Finish initial NixOS compatibility and add big warnings

Signed-off-by: magic_rb <magic_rb@redalder.org>

Author: MagicRB

examples/default.nix

@@ -12,15 +12,25 @@
   nixng,
 }:
 let
-  modifiedMakeSystem = { config ? {}, ... }@args: nglib.makeSystem ( args //{
-    config = {
-      nixos.acceptRisks = "I accept the risks";
+  modifiedMakeSystem =
+    {
+      config ? { },
+      specialArgs ? { },
+      ...
+    }@args:
+    nglib.makeSystem (
+      args
+      // {
+        config = {
+          nixos.acceptRisks = "I accept the risks";
 
-      imports = [
-        config
-      ];
-    };
-  });
+          imports = [ config ];
+        };
+        specialArgs = specialArgs // {
+          __enableExperimentalNixOSCompatibility = true;
+        };
+      }
+    );
 
   modifiedNglib = nglib // {
     makeSystem = modifiedMakeSystem;
@@ -48,4 +58,10 @@ let
     "ntfy-sh" = ./ntfy-sh;
   };
 in
-nixpkgs.lib.mapAttrs (_: v: import v { inherit nixpkgs nixng; nglib = modifiedNglib; }) examples
+nixpkgs.lib.mapAttrs (
+  _: v:
+  import v {
+    inherit nixpkgs nixng;
+    nglib = modifiedNglib;
+  }
+) examples

lib/make-system.nix

@@ -24,6 +24,8 @@ let
   evaledModules = evalModules {
     specialArgs = specialArgs // {
       inherit nglib;
+      __enableExperimentalNixOSCompatibility =
+        specialArgs.__enableExperimentalNixOSCompatibility or false;
     };
 
     modules =

lib/options.nix

@@ -38,19 +38,17 @@
     getOptionFromPath' [ ] path options;
 
   mkOptionsEqual =
-    to: from:
+    to: from: mapper:
     { config, options, ... }:
     let
       fromOpt = nglib.getOptionFromPath from options;
       toOpt = nglib.getOptionFromPath to options;
 
       prio = fromOpt.highestPrio or lib.defaultOverridePriority;
-      defsWithPrio = map (lib.mkOverride prio) fromOpt.definitions;
+      defsWithPrio = map (def: lib.mkOverride prio (mapper def)) fromOpt.definitions;
     in
     {
-      config = lib.attrsets.setAttrByPath to (
-        lib.mkMerge defsWithPrio
-      );
+      config = lib.attrsets.setAttrByPath to (lib.mkMerge defsWithPrio);
       options = lib.attrsets.setAttrByPath from (
         lib.mkOption { apply = x: lib.attrsets.getAttrFromPath to config; }
       );

modules/nixos/assertions.nix

@@ -1,6 +1,16 @@
-{ config, lib, ... }:
+{
+  config,
+  lib,
+  nglib,
+  ...
+}:
 {
   options.nixos = lib.mkOption { type = lib.types.submodule { imports = [ ../assertions.nix ]; }; };
 
-  config.assertions = config.nixos.assertions;
+  imports = [
+    (nglib.mkOptionsEqual [ "assertions" ] [
+      "nixos"
+      "assertions"
+    ] lib.id)
+  ];
 }

modules/nixos/default.nix

@@ -1,6 +1,12 @@
-{ lib, pkgs, ... }:
 {
-  imports = [
+  lib,
+  pkgs,
+  config,
+  __enableExperimentalNixOSCompatibility,
+  ...
+}:
+{
+  imports = lib.optionals __enableExperimentalNixOSCompatibility ([
     ./systemd.nix
     ./nginx.nix
     ./users.nix
@@ -10,7 +16,7 @@
     ./nix.nix
     ./meta.nix
     ./networking.nix
-  ];
+  ]);
 
   options.nixos = lib.mkOption {
     type = lib.types.submodule {
@@ -31,4 +37,19 @@
     };
     default = { };
   };
+
+  config.assertions = [
+    {
+      assertion = (config.nixos.acceptRisks == "I accept the risks");
+      message = ''
+        NixOS module compatibility is highly experimental, severely unfinished and most definitely has
+        functional and security bugs. Unless you know what you're doing and are willing to accept the risks
+        reconsider it's usage. To signify you are aware of these risks, set the option
+        `config.nixos.acceptRisks` to `"I accept the risks"`.
+
+        If you run into any of the aforementioned deficiencies please reach out on Matrix at
+        `#nixng:matrix.redalder.org`.
+      '';
+    }
+  ];
 }

modules/nixos/networking.nix

@@ -1,10 +1,13 @@
 { lib, config, ... }:
 {
   options = {
-    nixos.networking.hostName = lib.mkOption { type = lib.types.str; };
-  };
-
-  config = {
-    nixos.networking.hostName = "buildbot";
+    nixos.networking.hostName = lib.mkOption {
+      type = lib.types.str;
+      description = ''
+        Machine hostname, this has currently no effect on NixNG and is completely
+        local to the NixOS compatibility layer.
+      '';
+      default = "unnamed";
+    };
   };
 }

modules/nixos/nginx.nix

@@ -127,110 +127,109 @@ in
   imports = [
     (nglib.mkOptionsEqual
       [
-        "nixos"
         "services"
         "nginx"
         "enable"
       ]
       [
+        "nixos"
         "services"
         "nginx"
         "enable"
       ]
+      lib.id
     )
   ];
 
   config = {
-    services.nginx = lib.mkIf config.services.nginx.enable (
-      nglib.errorExperimentalNixOS config {
-        envsubst = true;
-        configuration = lib.singleton {
-          daemon = "off";
-          worker_processes = 8;
-          user = "nginx";
-
-          events."" = {
-            use = "epoll";
-            worker_connections = 512;
-          };
-
-          error_log = [
-            "/dev/stderr"
-            "warn"
-          ];
-
-          pid = "/nginx.pid";
-
-          http."" =
-            [
-              {
-                server_tokens = "off";
-                include = [ [ "${pkgs.nginx}/conf/mime.types" ] ];
-                charset = "utf-8";
-                access_log = [
-                  "/dev/stdout"
-                  "combined"
-                ];
+    services.nginx = lib.mkIf config.services.nginx.enable ({
+      envsubst = true;
+      configuration = lib.singleton {
+        daemon = "off";
+        worker_processes = 8;
+        user = "nginx";
+
+        events."" = {
+          use = "epoll";
+          worker_connections = 512;
+        };
 
-                # $connection_upgrade is used for websocket proxying
-                map."$$http_upgrade $$connection_upgrade" = {
-                  default = "upgrade";
-                  "''" = "close";
-                };
-              }
-            ]
-            ++ (lib.optionals cfg.recommendedProxySettings [
-              {
-                proxy_redirect = "off";
-                proxy_connect_timeout = cfg.proxyTimeout;
-                proxy_send_timeout = cfg.proxyTimeout;
-                proxy_read_timeout = cfg.proxyTimeout;
-                proxy_http_version = "1.1";
-                # don't let clients close the keep-alive connection to upstream. See the nginx blog for details:
-                # https://www.nginx.com/blog/avoiding-top-10-nginx-configuration-mistakes/#no-keepalives
-                proxy_set_header = [
-                  "Connection"
-                  "''"
+        error_log = [
+          "/dev/stderr"
+          "warn"
+        ];
+
+        pid = "/nginx.pid";
+
+        http."" =
+          [
+            {
+              server_tokens = "off";
+              include = [ [ "${pkgs.nginx}/conf/mime.types" ] ];
+              charset = "utf-8";
+              access_log = [
+                "/dev/stdout"
+                "combined"
+              ];
+
+              # $connection_upgrade is used for websocket proxying
+              map."$$http_upgrade $$connection_upgrade" = {
+                default = "upgrade";
+                "''" = "close";
+              };
+            }
+          ]
+          ++ (lib.optionals cfg.recommendedProxySettings [
+            {
+              proxy_redirect = "off";
+              proxy_connect_timeout = cfg.proxyTimeout;
+              proxy_send_timeout = cfg.proxyTimeout;
+              proxy_read_timeout = cfg.proxyTimeout;
+              proxy_http_version = "1.1";
+              # don't let clients close the keep-alive connection to upstream. See the nginx blog for details:
+              # https://www.nginx.com/blog/avoiding-top-10-nginx-configuration-mistakes/#no-keepalives
+              proxy_set_header = [
+                "Connection"
+                "''"
+              ];
+            }
+            recommendedProxyConfig
+          ])
+          ++ (lib.flip lib.mapAttrsToList cfg.virtualHosts (
+            server_name: server: {
+              server."" = {
+                listen = [
+                  "80"
+                  "http2"
                 ];
-              }
-              recommendedProxyConfig
-            ])
-            ++ (lib.flip lib.mapAttrsToList cfg.virtualHosts (
-              server_name: server: {
-                server."" = {
-                  listen = [
-                    "80"
-                    "http2"
-                  ];
-                  inherit server_name;
-
-                  location = lib.flip lib.mapAttrs server.locations (
-                    location: settings: [
-                      (lib.optionalAttrs (
-                        settings.proxyPass != null && cfg.recommendedProxySettings
-                      ) recommendedProxyConfig)
-                      (lib.optionalAttrs settings.proxyWebsockets {
-                        proxy_http_version = "1.1";
-                        proxy_set_header = [
-                          [
-                            "Upgrade"
-                            "$$http_upgrade"
-                          ]
-                          [
-                            "Connection"
-                            "$$connection_upgrade"
-                          ]
-                        ];
-                      })
-                      settings.extraConfig
-                      (lib.optionalAttrs (settings.proxyPass != null) { proxy_pass = settings.proxyPass; })
-                    ]
-                  );
-                };
-              }
-            ));
-        };
-      }
-    );
+                inherit server_name;
+
+                location = lib.flip lib.mapAttrs server.locations (
+                  location: settings: [
+                    (lib.optionalAttrs (
+                      settings.proxyPass != null && cfg.recommendedProxySettings
+                    ) recommendedProxyConfig)
+                    (lib.optionalAttrs settings.proxyWebsockets {
+                      proxy_http_version = "1.1";
+                      proxy_set_header = [
+                        [
+                          "Upgrade"
+                          "$$http_upgrade"
+                        ]
+                        [
+                          "Connection"
+                          "$$connection_upgrade"
+                        ]
+                      ];
+                    })
+                    settings.extraConfig
+                    (lib.optionalAttrs (settings.proxyPass != null) { proxy_pass = settings.proxyPass; })
+                  ]
+                );
+              };
+            }
+          ));
+      };
+    });
   };
 }

modules/nixos/nix.nix

@@ -1,15 +1,22 @@
-{ lib, config, ... }:
 {
-  options = {
-    nixos.nix = {
-      settings = lib.mkOption {
-        type = lib.types.unspecified;
-        default = { };
-      };
-    };
-  };
-
-  config = {
-    nix.config = config.nixos.nix.settings;
-  };
+  nglib,
+  lib,
+  config,
+  ...
+}:
+{
+  imports = [
+    (nglib.mkOptionsEqual
+      [
+        "nix"
+        "config"
+      ]
+      [
+        "nixos"
+        "nix"
+        "config"
+      ]
+      lib.id
+    )
+  ];
 }