style(treewide): Apply linter suggestions

modules/crowdsec/default.nix

@@ -267,9 +267,7 @@ in
       };
     };
 
-    systemd.packages = [
-      cfg.package
-    ];
+    systemd.packages = [ cfg.package ];
 
     environment = {
       systemPackages = [

modules/crowdsec/remediations/cs-firewall-bouncer.nix

@@ -6,10 +6,11 @@
   ...
 }:
 let
+  inherit (flake-inputs.self.packages.${pkgs.system}) crowdsec-firewall-bouncer;
+
   crowdsecCfg = config.security.crowdsec;
   cfg = crowdsecCfg.remediationComponents.firewallBouncer;
   settingsFormat = pkgs.formats.yaml { };
-  crowdsec-firewall-bouncer = flake-inputs.self.packages.${pkgs.system}.crowdsec-firewall-bouncer;
 in
 {
   options.security.crowdsec.remediationComponents.firewallBouncer = {
@@ -31,9 +32,7 @@ in
     security.crowdsec.remediationComponents.firewallBouncer.settings = {
       mode = lib.mkDefault "${if config.networking.nftables.enable then "nftables" else "iptables"}";
       log_mode = "stdout";
-      iptables_chains = [
-        "nixos-fw"
-      ];
+      iptables_chains = [ "nixos-fw" ];
 
       # Don't let users easily override this; unfortunately we need to
       # set up this key through substitution at runtime.
@@ -78,9 +77,7 @@ in
           requiredBy = [ "crowdsec.service" ];
 
           path =
-            lib.optionals (cfg.settings.mode == "ipset" || cfg.settings.mode == "iptables") [
-              pkgs.ipset
-            ]
+            lib.optionals (cfg.settings.mode == "ipset" || cfg.settings.mode == "iptables") [ pkgs.ipset ]
             ++ lib.optional (cfg.settings.mode == "iptables") pkgs.iptables
             ++ lib.optional (cfg.settings.mode == "nftables") pkgs.nftables;
         };

modules/crowdsec/remediations/default.nix

@@ -1,5 +1 @@
-{
-  imports = [
-    ./cs-firewall-bouncer.nix
-  ];
-}
+{ imports = [ ./cs-firewall-bouncer.nix ]; }