feat: enforce dependencies between fragments

mrnossiom · Oct 27, 2024 · 27a2c78 · 27a2c78
1 parent 4adf4ac
commit 27a2c78
Show file tree

Hide file tree

Showing 14 changed files with 94 additions and 48 deletions.
diff --git a/README.md b/README.md
@@ -37,6 +37,7 @@
 ## Add a new module
 
 - Copy template and replace `<name>` with module name
+
 	```nix
 	{ config
 	, lib
@@ -46,13 +47,21 @@
 		cfg = config.local.fragment.<name>;
 	in
 	{
-	  options.local.fragment.<name>.enable = lib.mkEnableOption ''
+	  options.local.fragment."<name>".enable = lib.mkEnableOption ''
 	    <name> related
 
-	    Depends on: <list of dependencies to enforce later>
+	    Depends on:
+			- [<Condition>] <dependency>: <reason>
+			- ...
 	  '';
 
-	  config = lib.mkIf cfg.enable { };
+	  config = lib.mkIf cfg.enable {
+			assertions = [
+				{ assertion = config."<dependency>"; message = "<name> module depends on <dependency>"; }
+			];
+
+			# put the rest of the config down below
+		};
 	}
 	```
 

diff --git a/home-manager/fragments/epita.nix b/home-manager/fragments/epita.nix
@@ -19,7 +19,7 @@ let
       MOUNT_DIR="$XDG_RUNTIME_DIR/afs-epita"
 
       klist || kinit -f "[email protected]"
-      ls "$MOUNT_DIR" || mkdir "$MOUNT_DIR"
+      ls "$MOUNT_DIR" >/dev/null || mkdir -v "$MOUNT_DIR"
       sshfs -o reconnect "[email protected]:$REMOTE_DIR" "$MOUNT_DIR"
     '';
   };
@@ -28,20 +28,20 @@ in
   options.local.fragment.epita.enable = lib.mkEnableOption ''
     EPITA related
 
-    Depends on: SSH
+    Depends on:
+    - `ssh` program: Mount AFS script needs SSH
   '';
 
   config = lib.mkIf cfg.enable {
+    assertions = [
+      { assertion = config.programs.ssh.enable; message = "`epita` fragment depends on `ssh` program"; }
+    ];
+
     # Needed for sshfs
-    programs.ssh = {
-      # TODO: should depends on ssh module, may conflict later
-      enable = true;
-
-      matchBlocks."ssh.cri.epita.fr" = {
-        extraOptions = {
-          GSSAPIAuthentication = "yes";
-          GSSAPIDelegateCredentials = "yes";
-        };
+    programs.ssh.matchBlocks."ssh.cri.epita.fr" = {
+      extraOptions = {
+        GSSAPIAuthentication = "yes";
+        GSSAPIDelegateCredentials = "yes";
       };
     };
 

diff --git a/home-manager/fragments/git.nix b/home-manager/fragments/git.nix
@@ -13,10 +13,15 @@ in
   options.local.fragment.git.enable = lib.mkEnableOption ''
     Git related
 
-    Depends on: Agenix
+    Depends on:
+    - `agenix` fragment: Need for GPG key and GitGuardian API key
   '';
 
   config = lib.mkIf cfg.enable {
+    assertions = [
+      { assertion = config.local.fragment.agenix.enable; message = "`git` fragment depends on `agenix` fragment"; }
+    ];
+
     home.sessionVariables = {
       # Disable annoying warning message
       GIT_DISCOVERY_ACROSS_FILESYSTEM = 0;
@@ -27,7 +32,7 @@ in
       lfs.enable = true;
 
       userName = "Milo Moisson";
-      # TODO: this email should be behind a secret
+      # TODO: this email should be behind a secret or at least a config
       userEmail = "[email protected]";
 
       signing = {

diff --git a/home-manager/fragments/helix.nix b/home-manager/fragments/helix.nix
@@ -20,10 +20,15 @@ in
   options.local.fragment.helix.enable = lib.mkEnableOption ''
     Helix editor related
 
-    Depends on: Agenix
+    Depends on:
+    - `agenix` fragment: WakaTime key
   '';
 
   config = lib.mkIf cfg.enable {
+    assertions = [
+      { assertion = config.local.fragment.agenix.enable; message = "`helix` fragment depends on `agenix` fragment"; }
+    ];
+
     programs.helix = {
       enable = true;
       package = if flags.onlyCached then pkgs.helix else lpkgs.helix;

diff --git a/home-manager/fragments/kitty.nix b/home-manager/fragments/kitty.nix
@@ -12,10 +12,17 @@ in
   options.local.fragment.kitty.enable = lib.mkEnableOption ''
     Kitty related
 
-    Depends on: `fish`
+    Depends on:
+    - (Darwin) `fish` program: lauches fish on startup
+
+      Has weird behavior if set as login shell
   '';
 
   config = lib.mkIf cfg.enable {
+    assertions = [
+      { assertion = (!isDarwin) || config.programs.fish.enable; message = "`kitty` fragment depends on `fish` program on darwin platforms"; }
+    ];
+
     programs.kitty = {
       enable = true;
       settings = {

diff --git a/home-manager/fragments/vm.nix b/home-manager/fragments/vm.nix
@@ -317,7 +317,6 @@ in
                 "--locked XF86AudioMute" = "exec ${pamixer} --toggle-mute";
                 "--locked XF86AudioMicMute" = "exec ${pamixer} --default-source --toggle-mute";
                 "--locked XF86MonBrightnessUp" = "exec ${brightnessctl} --exponent set 5%+";
-                # TODO: expertiment with min-value
                 "--locked XF86MonBrightnessDown" = "exec ${brightnessctl} --exponent  set 5%- --min-value=1";
                 "--locked XF86TouchpadToggle" = ''input "type:touchpad" events toggle enabled disabled_on_external_mouse'';
               }

diff --git a/home-manager/fragments/xdg-mime.nix b/home-manager/fragments/xdg-mime.nix
@@ -1,20 +1,31 @@
 { config
 , lib
+, pkgs
 , ...
 }:
 
 let
   cfg = config.local.fragment.xdg-mime;
 in
 {
-  # TODO: enforce dependence
   options.local.fragment.xdg-mime.enable = lib.mkEnableOption ''
     Sets default applications based on mime type.
 
-    Depends on: `nautilus`, `firefox`, `imv`, `kitty`.
+    Depends on:
+    - `firefox` program: default browser
+    - `imv` program: default image viewer
+    - `kitty` program: default terminal
+    - `nautilus` program: default file explorer
   '';
 
   config = lib.mkIf cfg.enable {
+    assertions = [
+      { assertion = config.programs.firefox.enable; message = "`xdg-mime` fragment depends on `firefox` program"; }
+      { assertion = config.programs.imv.enable; message = "`xdg-mime` fragment depends on `imv` program"; }
+      { assertion = config.programs.kitty.enable; message = "`xdg-mime` fragment depends on `kitty` program"; }
+      { assertion = lib.lists.count (drv: (drv.pname or "") == pkgs.gnome.nautilus.pname) config.home.packages > 0; message = "`xdg-mime` fragment depends on `nautilus` program"; }
+    ];
+
     xdg.mimeApps = {
       enable = true;
 

diff --git a/home-manager/profiles/desktop.nix b/home-manager/profiles/desktop.nix
@@ -8,8 +8,6 @@
 , ...
 }:
 
-if (isDarwin) then throw "this is a HM non-darwin config" else
-
 let
   inherit (self.outputs) homeManagerModules;
 
@@ -22,6 +20,10 @@ in
   ];
 
   config = {
+    assertions = [
+      { assertion = !isDarwin; message = "this is a HM non-darwin config"; }
+    ];
+
     local.fragment = {
       agenix.enable = true;
       aws.enable = true;
@@ -130,6 +132,8 @@ in
 
     programs.broot.enable = true;
 
+    programs.ssh.enable = true;
+
     programs.bat = {
       enable = true;
       config = {

diff --git a/home-manager/profiles/lightweight.nix b/home-manager/profiles/lightweight.nix
@@ -8,8 +8,6 @@
 , ...
 }:
 
-if (isDarwin) then throw "this is a HM non-darwin config" else
-
 let
   inherit (self.outputs) homeManagerModules;
 
@@ -22,6 +20,10 @@ in
   ];
 
   config = {
+    assertions = [
+      { assertion = !isDarwin; message = "this is a HM non-darwin config"; }
+    ];
+
     local.flags.onlyCached = true;
 
     local.fragment = {

diff --git a/home-manager/profiles/macintosh.nix b/home-manager/profiles/macintosh.nix
@@ -1,6 +1,5 @@
 { self
 , config
-, lib
 , llib
 , pkgs
 
@@ -10,8 +9,6 @@
 , ...
 }:
 
-if (!isDarwin) then throw "this is a HM darwin-only config" else
-
 let
   inherit (self.outputs) homeManagerModules;
   inherit (self.inputs) agenix;
@@ -33,6 +30,10 @@ in
   ];
 
   config = {
+    assertions = [
+      { assertion = isDarwin; message = "this is a HM darwin-only config"; }
+    ];
+
     local.fragment = {
       aws.enable = true;
       git.enable = true;

diff --git a/nixos/fragments/agenix.nix b/nixos/fragments/agenix.nix
@@ -17,20 +17,26 @@ in
     (if isDarwin then agenix.darwinModules.default else agenix.nixosModules.default)
   ];
 
-  # TODO: enforce dependance
   options.local.fragment.agenix.enable = lib.mkEnableOption ''
     Agenix secrets manager
 
-    Depends on: OpenSSH (`security`)
+    Depends on:
+    - `openssh` services: needs host machine keys
   '';
 
   config = lib.mkIf cfg.enable {
-    # By default, agenix uses host machine keys (aka `openssh.hostKeys`).
-    # These are always available at boot in opposition to user one that might
-    # be located on luks protected partitions.
-    # age.identityPaths = [ ];
-
-    age.secrets = all-secrets.nixos;
+    assertions = [
+      { assertion = config.services.openssh.enable; message = "`agenix` fragement depends on `openssh` program"; }
+    ];
+
+    age = {
+      # By default, agenix uses host machine keys (aka `openssh.hostKeys`).
+      # These are always available at boot in opposition to user one that might
+      # be located on luks protected partitions.
+      # identityPaths = [ ];
+
+      secrets = all-secrets.nixos;
+    };
   };
 }
 
diff --git a/nixos/fragments/backup.nix b/nixos/fragments/backup.nix
@@ -17,6 +17,9 @@ in
     Backup related
   '';
 
+  # TODO: fix module
+  config.assertions = lib.optional cfg.enable { assertion = false; message = "module is broken"; };
+
   config.services.restic.backups = lib.mkIf cfg.enable {
     # Backup documents and repos code
     google-drive = {

diff --git a/nixos/profiles/laptop.nix b/nixos/profiles/laptop.nix
@@ -24,9 +24,6 @@ in
       virtualisation.enable = true;
       wireless.enable = true;
       fonts.enable = true;
-
-      # TODO: fix module first
-      # backup.enable = true;
     };
 
     networking.hosts = {

diff --git a/shells.nix b/shells.nix
@@ -1,21 +1,18 @@
-{ self
-, lib
-, lpkgs
-, system
+{ lpkgs
 , ...
 }@pkgs:
 
 let
-  inherit (self.outputs) packages;
-
-  allSelfPackages = lib.mapAttrsToList (_: value: value) packages.${system};
-
   mkPackageShell = packages: pkgs.mkShell { inherit packages; };
 in
 
 {
   # Import packages of this flake along with useful tools for managing dotfiles
-  default = mkPackageShell (with pkgs; [ just lpkgs.agenix ]);
+  default = mkPackageShell (with pkgs; [
+    lpkgs.agenix
+    home-manager
+    just
+  ]);
 
   # Add presets that I can quickly use