contianer: Only check visible roles in assertion

The assertion broke evaluation when trying to evaluate a role which is deprecated with mkRemovedOptionModule
flyingcircusio · May 30, 2023 · 701c994 · 701c994
1 parent b05e02a
commit 701c994
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 22 deletions.
diff --git a/nixos/infrastructure/container.nix b/nixos/infrastructure/container.nix
@@ -2,6 +2,14 @@
 
 let
   fclib = config.fclib;
+
+  # Only check "visible" roles, skipping roles that are marked as removed by
+  # `mkRemovedOptionModule` or manually set to `visible = false`.
+  # The `tryEval` is needed because visiting the role option throws an error if
+  # the option is declared by `mkRemovedOptionModule`.
+  visibleFCRoles = (lib.filterAttrs
+    (n: v: (builtins.tryEval v.enable.visible or true).value)
+    config.flyingcircus.roles);
 in
 {
   config = lib.mkMerge [
@@ -11,8 +19,7 @@ in
         lib.mapAttrsToList (n: v:
           { assertion = v ? supportsContainers;
             message = "role ${n} does not define container support attribute";
-          }) config.flyingcircus.roles;
-
+          }) visibleFCRoles;
     }
 
     (lib.mkIf (config.flyingcircus.infrastructureModule == "container") {
@@ -24,7 +31,7 @@ in
           { assertion = if (v.enable or false) then
               (v.supportsContainers or true) else true;
             message = "role ${n} does not support containers";
-          }) config.flyingcircus.roles;
+          }) visibleFCRoles;
 
       boot.isContainer = true;
 

diff --git a/nixos/roles/default.nix b/nixos/roles/default.nix
@@ -1,18 +1,14 @@
 { config, lib, ... }:
+
+with builtins;
+
 let
-  # Map list of roles to a list of attribute sets enabling each role.
-  # Turn the list of role names (["a", "b"]) into an attribute set
-  # ala { <role> = { enable = true;}; }
-  roleSet = lib.listToAttrs (
-    map (role: { name = role; value = { enable = true; }; })
-      config.flyingcircus.active-roles);
   fclib = config.fclib;
 in {
   imports = with lib; [
     ./antivirus.nix
     ./backyserver.nix
     ./coturn.nix
-    ./consul
     ./docker.nix
     ./ceph/mon.nix
     ./ceph/osd.nix
@@ -21,37 +17,40 @@ in {
     ./external_net
     ./elasticsearch.nix
     ./gitlab.nix
-    ./graylog.nix
     ./jitsi
-    ./kibana.nix
     ./k3s
-    ./kvm.nix
     ./lamp.nix
-    ./loghost
     ./mailout.nix
     ./mailserver.nix
+    ./matomo.nix
     ./memcached.nix
     ./mongodb.nix
     ./mysql.nix
     ./nfs.nix
     ./nginx.nix
+    ./opensearch.nix
+    ./opensearch_dashboards.nix
     ./postgresql.nix
     ./rabbitmq.nix
     ./redis.nix
-    ./sensuserver.nix
     ./servicecheck.nix
+    ./slurm
     ./statshost
     ./webdata_blackbee.nix
     ./webgateway.nix
     ./webproxy.nix
 
-    (mkRemovedOptionModule [ "flyingcircus" "roles" "mysql" "rootPassword" ] "Change the root password via MySQL and modify secret files")
-    (mkRenamedOptionModule [ "flyingcircus" "roles" "rabbitmq38" ] [ "flyingcircus" "roles" "rabbitmq" ])
-    (mkRenamedOptionModule [ "flyingcircus" "roles" "redis4" ] [ "flyingcircus" "roles" "redis" ])
-    (mkRenamedOptionModule [ "flyingcircus" "roles" "statshost" "enable" ] [ "flyingcircus" "roles" "statshost-global" "enable" ])
+    # Removed
+    (mkRemovedOptionModule [ "flyingcircus" "roles" "graylog" "enable" ] "Last platform version that supported graylog/loghost was 22.05.")
+    (mkRemovedOptionModule [ "flyingcircus" "roles" "loghost" "enable" ] "Last platform version that supported graylog/loghost was 22.05.")
+    (mkRemovedOptionModule [ "flyingcircus" "roles" "loghost-location" "enable" ] "Last platform version that supported graylog/loghost was 22.05.")
+    (mkRemovedOptionModule [ "flyingcircus" "roles" "mysql" "rootPassword" ] "Change the root password via MySQL and modify secret files.")
+    (mkRemovedOptionModule [ "flyingcircus" "roles" "statshost" "enable" ] "Use flyingcircus.roles.statshost-global.enable instead.")
+    (mkRemovedOptionModule [ "flyingcircus" "roles" "statshostproxy" "enable" ] "Use flyingcircus.roles.statshost-location-proxy.enable instead.")
+
+    # Renamed
+    (mkRenamedOptionModule [ "flyingcircus" "roles" "elasticsearch" "dataDir" ] [ "services" "elasticsearch" "dataDir" ])
     (mkRenamedOptionModule [ "flyingcircus" "roles" "statshost" "globalAllowedMetrics" ] [ "flyingcircus" "roles" "statshost-global" "allowedMetricPrefixes" ])
-    (mkRenamedOptionModule [ "flyingcircus" "roles" "statshostproxy" ] [ "flyingcircus" "roles" "statshost-location-proxy" ])
-    (mkRenamedOptionModule [ "flyingcircus" "roles" "kibana" "enable" ] [ "flyingcircus" "roles" "kibana6" "enable" ])
   ];
 
   options = {
@@ -62,7 +61,17 @@ in {
   };
 
   config = {
-    flyingcircus.roles = roleSet;
+    # Map list of roles to a list of attribute sets enabling each role.
+    # Turn the list of role names (["a", "b"]) into an attribute set
+    # ala { <role> = { enable = true;}; }
+    # Roles are ignored if the initial run marker of fc-agent is still present
+    # to get the new system ready for SSH connections more quickly and reliably.
+    flyingcircus.roles =
+      (lib.optionalAttrs
+        (!pathExists "/etc/nixos/fc_agent_initial_run")
+        (lib.listToAttrs (
+          map (role: { name = role; value = { enable = true; }; })
+            config.flyingcircus.active-roles)));
   };
 
 }