From 33115f76b74d8ee5e5ae6ce2cf3884da4db899e6 Mon Sep 17 00:00:00 2001 From: Johannes Kirschbauer Date: Mon, 27 Oct 2025 13:31:44 +0100 Subject: [PATCH 1/2] services: add role settings with explicit warning --- .../distributed-service/service-module.nix | 24 +++++++++++++++++++ .../tests/per_instance_args.nix | 4 ++++ .../tests/per_machine_args.nix | 11 ++++++--- 3 files changed, 36 insertions(+), 3 deletions(-) diff --git a/lib/inventory/distributed-service/service-module.nix b/lib/inventory/distributed-service/service-module.nix index 5c07ea894..4438aafad 100644 --- a/lib/inventory/distributed-service/service-module.nix +++ b/lib/inventory/distributed-service/service-module.nix @@ -81,6 +81,7 @@ let applySettings = instanceName: instance: lib.mapAttrs (roleName: role: { + settings = config.instances.${instanceName}.roles.${roleName}.finalSettings.config; machines = lib.mapAttrs (machineName: _v: { settings = config.instances.${instanceName}.roles.${roleName}.machines.${machineName}.finalSettings.config; @@ -158,6 +159,29 @@ in ( { name, ... }@role: { + options.finalSettings = mkOption { + default = evalMachineSettings instance.name role.name null role.config.settings { }; + type = types.raw; + description = '' + Final evaluated settings of the curent-machine + + This contains the merged and evaluated settings of the role interface, + the role settings and the machine settings. + + Type: 'configuration' as returned by 'lib.evalModules' + ''; + apply = lib.warn '' + === WANRING === + 'roles..settings' do not contain machine specific settings. + + Prefer `machines..settings` instead. (i.e `perInstance: roles..machines..settings`) + + If you have a use-case that requires access to the original role settings without machine overrides. + Contact us via matrix (https://matrix.to/#/#clan:clan.lol) or file an issue: https://git.clan.lol + + This feature will be removed in the next release + ''; + }; # instances.{instanceName}.roles.{roleName}.machines options.machines = mkOption { description = '' diff --git a/lib/inventory/distributed-service/tests/per_instance_args.nix b/lib/inventory/distributed-service/tests/per_instance_args.nix index 9b54ddbb5..6795c0ebc 100644 --- a/lib/inventory/distributed-service/tests/per_instance_args.nix +++ b/lib/inventory/distributed-service/tests/per_instance_args.nix @@ -137,6 +137,7 @@ in settings = { }; }; }; + settings = { }; }; peer = { machines = { @@ -146,6 +147,9 @@ in }; }; }; + settings = { + timeout = "foo-peer"; + }; }; }; settings = { diff --git a/lib/inventory/distributed-service/tests/per_machine_args.nix b/lib/inventory/distributed-service/tests/per_machine_args.nix index 8e378a06d..ac98a9ffe 100644 --- a/lib/inventory/distributed-service/tests/per_machine_args.nix +++ b/lib/inventory/distributed-service/tests/per_machine_args.nix @@ -102,18 +102,23 @@ in specificRoleSettings = res.importedModulesEvaluated.self-A.result.allMachines.jon.passthru.instances.instance_foo.roles.peer; }; - expected = rec { + expected = { hasMachineSettings = true; - hasRoleSettings = false; + hasRoleSettings = true; specificMachineSettings = { timeout = "foo-peer-jon"; }; specificRoleSettings = { machines = { jon = { - settings = specificMachineSettings; + settings = { + timeout = "foo-peer-jon"; + }; }; }; + settings = { + timeout = "foo-peer"; + }; }; }; }; From bfb30251e6a86d25ff9e91a46c053c8106028885 Mon Sep 17 00:00:00 2001 From: Johannes Kirschbauer Date: Mon, 27 Oct 2025 14:00:46 +0100 Subject: [PATCH 2/2] lib: replace uniqueStrings after upstreamed --- clanServices/sshd/default.nix | 3 +-- clanServices/zerotier/default.nix | 5 +---- lib/inventory/distributed-service/service-module.nix | 6 +----- 3 files changed, 3 insertions(+), 11 deletions(-) diff --git a/clanServices/sshd/default.nix b/clanServices/sshd/default.nix index e49cd3bc8..1c511e0fc 100644 --- a/clanServices/sshd/default.nix +++ b/clanServices/sshd/default.nix @@ -39,7 +39,6 @@ ... }: let - uniqueStrings = list: builtins.attrNames (builtins.groupBy lib.id list); # Collect searchDomains from all servers in this instance allServerSearchDomains = lib.flatten ( lib.mapAttrsToList (_name: machineConfig: machineConfig.settings.certificate.searchDomains or [ ]) ( @@ -47,7 +46,7 @@ ) ); # Merge client's searchDomains with all servers' searchDomains - searchDomains = uniqueStrings (settings.certificate.searchDomains ++ allServerSearchDomains); + searchDomains = lib.uniqueStrings (settings.certificate.searchDomains ++ allServerSearchDomains); in { clan.core.vars.generators.openssh-ca = lib.mkIf (searchDomains != [ ]) { diff --git a/clanServices/zerotier/default.nix b/clanServices/zerotier/default.nix index 770023f4b..a74c8a41f 100644 --- a/clanServices/zerotier/default.nix +++ b/clanServices/zerotier/default.nix @@ -140,9 +140,6 @@ pkgs, ... }: - let - uniqueStrings = list: builtins.attrNames (builtins.groupBy lib.id list); - in { imports = [ (import ./shared.nix { @@ -159,7 +156,7 @@ config = { systemd.services.zerotier-inventory-autoaccept = let - machines = uniqueStrings ( + machines = lib.uniqueStrings ( (lib.optionals (roles ? moon) (lib.attrNames roles.moon.machines)) ++ (lib.optionals (roles ? controller) (lib.attrNames roles.controller.machines)) ++ (lib.optionals (roles ? peer) (lib.attrNames roles.peer.machines)) diff --git a/lib/inventory/distributed-service/service-module.nix b/lib/inventory/distributed-service/service-module.nix index 4438aafad..637a2df5f 100644 --- a/lib/inventory/distributed-service/service-module.nix +++ b/lib/inventory/distributed-service/service-module.nix @@ -7,14 +7,10 @@ ... }: let - inherit (lib) mkOption types; + inherit (lib) mkOption types uniqueStrings; inherit (types) attrsWith submoduleWith; errorContext = "Error context: ${lib.concatStringsSep "." _ctx}"; - # TODO: - # Remove once this gets merged upstream; performs in O(n*log(n) instead of O(n^2)) - # https://github.com/NixOS/nixpkgs/pull/355616/files - uniqueStrings = list: builtins.attrNames (builtins.groupBy lib.id list); /** Merges the role- and machine-settings using the role interface