From af2f0014c5d50c3d5f066157fd428bfd14151f2c Mon Sep 17 00:00:00 2001
From: Inex Code <inex.code@selfprivacy.org>
Date: Sun, 15 Dec 2024 03:45:46 +0300
Subject: [PATCH] feat: Filter userdata.json input so we don't pass undefined
 items

---
 flake.nix | 60 ++++++++++++++++++++++++++++++++++++++-----------------
 1 file changed, 42 insertions(+), 18 deletions(-)

diff --git a/flake.nix b/flake.nix
index ff4826a..f74bce0 100644
--- a/flake.nix
+++ b/flake.nix
@@ -25,28 +25,52 @@
             deployment
             ./configuration.nix
             selfprivacy-api.nixosModules.default
-            {
-              # pass userdata (parsed from JSON) options to selfprivacy module
-              selfprivacy = userdata;
+            (
+              let
+                deepFilter = ref: attrset:
+                  builtins.foldl'
+                    (acc: key:
+                      if builtins.hasAttr key ref then
+                        let
+                          value = attrset.${key};
+                          refValue = ref.${key};
+                        in
+                        acc // {
+                          ${key} =
+                            if builtins.isAttrs value && builtins.isAttrs refValue then
+                              deepFilter refValue value
+                            else
+                              value;
+                        }
+                      else
+                        acc
+                    )
+                    { }
+                    (builtins.attrNames attrset);
+              in
+              { options, ... }: {
+                # pass userdata (parsed from JSON) options to selfprivacy module
+                selfprivacy = deepFilter options.selfprivacy userdata;
 
-              # embed top-level flake source folder into the build
-              environment.etc."selfprivacy/nixos-config-source".source =
-                top-level-flake;
+                # embed top-level flake source folder into the build
+                environment.etc."selfprivacy/nixos-config-source".source =
+                  top-level-flake;
 
-              # for running "nix search nixpkgs", "nix shell nixpkgs#PKG... etc
-              nix.registry.nixpkgs.flake = nixpkgs;
+                # for running "nix search nixpkgs", "nix shell nixpkgs#PKG... etc
+                nix.registry.nixpkgs.flake = nixpkgs;
 
-              # embed commit sha1 for `nixos-version --configuration-revision`
-              system.configurationRevision = self.rev
-                or "@${self.lastModifiedDate}"; # for development
-              # TODO assertion to forbid dirty builds caused by top-level-flake
+                # embed commit sha1 for `nixos-version --configuration-revision`
+                system.configurationRevision = self.rev
+                  or "@${self.lastModifiedDate}"; # for development
+                # TODO assertion to forbid dirty builds caused by top-level-flake
 
-              # reset contents of /etc/nixos to match running NixOS generation
-              system.activationScripts.selfprivacy-nixos-config-source = ''
-                rm -rf /etc/nixos/{*,.[!.]*}
-                cp -r --no-preserve=all ${top-level-flake}/ -T /etc/nixos/
-              '';
-            }
+                # reset contents of /etc/nixos to match running NixOS generation
+                system.activationScripts.selfprivacy-nixos-config-source = ''
+                  rm -rf /etc/nixos/{*,.[!.]*}
+                  cp -r --no-preserve=all ${top-level-flake}/ -T /etc/nixos/
+                '';
+              }
+            )
           ]
           ++
           # add SP modules, but constrain available config attributes for each