Refactor

modules/server/containers/apps/.template.nix

@@ -17,8 +17,12 @@ let
     };
   };
 in {
-  sops = false;
-  db = false;
+  requires = {
+    secrets = [ ];
+    databases = [ ];
+  };
+
+  runtime = {
     paths = [{
       path="${serverCfg.path.config}/example/";
       mode = "0444";
@@ -46,4 +50,5 @@ in {
         ...
       '';
     };
+  };
 }

modules/server/containers/builder.nix

@@ -69,6 +69,57 @@ let
 in {
   mkContainer = contBuilder;
   mkVm = vmBuilder;
+  mkApp = name: app:
+    let
+      # Keep legacy app modules working while storing a stricter internal contract.
+      legacySetup =
+        if app ? setup then app.setup else null;
+    in {
+      inherit name;
+      requires = {
+        secrets =
+          if app ? requires && app.requires ? secrets then app.requires.secrets
+          else if app ? sops && app.sops then [ name ]
+          else [ ];
+        databases =
+          if app ? requires && app.requires ? databases then app.requires.databases
+          else if app ? db && app.db then [ name ]
+          else [ ];
+      };
+      exports = {
+        authentik = {
+          blueprints =
+            if app ? exports && app.exports ? authentik && app.exports.authentik ? blueprints
+            then app.exports.authentik.blueprints
+            else [ ];
+        };
+      };
+      runtime = {
+        paths =
+          if app ? runtime && app.runtime ? paths then app.runtime.paths
+          else if app ? paths then app.paths
+          else [ ];
+        containers =
+          if app ? runtime && app.runtime ? containers then app.runtime.containers
+          else if app ? containers then app.containers
+          else { };
+        vm =
+          if app ? runtime && app.runtime ? vm then app.runtime.vm
+          else if app ? vm then app.vm
+          else null;
+        cron =
+          if app ? runtime && app.runtime ? cron then app.runtime.cron
+          else if app ? cron then app.cron
+          else [ ];
+        setup =
+          if app ? runtime && app.runtime ? setup then app.runtime.setup
+          else ({
+            trigger = "";
+            script = null;
+            envFile = [ ];
+          } // (if legacySetup != null then legacySetup else { }));
+      };
+    };
   mkData = { name, dir, vars?{} }: pkgs.runCommand name vars ''
     mkdir -p $out
     cp -r ${./data + "/${dir}"}/. $out/

modules/server/containers/default.nix

@@ -6,22 +6,26 @@ let
 in{
   config = lib.mkMerge [{
     syscfg.server.loadedContainers = lib.mapAttrs (name: containerCfg:
-      (import (./apps + "/${name}.nix")) { inherit config pkgs lib containerCfg builder name; }
+      builder.mkApp name ((import (./apps + "/${name}.nix")) { inherit config pkgs lib containerCfg builder name; })
     ) config.syscfg.server.containers;
   } (lib.mkIf ( serverCfg.containers != {} ) (
     let
       appsList = builtins.attrValues config.syscfg.server.loadedContainers;
       mergedContainers = lib.concatMapAttrs (appName: app:
-        lib.mapAttrs' (cName: cCfg: lib.nameValuePair "${appName}-${cName}" cCfg) app.containers
+        lib.mapAttrs' (cName: cCfg: lib.nameValuePair "${appName}-${cName}" cCfg) app.runtime.containers
       ) config.syscfg.server.loadedContainers;
       serverPathConfigs = map (path: {
         inherit path;
         mode = "0755";
       }) (lib.unique (builtins.attrValues serverCfg.path));
-      allPathConfigs = serverPathConfigs ++ lib.concatMap (app: app.paths) appsList;
-      allSetupConfigs = lib.concatMap (app: if app.setup?script then [({name = app.name; envFile="";} // app.setup)] else []) appsList;
-      allCronsConfigs = lib.concatMap (app: app.cron) appsList;
-      allVMConfigs = builtins.filter (app: app.vm != null) appsList;
+      allPathConfigs = serverPathConfigs ++ lib.concatMap (app: app.runtime.paths) appsList;
+      allSetupConfigs = lib.concatMap (app:
+        if app.runtime.setup ? script
+        then [ ({ name = app.name; envFile = ""; } // app.runtime.setup) ]
+        else [ ]
+      ) appsList;
+      allCronsConfigs = lib.concatMap (app: app.runtime.cron) appsList;
+      allVMConfigs = builtins.filter (app: app.runtime.vm != null) appsList;
     in{
       virtualisation.oci-containers = {
         backend = "podman";
@@ -73,7 +77,7 @@ in{
             RestartSec = "10s";
             ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /media/data/kvm";
             ExecStart = ''
-              ${builder.mkVm { name = e.name; vm = e.vm; }}/bin/run-${e.name}-vm -nographic
+              ${builder.mkVm { name = e.name; vm = e.runtime.vm; }}/bin/run-${e.name}-vm -nographic
             '';
           };
         };

modules/server/database/default.nix

@@ -3,7 +3,7 @@
 let
 
   listNames = config.syscfg.server.db;
-  containerNames = builtins.attrNames (lib.filterAttrs (appName: app: app.db) config.syscfg.server.loadedContainers);
+  containerNames = lib.concatMap (app: app.requires.databases) (builtins.attrValues config.syscfg.server.loadedContainers);
   allApps = lib.unique (listNames ++ containerNames);
 in {
   config = lib.mkIf ( builtins.length allApps > 0) {

modules/server/sops/default.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 let
   listNames = config.syscfg.server.db;
-  containerNames = builtins.attrNames (lib.filterAttrs (appName: app: app.sops) config.syscfg.server.loadedContainers);
+  containerNames = lib.concatMap (app: app.requires.secrets) (builtins.attrValues config.syscfg.server.loadedContainers);
   allApps = lib.unique (listNames ++ containerNames);
 in{
     sops.secrets = {

modules/shared/syscfg/server.nix

@@ -40,18 +40,44 @@ in with lib; {
        type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: {
         options = {
           name = lib.mkOption {type = lib.types.str; default = name;};
-          sops = lib.mkOption {type = lib.types.bool; default = false;};
-          db = lib.mkOption {type = lib.types.bool; default = false;};
+          requires = {
+            secrets = lib.mkOption {
+              type = lib.types.listOf lib.types.str;
+              default = [ ];
+            };
+            databases = lib.mkOption {
+              type = lib.types.listOf lib.types.str;
+              default = [ ];
+            };
+          };
 
+          exports = {
+            authentik = {
+              blueprints = lib.mkOption {
+                type = lib.types.listOf lib.types.str;
+                default = [ ];
+              };
+            };
+          };
+
+          runtime = {
             paths = lib.mkOption {type = lib.types.listOf lib.types.attrs; default = [ ];};
             containers = lib.mkOption {type = lib.types.attrsOf lib.types.attrs; default = { };};
             vm = lib.mkOption {type = lib.types.nullOr lib.types.attrs; default = null;};
             cron = lib.mkOption {type = lib.types.listOf lib.types.str; default = [ ];};
-
-          setup = {
+            setup = lib.mkOption {
+              type = lib.types.submodule {
+                options = {
                   trigger = lib.mkOption {type = lib.types.str; default = "";};
                   script = lib.mkOption {type = lib.types.nullOr lib.types.package; default = null;};
-            envFile = lib.mkOption {type = with lib.types; coercedTo str (x: [x]) (listOf str); default = [];};
+                  envFile = lib.mkOption {
+                    type = with lib.types; coercedTo str (x: [x]) (listOf str);
+                    default = [ ];
+                  };
+                };
+              };
+              default = { };
+            };
           };
         };
        }));

systems/sandbox/cfg.nix

@@ -27,8 +27,6 @@
       #   user = ...
       #   ...
       # };
-      mailDomain = "test@helcel";
-      mailServer = "infomaniak.ch";
       
       containers = {
         # ===== BASE =====