Cleaner resource definition

infra/common/resource.nix

@@ -13,17 +13,12 @@ let
   secretsPrefix = ../../secrets;
   secrets = import (secretsPrefix + "/secrets.nix");
   keys = import ../../keys;
+  hostPublicKey = keys.systems.${config.procolixVm.name};
 
 in
 {
   imports = [ ./options.nix ];
 
-  config =
-    let
-      hostPublicKey = keys.systems.${config.procolixVm.name};
-
-    in
-    {
   ssh = {
     host = config.procolixVm.host;
     hostPublicKey = hostPublicKey;
@@ -31,6 +26,9 @@ in
 
   nixpkgs = inputs.nixpkgs;
 
+  ## The configuration of the machine. We strive to keep in this file only the
+  ## options that really need to be injected from the resource. Everything else
+  ## should go into the `./nixos` subdirectory.
   nixos.module = {
     imports = [
       inputs.agenix.nixosModules.default
@@ -42,9 +40,9 @@ in
     ## configuration.
     procolixVm = config.procolixVm;
 
-        ## Read all the secrets, filter the ones that are supposed to be
-        ## readable with this host's public key, and add them correctly to the
-        ## configuration as `age.secrets.<name>.file`.
+    ## Read all the secrets, filter the ones that are supposed to be readable
+    ## with this host's public key, and add them correctly to the configuration
+    ## as `age.secrets.<name>.file`.
     age.secrets = concatMapAttrs (
       name: secret:
       optionalAttrs (elem hostPublicKey secret.publicKeys) ({
@@ -52,9 +50,8 @@ in
       })
     ) secrets;
 
-        ## FIXME: Remove direct root authentication once the NixOps4 NixOS
-        ## provider supports users with password-less sudo.
+    ## FIXME: Remove direct root authentication once the NixOps4 NixOS provider
+    ## supports users with password-less sudo.
     users.users.root.openssh.authorizedKeys.keys = attrValues keys.contributors;
   };
-    };
 }