From d0c2de9e762fb476b5cb53bb5129bf8af8cb9b45 Mon Sep 17 00:00:00 2001
From: Alan Pearce
Date: Mon, 20 May 2024 18:12:23 +0200
Subject: build: store default configuration in repo and ensure freshness

---
 nix/modules/default.nix   | 27 +++++++++++++++++++--------
 nix/pre-commit-checks.nix | 14 ++++++++++++++
 2 files changed, 33 insertions(+), 8 deletions(-)

(limited to 'nix')

diff --git a/nix/modules/default.nix b/nix/modules/default.nix
index 7d06957..093840b 100644
--- a/nix/modules/default.nix
+++ b/nix/modules/default.nix
@@ -6,10 +6,13 @@ flake:
 }:
 
 let
+  inherit (builtins) fromTOML readFile;
   cfg = config.services.searchix;
 
   package = flake.packages.${pkgs.system}.default;
 
+  defaults = fromTOML (readFile ../../defaults.toml);
+
   settingsFormat = pkgs.formats.toml { };
 
   defaultServiceConfig = {
@@ -120,6 +123,20 @@ in
                   description = "Optionally enable sentry to track errors.";
                   default = "";
                 };
+
+                contentSecurityPolicy = mkOption {
+                  type = types.submodule {
+                    freeformType = settingsFormat.type;
+                  };
+                  description = "Control resources a browser should be allowed to load.";
+                  default = defaults.Web.ContentSecurityPolicy;
+                };
+
+                headers = mkOption {
+                  type = with types; attrsOf str;
+                  description = "HTTP Headers to send with every request. Case-insensitive.";
+                  default = defaults.Web.Headers;
+                };
               };
             };
           };
@@ -140,7 +157,7 @@ in
 
                 updateAt = mkOption {
                   type = types.strMatching "[[:digit:]]{2}:[[:digit:]]{2}:[[:digit:]]{2}";
-                  default = "04:00:00";
+                  default = defaults.Importer.UpdateAt;
                   example = "02:00:00";
                   description = "Time of day to fetch and import new options.";
                 };
@@ -150,15 +167,9 @@ in
                     attrsOf (submodule (import ./source-options.nix {
                       inherit cfg settingsFormat;
                     }));
-                  default = {
-                    nixos.enable = true;
-                    nixpkgs.enable = true;
-                    darwin.enable = false;
-                    home-manager.enable = false;
-                  };
+                  default = defaults.Importer.Sources;
                   description = "Declarative specification of options sources for searchix.";
                 };
-
               };
             };
           };
diff --git a/nix/pre-commit-checks.nix b/nix/pre-commit-checks.nix
index bd6df7c..4858783 100644
--- a/nix/pre-commit-checks.nix
+++ b/nix/pre-commit-checks.nix
@@ -91,5 +91,19 @@ rec {
       entry = "${pkgs.gomod2nix}/bin/gomod2nix";
       pass_filenames = false;
     };
+
+    generate-default-config = {
+      enable = true;
+      name = "generate-default-config";
+      description = "Ensure default configuration file is up-to-date";
+      files = "config.go$";
+      entry =
+        let
+          script = pkgs.writeShellScript "generate-default-config" ''
+            ${pkgs.wgo}/bin/wgo run -exit searchix.go --print-default-config > defaults.toml
+          '';
+        in
+        builtins.toString script;
+    };
   };
 }
-- 
cgit 1.4.1