shfmt: enable shfmt to align all the shell scripts

Signed-off-by: Brian McGillion <[email protected]>

Author: brianmcgillion

docs/src/content/docs/ghaf/dev/ref/modules.mdx

@@ -283,20 +283,18 @@ See [Memory Wipe on Boot and Free](/ghaf/dev/ref/memory-wipe) for detailed docum
 ```nix
 { config, lib, pkgs, ... }:
 
-with lib;
-
 {
   options.ghaf.moduleName = {
-    enable = mkEnableOption "module description";
+    enable = lib.mkEnableOption "module description";
 
-    setting = mkOption {
-      type = types.str;
+    setting = lib.mkOption {
+      type = lib.types.str;
       default = "default-value";
       description = "Setting description with examples";
     };
   };
 
-  config = mkIf config.ghaf.moduleName.enable {
+  config = lib.mkIf config.ghaf.moduleName.enable {
     # Implementation
   };
 }

docs/src/content/docs/ghaf/dev/ref/packages.mdx

@@ -160,7 +160,7 @@ stdenv.mkDerivation rec {
 
   src = ./src;
 
-  meta = with lib; {
+  meta = {
     description = "Brief description of package purpose";
     longDescription = ''
       Detailed description including:
@@ -170,9 +170,9 @@ stdenv.mkDerivation rec {
       - Security considerations
     '';
     homepage = "https://ghaf.tii.ae/ghaf/dev/ref/packages";
-    license = licenses.asl20;
-    maintainers = with maintainers; [ /* maintainer list */ ];
-    platforms = platforms.linux;
+    license = lib.licenses.asl20;
+    maintainers = with lib.maintainers; [ /* maintainer list */ ];
+    platforms = lib.platforms.linux;
   };
 }
 ```

lib/icons.nix

@@ -40,7 +40,7 @@
     name: srcPath: size:
     let
       out =
-        pkgs.runCommand "${name}-${size}" { nativeBuildInputs = with pkgs; [ buildPackages.imagemagick ]; }
+        pkgs.runCommand "${name}-${size}" { nativeBuildInputs = [ pkgs.buildPackages.imagemagick ]; }
           ''
             mkdir -p $out
             convert \
@@ -91,7 +91,7 @@
       sizes = builtins.split "x" size;
       width = builtins.head sizes;
       height = builtins.elemAt sizes 2;
-      out = pkgs.runCommand "${name}-${size}" { nativeBuildInputs = with pkgs; [ librsvg ]; } ''
+      out = pkgs.runCommand "${name}-${size}" { nativeBuildInputs = [ pkgs.librsvg ]; } ''
         mkdir -p $out
           rsvg-convert ${srcPath} -o $out/${name}.png \
             --width=${width} --height=${height} --keep-aspect-ratio

modules/common/firewall/attack-mitigation.nix

@@ -1,11 +1,18 @@
 # SPDX-FileCopyrightText: 2022-2026 TII (SSRC) and the Ghaf contributors
 # SPDX-License-Identifier: Apache-2.0
 { config, lib, ... }:
-
-with lib;
-
 let
   cfg = config.ghaf.firewall.attack-mitigation;
+
+  inherit (lib)
+    mkOption
+    mkEnableOption
+    mkAfter
+    mkForce
+    mkIf
+    types
+    ;
+
   floodType = types.submodule {
     options = {
       burstNum = mkOption {
@@ -88,7 +95,7 @@ in
     # ssh syn flood protection
     ghaf.firewall.tcpBlacklistRules = mkIf cfg.ssh.enable [
       {
-        port = head config.services.openssh.ports;
+        port = builtins.head config.services.openssh.ports;
         trackingSize = 100;
         inherit (cfg.ssh.rule) burstNum;
         inherit (cfg.ssh.rule) maxPacketFreq;

modules/microvm/common/ghaf-audio.nix

@@ -8,13 +8,21 @@
 }:
 let
   cfg = config.ghaf.ghaf-audio;
+
+  inherit (lib)
+    mkIf
+    mkEnableOption
+    mkOption
+    types
+    ;
+
   audiovmHost = "audio-vm";
   audiovmPort = config.ghaf.services.audio.pulseaudioTcpPort;
   address = "tcp:${audiovmHost}:${toString audiovmPort}";
   reconnectMs = 1000;
 in
 {
-  options.ghaf.ghaf-audio = with lib; {
+  options.ghaf.ghaf-audio = {
     enable = mkEnableOption "Ghaf audio support for application virtual machine.";
 
     name = mkOption {
@@ -27,22 +35,22 @@ in
     useTunneling = mkEnableOption "Enable local pulseaudio with tunneling";
   };
 
-  config = lib.mkIf cfg.enable {
+  config = mkIf cfg.enable {
     security.rtkit.enable = cfg.useTunneling;
-    ghaf.users.appUser.extraGroups = lib.mkIf cfg.useTunneling [
+    ghaf.users.appUser.extraGroups = mkIf cfg.useTunneling [
       "audio"
       "video"
     ];
 
-    hardware.pulseaudio = lib.mkIf cfg.useTunneling {
+    hardware.pulseaudio = mkIf cfg.useTunneling {
       enable = true;
       extraConfig = ''
         load-module module-tunnel-sink sink_name=${cfg.name}.speaker server=${address} reconnect_interval_ms=${toString reconnectMs}
         load-module module-tunnel-source source_name=${cfg.name}.mic server=${address} reconnect_interval_ms=${toString reconnectMs}
       '';
     };
 
-    environment = lib.mkIf (!cfg.useTunneling) {
+    environment = mkIf (!cfg.useTunneling) {
       systemPackages = [ pkgs.pulseaudio ];
       sessionVariables = {
         PULSE_SERVER = "${address}";

modules/reference/services/globalprotect-vpn/default.nix

@@ -7,11 +7,17 @@
   ...
 }:
 
-with lib;
-
 let
   cfg = config.ghaf.reference.services.globalprotect;
 
+  inherit (lib)
+    literalExpression
+    mkIf
+    mkEnableOption
+    mkOption
+    types
+    ;
+
   execStart =
     if cfg.csdWrapper == null then
       "${pkgs.globalprotect-openconnect}/bin/gpservice"

nix/treefmt.nix

@@ -35,6 +35,8 @@
 
           # Bash
           shellcheck.enable = true; # lints shell scripts https://github.com/koalaman/shellcheck
+          shfmt.enable = true; # bash formatter https://github.com/mvdan/sh
+          actionlint.enable = true; # github actions linter
 
           # TODO: treefmt claims it changes the files
           # though the files are not in the diff

packages/chrome-extensions/default.nix

@@ -92,9 +92,9 @@ let
         inherit id;
       };
 
-      meta = with lib; {
+      meta = {
         description = "Chrome extension ${id}";
-        platforms = platforms.all;
+        platforms = lib.platforms.all;
       };
     };
 in

packages/chrome-extensions/open-normal/src/open_normal.sh

@@ -13,15 +13,15 @@ CFGF="/etc/open-normal-extension.cfg"
 # Send browser extension API message. First send four bytes of the length of
 # the payload and then the actual payload.
 function Msg {
-    local len b1 b2 b3 b4
+  local len b1 b2 b3 b4
 
-    len="${#1}"
-    b1="$(( len & 255 ))"
-    b2="$(( (len >> 8) & 255 ))"
-    b3="$(( (len >> 16) & 255 ))"
-    b4="$(( (len >> 24) & 255 ))"
-    printf "%b" "$(printf "\\\\x%02x\\\\x%02x\\\\x%02x\\\\x%02x" "$b1" "$b2" "$b3" "$b4")"
-    printf "%s" "$1"
+  len="${#1}"
+  b1="$((len & 255))"
+  b2="$(((len >> 8) & 255))"
+  b3="$(((len >> 16) & 255))"
+  b4="$(((len >> 24) & 255))"
+  printf "%b" "$(printf '\\x%02x\\x%02x\\x%02x\\x%02x' "$b1" "$b2" "$b3" "$b4")"
+  printf "%s" "$1"
 }
 
 # Read the four bytes of length in the received API message
@@ -32,39 +32,39 @@ LEN="$(od -t u4 -A n -N 4 --endian=little)"
 # So 8k should be plenty for the time being
 # If length is negative or zero or larger than 8k, then message is invalid
 if [ -z "$LEN" ] || [ "$LEN" -le 0 ] || [ "$LEN" -gt 8192 ]; then
-    Msg "{\"status\":\"Failed to read parameters from API\"}"
-    exit 100
+  Msg '{"status":"Failed to read parameters from API"}'
+  exit 100
 fi
 
 # Read the json payload
 LANG=C IFS= read -r -d '' -n "$LEN" JSON
 # Remove json prefix
-PFX="{\"URL\":\""
+PFX='{"URL":"'
 URL="${JSON##"$PFX"}"
 # Remove json suffix
-SFX="\"}"
+SFX='"}'
 URL="${URL%%"$SFX"}"
 
 # Check that config file is readable
 if [ -r "$CFGF" ]; then
-    # Do not complain about not being able to follow non-constant source
-    # shellcheck disable=SC1090
-    . "$CFGF"
-    # Sanity check settings
-    if [ -z "$GIVC_PATH" ] || [ -z "$GIVC_OPTS" ] || [ ! -x "${GIVC_PATH}/bin/givc-cli" ]; then
-        Msg "{\"status\":\"Invalid config in ${CFGF}\"}"
-        exit 102
-    else
-        # Do not complain about double quotes, $GIVC_OPTS is purposefully unquoted here
-        # shellcheck disable=SC2086
-        "${GIVC_PATH}/bin/givc-cli" $GIVC_OPTS start app --vm chrome-vm google-chrome -- "${URL}" > /dev/null 2>&1
-        RES=$?
-        # Just return the exit value of givc-cli back to the browser
-        Msg "{\"status\":\"${RES}\"}"
-        exit "$RES"
-    fi
+  # Do not complain about not being able to follow non-constant source
+  # shellcheck disable=SC1090
+  . "$CFGF"
+  # Sanity check settings
+  if [ -z "$GIVC_PATH" ] || [ -z "$GIVC_OPTS" ] || [ ! -x "${GIVC_PATH}/bin/givc-cli" ]; then
+    Msg "{\"status\":\"Invalid config in ${CFGF}\"}"
+    exit 102
+  else
+    # Do not complain about double quotes, $GIVC_OPTS is purposefully unquoted here
+    # shellcheck disable=SC2086
+    "${GIVC_PATH}/bin/givc-cli" $GIVC_OPTS start app --vm chrome-vm google-chrome -- "${URL}" >/dev/null 2>&1
+    RES=$?
+    # Just return the exit value of givc-cli back to the browser
+    Msg "{\"status\":\"${RES}\"}"
+    exit "$RES"
+  fi
 else
-    # Report error to the browser, config was nonexistent or unreadable
-    Msg "{\"status\":\"Failed to read ${CFGF}\"}"
-    exit 101
+  # Report error to the browser, config was nonexistent or unreadable
+  Msg "{\"status\":\"Failed to read ${CFGF}\"}"
+  exit 101
 fi

packages/pkgs-by-name/audit-rules/process-audit-rules.sh

@@ -47,12 +47,14 @@ find "$INPUT_DIR" -maxdepth 1 -type f -name "*.rules" -print0 | while IFS= read
       s/$/"/
     }
     s/^[[:space:]]*//; s/[[:space:]]*$//
-  ' "$current_input_file" | grep -v '^[[:space:]]*$' > "$TMP_PROCESSED_CONTENT"
+  ' "$current_input_file" | grep -v '^[[:space:]]*$' >"$TMP_PROCESSED_CONTENT"
 
   # Write the processed content to the output file
-  (echo "["
-  sed 's/^/  /' "$TMP_PROCESSED_CONTENT"
-  echo "]") > "$output_filename"
+  (
+    echo "["
+    sed 's/^/  /' "$TMP_PROCESSED_CONTENT"
+    echo "]"
+  ) >"$output_filename"
 
   # Cleanup
   rm "$TMP_PROCESSED_CONTENT"