1 files changed, 35 insertions, 26 deletions

diff --git a/sys/web/sites/host.nix b/sys/web/sites/host.nix
index 32ef1a6..ea6cc23 100644
--- a/sys/web/sites/host.nix
+++ b/sys/web/sites/host.nix
@@ -1,4 +1,8 @@
-{ config, lib, ... }:
+{
+  config,
+  lib,
+  ...
+}:
 with lib; let
   cfg = config.local.web.sites.host;
 
@@ -10,15 +14,15 @@ with lib; let
   hostDomainName = "host-${hostname}";
 
   userCerts = flatten (flatten (mapAttrsToList
-    (name: user: map
+    (name: user:
+      map
       (cert: {
         fprint = config.local.pki.byPath.${cert}.fingerprint.sha1-lower;
         inherit name;
       })
       user.mail.certs)
     users));
-in
-{
+in {
   options.local.web.sites.host = {
     enable = mkEnableOption "host site, restricted to per-user client certs";
   };
@@ -26,7 +30,7 @@ in
   config = mkIf cfg.enable {
     local.web = {
       enable = mkDefault true;
-      ownedCerts = [ hostDomainName ];
+      ownedCerts = [hostDomainName];
     };
 
     services = {
@@ -53,31 +57,36 @@ in
               #}
             '';
 
-            locations = {
-              "/".return = 403;
-            } // concatMapAttrs
-              (name: user:
-                let
-                  userLocation = config: {
-                    extraConfig = ''
+            locations =
+              {
+                "/".return = 403;
+              }
+              // concatMapAttrs
+              (name: user: let
+                userLocation = config: {
+                  extraConfig =
+                    ''
                       if ($host_user_from_fprint != "${name}") {
                         return 403;
                       }
-                    '' + config;
-                  };
+                    ''
+                    + config;
+                };
 
-                  userLocations = {
+                userLocations =
+                  {
                     "/${name}" = ''
                       return 404;
                     '';
-                  } // optionalAttrs user.mail.dav {
+                  }
+                  // optionalAttrs user.mail.dav {
                     "/${name}/dav" = ''
                       proxy_pass http://unix:/run/host-www/${name}/dav.sock;
                     '';
                   };
-                in
+              in
                 mapAttrs (_: userLocation) userLocations)
-              (filterAttrs (_: user: user.mail.certs != [ ]) users);
+              (filterAttrs (_: user: user.mail.certs != []) users);
           };
         };
       };
@@ -85,13 +94,13 @@ in
 
     systemd.tmpfiles.settings."10-run-host-www" =
       concatMapAttrs
-        (name: _: {
-          "/run/host-www/${name}".d = {
-            mode = "0750";
-            user = name;
-            group = "nginx";
-          };
-        })
-        users;
+      (name: _: {
+        "/run/host-www/${name}".d = {
+          mode = "0750";
+          user = name;
+          group = "nginx";
+        };
+      })
+      users;
   };
 }