forked from DGNum/infrastructure
feat(meta): Add assertions
This commit is contained in:
parent
0e7dd1ea70
commit
aad6490bd5
2 changed files with 63 additions and 2 deletions
|
|
@ -1,4 +1,4 @@
|
||||||
{ lib, ... }@args:
|
{ config, lib, ... }@args:
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (lib)
|
inherit (lib)
|
||||||
|
|
@ -16,6 +16,7 @@ let
|
||||||
nullOr
|
nullOr
|
||||||
str
|
str
|
||||||
submodule
|
submodule
|
||||||
|
unspecified
|
||||||
;
|
;
|
||||||
|
|
||||||
addressType =
|
addressType =
|
||||||
|
|
@ -32,6 +33,8 @@ let
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
org = config.organization;
|
||||||
in
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
|
|
@ -301,5 +304,52 @@ in
|
||||||
Network configuration for the different machines.
|
Network configuration for the different machines.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
assertions = mkOption {
|
||||||
|
type = listOf unspecified;
|
||||||
|
internal = true;
|
||||||
|
default = [ ];
|
||||||
|
description = ''
|
||||||
|
This option allows modules to express conditions that must
|
||||||
|
hold for the evaluation of the system configuration to
|
||||||
|
succeed, along with associated error messages for the user.
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
config =
|
||||||
|
let
|
||||||
|
members = builtins.attrNames org.members;
|
||||||
|
groups = builtins.attrNames org.groups;
|
||||||
|
|
||||||
|
nameExists =
|
||||||
|
list: f: groups:
|
||||||
|
builtins.attrValues (
|
||||||
|
builtins.mapAttrs (name: members: {
|
||||||
|
assertion = builtins.all (x: builtins.elem x list) members;
|
||||||
|
message = f name;
|
||||||
|
}) groups
|
||||||
|
);
|
||||||
|
|
||||||
|
membersExists = nameExists members;
|
||||||
|
groupsExists = nameExists groups;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
assertions = builtins.concatLists [
|
||||||
|
# Check that all group members exist
|
||||||
|
(membersExists (
|
||||||
|
name: "A member of the ${name} group was not found in the members list."
|
||||||
|
) org.groups)
|
||||||
|
|
||||||
|
# Check that all node admins exist
|
||||||
|
(membersExists (name: "A member of the ${name} admins was not found in the members list.") (
|
||||||
|
builtins.mapAttrs (_: builtins.getAttr "admins") config.nodes
|
||||||
|
))
|
||||||
|
|
||||||
|
# Check that all node adminGroups exist
|
||||||
|
(groupsExists (name: "A member of the ${name} adminGroups was not found in the groups list.") (
|
||||||
|
builtins.mapAttrs (_: builtins.getAttr "adminGroups") config.nodes
|
||||||
|
))
|
||||||
|
];
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -14,7 +14,18 @@ let
|
||||||
in
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
meta = pkgs.writers.writeJSON "meta.json" ((import ./.) pkgs.lib);
|
meta =
|
||||||
|
let
|
||||||
|
config = (import ./.) pkgs.lib;
|
||||||
|
failed = builtins.map (x: "- ${x.message}") (builtins.filter (x: !x.assertion) config.assertions);
|
||||||
|
in
|
||||||
|
if (failed != [ ]) then
|
||||||
|
throw ''
|
||||||
|
Failed assertions:
|
||||||
|
${builtins.concatStringsSep "\n" failed}
|
||||||
|
''
|
||||||
|
else
|
||||||
|
pkgs.writers.writeJSON "meta.json" config;
|
||||||
|
|
||||||
dns = dns.util.${builtins.currentSystem}.writeZone "dgnum.eu" (
|
dns = dns.util.${builtins.currentSystem}.writeZone "dgnum.eu" (
|
||||||
pkgs.lib.recursiveUpdate { SOA.serial = 0; } (import ./dns.nix { inherit dns lib; })
|
pkgs.lib.recursiveUpdate { SOA.serial = 0; } (import ./dns.nix { inherit dns lib; })
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue