Schema

Source

modules/options.nix — nix/lib/entities/

Schema Base Modules

Each of host, user, home configuration objects have freeform-types, meaning you can assign any attribute into them as meta-data.

However, at times you might want to have shared meta-data between all hosts or all users.

The base modules, den.schema.* serve for this purpose. They are not aspects, they are meta-data (the attributes of host) that aspects can later read for providing configuration.

For example, instead of:

den.hosts.x86_64-linux.igloo = {
  hardened = true; # custom free-form metadata

  # repetitive
  users.alice.classes = [ "homeManager" ];
  users.bob.classes = [ "homeManager" ];
};

You can do:

# This is not an aspect, it is a meta-configuration of the host capabilities.
den.schema.host = { host, lib, ... }: {
   options.hardened = lib.mkEnableOption "Is it secure";
   config.hardened = lib.mkDefault true;
};

# The meta-configuration module for all users
den.schema.user = { user, lib, ... }: {
   config.classes = lib.mkDefault [ "homeManager" ];
};

All hosts you create will be hardened = true by default. And aspects will be able to read host.hardened value.

den.schema

Base modules merged into all hosts, users, or homes.

Option	Type	Description
den.schema.conf	deferredModule	Applied to host, user, and home
den.schema.host	deferredModule	Applied to all hosts (imports conf)
den.schema.user	deferredModule	Applied to all users (imports conf)
den.schema.home	deferredModule	Applied to all homes (imports conf)

den.schema.conf = { lib, ... }: {
  # shared across all host/user/home declarations
};
den.schema.host = { ... }: {
  # host-specific base config
};

A schema entry also accepts two list attributes, stripped before the module merge and consumed by the resolution pipeline:

Attribute	Type	Description
includes	listOf raw	Aspects/policies activated for every entity of this kind
excludes	listOf raw	Aspects/policies suppressed for every entity of this kind

# Activate a policy for every host
den.schema.host.includes = [ den.policies.host-to-peers ];

See Policy Activation for how includes drives activation.

Entity Kinds

Entity kinds (host, user, home) are derived from the keys of den.schema. The pipeline uses the kind name to dispatch policies and resolve entities. Adding a key to den.schema registers a new entity kind. Den pre-registers fleet as an empty kind used by the diagram and fleet-view machinery.

den.hosts

Type: attrsOf systemType

Keyed by system string (e.g., "x86_64-linux"). Each system contains host definitions as freeform attribute sets.

den.hosts.x86_64-linux.myhost = {
  users.vic = {};
};

Host options

Option	Type	Default	Description
name	str	attr name	Configuration name
hostName	str	name	Network hostname
system	str	parent key	Platform (e.g., x86_64-linux)
class	str	auto	"nixos" or "darwin" based on system
aspect	raw	den.aspects.<name>	Resolved aspect attrset for this host
description	str	auto	class.hostName@system
resolved	raw	auto	Resolved aspect from context pipeline (see below)
users	attrsOf userType	{}	User accounts on this host
collisionPolicy	null | enum	null	Class module collision policy for this entity: "error", "den-wins", or "class-wins". See Class Modules.
instantiate	raw	auto	OS builder function
intoAttr	listOf str	auto	Flake output path
*	den.schema.host options		Options from base module
*			free-form attributes

instantiate defaults

Class	Default
nixos	inputs.nixpkgs.lib.nixosSystem
darwin	inputs.darwin.lib.darwinSystem
systemManager	inputs.system-manager.lib.makeSystemConfig

intoAttr defaults

Class	Default
nixos	[ "nixosConfigurations" name ]
darwin	[ "darwinConfigurations" name ]
systemManager	[ "systemConfigs" name ]

den.hosts.<sys>.<host>.users

Type: attrsOf userType

User options

Option	Type	Default	Description
name	str	attr name	User configuration name
userName	str	name	System account name
classes	listOf str	[ "user" ]	Nix classes this user participates in
aspect	raw	den.aspects.<name>	Resolved aspect attrset
host	raw	parent host	The host this user belongs to
collisionPolicy	null | enum	null	Class module collision policy: "error", "den-wins", or "class-wins". See Class Modules.
resolved	raw	auto	Resolved aspect from context pipeline (see below)
*	den.schema.user options		Options from base module
*			free-form attributes

Freeform: additional attributes pass through to the user module.

den.homes

Type: attrsOf homeSystemType

Standalone home-manager configurations, keyed by system string. A key of the form user@host binds the home to an existing host’s user; a bare key declares an unbound standalone home.

den.homes.x86_64-linux.vic = {};

Home options

Option	Type	Default	Description
name	str	parsed name	Home configuration name (the part before @ in a user@host key)
userName	str	parsed name	User account name
hostName	null | str	parsed host	Bound host name, or null for unbound standalone homes (the part after @)
host	raw	resolved host	Bound host entity, or null when standalone
user	raw	resolved user	Bound user entity, or null when standalone
system	str	parent key	Platform system
class	str	"homeManager"	Home management class
aspect	raw	den.aspects.<name>	Resolved aspect attrset
description	str	auto	home.name@system
pkgs	raw	inputs.nixpkgs.legacyPackages.$sys	Nixpkgs instance
instantiate	raw	inputs.home-manager.lib.homeManagerConfiguration	Builder
collisionPolicy	null | enum	null	Class module collision policy: "error", "den-wins", or "class-wins". See Class Modules.
resolved	raw	auto	Resolved aspect from context pipeline (see below)
intoAttr	listOf str	[ "homeConfigurations" name ]	Output path
*	den.schema.home options		Options from base module
*			free-form attributes

Entity resolved

Every entity (host, user, home) has a resolved attribute — the aspect produced by running the entity through the resolution pipeline. This is auto-derived and used internally by mainModule to produce the entity’s final configuration.