forked from Fediversity/Fediversity
[HACK] explicitly pass instantiated policy to apply
This commit is contained in:
parent
0b4aa2e084
commit
d24738133f
SSH key fingerprint:
SHA256:COspvLoLJ5WC5rFb9ZDe5urVCkK4LJZOsjfF4duRJFU
1 changed files with 23 additions and 26 deletions
|
|
@ -37,7 +37,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
policy =
|
policy =
|
||||||
{ config, ... }:
|
{ ... }:
|
||||||
{
|
{
|
||||||
_class = "fediversity-resource-policy";
|
_class = "fediversity-resource-policy";
|
||||||
|
|
||||||
|
|
@ -47,7 +47,7 @@ in
|
||||||
};
|
};
|
||||||
apply = mkOption {
|
apply = mkOption {
|
||||||
type = with types; functionTo raw;
|
type = with types; functionTo raw;
|
||||||
default = requests: lib.mkMerge (requests ++ [ config.extra-config ]);
|
default = policy: requests: lib.mkMerge (requests ++ [ policy.extra-config ]);
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
@ -72,7 +72,7 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
policy =
|
policy =
|
||||||
{ config, ... }:
|
{ ... }:
|
||||||
{
|
{
|
||||||
_class = "fediversity-resource-policy";
|
_class = "fediversity-resource-policy";
|
||||||
options = {
|
options = {
|
||||||
|
|
@ -88,16 +88,16 @@ in
|
||||||
apply = mkOption {
|
apply = mkOption {
|
||||||
type = with types; functionTo raw; # TODO: splice out the user type from NixOS
|
type = with types; functionTo raw; # TODO: splice out the user type from NixOS
|
||||||
default =
|
default =
|
||||||
requests:
|
policy: requests:
|
||||||
let
|
let
|
||||||
# Filter out requests that need wheel if policy doesn't allow it
|
# Filter out requests that need wheel if policy doesn't allow it
|
||||||
validRequests = lib.filterAttrs (_name: req: !req.wheel || config.wheel) requests;
|
validRequests = lib.filterAttrs (_name: req: !req.wheel || policy.wheel) requests;
|
||||||
in
|
in
|
||||||
lib.optionalAttrs (validRequests != { }) {
|
lib.optionalAttrs (validRequests != { }) {
|
||||||
${config.username} = {
|
${policy.username} = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
packages = with lib; concatMap (request: attrValues request.packages) (attrValues validRequests);
|
packages = with lib; concatMap (request: attrValues request.packages) (attrValues validRequests);
|
||||||
extraGroups = lib.optional config.wheel "wheel";
|
extraGroups = lib.optional policy.wheel "wheel";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
@ -123,15 +123,13 @@ in
|
||||||
dummy.login-shell.packages.hello = pkgs.hello;
|
dummy.login-shell.packages.hello = pkgs.hello;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
environments.single-nixos-vm =
|
environments.single-nixos-vm = environment: {
|
||||||
{ ... }:
|
|
||||||
{
|
|
||||||
_class = "fediversity-environment";
|
_class = "fediversity-environment";
|
||||||
resources.shell.login-shell.username = "operator";
|
resources.shell.login-shell.username = "operator";
|
||||||
implementation = requests: {
|
implementation = requests: {
|
||||||
_class = "nixos";
|
_class = "nixos";
|
||||||
users.users = (
|
users.users = (
|
||||||
config.resources.login-shell.policy.apply (
|
config.resources.login-shell.policy.apply environment.config.resources.shell.login-shell (
|
||||||
lib.concatMapAttrs (
|
lib.concatMapAttrs (
|
||||||
_application: resources:
|
_application: resources:
|
||||||
lib.mapAttrs (_k: lib.getAttr "login-shell") (
|
lib.mapAttrs (_k: lib.getAttr "login-shell") (
|
||||||
|
|
@ -140,7 +138,6 @@ in
|
||||||
) requests
|
) requests
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue