From d7ac88762db111a7962c4e14b5f4e37ab85ccac7 Mon Sep 17 00:00:00 2001
From: Alejandro Soto <alejandro@34project.org>
Date: Sun, 24 Aug 2025 18:55:06 -0600
Subject: tree-wide: reformat using alejandra after enabling trivionomicon

---
 sys/boot/stack/luks-ext4-fscrypt-impermanence.nix | 78 ++++++++++++-----------
 1 file changed, 40 insertions(+), 38 deletions(-)

(limited to 'sys/boot/stack/luks-ext4-fscrypt-impermanence.nix')

diff --git a/sys/boot/stack/luks-ext4-fscrypt-impermanence.nix b/sys/boot/stack/luks-ext4-fscrypt-impermanence.nix
index 72336d6..81feb60 100644
--- a/sys/boot/stack/luks-ext4-fscrypt-impermanence.nix
+++ b/sys/boot/stack/luks-ext4-fscrypt-impermanence.nix
@@ -1,8 +1,12 @@
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 with lib; let
   cfg = config.local.boot.stack.luksExt4FscryptImpermanence;
-in
-{
+in {
   options.local.boot.stack.luksExt4FscryptImpermanence = {
     enable = mkEnableOption "filesystem stack: whatever LUKS approach+ext4+impermanence with per-boot keys";
 
@@ -30,60 +34,58 @@ in
   #         - /toplevel/boots/...
   #         - /toplevel/boots/last -> 2000-01-01T00:00:00-06:00 (mounted as /)
   config = mkIf cfg.enable {
-    boot.initrd.luks.devices.${cfg.target}.postOpenCommands =
-      let
-        fscryptctl = "${pkgs.fscryptctl}/bin/fscryptctl";
-      in
-      ''
-        # FIXME: posiblemente algunos --make-* son innecesarios a partir de aquí
-        mkdir -p /mnt-root /mnt-toplevel
-        mount -o noatime /dev/mapper/${cfg.target} /mnt-toplevel
-        mount --make-private /mnt-toplevel
+    boot.initrd.luks.devices.${cfg.target}.postOpenCommands = let
+      fscryptctl = "${pkgs.fscryptctl}/bin/fscryptctl";
+    in ''
+      # FIXME: posiblemente algunos --make-* son innecesarios a partir de aquí
+      mkdir -p /mnt-root /mnt-toplevel
+      mount -o noatime /dev/mapper/${cfg.target} /mnt-toplevel
+      mount --make-private /mnt-toplevel
 
-        boot_stamp="$(date -Is)"
-        root_from_toplevel="/mnt-toplevel/boots/$boot_stamp"
+      boot_stamp="$(date -Is)"
+      root_from_toplevel="/mnt-toplevel/boots/$boot_stamp"
 
-        mkdir -p "$root_from_toplevel" /mnt-toplevel/boot-keys
-        chmod 700 /mnt-toplevel/boot-keys
+      mkdir -p "$root_from_toplevel" /mnt-toplevel/boot-keys
+      chmod 700 /mnt-toplevel/boot-keys
 
-        head -c64 /dev/urandom >/boot-key
-        key_id=$(${fscryptctl} add_key /mnt-toplevel </boot-key)
-        ${fscryptctl} set_policy "$key_id" "$root_from_toplevel"
-        (umask 077; test -f /mnt-toplevel/boot-archive.pub && \
-          ${pkgs.openssl}/bin/openssl pkeyutl -encrypt \
-          -in /boot-key -pubin -inkey /mnt-toplevel/boot-archive.pub \
-          -out "/mnt-toplevel/boot-keys/$boot_stamp.key.crypt")
-        rm -f /boot-key
+      head -c64 /dev/urandom >/boot-key
+      key_id=$(${fscryptctl} add_key /mnt-toplevel </boot-key)
+      ${fscryptctl} set_policy "$key_id" "$root_from_toplevel"
+      (umask 077; test -f /mnt-toplevel/boot-archive.pub && \
+        ${pkgs.openssl}/bin/openssl pkeyutl -encrypt \
+        -in /boot-key -pubin -inkey /mnt-toplevel/boot-archive.pub \
+        -out "/mnt-toplevel/boot-keys/$boot_stamp.key.crypt")
+      rm -f /boot-key
 
-        ln -Tsf "$boot_stamp" /mnt-toplevel/boots/last
-        ln -Tsf "$boot_stamp.key.crypt" /mnt-toplevel/boot-keys/last.key.crypt
+      ln -Tsf "$boot_stamp" /mnt-toplevel/boots/last
+      ln -Tsf "$boot_stamp.key.crypt" /mnt-toplevel/boot-keys/last.key.crypt
 
-        mount --bind "$root_from_toplevel" /mnt-root
-        mount --make-shared /mnt-root
+      mount --bind "$root_from_toplevel" /mnt-root
+      mount --make-shared /mnt-root
 
-        # mount --move es mala idea, ya que "moving a mount residing under a
-        # shared mount is unsupported"
-        mkdir -p /mnt-root/toplevel
-        mount --bind /mnt-toplevel /mnt-root/toplevel
-        mount --make-private /mnt-root/toplevel
-        umount /mnt-toplevel
-      '';
+      # mount --move es mala idea, ya que "moving a mount residing under a
+      # shared mount is unsupported"
+      mkdir -p /mnt-root/toplevel
+      mount --bind /mnt-toplevel /mnt-root/toplevel
+      mount --make-private /mnt-root/toplevel
+      umount /mnt-toplevel
+    '';
 
     fileSystems = {
       "/" = {
         device = "none";
         fsType = "ext4";
-        options = [ "remount" ];
+        options = ["remount"];
       };
 
       "/nix" = {
         device = "/persist/nix";
-        options = [ "bind" ];
+        options = ["bind"];
       };
 
       "/persist" = {
         device = "/toplevel/persist";
-        options = [ "bind" ];
+        options = ["bind"];
         neededForBoot = true;
       };
     };
-- 
cgit v1.2.3