Merge pull request #20 from the-computer-club/flake-guard-self-error

Option depreciations

flake-modules/builtins/assertions.nix

@@ -0,0 +1,30 @@
+{ lib, ... }:
+with lib;
+{
+  options = {
+    assertions = mkOption {
+      type = types.listOf types.unspecified;
+      internal = true;
+      default = [];
+      example = [ { assertion = false; message = "you can't enable this for that reason"; } ];
+      description = ''
+        This option allows modules to express conditions that must
+        hold for the evaluation of the system configuration to
+        succeed, along with associated error messages for the user.
+      '';
+    };
+
+    warnings = mkOption {
+      internal = true;
+      default = [];
+      type = types.listOf types.str;
+      example = [ "The `foo' service is deprecated and will go away soon!" ];
+      description = ''
+        This option allows modules to show warnings to users during
+        the evaluation of the system configuration.
+      '';
+    };
+  };
+
+  # impl of this is in lib.nix:evalFlakeModules
+}

flake-modules/domains/default.nix

@@ -1,7 +1,9 @@
 {
   inputs
   , config
+  , stdlib
   , lib
+  , lynxlib
   , flake-parts-lib
   , ...
 }:
@@ -53,7 +55,7 @@
   };
 
   config.build.domains = builtins.mapAttrs(domain: toplevel:
-    (flake-parts-lib.evalFlakeModule {
+    (lynxlib.evalFlakeModuleWithAssertions {
       inherit inputs;
       inherit (toplevel) specialArgs;
     } { imports = toplevel.modules; })

flake-modules/flake-guard/default.nix

@@ -11,6 +11,7 @@ let
     mkOption
     mkEnableOption
     mkIf
+    mkRemovedOptionModule
     types
     optionalString
     optionals
@@ -20,7 +21,17 @@ let
   ;
 in
 {
-  imports = [ ./options.nix  ];
+  imports = [
+    (mkRemovedOptionModule [ "wireguard" "enable" ] ''
+      wireguard.enable was removed because it often causes user errors
+      where `wireguard.enable` was set to `false` but users had enabled
+      the nixos options `autoConfig.interface`.
+      This lead to errors messages which were hard to understand.
+    '')
+
+    ./options.nix
+  ];
+
 
   flake.nixosModules.flake-guard-host = {config, ...}:
     let cfg = config.networking.wireguard.networks;
@@ -30,7 +41,6 @@ in
       default = {};
       type = types.attrsOf (types.submodule {
         options = {
-
           autoConfig = {
             interface = mkEnableOption "automatically generate the underlying network interface";
             peers = mkEnableOption "automatically generate the peers -- this will add all peers in the network to the interface.";
@@ -65,12 +75,9 @@ in
       });
     };
 
-    config = mkIf rootConfig.enable
-    {
-
-      networking.wireguard.networks = mapAttrs (net-name: network:
+    config.networking.wireguard.networks =
+      (mapAttrs (net-name: network:
         let
-
           self-name = builtins.head
                   (builtins.filter (x: x == config.networking.hostName)
                     (builtins.attrNames network.peers.by-name));
@@ -108,10 +115,11 @@ in
           inherit self;
           peers.by-name = mapAttrs (pname: peer: (toPeer peer)) network.peers.by-name;
           peers.list = map toPeer (builtins.attrValues network.peers.by-name);
-        }) rootConfig.networks;
+        }) rootConfig.networks);
 
-      networking.wireguard.interfaces = mapAttrs (net-name: network:
-        mkIf network.autoConfig.interface {
+    config.networking.wireguard.interfaces = mapAttrs (net-name: network:
+        mkIf network.autoConfig.interface
+        {
           inherit (config.networking.wireguard.networks.${net-name}.self)
             listenPort
             privateKeyFile
@@ -123,6 +131,8 @@ in
             );
         })
         config.networking.wireguard.networks;
-    };
   };
+
+
+
 }

flake-modules/flake-guard/options.nix

@@ -74,8 +74,7 @@ inherit (lib)
 in
 {
   options.wireguard = {
-    enable = mkEnableOption "Enable wireguard";
-
+    enable = mkEnableOption "depreciated";
     networks = mkOption {
       type = types.attrsOf (types.submodule {
         options = {
@@ -132,14 +131,14 @@ in
   };
 
   config.wireguard.build.networks =
-    mapAttrs (net-name: network:
-    {
-      peers.by-name = mapAttrs (peer-name: peer:
-        peer // {
-          sopsLookup = if peer.sopsLookup != null
-                       then peer.sopsLookup
-                       else network.sopsLookup;
-        }
-      ) network.peers.by-name;
-    }) config.wireguard.networks;
+    (mapAttrs (net-name: network:
+      {
+        peers.by-name = mapAttrs (peer-name: peer:
+          peer // {
+            sopsLookup = if peer.sopsLookup != null
+                        then peer.sopsLookup
+                        else network.sopsLookup;
+          }
+        ) network.peers.by-name;
+      }) config.wireguard.networks);
 }

flake.nix

@@ -16,5 +16,7 @@
         reuse-password-prompt = import ./nixos-modules/fs/zfs/reuse-password-prompt.nix;
       };
     };
+
+    lib = import ./lib.nix;
   };
 }

lib.nix

@@ -0,0 +1,39 @@
+{ flake-parts-lib, ... }:
+with builtins;
+let
+  inherit (flake-parts-lib) evalFlakeModule;
+
+  singleModuleBase = x: {
+    imports = [
+      ./flake-modules/builtins/assertions.nix
+      x
+    ];
+  };
+
+  evalAssertions = eval:
+    let
+      failedAssertions = map (x: x.message) (filter (x: !x.assertion) eval.config.assertions);
+      warnings = eval.config.warnings;
+    in
+      if (failedAssertions != [])
+      then
+        builtins.abort (concatStringsSep "\n\n" failedAssertions)
+      else
+        if (warnings != [])
+        then
+          builtins.trace (concatStringsSep "\n\n" warnings)
+            eval
+        else eval;
+
+
+  evalFlakeModuleWithAssertions = a: m:
+    evalAssertions (evalFlakeModule a (singleModuleBase m));
+in
+{
+  inherit evalFlakeModuleWithAssertions;
+  mkFlakeWithAssertions = args: module:
+    let
+      eval = evalFlakeModuleWithAssertions args module;
+    in
+      eval.config.flake;
+}