chore: format everything

2025-10-11 07:10:39 +02:00 · 2024-11-26 13:34:55 +01:00 · 2024-11-26 13:34:55 +01:00 · 7ccd7856ee
commit 7ccd7856ee
parent deca311c68
162 changed files with 4750 additions and 3718 deletions
--- a/config/secrets.nix
+++ b/config/secrets.nix
@ -3,17 +3,18 @@
  inputs,
  lib,
  ...
-}: {
+}:
+{
  # Define local repo secrets
-  repo.secretFiles = let
-    local = config.node.secretsDir + "/local.nix.age";
-  in
-    lib.optionalAttrs (lib.pathExists local) {inherit local;};
+  repo.secretFiles =
+    let
+      local = config.node.secretsDir + "/local.nix.age";
+    in
+    lib.optionalAttrs (lib.pathExists local) { inherit local; };

  # Setup secret rekeying parameters
  age.rekey = {
-    inherit
-      (inputs.self.secretsConfig)
+    inherit (inputs.self.secretsConfig)
      masterIdentities
      extraEncryptionPubkeys
      ;
@ -24,39 +25,46 @@
    localStorageDir = inputs.self.outPath + "/secrets/rekeyed/${config.node.name}";
  };

-  age.generators.basic-auth = {
-    pkgs,
-    lib,
-    decrypt,
-    deps,
-    ...
-  }:
-    lib.flip lib.concatMapStrings deps ({
-      name,
-      host,
-      file,
-    }: ''
-      echo " -> Aggregating [32m"${lib.escapeShellArg host}":[m[33m"${lib.escapeShellArg name}"[m" >&2
-      ${decrypt} ${lib.escapeShellArg file} \
-        | ${pkgs.apacheHttpd}/bin/htpasswd -niBC 12 ${lib.escapeShellArg host}"+"${lib.escapeShellArg name} \
-        || die "Failure while aggregating basic auth hashes"
-    '');
+  age.generators.basic-auth =
+    {
+      pkgs,
+      lib,
+      decrypt,
+      deps,
+      ...
+    }:
+    lib.flip lib.concatMapStrings deps (
+      {
+        name,
+        host,
+        file,
+      }:
+      ''
+        echo " -> Aggregating [32m"${lib.escapeShellArg host}":[m[33m"${lib.escapeShellArg name}"[m" >&2
+        ${decrypt} ${lib.escapeShellArg file} \
+          | ${pkgs.apacheHttpd}/bin/htpasswd -niBC 12 ${lib.escapeShellArg host}"+"${lib.escapeShellArg name} \
+          || die "Failure while aggregating basic auth hashes"
+      ''
+    );

-  age.generators.argon2id = {
-    pkgs,
-    lib,
-    decrypt,
-    deps,
-    ...
-  }: let
-    dep = builtins.head deps;
-  in ''
-    echo " -> Deriving argon2id hash from [32m"${lib.escapeShellArg dep.host}":[m[33m"${lib.escapeShellArg dep.name}"[m" >&2
-    ${decrypt} ${lib.escapeShellArg dep.file} \
-      | tr -d '\n' \
-      | ${pkgs.libargon2}/bin/argon2 "$(${pkgs.openssl}/bin/openssl rand -base64 16)" -id -e \
-      || die "Failure while generating argon2id hash"
-  '';
+  age.generators.argon2id =
+    {
+      pkgs,
+      lib,
+      decrypt,
+      deps,
+      ...
+    }:
+    let
+      dep = builtins.head deps;
+    in
+    ''
+      echo " -> Deriving argon2id hash from [32m"${lib.escapeShellArg dep.host}":[m[33m"${lib.escapeShellArg dep.name}"[m" >&2
+      ${decrypt} ${lib.escapeShellArg dep.file} \
+        | tr -d '\n' \
+        | ${pkgs.libargon2}/bin/argon2 "$(${pkgs.openssl}/bin/openssl rand -base64 16)" -id -e \
+        || die "Failure while generating argon2id hash"
+    '';

  # Just before switching, remove the agenix directory if it exists.
  # This can happen when a secret is used in the initrd because it will
@ -65,8 +73,8 @@
  # to create a link called /run/agenix. Agenix should probably fail in this case,
  # but doesn't and instead puts the generation link into the existing directory.
  # TODO See https://github.com/ryantm/agenix/pull/187.
-  system.activationScripts = lib.mkIf (config.age.secrets != {}) {
+  system.activationScripts = lib.mkIf (config.age.secrets != { }) {
    removeAgenixLink.text = "[[ ! -L /run/agenix ]] && [[ -d /run/agenix ]] && rm -rf /run/agenix";
-    agenixNewGeneration.deps = ["removeAgenixLink"];
+    agenixNewGeneration.deps = [ "removeAgenixLink" ];
  };
 }