treewide: Use nixfmt for formatting

2024-08-18 20:41:20 +02:00 · 2024-08-18 20:41:20 +02:00 · 04f7a7ef1d
commit 04f7a7ef1d
parent 3a591863b0
27 changed files with 496 additions and 466 deletions
--- a/configuration/services/conduit.nix
+++ b/configuration/services/conduit.nix
@ -1,7 +1,8 @@
-{ pkgs
-, config
-, lib
-, ...
+{
+  pkgs,
+  config,
+  lib,
+  ...
 }:
 let
  inherit (lib.strings) concatMapStringsSep;
@ -42,28 +43,30 @@ in
  systemd.services.heisenbridge =
    let
      replaceSecretBin = "${pkgs.replace-secret}/bin/replace-secret";
-      registrationFile = builtins.toFile "heisenbridge-registration.yaml" (builtins.toJSON {
-        id = "heisenbridge";
-        url = "http://127.0.0.1:9898";
-        as_token = "@AS_TOKEN@";
-        hs_token = "@HS_TOKEN@";
-        rate_limited = false;
-        sender_localpart = "heisenbridge";
-        namespaces = {
-          users = [
-            {
-              regex = "@irc_.*";
-              exclusive = true;
-            }
-            {
-              regex = "@heisenbridge:.*";
-              exclusive = true;
-            }
-          ];
-          aliases = [ ];
-          rooms = [ ];
-        };
-      });
+      registrationFile = builtins.toFile "heisenbridge-registration.yaml" (
+        builtins.toJSON {
+          id = "heisenbridge";
+          url = "http://127.0.0.1:9898";
+          as_token = "@AS_TOKEN@";
+          hs_token = "@HS_TOKEN@";
+          rate_limited = false;
+          sender_localpart = "heisenbridge";
+          namespaces = {
+            users = [
+              {
+                regex = "@irc_.*";
+                exclusive = true;
+              }
+              {
+                regex = "@heisenbridge:.*";
+                exclusive = true;
+              }
+            ];
+            aliases = [ ];
+            rooms = [ ];
+          };
+        }
+      );

      # TODO(tlater): Starting with systemd 253 it will become possible
      # to do the credential setup as part of ExecStartPre/preStart
@ -114,7 +117,7 @@ in
        RestrictRealtime = true;
        ProtectProc = "invisible";
        ProcSubset = "pid";
-        UMask = 0077;
+        UMask = 77;

        # For the identd port
        # CapabilityBoundingSet = ["CAP_NET_BIND_SERVICE"];
@ -134,9 +137,7 @@ in
    use-auth-secret = true;
    static-auth-secret-file = config.sops.secrets."turn/secret".path;
    realm = turn-realm;
-    relay-ips = [
-      "116.202.158.55"
-    ];
+    relay-ips = [ "116.202.158.55" ];

    # SSL config
    #
@ -245,9 +246,7 @@ in

  services.backups.conduit = {
    user = "root";
-    paths = [
-      "/var/lib/private/matrix-conduit/"
-    ];
+    paths = [ "/var/lib/private/matrix-conduit/" ];
    # Other services store their data in conduit, so no other services
    # need to be shut down currently.
    pauseServices = [ "conduit.service" ];