format to margin 80

RyanGibb · Apr 28, 2024 · 00bcf0f · 00bcf0f
1 parent a94a5e2
commit 00bcf0f
Show file tree

Hide file tree

Showing 45 changed files with 1,137 additions and 398 deletions.
diff --git a/.ocamlformat b/.ocamlformat
@@ -1 +0,0 @@
-margin=120

diff --git a/bin/acme/lenc.ml b/bin/acme/lenc.ml
@@ -3,7 +3,9 @@ let run email org domain socket_path =
   Eio.Switch.run @@ fun sw ->
   let sock = Eio.Net.connect ~sw env#net (`Unix socket_path) in
 
-  let request = String.concat "\n" [ email; org; Domain_name.to_string domain ] in
+  let request =
+    String.concat "\n" [ email; org; Domain_name.to_string domain ]
+  in
   Eio.Flow.copy_string request sock;
   Eio.Flow.shutdown sock `Send;
 
@@ -23,15 +25,22 @@ let () =
     in
     let org =
       let doc = "The name of the organization requesting the certificate." in
-      Arg.(required & pos 1 (some string) None & info [] ~docv:"ORGANIZATION" ~doc)
+      Arg.(
+        required & pos 1 (some string) None & info [] ~docv:"ORGANIZATION" ~doc)
     in
     let domain =
       let doc = "The domain for which to request the certificate." in
-      Arg.(required & pos 3 (some (conv (Domain_name.of_string, Domain_name.pp))) None & info [] ~docv:"DOMAIN" ~doc)
+      Arg.(
+        required
+        & pos 3 (some (conv (Domain_name.of_string, Domain_name.pp))) None
+        & info [] ~docv:"DOMAIN" ~doc)
     in
     let socket_path =
       let doc = "The path to the Unix domain socket." in
-      Arg.(value & opt string "/run/lend.socket" & info [ "s"; "socket" ] ~docv:"SOCKET_PATH" ~doc)
+      Arg.(
+        value
+        & opt string "/run/lend.socket"
+        & info [ "s"; "socket" ] ~docv:"SOCKET_PATH" ~doc)
     in
     let term = Term.(const run $ email $ org $ domain $ socket_path) in
     let doc = "Let's Encrypt Nameserver Client." in

diff --git a/bin/acme/lend.ml b/bin/acme/lend.ml
@@ -11,14 +11,22 @@ end
 let generate_cert ~email ~domain ~org cert_root prod endpoint server_state env =
   let read_pem filepath decode_pem =
     match Eiox.file_exists filepath with
-    | true -> Some (Eio.Path.load filepath |> Cstruct.of_string |> decode_pem |> Tls_le.errcheck)
+    | true ->
+        Some
+          (Eio.Path.load filepath |> Cstruct.of_string |> decode_pem
+         |> Tls_le.errcheck)
     | false -> None
   in
-  let write_pem filepath pem = Eio.Path.save ~create:(`Or_truncate 0o600) filepath (pem |> Cstruct.to_string) in
+  let write_pem filepath pem =
+    Eio.Path.save ~create:(`Or_truncate 0o600) filepath
+      (pem |> Cstruct.to_string)
+  in
   let ( / ) = Eio.Path.( / ) in
   let open X509 in
   Eio.Switch.run @@ fun sw ->
-  let cert_dir = Eio.Path.open_dir ~sw (env#fs / Domain_name.to_string domain / cert_root) in
+  let cert_dir =
+    Eio.Path.open_dir ~sw (env#fs / Domain_name.to_string domain / cert_root)
+  in
   let account_key_file = cert_dir / "account.pem" in
   let private_key_file = cert_dir / "privkey.pem" in
   let csr_file = cert_dir / "csr.pem" in
@@ -27,7 +35,8 @@ let generate_cert ~email ~domain ~org cert_root prod endpoint server_state env =
   let private_key = read_pem private_key_file Private_key.decode_pem in
   try
     let cert, account_key, private_key, csr =
-      Dns_acme.provision_cert prod endpoint server_state env ?account_key ?private_key ~email [ domain ] ~org
+      Dns_acme.provision_cert prod endpoint server_state env ?account_key
+        ?private_key ~email [ domain ] ~org
     in
     write_pem account_key_file (Private_key.encode_pem account_key);
     write_pem private_key_file (Private_key.encode_pem private_key);
@@ -44,7 +53,8 @@ let read_request sock =
   Eio.Flow.shutdown sock `Receive;
   (email, (match org with "" -> None | o -> Some o), domain)
 
-let run zonefiles log_level addressStrings port proto prod endpoint cert_root socket_path authorative =
+let run zonefiles log_level addressStrings port proto prod endpoint cert_root
+    socket_path authorative =
   Eio_main.run @@ fun env ->
   let log = Dns_log.get log_level Format.std_formatter in
   let addresses = Server_args.parse_addresses port addressStrings in
@@ -58,13 +68,19 @@ let run zonefiles log_level addressStrings port proto prod endpoint cert_root so
     let trie =
       match authorative with
       | None -> trie
-      | Some authorative -> Dns_trie.insert Domain_name.root Dns.Rr_map.Soa (Dns.Soa.create authorative) trie
+      | Some authorative ->
+          Dns_trie.insert Domain_name.root Dns.Rr_map.Soa
+            (Dns.Soa.create authorative)
+            trie
     in
-    ref @@ Dns_server.Primary.create ~keys ~rng ~tsig_verify:Dns_tsig.verify ~tsig_sign:Dns_tsig.sign trie
+    ref
+    @@ Dns_server.Primary.create ~keys ~rng ~tsig_verify:Dns_tsig.verify
+         ~tsig_sign:Dns_tsig.sign trie
   in
 
   Eio.Switch.run @@ fun sw ->
-  Eio.Fiber.fork ~sw (fun () -> Dns_server_eio.primary env proto server_state log addresses);
+  Eio.Fiber.fork ~sw (fun () ->
+      Dns_server_eio.primary env proto server_state log addresses);
 
   let socket = Eio.Net.listen ~backlog:128 ~sw env#net (`Unix socket_path) in
   while true do
@@ -74,7 +90,9 @@ let run zonefiles log_level addressStrings port proto prod endpoint cert_root so
         let msg =
           match Domain_name.of_string domain with
           | Error (`Msg e) -> "Error: " ^ e
-          | Ok domain -> generate_cert ~email ~domain ~org cert_root prod endpoint server_state env
+          | Ok domain ->
+              generate_cert ~email ~domain ~org cert_root prod endpoint
+                server_state env
         in
         Eio.traceln "Recieved request: email '%s'; '%s'domain '%s'" email
           (match org with None -> "" | Some o -> Fmt.str "; org '%s' " o)
@@ -93,8 +111,9 @@ let () =
     in
     let endpoint =
       let doc =
-        "ACME Directory Resource URI. Defaults to Let's Encrypt's staging endpoint \
-         https://acme-staging-v02.api.letsencrypt.org/directory, or if --prod set Let's Encrypt's production endpoint \
+        "ACME Directory Resource URI. Defaults to Let's Encrypt's staging \
+         endpoint https://acme-staging-v02.api.letsencrypt.org/directory, or \
+         if --prod set Let's Encrypt's production endpoint \
          https://acme-v02.api.letsencrypt.org/directory."
       in
       let i = Arg.info [ "cap" ] ~docv:"CAP" ~doc in
@@ -105,27 +124,43 @@ let () =
                 (Cmdliner.Arg.conv
                    ( (fun s ->
                        match Uri.of_string s with
-                       | exception ex -> Error (`Msg (Fmt.str "Failed to parse URI %S: %a" s Fmt.exn ex))
+                       | exception ex ->
+                           Error
+                             (`Msg
+                               (Fmt.str "Failed to parse URI %S: %a" s Fmt.exn
+                                  ex))
                        | uri -> Ok uri),
                      Uri.pp_hum )))
              None i)
     in
     let cert_root =
-      let doc = "Directory to store the certificates and keys in at path <cert-root>/<domain>/." in
+      let doc =
+        "Directory to store the certificates and keys in at path \
+         <cert-root>/<domain>/."
+      in
       Arg.(value & opt string "certs" & info [ "cert-root" ] ~doc)
     in
     let socket_path =
       let doc = "The path to the Unix domain socket." in
-      Arg.(value & opt string "/run/lend.socket" & info [ "s"; "socket" ] ~docv:"SOCKET_PATH" ~doc)
+      Arg.(
+        value
+        & opt string "/run/lend.socket"
+        & info [ "s"; "socket" ] ~docv:"SOCKET_PATH" ~doc)
     in
     let authorative =
-      let doc = "Domain(s) for which the nameserver is authorative for, if not passed in zonefiles." in
-      Arg.(value & opt (some (conv (Domain_name.of_string, Domain_name.pp))) None & info [ "a"; "authorative" ] ~doc)
+      let doc =
+        "Domain(s) for which the nameserver is authorative for, if not passed \
+         in zonefiles."
+      in
+      Arg.(
+        value
+        & opt (some (conv (Domain_name.of_string, Domain_name.pp))) None
+        & info [ "a"; "authorative" ] ~doc)
     in
     let term =
       Term.(
-        const run $ zonefiles $ log_level Dns_log.Level1 $ addresses $ port $ proto $ prod $ endpoint $ cert_root
-        $ socket_path $ authorative)
+        const run $ zonefiles $ log_level Dns_log.Level1 $ addresses $ port
+        $ proto $ prod $ endpoint $ cert_root $ socket_path $ authorative)
     in
     let doc = "Let's Encrypt Nameserver Daemon" in
     let info = Cmd.info "lend" ~doc ~man in

diff --git a/bin/cap/cap.ml b/bin/cap/cap.ml
@@ -1,4 +1,5 @@
-let capnp_serve env authorative vat_config prod endpoint server_state state_dir =
+let capnp_serve env authorative vat_config prod endpoint server_state state_dir
+    =
   Eio.Switch.run @@ fun sw ->
   Mirage_crypto_rng_eio.run (module Mirage_crypto_rng.Fortuna) env @@ fun () ->
   let cap_dir = Eio.Path.(env#fs / state_dir / "caps") in
@@ -8,22 +9,31 @@ let capnp_serve env authorative vat_config prod endpoint server_state state_dir
   let store_dir = Eio.Path.(env#fs / state_dir / "store") in
   Eio.Path.mkdirs ~exists_ok:true ~perm:0o750 store_dir;
   let db, set_loader = Cap.Db.create ~make_sturdy store_dir in
-  let services = Capnp_rpc_net.Restorer.Table.of_loader ~sw (module Cap.Db) db in
+  let services =
+    Capnp_rpc_net.Restorer.Table.of_loader ~sw (module Cap.Db) db
+  in
   let restore = Capnp_rpc_net.Restorer.of_table services in
   let persist_new ~name =
     let id = Cap.Db.save_new db ~name in
     Capnp_rpc_net.Restorer.restore restore id
   in
   Eio.Std.Promise.resolve set_loader (fun sr ~name ->
-      Capnp_rpc_net.Restorer.grant @@ Cap.Domain.local ~sw ~persist_new sr env name prod endpoint server_state state_dir);
+      Capnp_rpc_net.Restorer.grant
+      @@ Cap.Domain.local ~sw ~persist_new sr env name prod endpoint
+           server_state state_dir);
   let vat = Capnp_rpc_unix.serve ~sw ~net:env#net ~restore vat_config in
 
-  let zone_cap = Cap.Zone.local ~sw ~persist_new vat_config services env prod endpoint server_state state_dir in
+  let zone_cap =
+    Cap.Zone.local ~sw ~persist_new vat_config services env prod endpoint
+      server_state state_dir
+  in
   let _zone =
     let id = Capnp_rpc_unix.Vat_config.derived_id vat_config "zone" in
     Capnp_rpc_net.Restorer.Table.add services id zone_cap;
     let _, file = Eio.Path.(cap_dir / "zone.cap") in
-    (match Capnp_rpc_unix.Cap_file.save_service vat id file with Error (`Msg m) -> failwith m | Ok () -> ());
+    (match Capnp_rpc_unix.Cap_file.save_service vat id file with
+    | Error (`Msg m) -> failwith m
+    | Ok () -> ());
     (* todo chgrp acme-eon caps dir *)
     Printf.printf "[server] saved %S\n" file
   in
@@ -35,13 +45,16 @@ let capnp_serve env authorative vat_config prod endpoint server_state state_dir
       let cap = Cap.Zone.init zone_cap domain in
       Capnp_rpc_net.Restorer.Table.add services id cap;
       let _, file = Eio.Path.(cap_dir / (name ^ ".cap")) in
-      (match Capnp_rpc_unix.Cap_file.save_service vat id file with Error (`Msg m) -> failwith m | Ok () -> ());
+      (match Capnp_rpc_unix.Cap_file.save_service vat id file with
+      | Error (`Msg m) -> failwith m
+      | Ok () -> ());
       Printf.printf "[server] saved %S\n" file)
     authorative;
 
   Eio.Fiber.await_cancel ()
 
-let run zonefiles log_level addressStrings port proto prod endpoint authorative state_dir vat_config =
+let run zonefiles log_level addressStrings port proto prod endpoint authorative
+    state_dir vat_config =
   Eio_main.run @@ fun env ->
   let log = Dns_log.get log_level Format.std_formatter in
   let addresses = Server_args.parse_addresses port addressStrings in
@@ -50,19 +63,26 @@ let run zonefiles log_level addressStrings port proto prod endpoint authorative
     Eio.Flow.read_exact env#secure_random buf;
     buf
   in
-  let trie', keys, parsedAuthorative = Zonefile.parse_zonefiles ~fs:env#fs zonefiles in
+  let trie', keys, parsedAuthorative =
+    Zonefile.parse_zonefiles ~fs:env#fs zonefiles
+  in
   let trie =
     List.fold_left
-      (fun trie domain -> Dns_trie.insert Domain_name.root Dns.Rr_map.Soa (Dns.Soa.create domain) trie)
+      (fun trie domain ->
+        Dns_trie.insert Domain_name.root Dns.Rr_map.Soa (Dns.Soa.create domain)
+          trie)
       trie' authorative
   in
   (* join authorative domains to those specified on the command line *)
   let authorative = parsedAuthorative @ authorative in
   let server_state =
-    ref @@ Dns_server.Primary.create ~keys ~rng ~tsig_verify:Dns_tsig.verify ~tsig_sign:Dns_tsig.sign trie
+    ref
+    @@ Dns_server.Primary.create ~keys ~rng ~tsig_verify:Dns_tsig.verify
+         ~tsig_sign:Dns_tsig.sign trie
   in
   Eio.Switch.run @@ fun sw ->
-  Eio.Fiber.fork ~sw (fun () -> Dns_server_eio.primary env proto server_state log addresses);
+  Eio.Fiber.fork ~sw (fun () ->
+      Dns_server_eio.primary env proto server_state log addresses);
   Eio.Path.mkdirs ~exists_ok:true ~perm:0o750 Eio.Path.(env#fs / state_dir);
   capnp_serve env authorative vat_config prod endpoint server_state state_dir
 
@@ -79,8 +99,9 @@ let () =
     in
     let endpoint =
       let doc =
-        "ACME Directory Resource URI. Defaults to Let's Encrypt's staging endpoint \
-         https://acme-staging-v02.api.letsencrypt.org/directory, or if --prod set Let's Encrypt's production endpoint \
+        "ACME Directory Resource URI. Defaults to Let's Encrypt's staging \
+         endpoint https://acme-staging-v02.api.letsencrypt.org/directory, or \
+         if --prod set Let's Encrypt's production endpoint \
          https://acme-v02.api.letsencrypt.org/directory."
       in
       let i = Arg.info [ "cap" ] ~docv:"CAP" ~doc in
@@ -91,26 +112,37 @@ let () =
                 (Cmdliner.Arg.conv
                    ( (fun s ->
                        match Uri.of_string s with
-                       | exception ex -> Error (`Msg (Fmt.str "Failed to parse URI %S: %a" s Fmt.exn ex))
+                       | exception ex ->
+                           Error
+                             (`Msg
+                               (Fmt.str "Failed to parse URI %S: %a" s Fmt.exn
+                                  ex))
                        | uri -> Ok uri),
                      Uri.pp_hum )))
              None i)
     in
     let authorative =
-      let doc = "Domain(s) for which the nameserver is authorative for, if not passed in zonefiles." in
+      let doc =
+        "Domain(s) for which the nameserver is authorative for, if not passed \
+         in zonefiles."
+      in
       Arg.(
         value
         & opt_all (conv (Domain_name.of_string, Domain_name.pp)) []
         & info [ "a"; "authorative" ] ~docv:"AUTHORATIVE" ~doc)
     in
     let state_dir =
-      let doc = "Directory to state such as account keys, sturdy refs, and certificates." in
+      let doc =
+        "Directory to state such as account keys, sturdy refs, and \
+         certificates."
+      in
       Arg.(value & opt string "state" & info [ "state-dir" ] ~doc)
     in
     let term =
       Term.(
-        const run $ zonefiles $ log_level Dns_log.Level1 $ addresses $ port $ proto $ prod $ endpoint $ authorative
-        $ state_dir $ Capnp_rpc_unix.Vat_config.cmd)
+        const run $ zonefiles $ log_level Dns_log.Level1 $ addresses $ port
+        $ proto $ prod $ endpoint $ authorative $ state_dir
+        $ Capnp_rpc_unix.Vat_config.cmd)
     in
     let doc = "Let's Encrypt Nameserver Daemon" in
     let info = Cmd.info "cap" ~doc ~man in