reformat

2024-12-27 21:30:25 -06:00 · 2024-12-27 21:30:25 -06:00 · 2b6d062d16
commit 2b6d062d16
parent ada913b9c0
86 changed files with 1280 additions and 837 deletions
--- a/.archive/home/modules/programs/de/default.nix
+++ b/.archive/home/modules/programs/de/default.nix
@ -1,4 +1,5 @@
-{ ... }: {
+{ ... }:
 {
  imports = [
    ./gnome
  ];
--- a/.archive/home/modules/programs/de/gnome/default.nix
+++ b/.archive/home/modules/programs/de/gnome/default.nix
@ -1,10 +1,16 @@
 # Adjusted manually from generated output of dconf2nix
 # https://github.com/gvolpe/dconf2nix
-{ lib, pkgs, osConfig, ... }:
+{
-with lib.hm.gvariant; {
+  lib,
  pkgs,
  osConfig,
  ...
 }:
 with lib.hm.gvariant;
 {
  config = lib.mkIf osConfig.mySystem.de.gnome.enable {
    # add user packages
-    home.packages = with pkgs;  [
+    home.packages = with pkgs; [
      dconf2nix
    ];
@ -20,13 +26,39 @@ with lib.hm.gvariant; {
        home = [ "<Super>e" ];
      };
      "org/gnome/desktop/wm/preferences" = {
-        workspace-names = [ "sys" "talk" "web" "edit" "run" ];
+        workspace-names = [
          "sys"
          "talk"
          "web"
          "edit"
          "run"
        ];
        button-layout = "appmenu:minimize,close";
      };
      "org/gnome/shell" = {
-        disabled-extensions = [ "apps-menu@gnome-shell-extensions.gcampax.github.com" "light-style@gnome-shell-extensions.gcampax.github.com" "places-menu@gnome-shell-extensions.gcampax.github.com" "drive-menu@gnome-shell-extensions.gcampax.github.com" "window-list@gnome-shell-extensions.gcampax.github.com" "workspace-indicator@gnome-shell-extensions.gcampax.github.com" ];
+        disabled-extensions = [
-        enabled-extensions = [ "appindicatorsupport@rgcjonas.gmail.com" "caffeine@patapon.info" "dash-to-dock@micxgx.gmail.com" "gsconnect@andyholmes.github.io" "Vitals@CoreCoding.com" "sp-tray@sp-tray.esenliyim.github.com" ];
+          "apps-menu@gnome-shell-extensions.gcampax.github.com"
-        favorite-apps = [ "com.mitchellh.ghostty.desktop" "vivaldi-stable.desktop" "obsidian.desktop" "code.desktop" "vesktop.desktop" ];
+          "light-style@gnome-shell-extensions.gcampax.github.com"
          "places-menu@gnome-shell-extensions.gcampax.github.com"
          "drive-menu@gnome-shell-extensions.gcampax.github.com"
          "window-list@gnome-shell-extensions.gcampax.github.com"
          "workspace-indicator@gnome-shell-extensions.gcampax.github.com"
        ];
        enabled-extensions = [
          "appindicatorsupport@rgcjonas.gmail.com"
          "caffeine@patapon.info"
          "dash-to-dock@micxgx.gmail.com"
          "gsconnect@andyholmes.github.io"
          "Vitals@CoreCoding.com"
          "sp-tray@sp-tray.esenliyim.github.com"
        ];
        favorite-apps = [
          "com.mitchellh.ghostty.desktop"
          "vivaldi-stable.desktop"
          "obsidian.desktop"
          "code.desktop"
          "vesktop.desktop"
        ];
      };
      "org/gnome/nautilus/preferences" = {
        default-folder-viewer = "list-view";
--- a/.archive/hosts/durincore/default.nix
+++ b/.archive/hosts/durincore/default.nix
@ -1,11 +1,17 @@
-{ ... }: {
+{ ... }:
 {
  config = {
    networking.hostId = "ad4380db";
    networking.hostName = "durincore";
    # Kernel mods
    boot = {
      initrd = {
-        availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
+        availableKernelModules = [
          "xhci_pci"
          "nvme"
          "usb_storage"
          "sd_mod"
        ];
        kernelModules = [ ];
      };
      kernelModules = [ "kvm-intel" ];
@ -13,31 +19,34 @@
    };
    fileSystems = {
-      "/" =
+      "/" = {
-        {
+        device = "rpool/root";
-          device = "rpool/root";
+        fsType = "zfs";
-          fsType = "zfs";
+      };
        };
-      "/home" =
+      "/home" = {
-        {
+        device = "rpool/home";
-          device = "rpool/home";
+        fsType = "zfs";
-          fsType = "zfs";
+      };
        };
-      "/boot" =
+      "/boot" = {
-        {
+        device = "/dev/disk/by-uuid/F1B9-CA7C";
-          device = "/dev/disk/by-uuid/F1B9-CA7C";
+        fsType = "vfat";
-          fsType = "vfat";
+        options = [
-          options = [ "fmask=0077" "dmask=0077" ];
+          "fmask=0077"
-        };
+          "dmask=0077"
        ];
      };
    };
    swapDevices = [ ];
    # System settings and services.
    mySystem = {
-      system.motd.networkInterfaces = [ "enp0s31f6" "wlp4s0" ];
+      system.motd.networkInterfaces = [
        "enp0s31f6"
        "wlp4s0"
      ];
    };
  };
--- a/.archive/hosts/legiondary/default.nix
+++ b/.archive/hosts/legiondary/default.nix
@ -1,50 +1,56 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, modulesPath, ... }:
+{
  config,
  lib,
  modulesPath,
  ...
 }:
 {
-  imports =
+  imports = [
-    [
+    (modulesPath + "/installer/scan/not-detected.nix")
-      (modulesPath + "/installer/scan/not-detected.nix")
+  ];
    ];
  networking.hostId = "2132e3bf";
  networking.hostName = "legiondary";
  boot = {
-    initrd.availableKernelModules = [ "xhci_pci" "nvme" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+    initrd.availableKernelModules = [
      "xhci_pci"
      "nvme"
      "ahci"
      "usb_storage"
      "usbhid"
      "sd_mod"
    ];
    initrd.kernelModules = [ ];
    kernelModules = [ "kvm-amd" ];
    extraModulePackages = [ ];
  };
-  fileSystems =
+  fileSystems = {
-    {
+    "/" = {
-      "/" =
+      device = "zroot/root";
-        {
+      fsType = "zfs";
          device = "zroot/root";
          fsType = "zfs";
        };
      "/nix" =
        {
          device = "zroot/nix";
          fsType = "zfs";
        };
      "/var" =
        {
          device = "zroot/var";
          fsType = "zfs";
        };
      "/home" =
        {
          device = "zroot/home";
          fsType = "zfs";
        };
    };
    "/nix" = {
      device = "zroot/nix";
      fsType = "zfs";
    };
    "/var" = {
      device = "zroot/var";
      fsType = "zfs";
    };
    "/home" = {
      device = "zroot/home";
      fsType = "zfs";
    };
  };
  # fileSystems."/boot" =
  #   { device = "/dev/disk/by-uuid/E532-B74A";
  #     fsType = "vfat";
@ -58,6 +64,9 @@
  # System settings and services.
  mySystem = {
    purpose = "Development";
-    system.motd.networkInterfaces = [ "eno1" "wlp4s0" ];
+    system.motd.networkInterfaces = [
      "eno1"
      "wlp4s0"
    ];
  };
 }
--- a/.archive/modules/nixos/containers/lego-auto/default.nix
+++ b/.archive/modules/nixos/containers/lego-auto/default.nix
@ -3,9 +3,9 @@ with lib;
 let
  app = "lego-auto";
  image = "ghcr.io/bjw-s/lego-auto:v0.3.0";
-  user = "999"; #string
+  user = "999"; # string
-  group = "102"; #string
+  group = "102"; # string
-  port = 9898; #int
+  port = 9898; # int
  cfg = config.mySystem.services.${app};
  appFolder = "/eru/containers/volumes/${app}";
 in
@ -43,16 +43,18 @@ in
      extraOptions = [
        "--dns=1.1.1.1"
      ];
-      environment = {
+      environment =
-        TZ = "America/Chicago";
+        {
-        LA_DATADIR = "/cert";
+          TZ = "America/Chicago";
-        LA_CACHEDIR = "/cert/.cache";
+          LA_DATADIR = "/cert";
-        LA_EMAIL = cfg.email;
+          LA_CACHEDIR = "/cert/.cache";
-        LA_DOMAINS = cfg.domains;
+          LA_EMAIL = cfg.email;
-        LA_PROVIDER = cfg.provider;
+          LA_DOMAINS = cfg.domains;
-      } // lib.optionalAttrs (cfg.provider == "dnsimple") {
+          LA_PROVIDER = cfg.provider;
-        DNSIMPLE_OAUTH_TOKEN_FILE = "/config/dnsimple-token";
+        }
-      };
+        // lib.optionalAttrs (cfg.provider == "dnsimple") {
          DNSIMPLE_OAUTH_TOKEN_FILE = "/config/dnsimple-token";
        };
      volumes = [
        "${appFolder}/cert:/cert"
--- a/.archive/modules/nixos/containers/unifi/default.nix
+++ b/.archive/modules/nixos/containers/unifi/default.nix
@ -6,8 +6,8 @@ let
  version = "8.4.62";
  cfg = config.mySystem.services.${app};
  appFolder = "/eru/containers/volumes/${app}";
  # persistentFolder = "${config.mySystem.persistentFolder}/var/lib/${appFolder}";
 in
 # persistentFolder = "${config.mySystem.persistentFolder}/var/lib/${appFolder}";
 {
  options.mySystem.services.${app} = {
    enable = mkEnableOption "${app}";
@ -19,7 +19,12 @@ in
        allowedTCPPorts = [ 8443 ];
      };
      podman0 = {
-        allowedTCPPorts = [ 8080 8443 8880 8843 ];
+        allowedTCPPorts = [
          8080
          8443
          8880
          8843
        ];
        allowedUDPPorts = [ 3478 ];
      };
    };
--- a/.archive/modules/nixos/de/kde.nix
+++ b/.archive/modules/nixos/de/kde.nix
@ -1,4 +1,9 @@
-{ lib, config, pkgs, ... }:
+{
  lib,
  config,
  pkgs,
  ...
 }:
 let
  cfg = config.mySystem.de.kde;
  flameshotOverride = pkgs.unstable.flameshot.override { enableWlrSupport = true; };
@ -6,14 +11,15 @@ in
 {
  options = {
    mySystem.de.kde = {
-      enable = lib.mkEnableOption "KDE" // { default = false; };
+      enable = lib.mkEnableOption "KDE" // {
        default = false;
      };
    };
  };
  config = lib.mkIf cfg.enable {
    # Ref: https://wiki.nixos.org/wiki/KDE
    # KDE
    services = {
      displayManager = {
@ -43,7 +49,6 @@ in
      jack.enable = true;
    };
    # extra pkgs and extensions
    environment = {
      systemPackages = with pkgs; [
--- a/.archive/modules/nixos/services/cockpit/default.nix
+++ b/.archive/modules/nixos/services/cockpit/default.nix
@ -1,4 +1,9 @@
-{ lib, config, pkgs, ... }:
+{
  lib,
  config,
  pkgs,
  ...
 }:
 with lib;
 let
  cfg = config.mySystem.services.cockpit;
--- a/.archive/modules/nixos/services/vault/default.nix
+++ b/.archive/modules/nixos/services/vault/default.nix
@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
  config,
  lib,
  pkgs,
  ...
 }:
 let
  cfg = config.mySystem.services.vault;
 in
--- a/.archive/profiles/disko-telchar.nix
+++ b/.archive/profiles/disko-telchar.nix
@ -40,7 +40,10 @@
                  "/home/user" = { };
                  # Parent is not mounted so the mountpoint must be set
                  "/nix" = {
-                    mountOptions = [ "compress=zstd" "noatime" ];
+                    mountOptions = [
                      "compress=zstd"
                      "noatime"
                    ];
                    mountpoint = "/nix";
                  };
                };
--- a/.archive/profiles/hw-framework-16-7840hs.nix
+++ b/.archive/profiles/hw-framework-16-7840hs.nix
@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
  config,
  lib,
  pkgs,
  ...
 }:
 {
  mySystem = {
    security.wheelNeedsSudoPassword = false;
@ -16,7 +21,7 @@
    };
  };
-   # For updating firmware on the Framework.
+  # For updating firmware on the Framework.
  services.fwupd.enable = true;
  networking = {
--- a/.archive/profiles/hw-legion-15arh05h.nix
+++ b/.archive/profiles/hw-legion-15arh05h.nix
@ -10,7 +10,10 @@
  boot = {
    # for managing/mounting ntfs
-    supportedFilesystems = [ "ntfs" "nfs" ];
+    supportedFilesystems = [
      "ntfs"
      "nfs"
    ];
    loader = {
      grub = {
@ -18,7 +21,10 @@
        zfsSupport = true;
        device = "nodev";
        mirroredBoots = [
-          { devices = [ "nodev" ]; path = "/boot"; }
+          {
            devices = [ "nodev" ];
            path = "/boot";
          }
        ];
      };
    };
--- a/.archive/profiles/role-workstation.nix
+++ b/.archive/profiles/role-workstation.nix
@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
  config,
  lib,
  pkgs,
  ...
 }:
 # Role for workstations
 # Covers desktops/laptops, expected to have a GUI and do workloads
 # Will have home-manager installs
--- a/flake.lock
+++ b/flake.lock
@ -237,24 +237,6 @@
      "inputs": {
        "systems": "systems_4"
      },
      "locked": {
        "lastModified": 1726560853,
        "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "flake-utils_4": {
      "inputs": {
        "systems": "systems_5"
      },
      "locked": {
        "lastModified": 1681202837,
        "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
@ -269,9 +251,9 @@
        "type": "github"
      }
    },
-    "flake-utils_5": {
+    "flake-utils_4": {
      "inputs": {
-        "systems": "systems_6"
+        "systems": "systems_5"
      },
      "locked": {
        "lastModified": 1710146030,
@ -287,9 +269,9 @@
        "type": "github"
      }
    },
-    "flake-utils_6": {
+    "flake-utils_5": {
      "inputs": {
-        "systems": "systems_7"
+        "systems": "systems_6"
      },
      "locked": {
        "lastModified": 1681202837,
@ -670,25 +652,6 @@
        "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz"
      }
    },
    "mise": {
      "inputs": {
        "flake-utils": "flake-utils_3",
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
        "lastModified": 1735325928,
        "narHash": "sha256-MfOIDwb6pMakn9eCulGrPwAMuL5qFOhwaEoFFeuv8cY=",
        "owner": "jdx",
        "repo": "mise",
        "rev": "323a85b6f7632b906cb113a428519f2ba89197e7",
        "type": "github"
      },
      "original": {
        "owner": "jdx",
        "repo": "mise",
        "type": "github"
      }
    },
    "mk-naked-shell": {
      "flake": false,
      "locked": {
@ -757,7 +720,7 @@
    "nix-minecraft": {
      "inputs": {
        "flake-compat": "flake-compat_3",
-        "flake-utils": "flake-utils_4",
+        "flake-utils": "flake-utils_3",
        "nixpkgs": [
          "nixpkgs-unstable"
        ]
@ -779,7 +742,7 @@
    "nix-vscode-extensions": {
      "inputs": {
        "flake-compat": "flake-compat_4",
-        "flake-utils": "flake-utils_5",
+        "flake-utils": "flake-utils_4",
        "nixpkgs": [
          "nixpkgs"
        ]
@ -891,22 +854,6 @@
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1729980323,
        "narHash": "sha256-eWPRZAlhf446bKSmzw6x7RWEE4IuZgAp8NW3eXZwRAY=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "86e78d3d2084ff87688da662cf78c2af085d8e73",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_3": {
      "locked": {
        "lastModified": 1735141468,
        "narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
@ -922,7 +869,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_4": {
+    "nixpkgs_3": {
      "locked": {
        "lastModified": 1734649271,
        "narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=",
@ -938,7 +885,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_5": {
+    "nixpkgs_4": {
      "locked": {
        "lastModified": 1682134069,
        "narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=",
@ -977,7 +924,7 @@
    "nur": {
      "inputs": {
        "flake-parts": "flake-parts",
-        "nixpkgs": "nixpkgs_4",
+        "nixpkgs": "nixpkgs_3",
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
@ -1111,12 +1058,11 @@
        "hyprland-plugins": "hyprland-plugins",
        "krewfile": "krewfile",
        "lix-module": "lix-module",
        "mise": "mise",
        "nix-inspect": "nix-inspect",
        "nix-minecraft": "nix-minecraft",
        "nix-vscode-extensions": "nix-vscode-extensions",
        "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs_3",
+        "nixpkgs": "nixpkgs_2",
        "nixpkgs-unstable": "nixpkgs-unstable",
        "nixvirt-git": "nixvirt-git",
        "nur": "nur",
@ -1281,21 +1227,6 @@
        "type": "github"
      }
    },
    "systems_7": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "talhelper": {
      "inputs": {
        "flake-parts": "flake-parts_2",
@ -1362,8 +1293,8 @@
    },
    "vscode-server": {
      "inputs": {
-        "flake-utils": "flake-utils_6",
+        "flake-utils": "flake-utils_5",
-        "nixpkgs": "nixpkgs_5"
+        "nixpkgs": "nixpkgs_4"
      },
      "locked": {
        "lastModified": 1729422940,
--- a/flake.nix
+++ b/flake.nix
@ -92,9 +92,6 @@
      url = "github:hyprwm/hyprland-plugins";
      inputs.hyprland.follows = "hyprland";
    };
    # Mise
    mise.url = "github:jdx/mise";
  };
  outputs =
@ -110,7 +107,6 @@
      lix-module,
      vscode-server,
      krewfile,
      mise,
      ...
    }@inputs:
    let
--- a/nixos/home/jahanson/global.nix
+++ b/nixos/home/jahanson/global.nix
@ -1,4 +1,9 @@
-{ pkgs, config, inputs, ... }:
+{
  pkgs,
  config,
  inputs,
  ...
 }:
 with config;
 {
  imports = [
@ -76,7 +81,6 @@ with config;
        # filesystem tools
        gptfdisk # sgdisk
        # system call monitoring
        strace # system call monitoring
        ltrace # library call monitoring
--- a/nixos/home/modules/default.nix
+++ b/nixos/home/modules/default.nix
@ -1,4 +1,5 @@
-{ lib, ... }: {
+{ lib, ... }:
 {
  imports = [
    ./shell
--- a/nixos/home/modules/programs/browsers/default.nix
+++ b/nixos/home/modules/programs/browsers/default.nix
@ -1,4 +1,5 @@
-{ ... }: {
+{ ... }:
 {
  imports = [
    ./firefox
  ];
--- a/nixos/home/modules/programs/browsers/firefox/default.nix
+++ b/nixos/home/modules/programs/browsers/firefox/default.nix
@ -1,4 +1,9 @@
-{ lib, config, pkgs, ... }:
+{
  lib,
  config,
  pkgs,
  ...
 }:
 with lib;
 let
  cfg = config.myHome.programs.firefox;
@ -6,27 +11,25 @@ in
 {
  options.myHome.programs.firefox.enable = mkEnableOption "Firefox";
-  config = mkIf cfg.enable
+  config = mkIf cfg.enable {
-    {
+    programs.firefox = {
-      programs.firefox = {
+      enable = true;
-        enable = true;
+      package = pkgs.firefox.override {
-        package = pkgs.firefox.override
+        extraPolicies = {
-          {
+          DontCheckDefaultBrowser = true;
-            extraPolicies = {
+          DisablePocket = true;
-              DontCheckDefaultBrowser = true;
+          # See nixpkgs' firefox/wrapper.nix to check which options you can use
-              DisablePocket = true;
+          nativeMessagingHosts = [
-              # See nixpkgs' firefox/wrapper.nix to check which options you can use
+            # Gnome shell native connector
-              nativeMessagingHosts = [
+            pkgs.gnome-browser-connector
-                # Gnome shell native connector
+            # plasma connector
-                pkgs.gnome-browser-connector
+            # plasma5Packages.plasma-browser-integration
-                # plasma connector
+          ];
-                # plasma5Packages.plasma-browser-integration
+        };
              ];
            };
          };
        policies = import ./policies.nix;
        profiles.default = import ./profile-default.nix { inherit pkgs; };
      };
      policies = import ./policies.nix;
      profiles.default = import ./profile-default.nix { inherit pkgs; };
    };
  };
 }
--- a/nixos/home/modules/programs/default.nix
+++ b/nixos/home/modules/programs/default.nix
@ -1,4 +1,5 @@
-{ ... }: {
+{ ... }:
 {
  imports = [
    ./browsers
    ./thunderbird
--- a/nixos/home/modules/programs/thunderbird/default.nix
+++ b/nixos/home/modules/programs/thunderbird/default.nix
@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 let
  cfg = config.myHome.programs.thunderbird;
--- a/nixos/home/modules/security/default.nix
+++ b/nixos/home/modules/security/default.nix
@ -1,4 +1,5 @@
-{ ... }: {
+{ ... }:
 {
  imports = [
    ./ssh
  ];
--- a/nixos/home/modules/security/ssh/default.nix
+++ b/nixos/home/modules/security/ssh/default.nix
@ -1,5 +1,6 @@
 { config, lib, ... }:
-with lib; let
+with lib;
 let
  cfg = config.myHome.security.ssh;
 in
 {
--- a/nixos/home/modules/shell/atuind/default.nix
+++ b/nixos/home/modules/shell/atuind/default.nix
@ -1,5 +1,11 @@
-{ config, pkgs, lib, ... }:
+{
-with lib; let
+  config,
  pkgs,
  lib,
  ...
 }:
 with lib;
 let
  cfg = config.myHome.shell.atuind;
 in
 {
@ -9,22 +15,21 @@ in
  config = mkMerge [
    (mkIf cfg.enable {
-      systemd.user.services.atuind =
+      systemd.user.services.atuind = {
-        {
+        Install = {
-          Install = {
+          WantedBy = [ "default.target" ];
            WantedBy = [ "default.target" ];
          };
          Unit = {
            After = [ "network.target" ];
          };
          Service = {
            Environment = "ATUIN_LOG=info";
            ExecStart = "${pkgs.unstable.atuin}/bin/atuin daemon";
            # Remove the socket file if the daemon is not running. 
            # Unexpected shutdowns may have left this file here.
            ExecStartPre="/run/current-system/sw/bin/bash -c '! pgrep atuin && /run/current-system/sw/bin/rm -f ~/.local/share/atuin/atuin.sock'";
          };
        };
        Unit = {
          After = [ "network.target" ];
        };
        Service = {
          Environment = "ATUIN_LOG=info";
          ExecStart = "${pkgs.unstable.atuin}/bin/atuin daemon";
          # Remove the socket file if the daemon is not running.
          # Unexpected shutdowns may have left this file here.
          ExecStartPre = "/run/current-system/sw/bin/bash -c '! pgrep atuin && /run/current-system/sw/bin/rm -f ~/.local/share/atuin/atuin.sock'";
        };
      };
    })
  ];
 }
--- a/nixos/home/modules/shell/default.nix
+++ b/nixos/home/modules/shell/default.nix
@ -1,4 +1,5 @@
-{ ... }: {
+{ ... }:
 {
  imports = [
    ./atuind
    ./fish
--- a/nixos/home/modules/shell/fish/default.nix
+++ b/nixos/home/modules/shell/fish/default.nix
@ -96,6 +96,9 @@ in
          set -gx SSH_ASKPASS_REQUIRE "prefer" # This is for git to use the ssh-askpass
          set -gx ATUIN_SYNC_ADDRESS "https://sh.hsn.dev"
          # Mise https://mise.jdx.dev
          mise activate fish | source
          # One Password cli
          if test -e ~/.config/op/plugins.sh
            source ~/.config/op/plugins.sh
--- a/nixos/home/modules/shell/git/default.nix
+++ b/nixos/home/modules/shell/git/default.nix
@ -1,4 +1,9 @@
-{ pkgs, config, lib, ... }:
+{
  pkgs,
  config,
  lib,
  ...
 }:
 let
  cfg = config.myHome.shell.git;
 in
--- a/nixos/home/modules/shell/starship/default.nix
+++ b/nixos/home/modules/shell/starship/default.nix
@ -1,12 +1,16 @@
-{ lib
+{
-, config
+  lib,
-, ...
+  config,
  ...
 }:
-with lib; let
+with lib;
 let
  cfg = config.myHome.shell.starship;
 in
 {
-  options.myHome.shell.starship = { enable = mkEnableOption "starship"; };
+  options.myHome.shell.starship = {
    enable = mkEnableOption "starship";
  };
  config = mkIf cfg.enable {
    programs.starship = {
--- a/nixos/home/modules/shell/wezterm/default.nix
+++ b/nixos/home/modules/shell/wezterm/default.nix
@ -1,5 +1,11 @@
-{ config, pkgs, lib, ... }:
+{
-with lib; let
+  config,
  pkgs,
  lib,
  ...
 }:
 with lib;
 let
  cfg = config.myHome.shell.wezterm;
 in
 {
--- a/nixos/hosts/gandalf/config/sanoid.nix
+++ b/nixos/hosts/gandalf/config/sanoid.nix
@ -14,22 +14,22 @@
    };
    datasets = {
      "eru/xen-backups" = {
-        useTemplate = ["production"];
+        useTemplate = [ "production" ];
      };
      "eru/hansonhive" = {
-        useTemplate = ["production"];
+        useTemplate = [ "production" ];
      };
      "eru/tm_joe" = {
-        useTemplate = ["production"];
+        useTemplate = [ "production" ];
      };
      "eru/tm_elisia" = {
-        useTemplate = ["production"];
+        useTemplate = [ "production" ];
      };
      "eru/containers/volumes/xo-data" = {
-        useTemplate = ["production"];
+        useTemplate = [ "production" ];
      };
      "eru/containers/volumes/xo-redis-data" = {
-        useTemplate = ["production"];
+        useTemplate = [ "production" ];
      };
    };
  };
--- a/nixos/hosts/gandalf/default.nix
+++ b/nixos/hosts/gandalf/default.nix
@ -9,9 +9,9 @@
  ...
 }:
 # let
-  # sanoidConfig = import ./config/sanoid.nix { };
+# sanoidConfig = import ./config/sanoid.nix { };
-  # disks = import ./config/disks.nix;
+# disks = import ./config/disks.nix;
-  # smartdDevices = map (device: { inherit device; }) disks;
+# smartdDevices = map (device: { inherit device; }) disks;
 # in
 {
  imports = [
--- a/nixos/hosts/shadowfax/config/disks.nix
+++ b/nixos/hosts/shadowfax/config/disks.nix
@ -1,15 +1,13 @@
 [
  # zroot
  "/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_500GB_S58SNM0W406409E"
  "/dev/disk/by-id/nvme-SOLIDIGM_SSDPFKNU020TZ_PHEH314200DT2P0C"
  "/dev/disk/by-id/nvme-SOLIDIGM_SSDPFKNU020TZ_PHEH3142017H2P0C"
  "/dev/disk/by-id/nvme-SOLIDIGM_SSDPFKNU020TZ_PHEH314201AD2P0C"
  "/dev/disk/by-id/nvme-SOLIDIGM_SSDPFKNU020TZ_PHEH314201E72P0C"
  # nahar
-  "/dev/nvme0" # These are required to fix a smartctl bug I have yet to upgrade to a version that fixes it.
+  "/dev/nvme0"
  "/dev/nvme1"
  "/dev/nvme2"
  "/dev/nvme3"
  "/dev/nvme4"
  "/dev/nvme5"
  # moria
  "/dev/disk/by-id/scsi-35000cca23bc8a504"
  "/dev/disk/by-id/scsi-35000cca23bd29918"
@ -31,5 +29,4 @@
  "/dev/disk/by-id/scsi-35000cca0461810f8"
  "/dev/disk/by-id/scsi-35000cca04618b930"
  "/dev/disk/by-id/scsi-35000cca04618cec4"
 ]
--- a/nixos/hosts/shadowfax/config/sanoid.nix
+++ b/nixos/hosts/shadowfax/config/sanoid.nix
@ -14,19 +14,19 @@
    };
    datasets = {
      "nahar/scrypted" = {
-        useTemplate = ["production"];
+        useTemplate = [ "production" ];
      };
      "nahar/containers/volumes/plex" = {
-        useTemplate = ["production"];
+        useTemplate = [ "production" ];
      };
      "nahar/containers/volumes/scrypted" = {
-        useTemplate = ["production"];
+        useTemplate = [ "production" ];
      };
      "nahar/containers/volumes/jellyfin" = {
-        useTemplate = ["production"];
+        useTemplate = [ "production" ];
      };
      "nahar/containers/volumes/scrutiny" = {
-        useTemplate = ["production"];
+        useTemplate = [ "production" ];
      };
    };
  };
--- a/nixos/hosts/shadowfax/default.nix
+++ b/nixos/hosts/shadowfax/default.nix
@ -47,10 +47,7 @@ in
    nvidia-container-toolkit.enable = true;
  };
-  users.users.root.openssh.authorizedKeys.keys = [
+  users.users.root.openssh.authorizedKeys.keys = [ ];
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGSFTSVPt43PBpSMSF1dGTzN2JbxztDZUml7g4+PnWe CSI-Driver@talos"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBROTzSefJGJeCNUgNLbE5l4sHHg2fHUO4sCwqvP+zAd root@Gollum"
  ];
  # Network settings
  networking = {
@ -187,7 +184,10 @@ in
      scrutiny = {
        enable = true;
        devices = disks;
-        extraCapabilities = [ "SYS_RAWIO" ];
+        extraCapabilities = [
          "SYS_RAWIO"
          "SYS_ADMIN"
        ];
        containerVolumeLocation = "/nahar/containers/volumes/scrutiny";
        port = 8585;
      };
--- a/nixos/hosts/telperion/config/bind.nix
+++ b/nixos/hosts/telperion/config/bind.nix
@ -1,27 +1,27 @@
-{config, ...}: 
+{ config, ... }:
 ''
-include "${config.sops.secrets."bind/rndc-keys/externaldns".path}";
+  include "${config.sops.secrets."bind/rndc-keys/externaldns".path}";
-acl trusted {
+  acl trusted {
-  10.33.44.0/24;  # LAN
+    10.33.44.0/24;  # LAN
-  10.1.1.0/24;    # Servers
+    10.1.1.0/24;    # Servers
-  10.1.2.0/24;    # Trusted
+    10.1.2.0/24;    # Trusted
-  10.1.3.0/24;    # IoT
+    10.1.3.0/24;    # IoT
-  10.1.4.0/24;    # Video
+    10.1.4.0/24;    # Video
-};
+  };
-zone "jahanson.tech." {
+  zone "jahanson.tech." {
-  type master;
+    type master;
-  file "${config.sops.secrets."bind/zones/jahanson.tech".path}";
+    file "${config.sops.secrets."bind/zones/jahanson.tech".path}";
-  journal "${config.services.bind.directory}/db.jahanson.tech.jnl";
+    journal "${config.services.bind.directory}/db.jahanson.tech.jnl";
-  allow-transfer {
+    allow-transfer {
-    key "externaldns";
+      key "externaldns";
    };
    update-policy {
      grant externaldns zonesub ANY;
    };
    allow-query {
      trusted;
    };
  };
  update-policy {
    grant externaldns zonesub ANY;
  };
  allow-query {
    trusted;
  };
 };
 ''
--- a/nixos/hosts/telperion/config/haproxy.nix
+++ b/nixos/hosts/telperion/config/haproxy.nix
@ -1,53 +1,53 @@
 { ... }:
 ''
-global
+  global
-  log /dev/log local0
+    log /dev/log local0
-  log /dev/log local1 notice
+    log /dev/log local1 notice
-  daemon
+    daemon
-defaults
+  defaults
-  mode http
+    mode http
-  log global
+    log global
-  option httplog
+    option httplog
-  option dontlognull
+    option dontlognull
-  option http-server-close
+    option http-server-close
-  option redispatch
+    option redispatch
-  retries 3
+    retries 3
-  timeout http-request 10s
+    timeout http-request 10s
-  timeout queue 20s
+    timeout queue 20s
-  timeout connect 10s
+    timeout connect 10s
-  timeout client 1h
+    timeout client 1h
-  timeout server 1h
+    timeout server 1h
-  timeout http-keep-alive 10s
+    timeout http-keep-alive 10s
-  timeout check 10s
+    timeout check 10s
-frontend k8s_homelab_apiserver
+  frontend k8s_homelab_apiserver
-  bind *:6443
+    bind *:6443
-  mode tcp
+    mode tcp
-  option tcplog
+    option tcplog
-  default_backend k8s_homelab_controlplane
+    default_backend k8s_homelab_controlplane
-frontend k8s_theshire_apiserver
+  frontend k8s_theshire_apiserver
-  bind *:6444
+    bind *:6444
-  mode tcp
+    mode tcp
-  option tcplog
+    option tcplog
-  default_backend k8s_theshire_controlplane
+    default_backend k8s_theshire_controlplane
-backend k8s_homelab_controlplane
+  backend k8s_homelab_controlplane
-  option httpchk GET /healthz
+    option httpchk GET /healthz
-  http-check expect status 200
+    http-check expect status 200
-  mode tcp
+    mode tcp
-  option ssl-hello-chk
+    option ssl-hello-chk
-  balance roundrobin
+    balance roundrobin
-  server shadowfax 10.1.1.61:6443 check
+    server shadowfax 10.1.1.61:6443 check
-backend k8s_theshire_controlplane
+  backend k8s_theshire_controlplane
-  option httpchk GET /healthz
+    option httpchk GET /healthz
-  http-check expect status 200
+    http-check expect status 200
-  mode tcp
+    mode tcp
-  option ssl-hello-chk
+    option ssl-hello-chk
-  balance roundrobin
+    balance roundrobin
-  server bilbo 10.1.1.62:6443 check
+    server bilbo 10.1.1.62:6443 check
-  server frodo 10.1.1.63:6443 check
+    server frodo 10.1.1.63:6443 check
-  server sam 10.1.1.64:6443 check
+    server sam 10.1.1.64:6443 check
 ''
--- a/nixos/hosts/telperion/default.nix
+++ b/nixos/hosts/telperion/default.nix
@ -1,18 +1,29 @@
 # Do not modify this file!  It was generated by `nixos-generate-config`
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, modulesPath, ... }:
+{
  config,
  lib,
  modulesPath,
  ...
 }:
 {
-  imports =
+  imports = [
-    [
+    (modulesPath + "/installer/scan/not-detected.nix")
-      (modulesPath + "/installer/scan/not-detected.nix")
+  ];
    ];
  networking.hostId = "ce196a02";
  networking.hostName = "telperion";
  boot = {
-    initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+    initrd.availableKernelModules = [
      "xhci_pci"
      "ahci"
      "nvme"
      "usbhid"
      "usb_storage"
      "sd_mod"
    ];
    initrd.kernelModules = [ ];
    kernelModules = [ "kvm-intel" ];
    extraModulePackages = [ ];
@ -69,7 +80,10 @@
  mySystem = {
    purpose = "Production";
    system = {
-      motd.networkInterfaces = [ "enp2s0" "wlp3s0" ];
+      motd.networkInterfaces = [
        "enp2s0"
        "wlp3s0"
      ];
    };
    services = {
@ -88,7 +102,11 @@
      haproxy = {
        enable = true;
        config = import ./config/haproxy.nix { inherit config; };
-        tcpPorts = [ 6443 6444 50000 ];
+        tcpPorts = [
          6443
          6444
          50000
        ];
      };
      matchbox = {
--- a/nixos/hosts/varda/default.nix
+++ b/nixos/hosts/varda/default.nix
@ -1,4 +1,5 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
 {
  imports = [ ./resources/prune-backup.nix ];
  networking.hostId = "cdab8473";
@ -22,7 +23,6 @@
  swapDevices = [ ];
  # System settings and services.
  mySystem = {
    purpose = "Production";
--- a/nixos/hosts/varda/resources/prune-backup.nix
+++ b/nixos/hosts/varda/resources/prune-backup.nix
@ -1,7 +1,9 @@
 { pkgs, ... }:
 let
-  cleanupScript = pkgs.writeShellScriptBin "cleanup-backups.sh" (builtins.readFile ./prune-backups.sh);
+  cleanupScript = pkgs.writeShellScriptBin "cleanup-backups.sh" (
    builtins.readFile ./prune-backups.sh
  );
 in
 {
  systemd.timers.cleanup-backups = {
--- a/nixos/lib/default.nix
+++ b/nixos/lib/default.nix
@ -4,40 +4,60 @@ with lib;
 rec {
  firstOrDefault = first: default: if first != null then first else default;
-  existsOrDefault = x: set: default: if builtins.hasAttr x set then builtins.getAttr x set else default;
+  existsOrDefault =
    x: set: default:
    if builtins.hasAttr x set then builtins.getAttr x set else default;
  # main service builder
-  mkService = options: (
+  mkService =
-    let
+    options:
-      user = existsOrDefault "user" options "568";
+    (
-      group = existsOrDefault "group" options "568";
+      let
        user = existsOrDefault "user" options "568";
        group = existsOrDefault "group" options "568";
-      enableBackups = (lib.attrsets.hasAttrByPath [ "persistence" "folder" ] options)
+        enableBackups =
-        && (lib.attrsets.attrByPath [ "persistence" "enable" ] true options);
+          (lib.attrsets.hasAttrByPath [ "persistence" "folder" ] options)
          && (lib.attrsets.attrByPath [ "persistence" "enable" ] true options);
-      # Security options for containers
+        # Security options for containers
-      containerExtraOptions = lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "privileged" ] false options) [ "--privileged" ]
+        containerExtraOptions =
-        ++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "readOnly" ] false options) [ "--read-only" ]
+          lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "privileged" ] false options) [
-        ++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "tmpfs" ] false options) [ (map (folders: "--tmpfs=${folders}") tmpfsFolders) ]
+            "--privileged"
-        ++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "noNewPrivileges" ] false options) [ "--security-opt=no-new-privileges" ]
+          ]
-        ++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "dropAll" ] false options) [ "--cap-drop=ALL" ]
+          ++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "readOnly" ] false options) [
-      ;
+            "--read-only"
-    in
+          ]
-    {
+          ++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "tmpfs" ] false options) [
-      virtualisation.oci-containers.containers.${options.app} = mkIf options.container.enable {
+            (map (folders: "--tmpfs=${folders}") tmpfsFolders)
-        image = "${options.container.image}";
+          ]
-        user = "${user}:${group}";
+          ++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "noNewPrivileges" ] false options) [
-        environment = {
+            "--security-opt=no-new-privileges"
-          TZ = options.timeZone;
+          ]
-        } // options.container.env;
+          ++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "dropAll" ] false options) [
-        environmentFiles = lib.attrsets.attrByPath [ "container" "envFiles" ] [ ] options;
+            "--cap-drop=ALL"
-        volumes = [ "/etc/localtime:/etc/localtime:ro" ] ++
+          ];
-          lib.optionals (lib.attrsets.hasAttrByPath [ "container" "persistentFolderMount" ] options) [
+      in
-            "${options.persistence.folder}:${options.container.persistentFolderMount}:rw"
+      {
-          ] ++ lib.attrsets.attrByPath [ "container" "volumes" ] [ ] options;
+        virtualisation.oci-containers.containers.${options.app} = mkIf options.container.enable {
-        extraOptions = containerExtraOptions;
+          image = "${options.container.image}";
-      };
+          user = "${user}:${group}";
-      systemd.tmpfiles.rules = lib.optionals (lib.attrsets.hasAttrByPath [ "persistence" "folder" ] options) [ "d ${options.persistence.folder} 0750 ${user} ${group} -" ];
+          environment = {
-    }
+            TZ = options.timeZone;
-  );
+          } // options.container.env;
          environmentFiles = lib.attrsets.attrByPath [ "container" "envFiles" ] [ ] options;
          volumes =
            [ "/etc/localtime:/etc/localtime:ro" ]
            ++ lib.optionals (lib.attrsets.hasAttrByPath [ "container" "persistentFolderMount" ] options) [
              "${options.persistence.folder}:${options.container.persistentFolderMount}:rw"
            ]
            ++ lib.attrsets.attrByPath [ "container" "volumes" ] [ ] options;
          extraOptions = containerExtraOptions;
        };
        systemd.tmpfiles.rules = lib.optionals (lib.attrsets.hasAttrByPath [
          "persistence"
          "folder"
        ] options) [ "d ${options.persistence.folder} 0750 ${user} ${group} -" ];
      }
    );
 }
--- a/nixos/modules/nixos/containers/jellyfin/default.nix
+++ b/nixos/modules/nixos/containers/jellyfin/default.nix
@ -45,7 +45,9 @@ in
          ${pkgs.podman}/bin/podman run \
            --rm \
            --name=${app} \
-            --user="${toString config.users.users."${user}".uid}:${toString config.users.groups."${group}".gid}" \
+            --user="${toString config.users.users."${user}".uid}:${
              toString config.users.groups."${group}".gid
            }" \
            --device='nvidia.com/gpu=all' \
            --log-driver=journald \
            --cidfile=/run/${app}.ctr-id \
--- a/nixos/modules/nixos/containers/plex/default.nix
+++ b/nixos/modules/nixos/containers/plex/default.nix
@ -51,7 +51,9 @@ in
            --cidfile=/run/${app}.ctr-id \
            --cgroups=no-conmon \
            --sdnotify=conmon \
-            --user="${toString config.users.users."${user}".uid}:${toString config.users.groups."${group}".gid}" \
+            --user="${toString config.users.users."${user}".uid}:${
              toString config.users.groups."${group}".gid
            }" \
            --volume="${volumeLocation}:/config:rw" \
            --volume="/moria/media:/media:rw" \
            --volume="tmpfs:/config/Library/Application Support/Plex Media Server/Logs:rw" \
@ -78,7 +80,7 @@ in
      ];
    };
-    sops.secrets ={
+    sops.secrets = {
      "restic/plex/env" = {
        sopsFile = ./secrets.sops.yaml;
        owner = user;
@ -155,6 +157,5 @@ in
    #   }
    # ];
  };
 }
--- a/nixos/modules/nixos/containers/scrutiny/default.nix
+++ b/nixos/modules/nixos/containers/scrutiny/default.nix
@ -85,8 +85,7 @@ in
      # using the --device and --cap-add flags
      extraOptions =
        (map (disk: "--device=${toString disk}") cfg.devices)
-        ++
+        ++ (map (cap: "--cap-add=${cap}") cfg.extraCapabilities);
        (map (cap: "--cap-add=${cap}") cfg.extraCapabilities);
    };
  };
 }
--- a/nixos/modules/nixos/default.nix
+++ b/nixos/modules/nixos/default.nix
@ -57,7 +57,7 @@ with lib;
  config = {
    systemd.tmpfiles.rules = [
-      "d ${config.mySystem.persistentFolder} 777 - - -" #The - disables automatic cleanup, so the file wont be removed after a period
+      "d ${config.mySystem.persistentFolder} 777 - - -" # The - disables automatic cleanup, so the file wont be removed after a period
    ];
  };
 }
--- a/nixos/modules/nixos/editor/vim.nix
+++ b/nixos/modules/nixos/editor/vim.nix
@ -14,13 +14,21 @@ in
    programs.vim.defaultEditor = true;
    # Visual mode off and syntax highlighting on
-    home-manager.users = mapAttrs
+    home-manager.users =
-      (user: _: {
+      mapAttrs
-        home.file.".vimrc".text = ''
+        (user: _: {
-          set mouse-=a
+          home.file.".vimrc".text = ''
-          syntax on
+            set mouse-=a
-        '';
+            syntax on
-      })
+          '';
-      (listToAttrs (map (u: { name = u; value = { }; }) users));
+        })
        (
          listToAttrs (
            map (u: {
              name = u;
              value = { };
            }) users
          )
        );
  };
 }
--- a/nixos/modules/nixos/editor/vscode.nix
+++ b/nixos/modules/nixos/editor/vscode.nix
@ -1,4 +1,9 @@
-{ lib, config, pkgs, ... }:
+{
  lib,
  config,
  pkgs,
  ...
 }:
 with lib;
 let
  cfg = config.mySystem.editor.vscode;
@ -74,8 +79,12 @@ let
    }
  ];
  # Extract extension strings and coerce them to a list of valid attribute paths.
-  vscodeCommunityExtensionsPackages = map (ext: getAttrFromPath (splitString "." ext) pkgs.vscode-marketplace) vscodeCommunityExtensions;
+  vscodeCommunityExtensionsPackages = map (
-  nixpkgsExtensionsPackages = map (ext: getAttrFromPath (splitString "." ext) pkgs.vscode-extensions) vscodeNixpkgsExtensions;
+    ext: getAttrFromPath (splitString "." ext) pkgs.vscode-marketplace
  ) vscodeCommunityExtensions;
  nixpkgsExtensionsPackages = map (
    ext: getAttrFromPath (splitString "." ext) pkgs.vscode-extensions
  ) vscodeNixpkgsExtensions;
  marketplaceExtensionsPackages = pkgs.vscode-utils.extensionsFromVscodeMarketplace marketplaceExtensions;
 in
 {
--- a/nixos/modules/nixos/games/steam/steam.nix
+++ b/nixos/modules/nixos/games/steam/steam.nix
@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
  config,
  lib,
  pkgs,
  ...
 }:
 let
  cfg = config.mySystem.games.steam;
 in
--- a/nixos/modules/nixos/hardware/nvidia/default.nix
+++ b/nixos/modules/nixos/hardware/nvidia/default.nix
@ -1,4 +1,9 @@
-{ lib, config, pkgs, ... }:
+{
  lib,
  config,
  pkgs,
  ...
 }:
 with lib;
 let
  cfg = config.mySystem.hardware.nvidia;
--- a/nixos/modules/nixos/lib.nix
+++ b/nixos/modules/nixos/lib.nix
@ -88,10 +88,7 @@
        else
          null;
      remoteResticTemplate =
-        if builtins.hasAttr "remoteResticTemplate" options then
+        if builtins.hasAttr "remoteResticTemplate" options then options.remoteResticTemplate else null;
          options.remoteResticTemplate
        else
          null;
      # 2:05 daily backup with 3h random delay
      timerConfig = {
        OnCalendar = "02:05";
@ -125,7 +122,9 @@
        inherit (options) user passwordFile environmentFile;
        # Move the path to the zfs snapshot path
        paths = map (x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}") options.paths;
-        exclude = map (x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}") options.excludePaths;
+        exclude = map (
          x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}"
        ) options.excludePaths;
        repository = "${options.localResticTemplate}";
      };
@ -142,7 +141,9 @@
        paths = map (x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}") options.paths;
        repository = remoteResticTemplate;
        repositoryFile = remoteResticTemplateFile;
-        exclude = map (x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}") options.excludePaths;
+        exclude = map (
          x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}"
        ) options.excludePaths;
      };
    };
 }
--- a/nixos/modules/nixos/programs/shell/fish.nix
+++ b/nixos/modules/nixos/programs/shell/fish.nix
@ -4,16 +4,14 @@ let
  cfg = config.mySystem.shell.fish;
 in
 {
-  options.mySystem.shell.fish =
+  options.mySystem.shell.fish = {
-    {
+    enable = mkEnableOption "Fish";
-      enable = mkEnableOption "Fish";
+    enablePlugins = mkOption {
-      enablePlugins = mkOption
+      type = lib.types.bool;
-        {
+      description = "If we want to add fish plugins";
-          type = lib.types.bool;
+      default = true;
          description = "If we want to add fish plugins";
          default = true;
        };
    };
  };
  # Install fish systemwide
  config.programs.fish = mkIf cfg.enable {
--- a/nixos/modules/nixos/security/1password/default.nix
+++ b/nixos/modules/nixos/security/1password/default.nix
@ -1,5 +1,6 @@
 { config, lib, ... }:
-with lib; let
+with lib;
 let
  cfg = config.mySystem.security._1password;
  user = "jahanson";
 in
--- a/nixos/modules/nixos/services/bind/default.nix
+++ b/nixos/modules/nixos/services/bind/default.nix
@ -1,4 +1,9 @@
-{ lib, config, pkgs, ... }:
+{
  lib,
  config,
  pkgs,
  ...
 }:
 with lib;
 let
  cfg = config.mySystem.services.bind;
--- a/nixos/modules/nixos/services/dnsmasq/default.nix
+++ b/nixos/modules/nixos/services/dnsmasq/default.nix
@ -1,4 +1,9 @@
-{ lib, config, pkgs, ... }:
+{
  lib,
  config,
  pkgs,
  ...
 }:
 with lib;
 let
  cfg = config.mySystem.services.dnsmasq;
@ -25,7 +30,11 @@ in
    networking.firewall = {
      # dhcp ports | tftp port
-      allowedUDPPorts = [ 67 68 69 ]; # server/client/tftp
+      allowedUDPPorts = [
        67
        68
        69
      ]; # server/client/tftp
    };
    # Proxy DHCP for PXE booting. This leaves DHCP address allocation alone and dhcp clients
--- a/nixos/modules/nixos/services/haproxy/default.nix
+++ b/nixos/modules/nixos/services/haproxy/default.nix
@ -1,4 +1,9 @@
-{ lib, config, pkgs, ... }:
+{
  lib,
  config,
  pkgs,
  ...
 }:
 with lib;
 let
  cfg = config.mySystem.services.haproxy;
@ -6,7 +11,9 @@ let
 in
 {
  options.mySystem.services.haproxy = {
-    enable = mkEnableOption "haproxy" // { default = false; };
+    enable = mkEnableOption "haproxy" // {
      default = false;
    };
    package = mkPackageOption pkgs "haproxy" { };
    config = mkOption {
      type = types.str;
--- a/nixos/modules/nixos/services/libvirt-qemu/default.nix
+++ b/nixos/modules/nixos/services/libvirt-qemu/default.nix
@ -1,4 +1,10 @@
-{ lib, config, pkgs, inputs, ... }:
+{
  lib,
  config,
  pkgs,
  inputs,
  ...
 }:
 with lib;
 let
  cfg = config.mySystem.services.libvirt-qemu;
@ -11,7 +17,10 @@ in
  config = mkIf cfg.enable {
    networking.firewall = {
-      allowedTCPPorts = [ 16509 16514 ];
+      allowedTCPPorts = [
        16509
        16514
      ];
    };
    # Enable bind with domain configuration
--- a/nixos/modules/nixos/services/matchbox/default.nix
+++ b/nixos/modules/nixos/services/matchbox/default.nix
@ -1,4 +1,9 @@
-{ lib, config, pkgs, ... }:
+{
  lib,
  config,
  pkgs,
  ...
 }:
 with lib;
 let
  cfg = config.mySystem.services.matchbox;
--- a/nixos/modules/nixos/services/nginx/default.nix
+++ b/nixos/modules/nixos/services/nginx/default.nix
@ -52,8 +52,14 @@ in
    };
    networking.firewall = {
-      allowedTCPPorts = [ 80 443 ];
+      allowedTCPPorts = [
-      allowedUDPPorts = [ 80 443 ];
+        80
        443
      ];
      allowedUDPPorts = [
        80
        443
      ];
    };
    # required for using acme certs
--- a/nixos/modules/nixos/services/podman/default.nix
+++ b/nixos/modules/nixos/services/podman/default.nix
@ -1,4 +1,9 @@
-{ lib, config, pkgs, ... }:
+{
  lib,
  config,
  pkgs,
  ...
 }:
 with lib;
 let
  cfg = config.mySystem.services.podman;
@ -6,47 +11,46 @@ in
 {
  options.mySystem.services.podman.enable = mkEnableOption "Podman";
-  config = mkIf cfg.enable
+  config = mkIf cfg.enable {
-    {
+    virtualisation.podman = {
-      virtualisation.podman = {
+      enable = true;
        enable = true;
-        dockerCompat = true;
+      dockerCompat = true;
-        extraPackages = [ pkgs.zfs ];
+      extraPackages = [ pkgs.zfs ];
-        # regular cleanup
+      # regular cleanup
-        autoPrune.enable = true;
+      autoPrune.enable = true;
-        autoPrune.dates = "weekly";
+      autoPrune.dates = "weekly";
-        # and add dns
+      # and add dns
-        defaultNetwork.settings = {
+      defaultNetwork.settings = {
-          dns_enabled = false;
+        dns_enabled = false;
        };
      };
      virtualisation.oci-containers = {
        backend = "podman";
      };
      environment.systemPackages = with pkgs; [
        podman-tui # status of containers in the terminal
        unstable.lazydocker
      ];
      programs.fish.shellAliases = {
        # lazydocker --> lazypodman
        lazypodman = "sudo DOCKER_HOST=unix:///run/podman/podman.sock lazydocker";
      };
      networking.firewall.interfaces.podman0.allowedUDPPorts = [ 53 ];
      # extra user for containers
      users.groups.kah = { };
      users.users = {
        kah = {
          uid = 568;
          group = "kah";
        };
        jahanson.extraGroups = [ "kah" ];
      };
    };
    virtualisation.oci-containers = {
      backend = "podman";
    };
    environment.systemPackages = with pkgs; [
      podman-tui # status of containers in the terminal
      unstable.lazydocker
    ];
    programs.fish.shellAliases = {
      # lazydocker --> lazypodman
      lazypodman = "sudo DOCKER_HOST=unix:///run/podman/podman.sock lazydocker";
    };
    networking.firewall.interfaces.podman0.allowedUDPPorts = [ 53 ];
    # extra user for containers
    users.groups.kah = { };
    users.users = {
      kah = {
        uid = 568;
        group = "kah";
      };
      jahanson.extraGroups = [ "kah" ];
    };
  };
 }
--- a/nixos/modules/nixos/services/sanoid/default.nix
+++ b/nixos/modules/nixos/services/sanoid/default.nix
@ -1,4 +1,9 @@
-{ lib, config, pkgs, ... }:
+{
  lib,
  config,
  pkgs,
  ...
 }:
 with lib;
 let
  cfg = config.mySystem.services.sanoid;
--- a/nixos/modules/nixos/system/borg/pikabackup/default.nix
+++ b/nixos/modules/nixos/system/borg/pikabackup/default.nix
@ -1,4 +1,9 @@
-{ lib, config, pkgs, ... }:
+{
  lib,
  config,
  pkgs,
  ...
 }:
 let
  cfg = config.mySystem.system.borg.pika-backup;
  user = "jahanson";
--- a/nixos/modules/nixos/system/fingerprint-reader-on-laptop-lid/default.nix
+++ b/nixos/modules/nixos/system/fingerprint-reader-on-laptop-lid/default.nix
@ -12,7 +12,12 @@
 # On Framework 16 the USB is:
 # Bus 005 Device 007: ID 27c6:609c Shenzhen Goodix Technology Co.,Ltd
 # Use `findfp.sh` to find the correct USB device.
-{ config, lib, pkgs, ... }:
+{
  config,
  lib,
  pkgs,
  ...
 }:
 let
  cfg = config.mySystem.system.fingerprint-reader-on-laptop-lid;
  laptop-lid = pkgs.writeShellScript "laptop-lid" ''
@ -79,8 +84,13 @@ in
    systemd.services.fingerprint-laptop-lid = {
      enable = true;
      description = "Disable fingerprint reader when laptop lid closes";
-      serviceConfig = { ExecStart = "${laptop-lid}"; };
+      serviceConfig = {
-      wantedBy = [ "multi-user.target" "suspend.target" ];
+        ExecStart = "${laptop-lid}";
      };
      wantedBy = [
        "multi-user.target"
        "suspend.target"
      ];
      after = [ "suspend.target" ];
    };
  };
--- a/nixos/modules/nixos/system/incus/default.nix
+++ b/nixos/modules/nixos/system/incus/default.nix
@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 let
  cfg = config.mySystem.system.incus;
  user = "jahanson";
--- a/nixos/modules/nixos/system/motd/default.nix
+++ b/nixos/modules/nixos/system/motd/default.nix
@ -1,77 +1,86 @@
-{ config, lib, pkgs, ... }:
+{
  config,
  lib,
  pkgs,
  ...
 }:
 let
-  motd = pkgs.writeShellScriptBin "motd"
+  motd = pkgs.writeShellScriptBin "motd" ''
-    ''
+    #! /usr/bin/env bash
-      #! /usr/bin/env bash
+    source /etc/os-release
-      source /etc/os-release
+    service_status=$(systemctl list-units 'podman-*.service' 'plex.service' 'scrutiny.service' 'jellyfin.service' 'ollama.service' 'scrypted.service' | grep '\.service')
-      service_status=$(systemctl list-units | grep podman-)
+    RED="\e[31m"
-      RED="\e[31m"
+    GREEN="\e[32m"
-      GREEN="\e[32m"
+    BOLD="\e[1m"
-      BOLD="\e[1m"
+    ENDCOLOR="\e[0m"
-      ENDCOLOR="\e[0m"
+    LOAD1=`cat /proc/loadavg | awk {'print $1'}`
-      LOAD1=`cat /proc/loadavg | awk {'print $1'}`
+    LOAD5=`cat /proc/loadavg | awk {'print $2'}`
-      LOAD5=`cat /proc/loadavg | awk {'print $2'}`
+    LOAD15=`cat /proc/loadavg | awk {'print $3'}`
      LOAD15=`cat /proc/loadavg | awk {'print $3'}`
-      MEMORY=`free -m | awk 'NR==2{printf "%s/%sMB (%.2f%%)\n", $3,$2,$3*100 / $2 }'`
+    MEMORY=`free -m | awk 'NR==2{printf "%s/%sMB (%.2f%%)\n", $3,$2,$3*100 / $2 }'`
-      # time of day
+    # time of day
-      HOUR=$(date +"%H")
+    HOUR=$(date +"%H")
-      if [ $HOUR -lt 12  -a $HOUR -ge 0 ]
+    if [ $HOUR -lt 12  -a $HOUR -ge 0 ]
-      then    TIME="morning"
+    then    TIME="morning"
-      elif [ $HOUR -lt 17 -a $HOUR -ge 12 ]
+    elif [ $HOUR -lt 17 -a $HOUR -ge 12 ]
-      then    TIME="afternoon"
+    then    TIME="afternoon"
-      else
+    else
-          TIME="evening"
+        TIME="evening"
-      fi
+    fi
-      uptime=`cat /proc/uptime | cut -f1 -d.`
+    uptime=`cat /proc/uptime | cut -f1 -d.`
-      upDays=$((uptime/60/60/24))
+    upDays=$((uptime/60/60/24))
-      upHours=$((uptime/60/60%24))
+    upHours=$((uptime/60/60%24))
-      upMins=$((uptime/60%60))
+    upMins=$((uptime/60%60))
-      upSecs=$((uptime%60))
+    upSecs=$((uptime%60))
-      figlet "$(hostname)" | lolcat -f
+    figlet "$(hostname)" | lolcat -f
-      printf "$BOLD    %-20s$ENDCOLOR %s\n" "Role:" "${config.mySystem.purpose}"
+    printf "$BOLD    %-20s$ENDCOLOR %s\n" "Role:" "${config.mySystem.purpose}"
-      printf "\n"
+    printf "\n"
-      ${lib.strings.concatStrings (lib.lists.forEach cfg.networkInterfaces (x: "printf \"$BOLD  * %-20s$ENDCOLOR %s\\n\" \"IPv4 ${x}\" \"$(ip -4 addr show ${x} | grep -oP '(?<=inet\\s)\\d+(\\.\\d+){3}')\"\n"))}
+    ${lib.strings.concatStrings (
-      printf "$BOLD  * %-20s$ENDCOLOR %s\n" "Release" "$PRETTY_NAME"
+      lib.lists.forEach cfg.networkInterfaces (
-      printf "$BOLD  * %-20s$ENDCOLOR %s\n" "Kernel" "$(uname -rs)"
+        x:
-      [ -f /var/run/reboot-required ] && printf "$RED  * %-20s$ENDCOLOR %s\n" "A reboot is required"
+        "printf \"$BOLD  * %-20s$ENDCOLOR %s\\n\" \"IPv4 ${x}\" \"$(ip -4 addr show ${x} | grep -oP '(?<=inet\\s)\\d+(\\.\\d+){3}')\"\n"
-      printf "\n"
+      )
-      printf "$BOLD  * %-20s$ENDCOLOR %s\n" "CPU usage" "$LOAD1, $LOAD5, $LOAD15 (1, 5, 15 min)"
+    )}
-      printf "$BOLD  * %-20s$ENDCOLOR %s\n" "Memory" "$MEMORY"
+    printf "$BOLD  * %-20s$ENDCOLOR %s\n" "Release" "$PRETTY_NAME"
-      printf "$BOLD  * %-20s$ENDCOLOR %s\n" "System uptime" "$upDays days $upHours hours $upMins minutes $upSecs seconds"
+    printf "$BOLD  * %-20s$ENDCOLOR %s\n" "Kernel" "$(uname -rs)"
-      printf "\n"
+    [ -f /var/run/reboot-required ] && printf "$RED  * %-20s$ENDCOLOR %s\n" "A reboot is required"
-      if ! type "$zpool" &> /dev/null; then
+    printf "\n"
-        printf "$BOLD Zpool status: $ENDCOLOR\n"
+    printf "$BOLD  * %-20s$ENDCOLOR %s\n" "CPU usage" "$LOAD1, $LOAD5, $LOAD15 (1, 5, 15 min)"
-        zpool status -x | sed -e 's/^/  /'
+    printf "$BOLD  * %-20s$ENDCOLOR %s\n" "Memory" "$MEMORY"
-      fi
+    printf "$BOLD  * %-20s$ENDCOLOR %s\n" "System uptime" "$upDays days $upHours hours $upMins minutes $upSecs seconds"
-      if ! type "$zpool" &> /dev/null; then
+    printf "\n"
-        printf "$BOLD Zpool usage: $ENDCOLOR\n"
+    if ! type "$zpool" &> /dev/null; then
-        zpool list -Ho name,cap,size | awk '{ printf("%-10s%+3s used out of %+5s\n", $1, $2, $3); }' | sed -e 's/^/  /'
+      printf "$BOLD Zpool status: $ENDCOLOR\n"
-      fi
+      zpool status -x | sed -e 's/^/  /'
-      printf "\n"
+    fi
    if ! type "$zpool" &> /dev/null; then
      printf "$BOLD Zpool usage: $ENDCOLOR\n"
      zpool list -Ho name,cap,size | awk '{ printf("%-10s%+3s used out of %+5s\n", $1, $2, $3); }' | sed -e 's/^/  /'
    fi
    printf "\n"
-      if [[ -n "$service_status" ]]; then
+    if [[ -n "$service_status" ]]; then
-      printf "$BOLDService status$ENDCOLOR\n"
+    printf "$BOLDService status$ENDCOLOR\n"
-        while IFS= read -r line; do
+      while IFS= read -r line; do
-          if [[ $line =~ ".scope" ]]; then
+        if [[ $line =~ ".scope" ]]; then
-            continue
+          continue
-          fi
+        fi
-          if echo "$line" | grep -q 'failed'; then
+        if echo "$line" | grep -q 'failed'; then
-            service_name=$(echo $line | awk '{print $2;}' | sed 's/podman-//g')
+          service_name=$(echo $line | awk '{print $2;}' | sed 's/podman-//g')
-            printf "$RED• $ENDCOLOR%-50s $RED[failed]$ENDCOLOR\n" "$service_name"
+          printf "$RED• $ENDCOLOR%-50s $RED[failed]$ENDCOLOR\n" "$service_name"
-          elif echo "$line" | grep -q 'running'; then
+        elif echo "$line" | grep -q 'running'; then
-            service_name=$(echo $line | awk '{print $1;}' | sed 's/podman-//g')
+          service_name=$(echo $line | awk '{print $1;}' | sed 's/podman-//g')
-            printf "$GREEN• $ENDCOLOR%-50s $GREEN[active]$ENDCOLOR\n" "$service_name"
+          printf "$GREEN• $ENDCOLOR%-50s $GREEN[active]$ENDCOLOR\n" "$service_name"
-          else
+        else
-            echo "service status unknown"
+          echo "service status unknown"
-          fi
+        fi
-        done <<< "$service_status"
+      done <<< "$service_status"
-      fi
+    fi
-    '';
+  '';
  cfg = config.mySystem.system.motd;
 in
 {
--- a/nixos/modules/nixos/system/nix.nix
+++ b/nixos/modules/nixos/system/nix.nix
@ -5,22 +5,20 @@ let
 in
 {
  options.mySystem.nix = {
-    autoOptimiseStore = mkOption
+    autoOptimiseStore = mkOption {
-      {
+      type = lib.types.bool;
-        type = lib.types.bool;
+      description = "If we want to auto optimise store";
-        description = "If we want to auto optimise store";
+      default = true;
-        default = true;
+    };
      };
    gc = {
      enable = mkEnableOption "automatic garbage collection" // {
        default = true;
      };
-      persistent = mkOption
+      persistent = mkOption {
-        {
+        type = lib.types.bool;
-          type = lib.types.bool;
+        description = "Persistent timer for gc, runs at startup if timer missed";
-          description = "Persistent timer for gc, runs at startup if timer missed";
+        default = true;
-          default = true;
+      };
        };
    };
  };
--- a/nixos/modules/nixos/system/openssh.nix
+++ b/nixos/modules/nixos/system/openssh.nix
@ -5,19 +5,25 @@ let
 in
 {
  options.mySystem.services.openssh = {
-    enable = mkEnableOption "openssh" // { default = true; };
+    enable = mkEnableOption "openssh" // {
-    passwordAuthentication = mkOption
+      default = true;
-      {
+    };
-        type = lib.types.bool;
+    passwordAuthentication = mkOption {
-        description = "If password can be accepted for ssh (commonly disable for security hardening)";
+      type = lib.types.bool;
-        default = false;
+      description = "If password can be accepted for ssh (commonly disable for security hardening)";
-      };
+      default = false;
-    permitRootLogin = mkOption
+    };
-      {
+    permitRootLogin = mkOption {
-        type = types.enum [ "yes" "without-password" "prohibit-password" "forced-commands-only" "no" ];
+      type = types.enum [
-        description = "If root can login via ssh (commonly disable for security hardening)";
+        "yes"
-        default = "prohibit-password";
+        "without-password"
-      };
+        "prohibit-password"
        "forced-commands-only"
        "no"
      ];
      description = "If root can login via ssh (commonly disable for security hardening)";
      default = "prohibit-password";
    };
  };
  config = mkIf cfg.enable {
--- a/nixos/modules/nixos/system/pushover/default.nix
+++ b/nixos/modules/nixos/system/pushover/default.nix
@ -1,26 +1,33 @@
-{ lib
+{
-, config
+  lib,
-, pkgs
+  config,
-, ...
+  pkgs,
  ...
 }:
 with lib;
 let
  cfg = config.mySystem.system.systemd.pushover-alerts;
 in
 {
-  options.mySystem.system.systemd.pushover-alerts.enable = mkEnableOption "Pushover alerts for systemd failures" // { default = true; };
+  options.mySystem.system.systemd.pushover-alerts.enable =
    mkEnableOption "Pushover alerts for systemd failures"
    // {
      default = true;
    };
  options.systemd.services = mkOption {
-    type = with types; attrsOf (
+    type =
-      submodule {
+      with types;
      attrsOf (submodule {
        config.onFailure = [ "notify-pushover@%n.service" ];
-      }
+      });
    );
  };
  config = {
    # Warn if backups are disable and machine isnt a dev box
    warnings = [
-      (mkIf (!cfg.enable && config.mySystem.purpose != "Development") "WARNING: Pushover SystemD notifications are disabled!")
+      (mkIf (
        !cfg.enable && config.mySystem.purpose != "Development"
      ) "WARNING: Pushover SystemD notifications are disabled!")
    ];
    systemd.services."notify-pushover@" = mkIf cfg.enable {
--- a/nixos/modules/nixos/system/security.nix
+++ b/nixos/modules/nixos/system/security.nix
@ -18,28 +18,27 @@ in
    };
  };
-  config =
+  config = {
-    {
+    security = {
-      security = {
+      sudo.wheelNeedsPassword = cfg.wheelNeedsSudoPassword;
-        sudo.wheelNeedsPassword = cfg.wheelNeedsSudoPassword;
+      # Don't bother with the lecture or the need to keep state about who's been lectured
-        # Don't bother with the lecture or the need to keep state about who's been lectured
+      sudo.extraConfig = "Defaults lecture=\"never\"";
-        sudo.extraConfig = "Defaults lecture=\"never\"";
+      pam.sshAgentAuth.enable = cfg.sshAgentAuth.enable;
-        pam.sshAgentAuth.enable = cfg.sshAgentAuth.enable;
+      # Increase open file limit for sudoers
-        # Increase open file limit for sudoers
+      pam.loginLimits = mkIf cfg.increaseWheelLoginLimits [
-        pam.loginLimits = mkIf cfg.increaseWheelLoginLimits [
+        {
-          {
+          domain = "@wheel";
-            domain = "@wheel";
+          item = "nofile";
-            item = "nofile";
+          type = "soft";
-            type = "soft";
+          value = "524288";
-            value = "524288";
+        }
-          }
+        {
-          {
+          domain = "@wheel";
-            domain = "@wheel";
+          item = "nofile";
-            item = "nofile";
+          type = "hard";
-            type = "hard";
+          value = "1048576";
-            value = "1048576";
+        }
-          }
+      ];
        ];
      };
    };
  };
 }
--- a/nixos/modules/nixos/system/wifi_swap/default.nix
+++ b/nixos/modules/nixos/system/wifi_swap/default.nix
@ -1,39 +1,45 @@
 # turns off the wifi when the usb device 0bda:8156 is connected.
-{ config, lib, pkgs, ... }:
+{
  config,
  lib,
  pkgs,
  ...
 }:
 with lib;
 let
  cfg = config.mySystem.framework_wifi_swap;
-  wifiSwap = pkgs.writeShellScriptBin "wifi_swap"
+  wifiSwap = pkgs.writeShellScriptBin "wifi_swap" ''
-    ''
+    #! /usr/bin/env bash
-      #! /usr/bin/env bash
+    # This script turns off the wifi and on when the usb device 0bda:8156 is connected or removed.
-      # This script turns off the wifi and on when the usb device 0bda:8156 is connected or removed.
+    # It is useful when you want to use a wired connection instead of wifi.
-      # It is useful when you want to use a wired connection instead of wifi.
+    # The script is run by udev when the usb device is connected.
-      # The script is run by udev when the usb device is connected.
+    # The script is located at /run/current-system/sw/bin/wifi_swap
-      # The script is located at /run/current-system/sw/bin/wifi_swap
+    # The udev rule is located at <nix-store>-extra-udev-rules/etc/udev/rules.d/99-local.rules
-      # The udev rule is located at <nix-store>-extra-udev-rules/etc/udev/rules.d/99-local.rules
+    # The udev rule is:
-      # The udev rule is:
+    # ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="0bda", ATTR{idProduct}=="8156", RUN+="/run/current-system/sw/bin/wifi_swap"
-      # ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="0bda", ATTR{idProduct}=="8156", RUN+="/run/current-system/sw/bin/wifi_swap"
+    # ACTION=="remove", SUBSYSTEM=="net", ENV{ID_USB_VENDOR_ID}=="0bda", ENV{ID_USB_MODEL_ID}=="8156", RUN+="/run/current-system/sw/bin/wifi_swap"
-      # ACTION=="remove", SUBSYSTEM=="net", ENV{ID_USB_VENDOR_ID}=="0bda", ENV{ID_USB_MODEL_ID}=="8156", RUN+="/run/current-system/sw/bin/wifi_swap"
+    echo "wifi_swap ACTION: $ACTION" | systemd-cat -t wifi_swap
-      echo "wifi_swap ACTION: $ACTION" | systemd-cat -t wifi_swap
+    # Case or switch for $ACTION
-      # Case or switch for $ACTION
+    case $ACTION in
-      case $ACTION in
+      add)
-        add)
+        echo "Plugged in USB device 0bda:8156 (Realtek 2.5gbe). Turning Wi-Fi off." | systemd-cat -t wifi_swap
-          echo "Plugged in USB device 0bda:8156 (Realtek 2.5gbe). Turning Wi-Fi off." | systemd-cat -t wifi_swap
+        ${pkgs.networkmanager.outPath}/bin/nmcli radio wifi off
-          ${pkgs.networkmanager.outPath}/bin/nmcli radio wifi off
+        ;;
-          ;;
+      remove)
-        remove)
+        echo "unplugged in USB device 0bda:8156 (Realtek 2.5gbe) Turning Wi-Fi on." | systemd-cat -t wifi_swap
-          echo "unplugged in USB device 0bda:8156 (Realtek 2.5gbe) Turning Wi-Fi on." | systemd-cat -t wifi_swap
+        ${pkgs.networkmanager.outPath}/bin/nmcli radio wifi on
-          ${pkgs.networkmanager.outPath}/bin/nmcli radio wifi on
+        ;;
-          ;;
+      *)
-        *)
+        echo "Uknown ACTION: $ACTION" | systemd-cat -t wifi_swap
-          echo "Uknown ACTION: $ACTION" | systemd-cat -t wifi_swap
+        ;;
-          ;;
+    esac
-      esac
+  '';
    '';
 in
 {
  options.mySystem.framework_wifi_swap = {
-    enable = mkEnableOption "framework_wifi_swap" // { default = false; };
+    enable = mkEnableOption "framework_wifi_swap" // {
      default = false;
    };
  };
  config = mkIf cfg.enable {
    # Create bash script and add it to nix store
--- a/nixos/modules/nixos/system/zfs.nix
+++ b/nixos/modules/nixos/system/zfs.nix
@ -1,4 +1,9 @@
-{ lib, config, pkgs, ... }:
+{
  lib,
  config,
  pkgs,
  ...
 }:
 let
  cfg = config.mySystem.system.zfs;
 in
@ -25,7 +30,6 @@ with lib;
    services.zfs = {
      autoScrub.enable = true;
      # Defaults to weekly and is a bit too regular for my NAS
      autoScrub.interval = "weekly";
      trim.enable = true;
    };
--- a/nixos/overlays/charm-mods/default.nix
+++ b/nixos/overlays/charm-mods/default.nix
@ -62,7 +62,10 @@ buildGoModule rec {
    description = "AI on the command line";
    homepage = "https://github.com/charmbracelet/mods";
    license = licenses.mit;
-    maintainers = with maintainers; [ dit7ya caarlos0 ];
+    maintainers = with maintainers; [
      dit7ya
      caarlos0
    ];
    mainProgram = "mods";
  };
 }
--- a/nixos/overlays/coder/default.nix
+++ b/nixos/overlays/coder/default.nix
@ -1,12 +1,13 @@
-{ lib
+{
-, channel ? "stable"
+  lib,
-, fetchurl
+  channel ? "stable",
-, installShellFiles
+  fetchurl,
-, makeBinaryWrapper
+  installShellFiles,
-, terraform
+  makeBinaryWrapper,
-, stdenvNoCC
+  terraform,
-, unzip
+  stdenvNoCC,
-, nixosTests
+  unzip,
  nixosTests,
 }:
 let
@ -41,19 +42,23 @@ stdenvNoCC.mkDerivation (finalAttrs: {
    url =
      let
-        systemName = {
+        systemName =
-          x86_64-linux = "linux_amd64";
+          {
-          aarch64-linux = "linux_arm64";
+            x86_64-linux = "linux_amd64";
-          x86_64-darwin = "darwin_amd64";
+            aarch64-linux = "linux_arm64";
-          aarch64-darwin = "darwin_arm64";
+            x86_64-darwin = "darwin_amd64";
-        }.${system};
+            aarch64-darwin = "darwin_arm64";
          }
          .${system};
-        ext = {
+        ext =
-          x86_64-linux = "tar.gz";
+          {
-          aarch64-linux = "tar.gz";
+            x86_64-linux = "tar.gz";
-          x86_64-darwin = "zip";
+            aarch64-linux = "tar.gz";
-          aarch64-darwin = "zip";
+            x86_64-darwin = "zip";
-        }.${system};
+            aarch64-darwin = "zip";
          }
          .${system};
      in
      "https://github.com/coder/coder/releases/download/v${finalAttrs.version}/coder_${finalAttrs.version}_${systemName}.${ext}";
  };
@ -96,7 +101,11 @@ stdenvNoCC.mkDerivation (finalAttrs: {
    homepage = "https://coder.com";
    license = lib.licenses.agpl3Only;
    mainProgram = "coder";
-    maintainers = with lib.maintainers; [ ghuntley kylecarbs urandom ];
+    maintainers = with lib.maintainers; [
      ghuntley
      kylecarbs
      urandom
    ];
  };
  passthru = {
--- a/nixos/overlays/default.nix
+++ b/nixos/overlays/default.nix
@ -19,16 +19,22 @@ in
  # The unstable nixpkgs set (declared in the flake inputs) will
  # be accessible through 'pkgs.unstable'
  unstable-packages = final: prev: {
-    unstable = import inputs.nixpkgs-unstable
+    unstable =
-      {
+      import inputs.nixpkgs-unstable {
        inherit (final) system;
        config.allowUnfree = true;
-      } // {
+      }
-      # Add talosctl to the unstable set
+      // {
-      talosctl = final.unstable.callPackage ./talosctl {
+        # Add talosctl to the unstable set
-        inherit (final.unstable) lib buildGoModule fetchFromGitHub installShellFiles;
+        talosctl = final.unstable.callPackage ./talosctl {
          inherit (final.unstable)
            lib
            buildGoModule
            fetchFromGitHub
            installShellFiles
            ;
        };
        xpipe = final.unstable.callPackage ./xpipe/ptb.nix { };
      };
      xpipe = final.unstable.callPackage ./xpipe/ptb.nix {};
    };
  };
 }
--- a/nixos/overlays/talosctl/default.nix
+++ b/nixos/overlays/talosctl/default.nix
@ -1,4 +1,10 @@
-{ lib, buildGoModule, fetchFromGitHub, installShellFiles, git }:
+{
  lib,
  buildGoModule,
  fetchFromGitHub,
  installShellFiles,
  git,
 }:
 buildGoModule rec {
  pname = "talosctl";
@ -13,7 +19,10 @@ buildGoModule rec {
  vendorHash = "sha256-XvOMNyiHnemqnbOzWmzZXkr3+/ZgJDg8vjCtWFkCtLs=";
-  ldflags = [ "-s" "-w" ];
+  ldflags = [
    "-s"
    "-w"
  ];
  subPackages = [ "cmd/talosctl" ];
@ -33,7 +42,10 @@ buildGoModule rec {
    export GOFLAGS="-mod=vendor"
  '';
-  nativeBuildInputs = [ installShellFiles git ];
+  nativeBuildInputs = [
    installShellFiles
    git
  ];
  postInstall = ''
    installShellCompletion --cmd talosctl \
--- a/nixos/overlays/termius/default.nix
+++ b/nixos/overlays/termius/default.nix
@ -1,15 +1,16 @@
-{ autoPatchelfHook
+{
-, squashfsTools
+  autoPatchelfHook,
-, alsa-lib
+  squashfsTools,
-, fetchurl
+  alsa-lib,
-, makeDesktopItem
+  fetchurl,
-, makeWrapper
+  makeDesktopItem,
-, stdenv
+  makeWrapper,
-, lib
+  stdenv,
-, libsecret
+  lib,
-, mesa
+  libsecret,
-, udev
+  mesa,
-, wrapGAppsHook3
+  udev,
  wrapGAppsHook3,
 }:
 stdenv.mkDerivation rec {
@ -45,7 +46,12 @@ stdenv.mkDerivation rec {
  dontWrapGApps = true;
  # TODO: migrate off autoPatchelfHook and use nixpkgs' electron
-  nativeBuildInputs = [ autoPatchelfHook squashfsTools makeWrapper wrapGAppsHook3 ];
+  nativeBuildInputs = [
    autoPatchelfHook
    squashfsTools
    makeWrapper
    wrapGAppsHook3
  ];
  buildInputs = [
    alsa-lib
@ -89,7 +95,10 @@ stdenv.mkDerivation rec {
    downloadPage = "https://termius.com/linux/";
    sourceProvenance = with sourceTypes; [ binaryNativeCode ];
    license = licenses.unfree;
-    maintainers = with maintainers; [ Br1ght0ne th0rgal ];
+    maintainers = with maintainers; [
      Br1ght0ne
      th0rgal
    ];
    platforms = [ "x86_64-linux" ];
    mainProgram = "termius-app";
  };
--- a/nixos/overlays/vivaldi/default.nix
+++ b/nixos/overlays/vivaldi/default.nix
@ -1,42 +1,92 @@
-{ lib, stdenv, fetchurl, zlib, libX11, libXext, libSM, libICE, libxkbcommon, libxshmfence
+{
-, libXfixes, libXt, libXi, libXcursor, libXScrnSaver, libXcomposite, libXdamage, libXtst, libXrandr
+  lib,
-, alsa-lib, dbus, cups, libexif, ffmpeg, systemd, libva, libGL
+  stdenv,
-, freetype, fontconfig, libXft, libXrender, libxcb, expat
+  fetchurl,
-, libuuid
+  zlib,
-, libxml2
+  libX11,
-, glib, gtk3, pango, gdk-pixbuf, cairo, atk, at-spi2-atk, at-spi2-core
+  libXext,
-, qt5
+  libSM,
-, libdrm, mesa
+  libICE,
-, vulkan-loader
+  libxkbcommon,
-, nss, nspr
+  libxshmfence,
-, patchelf, makeWrapper
+  libXfixes,
-, wayland, pipewire
+  libXt,
-, isSnapshot ? false
+  libXi,
-, proprietaryCodecs ? false, vivaldi-ffmpeg-codecs ? null
+  libXcursor,
-, enableWidevine ? false, widevine-cdm ? null
+  libXScrnSaver,
-, commandLineArgs ? ""
+  libXcomposite,
-, pulseSupport ? stdenv.isLinux, libpulseaudio
+  libXdamage,
-, kerberosSupport ? true, libkrb5
+  libXtst,
  libXrandr,
  alsa-lib,
  dbus,
  cups,
  libexif,
  ffmpeg,
  systemd,
  libva,
  libGL,
  freetype,
  fontconfig,
  libXft,
  libXrender,
  libxcb,
  expat,
  libuuid,
  libxml2,
  glib,
  gtk3,
  pango,
  gdk-pixbuf,
  cairo,
  atk,
  at-spi2-atk,
  at-spi2-core,
  qt5,
  libdrm,
  mesa,
  vulkan-loader,
  nss,
  nspr,
  patchelf,
  makeWrapper,
  wayland,
  pipewire,
  isSnapshot ? false,
  proprietaryCodecs ? false,
  vivaldi-ffmpeg-codecs ? null,
  enableWidevine ? false,
  widevine-cdm ? null,
  commandLineArgs ? "",
  pulseSupport ? stdenv.isLinux,
  libpulseaudio,
  kerberosSupport ? true,
  libkrb5,
 }:
 let
  branch = if isSnapshot then "snapshot" else "stable";
  vivaldiName = if isSnapshot then "vivaldi-snapshot" else "vivaldi";
-in stdenv.mkDerivation rec {
+in
 stdenv.mkDerivation rec {
  pname = "vivaldi";
  version = "6.9.3447.37";
-  suffix = {
+  suffix =
-    aarch64-linux = "arm64";
+    {
-    x86_64-linux = "amd64";
+      aarch64-linux = "arm64";
-  }.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
+      x86_64-linux = "amd64";
    }
    .${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
  src = fetchurl {
    url = "https://downloads.vivaldi.com/${branch}/vivaldi-${branch}_${version}-1_${suffix}.deb";
-    hash = {
+    hash =
-      aarch64-linux = "sha256-kYTnWad/jrJt9z+AhjXzHYxVSIwIIO3RKD7szuPEg2s=";
+      {
-      x86_64-linux = "sha256-+h7SHci8gZ+epKFHD0PiXyME2xT+loD2KXpJGFCfIFg=";
+        aarch64-linux = "sha256-kYTnWad/jrJt9z+AhjXzHYxVSIwIIO3RKD7szuPEg2s=";
-    }.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
+        x86_64-linux = "sha256-+h7SHci8gZ+epKFHD0PiXyME2xT+loD2KXpJGFCfIFg=";
      }
      .${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
  };
  unpackPhase = ''
@ -44,92 +94,151 @@ in stdenv.mkDerivation rec {
    tar -xvf data.tar.xz
  '';
-  nativeBuildInputs = [ patchelf makeWrapper ];
+  nativeBuildInputs = [
    patchelf
    makeWrapper
  ];
  dontWrapQtApps = true;
-  buildInputs = [
+  buildInputs =
-    stdenv.cc.cc stdenv.cc.libc zlib libX11 libXt libXext libSM libICE libxcb libxkbcommon libxshmfence
+    [
-    libXi libXft libXcursor libXfixes libXScrnSaver libXcomposite libXdamage libXtst libXrandr
+      stdenv.cc.cc
-    atk at-spi2-atk at-spi2-core alsa-lib dbus cups gtk3 gdk-pixbuf libexif ffmpeg systemd libva
+      stdenv.cc.libc
-    qt5.qtbase
+      zlib
-    freetype fontconfig libXrender libuuid expat glib nss nspr libGL
+      libX11
-    libxml2 pango cairo
+      libXt
-    libdrm mesa vulkan-loader
+      libXext
-    wayland pipewire
+      libSM
-  ] ++ lib.optional proprietaryCodecs vivaldi-ffmpeg-codecs
+      libICE
      libxcb
      libxkbcommon
      libxshmfence
      libXi
      libXft
      libXcursor
      libXfixes
      libXScrnSaver
      libXcomposite
      libXdamage
      libXtst
      libXrandr
      atk
      at-spi2-atk
      at-spi2-core
      alsa-lib
      dbus
      cups
      gtk3
      gdk-pixbuf
      libexif
      ffmpeg
      systemd
      libva
      qt5.qtbase
      freetype
      fontconfig
      libXrender
      libuuid
      expat
      glib
      nss
      nspr
      libGL
      libxml2
      pango
      cairo
      libdrm
      mesa
      vulkan-loader
      wayland
      pipewire
    ]
    ++ lib.optional proprietaryCodecs vivaldi-ffmpeg-codecs
    ++ lib.optional pulseSupport libpulseaudio
    ++ lib.optional kerberosSupport libkrb5;
-  libPath = lib.makeLibraryPath buildInputs
+  libPath =
-    + lib.optionalString (stdenv.is64bit)
+    lib.makeLibraryPath buildInputs
-      (":" + lib.makeSearchPathOutput "lib" "lib64" buildInputs)
+    + lib.optionalString (stdenv.is64bit) (":" + lib.makeSearchPathOutput "lib" "lib64" buildInputs)
    + ":$out/opt/${vivaldiName}/lib";
-  buildPhase = ''
+  buildPhase =
-    runHook preBuild
+    ''
-    echo "Patching Vivaldi binaries"
+      runHook preBuild
-    for f in chrome_crashpad_handler vivaldi-bin vivaldi-sandbox ; do
+      echo "Patching Vivaldi binaries"
-      patchelf \
+      for f in chrome_crashpad_handler vivaldi-bin vivaldi-sandbox ; do
-        --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
+        patchelf \
-        --set-rpath "${libPath}" \
+          --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
-        opt/${vivaldiName}/$f
+          --set-rpath "${libPath}" \
-    done
+          opt/${vivaldiName}/$f
      done
-    for f in libGLESv2.so libqt5_shim.so ; do
+      for f in libGLESv2.so libqt5_shim.so ; do
-      patchelf --set-rpath "${libPath}" opt/${vivaldiName}/$f
+        patchelf --set-rpath "${libPath}" opt/${vivaldiName}/$f
-    done
+      done
-  '' + lib.optionalString proprietaryCodecs ''
+    ''
-    ln -s ${vivaldi-ffmpeg-codecs}/lib/libffmpeg.so opt/${vivaldiName}/libffmpeg.so.''${version%\.*\.*}
+    + lib.optionalString proprietaryCodecs ''
-  '' + ''
+      ln -s ${vivaldi-ffmpeg-codecs}/lib/libffmpeg.so opt/${vivaldiName}/libffmpeg.so.''${version%\.*\.*}
-    echo "Finished patching Vivaldi binaries"
+    ''
-    runHook postBuild
+    + ''
-  '';
+      echo "Finished patching Vivaldi binaries"
      runHook postBuild
    '';
  dontPatchELF = true;
-  dontStrip    = true;
+  dontStrip = true;
-  installPhase = ''
+  installPhase =
-    runHook preInstall
+    ''
-    mkdir -p "$out"
+      runHook preInstall
-    cp -r opt "$out"
+      mkdir -p "$out"
-    mkdir "$out/bin"
+      cp -r opt "$out"
-    ln -s "$out/opt/${vivaldiName}/${vivaldiName}" "$out/bin/vivaldi"
+      mkdir "$out/bin"
-    mkdir -p "$out/share"
+      ln -s "$out/opt/${vivaldiName}/${vivaldiName}" "$out/bin/vivaldi"
-    cp -r usr/share/{applications,xfce4} "$out"/share
+      mkdir -p "$out/share"
-    substituteInPlace "$out"/share/applications/*.desktop \
+      cp -r usr/share/{applications,xfce4} "$out"/share
-      --replace /usr/bin/${vivaldiName} "$out"/bin/vivaldi
+      substituteInPlace "$out"/share/applications/*.desktop \
-    substituteInPlace "$out"/share/applications/*.desktop \
+        --replace /usr/bin/${vivaldiName} "$out"/bin/vivaldi
-      --replace vivaldi-stable vivaldi
+      substituteInPlace "$out"/share/applications/*.desktop \
-    local d
+        --replace vivaldi-stable vivaldi
-    for d in 16 22 24 32 48 64 128 256; do
+      local d
-      mkdir -p "$out"/share/icons/hicolor/''${d}x''${d}/apps
+      for d in 16 22 24 32 48 64 128 256; do
-      ln -s \
+        mkdir -p "$out"/share/icons/hicolor/''${d}x''${d}/apps
-        "$out"/opt/${vivaldiName}/product_logo_''${d}.png \
+        ln -s \
-        "$out"/share/icons/hicolor/''${d}x''${d}/apps/vivaldi.png
+          "$out"/opt/${vivaldiName}/product_logo_''${d}.png \
-    done
+          "$out"/share/icons/hicolor/''${d}x''${d}/apps/vivaldi.png
-    wrapProgram "$out/bin/vivaldi" \
+      done
-      --add-flags ${lib.escapeShellArg commandLineArgs} \
+      wrapProgram "$out/bin/vivaldi" \
-      --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \
+        --add-flags ${lib.escapeShellArg commandLineArgs} \
-      --set-default FONTCONFIG_FILE "${fontconfig.out}/etc/fonts/fonts.conf" \
+        --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \
-      --set-default FONTCONFIG_PATH "${fontconfig.out}/etc/fonts" \
+        --set-default FONTCONFIG_FILE "${fontconfig.out}/etc/fonts/fonts.conf" \
-      --suffix XDG_DATA_DIRS : ${gtk3}/share/gsettings-schemas/${gtk3.name}/ \
+        --set-default FONTCONFIG_PATH "${fontconfig.out}/etc/fonts" \
-      ${lib.optionalString enableWidevine "--suffix LD_LIBRARY_PATH : ${libPath}"}
+        --suffix XDG_DATA_DIRS : ${gtk3}/share/gsettings-schemas/${gtk3.name}/ \
-  '' + lib.optionalString enableWidevine ''
+        ${lib.optionalString enableWidevine "--suffix LD_LIBRARY_PATH : ${libPath}"}
-    ln -sf ${widevine-cdm}/share/google/chrome/WidevineCdm $out/opt/${vivaldiName}/WidevineCdm
+    ''
-  '' + ''
+    + lib.optionalString enableWidevine ''
-    runHook postInstall
+      ln -sf ${widevine-cdm}/share/google/chrome/WidevineCdm $out/opt/${vivaldiName}/WidevineCdm
-  '';
+    ''
    + ''
      runHook postInstall
    '';
  passthru.updateScript = ./update-vivaldi.sh;
  meta = with lib; {
    description = "Browser for our Friends, powerful and personal";
-    homepage    = "https://vivaldi.com";
+    homepage = "https://vivaldi.com";
-    license     = licenses.unfree;
+    license = licenses.unfree;
    sourceProvenance = with sourceTypes; [ binaryNativeCode ];
    mainProgram = "vivaldi";
-    maintainers = with maintainers; [ otwieracz badmutex ];
+    maintainers = with maintainers; [
-    platforms   = [ "x86_64-linux" "aarch64-linux" ];
+      otwieracz
      badmutex
    ];
    platforms = [
      "x86_64-linux"
      "aarch64-linux"
    ];
  };
 }
--- a/nixos/overlays/vivaldi/ffmpeg-codecs.nix
+++ b/nixos/overlays/vivaldi/ffmpeg-codecs.nix
@ -1,4 +1,9 @@
-{ squashfsTools, fetchurl, lib, stdenv }:
+{
  squashfsTools,
  fetchurl,
  lib,
  stdenv,
 }:
 # This derivation roughly follows the update-ffmpeg script that ships with the official Vivaldi
 # downloads at https://vivaldi.com/download/
@ -23,10 +28,14 @@ stdenv.mkDerivation rec {
  meta = with lib; {
    description = "Additional support for proprietary codecs for Vivaldi";
-    homepage    = "https://ffmpeg.org/";
+    homepage = "https://ffmpeg.org/";
    sourceProvenance = with sourceTypes; [ binaryNativeCode ];
-    license     = licenses.lgpl21;
+    license = licenses.lgpl21;
-    maintainers = with maintainers; [ betaboon cawilliamson fptje ];
+    maintainers = with maintainers; [
-    platforms   = [ "x86_64-linux" ];
+      betaboon
      cawilliamson
      fptje
    ];
    platforms = [ "x86_64-linux" ];
  };
 }
--- a/nixos/overlays/xpipe/ptb.nix
+++ b/nixos/overlays/xpipe/ptb.nix
@ -1,48 +1,54 @@
-{ stdenvNoCC
+{
-, lib
+  stdenvNoCC,
-, fetchzip
+  lib,
-, makeDesktopItem
+  fetchzip,
-, autoPatchelfHook
+  makeDesktopItem,
-, zlib
+  autoPatchelfHook,
-, fontconfig
+  zlib,
-, udev
+  fontconfig,
-, gtk3
+  udev,
-, freetype
+  gtk3,
-, alsa-lib
+  freetype,
-, makeShellWrapper
+  alsa-lib,
-, libX11
+  makeShellWrapper,
-, libXext
+  libX11,
-, libXdamage
+  libXext,
-, libXfixes
+  libXdamage,
-, libxcb
+  libXfixes,
-, libXcomposite
+  libxcb,
-, libXcursor
+  libXcomposite,
-, libXi
+  libXcursor,
-, libXrender
+  libXi,
-, libXtst
+  libXrender,
-, libXxf86vm
+  libXtst,
-, util-linux
+  libXxf86vm,
-, socat
+  util-linux,
-, hicolor-icon-theme
+  socat,
  hicolor-icon-theme,
 }:
 let
  inherit (stdenvNoCC.hostPlatform) system;
  throwSystem = throw "Unsupported system: ${system}";
-  arch = {
+  arch =
-    x86_64-linux = "x86_64";
+    {
-    aarch64-linux = "arm64";
+      x86_64-linux = "x86_64";
-  }.${system} or throwSystem;
+      aarch64-linux = "arm64";
    }
    .${system} or throwSystem;
-  hash = {
+  hash =
-    x86_64-linux = "sha256-O4gl0WulhDyqL9lDwqR1oxNAzVjHn+3q0UB8KP0/sBk=";
+    {
-    aarch64-linux = "";
+      x86_64-linux = "sha256-O4gl0WulhDyqL9lDwqR1oxNAzVjHn+3q0UB8KP0/sBk=";
-  }.${system} or throwSystem;
+      aarch64-linux = "";
    }
    .${system} or throwSystem;
  displayname = "XPipe PTB";
-in stdenvNoCC.mkDerivation rec {
+in
 stdenvNoCC.mkDerivation rec {
  pname = "xpipe-ptb";
  version = "13.0-10";
@ -60,25 +66,25 @@ in stdenvNoCC.mkDerivation rec {
  autoPatchelfIgnoreMissingDeps = true;
  buildInputs = [
-      fontconfig
+    fontconfig
-      zlib
+    zlib
-      udev
+    udev
-      freetype
+    freetype
-      gtk3
+    gtk3
-      alsa-lib
+    alsa-lib
-      libX11
+    libX11
-      libX11
+    libX11
-      libXext
+    libXext
-      libXdamage
+    libXdamage
-      libXfixes
+    libXfixes
-      libxcb
+    libxcb
-      libXcomposite
+    libXcomposite
-      libXcursor
+    libXcursor
-      libXi
+    libXi
-      libXrender
+    libXrender
-      libXtst
+    libXtst
-      libXxf86vm
+    libXxf86vm
-    ];
+  ];
  desktopItem = makeDesktopItem {
    categories = [ "Network" ];
@ -114,9 +120,21 @@ in stdenvNoCC.mkDerivation rec {
    mv "$out/opt/$pkg/app/scripts/xpiped_debug.sh" "$out/opt/$pkg/app/scripts/xpiped_debug_raw.sh"
    makeShellWrapper "$out/opt/$pkg/app/bin/xpiped_raw" "$out/opt/$pkg/app/bin/xpiped" \
-      --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ fontconfig gtk3 udev ]}"
+      --prefix LD_LIBRARY_PATH : "${
        lib.makeLibraryPath [
          fontconfig
          gtk3
          udev
        ]
      }"
    makeShellWrapper "$out/opt/$pkg/app/scripts/xpiped_debug_raw.sh" "$out/opt/$pkg/app/scripts/xpiped_debug.sh" \
-      --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ fontconfig gtk3 udev ]}"
+      --prefix LD_LIBRARY_PATH : "${
        lib.makeLibraryPath [
          fontconfig
          gtk3
          udev
        ]
      }"
    runHook postInstall
  '';
@ -127,9 +145,15 @@ in stdenvNoCC.mkDerivation rec {
    downloadPage = "https://github.com/xpipe-io/${pname}/releases/latest";
    sourceProvenance = with sourceTypes; [ binaryNativeCode ];
    changelog = "https://github.com/xpipe-io/${pname}/releases/tag/${version}";
-    license = [ licenses.asl20 licenses.unfree ];
+    license = [
      licenses.asl20
      licenses.unfree
    ];
    maintainers = with maintainers; [ crschnick ];
-    platforms = [ "x86_64-linux" "aarch64-linux" ];
+    platforms = [
      "x86_64-linux"
      "aarch64-linux"
    ];
    mainProgram = pname;
  };
 }
--- a/nixos/overlays/zed-editor/default.nix
+++ b/nixos/overlays/zed-editor/default.nix
@ -3,14 +3,13 @@ let
  finalVersion = "0.149.3";
 in
 final: prev: {
-  zed-editor = prev.zed-editor.overrideAttrs
+  zed-editor = prev.zed-editor.overrideAttrs (oldAttrs: {
-    (oldAttrs: {
+    version = finalVersion;
-      version = finalVersion;
+    src = prev.fetchFromGithub {
-      src = prev.fetchFromGithub {
+      hash = "sha256-ed6/QQObmclSA36g+civhii1aFKTBSjqB+LOyp2LUPg=";
-        hash = "sha256-ed6/QQObmclSA36g+civhii1aFKTBSjqB+LOyp2LUPg=";
+    };
-      };
+    cargoLock = prev.outputHashes {
-      cargoLock = prev.outputHashes {
+      "blade-graphics-0.4.0" = "sha256-sGXhXmgtd7Wx/Gf7HCWro4RsQOGS4pQt8+S3T+2wMfY=";
-        "blade-graphics-0.4.0" = "sha256-sGXhXmgtd7Wx/Gf7HCWro4RsQOGS4pQt8+S3T+2wMfY=";
+    };
-      };
+  });
    });
 }
--- a/nixos/profiles/disko-nixos.nix
+++ b/nixos/profiles/disko-nixos.nix
@ -1,4 +1,8 @@
-{ disks ? [ "/dev/sda" ], ... }: {
+{
  disks ? [ "/dev/sda" ],
  ...
 }:
 {
  disko.devices = {
    disk = {
      main = {
--- a/nixos/profiles/global/nix.nix
+++ b/nixos/profiles/global/nix.nix
@ -42,7 +42,10 @@
      connect-timeout = 25;
      # Avoid copying unnecessary stuff over SSH
      builders-use-substitutes = true;
-      trusted-users = [ "root" "@wheel" ];
+      trusted-users = [
        "root"
        "@wheel"
      ];
      warn-dirty = false;
      # The default at 10 is rarely enough.
      log-lines = lib.mkDefault 25;
--- a/nixos/profiles/global/system.nix
+++ b/nixos/profiles/global/system.nix
@ -3,7 +3,12 @@
  system = {
    # Enable printing changes on nix build etc with nvd
    activationScripts.report-changes = ''
-      PATH=$PATH:${lib.makeBinPath [ pkgs.nvd pkgs.nix ]}
+      PATH=$PATH:${
        lib.makeBinPath [
          pkgs.nvd
          pkgs.nix
        ]
      }
      profiles=$(${pkgs.coreutils}/bin/ls -dv /nix/var/nix/profiles/system-*-link | tail -2)
      profile_count=$(echo "$profiles" | ${pkgs.coreutils}/bin/wc -l)
      if [ $profile_count -gt 1 ]; then
--- a/nixos/profiles/hw-generic-x86.nix
+++ b/nixos/profiles/hw-generic-x86.nix
@ -3,7 +3,14 @@ with lib;
 {
  boot = {
-    initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+    initrd.availableKernelModules = [
      "nvme"
      "xhci_pci"
      "ahci"
      "usbhid"
      "usb_storage"
      "sd_mod"
    ];
    kernelModules = [ ];
    extraModulePackages = [ ];
--- a/nixos/profiles/hw-hetzner-cax.nix
+++ b/nixos/profiles/hw-hetzner-cax.nix
@ -1,10 +1,17 @@
-{ lib, ... }: {
+{ lib, ... }:
 {
  imports = [ ];
  boot = {
    loader.systemd-boot.enable = true;
    loader.efi.canTouchEfiVariables = true;
-    initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" "sr_mod" ];
+    initrd.availableKernelModules = [
      "xhci_pci"
      "virtio_pci"
      "virtio_scsi"
      "usbhid"
      "sr_mod"
    ];
    initrd.kernelModules = [ ];
    kernelModules = [ ];
    extraModulePackages = [ ];
--- a/nixos/profiles/hw-supermicro.nix
+++ b/nixos/profiles/hw-supermicro.nix
@ -10,7 +10,10 @@
        efiSupport = true;
        efiInstallAsRemovable = true;
        mirroredBoots = [
-          { devices = [ "nodev" ]; path = "/boot"; }
+          {
            devices = [ "nodev" ];
            path = "/boot";
          }
        ];
      };
    };
--- a/nixos/profiles/hw-threadripperpro.nix
+++ b/nixos/profiles/hw-threadripperpro.nix
@ -1,10 +1,18 @@
-{ lib, ... }: {
+{ lib, ... }:
 {
  imports = [ ];
  boot = {
    loader.systemd-boot.enable = true;
    loader.efi.canTouchEfiVariables = true;
-    initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+    initrd.availableKernelModules = [
      "xhci_pci"
      "ahci"
      "nvme"
      "usbhid"
      "usb_storage"
      "sd_mod"
    ];
    initrd.kernelModules = [ ];
    kernelModules = [ "kvm-amd" ];
    extraModulePackages = [ ];
--- a/nixos/profiles/role-dev.nix
+++ b/nixos/profiles/role-dev.nix
@ -38,6 +38,7 @@
      shfmt
      statix
      tmux
      unstable.mise
      unstable.bottom
      unstable.cyme
      unstable.go-task