From 4cfe69d7f57fa62f9f6d9e7661f80cc8332bf2d7 Mon Sep 17 00:00:00 2001
From: Johannes Kirschbauer <hsjobeki@gmail.com>
Date: Sat, 12 Jul 2025 13:47:30 +0200
Subject: [PATCH] WIP

---
 flake.nix                                     |  9 +++-
 .../distributed-service/service-module.nix    | 50 +++++++++++++++++++
 2 files changed, 58 insertions(+), 1 deletion(-)

diff --git a/flake.nix b/flake.nix
index a8309303e..94b1bf69e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -72,12 +72,19 @@
         clan = {
           meta.name = "clan-core";
           inventory = {
-            services = { };
             machines = {
               "test-darwin-machine" = {
                 machineClass = "darwin";
               };
             };
+            instances = {
+              users = {
+                roles.default.tags."all" = { };
+                roles.default.settings = {
+                  user = "root";
+                };
+              };
+            };
           };
         };
         systems = import systems;
diff --git a/lib/modules/inventory/distributed-service/service-module.nix b/lib/modules/inventory/distributed-service/service-module.nix
index 0f465ad18..f5a4fc07c 100644
--- a/lib/modules/inventory/distributed-service/service-module.nix
+++ b/lib/modules/inventory/distributed-service/service-module.nix
@@ -418,6 +418,29 @@ in
                             ```
                           '';
                         };
+                        options.assertions = mkOption {
+                          default = { };
+                          description = ''
+                            Assertions for the instance.
+
+                            This is a set of assertions that should be checked during the evaluation of the instance.
+                            If any assertion fails, an error is thrown.
+
+                            Example:
+
+                            ```nix
+                            {
+                              assertions = {
+                                timeout = {
+                                  assertion = "settings.timeout > 0";
+                                  message = "Timeout must be greater than 0";
+                                };
+                              };
+                            }
+                            ```
+                          '';
+                          type = types.attrsOf types.raw;
+                        };
                         options.nixosModule = mkOption {
                           type = types.deferredModule;
                           default = { };
@@ -553,6 +576,15 @@ in
                 ```
               '';
             };
+            options.assertions = mkOption {
+              default = { };
+              description = ''
+                Assertions for the machine.
+
+                See instance assertions for more information.
+              '';
+              type = types.attrsOf types.raw;
+            };
             options.nixosModule = mkOption {
               type = types.deferredModule;
               default = { };
@@ -877,5 +909,23 @@ in
         }
       ) config.result.allMachines;
     };
+
+    debug = mkOption {
+      default = { };
+      # result.allRoles.default.allInstances.users.allMachines.flash-installer
+    };
   };
+  config.result.assertions = lib.concatMapAttrs (
+    roleName: role:
+    lib.concatMapAttrs (
+      instanceName: instance:
+      lib.concatMapAttrs (
+        machineName: machine:
+        lib.mapAttrs' (assertion_id: value: {
+          name = "${assertion_id} (instance=${instanceName}; role=${roleName}; machine=${machineName};)";
+          inherit value;
+        }) machine.assertions
+      ) instance.allMachines
+    ) role.allInstances
+  ) config.result.allRoles;
 }