fix whitespacing issues

2024-08-04 02:30:25 +02:00 · 2024-08-04 02:30:25 +02:00 · 9dbf5d56f5
parent 64b5bb548b
commit 9dbf5d56f5
25 changed files with 131 additions and 131 deletions
--- a/hosts/bekkalokk/services/gitea/ci.nix
+++ b/hosts/bekkalokk/services/gitea/ci.nix
@ -15,9 +15,9 @@ let
        enable = true;
        name = "git-runner-${name}"; url = "https://git.pvv.ntnu.no";
        labels = [
-	  "debian-latest:docker://node:18-bullseye"
+          "debian-latest:docker://node:18-bullseye"
-	  "ubuntu-latest:docker://node:18-bullseye"
+          "ubuntu-latest:docker://node:18-bullseye"
-	];
+        ];
        tokenFile = config.sops.secrets."gitea/runners/${name}".path;
      };
    };
--- a/hosts/bekkalokk/services/idp-simplesamlphp/default.nix
+++ b/hosts/bekkalokk/services/idp-simplesamlphp/default.nix
@ -22,62 +22,62 @@ let
      # openssl req -newkey rsa:4096 -new -x509 -days 365 -nodes -out idp.crt -keyout idp.pem
      "metadata/saml20-idp-hosted.php" = pkgs.writeText "saml20-idp-remote.php" ''
        <?php
-	  $metadata['https://idp.pvv.ntnu.no/'] = array(
+        $metadata['https://idp.pvv.ntnu.no/'] = array(
-	    'host' => '__DEFAULT__',
+          'host' => '__DEFAULT__',
-	    'privatekey' => '${config.sops.secrets."idp/privatekey".path}',
+          'privatekey' => '${config.sops.secrets."idp/privatekey".path}',
-	    'certificate' => '${./idp.crt}',
+          'certificate' => '${./idp.crt}',
-	    'auth' => 'pwauth',
+          'auth' => 'pwauth',
-	  );
+        );
-	?>
+        ?>
      '';
      "metadata/saml20-sp-remote.php" = pkgs.writeText "saml20-sp-remote.php" ''
        <?php
-	  ${ lib.pipe config.services.idp.sp-remote-metadata [
+          ${ lib.pipe config.services.idp.sp-remote-metadata [
-             (map (url: ''
+            (map (url: ''
-               $metadata['${url}'] = [
+              $metadata['${url}'] = [
-                   'SingleLogoutService' => [
+                'SingleLogoutService' => [
-                       [
+                  [
-                           'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
+                    'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
-                           'Location' => '${url}module.php/saml/sp/saml2-logout.php/default-sp',
+                    'Location' => '${url}module.php/saml/sp/saml2-logout.php/default-sp',
-                       ],
+                  ],
-                       [
+                  [
-                           'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
+                    'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
-                           'Location' => '${url}module.php/saml/sp/saml2-logout.php/default-sp',
+                    'Location' => '${url}module.php/saml/sp/saml2-logout.php/default-sp',
-                       ],
+                  ],
-                   ],
+                ],
-                   'AssertionConsumerService' => [
+                'AssertionConsumerService' => [
-                       [
+                  [
-                           'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
+                    'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
-                           'Location' => '${url}module.php/saml/sp/saml2-acs.php/default-sp',
+                    'Location' => '${url}module.php/saml/sp/saml2-acs.php/default-sp',
-                           'index' => 0,
+                    'index' => 0,
-                       ],
+                  ],
-                       [
+                  [
-                           'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
+                    'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
-                           'Location' => '${url}module.php/saml/sp/saml2-acs.php/default-sp',
+                    'Location' => '${url}module.php/saml/sp/saml2-acs.php/default-sp',
-                           'index' => 1,
+                    'index' => 1,
-                       ],
+                  ],
-                   ],
+                ],
-               ];
+              ];
-	     ''))
+            ''))
-	     (lib.concatStringsSep "\n")
+            (lib.concatStringsSep "\n")
-	  ]}
+          ]}
-	?>
+        ?>
      '';
      "config/authsources.php" = pkgs.writeText "idp-authsources.php" ''
        <?php
          $config = array(
-	    'admin' => array(
+            'admin' => array(
-	      'core:AdminPassword'
+              'core:AdminPassword'
-	    ),
+            ),
            'pwauth' => array(
-               'authpwauth:PwAuth',
+              'authpwauth:PwAuth',
-               'pwauth_bin_path' => '${lib.getExe pwAuthScript}',
+              'pwauth_bin_path' => '${lib.getExe pwAuthScript}',
-               'mail_domain' => '@pvv.ntnu.no',
+              'mail_domain' => '@pvv.ntnu.no',
            ),
          );
-	?>
+        ?>
      '';
      "config/config.php" = pkgs.runCommandLocal "simplesamlphp-config.php" { } ''
@ -108,7 +108,7 @@ in
      List of urls point to (simplesamlphp) service profiders, which the idp should trust.
      :::{.note}
-	Make sure the url ends with a `/`
+      Make sure the url ends with a `/`
      :::
    '';
  };
@ -199,9 +199,9 @@ in
          '';
        };
        "^~ /simplesaml/".extraConfig = ''
-	  rewrite ^/simplesaml/(.*)$ /$1 redirect;
+          rewrite ^/simplesaml/(.*)$ /$1 redirect;
-	  return 404;
+          return 404;
-	'';
+        '';
      };
    };
  };
--- a/hosts/bekkalokk/services/kerberos/pam.nix
+++ b/hosts/bekkalokk/services/kerberos/pam.nix
@ -885,9 +885,9 @@ let
  # Create a limits.conf(5) file.
  makeLimitsConf = limits:
    pkgs.writeText "limits.conf"
-       (concatMapStrings ({ domain, type, item, value }:
+      (concatMapStrings ({ domain, type, item, value }:
-         "${domain} ${type} ${item} ${toString value}\n")
+        "${domain} ${type} ${item} ${toString value}\n")
-         limits);
+        limits);
  limitsType = with lib.types; listOf (submodule ({ ... }: {
    options = {
@ -935,8 +935,8 @@ let
  }));
  motd = if config.users.motdFile == null
-         then pkgs.writeText "motd" config.users.motd
+    then pkgs.writeText "motd" config.users.motd
-         else config.users.motdFile;
+    else config.users.motdFile;
  makePAMService = name: service:
    { name = "pam.d/${name}";
@ -976,20 +976,20 @@ in
            item   = "maxlogins";
            value  = "4";
          }
-       ];
+        ];
-     description = lib.mdDoc ''
+      description = lib.mdDoc ''
-       Define resource limits that should apply to users or groups.
+        Define resource limits that should apply to users or groups.
-       Each item in the list should be an attribute set with a
+        Each item in the list should be an attribute set with a
-       {var}`domain`, {var}`type`,
+        {var}`domain`, {var}`type`,
-       {var}`item`, and {var}`value`
+        {var}`item`, and {var}`value`
-       attribute.  The syntax and semantics of these attributes
+        attribute.  The syntax and semantics of these attributes
-       must be that described in {manpage}`limits.conf(5)`.
+        must be that described in {manpage}`limits.conf(5)`.
-       Note that these limits do not apply to systemd services,
+        Note that these limits do not apply to systemd services,
-       whose limits can be changed via {option}`systemd.extraConfig`
+        whose limits can be changed via {option}`systemd.extraConfig`
-       instead.
+        instead.
-     '';
+      '';
    };
    security.pam.services = mkOption {
@ -1507,8 +1507,8 @@ in
        runuser = { rootOK = true; unixAuth = false; setEnvironment = false; };
        /* FIXME: should runuser -l start a systemd session? Currently
-           it complains "Cannot create session: Already running in a
+            it complains "Cannot create session: Already running in a
-           session". */
+            session". */
        runuser-l = { rootOK = true; unixAuth = false; };
      } // optionalAttrs config.security.pam.enableFscrypt {
        # Allow fscrypt to verify login passphrase
--- a/hosts/bekkalokk/services/website/default.nix
+++ b/hosts/bekkalokk/services/website/default.nix
@ -43,7 +43,7 @@ in {
                  'idp' => 'https://idp.pvv.ntnu.no/',
              ),
          );
-	'';
+        '';
      };
    };
--- a/hosts/bekkalokk/services/website/fetch-gallery.nix
+++ b/hosts/bekkalokk/services/website/fetch-gallery.nix
@ -46,7 +46,7 @@ in {
      while IFS= read fname; do
        # Skip this file if an up-to-date thumbnail already exists
        if [ -f ".thumbnails/$fname.png" ] && \
-           [ "$(date -R -r "$fname")" == "$(date -R -r ".thumbnails/$fname.png")" ]
+          [ "$(date -R -r "$fname")" == "$(date -R -r ".thumbnails/$fname.png")" ]
        then
          continue
        fi
@ -54,7 +54,7 @@ in {
        echo "Creating thumbnail for $fname"
        mkdir -p $(dirname ".thumbnails/$fname")
        convert -define jpeg:size=200x200 "$fname" -thumbnail 300 -auto-orient ".thumbnails/$fname.png" ||:
-	touch -m -d "$(date -R -r "$fname")" ".thumbnails/$fname.png"
+        touch -m -d "$(date -R -r "$fname")" ".thumbnails/$fname.png"
      done <<< "$images"
    '';
--- a/hosts/bicep/services/mysql.nix
+++ b/hosts/bicep/services/mysql.nix
@ -15,12 +15,12 @@
      mysqld = {
        # PVV allows a lot of connections at the same time
        max_connect_errors = 10000;
-	bind-address = values.services.mysql.ipv4;
+        bind-address = values.services.mysql.ipv4;
-	skip-networking = 0;
+        skip-networking = 0;
-	# This was needed in order to be able to use all of the old users
+        # This was needed in order to be able to use all of the old users
-	# during migration from knakelibrak to bicep in Sep. 2023
+        # during migration from knakelibrak to bicep in Sep. 2023
-	secure_auth = 0;
+        secure_auth = 0;
      };
    };
--- a/hosts/ildkule/services/monitoring/grafana.nix
+++ b/hosts/ildkule/services/monitoring/grafana.nix
@ -35,7 +35,7 @@ in {
          name = "Ildkule Prometheus";
          type = "prometheus";
          url = "http://${config.services.prometheus.listenAddress}:${toString config.services.prometheus.port}";
-         isDefault = true;
+          isDefault = true;
        }
        {
          name = "Ildkule loki";
@ -56,13 +56,13 @@ in {
          url = "https://raw.githubusercontent.com/matrix-org/synapse/develop/contrib/grafana/synapse.json";
          options.path = dashboards/synapse.json;
        }
-	# TODO: enable once https://github.com/NixOS/nixpkgs/pull/242365 gets merged
+        # TODO: enable once https://github.com/NixOS/nixpkgs/pull/242365 gets merged
-	# {
+        # {
-	#   name = "MySQL";
+        #   name = "MySQL";
-	#   type = "file";
+        #   type = "file";
-	#   url = "https://raw.githubusercontent.com/prometheus/mysqld_exporter/main/mysqld-mixin/dashboards/mysql-overview.json";
+        #   url = "https://raw.githubusercontent.com/prometheus/mysqld_exporter/main/mysqld-mixin/dashboards/mysql-overview.json";
-	#   options.path = dashboards/mysql.json;
+        #   options.path = dashboards/mysql.json;
-	# }
+        # }
        {
          name = "Postgresql";
          type = "file";
--- a/hosts/ildkule/services/monitoring/loki.nix
+++ b/hosts/ildkule/services/monitoring/loki.nix
@ -58,7 +58,7 @@ in {
      };
      limits_config = {
-	allow_structured_metadata = false;
+        allow_structured_metadata = false;
        reject_old_samples = true;
        reject_old_samples_max_age = "72h";
      };
--- a/modules/snakeoil-certs.nix
+++ b/modules/snakeoil-certs.nix
@ -36,10 +36,10 @@ in
          type = lib.types.str;
          default = "${name}.key";
        };
-	subject = lib.mkOption {
+        subject = lib.mkOption {
-	  type = lib.types.str;
+          type = lib.types.str;
-	  default = "/C=NO/O=Programvareverkstedet/CN=*.pvv.ntnu.no/emailAddress=drift@pvv.ntnu.no";
+          default = "/C=NO/O=Programvareverkstedet/CN=*.pvv.ntnu.no/emailAddress=drift@pvv.ntnu.no";
-	};
+        };
      };
    }));
  };
@ -54,16 +54,16 @@ in
        mkdir -p $(dirname "${value.certificate}") $(dirname "${value.certificateKey}")
        if ! ${openssl} x509 -checkend 86400 -noout -in ${value.certificate}
        then
-           echo "Regenerating '${value.certificate}'"
+          echo "Regenerating '${value.certificate}'"
-           ${openssl} req \
+          ${openssl} req \
-             -newkey rsa:4096 \
+            -newkey rsa:4096 \
-             -new -x509 \
+            -new -x509 \
-             -days "${toString value.daysValid}" \
+            -days "${toString value.daysValid}" \
-             -nodes \
+            -nodes \
-             -subj "${value.subject}" \
+            -subj "${value.subject}" \
-             -out "${value.certificate}" \
+            -out "${value.certificate}" \
-             -keyout "${value.certificateKey}" \
+            -keyout "${value.certificateKey}" \
-             ${lib.escapeShellArgs value.extraOpenSSLArgs}
+            ${lib.escapeShellArgs value.extraOpenSSLArgs}
        fi
        chown "${value.owner}:${value.group}" "${value.certificate}"
        chown "${value.owner}:${value.group}" "${value.certificateKey}"