diff --git a/meta/options.nix b/meta/options.nix index d8eed9b..7bae727 100644 --- a/meta/options.nix +++ b/meta/options.nix @@ -333,6 +333,8 @@ in membersExists = nameExists members; groupsExists = nameExists groups; + + extract = name: builtins.mapAttrs (_: builtins.getAttr name); in { assertions = builtins.concatLists [ @@ -342,14 +344,35 @@ in ) org.groups) # Check that all node admins exist - (membersExists (name: "A member of the ${name} admins was not found in the members list.") ( - builtins.mapAttrs (_: builtins.getAttr "admins") config.nodes + (membersExists (name: "A member of the node ${name} admins was not found in the members list.") ( + extract "admins" config.nodes )) # Check that all node adminGroups exist - (groupsExists (name: "A member of the ${name} adminGroups was not found in the groups list.") ( - builtins.mapAttrs (_: builtins.getAttr "adminGroups") config.nodes + (groupsExists (name: "A member of the node ${name} adminGroups was not found in the groups list.") ( + extract "adminGroups" config.nodes )) + + # Check that all services admins exist + (membersExists (name: "A member of the service ${name} admins was not found in the members list.") ( + extract "admins" org.services + )) + + # Check that all services adminGroups exist + (groupsExists ( + name: "A member of the service ${name} adminGroups was not found in the groups list." + ) (extract "adminGroups" org.services)) + + # Check that all external services admins exist + (membersExists ( + name: "A member of the external service ${name} admins was not found in the members list." + ) org.external) + + # Check that all members have a keyFile + (builtins.map (name: { + assertion = builtins.pathExists "${builtins.toString ../keys}/${name}.keys"; + message = "No ssh keys file found for ${name}."; + }) members) ]; }; }