kiara/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity

[HACK] explicitly pass instantiated policy to apply

Browse source
This commit is contained in:
Kiara Grouwstra 2025-07-22 17:43:41 +02:00
parent 0b4aa2e084
commit d24738133f
Signed by: kiara
SSH key fingerprint: SHA256:COspvLoLJ5WC5rFb9ZDe5urVCkK4LJZOsjfF4duRJFU
1 changed files with 23 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
deployment/data-model-test.nix
View file

@ -37,7 +37,7 @@ in
}; };
policy = policy =
{ config, ... }: { ... }:
{ {
_class = "fediversity-resource-policy"; _class = "fediversity-resource-policy";
@ -47,7 +47,7 @@ in
}; };
apply = mkOption { apply = mkOption {
type = with types; functionTo raw; type = with types; functionTo raw;
default = requests: lib.mkMerge (requests ++ [ config.extra-config ]); default = policy: requests: lib.mkMerge (requests ++ [ policy.extra-config ]);
}; };
}; };
}; };
@ -72,7 +72,7 @@ in
}; };
}; };
policy = policy =
{ config, ... }: { ... }:
{ {
_class = "fediversity-resource-policy"; _class = "fediversity-resource-policy";
options = { options = {
@ -88,16 +88,16 @@ in
apply = mkOption { apply = mkOption {
type = with types; functionTo raw; # TODO: splice out the user type from NixOS type = with types; functionTo raw; # TODO: splice out the user type from NixOS
default = default =
requests: policy: requests:
let let
# Filter out requests that need wheel if policy doesn't allow it # Filter out requests that need wheel if policy doesn't allow it
validRequests = lib.filterAttrs (_name: req: !req.wheel || config.wheel) requests; validRequests = lib.filterAttrs (_name: req: !req.wheel || policy.wheel) requests;
in in
lib.optionalAttrs (validRequests != { }) { lib.optionalAttrs (validRequests != { }) {
${config.username} = { ${policy.username} = {
isNormalUser = true; isNormalUser = true;
packages = with lib; concatMap (request: attrValues request.packages) (attrValues validRequests); packages = with lib; concatMap (request: attrValues request.packages) (attrValues validRequests);
extraGroups = lib.optional config.wheel "wheel"; extraGroups = lib.optional policy.wheel "wheel";
}; };
}; };
}; };
@ -123,26 +123,23 @@ in
dummy.login-shell.packages.hello = pkgs.hello; dummy.login-shell.packages.hello = pkgs.hello;
}; };
}; };
environments.single-nixos-vm = environments.single-nixos-vm = environment: {
{ ... }: _class = "fediversity-environment";
{ resources.shell.login-shell.username = "operator";
_class = "fediversity-environment"; implementation = requests: {
resources.shell.login-shell.username = "operator"; _class = "nixos";
implementation = requests: { users.users = (
_class = "nixos"; config.resources.login-shell.policy.apply environment.config.resources.shell.login-shell (
users.users = ( lib.concatMapAttrs (
config.resources.login-shell.policy.apply ( _application: resources:
lib.concatMapAttrs ( lib.mapAttrs (_k: lib.getAttr "login-shell") (
_application: resources: lib.filterAttrs (_name: value: value ? login-shell) resources
lib.mapAttrs (_k: lib.getAttr "login-shell") ( )
lib.filterAttrs (_name: value: value ? login-shell) resources ) requests
) )
) requests );
)
);
};
}; };
};
}; };
options = { options = {
example-configuration = mkOption { example-configuration = mkOption {