node inheritance + group parsing

2026-03-15 01:10:36 +10:00 · 2026-03-15 01:10:36 +10:00 · f819933c8d
commit f819933c8d
parent d891a92357
12 changed files with 422 additions and 253 deletions
--- a/nix/snow/flake/nodes/default.nix
+++ b/nix/snow/flake/nodes/default.nix
@ -12,6 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 {
+  _snow,
  lib,
  specialArgs,
  ...
@ -25,38 +26,20 @@
  in
    mkOption {
      description = ''
-        Cerulean node declarations.
+        Snowflake node declarations.
      '';
      type = types.submoduleWith {
        inherit specialArgs;

        modules = [
-          {
-            imports = [./shared.nix];
-
-            options = {
-              groups = mkOption {
-                type = types.attrs;
-                default = {};
-                example = lib.literalExpression "{ servers = { staging = {}; production = {}; }; }";
-                description = ''
-                  Hierarchical groups that nodes can be a member of.
-                '';
-              };
-
-              nodes = mkOption {
-                type = types.attrsOf (types.submoduleWith {
-                  inherit specialArgs;
-                  modules = [(import ./submodule.nix)];
-                });
-                # example = { ... }; # TODO
-                description = ''
-                  Node (host systems) declarations.
-                '';
-              };
-            };
-          }
+          ./nodes.nix
        ];
      };
    };
+
+  config = {
+    nodes = {
+      base = _snow.inputs.nixpkgs;
+    };
+  };
 }
--- a/nix/snow/flake/nodes/groups.nix
+++ b/nix/snow/flake/nodes/groups.nix
@ -0,0 +1,73 @@
+# # Copyright 2025-2026 _cry64 (Emile Clark-Boman)
+# #
+# # Licensed under the Apache License, Version 2.0 (the "License");
+# # you may not use this file except in compliance with the License.
+# # You may obtain a copy of the License at
+# #
+# #    http://www.apache.org/licenses/LICENSE-2.0
+# #
+# # Unless required by applicable law or agreed to in writing, software
+# # distributed under the License is distributed on an "AS IS" BASIS,
+# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# # See the License for the specific language governing permissions and
+# # limitations under the License.
+{nt, ...}: let
+  inherit
+    (builtins)
+    concatLists
+    elem
+    filter
+    isAttrs
+    mapAttrs
+    pathExists
+    typeOf
+    ;
+
+  rootGroupName = "all";
+in {
+  parseGroupsDecl = groups: let
+    validGroup = g:
+      isAttrs g
+      || throw ''
+        Snow node groups must be provided as attribute sets, got "${typeOf g}" instead!
+        Ensure all the group definitions are attribute sets under your call to `snow.flake`.
+        NOTE: Groups can be accessed via `self.groups.PATH.TO.YOUR.GROUP`
+      '';
+    delegate = parent: gName: g: let
+      result =
+        (g
+          // {
+            _name = gName;
+            _parent = parent;
+          })
+        |> mapAttrs (name: value:
+          if elem name ["_name" "_parent"]
+          # ignore metadata fields
+          then value
+          else assert validGroup value; (delegate result name value));
+    in
+      result;
+  in
+    assert validGroup groups;
+      delegate null rootGroupName groups;
+
+  getGroupModules = root: groups:
+  # ensure root group is always added
+    groups
+    # add all inherited groups via _parent
+    |> map (let
+      delegate = g:
+        if g._parent == null
+        then [g]
+        else [g] ++ delegate (g._parent);
+    in
+      delegate)
+    # flatten recursion result
+    |> concatLists
+    # find import location
+    |> map (group: nt.findImport /${root}/groups/${group._name})
+    # filter by uniqueness
+    |> nt.prim.unique
+    # ignore missing groups
+    |> filter pathExists;
+}
--- a/nix/snow/flake/nodes/submodule.nix
+++ b/nix/snow/flake/nodes/submodule.nix
@ -14,16 +14,18 @@
 {
  lib,
  systems,
+  config,
+  nodesConfig,
  ...
 }: {
-  imports = [./shared.nix];
-
  options = let
    inherit
      (lib)
      mkOption
      types
      ;
+
+    flakeRef = types.either types.str types.path;
  in {
    enabled = lib.mkOption {
      type = types.bool;
@ -43,6 +45,65 @@
      '';
    };

+    base = lib.mkOption {
+      # In newer Nix versions, particularly with lazy trees, outPath of
+      # flakes becomes a Nix-language path object. We deliberately allow this
+      # to gracefully come through the interface in discussion with @roberth.
+      #
+      # See: https://github.com/NixOS/nixpkgs/pull/278522#discussion_r1460292639
+      type = types.nullOr flakeRef;
+
+      default = nodesConfig.base;
+      defaultText = "nodes.base";
+
+      example = lib.literalExpression "inputs.nixpkgs";
+
+      description = ''
+        The path to the nixpkgs source used to build a system. A `base` package set
+        is required to be set, and can be specified via either:
+        1. `options.nodes.base` (default `base` used for all systems)
+        2. `options.nodes.nodes.<name>.base` (takes prescedence over `options.nodes.base`)
+
+        This can also be optionally set if the NixOS system is not built with a flake but still uses
+        pinned sources: set this to the store path for the nixpkgs sources used to build the system,
+        as may be obtained by `fetchTarball`, for example.
+
+        Note: the name of the store path must be "source" due to
+        <https://github.com/NixOS/nix/issues/7075>.
+      '';
+    };
+
+    homeManager = mkOption {
+      type = types.nullOr flakeRef;
+      default = nodesConfig.homeManager;
+      defaultText = "nodes.homeManager";
+      example = lib.literalExpression "inputs.home-manager";
+      description = ''
+        The path to the home-manager source. A `homeManager` flake reference
+        is required to be set for `homes/` to be evaluated, and can be specified via either:
+        1. `options.nodes.homeManager` (default `homManager` used for all systems)
+        2. `options.nodes.nodes.<name>.homeManager` (takes prescedence over `options.nodes.homeManager`)
+      '';
+    };
+
+    modules = mkOption {
+      type = types.listOf types.raw;
+      default = [];
+      example = lib.literalExpression "[ { environment.systemPackages = [ pkgs.git ]; } ]";
+      description = ''
+        Shared modules to import; equivalent to the NixOS module system's `extraModules`.
+      '';
+    };
+
+    args = mkOption {
+      type = types.attrs;
+      default = {};
+      example = lib.literalExpression "{ inherit inputs; }";
+      description = ''
+        Shared args to provided for each node; equivalent to the NixOS module system's `specialArgs`.
+      '';
+    };
+
    groups = mkOption {
      # TODO: write a custom group type that validates better than types.attrs lol
      type = types.functionTo (types.listOf types.attrs);
@ -51,6 +112,9 @@
      description = ''
        A function from the `groups` hierarchy to a list of groups this node inherits from.
      '';
+
+      apply = groupsFn:
+        groupsFn nodesConfig.groups;
    };

    deploy = {
@ -91,7 +155,7 @@
        example = false;
        description = ''
          Whether to enable interactive sudo (password based sudo).
-          NOT RECOMMENDED. Use one of Cerulean's recommended auth methods instead.
+          NOT RECOMMENDED. Use one of Snowflake's recommended auth methods instead.
        '';
      };

@ -164,7 +228,7 @@

        user = mkOption {
          type = types.str;
-          default = "cerubld";
+          default = "snowbld";
          example = "custom-user";
          description = ''
            The user to connect to over ssh during deployment.
@ -183,7 +247,7 @@
        publicKeys = mkOption {
          type = types.listOf types.str;
          default = [];
-          example = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIeyZuUUmyUYrYaEJwEMvcXqZFYm1NaZab8klOyK6Imr me@puter"];
+          example = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIeyZuUUmyUYrYaEJwEMvcXqZFYm1NaZab8klOyK6Imr me@myputer"];
          description = ''
            SSH public keys that will be authorized to the deployment user.
            This key is intended solely for deployment, allowing for fine-grained permission control.
@ -201,4 +265,33 @@
      };
    };
  };
+
+  config = let
+    throwGotNull = name:
+      throw ''
+        [snow] `nodes.<name>.${name}` must be set for all nodes! (got: <null>)
+      '';
+    givenSystem =
+      (config.system != null)
+      || throwGotNull "system";
+
+    givenBase =
+      (config.base != null)
+      || throwGotNull "base";
+
+    givenHomeManager =
+      (config.homeManager != null)
+      || throwGotNull "homeManager";
+
+    givenDeployHost =
+      (config.deploy.ssh.host != null)
+      || throwGotNull "deploy.ssh.host";
+  in
+    assert givenSystem
+    && givenBase
+    && givenHomeManager
+    && givenDeployHost; {
+      # extend these from the nodes configuration
+      inherit (nodesConfig) modules args;
+    };
 }
--- a/nix/snow/flake/nodes/shared.nix
+++ b/nix/snow/flake/nodes/shared.nix
@ -11,7 +11,13 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-{lib, ...}: let
+{
+  _snow,
+  lib,
+  config,
+  specialArgs,
+  ...
+}: let
  inherit
    (lib)
    mkOption
@ -19,6 +25,8 @@
    ;

  flakeRef = types.either types.str types.path;
+
+  groupLibs = import ./groups.nix {inherit (_snow.inputs) nt;};
 in {
  options = {
    base = lib.mkOption {
@ -49,6 +57,18 @@ in {
      '';
    };

+    homeManager = mkOption {
+      type = types.nullOr flakeRef;
+      default = null;
+      example = lib.literalExpression "inputs.home-manager";
+      description = ''
+        The path to the home-manager source. A `homeManager` flake reference
+        is required to be set for `homes/` to be evaluated, and can be specified via either:
+        1. `options.nodes.homeManager` (default `homManager` used for all systems)
+        2. `options.nodes.nodes.<name>.homeManager` (takes prescedence over `options.nodes.homeManager`)
+      '';
+    };
+
    modules = mkOption {
      type = types.listOf types.raw;
      default = [];
@ -67,15 +87,28 @@ in {
      '';
    };

-    homeManager = mkOption {
-      type = types.nullOr flakeRef;
-      default = null;
-      example = lib.literalExpression "inputs.home-manager";
+    groups = mkOption {
+      type = types.attrs;
+      default = {};
+      example = lib.literalExpression "{ servers = { staging = {}; production = {}; }; }";
      description = ''
-        The path to the home-manager source. A `homeManager` flake reference
-        is required to be set for `homes/` to be evaluated, and can be specified via either:
-        1. `options.nodes.homeManager` (default `homManager` used for all systems)
-        2. `options.nodes.nodes.<name>.homeManager` (takes prescedence over `options.nodes.homeManager`)
+        Hierarchical groups that nodes can be a member of.
+      '';
+
+      apply = groupLibs.parseGroupsDecl;
+    };
+
+    nodes = mkOption {
+      type = types.attrsOf (types.submoduleWith {
+        specialArgs =
+          specialArgs
+          // {
+            nodeConfig = config;
+          };
+        modules = [./node.nix];
+      });
+      description = ''
+        Node (host systems) declarations.
      '';
    };
  };