Mirrors/home-manager
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

treewide: apply nixfmt to a few more files

Browse source
This commit is contained in:
Robert Helgesson 2022-02-27 02:19:28 +01:00
parent 1d90b6065a
commit 2499b91692
No known key found for this signature in database
GPG key ID: 36BDAA14C2797E89
6 changed files with 154 additions and 160 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
format
View file

@ -25,13 +25,8 @@ find . -name '*.nix' \
! -path ./modules/manual.nix \ ! -path ./modules/manual.nix \
! -path ./modules/misc/news.nix \ ! -path ./modules/misc/news.nix \
! -path ./modules/programs/bash.nix \ ! -path ./modules/programs/bash.nix \
! -path ./modules/programs/gpg.nix \
! -path ./modules/programs/ssh.nix \ ! -path ./modules/programs/ssh.nix \
! -path ./modules/programs/zsh.nix \ ! -path ./modules/programs/zsh.nix \
! -path ./modules/services/gpg-agent.nix \
! -path ./modules/services/mpd.nix \
! -path ./nix-darwin/default.nix \ ! -path ./nix-darwin/default.nix \
! -path ./tests/default.nix \ ! -path ./tests/default.nix \
! -path ./tests/modules/home-environment/session-variables.nix \
! -path ./tests/modules/programs/gpg/override-defaults.nix \
-exec nixfmt $CHECK_ARG {} + -exec nixfmt $CHECK_ARG {} +

83
modules/programs/gpg.nix
View file

@ -6,9 +6,7 @@ let
cfg = config.programs.gpg; cfg = config.programs.gpg;
mkKeyValue = key: value: mkKeyValue = key: value:
if isString value if isString value then "${key} ${value}" else optionalString value key;
then "${key} ${value}"
else optionalString value key;
cfgText = generators.toKeyValue { cfgText = generators.toKeyValue {
inherit mkKeyValue; inherit mkKeyValue;
@ -22,7 +20,7 @@ let
primitiveType = types.oneOf [ types.str types.bool ]; primitiveType = types.oneOf [ types.str types.bool ];
publicKeyOpts = { config, ...}: { publicKeyOpts = { config, ... }: {
options = { options = {
text = mkOption { text = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
@ -40,7 +38,18 @@ let
}; };
trust = mkOption { trust = mkOption {
type = types.nullOr (types.enum ["unknown" 1 "never" 2 "marginal" 3 "full" 4 "ultimate" 5]); type = types.nullOr (types.enum [
"unknown"
1
"never"
2
"marginal"
3
"full"
4
"ultimate"
5
]);
default = null; default = null;
apply = v: apply = v:
if isString v then if isString v then
@ -51,7 +60,8 @@ let
full = 4; full = 4;
ultimate = 5; ultimate = 5;
}.${v} }.${v}
else v; else
v;
description = '' description = ''
The amount of trust you have in the key ownership and the care the The amount of trust you have in the key ownership and the care the
owner puts into signing other keys. The available levels are owner puts into signing other keys. The available levels are
@ -85,13 +95,12 @@ let
}; };
config = { config = {
source = mkIf (config.text != null) source =
(pkgs.writeText "gpg-pubkey" config.text); mkIf (config.text != null) (pkgs.writeText "gpg-pubkey" config.text);
}; };
}; };
importTrustBashFunctions = importTrustBashFunctions = let gpg = "${cfg.package}/bin/gpg";
let gpg = "${cfg.package}/bin/gpg";
in '' in ''
function gpgKeyId() { function gpgKeyId() {
${gpg} --show-key --with-colons "$1" \ ${gpg} --show-key --with-colons "$1" \
@ -110,14 +119,13 @@ let
} }
''; '';
keyringFiles = keyringFiles = let
let
gpg = "${cfg.package}/bin/gpg"; gpg = "${cfg.package}/bin/gpg";
importKey = { source, trust, ... }: '' importKey = { source, trust, ... }: ''
${gpg} --import ${source} ${gpg} --import ${source}
${optionalString (trust != null) '' ${optionalString (trust != null)
importTrust "${source}" ${toString trust}''} ''importTrust "${source}" ${toString trust}''}
''; '';
importKeys = concatMapStringsSep "\n" importKey cfg.publicKeys; importKeys = concatMapStringsSep "\n" importKey cfg.publicKeys;
@ -135,8 +143,7 @@ let
fi fi
''; '';
in in {
{
options.programs.gpg = { options.programs.gpg = {
enable = mkEnableOption "GnuPG"; enable = mkEnableOption "GnuPG";
@ -145,11 +152,13 @@ in
default = pkgs.gnupg; default = pkgs.gnupg;
defaultText = literalExpression "pkgs.gnupg"; defaultText = literalExpression "pkgs.gnupg";
example = literalExpression "pkgs.gnupg23"; example = literalExpression "pkgs.gnupg23";
description = "The Gnupg package to use (also used the gpg-agent service)."; description =
"The Gnupg package to use (also used the gpg-agent service).";
}; };
settings = mkOption { settings = mkOption {
type = types.attrsOf (types.either primitiveType (types.listOf types.str)); type =
types.attrsOf (types.either primitiveType (types.listOf types.str));
example = literalExpression '' example = literalExpression ''
{ {
no-comments = false; no-comments = false;
@ -167,7 +176,8 @@ in
}; };
scdaemonSettings = mkOption { scdaemonSettings = mkOption {
type = types.attrsOf (types.either primitiveType (types.listOf types.str)); type =
types.attrsOf (types.either primitiveType (types.listOf types.str));
example = literalExpression '' example = literalExpression ''
{ {
disable-ccid = true; disable-ccid = true;
@ -182,9 +192,10 @@ in
homedir = mkOption { homedir = mkOption {
type = types.path; type = types.path;
example = literalExpression "\"\${config.xdg.dataHome}/gnupg\""; example = literalExpression ''"''${config.xdg.dataHome}/gnupg"'';
default = "${config.home.homeDirectory}/.gnupg"; default = "${config.home.homeDirectory}/.gnupg";
defaultText = literalExpression "\"\${config.home.homeDirectory}/.gnupg\""; defaultText =
literalExpression ''"''${config.home.homeDirectory}/.gnupg"'';
description = "Directory to store keychains and configuration."; description = "Directory to store keychains and configuration.";
}; };
@ -236,7 +247,8 @@ in
personal-cipher-preferences = mkDefault "AES256 AES192 AES"; personal-cipher-preferences = mkDefault "AES256 AES192 AES";
personal-digest-preferences = mkDefault "SHA512 SHA384 SHA256"; personal-digest-preferences = mkDefault "SHA512 SHA384 SHA256";
personal-compress-preferences = mkDefault "ZLIB BZIP2 ZIP Uncompressed"; personal-compress-preferences = mkDefault "ZLIB BZIP2 ZIP Uncompressed";
default-preference-list = mkDefault "SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed"; default-preference-list = mkDefault
"SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed";
cert-digest-algo = mkDefault "SHA512"; cert-digest-algo = mkDefault "SHA512";
s2k-digest-algo = mkDefault "SHA512"; s2k-digest-algo = mkDefault "SHA512";
s2k-cipher-algo = mkDefault "AES256"; s2k-cipher-algo = mkDefault "AES256";
@ -258,9 +270,7 @@ in
}; };
home.packages = [ cfg.package ]; home.packages = [ cfg.package ];
home.sessionVariables = { home.sessionVariables = { GNUPGHOME = cfg.homedir; };
GNUPGHOME = cfg.homedir;
};
home.file."${cfg.homedir}/gpg.conf".text = cfgText; home.file."${cfg.homedir}/gpg.conf".text = cfgText;
@ -268,23 +278,22 @@ in
# Link keyring if keys are not mutable # Link keyring if keys are not mutable
home.file."${cfg.homedir}/pubring.kbx" = home.file."${cfg.homedir}/pubring.kbx" =
mkIf (!cfg.mutableKeys && cfg.publicKeys != []) { mkIf (!cfg.mutableKeys && cfg.publicKeys != [ ]) {
source = "${keyringFiles}/pubring.kbx"; source = "${keyringFiles}/pubring.kbx";
}; };
home.activation = mkIf (cfg.publicKeys != []) { home.activation = mkIf (cfg.publicKeys != [ ]) {
importGpgKeys = importGpgKeys = let
let
gpg = "${cfg.package}/bin/gpg"; gpg = "${cfg.package}/bin/gpg";
importKey = { source, trust, ... }: importKey = { source, trust, ... }:
# Import mutable keys # Import mutable keys
optional cfg.mutableKeys '' optional cfg.mutableKeys
$DRY_RUN_CMD ${gpg} $QUIET_ARG --import ${source}'' "$DRY_RUN_CMD ${gpg} $QUIET_ARG --import ${source}"
# Import mutable trust # Import mutable trust
++ optional (trust != null && cfg.mutableTrust) '' ++ optional (trust != null && cfg.mutableTrust)
$DRY_RUN_CMD importTrust "${source}" ${toString trust}''; ''$DRY_RUN_CMD importTrust "${source}" ${toString trust}'';
anyTrust = any (k: k.trust != null) cfg.publicKeys; anyTrust = any (k: k.trust != null) cfg.publicKeys;
@ -292,8 +301,7 @@ in
# If any key/trust should be imported then create the block. Otherwise # If any key/trust should be imported then create the block. Otherwise
# leave it empty. # leave it empty.
block = concatStringsSep "\n" ( block = concatStringsSep "\n" (optional (importKeys != "") ''
optional (importKeys != "") ''
export GNUPGHOME=${escapeShellArg cfg.homedir} export GNUPGHOME=${escapeShellArg cfg.homedir}
if [[ ! -v VERBOSE ]]; then if [[ ! -v VERBOSE ]]; then
QUIET_ARG="--quiet" QUIET_ARG="--quiet"
@ -304,9 +312,8 @@ in
${importKeys} ${importKeys}
unset GNUPGHOME QUIET_ARG keyId importTrust unset GNUPGHOME QUIET_ARG keyId importTrust
'' ++ optional (!cfg.mutableTrust && anyTrust) '' '' ++ optional (!cfg.mutableTrust && anyTrust) ''
install -m 0700 ${keyringFiles}/trustdb.gpg "${cfg.homedir}/trustdb.gpg"'' install -m 0700 ${keyringFiles}/trustdb.gpg "${cfg.homedir}/trustdb.gpg"'');
); in lib.hm.dag.entryAfter [ "linkGeneration" ] block;
in lib.hm.dag.entryAfter ["linkGeneration"] block;
}; };
}; };
} }

75
modules/services/gpg-agent.nix
View file

@ -12,8 +12,7 @@ let
gpgInitStr = '' gpgInitStr = ''
GPG_TTY="$(tty)" GPG_TTY="$(tty)"
export GPG_TTY export GPG_TTY
'' '' + optionalString cfg.enableSshSupport
+ optionalString cfg.enableSshSupport
"${gpgPkg}/bin/gpg-connect-agent updatestartuptty /bye > /dev/null"; "${gpgPkg}/bin/gpg-connect-agent updatestartuptty /bye > /dev/null";
# mimic `gpgconf` output for use in `systemd` unit definitions. # mimic `gpgconf` output for use in `systemd` unit definitions.
@ -22,7 +21,8 @@ let
# https://github.com/gpg/gnupg/blob/c6702d77d936b3e9d91b34d8fdee9599ab94ee1b/common/homedir.c#L672-L681 # https://github.com/gpg/gnupg/blob/c6702d77d936b3e9d91b34d8fdee9599ab94ee1b/common/homedir.c#L672-L681
gpgconf = dir: gpgconf = dir:
let let
hash = substring 0 24 (hexStringToBase32 (builtins.hashString "sha1" homedir)); hash =
substring 0 24 (hexStringToBase32 (builtins.hashString "sha1" homedir));
in if homedir == options.programs.gpg.homedir.default then in if homedir == options.programs.gpg.homedir.default then
"%t/gnupg/${dir}" "%t/gnupg/${dir}"
else else
@ -36,10 +36,18 @@ let
splitChars = s: init (tail (splitString "" s)); splitChars = s: init (tail (splitString "" s));
base32Alphabet = splitChars "ybndrfg8ejkmcpqxot1uwisza345h769"; base32Alphabet = splitChars "ybndrfg8ejkmcpqxot1uwisza345h769";
hexToIntTable = listToAttrs (genList (x: { name = toLower (toHexString x); value = x; }) 16); hexToIntTable = listToAttrs (genList (x: {
name = toLower (toHexString x);
value = x;
}) 16);
initState = { ret = ""; buf = 0; bufBits = 0; }; initState = {
go = { ret, buf, bufBits }: hex: ret = "";
buf = 0;
bufBits = 0;
};
go = { ret, buf, bufBits }:
hex:
let let
buf' = buf * pow2 4 + hexToIntTable.${hex}; buf' = buf * pow2 4 + hexToIntTable.${hex};
bufBits' = bufBits + 4; bufBits' = bufBits + 4;
@ -55,9 +63,7 @@ let
}; };
in hexString: (foldl' go initState (splitChars hexString)).ret; in hexString: (foldl' go initState (splitChars hexString)).ret;
in in {
{
meta.maintainers = [ maintainers.rycee ]; meta.maintainers = [ maintainers.rycee ];
options = { options = {
@ -196,30 +202,21 @@ in
config = mkIf cfg.enable (mkMerge [ config = mkIf cfg.enable (mkMerge [
{ {
home.file."${homedir}/gpg-agent.conf".text = concatStringsSep "\n" ( home.file."${homedir}/gpg-agent.conf".text = concatStringsSep "\n"
optional (cfg.enableSshSupport) "enable-ssh-support" (optional (cfg.enableSshSupport) "enable-ssh-support"
++ ++ optional (!cfg.grabKeyboardAndMouse) "no-grab"
optional (!cfg.grabKeyboardAndMouse) "no-grab" ++ optional (!cfg.enableScDaemon) "disable-scdaemon"
++ ++ optional (cfg.defaultCacheTtl != null)
optional (!cfg.enableScDaemon) "disable-scdaemon"
++
optional (cfg.defaultCacheTtl != null)
"default-cache-ttl ${toString cfg.defaultCacheTtl}" "default-cache-ttl ${toString cfg.defaultCacheTtl}"
++ ++ optional (cfg.defaultCacheTtlSsh != null)
optional (cfg.defaultCacheTtlSsh != null)
"default-cache-ttl-ssh ${toString cfg.defaultCacheTtlSsh}" "default-cache-ttl-ssh ${toString cfg.defaultCacheTtlSsh}"
++ ++ optional (cfg.maxCacheTtl != null)
optional (cfg.maxCacheTtl != null)
"max-cache-ttl ${toString cfg.maxCacheTtl}" "max-cache-ttl ${toString cfg.maxCacheTtl}"
++ ++ optional (cfg.maxCacheTtlSsh != null)
optional (cfg.maxCacheTtlSsh != null)
"max-cache-ttl-ssh ${toString cfg.maxCacheTtlSsh}" "max-cache-ttl-ssh ${toString cfg.maxCacheTtlSsh}"
++ ++ optional (cfg.pinentryFlavor != null)
optional (cfg.pinentryFlavor != null)
"pinentry-program ${pkgs.pinentry.${cfg.pinentryFlavor}}/bin/pinentry" "pinentry-program ${pkgs.pinentry.${cfg.pinentryFlavor}}/bin/pinentry"
++ ++ [ cfg.extraConfig ]);
[ cfg.extraConfig ]
);
home.sessionVariablesExtra = optionalString cfg.enableSshSupport '' home.sessionVariablesExtra = optionalString cfg.enableSshSupport ''
if [[ -z "$SSH_AUTH_SOCK" ]]; then if [[ -z "$SSH_AUTH_SOCK" ]]; then
@ -236,7 +233,9 @@ in
(mkIf (cfg.sshKeys != null) { (mkIf (cfg.sshKeys != null) {
# Trailing newlines are important # Trailing newlines are important
home.file."${homedir}/sshcontrol".text = concatMapStrings (s: "${s}\n") cfg.sshKeys; home.file."${homedir}/sshcontrol".text = concatMapStrings (s: ''
${s}
'') cfg.sshKeys;
}) })
# The systemd units below are direct translations of the # The systemd units below are direct translations of the
@ -277,9 +276,7 @@ in
DirectoryMode = "0700"; DirectoryMode = "0700";
}; };
Install = { Install = { WantedBy = [ "sockets.target" ]; };
WantedBy = [ "sockets.target" ];
};
}; };
} }
@ -287,7 +284,8 @@ in
systemd.user.sockets.gpg-agent-ssh = { systemd.user.sockets.gpg-agent-ssh = {
Unit = { Unit = {
Description = "GnuPG cryptographic agent (ssh-agent emulation)"; Description = "GnuPG cryptographic agent (ssh-agent emulation)";
Documentation = "man:gpg-agent(1) man:ssh-add(1) man:ssh-agent(1) man:ssh(1)"; Documentation =
"man:gpg-agent(1) man:ssh-add(1) man:ssh-agent(1) man:ssh(1)";
}; };
Socket = { Socket = {
@ -298,16 +296,15 @@ in
DirectoryMode = "0700"; DirectoryMode = "0700";
}; };
Install = { Install = { WantedBy = [ "sockets.target" ]; };
WantedBy = [ "sockets.target" ];
};
}; };
}) })
(mkIf cfg.enableExtraSocket { (mkIf cfg.enableExtraSocket {
systemd.user.sockets.gpg-agent-extra = { systemd.user.sockets.gpg-agent-extra = {
Unit = { Unit = {
Description = "GnuPG cryptographic agent and passphrase cache (restricted)"; Description =
"GnuPG cryptographic agent and passphrase cache (restricted)";
Documentation = "man:gpg-agent(1) man:ssh(1)"; Documentation = "man:gpg-agent(1) man:ssh(1)";
}; };
@ -319,9 +316,7 @@ in
DirectoryMode = "0700"; DirectoryMode = "0700";
}; };
Install = { Install = { WantedBy = [ "sockets.target" ]; };
WantedBy = [ "sockets.target" ];
};
}; };
}) })
]); ]);

23
modules/services/mpd.nix
View file

@ -63,7 +63,7 @@ in {
playlistDirectory = mkOption { playlistDirectory = mkOption {
type = types.path; type = types.path;
default = "${cfg.dataDir}/playlists"; default = "${cfg.dataDir}/playlists";
defaultText = ''''${dataDir}/playlists''; defaultText = "\${dataDir}/playlists";
apply = toString; # Prevent copies to Nix store. apply = toString; # Prevent copies to Nix store.
description = '' description = ''
The directory where mpd stores playlists. The directory where mpd stores playlists.
@ -128,7 +128,7 @@ in {
dbFile = mkOption { dbFile = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = "${cfg.dataDir}/tag_cache"; default = "${cfg.dataDir}/tag_cache";
defaultText = ''''${dataDir}/tag_cache''; defaultText = "\${dataDir}/tag_cache";
description = '' description = ''
The path to MPD's database. If set to The path to MPD's database. If set to
<literal>null</literal> the parameter is omitted from the <literal>null</literal> the parameter is omitted from the
@ -139,13 +139,11 @@ in {
}; };
###### implementation ###### implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = [ assertions = [
(lib.hm.assertions.assertPlatform "services.mpd" pkgs (lib.hm.assertions.assertPlatform "services.mpd" pkgs lib.platforms.linux)
lib.platforms.linux)
]; ];
systemd.user.services.mpd = { systemd.user.services.mpd = {
@ -162,25 +160,24 @@ in {
Environment = "PATH=${config.home.profileDirectory}/bin"; Environment = "PATH=${config.home.profileDirectory}/bin";
ExecStart = "${cfg.package}/bin/mpd --no-daemon ${mpdConf}"; ExecStart = "${cfg.package}/bin/mpd --no-daemon ${mpdConf}";
Type = "notify"; Type = "notify";
ExecStartPre = ''${pkgs.bash}/bin/bash -c "${pkgs.coreutils}/bin/mkdir -p '${cfg.dataDir}' '${cfg.playlistDirectory}'"''; ExecStartPre = ''
${pkgs.bash}/bin/bash -c "${pkgs.coreutils}/bin/mkdir -p '${cfg.dataDir}' '${cfg.playlistDirectory}'"'';
}; };
}; };
systemd.user.sockets.mpd = mkIf cfg.network.startWhenNeeded { systemd.user.sockets.mpd = mkIf cfg.network.startWhenNeeded {
Socket = { Socket = {
ListenStream = let ListenStream = let
listen = listen = if cfg.network.listenAddress == "any" then
if cfg.network.listenAddress == "any" toString cfg.network.port
then toString cfg.network.port else
else "${cfg.network.listenAddress}:${toString cfg.network.port}"; "${cfg.network.listenAddress}:${toString cfg.network.port}";
in [ listen "%t/mpd/socket" ]; in [ listen "%t/mpd/socket" ];
Backlog = 5; Backlog = 5;
KeepAlive = true; KeepAlive = true;
}; };
Install = { Install = { WantedBy = [ "sockets.target" ]; };
WantedBy = [ "sockets.target" ];
};
}; };
}; };

3
tests/modules/home-environment/session-variables.nix
View file

@ -31,7 +31,8 @@ let
export XDG_STATE_HOME="/home/hm-user/.local/state" export XDG_STATE_HOME="/home/hm-user/.local/state"
''; '';
expected = pkgs.writeText "expected" (if isDarwin then darwinExpected else linuxExpected); expected = pkgs.writeText "expected"
(if isDarwin then darwinExpected else linuxExpected);
in { in {
config = { config = {

9
tests/modules/programs/gpg/override-defaults.nix
View file

@ -11,10 +11,7 @@ with lib;
no-comments = false; no-comments = false;
s2k-cipher-algo = "AES128"; s2k-cipher-algo = "AES128";
throw-keyids = true; throw-keyids = true;
trusted-key = [ trusted-key = [ "0xXXXXXXXXXXXXX" "0xYYYYYYYYYYYYY" ];
"0xXXXXXXXXXXXXX"
"0xYYYYYYYYYYYYY"
];
}; };
homedir = "${config.home.homeDirectory}/bar/foopg"; homedir = "${config.home.homeDirectory}/bar/foopg";
@ -22,7 +19,9 @@ with lib;
nmt.script = '' nmt.script = ''
assertFileExists home-files/bar/foopg/gpg.conf assertFileExists home-files/bar/foopg/gpg.conf
assertFileContent home-files/bar/foopg/gpg.conf ${./override-defaults-expected.conf} assertFileContent home-files/bar/foopg/gpg.conf ${
./override-defaults-expected.conf
}
assertFileNotRegex activate "^unset GNUPGHOME keyId importTrust$" assertFileNotRegex activate "^unset GNUPGHOME keyId importTrust$"
''; '';