Nix the programming language in the context of NixOS (the Linux Distribution) allows the creation of assertions so that you can check some constraints at build-time of packages or even your whole distribution!
This is done using a special attribute in modules :
{ repo, ... }:
{
assertions = [
{
assertion = ((builtins.length repo.ssh-keys) > 0);
message = "There must be at least one SSH key";
}
];
}This way, if you somehow build a configuration which is actually missing an SSH key, the build will automatically fail and tell you why you shouldn't actually do this.
This is quite nice and easy to actually use!
You can even use it in modules !
{ config, lib, repo, ... }:
let
cfg = config.my.home.ssh-key;
in
{
options.my.home.ssh-key = {
enable = lib.mkOption {
default = true;
description = "setup at least one ssh key";
};
};
config = lib.mkIf cfg.enable {
# Assert SSH keys
assertions = [
{
assertion = ((builtins.length repo.keys) > 0);
message = "There must be at least one SSH key";
}
];
};
}And activated the following way
{ config, lib, repo, ... }:
{
imports = [
# Just import the file!
./options/ssh-key.nix
];
}This is a simple way to do safer build-time constraints for infrastructure. This is however not sufficient for some more advanced constraints.
For instance, what if you wanted to have a verification that your etcd cluster
update works beforehand with your current config and setup ?
In that case you could use NixOS tests to boot some VMs with the same
configuration and execute some integration tests on them automatically at
build time.
This is called NixOS VM Tests and is described in the manual : https://nixos.org/manual/nixos/stable/index.html#sec-nixos-tests
Farewell!