contrib: format Nix code with Alejandra

modules/age.nix

@@ -1,8 +1,11 @@
-{ config, options, lib, pkgs, ... }:
-
-with lib;
-
-let
+{
+  config,
+  options,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
   cfg = config.age;
 
   # we need at least rage 0.5.0 to support ssh keys
@@ -28,11 +31,15 @@ let
   identities = builtins.concatStringsSep " " (map (path: "-i ${path}") cfg.identityPaths);
 
   setTruePath = secretType: ''
-    ${if secretType.symlink then ''
+    ${
+      if secretType.symlink
+      then ''
         _truePath="${cfg.secretsMountPoint}/$_agenix_generation/${secretType.name}"
-    '' else ''
+      ''
+      else ''
         _truePath="${secretType.path}"
-    ''}
+      ''
+    }
   '';
 
   installSecret = secretType: ''
@@ -55,9 +62,11 @@ let
     ''}
   '';
 
-  testIdentities = map (path: ''
+  testIdentities =
+    map (path: ''
       test -f ${path} || echo '[agenix] WARNING: config.age.identityPaths entry ${path} not present!'
-  '') cfg.identityPaths;
+    '')
+    cfg.identityPaths;
 
   cleanupAndLink = ''
     _agenix_generation="$(basename "$(readlink ${cfg.secretsDir})" || echo 0)"
@@ -92,7 +101,8 @@ let
   chownSecrets = builtins.concatStringsSep "\n" (
     ["echo '[agenix] chowning...'"]
     ++ [chownMountPoint]
-    ++ (map chownSecret (builtins.attrValues cfg.secrets)));
+    ++ (map chownSecret (builtins.attrValues cfg.secrets))
+  );
 
   secretType = types.submodule ({config, ...}: {
     options = {
@@ -140,9 +150,7 @@ let
       symlink = mkEnableOption "symlinking secrets to their destination" // {default = true;};
     };
   });
-in
-{
-
+in {
   imports = [
     (mkRenamedOptionModule ["age" "sshKeyPaths"] ["age" "identityPaths"])
   ];
@@ -170,9 +178,11 @@ in
       '';
     };
     secretsMountPoint = mkOption {
-      type = types.addCheck types.str
+      type =
+        types.addCheck types.str
         (s:
-          (builtins.match "[ \t\n]*" s) == null # non-empty
+          (builtins.match "[ \t\n]*" s)
+          == null # non-empty
           && (builtins.match ".+/" s) == null) # without trailing slash
         // {description = "${types.str.description} (with check: non-empty without trailing slash)";};
       default = "/run/agenix.d";
@@ -184,8 +194,8 @@ in
     identityPaths = mkOption {
       type = types.listOf types.path;
       default =
-        if config.services.openssh.enable then
-          map (e: e.path) (lib.filter (e: e.type == "rsa" || e.type == "ed25519") config.services.openssh.hostKeys)
+        if config.services.openssh.enable
+        then map (e: e.path) (lib.filter (e: e.type == "rsa" || e.type == "ed25519") config.services.openssh.hostKeys)
         else [];
       description = ''
         Path to SSH keys to be used as identities in age decryption.
@@ -194,10 +204,12 @@ in
   };
 
   config = mkIf (cfg.secrets != {}) {
-    assertions = [{
+    assertions = [
+      {
         assertion = cfg.identityPaths != [];
         message = "age.identityPaths must be set.";
-    }];
+      }
+    ];
 
     # Create a new directory full of secrets for symlinking (this helps
     # ensure removed secrets are actually removed, or at least become
@@ -235,5 +247,4 @@ in
       deps = ["agenixChown"];
     };
   };
-
 }

overlay.nix

@@ -1,4 +1,3 @@
-final: prev:
-{
+final: prev: {
   agenix = prev.callPackage ./pkgs/agenix.nix {};
 }

pkgs/agenix.nix

@@ -13,9 +13,8 @@
     if rage.version < "0.5.0"
     then callPackage ./rage.nix {}
     else rage
-  }/bin/rage"
-} :
-let
+  }/bin/rage",
+}: let
   sedBin = "${gnused}/bin/sed";
   nixInstantiate = "${nix}/bin/nix-instantiate";
   mktempBin = "${mktemp}/bin/mktemp";
@@ -183,7 +182,6 @@ function rekey {
     [ $REKEY -eq 1 ] && rekey && exit 0
     edit "$FILE" && cleanup && exit 0
   '')
-
   {
     meta.description = "age-encrypted secrets for NixOS";
   }

pkgs/rage.nix

@@ -1,5 +1,10 @@
-{ stdenv, rustPlatform, fetchFromGitHub, installShellFiles, darwin }:
-
+{
+  stdenv,
+  rustPlatform,
+  fetchFromGitHub,
+  installShellFiles,
+  darwin,
+}:
 rustPlatform.buildRustPackage rec {
   pname = "rage";
   version = "0.5.0";
@@ -15,7 +20,8 @@ rustPlatform.buildRustPackage rec {
 
   nativeBuildInputs = [installShellFiles];
 
-  buildInputs = with darwin.apple_sdk.frameworks; stdenv.lib.optionals stdenv.isDarwin [
+  buildInputs = with darwin.apple_sdk.frameworks;
+    stdenv.lib.optionals stdenv.isDarwin [
       Security
       Foundation
     ];

test/integration.nix

@@ -1,14 +1,20 @@
 {
   nixpkgs ? <nixpkgs>,
-pkgs ? import <nixpkgs> { inherit system; config = {}; },
-system ? builtins.currentSystem
+  pkgs ?
+    import <nixpkgs> {
+      inherit system;
+      config = {};
+    },
+  system ? builtins.currentSystem,
 } @ args:
-
 import "${nixpkgs}/nixos/tests/make-test-python.nix" ({pkgs, ...}: {
   name = "agenix-integration";
 
-  nodes.system1 = { config, lib, ... }: {
-
+  nodes.system1 = {
+    config,
+    lib,
+    ...
+  }: {
     imports = [
       ../modules/age.nix
       ./install_ssh_host_keys.nix
@@ -30,11 +36,9 @@ import "${nixpkgs}/nixos/tests/make-test-python.nix" ({ pkgs, ...}: {
         };
       };
     };
-
   };
 
-  testScript =
-  let
+  testScript = let
     user = "user1";
     password = "password1234";
   in ''
@@ -55,4 +59,5 @@ import "${nixpkgs}/nixos/tests/make-test-python.nix" ({ pkgs, ...}: {
     system1.wait_for_file("/tmp/1")
     assert "${user}" in system1.succeed("cat /tmp/1")
   '';
-}) args
+})
+args