hello.login-shell.packages.hello = pkgs.hello;
}; };
}; };
}; };
@ -123,10 +125,11 @@ in
nixos.module = nixos.module =
{ ... }: { ... }:
{ {
users.users = config.resources."operator-environment".login-shell.apply ( users.users = config.resources."operator-environment".login-shell.apply {
lib.filterAttrs (_name: value: value ? login-shell) ( resources = lib.filterAttrs (_name: value: value ? login-shell) (
lib.concatMapAttrs (k': lib.mapAttrs' (k: v: lib.nameValuePair "${k'}.${k}" v)) requests lib.concatMapAttrs (
) k': req: lib.mapAttrs' (k: lib.nameValuePair "${k'}.${k}") req.resources
) requests
); );
}; };
}; };
@ -134,6 +137,7 @@ in
}; };
}; };
}; };
};
options = { options = {
"example-configuration" = mkOption { "example-configuration" = mkOption {
type = config.configuration; type = config.configuration;
@ -154,7 +158,7 @@ in
resources = resources =
fediversity.applications.hello.resources fediversity.applications.hello.resources
fediversity."example-configuration".applications.hello; fediversity."example-configuration".applications.hello;
hello-shell = resources."my".login-shell; hello-shell = resources.resources.hello.login-shell;
environment = fediversity.environments.single-nixos-vm.resources."operator-environment".login-shell; environment = fediversity.environments.single-nixos-vm.resources."operator-environment".login-shell;
result = mkDeployment { result = mkDeployment {
modules = [ modules = [

9
deployment/data-model.nix
View file

@ -18,12 +18,16 @@ let
; ;
functionType = import ./function.nix; functionType = import ./function.nix;
application-resources = submodule {
options.resources = mkOption {
# TODO: maybe transpose, and group the resources by type instead # TODO: maybe transpose, and group the resources by type instead
application-resources = attrsOf ( type = attrsOf (
attrTag ( attrTag (
lib.mapAttrs (_name: resource: mkOption { type = submodule resource.request; }) config.resources lib.mapAttrs (_name: resource: mkOption { type = submodule resource.request; }) config.resources
) )
); );
};
};
nixos-configuration = mkOption { nixos-configuration = mkOption {
description = "A NixOS configuration."; description = "A NixOS configuration.";
type = raw; type = raw;
@ -89,8 +93,7 @@ in
description = "The type of resource this policy configures"; description = "The type of resource this policy configures";
type = types.optionType; type = types.optionType;
}; };
# TODO(@fricklerhandwerk): we may want to make the function type explicit here: `attrsOf request -> resource-type` # TODO(@fricklerhandwerk): we may want to make the function type explicit here: `application-resources -> resource-type`
# and then also rename this to be consistent with the application's resource mapping
options.apply = mkOption { options.apply = mkOption {
description = "Apply the policy to a request"; description = "Apply the policy to a request";
type = functionTo policy.config.resource-type; type = functionTo policy.config.resource-type;