Enable more formatters via treefmt

alapshin · Dec 8, 2024 · cafd48d · cafd48d
1 parent 933f3dd
commit cafd48d
Show file tree

Hide file tree

Showing 21 changed files with 768 additions and 762 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,3 @@
+[*.sh]
+indent_size = 4
+indent_style = space
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -6,10 +6,10 @@ jobs:
   check:
     runs-on: ubuntu-24.04
     steps:
-    - uses: actions/checkout@v4
-    - uses: DeterminateSystems/nix-installer-action@v13
-    - uses: DeterminateSystems/magic-nix-cache-action@v7
-    - name: "Run nix flake checks"
-      run: ci/shell.sh
-      env:
-        SOPS_AGE_KEY: ${{ secrets.AGE_SECRET_KEY }}
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@v13
+      - uses: DeterminateSystems/magic-nix-cache-action@v7
+      - name: "Run nix flake checks"
+        run: ci/shell.sh
+        env:
+          SOPS_AGE_KEY: ${{ secrets.AGE_SECRET_KEY }}
diff --git a/.sops.yaml b/.sops.yaml
@@ -1,90 +1,88 @@
+stores:
+  json:
+    indent: 2
+  yaml:
+    indent: 2
 creation_rules:
   - path_regex: hosts/common/secrets.*
     key_groups:
       - age:
-        # bifrost
-        - age1rs5rev3ks20s67052nshr5asqctvylrlytksjrfsns8e93t78dssr7wzg9
-        # niflheim
-        - age1rs5rev3ks20s67052nshr5asqctvylrlytksjrfsns8e93t78dssr7wzg9
-        # carbon
-        - age10ewrmr20gy5pc74tyygws7z80jmh4yn5f4e4sh96mznrvw347ecqjc2ms7
-        # altdesk
-        - age1gwk0m9n4mrr7h572kkjxtkkl4p0t2mfc9f7ms0560s63x4pawgzq433tca
-        # desktop
-        - age18y57gdahad7zhrrgj2m4dd7fcgwfn4gpmxe9mhcrue8suq8e8c3stzd0ge
-        # alapshin-at-carbon
-        - age18cxypcgpy8ln3sch0j20thaps65w7nrtv6jvt3rrm5gysldq2vrqzgjf09
-        # alapshin-at-altdesk
-        - age1sfed5wmvj00snjxrtds0zt83kt7ffek6mdtgfykum6uzxnphwg4qp5rv2l
-        # alapshin-at-desktop
-        - age1k2t56rsp2xvdsvjxraytyfufedxcl7z548tc9dzdhzqpq9yyfc9sz2h70e
-
+          # bifrost
+          - age1rs5rev3ks20s67052nshr5asqctvylrlytksjrfsns8e93t78dssr7wzg9
+          # niflheim
+          - age1rs5rev3ks20s67052nshr5asqctvylrlytksjrfsns8e93t78dssr7wzg9
+          # carbon
+          - age10ewrmr20gy5pc74tyygws7z80jmh4yn5f4e4sh96mznrvw347ecqjc2ms7
+          # altdesk
+          - age1gwk0m9n4mrr7h572kkjxtkkl4p0t2mfc9f7ms0560s63x4pawgzq433tca
+          # desktop
+          - age18y57gdahad7zhrrgj2m4dd7fcgwfn4gpmxe9mhcrue8suq8e8c3stzd0ge
+          # alapshin-at-carbon
+          - age18cxypcgpy8ln3sch0j20thaps65w7nrtv6jvt3rrm5gysldq2vrqzgjf09
+          # alapshin-at-altdesk
+          - age1sfed5wmvj00snjxrtds0zt83kt7ffek6mdtgfykum6uzxnphwg4qp5rv2l
+          # alapshin-at-desktop
+          - age1k2t56rsp2xvdsvjxraytyfufedxcl7z548tc9dzdhzqpq9yyfc9sz2h70e
   - path_regex: hosts/personal/secrets.*
     key_groups:
       - age:
-        # carbon
-        - age10ewrmr20gy5pc74tyygws7z80jmh4yn5f4e4sh96mznrvw347ecqjc2ms7
-        # altdesk
-        - age1gwk0m9n4mrr7h572kkjxtkkl4p0t2mfc9f7ms0560s63x4pawgzq433tca
-        # desktop
-        - age18y57gdahad7zhrrgj2m4dd7fcgwfn4gpmxe9mhcrue8suq8e8c3stzd0ge
-        # alapshin-at-carbon
-        - age18cxypcgpy8ln3sch0j20thaps65w7nrtv6jvt3rrm5gysldq2vrqzgjf09
-        # alapshin-at-altdesk
-        - age1sfed5wmvj00snjxrtds0zt83kt7ffek6mdtgfykum6uzxnphwg4qp5rv2l
-        # alapshin-at-desktop
-        - age1k2t56rsp2xvdsvjxraytyfufedxcl7z548tc9dzdhzqpq9yyfc9sz2h70e
-
+          # carbon
+          - age10ewrmr20gy5pc74tyygws7z80jmh4yn5f4e4sh96mznrvw347ecqjc2ms7
+          # altdesk
+          - age1gwk0m9n4mrr7h572kkjxtkkl4p0t2mfc9f7ms0560s63x4pawgzq433tca
+          # desktop
+          - age18y57gdahad7zhrrgj2m4dd7fcgwfn4gpmxe9mhcrue8suq8e8c3stzd0ge
+          # alapshin-at-carbon
+          - age18cxypcgpy8ln3sch0j20thaps65w7nrtv6jvt3rrm5gysldq2vrqzgjf09
+          # alapshin-at-altdesk
+          - age1sfed5wmvj00snjxrtds0zt83kt7ffek6mdtgfykum6uzxnphwg4qp5rv2l
+          # alapshin-at-desktop
+          - age1k2t56rsp2xvdsvjxraytyfufedxcl7z548tc9dzdhzqpq9yyfc9sz2h70e
   - path_regex: hosts/carbon/secrets.*
     key_groups:
       - age:
-        # carbon
-        - age10ewrmr20gy5pc74tyygws7z80jmh4yn5f4e4sh96mznrvw347ecqjc2ms7
-        # alapshin-at-carbon
-        - age18cxypcgpy8ln3sch0j20thaps65w7nrtv6jvt3rrm5gysldq2vrqzgjf09
-
+          # carbon
+          - age10ewrmr20gy5pc74tyygws7z80jmh4yn5f4e4sh96mznrvw347ecqjc2ms7
+          # alapshin-at-carbon
+          - age18cxypcgpy8ln3sch0j20thaps65w7nrtv6jvt3rrm5gysldq2vrqzgjf09
   - path_regex: hosts/desktop/secrets.*
     key_groups:
       - age:
-        # desktop
-        - age18y57gdahad7zhrrgj2m4dd7fcgwfn4gpmxe9mhcrue8suq8e8c3stzd0ge
-        # alapshin-at-desktop
-        - age1k2t56rsp2xvdsvjxraytyfufedxcl7z548tc9dzdhzqpq9yyfc9sz2h70e
-
+          # desktop
+          - age18y57gdahad7zhrrgj2m4dd7fcgwfn4gpmxe9mhcrue8suq8e8c3stzd0ge
+          # alapshin-at-desktop
+          - age1k2t56rsp2xvdsvjxraytyfufedxcl7z548tc9dzdhzqpq9yyfc9sz2h70e
   - path_regex: hosts/altdesk/secrets.*
     key_groups:
       - age:
-        # altdesk
-        - age1gwk0m9n4mrr7h572kkjxtkkl4p0t2mfc9f7ms0560s63x4pawgzq433tca
-        # alapshin-at-altdesk
-        - age1sfed5wmvj00snjxrtds0zt83kt7ffek6mdtgfykum6uzxnphwg4qp5rv2l
-
+          # altdesk
+          - age1gwk0m9n4mrr7h572kkjxtkkl4p0t2mfc9f7ms0560s63x4pawgzq433tca
+          # alapshin-at-altdesk
+          - age1sfed5wmvj00snjxrtds0zt83kt7ffek6mdtgfykum6uzxnphwg4qp5rv2l
   - path_regex: hosts/bifrost/secrets.*
     key_groups:
       - age:
-        # bifrost
-        - age1rs5rev3ks20s67052nshr5asqctvylrlytksjrfsns8e93t78dssr7wzg9
-        # alapshin-at-carbon
-        - age18cxypcgpy8ln3sch0j20thaps65w7nrtv6jvt3rrm5gysldq2vrqzgjf09
-        # alapshin-at-desktop
-        - age1k2t56rsp2xvdsvjxraytyfufedxcl7z548tc9dzdhzqpq9yyfc9sz2h70e
-
+          # bifrost
+          - age1rs5rev3ks20s67052nshr5asqctvylrlytksjrfsns8e93t78dssr7wzg9
+          # alapshin-at-carbon
+          - age18cxypcgpy8ln3sch0j20thaps65w7nrtv6jvt3rrm5gysldq2vrqzgjf09
+          # alapshin-at-desktop
+          - age1k2t56rsp2xvdsvjxraytyfufedxcl7z548tc9dzdhzqpq9yyfc9sz2h70e
   - path_regex: hosts/niflheim/secrets.*
     key_groups:
       - age:
-        # niflheim
-        - age1rs5rev3ks20s67052nshr5asqctvylrlytksjrfsns8e93t78dssr7wzg9
-        # alapshin-at-carbon
-        - age18cxypcgpy8ln3sch0j20thaps65w7nrtv6jvt3rrm5gysldq2vrqzgjf09
-        # alapshin-at-desktop
-        - age1k2t56rsp2xvdsvjxraytyfufedxcl7z548tc9dzdhzqpq9yyfc9sz2h70e
-
+          # niflheim
+          - age1rs5rev3ks20s67052nshr5asqctvylrlytksjrfsns8e93t78dssr7wzg9
+          # alapshin-at-carbon
+          - age18cxypcgpy8ln3sch0j20thaps65w7nrtv6jvt3rrm5gysldq2vrqzgjf09
+          # alapshin-at-desktop
+          - age1k2t56rsp2xvdsvjxraytyfufedxcl7z548tc9dzdhzqpq9yyfc9sz2h70e
   - path_regex: users/alapshin/secrets.*
     key_groups:
       - age:
-        # alapshin-at-carbon
-        - age18cxypcgpy8ln3sch0j20thaps65w7nrtv6jvt3rrm5gysldq2vrqzgjf09
-        # alapshin-at-altdesk
-        - age1sfed5wmvj00snjxrtds0zt83kt7ffek6mdtgfykum6uzxnphwg4qp5rv2l
-        # alapshin-at-desktop
-        - age1k2t56rsp2xvdsvjxraytyfufedxcl7z548tc9dzdhzqpq9yyfc9sz2h70e
+          # alapshin-at-carbon
+          - age18cxypcgpy8ln3sch0j20thaps65w7nrtv6jvt3rrm5gysldq2vrqzgjf09
+          # alapshin-at-altdesk
+          - age1sfed5wmvj00snjxrtds0zt83kt7ffek6mdtgfykum6uzxnphwg4qp5rv2l
+          # alapshin-at-desktop
+          - age1k2t56rsp2xvdsvjxraytyfufedxcl7z548tc9dzdhzqpq9yyfc9sz2h70e
diff --git a/ci/build.sh b/ci/build.sh
@@ -65,13 +65,14 @@ function install-remote {
 }
 
 function sops-update-keys {
-    readarray -t encrypted_files <<< "$(grep \
-        --recursive \
-        --exclude-dir="ci" \
-        --exclude-dir=".git" \
-        --files-with-matches \
-        --regexp "unencrypted_suffix" \
-        )"
+    readarray -t encrypted_files <<<"$(
+        grep \
+            --recursive \
+            --exclude-dir="ci" \
+            --exclude-dir=".git" \
+            --files-with-matches \
+            --regexp "unencrypted_suffix"
+    )"
     for f in "${encrypted_files[@]}"; do
         sops updatekeys --yes "${f}"
     done
@@ -94,50 +95,51 @@ function decrypt-build-secrets {
     subdir=$1
 
     # Find all build-time secrets under specified subdirectory
-    readarray -t encrypted_files <<< "$(grep \
-        --regexp "unencrypted_suffix" \
-        --recursive \
-        --exclude-dir="ci" \
-        --exclude-dir=".git" \
-        --files-with-matches \
-        "${subdir}"/secrets/build/ \
+    readarray -t encrypted_files <<<"$(
+        grep \
+            --regexp "unencrypted_suffix" \
+            --recursive \
+            --exclude-dir="ci" \
+            --exclude-dir=".git" \
+            --files-with-matches \
+            "${subdir}"/secrets/build/
     )"
 
-    trap "reset-build-secrets ${subdir}"  EXIT
+    trap "reset-build-secrets ${subdir}" EXIT
     for f in "${encrypted_files[@]}"; do
         sops --decrypt --in-place "${f}"
     done
 }
 
 case $command in
-    check)
-        check
-        ;;
-    build)
-        build
-        ;;
-    update)
-        update
-        ;;
-    clean-store)
-        clean-store
-        ;;
-    switch-home)
-        switch-home
-        ;;
-    switch-system)
-        switch-system
-        ;;
-    deploy-remote)
-        deploy-remote
-        ;;
-    install-remote)
-        install-remote
-        ;;
-    sops-update-keys)
-        sops-update-keys
-        ;;
-    *)
-        echo -n "Unknown command $command" && exit 1
-        ;;
+check)
+    check
+    ;;
+build)
+    build
+    ;;
+update)
+    update
+    ;;
+clean-store)
+    clean-store
+    ;;
+switch-home)
+    switch-home
+    ;;
+switch-system)
+    switch-system
+    ;;
+deploy-remote)
+    deploy-remote
+    ;;
+install-remote)
+    install-remote
+    ;;
+sops-update-keys)
+    sops-update-keys
+    ;;
+*)
+    echo -n "Unknown command $command" && exit 1
+    ;;
 esac
diff --git a/dotfiles/borgmatic.yaml b/dotfiles/borgmatic.yaml
@@ -3,53 +3,47 @@
 # https://borgbackup.readthedocs.io/en/stable/usage/create.html
 # for details.
 location:
-    # List of source directories to backup (required). Globs and
-    # tildes are expanded. Do not backslash spaces in path names.
-    source_directories:
-        - /home/alapshin/calibre
-        - /home/alapshin/Documents
-        - /home/alapshin/Pictues
-        - /home/alapshin/Videos
-        - /home/alapshin/Syncthing
-
-    # Paths to local or remote repositories (required). Tildes are
-    # expanded. Multiple repositories are backed up to in
-    # sequence. Borg placeholders can be used. See the output of
-    # "borg help placeholders" for details. See ssh_command for
-    # SSH options like identity file or port. If systemd service
-    # is used, then add local repository paths in the systemd
-    # service file to the ReadWritePaths list.
-    repositories:
-        - rm4i22x5@rm4i22x5.repo.borgbase.com:repo
-
+  # List of source directories to backup (required). Globs and
+  # tildes are expanded. Do not backslash spaces in path names.
+  source_directories:
+    - /home/alapshin/calibre
+    - /home/alapshin/Documents
+    - /home/alapshin/Pictues
+    - /home/alapshin/Videos
+    - /home/alapshin/Syncthing
+  # Paths to local or remote repositories (required). Tildes are
+  # expanded. Multiple repositories are backed up to in
+  # sequence. Borg placeholders can be used. See the output of
+  # "borg help placeholders" for details. See ssh_command for
+  # SSH options like identity file or port. If systemd service
+  # is used, then add local repository paths in the systemd
+  # service file to the ReadWritePaths list.
+  repositories:
+    - rm4i22x5@rm4i22x5.repo.borgbase.com:repo
 # Retention policy for how many backups to keep in each category. See
 # https://borgbackup.readthedocs.io/en/stable/usage/prune.html for
 # details. At least one of the "keep" options is required for pruning
 # to work. To skip pruning entirely, run "borgmatic create" or "check"
 # without the "prune" action. See borgmatic documentation for details.
 retention:
-    keep_daily: 7
-    keep_weekly: 4
-    keep_monthly: 1
-
+  keep_daily: 7
+  keep_weekly: 4
+  keep_monthly: 1
 # Repository storage options. See
 # https://borgbackup.readthedocs.io/en/stable/usage/create.html and
 # https://borgbackup.readthedocs.io/en/stable/usage/general.html for
 # details.
 storage:
-    # Command to use instead of "ssh". This can be used to specify
-    # ssh options.  Defaults to not set.
-    ssh_command: ssh -i /run/secrets/borg/borgbase_ed25519
-
-    # Path for Borg encryption key files. Defaults to
-    # $borg_base_directory/.config/borg/keys
-    borg_keys_directory: /run/secrets/borg/keys
-
-    # The standard output of this command is used to unlock the
-    # encryption key. Only use on repositories that were
-    # initialized with passcommand/repokey/keyfile encryption.
-    # Note that if both encryption_passcommand and
-    # encryption_passphrase are set, then encryption_passphrase
-    # takes precedence. Defaults to not set.
-    encryption_passcommand: cat /run/secrets/borg/encryption_passphrase
-
+  # Command to use instead of "ssh". This can be used to specify
+  # ssh options.  Defaults to not set.
+  ssh_command: ssh -i /run/secrets/borg/borgbase_ed25519
+  # Path for Borg encryption key files. Defaults to
+  # $borg_base_directory/.config/borg/keys
+  borg_keys_directory: /run/secrets/borg/keys
+  # The standard output of this command is used to unlock the
+  # encryption key. Only use on repositories that were
+  # initialized with passcommand/repokey/keyfile encryption.
+  # Note that if both encryption_passcommand and
+  # encryption_passphrase are set, then encryption_passphrase
+  # takes precedence. Defaults to not set.
+  encryption_passcommand: cat /run/secrets/borg/encryption_passphrase