Feat(clan.service): init automatic assertions for api schema checks

lib/inventory/distributed-service/api-feature.nix

@@ -32,4 +32,21 @@ in
       }
     );
   };
+
+  config.result.assertions = lib.optionalAttrs (config.manifest.features.API) (
+    lib.mapAttrs' (roleName: _role: {
+      name = "${roleName}";
+      value = {
+        message = ''
+          `roles.${roleName}.interface` is not JSON serializable.
+
+          but 'manifest.features.API' is enabled, which requires all 'roles-interfaces' of this module to be a subset of JSON.
+
+          clan.service module '${config.manifest.name}
+        '';
+        assertion = (builtins.tryEval (lib.deepSeq config.result.api.schema.${roleName} true)).success;
+      };
+    }) config.roles
+  );
+
 }

lib/inventory/distributed-service/service-module.nix

@@ -450,6 +450,11 @@ in
       }) config.roles;
     };
 
+    result.assertions = mkOption {
+      default = { };
+      type = types.attrsOf types.raw;
+    };
+
     result.allMachines = mkOption {
       readOnly = true;
       default =
@@ -523,6 +528,16 @@ in
           inherit instanceResults;
           nixosModule = {
             imports = [
+              # include service assertions:
+              (
+                let
+                  failedAssertions = (lib.filterAttrs (_: v: !v.assertion) config.result.assertions);
+                in
+                {
+                  assertions = lib.attrValues failedAssertions;
+                }
+              )
+
               # For error backtracing. This module was produced by the 'perMachine' function
               # TODO: check if we need this or if it leads to better errors if we pass the underlying module locations
               # (lib.setDefaultModuleLocation "clan.service: ${config.manifest.name} - via perMachine" machineResult.nixosModule)