31 lines
1.1 KiB
Markdown
31 lines
1.1 KiB
Markdown
# Code Review: Config & Packaging
|
|
|
|
## Scope
|
|
- `pkg/config/`
|
|
- `config.example.toml`
|
|
- `go.mod`, `go.sum`
|
|
- `flake.nix`
|
|
- `vendor/`
|
|
|
|
## Findings
|
|
### ✅ Strengths
|
|
- Config validation enforces required Matrix fields and defaults state store path.
|
|
- Example config mirrors the runtime schema and is easy to follow.
|
|
- Nix flake uses `buildGoModule` and includes systemd hardening defaults.
|
|
|
|
### ⚠️ Issues / Opportunities
|
|
1. **vendorHash = null hides dependency drift**
|
|
- `flake.nix` is set to `vendorHash = null`, so Nix will accept the vendor tree without integrity verification.
|
|
- Consider pinning a hash once the vendor tree is stable.
|
|
|
|
2. **Go toolchain version mismatch in dev shell**
|
|
- `go.mod` specifies Go 1.24.0, but the dev shell uses `pkgs.go` (likely 1.23).
|
|
- Consider pinning `go_1_24` in devShell to match the module requirement.
|
|
|
|
3. **Config file parsing assumes local disk**
|
|
- Config load is file-only; no env overrides for access tokens.
|
|
- Consider documenting secret handling if deploying in production.
|
|
|
|
## Notes
|
|
- `config.toml` is ignored by git; ensure deployments generate a proper Matrix config.
|