diff --git a/lib/default.nix b/lib/default.nix index 5b7be82d..e993cb11 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -122,6 +122,14 @@ in { assertion = cfg.isInHq -> (config.users.users.root.password == null); message = "Root passwords not allowed in HQ"; } + { + assertion = cfg.hq.enableBinaryCache -> cfg.mapHqHosts; + message = "mapHqHosts must be enabled for enableBinaryCache"; + } + { + assertion = cfg.hq.enableMpdProxy -> cfg.mapHqHosts; + message = "mapHqHosts must be enabled for enableMpdProxy"; + } { assertion = let check = hostName: hostName == config.networking.hostName; @@ -131,14 +139,40 @@ in { toString ../host-registry.nix }"; } - { - assertion = cfg.hq.enableBinaryCache -> cfg.mapHqHosts; - message = "mapHqHosts must be enabled for enableBinaryCache"; - } - { - assertion = cfg.hq.enableMpdProxy -> cfg.mapHqHosts; - message = "mapHqHosts must be enabled for enableMpdProxy"; - } + ( # Check for hostRegistry address collisions + let + getAddrHosts = key: + builtins.foldl' (result: host: + if hostRegistry.hosts.${host} ? "${key}" + then let + addr = hostRegistry.hosts.${host}.${key}; + in if result ? "${addr}" + then result // { + "${addr}" = lib.unique ( + result.${addr} ++ [ host ] + ); + } + else result // { + "${addr}" = [ host ]; + } + else result + ) {} (builtins.attrNames hostRegistry.hosts); + dupHosts = + builtins.concatMap (hosts: + if builtins.length hosts == 1 + then [] + else hosts + ) ( + builtins.attrValues ( + getAddrHosts "ip4" // getAddrHosts "ip6" + ) + ); + in { + assertion = dupHosts == []; + message = "Hosts have duplicate addresses: ${ + lib.concatStringsSep " " dupHosts + }"; + }) ]; networking.defaultGateway = lib.mkIf (!config.networking.useNetworkd) (