From ca51b2377ae697e10659d57836d9b437749ebefc Mon Sep 17 00:00:00 2001 From: Kiara Grouwstra Date: Tue, 26 Aug 2025 17:31:53 +0200 Subject: [PATCH] simpler data model, not sure it's desirable but at least it's consistent --- deployment/check/data-model/deployment.nix | 14 +++++++------- deployment/data-model-test.nix | 6 ++---- deployment/data-model.nix | 1 + 3 files changed, 10 insertions(+), 11 deletions(-) diff --git a/deployment/check/data-model/deployment.nix b/deployment/check/data-model/deployment.nix index 27de537b..76abe204 100644 --- a/deployment/check/data-model/deployment.nix +++ b/deployment/check/data-model/deployment.nix @@ -66,9 +66,7 @@ let requests: let # Filter out requests that need wheel if policy doesn't allow it - validRequests = lib.filterAttrs ( - _name: req: !req.login-shell.wheel || config.wheel - ) requests.resources; + validRequests = lib.filterAttrs (_name: req: !req.login-shell.wheel || config.wheel) requests; in lib.optionalAttrs (validRequests != { }) { ${config.username} = { @@ -94,7 +92,7 @@ let implementation = cfg: { input = cfg; output = lib.optionalAttrs cfg.enable { - resources.hello.login-shell.packages.hello = pkgs.hello; + "my".login-shell.packages.hello = pkgs.hello; }; }; }; @@ -125,9 +123,11 @@ let else null; - users.users = environment.config.resources."operator-environment".login-shell.apply { - resources = lib.filterAttrs (_name: value: value ? login-shell) requests; - }; + users.users = environment.config.resources."operator-environment".login-shell.apply ( + lib.filterAttrs (_name: value: value ? login-shell) ( + lib.concatMapAttrs (k': lib.mapAttrs' (k: v: lib.nameValuePair "${k'}.${k}" v)) requests + ) + ); }; }; }; diff --git a/deployment/data-model-test.nix b/deployment/data-model-test.nix index ff8058d3..2cb38329 100644 --- a/deployment/data-model-test.nix +++ b/deployment/data-model-test.nix @@ -73,9 +73,7 @@ in requests: let # Filter out requests that need wheel if policy doesn't allow it - validRequests = lib.filterAttrs ( - _name: req: !req.login-shell.wheel || config.wheel - ) requests.resources; + validRequests = lib.filterAttrs (_name: req: !req.login-shell.wheel || config.wheel) requests; in lib.optionalAttrs (validRequests != { }) { ${config.username} = { @@ -158,7 +156,7 @@ in resources = fediversity.applications.hello.resources fediversity."example-configuration".applications.hello; - hello-shell = resources.resources.hello.login-shell; + hello-shell = resources."my".login-shell; environment = fediversity.environments.single-nixos-vm.resources."operator-environment".login-shell; result = mkDeployment { modules = [ diff --git a/deployment/data-model.nix b/deployment/data-model.nix index 8a71efca..36bca6fb 100644 --- a/deployment/data-model.nix +++ b/deployment/data-model.nix @@ -190,6 +190,7 @@ in type = types.optionType; }; # TODO(@fricklerhandwerk): we may want to make the function type explicit here: `application-resources -> resource-type` + # and then also rename this to be consistent with the application's resource mapping options.apply = mkOption { description = "Apply the policy to a request"; type = functionTo policy.config.resource-type;