feat(module): use kebab-case for option names, make more flexible

[water-sucks]

The NixOS module had a couple of small cosmetic issues, as well as missing features; this PR takes some time to address them.

• Most NixOS options use kebab-case instead of camelCase for option identifiers. This standardizes the option names to use kebab-case and also nests relevant options into attrsets that might benefit from more granular configuration in the future.
• The option cache is a frequent source of evaluation failure scenarios. This PR adds a new option (derived from the optnix Nix library) to exclude options that would otherwise result in evaluation failures, which can unblock users from bad configurations while they report issues to their respective upstreams.
• sudo env var preservation was not configurable. This makes it configurable, and adds a notice about when it should be used with regards to the new updates with env wrappers.
• Some people use doas, but automatic env preservation was not configured. This adds that automatic configuration with sane env preservation defaults similar to the added sudo defaults.

Summary by CodeRabbit

Release Notes

• New Features

  • Added activation-interface configuration option
  • Added option-cache configuration with exclude mechanism
  • Added preserve-env option for managing environment variables

• Configuration Changes

  • Renamed generationTag to generation-tag
  • Updated corresponding option mappings and descriptions

[water-sucks]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request refactors the nix module to introduce utility functions for nested attribute manipulation, restructure option paths via renaming (prebuildOptionCache → option-cache.enable, useActivationInterface → activation-interface.enable, generationTag → generation-tag), add new configuration options for environment preservation and option caching, and removes an example test.

Changes

Cohort / File(s)	Summary
Module Refactoring nix/module.nix	Introduces utility functions (removeNestedAttrs, parsePath, removeAtPath) for manipulating nested attributes; renames and restructures options (prebuildOptionCache, useActivationInterface, generationTag); adds new public options (activation-interface, option-cache, preserve-env); updates nixos-version.json generation; refactors sudo/doas rule handling with dynamic environment variable preservation; adds system-level activation wiring and conditional option pruning logic.
Test Removal nix/tests/example.nix	Removes entire NixOS test block that defined an example test using pkgs.testers.runNixOSTest with a single machine configuration and test script.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately captures the main changes: standardizing to kebab-case for option names and making the module more flexible through new configuration options like option-cache exclusion and preserve-env.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@nix/module.nix`:
- Around line 193-198: The doas rule is producing duplicate SSH_AUTH_SOCK
entries because the module unconditionally prepends "SSH_AUTH_SOCK TERMINFO
TERMINFO_DIRS" while you also pass cfg.preserve-env into setEnv; update the
assignment used in security.doas.extraRules so the preserved-env list explicitly
removes the unconditional SSH_AUTH_SOCK before passing it to setEnv (e.g.
prepend "-SSH_AUTH_SOCK" or otherwise filter cfg.preserve-env) so the final
setEnv for the rule does not contain SSH_AUTH_SOCK twice.
- Around line 138-152: The description incorrectly references a non-existent
nested attribute `options.services.nixos-cli.preserve-env.options`; update the
text to point to the correct attribute `services.nixos-cli.preserve-env` (or
`options.services.nixos-cli.preserve-env` if referring to the evaluated option
path) so users look up the list value correctly; locate the paragraph mentioning
`options.services.nixos-cli.preserve-env.options` and replace that token with
`services.nixos-cli.preserve-env` and adjust surrounding wording if needed to
reflect that `preserve-env` is a list of strings.
- Around line 115-124: The option-cache.exclude mkOption lacks a type and
default which causes evaluation failures when cfg.option-cache.exclude is
referenced; update the lib.mkOption for option-cache.exclude to set an explicit
type (e.g. a list type such as types.listOf types.str or appropriate
attr-path/list type consistent with removeNestedAttrs usage) and add default =
[] so cfg.option-cache.exclude is defined by default; ensure this change aligns
with option-cache.enable behavior and prevents lib.foldl' in removeNestedAttrs
from receiving a non-list.