From 6dfc324661bb86dc8c0844f4e2fbbc9d6534b313 Mon Sep 17 00:00:00 2001
From: Johannes Kirschbauer <hsjobeki@gmail.com>
Date: Sun, 27 Apr 2025 11:49:56 +0200
Subject: [PATCH] Feat(clan.service): init automatic assertions for api schema
 checks

---
 .../distributed-service/api-feature.nix         | 17 +++++++++++++++++
 .../distributed-service/service-module.nix      | 15 +++++++++++++++
 2 files changed, 32 insertions(+)

diff --git a/lib/inventory/distributed-service/api-feature.nix b/lib/inventory/distributed-service/api-feature.nix
index d5232f217..095b674bc 100644
--- a/lib/inventory/distributed-service/api-feature.nix
+++ b/lib/inventory/distributed-service/api-feature.nix
@@ -32,4 +32,21 @@ in
       }
     );
   };
+
+  config.result.assertions = lib.optionalAttrs (config.manifest.features.API) (
+    lib.mapAttrs' (roleName: _role: {
+      name = "${roleName}";
+      value = {
+        message = ''
+          `roles.${roleName}.interface` is not JSON serializable.
+
+          but 'manifest.features.API' is enabled, which requires all 'roles-interfaces' of this module to be a subset of JSON.
+
+          clan.service module '${config.manifest.name}
+        '';
+        assertion = (builtins.tryEval (lib.deepSeq config.result.api.schema.${roleName} true)).success;
+      };
+    }) config.roles
+  );
+
 }
diff --git a/lib/inventory/distributed-service/service-module.nix b/lib/inventory/distributed-service/service-module.nix
index 81ebd0e35..7a3ef3b5b 100644
--- a/lib/inventory/distributed-service/service-module.nix
+++ b/lib/inventory/distributed-service/service-module.nix
@@ -450,6 +450,11 @@ in
       }) config.roles;
     };
 
+    result.assertions = mkOption {
+      default = { };
+      type = types.attrsOf types.raw;
+    };
+
     result.allMachines = mkOption {
       readOnly = true;
       default =
@@ -523,6 +528,16 @@ in
           inherit instanceResults;
           nixosModule = {
             imports = [
+              # include service assertions:
+              (
+                let
+                  failedAssertions = (lib.filterAttrs (_: v: !v.assertion) config.result.assertions);
+                in
+                {
+                  assertions = lib.attrValues failedAssertions;
+                }
+              )
+
               # For error backtracing. This module was produced by the 'perMachine' function
               # TODO: check if we need this or if it leads to better errors if we pass the underlying module locations
               # (lib.setDefaultModuleLocation "clan.service: ${config.manifest.name} - via perMachine" machineResult.nixosModule)