[HACK] explicitly pass instantiated policy to apply

2025-07-22 17:43:41 +02:00 · 2025-07-22 17:43:41 +02:00 · d24738133f
commit d24738133f
parent 0b4aa2e084
1 changed files with 23 additions and 26 deletions
--- a/deployment/data-model-test.nix
+++ b/deployment/data-model-test.nix
@ -37,7 +37,7 @@ in
                  };

                policy =
-                  { config, ... }:
+                  { ... }:
                  {
                    _class = "fediversity-resource-policy";

@ -47,7 +47,7 @@ in
                      };
                      apply = mkOption {
                        type = with types; functionTo raw;
-                        default = requests: lib.mkMerge (requests ++ [ config.extra-config ]);
+                        default = policy: requests: lib.mkMerge (requests ++ [ policy.extra-config ]);
                      };
                    };
                  };
@ -72,7 +72,7 @@ in
                    };
                  };
                policy =
-                  { config, ... }:
+                  { ... }:
                  {
                    _class = "fediversity-resource-policy";
                    options = {
@ -88,16 +88,16 @@ in
                      apply = mkOption {
                        type = with types; functionTo raw; # TODO: splice out the user type from NixOS
                        default =
-                          requests:
+                          policy: requests:
                          let
                            # Filter out requests that need wheel if policy doesn't allow it
-                            validRequests = lib.filterAttrs (_name: req: !req.wheel || config.wheel) requests;
+                            validRequests = lib.filterAttrs (_name: req: !req.wheel || policy.wheel) requests;
                          in
                          lib.optionalAttrs (validRequests != { }) {
-                            ${config.username} = {
+                            ${policy.username} = {
                              isNormalUser = true;
                              packages = with lib; concatMap (request: attrValues request.packages) (attrValues validRequests);
-                              extraGroups = lib.optional config.wheel "wheel";
+                              extraGroups = lib.optional policy.wheel "wheel";
                            };
                          };
                      };
@ -123,15 +123,13 @@ in
                      dummy.login-shell.packages.hello = pkgs.hello;
                    };
                };
-              environments.single-nixos-vm =
-                { ... }:
-                {
+              environments.single-nixos-vm = environment: {
                _class = "fediversity-environment";
                resources.shell.login-shell.username = "operator";
                implementation = requests: {
                  _class = "nixos";
                  users.users = (
-                      config.resources.login-shell.policy.apply (
+                    config.resources.login-shell.policy.apply environment.config.resources.shell.login-shell (
                      lib.concatMapAttrs (
                        _application: resources:
                        lib.mapAttrs (_k: lib.getAttr "login-shell") (
@ -140,7 +138,6 @@ in
                      ) requests
                    )
                  );
-
                };
              };
            };