diff --git a/pkgs/sops-install-secrets/nixos-test.nix b/pkgs/sops-install-secrets/nixos-test.nix
index 9b5a487..bb22f1b 100644
--- a/pkgs/sops-install-secrets/nixos-test.nix
+++ b/pkgs/sops-install-secrets/nixos-test.nix
@@ -1,27 +1,27 @@
-{ makeTest ? import <nixpkgs/nixos/tests/make-test-python.nix>, pkgs ? (import <nixpkgs> {}) }:
-{
- ssh-keys = makeTest {
-   name = "sops-ssh-keys";
-   nodes.server = { ... }: {
-     imports = [ ../../modules/sops ];
-     services.openssh.enable = true;
-     services.openssh.hostKeys = [{
-       type = "rsa";
-       bits = 4096;
-       path = ./test-assets/ssh-key;
-     }];
-     sops.defaultSopsFile = ./test-assets/secrets.yaml;
-     sops.secrets.test_key = {};
-   };
+{ makeTest ? import <nixpkgs/nixos/tests/make-test-python.nix>
+, pkgs ? (import <nixpkgs> { }) }: {
+  ssh-keys = makeTest {
+    name = "sops-ssh-keys";
+    nodes.server = { ... }: {
+      imports = [ ../../modules/sops ];
+      services.openssh.enable = true;
+      services.openssh.hostKeys = [{
+        type = "rsa";
+        bits = 4096;
+        path = ./test-assets/ssh-key;
+      }];
+      sops.defaultSopsFile = ./test-assets/secrets.yaml;
+      sops.secrets.test_key = { };
+    };
 
-   testScript = ''
-     start_all()
-     server.succeed("cat /run/secrets/test_key | grep -q test_value")
-   '';
- } {
-   inherit pkgs;
-   inherit (pkgs) system;
- };
+    testScript = ''
+      start_all()
+      server.succeed("cat /run/secrets/test_key | grep -q test_value")
+    '';
+  } {
+    inherit pkgs;
+    inherit (pkgs) system;
+  };
 
   user-passwords = makeTest {
     name = "sops-user-passwords";
@@ -63,7 +63,7 @@
       sops = {
         age.keyFile = ./test-assets/age-keys.txt;
         defaultSopsFile = ./test-assets/secrets.yaml;
-        secrets.test_key = {};
+        secrets.test_key = { };
         keepGenerations = lib.mkDefault 0;
       };
 
@@ -97,119 +97,115 @@
     inherit (pkgs) system;
   };
 
- age-keys = makeTest {
-   name = "sops-age-keys";
-   nodes.machine = {
-     imports = [ ../../modules/sops ];
-     sops = {
-       age.keyFile = ./test-assets/age-keys.txt;
-       defaultSopsFile = ./test-assets/secrets.yaml;
-       secrets.test_key = {};
-     };
-   };
+  age-keys = makeTest {
+    name = "sops-age-keys";
+    nodes.machine = {
+      imports = [ ../../modules/sops ];
+      sops = {
+        age.keyFile = ./test-assets/age-keys.txt;
+        defaultSopsFile = ./test-assets/secrets.yaml;
+        secrets.test_key = { };
+      };
+    };
 
-   testScript = ''
-     start_all()
-     machine.succeed("cat /run/secrets/test_key | grep -q test_value")
-   '';
+    testScript = ''
+      start_all()
+      machine.succeed("cat /run/secrets/test_key | grep -q test_value")
+    '';
   } {
     inherit pkgs;
     inherit (pkgs) system;
   };
 
   age-ssh-keys = makeTest {
-  name = "sops-age-ssh-keys";
-  nodes.machine = {
-    imports = [ ../../modules/sops ];
-    services.openssh.enable = true;
-    services.openssh.hostKeys = [{
-      type = "ed25519";
-      path = ./test-assets/ssh-ed25519-key;
-    }];
-    sops = {
-      defaultSopsFile = ./test-assets/secrets.yaml;
-      secrets.test_key = {};
-      # Generate a key and append it to make sure it appending doesn't break anything
-      age = {
-        keyFile = "/tmp/testkey";
-        generateKey = true;
+    name = "sops-age-ssh-keys";
+    nodes.machine = {
+      imports = [ ../../modules/sops ];
+      services.openssh.enable = true;
+      services.openssh.hostKeys = [{
+        type = "ed25519";
+        path = ./test-assets/ssh-ed25519-key;
+      }];
+      sops = {
+        defaultSopsFile = ./test-assets/secrets.yaml;
+        secrets.test_key = { };
+        # Generate a key and append it to make sure it appending doesn't break anything
+        age = {
+          keyFile = "/tmp/testkey";
+          generateKey = true;
+        };
       };
     };
-  };
 
-  testScript = ''
-    start_all()
-    machine.succeed("cat /run/secrets/test_key | grep -q test_value")
-  '';
+    testScript = ''
+      start_all()
+      machine.succeed("cat /run/secrets/test_key | grep -q test_value")
+    '';
   } {
     inherit pkgs;
     inherit (pkgs) system;
   };
 
- pgp-keys = makeTest {
-   name = "sops-pgp-keys";
-   nodes.server = { pkgs, lib, config, ... }: {
-     imports = [
-       ../../modules/sops
-     ];
+  pgp-keys = makeTest {
+    name = "sops-pgp-keys";
+    nodes.server = { pkgs, lib, config, ... }: {
+      imports = [ ../../modules/sops ];
 
-     users.users.someuser = {
-       isSystemUser = true;
-       group = "nogroup";
-     };
+      users.users.someuser = {
+        isSystemUser = true;
+        group = "nogroup";
+      };
 
-     sops.gnupg.home = "/run/gpghome";
-     sops.defaultSopsFile = ./test-assets/secrets.yaml;
-     sops.secrets.test_key.owner = config.users.users.someuser.name;
-     sops.secrets."nested/test/file".owner = config.users.users.someuser.name;
-     sops.secrets.existing-file = {
-       key = "test_key";
-       path = "/run/existing-file";
-     };
-     # must run before sops
-     system.activationScripts.gnupghome = lib.stringAfter [ "etc" ] ''
-       cp -r ${./test-assets/gnupghome} /run/gpghome
-       chmod -R 700 /run/gpghome
+      sops.gnupg.home = "/run/gpghome";
+      sops.defaultSopsFile = ./test-assets/secrets.yaml;
+      sops.secrets.test_key.owner = config.users.users.someuser.name;
+      sops.secrets."nested/test/file".owner = config.users.users.someuser.name;
+      sops.secrets.existing-file = {
+        key = "test_key";
+        path = "/run/existing-file";
+      };
+      # must run before sops
+      system.activationScripts.gnupghome = lib.stringAfter [ "etc" ] ''
+        cp -r ${./test-assets/gnupghome} /run/gpghome
+        chmod -R 700 /run/gpghome
 
-       touch /run/existing-file
-     '';
-     # Useful for debugging
-     #environment.systemPackages = [ pkgs.gnupg pkgs.sops ];
-     #environment.variables = {
-     #  GNUPGHOME = "/run/gpghome";
-     #  SOPS_GPG_EXEC="${pkgs.gnupg}/bin/gpg";
-     #  SOPSFILE = "${./test-assets/secrets.yaml}";
-     #};
+        touch /run/existing-file
+      '';
+      # Useful for debugging
+      #environment.systemPackages = [ pkgs.gnupg pkgs.sops ];
+      #environment.variables = {
+      #  GNUPGHOME = "/run/gpghome";
+      #  SOPS_GPG_EXEC="${pkgs.gnupg}/bin/gpg";
+      #  SOPSFILE = "${./test-assets/secrets.yaml}";
+      #};
+    };
+    testScript = ''
+      def assertEqual(exp: str, act: str) -> None:
+          if exp != act:
+              raise Exception(f"'{exp}' != '{act}'")
+
+
+      start_all()
+
+      value = server.succeed("cat /run/secrets/test_key")
+      assertEqual("test_value", value)
+
+      server.succeed("runuser -u someuser -- cat /run/secrets/test_key >&2")
+      value = server.succeed("cat /run/secrets/nested/test/file")
+      assertEqual(value, "another value")
+
+      target = server.succeed("readlink -f /run/existing-file")
+      assertEqual("/run/secrets.d/1/existing-file", target.strip())
+    '';
+  } {
+    inherit pkgs;
+    inherit (pkgs) system;
   };
-  testScript = ''
-    def assertEqual(exp: str, act: str) -> None:
-        if exp != act:
-            raise Exception(f"'{exp}' != '{act}'")
-
-
-    start_all()
-
-    value = server.succeed("cat /run/secrets/test_key")
-    assertEqual("test_value", value)
-
-    server.succeed("runuser -u someuser -- cat /run/secrets/test_key >&2")
-    value = server.succeed("cat /run/secrets/nested/test/file")
-    assertEqual(value, "another value")
-
-    target = server.succeed("readlink -f /run/existing-file")
-    assertEqual("/run/secrets.d/1/existing-file", target.strip())
-  '';
- } {
-   inherit pkgs;
-   inherit (pkgs) system;
- };
 
   restart-and-reload = makeTest {
     name = "sops-restart-and-reload";
     nodes.machine = { pkgs, lib, config, ... }: {
-      imports = [
-        ../../modules/sops
-      ];
+      imports = [ ../../modules/sops ];
 
       sops = {
         age.keyFile = ./test-assets/age-keys.txt;
@@ -223,9 +219,7 @@
       systemd.services."restart-unit" = {
         description = "Restart unit";
         # not started on boot
-        serviceConfig = {
-          ExecStart = "/bin/sh -c 'echo ok > /restarted'";
-        };
+        serviceConfig = { ExecStart = "/bin/sh -c 'echo ok > /restarted'"; };
       };
       systemd.services."reload-unit" = {
         description = "Reload unit";
@@ -248,72 +242,72 @@
           ExecReload = "/bin/sh -c 'echo ok > /reloaded'";
         };
       };
-   };
-   testScript = ''
-     machine.wait_for_unit("multi-user.target")
-     machine.fail("test -f /restarted")
-     machine.fail("test -f /reloaded")
+    };
+    testScript = ''
+      machine.wait_for_unit("multi-user.target")
+      machine.fail("test -f /restarted")
+      machine.fail("test -f /reloaded")
 
-     # Nothing is to be restarted after boot
-     machine.fail("ls /run/nixos/*-list")
+      # Nothing is to be restarted after boot
+      machine.fail("ls /run/nixos/*-list")
 
-     # Nothing happens when the secret is not changed
-     machine.succeed("/run/current-system/bin/switch-to-configuration test")
-     machine.fail("test -f /restarted")
-     machine.fail("test -f /reloaded")
+      # Nothing happens when the secret is not changed
+      machine.succeed("/run/current-system/bin/switch-to-configuration test")
+      machine.fail("test -f /restarted")
+      machine.fail("test -f /reloaded")
 
-     # Ensure the secret is changed
-     machine.succeed(": > /run/secrets/test_key")
+      # Ensure the secret is changed
+      machine.succeed(": > /run/secrets/test_key")
 
-     # The secret is changed, now something should happen
-     machine.succeed("/run/current-system/bin/switch-to-configuration test")
+      # The secret is changed, now something should happen
+      machine.succeed("/run/current-system/bin/switch-to-configuration test")
 
-     # Ensure something happened
-     machine.succeed("test -f /restarted")
-     machine.succeed("test -f /reloaded")
+      # Ensure something happened
+      machine.succeed("test -f /restarted")
+      machine.succeed("test -f /reloaded")
 
-     with subtest("change detection"):
-        machine.succeed("rm /run/secrets/test_key")
-        out = machine.succeed("/run/current-system/bin/switch-to-configuration test")
-        if "adding secret" not in out:
-            raise Exception("Addition detection does not work")
-
-        machine.succeed(": > /run/secrets/test_key")
-        out = machine.succeed("/run/current-system/bin/switch-to-configuration test")
-        if "modifying secret" not in out:
-            raise Exception("Modification detection does not work")
-
-        machine.succeed(": > /run/secrets/another_key")
-        out = machine.succeed("/run/current-system/bin/switch-to-configuration test")
-        if "removing secret" not in out:
-            raise Exception("Removal detection does not work")
-
-     with subtest("dry activation"):
+      with subtest("change detection"):
          machine.succeed("rm /run/secrets/test_key")
-         machine.succeed(": > /run/secrets/another_key")
-         out = machine.succeed("/run/current-system/bin/switch-to-configuration dry-activate")
-         if "would add secret" not in out:
-             raise Exception("Dry addition detection does not work")
-         if "would remove secret" not in out:
-             raise Exception("Dry removal detection does not work")
-
-         machine.fail("test -f /run/secrets/test_key")
-         machine.succeed("test -f /run/secrets/another_key")
-
-         machine.succeed("/run/current-system/bin/switch-to-configuration test")
-         machine.succeed("test -f /run/secrets/test_key")
-         machine.succeed("rm /restarted /reloaded")
-         machine.fail("test -f /run/secrets/another_key")
+         out = machine.succeed("/run/current-system/bin/switch-to-configuration test")
+         if "adding secret" not in out:
+             raise Exception("Addition detection does not work")
 
          machine.succeed(": > /run/secrets/test_key")
-         out = machine.succeed("/run/current-system/bin/switch-to-configuration dry-activate")
-         if "would modify secret" not in out:
-             raise Exception("Dry modification detection does not work")
-         machine.succeed("[ $(cat /run/secrets/test_key | wc -c) = 0 ]")
+         out = machine.succeed("/run/current-system/bin/switch-to-configuration test")
+         if "modifying secret" not in out:
+             raise Exception("Modification detection does not work")
 
-         machine.fail("test -f /restarted")  # not done in dry mode
-         machine.fail("test -f /reloaded")  # not done in dry mode
-   '';
+         machine.succeed(": > /run/secrets/another_key")
+         out = machine.succeed("/run/current-system/bin/switch-to-configuration test")
+         if "removing secret" not in out:
+             raise Exception("Removal detection does not work")
+
+      with subtest("dry activation"):
+          machine.succeed("rm /run/secrets/test_key")
+          machine.succeed(": > /run/secrets/another_key")
+          out = machine.succeed("/run/current-system/bin/switch-to-configuration dry-activate")
+          if "would add secret" not in out:
+              raise Exception("Dry addition detection does not work")
+          if "would remove secret" not in out:
+              raise Exception("Dry removal detection does not work")
+
+          machine.fail("test -f /run/secrets/test_key")
+          machine.succeed("test -f /run/secrets/another_key")
+
+          machine.succeed("/run/current-system/bin/switch-to-configuration test")
+          machine.succeed("test -f /run/secrets/test_key")
+          machine.succeed("rm /restarted /reloaded")
+          machine.fail("test -f /run/secrets/another_key")
+
+          machine.succeed(": > /run/secrets/test_key")
+          out = machine.succeed("/run/current-system/bin/switch-to-configuration dry-activate")
+          if "would modify secret" not in out:
+              raise Exception("Dry modification detection does not work")
+          machine.succeed("[ $(cat /run/secrets/test_key | wc -c) = 0 ]")
+
+          machine.fail("test -f /restarted")  # not done in dry mode
+          machine.fail("test -f /reloaded")  # not done in dry mode
+    '';
   } {
     inherit pkgs;
     inherit (pkgs) system;