Merge pull request 'services: add role settings with explicit warning' (#5676) from role-settings into main

Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/5676

clanServices/sshd/default.nix

@@ -39,7 +39,6 @@
             ...
           }:
           let
-            uniqueStrings = list: builtins.attrNames (builtins.groupBy lib.id list);
             # Collect searchDomains from all servers in this instance
             allServerSearchDomains = lib.flatten (
               lib.mapAttrsToList (_name: machineConfig: machineConfig.settings.certificate.searchDomains or [ ]) (
@@ -47,7 +46,7 @@
               )
             );
             # Merge client's searchDomains with all servers' searchDomains
-            searchDomains = uniqueStrings (settings.certificate.searchDomains ++ allServerSearchDomains);
+            searchDomains = lib.uniqueStrings (settings.certificate.searchDomains ++ allServerSearchDomains);
           in
           {
             clan.core.vars.generators.openssh-ca = lib.mkIf (searchDomains != [ ]) {

clanServices/zerotier/default.nix

@@ -140,9 +140,6 @@
             pkgs,
             ...
           }:
-          let
-            uniqueStrings = list: builtins.attrNames (builtins.groupBy lib.id list);
-          in
           {
             imports = [
               (import ./shared.nix {
@@ -159,7 +156,7 @@
             config = {
               systemd.services.zerotier-inventory-autoaccept =
                 let
-                  machines = uniqueStrings (
+                  machines = lib.uniqueStrings (
                     (lib.optionals (roles ? moon) (lib.attrNames roles.moon.machines))
                     ++ (lib.optionals (roles ? controller) (lib.attrNames roles.controller.machines))
                     ++ (lib.optionals (roles ? peer) (lib.attrNames roles.peer.machines))

lib/inventory/distributed-service/service-module.nix

@@ -7,14 +7,10 @@
   ...
 }:
 let
-  inherit (lib) mkOption types;
+  inherit (lib) mkOption types uniqueStrings;
   inherit (types) attrsWith submoduleWith;
 
   errorContext = "Error context: ${lib.concatStringsSep "." _ctx}";
-  # TODO:
-  # Remove once this gets merged upstream; performs in O(n*log(n) instead of O(n^2))
-  # https://github.com/NixOS/nixpkgs/pull/355616/files
-  uniqueStrings = list: builtins.attrNames (builtins.groupBy lib.id list);
   /**
     Merges the role- and machine-settings using the role interface
 
@@ -81,6 +77,7 @@ let
   applySettings =
     instanceName: instance:
     lib.mapAttrs (roleName: role: {
+      settings = config.instances.${instanceName}.roles.${roleName}.finalSettings.config;
       machines = lib.mapAttrs (machineName: _v: {
         settings =
           config.instances.${instanceName}.roles.${roleName}.machines.${machineName}.finalSettings.config;
@@ -158,6 +155,29 @@ in
                         (
                           { name, ... }@role:
                           {
+                            options.finalSettings = mkOption {
+                              default = evalMachineSettings instance.name role.name null role.config.settings { };
+                              type = types.raw;
+                              description = ''
+                                Final evaluated settings of the curent-machine
+
+                                This contains the merged and evaluated settings of the role interface,
+                                the role settings and the machine settings.
+
+                                Type: 'configuration' as returned by 'lib.evalModules'
+                              '';
+                              apply = lib.warn ''
+                                === WANRING ===
+                                'roles.<roleName>.settings' do not contain machine specific settings.
+
+                                Prefer `machines.<machineName>.settings` instead. (i.e `perInstance: roles.<roleName>.machines.<machineName>.settings`)
+
+                                If you have a use-case that requires access to the original role settings without machine overrides.
+                                Contact us via matrix (https://matrix.to/#/#clan:clan.lol) or file an issue: https://git.clan.lol
+
+                                This feature will be removed in the next release
+                              '';
+                            };
                             # instances.{instanceName}.roles.{roleName}.machines
                             options.machines = mkOption {
                               description = ''

lib/inventory/distributed-service/tests/per_instance_args.nix

@@ -137,6 +137,7 @@ in
               settings = { };
             };
           };
+          settings = { };
         };
         peer = {
           machines = {
@@ -146,6 +147,9 @@ in
               };
             };
           };
+          settings = {
+            timeout = "foo-peer";
+          };
         };
       };
       settings = {

lib/inventory/distributed-service/tests/per_machine_args.nix

@@ -102,18 +102,23 @@ in
       specificRoleSettings =
         res.importedModulesEvaluated.self-A.result.allMachines.jon.passthru.instances.instance_foo.roles.peer;
     };
-    expected = rec {
+    expected = {
       hasMachineSettings = true;
-      hasRoleSettings = false;
+      hasRoleSettings = true;
       specificMachineSettings = {
         timeout = "foo-peer-jon";
       };
       specificRoleSettings = {
         machines = {
           jon = {
-            settings = specificMachineSettings;
+            settings = {
+              timeout = "foo-peer-jon";
+            };
           };
         };
+        settings = {
+          timeout = "foo-peer";
+        };
       };
     };
   };