refactor: further progress

2026-04-25 00:19:20 +02:00
parent 55fbe82a42
commit 0500aab3cb
31 changed files with 680 additions and 398 deletions
@@ -10,22 +10,19 @@ in
      ...
    }:
    let
-      host = config.meta.host;
+      machine = config.meta.machine;
      user = config.meta.user;
-      sourceControl = user.sourceControl;
-      sourceControlScopes = sourceControl.scopes;
-      hostSourceControlUsers = host.sourceControl.users;
-      hostUserSourceControl = hostSourceControlUsers.${user.name} or { };
+      account = user.account;
+      sourceControl = account.sourceControl;

-      scopeConfig = scope: hostUserSourceControl.${scope} or null;
-      scopeIdentity = scope: sourceControlScopes.${scope} or null;
+      scopeConfig = scope: user.sourceControl.${scope} or null;

      emailForScope =
        scope:
        let
-          identity = scopeIdentity scope;
+          scopedEmails = lib.filter (email: email.scope == scope) (builtins.attrValues account.emails);
        in
-        if identity == null then null else identity.email;
+        if builtins.length scopedEmails == 1 then (builtins.head scopedEmails).address else null;

      scopeHasSigningKey =
        scope:
@@ -51,7 +48,12 @@ in
        in
        if keyConfig == null then null else keyConfig.publicKey;

-      scopesInUse = builtins.attrNames sourceControlScopes;
+      scopesInUse = lib.unique [
+        "personal"
+        sourceControl.projectScope
+      ];
+
+      missingEmailScopes = builtins.filter (scope: emailForScope scope == null) scopesInUse;

      allowedSignersLines = map (scope: "${emailForScope scope} ${publicKeyForScope scope}") (
        builtins.filter (scope: emailForScope scope != null && scopeHasSigningKey scope) scopesInUse
@@ -62,7 +64,7 @@ in
        lib.recursiveUpdate
          {
            user = {
-              name = user.realName;
+              name = account.realName;
              email = emailForScope scope;
            };
          }
@@ -75,7 +77,7 @@ in

      gitRoots = [
        {
-          root = user.nixosConfigurationPath;
+          root = account.nixosConfigurationPath;
          scope = "personal";
        }
        {
@@ -87,6 +89,13 @@ in
    {
      imports = [ homeModules.git ];

+      assertions = [
+        {
+          assertion = missingEmailScopes == [ ];
+          message = "Missing source-control email scope for `${account.name}`: ${lib.concatStringsSep ", " missingEmailScopes}.";
+        }
+      ];
+
      xdg.configFile."git/allowed_signers".text = lib.concatStringsSep "\n" (
        allowedSignersLines ++ [ "" ]
      );