From 1460fa8131fd10ec52169aa3e7ba65c7ca0ac3bd Mon Sep 17 00:00:00 2001 From: Astro Date: Wed, 27 Oct 2021 17:52:35 +0200 Subject: [PATCH] lib/default.nix: add address collision check --- lib/default.nix | 50 +++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 42 insertions(+), 8 deletions(-) diff --git a/lib/default.nix b/lib/default.nix index 5b7be82d..e993cb11 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -122,6 +122,14 @@ in { assertion = cfg.isInHq -> (config.users.users.root.password == null); message = "Root passwords not allowed in HQ"; } + { + assertion = cfg.hq.enableBinaryCache -> cfg.mapHqHosts; + message = "mapHqHosts must be enabled for enableBinaryCache"; + } + { + assertion = cfg.hq.enableMpdProxy -> cfg.mapHqHosts; + message = "mapHqHosts must be enabled for enableMpdProxy"; + } { assertion = let check = hostName: hostName == config.networking.hostName; @@ -131,14 +139,40 @@ in { toString ../host-registry.nix }"; } - { - assertion = cfg.hq.enableBinaryCache -> cfg.mapHqHosts; - message = "mapHqHosts must be enabled for enableBinaryCache"; - } - { - assertion = cfg.hq.enableMpdProxy -> cfg.mapHqHosts; - message = "mapHqHosts must be enabled for enableMpdProxy"; - } + ( # Check for hostRegistry address collisions + let + getAddrHosts = key: + builtins.foldl' (result: host: + if hostRegistry.hosts.${host} ? "${key}" + then let + addr = hostRegistry.hosts.${host}.${key}; + in if result ? "${addr}" + then result // { + "${addr}" = lib.unique ( + result.${addr} ++ [ host ] + ); + } + else result // { + "${addr}" = [ host ]; + } + else result + ) {} (builtins.attrNames hostRegistry.hosts); + dupHosts = + builtins.concatMap (hosts: + if builtins.length hosts == 1 + then [] + else hosts + ) ( + builtins.attrValues ( + getAddrHosts "ip4" // getAddrHosts "ip6" + ) + ); + in { + assertion = dupHosts == []; + message = "Hosts have duplicate addresses: ${ + lib.concatStringsSep " " dupHosts + }"; + }) ]; networking.defaultGateway = lib.mkIf (!config.networking.useNetworkd) (