treewide: Format all Nix files

Format all Nix files using the officially approved formatter,
making the CI check introduced in the previous commit succeed:

  nix-build ci -A fmt.check

This is the next step of the of the [implementation](https://github.com/NixOS/nixfmt/issues/153)
of the accepted [RFC 166](https://github.com/NixOS/rfcs/pull/166).

This commit will lead to merge conflicts for a number of PRs,
up to an estimated ~1100 (~33%) among the PRs with activity in the past 2
months, but that should be lower than what it would be without the previous
[partial treewide format](https://github.com/NixOS/nixpkgs/pull/322537).

Merge conflicts caused by this commit can now automatically be resolved while rebasing using the
[auto-rebase script](8616af08d9/maintainers/scripts/auto-rebase).

If you run into any problems regarding any of this, please reach out to the
[formatting team](https://nixos.org/community/teams/formatting/) by
pinging @NixOS/nix-formatting.

nixos/modules/security/ipa.nix

@@ -4,12 +4,10 @@
   pkgs,
   ...
 }:
-with lib; let
+with lib;
+let
   cfg = config.security.ipa;
-  pyBool = x:
-    if x
-    then "True"
-    else "False";
+  pyBool = x: if x then "True" else "False";
 
   ldapConf = pkgs.writeText "ldap.conf" ''
     # Turning this off breaks GSSAPI used with krb5 when rdns = false
@@ -21,14 +19,16 @@ with lib; let
   '';
   nssDb =
     pkgs.runCommand "ipa-nssdb"
-    {
-      nativeBuildInputs = [pkgs.nss.tools];
-    } ''
-      mkdir -p $out
-      certutil -d $out -N --empty-password
-      certutil -d $out -A --empty-password -n "${cfg.realm} IPA CA" -t CT,C,C -i ${cfg.certificate}
-    '';
-in {
+      {
+        nativeBuildInputs = [ pkgs.nss.tools ];
+      }
+      ''
+        mkdir -p $out
+        certutil -d $out -N --empty-password
+        certutil -d $out -A --empty-password -n "${cfg.realm} IPA CA" -t CT,C,C -i ${cfg.certificate}
+      '';
+in
+{
   options = {
     security.ipa = {
       enable = mkEnableOption "FreeIPA domain integration";
@@ -88,8 +88,11 @@ in {
       ipaHostname = mkOption {
         type = types.str;
         example = "myworkstation.example.com";
-        default = if config.networking.domain != null then config.networking.fqdn
-                  else "${config.networking.hostName}.${cfg.domain}";
+        default =
+          if config.networking.domain != null then
+            config.networking.fqdn
+          else
+            "${config.networking.hostName}.${cfg.domain}";
         defaultText = literalExpression ''
           if config.networking.domain != null then config.networking.fqdn
           else "''${networking.hostName}.''${security.ipa.domain}"
@@ -99,7 +102,7 @@ in {
 
       ifpAllowedUids = mkOption {
         type = types.listOf types.str;
-        default = ["root"];
+        default = [ "root" ];
         description = "A list of users allowed to access the ifp dbus interface.";
       };
 
@@ -138,7 +141,10 @@ in {
       }
     ];
 
-    environment.systemPackages = with pkgs; [krb5Full freeipa];
+    environment.systemPackages = with pkgs; [
+      krb5Full
+      freeipa
+    ];
 
     environment.etc = {
       "ipa/default.conf".text = ''
@@ -195,7 +201,10 @@ in {
 
     systemd.services."ipa-activation" = {
       wantedBy = [ "sysinit.target" ];
-      before = [ "sysinit.target" "shutdown.target" ];
+      before = [
+        "sysinit.target"
+        "shutdown.target"
+      ];
       conflicts = [ "shutdown.target" ];
       unitConfig.DefaultDependencies = false;
       serviceConfig.Type = "oneshot";
@@ -234,8 +243,7 @@ in {
 
       cache_credentials = ${pyBool cfg.cacheCredentials}
       krb5_store_password_if_offline = ${pyBool cfg.offlinePasswords}
-      ${optionalString ((toLower cfg.domain) != (toLower cfg.realm))
-        "krb5_realm = ${cfg.realm}"}
+      ${optionalString ((toLower cfg.domain) != (toLower cfg.realm)) "krb5_realm = ${cfg.realm}"}
 
       dyndns_update = ${pyBool cfg.dyndns.enable}
       dyndns_iface = ${cfg.dyndns.interface}