nixfmt-rfc-style

There is nothing in this commit except for the changes made by nix-shell -p nixfmt-rfc-style --run "nixfmt ." If this has mucked up your open branches then sorry about that. You can probably nixfmt them to match before merging
2025-02-10 21:55:08 +00:00
parent 13cc5a8992
commit 7e2b0068e6
211 changed files with 6049 additions and 4355 deletions
--- a/modules/ssh/ssh.nix
+++ b/modules/ssh/ssh.nix
@@ -1,8 +1,8 @@
 {
-  liminix
-, dropbear
-, lib
-, watch-ssh-keys
+  liminix,
+  dropbear,
+  lib,
+  watch-ssh-keys,
 }:
 {
  address,
@@ -14,7 +14,7 @@
  allowRoot,
  authorizedKeys,
  port,
-  extraConfig
+  extraConfig,
 }:
 let
  name = "sshd";
@@ -24,37 +24,39 @@ let
  keydir = "/run/${name}/authorized_keys";
  options =
    [
-      "-e" #  pass environment to child
-      "-E" #  log to stderr
-      "-R" #  create hostkeys if needed
+      "-e" # pass environment to child
+      "-E" # log to stderr
+      "-R" # create hostkeys if needed
      "-P /run/dropbear.pid"
-      "-F" #  don't fork into background
-    ] ++
-    (lib.optional (! allowRoot) "-w") ++
-    (lib.optional (! allowPasswordLogin) "-s") ++
-    (lib.optional (! allowPasswordLoginForRoot) "-g") ++
-    (lib.optional (! allowLocalPortForward) "-j") ++
-    (lib.optional (! allowRemotePortForward) "-k") ++
-    (lib.optional (! allowRemoteConnectionToForwardedPorts) "-a") ++
-    (lib.optionals (authorizedKeys != null) ["-U" "${keydir}/%n"]) ++
-    [(if address != null
-      then "-p ${address}:${toString port}"
-      else "-p ${toString port}")] ++
-    [extraConfig];
+      "-F" # don't fork into background
+    ]
+    ++ (lib.optional (!allowRoot) "-w")
+    ++ (lib.optional (!allowPasswordLogin) "-s")
+    ++ (lib.optional (!allowPasswordLoginForRoot) "-g")
+    ++ (lib.optional (!allowLocalPortForward) "-j")
+    ++ (lib.optional (!allowRemotePortForward) "-k")
+    ++ (lib.optional (!allowRemoteConnectionToForwardedPorts) "-a")
+    ++ (lib.optionals (authorizedKeys != null) [
+      "-U"
+      "${keydir}/%n"
+    ])
+    ++ [
+      (if address != null then "-p ${address}:${toString port}" else "-p ${toString port}")
+    ]
+    ++ [ extraConfig ];
  isKeyservice = typeOf authorizedKeys == "lambda";
  authKeysConcat =
-    if authorizedKeys != null && !isKeyservice
-    then mapAttrs
-      (n : v : concatStringsSep "\\n" v)
-      authorizedKeys
-    else {};
+    if authorizedKeys != null && !isKeyservice then
+      mapAttrs (n: v: concatStringsSep "\\n" v) authorizedKeys
+    else
+      { };
  keyservice = longrun {
    name = "${name}-watch-keys";
    run = ''
      mkdir -p ${keydir}
      exec ${watch-ssh-keys}/bin/watch-ssh-keys -d ${keydir} ${authorizedKeys "service"} ${authorizedKeys "path"}
    '';
-    dependencies = [ (authorizedKeys "service") ] ;
+    dependencies = [ (authorizedKeys "service") ];
  };
 in
 longrun {
@@ -66,12 +68,9 @@ longrun {
  run = ''
    ln -s $(mkstate dropbear) /run
    mkdir -p /run/${name}/authorized_keys
-    ${concatStringsSep "\n"
-      (mapAttrsToList
-        (n : v : "echo -e '${v}' > /run/${name}/authorized_keys/${n} ")
-        authKeysConcat
-      )
-     }
+    ${concatStringsSep "\n" (
+      mapAttrsToList (n: v: "echo -e '${v}' > /run/${name}/authorized_keys/${n} ") authKeysConcat
+    )}
    . /etc/profile # sets PATH but do we need this?  it's the same file as ashrc
    exec env -i ENV=/etc/ashrc PATH=$PATH ${dropbear}/bin/dropbear ${concatStringsSep " " options}
  '';