refactor: simplify host composition and shared feature config

2026-04-22 03:29:19 +02:00
parent 5eec5689f4
commit 503c1fe9bc
16 changed files with 327 additions and 238 deletions
@@ -14,40 +14,11 @@ in
      user = config.meta.user;
      sourceControl = user.sourceControl;
      hostSourceControlUsers = host.sourceControl.users;
-      hostUserSourceControl =
-        if lib.hasAttr user.name hostSourceControlUsers then hostSourceControlUsers.${user.name} else { };
-      profileNames = builtins.attrNames sourceControl.profiles;
-
-      parsedProfiles = map (
-        name:
-        let
-          matches = builtins.match "(github|gitlab)-(personal|work)" name;
-        in
-        {
-          inherit matches name;
-          isValid = matches != null;
-          scope = if matches == null then null else builtins.elemAt matches 1;
-        }
-      ) profileNames;
-
-      validProfiles = builtins.filter (profile: profile.isValid) parsedProfiles;
-      invalidProfileNames = map (profile: profile.name) (
-        builtins.filter (profile: !profile.isValid) parsedProfiles
-      );
-
-      emailNamesForScope = {
-        personal = [
-          "personal"
-          "main"
-        ];
-        work = [ "work" ];
-      };
+      hostUserSourceControl = hostSourceControlUsers.${user.name} or { };

      scopeEmails =
        scope:
-        map (name: user.emails.${name}) (
-          builtins.filter (name: lib.hasAttr name user.emails) emailNamesForScope.${scope}
-        );
+        lib.filter (email: email.scope == scope) (builtins.attrValues user.emails);

      emailForScope =
        scope:
@@ -56,8 +27,14 @@ in
        in
        if builtins.length emails == 1 then (builtins.head emails).address else null;

-      scopeConfig =
-        scope: if lib.hasAttr scope hostUserSourceControl then hostUserSourceControl.${scope} else null;
+      scopeConfig = scope: hostUserSourceControl.${scope} or null;
+
+      scopeHasSigningKey =
+        scope:
+        let
+          keyConfig = scopeConfig scope;
+        in
+        keyConfig != null && keyConfig.publicKey != null;

      privateKeyPathForScope =
        scope:
@@ -69,7 +46,7 @@ in
        else
          keyConfig.privateKeyPath;

-      scopePublicKey =
+      publicKeyForScope =
        scope:
        let
          keyConfig = scopeConfig scope;
@@ -81,23 +58,25 @@ in
          "personal"
          sourceControl.projectScope
        ]
-        ++ map (profile: profile.scope) validProfiles
      );

-      missingKeyScopes = builtins.filter (scope: scopePublicKey scope == null) scopesInUse;
      invalidEmailScopes = builtins.filter (scope: emailForScope scope == null) scopesInUse;
-      allowedSignersLines = map (scope: "${emailForScope scope} ${scopePublicKey scope}") (
-        builtins.filter (scope: emailForScope scope != null && scopePublicKey scope != null) scopesInUse
+      allowedSignersLines = map (scope: "${emailForScope scope} ${publicKeyForScope scope}") (
+        builtins.filter (scope: emailForScope scope != null && scopeHasSigningKey scope) scopesInUse
      );

-      gitConfigForScope = scope: {
-        gpg.ssh.allowedSignersFile = "${config.xdg.configHome}/git/allowed_signers";
-        user = {
-          name = user.realName;
-          email = emailForScope scope;
-          signingKey = "${privateKeyPathForScope scope}.pub";
-        };
-      };
+      gitConfigForScope =
+        scope:
+        lib.recursiveUpdate {
+          user = {
+            name = user.realName;
+            email = emailForScope scope;
+          };
+        }
+        (lib.optionalAttrs (scopeHasSigningKey scope) {
+          gpg.ssh.allowedSignersFile = "${config.xdg.configHome}/git/allowed_signers";
+          user.signingKey = "${privateKeyPathForScope scope}.pub";
+        });

      gitRoots = [
        {
@@ -114,17 +93,9 @@ in
      imports = [ homeModules.git ];

      assertions = [
-        {
-          assertion = invalidProfileNames == [ ];
-          message = "Invalid source control profiles for `${user.name}`: ${lib.concatStringsSep ", " invalidProfileNames}. Expected `<service>-<scope>` using github/gitlab and personal/work.";
-        }
-        {
-          assertion = missingKeyScopes == [ ];
-          message = "Missing source control keys for `${user.name}` scopes: ${lib.concatStringsSep ", " missingKeyScopes}.";
-        }
        {
          assertion = invalidEmailScopes == [ ];
-          message = "Expected exactly one email selected by name for `${user.name}` scopes: ${lib.concatStringsSep ", " invalidEmailScopes}. Personal uses `personal` or `main`; work uses `work`.";
+          message = "Expected exactly one scoped email for `${user.name}` source-control scopes: ${lib.concatStringsSep ", " invalidEmailScopes}.";
        }
      ];