sirwart · lafrenierejm · Aug 13, 2025 · Aug 13, 2025 · Aug 13, 2025
diff --git a/default.nix b/default.nix
@@ -1,6 +1,9 @@
-(import (let lock = builtins.fromJSON (builtins.readFile ./flake.lock);
-in fetchTarball {
-  url =
-    "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
-  sha256 = lock.nodes.flake-compat.locked.narHash;
-}) { src = ./.; }).defaultNix
+(import (
+  let
+    lock = builtins.fromJSON (builtins.readFile ./flake.lock);
+  in
+  fetchTarball {
+    url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
+    sha256 = lock.nodes.flake-compat.locked.narHash;
+  }
+) { src = ./.; }).defaultNix
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -1,6 +1,5 @@
 {
-  description =
-    "A command-line tool to prevent committing secret keys into your source code";
+  description = "A command-line tool to prevent committing secret keys into your source code";
 
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs";
@@ -17,12 +16,21 @@
     pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix";
   };
 
-  outputs = { self, nixpkgs, crane, flake-utils, rust-overlay, advisory-db
-    , pre-commit-hooks }:
+  outputs =
     {
-      overlays.default =
-        (final: prev: { inherit (self.packages.${final.system}) ripsecrets; });
-    } // flake-utils.lib.eachDefaultSystem (system:
+      self,
+      nixpkgs,
+      crane,
+      flake-utils,
+      rust-overlay,
+      advisory-db,
+      pre-commit-hooks,
+    }:
+    {
+      overlays.default = (final: prev: { inherit (self.packages.${final.system}) ripsecrets; });
+    }
+    // flake-utils.lib.eachDefaultSystem (
+      system:
       let
         craneLib = crane.mkLib nixpkgs.legacyPackages.${system};
         src = craneLib.cleanCargoSource ./.;
@@ -40,24 +48,23 @@
 
         # Build *just* the cargo dependencies, so we can reuse
         # all of that work (e.g. via cachix) when running in CI
-        cargoArtifacts =
-          craneLib.buildDepsOnly { inherit src nativeBuildInputs; };
+        cargoArtifacts = craneLib.buildDepsOnly { inherit src nativeBuildInputs; };
 
         # Build ripsecrets itself, reusing the dependency artifacts from above.
         ripsecrets = craneLib.buildPackage {
           inherit cargoArtifacts src nativeBuildInputs;
           doCheck = false;
           meta = with pkgs.lib; {
-            description =
-              "A command-line tool to prevent committing secret keys into your source code";
+            description = "A command-line tool to prevent committing secret keys into your source code";
             homepage = "https://github.com/sirwart/ripsecrets";
             maintainers = [ maintainers.lafrenierejm ];
             license = licenses.mit;
           };
         };
 
         pre-commit = pre-commit-hooks.lib."${system}".run;
-      in rec {
+      in
+      rec {
         packages = flake-utils.lib.flattenTree {
           # `nix build .#ripsecrets`
           inherit ripsecrets;
@@ -71,7 +78,9 @@
             config = {
               Entrypoint = [ "${ripsecrets}/bin/ripsecrets" ];
               WorkingDir = "/data";
-              Volumes = { "/data" = { }; };
+              Volumes = {
+                "/data" = { };
+              };
             };
           };
         };
@@ -102,28 +111,36 @@
             src = ./.;
             hooks = {
               editorconfig-checker.enable = true;
-              nixfmt.enable = true;
+              nixfmt-rfc-style.enable = true;
               rustfmt.enable = true;
               typos = {
                 enable = true;
-                excludes = [ "^test/one_per_file/.*" "^test/one_per_line/.*" ];
+                excludes = [
+                  "^test/one_per_file/.*"
+                  "^test/one_per_line/.*"
+                ];
               };
             };
           };
-        } // pkgs.lib.optionalAttrs (system == "x86_64-linux") {
+        }
+        // pkgs.lib.optionalAttrs (system == "x86_64-linux") {
           # NB: cargo-tarpaulin only supports x86_64 systems
           # Check code coverage (note: this will not upload coverage anywhere)
-          ripsecrets-coverage =
-            craneLib.cargoTarpaulin { inherit cargoArtifacts src; };
+          ripsecrets-coverage = craneLib.cargoTarpaulin { inherit cargoArtifacts src; };
         };
 
         # `nix develop`
         devShells.default = pkgs.mkShell {
           inherit (self.checks.${system}.pre-commit) shellHook;
           inputsFrom = builtins.attrValues self.checks;
-          packages = with pkgs; [ cargo clippy rustc ];
-          nativeBuildInputs = nativeBuildInputs ++ (with pkgs;
-            lib.optionals (system == "x86_64-linux") [ cargo-tarpaulin ]);
+          packages = with pkgs; [
+            cargo
+            clippy
+            rustc
+          ];
+          nativeBuildInputs =
+            nativeBuildInputs ++ (with pkgs; lib.optionals (system == "x86_64-linux") [ cargo-tarpaulin ]);
         };
-      });
+      }
+    );
 }
diff --git a/shell.nix b/shell.nix
@@ -1,6 +1,9 @@
-(import (let lock = builtins.fromJSON (builtins.readFile ./flake.lock);
-in fetchTarball {
-  url =
-    "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
-  sha256 = lock.nodes.flake-compat.locked.narHash;
-}) { src = ./.; }).shellNix
+(import (
+  let
+    lock = builtins.fromJSON (builtins.readFile ./flake.lock);
+  in
+  fetchTarball {
+    url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
+    sha256 = lock.nodes.flake-compat.locked.narHash;
+  }
+) { src = ./.; }).shellNix
diff --git a/src/lib.rs b/src/lib.rs
@@ -137,11 +137,11 @@ pub fn find_secrets(
         Box::new(move |result| {
             let entry = match result {
                 Err(err) => {
-                    eprintln!("{}", err);
+                    eprintln!("{err}");
                     return ignore::WalkState::Continue;
                 }
                 Ok(dent) => {
-                    if !dent.file_type().map_or(false, |ft| ft.is_file()) {
+                    if !dent.file_type().is_some_and(|ft| ft.is_file()) {
                         return ignore::WalkState::Continue;
                     }
                     dent

diff --git a/src/main.rs b/src/main.rs
@@ -28,7 +28,7 @@ fn main() {
         RunResult::NoSecretsFound => process::exit(0),
         RunResult::SecretsFound => process::exit(1),
         RunResult::Error(e) => {
-            eprintln!("Error: {}", e);
+            eprintln!("Error: {e}");
             process::exit(2)
         }
     }
@@ -49,8 +49,7 @@ fn run() -> RunResult {
             "--only-matching"
         };
         return RunResult::Error(format!(
-            "{} is not a valid option when installing pre-commits. Use --install-pre-commit alone",
-            option
+            "{option} is not a valid option when installing pre-commits. Use --install-pre-commit alone"
         ));
     }