From d24738133fdcaf89393763cc361e45764a20fb96 Mon Sep 17 00:00:00 2001 From: Kiara Grouwstra Date: Tue, 22 Jul 2025 17:43:41 +0200 Subject: [PATCH] [HACK] explicitly pass instantiated policy to `apply` --- deployment/data-model-test.nix | 49 ++++++++++++++++------------------ 1 file changed, 23 insertions(+), 26 deletions(-) diff --git a/deployment/data-model-test.nix b/deployment/data-model-test.nix index 33914f03..fa0a9ec1 100644 --- a/deployment/data-model-test.nix +++ b/deployment/data-model-test.nix @@ -37,7 +37,7 @@ in }; policy = - { config, ... }: + { ... }: { _class = "fediversity-resource-policy"; @@ -47,7 +47,7 @@ in }; apply = mkOption { type = with types; functionTo raw; - default = requests: lib.mkMerge (requests ++ [ config.extra-config ]); + default = policy: requests: lib.mkMerge (requests ++ [ policy.extra-config ]); }; }; }; @@ -72,7 +72,7 @@ in }; }; policy = - { config, ... }: + { ... }: { _class = "fediversity-resource-policy"; options = { @@ -88,16 +88,16 @@ in apply = mkOption { type = with types; functionTo raw; # TODO: splice out the user type from NixOS default = - requests: + policy: requests: let # Filter out requests that need wheel if policy doesn't allow it - validRequests = lib.filterAttrs (_name: req: !req.wheel || config.wheel) requests; + validRequests = lib.filterAttrs (_name: req: !req.wheel || policy.wheel) requests; in lib.optionalAttrs (validRequests != { }) { - ${config.username} = { + ${policy.username} = { isNormalUser = true; packages = with lib; concatMap (request: attrValues request.packages) (attrValues validRequests); - extraGroups = lib.optional config.wheel "wheel"; + extraGroups = lib.optional policy.wheel "wheel"; }; }; }; @@ -123,26 +123,23 @@ in dummy.login-shell.packages.hello = pkgs.hello; }; }; - environments.single-nixos-vm = - { ... }: - { - _class = "fediversity-environment"; - resources.shell.login-shell.username = "operator"; - implementation = requests: { - _class = "nixos"; - users.users = ( - config.resources.login-shell.policy.apply ( - lib.concatMapAttrs ( - _application: resources: - lib.mapAttrs (_k: lib.getAttr "login-shell") ( - lib.filterAttrs (_name: value: value ? login-shell) resources - ) - ) requests - ) - ); - - }; + environments.single-nixos-vm = environment: { + _class = "fediversity-environment"; + resources.shell.login-shell.username = "operator"; + implementation = requests: { + _class = "nixos"; + users.users = ( + config.resources.login-shell.policy.apply environment.config.resources.shell.login-shell ( + lib.concatMapAttrs ( + _application: resources: + lib.mapAttrs (_k: lib.getAttr "login-shell") ( + lib.filterAttrs (_name: value: value ? login-shell) resources + ) + ) requests + ) + ); }; + }; }; options = { example-configuration = mkOption {