treewide: apply nixfmt to a few more files
This commit is contained in:
parent
1d90b6065a
commit
2499b91692
6 changed files with 154 additions and 160 deletions
5
format
5
format
|
@ -25,13 +25,8 @@ find . -name '*.nix' \
|
|||
! -path ./modules/manual.nix \
|
||||
! -path ./modules/misc/news.nix \
|
||||
! -path ./modules/programs/bash.nix \
|
||||
! -path ./modules/programs/gpg.nix \
|
||||
! -path ./modules/programs/ssh.nix \
|
||||
! -path ./modules/programs/zsh.nix \
|
||||
! -path ./modules/services/gpg-agent.nix \
|
||||
! -path ./modules/services/mpd.nix \
|
||||
! -path ./nix-darwin/default.nix \
|
||||
! -path ./tests/default.nix \
|
||||
! -path ./tests/modules/home-environment/session-variables.nix \
|
||||
! -path ./tests/modules/programs/gpg/override-defaults.nix \
|
||||
-exec nixfmt $CHECK_ARG {} +
|
||||
|
|
|
@ -6,9 +6,7 @@ let
|
|||
cfg = config.programs.gpg;
|
||||
|
||||
mkKeyValue = key: value:
|
||||
if isString value
|
||||
then "${key} ${value}"
|
||||
else optionalString value key;
|
||||
if isString value then "${key} ${value}" else optionalString value key;
|
||||
|
||||
cfgText = generators.toKeyValue {
|
||||
inherit mkKeyValue;
|
||||
|
@ -22,7 +20,7 @@ let
|
|||
|
||||
primitiveType = types.oneOf [ types.str types.bool ];
|
||||
|
||||
publicKeyOpts = { config, ...}: {
|
||||
publicKeyOpts = { config, ... }: {
|
||||
options = {
|
||||
text = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
|
@ -40,7 +38,18 @@ let
|
|||
};
|
||||
|
||||
trust = mkOption {
|
||||
type = types.nullOr (types.enum ["unknown" 1 "never" 2 "marginal" 3 "full" 4 "ultimate" 5]);
|
||||
type = types.nullOr (types.enum [
|
||||
"unknown"
|
||||
1
|
||||
"never"
|
||||
2
|
||||
"marginal"
|
||||
3
|
||||
"full"
|
||||
4
|
||||
"ultimate"
|
||||
5
|
||||
]);
|
||||
default = null;
|
||||
apply = v:
|
||||
if isString v then
|
||||
|
@ -51,7 +60,8 @@ let
|
|||
full = 4;
|
||||
ultimate = 5;
|
||||
}.${v}
|
||||
else v;
|
||||
else
|
||||
v;
|
||||
description = ''
|
||||
The amount of trust you have in the key ownership and the care the
|
||||
owner puts into signing other keys. The available levels are
|
||||
|
@ -85,13 +95,12 @@ let
|
|||
};
|
||||
|
||||
config = {
|
||||
source = mkIf (config.text != null)
|
||||
(pkgs.writeText "gpg-pubkey" config.text);
|
||||
source =
|
||||
mkIf (config.text != null) (pkgs.writeText "gpg-pubkey" config.text);
|
||||
};
|
||||
};
|
||||
|
||||
importTrustBashFunctions =
|
||||
let gpg = "${cfg.package}/bin/gpg";
|
||||
importTrustBashFunctions = let gpg = "${cfg.package}/bin/gpg";
|
||||
in ''
|
||||
function gpgKeyId() {
|
||||
${gpg} --show-key --with-colons "$1" \
|
||||
|
@ -110,14 +119,13 @@ let
|
|||
}
|
||||
'';
|
||||
|
||||
keyringFiles =
|
||||
let
|
||||
keyringFiles = let
|
||||
gpg = "${cfg.package}/bin/gpg";
|
||||
|
||||
importKey = { source, trust, ... }: ''
|
||||
${gpg} --import ${source}
|
||||
${optionalString (trust != null) ''
|
||||
importTrust "${source}" ${toString trust}''}
|
||||
${optionalString (trust != null)
|
||||
''importTrust "${source}" ${toString trust}''}
|
||||
'';
|
||||
|
||||
importKeys = concatMapStringsSep "\n" importKey cfg.publicKeys;
|
||||
|
@ -135,8 +143,7 @@ let
|
|||
fi
|
||||
'';
|
||||
|
||||
in
|
||||
{
|
||||
in {
|
||||
options.programs.gpg = {
|
||||
enable = mkEnableOption "GnuPG";
|
||||
|
||||
|
@ -145,11 +152,13 @@ in
|
|||
default = pkgs.gnupg;
|
||||
defaultText = literalExpression "pkgs.gnupg";
|
||||
example = literalExpression "pkgs.gnupg23";
|
||||
description = "The Gnupg package to use (also used the gpg-agent service).";
|
||||
description =
|
||||
"The Gnupg package to use (also used the gpg-agent service).";
|
||||
};
|
||||
|
||||
settings = mkOption {
|
||||
type = types.attrsOf (types.either primitiveType (types.listOf types.str));
|
||||
type =
|
||||
types.attrsOf (types.either primitiveType (types.listOf types.str));
|
||||
example = literalExpression ''
|
||||
{
|
||||
no-comments = false;
|
||||
|
@ -167,7 +176,8 @@ in
|
|||
};
|
||||
|
||||
scdaemonSettings = mkOption {
|
||||
type = types.attrsOf (types.either primitiveType (types.listOf types.str));
|
||||
type =
|
||||
types.attrsOf (types.either primitiveType (types.listOf types.str));
|
||||
example = literalExpression ''
|
||||
{
|
||||
disable-ccid = true;
|
||||
|
@ -182,9 +192,10 @@ in
|
|||
|
||||
homedir = mkOption {
|
||||
type = types.path;
|
||||
example = literalExpression "\"\${config.xdg.dataHome}/gnupg\"";
|
||||
example = literalExpression ''"''${config.xdg.dataHome}/gnupg"'';
|
||||
default = "${config.home.homeDirectory}/.gnupg";
|
||||
defaultText = literalExpression "\"\${config.home.homeDirectory}/.gnupg\"";
|
||||
defaultText =
|
||||
literalExpression ''"''${config.home.homeDirectory}/.gnupg"'';
|
||||
description = "Directory to store keychains and configuration.";
|
||||
};
|
||||
|
||||
|
@ -236,7 +247,8 @@ in
|
|||
personal-cipher-preferences = mkDefault "AES256 AES192 AES";
|
||||
personal-digest-preferences = mkDefault "SHA512 SHA384 SHA256";
|
||||
personal-compress-preferences = mkDefault "ZLIB BZIP2 ZIP Uncompressed";
|
||||
default-preference-list = mkDefault "SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed";
|
||||
default-preference-list = mkDefault
|
||||
"SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed";
|
||||
cert-digest-algo = mkDefault "SHA512";
|
||||
s2k-digest-algo = mkDefault "SHA512";
|
||||
s2k-cipher-algo = mkDefault "AES256";
|
||||
|
@ -258,9 +270,7 @@ in
|
|||
};
|
||||
|
||||
home.packages = [ cfg.package ];
|
||||
home.sessionVariables = {
|
||||
GNUPGHOME = cfg.homedir;
|
||||
};
|
||||
home.sessionVariables = { GNUPGHOME = cfg.homedir; };
|
||||
|
||||
home.file."${cfg.homedir}/gpg.conf".text = cfgText;
|
||||
|
||||
|
@ -268,23 +278,22 @@ in
|
|||
|
||||
# Link keyring if keys are not mutable
|
||||
home.file."${cfg.homedir}/pubring.kbx" =
|
||||
mkIf (!cfg.mutableKeys && cfg.publicKeys != []) {
|
||||
mkIf (!cfg.mutableKeys && cfg.publicKeys != [ ]) {
|
||||
source = "${keyringFiles}/pubring.kbx";
|
||||
};
|
||||
|
||||
home.activation = mkIf (cfg.publicKeys != []) {
|
||||
importGpgKeys =
|
||||
let
|
||||
home.activation = mkIf (cfg.publicKeys != [ ]) {
|
||||
importGpgKeys = let
|
||||
gpg = "${cfg.package}/bin/gpg";
|
||||
|
||||
importKey = { source, trust, ... }:
|
||||
# Import mutable keys
|
||||
optional cfg.mutableKeys ''
|
||||
$DRY_RUN_CMD ${gpg} $QUIET_ARG --import ${source}''
|
||||
optional cfg.mutableKeys
|
||||
"$DRY_RUN_CMD ${gpg} $QUIET_ARG --import ${source}"
|
||||
|
||||
# Import mutable trust
|
||||
++ optional (trust != null && cfg.mutableTrust) ''
|
||||
$DRY_RUN_CMD importTrust "${source}" ${toString trust}'';
|
||||
++ optional (trust != null && cfg.mutableTrust)
|
||||
''$DRY_RUN_CMD importTrust "${source}" ${toString trust}'';
|
||||
|
||||
anyTrust = any (k: k.trust != null) cfg.publicKeys;
|
||||
|
||||
|
@ -292,8 +301,7 @@ in
|
|||
|
||||
# If any key/trust should be imported then create the block. Otherwise
|
||||
# leave it empty.
|
||||
block = concatStringsSep "\n" (
|
||||
optional (importKeys != "") ''
|
||||
block = concatStringsSep "\n" (optional (importKeys != "") ''
|
||||
export GNUPGHOME=${escapeShellArg cfg.homedir}
|
||||
if [[ ! -v VERBOSE ]]; then
|
||||
QUIET_ARG="--quiet"
|
||||
|
@ -304,9 +312,8 @@ in
|
|||
${importKeys}
|
||||
unset GNUPGHOME QUIET_ARG keyId importTrust
|
||||
'' ++ optional (!cfg.mutableTrust && anyTrust) ''
|
||||
install -m 0700 ${keyringFiles}/trustdb.gpg "${cfg.homedir}/trustdb.gpg"''
|
||||
);
|
||||
in lib.hm.dag.entryAfter ["linkGeneration"] block;
|
||||
install -m 0700 ${keyringFiles}/trustdb.gpg "${cfg.homedir}/trustdb.gpg"'');
|
||||
in lib.hm.dag.entryAfter [ "linkGeneration" ] block;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -12,8 +12,7 @@ let
|
|||
gpgInitStr = ''
|
||||
GPG_TTY="$(tty)"
|
||||
export GPG_TTY
|
||||
''
|
||||
+ optionalString cfg.enableSshSupport
|
||||
'' + optionalString cfg.enableSshSupport
|
||||
"${gpgPkg}/bin/gpg-connect-agent updatestartuptty /bye > /dev/null";
|
||||
|
||||
# mimic `gpgconf` output for use in `systemd` unit definitions.
|
||||
|
@ -22,7 +21,8 @@ let
|
|||
# https://github.com/gpg/gnupg/blob/c6702d77d936b3e9d91b34d8fdee9599ab94ee1b/common/homedir.c#L672-L681
|
||||
gpgconf = dir:
|
||||
let
|
||||
hash = substring 0 24 (hexStringToBase32 (builtins.hashString "sha1" homedir));
|
||||
hash =
|
||||
substring 0 24 (hexStringToBase32 (builtins.hashString "sha1" homedir));
|
||||
in if homedir == options.programs.gpg.homedir.default then
|
||||
"%t/gnupg/${dir}"
|
||||
else
|
||||
|
@ -36,10 +36,18 @@ let
|
|||
splitChars = s: init (tail (splitString "" s));
|
||||
|
||||
base32Alphabet = splitChars "ybndrfg8ejkmcpqxot1uwisza345h769";
|
||||
hexToIntTable = listToAttrs (genList (x: { name = toLower (toHexString x); value = x; }) 16);
|
||||
hexToIntTable = listToAttrs (genList (x: {
|
||||
name = toLower (toHexString x);
|
||||
value = x;
|
||||
}) 16);
|
||||
|
||||
initState = { ret = ""; buf = 0; bufBits = 0; };
|
||||
go = { ret, buf, bufBits }: hex:
|
||||
initState = {
|
||||
ret = "";
|
||||
buf = 0;
|
||||
bufBits = 0;
|
||||
};
|
||||
go = { ret, buf, bufBits }:
|
||||
hex:
|
||||
let
|
||||
buf' = buf * pow2 4 + hexToIntTable.${hex};
|
||||
bufBits' = bufBits + 4;
|
||||
|
@ -55,9 +63,7 @@ let
|
|||
};
|
||||
in hexString: (foldl' go initState (splitChars hexString)).ret;
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
in {
|
||||
meta.maintainers = [ maintainers.rycee ];
|
||||
|
||||
options = {
|
||||
|
@ -196,30 +202,21 @@ in
|
|||
|
||||
config = mkIf cfg.enable (mkMerge [
|
||||
{
|
||||
home.file."${homedir}/gpg-agent.conf".text = concatStringsSep "\n" (
|
||||
optional (cfg.enableSshSupport) "enable-ssh-support"
|
||||
++
|
||||
optional (!cfg.grabKeyboardAndMouse) "no-grab"
|
||||
++
|
||||
optional (!cfg.enableScDaemon) "disable-scdaemon"
|
||||
++
|
||||
optional (cfg.defaultCacheTtl != null)
|
||||
home.file."${homedir}/gpg-agent.conf".text = concatStringsSep "\n"
|
||||
(optional (cfg.enableSshSupport) "enable-ssh-support"
|
||||
++ optional (!cfg.grabKeyboardAndMouse) "no-grab"
|
||||
++ optional (!cfg.enableScDaemon) "disable-scdaemon"
|
||||
++ optional (cfg.defaultCacheTtl != null)
|
||||
"default-cache-ttl ${toString cfg.defaultCacheTtl}"
|
||||
++
|
||||
optional (cfg.defaultCacheTtlSsh != null)
|
||||
++ optional (cfg.defaultCacheTtlSsh != null)
|
||||
"default-cache-ttl-ssh ${toString cfg.defaultCacheTtlSsh}"
|
||||
++
|
||||
optional (cfg.maxCacheTtl != null)
|
||||
++ optional (cfg.maxCacheTtl != null)
|
||||
"max-cache-ttl ${toString cfg.maxCacheTtl}"
|
||||
++
|
||||
optional (cfg.maxCacheTtlSsh != null)
|
||||
++ optional (cfg.maxCacheTtlSsh != null)
|
||||
"max-cache-ttl-ssh ${toString cfg.maxCacheTtlSsh}"
|
||||
++
|
||||
optional (cfg.pinentryFlavor != null)
|
||||
++ optional (cfg.pinentryFlavor != null)
|
||||
"pinentry-program ${pkgs.pinentry.${cfg.pinentryFlavor}}/bin/pinentry"
|
||||
++
|
||||
[ cfg.extraConfig ]
|
||||
);
|
||||
++ [ cfg.extraConfig ]);
|
||||
|
||||
home.sessionVariablesExtra = optionalString cfg.enableSshSupport ''
|
||||
if [[ -z "$SSH_AUTH_SOCK" ]]; then
|
||||
|
@ -236,7 +233,9 @@ in
|
|||
|
||||
(mkIf (cfg.sshKeys != null) {
|
||||
# Trailing newlines are important
|
||||
home.file."${homedir}/sshcontrol".text = concatMapStrings (s: "${s}\n") cfg.sshKeys;
|
||||
home.file."${homedir}/sshcontrol".text = concatMapStrings (s: ''
|
||||
${s}
|
||||
'') cfg.sshKeys;
|
||||
})
|
||||
|
||||
# The systemd units below are direct translations of the
|
||||
|
@ -277,9 +276,7 @@ in
|
|||
DirectoryMode = "0700";
|
||||
};
|
||||
|
||||
Install = {
|
||||
WantedBy = [ "sockets.target" ];
|
||||
};
|
||||
Install = { WantedBy = [ "sockets.target" ]; };
|
||||
};
|
||||
}
|
||||
|
||||
|
@ -287,7 +284,8 @@ in
|
|||
systemd.user.sockets.gpg-agent-ssh = {
|
||||
Unit = {
|
||||
Description = "GnuPG cryptographic agent (ssh-agent emulation)";
|
||||
Documentation = "man:gpg-agent(1) man:ssh-add(1) man:ssh-agent(1) man:ssh(1)";
|
||||
Documentation =
|
||||
"man:gpg-agent(1) man:ssh-add(1) man:ssh-agent(1) man:ssh(1)";
|
||||
};
|
||||
|
||||
Socket = {
|
||||
|
@ -298,16 +296,15 @@ in
|
|||
DirectoryMode = "0700";
|
||||
};
|
||||
|
||||
Install = {
|
||||
WantedBy = [ "sockets.target" ];
|
||||
};
|
||||
Install = { WantedBy = [ "sockets.target" ]; };
|
||||
};
|
||||
})
|
||||
|
||||
(mkIf cfg.enableExtraSocket {
|
||||
systemd.user.sockets.gpg-agent-extra = {
|
||||
Unit = {
|
||||
Description = "GnuPG cryptographic agent and passphrase cache (restricted)";
|
||||
Description =
|
||||
"GnuPG cryptographic agent and passphrase cache (restricted)";
|
||||
Documentation = "man:gpg-agent(1) man:ssh(1)";
|
||||
};
|
||||
|
||||
|
@ -319,9 +316,7 @@ in
|
|||
DirectoryMode = "0700";
|
||||
};
|
||||
|
||||
Install = {
|
||||
WantedBy = [ "sockets.target" ];
|
||||
};
|
||||
Install = { WantedBy = [ "sockets.target" ]; };
|
||||
};
|
||||
})
|
||||
]);
|
||||
|
|
|
@ -63,7 +63,7 @@ in {
|
|||
playlistDirectory = mkOption {
|
||||
type = types.path;
|
||||
default = "${cfg.dataDir}/playlists";
|
||||
defaultText = ''''${dataDir}/playlists'';
|
||||
defaultText = "\${dataDir}/playlists";
|
||||
apply = toString; # Prevent copies to Nix store.
|
||||
description = ''
|
||||
The directory where mpd stores playlists.
|
||||
|
@ -128,7 +128,7 @@ in {
|
|||
dbFile = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = "${cfg.dataDir}/tag_cache";
|
||||
defaultText = ''''${dataDir}/tag_cache'';
|
||||
defaultText = "\${dataDir}/tag_cache";
|
||||
description = ''
|
||||
The path to MPD's database. If set to
|
||||
<literal>null</literal> the parameter is omitted from the
|
||||
|
@ -139,13 +139,11 @@ in {
|
|||
|
||||
};
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
assertions = [
|
||||
(lib.hm.assertions.assertPlatform "services.mpd" pkgs
|
||||
lib.platforms.linux)
|
||||
(lib.hm.assertions.assertPlatform "services.mpd" pkgs lib.platforms.linux)
|
||||
];
|
||||
|
||||
systemd.user.services.mpd = {
|
||||
|
@ -162,25 +160,24 @@ in {
|
|||
Environment = "PATH=${config.home.profileDirectory}/bin";
|
||||
ExecStart = "${cfg.package}/bin/mpd --no-daemon ${mpdConf}";
|
||||
Type = "notify";
|
||||
ExecStartPre = ''${pkgs.bash}/bin/bash -c "${pkgs.coreutils}/bin/mkdir -p '${cfg.dataDir}' '${cfg.playlistDirectory}'"'';
|
||||
ExecStartPre = ''
|
||||
${pkgs.bash}/bin/bash -c "${pkgs.coreutils}/bin/mkdir -p '${cfg.dataDir}' '${cfg.playlistDirectory}'"'';
|
||||
};
|
||||
};
|
||||
systemd.user.sockets.mpd = mkIf cfg.network.startWhenNeeded {
|
||||
Socket = {
|
||||
ListenStream = let
|
||||
listen =
|
||||
if cfg.network.listenAddress == "any"
|
||||
then toString cfg.network.port
|
||||
else "${cfg.network.listenAddress}:${toString cfg.network.port}";
|
||||
listen = if cfg.network.listenAddress == "any" then
|
||||
toString cfg.network.port
|
||||
else
|
||||
"${cfg.network.listenAddress}:${toString cfg.network.port}";
|
||||
in [ listen "%t/mpd/socket" ];
|
||||
|
||||
Backlog = 5;
|
||||
KeepAlive = true;
|
||||
};
|
||||
|
||||
Install = {
|
||||
WantedBy = [ "sockets.target" ];
|
||||
};
|
||||
Install = { WantedBy = [ "sockets.target" ]; };
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -31,7 +31,8 @@ let
|
|||
export XDG_STATE_HOME="/home/hm-user/.local/state"
|
||||
'';
|
||||
|
||||
expected = pkgs.writeText "expected" (if isDarwin then darwinExpected else linuxExpected);
|
||||
expected = pkgs.writeText "expected"
|
||||
(if isDarwin then darwinExpected else linuxExpected);
|
||||
|
||||
in {
|
||||
config = {
|
||||
|
|
|
@ -11,10 +11,7 @@ with lib;
|
|||
no-comments = false;
|
||||
s2k-cipher-algo = "AES128";
|
||||
throw-keyids = true;
|
||||
trusted-key = [
|
||||
"0xXXXXXXXXXXXXX"
|
||||
"0xYYYYYYYYYYYYY"
|
||||
];
|
||||
trusted-key = [ "0xXXXXXXXXXXXXX" "0xYYYYYYYYYYYYY" ];
|
||||
};
|
||||
|
||||
homedir = "${config.home.homeDirectory}/bar/foopg";
|
||||
|
@ -22,7 +19,9 @@ with lib;
|
|||
|
||||
nmt.script = ''
|
||||
assertFileExists home-files/bar/foopg/gpg.conf
|
||||
assertFileContent home-files/bar/foopg/gpg.conf ${./override-defaults-expected.conf}
|
||||
assertFileContent home-files/bar/foopg/gpg.conf ${
|
||||
./override-defaults-expected.conf
|
||||
}
|
||||
|
||||
assertFileNotRegex activate "^unset GNUPGHOME keyId importTrust$"
|
||||
'';
|
||||
|
|
Loading…
Reference in a new issue