116 changed files with 1231 additions and 1521 deletions
--- a/.git-blame-ignore-revs
+++ b/.git-blame-ignore-revs
@ -1,4 +1,2 @@
 # Formatted code using treefmt and alejandra
 73bf158392a427d188b7aad36244b94506f57a15
-# nixfmt-rfc-style
-03e5a0ffdaab9b1331ab95ca3e730aaec1d7c151
--- a/default.nix
+++ b/default.nix
@ -8,16 +8,27 @@ let
    "x86_64-linux"
  ];

-  filterSystems = lib.filterAttrs (system: _: lib.elem system ciSystems);
+  filterSystems =
+    lib.filterAttrs
+    (system: _: lib.elem system ciSystems);

  recurseIntoAttrsRecursive = lib.mapAttrs (
-    _: v: if lib.isAttrs v then recurseIntoAttrsRecursive (lib.recurseIntoAttrs v) else v
+    _: v:
+      if lib.isAttrs v
+      then recurseIntoAttrsRecursive (lib.recurseIntoAttrs v)
+      else v
  );

-  systemOutputs = lib.filterAttrs (
+  systemOutputs =
+    lib.filterAttrs
+    (
      name: set:
-    lib.isAttrs set && lib.any (system: set ? ${system} && name != "legacyPackages") ciSystems
-  ) default.outputs;
+        lib.isAttrs set
+        && lib.any
+        (system: set ? ${system} && name != "legacyPackages")
+        ciSystems
+    )
+    default.outputs;

  ciDrvs = lib.mapAttrs (_: system: filterSystems system) systemOutputs;
 in
--- a/flake.nix
+++ b/flake.nix
@ -53,8 +53,7 @@
    wayland-pipewire-idle-inhibit.inputs.flake-parts.follows = "flake-parts";
  };

-  outputs =
-    inputs@{ self, ... }:
+  outputs = inputs@{ self, ...}:
    inputs.flake-parts.lib.mkFlake { inherit inputs; } {
      systems = [
        "x86_64-linux"
@ -72,19 +71,14 @@
        ./overlays
      ];

-      perSystem =
-        args@{
-          system,
-          pkgs,
-          config,
-          ...
-        }:
-        {
+      perSystem = args@{ system, pkgs, config, ... }: {
        _module.args = {
          inherit inputs;
          pkgs = import inputs.nixpkgs {
            inherit system;
-              overlays = [ inputs.agenix.overlays.default ];
+            overlays = [
+              inputs.agenix.overlays.default
+            ];
          };
          unstable = import inputs.unstable { inherit system; };
          master = import inputs.master { inherit system; };
@ -92,18 +86,17 @@

        devShells.default = pkgs.mkShell {
          buildInputs = with pkgs; [
+            deploy-rs
+            nixpkgs-fmt
            agenix
            cachix
-              deploy-rs
-              nixd
-              nixos-generators
-              nvfetcher
-
            editorconfig-checker
            nodePackages.prettier
+            nvfetcher
            shellcheck
            shfmt
            treefmt
+            nixos-generators
          ];
        };
      };
@ -130,10 +123,7 @@
        powder = {
          hostname = "80.71.153.194";
          sshUser = "root";
-            profilesOrder = [
-              "system"
-              "direnv"
-            ];
+          profilesOrder = ["system" "direnv"];
          profiles.direnv = {
            user = "pub-solar";
            path = self.pkgs.x86_64-linux.nixos.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.pub-solar;
--- a/hosts/PubSolarOS.nix
+++ b/hosts/PubSolarOS.nix
@ -1,17 +1,15 @@
-{ suites, ... }:
-{
+{suites, ...}: {
  ### root password is empty by default ###
  ### default password: pub-solar, optional: add your SSH keys
-  imports = suites.iso;
+  imports =
+    suites.iso;

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  networking.networkmanager.enable = true;

-  fileSystems."/" = {
-    device = "/dev/disk/by-label/nixos";
-  };
+  fileSystems."/" = {device = "/dev/disk/by-label/nixos";};

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
--- a/hosts/bootstrap.nix
+++ b/hosts/bootstrap.nix
@ -10,16 +10,15 @@ let

  # Gets hostname of host to be bundled inside iso
  # Copied from https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L3-L11
-  getFqdn =
-    config:
-    let
+  getFqdn = config: let
    net = config.networking;
    fqdn =
-        if (net ? domain) && (net.domain != null) then "${net.hostName}.${net.domain}" else net.hostName;
+      if (net ? domain) && (net.domain != null)
+      then "${net.hostName}.${net.domain}"
+      else net.hostName;
  in
    fqdn;
-in
-{
+in {
  # build with: `nix build ".#nixosConfigurations.bootstrap.config.system.build.isoImage"`
  imports = [
    # profiles.networking
@ -34,9 +33,7 @@ in
    boot.loader.systemd-boot.enable = true;

    # will be overridden by the bootstrapIso instrumentation
-    fileSystems."/" = {
-      device = "/dev/disk/by-label/nixos";
-    };
+    fileSystems."/" = {device = "/dev/disk/by-label/nixos";};

    system.nixos.label = "PubSolarOS-" + config.system.nixos.version;

--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -1,9 +1,4 @@
-{
-  withSystem,
-  self,
-  inputs,
-  ...
-}:
+{ withSystem, self, inputs, ...}:
 {
  flake = {
    nixosConfigurations = {
@ -96,12 +91,7 @@
          self.nixosModules.graphical
          self.nixosModules.audio
          self.nixosModules.bluetooth
-          (
-            { ... }:
-            {
-              pub-solar.graphical.wayland.software-renderer.enable = true;
-            }
-          )
+          ({ ... }: { pub-solar.graphical.wayland.software-renderer.enable = true; })
        ];
      };
    };
--- a/hosts/dumpyourvms/default.nix
+++ b/hosts/dumpyourvms/default.nix
@ -1,5 +1,4 @@
-{ ... }:
-{
+{ ... }: {
  imports = [
    ./dumpyourvms.nix
    ./hardware-configuration.nix
--- a/hosts/dumpyourvms/dumpyourvms.nix
+++ b/hosts/dumpyourvms/dumpyourvms.nix
@ -7,8 +7,7 @@
 let
  psCfg = config.pub-solar;
  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-in
-{
+in {
  pub-solar = {
    terminal-life.full = true;
    core.hibernation = {
@ -24,13 +23,7 @@ in
  # Explicitly set amdgpu support in place of radeon
  # Source: https://github.com/NixOS/nixos-hardware/blob/master/common/gpu/amd/southern-islands/default.nix
  # Try again after https://lists.freedesktop.org/archives/amd-gfx/2023-March/090096.html lands
-  boot.kernelParams = [
-    "acpi_backlight=video"
-    "hid_apple.fnmode=2"
-    "intel_pstate=passive"
-    "radeon.si_support=0"
-    "amdgpu.si_support=1"
-  ];
+  boot.kernelParams = ["acpi_backlight=video" "hid_apple.fnmode=2" "intel_pstate=passive" "radeon.si_support=0" "amdgpu.si_support=1"];
  boot.loader.efi.canTouchEfiVariables = true;

  # Fix for Error switching console mode to 1: unsupported on startup
@ -120,22 +113,24 @@ in
    # to be powered on.
    powerUpCommands = lib.mkBefore (
      "${pkgs.kmod}/bin/modprobe brcmfmac"
-      + lib.optionalString (lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.2") " brcmfmac_wcc"
+      + lib.optionalString
+      (lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.2") " brcmfmac_wcc"
    );
    powerDownCommands = lib.mkBefore (
-      lib.optionalString (lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.2") "${pkgs.kmod}/bin/rmmod brcmfmac_wcc\n"
+      lib.optionalString
+      (lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.2")
+      "${pkgs.kmod}/bin/rmmod brcmfmac_wcc\n"
      + ''
        ${pkgs.kmod}/bin/rmmod brcmfmac
        ${pkgs.systemd}/bin/systemctl stop amd-hybrid-graphics-power-save.service
      ''
    );
    resumeCommands =
-      if config.systemd.services."amd-hybrid-graphics-power-save".enable == true then
-        ''
+      if config.systemd.services."amd-hybrid-graphics-power-save".enable == true
+      then ''
        ${pkgs.systemd}/bin/systemctl start amd-hybrid-graphics-power-save.service
      ''
-      else
-        "";
+      else "";
  };

  # Change lid switch behaviour
@ -155,16 +150,11 @@ in
  services.udev.extraRules =
    # Disable XHC1 wakeup signal to avoid resume getting triggered some time
    # after suspend. Reboot required for this to take effect.
-    lib.optionalString (lib.versionAtLeast config.boot.kernelPackages.kernel.version "3.13")
+    lib.optionalString
+    (lib.versionAtLeast config.boot.kernelPackages.kernel.version "3.13")
    ''SUBSYSTEM=="pci", KERNEL=="0000:00:14.0", ATTR{power/wakeup}="disabled"'';

-  home-manager =
-    pkgs.lib.setAttrByPath
-      [
-        "users"
-        psCfg.user.name
-      ]
-      {
+  home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
    # Custom device sway configs
    xdg.configFile = {
      "sway/config.d/10-applications.conf".source = ./.config/sway/config.d/applications.conf;
--- a/hosts/dumpyourvms/hardware-configuration.nix
+++ b/hosts/dumpyourvms/hardware-configuration.nix
@ -7,20 +7,13 @@
  pkgs,
  modulesPath,
  ...
-}:
-{
+}: {
  imports = [
    #(modulesPath + "/hardware/network/broadcom-43xx.nix")
    (modulesPath + "/installer/scan/not-detected.nix")
  ];

-  boot.initrd.availableKernelModules = [
-    "xhci_pci"
-    "nvme"
-    "usbhid"
-    "usb_storage"
-    "sd_mod"
-  ];
+  boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod"];
  boot.initrd.kernelModules = [];
  boot.kernelModules = ["kvm-intel"];
  boot.extraModulePackages = [];
--- a/hosts/dumpyourvms/networking.nix
+++ b/hosts/dumpyourvms/networking.nix
@ -1,4 +1,8 @@
-{ pkgs, lib, ... }:
+{
+  pkgs,
+  lib,
+  ...
+}:
 {
  systemd.services.wg-quick-wg5.serviceConfig.Type = lib.mkForce "simple";
  systemd.services.wg-quick-wg5.serviceConfig.Restart = "on-failure";
@ -12,16 +16,10 @@
    #];

    hosts = {
-      "10.0.0.42" = [
-        "nomad.service.consul"
-        "nomad.service.cgn-1.consul"
-      ];
+      "10.0.0.42" = ["nomad.service.consul" "nomad.service.cgn-1.consul"];
      "10.0.0.66" = ["consul.service.cgn-1.consul"];
      "10.0.1.9" = ["consul.service.lev-1.consul"];
-      "10.0.0.70" = [
-        "vault.service.consul"
-        "vault.service.cgn-1.consul"
-      ];
+      "10.0.0.70" = ["vault.service.consul" "vault.service.cgn-1.consul"];
      "10.0.0.200" = ["headnode.cgn-1"];
      "10.0.0.201" = ["cn01.cgn-1"];
      "10.0.0.202" = ["cn02.cgn-1"];
@ -46,10 +44,7 @@
      "80.71.153.10" = ["lev-1.api.greenbaum.cloud"];
      "80.71.153.12" = ["lev-1.docker.greenbaum.cloud"];
      "80.71.153.56" = ["lev-1.monitor.greenbaum.cloud"];
-      "192.168.13.25" = [
-        "ryzensun.local"
-        "cloudapi.coal-1.mnx.io"
-      ];
+      "192.168.13.25" = ["ryzensun.local" "cloudapi.coal-1.mnx.io"];
    };

    wireguard.enable = true;
@ -62,11 +57,7 @@
        peers = [
          {
            publicKey = "l0DJLicCrcrixNP6zAWTXNSEaNM2jML253BXEZ1KpiU=";
-            allowedIPs = [
-              "10.8.8.16/32"
-              "10.0.0.0/24"
-              "10.88.88.0/24"
-            ];
+            allowedIPs = ["10.8.8.16/32" "10.0.0.0/24" "10.88.88.0/24"];
            endpoint = "85.88.23.16:51820";
            persistentKeepalive = 25;
          }
@ -97,10 +88,7 @@
          {
            publicKey = "nYMmaCIW8lZ7SokivN8HXxYDch+SS1G7ab1SC9meDAw=";
            presharedKeyFile = "/etc/wireguard/wg2.presharedkey";
-            allowedIPs = [
-              "10.6.6.1/32"
-              "10.1.1.0/24"
-            ];
+            allowedIPs = ["10.6.6.1/32" "10.1.1.0/24"];
            endpoint = "85.88.23.127:51820";
            persistentKeepalive = 16;
          }
@ -115,11 +103,7 @@
          {
            publicKey = "7RRgfZSneqAtAHBeI6+aaYLqz9e1jikg/lIK8mhW928=";
            presharedKeyFile = "/etc/wireguard/wg3.presharedkey";
-            allowedIPs = [
-              "10.11.11.0/24"
-              "192.168.1.0/24"
-              "10.0.1.0/24"
-            ];
+            allowedIPs = ["10.11.11.0/24" "192.168.1.0/24" "10.0.1.0/24"];
            endpoint = "80.71.153.1:51820";
            persistentKeepalive = 16;
          }
@ -163,52 +147,33 @@
        ];
      };
      wg6 = {
-        address = [
-          "10.7.6.201/32"
-          "fd00:fae:fae:fae:fae:201::/96"
-        ];
+        address = ["10.7.6.201/32" "fd00:fae:fae:fae:fae:201::/96"];
        privateKeyFile = "/etc/wireguard/wg6.privatekey";

        peers = [
-          {
-            # nachtigall.pub.solar
+          { # nachtigall.pub.solar
            publicKey = "qzNywKY9RvqTnDO8eLik75/SHveaSk9OObilDzv+xkk=";
-            allowedIPs = [
-              "10.7.6.1/32"
-              "fd00:fae:fae:fae:fae:1::/96"
-            ];
+            allowedIPs = [ "10.7.6.1/32" "fd00:fae:fae:fae:fae:1::/96" ];
            #endpoint = "138.201.80.102:51820";
            endpoint = "[2a01:4f8:172:1c25::1]:51820";
            persistentKeepalive = 15;
          }
-          {
-            # flora-6.pub.solar
+          { # flora-6.pub.solar
            publicKey = "jtSR5G2P/nm9s8WrVc26Xc/SQLupRxyXE+5eIeqlsTU=";
-            allowedIPs = [
-              "10.7.6.2/32"
-              "fd00:fae:fae:fae:fae:2::/96"
-            ];
+            allowedIPs = [ "10.7.6.2/32" "fd00:fae:fae:fae:fae:2::/96" ];
            endpoint = "80.71.153.210:51820";
            persistentKeepalive = 15;
          }
-          {
-            # metronom.pub.solar
+          { # metronom.pub.solar
            publicKey = "zOSYGO7MfnOOUnzaTcWiKRQM0qqxR3JQrwx/gtEtHmo=";
-            allowedIPs = [
-              "10.7.6.3/32"
-              "fd00:fae:fae:fae:fae:3::/96"
-            ];
+            allowedIPs = [ "10.7.6.3/32" "fd00:fae:fae:fae:fae:3::/96" ];
            endpoint = "49.13.236.167:51820";
            #endpoint = "[2a01:4f8:c2c:7082::]:51820";
            persistentKeepalive = 15;
          }
-          {
-            # tankstelle.pub.solar
+          { # tankstelle.pub.solar
            publicKey = "iRTlY1lB7nPXf2eXzX8ZZDkfMmXyGjff5/joccbP8Cg=";
-            allowedIPs = [
-              "10.7.6.4/32"
-              "fd00:fae:fae:fae:fae:4::/96"
-            ];
+            allowedIPs = [ "10.7.6.4/32" "fd00:fae:fae:fae:fae:4::/96" ];
            #endpoint = "80.244.242.5:51820";
            endpoint = "[2001:4d88:1ffa:26::5]:51820";
            persistentKeepalive = 15;
@ -218,10 +183,7 @@
      # mozillavpn
      moz0 = {
        autostart = false;
-        address = [
-          "10.142.131.196/32"
-          "fc00:bbbb:bbbb:bb01:d:0:e:83c4/128"
-        ];
+        address = ["10.142.131.196/32" "fc00:bbbb:bbbb:bb01:d:0:e:83c4/128"];
        privateKeyFile = "/etc/wireguard/moz0.privatekey";
        #postUp = "resolvectl dns wg4 fdaa:1:3234::3; resolvectl domain wg4 ~internal";
        #preDown = "resolvectl revert wg4";
@ -232,10 +194,7 @@
        peers = [
          {
            publicKey = "ku1NYeOAGbY65YL/JKZhrqVzDJKXQiVj9USXbfkOBA0=";
-            allowedIPs = [
-              "0.0.0.0/0"
-              "::/0"
-            ];
+            allowedIPs = ["0.0.0.0/0" "::/0"];
            endpoint = "185.254.75.3:36294";
          }
        ];
--- a/hosts/fae/default.nix
+++ b/hosts/fae/default.nix
@ -1,5 +1,4 @@
-{ ... }:
-{
+{...}: {
  imports = [
    ./paperless.nix
    ./invoiceplane.nix
--- a/hosts/fae/fae.nix
+++ b/hosts/fae/fae.nix
@ -3,8 +3,7 @@
  lib,
  pkgs,
  ...
-}:
-{
+}: {
  config = {
    pub-solar.core.disk-encryption-active = false;

@ -24,7 +23,9 @@
      allowSFTP = true;
    };

-    boot.kernelParams = [ "boot.shell_on_fail=1" ];
+    boot.kernelParams = [
+	    "boot.shell_on_fail=1"
+    ];

    # Would decrease closure size, but currenly broken (cairo)
    #environment.noXlibs = true;
@ -38,10 +39,7 @@
        auto-optimise-store = true;
        sandbox = true;
        allowed-users = ["@wheel"];
-        trusted-users = [
-          "root"
-          "@wheel"
-        ];
+        trusted-users = ["root" "@wheel"];
      };

      extraOptions = ''
--- a/hosts/fae/invoiceplane.nix
+++ b/hosts/fae/invoiceplane.nix
@ -4,13 +4,11 @@
  pkgs,
  lib,
  ...
-}:
-let
+}: let
  psCfg = config.pub-solar;
  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
  backupDir = "/var/lib/invoiceplane/backup";
-in
-{
+in {
  security.acme.certs = {
    "billing.faenix.eu" = {};
  };
@ -27,9 +25,7 @@ in
    sites."billing.faenix.eu" = {
      enable = true;

-      invoiceTemplates = [
-        flake.self.inputs.invoiceplane-template.packages.${pkgs.system}.invoiceplane-template
-      ];
+      invoiceTemplates = [ flake.self.inputs.invoiceplane-template.packages.${pkgs.system}.invoiceplane-template ];

      settings = {
        IP_URL = "https://billing.faenix.eu";
@ -53,7 +49,9 @@ in
    };
  };

-  systemd.tmpfiles.rules = [ "d '${backupDir}' 0700 root root - -" ];
+  systemd.tmpfiles.rules = [
+    "d '${backupDir}' 0700 root root - -"
+  ];

  #services.restic.backups = {
  #  invoiceplane = {
--- a/hosts/fae/paperless.nix
+++ b/hosts/fae/paperless.nix
@ -13,8 +13,7 @@ let
  backupDir = "${xdg.dataHome}/PaperlessBackup";
  consumptionDir = "/home/${psCfg.user.name}/.local/share/scandir";

-in
-{
+in {
  services.paperless = {
    enable = true;
    user = psCfg.user.name;
@ -82,10 +81,7 @@ in
  #  };
  #};

-  networking.firewall.allowedTCPPorts = [
-    80
-    443
-  ];
+  networking.firewall.allowedTCPPorts = [ 80 443 ];

  systemd.tmpfiles.rules = [
    "d /home/${psCfg.user.name}/.local 0700 ${psCfg.user.name} users - -"
--- a/hosts/iso/default.nix
+++ b/hosts/iso/default.nix
@ -1,5 +1,8 @@
-{ pkgs, lib, ... }:
 {
+  pkgs,
+  lib,
+  ...
+}: {
  pub-solar.core.disk-encryption-active = false;
  isoImage.squashfsCompression = "gzip -Xcompression-level 1";
  systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
--- a/hosts/powder/default.nix
+++ b/hosts/powder/default.nix
@ -1,4 +1,5 @@
-{ ... }:
-{
-  imports = [ ./powder.nix ];
+{...}: {
+  imports = [
+    ./powder.nix
+  ];
 }
--- a/hosts/powder/hardware-configuration.nix
+++ b/hosts/powder/hardware-configuration.nix
@ -7,17 +7,10 @@
  pkgs,
  modulesPath,
  ...
-}:
-{
+}: {
  imports = [];

-  boot.initrd.availableKernelModules = [
-    "ahci"
-    "virtio_pci"
-    "xhci_pci"
-    "sr_mod"
-    "virtio_blk"
-  ];
+  boot.initrd.availableKernelModules = ["ahci" "virtio_pci" "xhci_pci" "sr_mod" "virtio_blk"];
  boot.initrd.kernelModules = [];
  boot.kernelModules = [];
  boot.extraModulePackages = [];
--- a/hosts/powder/powder.nix
+++ b/hosts/powder/powder.nix
@ -5,8 +5,7 @@
  pkgs,
  profiles,
  ...
-}:
-{
+}: {
  imports = [
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
--- a/hosts/ryzensun/default.nix
+++ b/hosts/ryzensun/default.nix
@ -1,5 +1,4 @@
-{ ... }:
-{
+{ ... }: {
  imports = [
    ./ryzensun.nix
    ./hardware-configuration.nix
--- a/hosts/ryzensun/hardware-configuration.nix
+++ b/hosts/ryzensun/hardware-configuration.nix
@ -7,18 +7,12 @@
  pkgs,
  modulesPath,
  ...
-}:
-{
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-
-  boot.initrd.availableKernelModules = [
-    "nvme"
-    "xhci_pci"
-    "ahci"
-    "usbhid"
-    "sd_mod"
-    "sr_mod"
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
  ];
+
+  boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod" "sr_mod"];
  boot.initrd.kernelModules = [];
  boot.kernelModules = ["kvm-amd"];
  boot.extraModulePackages = [];
--- a/hosts/ryzensun/networking.nix
+++ b/hosts/ryzensun/networking.nix
@ -1,16 +1,10 @@
 {
  networking = {
    hosts = {
-      "10.0.0.42" = [
-        "nomad.service.consul"
-        "nomad.service.cgn-1.consul"
-      ];
+      "10.0.0.42" = ["nomad.service.consul" "nomad.service.cgn-1.consul"];
      "10.0.0.66" = ["consul.service.cgn-1.consul"];
      "10.0.1.9" = ["consul.service.lev-1.consul"];
-      "10.0.0.70" = [
-        "vault.service.consul"
-        "vault.service.cgn-1.consul"
-      ];
+      "10.0.0.70" = ["vault.service.consul" "vault.service.cgn-1.consul"];
      "10.0.0.200" = ["headnode.cgn-1"];
      "10.0.0.201" = ["cn01.cgn-1"];
      "10.0.0.202" = ["cn02.cgn-1"];
@ -40,11 +34,7 @@
        peers = [
          {
            publicKey = "l0DJLicCrcrixNP6zAWTXNSEaNM2jML253BXEZ1KpiU=";
-            allowedIPs = [
-              "10.8.8.16/32"
-              "10.0.0.0/24"
-              "10.88.88.0/24"
-            ];
+            allowedIPs = ["10.8.8.16/32" "10.0.0.0/24" "10.88.88.0/24"];
            endpoint = "85.88.23.16:51820";
            persistentKeepalive = 25;
          }
@ -59,11 +49,7 @@
          {
            publicKey = "7RRgfZSneqAtAHBeI6+aaYLqz9e1jikg/lIK8mhW928=";
            presharedKeyFile = "/etc/wireguard/wg1.presharedkey";
-            allowedIPs = [
-              "10.11.11.0/24"
-              "192.168.1.0/24"
-              "10.0.1.0/24"
-            ];
+            allowedIPs = ["10.11.11.0/24" "192.168.1.0/24" "10.0.1.0/24"];
            endpoint = "80.71.153.1:51820";
            #persistentKeepalive = 16;
          }
@ -74,45 +60,29 @@
        privateKeyFile = "/etc/wireguard/wg2.privatekey";

        peers = [
-          {
-            # nachtigall.pub.solar
+          { # nachtigall.pub.solar
            publicKey = "qzNywKY9RvqTnDO8eLik75/SHveaSk9OObilDzv+xkk=";
-            allowedIPs = [
-              "10.7.6.1/32"
-              "fd00:fae:fae:fae:fae:1::/96"
-            ];
+            allowedIPs = [ "10.7.6.1/32" "fd00:fae:fae:fae:fae:1::/96" ];
            #endpoint = "138.201.80.102:51820";
            endpoint = "[2a01:4f8:172:1c25::1]:51820";
            persistentKeepalive = 15;
          }
-          {
-            # flora-6.pub.solar
+          { # flora-6.pub.solar
            publicKey = "jtSR5G2P/nm9s8WrVc26Xc/SQLupRxyXE+5eIeqlsTU=";
-            allowedIPs = [
-              "10.7.6.2/32"
-              "fd00:fae:fae:fae:fae:2::/96"
-            ];
+            allowedIPs = [ "10.7.6.2/32" "fd00:fae:fae:fae:fae:2::/96" ];
            endpoint = "80.71.153.210:51820";
            persistentKeepalive = 15;
          }
-          {
-            # metronom.pub.solar
+          { # metronom.pub.solar
            publicKey = "zOSYGO7MfnOOUnzaTcWiKRQM0qqxR3JQrwx/gtEtHmo=";
-            allowedIPs = [
-              "10.7.6.3/32"
-              "fd00:fae:fae:fae:fae:3::/96"
-            ];
+            allowedIPs = [ "10.7.6.3/32" "fd00:fae:fae:fae:fae:3::/96" ];
            endpoint = "49.13.236.167:51820";
            #endpoint = "[2a01:4f8:c2c:7082::]:51820";
            persistentKeepalive = 15;
          }
-          {
-            # tankstelle.pub.solar
+          { # tankstelle.pub.solar
            publicKey = "iRTlY1lB7nPXf2eXzX8ZZDkfMmXyGjff5/joccbP8Cg=";
-            allowedIPs = [
-              "10.7.6.4/32"
-              "fd00:fae:fae:fae:fae:4::/96"
-            ];
+            allowedIPs = [ "10.7.6.4/32" "fd00:fae:fae:fae:fae:4::/96" ];
            #endpoint = "80.244.242.5:51820";
            endpoint = "[2001:4d88:1ffa:26::5]:51820";
            persistentKeepalive = 15;
--- a/hosts/ryzensun/ryzensun.nix
+++ b/hosts/ryzensun/ryzensun.nix
@ -8,8 +8,7 @@
 let
  psCfg = config.pub-solar;
  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-in
-{
+in {
  config = {
    age.secrets.docker-ci-runner-secrets = {
      file = "${flake.self}/secrets/docker-ci-runner-secrets.age";
--- a/lib/compat/default.nix
+++ b/lib/compat/default.nix
@ -1,16 +1,16 @@
 let
-  lock = builtins.fromJSON (
-    builtins.readFile builtins.path {
+  lock = builtins.fromJSON (builtins.readFile builtins.path {
    path = ../../flake.lock;
    name = "lockPath";
-    }
-  );
+  });
  flake =
    import
-      (fetchTarball {
+    (
+      fetchTarball {
        url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
        sha256 = lock.nodes.flake-compat.locked.narHash;
-      })
+      }
+    )
    {
      src = builtins.path {
        path = ../../.;
--- a/lib/compat/nixos/default.nix
+++ b/lib/compat/nixos/default.nix
@ -1,5 +1,4 @@
-{ ... }:
-let
+{...}: let
  inherit (default.inputs.nixos) lib;

  host = configs.${hostname} or configs.PubSolarOS;
--- a/lib/default.nix
+++ b/lib/default.nix
@ -1,12 +1,9 @@
-{ lib, inputs, ... }:
-{
+{ lib, inputs, ... }: {
  # Configuration common to all Linux systems
  flake = {
-    lib =
-      let
+    lib = let
      callLibs = file: import file {inherit lib;};
-      in
-      rec {
+    in rec {
      ## Define your own library functions here!
      #id = x: x;
      ## Or in files, containing functions that take {lib}
@ -15,6 +12,7 @@

      deploy = import ./deploy.nix { inherit inputs lib; };
      addLocalHostname = callLibs ./add-local-hostname.nix;
+      recursiveMerge = callLibs ./recursive-merge.nix;
    };
  };
 }
--- a/lib/deploy.nix
+++ b/lib/deploy.nix
@ -1,8 +1,8 @@
 /*
-  The contents of this file are adapted from digga
-  https://github.com/divnix/digga
-
-  Licensed under the MIT license
+ * The contents of this file are adapted from digga
+ * https://github.com/divnix/digga
+ *
+ * Licensed under the MIT license
 */

 { lib, inputs }:
@ -15,8 +15,7 @@ let
        if (net ? domain) && (net.domain != null) then "${net.hostName}.${net.domain}" else net.hostName;
    in
    fqdn;
-in
-{
+in {
  mkDeployNodes =
    systemConfigurations: extraConfig:
    /*
--- a/lib/recursive-merge.nix
+++ b/lib/recursive-merge.nix
@ -0,0 +1,16 @@
+{ lib }:
+attrList:
+let
+  f = attrPath:
+    zipAttrsWith (
+      n: values:
+        if tail values == []
+        then head values
+        else if all isList values
+        then unique (concatLists values)
+        else if all isAttrs values
+        then f (attrPath ++ [n]) values
+        else last values
+    );
+in
+  f [] attrList;
--- a/modules/acme/default.nix
+++ b/modules/acme/default.nix
@ -4,8 +4,7 @@
  pkgs,
  lib,
  ...
-}:
-{
+}: {
  age.secrets."hosting-de-acme-secrets" = {
    file = "${flake.self}/secrets/hosting-de-acme-secrets.age";
    mode = "400";
--- a/modules/adb/default.nix
+++ b/modules/adb/default.nix
@ -6,8 +6,7 @@
 }:
 let
  psCfg = config.pub-solar;
-in
-{
+in {
  programs.adb.enable = true;

  users.users."${psCfg.user.name}" = {
--- a/modules/arduino/default.nix
+++ b/modules/arduino/default.nix
@ -6,8 +6,7 @@
 }:
 let
  psCfg = config.pub-solar;
-in
-{
+in {
  users.users."${psCfg.user.name}" = {
    extraGroups = ["dialout"];
    packages = with pkgs; [
--- a/modules/audio/default.nix
+++ b/modules/audio/default.nix
@ -7,8 +7,7 @@
 let
  psCfg = config.pub-solar;
  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-in
-{
+in {
  users.users."${psCfg.user.name}" = {
    extraGroups = ["audio"];
    packages = with pkgs; [
@ -43,10 +42,7 @@ in
        "context.properties" = {
          default = {
            "clock.rate" = 48000; # Pipewire default
-            "clock.allowed-rates" = [
-              44100
-              48000
-            ];
+            "clock.allowed-rates" = [ 44100 48000 ];
          };
        };
      };
--- a/modules/bluetooth/default.nix
+++ b/modules/bluetooth/default.nix
@ -3,14 +3,15 @@
  config,
  pkgs,
  ...
-}:
-{
+}: {
  hardware.bluetooth = {
    enable = true;
    # Disable bluetooth on startup to save battery
    powerOnBoot = false;
    # Disable useless SIM Access Profile plugin
-    disabledPlugins = [ "sap" ];
+    disabledPlugins = [
+      "sap"
+    ];
    settings = {
      General = {
        # Enables experimental features and interfaces.
--- a/modules/core/boot.nix
+++ b/modules/core/boot.nix
@ -6,8 +6,7 @@
 }:
 let
  cfg = config.pub-solar.core;
-in
-{
+in {
  options.pub-solar.core.disk-encryption-active = lib.mkOption {
    type = lib.types.bool;
    default = true;
--- a/modules/core/default.nix
+++ b/modules/core/default.nix
@ -1,9 +1,12 @@
-{ config, lib, ... }:
+{
+  config,
+  lib,
+  ...
+}:
 let
  cfg = config.pub-solar.core;
  psCfg = config.pub-solar;
-in
-{
+in {
  imports = [
    ./boot.nix
    ./hibernation.nix
--- a/modules/core/hibernation.nix
+++ b/modules/core/hibernation.nix
@ -7,8 +7,7 @@
 let
  cfg = config.pub-solar.core.hibernation;
  inherit (lib) mkOption types mkIf;
-in
-{
+in {
  options.pub-solar.core.hibernation = {
    enable = mkOption {
      type = types.bool;
@ -32,9 +31,7 @@ in
  config = {
    boot = mkIf cfg.enable {
      resumeDevice = mkIf (cfg.resumeDevice != null) cfg.resumeDevice;
-      kernelParams = mkIf (cfg.resumeOffset != null) [
-        "resume_offset=${builtins.toString cfg.resumeOffset}"
-      ];
+      kernelParams = mkIf (cfg.resumeOffset != null) ["resume_offset=${builtins.toString cfg.resumeOffset}"];
    };
  };
 }
--- a/modules/core/networking.nix
+++ b/modules/core/networking.nix
@ -4,8 +4,7 @@
  pkgs,
  lib,
  ...
-}:
-{
+}: {
  # disable NetworkManager and systemd-networkd -wait-online by default
  systemd.services.NetworkManager-wait-online.enable = lib.mkDefault false;
  systemd.services.systemd-networkd-wait-online.enable = lib.mkDefault false;
--- a/modules/core/packages.nix
+++ b/modules/core/packages.nix
@ -7,8 +7,7 @@
 let
  psCfg = config.pub-solar;
  cfg = config.pub-solar.core;
-in
-{
+in {
  environment.systemPackages = with pkgs; [
    # Core unix utility packages
    coreutils-full
--- a/modules/crypto/default.nix
+++ b/modules/crypto/default.nix
@ -6,15 +6,16 @@
 }:
 let
  psCfg = config.pub-solar;
-in
-{
+in {
  services.udev.packages = [pkgs.yubikey-personalization];
  services.dbus.packages = [pkgs.gcr];
  services.pcscd.enable = true;

  services.gnome.gnome-keyring.enable = true;

-  users.users."${psCfg.user.name}".packages = with pkgs; [ libsecret ];
+  users.users."${psCfg.user.name}".packages = with pkgs; [
+    libsecret
+  ];

  home-manager.users."${psCfg.user.name}" = {
    systemd.user.services.polkit-gnome-authentication-agent = import ./polkit-gnome-authentication-agent.service.nix pkgs;
--- a/modules/ddclient/default.nix
+++ b/modules/ddclient/default.nix
@ -22,12 +22,7 @@ let
    cache=${dataDir}/ddclient.cache
    foreground=yes
    login=${cfg.username}
-    password=${
-      if cfg.protocol == "nsupdate" then
-        "/run/${RuntimeDirectory}/ddclient.key"
-      else
-        "@password_placeholder@"
-    }
+    password=${if cfg.protocol == "nsupdate" then "/run/${RuntimeDirectory}/ddclient.key" else "@password_placeholder@"}
    protocol=${cfg.protocol}
    ${lib.optionalString (cfg.script != "") "script=${cfg.script}"}
    ${lib.optionalString (cfg.server != "") "server=${cfg.server}"}
@ -43,60 +38,26 @@ let

  preStart = ''
    install --mode=600 --owner=$USER ${configFile} /run/${RuntimeDirectory}/ddclient.conf
-    ${lib.optionalString (cfg.configFile == null) (
-      if (cfg.protocol == "nsupdate") then
-        ''
+    ${lib.optionalString (cfg.configFile == null) (if (cfg.protocol == "nsupdate") then ''
      install --mode=600 --owner=$USER ${cfg.passwordFile} /run/${RuntimeDirectory}/ddclient.key
-        ''
-      else if (cfg.passwordFile != null) then
-        ''
+    '' else if (cfg.passwordFile != null) then ''
      "${pkgs.replace-secret}/bin/replace-secret" "@password_placeholder@" "${cfg.passwordFile}" "/run/${RuntimeDirectory}/ddclient.conf"
-        ''
-      else
-        ''
+    '' else ''
      sed -i '/^password=@password_placeholder@$/d' /run/${RuntimeDirectory}/ddclient.conf
-        ''
-    )}
+    '')}
  '';
-in
-with lib;
-{
-  disabledModules = [ "services/networking/ddclient.nix" ];
+in with lib; {
+  disabledModules = [
+    "services/networking/ddclient.nix"
+  ];

  imports = [
-    (mkChangedOptionModule
-      [
-        "services"
-        "ddclient"
-        "domain"
-      ]
-      [
-        "services"
-        "ddclient"
-        "domains"
-      ]
-      (
-        config:
-        let
-          value = getAttrFromPath [
-            "services"
-            "ddclient"
-            "domain"
-          ] config;
-        in
-        if value != "" then [ value ] else [ ]
-      )
-    )
-    (mkRemovedOptionModule [
-      "services"
-      "ddclient"
-      "homeDir"
-    ] "")
-    (mkRemovedOptionModule [
-      "services"
-      "ddclient"
-      "password"
-    ] "Use services.ddclient.passwordFile instead.")
+    (mkChangedOptionModule [ "services" "ddclient" "domain" ] [ "services" "ddclient" "domains" ]
+      (config:
+        let value = getAttrFromPath [ "services" "ddclient" "domain" ] config;
+        in if value != "" then [ value ] else []))
+    (mkRemovedOptionModule [ "services" "ddclient" "homeDir" ] "")
+    (mkRemovedOptionModule [ "services" "ddclient" "password" ] "Use services.ddclient.passwordFile instead.")
  ];

  ###### interface
@ -130,9 +91,7 @@ with lib;

      username = mkOption {
        # For `nsupdate` username contains the path to the nsupdate executable
-        default = lib.optionalString (
-          config.services.ddclient.protocol == "nsupdate"
-        ) "${pkgs.bind.dnsutils}/bin/nsupdate";
+        default = lib.optionalString (config.services.ddclient.protocol == "nsupdate") "${pkgs.bind.dnsutils}/bin/nsupdate";
        defaultText = "";
        type = str;
        description = lib.mdDoc ''
@ -253,6 +212,7 @@ with lib;
    };
  };

+
  ###### implementation

  config = mkIf config.services.ddclient.enable {
--- a/modules/default.nix
+++ b/modules/default.nix
@ -1,5 +1,8 @@
-{ self, inputs, ... }:
 {
+  self,
+  inputs,
+  ...
+}: {
  flake = {
    nixosModules = rec {
      acme = import ./acme;
--- a/modules/desktop-extended/default.nix
+++ b/modules/desktop-extended/default.nix
@ -1,8 +1,11 @@
-{ config, pkgs, ... }:
+{
+  config,
+  pkgs,
+  ...
+}:
 let
  psCfg = config.pub-solar;
-in
-{
+in {
  users.users."${psCfg.user.name}".packages = with pkgs; [
    ungoogled-chromium

--- a/modules/docker/default.nix
+++ b/modules/docker/default.nix
@ -6,13 +6,14 @@
 }:
 let
  psCfg = config.pub-solar;
-in
-{
+in {
  virtualisation.docker.enable = true;

  users.users."${psCfg.user.name}" = {
    extraGroups = ["docker"];
  };

-  environment.systemPackages = with pkgs; [ docker-compose ];
+  environment.systemPackages = with pkgs; [
+    docker-compose
+  ];
 }
--- a/modules/email/default.nix
+++ b/modules/email/default.nix
@ -6,8 +6,7 @@
 }:
 let
  psCfg = config.pub-solar;
-in
-{
+in {
  users.users."${psCfg.user.name}".packages = with pkgs; [
    w3m
    urlscan
@ -38,23 +37,17 @@ in
      macro index <f5> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/admins@pub.solar.muttrc<enter><change-folder>!<enter>'
      macro index <f6> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/crew@pub.solar.muttrc<enter><change-folder>!<enter>'
    '';
-    xdg.configFile."mutt/hello@benjaminbaedorf.eu.muttrc".source =
-      ./.config/mutt + "/hello@benjaminbaedorf.eu.muttrc";
-    xdg.configFile."mutt/benjamin.baedorf@rwth-aachen.de.muttrc".source =
-      ./.config/mutt + "/benjamin.baedorf@rwth-aachen.de.muttrc";
-    xdg.configFile."mutt/hello@benjaminbaedorf.eu.signature".source =
-      ./.config/mutt + "/hello@benjaminbaedorf.eu.signature";
+    xdg.configFile."mutt/hello@benjaminbaedorf.eu.muttrc".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.muttrc";
+    xdg.configFile."mutt/benjamin.baedorf@rwth-aachen.de.muttrc".source = ./.config/mutt + "/benjamin.baedorf@rwth-aachen.de.muttrc";
+    xdg.configFile."mutt/hello@benjaminbaedorf.eu.signature".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.signature";
    xdg.configFile."mutt/byb@miom.space.muttrc".source = ./.config/mutt + "/byb@miom.space.muttrc";
-    xdg.configFile."mutt/byb@miom.space.signature".source =
-      ./.config/mutt + "/byb@miom.space.signature";
+    xdg.configFile."mutt/byb@miom.space.signature".source = ./.config/mutt + "/byb@miom.space.signature";
    xdg.configFile."mutt/mail@b12f.io.muttrc".source = ./.config/mutt + "/mail@b12f.io.muttrc";
    xdg.configFile."mutt/mail@b12f.io.signature".source = ./.config/mutt + "/mail@b12f.io.signature";
    xdg.configFile."mutt/admins@pub.solar.muttrc".source = ./.config/mutt + "/admins@pub.solar.muttrc";
-    xdg.configFile."mutt/admins@pub.solar.signature".source =
-      ./.config/mutt + "/admins@pub.solar.signature";
+    xdg.configFile."mutt/admins@pub.solar.signature".source = ./.config/mutt + "/admins@pub.solar.signature";
    xdg.configFile."mutt/crew@pub.solar.muttrc".source = ./.config/mutt + "/crew@pub.solar.muttrc";
-    xdg.configFile."mutt/crew@pub.solar.signature".source =
-      ./.config/mutt + "/crew@pub.solar.signature";
+    xdg.configFile."mutt/crew@pub.solar.signature".source = ./.config/mutt + "/crew@pub.solar.signature";
    xdg.configFile."offlineimap/config".source = ./.config/offlineimap/config;
    xdg.configFile."msmtp/config".source = ./.config/msmtp/config;
  };
--- a/modules/gaming/default.nix
+++ b/modules/gaming/default.nix
@ -6,10 +6,11 @@
 }:
 let
  psCfg = config.pub-solar;
-in
-{
+in {
  programs.steam.enable = true;
-  nixpkgs.config.packageOverrides = pkgs: { steam = pkgs.steam.override { }; };
+  nixpkgs.config.packageOverrides = pkgs: {
+    steam = pkgs.steam.override {};
+  };

  users.users."${psCfg.user.name}".packages = with pkgs; [
    playonlinux
--- a/modules/graphical/default.nix
+++ b/modules/graphical/default.nix
@ -8,14 +8,18 @@ let
  psCfg = config.pub-solar;
  tomlFormat = pkgs.formats.toml {};
  sessionVariables = {
-    WLR_RENDERER = if psCfg.graphical.wayland.software-renderer.enable then "pixman" else "gles2";
+    WLR_RENDERER =
+      if psCfg.graphical.wayland.software-renderer.enable
+      then "pixman"
+      else "gles2";
    # Fix KeepassXC rendering issue
    # https://github.com/void-linux/void-packages/issues/23517
    QT_AUTO_SCREEN_SCALE_FACTOR = "0";
  };
-in
-{
-  imports = [ ./sway ];
+in {
+  imports = [
+    ./sway
+  ];

  options.pub-solar.graphical = {
    wayland.software-renderer.enable = lib.mkOption {
--- a/modules/graphical/sway/config/config.d/mode_system.conf.nix
+++ b/modules/graphical/sway/config/config.d/mode_system.conf.nix
@ -1,14 +1,17 @@
-{ pkgs, psCfg, ... }:
+{
+  pkgs,
+  psCfg,
+  ...
+}:
 ''
  # Set shut down, restart and locking features
 ''
 + (
-  if psCfg.core.hibernation.enable then
-    ''
+  if psCfg.core.hibernation.enable
+  then ''
    set $mode_system (e)xit, (h)ibernate, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown
  ''
-  else
-    ''
+  else ''
    set $mode_system (e)xit, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown
  ''
 )
@ -19,12 +22,11 @@
    bindsym e exec swaymsg exit, mode "default"
 ''
 + (
-  if psCfg.core.hibernation.enable then
-    ''
+  if psCfg.core.hibernation.enable
+  then ''
    bindsym h exec systemctl hibernate, mode "default"
  ''
-  else
-    ""
+  else ""
 )
 + ''
    bindsym l exec ${pkgs.swaylock-bg}/bin/swaylock-bg, mode "default"
--- a/modules/graphical/sway/config/config.nix
+++ b/modules/graphical/sway/config/config.nix
@ -1,5 +1,8 @@
-{ config, pkgs, ... }:
-''
+{
+  config,
+  pkgs,
+  ...
+}: ''
  # Default config for sway
  #
  # Copy this to ~/.config/sway/config and edit it to your liking.
--- a/modules/graphical/sway/config/wayvnc/config.nix
+++ b/modules/graphical/sway/config/wayvnc/config.nix
@ -1,5 +1,7 @@
-{ psCfg, pkgs }:
-"
+{
+  psCfg,
+  pkgs,
+}: "
 address=0.0.0.0
 enable_auth=true
 username=${psCfg.user.name}
--- a/modules/graphical/sway/default.nix
+++ b/modules/graphical/sway/default.nix
@ -8,8 +8,7 @@
 let
  psCfg = config.pub-solar;
  inherit (lib) mkIf mkOption types;
-in
-{
+in {
  options.pub-solar.graphical = {
    v4l2loopback.enable = mkOption {
      type = types.bool;
@ -81,7 +80,9 @@ in
    ];

    home-manager.users."${psCfg.user.name}" = {
-      imports = [ flake.self.inputs.wayland-pipewire-idle-inhibit.homeModules.default ];
+      imports = [
+        flake.self.inputs.wayland-pipewire-idle-inhibit.homeModules.default
+      ];

      services.wayland-pipewire-idle-inhibit = {
        enable = true;
@ -116,9 +117,7 @@ in
      xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf;
      xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf;
      xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf;
-      xdg.configFile."sway/config.d/mode_system.conf".text =
-        import ./config/config.d/mode_system.conf.nix
-          { inherit pkgs psCfg; };
+      xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix {inherit pkgs psCfg;};
      xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf;
      xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf;
    };
--- a/modules/graphical/sway/gammastep.service.nix
+++ b/modules/graphical/sway/gammastep.service.nix
@ -1,5 +1,4 @@
-{ pkgs, ... }:
-{
+{pkgs, ...}: {
  Unit = {
    Description = "set color temperature of display according to time of day";
    Documentation = ["man:gammastep(1)"];
--- a/modules/graphical/sway/libinput-gestures.service.nix
+++ b/modules/graphical/sway/libinput-gestures.service.nix
@ -1,5 +1,4 @@
-{ pkgs, ... }:
-{
+{pkgs, ...}: {
  Unit = {
    Description = "Actions gestures on your touchpad using libinput";
    Documentation = ["https://github.com/bulletmark/libinput-gestures"];
--- a/modules/graphical/sway/mako.service.nix
+++ b/modules/graphical/sway/mako.service.nix
@ -1,5 +1,4 @@
-{ pkgs, ... }:
-{
+{pkgs, ...}: {
  Unit = {
    Description = "Lightweight Wayland notification daemon";
    Documentation = ["man:mako(1)"];
--- a/modules/graphical/sway/sway-session.target.nix
+++ b/modules/graphical/sway/sway-session.target.nix
@ -1,5 +1,4 @@
-{ pkgs, ... }:
-{
+{pkgs, ...}: {
  Unit = {
    Description = "sway compositor session";
    Documentation = ["man:systemd.special(7)"];
--- a/modules/graphical/sway/sway.service.nix
+++ b/modules/graphical/sway/sway.service.nix
@ -1,5 +1,4 @@
-{ pkgs, ... }:
-{
+{pkgs, ...}: {
  Unit = {
    Description = "sway - SirCmpwn's Wayland window manager";
    Documentation = ["man:sway(5)"];
--- a/modules/graphical/sway/swayidle.service.nix
+++ b/modules/graphical/sway/swayidle.service.nix
@ -1,5 +1,8 @@
-{ pkgs, psCfg, ... }:
 {
+  pkgs,
+  psCfg,
+  ...
+}: {
  Unit = {
    Description = "Idle manager for Wayland";
    Documentation = ["man:swayidle(1)"];
--- a/modules/graphical/sway/waybar.service.nix
+++ b/modules/graphical/sway/waybar.service.nix
@ -1,18 +1,10 @@
-{ pkgs, ... }:
-{
+{pkgs, ...}: {
  Unit = {
    Description = "Highly customizable Wayland bar for Sway and Wlroots based compositors.";
    Documentation = "https://github.com/Alexays/Waybar/wiki/";
    BindsTo = ["sway-session.target"];
-    After = [
-      "sway-session.target"
-      "network-online.target"
-    ];
-    Wants = [
-      "graphical-session-pre.target"
-      "network-online.target"
-      "blueman-applet.service"
-    ];
+    After = ["sway-session.target" "network-online.target"];
+    Wants = ["graphical-session-pre.target" "network-online.target" "blueman-applet.service"];
    ConditionEnvironment = ["WAYLAND_DISPLAY"];
  };

--- a/modules/graphical/sway/xsettingsd.service.nix
+++ b/modules/graphical/sway/xsettingsd.service.nix
@ -1,5 +1,4 @@
-{ pkgs, ... }:
-{
+{pkgs, ...}: {
  Unit = {
    Description = "X Settings Daemon";
    Documentation = ["https://github.com/derat/xsettingsd/wiki/Installation"];
--- a/modules/graphical/sway/ydotool.service.nix
+++ b/modules/graphical/sway/ydotool.service.nix
@ -1,5 +1,4 @@
-{ pkgs, ... }:
-{
+{pkgs, ...}: {
  Unit = {
    Description = "ydotool - Generic command-line automation tool (no X!)";
    Documentation = ["https://github.com/ReimuNotMoe/ydotool"];
--- a/modules/hm-system-defaults.nix
+++ b/modules/hm-system-defaults.nix
@ -1,11 +1,11 @@
-{ config, ... }:
-{
+{config, ...}: {
  home-manager.sharedModules = [
    {
      home.sessionVariables = {
        inherit (config.environment.sessionVariables) NIX_PATH;
      };
-      xdg.configFile."nix/registry.json".text = config.environment.etc."nix/registry.json".text;
+      xdg.configFile."nix/registry.json".text =
+        config.environment.etc."nix/registry.json".text;
    }
  ];
 }
--- a/modules/invoiceplane/default.nix
+++ b/modules/invoiceplane/default.nix
@ -1,9 +1,4 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
+{ config, pkgs, lib, ... }:

 let
  inherit (lib)
@ -29,17 +24,14 @@ let
    mkOption
    nameValuePair
    optionalString
-    types
-    ;
+    types;

  cfg = config.services.invoiceplane;
  eachSite = cfg.sites;
  user = "invoiceplane";
  webserver = config.services.${cfg.webserver};

-  invoiceplane-config =
-    hostName: cfg:
-    pkgs.writeText "ipconfig.php" ''
+  invoiceplane-config = hostName: cfg: pkgs.writeText "ipconfig.php" ''
    IP_URL=http://${hostName}
    ENABLE_DEBUG=false
    DISABLE_SETUP=false
@ -47,11 +39,7 @@ let
    DB_HOSTNAME=${cfg.database.host}
    DB_USERNAME=${cfg.database.user}
    # NOTE: file_get_contents adds newline at the end of returned string
-      DB_PASSWORD=${
-        optionalString (
-          cfg.database.passwordFile != null
-        ) "trim(file_get_contents('${cfg.database.passwordFile}'), \"\\r\\n\")"
-      }
+    DB_PASSWORD=${optionalString (cfg.database.passwordFile != null) "trim(file_get_contents('${cfg.database.passwordFile}'), \"\\r\\n\")"}
    DB_DATABASE=${cfg.database.name}
    DB_PORT=${toString cfg.database.port}
    SESS_EXPIRATION=864000
@ -63,30 +51,20 @@ let
    REMOVE_INDEXPHP=true
  '';

-  mkPhpValue =
-    v:
-    if isString v then
-      escapeShellArg v
+  mkPhpValue = v:
+    if isString v then escapeShellArg v
    # NOTE: If any value contains a , (comma) this will not get escaped
-    else if isList v && any lib.strings.isCoercibleToString v then
-      escapeShellArg (concatMapStringsSep "," toString v)
-    else if isInt v then
-      toString v
-    else if isBool v then
-      boolToString v
-    else
-      abort "The Invoiceplane config value ${lib.generators.toPretty { } v} can not be encoded.";
+    else if isList v && any lib.strings.isCoercibleToString v then escapeShellArg (concatMapStringsSep "," toString v)
+    else if isInt v then toString v
+    else if isBool v then boolToString v
+    else abort "The Invoiceplane config value ${lib.generators.toPretty {} v} can not be encoded."
+  ;

-  extraConfig =
-    hostName: cfg:
-    let
+  extraConfig = hostName: cfg: let
    settings = mapAttrsToList (k: v: "${k}=${mkPhpValue v}") cfg.settings;
-    in
-    pkgs.writeText "extraConfig.php" (concatStringsSep "\n" settings);
+  in pkgs.writeText "extraConfig.php" (concatStringsSep "\n" settings);

-  pkg =
-    hostName: cfg:
-    pkgs.stdenv.mkDerivation rec {
+  pkg = hostName: cfg: pkgs.stdenv.mkDerivation rec {
    pname = "invoiceplane-${hostName}";
    version = src.version;
    src = pkgs.invoiceplane;
@ -114,14 +92,11 @@ let
      ln -s ${extraConfig hostName cfg} $out/extraConfig.php

      # symlink additional templates
-        ${concatMapStringsSep "\n" (
-          template: "cp -r ${template}/. $out/application/views/invoice_templates/pdf/"
-        ) cfg.invoiceTemplates}
+      ${concatMapStringsSep "\n" (template: "cp -r ${template}/. $out/application/views/invoice_templates/pdf/") cfg.invoiceTemplates}
    '';
  };

-  siteOpts =
-    { name, ... }:
+  siteOpts = { name, ... }:
    {
      options = {

@ -212,13 +187,7 @@ let
        };

        poolConfig = mkOption {
-          type =
-            with types;
-            attrsOf (oneOf [
-              str
-              int
-              bool
-            ]);
+          type = with types; attrsOf (oneOf [ str int bool ]);
          default = {
            "pm" = "dynamic";
            "pm.max_children" = 32;
@ -272,7 +241,9 @@ let
    };
 in
 {
-  disabledModules = [ "services/web-apps/invoiceplane.nix" ];
+  disabledModules = [
+    "services/web-apps/invoiceplane.nix"
+  ];

  # interface
  options = {
@ -286,10 +257,7 @@ in
        };

        options.webserver = mkOption {
-          type = types.enum [
-            "caddy"
-            "nginx"
-          ];
+          type = types.enum [ "caddy" "nginx" ];
          default = "caddy";
          example = "nginx";
          description = ''
@ -304,59 +272,50 @@ in
  };

  # implementation
-  config = mkIf (eachSite != { }) (mkMerge [
-    {
+  config = mkIf (eachSite != {}) (mkMerge [{

-      assertions = flatten (
-        mapAttrsToList (hostName: cfg: [
-          {
-            assertion = cfg.database.createLocally -> cfg.database.user == user;
+    assertions = flatten (mapAttrsToList (hostName: cfg: [
+      { assertion = cfg.database.createLocally -> cfg.database.user == user;
        message = ''services.invoiceplane.sites."${hostName}".database.user must be ${user} if the database is to be automatically provisioned'';
      }
-          {
-            assertion = cfg.database.createLocally -> cfg.database.passwordFile == null;
+      { assertion = cfg.database.createLocally -> cfg.database.passwordFile == null;
        message = ''services.invoiceplane.sites."${hostName}".database.passwordFile cannot be specified if services.invoiceplane.sites."${hostName}".database.createLocally is set to true.'';
      }
-          {
-            assertion = cfg.cron.enable -> cfg.cron.key != null;
+      { assertion = cfg.cron.enable -> cfg.cron.key != null;
        message = ''services.invoiceplane.sites."${hostName}".cron.key must be set in order to use cron service.'';
      }
-        ]) eachSite
-      );
+    ]) eachSite);

    services.mysql = mkIf (any (v: v.database.createLocally) (attrValues eachSite)) {
      enable = true;
      package = mkDefault pkgs.mariadb;
      ensureDatabases = mapAttrsToList (hostName: cfg: cfg.database.name) eachSite;
-        ensureUsers = mapAttrsToList (hostName: cfg: {
-          name = cfg.database.user;
-          ensurePermissions = {
-            "${cfg.database.name}.*" = "ALL PRIVILEGES";
-          };
-        }) eachSite;
+      ensureUsers = mapAttrsToList (hostName: cfg:
+        { name = cfg.database.user;
+          ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; };
+        }
+      ) eachSite;
    };

    services.phpfpm = {
      phpPackage = pkgs.php81;
-        pools = mapAttrs' (
-          hostName: cfg:
-          (nameValuePair "invoiceplane-${hostName}" {
+      pools = mapAttrs' (hostName: cfg: (
+        nameValuePair "invoiceplane-${hostName}" {
          inherit user;
          group = webserver.group;
          settings = {
            "listen.owner" = webserver.user;
            "listen.group" = webserver.group;
          } // cfg.poolConfig;
-          })
-        ) eachSite;
+        }
+      )) eachSite;
    };

  }

  {

-      systemd.tmpfiles.rules = flatten (
-        mapAttrsToList (hostName: cfg: [
+    systemd.tmpfiles.rules = flatten (mapAttrsToList (hostName: cfg: [
      "d ${cfg.stateDir} 0750 ${user} ${webserver.group} - -"
      "f ${cfg.stateDir}/ipconfig.php 0750 ${user} ${webserver.group} - -"
      "d ${cfg.stateDir}/logs 0750 ${user} ${webserver.group} - -"
@ -366,20 +325,18 @@ in
      "d ${cfg.stateDir}/uploads/temp 0750 ${user} ${webserver.group} - -"
      "d ${cfg.stateDir}/uploads/temp/mpdf 0750 ${user} ${webserver.group} - -"
      "d ${cfg.stateDir}/tmp 0750 ${user} ${webserver.group} - -"
-        ]) eachSite
-      );
+    ]) eachSite);

    systemd.services.invoiceplane-config = {
      serviceConfig.Type = "oneshot";
-        script = concatStrings (
-          mapAttrsToList (hostName: cfg: ''
+      script = concatStrings (mapAttrsToList (hostName: cfg:
+        ''
          mkdir -p ${cfg.stateDir}/logs \
                   ${cfg.stateDir}/uploads
          if ! grep -q IP_URL "${cfg.stateDir}/ipconfig.php"; then
            cp "${invoiceplane-config hostName cfg}" "${cfg.stateDir}/ipconfig.php"
          fi
-          '') eachSite
-        );
+        '') eachSite);
      wantedBy = [ "multi-user.target" ];
    };

@ -393,57 +350,50 @@ in

    # Cron service implementation

-      systemd.timers = mapAttrs' (
-        hostName: cfg:
-        (nameValuePair "invoiceplane-cron-${hostName}" (
-          mkIf cfg.cron.enable {
+    systemd.timers = mapAttrs' (hostName: cfg: (
+      nameValuePair "invoiceplane-cron-${hostName}" (mkIf cfg.cron.enable {
        wantedBy = [ "timers.target" ];
        timerConfig = {
          OnBootSec = "5m";
          OnUnitActiveSec = "5m";
          Unit = "invoiceplane-cron-${hostName}.service";
        };
-          }
-        ))
-      ) eachSite;
+      })
+    )) eachSite;

-      systemd.services = mapAttrs' (
-        hostName: cfg:
-        (nameValuePair "invoiceplane-cron-${hostName}" (
-          mkIf cfg.cron.enable {
+    systemd.services =
+      mapAttrs' (hostName: cfg: (
+        nameValuePair "invoiceplane-cron-${hostName}" (mkIf cfg.cron.enable {
          serviceConfig = {
            Type = "oneshot";
            User = user;
            ExecStart = "${pkgs.curl}/bin/curl --header 'Host: ${hostName}' http://localhost/invoices/cron/recur/${cfg.cron.key}";
          };
-          }
-        ))
-      ) eachSite;
+        })
+    )) eachSite;

  }

  (mkIf (cfg.webserver == "caddy") {
    services.caddy = {
      enable = true;
-        virtualHosts = mapAttrs' (
-          hostName: cfg:
-          (nameValuePair "http://${hostName}" {
+      virtualHosts = mapAttrs' (hostName: cfg: (
+        nameValuePair "http://${hostName}" {
          extraConfig = ''
            root * ${pkg hostName cfg}
            file_server
            php_fastcgi unix/${config.services.phpfpm.pools."invoiceplane-${hostName}".socket}
          '';
-          })
-        ) eachSite;
+        }
+      )) eachSite;
    };
  })

  (mkIf (cfg.webserver == "nginx") {
    services.nginx = {
      enable = true;
-        virtualHosts = mapAttrs' (
-          hostName: cfg:
-          (nameValuePair hostName {
+      virtualHosts = mapAttrs' (hostName: cfg: (
+        nameValuePair hostName {
          root = pkg hostName cfg;
          extraConfig = ''
            index index.php index.html index.htm;
@ -472,8 +422,8 @@ in
              '';
            };
          };
-          })
-        ) eachSite;
+        }
+      )) eachSite;
    };
  })

--- a/modules/nextcloud/default.nix
+++ b/modules/nextcloud/default.nix
@ -6,8 +6,7 @@
 }:
 let
  psCfg = config.pub-solar;
-in
-{
+in {
  home-manager.users."${psCfg.user.name}" = {
    systemd.user.services.nextcloud-client = import ./nextcloud.service.nix pkgs;
  };
--- a/modules/nix/default.nix
+++ b/modules/nix/default.nix
@ -4,11 +4,8 @@
  lib,
  flake,
  ...
-}:
-{
-  nixpkgs.config.allowUnfreePredicate =
-    pkg:
-    builtins.elem (lib.getName pkg) [
+}: {
+  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
    "1password"
    "1password-cli"
    "brscan5"
@ -45,22 +42,24 @@
      system.flake = flake.self;
    };

+
    settings = {
      # Improve nix store disk usage
      auto-optimise-store = true;
      # Prevents impurities in builds
      sandbox = true;
      # Give root and @wheel special privileges with nix
-      trusted-users = [
-        "root"
-        "@wheel"
-      ];
+      trusted-users = ["root" "@wheel"];
      # Allow only group wheel to connect to the nix daemon
      allowed-users = ["@wheel"];

-      substituters = [ "https://pub-solar.cachix.org/" ];
+      substituters = [
+        "https://pub-solar.cachix.org/"
+      ];

-      trusted-public-keys = [ "pub-solar.cachix.org-1:ZicXIxKgdxMtgSJECWR8iihZxHRvu8ObL4n2cuBmtos=" ];
+      trusted-public-keys = [
+        "pub-solar.cachix.org-1:ZicXIxKgdxMtgSJECWR8iihZxHRvu8ObL4n2cuBmtos="
+      ];
    };

    # Generally useful nix option defaults
--- a/modules/office/default.nix
+++ b/modules/office/default.nix
@ -6,8 +6,7 @@
 }:
 let
  psCfg = config.pub-solar;
-in
-{
+in {
  programs.evince.enable = true;

  users.users."${psCfg.user.name}".packages = with pkgs; [
--- a/modules/printing/default.nix
+++ b/modules/printing/default.nix
@ -7,8 +7,7 @@
 }:
 let
  psCfg = config.pub-solar;
-in
-{
+in {
  services.avahi.enable = true;
  services.avahi.ipv6 = true;
  services.avahi.nssmdns4 = true;
@ -31,10 +30,7 @@ in
  };

  users.users."${psCfg.user.name}" = {
-    extraGroups = [
-      "lp"
-      "scanner"
-    ];
+    extraGroups = ["lp" "scanner"];
  };

  networking.hosts = flake.self.lib.addLocalHostname ["cups.local"];
--- a/modules/terminal-life/bash/default.nix
+++ b/modules/terminal-life/bash/default.nix
@ -3,28 +3,19 @@
  flake,
  pkgs,
  ...
-}:
-let
+}: let
  psCfg = config.pub-solar;
  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-in
-{
+in {
  enable = true;

-  historyControl = [
-    "ignoredups"
-    "ignorespace"
-  ];
+  historyControl = ["ignoredups" "ignorespace"];
  historyFileSize = 300000;

  # Run when initializing a login shell
-  profileExtra =
-    if config.programs.sway.enable then
-      ''
+  profileExtra = if config.programs.sway.enable then ''
    [ "$(tty)" = "/dev/tty1" ] && exec systemd-cat --identifier=sway ${pkgs.sway}/bin/sway
-      ''
-    else
-      "";
+  '' else "";

  # Run when initializing an interactive shell
  initExtra = ''
--- a/modules/terminal-life/default.nix
+++ b/modules/terminal-life/default.nix
@ -8,8 +8,7 @@
 let
  psCfg = config.pub-solar;
  cfg = config.pub-solar.terminal-life;
-in
-{
+in {
  options.pub-solar.terminal-life = {
    full = lib.mkOption {
      description = ''
@ -27,9 +26,7 @@ in
    # until https://github.com/nix-community/nix-index/pull/227 is merged
    programs.nix-index.enableBashIntegration = false;

-    users.users."${psCfg.user.name}".packages =
-      with pkgs;
-      [
+    users.users."${psCfg.user.name}".packages = with pkgs; [
      asciinema
      bat
      blesh
@ -38,16 +35,17 @@ in
      fd
      jump
      (nnn.overrideAttrs (o: {
-          patches = (o.patches or [ ]) ++ [ ./nnn/0001-feat-use-wasd-keybindings-for-jkli.patch ];
+        patches =
+          (o.patches or [])
+          ++ [
+            ./nnn/0001-feat-use-wasd-keybindings-for-jkli.patch
+          ];
      }))
      powerline
      ripgrep
      screen
      watson
-      ]
-      ++ (
-        if cfg.full then
-          [
+    ] ++ (if cfg.full then [
      binutils
      jq

@ -60,10 +58,7 @@ in
      nixpkgs-review
      nix-update
      nix-search-cli
-          ]
-        else
-          [ ]
-      );
+    ] else []);

    # Get completion for system packages
    # https://nix-community.github.io/home-manager/options.xhtml#opt-programs.bash.enableCompletion
--- a/modules/terminal-life/fzf/default.nix
+++ b/modules/terminal-life/fzf/default.nix
@ -1,5 +1,8 @@
-{ config, pkgs, ... }:
 {
+  config,
+  pkgs,
+  ...
+}: {
  enable = true;
  defaultCommand = "fd --hidden --type f --exclude .git";
  defaultOptions = [
--- a/modules/terminal-life/nvim/default.nix
+++ b/modules/terminal-life/nvim/default.nix
@ -3,13 +3,11 @@
  pkgs,
  lib,
  ...
-}:
-let
+}: let
  psCfg = config.pub-solar;
  cfg = config.pub-solar.terminal-life;
  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-in
-{
+in {
  enable = true;

  viAlias = true;
@ -27,7 +25,7 @@ in
    # ansible-language-server
    # clang-tools
    # gopls
-    nodePackages.bash-language-server
+    # nodePackages.bash-language-server
    # nodePackages.svelte-language-server
    # nodePackages.typescript
    # nodePackages.typescript-language-server
@ -37,18 +35,18 @@ in
    # lua-language-server
    # cmake-language-server
    # vim-language-server
-    yaml-language-server
-    nodePackages.dockerfile-language-server-nodejs
-    docker-compose-language-service
+    # yaml-language-server
+    # python3Packages.python-lsp-server
+    # nodePackages.dockerfile-language-server-nodejs
+    # docker-compose-language-service
    # rust-analyzer
    # cargo
    # solargraph
    # terraform-ls
+    # python3Full
  ];

-  plugins =
-    with pkgs.vimPlugins;
-    [
+  plugins = with pkgs.vimPlugins; [
    # The status bar in the bottom of the screen with the mode indication and file location
    vim-airline

@ -101,10 +99,7 @@ in

    # Work with tags files
    vim-gutentags
-    ]
-    ++ (
-      if cfg.full then
-        [
+  ] ++ (if cfg.full then [
    nvim-treesitter.withAllGrammars

    # Dependencies for nvim-lspconfig
@ -125,13 +120,9 @@ in

    # JSON schemas
    SchemaStore-nvim
-        ]
-      else
-        [ ]
-    );
+  ] else []);

-  extraConfig = builtins.concatStringsSep "\n" (
-    [
+  extraConfig = builtins.concatStringsSep "\n" ([
    ''
      " Persistent undo
      set undofile
@ -145,15 +136,8 @@ in
    (builtins.readFile ./clipboard.vim)
    (builtins.readFile ./ui.vim)
    (builtins.readFile ./lastplace.lua)
-    ]
-    ++ (
-      if cfg.full then
-        [
+  ] ++ (if cfg.full then [
    (builtins.readFile ./lsp.vim)
    (builtins.readFile ./cmp.vim)
-        ]
-      else
-        [ ]
-    )
-  );
+  ] else []));
 }
--- a/modules/user/default.nix
+++ b/modules/user/default.nix
@ -3,13 +3,14 @@
  pkgs,
  lib,
  ...
-}:
-let
+}: let
  psCfg = config.pub-solar;
  inherit (lib) mkIf mkOption types;
 in
 {
-  imports = [ ./home.nix ];
+  imports = [
+    ./home.nix
+  ];

  options.pub-solar = {
    user = {
@ -73,8 +74,14 @@ in
          "wheel"
        ];
        shell = pkgs.bash;
-        initialHashedPassword = if psCfg.user.password != null then psCfg.user.password else "";
-        openssh.authorizedKeys.keys = if psCfg.user.publicKeys != null then psCfg.user.publicKeys else [ ];
+        initialHashedPassword =
+          if psCfg.user.password != null
+          then psCfg.user.password
+          else "";
+        openssh.authorizedKeys.keys =
+          if psCfg.user.publicKeys != null
+          then psCfg.user.publicKeys
+          else [];
      };
    };

--- a/modules/user/home.nix
+++ b/modules/user/home.nix
@ -7,9 +7,10 @@
 let
  psCfg = config.pub-solar;
  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-in
-{
-  imports = [ ./session-variables.nix ];
+in {
+  imports = [
+    ./session-variables.nix
+  ];

  home-manager.users."${psCfg.user.name}" = {
    # Let Home Manager install and manage itself.
--- a/modules/user/session-variables.nix
+++ b/modules/user/session-variables.nix
@ -3,8 +3,7 @@
  pkgs,
  lib,
  ...
-}:
-let
+}: let
  psCfg = config.pub-solar;
  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
  variables = {
@ -85,8 +84,7 @@ let
    FZF_DEFAULT_OPTS = lib.mkForce "--color=bg+:#2d2a2e,bg:#1a181a,spinner:#ef9062,hl:#7accd7 --color=fg:#d3d1d4,header:#7accd7,info:#e5c463,pointer:#ef9062 --color=marker:#ef9062,fg+:#d3d1d4,prompt:#e5c463,hl+:#7accd7";

    # nnn theme colors
-    NNN_FCOLORS =
-      let
+    NNN_FCOLORS = let
      BLK = "04";
      CHR = "04";
      DIR = "04";
@ -102,8 +100,7 @@ let
    in
      BLK + CHR + DIR + EXE + REG + HARDLINK + SYMLINK + MISSING + ORPHAN + FIFO + SOCK + OTHER;
  };
-in
-{
+in {
  environment.variables = variables;

  home-manager.users."${psCfg.user.name}" = {
--- a/modules/virtualisation/default.nix
+++ b/modules/virtualisation/default.nix
@ -6,8 +6,7 @@
 }:
 let
  psCfg = config.pub-solar;
-in
-{
+in {
  boot.kernelParams = [
    "amd_iommu=on"
    "intel_iommu=on"
@ -41,7 +40,9 @@ in
    home.packages = [pkgs.obs-studio-plugins.looking-glass-obs];
  };

-  systemd.tmpfiles.rules = [ "f  /dev/shm/looking-glass  0660  ${psCfg.user.name}  kvm" ];
+  systemd.tmpfiles.rules = [
+    "f  /dev/shm/looking-glass  0660  ${psCfg.user.name}  kvm"
+  ];
  #networking.bridges.virbr1.interfaces = [];
  #networking.interfaces.virbr1 = {
  #  ipv4.addresses = [
--- a/modules/wireguard-client/default.nix
+++ b/modules/wireguard-client/default.nix
@ -8,8 +8,7 @@ let
  psCfg = config.pub-solar;
  cfg = config.pub-solar.wireguard-client;
  inherit (lib) mkOption types;
-in
-{
+in {
  options.pub-solar.wireguard-client = {
    ownIPs = mkOption {
      description = ''
--- a/overlays/blesh.nix
+++ b/overlays/blesh.nix
@ -3,14 +3,18 @@ final: prev: {
    inherit (prev.sources.blesh-nvfetcher) version src;

    dontBuild = false;
-    buildInputs = [ prev.gitMinimal ];
+    buildInputs = [
+      prev.gitMinimal
+    ];

    patchPhase = ''
      substituteInPlace GNUmakefile \
        --replace "git submodule update --init --recursive" ""
    '';

-    installFlags = [ "PREFIX=$(out)" ];
+    installFlags = [
+      "PREFIX=$(out)"
+    ];

    installPhase = ''
      source $stdenv/setup
--- a/overlays/default.nix
+++ b/overlays/default.nix
@ -3,22 +3,16 @@
  lib,
  inputs,
  ...
-}:
-{
+}: {
  flake = {
    nixosModules = rec {
-      overlays = (
-        { ... }:
-        {
+      overlays = ({ ... }: {
        nixpkgs.overlays = [
-            (
-              final: prev:
+          (final: prev:
          let
            unstable = import inputs.unstable {
              system = prev.system;
-                  config.allowUnfreePredicate =
-                    pkg:
-                    builtins.elem (prev.lib.getName pkg) [
+              config.allowUnfreePredicate = pkg: builtins.elem (prev.lib.getName pkg) [
                "1password"
                "1password-cli"
                "slack"
@ -29,8 +23,7 @@
            neovim-unwrapped = unstable.neovim-unwrapped;
            vimPlugins = unstable.vimPlugins;
            #vimPlugins = prev.vimPlugins // {inherit (unstable.vimPlugins) nvim-lspconfig;};
-              }
-            )
+          })
          (import ../pkgs)
          (import ./blesh.nix)
          (import ./mdbook-multilang.nix inputs)
@ -38,8 +31,7 @@
          (import ./prr.nix)
          (import ./neovim-plugins.nix)
        ];
-        }
-      );
+      });
    };
  };
 }
--- a/overlays/mdbook-multilang.nix
+++ b/overlays/mdbook-multilang.nix
@ -11,12 +11,10 @@ inputs: final: prev: {
      sha256 = "sha256-gJnQKHssO2ChiT4d037Lncd7hiOa5uh756p8TzPzbgQ=";
    };

-    cargoDeps = oldAttrs.cargoDeps.overrideAttrs (
-      prev.lib.const {
+    cargoDeps = oldAttrs.cargoDeps.overrideAttrs (prev.lib.const {
      name = "${pname}-vendor.tar.gz";
      inherit src;
      outputHash = "sha256-QCEyl5FZqECYYb5eRm8mn+R6owt+CLQwCq/AMMPygE0=";
-      }
-    );
+    });
  });
 }
--- a/overlays/neovim-plugins.nix
+++ b/overlays/neovim-plugins.nix
@ -1,5 +1,7 @@
 final: prev: {
-  vimPlugins = prev.vimPlugins // {
+  vimPlugins =
+    prev.vimPlugins
+    // {
      instant-nvim-nvfetcher = prev.vimUtils.buildVimPlugin {
        inherit (prev.sources.instant-nvim-nvfetcher) pname version src;
      };
--- a/overlays/nix-index.nix
+++ b/overlays/nix-index.nix
@ -9,13 +9,11 @@ final: prev: {
    };
    version = "unstable-2024-06-12";

-    cargoDeps = oldAttrs.cargoDeps.overrideAttrs (
-      prev.lib.const {
+    cargoDeps = oldAttrs.cargoDeps.overrideAttrs (prev.lib.const {
      name = "${pname}-vendor.tar.gz";
      inherit src;
      outputHash = "sha256-pZCGeZK5AJrxcrqXC5NZhGDda+90rRdWXy00CYD8SYY=";
-      }
-    );
+    });

    postInstall = ''
      substituteInPlace etc/command-not-found.* \
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@ -1,11 +1,10 @@
-final: prev: with prev; {
+final: prev:
+with prev; {
  # keep sources this first
  sources = callPackage (import ./_sources/generated.nix) {};
  # then, call packages with `final.callPackage`
  gpu-switch = writeShellScriptBin "gpu-switch" (import ./gpu-switch.nix final);
-  import-gtk-settings = writeShellScriptBin "import-gtk-settings" (
-    import ./import-gtk-settings.nix final
-  );
+  import-gtk-settings = writeShellScriptBin "import-gtk-settings" (import ./import-gtk-settings.nix final);
  lgcl = writeShellScriptBin "lgcl" (import ./lgcl.nix final);
  mailto-mutt = writeShellScriptBin "mailto-mutt" (import ./mailto-mutt.nix final);
  mopidy-jellyfin = import ./mopidy-jellyfin.nix final;
@ -19,9 +18,7 @@ final: prev: with prev; {
  swaylock-bg = writeShellScriptBin "swaylock-bg" (import ./swaylock-bg.nix final);
  toggle-kbd-layout = writeShellScriptBin "toggle-kbd-layout" (import ./toggle-kbd-layout.nix final);
  wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final);
-  drone-docker-runner = writeShellScriptBin "drone-docker-runner" (
-    import ./drone-docker-runner.nix final
-  );
+  drone-docker-runner = writeShellScriptBin "drone-docker-runner" (import ./drone-docker-runner.nix final);
  record-screen = writeShellScriptBin "record-screen" (import ./record-screen.nix final);
  cockroach-bin = import ./cockroach.nix final;
  prison-break = import ./prison-break.nix final;
--- a/pkgs/drone-docker-runner.nix
+++ b/pkgs/drone-docker-runner.nix
@ -1,4 +1,5 @@
-self: with self; ''
+self:
+with self; ''
  case $1 in
    start)
      ${self.docker}/bin/docker run --detach \
--- a/pkgs/gpu-switch.nix
+++ b/pkgs/gpu-switch.nix
@ -1,4 +1,5 @@
-self: with self; ''
+self:
+with self; ''
  # Copyright (c) 2014-2015 Bruno Bierbaumer, Andreas Heider

  readonly sysfs_efi_vars='/sys/firmware/efi/efivars'
--- a/pkgs/import-gtk-settings.nix
+++ b/pkgs/import-gtk-settings.nix
@ -1,4 +1,5 @@
-self: with self; ''
+self:
+with self; ''
  # usage: import-gsettings <gsettings key>:<settings.ini key> <gsettings key>:<settings.ini key> ...

  expression=""
--- a/pkgs/lgcl.nix
+++ b/pkgs/lgcl.nix
@ -1,13 +1,8 @@
 self:
-with self;
-let
+with self; let
  looking-glass-client = self.looking-glass-client.overrideAttrs (old: {
-    meta.platforms = [
-      "x86_64-linux"
-      "aarch64-linux"
-    ];
+    meta.platforms = ["x86_64-linux" "aarch64-linux"];
  });
-in
-''
+in ''
  ${looking-glass-client}/bin/looking-glass-client -f /dev/shm/looking-glass input:ignoreWindowsKeys=yes input:grabKeyboardOnFocus=no
 ''
--- a/pkgs/mailto-mutt.nix
+++ b/pkgs/mailto-mutt.nix
@ -1,4 +1,5 @@
-self: with self; ''
+self:
+with self; ''
  mkdir -p $XDG_CACHE_HOME/log

  LOGFILE=$XDG_CACHE_HOME/log/mailto.log
--- a/pkgs/mopidy-jellyfin.nix
+++ b/pkgs/mopidy-jellyfin.nix
@ -1,6 +1,5 @@
 self:
-with self;
-let
+with self; let
  websocket-client = python3.pkgs.buildPythonPackage rec {
    pname = "websocket-client";
    version = "1.2.1";
--- a/pkgs/mu.nix
+++ b/pkgs/mu.nix
@ -1,3 +1,4 @@
-self: with self; ''
+self:
+with self; ''
  exec ${alacritty}/bin/alacritty --class mu_vimpc --option dimensions.columns=120 --option dimensions.lines=80 -e vimpc -- "$@"
 ''
--- a/pkgs/notes.nix
+++ b/pkgs/notes.nix
@ -1,4 +1,5 @@
-self: with self; ''
+self:
+with self; ''
  #
  # ack recursively through notes
  #
--- a/pkgs/prison-break.nix
+++ b/pkgs/prison-break.nix
@ -34,6 +34,8 @@ python3.pkgs.buildPythonPackage {
    notify2
    straight-plugin
  ];
-  patches = [ ./prison-break-url.patch ];
+  patches = [
+    ./prison-break-url.patch
+  ];
  checkInputs = [ python3.pkgs.black ];
 }
--- a/pkgs/psos-docs.nix
+++ b/pkgs/psos-docs.nix
@ -10,10 +10,7 @@ stdenv.mkDerivation rec {

    src = ../docs/..; # wut

-  phases = [
-    "buildPhase"
-    "installPhase"
-  ];
+    phases = ["buildPhase" "installPhase"];

    buildPhase = ''
      cp -r $src/doc ./doc
--- a/pkgs/psos.nix
+++ b/pkgs/psos.nix
@ -1,4 +1,5 @@
-self: with self; ''
+self:
+with self; ''
  case $1 in
    rebuild)
      shift;
--- a/pkgs/record-screen.nix
+++ b/pkgs/record-screen.nix
@ -1,4 +1,5 @@
-self: with self; ''
+self:
+with self; ''
  mkdir -p "$HOME/Videos/Screenrecordings"
  GEOMETRY="$(slurp -d -b \#ffffff11)"
  RESOLUTION="$(echo $GEOMETRY | awk '{print $2}')"
--- a/pkgs/s.nix
+++ b/pkgs/s.nix
@ -1,4 +1,5 @@
-self: with self; ''
+self:
+with self; ''
  case $1 in
    d)
      shift;
--- a/pkgs/scan2paperless.nix
+++ b/pkgs/scan2paperless.nix
@ -1,4 +1,5 @@
-self: with self; ''
+self:
+with self; ''
  echo "$@"
  DUPLEX=,Duplex
  removeempty="true"
--- a/pkgs/sway-launcher.nix
+++ b/pkgs/sway-launcher.nix
@ -1,4 +1,5 @@
-self: with self; ''
+self:
+with self; ''
  #!/usr/bin/env bash
  # terminal application launcher for sway, using fzf
  # original command:
--- a/pkgs/swaylock-bg.nix
+++ b/pkgs/swaylock-bg.nix
@ -1,4 +1,5 @@
-self: with self; ''
+self:
+with self; ''
  # Dependencies:
  # swaylock
  IMAGE="$XDG_CONFIG_HOME/wallpaper.jpg"
--- a/pkgs/toggle-kbd-layout.nix
+++ b/pkgs/toggle-kbd-layout.nix
@ -1,4 +1,5 @@
-self: with self; ''
+self:
+with self; ''
  set -e

  current_layout=$(${sway}/bin/swaymsg -t get_inputs | ${jq}/bin/jq -r '.[] | select(.type == "keyboard") | .xkb_active_layout_index' | head -1)
--- a/pkgs/uhk-agent.nix
+++ b/pkgs/uhk-agent.nix
@ -1,6 +1,5 @@
 self:
-with self;
-let
+with self; let
  uhk-agent-bin = stdenv.mkDerivation rec {
    pname = "uhk-agent-bin";
    version = "1.5.14";
@ -8,10 +7,7 @@ let
      url = "https://github.com/UltimateHackingKeyboard/agent/releases/download/v1.5.14/UHK.Agent-1.5.14-linux-x86_64.AppImage";
      sha256 = "sha256:1yzh4ixy0cqg02xf84vcqj3h67mkxyzs6jf1h935ay582n70nyqg";
    };
-    phases = [
-      "installPhase"
-      "patchPhase"
-    ];
+    phases = ["installPhase" "patchPhase"];
    installPhase = ''
      mkdir -p $out/bin
      cp $src $out/bin/uhk-agent
@ -34,11 +30,7 @@ stdenv.mkDerivation rec {
      appimage-run
    ];

-  phases = [
-    "buildPhase"
-    "installPhase"
-    "patchPhase"
-  ];
+    phases = ["buildPhase" "installPhase" "patchPhase"];

    buildPhase = ''
      echo "${script}" >> uhk-agent
--- a/pkgs/wcwd.nix
+++ b/pkgs/wcwd.nix
@ -1,4 +1,5 @@
-self: with self; ''
+self:
+with self; ''
  pid=$(${sway}/bin/swaymsg -t get_tree | ${jq}/bin/jq '.. | select(.type?) | select(.type=="con") | select(.focused==true).pid')
  ppid=$(${procps}/bin/pgrep --newest --parent ''${pid})
  readlink /proc/''${ppid}/cwd || echo $HOME
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -9,14 +9,8 @@ let
    teutat3s = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms";
    teutat3s-5-nfc = "age1yubikey1qdxpc9qenrkhqxnu2p6sgyfxhnxcvz99jcaq36uqcztuzsy92q596shqxkf";
  };
-  allKeys = [
-    machines.dumpyourvms
-    machines.ryzensun
-    users.teutat3s
-    users.teutat3s-5-nfc
-  ];
-in
-{
+  allKeys = [machines.dumpyourvms machines.ryzensun users.teutat3s users.teutat3s-5-nfc];
+in {
  "example-secret.age".publicKeys = allKeys;
  "environment-secrets.age".publicKeys = allKeys;
  "github-api-token.age".publicKeys = allKeys;
@ -26,9 +20,5 @@ in
  "mnx-bonanza-pf1.p12.age".publicKeys = allKeys;
  "docker-ci-runner-secrets.age".publicKeys = allKeys;
  "test-secret.age".publicKeys = [users.teutat3s-5-nfc];
-  "hosting-de-acme-secrets.age".publicKeys = [
-    machines.fae
-    users.teutat3s
-    users.teutat3s-5-nfc
-  ];
+  "hosting-de-acme-secrets.age".publicKeys = [machines.fae users.teutat3s users.teutat3s-5-nfc];
 }
--- a/tests/first-test.nix
+++ b/tests/first-test.nix
@ -1,13 +1,11 @@
-{ pkgs, lib, ... }:
 {
+  pkgs,
+  lib,
+  ...
+}: {
  name = "firstTest";

-  nodes.test-machine =
-    {
-      suites ? null,
-      ...
-    }:
-    {
+  nodes.test-machine = {suites ? null, ...}: {
    imports = suites.iso;

    home-manager.users.pub-solar.programs.bash.shellAliases = {
@ -18,11 +16,7 @@
    # source: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/tests/sway.nix
    environment = {
      # For glinfo and wayland-info:
-        systemPackages = with pkgs; [
-          mesa-demos
-          wayland-utils
-          alacritty
-        ];
+      systemPackages = with pkgs; [mesa-demos wayland-utils alacritty];
      # Use a fixed SWAYSOCK path (for swaymsg):
      variables = {
        "SWAYSOCK" = "/tmp/sway-ipc.sock";
--- a/Show more
+++ b/Show more