From d0c2de9e762fb476b5cb53bb5129bf8af8cb9b45 Mon Sep 17 00:00:00 2001 From: Alan Pearce Date: Mon, 20 May 2024 18:12:23 +0200 Subject: build: store default configuration in repo and ensure freshness --- defaults.toml | 143 ++++++++++++++++++++++++++++++++++++++++++++++ nix/modules/default.nix | 27 ++++++--- nix/pre-commit-checks.nix | 14 +++++ 3 files changed, 176 insertions(+), 8 deletions(-) create mode 100644 defaults.toml diff --git a/defaults.toml b/defaults.toml new file mode 100644 index 0000000..a39b592 --- /dev/null +++ b/defaults.toml @@ -0,0 +1,143 @@ +DataPath = './data' +LogLevel = 'INFO' + +[Web] +ListenAddress = 'localhost' +Port = 3000 +SentryDSN = '' +Environment = 'development' +ExtraHeadHTML = '' + +[Web.ContentSecurityPolicy] +base-uri = [] +block-all-mixed-content = false +child-src = [] +connect-src = [] +default-src = ["'self'"] +font-src = [] +form-action = [] +frame-ancestors = [] +frame-src = [] +img-src = [] +manifest-src = [] +media-src = [] +navigate-to = [] +object-src = [] +plugin-types = [] +prefetch-src = [] +referrer = '' +report-to = '' +report-uri = '' +require-sri-for = [] +require-trusted-types-for = [] +sandbox = '' +script-src = [] +script-src-attr = [] +script-src-elem = [] +style-src = [] +style-src-attr = [] +style-src-elem = [] +trusted-types = [] +upgrade-insecure-requests = false +worker-src = [] + +[Web.BaseURL] +Scheme = 'http' +Opaque = '' +Host = 'localhost:3000' +Path = '' +RawPath = '' +OmitHost = false +ForceQuery = false +RawQuery = '' +Fragment = '' +RawFragment = '' + +[Web.Headers] +x-content-type-options = 'nosniff' + +[Importer] +UpdateAt = 04:00:00 + +[Importer.Sources] +[Importer.Sources.darwin] +Name = 'Darwin' +Key = 'darwin' +Enable = false +Fetcher = 1 +Importer = 2 +Channel = 'darwin' +URL = 'https://github.com/LnL7/nix-darwin/archive/master.tar.gz' +Attribute = 'options' +ImportPath = 'release.nix' +FetchTimeout = 300000000000 +ImportTimeout = 900000000000 +OutputPath = 'share/doc/darwin' + +[Importer.Sources.darwin.Repo] +Type = 'github' +Owner = 'LnL7' +Repo = 'nix-darwin' +Revision = '' + +[Importer.Sources.home-manager] +Name = 'Home Manager' +Key = 'home-manager' +Enable = false +Fetcher = 1 +Importer = 2 +Channel = 'home-manager' +URL = 'https://github.com/nix-community/home-manager/archive/master.tar.gz' +Attribute = 'docs.json' +ImportPath = 'default.nix' +FetchTimeout = 300000000000 +ImportTimeout = 900000000000 +OutputPath = 'share/doc/home-manager' + +[Importer.Sources.home-manager.Repo] +Type = 'github' +Owner = 'nix-community' +Repo = 'home-manager' +Revision = '' + +[Importer.Sources.nixos] +Name = 'NixOS' +Key = 'nixos' +Enable = true +Fetcher = 1 +Importer = 2 +Channel = 'nixpkgs' +URL = 'https://channels.nixos.org/nixos-unstable/nixexprs.tar.xz' +Attribute = 'options' +ImportPath = 'nixos/release.nix' +FetchTimeout = 300000000000 +ImportTimeout = 900000000000 +OutputPath = 'share/doc/nixos' + +[Importer.Sources.nixos.Repo] +Type = 'github' +Owner = 'NixOS' +Repo = 'nixpkgs' +Revision = '' + +[Importer.Sources.nixpkgs] +Name = 'Nix Packages' +Key = 'nixpkgs' +Enable = true +Fetcher = 2 +Importer = 1 +Channel = 'nixos-unstable' +URL = '' +Attribute = '' +ImportPath = '' +FetchTimeout = 300000000000 +ImportTimeout = 900000000000 +OutputPath = 'packages.json.br' + +[Importer.Sources.nixpkgs.Repo] +Type = 'github' +Owner = 'NixOS' +Repo = 'nixpkgs' +Revision = '' + +[Importer.Timeout] diff --git a/nix/modules/default.nix b/nix/modules/default.nix index 7d06957..093840b 100644 --- a/nix/modules/default.nix +++ b/nix/modules/default.nix @@ -6,10 +6,13 @@ flake: }: let + inherit (builtins) fromTOML readFile; cfg = config.services.searchix; package = flake.packages.${pkgs.system}.default; + defaults = fromTOML (readFile ../../defaults.toml); + settingsFormat = pkgs.formats.toml { }; defaultServiceConfig = { @@ -120,6 +123,20 @@ in description = "Optionally enable sentry to track errors."; default = ""; }; + + contentSecurityPolicy = mkOption { + type = types.submodule { + freeformType = settingsFormat.type; + }; + description = "Control resources a browser should be allowed to load."; + default = defaults.Web.ContentSecurityPolicy; + }; + + headers = mkOption { + type = with types; attrsOf str; + description = "HTTP Headers to send with every request. Case-insensitive."; + default = defaults.Web.Headers; + }; }; }; }; @@ -140,7 +157,7 @@ in updateAt = mkOption { type = types.strMatching "[[:digit:]]{2}:[[:digit:]]{2}:[[:digit:]]{2}"; - default = "04:00:00"; + default = defaults.Importer.UpdateAt; example = "02:00:00"; description = "Time of day to fetch and import new options."; }; @@ -150,15 +167,9 @@ in attrsOf (submodule (import ./source-options.nix { inherit cfg settingsFormat; })); - default = { - nixos.enable = true; - nixpkgs.enable = true; - darwin.enable = false; - home-manager.enable = false; - }; + default = defaults.Importer.Sources; description = "Declarative specification of options sources for searchix."; }; - }; }; }; diff --git a/nix/pre-commit-checks.nix b/nix/pre-commit-checks.nix index bd6df7c..4858783 100644 --- a/nix/pre-commit-checks.nix +++ b/nix/pre-commit-checks.nix @@ -91,5 +91,19 @@ rec { entry = "${pkgs.gomod2nix}/bin/gomod2nix"; pass_filenames = false; }; + + generate-default-config = { + enable = true; + name = "generate-default-config"; + description = "Ensure default configuration file is up-to-date"; + files = "config.go$"; + entry = + let + script = pkgs.writeShellScript "generate-default-config" '' + ${pkgs.wgo}/bin/wgo run -exit searchix.go --print-default-config > defaults.toml + ''; + in + builtins.toString script; + }; }; } -- cgit 1.4.1