feat(meta): Add assertions

2024-05-14 23:31:49 +02:00 · 2024-05-14 23:31:49 +02:00 · aad6490bd5
commit aad6490bd5
parent 0e7dd1ea70
2 changed files with 63 additions and 2 deletions
--- a/meta/options.nix
+++ b/meta/options.nix
@ -1,4 +1,4 @@
-{ lib, ... }@args:
+{ config, lib, ... }@args:

 let
  inherit (lib)
@ -16,6 +16,7 @@ let
    nullOr
    str
    submodule
+    unspecified
    ;

  addressType =
@ -32,6 +33,8 @@ let
        };
      };
    };
+
+  org = config.organization;
 in

 {
@ -301,5 +304,52 @@ in
        Network configuration for the different machines.
      '';
    };
+
+    assertions = mkOption {
+      type = listOf unspecified;
+      internal = true;
+      default = [ ];
+      description = ''
+        This option allows modules to express conditions that must
+        hold for the evaluation of the system configuration to
+        succeed, along with associated error messages for the user.
+      '';
+    };
  };
+
+  config =
+    let
+      members = builtins.attrNames org.members;
+      groups = builtins.attrNames org.groups;
+
+      nameExists =
+        list: f: groups:
+        builtins.attrValues (
+          builtins.mapAttrs (name: members: {
+            assertion = builtins.all (x: builtins.elem x list) members;
+            message = f name;
+          }) groups
+        );
+
+      membersExists = nameExists members;
+      groupsExists = nameExists groups;
+    in
+    {
+      assertions = builtins.concatLists [
+        # Check that all group members exist
+        (membersExists (
+          name: "A member of the ${name} group was not found in the members list."
+        ) org.groups)
+
+        # Check that all node admins exist
+        (membersExists (name: "A member of the ${name} admins was not found in the members list.") (
+          builtins.mapAttrs (_: builtins.getAttr "admins") config.nodes
+        ))
+
+        # Check that all node adminGroups exist
+        (groupsExists (name: "A member of the ${name} adminGroups was not found in the groups list.") (
+          builtins.mapAttrs (_: builtins.getAttr "adminGroups") config.nodes
+        ))
+      ];
+    };
 }
--- a/meta/verify.nix
+++ b/meta/verify.nix
@ -14,7 +14,18 @@ let
 in

 {
-  meta = pkgs.writers.writeJSON "meta.json" ((import ./.) pkgs.lib);
+  meta =
+    let
+      config = (import ./.) pkgs.lib;
+      failed = builtins.map (x: "- ${x.message}") (builtins.filter (x: !x.assertion) config.assertions);
+    in
+    if (failed != [ ]) then
+      throw ''
+        Failed assertions:
+        ${builtins.concatStringsSep "\n" failed}
+      ''
+    else
+      pkgs.writers.writeJSON "meta.json" config;

  dns = dns.util.${builtins.currentSystem}.writeZone "dgnum.eu" (
    pkgs.lib.recursiveUpdate { SOA.serial = 0; } (import ./dns.nix { inherit dns lib; })