feat(meta): Add assertions
Some checks failed
build configuration / build_web02 (push) Waiting to run
build configuration / build_rescue01 (push) Waiting to run
build configuration / push_to_cache (push) Blocked by required conditions
lint / check (push) Waiting to run
build configuration / build_storage01 (push) Has been cancelled
build configuration / build_compute01 (push) Has been cancelled
build configuration / build_web01 (push) Has been cancelled
build configuration / build_vault01 (push) Has been cancelled
Check meta / check_meta (push) Successful in 28s
Check meta / check_dns (push) Successful in 1m0s

This commit is contained in:
Tom Hubrecht 2024-05-14 23:31:49 +02:00
parent 0e7dd1ea70
commit aad6490bd5
2 changed files with 63 additions and 2 deletions

View file

@ -1,4 +1,4 @@
{ lib, ... }@args: { config, lib, ... }@args:
let let
inherit (lib) inherit (lib)
@ -16,6 +16,7 @@ let
nullOr nullOr
str str
submodule submodule
unspecified
; ;
addressType = addressType =
@ -32,6 +33,8 @@ let
}; };
}; };
}; };
org = config.organization;
in in
{ {
@ -301,5 +304,52 @@ in
Network configuration for the different machines. Network configuration for the different machines.
''; '';
}; };
assertions = mkOption {
type = listOf unspecified;
internal = true;
default = [ ];
description = ''
This option allows modules to express conditions that must
hold for the evaluation of the system configuration to
succeed, along with associated error messages for the user.
'';
};
};
config =
let
members = builtins.attrNames org.members;
groups = builtins.attrNames org.groups;
nameExists =
list: f: groups:
builtins.attrValues (
builtins.mapAttrs (name: members: {
assertion = builtins.all (x: builtins.elem x list) members;
message = f name;
}) groups
);
membersExists = nameExists members;
groupsExists = nameExists groups;
in
{
assertions = builtins.concatLists [
# Check that all group members exist
(membersExists (
name: "A member of the ${name} group was not found in the members list."
) org.groups)
# Check that all node admins exist
(membersExists (name: "A member of the ${name} admins was not found in the members list.") (
builtins.mapAttrs (_: builtins.getAttr "admins") config.nodes
))
# Check that all node adminGroups exist
(groupsExists (name: "A member of the ${name} adminGroups was not found in the groups list.") (
builtins.mapAttrs (_: builtins.getAttr "adminGroups") config.nodes
))
];
}; };
} }

View file

@ -14,7 +14,18 @@ let
in in
{ {
meta = pkgs.writers.writeJSON "meta.json" ((import ./.) pkgs.lib); meta =
let
config = (import ./.) pkgs.lib;
failed = builtins.map (x: "- ${x.message}") (builtins.filter (x: !x.assertion) config.assertions);
in
if (failed != [ ]) then
throw ''
Failed assertions:
${builtins.concatStringsSep "\n" failed}
''
else
pkgs.writers.writeJSON "meta.json" config;
dns = dns.util.${builtins.currentSystem}.writeZone "dgnum.eu" ( dns = dns.util.${builtins.currentSystem}.writeZone "dgnum.eu" (
pkgs.lib.recursiveUpdate { SOA.serial = 0; } (import ./dns.nix { inherit dns lib; }) pkgs.lib.recursiveUpdate { SOA.serial = 0; } (import ./dns.nix { inherit dns lib; })