Reformat

kugland · Jan 30, 2025 · d366de9 · d366de9
1 parent 1e4222c
commit d366de9
Show file tree

Hide file tree

Showing 3 changed files with 86 additions and 70 deletions.
diff --git a/modules/autossh-tunnels.nix b/modules/autossh-tunnels.nix
@@ -3,14 +3,24 @@
 , config
 , ...
 }:
-with lib;
-let
-
+with lib; let
   cfg = config.services.autosshTunnels;
 
   mkTunnel = tunnel:
-    "-L " + (if tunnel.localAddress != null then "${tunnel.localAddress}:" else "") + "${toString tunnel.localPort}" + ":" + (if tunnel.remoteAddress != null then "${tunnel.remoteAddress}:" else "127.0.0.1:") + "${toString tunnel.remotePort}";
-
+    "-L "
+    + (
+      if tunnel.localAddress != null
+      then "${tunnel.localAddress}:"
+      else ""
+    )
+    + "${toString tunnel.localPort}"
+    + ":"
+    + (
+      if tunnel.remoteAddress != null
+      then "${tunnel.remoteAddress}:"
+      else "127.0.0.1:"
+    )
+    + "${toString tunnel.remotePort}";
 in
 {
   options = {
@@ -96,60 +106,64 @@ in
       };
       groups.autossh = { };
     };
-    services.autossh.sessions = map
-      (name:
-        let session = cfg.sessions.${name}; in
-        {
-          inherit name;
-          user = "autossh";
-          monitoringPort = 0;
-          extraArguments = lib.concatStringsSep " " ([
-            "-N"
-            "-o Port=${toString session.port}"
-            "-o ControlMaster=no"
-            "-o Compression=no"
-            "-o ExitOnForwardFailure=yes"
-            "-o TCPKeepAlive=yes"
-            "-o ServerAliveInterval=60"
-            "-i ${session.secretKey}"
-            "${session.user}@${session.host}"
-          ] ++ (map mkTunnel session.tunnels));
-        }
-      )
-      (builtins.attrNames cfg.sessions);
+    services.autossh.sessions =
+      map
+        (
+          name:
+          let
+            session = cfg.sessions.${name};
+          in
+          {
+            inherit name;
+            user = "autossh";
+            monitoringPort = 0;
+            extraArguments = lib.concatStringsSep " " ([
+              "-N"
+              "-o Port=${toString session.port}"
+              "-o ControlMaster=no"
+              "-o Compression=no"
+              "-o ExitOnForwardFailure=yes"
+              "-o TCPKeepAlive=yes"
+              "-o ServerAliveInterval=60"
+              "-i ${session.secretKey}"
+              "${session.user}@${session.host}"
+            ]
+            ++ (map mkTunnel session.tunnels));
+          }
+        )
+        (builtins.attrNames cfg.sessions);
 
     systemd.services = builtins.listToAttrs (map
-      (name:
-        {
-          name = "autossh-${name}";
-          value = {
-            serviceConfig = {
-              Environment = [ "LD_PRELOAD=${pkgs.graphene-hardened-malloc}/lib/libhardened_malloc.so" ];
-              CapabilityBoundingSet = lib.mkForce [ "CAP_NET_BIND_SERVICE" ];
-              CPUQuota = "10%";
-              DevicePolicy = "closed";
-              LockPersonality = true;
-              MemoryDenyWriteExecute = true;
-              NoNewPrivileges = true;
-              PrivateDevices = true;
-              PrivateIPC = true;
-              PrivateTmp = true;
-              PrivateUsers = true;
-              ProcSubset = "pid";
-              ProtectClock = true;
-              ProtectControlGroups = true;
-              ProtectHostname = true;
-              ProtectKernelLogs = true;
-              ProtectKernelModules = true;
-              ProtectKernelTunables = true;
-              ProtectProc = "invisible";
-              RestrictAddressFamilies = lib.mkForce [ "AF_UNIX" "AF_INET" ];
-              RestrictNamespaces = true;
-              RestrictRealtime = true;
-              RestrictSUIDSGID = true;
-            };
+      (name: {
+        name = "autossh-${name}";
+        value = {
+          serviceConfig = {
+            Environment = [ "LD_PRELOAD=${pkgs.graphene-hardened-malloc}/lib/libhardened_malloc.so" ];
+            CapabilityBoundingSet = lib.mkForce [ "CAP_NET_BIND_SERVICE" ];
+            CPUQuota = "10%";
+            DevicePolicy = "closed";
+            LockPersonality = true;
+            MemoryDenyWriteExecute = true;
+            NoNewPrivileges = true;
+            PrivateDevices = true;
+            PrivateIPC = true;
+            PrivateTmp = true;
+            PrivateUsers = true;
+            ProcSubset = "pid";
+            ProtectClock = true;
+            ProtectControlGroups = true;
+            ProtectHostname = true;
+            ProtectKernelLogs = true;
+            ProtectKernelModules = true;
+            ProtectKernelTunables = true;
+            ProtectProc = "invisible";
+            RestrictAddressFamilies = lib.mkForce [ "AF_UNIX" "AF_INET" ];
+            RestrictNamespaces = true;
+            RestrictRealtime = true;
+            RestrictSUIDSGID = true;
           };
-        })
+        };
+      })
       (builtins.attrNames cfg.sessions));
   };
 }
diff --git a/pkgs/bip39/default.nix b/pkgs/bip39/default.nix
@@ -6,8 +6,8 @@
 , libsodium
 , cunit
 , fetchFromGitHub
+,
 }:
-
 stdenv.mkDerivation (final: rec {
   pname = "bip39";
   version = "0.2.1";

diff --git a/pkgs/subtitlecomposer/default.nix b/pkgs/subtitlecomposer/default.nix
@@ -6,8 +6,8 @@
 , openal
 , stdenv
 , libsForQt5
+,
 }:
-
 stdenv.mkDerivation rec {
   pname = "subtitlecomposer";
   version = "0.8.1";
@@ -21,18 +21,20 @@ stdenv.mkDerivation rec {
   };
 
   nativeBuildInputs = [ cmake extra-cmake-modules libsForQt5.wrapQtAppsHook ];
-  buildInputs = [ ffmpeg_6 openal ] ++ (with libsForQt5; [
-    kcodecs
-    kconfig
-    kconfigwidgets
-    kcoreaddons
-    ki18n
-    kio
-    ktextwidgets
-    kwidgetsaddons
-    kxmlgui
-    sonnet
-  ]);
+  buildInputs =
+    [ ffmpeg_6 openal ]
+    ++ (with libsForQt5; [
+      kcodecs
+      kconfig
+      kconfigwidgets
+      kcoreaddons
+      ki18n
+      kio
+      ktextwidgets
+      kwidgetsaddons
+      kxmlgui
+      sonnet
+    ]);
 
   meta = with lib; {
     homepage = "https://apps.kde.org/subtitlecomposer";