treefmt

flake.nix

@@ -25,10 +25,10 @@
         packages.default = pkgs.callPackage ./default.nix {};
         devShells.default = pkgs.callPackage ./shell.nix {};
         checks = let
-          nixosTests = (pkgs.callPackages ./nix/checks/nixos-test.nix {
+          nixosTests = pkgs.callPackages ./nix/checks/nixos-test.nix {
             makeTest = import (pkgs.path + "/nixos/tests/make-test-python.nix");
             inherit (self.nixosModules) vaultAgent systemdVaultd;
-          });
+          };
         in {
           treefmt = pkgs.callPackage ./nix/checks/treefmt.nix {};
           inherit (nixosTests) unittests vault-agent systemd-vaultd;

nix/checks/dev-vault-server.nix

@@ -1,7 +1,10 @@
-{ config, lib, pkgs, ... }:
-
 {
-  environment.systemPackages = [ pkgs.vault ];
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  environment.systemPackages = [pkgs.vault];
   services.vault = {
     enable = true;
     dev = true;
@@ -11,7 +14,7 @@
   environment.variables.VAULT_TOKEN = config.services.vault.devRootTokenID;
 
   systemd.services.setup-vault-agent-approle = {
-    path = [ pkgs.jq pkgs.vault pkgs.systemd ];
+    path = [pkgs.jq pkgs.vault pkgs.systemd];
     wantedBy = ["multi-user.target"];
 
     serviceConfig = {
@@ -48,7 +51,7 @@
 
   # Make sure our setup service is started before our vault-agent
   systemd.services.vault-agent-test = {
-    wants = [ "setup-vault-agent-approle.service" ];
+    wants = ["setup-vault-agent-approle.service"];
-    after = [ "setup-vault-agent-approle.service" ];
+    after = ["setup-vault-agent-approle.service"];
   };
 }

nix/modules/systemd-vaultd.nix

@@ -1,12 +1,14 @@
-{ config, lib, pkgs, ... }:
-
-let
-  systemd-vaultd = pkgs.callPackage ../../default.nix {};
-in
 {
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  systemd-vaultd = pkgs.callPackage ../../default.nix {};
+in {
   systemd.sockets.systemd-vaultd = {
     description = "systemd-vaultd socket";
-    wantedBy = [ "sockets.target" ];
+    wantedBy = ["sockets.target"];
 
     socketConfig = {
       ListenStream = "/run/systemd-vaultd/sock";
@@ -16,8 +18,8 @@ in
   };
   systemd.services.systemd-vaultd = {
     description = "systemd-vaultd daemon";
-    requires = [ "systemd-vaultd.socket" ];
+    requires = ["systemd-vaultd.socket"];
-    after = [ "systemd-vaultd.socket" ];
+    after = ["systemd-vaultd.socket"];
     serviceConfig = {
       ExecStart = "${systemd-vaultd}/bin/systemd-vaultd";
     };

nix/modules/vault-agent.nix

@@ -1,5 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
-let
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
   cfg = config.services.vault;
   settingsFormat = pkgs.formats.json {};
 
@@ -23,7 +27,7 @@ let
     options = {
       method = lib.mkOption {
         type = lib.types.listOf autoAuthMethodModule;
-        default = [ ];
+        default = [];
       };
     };
   };
@@ -45,17 +49,16 @@ let
     options = {
       auto_auth = lib.mkOption {
         type = autoAuthModule;
-        default = { };
+        default = {};
       };
 
       template_config = lib.mkOption {
         type = templateConfigModule;
-        default = { };
+        default = {};
       };
     };
   };
-in
+in {
-{
   options.services.vault.agents = lib.mkOption {
     default = {};
     description = "Instances of vault agent";
@@ -69,15 +72,17 @@ in
     });
   };
   config = {
-    systemd.services = lib.mapAttrs' (name: instanceCfg: lib.nameValuePair "vault-agent-${name}" ({
+    systemd.services = lib.mapAttrs' (name: instanceCfg:
-      after = [ "network.target" ];
+      lib.nameValuePair "vault-agent-${name}" {
-      wantedBy = [ "multi-user.target" ];
+        after = ["network.target"];
-      # Needs getent in PATH
+        wantedBy = ["multi-user.target"];
-      path = [ pkgs.glibc ];
+        # Needs getent in PATH
-      serviceConfig = {
+        path = [pkgs.glibc];
-        Restart = "on-failure";
+        serviceConfig = {
-        ExecStart = "${pkgs.vault}/bin/vault agent -config=${settingsFormat.generate "agent.json" instanceCfg.settings}";
+          Restart = "on-failure";
-      };
+          ExecStart = "${pkgs.vault}/bin/vault agent -config=${settingsFormat.generate "agent.json" instanceCfg.settings}";
-    })) cfg.agents;
+        };
+      })
+    cfg.agents;
   };
 }