nixfmt-rfc-style

There is nothing in this commit except for the changes made by nix-shell -p nixfmt-rfc-style --run "nixfmt ." If this has mucked up your open branches then sorry about that. You can probably nixfmt them to match before merging
2025-02-10 21:55:08 +00:00
parent 13cc5a8992
commit 7e2b0068e6
211 changed files with 6049 additions and 4355 deletions
--- a/modules/ssh/default.nix
+++ b/modules/ssh/default.nix
@@ -3,18 +3,26 @@
 ##
 ## Provide SSH service using Dropbear

-{ lib, pkgs, config, ...}:
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}:
 let
  inherit (lib) mkOption types;
  inherit (pkgs) liminix;
  inherit (pkgs.pseudofile) dir file;
-  mkBoolOption = description : mkOption {
-    type = types.bool;
-    inherit description;
-    default = true;
-  };
+  mkBoolOption =
+    description:
+    mkOption {
+      type = types.bool;
+      inherit description;
+      default = true;
+    };

-in {
+in
+{
  options = {
    system.service.ssh = mkOption {
      type = liminix.lib.types.serviceDefn;
@@ -47,15 +55,16 @@ in {
      allowLocalPortForward = mkBoolOption "Enable local port forwarding";
      allowRemotePortForward = mkBoolOption "Enable remote port forwarding";
      allowRemoteConnectionToForwardedPorts = mkOption {
-        type = types.bool; default = false;
+        type = types.bool;
+        default = false;
        description = "Allow remote hosts to connect to local forwarded ports (by default they are bound to loopback)";
      };
      authorizedKeys = mkOption {
        type = types.nullOr (liminix.lib.types.replacable (types.attrsOf (types.listOf types.nonEmptyStr)));
        example = {
-          root = ["ssh-rsa AAAAB3N...aZaZ"];
-          alice = ["ssh-rsa AAAAB3N...qS4r"];
-          bob = [];
+          root = [ "ssh-rsa AAAAB3N...aZaZ" ];
+          alice = [ "ssh-rsa AAAAB3N...qS4r" ];
+          bob = [ ];
        };
        default = null;
        description = "Authorized SSH public keys for each username. If this optin is provided it overrides any keys found in /home/{username}/.ssh";
--- a/modules/ssh/ssh.nix
+++ b/modules/ssh/ssh.nix
@@ -1,8 +1,8 @@
 {
-  liminix
-, dropbear
-, lib
-, watch-ssh-keys
+  liminix,
+  dropbear,
+  lib,
+  watch-ssh-keys,
 }:
 {
  address,
@@ -14,7 +14,7 @@
  allowRoot,
  authorizedKeys,
  port,
-  extraConfig
+  extraConfig,
 }:
 let
  name = "sshd";
@@ -24,37 +24,39 @@ let
  keydir = "/run/${name}/authorized_keys";
  options =
    [
-      "-e" #  pass environment to child
-      "-E" #  log to stderr
-      "-R" #  create hostkeys if needed
+      "-e" # pass environment to child
+      "-E" # log to stderr
+      "-R" # create hostkeys if needed
      "-P /run/dropbear.pid"
-      "-F" #  don't fork into background
-    ] ++
-    (lib.optional (! allowRoot) "-w") ++
-    (lib.optional (! allowPasswordLogin) "-s") ++
-    (lib.optional (! allowPasswordLoginForRoot) "-g") ++
-    (lib.optional (! allowLocalPortForward) "-j") ++
-    (lib.optional (! allowRemotePortForward) "-k") ++
-    (lib.optional (! allowRemoteConnectionToForwardedPorts) "-a") ++
-    (lib.optionals (authorizedKeys != null) ["-U" "${keydir}/%n"]) ++
-    [(if address != null
-      then "-p ${address}:${toString port}"
-      else "-p ${toString port}")] ++
-    [extraConfig];
+      "-F" # don't fork into background
+    ]
+    ++ (lib.optional (!allowRoot) "-w")
+    ++ (lib.optional (!allowPasswordLogin) "-s")
+    ++ (lib.optional (!allowPasswordLoginForRoot) "-g")
+    ++ (lib.optional (!allowLocalPortForward) "-j")
+    ++ (lib.optional (!allowRemotePortForward) "-k")
+    ++ (lib.optional (!allowRemoteConnectionToForwardedPorts) "-a")
+    ++ (lib.optionals (authorizedKeys != null) [
+      "-U"
+      "${keydir}/%n"
+    ])
+    ++ [
+      (if address != null then "-p ${address}:${toString port}" else "-p ${toString port}")
+    ]
+    ++ [ extraConfig ];
  isKeyservice = typeOf authorizedKeys == "lambda";
  authKeysConcat =
-    if authorizedKeys != null && !isKeyservice
-    then mapAttrs
-      (n : v : concatStringsSep "\\n" v)
-      authorizedKeys
-    else {};
+    if authorizedKeys != null && !isKeyservice then
+      mapAttrs (n: v: concatStringsSep "\\n" v) authorizedKeys
+    else
+      { };
  keyservice = longrun {
    name = "${name}-watch-keys";
    run = ''
      mkdir -p ${keydir}
      exec ${watch-ssh-keys}/bin/watch-ssh-keys -d ${keydir} ${authorizedKeys "service"} ${authorizedKeys "path"}
    '';
-    dependencies = [ (authorizedKeys "service") ] ;
+    dependencies = [ (authorizedKeys "service") ];
  };
 in
 longrun {
@@ -66,12 +68,9 @@ longrun {
  run = ''
    ln -s $(mkstate dropbear) /run
    mkdir -p /run/${name}/authorized_keys
-    ${concatStringsSep "\n"
-      (mapAttrsToList
-        (n : v : "echo -e '${v}' > /run/${name}/authorized_keys/${n} ")
-        authKeysConcat
-      )
-     }
+    ${concatStringsSep "\n" (
+      mapAttrsToList (n: v: "echo -e '${v}' > /run/${name}/authorized_keys/${n} ") authKeysConcat
+    )}
    . /etc/profile # sets PATH but do we need this?  it's the same file as ashrc
    exec env -i ENV=/etc/ashrc PATH=$PATH ${dropbear}/bin/dropbear ${concatStringsSep " " options}
  '';