style: format using nixfmt-rfc-style

default.nix

@@ -8,28 +8,17 @@ let
     "x86_64-linux"
   ];
 
-  filterSystems =
+  filterSystems = lib.filterAttrs (system: _: lib.elem system ciSystems);
-    lib.filterAttrs
-    (system: _: lib.elem system ciSystems);
 
   recurseIntoAttrsRecursive = lib.mapAttrs (
-    _: v:
+    _: v: if lib.isAttrs v then recurseIntoAttrsRecursive (lib.recurseIntoAttrs v) else v
-      if lib.isAttrs v
-      then recurseIntoAttrsRecursive (lib.recurseIntoAttrs v)
-      else v
   );
 
-  systemOutputs =
+  systemOutputs = lib.filterAttrs (
-    lib.filterAttrs
-    (
     name: set:
-        lib.isAttrs set
+    lib.isAttrs set && lib.any (system: set ? ${system} && name != "legacyPackages") ciSystems
-        && lib.any
+  ) default.outputs;
-        (system: set ? ${system} && name != "legacyPackages")
-        ciSystems
-    )
-    default.outputs;
 
   ciDrvs = lib.mapAttrs (_: system: filterSystems system) systemOutputs;
 in
-  (recurseIntoAttrsRecursive ciDrvs) // {shell = import ./shell.nix;}
+(recurseIntoAttrsRecursive ciDrvs) // { shell = import ./shell.nix; }

flake.nix

@@ -53,7 +53,8 @@
     wayland-pipewire-idle-inhibit.inputs.flake-parts.follows = "flake-parts";
   };
 
-  outputs = inputs@{ self, ...}:
+  outputs =
+    inputs@{ self, ... }:
     inputs.flake-parts.lib.mkFlake { inherit inputs; } {
       systems = [
         "x86_64-linux"
@@ -71,14 +72,19 @@
         ./overlays
       ];
 
-      perSystem = args@{ system, pkgs, config, ... }: {
+      perSystem =
+        args@{
+          system,
+          pkgs,
+          config,
+          ...
+        }:
+        {
           _module.args = {
             inherit inputs;
             pkgs = import inputs.nixpkgs {
               inherit system;
-            overlays = [
+              overlays = [ inputs.agenix.overlays.default ];
-              inputs.agenix.overlays.default
-            ];
             };
             unstable = import inputs.unstable { inherit system; };
             master = import inputs.master { inherit system; };
@@ -124,7 +130,10 @@
           powder = {
             hostname = "80.71.153.194";
             sshUser = "root";
-          profilesOrder = ["system" "direnv"];
+            profilesOrder = [
+              "system"
+              "direnv"
+            ];
             profiles.direnv = {
               user = "pub-solar";
               path = self.pkgs.x86_64-linux.nixos.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.pub-solar;

hosts/PubSolarOS.nix

@@ -1,15 +1,17 @@
-{suites, ...}: {
+{ suites, ... }:
+{
   ### root password is empty by default ###
   ### default password: pub-solar, optional: add your SSH keys
-  imports =
+  imports = suites.iso;
-    suites.iso;
 
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
   networking.networkmanager.enable = true;
 
-  fileSystems."/" = {device = "/dev/disk/by-label/nixos";};
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/nixos";
+  };
 
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions

hosts/bootstrap.nix

@@ -10,15 +10,16 @@ let
 
   # Gets hostname of host to be bundled inside iso
   # Copied from https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L3-L11
-  getFqdn = config: let
+  getFqdn =
+    config:
+    let
       net = config.networking;
       fqdn =
-      if (net ? domain) && (net.domain != null)
+        if (net ? domain) && (net.domain != null) then "${net.hostName}.${net.domain}" else net.hostName;
-      then "${net.hostName}.${net.domain}"
-      else net.hostName;
     in
     fqdn;
-in {
+in
+{
   # build with: `nix build ".#nixosConfigurations.bootstrap.config.system.build.isoImage"`
   imports = [
     # profiles.networking
@@ -33,7 +34,9 @@ in {
     boot.loader.systemd-boot.enable = true;
 
     # will be overridden by the bootstrapIso instrumentation
-    fileSystems."/" = {device = "/dev/disk/by-label/nixos";};
+    fileSystems."/" = {
+      device = "/dev/disk/by-label/nixos";
+    };
 
     system.nixos.label = "PubSolarOS-" + config.system.nixos.version;
 

hosts/default.nix

@@ -1,4 +1,9 @@
-{ withSystem, self, inputs, ...}:
+{
+  withSystem,
+  self,
+  inputs,
+  ...
+}:
 {
   flake = {
     nixosConfigurations = {
@@ -91,7 +96,12 @@
           self.nixosModules.graphical
           self.nixosModules.audio
           self.nixosModules.bluetooth
-          ({ ... }: { pub-solar.graphical.wayland.software-renderer.enable = true; })
+          (
+            { ... }:
+            {
+              pub-solar.graphical.wayland.software-renderer.enable = true;
+            }
+          )
         ];
       };
     };

hosts/dumpyourvms/default.nix

@@ -1,4 +1,5 @@
-{ ... }: {
+{ ... }:
+{
   imports = [
     ./dumpyourvms.nix
     ./hardware-configuration.nix

hosts/dumpyourvms/dumpyourvms.nix

@@ -7,7 +7,8 @@
 let
   psCfg = config.pub-solar;
   xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-in {
+in
+{
   pub-solar = {
     terminal-life.full = true;
     core.hibernation = {
@@ -23,13 +24,19 @@ in {
   # Explicitly set amdgpu support in place of radeon
   # Source: https://github.com/NixOS/nixos-hardware/blob/master/common/gpu/amd/southern-islands/default.nix
   # Try again after https://lists.freedesktop.org/archives/amd-gfx/2023-March/090096.html lands
-  boot.kernelParams = ["acpi_backlight=video" "hid_apple.fnmode=2" "intel_pstate=passive" "radeon.si_support=0" "amdgpu.si_support=1"];
+  boot.kernelParams = [
+    "acpi_backlight=video"
+    "hid_apple.fnmode=2"
+    "intel_pstate=passive"
+    "radeon.si_support=0"
+    "amdgpu.si_support=1"
+  ];
   boot.loader.efi.canTouchEfiVariables = true;
 
   # Fix for Error switching console mode to 1: unsupported on startup
   boot.loader.systemd-boot.consoleMode = lib.mkForce "0";
 
-  boot.binfmt.emulatedSystems = ["aarch64-linux"];
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
 
   systemd.sleep.extraConfig = ''
     HibernateMode=shutdown
@@ -39,8 +46,8 @@ in {
     cpu.intel.updateMicrocode = true;
     facetimehd.enable = true;
     opengl = {
-      extraPackages = with pkgs; [intel-vaapi-driver]; # i7-4870HQ older hardware like haswell (crystall well)
+      extraPackages = with pkgs; [ intel-vaapi-driver ]; # i7-4870HQ older hardware like haswell (crystall well)
-      extraPackages32 = with pkgs.pkgsi686Linux; [intel-vaapi-driver];
+      extraPackages32 = with pkgs.pkgsi686Linux; [ intel-vaapi-driver ];
     };
   };
 
@@ -66,15 +73,15 @@ in {
   #programs.droidcam.enable = true;
   #services.mozillavpn.enable = true;
 
-  security.pki.certificateFiles = [./consul-agent-ca.pem];
+  security.pki.certificateFiles = [ ./consul-agent-ca.pem ];
 
   # Power off dedicated GPU, use only integrated Intel GPU to save battery
   # https://github.com/NixOS/nixpkgs/pull/33915
   # https://ubuntuforums.org/showthread.php?t=2409856
   systemd.services."amd-hybrid-graphics-power-save" = {
-    path = [pkgs.bash];
+    path = [ pkgs.bash ];
     description = "Power Off dedicated AMD Card to reduce power usage";
-    requires = ["sys-kernel-debug.mount"];
+    requires = [ "sys-kernel-debug.mount" ];
     enable = true;
     serviceConfig = {
       Type = "oneshot";
@@ -82,14 +89,14 @@ in {
       ExecStart = "${pkgs.bash}/bin/sh -c 'sleep 7 && if grep --quiet 'IGD:+' /sys/kernel/debug/vgaswitcheroo/switch; then echo -e \"IGD\\nOFF\" > /sys/kernel/debug/vgaswitcheroo/switch; fi'";
       ExecStop = "${pkgs.bash}/bin/sh -c 'echo ON >/sys/kernel/debug/vgaswitcheroo/switch'";
     };
-    wantedBy = ["multi-user.target"];
+    wantedBy = [ "multi-user.target" ];
   };
 
   # Increase console font size for HiDPI display
   console = {
     earlySetup = true;
     font = lib.mkForce "ter-i32b";
-    packages = [pkgs.terminus_font];
+    packages = [ pkgs.terminus_font ];
   };
 
   # Thunderbolt tools
@@ -113,24 +120,22 @@ in {
     # to be powered on.
     powerUpCommands = lib.mkBefore (
       "${pkgs.kmod}/bin/modprobe brcmfmac"
-      + lib.optionalString
+      + lib.optionalString (lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.2") " brcmfmac_wcc"
-      (lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.2") " brcmfmac_wcc"
     );
     powerDownCommands = lib.mkBefore (
-      lib.optionalString
+      lib.optionalString (lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.2") "${pkgs.kmod}/bin/rmmod brcmfmac_wcc\n"
-      (lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.2")
-      "${pkgs.kmod}/bin/rmmod brcmfmac_wcc\n"
       + ''
         ${pkgs.kmod}/bin/rmmod brcmfmac
         ${pkgs.systemd}/bin/systemctl stop amd-hybrid-graphics-power-save.service
       ''
     );
     resumeCommands =
-      if config.systemd.services."amd-hybrid-graphics-power-save".enable == true
+      if config.systemd.services."amd-hybrid-graphics-power-save".enable == true then
-      then ''
+        ''
           ${pkgs.systemd}/bin/systemctl start amd-hybrid-graphics-power-save.service
         ''
-      else "";
+      else
+        "";
   };
 
   # Change lid switch behaviour
@@ -150,11 +155,16 @@ in {
   services.udev.extraRules =
     # Disable XHC1 wakeup signal to avoid resume getting triggered some time
     # after suspend. Reboot required for this to take effect.
-    lib.optionalString
+    lib.optionalString (lib.versionAtLeast config.boot.kernelPackages.kernel.version "3.13")
-    (lib.versionAtLeast config.boot.kernelPackages.kernel.version "3.13")
       ''SUBSYSTEM=="pci", KERNEL=="0000:00:14.0", ATTR{power/wakeup}="disabled"'';
 
-  home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
+  home-manager =
+    pkgs.lib.setAttrByPath
+      [
+        "users"
+        psCfg.user.name
+      ]
+      {
         # Custom device sway configs
         xdg.configFile = {
           "sway/config.d/10-applications.conf".source = ./.config/sway/config.d/applications.conf;
@@ -166,7 +176,7 @@ in {
       };
 
   # WLAN frequency compliance (e.g. check for radar with DFS)
-  hardware.firmware = with pkgs; [wireless-regdb];
+  hardware.firmware = with pkgs; [ wireless-regdb ];
   boot.extraModprobeConfig = ''
     options cfg80211 ieee80211_regdom="DE"
 

hosts/dumpyourvms/hardware-configuration.nix

@@ -7,16 +7,23 @@
   pkgs,
   modulesPath,
   ...
-}: {
+}:
+{
   imports = [
     #(modulesPath + "/hardware/network/broadcom-43xx.nix")
     (modulesPath + "/installer/scan/not-detected.nix")
   ];
 
-  boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod"];
+  boot.initrd.availableKernelModules = [
-  boot.initrd.kernelModules = [];
+    "xhci_pci"
-  boot.kernelModules = ["kvm-intel"];
+    "nvme"
-  boot.extraModulePackages = [];
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
 
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/17bbb016-d27c-47da-8805-58c6395891e8";

hosts/dumpyourvms/networking.nix

@@ -1,8 +1,4 @@
-{
+{ pkgs, lib, ... }:
-  pkgs,
-  lib,
-  ...
-}:
 {
   systemd.services.wg-quick-wg5.serviceConfig.Type = lib.mkForce "simple";
   systemd.services.wg-quick-wg5.serviceConfig.Restart = "on-failure";
@@ -16,48 +12,61 @@
     #];
 
     hosts = {
-      "10.0.0.42" = ["nomad.service.consul" "nomad.service.cgn-1.consul"];
+      "10.0.0.42" = [
-      "10.0.0.66" = ["consul.service.cgn-1.consul"];
+        "nomad.service.consul"
-      "10.0.1.9" = ["consul.service.lev-1.consul"];
+        "nomad.service.cgn-1.consul"
-      "10.0.0.70" = ["vault.service.consul" "vault.service.cgn-1.consul"];
+      ];
-      "10.0.0.200" = ["headnode.cgn-1"];
+      "10.0.0.66" = [ "consul.service.cgn-1.consul" ];
-      "10.0.0.201" = ["cn01.cgn-1"];
+      "10.0.1.9" = [ "consul.service.lev-1.consul" ];
-      "10.0.0.202" = ["cn02.cgn-1"];
+      "10.0.0.70" = [
-      "10.0.0.205" = ["cn05.cgn-1"];
+        "vault.service.consul"
-      "10.0.0.206" = ["cn06.cgn-1"];
+        "vault.service.cgn-1.consul"
-      "10.0.0.207" = ["cn07.cgn-1"];
+      ];
-      "10.0.0.208" = ["cn08.cgn-1"];
+      "10.0.0.200" = [ "headnode.cgn-1" ];
-      "10.0.1.200" = ["headnode.lev-1"];
+      "10.0.0.201" = [ "cn01.cgn-1" ];
-      "10.0.1.201" = ["cn01.lev-1"];
+      "10.0.0.202" = [ "cn02.cgn-1" ];
-      "10.0.1.202" = ["cn02.lev-1"];
+      "10.0.0.205" = [ "cn05.cgn-1" ];
-      "10.0.1.203" = ["cn03.lev-1"];
+      "10.0.0.206" = [ "cn06.cgn-1" ];
-      "10.0.1.204" = ["cn04.lev-1"];
+      "10.0.0.207" = [ "cn07.cgn-1" ];
-      "10.0.1.205" = ["cn05.lev-1"];
+      "10.0.0.208" = [ "cn08.cgn-1" ];
-      "10.0.1.206" = ["cn00.lev-1"];
+      "10.0.1.200" = [ "headnode.lev-1" ];
-      "10.0.1.207" = ["cn06.lev-1"];
+      "10.0.1.201" = [ "cn01.lev-1" ];
-      "10.0.1.208" = ["cn07.lev-1"];
+      "10.0.1.202" = [ "cn02.lev-1" ];
-      "10.101.64.10" = ["wifi.bahn.de"];
+      "10.0.1.203" = [ "cn03.lev-1" ];
-      "80.71.153.29" = ["eu-central.manta.greenbaum.cloud"];
+      "10.0.1.204" = [ "cn04.lev-1" ];
-      "85.88.23.37" = ["git.greenbaum.cloud"];
+      "10.0.1.205" = [ "cn05.lev-1" ];
-      "10.0.1.17" = ["drone.greenbaum.cloud"];
+      "10.0.1.206" = [ "cn00.lev-1" ];
-      "10.0.1.2" = ["lev-1.adminui.greenbaum.cloud"];
+      "10.0.1.207" = [ "cn06.lev-1" ];
-      "80.71.153.10" = ["lev-1.api.greenbaum.cloud"];
+      "10.0.1.208" = [ "cn07.lev-1" ];
-      "80.71.153.12" = ["lev-1.docker.greenbaum.cloud"];
+      "10.101.64.10" = [ "wifi.bahn.de" ];
-      "80.71.153.56" = ["lev-1.monitor.greenbaum.cloud"];
+      "80.71.153.29" = [ "eu-central.manta.greenbaum.cloud" ];
-      "192.168.13.25" = ["ryzensun.local" "cloudapi.coal-1.mnx.io"];
+      "85.88.23.37" = [ "git.greenbaum.cloud" ];
+      "10.0.1.17" = [ "drone.greenbaum.cloud" ];
+      "10.0.1.2" = [ "lev-1.adminui.greenbaum.cloud" ];
+      "80.71.153.10" = [ "lev-1.api.greenbaum.cloud" ];
+      "80.71.153.12" = [ "lev-1.docker.greenbaum.cloud" ];
+      "80.71.153.56" = [ "lev-1.monitor.greenbaum.cloud" ];
+      "192.168.13.25" = [
+        "ryzensun.local"
+        "cloudapi.coal-1.mnx.io"
+      ];
     };
 
     wireguard.enable = true;
     wg-quick.interfaces = {
       wg0 = {
         autostart = false;
-        address = ["10.8.8.6/32"];
+        address = [ "10.8.8.6/32" ];
         privateKeyFile = "/etc/wireguard/wg0.privatekey";
 
         peers = [
           {
             publicKey = "l0DJLicCrcrixNP6zAWTXNSEaNM2jML253BXEZ1KpiU=";
-            allowedIPs = ["10.8.8.16/32" "10.0.0.0/24" "10.88.88.0/24"];
+            allowedIPs = [
+              "10.8.8.16/32"
+              "10.0.0.0/24"
+              "10.88.88.0/24"
+            ];
             endpoint = "85.88.23.16:51820";
             persistentKeepalive = 25;
           }
@@ -65,13 +74,13 @@
       };
       wg1 = {
         autostart = false;
-        address = ["192.168.188.203/24"];
+        address = [ "192.168.188.203/24" ];
         privateKeyFile = "/etc/wireguard/wg1.privatekey";
 
         peers = [
           {
             publicKey = "iZkgeA/mFxBRclCa5SJYdqffClly/uho5krebcUloCY=";
-            allowedIPs = ["192.168.188.0/24"];
+            allowedIPs = [ "192.168.188.0/24" ];
             presharedKeyFile = "/etc/wireguard/wg1.presharedkey";
             #endpoint = "85.214.70.91:50163";
             #endpoint = "7gwzft61sc8txc4r.myfritz.net:50163";
@@ -81,21 +90,24 @@
         ];
       };
       wg2 = {
-        address = ["10.6.6.4/32"];
+        address = [ "10.6.6.4/32" ];
         privateKeyFile = "/etc/wireguard/wg2.privatekey";
 
         peers = [
           {
             publicKey = "nYMmaCIW8lZ7SokivN8HXxYDch+SS1G7ab1SC9meDAw=";
             presharedKeyFile = "/etc/wireguard/wg2.presharedkey";
-            allowedIPs = ["10.6.6.1/32" "10.1.1.0/24"];
+            allowedIPs = [
+              "10.6.6.1/32"
+              "10.1.1.0/24"
+            ];
             endpoint = "85.88.23.127:51820";
             persistentKeepalive = 16;
           }
         ];
       };
       wg3 = {
-        address = ["10.11.11.2/32"];
+        address = [ "10.11.11.2/32" ];
         privateKeyFile = "/etc/wireguard/wg3.privatekey";
         mtu = 1300;
 
@@ -103,14 +115,18 @@
           {
             publicKey = "7RRgfZSneqAtAHBeI6+aaYLqz9e1jikg/lIK8mhW928=";
             presharedKeyFile = "/etc/wireguard/wg3.presharedkey";
-            allowedIPs = ["10.11.11.0/24" "192.168.1.0/24" "10.0.1.0/24"];
+            allowedIPs = [
+              "10.11.11.0/24"
+              "192.168.1.0/24"
+              "10.0.1.0/24"
+            ];
             endpoint = "80.71.153.1:51820";
             persistentKeepalive = 16;
           }
         ];
       };
       wg4 = {
-        address = ["fdaa:1:3234:a7b:16a9:0:a:202/120"];
+        address = [ "fdaa:1:3234:a7b:16a9:0:a:202/120" ];
         privateKeyFile = "/etc/wireguard/wg4.privatekey";
         postUp = "resolvectl dns wg4 fdaa:1:3234::3; resolvectl domain wg4 ~internal";
         preDown = "resolvectl revert wg4";
@@ -121,7 +137,7 @@
         peers = [
           {
             publicKey = "yUyg63j5+17YeJ7gRhxoQuF6rvdX0JF59M6skytJFTQ=";
-            allowedIPs = ["fdaa:1:3234::/48"];
+            allowedIPs = [ "fdaa:1:3234::/48" ];
             #endpoint = "ams1.gateway.6pn.dev:51820";
             endpoint = "176.58.93.206:51820";
             persistentKeepalive = 15;
@@ -130,7 +146,7 @@
       };
       wg5 = {
         autostart = false;
-        address = ["192.168.13.201/24"];
+        address = [ "192.168.13.201/24" ];
         privateKeyFile = "/etc/wireguard/wg5.privatekey";
         postUp = "resolvectl dnsovertls wg5 no; resolvectl dns wg5 192.168.13.1; resolvectl domain wg5 ~fritz.box";
         preDown = "resolvectl revert wg5";
@@ -147,33 +163,52 @@
         ];
       };
       wg6 = {
-        address = ["10.7.6.201/32" "fd00:fae:fae:fae:fae:201::/96"];
+        address = [
+          "10.7.6.201/32"
+          "fd00:fae:fae:fae:fae:201::/96"
+        ];
         privateKeyFile = "/etc/wireguard/wg6.privatekey";
 
         peers = [
-          { # nachtigall.pub.solar
+          {
+            # nachtigall.pub.solar
             publicKey = "qzNywKY9RvqTnDO8eLik75/SHveaSk9OObilDzv+xkk=";
-            allowedIPs = [ "10.7.6.1/32" "fd00:fae:fae:fae:fae:1::/96" ];
+            allowedIPs = [
+              "10.7.6.1/32"
+              "fd00:fae:fae:fae:fae:1::/96"
+            ];
             #endpoint = "138.201.80.102:51820";
             endpoint = "[2a01:4f8:172:1c25::1]:51820";
             persistentKeepalive = 15;
           }
-          { # flora-6.pub.solar
+          {
+            # flora-6.pub.solar
             publicKey = "jtSR5G2P/nm9s8WrVc26Xc/SQLupRxyXE+5eIeqlsTU=";
-            allowedIPs = [ "10.7.6.2/32" "fd00:fae:fae:fae:fae:2::/96" ];
+            allowedIPs = [
+              "10.7.6.2/32"
+              "fd00:fae:fae:fae:fae:2::/96"
+            ];
             endpoint = "80.71.153.210:51820";
             persistentKeepalive = 15;
           }
-          { # metronom.pub.solar
+          {
+            # metronom.pub.solar
             publicKey = "zOSYGO7MfnOOUnzaTcWiKRQM0qqxR3JQrwx/gtEtHmo=";
-            allowedIPs = [ "10.7.6.3/32" "fd00:fae:fae:fae:fae:3::/96" ];
+            allowedIPs = [
+              "10.7.6.3/32"
+              "fd00:fae:fae:fae:fae:3::/96"
+            ];
             endpoint = "49.13.236.167:51820";
             #endpoint = "[2a01:4f8:c2c:7082::]:51820";
             persistentKeepalive = 15;
           }
-          { # tankstelle.pub.solar
+          {
+            # tankstelle.pub.solar
             publicKey = "iRTlY1lB7nPXf2eXzX8ZZDkfMmXyGjff5/joccbP8Cg=";
-            allowedIPs = [ "10.7.6.4/32" "fd00:fae:fae:fae:fae:4::/96" ];
+            allowedIPs = [
+              "10.7.6.4/32"
+              "fd00:fae:fae:fae:fae:4::/96"
+            ];
             #endpoint = "80.244.242.5:51820";
             endpoint = "[2001:4d88:1ffa:26::5]:51820";
             persistentKeepalive = 15;
@@ -183,7 +218,10 @@
       # mozillavpn
       moz0 = {
         autostart = false;
-        address = ["10.142.131.196/32" "fc00:bbbb:bbbb:bb01:d:0:e:83c4/128"];
+        address = [
+          "10.142.131.196/32"
+          "fc00:bbbb:bbbb:bb01:d:0:e:83c4/128"
+        ];
         privateKeyFile = "/etc/wireguard/moz0.privatekey";
         #postUp = "resolvectl dns wg4 fdaa:1:3234::3; resolvectl domain wg4 ~internal";
         #preDown = "resolvectl revert wg4";
@@ -194,7 +232,10 @@
         peers = [
           {
             publicKey = "ku1NYeOAGbY65YL/JKZhrqVzDJKXQiVj9USXbfkOBA0=";
-            allowedIPs = ["0.0.0.0/0" "::/0"];
+            allowedIPs = [
+              "0.0.0.0/0"
+              "::/0"
+            ];
             endpoint = "185.254.75.3:36294";
           }
         ];

hosts/fae/default.nix

@@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
   imports = [
     ./paperless.nix
     ./invoiceplane.nix

hosts/fae/fae.nix

@@ -3,7 +3,8 @@
   lib,
   pkgs,
   ...
-}: {
+}:
+{
   config = {
     pub-solar.core.disk-encryption-active = false;
 
@@ -11,7 +12,7 @@
       "/" = {
         device = "/dev/disk/by-label/NIXOS_SD";
         fsType = "ext4";
-        options = ["noatime"];
+        options = [ "noatime" ];
       };
     };
 
@@ -23,9 +24,7 @@
       allowSFTP = true;
     };
 
-    boot.kernelParams = [
+    boot.kernelParams = [ "boot.shell_on_fail=1" ];
-	    "boot.shell_on_fail=1"
-    ];
 
     # Would decrease closure size, but currenly broken (cairo)
     #environment.noXlibs = true;
@@ -38,8 +37,11 @@
       settings = {
         auto-optimise-store = true;
         sandbox = true;
-        allowed-users = ["@wheel"];
+        allowed-users = [ "@wheel" ];
-        trusted-users = ["root" "@wheel"];
+        trusted-users = [
+          "root"
+          "@wheel"
+        ];
       };
 
       extraOptions = ''

hosts/fae/invoiceplane.nix

@@ -4,13 +4,15 @@
   pkgs,
   lib,
   ...
-}: let
+}:
+let
   psCfg = config.pub-solar;
   xdg = config.home-manager.users."${psCfg.user.name}".xdg;
   backupDir = "/var/lib/invoiceplane/backup";
-in {
+in
+{
   security.acme.certs = {
-    "billing.faenix.eu" = {};
+    "billing.faenix.eu" = { };
   };
 
   services.nginx.virtualHosts = {
@@ -25,7 +27,9 @@ in {
     sites."billing.faenix.eu" = {
       enable = true;
 
-      invoiceTemplates = [ flake.self.inputs.invoiceplane-template.packages.${pkgs.system}.invoiceplane-template ];
+      invoiceTemplates = [
+        flake.self.inputs.invoiceplane-template.packages.${pkgs.system}.invoiceplane-template
+      ];
 
       settings = {
         IP_URL = "https://billing.faenix.eu";
@@ -49,9 +53,7 @@ in {
     };
   };
 
-  systemd.tmpfiles.rules = [
+  systemd.tmpfiles.rules = [ "d '${backupDir}' 0700 root root - -" ];
-    "d '${backupDir}' 0700 root root - -"
-  ];
 
   #services.restic.backups = {
   #  invoiceplane = {

hosts/fae/paperless.nix

@@ -13,7 +13,8 @@ let
   backupDir = "${xdg.dataHome}/PaperlessBackup";
   consumptionDir = "/home/${psCfg.user.name}/.local/share/scandir";
 
-in {
+in
+{
   services.paperless = {
     enable = true;
     user = psCfg.user.name;
@@ -43,7 +44,7 @@ in {
   };
 
   security.acme.certs = {
-    "paperless.faenix.eu" = {};
+    "paperless.faenix.eu" = { };
   };
 
   services.nginx = {
@@ -81,7 +82,10 @@ in {
   #  };
   #};
 
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
 
   systemd.tmpfiles.rules = [
     "d /home/${psCfg.user.name}/.local 0700 ${psCfg.user.name} users - -"

hosts/iso/default.nix

@@ -1,8 +1,5 @@
+{ pkgs, lib, ... }:
 {
-  pkgs,
-  lib,
-  ...
-}: {
   pub-solar.core.disk-encryption-active = false;
   isoImage.squashfsCompression = "gzip -Xcompression-level 1";
   systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];

hosts/powder/default.nix

@@ -1,5 +1,4 @@
-{...}: {
+{ ... }:
-  imports = [
+{
-    ./powder.nix
+  imports = [ ./powder.nix ];
-  ];
 }

hosts/powder/hardware-configuration.nix

@@ -7,13 +7,20 @@
   pkgs,
   modulesPath,
   ...
-}: {
+}:
-  imports = [];
+{
+  imports = [ ];
 
-  boot.initrd.availableKernelModules = ["ahci" "virtio_pci" "xhci_pci" "sr_mod" "virtio_blk"];
+  boot.initrd.availableKernelModules = [
-  boot.initrd.kernelModules = [];
+    "ahci"
-  boot.kernelModules = [];
+    "virtio_pci"
-  boot.extraModulePackages = [];
+    "xhci_pci"
+    "sr_mod"
+    "virtio_blk"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
 
   fileSystems."/" = {
     device = "/dev/disk/by-label/nixos";
@@ -35,7 +42,7 @@
     ];
   };
 
-  swapDevices = [];
+  swapDevices = [ ];
 
   networking.useDHCP = lib.mkDefault false;
 

hosts/powder/powder.nix

@@ -5,7 +5,8 @@
   pkgs,
   profiles,
   ...
-}: {
+}:
+{
   imports = [
     # Include the results of the hardware scan.
     ./hardware-configuration.nix

hosts/ryzensun/default.nix

@@ -1,4 +1,5 @@
-{ ... }: {
+{ ... }:
+{
   imports = [
     ./ryzensun.nix
     ./hardware-configuration.nix

hosts/ryzensun/hardware-configuration.nix

@@ -7,15 +7,21 @@
   pkgs,
   modulesPath,
   ...
-}: {
+}:
-  imports = [
+{
-    (modulesPath + "/installer/scan/not-detected.nix")
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-  ];
 
-  boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod" "sr_mod"];
+  boot.initrd.availableKernelModules = [
-  boot.initrd.kernelModules = [];
+    "nvme"
-  boot.kernelModules = ["kvm-amd"];
+    "xhci_pci"
-  boot.extraModulePackages = [];
+    "ahci"
+    "usbhid"
+    "sd_mod"
+    "sr_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
 
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/bad2e49e-c8e7-4516-a6f8-77db999d12b0";
@@ -29,5 +35,5 @@
     fsType = "vfat";
   };
 
-  swapDevices = [];
+  swapDevices = [ ];
 }

hosts/ryzensun/networking.nix

@@ -1,26 +1,32 @@
 {
   networking = {
     hosts = {
-      "10.0.0.42" = ["nomad.service.consul" "nomad.service.cgn-1.consul"];
+      "10.0.0.42" = [
-      "10.0.0.66" = ["consul.service.cgn-1.consul"];
+        "nomad.service.consul"
-      "10.0.1.9" = ["consul.service.lev-1.consul"];
+        "nomad.service.cgn-1.consul"
-      "10.0.0.70" = ["vault.service.consul" "vault.service.cgn-1.consul"];
+      ];
-      "10.0.0.200" = ["headnode.cgn-1"];
+      "10.0.0.66" = [ "consul.service.cgn-1.consul" ];
-      "10.0.0.201" = ["cn01.cgn-1"];
+      "10.0.1.9" = [ "consul.service.lev-1.consul" ];
-      "10.0.0.202" = ["cn02.cgn-1"];
+      "10.0.0.70" = [
-      "10.0.0.205" = ["cn05.cgn-1"];
+        "vault.service.consul"
-      "10.0.0.206" = ["cn06.cgn-1"];
+        "vault.service.cgn-1.consul"
-      "10.0.0.207" = ["cn07.cgn-1"];
+      ];
-      "10.0.0.208" = ["cn08.cgn-1"];
+      "10.0.0.200" = [ "headnode.cgn-1" ];
-      "10.0.1.200" = ["headnode.lev-1"];
+      "10.0.0.201" = [ "cn01.cgn-1" ];
-      "10.0.1.201" = ["cn01.lev-1"];
+      "10.0.0.202" = [ "cn02.cgn-1" ];
-      "10.0.1.202" = ["cn02.lev-1"];
+      "10.0.0.205" = [ "cn05.cgn-1" ];
-      "10.0.1.203" = ["cn03.lev-1"];
+      "10.0.0.206" = [ "cn06.cgn-1" ];
-      "10.0.1.204" = ["cn04.lev-1"];
+      "10.0.0.207" = [ "cn07.cgn-1" ];
-      "10.0.1.205" = ["cn05.lev-1"];
+      "10.0.0.208" = [ "cn08.cgn-1" ];
-      "10.0.1.206" = ["cn00.lev-1"];
+      "10.0.1.200" = [ "headnode.lev-1" ];
-      "10.0.1.207" = ["cn06.lev-1"];
+      "10.0.1.201" = [ "cn01.lev-1" ];
-      "10.0.1.208" = ["cn07.lev-1"];
+      "10.0.1.202" = [ "cn02.lev-1" ];
+      "10.0.1.203" = [ "cn03.lev-1" ];
+      "10.0.1.204" = [ "cn04.lev-1" ];
+      "10.0.1.205" = [ "cn05.lev-1" ];
+      "10.0.1.206" = [ "cn00.lev-1" ];
+      "10.0.1.207" = [ "cn06.lev-1" ];
+      "10.0.1.208" = [ "cn07.lev-1" ];
     };
 
     interfaces.enp4s0.wakeOnLan.enable = true;
@@ -28,20 +34,24 @@
     wireguard.enable = true;
     wg-quick.interfaces = {
       wg0 = {
-        address = ["10.8.8.7/32"];
+        address = [ "10.8.8.7/32" ];
         privateKeyFile = "/etc/wireguard/wg0.privatekey";
 
         peers = [
           {
             publicKey = "l0DJLicCrcrixNP6zAWTXNSEaNM2jML253BXEZ1KpiU=";
-            allowedIPs = ["10.8.8.16/32" "10.0.0.0/24" "10.88.88.0/24"];
+            allowedIPs = [
+              "10.8.8.16/32"
+              "10.0.0.0/24"
+              "10.88.88.0/24"
+            ];
             endpoint = "85.88.23.16:51820";
             persistentKeepalive = 25;
           }
         ];
       };
       wg1 = {
-        address = ["10.11.11.6/32"];
+        address = [ "10.11.11.6/32" ];
         privateKeyFile = "/etc/wireguard/wg1.privatekey";
         mtu = 1300;
 
@@ -49,40 +59,60 @@
           {
             publicKey = "7RRgfZSneqAtAHBeI6+aaYLqz9e1jikg/lIK8mhW928=";
             presharedKeyFile = "/etc/wireguard/wg1.presharedkey";
-            allowedIPs = ["10.11.11.0/24" "192.168.1.0/24" "10.0.1.0/24"];
+            allowedIPs = [
+              "10.11.11.0/24"
+              "192.168.1.0/24"
+              "10.0.1.0/24"
+            ];
             endpoint = "80.71.153.1:51820";
             #persistentKeepalive = 16;
           }
         ];
       };
       wg2 = {
-        address = ["10.7.6.204/32"];
+        address = [ "10.7.6.204/32" ];
         privateKeyFile = "/etc/wireguard/wg2.privatekey";
 
         peers = [
-          { # nachtigall.pub.solar
+          {
+            # nachtigall.pub.solar
             publicKey = "qzNywKY9RvqTnDO8eLik75/SHveaSk9OObilDzv+xkk=";
-            allowedIPs = [ "10.7.6.1/32" "fd00:fae:fae:fae:fae:1::/96" ];
+            allowedIPs = [
+              "10.7.6.1/32"
+              "fd00:fae:fae:fae:fae:1::/96"
+            ];
             #endpoint = "138.201.80.102:51820";
             endpoint = "[2a01:4f8:172:1c25::1]:51820";
             persistentKeepalive = 15;
           }
-          { # flora-6.pub.solar
+          {
+            # flora-6.pub.solar
             publicKey = "jtSR5G2P/nm9s8WrVc26Xc/SQLupRxyXE+5eIeqlsTU=";
-            allowedIPs = [ "10.7.6.2/32" "fd00:fae:fae:fae:fae:2::/96" ];
+            allowedIPs = [
+              "10.7.6.2/32"
+              "fd00:fae:fae:fae:fae:2::/96"
+            ];
             endpoint = "80.71.153.210:51820";
             persistentKeepalive = 15;
           }
-          { # metronom.pub.solar
+          {
+            # metronom.pub.solar
             publicKey = "zOSYGO7MfnOOUnzaTcWiKRQM0qqxR3JQrwx/gtEtHmo=";
-            allowedIPs = [ "10.7.6.3/32" "fd00:fae:fae:fae:fae:3::/96" ];
+            allowedIPs = [
+              "10.7.6.3/32"
+              "fd00:fae:fae:fae:fae:3::/96"
+            ];
             endpoint = "49.13.236.167:51820";
             #endpoint = "[2a01:4f8:c2c:7082::]:51820";
             persistentKeepalive = 15;
           }
-          { # tankstelle.pub.solar
+          {
+            # tankstelle.pub.solar
             publicKey = "iRTlY1lB7nPXf2eXzX8ZZDkfMmXyGjff5/joccbP8Cg=";
-            allowedIPs = [ "10.7.6.4/32" "fd00:fae:fae:fae:fae:4::/96" ];
+            allowedIPs = [
+              "10.7.6.4/32"
+              "fd00:fae:fae:fae:fae:4::/96"
+            ];
             #endpoint = "80.244.242.5:51820";
             endpoint = "[2001:4d88:1ffa:26::5]:51820";
             persistentKeepalive = 15;

hosts/ryzensun/ryzensun.nix

@@ -8,7 +8,8 @@
 let
   psCfg = config.pub-solar;
   xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-in {
+in
+{
   config = {
     age.secrets.docker-ci-runner-secrets = {
       file = "${flake.self}/secrets/docker-ci-runner-secrets.age";
@@ -26,7 +27,7 @@ in {
     #  runnerVarsFile = config.age.secrets.docker-ci-runner-secrets.path;
     #};
 
-    boot.binfmt.emulatedSystems = ["aarch64-linux"];
+    boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
 
     # Required for WakeOnLan
     boot.initrd = {

lib/compat/default.nix

@@ -1,16 +1,16 @@
 let
-  lock = builtins.fromJSON (builtins.readFile builtins.path {
+  lock = builtins.fromJSON (
+    builtins.readFile builtins.path {
       path = ../../flake.lock;
       name = "lockPath";
-  });
+    }
+  );
   flake =
     import
-    (
+      (fetchTarball {
-      fetchTarball {
         url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
         sha256 = lock.nodes.flake-compat.locked.narHash;
-      }
+      })
-    )
       {
         src = builtins.path {
           path = ../../.;
@@ -18,4 +18,4 @@ let
         };
       };
 in
-  flake
+flake

lib/compat/nixos/default.nix

@@ -1,4 +1,5 @@
-{...}: let
+{ ... }:
+let
   inherit (default.inputs.nixos) lib;
 
   host = configs.${hostname} or configs.PubSolarOS;
@@ -6,4 +7,4 @@
   default = (import ../.).defaultNix;
   hostname = lib.fileContents /etc/hostname;
 in
-  host
+host

lib/default.nix

@@ -1,9 +1,12 @@
-{ lib, inputs, ... }: {
+{ lib, inputs, ... }:
+{
   # Configuration common to all Linux systems
   flake = {
-    lib = let
+    lib =
-      callLibs = file: import file {inherit lib;};
+      let
-    in rec {
+        callLibs = file: import file { inherit lib; };
+      in
+      rec {
         ## Define your own library functions here!
         #id = x: x;
         ## Or in files, containing functions that take {lib}
@@ -12,7 +15,6 @@
 
         deploy = import ./deploy.nix { inherit inputs lib; };
         addLocalHostname = callLibs ./add-local-hostname.nix;
-      recursiveMerge = callLibs ./recursive-merge.nix;
       };
   };
 }

lib/deploy.nix

@@ -1,9 +1,9 @@
 /*
- * The contents of this file are adapted from digga
+  The contents of this file are adapted from digga
- * https://github.com/divnix/digga
+  https://github.com/divnix/digga
- *
+
- * Licensed under the MIT license
+  Licensed under the MIT license
- */
+*/
 
 { lib, inputs }:
 let
@@ -15,7 +15,8 @@ let
         if (net ? domain) && (net.domain != null) then "${net.hostName}.${net.domain}" else net.hostName;
     in
     fqdn;
-in {
+in
+{
   mkDeployNodes =
     systemConfigurations: extraConfig:
     /*
@@ -48,7 +49,7 @@ in {
        ```
       *
     */
-    lib.recursiveUpdate (lib.mapAttrs ( _: c: {
+    lib.recursiveUpdate (lib.mapAttrs (_: c: {
       hostname = getFqdn c;
       profiles.system =
         let

lib/recursive-merge.nix

@@ -1,16 +0,0 @@
-{ lib }:
-attrList:
-let
-  f = attrPath:
-    zipAttrsWith (
-      n: values:
-        if tail values == []
-        then head values
-        else if all isList values
-        then unique (concatLists values)
-        else if all isAttrs values
-        then f (attrPath ++ [n]) values
-        else last values
-    );
-in
-  f [] attrList;

modules/acme/default.nix

@@ -4,7 +4,8 @@
   pkgs,
   lib,
   ...
-}: {
+}:
+{
   age.secrets."hosting-de-acme-secrets" = {
     file = "${flake.self}/secrets/hosting-de-acme-secrets.age";
     mode = "400";

modules/adb/default.nix

@@ -6,10 +6,11 @@
 }:
 let
   psCfg = config.pub-solar;
-in {
+in
+{
   programs.adb.enable = true;
 
   users.users."${psCfg.user.name}" = {
-    extraGroups = ["adbusers"];
+    extraGroups = [ "adbusers" ];
   };
 }

modules/arduino/default.nix

@@ -6,9 +6,10 @@
 }:
 let
   psCfg = config.pub-solar;
-in {
+in
+{
   users.users."${psCfg.user.name}" = {
-    extraGroups = ["dialout"];
+    extraGroups = [ "dialout" ];
     packages = with pkgs; [
       arduino
       arduino-cli

modules/audio/default.nix

@@ -7,9 +7,10 @@
 let
   psCfg = config.pub-solar;
   xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-in {
+in
+{
   users.users."${psCfg.user.name}" = {
-    extraGroups = ["audio"];
+    extraGroups = [ "audio" ];
     packages = with pkgs; [
       # easyeffects, e.g. for microphone noise filtering
       easyeffects
@@ -42,7 +43,10 @@ in {
         "context.properties" = {
           default = {
             "clock.rate" = 48000; # Pipewire default
-            "clock.allowed-rates" = [ 44100 48000 ];
+            "clock.allowed-rates" = [
+              44100
+              48000
+            ];
           };
         };
       };

modules/bluetooth/default.nix

@@ -3,15 +3,14 @@
   config,
   pkgs,
   ...
-}: {
+}:
+{
   hardware.bluetooth = {
     enable = true;
     # Disable bluetooth on startup to save battery
     powerOnBoot = false;
     # Disable useless SIM Access Profile plugin
-    disabledPlugins = [
+    disabledPlugins = [ "sap" ];
-      "sap"
-    ];
     settings = {
       General = {
         # Enables experimental features and interfaces.

modules/core/boot.nix

@@ -6,7 +6,8 @@
 }:
 let
   cfg = config.pub-solar.core;
-in {
+in
+{
   options.pub-solar.core.disk-encryption-active = lib.mkOption {
     type = lib.types.bool;
     default = true;
@@ -29,7 +30,7 @@ in {
       kernelPackages = lib.mkDefault pkgs.linuxPackages_6_6;
 
       # Support ntfs drives
-      supportedFilesystems = ["ntfs"];
+      supportedFilesystems = [ "ntfs" ];
     };
   };
 }

modules/core/default.nix

@@ -1,12 +1,9 @@
-{
+{ config, lib, ... }:
-  config,
-  lib,
-  ...
-}:
 let
   cfg = config.pub-solar.core;
   psCfg = config.pub-solar;
-in {
+in
+{
   imports = [
     ./boot.nix
     ./hibernation.nix
@@ -32,7 +29,7 @@ in {
 
   # Remove the complete default environment of packages like
   # nano, perl and rsync
-  environment.defaultPackages = lib.mkForce [];
+  environment.defaultPackages = lib.mkForce [ ];
 
   # fileSystems."/".options = [ "noexec" ];
 }

modules/core/hibernation.nix

@@ -7,7 +7,8 @@
 let
   cfg = config.pub-solar.core.hibernation;
   inherit (lib) mkOption types mkIf;
-in {
+in
+{
   options.pub-solar.core.hibernation = {
     enable = mkOption {
       type = types.bool;
@@ -31,7 +32,9 @@ in {
   config = {
     boot = mkIf cfg.enable {
       resumeDevice = mkIf (cfg.resumeDevice != null) cfg.resumeDevice;
-      kernelParams = mkIf (cfg.resumeOffset != null) ["resume_offset=${builtins.toString cfg.resumeOffset}"];
+      kernelParams = mkIf (cfg.resumeOffset != null) [
+        "resume_offset=${builtins.toString cfg.resumeOffset}"
+      ];
     };
   };
 }

modules/core/networking.nix

@@ -4,7 +4,8 @@
   pkgs,
   lib,
   ...
-}: {
+}:
+{
   # disable NetworkManager and systemd-networkd -wait-online by default
   systemd.services.NetworkManager-wait-online.enable = lib.mkDefault false;
   systemd.services.systemd-networkd-wait-online.enable = lib.mkDefault false;

modules/core/packages.nix

@@ -7,7 +7,8 @@
 let
   psCfg = config.pub-solar;
   cfg = config.pub-solar.core;
-in {
+in
+{
   environment.systemPackages = with pkgs; [
     # Core unix utility packages
     coreutils-full

modules/crypto/default.nix

@@ -6,16 +6,15 @@
 }:
 let
   psCfg = config.pub-solar;
-in {
+in
-  services.udev.packages = [pkgs.yubikey-personalization];
+{
-  services.dbus.packages = [pkgs.gcr];
+  services.udev.packages = [ pkgs.yubikey-personalization ];
+  services.dbus.packages = [ pkgs.gcr ];
   services.pcscd.enable = true;
 
   services.gnome.gnome-keyring.enable = true;
 
-  users.users."${psCfg.user.name}".packages = with pkgs; [
+  users.users."${psCfg.user.name}".packages = with pkgs; [ libsecret ];
-    libsecret
-  ];
 
   home-manager.users."${psCfg.user.name}" = {
     systemd.user.services.polkit-gnome-authentication-agent = import ./polkit-gnome-authentication-agent.service.nix pkgs;

modules/crypto/polkit-gnome-authentication-agent.service.nix

@@ -1,15 +1,15 @@
 pkgs: {
   Unit = {
     Description = "Legacy polkit authentication agent for GNOME";
-    Documentation = ["https://gitlab.freedesktop.org/polkit/polkit/"];
+    Documentation = [ "https://gitlab.freedesktop.org/polkit/polkit/" ];
-    BindsTo = ["sway-session.target"];
+    BindsTo = [ "sway-session.target" ];
-    After = ["sway-session.target"];
+    After = [ "sway-session.target" ];
   };
   Service = {
     Type = "simple";
     ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
   };
   Install = {
-    WantedBy = ["sway-session.target"];
+    WantedBy = [ "sway-session.target" ];
   };
 }

modules/ddclient/default.nix

@@ -22,7 +22,12 @@ let
     cache=${dataDir}/ddclient.cache
     foreground=yes
     login=${cfg.username}
-    password=${if cfg.protocol == "nsupdate" then "/run/${RuntimeDirectory}/ddclient.key" else "@password_placeholder@"}
+    password=${
+      if cfg.protocol == "nsupdate" then
+        "/run/${RuntimeDirectory}/ddclient.key"
+      else
+        "@password_placeholder@"
+    }
     protocol=${cfg.protocol}
     ${lib.optionalString (cfg.script != "") "script=${cfg.script}"}
     ${lib.optionalString (cfg.server != "") "server=${cfg.server}"}
@@ -38,26 +43,60 @@ let
 
   preStart = ''
     install --mode=600 --owner=$USER ${configFile} /run/${RuntimeDirectory}/ddclient.conf
-    ${lib.optionalString (cfg.configFile == null) (if (cfg.protocol == "nsupdate") then ''
+    ${lib.optionalString (cfg.configFile == null) (
+      if (cfg.protocol == "nsupdate") then
+        ''
           install --mode=600 --owner=$USER ${cfg.passwordFile} /run/${RuntimeDirectory}/ddclient.key
-    '' else if (cfg.passwordFile != null) then ''
+        ''
+      else if (cfg.passwordFile != null) then
+        ''
           "${pkgs.replace-secret}/bin/replace-secret" "@password_placeholder@" "${cfg.passwordFile}" "/run/${RuntimeDirectory}/ddclient.conf"
-    '' else ''
+        ''
+      else
+        ''
           sed -i '/^password=@password_placeholder@$/d' /run/${RuntimeDirectory}/ddclient.conf
-    '')}
+        ''
+    )}
   '';
-in with lib; {
+in
-  disabledModules = [
+with lib;
-    "services/networking/ddclient.nix"
+{
-  ];
+  disabledModules = [ "services/networking/ddclient.nix" ];
 
   imports = [
-    (mkChangedOptionModule [ "services" "ddclient" "domain" ] [ "services" "ddclient" "domains" ]
+    (mkChangedOptionModule
-      (config:
+      [
-        let value = getAttrFromPath [ "services" "ddclient" "domain" ] config;
+        "services"
-        in if value != "" then [ value ] else []))
+        "ddclient"
-    (mkRemovedOptionModule [ "services" "ddclient" "homeDir" ] "")
+        "domain"
-    (mkRemovedOptionModule [ "services" "ddclient" "password" ] "Use services.ddclient.passwordFile instead.")
+      ]
+      [
+        "services"
+        "ddclient"
+        "domains"
+      ]
+      (
+        config:
+        let
+          value = getAttrFromPath [
+            "services"
+            "ddclient"
+            "domain"
+          ] config;
+        in
+        if value != "" then [ value ] else [ ]
+      )
+    )
+    (mkRemovedOptionModule [
+      "services"
+      "ddclient"
+      "homeDir"
+    ] "")
+    (mkRemovedOptionModule [
+      "services"
+      "ddclient"
+      "password"
+    ] "Use services.ddclient.passwordFile instead.")
   ];
 
   ###### interface
@@ -91,7 +130,9 @@ in with lib; {
 
       username = mkOption {
         # For `nsupdate` username contains the path to the nsupdate executable
-        default = lib.optionalString (config.services.ddclient.protocol == "nsupdate") "${pkgs.bind.dnsutils}/bin/nsupdate";
+        default = lib.optionalString (
+          config.services.ddclient.protocol == "nsupdate"
+        ) "${pkgs.bind.dnsutils}/bin/nsupdate";
         defaultText = "";
         type = str;
         description = lib.mdDoc ''
@@ -212,7 +253,6 @@ in with lib; {
     };
   };
 
-
   ###### implementation
 
   config = mkIf config.services.ddclient.enable {

modules/default.nix

@@ -1,8 +1,5 @@
+{ self, inputs, ... }:
 {
-  self,
-  inputs,
-  ...
-}: {
   flake = {
     nixosModules = rec {
       acme = import ./acme;

modules/desktop-extended/default.nix

@@ -1,11 +1,8 @@
-{
+{ config, pkgs, ... }:
-  config,
-  pkgs,
-  ...
-}:
 let
   psCfg = config.pub-solar;
-in {
+in
+{
   users.users."${psCfg.user.name}".packages = with pkgs; [
     ungoogled-chromium
 

modules/docker/default.nix

@@ -6,14 +6,13 @@
 }:
 let
   psCfg = config.pub-solar;
-in {
+in
+{
   virtualisation.docker.enable = true;
 
   users.users."${psCfg.user.name}" = {
-    extraGroups = ["docker"];
+    extraGroups = [ "docker" ];
   };
 
-  environment.systemPackages = with pkgs; [
+  environment.systemPackages = with pkgs; [ docker-compose ];
-    docker-compose
-  ];
 }

modules/email/default.nix

@@ -6,7 +6,8 @@
 }:
 let
   psCfg = config.pub-solar;
-in {
+in
+{
   users.users."${psCfg.user.name}".packages = with pkgs; [
     w3m
     urlscan
@@ -37,17 +38,23 @@ in {
       macro index <f5> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/admins@pub.solar.muttrc<enter><change-folder>!<enter>'
       macro index <f6> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/crew@pub.solar.muttrc<enter><change-folder>!<enter>'
     '';
-    xdg.configFile."mutt/hello@benjaminbaedorf.eu.muttrc".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.muttrc";
+    xdg.configFile."mutt/hello@benjaminbaedorf.eu.muttrc".source =
-    xdg.configFile."mutt/benjamin.baedorf@rwth-aachen.de.muttrc".source = ./.config/mutt + "/benjamin.baedorf@rwth-aachen.de.muttrc";
+      ./.config/mutt + "/hello@benjaminbaedorf.eu.muttrc";
-    xdg.configFile."mutt/hello@benjaminbaedorf.eu.signature".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.signature";
+    xdg.configFile."mutt/benjamin.baedorf@rwth-aachen.de.muttrc".source =
+      ./.config/mutt + "/benjamin.baedorf@rwth-aachen.de.muttrc";
+    xdg.configFile."mutt/hello@benjaminbaedorf.eu.signature".source =
+      ./.config/mutt + "/hello@benjaminbaedorf.eu.signature";
     xdg.configFile."mutt/byb@miom.space.muttrc".source = ./.config/mutt + "/byb@miom.space.muttrc";
-    xdg.configFile."mutt/byb@miom.space.signature".source = ./.config/mutt + "/byb@miom.space.signature";
+    xdg.configFile."mutt/byb@miom.space.signature".source =
+      ./.config/mutt + "/byb@miom.space.signature";
     xdg.configFile."mutt/mail@b12f.io.muttrc".source = ./.config/mutt + "/mail@b12f.io.muttrc";
     xdg.configFile."mutt/mail@b12f.io.signature".source = ./.config/mutt + "/mail@b12f.io.signature";
     xdg.configFile."mutt/admins@pub.solar.muttrc".source = ./.config/mutt + "/admins@pub.solar.muttrc";
-    xdg.configFile."mutt/admins@pub.solar.signature".source = ./.config/mutt + "/admins@pub.solar.signature";
+    xdg.configFile."mutt/admins@pub.solar.signature".source =
+      ./.config/mutt + "/admins@pub.solar.signature";
     xdg.configFile."mutt/crew@pub.solar.muttrc".source = ./.config/mutt + "/crew@pub.solar.muttrc";
-    xdg.configFile."mutt/crew@pub.solar.signature".source = ./.config/mutt + "/crew@pub.solar.signature";
+    xdg.configFile."mutt/crew@pub.solar.signature".source =
+      ./.config/mutt + "/crew@pub.solar.signature";
     xdg.configFile."offlineimap/config".source = ./.config/offlineimap/config;
     xdg.configFile."msmtp/config".source = ./.config/msmtp/config;
   };

modules/gaming/default.nix

@@ -6,11 +6,10 @@
 }:
 let
   psCfg = config.pub-solar;
-in {
+in
+{
   programs.steam.enable = true;
-  nixpkgs.config.packageOverrides = pkgs: {
+  nixpkgs.config.packageOverrides = pkgs: { steam = pkgs.steam.override { }; };
-    steam = pkgs.steam.override {};
-  };
 
   users.users."${psCfg.user.name}".packages = with pkgs; [
     playonlinux

modules/graphical/default.nix

@@ -6,20 +6,16 @@
 }:
 let
   psCfg = config.pub-solar;
-  tomlFormat = pkgs.formats.toml {};
+  tomlFormat = pkgs.formats.toml { };
   sessionVariables = {
-    WLR_RENDERER =
+    WLR_RENDERER = if psCfg.graphical.wayland.software-renderer.enable then "pixman" else "gles2";
-      if psCfg.graphical.wayland.software-renderer.enable
-      then "pixman"
-      else "gles2";
     # Fix KeepassXC rendering issue
     # https://github.com/void-linux/void-packages/issues/23517
     QT_AUTO_SCREEN_SCALE_FACTOR = "0";
   };
-in {
+in
-  imports = [
+{
-    ./sway
+  imports = [ ./sway ];
-  ];
 
   options.pub-solar.graphical = {
     wayland.software-renderer.enable = lib.mkOption {
@@ -63,7 +59,7 @@ in {
       style = "gtk2";
     };
 
-    services.udev.packages = with pkgs; [gnome3.gnome-settings-daemon];
+    services.udev.packages = with pkgs; [ gnome3.gnome-settings-daemon ];
     # Enable Sushi, a quick previewer for nautilus
     services.gnome.sushi.enable = true;
     # Enable GVfs, a userspace virtual filesystem
@@ -79,8 +75,8 @@ in {
       enableDefaultPackages = true;
       fontconfig.enable = true;
       fontconfig.defaultFonts = {
-        monospace = ["DejaVu Sans Mono for Powerline"];
+        monospace = [ "DejaVu Sans Mono for Powerline" ];
-        sansSerif = ["DejaVu Sans"];
+        sansSerif = [ "DejaVu Sans" ];
       };
     };
 

modules/graphical/network-manager-applet.service.nix

@@ -1,15 +1,15 @@
 pkgs: {
   Unit = {
     Description = "Network Manager applet";
-    BindsTo = ["sway-session.target"];
+    BindsTo = [ "sway-session.target" ];
-    After = ["sway-session.target"];
+    After = [ "sway-session.target" ];
     # ConditionEnvironment requires systemd v247 to work correctly
-    ConditionEnvironment = ["WAYLAND_DISPLAY"];
+    ConditionEnvironment = [ "WAYLAND_DISPLAY" ];
   };
   Service = {
     ExecStart = "${pkgs.networkmanagerapplet}/bin/nm-applet --sm-disable --indicator";
   };
   Install = {
-    WantedBy = ["sway-session.target"];
+    WantedBy = [ "sway-session.target" ];
   };
 }

modules/graphical/sway/config/config.d/mode_system.conf.nix

@@ -1,17 +1,14 @@
-{
+{ pkgs, psCfg, ... }:
-  pkgs,
-  psCfg,
-  ...
-}:
 ''
   # Set shut down, restart and locking features
 ''
 + (
-  if psCfg.core.hibernation.enable
+  if psCfg.core.hibernation.enable then
-  then ''
+    ''
       set $mode_system (e)xit, (h)ibernate, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown
     ''
-  else ''
+  else
+    ''
       set $mode_system (e)xit, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown
     ''
 )
@@ -22,11 +19,12 @@
     bindsym e exec swaymsg exit, mode "default"
 ''
 + (
-  if psCfg.core.hibernation.enable
+  if psCfg.core.hibernation.enable then
-  then ''
+    ''
       bindsym h exec systemctl hibernate, mode "default"
     ''
-  else ""
+  else
+    ""
 )
 + ''
       bindsym l exec ${pkgs.swaylock-bg}/bin/swaylock-bg, mode "default"
@@ -37,5 +35,5 @@
       # exit system mode: "Enter" or "Escape"
       bindsym Return mode "default"
       bindsym Escape mode "default"
-}
+  }
 ''

modules/graphical/sway/config/config.nix

@@ -1,8 +1,5 @@
-{
+{ config, pkgs, ... }:
-  config,
+''
-  pkgs,
-  ...
-}: ''
   # Default config for sway
   #
   # Copy this to ~/.config/sway/config and edit it to your liking.

modules/graphical/sway/config/wayvnc/config.nix

@@ -1,7 +1,5 @@
-{
+{ psCfg, pkgs }:
-  psCfg,
+"
-  pkgs,
-}: "
 address=0.0.0.0
 enable_auth=true
 username=${psCfg.user.name}

modules/graphical/sway/default.nix

@@ -8,7 +8,8 @@
 let
   psCfg = config.pub-solar;
   inherit (lib) mkIf mkOption types;
-in {
+in
+{
   options.pub-solar.graphical = {
     v4l2loopback.enable = mkOption {
       type = types.bool;
@@ -19,8 +20,8 @@ in {
 
   config = {
     boot = mkIf psCfg.graphical.v4l2loopback.enable {
-      extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
+      extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
-      kernelModules = ["v4l2loopback"];
+      kernelModules = [ "v4l2loopback" ];
       extraModprobeConfig = ''
         options v4l2loopback exclusive_caps=1 devices=3
       '';
@@ -44,7 +45,7 @@ in {
           };
         };
       };
-      extraPortals = with pkgs; [xdg-desktop-portal-gtk];
+      extraPortals = with pkgs; [ xdg-desktop-portal-gtk ];
     };
 
     services.pipewire.enable = true;
@@ -80,9 +81,7 @@ in {
     ];
 
     home-manager.users."${psCfg.user.name}" = {
-      imports = [
+      imports = [ flake.self.inputs.wayland-pipewire-idle-inhibit.homeModules.default ];
-        flake.self.inputs.wayland-pipewire-idle-inhibit.homeModules.default
-      ];
 
       services.wayland-pipewire-idle-inhibit = {
         enable = true;
@@ -106,18 +105,20 @@ in {
       #programs.waybar.systemd.enable = true;
 
       systemd.user.services.swaynotificationcenter = import ./swaynotificationcenter.service.nix pkgs;
-      systemd.user.services.sway = import ./sway.service.nix {inherit pkgs psCfg;};
+      systemd.user.services.sway = import ./sway.service.nix { inherit pkgs psCfg; };
-      systemd.user.services.swayidle = import ./swayidle.service.nix {inherit pkgs psCfg;};
+      systemd.user.services.swayidle = import ./swayidle.service.nix { inherit pkgs psCfg; };
-      systemd.user.services.xsettingsd = import ./xsettingsd.service.nix {inherit pkgs psCfg;};
+      systemd.user.services.xsettingsd = import ./xsettingsd.service.nix { inherit pkgs psCfg; };
-      systemd.user.services.waybar = import ./waybar.service.nix {inherit pkgs psCfg;};
+      systemd.user.services.waybar = import ./waybar.service.nix { inherit pkgs psCfg; };
-      systemd.user.targets.sway-session = import ./sway-session.target.nix {inherit pkgs psCfg;};
+      systemd.user.targets.sway-session = import ./sway-session.target.nix { inherit pkgs psCfg; };
 
-      xdg.configFile."sway/config".text = import ./config/config.nix {inherit config pkgs;};
+      xdg.configFile."sway/config".text = import ./config/config.nix { inherit config pkgs; };
       xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf;
       xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf;
       xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf;
       xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf;
-      xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix {inherit pkgs psCfg;};
+      xdg.configFile."sway/config.d/mode_system.conf".text =
+        import ./config/config.d/mode_system.conf.nix
+          { inherit pkgs psCfg; };
       xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf;
       xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf;
     };

modules/graphical/sway/gammastep.service.nix

@@ -1,17 +1,18 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   Unit = {
     Description = "set color temperature of display according to time of day";
-    Documentation = ["man:gammastep(1)"];
+    Documentation = [ "man:gammastep(1)" ];
-    BindsTo = ["sway-session.target"];
+    BindsTo = [ "sway-session.target" ];
-    After = ["sway-session.target"];
+    After = [ "sway-session.target" ];
     # ConditionEnvironment requires systemd v247 to work correctly
-    ConditionEnvironment = ["WAYLAND_DISPLAY"];
+    ConditionEnvironment = [ "WAYLAND_DISPLAY" ];
   };
   Service = {
     Type = "simple";
     ExecStart = "${pkgs.gammastep}/bin/gammastep -l geoclue2 -m wayland -v";
   };
   Install = {
-    WantedBy = ["sway-session.target"];
+    WantedBy = [ "sway-session.target" ];
   };
 }

modules/graphical/sway/libinput-gestures.service.nix

@@ -1,9 +1,10 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   Unit = {
     Description = "Actions gestures on your touchpad using libinput";
-    Documentation = ["https://github.com/bulletmark/libinput-gestures"];
+    Documentation = [ "https://github.com/bulletmark/libinput-gestures" ];
-    BindsTo = ["sway-session.target"];
+    BindsTo = [ "sway-session.target" ];
-    After = ["sway-session.target"];
+    After = [ "sway-session.target" ];
   };
   Service = {
     Type = "simple";
@@ -13,6 +14,6 @@
     TimeoutStopSec = "10";
   };
   Install = {
-    WantedBy = ["sway-session.target"];
+    WantedBy = [ "sway-session.target" ];
   };
 }

modules/graphical/sway/mako.service.nix

@@ -1,10 +1,11 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   Unit = {
     Description = "Lightweight Wayland notification daemon";
-    Documentation = ["man:mako(1)"];
+    Documentation = [ "man:mako(1)" ];
-    BindsTo = ["sway-session.target"];
+    BindsTo = [ "sway-session.target" ];
-    After = ["sway-session.target"];
+    After = [ "sway-session.target" ];
-    ConditionEnvironment = ["WAYLAND_DISPLAY"];
+    ConditionEnvironment = [ "WAYLAND_DISPLAY" ];
   };
   Service = {
     Type = "dbus";
@@ -13,6 +14,6 @@
     ExecReload = "${pkgs.mako}/bin/makoctl reload";
   };
   Install = {
-    WantedBy = ["sway-session.target"];
+    WantedBy = [ "sway-session.target" ];
   };
 }

modules/graphical/sway/sway-session.target.nix

@@ -1,9 +1,10 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   Unit = {
     Description = "sway compositor session";
-    Documentation = ["man:systemd.special(7)"];
+    Documentation = [ "man:systemd.special(7)" ];
-    BindsTo = ["graphical-session.target"];
+    BindsTo = [ "graphical-session.target" ];
-    Wants = ["graphical-session-pre.target"];
+    Wants = [ "graphical-session-pre.target" ];
-    After = ["graphical-session-pre.target"];
+    After = [ "graphical-session-pre.target" ];
   };
 }

modules/graphical/sway/sway.service.nix

@@ -1,10 +1,11 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   Unit = {
     Description = "sway - SirCmpwn's Wayland window manager";
-    Documentation = ["man:sway(5)"];
+    Documentation = [ "man:sway(5)" ];
-    BindsTo = ["graphical-session.target"];
+    BindsTo = [ "graphical-session.target" ];
-    Wants = ["graphical-session-pre.target"];
+    Wants = [ "graphical-session-pre.target" ];
-    After = ["graphical-session-pre.target"];
+    After = [ "graphical-session-pre.target" ];
   };
   Service = {
     Type = "simple";

modules/graphical/sway/swayidle.service.nix

@@ -1,14 +1,11 @@
+{ pkgs, psCfg, ... }:
 {
-  pkgs,
-  psCfg,
-  ...
-}: {
   Unit = {
     Description = "Idle manager for Wayland";
-    Documentation = ["man:swayidle(1)"];
+    Documentation = [ "man:swayidle(1)" ];
-    BindsTo = ["graphical-session.target"];
+    BindsTo = [ "graphical-session.target" ];
-    Wants = ["graphical-session-pre.target"];
+    Wants = [ "graphical-session-pre.target" ];
-    After = ["graphical-session-pre.target"];
+    After = [ "graphical-session-pre.target" ];
   };
   Service = {
     Type = "simple";
@@ -21,6 +18,6 @@
     '';
   };
   Install = {
-    WantedBy = ["sway-session.target"];
+    WantedBy = [ "sway-session.target" ];
   };
 }

modules/graphical/sway/swaynotificationcenter.service.nix

@@ -2,11 +2,11 @@ pkgs: {
   Unit = {
     Description = "Swaync notification daemon";
     Documentation = "https://github.com/ErikReider/SwayNotificationCenter";
-    BindsTo = ["sway-session.target"];
+    BindsTo = [ "sway-session.target" ];
-    After = ["sway-session.target"];
+    After = [ "sway-session.target" ];
-    Requisite = ["graphical-session.target"];
+    Requisite = [ "graphical-session.target" ];
     # ConditionEnvironment requires systemd v247 to work correctly
-    ConditionEnvironment = ["WAYLAND_DISPLAY"];
+    ConditionEnvironment = [ "WAYLAND_DISPLAY" ];
   };
   Service = {
     Type = "dbus";
@@ -16,6 +16,6 @@ pkgs: {
     Restart = "on-failure";
   };
   Install = {
-    WantedBy = ["sway-session.target"];
+    WantedBy = [ "sway-session.target" ];
   };
 }

modules/graphical/sway/waybar.service.nix

@@ -1,11 +1,19 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   Unit = {
     Description = "Highly customizable Wayland bar for Sway and Wlroots based compositors.";
     Documentation = "https://github.com/Alexays/Waybar/wiki/";
-    BindsTo = ["sway-session.target"];
+    BindsTo = [ "sway-session.target" ];
-    After = ["sway-session.target" "network-online.target"];
+    After = [
-    Wants = ["graphical-session-pre.target" "network-online.target" "blueman-applet.service"];
+      "sway-session.target"
-    ConditionEnvironment = ["WAYLAND_DISPLAY"];
+      "network-online.target"
+    ];
+    Wants = [
+      "graphical-session-pre.target"
+      "network-online.target"
+      "blueman-applet.service"
+    ];
+    ConditionEnvironment = [ "WAYLAND_DISPLAY" ];
   };
 
   Service = {
@@ -16,6 +24,6 @@
   };
 
   Install = {
-    WantedBy = ["sway-session.target"];
+    WantedBy = [ "sway-session.target" ];
   };
 }

modules/graphical/sway/xsettingsd.service.nix

@@ -1,11 +1,12 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   Unit = {
     Description = "X Settings Daemon";
-    Documentation = ["https://github.com/derat/xsettingsd/wiki/Installation"];
+    Documentation = [ "https://github.com/derat/xsettingsd/wiki/Installation" ];
-    BindsTo = ["sway-session.target"];
+    BindsTo = [ "sway-session.target" ];
-    After = ["sway-session.target"];
+    After = [ "sway-session.target" ];
     # ConditionEnvironment requires systemd v247 to work correctly
-    ConditionEnvironment = ["WAYLAND_DISPLAY"];
+    ConditionEnvironment = [ "WAYLAND_DISPLAY" ];
   };
   Service = {
     Type = "simple";
@@ -13,6 +14,6 @@
     ExecStop = "/run/current-system/sw/bin/env pkill xsettingsd";
   };
   Install = {
-    WantedBy = ["sway-session.target"];
+    WantedBy = [ "sway-session.target" ];
   };
 }

modules/graphical/sway/ydotool.service.nix

@@ -1,9 +1,10 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   Unit = {
     Description = "ydotool - Generic command-line automation tool (no X!)";
-    Documentation = ["https://github.com/ReimuNotMoe/ydotool"];
+    Documentation = [ "https://github.com/ReimuNotMoe/ydotool" ];
-    BindsTo = ["sway-session.target"];
+    BindsTo = [ "sway-session.target" ];
-    After = ["sway-session.target"];
+    After = [ "sway-session.target" ];
   };
   Service = {
     Type = "simple";
@@ -13,6 +14,6 @@
     TimeoutStopSec = "10";
   };
   Install = {
-    WantedBy = ["sway-session.target"];
+    WantedBy = [ "sway-session.target" ];
   };
 }

modules/hm-system-defaults.nix

@@ -1,11 +1,11 @@
-{config, ...}: {
+{ config, ... }:
+{
   home-manager.sharedModules = [
     {
       home.sessionVariables = {
         inherit (config.environment.sessionVariables) NIX_PATH;
       };
-      xdg.configFile."nix/registry.json".text =
+      xdg.configFile."nix/registry.json".text = config.environment.etc."nix/registry.json".text;
-        config.environment.etc."nix/registry.json".text;
     }
   ];
 }

modules/invoiceplane/default.nix

@@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 
 let
   inherit (lib)
@@ -24,14 +29,17 @@ let
     mkOption
     nameValuePair
     optionalString
-    types;
+    types
+    ;
 
   cfg = config.services.invoiceplane;
   eachSite = cfg.sites;
   user = "invoiceplane";
   webserver = config.services.${cfg.webserver};
 
-  invoiceplane-config = hostName: cfg: pkgs.writeText "ipconfig.php" ''
+  invoiceplane-config =
+    hostName: cfg:
+    pkgs.writeText "ipconfig.php" ''
       IP_URL=http://${hostName}
       ENABLE_DEBUG=false
       DISABLE_SETUP=false
@@ -39,7 +47,11 @@ let
       DB_HOSTNAME=${cfg.database.host}
       DB_USERNAME=${cfg.database.user}
       # NOTE: file_get_contents adds newline at the end of returned string
-    DB_PASSWORD=${optionalString (cfg.database.passwordFile != null) "trim(file_get_contents('${cfg.database.passwordFile}'), \"\\r\\n\")"}
+      DB_PASSWORD=${
+        optionalString (
+          cfg.database.passwordFile != null
+        ) "trim(file_get_contents('${cfg.database.passwordFile}'), \"\\r\\n\")"
+      }
       DB_DATABASE=${cfg.database.name}
       DB_PORT=${toString cfg.database.port}
       SESS_EXPIRATION=864000
@@ -51,20 +63,30 @@ let
       REMOVE_INDEXPHP=true
     '';
 
-  mkPhpValue = v:
+  mkPhpValue =
-    if isString v then escapeShellArg v
+    v:
+    if isString v then
+      escapeShellArg v
     # NOTE: If any value contains a , (comma) this will not get escaped
-    else if isList v && any lib.strings.isCoercibleToString v then escapeShellArg (concatMapStringsSep "," toString v)
+    else if isList v && any lib.strings.isCoercibleToString v then
-    else if isInt v then toString v
+      escapeShellArg (concatMapStringsSep "," toString v)
-    else if isBool v then boolToString v
+    else if isInt v then
-    else abort "The Invoiceplane config value ${lib.generators.toPretty {} v} can not be encoded."
+      toString v
-  ;
+    else if isBool v then
+      boolToString v
+    else
+      abort "The Invoiceplane config value ${lib.generators.toPretty { } v} can not be encoded.";
 
-  extraConfig = hostName: cfg: let
+  extraConfig =
+    hostName: cfg:
+    let
       settings = mapAttrsToList (k: v: "${k}=${mkPhpValue v}") cfg.settings;
-  in pkgs.writeText "extraConfig.php" (concatStringsSep "\n" settings);
+    in
+    pkgs.writeText "extraConfig.php" (concatStringsSep "\n" settings);
 
-  pkg = hostName: cfg: pkgs.stdenv.mkDerivation rec {
+  pkg =
+    hostName: cfg:
+    pkgs.stdenv.mkDerivation rec {
       pname = "invoiceplane-${hostName}";
       version = src.version;
       src = pkgs.invoiceplane;
@@ -92,11 +114,14 @@ let
         ln -s ${extraConfig hostName cfg} $out/extraConfig.php
 
         # symlink additional templates
-      ${concatMapStringsSep "\n" (template: "cp -r ${template}/. $out/application/views/invoice_templates/pdf/") cfg.invoiceTemplates}
+        ${concatMapStringsSep "\n" (
+          template: "cp -r ${template}/. $out/application/views/invoice_templates/pdf/"
+        ) cfg.invoiceTemplates}
       '';
     };
 
-  siteOpts = { name, ... }:
+  siteOpts =
+    { name, ... }:
     {
       options = {
 
@@ -156,7 +181,7 @@ let
 
         invoiceTemplates = mkOption {
           type = types.listOf types.path;
-          default = [];
+          default = [ ];
           description = ''
             List of path(s) to respective template(s) which are copied from the 'invoice_templates/pdf' directory.
 
@@ -187,7 +212,13 @@ let
         };
 
         poolConfig = mkOption {
-          type = with types; attrsOf (oneOf [ str int bool ]);
+          type =
+            with types;
+            attrsOf (oneOf [
+              str
+              int
+              bool
+            ]);
           default = {
             "pm" = "dynamic";
             "pm.max_children" = 32;
@@ -204,7 +235,7 @@ let
 
         settings = mkOption {
           type = types.attrsOf types.anything;
-          default = {};
+          default = { };
           description = ''
             Structural InvoicePlane configuration. Refer to
             <https://github.com/InvoicePlane/InvoicePlane/blob/master/ipconfig.php.example>
@@ -241,9 +272,7 @@ let
     };
 in
 {
-  disabledModules = [
+  disabledModules = [ "services/web-apps/invoiceplane.nix" ];
-    "services/web-apps/invoiceplane.nix"
-  ];
 
   # interface
   options = {
@@ -252,12 +281,15 @@ in
 
         options.sites = mkOption {
           type = types.attrsOf (types.submodule siteOpts);
-          default = {};
+          default = { };
           description = "Specification of one or more WordPress sites to serve";
         };
 
         options.webserver = mkOption {
-          type = types.enum [ "caddy" "nginx" ];
+          type = types.enum [
+            "caddy"
+            "nginx"
+          ];
           default = "caddy";
           example = "nginx";
           description = ''
@@ -265,57 +297,66 @@ in
           '';
         };
       };
-      default = {};
+      default = { };
       description = "InvoicePlane configuration.";
     };
 
   };
 
   # implementation
-  config = mkIf (eachSite != {}) (mkMerge [{
+  config = mkIf (eachSite != { }) (mkMerge [
+    {
 
-    assertions = flatten (mapAttrsToList (hostName: cfg: [
+      assertions = flatten (
-      { assertion = cfg.database.createLocally -> cfg.database.user == user;
+        mapAttrsToList (hostName: cfg: [
+          {
+            assertion = cfg.database.createLocally -> cfg.database.user == user;
             message = ''services.invoiceplane.sites."${hostName}".database.user must be ${user} if the database is to be automatically provisioned'';
           }
-      { assertion = cfg.database.createLocally -> cfg.database.passwordFile == null;
+          {
+            assertion = cfg.database.createLocally -> cfg.database.passwordFile == null;
             message = ''services.invoiceplane.sites."${hostName}".database.passwordFile cannot be specified if services.invoiceplane.sites."${hostName}".database.createLocally is set to true.'';
           }
-      { assertion = cfg.cron.enable -> cfg.cron.key != null;
+          {
+            assertion = cfg.cron.enable -> cfg.cron.key != null;
             message = ''services.invoiceplane.sites."${hostName}".cron.key must be set in order to use cron service.'';
           }
-    ]) eachSite);
+        ]) eachSite
+      );
 
       services.mysql = mkIf (any (v: v.database.createLocally) (attrValues eachSite)) {
         enable = true;
         package = mkDefault pkgs.mariadb;
         ensureDatabases = mapAttrsToList (hostName: cfg: cfg.database.name) eachSite;
-      ensureUsers = mapAttrsToList (hostName: cfg:
+        ensureUsers = mapAttrsToList (hostName: cfg: {
-        { name = cfg.database.user;
+          name = cfg.database.user;
-          ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; };
+          ensurePermissions = {
-        }
+            "${cfg.database.name}.*" = "ALL PRIVILEGES";
-      ) eachSite;
+          };
+        }) eachSite;
       };
 
       services.phpfpm = {
         phpPackage = pkgs.php81;
-      pools = mapAttrs' (hostName: cfg: (
+        pools = mapAttrs' (
-        nameValuePair "invoiceplane-${hostName}" {
+          hostName: cfg:
+          (nameValuePair "invoiceplane-${hostName}" {
             inherit user;
             group = webserver.group;
             settings = {
               "listen.owner" = webserver.user;
               "listen.group" = webserver.group;
             } // cfg.poolConfig;
-        }
+          })
-      )) eachSite;
+        ) eachSite;
       };
 
     }
 
     {
 
-    systemd.tmpfiles.rules = flatten (mapAttrsToList (hostName: cfg: [
+      systemd.tmpfiles.rules = flatten (
+        mapAttrsToList (hostName: cfg: [
           "d ${cfg.stateDir} 0750 ${user} ${webserver.group} - -"
           "f ${cfg.stateDir}/ipconfig.php 0750 ${user} ${webserver.group} - -"
           "d ${cfg.stateDir}/logs 0750 ${user} ${webserver.group} - -"
@@ -325,18 +366,20 @@ in
           "d ${cfg.stateDir}/uploads/temp 0750 ${user} ${webserver.group} - -"
           "d ${cfg.stateDir}/uploads/temp/mpdf 0750 ${user} ${webserver.group} - -"
           "d ${cfg.stateDir}/tmp 0750 ${user} ${webserver.group} - -"
-    ]) eachSite);
+        ]) eachSite
+      );
 
       systemd.services.invoiceplane-config = {
         serviceConfig.Type = "oneshot";
-      script = concatStrings (mapAttrsToList (hostName: cfg:
+        script = concatStrings (
-        ''
+          mapAttrsToList (hostName: cfg: ''
             mkdir -p ${cfg.stateDir}/logs \
                      ${cfg.stateDir}/uploads
             if ! grep -q IP_URL "${cfg.stateDir}/ipconfig.php"; then
               cp "${invoiceplane-config hostName cfg}" "${cfg.stateDir}/ipconfig.php"
             fi
-        '') eachSite);
+          '') eachSite
+        );
         wantedBy = [ "multi-user.target" ];
       };
 
@@ -350,50 +393,57 @@ in
 
       # Cron service implementation
 
-    systemd.timers = mapAttrs' (hostName: cfg: (
+      systemd.timers = mapAttrs' (
-      nameValuePair "invoiceplane-cron-${hostName}" (mkIf cfg.cron.enable {
+        hostName: cfg:
+        (nameValuePair "invoiceplane-cron-${hostName}" (
+          mkIf cfg.cron.enable {
             wantedBy = [ "timers.target" ];
             timerConfig = {
               OnBootSec = "5m";
               OnUnitActiveSec = "5m";
               Unit = "invoiceplane-cron-${hostName}.service";
             };
-      })
+          }
-    )) eachSite;
+        ))
+      ) eachSite;
 
-    systemd.services =
+      systemd.services = mapAttrs' (
-      mapAttrs' (hostName: cfg: (
+        hostName: cfg:
-        nameValuePair "invoiceplane-cron-${hostName}" (mkIf cfg.cron.enable {
+        (nameValuePair "invoiceplane-cron-${hostName}" (
+          mkIf cfg.cron.enable {
             serviceConfig = {
               Type = "oneshot";
               User = user;
               ExecStart = "${pkgs.curl}/bin/curl --header 'Host: ${hostName}' http://localhost/invoices/cron/recur/${cfg.cron.key}";
             };
-        })
+          }
-    )) eachSite;
+        ))
+      ) eachSite;
 
     }
 
     (mkIf (cfg.webserver == "caddy") {
       services.caddy = {
         enable = true;
-      virtualHosts = mapAttrs' (hostName: cfg: (
+        virtualHosts = mapAttrs' (
-        nameValuePair "http://${hostName}" {
+          hostName: cfg:
+          (nameValuePair "http://${hostName}" {
             extraConfig = ''
               root * ${pkg hostName cfg}
               file_server
               php_fastcgi unix/${config.services.phpfpm.pools."invoiceplane-${hostName}".socket}
             '';
-        }
+          })
-      )) eachSite;
+        ) eachSite;
       };
     })
 
     (mkIf (cfg.webserver == "nginx") {
       services.nginx = {
         enable = true;
-      virtualHosts = mapAttrs' (hostName: cfg: (
+        virtualHosts = mapAttrs' (
-        nameValuePair hostName {
+          hostName: cfg:
+          (nameValuePair hostName {
             root = pkg hostName cfg;
             extraConfig = ''
               index index.php index.html index.htm;
@@ -422,8 +472,8 @@ in
                 '';
               };
             };
-        }
+          })
-      )) eachSite;
+        ) eachSite;
       };
     })
 

modules/nextcloud/default.nix

@@ -6,7 +6,8 @@
 }:
 let
   psCfg = config.pub-solar;
-in {
+in
+{
   home-manager.users."${psCfg.user.name}" = {
     systemd.user.services.nextcloud-client = import ./nextcloud.service.nix pkgs;
   };

modules/nextcloud/nextcloud.service.nix

@@ -1,11 +1,11 @@
 pkgs: {
   Unit = {
     Description = "Nextcloud Client";
-    BindsTo = ["sway-session.target"];
+    BindsTo = [ "sway-session.target" ];
-    Wants = ["graphical-session-pre.target"];
+    Wants = [ "graphical-session-pre.target" ];
-    After = ["graphical-session-pre.target"];
+    After = [ "graphical-session-pre.target" ];
     # ConditionEnvironment requires systemd v247 to work correctly
-    ConditionEnvironment = ["WAYLAND_DISPLAY"];
+    ConditionEnvironment = [ "WAYLAND_DISPLAY" ];
   };
   Service = {
     Type = "simple";
@@ -15,6 +15,6 @@ pkgs: {
     Restart = "on-failure";
   };
   Install = {
-    WantedBy = ["sway-session.target"];
+    WantedBy = [ "sway-session.target" ];
   };
 }

modules/nix/default.nix

@@ -4,8 +4,11 @@
   lib,
   flake,
   ...
-}: {
+}:
-  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
+{
+  nixpkgs.config.allowUnfreePredicate =
+    pkg:
+    builtins.elem (lib.getName pkg) [
       "1password"
       "1password-cli"
       "brscan5"
@@ -19,7 +22,7 @@
     ];
 
   system.activationScripts.diff-closures = {
-    text =''
+    text = ''
       if [[ -e /run/current-system ]]; then
         ${config.nix.package}/bin/nix store diff-closures \
           /run/current-system "$systemConfig" \
@@ -42,24 +45,22 @@
       system.flake = flake.self;
     };
 
-
     settings = {
       # Improve nix store disk usage
       auto-optimise-store = true;
       # Prevents impurities in builds
       sandbox = true;
       # Give root and @wheel special privileges with nix
-      trusted-users = ["root" "@wheel"];
+      trusted-users = [
+        "root"
+        "@wheel"
+      ];
       # Allow only group wheel to connect to the nix daemon
-      allowed-users = ["@wheel"];
+      allowed-users = [ "@wheel" ];
 
-      substituters = [
+      substituters = [ "https://pub-solar.cachix.org/" ];
-        "https://pub-solar.cachix.org/"
-      ];
 
-      trusted-public-keys = [
+      trusted-public-keys = [ "pub-solar.cachix.org-1:ZicXIxKgdxMtgSJECWR8iihZxHRvu8ObL4n2cuBmtos=" ];
-        "pub-solar.cachix.org-1:ZicXIxKgdxMtgSJECWR8iihZxHRvu8ObL4n2cuBmtos="
-      ];
     };
 
     # Generally useful nix option defaults

modules/office/default.nix

@@ -6,7 +6,8 @@
 }:
 let
   psCfg = config.pub-solar;
-in {
+in
+{
   programs.evince.enable = true;
 
   users.users."${psCfg.user.name}".packages = with pkgs; [

modules/printing/default.nix

@@ -7,7 +7,8 @@
 }:
 let
   psCfg = config.pub-solar;
-in {
+in
+{
   services.avahi.enable = true;
   services.avahi.ipv6 = true;
   services.avahi.nssmdns4 = true;
@@ -16,7 +17,7 @@ in {
 
   services.printing.enable = true;
   services.printing.browsing = true;
-  services.printing.listenAddresses = ["localhost:631"];
+  services.printing.listenAddresses = [ "localhost:631" ];
   services.printing.defaultShared = lib.mkDefault false;
 
   services.printing.drivers = [
@@ -30,10 +31,13 @@ in {
   };
 
   users.users."${psCfg.user.name}" = {
-    extraGroups = ["lp" "scanner"];
+    extraGroups = [
+      "lp"
+      "scanner"
+    ];
   };
 
-  networking.hosts = flake.self.lib.addLocalHostname ["cups.local"];
+  networking.hosts = flake.self.lib.addLocalHostname [ "cups.local" ];
 
   # Allow port 8612, used by sane-pixma(5) for scanner detection
   networking.firewall.allowedTCPPorts = [ 8612 ];

modules/terminal-life/bash/default.nix

@@ -3,19 +3,28 @@
   flake,
   pkgs,
   ...
-}: let
+}:
+let
   psCfg = config.pub-solar;
   xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-in {
+in
+{
   enable = true;
 
-  historyControl = ["ignoredups" "ignorespace"];
+  historyControl = [
+    "ignoredups"
+    "ignorespace"
+  ];
   historyFileSize = 300000;
 
   # Run when initializing a login shell
-  profileExtra = if config.programs.sway.enable then ''
+  profileExtra =
+    if config.programs.sway.enable then
+      ''
         [ "$(tty)" = "/dev/tty1" ] && exec systemd-cat --identifier=sway ${pkgs.sway}/bin/sway
-  '' else "";
+      ''
+    else
+      "";
 
   # Run when initializing an interactive shell
   initExtra = ''

modules/terminal-life/default.nix

@@ -8,7 +8,8 @@
 let
   psCfg = config.pub-solar;
   cfg = config.pub-solar.terminal-life;
-in {
+in
+{
   options.pub-solar.terminal-life = {
     full = lib.mkOption {
       description = ''
@@ -26,7 +27,9 @@ in {
     # until https://github.com/nix-community/nix-index/pull/227 is merged
     programs.nix-index.enableBashIntegration = false;
 
-    users.users."${psCfg.user.name}".packages = with pkgs; [
+    users.users."${psCfg.user.name}".packages =
+      with pkgs;
+      [
         asciinema
         bat
         blesh
@@ -35,17 +38,16 @@ in {
         fd
         jump
         (nnn.overrideAttrs (o: {
-        patches =
+          patches = (o.patches or [ ]) ++ [ ./nnn/0001-feat-use-wasd-keybindings-for-jkli.patch ];
-          (o.patches or [])
-          ++ [
-            ./nnn/0001-feat-use-wasd-keybindings-for-jkli.patch
-          ];
         }))
         powerline
         ripgrep
         screen
         watson
-    ] ++ (if cfg.full then [
+      ]
+      ++ (
+        if cfg.full then
+          [
             binutils
             jq
 
@@ -58,7 +60,10 @@ in {
             nixpkgs-review
             nix-update
             nix-search-cli
-    ] else []);
+          ]
+        else
+          [ ]
+      );
 
     # Get completion for system packages
     # https://nix-community.github.io/home-manager/options.xhtml#opt-programs.bash.enableCompletion
@@ -111,7 +116,7 @@ in {
       xdg.dataFile."nvim/json-schemas/caddy_schema.json".source = .local/share/nvim/json-schemas/caddy_schema.json;
       xdg.dataFile."nvim/templates/.keep".text = "";
 
-      programs.git = import ./git {};
+      programs.git = import ./git { };
       xdg.configFile."git/config".text = import ./.config/git/config.nix {
         inherit config;
         inherit pkgs;
@@ -125,7 +130,7 @@ in {
         inherit pkgs;
       };
 
-      programs.direnv = import ./direnv {};
+      programs.direnv = import ./direnv { };
     };
   };
 }

modules/terminal-life/fzf/default.nix

@@ -1,8 +1,5 @@
+{ config, pkgs, ... }:
 {
-  config,
-  pkgs,
-  ...
-}: {
   enable = true;
   defaultCommand = "fd --hidden --type f --exclude .git";
   defaultOptions = [

modules/terminal-life/nvim/default.nix

@@ -3,11 +3,13 @@
   pkgs,
   lib,
   ...
-}: let
+}:
+let
   psCfg = config.pub-solar;
   cfg = config.pub-solar.terminal-life;
   xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-in {
+in
+{
   enable = true;
 
   viAlias = true;
@@ -44,7 +46,9 @@ in {
     # terraform-ls
   ];
 
-  plugins = with pkgs.vimPlugins; [
+  plugins =
+    with pkgs.vimPlugins;
+    [
       # The status bar in the bottom of the screen with the mode indication and file location
       vim-airline
 
@@ -97,7 +101,10 @@ in {
 
       # Work with tags files
       vim-gutentags
-  ] ++ (if cfg.full then [
+    ]
+    ++ (
+      if cfg.full then
+        [
           nvim-treesitter.withAllGrammars
 
           # Dependencies for nvim-lspconfig
@@ -118,9 +125,13 @@ in {
 
           # JSON schemas
           SchemaStore-nvim
-  ] else []);
+        ]
+      else
+        [ ]
+    );
 
-  extraConfig = builtins.concatStringsSep "\n" ([
+  extraConfig = builtins.concatStringsSep "\n" (
+    [
       ''
         " Persistent undo
         set undofile
@@ -134,8 +145,15 @@ in {
       (builtins.readFile ./clipboard.vim)
       (builtins.readFile ./ui.vim)
       (builtins.readFile ./lastplace.lua)
-  ] ++ (if cfg.full then [
+    ]
+    ++ (
+      if cfg.full then
+        [
           (builtins.readFile ./lsp.vim)
           (builtins.readFile ./cmp.vim)
-  ] else []));
+        ]
+      else
+        [ ]
+    )
+  );
 }

modules/user/default.nix

@@ -3,14 +3,13 @@
   pkgs,
   lib,
   ...
-}: let
+}:
+let
   psCfg = config.pub-solar;
   inherit (lib) mkIf mkOption types;
 in
 {
-  imports = [
+  imports = [ ./home.nix ];
-    ./home.nix
-  ];
 
   options.pub-solar = {
     user = {
@@ -37,7 +36,7 @@ in
       publicKeys = mkOption {
         description = "User SSH public keys";
         type = types.listOf types.str;
-        default = [];
+        default = [ ];
       };
       fullName = mkOption {
         description = "User full name";
@@ -74,24 +73,18 @@ in
           "wheel"
         ];
         shell = pkgs.bash;
-        initialHashedPassword =
+        initialHashedPassword = if psCfg.user.password != null then psCfg.user.password else "";
-          if psCfg.user.password != null
+        openssh.authorizedKeys.keys = if psCfg.user.publicKeys != null then psCfg.user.publicKeys else [ ];
-          then psCfg.user.password
-          else "";
-        openssh.authorizedKeys.keys =
-          if psCfg.user.publicKeys != null
-          then psCfg.user.publicKeys
-          else [];
       };
     };
 
     security.sudo.extraRules = mkIf psCfg.user.passwordlessSudo [
       {
-        users = ["${psCfg.user.name}"];
+        users = [ "${psCfg.user.name}" ];
         commands = [
           {
             command = "ALL";
-            options = ["NOPASSWD"];
+            options = [ "NOPASSWD" ];
           }
         ];
       }

modules/user/home.nix

@@ -7,10 +7,9 @@
 let
   psCfg = config.pub-solar;
   xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-in {
+in
-  imports = [
+{
-    ./session-variables.nix
+  imports = [ ./session-variables.nix ];
-  ];
 
   home-manager.users."${psCfg.user.name}" = {
     # Let Home Manager install and manage itself.

modules/user/mimeapps.nix

@@ -1,27 +1,27 @@
 {
   enable = true;
   defaultApplications = {
-    "application/octet-stream" = ["firefox.desktop"];
+    "application/octet-stream" = [ "firefox.desktop" ];
-    "application/pdf" = ["org.gnome.Evince.desktop"];
+    "application/pdf" = [ "org.gnome.Evince.desktop" ];
-    "application/x-bittorrent" = ["deluge.desktop"];
+    "application/x-bittorrent" = [ "deluge.desktop" ];
-    "application/x-extension-htm" = ["firefox.desktop"];
+    "application/x-extension-htm" = [ "firefox.desktop" ];
-    "application/x-extension-html" = ["firefox.desktop"];
+    "application/x-extension-html" = [ "firefox.desktop" ];
-    "application/x-extension-shtml" = ["firefox.desktop"];
+    "application/x-extension-shtml" = [ "firefox.desktop" ];
-    "application/x-extension-xhtml" = ["firefox.desktop"];
+    "application/x-extension-xhtml" = [ "firefox.desktop" ];
-    "application/x-extension-xht" = ["firefox.desktop"];
+    "application/x-extension-xht" = [ "firefox.desktop" ];
-    "application/xhtml+xml" = ["firefox.desktop"];
+    "application/xhtml+xml" = [ "firefox.desktop" ];
-    "image/jpeg" = ["org.gnome.eog.desktop"];
+    "image/jpeg" = [ "org.gnome.eog.desktop" ];
-    "image/png" = ["org.gnome.eog.desktop"];
+    "image/png" = [ "org.gnome.eog.desktop" ];
-    "message/rfc822" = ["userapp-Thunderbird.desktop"];
+    "message/rfc822" = [ "userapp-Thunderbird.desktop" ];
-    "text/html" = ["firefox.desktop"];
+    "text/html" = [ "firefox.desktop" ];
-    "text/plain" = ["firefox.desktop"];
+    "text/plain" = [ "firefox.desktop" ];
-    "video/mp4" = ["vlc.desktop"];
+    "video/mp4" = [ "vlc.desktop" ];
-    "x-scheme-handler/chrome" = ["firefox.desktop"];
+    "x-scheme-handler/chrome" = [ "firefox.desktop" ];
-    "x-scheme-handler/ftp" = ["firefox.desktop"];
+    "x-scheme-handler/ftp" = [ "firefox.desktop" ];
-    "x-scheme-handler/http" = ["firefox.desktop"];
+    "x-scheme-handler/http" = [ "firefox.desktop" ];
-    "x-scheme-handler/https" = ["firefox.desktop"];
+    "x-scheme-handler/https" = [ "firefox.desktop" ];
-    "x-scheme-handler/mailto" = ["userapp-Thunderbird.desktop"];
+    "x-scheme-handler/mailto" = [ "userapp-Thunderbird.desktop" ];
-    "x-scheme-handler/msteams" = ["teams.desktop"];
+    "x-scheme-handler/msteams" = [ "teams.desktop" ];
-    "x-scheme-handler/tg" = ["userapp-Telegram Desktop-JBKFU0.desktop"];
+    "x-scheme-handler/tg" = [ "userapp-Telegram Desktop-JBKFU0.desktop" ];
   };
 }

modules/user/session-variables.nix

@@ -3,7 +3,8 @@
   pkgs,
   lib,
   ...
-}: let
+}:
+let
   psCfg = config.pub-solar;
   xdg = config.home-manager.users."${psCfg.user.name}".xdg;
   variables = {
@@ -84,7 +85,8 @@
     FZF_DEFAULT_OPTS = lib.mkForce "--color=bg+:#2d2a2e,bg:#1a181a,spinner:#ef9062,hl:#7accd7 --color=fg:#d3d1d4,header:#7accd7,info:#e5c463,pointer:#ef9062 --color=marker:#ef9062,fg+:#d3d1d4,prompt:#e5c463,hl+:#7accd7";
 
     # nnn theme colors
-    NNN_FCOLORS = let
+    NNN_FCOLORS =
+      let
         BLK = "04";
         CHR = "04";
         DIR = "04";
@@ -100,7 +102,8 @@
       in
       BLK + CHR + DIR + EXE + REG + HARDLINK + SYMLINK + MISSING + ORPHAN + FIFO + SOCK + OTHER;
   };
-in {
+in
+{
   environment.variables = variables;
 
   home-manager.users."${psCfg.user.name}" = {

modules/virtualisation/default.nix

@@ -6,7 +6,8 @@
 }:
 let
   psCfg = config.pub-solar;
-in {
+in
+{
   boot.kernelParams = [
     "amd_iommu=on"
     "intel_iommu=on"
@@ -18,7 +19,7 @@ in {
     qemu.ovmf.enable = true;
   };
   users.users."${psCfg.user.name}" = {
-    extraGroups = ["libvirtd"];
+    extraGroups = [ "libvirtd" ];
   };
 
   environment.systemPackages = with pkgs; [
@@ -37,12 +38,10 @@ in {
 
   home-manager.users."${psCfg.user.name}" = {
     xdg.dataFile."libvirt/.keep".text = "# this file is here to generate the directory";
-    home.packages = [pkgs.obs-studio-plugins.looking-glass-obs];
+    home.packages = [ pkgs.obs-studio-plugins.looking-glass-obs ];
   };
 
-  systemd.tmpfiles.rules = [
+  systemd.tmpfiles.rules = [ "f  /dev/shm/looking-glass  0660  ${psCfg.user.name}  kvm" ];
-    "f  /dev/shm/looking-glass  0660  ${psCfg.user.name}  kvm"
-  ];
   #networking.bridges.virbr1.interfaces = [];
   #networking.interfaces.virbr1 = {
   #  ipv4.addresses = [

modules/wireguard-client/default.nix

@@ -8,7 +8,8 @@ let
   psCfg = config.pub-solar;
   cfg = config.pub-solar.wireguard-client;
   inherit (lib) mkOption types;
-in {
+in
+{
   options.pub-solar.wireguard-client = {
     ownIPs = mkOption {
       description = ''
@@ -26,7 +27,7 @@ in {
   };
 
   config = {
-    networking.firewall.allowedUDPPorts = [51899];
+    networking.firewall.allowedUDPPorts = [ 51899 ];
 
     networking.wg-quick.interfaces = {
       wg0 = {

overlays/blesh.nix

@@ -3,18 +3,14 @@ final: prev: {
     inherit (prev.sources.blesh-nvfetcher) version src;
 
     dontBuild = false;
-    buildInputs = [
+    buildInputs = [ prev.gitMinimal ];
-      prev.gitMinimal
-    ];
 
     patchPhase = ''
       substituteInPlace GNUmakefile \
         --replace "git submodule update --init --recursive" ""
     '';
 
-    installFlags = [
+    installFlags = [ "PREFIX=$(out)" ];
-      "PREFIX=$(out)"
-    ];
 
     installPhase = ''
       source $stdenv/setup

overlays/default.nix

@@ -3,16 +3,22 @@
   lib,
   inputs,
   ...
-}: {
+}:
+{
   flake = {
     nixosModules = rec {
-      overlays = ({ ... }: {
+      overlays = (
+        { ... }:
+        {
           nixpkgs.overlays = [
-          (final: prev:
+            (
+              final: prev:
               let
                 unstable = import inputs.unstable {
                   system = prev.system;
-              config.allowUnfreePredicate = pkg: builtins.elem (prev.lib.getName pkg) [
+                  config.allowUnfreePredicate =
+                    pkg:
+                    builtins.elem (prev.lib.getName pkg) [
                       "1password"
                       "1password-cli"
                       "slack"
@@ -23,7 +29,8 @@
                 neovim-unwrapped = unstable.neovim-unwrapped;
                 vimPlugins = unstable.vimPlugins;
                 #vimPlugins = prev.vimPlugins // {inherit (unstable.vimPlugins) nvim-lspconfig;};
-          })
+              }
+            )
             (import ../pkgs)
             (import ./blesh.nix)
             (import ./mdbook-multilang.nix inputs)
@@ -31,7 +38,8 @@
             (import ./prr.nix)
             (import ./neovim-plugins.nix)
           ];
-      });
+        }
+      );
     };
   };
 }

overlays/mdbook-multilang.nix

@@ -11,10 +11,12 @@ inputs: final: prev: {
       sha256 = "sha256-gJnQKHssO2ChiT4d037Lncd7hiOa5uh756p8TzPzbgQ=";
     };
 
-    cargoDeps = oldAttrs.cargoDeps.overrideAttrs (prev.lib.const {
+    cargoDeps = oldAttrs.cargoDeps.overrideAttrs (
+      prev.lib.const {
         name = "${pname}-vendor.tar.gz";
         inherit src;
         outputHash = "sha256-QCEyl5FZqECYYb5eRm8mn+R6owt+CLQwCq/AMMPygE0=";
-    });
+      }
+    );
   });
 }

overlays/neovim-plugins.nix

@@ -1,7 +1,5 @@
 final: prev: {
-  vimPlugins =
+  vimPlugins = prev.vimPlugins // {
-    prev.vimPlugins
-    // {
     instant-nvim-nvfetcher = prev.vimUtils.buildVimPlugin {
       inherit (prev.sources.instant-nvim-nvfetcher) pname version src;
     };

overlays/nix-index.nix

@@ -9,11 +9,13 @@ final: prev: {
     };
     version = "unstable-2024-06-12";
 
-    cargoDeps = oldAttrs.cargoDeps.overrideAttrs (prev.lib.const {
+    cargoDeps = oldAttrs.cargoDeps.overrideAttrs (
+      prev.lib.const {
         name = "${pname}-vendor.tar.gz";
         inherit src;
         outputHash = "sha256-pZCGeZK5AJrxcrqXC5NZhGDda+90rRdWXy00CYD8SYY=";
-    });
+      }
+    );
 
     postInstall = ''
       substituteInPlace etc/command-not-found.* \

overlays/prr.nix

@@ -23,8 +23,8 @@ final: prev: {
     meta = with prev.lib; {
       homepage = "https://github.com/TritonDataCenter/prr";
       description = "Tooling to assist with GitHub pull requests";
-      platforms = ["x86_64-linux"];
+      platforms = [ "x86_64-linux" ];
-      maintainers = with maintainers; [teutat3s];
+      maintainers = with maintainers; [ teutat3s ];
     };
   };
 }

pkgs/cockroach.nix

@@ -1,6 +1,6 @@
 self:
 with self;
-  stdenv.mkDerivation rec {
+stdenv.mkDerivation rec {
   pname = "cockroachdb";
   version = "22.2.7";
 
@@ -8,8 +8,8 @@ with self;
     url = "https://binaries.cockroachdb.com/cockroach-v${version}.linux-amd64.tgz";
     sha256 = "sha256-do426BaZdPqXcc/aQnRAgVTBCJ/OiNbSuCpwVTM2m0I=";
   };
-    buildInputs = [stdenv.cc.cc];
+  buildInputs = [ stdenv.cc.cc ];
-    nativeBuildInputs = [autoPatchelfHook];
+  nativeBuildInputs = [ autoPatchelfHook ];
 
   installPhase = ''
     install -D -m755 cockroach $out/bin/cockroach
@@ -18,7 +18,7 @@ with self;
   meta = {
     homepage = "https://www.cockroachlabs.com";
     description = "A scalable, survivable, strongly-consistent SQL database";
-      platforms = ["x86_64-linux"];
+    platforms = [ "x86_64-linux" ];
     maintainers = [ lib.maintainers.mic92 ];
   };
-  }
+}

pkgs/default.nix

@@ -1,10 +1,11 @@
-final: prev:
+final: prev: with prev; {
-with prev; {
   # keep sources this first
-  sources = callPackage (import ./_sources/generated.nix) {};
+  sources = callPackage (import ./_sources/generated.nix) { };
   # then, call packages with `final.callPackage`
   gpu-switch = writeShellScriptBin "gpu-switch" (import ./gpu-switch.nix final);
-  import-gtk-settings = writeShellScriptBin "import-gtk-settings" (import ./import-gtk-settings.nix final);
+  import-gtk-settings = writeShellScriptBin "import-gtk-settings" (
+    import ./import-gtk-settings.nix final
+  );
   lgcl = writeShellScriptBin "lgcl" (import ./lgcl.nix final);
   mailto-mutt = writeShellScriptBin "mailto-mutt" (import ./mailto-mutt.nix final);
   mopidy-jellyfin = import ./mopidy-jellyfin.nix final;
@@ -18,7 +19,9 @@ with prev; {
   swaylock-bg = writeShellScriptBin "swaylock-bg" (import ./swaylock-bg.nix final);
   toggle-kbd-layout = writeShellScriptBin "toggle-kbd-layout" (import ./toggle-kbd-layout.nix final);
   wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final);
-  drone-docker-runner = writeShellScriptBin "drone-docker-runner" (import ./drone-docker-runner.nix final);
+  drone-docker-runner = writeShellScriptBin "drone-docker-runner" (
+    import ./drone-docker-runner.nix final
+  );
   record-screen = writeShellScriptBin "record-screen" (import ./record-screen.nix final);
   cockroach-bin = import ./cockroach.nix final;
   prison-break = import ./prison-break.nix final;

pkgs/drone-docker-runner.nix

@@ -1,5 +1,4 @@
-self:
+self: with self; ''
-with self; ''
   case $1 in
     start)
       ${self.docker}/bin/docker run --detach \

pkgs/gpu-switch.nix

@@ -1,5 +1,4 @@
-self:
+self: with self; ''
-with self; ''
   # Copyright (c) 2014-2015 Bruno Bierbaumer, Andreas Heider
 
   readonly sysfs_efi_vars='/sys/firmware/efi/efivars'

pkgs/import-gtk-settings.nix

@@ -1,5 +1,4 @@
-self:
+self: with self; ''
-with self; ''
   # usage: import-gsettings <gsettings key>:<settings.ini key> <gsettings key>:<settings.ini key> ...
 
   expression=""

pkgs/lgcl.nix

@@ -1,8 +1,13 @@
 self:
-with self; let
+with self;
+let
   looking-glass-client = self.looking-glass-client.overrideAttrs (old: {
-    meta.platforms = ["x86_64-linux" "aarch64-linux"];
+    meta.platforms = [
+      "x86_64-linux"
+      "aarch64-linux"
+    ];
   });
-in ''
+in
+''
   ${looking-glass-client}/bin/looking-glass-client -f /dev/shm/looking-glass input:ignoreWindowsKeys=yes input:grabKeyboardOnFocus=no
 ''

pkgs/mailto-mutt.nix

@@ -1,5 +1,4 @@
-self:
+self: with self; ''
-with self; ''
   mkdir -p $XDG_CACHE_HOME/log
 
   LOGFILE=$XDG_CACHE_HOME/log/mailto.log

pkgs/mopidy-jellyfin.nix

@@ -1,5 +1,6 @@
 self:
-with self; let
+with self;
+let
   websocket-client = python3.pkgs.buildPythonPackage rec {
     pname = "websocket-client";
     version = "1.2.1";
@@ -10,7 +11,7 @@ with self; let
     };
   };
 in
-  python3.pkgs.buildPythonPackage rec {
+python3.pkgs.buildPythonPackage rec {
   pname = "Mopidy-Jellyfin";
   version = "1.0.2";
   doCheck = false;
@@ -26,4 +27,4 @@ in
     inherit pname version;
     sha256 = "sha256-5XimIIQSpvNyQbSOFtSTkA0jhA0V68BbyQEQNnov+0g=";
   };
-  }
+}

pkgs/mu.nix

@@ -1,4 +1,3 @@
-self:
+self: with self; ''
-with self; ''
   exec ${alacritty}/bin/alacritty --class mu_vimpc --option dimensions.columns=120 --option dimensions.lines=80 -e vimpc -- "$@"
 ''

pkgs/notes.nix

@@ -1,5 +1,4 @@
-self:
+self: with self; ''
-with self; ''
   #
   # ack recursively through notes
   #

pkgs/prison-break.nix

@@ -27,15 +27,13 @@ python3.pkgs.buildPythonPackage {
     rev = "15079bb094d37eeba92e17abfb98523076c5800c";
     sha256 = "sha256-MDzAmeJ6wsTm5+unIsYAZmErVN4sEAfih3YwbXkVIPg=";
   };
-  propagatedBuildInputs = with python3.pkgs;[
+  propagatedBuildInputs = with python3.pkgs; [
     docopt
     requests
     beautifulsoup4
     notify2
     straight-plugin
   ];
-  patches = [
+  patches = [ ./prison-break-url.patch ];
-    ./prison-break-url.patch
-  ];
   checkInputs = [ python3.pkgs.black ];
 }

pkgs/psos-docs.nix

@@ -1,6 +1,6 @@
 self:
 with self;
-  stdenv.mkDerivation rec {
+stdenv.mkDerivation rec {
   pname = "psos-docs";
   version = "0.0.1";
   buildInputs = [
@@ -10,7 +10,10 @@ with self;
 
   src = ../docs/..; # wut
 
-    phases = ["buildPhase" "installPhase"];
+  phases = [
+    "buildPhase"
+    "installPhase"
+  ];
 
   buildPhase = ''
     cp -r $src/doc ./doc
@@ -24,4 +27,4 @@ with self;
     mkdir -p $out/lib/
     cp -r doc/book $out/lib/html
   '';
-  }
+}

pkgs/psos.nix

@@ -1,5 +1,4 @@
-self:
+self: with self; ''
-with self; ''
   case $1 in
     rebuild)
       shift;

pkgs/record-screen.nix

@@ -1,5 +1,4 @@
-self:
+self: with self; ''
-with self; ''
   mkdir -p "$HOME/Videos/Screenrecordings"
   GEOMETRY="$(slurp -d -b \#ffffff11)"
   RESOLUTION="$(echo $GEOMETRY | awk '{print $2}')"

pkgs/s.nix

@@ -1,5 +1,4 @@
-self:
+self: with self; ''
-with self; ''
   case $1 in
     d)
       shift;

pkgs/scan2paperless.nix

@@ -1,5 +1,4 @@
-self:
+self: with self; ''
-with self; ''
   echo "$@"
   DUPLEX=,Duplex
   removeempty="true"

pkgs/sway-launcher.nix

@@ -1,5 +1,4 @@
-self:
+self: with self; ''
-with self; ''
   #!/usr/bin/env bash
   # terminal application launcher for sway, using fzf
   # original command: