summary refs log tree commit diff stats
diff options
context:
space:
mode:
-rw-r--r--system/linde.nix70
1 files changed, 40 insertions, 30 deletions
diff --git a/system/linde.nix b/system/linde.nix
index 06196955..f7ae9f9c 100644
--- a/system/linde.nix
+++ b/system/linde.nix
@@ -951,37 +951,47 @@ in
   services.searchix = {
     enable = true;
     settings = {
-      web = {
-        baseURL = "https://searchix.alanpearce.eu";
-        sentryDSN = "https://26d4cd8d20157ae2f6b4726ceae1a563@o4507187730120704.ingest.de.sentry.io/4507187734970448";
-        contentSecurityPolicy = {
-          script-src = [
-            "'self'"
-            "https://gc.zgo.at"
-            "https://js-de.sentry-cdn.com"
-            "https://browser.sentry-cdn.com"
-          ];
-          img-src = [
-            "'self'"
-            "https://gc.zgo.at"
-          ];
-          connect-src = [
-            "'self'"
-            "https://searchix.goatcounter.com/count"
-            "*.sentry.io"
-          ];
-          worker-src = [
-            "blob:"
-          ];
+      web =
+        let
+          baseURL = "https://searchix.alanpearce.eu";
+        in
+        {
+          inherit baseURL;
+          sentryDSN = "https://26d4cd8d20157ae2f6b4726ceae1a563@o4507187730120704.ingest.de.sentry.io/4507187734970448";
+          contentSecurityPolicy =
+            let
+              self = "'self'";
+            in
+            {
+              script-src = [
+                (baseURL + "/static/")
+                "https://gc.zgo.at"
+                "https://js-de.sentry-cdn.com"
+                "https://browser.sentry-cdn.com"
+              ];
+              img-src = [
+                self
+                "https://gc.zgo.at"
+              ];
+              connect-src = [
+                self
+                "https://searchix.goatcounter.com/count"
+                "*.sentry.io"
+              ];
+              worker-src = [
+                "blob:"
+              ];
+            };
+          extraHeadHTML = ''
+              <script async
+              src="https://js-de.sentry-cdn.com/d735e99613a86e1625fb85d0e8e762de.min.js"
+              crossorigin="anonymous"></script>
+            <script data-goatcounter="https://searchix.goatcounter.com/count"
+                    async src="//gc.zgo.at/count.v4.js"
+                    crossorigin="anonymous"
+                    integrity="sha384-nRw6qfbWyJha9LhsOtSb2YJDyZdKvvCFh0fJYlkquSFjUxp9FVNugbfy8q1jdxI+"></script>
+          '';
         };
-        extraHeadHTML = ''
-          <script async
-            src="https://js-de.sentry-cdn.com/d735e99613a86e1625fb85d0e8e762de.min.js"
-            crossorigin="anonymous"></script>
-          <script data-goatcounter="https://searchix.goatcounter.com/count"
-                async src="//gc.zgo.at/count.js"></script>
-        '';
-      };
 
       importer.sources = {
         darwin = {