From a3103938dac63103177c90531fde886cae87467e Mon Sep 17 00:00:00 2001 From: nikstur Date: Tue, 6 Aug 2024 17:31:55 +0200 Subject: [PATCH] treewide: nixpkgs-fmt -> nixfmt --- default.nix | 19 ++- flake.nix | 166 ++++++++++++++----------- nix/modules/userborn.nix | 129 +++++++++++-------- nix/packages/userborn.nix | 27 ++-- nix/tests/default.nix | 14 ++- nix/tests/userborn-immutable-users.nix | 40 +++--- nix/tests/userborn-mutable-users.nix | 42 ++++--- nix/tests/userborn.nix | 80 ++++++------ 8 files changed, 283 insertions(+), 234 deletions(-) diff --git a/default.nix b/default.nix index 2cccff2..6466507 100644 --- a/default.nix +++ b/default.nix @@ -1,10 +1,9 @@ -(import - ( - let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in - fetchTarball { - url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; - sha256 = lock.nodes.flake-compat.locked.narHash; - } - ) - { src = ./.; } -).defaultNix +(import ( + let + lock = builtins.fromJSON (builtins.readFile ./flake.lock); + in + fetchTarball { + url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; + sha256 = lock.nodes.flake-compat.locked.narHash; + } +) { src = ./.; }).defaultNix diff --git a/flake.nix b/flake.nix index 669b8dd..d23b6ab 100644 --- a/flake.nix +++ b/flake.nix @@ -26,80 +26,104 @@ }; - outputs = inputs@{ self, flake-parts, systems, ... }: flake-parts.lib.mkFlake { inherit inputs; } ({ moduleWithSystem, ... }: { - systems = import systems; - - imports = [ - inputs.pre-commit-hooks-nix.flakeModule - ]; - - flake.nixosModules.userborn = moduleWithSystem ( - perSystem@{ config }: - { ... }: { - imports = [ - ./nix/modules/userborn.nix - ]; - - services.userborn.package = perSystem.config.packages.userborn; - } - ); - - perSystem = { config, system, pkgs, lib, ... }: + outputs = + inputs@{ + self, + flake-parts, + systems, + ... + }: + flake-parts.lib.mkFlake { inherit inputs; } ( + { moduleWithSystem, ... }: { - packages = import ./nix/packages { inherit pkgs; } // { - default = config.packages.userborn; - }; - - checks = { - clippy = config.packages.userborn.overrideAttrs (_: previousAttrs: { - pname = previousAttrs.pname + "-clippy"; - nativeCheckInputs = (previousAttrs.nativeCheckInputs or [ ]) ++ [ pkgs.clippy ]; - checkPhase = "cargo clippy"; - }); - rustfmt = config.packages.userborn.overrideAttrs (_: previousAttrs: { - pname = previousAttrs.pname + "-rustfmt"; - nativeCheckInputs = (previousAttrs.nativeCheckInputs or [ ]) ++ [ pkgs.rustfmt ]; - checkPhase = "cargo fmt --check"; - }); - } // (import ./nix/tests { - inherit pkgs; - extraBaseModules = { - inherit (self.nixosModules) userborn; - }; - }); - - pre-commit = { - check.enable = true; - - settings = { - hooks = { - nixpkgs-fmt.enable = true; - statix.enable = true; + systems = import systems; + + imports = [ inputs.pre-commit-hooks-nix.flakeModule ]; + + flake.nixosModules.userborn = moduleWithSystem ( + perSystem@{ config }: + { ... }: + { + imports = [ ./nix/modules/userborn.nix ]; + + services.userborn.package = perSystem.config.packages.userborn; + } + ); + + perSystem = + { + config, + system, + pkgs, + lib, + ... + }: + { + packages = import ./nix/packages { inherit pkgs; } // { + default = config.packages.userborn; }; - }; - }; - - devShells.default = pkgs.mkShell { - shellHook = '' - ${config.pre-commit.installationScript} - ''; - - packages = [ - pkgs.niv - pkgs.clippy - pkgs.rustfmt - pkgs.cargo-machete - pkgs.cargo-edit - pkgs.cargo-bloat - pkgs.cargo-deny - pkgs.cargo-cyclonedx - ]; - inputsFrom = [ config.packages.userborn ]; + checks = + { + clippy = config.packages.userborn.overrideAttrs ( + _: previousAttrs: { + pname = previousAttrs.pname + "-clippy"; + nativeCheckInputs = (previousAttrs.nativeCheckInputs or [ ]) ++ [ pkgs.clippy ]; + checkPhase = "cargo clippy"; + } + ); + rustfmt = config.packages.userborn.overrideAttrs ( + _: previousAttrs: { + pname = previousAttrs.pname + "-rustfmt"; + nativeCheckInputs = (previousAttrs.nativeCheckInputs or [ ]) ++ [ pkgs.rustfmt ]; + checkPhase = "cargo fmt --check"; + } + ); + } + // (import ./nix/tests { + inherit pkgs; + extraBaseModules = { + inherit (self.nixosModules) userborn; + }; + }); + + pre-commit = { + check.enable = true; + + settings = { + hooks = { + nixfmt = { + enable = true; + package = pkgs.nixfmt-rfc-style; + }; + statix.enable = true; + }; + }; + }; - RUST_SRC_PATH = "${pkgs.rust.packages.stable.rustPlatform.rustLibSrc}"; - }; + devShells.default = pkgs.mkShell { + shellHook = '' + ${config.pre-commit.installationScript} + ''; + + packages = [ + pkgs.niv + pkgs.nixfmt-rfc-style + pkgs.clippy + pkgs.rustfmt + pkgs.cargo-machete + pkgs.cargo-edit + pkgs.cargo-bloat + pkgs.cargo-deny + pkgs.cargo-cyclonedx + ]; + + inputsFrom = [ config.packages.userborn ]; + + RUST_SRC_PATH = "${pkgs.rust.packages.stable.rustPlatform.rustLibSrc}"; + }; - }; - }); + }; + } + ); } diff --git a/nix/modules/userborn.nix b/nix/modules/userborn.nix index 9842b01..fe96883 100644 --- a/nix/modules/userborn.nix +++ b/nix/modules/userborn.nix @@ -1,4 +1,10 @@ -{ utils, config, lib, pkgs, ... }: +{ + utils, + config, + lib, + pkgs, + ... +}: let @@ -6,34 +12,26 @@ let userCfg = config.users; userbornConfig = { - groups = lib.mapAttrsToList - (username: opts: { - inherit (opts) - name - gid - members - ; - }) - config.users.groups; - - users = lib.mapAttrsToList - (username: opts: { - inherit (opts) - name - uid - group - description - home - password - hashedPassword - hashedPasswordFile - initialPassword - initialHashedPassword - ; - isNormal = opts.isNormalUser; - shell = utils.toShellPath opts.shell; - }) - config.users.users; + groups = lib.mapAttrsToList (username: opts: { + inherit (opts) name gid members; + }) config.users.groups; + + users = lib.mapAttrsToList (username: opts: { + inherit (opts) + name + uid + group + description + home + password + hashedPassword + hashedPasswordFile + initialPassword + initialHashedPassword + ; + isNormal = opts.isNormalUser; + shell = utils.toShellPath opts.shell; + }) config.users.users; }; @@ -42,7 +40,11 @@ let immutableEtc = config.system.etc.overlay.enable && !config.system.etc.overlay.mutable; passwordFilesLocation = if immutableEtc then cfg.immutablePasswordFilesLocation else "/etc"; # The filenames created by userborn. - passwordFiles = [ "group" "passwd" "shadow" ]; + passwordFiles = [ + "group" + "passwd" + "shadow" + ]; in { @@ -82,23 +84,35 @@ in # Create home directories, do not create /var/empty even if that's a user's # home. - tmpfiles.settings.home-directories = lib.mapAttrs' - (username: opts: lib.nameValuePair opts.home { + tmpfiles.settings.home-directories = lib.mapAttrs' ( + username: opts: + lib.nameValuePair opts.home { d = { mode = opts.homeMode; user = username; inherit (opts) group; }; - }) - (lib.filterAttrs (_username: opts: opts.home != "/var/empty") userCfg.users); + } + ) (lib.filterAttrs (_username: opts: opts.home != "/var/empty") userCfg.users); services.userborn = { wantedBy = [ "sysinit.target" ]; requiredBy = [ "sysinit-reactivation.target" ]; - after = [ "systemd-remount-fs.service" "systemd-tmpfiles-setup-dev-early.service" ]; - before = [ "systemd-tmpfiles-setup-dev.service" "sysinit.target" "shutdown.target" "sysinit-reactivation.target" ]; + after = [ + "systemd-remount-fs.service" + "systemd-tmpfiles-setup-dev-early.service" + ]; + before = [ + "systemd-tmpfiles-setup-dev.service" + "sysinit.target" + "shutdown.target" + "sysinit-reactivation.target" + ]; conflicts = [ "shutdown.target" ]; - restartTriggers = [ userbornConfigJson passwordFilesLocation ]; + restartTriggers = [ + userbornConfigJson + passwordFilesLocation + ]; # This way we don't have to re-declare all the dependencies to other # services again. aliases = [ "systemd-sysusers.service" ]; @@ -119,23 +133,23 @@ in ExecStart = "${cfg.package}/bin/userborn ${userbornConfigJson} ${passwordFilesLocation}"; ExecStartPre = lib.mkMerge [ - (lib.mkIf (!config.system.etc.overlay.mutable) - [ "${pkgs.coreutils}/bin/mkdir -p ${passwordFilesLocation}" ] - ) + (lib.mkIf (!config.system.etc.overlay.mutable) [ + "${pkgs.coreutils}/bin/mkdir -p ${passwordFilesLocation}" + ]) # Make the source files writable before executing userborn. - (lib.mkIf (!userCfg.mutableUsers) - (lib.map - (file: "-${pkgs.util-linux}/bin/umount ${passwordFilesLocation}/${file}") - passwordFiles) - ) + (lib.mkIf (!userCfg.mutableUsers) ( + lib.map (file: "-${pkgs.util-linux}/bin/umount ${passwordFilesLocation}/${file}") passwordFiles + )) ]; # Make the source files read-only after userborn has finished. - ExecStartPost = lib.mkIf (!userCfg.mutableUsers) - (lib.map - (file: "${pkgs.util-linux}/bin/mount --bind -o ro ${passwordFilesLocation}/${file} ${passwordFilesLocation}/${file}") - passwordFiles); + ExecStartPost = lib.mkIf (!userCfg.mutableUsers) ( + lib.map ( + file: + "${pkgs.util-linux}/bin/mount --bind -o ro ${passwordFilesLocation}/${file} ${passwordFilesLocation}/${file}" + ) passwordFiles + ); }; }; }; @@ -143,12 +157,17 @@ in # Statically create the symlinks to immutablePasswordFilesLocation when # using an immutable /etc because we will not be able to do it at # runtime! - environment.etc = lib.mkIf immutableEtc (lib.listToAttrs (lib.map - (file: lib.nameValuePair file { - source = "${cfg.immutablePasswordFilesLocation}/${file}"; - mode = "direct-symlink"; - }) - passwordFiles)); + environment.etc = lib.mkIf immutableEtc ( + lib.listToAttrs ( + lib.map ( + file: + lib.nameValuePair file { + source = "${cfg.immutablePasswordFilesLocation}/${file}"; + mode = "direct-symlink"; + } + ) passwordFiles + ) + ); }; meta.maintainers = with lib.maintainers; [ nikstur ]; diff --git a/nix/packages/userborn.nix b/nix/packages/userborn.nix index 6c4c230..85cc325 100644 --- a/nix/packages/userborn.nix +++ b/nix/packages/userborn.nix @@ -1,7 +1,8 @@ -{ lib -, rustPlatform -, makeBinaryWrapper -, mkpasswd +{ + lib, + rustPlatform, + makeBinaryWrapper, + mkpasswd, }: let @@ -11,23 +12,21 @@ rustPlatform.buildRustPackage { pname = cargoToml.package.name; inherit (cargoToml.package) version; - src = lib.sourceFilesBySuffices ../../rust/userborn [ ".rs" ".toml" ".lock" ]; + src = lib.sourceFilesBySuffices ../../rust/userborn [ + ".rs" + ".toml" + ".lock" + ]; cargoLock = { lockFile = ../../rust/userborn/Cargo.lock; }; - nativeBuildInputs = [ - makeBinaryWrapper - ]; + nativeBuildInputs = [ makeBinaryWrapper ]; - buildInputs = [ - mkpasswd - ]; + buildInputs = [ mkpasswd ]; - nativeCheckInputs = [ - mkpasswd - ]; + nativeCheckInputs = [ mkpasswd ]; postInstall = '' wrapProgram $out/bin/userborn --prefix PATH : ${lib.makeBinPath [ mkpasswd ]} diff --git a/nix/tests/default.nix b/nix/tests/default.nix index 5b95d6c..f962f02 100644 --- a/nix/tests/default.nix +++ b/nix/tests/default.nix @@ -1,13 +1,15 @@ { pkgs, extraBaseModules }: let - runTest = module: pkgs.testers.runNixOSTest { - imports = [ module ]; - globalTimeout = 5 * 60; - extraBaseModules = { - imports = builtins.attrValues extraBaseModules; + runTest = + module: + pkgs.testers.runNixOSTest { + imports = [ module ]; + globalTimeout = 5 * 60; + extraBaseModules = { + imports = builtins.attrValues extraBaseModules; + }; }; - }; in { userborn = runTest ./userborn.nix; diff --git a/nix/tests/userborn-immutable-users.nix b/nix/tests/userborn-immutable-users.nix index 20d63c3..aab872a 100644 --- a/nix/tests/userborn-immutable-users.nix +++ b/nix/tests/userborn-immutable-users.nix @@ -7,42 +7,44 @@ let imports = [ ./common/userborn.nix ]; users.mutableUsers = false; }; -in +in { name = "userborn-immutable-users"; meta.maintainers = with lib.maintainers; [ nikstur ]; - nodes.machine = { config, pkgs, ... }: { - imports = [ common ]; + nodes.machine = + { config, pkgs, ... }: + { + imports = [ common ]; - users = { users = { - normalo = { - isNormalUser = true; - hashedPassword = normaloHashedPassword; + users = { + normalo = { + isNormalUser = true; + hashedPassword = normaloHashedPassword; + }; }; }; - }; - specialisation.new-generation = { - inheritParentConfig = false; - configuration = { - nixpkgs = { - inherit (config.nixpkgs) hostPlatform; - }; - imports = [ common ]; + specialisation.new-generation = { + inheritParentConfig = false; + configuration = { + nixpkgs = { + inherit (config.nixpkgs) hostPlatform; + }; + imports = [ common ]; - users.users = { - new-normalo = { - isNormalUser = true; + users.users = { + new-normalo = { + isNormalUser = true; + }; }; }; }; }; - }; testScript = '' machine.wait_for_unit("userborn.service") diff --git a/nix/tests/userborn-mutable-users.nix b/nix/tests/userborn-mutable-users.nix index 41a0185..9e57045 100644 --- a/nix/tests/userborn-mutable-users.nix +++ b/nix/tests/userborn-mutable-users.nix @@ -7,43 +7,45 @@ let imports = [ ./common/userborn.nix ]; users.mutableUsers = true; }; -in +in { name = "userborn-mutable-users"; meta.maintainers = with lib.maintainers; [ nikstur ]; - nodes.machine = { config, pkgs, ... }: { - imports = [ common ]; + nodes.machine = + { config, pkgs, ... }: + { + imports = [ common ]; - users = { - mutableUsers = true; users = { - normalo = { - isNormalUser = true; - hashedPassword = normaloHashedPassword; + mutableUsers = true; + users = { + normalo = { + isNormalUser = true; + hashedPassword = normaloHashedPassword; + }; }; }; - }; - specialisation.new-generation = { - inheritParentConfig = false; - configuration = { - nixpkgs = { - inherit (config.nixpkgs) hostPlatform; - }; - imports = [ common ]; + specialisation.new-generation = { + inheritParentConfig = false; + configuration = { + nixpkgs = { + inherit (config.nixpkgs) hostPlatform; + }; + imports = [ common ]; - users.users = { - new-normalo = { - isNormalUser = true; + users.users = { + new-normalo = { + isNormalUser = true; + }; }; }; }; }; - }; testScript = '' machine.wait_for_unit("userborn.service") diff --git a/nix/tests/userborn.nix b/nix/tests/userborn.nix index 0122cd9..36e9644 100644 --- a/nix/tests/userborn.nix +++ b/nix/tests/userborn.nix @@ -12,67 +12,69 @@ let updatedSysuserInitialHashedPassword = "$y$j9T$kUBVhgOdSjymSfwfRVja70$eqCwWzVsz0fI0Uc6JsdD2CYMCpfJcErqnIqva2JCi1D"; newNormaloHashedPassword = "$y$j9T$UFBMWbGjjVola0YE9YCcV/$jRSi5S6lzkcifbuqjMcyXLTwgOGm9BTQk/G/jYaxroC"; -in +in { name = "userborn"; meta.maintainers = with lib.maintainers; [ nikstur ]; - nodes.machine = { pkgs, ... }: { - imports = [ ./common/userborn.nix ]; - - # Read this password file at runtime from outside the Nix store. - environment.etc."rootpw.secret".text = rootHashedPasswordFile; + nodes.machine = + { pkgs, ... }: + { + imports = [ ./common/userborn.nix ]; - users = { - users = { - root = { - # Override the empty root password set by the test instrumentation. - hashedPasswordFile = lib.mkForce "/etc/rootpw.secret"; - }; - normalo = { - isNormalUser = true; - password = normaloPassword; - }; - sysuser = { - isSystemUser = true; - group = "sysusers"; - initialHashedPassword = sysuserInitialHashedPassword; - }; - }; - groups = { - sysusers = { }; - }; - }; + # Read this password file at runtime from outside the Nix store. + environment.etc."rootpw.secret".text = rootHashedPasswordFile; - specialisation.new-generation.configuration = { users = { users = { root = { - # Forcing this to null simulates removing the config value in a new - # generation. - hashedPasswordFile = lib.mkOverride 9 null; - hashedPassword = updatedRootHashedPassword; + # Override the empty root password set by the test instrumentation. + hashedPasswordFile = lib.mkForce "/etc/rootpw.secret"; }; normalo = { - hashedPassword = updatedNormaloHashedPassword; + isNormalUser = true; + password = normaloPassword; }; sysuser = { - initialHashedPassword = lib.mkForce updatedSysuserInitialHashedPassword; - }; - new-normalo = { - isNormalUser = true; - hashedPassword = newNormaloHashedPassword; + isSystemUser = true; + group = "sysusers"; + initialHashedPassword = sysuserInitialHashedPassword; }; }; groups = { - new-group = { }; + sysusers = { }; + }; + }; + + specialisation.new-generation.configuration = { + users = { + users = { + root = { + # Forcing this to null simulates removing the config value in a new + # generation. + hashedPasswordFile = lib.mkOverride 9 null; + hashedPassword = updatedRootHashedPassword; + }; + normalo = { + hashedPassword = updatedNormaloHashedPassword; + }; + sysuser = { + initialHashedPassword = lib.mkForce updatedSysuserInitialHashedPassword; + }; + new-normalo = { + isNormalUser = true; + hashedPassword = newNormaloHashedPassword; + }; + }; + groups = { + new-group = { }; + }; }; }; }; - }; testScript = '' machine.wait_for_unit("userborn.service")