treewide/nixos: remove with lib; part 5 (#335647)

NixOS · Dec 10, 2024 · 0311f6c · 0311f6c
2 parents 47f1ce8 + d013bf0
commit 0311f6c
Show file tree

Hide file tree

Showing 45 changed files with 1,135 additions and 1,256 deletions.
diff --git a/nixos/modules/security/ca.nix b/nixos/modules/security/ca.nix
@@ -1,7 +1,4 @@
 { config, lib, pkgs, ... }:
-
-with lib;
-
 let
 
   cfg = config.security.pki;
@@ -19,12 +16,12 @@ in
 {
 
   options = {
-    security.pki.installCACerts = mkEnableOption "installing CA certificates to the system" // {
+    security.pki.installCACerts = lib.mkEnableOption "installing CA certificates to the system" // {
       default = true;
       internal = true;
     };
 
-    security.pki.useCompatibleBundle = mkEnableOption ''
+    security.pki.useCompatibleBundle = lib.mkEnableOption ''
       usage of a compatibility bundle.
 
       Such a bundle consists exclusively of `BEGIN CERTIFICATE` and no `BEGIN TRUSTED CERTIFICATE`,
@@ -36,10 +33,10 @@ in
       certificates themselves. This can have security consequences depending on your usecases
     '';
 
-    security.pki.certificateFiles = mkOption {
-      type = types.listOf types.path;
+    security.pki.certificateFiles = lib.mkOption {
+      type = lib.types.listOf lib.types.path;
       default = [];
-      example = literalExpression ''[ "''${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]'';
+      example = lib.literalExpression ''[ "''${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]'';
       description = ''
         A list of files containing trusted root certificates in PEM
         format. These are concatenated to form
@@ -49,10 +46,10 @@ in
       '';
     };
 
-    security.pki.certificates = mkOption {
-      type = types.listOf types.str;
+    security.pki.certificates = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
       default = [];
-      example = literalExpression ''
+      example = lib.literalExpression ''
         [ '''
             NixOS.org
             =========
@@ -69,8 +66,8 @@ in
       '';
     };
 
-    security.pki.caCertificateBlacklist = mkOption {
-      type = types.listOf types.str;
+    security.pki.caCertificateBlacklist = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
       default = [];
       example = [
         "WoSign" "WoSign China"
@@ -87,7 +84,7 @@ in
 
   };
 
-  config = mkIf cfg.installCACerts {
+  config = lib.mkIf cfg.installCACerts {
 
     # NixOS canonical location + Debian/Ubuntu/Arch/Gentoo compatibility.
     environment.etc."ssl/certs/ca-certificates.crt".source = caBundle;

diff --git a/nixos/modules/security/chromium-suid-sandbox.nix b/nixos/modules/security/chromium-suid-sandbox.nix
@@ -1,18 +1,15 @@
 { config, lib, pkgs, ... }:
-
-with lib;
-
 let
   cfg     = config.security.chromiumSuidSandbox;
   sandbox = pkgs.chromium.sandbox;
 in
 {
   imports = [
-    (mkRenamedOptionModule [ "programs" "unity3d" "enable" ] [ "security" "chromiumSuidSandbox" "enable" ])
+    (lib.mkRenamedOptionModule [ "programs" "unity3d" "enable" ] [ "security" "chromiumSuidSandbox" "enable" ])
   ];
 
-  options.security.chromiumSuidSandbox.enable = mkOption {
-    type = types.bool;
+  options.security.chromiumSuidSandbox.enable = lib.mkOption {
+    type = lib.types.bool;
     default = false;
     description = ''
       Whether to install the Chromium SUID sandbox which is an executable that
@@ -26,7 +23,7 @@ in
     '';
   };
 
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
     environment.systemPackages = [ sandbox ];
     security.wrappers.${sandbox.passthru.sandboxExecutableName} =
       { setuid = true;

diff --git a/nixos/modules/security/doas.nix b/nixos/modules/security/doas.nix
@@ -1,6 +1,4 @@
 { config, lib, pkgs, ... }:
-
-with lib;
 let
   cfg = config.security.doas;
 
@@ -10,36 +8,36 @@ let
 
   mkGrpString = group: ":${toString group}";
 
-  mkOpts = rule: concatStringsSep " " [
-    (optionalString rule.noPass "nopass")
-    (optionalString rule.noLog "nolog")
-    (optionalString rule.persist "persist")
-    (optionalString rule.keepEnv "keepenv")
-    "setenv { SSH_AUTH_SOCK TERMINFO TERMINFO_DIRS ${concatStringsSep " " rule.setEnv} }"
+  mkOpts = rule: lib.concatStringsSep " " [
+    (lib.optionalString rule.noPass "nopass")
+    (lib.optionalString rule.noLog "nolog")
+    (lib.optionalString rule.persist "persist")
+    (lib.optionalString rule.keepEnv "keepenv")
+    "setenv { SSH_AUTH_SOCK TERMINFO TERMINFO_DIRS ${lib.concatStringsSep " " rule.setEnv} }"
   ];
 
   mkArgs = rule:
     if (rule.args == null) then ""
-    else if (length rule.args == 0) then "args"
-    else "args ${concatStringsSep " " rule.args}";
+    else if (lib.length rule.args == 0) then "args"
+    else "args ${lib.concatStringsSep " " rule.args}";
 
   mkRule = rule:
     let
       opts = mkOpts rule;
 
-      as = optionalString (rule.runAs != null) "as ${rule.runAs}";
+      as = lib.optionalString (rule.runAs != null) "as ${rule.runAs}";
 
-      cmd = optionalString (rule.cmd != null) "cmd ${rule.cmd}";
+      cmd = lib.optionalString (rule.cmd != null) "cmd ${rule.cmd}";
 
       args = mkArgs rule;
     in
-    optionals (length cfg.extraRules > 0) [
+    lib.optionals (lib.length cfg.extraRules > 0) [
       (
-        optionalString (length rule.users > 0)
+        lib.optionalString (lib.length rule.users > 0)
           (map (usr: "permit ${opts} ${mkUsrString usr} ${as} ${cmd} ${args}") rule.users)
       )
       (
-        optionalString (length rule.groups > 0)
+        lib.optionalString (lib.length rule.groups > 0)
           (map (grp: "permit ${opts} ${mkGrpString grp} ${as} ${cmd} ${args}") rule.groups)
       )
     ];
@@ -50,25 +48,25 @@ in
 
   options.security.doas = {
 
-    enable = mkOption {
-      type = with types; bool;
+    enable = lib.mkOption {
+      type = with lib.types; bool;
       default = false;
       description = ''
         Whether to enable the {command}`doas` command, which allows
         non-root users to execute commands as root.
       '';
     };
 
-    wheelNeedsPassword = mkOption {
-      type = with types; bool;
+    wheelNeedsPassword = lib.mkOption {
+      type = with lib.types; bool;
       default = true;
       description = ''
         Whether users of the `wheel` group must provide a password to
         run commands as super user via {command}`doas`.
       '';
     };
 
-    extraRules = mkOption {
+    extraRules = lib.mkOption {
       default = [];
       description = ''
         Define specific rules to be set in the
@@ -79,7 +77,7 @@ in
         this option cannot be used to override the behaviour allowing
         passwordless operation for root.
       '';
-      example = literalExpression ''
+      example = lib.literalExpression ''
         [
           # Allow execution of any command by any user in group doas, requiring
           # a password and keeping any previously-defined environment variables.
@@ -108,11 +106,11 @@ in
             setEnv = [ "-SSH_AUTH_SOCK" "ALPHA=1" "BETA" ]; }
         ]
       '';
-      type = with types; listOf (
+      type = with lib.types; listOf (
         submodule {
           options = {
 
-            noPass = mkOption {
+            noPass = lib.mkOption {
               type = with types; bool;
               default = false;
               description = ''
@@ -121,7 +119,7 @@ in
               '';
             };
 
-            noLog = mkOption {
+            noLog = lib.mkOption {
               type = with types; bool;
               default = false;
               description = ''
@@ -131,7 +129,7 @@ in
               '';
             };
 
-            persist = mkOption {
+            persist = lib.mkOption {
               type = with types; bool;
               default = false;
               description = ''
@@ -140,7 +138,7 @@ in
               '';
             };
 
-            keepEnv = mkOption {
+            keepEnv = lib.mkOption {
               type = with types; bool;
               default = false;
               description = ''
@@ -151,7 +149,7 @@ in
               '';
             };
 
-            setEnv = mkOption {
+            setEnv = lib.mkOption {
               type = with types; listOf str;
               default = [];
               description = ''
@@ -170,19 +168,19 @@ in
               '';
             };
 
-            users = mkOption {
+            users = lib.mkOption {
               type = with types; listOf (either str int);
               default = [];
               description = "The usernames / UIDs this rule should apply for.";
             };
 
-            groups = mkOption {
+            groups = lib.mkOption {
               type = with types; listOf (either str int);
               default = [];
               description = "The groups / GIDs this rule should apply for.";
             };
 
-            runAs = mkOption {
+            runAs = lib.mkOption {
               type = with types; nullOr str;
               default = null;
               description = ''
@@ -196,7 +194,7 @@ in
               '';
             };
 
-            cmd = mkOption {
+            cmd = lib.mkOption {
               type = with types; nullOr str;
               default = null;
               description = ''
@@ -209,7 +207,7 @@ in
               '';
             };
 
-            args = mkOption {
+            args = lib.mkOption {
               type = with types; nullOr (listOf str);
               default = null;
               description = ''
@@ -222,8 +220,8 @@ in
       );
     };
 
-    extraConfig = mkOption {
-      type = with types; lines;
+    extraConfig = lib.mkOption {
+      type = with lib.types; lines;
       default = "";
       description = ''
         Extra configuration text appended to {file}`doas.conf`. Be aware that
@@ -236,9 +234,9 @@ in
 
   ###### implementation
 
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
 
-    security.doas.extraRules = mkOrder 600 [
+    security.doas.extraRules = lib.mkOrder 600 [
       {
         groups = [ "wheel" ];
         noPass = !cfg.wheelNeedsPassword;
@@ -271,7 +269,7 @@ in
             # `environment.etc."doas.conf"`.
 
             # extraRules
-            ${concatStringsSep "\n" (lists.flatten (map mkRule cfg.extraRules))}
+            ${lib.concatStringsSep "\n" (lib.lists.flatten (map mkRule cfg.extraRules))}
 
             # extraConfig
             ${cfg.extraConfig}
@@ -288,5 +286,5 @@ in
 
   };
 
-  meta.maintainers = with maintainers; [ cole-h ];
+  meta.maintainers = with lib.maintainers; [ cole-h ];
 }