nixfmt-rfc-style

There is nothing in this commit except for the changes made by nix-shell -p nixfmt-rfc-style --run "nixfmt ." If this has mucked up your open branches then sorry about that. You can probably nixfmt them to match before merging
2025-02-10 21:55:08 +00:00
parent 13cc5a8992
commit 7e2b0068e6
211 changed files with 6049 additions and 4355 deletions
--- a/modules/tls-certificate/certifix-client.nix
+++ b/modules/tls-certificate/certifix-client.nix
@@ -1,9 +1,16 @@
-{ liminix, certifix-client, svc, lib, writeText, serviceFns }:
+{
+  liminix,
+  certifix-client,
+  svc,
+  lib,
+  writeText,
+  serviceFns,
+}:
 {
  caCertificate,
  secret,
  subject,
-  serviceUrl
+  serviceUrl,
 }:
 let
  inherit (builtins) filter isString split;
@@ -11,7 +18,8 @@ let
  name = "certifix-${lib.strings.sanitizeDerivationName subject}";
  caCertFile = writeText "ca.crt" caCertificate;
  secretFile = writeText "secret" secret;
-in oneshot {
+in
+oneshot {
  inherit name;
  up = ''
    (in_outputs ${name}
--- a/modules/tls-certificate/default.nix
+++ b/modules/tls-certificate/default.nix
@@ -1,5 +1,9 @@
-
-{ lib, pkgs, config, ...}:
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}:
 let
  inherit (lib) mkOption types;
  inherit (pkgs) liminix;
@@ -7,34 +11,35 @@ in
 {
  options = {
    system.service.tls-certificate = {
-      certifix-client =  mkOption {
+      certifix-client = mkOption {
        type = liminix.lib.types.serviceDefn;
      };
    };
  };
  config.system.service.tls-certificate.certifix-client =
-    config.system.callService ./certifix-client.nix {
-      # this is probably read from files on the build machine,
-      # but are not named with ...File suffix because they are
-      # not files on the device (they get embedded into the store)
-      caCertificate = mkOption {
-        description = "CA certificate in PEM format. This must be the same CA as that which signed the certificate of the Certifix server";
-        type = types.str;
+    config.system.callService ./certifix-client.nix
+      {
+        # this is probably read from files on the build machine,
+        # but are not named with ...File suffix because they are
+        # not files on the device (they get embedded into the store)
+        caCertificate = mkOption {
+          description = "CA certificate in PEM format. This must be the same CA as that which signed the certificate of the Certifix server";
+          type = types.str;
+        };
+        secret = mkOption {
+          description = "The shared secret to embed in signing request. This must match the secret configured in the Certifix service, otherwise it will refuse to sign the CSR.";
+          type = types.str;
+        };
+        subject = mkOption {
+          description = "Subject of the certificate request, as an X509 DN. The CN ('Common Name') you provide here is also used as the value of the SubjectAlternativeName extension.";
+          type = types.str;
+          example = "C=GB,ST=London,O=Liminix,OU=IT,CN=myhostname";
+        };
+        serviceUrl = mkOption {
+          description = "Certifix server endpoint URL";
+          type = types.str;
+          example = "https://certifix.lan:19613/sign";
+        };
      };
-      secret = mkOption {
-        description = "The shared secret to embed in signing request. This must match the secret configured in the Certifix service, otherwise it will refuse to sign the CSR.";
-        type = types.str;
-      };
-      subject = mkOption {
-        description = "Subject of the certificate request, as an X509 DN. The CN ('Common Name') you provide here is also used as the value of the SubjectAlternativeName extension.";
-        type = types.str;
-        example = "C=GB,ST=London,O=Liminix,OU=IT,CN=myhostname";
-      };
-      serviceUrl = mkOption {
-        description = "Certifix server endpoint URL";
-        type = types.str;
-        example = "https://certifix.lan:19613/sign";
-      };
-    };

 }