cleanup: basic formatting changes

lib/global-config.nix

@@ -33,26 +33,12 @@ rec {
   # This is used in the ghaf.global-config option definition
   globalConfigType = types.submodule {
     options = {
-      debug = {
-        enable = mkEnableOption "debug mode globally (host and all VMs)";
-      };
+      debug.enable = mkEnableOption "debug mode globally (host and all VMs)";
 
       development = {
-        ssh = {
-          daemon = {
-            enable = mkEnableOption "SSH daemon globally";
-          };
-        };
-
-        debug = {
-          tools = {
-            enable = mkEnableOption "debug tools globally";
-          };
-        };
-
-        nix-setup = {
-          enable = mkEnableOption "Nix development setup globally";
-        };
+        ssh.daemon.enable = mkEnableOption "SSH daemon globally";
+        debug.tools.enable = mkEnableOption "debug tools globally";
+        nix-setup.enable = mkEnableOption "Nix development setup globally";
       };
 
       logging = {
@@ -81,32 +67,17 @@ rec {
         };
       };
 
-      security = {
-        audit = {
-          enable = mkEnableOption "security auditing globally";
-        };
-      };
+      security.audit.enable = mkEnableOption "security auditing globally";
 
       givc = {
         enable = mkEnableOption "GIVC (Ghaf Inter-VM Communication) globally";
 
-        debug = mkOption {
-          type = types.bool;
-          default = false;
-          description = "Whether to enable GIVC debug mode";
-        };
+        debug = mkEnableOption "GIVC debug mode";
       };
 
       storage = {
-        encryption = {
-          enable = mkEnableOption "storage encryption globally";
-        };
-
-        storeOnDisk = mkOption {
-          type = types.bool;
-          default = false;
-          description = "Store VM nix stores on disk rather than virtiofs";
-        };
+        encryption.enable = mkEnableOption "storage encryption globally";
+        storeOnDisk = mkEnableOption "storing VM nix stores on disk rather than virtiofs";
       };
 
       # Shared memory configuration
@@ -127,18 +98,10 @@ rec {
       };
 
       # Graphics/boot UI settings
-      graphics = {
-        boot = {
-          enable = mkEnableOption "graphical boot support (splash screen, user login detection)";
-        };
-      };
+      graphics.boot.enable = mkEnableOption "graphical boot support (splash screen, user login detection)";
 
       # IDS VM specific settings
-      idsvm = {
-        mitmproxy = {
-          enable = mkEnableOption "MITM proxy in IDS VM for traffic inspection";
-        };
-      };
+      idsvm.mitmproxy.enable = mkEnableOption "MITM proxy in IDS VM for traffic inspection";
 
       # Platform information (populated from host config)
       platform = {

modules/common/logging/common.nix

@@ -7,7 +7,12 @@
   ...
 }:
 let
-  inherit (lib) mkIf mkOption types;
+  inherit (lib)
+    mkEnableOption
+    mkIf
+    mkOption
+    types
+    ;
   recCfg = config.ghaf.logging.recovery;
 
   ghafClockJumpWatcher = pkgs.writeShellApplication {
@@ -74,15 +79,7 @@ in
 
   # Creating logging configuration options needed across the host and vms
   options.ghaf.logging = {
-    enable = mkOption {
-      description = ''
-        Enable logging service. Currently we have grafana alloy
-        running as client which will upload system journal logs to
-        grafana alloy running in admin-vm.
-      '';
-      type = types.bool;
-      default = false;
-    };
+    enable = mkEnableOption "logging service (grafana alloy client uploading journal logs to admin-vm)";
 
     listener.address = mkOption {
       description = ''
@@ -147,11 +144,7 @@ in
     };
 
     recovery = {
-      enable = mkOption {
-        description = "Recover journald/alloy after a realtime clock jump (e.g., manual clock change).";
-        type = types.bool;
-        default = false;
-      };
+      enable = mkEnableOption "journald/alloy recovery after realtime clock jumps";
 
       thresholdSeconds = mkOption {
         description = "Only act on clock jumps >= this many seconds.";

modules/common/security/audit/default.nix

@@ -39,31 +39,11 @@ in
       default = importAuditRules "common";
       description = "Common audit rules for host and guests";
     };
-    enableVerboseCommon = mkOption {
-      type = types.bool;
-      default = false;
-      description = "Include verbose Common audit rules";
-    };
-    enableStig = mkOption {
-      type = types.bool;
-      default = false;
-      description = "Enable STIG rules";
-    };
-    enableOspp = mkOption {
-      type = types.bool;
-      default = false;
-      description = "Enable OSPP rules";
-    };
-    enableVerboseOspp = mkOption {
-      type = types.bool;
-      default = false;
-      description = "Include verbose OSPP rules";
-    };
-    enableVerboseRebuild = mkOption {
-      type = types.bool;
-      default = false;
-      description = "Include verbose nixos-rebuild rule";
-    };
+    enableVerboseCommon = mkEnableOption "verbose Common audit rules";
+    enableStig = mkEnableOption "STIG rules";
+    enableOspp = mkEnableOption "OSPP rules";
+    enableVerboseOspp = mkEnableOption "verbose OSPP rules";
+    enableVerboseRebuild = mkEnableOption "verbose nixos-rebuild rule";
     host = {
       enable = mkOption {
         type = types.bool;

modules/common/services/createFakeBattery.nix

@@ -14,9 +14,8 @@ in
 {
   _file = ./createFakeBattery.nix;
 
-  options.ghaf.services.create-fake-battery = {
-    enable = mkEnableOption "Create a fake battery device for VMs";
-  };
+  options.ghaf.services.create-fake-battery.enable =
+    mkEnableOption "Create a fake battery device for VMs";
 
   config =
     mkIf

modules/common/services/killswitch.nix

@@ -8,9 +8,8 @@
 }:
 let
   inherit (lib)
-    mkOption
+    mkEnableOption
     mkIf
-    types
     ;
   cfg = config.ghaf.services.kill-switch;
 
@@ -291,15 +290,7 @@ in
 {
   _file = ./killswitch.nix;
 
-  options.ghaf.services.kill-switch = {
-    enable = mkOption {
-      type = types.bool;
-      default = false;
-      description = ''
-        Whether to enable ghaf kill switch support".
-      '';
-    };
-  };
+  options.ghaf.services.kill-switch.enable = mkEnableOption "ghaf kill switch support";
 
   # TODO: Currently enabled for x86_64, we will evaluate the need for aarch64 support in the future
   config = mkIf (cfg.enable && pkgs.stdenv.hostPlatform.isx86_64) {

modules/common/services/locale.nix

@@ -56,9 +56,8 @@ in
 {
   _file = ./locale.nix;
 
-  options.ghaf.services.locale = {
-    enable = mkEnableOption "Propagate locale changes from the system to givc-cli";
-  };
+  options.ghaf.services.locale.enable =
+    mkEnableOption "Propagate locale changes from the system to givc-cli";
 
   config = mkIf (cfg.enable && useGivc) {
     systemd.services = {

modules/common/services/timezone.nix

@@ -54,9 +54,8 @@ in
 {
   _file = ./timezone.nix;
 
-  options.ghaf.services.timezone = {
-    enable = mkEnableOption "Propagate timezone changes from the system to givc-cli";
-  };
+  options.ghaf.services.timezone.enable =
+    mkEnableOption "Propagate timezone changes from the system to givc-cli";
 
   config = mkIf (cfg.enable && useGivc) {
     systemd.services = {

modules/common/systemd/base.nix

@@ -223,41 +223,17 @@ in
       default = true;
     };
 
-    withTimesyncd = mkOption {
-      description = "Enable systemd timesync daemon.";
-      type = types.bool;
-      default = false;
-    };
+    withTimesyncd = mkEnableOption "systemd timesync daemon";
 
-    withResolved = mkOption {
-      description = "Enable systemd resolve daemon.";
-      type = types.bool;
-      default = false;
-    };
+    withResolved = mkEnableOption "systemd resolve daemon";
 
-    withRepart = mkOption {
-      description = "Enable systemd repart functionality.";
-      type = types.bool;
-      default = false;
-    };
+    withRepart = mkEnableOption "systemd repart functionality";
 
-    withHomed = mkOption {
-      description = "Enable systemd homed for users home functionality.";
-      type = types.bool;
-      default = false;
-    };
+    withHomed = mkEnableOption "systemd homed for users home functionality";
 
-    withHostnamed = mkOption {
-      description = "Enable systemd hostname daemon.";
-      type = types.bool;
-      default = false;
-    };
+    withHostnamed = mkEnableOption "systemd hostname daemon";
 
-    withNss = mkOption {
-      description = "Enable systemd Name Service Switch (NSS) functionality.";
-      type = types.bool;
-      default = false;
-    };
+    withNss = mkEnableOption "systemd Name Service Switch (NSS) functionality";
 
     withEfi = mkOption {
       description = "Enable systemd EFI functionality.";
@@ -283,83 +259,35 @@ in
       default = pkgs.stdenv.hostPlatform.isEfi;
     };
 
-    withApparmor = mkOption {
-      description = "Enable systemd apparmor functionality.";
-      type = types.bool;
-      default = false;
-    };
+    withApparmor = mkEnableOption "systemd apparmor functionality";
 
-    withMachines = mkOption {
-      description = "Enable systemd container and VM functionality.";
-      type = types.bool;
-      default = false;
-    };
+    withMachines = mkEnableOption "systemd container and VM functionality";
 
-    withAudit = mkOption {
-      description = "Enable systemd audit functionality.";
-      type = types.bool;
-      default = false;
-    };
+    withAudit = mkEnableOption "systemd audit functionality";
 
-    withCryptsetup = mkOption {
-      description = "Enable systemd LUKS2 functionality.";
-      type = types.bool;
-      default = false;
-    };
+    withCryptsetup = mkEnableOption "systemd LUKS2 functionality";
 
-    withFido2 = mkOption {
-      description = "Enable systemd Fido2 token functionality.";
-      type = types.bool;
-      default = false;
-    };
+    withFido2 = mkEnableOption "systemd Fido2 token functionality";
 
-    withTpm2Tss = mkOption {
-      description = "Enable systemd TPM functionality.";
-      type = types.bool;
-      default = false;
-    };
+    withTpm2Tss = mkEnableOption "systemd TPM functionality";
 
-    withPolkit = mkOption {
-      description = "Enable systemd polkit functionality.";
-      type = types.bool;
-      default = false;
-    };
+    withPolkit = mkEnableOption "systemd polkit functionality";
 
-    withSerial = mkOption {
-      description = "Enable systemd serial console.";
-      type = types.bool;
-      default = false;
-    };
+    withSerial = mkEnableOption "systemd serial console";
 
-    withSysupdate = mkOption {
-      description = "Enable systemd system update functionality.";
-      type = types.bool;
-      default = false;
-    };
+    withSysupdate = mkEnableOption "systemd system update functionality";
 
     withLocaled = mkOption {
       description = "Enable systemd locale daemon.";
       type = types.bool;
       default = true;
     };
 
-    withAudio = mkOption {
-      description = "Enable audio functionality.";
-      type = types.bool;
-      default = false;
-    };
+    withAudio = mkEnableOption "audio functionality";
 
-    withBluetooth = mkOption {
-      description = "Enable bluetooth functionality.";
-      type = types.bool;
-      default = false;
-    };
+    withBluetooth = mkEnableOption "bluetooth functionality";
 
-    withDebug = mkOption {
-      description = "Enable systemd debug functionality.";
-      type = types.bool;
-      default = false;
-    };
+    withDebug = mkEnableOption "systemd debug functionality";
 
     withHwdb = mkOption {
       description = "Enable systemd hwdb functionality.";

modules/common/systemd/harden.nix

@@ -4,17 +4,13 @@
 let
   # Ghaf systemd config
   cfg = config.ghaf.systemd;
-  inherit (lib) mkIf mkOption types;
+  inherit (lib) mkEnableOption mkIf;
 in
 {
   _file = ./harden.nix;
 
   options.ghaf.systemd = {
-    withHardenedConfigs = mkOption {
-      description = "Enable common hardened configs.";
-      type = types.bool;
-      default = false;
-    };
+    withHardenedConfigs = mkEnableOption "common hardened configs";
   };
 
   config = mkIf cfg.withHardenedConfigs {