reformat --> alejandra

.archive/flake.nix

@@ -11,7 +11,7 @@
     profileModules = [
       ./nixos/profiles/role-workstation.nix
       ./nixos/profiles/role-dev.nix
-      { home-manager.users.jahanson = ./nixos/home/jahanson/workstation.nix; }
+      {home-manager.users.jahanson = ./nixos/home/jahanson/workstation.nix;}
     ];
   };
 
@@ -24,13 +24,13 @@
       inputs.nixos-hardware.nixosModules.lenovo-legion-15arh05h
       ./nixos/profiles/hw-legion-15arh05h.nix
       disko.nixosModules.disko
-      (import ./nixos/profiles/disko-nixos.nix { disks = [ "/dev/nvme0n1" ]; })
+      (import ./nixos/profiles/disko-nixos.nix {disks = ["/dev/nvme0n1"];})
     ];
     profileModules = [
       ./nixos/profiles/role-dev.nix
       ./nixos/profiles/role-gaming.nix
       ./nixos/profiles/role-workstation.nix
-      { home-manager.users.jahanson = ./nixos/home/jahanson/workstation.nix; }
+      {home-manager.users.jahanson = ./nixos/home/jahanson/workstation.nix;}
     ];
   };
 }

.archive/home/modules/programs/de/gnome/default.nix

@@ -6,8 +6,7 @@
   osConfig,
   ...
 }:
-with lib.hm.gvariant;
+with lib.hm.gvariant; {
-{
   config = lib.mkIf osConfig.mySystem.de.gnome.enable {
     # add user packages
     home.packages = with pkgs; [
@@ -23,7 +22,7 @@ with lib.hm.gvariant;
         workspaces-only-on-primary = false;
       };
       "org/gnome/settings-daemon/plugins/media-keys" = {
-        home = [ "<Super>e" ];
+        home = ["<Super>e"];
       };
       "org/gnome/desktop/wm/preferences" = {
         workspace-names = [

.archive/hosts/durincore/default.nix

@@ -1,5 +1,4 @@
-{ ... }:
+{...}: {
-{
   config = {
     networking.hostId = "ad4380db";
     networking.hostName = "durincore";
@@ -12,10 +11,10 @@
           "usb_storage"
           "sd_mod"
         ];
-        kernelModules = [ ];
+        kernelModules = [];
       };
-      kernelModules = [ "kvm-intel" ];
+      kernelModules = ["kvm-intel"];
-      extraModulePackages = [ ];
+      extraModulePackages = [];
     };
 
     fileSystems = {
@@ -39,7 +38,7 @@
       };
     };
 
-    swapDevices = [ ];
+    swapDevices = [];
 
     # System settings and services.
     mySystem = {
@@ -48,6 +47,5 @@
         "wlp4s0"
       ];
     };
-
   };
 }

.archive/hosts/gandalf/config/incus-preseed.nix

@@ -1,5 +1,4 @@
-{ ... }:
+{...}: {
-{
   config = {
     "core.https_address" = "10.1.1.15:8445"; # Need quotes around key
   };
@@ -27,7 +26,7 @@
   ];
   profiles = [
     {
-      config = { };
+      config = {};
       description = "";
       devices = {
         eth0 = {
@@ -44,6 +43,6 @@
       name = "default";
     }
   ];
-  projects = [ ];
+  projects = [];
   cluster = null;
 }

.archive/hosts/gandalf/config/samba-config.nix

@@ -1,5 +1,4 @@
-{ ... }:
+{...}: {
-{
   global = {
     "workgroup" = "WORKGROUP";
     "server string" = "gandalf";

.archive/hosts/gandalf/config/sanoid.nix

@@ -1,5 +1,4 @@
-{ ... }:
+{...}: {
-{
   outputs = {
     # ZFS automated snapshots
     templates = {
@@ -14,22 +13,22 @@
     };
     datasets = {
       "eru/xen-backups" = {
-        useTemplate = [ "production" ];
+        useTemplate = ["production"];
       };
       "eru/hansonhive" = {
-        useTemplate = [ "production" ];
+        useTemplate = ["production"];
       };
       "eru/tm_joe" = {
-        useTemplate = [ "production" ];
+        useTemplate = ["production"];
       };
       "eru/tm_elisia" = {
-        useTemplate = [ "production" ];
+        useTemplate = ["production"];
       };
       "eru/containers/volumes/xo-data" = {
-        useTemplate = [ "production" ];
+        useTemplate = ["production"];
       };
       "eru/containers/volumes/xo-redis-data" = {
-        useTemplate = [ "production" ];
+        useTemplate = ["production"];
       };
     };
   };

.archive/hosts/gandalf/default.nix

@@ -17,7 +17,7 @@
   imports = [
     (modulesPath + "/installer/scan/not-detected.nix")
     inputs.disko.nixosModules.disko
-    (import ../../profiles/disko-nixos.nix { disks = [ "/dev/sda" ]; })
+    (import ../../profiles/disko-nixos.nix {disks = ["/dev/sda"];})
   ];
 
   boot = {
@@ -31,8 +31,8 @@
         "usb_storage"
         "sd_mod"
       ];
-      kernelModules = [ "nfs" ];
+      kernelModules = ["nfs"];
-      supportedFilesystems = [ "nfs" ];
+      supportedFilesystems = ["nfs"];
     };
 
     kernelModules = [
@@ -42,7 +42,7 @@
       "vfio_pci"
       "vfio_virqfd"
     ];
-    extraModulePackages = [ ];
+    extraModulePackages = [];
     kernelParams = [
       "iommu=pt"
       "intel_iommu=on"
@@ -50,7 +50,7 @@
     ]; # 100GB
   };
 
-  swapDevices = [ ];
+  swapDevices = [];
 
   users.users.root.openssh.authorizedKeys.keys = [
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGSFTSVPt43PBpSMSF1dGTzN2JbxztDZUml7g4+PnWe CSI-Driver@talos"
@@ -107,13 +107,13 @@
         sopsFile = ./secrets.sops.yaml;
         owner = "jahanson";
         mode = "400";
-        restartUnits = [ "syncthing.service" ];
+        restartUnits = ["syncthing.service"];
       };
       "syncthing/privateKey" = {
         sopsFile = ./secrets.sops.yaml;
         owner = "jahanson";
         mode = "400";
-        restartUnits = [ "syncthing.service" ];
+        restartUnits = ["syncthing.service"];
       };
     };
   };

.archive/hosts/legiondary/default.nix

@@ -6,9 +6,7 @@
   lib,
   modulesPath,
   ...
-}:
+}: {
-
-{
   imports = [
     (modulesPath + "/installer/scan/not-detected.nix")
   ];
@@ -24,9 +22,9 @@
       "usbhid"
       "sd_mod"
     ];
-    initrd.kernelModules = [ ];
+    initrd.kernelModules = [];
-    kernelModules = [ "kvm-amd" ];
+    kernelModules = ["kvm-amd"];
-    extraModulePackages = [ ];
+    extraModulePackages = [];
   };
 
   fileSystems = {
@@ -57,7 +55,7 @@
   #     options = [ "fmask=0022" "dmask=0022" ];
   #   };
 
-  swapDevices = [ ];
+  swapDevices = [];
 
   hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 

.archive/modules/nixos/containers/lego-auto/default.nix

@@ -1,6 +1,9 @@
-{ lib, config, ... }:
+{
-with lib;
+  lib,
-let
+  config,
+  ...
+}:
+with lib; let
   app = "lego-auto";
   image = "ghcr.io/bjw-s/lego-auto:v0.3.0";
   user = "999"; # string
@@ -8,8 +11,7 @@ let
   port = 9898; # int
   cfg = config.mySystem.services.${app};
   appFolder = "/eru/containers/volumes/${app}";
-in
+in {
-{
   options.mySystem.services.${app} = {
     enable = mkEnableOption "${app}";
     dnsimpleTokenPath = mkOption {
@@ -56,9 +58,11 @@ in
           DNSIMPLE_OAUTH_TOKEN_FILE = "/config/dnsimple-token";
         };
 
-      volumes = [
+      volumes =
+        [
           "${appFolder}/cert:/cert"
-      ] ++ optionals (cfg.provider == "dnsimple") [ "${cfg.dnsimpleTokenPath}:/config/dnsimple-token" ];
+        ]
+        ++ optionals (cfg.provider == "dnsimple") ["${cfg.dnsimpleTokenPath}:/config/dnsimple-token"];
     };
   };
 }

.archive/modules/nixos/containers/unifi/default.nix

@@ -1,14 +1,17 @@
-{ lib, config, ... }:
+{
-with lib;
+  lib,
-let
+  config,
+  ...
+}:
+with lib; let
   app = "unifi";
   # renovate: depName=goofball222/unifi datasource=github-releases
   version = "8.4.62";
   cfg = config.mySystem.services.${app};
   appFolder = "/eru/containers/volumes/${app}";
 in
-# persistentFolder = "${config.mySystem.persistentFolder}/var/lib/${appFolder}";
+  # persistentFolder = "${config.mySystem.persistentFolder}/var/lib/${appFolder}";
-{
+  {
     options.mySystem.services.${app} = {
       enable = mkEnableOption "${app}";
     };
@@ -16,7 +19,7 @@ in
     config = mkIf cfg.enable {
       networking.firewall.interfaces = {
         enp130s0f0 = {
-        allowedTCPPorts = [ 8443 ];
+          allowedTCPPorts = [8443];
         };
         podman0 = {
           allowedTCPPorts = [
@@ -25,7 +28,7 @@ in
             8880
             8843
           ];
-        allowedUDPPorts = [ 3478 ];
+          allowedUDPPorts = [3478];
         };
       };
       virtualisation.oci-containers.containers.${app} = {
@@ -51,4 +54,4 @@ in
         ];
       };
     };
-}
+  }

.archive/modules/nixos/de/gnome.nix

@@ -3,24 +3,27 @@
   config,
   pkgs,
   ...
-}:
+}: let
-let
   cfg = config.mySystem.de.gnome;
-in
+in {
-{
   options = {
     mySystem.de.gnome = {
-      enable = lib.mkEnableOption "GNOME" // {
+      enable =
+        lib.mkEnableOption "GNOME"
+        // {
           default = false;
         };
-      systrayicons = lib.mkEnableOption "Enable systray icons" // {
+      systrayicons =
+        lib.mkEnableOption "Enable systray icons"
+        // {
           default = true;
         };
-      gsconnect = lib.mkEnableOption "Enable gsconnect (KDEConnect for GNOME)" // {
+      gsconnect =
+        lib.mkEnableOption "Enable gsconnect (KDEConnect for GNOME)"
+        // {
           default = true;
         };
     };
-
   };
 
   config = lib.mkIf cfg.enable {
@@ -49,14 +52,13 @@ in
         };
       };
 
-      udev.packages = lib.optionals cfg.systrayicons [ pkgs.gnome.gnome-settings-daemon ]; # support appindicator
+      udev.packages = lib.optionals cfg.systrayicons [pkgs.gnome.gnome-settings-daemon]; # support appindicator
     };
 
     # systyray icons
     # extra pkgs and extensions
     environment = {
-      systemPackages =
+      systemPackages = with pkgs;
-        with pkgs;
         [
           wl-clipboard # ls ~/Downloads | wl-copy or wl-paste > clipboard.txt
           playerctl # gsconnect play/pause command
@@ -70,7 +72,7 @@ in
           gnomeExtensions.caffeine
           gnomeExtensions.dash-to-dock
         ]
-        ++ optionals cfg.systrayicons [ pkgs.gnomeExtensions.appindicator ];
+        ++ optionals cfg.systrayicons [pkgs.gnomeExtensions.appindicator];
     };
 
     # enable gsconnect

.archive/modules/nixos/de/kde.nix

@@ -3,15 +3,15 @@
   config,
   pkgs,
   ...
-}:
+}: let
-let
   cfg = config.mySystem.de.kde;
-  flameshotOverride = pkgs.unstable.flameshot.override { enableWlrSupport = true; };
+  flameshotOverride = pkgs.unstable.flameshot.override {enableWlrSupport = true;};
-in
+in {
-{
   options = {
     mySystem.de.kde = {
-      enable = lib.mkEnableOption "KDE" // {
+      enable =
+        lib.mkEnableOption "KDE"
+        // {
           default = false;
         };
     };

.archive/modules/nixos/services/cockpit/default.nix

@@ -4,11 +4,9 @@
   pkgs,
   ...
 }:
-with lib;
+with lib; let
-let
   cfg = config.mySystem.services.cockpit;
-in
+in {
-{
   options.mySystem.services.cockpit.enable = mkEnableOption "Cockpit";
 
   config.services.cockpit = mkIf cfg.enable {

.archive/modules/nixos/services/vault/default.nix

@@ -3,11 +3,9 @@
   lib,
   pkgs,
   ...
-}:
+}: let
-let
   cfg = config.mySystem.services.vault;
-in
+in {
-{
   options.mySystem.services.vault = {
     enable = lib.mkEnableOption "vault";
     address = lib.mkOption {

.archive/profiles/disko-telchar.nix

@@ -23,7 +23,7 @@
               size = "100%";
               content = {
                 type = "btrfs";
-                extraArgs = [ "-f" ]; # Override existing partition
+                extraArgs = ["-f"]; # Override existing partition
                 # Subvolumes must set a mountpoint in order to be mounted,
                 # unless their parent is mounted
                 subvolumes = {
@@ -33,11 +33,11 @@
                   };
                   # Subvolume name is the same as the mountpoint
                   "/home" = {
-                    mountOptions = [ "compress=zstd" ];
+                    mountOptions = ["compress=zstd"];
                     mountpoint = "/home";
                   };
                   # Sub(sub)volume doesn't need a mountpoint as its parent is mounted
-                  "/home/user" = { };
+                  "/home/user" = {};
                   # Parent is not mounted so the mountpoint must be set
                   "/nix" = {
                     mountOptions = [

.archive/profiles/hw-legion-15arh05h.nix

@@ -1,5 +1,8 @@
-{ lib, pkgs, ... }:
 {
+  lib,
+  pkgs,
+  ...
+}: {
   # Support windows partition
   mySystem = {
     security.wheelNeedsSudoPassword = false;
@@ -22,7 +25,7 @@
         device = "nodev";
         mirroredBoots = [
           {
-            devices = [ "nodev" ];
+            devices = ["nodev"];
             path = "/boot";
           }
         ];

.archive/profiles/hw-thinkpad-t470.nix

@@ -1,5 +1,8 @@
-{ config, lib, ... }:
 {
+  config,
+  lib,
+  ...
+}: {
   boot = {
     # Use the systemd-boot EFI boot loader.
     loader = {

.archive/profiles/role-gaming.nix

@@ -1,12 +1,15 @@
-{ lib, pkgs, ... }:
 {
+  lib,
+  pkgs,
+  ...
+}: {
   # Enable module for NVIDIA graphics
   mySystem = {
     hardware.nvidia.enable = true;
   };
 
   # set xserver videodrivers for NVIDIA gpu
-  services.xserver.videoDrivers = [ "nvidia" ];
+  services.xserver.videoDrivers = ["nvidia"];
   # Install steam systemwide
   programs.steam = {
     enable = true;
@@ -35,5 +38,4 @@
     pulse.enable = true;
     jack.enable = true;
   };
-
 }

nixos/home/jahanson/server.nix

@@ -1,5 +1,4 @@
-{ ... }:
+{...}: {
-{
   imports = [
     ./global.nix
   ];

nixos/home/modules/programs/browsers/default.nix

@@ -1,5 +1,4 @@
-{ ... }:
+{...}: {
-{
   imports = [
     ./firefox
   ];

nixos/home/modules/programs/thunderbird/default.nix

@@ -3,8 +3,7 @@
   pkgs,
   lib,
   ...
-}:
+}: let
-let
   cfg = config.myHome.programs.thunderbird;
 
   policies = {
@@ -25,15 +24,14 @@ let
       };
     };
   };
-in
+in {
-{
   options.myHome.programs.thunderbird.enable = lib.mkEnableOption "Thunderbird";
 
   config = lib.mkIf cfg.enable {
     programs.thunderbird = {
       enable = true;
       package = pkgs.thunderbird-128.override (old: {
-        extraPolicies = (old.extrapPolicies or { }) // policies;
+        extraPolicies = (old.extrapPolicies or {}) // policies;
       });
 
       profiles.default.isDefault = true;

nixos/home/modules/security/default.nix

@@ -1,5 +1,4 @@
-{ ... }:
+{...}: {
-{
   imports = [
     ./ssh
   ];

nixos/home/modules/security/ssh/default.nix

@@ -1,14 +1,16 @@
-{ config, lib, ... }:
-with lib;
-let
-  cfg = config.myHome.security.ssh;
-in
 {
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.myHome.security.ssh;
+in {
   options.myHome.security.ssh = {
     enable = mkEnableOption "ssh";
     matchBlocks = mkOption {
       type = types.attrs;
-      default = { };
+      default = {};
     };
   };
 

nixos/home/modules/shell/atuind/default.nix

@@ -4,11 +4,9 @@
   lib,
   ...
 }:
-with lib;
+with lib; let
-let
   cfg = config.myHome.shell.atuind;
-in
+in {
-{
   options.myHome.shell.atuind = {
     enable = mkEnableOption "atuind";
   };
@@ -17,10 +15,10 @@ in
     (mkIf cfg.enable {
       systemd.user.services.atuind = {
         Install = {
-          WantedBy = [ "default.target" ];
+          WantedBy = ["default.target"];
         };
         Unit = {
-          After = [ "network.target" ];
+          After = ["network.target"];
         };
         Service = {
           Environment = "ATUIN_LOG=info";

nixos/home/modules/shell/default.nix

@@ -1,5 +1,4 @@
-{ ... }:
+{...}: {
-{
   imports = [
     ./atuind
     ./fish

nixos/home/modules/shell/starship/default.nix

@@ -3,11 +3,9 @@
   config,
   ...
 }:
-with lib;
+with lib; let
-let
   cfg = config.myHome.shell.starship;
-in
+in {
-{
   options.myHome.shell.starship = {
     enable = mkEnableOption "starship";
   };

nixos/home/modules/shell/wezterm/default.nix

@@ -4,11 +4,9 @@
   lib,
   ...
 }:
-with lib;
+with lib; let
-let
   cfg = config.myHome.shell.wezterm;
-in
+in {
-{
   options.myHome.shell.wezterm = {
     enable = mkEnableOption "wezterm";
     configPath = mkOption {

nixos/hosts/shadowfax/config/incus-preseed.nix

@@ -1,5 +1,4 @@
-{ ... }:
+{...}: {
-{
   config = {
     "core.https_address" = "10.1.1.61:8443"; # Need quotes around key
   };
@@ -27,7 +26,7 @@
   ];
   profiles = [
     {
-      config = { };
+      config = {};
       description = "";
       devices = {
         eth0 = {
@@ -44,6 +43,6 @@
       name = "default";
     }
   ];
-  projects = [ ];
+  projects = [];
   cluster = null;
 }

nixos/hosts/shadowfax/config/sanoid.nix

@@ -1,5 +1,4 @@
-{ ... }:
+{...}: {
-{
   outputs = {
     # ZFS automated snapshots
     templates = {
@@ -14,27 +13,27 @@
 
     datasets = {
       "nahar/qbittorrent" = {
-        useTemplate = [ "production" ];
+        useTemplate = ["production"];
         recursive = true;
       };
       "nahar/sabnzbd" = {
-        useTemplate = [ "production" ];
+        useTemplate = ["production"];
         recursive = true;
       };
       "nahar/containers/volumes/jellyfin" = {
-        useTemplate = [ "production" ];
+        useTemplate = ["production"];
         recursive = true;
       };
       "nahar/containers/volumes/plex" = {
-        useTemplate = [ "production" ];
+        useTemplate = ["production"];
         recursive = true;
       };
       "nahar/containers/volumes/scrutiny" = {
-        useTemplate = [ "production" ];
+        useTemplate = ["production"];
         recursive = true;
       };
       "nahar/containers/volumes/scrypted" = {
-        useTemplate = [ "production" ];
+        useTemplate = ["production"];
         recursive = true;
       };
     };

nixos/hosts/telperion/config/bind.nix

@@ -1,5 +1,4 @@
-{ config, ... }:
+{config, ...}: ''
-''
   include "${config.sops.secrets."bind/rndc-keys/externaldns".path}";
 
   acl trusted {

nixos/hosts/telperion/config/haproxy.nix

@@ -1,5 +1,4 @@
-{ ... }:
+{...}: ''
-''
   global
     log /dev/log local0
     log /dev/log local1 notice

nixos/hosts/telperion/default.nix

@@ -7,9 +7,7 @@
   modulesPath,
   pkgs,
   ...
-}:
+}: {
-
-{
   imports = [
     (modulesPath + "/installer/scan/not-detected.nix")
   ];
@@ -25,9 +23,9 @@
       "usb_storage"
       "sd_mod"
     ];
-    initrd.kernelModules = [ ];
+    initrd.kernelModules = [];
-    kernelModules = [ "kvm-intel" ];
+    kernelModules = ["kvm-intel"];
-    extraModulePackages = [ ];
+    extraModulePackages = [];
   };
   fileSystems = {
     "/" = {
@@ -51,7 +49,7 @@
     };
   };
 
-  swapDevices = [ ];
+  swapDevices = [];
 
   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
   # Until I can figure out why the tftp port is not opening, disable the firewall.
@@ -118,12 +116,12 @@
 
       bind = {
         enable = true;
-        extraConfig = import ./config/bind.nix { inherit config; };
+        extraConfig = import ./config/bind.nix {inherit config;};
       };
 
       haproxy = {
         enable = true;
-        config = import ./config/haproxy.nix { inherit config; };
+        config = import ./config/haproxy.nix {inherit config;};
         tcpPorts = [
           6443
           6444

nixos/hosts/varda/resources/prune-backup.nix

@@ -1,13 +1,10 @@
-{ pkgs, ... }:
+{pkgs, ...}: let
-
-let
   cleanupScript = pkgs.writeShellScriptBin "cleanup-backups.sh" (
     builtins.readFile ./prune-backups.sh
   );
-in
+in {
-{
   systemd.timers.cleanup-backups = {
-    wantedBy = [ "timers.target" ];
+    wantedBy = ["timers.target"];
     timerConfig = {
       OnCalendar = "daily";
       Persistent = true;

nixos/modules/nixos/containers/scrutiny/default.nix

@@ -1,12 +1,14 @@
-{ lib, config, ... }:
+{
-with lib;
+  lib,
-let
+  config,
+  ...
+}:
+with lib; let
   app = "scrutiny";
   # renovate: depName=AnalogJ/scrutiny datasource=github-releases
   version = "v0.8.1";
   cfg = config.mySystem.services.${app};
-in
+in {
-{
   options.mySystem.services.${app} = {
     enable = mkEnableOption "${app}";
 
@@ -33,7 +35,7 @@ in
     # --device /dev/disk/by-id/nvme-XXXXXXXXXXXXXXXXXXXXXXXXXXXX
     devices = mkOption {
       type = types.listOf types.str;
-      default = [ ];
+      default = [];
       description = ''
         Devices to monitor on Scrutiny.
       '';

nixos/modules/nixos/de/kde.nix

@@ -3,15 +3,15 @@
   config,
   pkgs,
   ...
-}:
+}: let
-let
   cfg = config.mySystem.de.kde;
-  flameshotOverride = pkgs.unstable.flameshot.override { enableWlrSupport = true; };
+  flameshotOverride = pkgs.unstable.flameshot.override {enableWlrSupport = true;};
-in
+in {
-{
   options = {
     mySystem.de.kde = {
-      enable = lib.mkEnableOption "KDE" // {
+      enable =
+        lib.mkEnableOption "KDE"
+        // {
           default = false;
         };
     };

nixos/modules/nixos/editor/vim.nix

@@ -1,12 +1,13 @@
 # /home/jahanson/projects/mochi/nixos/modules/nixos/editor/vim.nix
-
-{ config, lib, ... }:
-with lib;
-let
-  cfg = config.mySystem.editor.vim;
-  users = [ "jahanson" ];
-in
 {
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.editor.vim;
+  users = ["jahanson"];
+in {
   options.mySystem.editor.vim.enable = mkEnableOption "vim";
   config = mkIf cfg.enable {
     # Enable vim and set as default editor
@@ -26,8 +27,9 @@ in
         listToAttrs (
           map (u: {
             name = u;
-              value = { };
+            value = {};
-            }) users
+          })
+          users
         )
       );
   };

nixos/modules/nixos/games/steam/steam.nix

@@ -3,11 +3,9 @@
   lib,
   pkgs,
   ...
-}:
+}: let
-let
   cfg = config.mySystem.games.steam;
-in
+in {
-{
   options.mySystem.games.steam = {
     enable = lib.mkEnableOption "Steam";
   };
@@ -24,6 +22,5 @@ in
     environment.systemPackages = with pkgs; [
       protonup-qt
     ];
-
   };
 }

nixos/modules/nixos/hardware/nvidia/default.nix

@@ -4,15 +4,12 @@
   pkgs,
   ...
 }:
-with lib;
+with lib; let
-let
   cfg = config.mySystem.hardware.nvidia;
-in
+in {
-{
   options.mySystem.hardware.nvidia.enable = mkEnableOption "NVIDIA config";
 
   config = mkIf cfg.enable {
-
     environment.sessionVariables.NIXOS_OZONE_WL = "1";
     # ref: https://nixos.wiki/wiki/Nvidia
     # Enable OpenGL
@@ -30,7 +27,6 @@ in
       # This is for the benefit of VSCODE running natively in wayland
 
       nvidia = {
-
         # Modesetting is required.
         modesetting.enable = true;
 

nixos/modules/nixos/programs/shell/fish.nix

@@ -1,9 +1,11 @@
-{ lib, config, ... }:
-with lib;
-let
-  cfg = config.mySystem.shell.fish;
-in
 {
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.shell.fish;
+in {
   options.mySystem.shell.fish = {
     enable = mkEnableOption "Fish";
     enablePlugins = mkOption {
@@ -22,5 +24,4 @@ in
       functions.enable = true;
     };
   };
-
 }

nixos/modules/nixos/security/1password/default.nix

@@ -1,10 +1,12 @@
-{ config, lib, ... }:
+{
-with lib;
+  config,
-let
+  lib,
+  ...
+}:
+with lib; let
   cfg = config.mySystem.security._1password;
   user = "jahanson";
-in
+in {
-{
   options.mySystem.security._1password = {
     enable = mkEnableOption "_1password";
   };
@@ -14,7 +16,7 @@ in
       _1password.enable = true;
       _1password-gui = {
         enable = true;
-        polkitPolicyOwners = [ "${user}" ];
+        polkitPolicyOwners = ["${user}"];
       };
     };
 

nixos/modules/nixos/security/acme/default.nix

@@ -1,15 +1,17 @@
-{ lib, config, ... }:
-with lib;
-let
-  cfg = config.mySystem.security.acme;
-in
 {
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.security.acme;
+in {
   options.mySystem.security.acme.enable = mkEnableOption "acme";
 
   config = mkIf cfg.enable {
     sops.secrets = {
       "security/acme/env".sopsFile = ./secrets.sops.yaml;
-      "security/acme/env".restartUnits = [ "lego.service" ];
+      "security/acme/env".restartUnits = ["lego.service"];
     };
 
     security.acme = {

nixos/modules/nixos/security/default.nix

@@ -1,5 +1,4 @@
-{ ... }:
+{...}: {
-{
   imports = [
     ./1password
     ./acme

nixos/modules/nixos/services/bind/default.nix

@@ -4,14 +4,12 @@
   pkgs,
   ...
 }:
-with lib;
+with lib; let
-let
   cfg = config.mySystem.services.bind;
-in
+in {
-{
   options.mySystem.services.bind = {
     enable = mkEnableOption "bind";
-    package = mkPackageOption pkgs "bind" { };
+    package = mkPackageOption pkgs "bind" {};
     extraConfig = mkOption {
       type = types.str;
     };
@@ -19,8 +17,8 @@ in
 
   config = mkIf cfg.enable {
     networking.firewall = {
-      allowedTCPPorts = [ 53 ];
+      allowedTCPPorts = [53];
-      allowedUDPPorts = [ 53 ];
+      allowedUDPPorts = [53];
     };
 
     # Forces the machine to use the resolver provided by the network

nixos/modules/nixos/services/dnsmasq/default.nix

@@ -4,14 +4,12 @@
   pkgs,
   ...
 }:
-with lib;
+with lib; let
-let
   cfg = config.mySystem.services.dnsmasq;
-in
+in {
-{
   options.mySystem.services.dnsmasq = {
     enable = mkEnableOption "dnsmasq";
-    package = mkPackageOption pkgs "dnsmasq" { };
+    package = mkPackageOption pkgs "dnsmasq" {};
     bootAsset = mkOption {
       type = types.str;
       example = "http://10.1.1.57:8086/boot.ipxe";
@@ -48,7 +46,7 @@ in
       settings = {
         # Disables only the DNS port.
         port = 0;
-        dhcp-range = [ "10.1.1.1,proxy,255.255.255.0" ];
+        dhcp-range = ["10.1.1.1,proxy,255.255.255.0"];
         # serves TFTP from dnsmasq
         enable-tftp = true;
         tftp-root = cfg.tftpRoot;

nixos/modules/nixos/services/libvirt-qemu/default.nix

@@ -5,12 +5,10 @@
   inputs,
   ...
 }:
-with lib;
+with lib; let
-let
   cfg = config.mySystem.services.libvirt-qemu;
-in
+in {
-{
+  imports = [inputs.nixvirt-git.nixosModules.default];
-  imports = [ inputs.nixvirt-git.nixosModules.default ];
   options.mySystem.services.libvirt-qemu = {
     enable = mkEnableOption "libvirt-qemu";
   };
@@ -30,7 +28,7 @@ in
       qemu = {
         package = pkgs.qemu_kvm;
         ovmf.enable = true;
-        ovmf.packages = [ pkgs.OVMFFull.fd ];
+        ovmf.packages = [pkgs.OVMFFull.fd];
       };
     };
   };

nixos/modules/nixos/services/matchbox/default.nix

@@ -4,14 +4,12 @@
   pkgs,
   ...
 }:
-with lib;
+with lib; let
-let
   cfg = config.mySystem.services.matchbox;
-in
+in {
-{
   options.mySystem.services.matchbox = {
     enable = mkEnableOption "matchbox";
-    package = mkPackageOption pkgs "matchbox-server" { };
+    package = mkPackageOption pkgs "matchbox-server" {};
     dataPath = mkOption {
       type = types.str;
       example = "/var/lib/matchbox";
@@ -38,10 +36,10 @@ in
 
     networking.firewall = {
       # HTTP communication
-      allowedTCPPorts = [ 8086 ];
+      allowedTCPPorts = [8086];
     };
 
-    users.groups.matchbox = { };
+    users.groups.matchbox = {};
     users.users = {
       matchbox = {
         home = cfg.dataPath;
@@ -51,8 +49,8 @@ in
     };
 
     systemd.services.matchbox = {
-      wantedBy = [ "multi-user.target" ];
+      wantedBy = ["multi-user.target"];
-      after = [ "network.target" ];
+      after = ["network.target"];
       serviceConfig = {
         ExecStart = "${pkgs.matchbox-server}/bin/matchbox -address=0.0.0.0:8086 -data-path=${cfg.dataPath} -assets-path=${cfg.assetPath} -log-level=debug";
         Restart = "on-failure";

nixos/modules/nixos/services/nginx/default.nix

@@ -1,13 +1,14 @@
-{ lib, config, ... }:
-with lib;
-let
-  cfg = config.mySystem.services.nginx;
-in
 {
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.services.nginx;
+in {
   options.mySystem.services.nginx.enable = mkEnableOption "nginx";
 
   config = mkIf cfg.enable {
-
     services.nginx = {
       enable = true;
 
@@ -63,6 +64,6 @@ in
     };
 
     # required for using acme certs
-    users.users.nginx.extraGroups = [ "acme" ];
+    users.users.nginx.extraGroups = ["acme"];
   };
 }

nixos/modules/nixos/services/nix-index-daily/default.nix

@@ -3,11 +3,9 @@
   lib,
   pkgs,
   ...
-}:
+}: let
-let
   cfg = config.mySystem.services.nix-index-daily;
-in
+in {
-{
   options.mySystem.services.nix-index-daily = {
     enable = lib.mkEnableOption "Automatic daily nix-index database updates";
 
@@ -29,8 +27,8 @@ in
     systemd.user = {
       # Timer for nix-index update
       timers.nix-index-update = {
-        wantedBy = [ "timers.target" ];
+        wantedBy = ["timers.target"];
-        partOf = [ "nix-index-update.service" ];
+        partOf = ["nix-index-update.service"];
         timerConfig = {
           OnCalendar = cfg.startTime;
           Persistent = true;

nixos/modules/nixos/services/onepassword-connect/default.nix

@@ -1,9 +1,11 @@
-{ lib, config, ... }:
-with lib;
-let
-  cfg = config.mySystem.services.onepassword-connect;
-in
 {
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.services.onepassword-connect;
+in {
   options.mySystem.services.onepassword-connect = {
     enable = mkEnableOption "onepassword-connect";
     apiVersion = lib.mkOption {
@@ -27,7 +29,7 @@ in
 
   config = mkIf cfg.enable {
     # Create data dir
-    system.activationScripts.makeOnePasswordConnectDataDir = lib.stringAfter [ "var" ] ''
+    system.activationScripts.makeOnePasswordConnectDataDir = lib.stringAfter ["var"] ''
       mkdir -p "${cfg.dataDir}"
       chown -R 999:999 ${cfg.dataDir}
     '';
@@ -37,7 +39,7 @@ in
       onepassword-connect-api = {
         image = "docker.io/1password/connect-api:${cfg.apiVersion}";
         autoStart = true;
-        ports = [ "8080:8080" ];
+        ports = ["8080:8080"];
         volumes = [
           "${cfg.credentialsFile}:/home/opuser/.op/1password-credentials.json"
           "${cfg.dataDir}:/home/opuser/.op/data"
@@ -47,7 +49,7 @@ in
       onepassword-connect-sync = {
         image = "docker.io/1password/connect-sync:${cfg.syncVersion}";
         autoStart = true;
-        ports = [ "8081:8080" ];
+        ports = ["8081:8080"];
         volumes = [
           "${cfg.credentialsFile}:/home/opuser/.op/1password-credentials.json"
           "${cfg.dataDir}:/home/opuser/.op/data"

nixos/modules/nixos/services/podman/default.nix

@@ -4,11 +4,9 @@
   pkgs,
   ...
 }:
-with lib;
+with lib; let
-let
   cfg = config.mySystem.services.podman;
-in
+in {
-{
   options.mySystem.services.podman.enable = mkEnableOption "Podman";
 
   config = mkIf cfg.enable {
@@ -16,7 +14,7 @@ in
       enable = true;
 
       dockerCompat = true;
-      extraPackages = [ pkgs.zfs ];
+      extraPackages = [pkgs.zfs];
 
       # regular cleanup
       autoPrune.enable = true;
@@ -42,16 +40,16 @@ in
       lazypodman = "sudo DOCKER_HOST=unix:///run/podman/podman.sock lazydocker";
     };
 
-    networking.firewall.interfaces.podman0.allowedUDPPorts = [ 53 ];
+    networking.firewall.interfaces.podman0.allowedUDPPorts = [53];
 
     # extra user for containers
-    users.groups.kah = { };
+    users.groups.kah = {};
     users.users = {
       kah = {
         uid = 568;
         group = "kah";
       };
-      jahanson.extraGroups = [ "kah" ];
+      jahanson.extraGroups = ["kah"];
     };
   };
 }

nixos/modules/nixos/services/qbittorrent/default.nix

@@ -4,11 +4,9 @@
   pkgs,
   ...
 }:
-with lib;
+with lib; let
-let
   cfg = config.mySystem.services.qbittorrent;
-in
+in {
-{
   options.mySystem.services.qbittorrent = {
     enable = mkEnableOption "qBittorrent";
 
@@ -68,7 +66,7 @@ in
   };
 
   config = mkIf cfg.enable {
-    users.groups.${cfg.group} = { };
+    users.groups.${cfg.group} = {};
     users.users = mkIf (cfg.user == "qbittorrent") {
       qbittorrent = {
         inherit (cfg) group;
@@ -108,8 +106,8 @@ in
           Group = cfg.group;
         }
         (lib.mkIf cfg.hardening {
-          CapabilityBoundingSet = [ "" ];
+          CapabilityBoundingSet = [""];
-          DeviceAllow = [ "" ];
+          DeviceAllow = [""];
           DevicePolicy = "closed";
           LockPersonality = true;
           MemoryDenyWriteExecute = true;
@@ -154,7 +152,7 @@ in
         cfg.webuiPort
         cfg.qbittorrentPort
       ];
-      allowedUDPPorts = [ cfg.qbittorrentPort ];
+      allowedUDPPorts = [cfg.qbittorrentPort];
     };
   };
 }

nixos/modules/nixos/services/reboot-required-check.nix

@@ -1,15 +1,17 @@
-{ lib, config, ... }:
-with lib;
-let
-  cfg = config.mySystem.services.rebootRequiredCheck;
-in
 {
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.services.rebootRequiredCheck;
+in {
   options.mySystem.services.rebootRequiredCheck.enable = mkEnableOption "Reboot required check";
 
   config = mkIf cfg.enable {
     # Enable timer
     systemd.timers."reboot-required-check" = {
-      wantedBy = [ "timers.target" ];
+      wantedBy = ["timers.target"];
       timerConfig = {
         # start at boot
         OnBootSec = "0m";

nixos/modules/nixos/services/sanoid/default.nix

@@ -4,14 +4,12 @@
   pkgs,
   ...
 }:
-with lib;
+with lib; let
-let
   cfg = config.mySystem.services.sanoid;
-in
+in {
-{
   options.mySystem.services.sanoid = {
     enable = mkEnableOption "sanoid";
-    package = mkPackageOption pkgs "sanoid" { };
+    package = mkPackageOption pkgs "sanoid" {};
     datasets = mkOption {
       type = lib.types.attrsOf (lib.types.attrsOf lib.types.unspecified);
     };

nixos/modules/nixos/services/syncthing/config/default.nix

@@ -1,5 +1,4 @@
-{ sops, ... }:
+{sops, ...}: {
-{
   gui = {
     user = sops.secrets.username;
     password = sops.secrets.password;
@@ -9,22 +8,22 @@
     gandalf = {
       name = "gandalf";
       id = "2VYHSOB-4QE3UIJ-EFKAD4D-J7YTLYG-4KF36C2-3SOLD4G-MFR6NK3-C2VSAQV";
-      addresses = [ "tcp://10.1.1.13:22000" ];
+      addresses = ["tcp://10.1.1.13:22000"];
     };
     legiondary = {
       name = "legiondary";
       id = "O4WI2YC-BZBPF2W-2ALNQ2D-UOP3BK5-ZDSEHVH-DIHS2FG-BSVJCXG-GF47XAE";
-      addresses = [ "dynamic" ];
+      addresses = ["dynamic"];
     };
     shadowfax = {
       name = "shadowfax";
       id = "U3DS7CW-GBZT44M-IFP3MOB-AV6SHVY-YFVEL5P-HE3ACC5-NDDGAOB-HOTKJAC";
-      addresses = [ "tcp://10.1.1.61:22000" ];
+      addresses = ["tcp://10.1.1.61:22000"];
     };
     telchar = {
       name = "telchar";
       id = "ENO4NVK-DUKOLUT-ASJZOEI-IFBVBTA-GDNWKWS-DQF3TZW-JJ72VVB-VWTHNAH";
-      addresses = [ "dynamic" ];
+      addresses = ["dynamic"];
     };
   };
 

nixos/modules/nixos/services/syncthing/default.nix

@@ -2,11 +2,9 @@
   config,
   lib,
   ...
-}:
+}: let
-let
   cfg = config.mySystem.services.syncthing;
-in
+in {
-{
   options.mySystem.services.syncthing = {
     enable = lib.mkEnableOption "Syncthing";
     publicCertPath = lib.mkOption {
@@ -30,13 +28,13 @@ in
         sopsFile = ./secrets.sops.yaml;
         owner = "jahanson";
         mode = "400";
-        restartUnits = [ "syncthing.service" ];
+        restartUnits = ["syncthing.service"];
       };
       "password" = {
         sopsFile = ./secrets.sops.yaml;
         owner = "jahanson";
         mode = "400";
-        restartUnits = [ "syncthing.service" ];
+        restartUnits = ["syncthing.service"];
       };
     };
 
@@ -48,7 +46,7 @@ in
         openDefaultPorts = true;
         key = "${cfg.privateKeyPath}";
         cert = "${cfg.publicCertPath}";
-        settings = import ./config { inherit (config) sops; };
+        settings = import ./config {inherit (config) sops;};
       };
     };
     # Don't create default ~/Sync folder

nixos/modules/nixos/services/unpackerr/default.nix

@@ -4,17 +4,13 @@
   pkgs,
   ...
 }:
-
+with lib; let
-with lib;
-
-let
   cfg = config.mySystem.services.unpackerr;
-in
+in {
-{
   options.mySystem.services.unpackerr = {
     enable = mkEnableOption "Unpackerr";
 
-    package = mkPackageOption pkgs "unpackerr" { };
+    package = mkPackageOption pkgs "unpackerr" {};
 
     user = mkOption {
       type = types.str;
@@ -43,7 +39,7 @@ in
   };
 
   config = mkIf cfg.enable {
-    users.groups.${cfg.group} = { };
+    users.groups.${cfg.group} = {};
     users.users = mkIf (cfg.user == "unpackerr") {
       unpackerr = {
         inherit (cfg) group;
@@ -53,8 +49,8 @@ in
 
     systemd.services.unpackerr = {
       description = "Unpackerr service";
-      after = [ "network.target" ];
+      after = ["network.target"];
-      wantedBy = [ "multi-user.target" ];
+      wantedBy = ["multi-user.target"];
       serviceConfig = {
         User = cfg.user;
         Group = cfg.group;
@@ -66,9 +62,11 @@ in
           ]
         );
 
-        EnvironmentFile = lib.optional (
+        EnvironmentFile =
+          lib.optional (
             cfg.extraEnvVarsFile != null && cfg.extraEnvVarsFile != ""
-        ) cfg.extraEnvVarsFile;
+          )
+          cfg.extraEnvVarsFile;
       };
     };
   };

nixos/modules/nixos/system/borg/borgbackup/default.nix

@@ -1,17 +1,19 @@
-{ lib, config, ... }:
-let
-  cfg = config.mySystem.system.borgbackup;
-in
 {
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.mySystem.system.borgbackup;
+in {
   options.mySystem.system.borgbackup = {
     enable = lib.mkEnableOption "borgbackup";
     paths = lib.mkOption {
       type = lib.types.listOf lib.types.str;
-      default = [ ];
+      default = [];
     };
     exclude = lib.mkOption {
       type = lib.types.listOf lib.types.str;
-      default = [ ];
+      default = [];
     };
     repo = lib.mkOption {
       example = "borgbackup@myserver:repo";

nixos/modules/nixos/system/borg/default.nix

@@ -1,5 +1,4 @@
-{ ... }:
+{...}: {
-{
   imports = [
     ./borgbackup
     ./pikabackup

nixos/modules/nixos/system/borg/pikabackup/default.nix

@@ -3,12 +3,10 @@
   config,
   pkgs,
   ...
-}:
+}: let
-let
   cfg = config.mySystem.system.borg.pika-backup;
   user = "jahanson";
-in
+in {
-{
   options.mySystem.system.borg.pika-backup = {
     enable = lib.mkEnableOption "pika-backup";
   };

nixos/modules/nixos/system/incus/default.nix

@@ -3,12 +3,10 @@
   pkgs,
   lib,
   ...
-}:
+}: let
-let
   cfg = config.mySystem.system.incus;
   user = "jahanson";
-in
+in {
-{
   # sops.secrets.secret-domain-0 = {
   #   sopsFile = ./secret.sops.yaml;
   # };
@@ -27,14 +25,13 @@ in
   };
 
   config = lib.mkIf cfg.enable {
-
     virtualisation.incus = {
       inherit (cfg) preseed;
       enable = true;
       ui.enable = true;
     };
 
-    users.users.${user}.extraGroups = [ "incus-admin" ];
+    users.users.${user}.extraGroups = ["incus-admin"];
 
     # systemd.services.incus-preseed.postStart = "${oidcSetup}";
 

nixos/modules/nixos/system/motd/default.nix

@@ -3,8 +3,7 @@
   lib,
   pkgs,
   ...
-}:
+}: let
-let
   motd = pkgs.writeShellScriptBin "motd" ''
     #! /usr/bin/env bash
     source /etc/os-release
@@ -41,8 +40,7 @@ let
     printf "\n"
     ${lib.strings.concatStrings (
       lib.lists.forEach cfg.networkInterfaces (
-        x:
+        x: "printf \"$BOLD  * %-20s$ENDCOLOR %s\\n\" \"IPv4 ${x}\" \"$(ip -4 addr show ${x} | grep -oP '(?<=inet\\s)\\d+(\\.\\d+){3}')\"\n"
-        "printf \"$BOLD  * %-20s$ENDCOLOR %s\\n\" \"IPv4 ${x}\" \"$(ip -4 addr show ${x} | grep -oP '(?<=inet\\s)\\d+(\\.\\d+){3}')\"\n"
       )
     )}
     printf "$BOLD  * %-20s$ENDCOLOR %s\n" "Release" "$PRETTY_NAME"
@@ -82,17 +80,15 @@ let
     fi
   '';
   cfg = config.mySystem.system.motd;
-in
+in {
-{
   options.mySystem.system.motd = {
     enable = lib.mkEnableOption "MOTD";
     networkInterfaces = lib.mkOption {
       description = "Network interfaces to monitor";
       type = lib.types.listOf lib.types.str;
       # default = lib.mapAttrsToList (_: val: val.interface)
-      default = [ ];
+      default = [];
     };
-
   };
   config = lib.mkIf cfg.enable {
     environment.systemPackages = [

nixos/modules/nixos/system/nfs/default.nix

@@ -1,8 +1,10 @@
-{ lib, config, ... }:
-let
-  cfg = config.mySystem.system.nfs;
-in
 {
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.mySystem.system.nfs;
+in {
   options.mySystem.system.nfs = {
     enable = lib.mkEnableOption "nfs";
     exports = lib.mkOption {

nixos/modules/nixos/system/nix.nix

@@ -1,9 +1,11 @@
-{ lib, config, ... }:
-with lib;
-let
-  cfg = config.mySystem.nix;
-in
 {
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.nix;
+in {
   options.mySystem.nix = {
     autoOptimiseStore = mkOption {
       type = lib.types.bool;
@@ -11,7 +13,9 @@ in
       default = true;
     };
     gc = {
-      enable = mkEnableOption "automatic garbage collection" // {
+      enable =
+        mkEnableOption "automatic garbage collection"
+        // {
           default = true;
         };
       persistent = mkOption {

nixos/modules/nixos/system/openssh.nix

@@ -1,11 +1,15 @@
-{ lib, config, ... }:
-with lib;
-let
-  cfg = config.mySystem.services.openssh;
-in
 {
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.services.openssh;
+in {
   options.mySystem.services.openssh = {
-    enable = mkEnableOption "openssh" // {
+    enable =
+      mkEnableOption "openssh"
+      // {
         default = true;
       };
     passwordAuthentication = mkOption {

nixos/modules/nixos/system/pushover/default.nix

@@ -4,21 +4,18 @@
   pkgs,
   ...
 }:
-with lib;
+with lib; let
-let
   cfg = config.mySystem.system.systemd.pushover-alerts;
-in
+in {
-{
   options.mySystem.system.systemd.pushover-alerts.enable =
     mkEnableOption "Pushover alerts for systemd failures"
     // {
       default = true;
     };
   options.systemd.services = mkOption {
-    type =
+    type = with types;
-      with types;
       attrsOf (submodule {
-        config.onFailure = [ "notify-pushover@%n.service" ];
+        config.onFailure = ["notify-pushover@%n.service"];
       });
   };
 
@@ -32,7 +29,7 @@ in
 
     systemd.services."notify-pushover@" = mkIf cfg.enable {
       enable = true;
-      onFailure = lib.mkForce [ ]; # cant refer to itself on failure
+      onFailure = lib.mkForce []; # cant refer to itself on failure
       description = "Notify on failed unit %i";
       serviceConfig = {
         Type = "oneshot";

nixos/modules/nixos/system/security.nix

@@ -1,9 +1,11 @@
-{ lib, config, ... }:
-with lib;
-let
-  cfg = config.mySystem.security;
-in
 {
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.security;
+in {
   options.mySystem.security = {
     sshAgentAuth.enable = lib.mkEnableOption "openssh";
     wheelNeedsSudoPassword = lib.mkOption {

nixos/modules/nixos/system/systempackages.nix

@@ -1,14 +1,16 @@
-{ lib, config, ... }:
-with lib;
-let
-  cfg = config.mySystem.system;
-in
 {
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.system;
+in {
   options.mySystem.system = {
     packages = mkOption {
       type = with types; listOf package;
       description = "List of system level package installs";
-      default = [ ];
+      default = [];
     };
   };
   # System packages deployed globally.

nixos/modules/nixos/system/time.nix

@@ -1,8 +1,10 @@
-{ lib, config, ... }:
-let
-  cfg = config.mySystem.time;
-in
 {
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.mySystem.time;
+in {
   options.mySystem.time = {
     timeZone = lib.mkOption {
       type = lib.types.str;

nixos/modules/nixos/system/wifi_swap/default.nix

@@ -5,8 +5,7 @@
   pkgs,
   ...
 }:
-with lib;
+with lib; let
-let
   cfg = config.mySystem.framework_wifi_swap;
   wifiSwap = pkgs.writeShellScriptBin "wifi_swap" ''
     #! /usr/bin/env bash
@@ -34,10 +33,11 @@ let
         ;;
     esac
   '';
-in
+in {
-{
   options.mySystem.framework_wifi_swap = {
-    enable = mkEnableOption "framework_wifi_swap" // {
+    enable =
+      mkEnableOption "framework_wifi_swap"
+      // {
         default = false;
       };
   };

nixos/modules/nixos/system/zfs.nix

@@ -3,17 +3,15 @@
   config,
   pkgs,
   ...
-}:
+}: let
-let
   cfg = config.mySystem.system.zfs;
 in
-with lib;
+  with lib; {
-{
     options.mySystem.system.zfs = {
       enable = lib.mkEnableOption "zfs";
       mountPoolsAtBoot = lib.mkOption {
         type = lib.types.listOf lib.types.str;
-      default = [ ];
+        default = [];
       };
     };
     config = lib.mkIf cfg.enable {
@@ -44,4 +42,4 @@ with lib;
         ZED_PUSHOVER_USER = "$(${pkgs.busybox}/bin/cat ${config.sops.secrets.pushover-user-key.path})";
       };
     };
-}
+  }

nixos/overlays/cargo-tauri/default.nix

@@ -1,10 +1,9 @@
-{ ... }:
+{...}: let
-let
   finalVersion = "tauri-v2.0.4";
 in
-final: prev: {
+  final: prev: {
     cargo-tauri = prev.cargo-tauri.overrideAttrs (oldAttrs: {
       version = finalVersion;
       vendorHash = "sha256-aTtvVpL979BUvSBwBqRqCWSWIBBmmty9vBD97Q5P4+E=";
     });
-}
+  }

nixos/overlays/coder/default.nix

@@ -8,9 +8,7 @@
   stdenvNoCC,
   unzip,
   nixosTests,
-}:
+}: let
-
-let
   inherit (stdenvNoCC.hostPlatform) system;
 
   channels = {
@@ -34,14 +32,13 @@ let
     };
   };
 in
-stdenvNoCC.mkDerivation (finalAttrs: {
+  stdenvNoCC.mkDerivation (finalAttrs: {
     pname = "coder";
     version = channels.${channel}.version;
     src = fetchurl {
       hash = (channels.${channel}.hash).${system};
 
-    url =
+      url = let
-      let
         systemName =
           {
             x86_64-linux = "linux_amd64";
@@ -59,8 +56,7 @@ stdenvNoCC.mkDerivation (finalAttrs: {
             aarch64-darwin = "zip";
           }
           .${system};
-      in
+      in "https://github.com/coder/coder/releases/download/v${finalAttrs.version}/coder_${finalAttrs.version}_${systemName}.${ext}";
-      "https://github.com/coder/coder/releases/download/v${finalAttrs.version}/coder_${finalAttrs.version}_${systemName}.${ext}";
     };
 
     nativeBuildInputs = [
@@ -90,7 +86,7 @@ stdenvNoCC.mkDerivation (finalAttrs: {
 
     postInstall = ''
       wrapProgram $out/bin/coder \
-      --prefix PATH : ${lib.makeBinPath [ terraform ]}
+        --prefix PATH : ${lib.makeBinPath [terraform]}
     '';
 
     # integration tests require network access
@@ -114,4 +110,4 @@ stdenvNoCC.mkDerivation (finalAttrs: {
         inherit (nixosTests) coder;
       };
     };
-})
+  })

nixos/overlays/smartmontools/default.nix

@@ -1,9 +1,8 @@
-{ ... }:
+{...}: let
-let
   dbrev = "5613";
   drivedbBranch = "RELEASE_7_4";
 in
-final: prev: {
+  final: prev: {
     smartmontools = prev.smartmontools.overrideAttrs (oldAttrs: {
       inherit dbrev drivedbBranch;
       driverdb = builtins.fetchurl {
@@ -12,4 +11,4 @@ final: prev: {
         name = "smartmontools-drivedb.h";
       };
     });
-}
+  }

nixos/overlays/talosctl/default.nix

@@ -5,7 +5,6 @@
   installShellFiles,
   git,
 }:
-
 buildGoModule rec {
   pname = "talosctl";
   version = "1.9.0";
@@ -24,7 +23,7 @@ buildGoModule rec {
     "-w"
   ];
 
-  subPackages = [ "cmd/talosctl" ];
+  subPackages = ["cmd/talosctl"];
 
   doCheck = false;
 
@@ -58,7 +57,7 @@ buildGoModule rec {
     description = "A CLI for out-of-band management of Kubernetes nodes created by Talos";
     homepage = "https://www.talos.dev/";
     license = licenses.mpl20;
-    maintainers = with maintainers; [ flokli ];
+    maintainers = with maintainers; [flokli];
     mainProgram = "talosctl";
   };
 }

nixos/overlays/termius/default.nix

@@ -12,7 +12,6 @@
   udev,
   wrapGAppsHook3,
 }:
-
 stdenv.mkDerivation rec {
   pname = "termius";
   version = "9.5.0";
@@ -31,7 +30,7 @@ stdenv.mkDerivation rec {
   };
 
   desktopItem = makeDesktopItem {
-    categories = [ "Network" ];
+    categories = ["Network"];
     comment = "The SSH client that works on Desktop and Mobile";
     desktopName = "Termius";
     exec = "termius-app";
@@ -82,7 +81,7 @@ stdenv.mkDerivation rec {
     install -Dm644 meta/gui/icon.png $out/share/icons/hicolor/128x128/apps/termius-app.png
   '';
 
-  runtimeDependencies = [ (lib.getLib udev) ];
+  runtimeDependencies = [(lib.getLib udev)];
 
   postFixup = ''
     makeWrapper $out/opt/termius/termius-app $out/bin/termius-app \
@@ -93,13 +92,13 @@ stdenv.mkDerivation rec {
     description = "A cross-platform SSH client with cloud data sync and more";
     homepage = "https://termius.com/";
     downloadPage = "https://termius.com/linux/";
-    sourceProvenance = with sourceTypes; [ binaryNativeCode ];
+    sourceProvenance = with sourceTypes; [binaryNativeCode];
     license = licenses.unfree;
     maintainers = with maintainers; [
       Br1ght0ne
       th0rgal
     ];
-    platforms = [ "x86_64-linux" ];
+    platforms = ["x86_64-linux"];
     mainProgram = "termius-app";
   };
 }

nixos/overlays/vivaldi/default.nix

@@ -62,13 +62,17 @@
   libpulseaudio,
   kerberosSupport ? true,
   libkrb5,
-}:
+}: let
-
+  branch =
-let
+    if isSnapshot
-  branch = if isSnapshot then "snapshot" else "stable";
+    then "snapshot"
-  vivaldiName = if isSnapshot then "vivaldi-snapshot" else "vivaldi";
+    else "stable";
+  vivaldiName =
+    if isSnapshot
+    then "vivaldi-snapshot"
+    else "vivaldi";
 in
-stdenv.mkDerivation rec {
+  stdenv.mkDerivation rec {
     pname = "vivaldi";
     version = "6.9.3447.37";
 
@@ -77,7 +81,8 @@ stdenv.mkDerivation rec {
         aarch64-linux = "arm64";
         x86_64-linux = "amd64";
       }
-    .${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
+      .${stdenv.hostPlatform.system}
+      or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
 
     src = fetchurl {
       url = "https://downloads.vivaldi.com/${branch}/vivaldi-${branch}_${version}-1_${suffix}.deb";
@@ -86,7 +91,8 @@ stdenv.mkDerivation rec {
           aarch64-linux = "sha256-kYTnWad/jrJt9z+AhjXzHYxVSIwIIO3RKD7szuPEg2s=";
           x86_64-linux = "sha256-+h7SHci8gZ+epKFHD0PiXyME2xT+loD2KXpJGFCfIFg=";
         }
-      .${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
+        .${stdenv.hostPlatform.system}
+        or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
     };
 
     unpackPhase = ''
@@ -230,7 +236,7 @@ stdenv.mkDerivation rec {
       description = "Browser for our Friends, powerful and personal";
       homepage = "https://vivaldi.com";
       license = licenses.unfree;
-    sourceProvenance = with sourceTypes; [ binaryNativeCode ];
+      sourceProvenance = with sourceTypes; [binaryNativeCode];
       mainProgram = "vivaldi";
       maintainers = with maintainers; [
         otwieracz
@@ -241,4 +247,4 @@ stdenv.mkDerivation rec {
         "aarch64-linux"
       ];
     };
-}
+  }

nixos/overlays/vivaldi/ffmpeg-codecs.nix

@@ -4,7 +4,6 @@
   lib,
   stdenv,
 }:
-
 # This derivation roughly follows the update-ffmpeg script that ships with the official Vivaldi
 # downloads at https://vivaldi.com/download/
 stdenv.mkDerivation rec {
@@ -16,7 +15,7 @@ stdenv.mkDerivation rec {
     hash = "sha256-a1peHhku+OaGvPyChvLdh6/7zT+v8OHNwt60QUq7VvU=";
   };
 
-  buildInputs = [ squashfsTools ];
+  buildInputs = [squashfsTools];
 
   unpackPhase = ''
     unsquashfs -dest . $src
@@ -29,13 +28,13 @@ stdenv.mkDerivation rec {
   meta = with lib; {
     description = "Additional support for proprietary codecs for Vivaldi";
     homepage = "https://ffmpeg.org/";
-    sourceProvenance = with sourceTypes; [ binaryNativeCode ];
+    sourceProvenance = with sourceTypes; [binaryNativeCode];
     license = licenses.lgpl21;
     maintainers = with maintainers; [
       betaboon
       cawilliamson
       fptje
     ];
-    platforms = [ "x86_64-linux" ];
+    platforms = ["x86_64-linux"];
   };
 }

nixos/overlays/xpipe/ptb.nix

@@ -25,9 +25,7 @@
   util-linux,
   socat,
   hicolor-icon-theme,
-}:
+}: let
-
-let
   inherit (stdenvNoCC.hostPlatform) system;
   throwSystem = throw "Unsupported system: ${system}";
 
@@ -36,19 +34,20 @@ let
       x86_64-linux = "x86_64";
       aarch64-linux = "arm64";
     }
-    .${system} or throwSystem;
+    .${system}
+    or throwSystem;
 
   hash =
     {
       x86_64-linux = "sha256-O4gl0WulhDyqL9lDwqR1oxNAzVjHn+3q0UB8KP0/sBk=";
       aarch64-linux = "";
     }
-    .${system} or throwSystem;
+    .${system}
+    or throwSystem;
 
   displayname = "XPipe PTB";
-
 in
-stdenvNoCC.mkDerivation rec {
+  stdenvNoCC.mkDerivation rec {
     pname = "xpipe-ptb";
     version = "13.0-10";
 
@@ -87,7 +86,7 @@ stdenvNoCC.mkDerivation rec {
     ];
 
     desktopItem = makeDesktopItem {
-    categories = [ "Network" ];
+      categories = ["Network"];
       comment = "XPipe (Public Test Build) releases";
       desktopName = displayname;
       exec = "/opt/${pname}/cli/bin/xpipe open %U";
@@ -143,17 +142,17 @@ stdenvNoCC.mkDerivation rec {
       description = "XPipe (Public Test Build) releases";
       homepage = "https://github.com/xpipe-io/${pname}";
       downloadPage = "https://github.com/xpipe-io/${pname}/releases/latest";
-    sourceProvenance = with sourceTypes; [ binaryNativeCode ];
+      sourceProvenance = with sourceTypes; [binaryNativeCode];
       changelog = "https://github.com/xpipe-io/${pname}/releases/tag/${version}";
       license = [
         licenses.asl20
         licenses.unfree
       ];
-    maintainers = with maintainers; [ crschnick ];
+      maintainers = with maintainers; [crschnick];
       platforms = [
         "x86_64-linux"
         "aarch64-linux"
       ];
       mainProgram = pname;
     };
-}
+  }

nixos/overlays/zed-editor/default.nix

@@ -1,8 +1,7 @@
-{ ... }:
+{...}: let
-let
   finalVersion = "0.149.3";
 in
-final: prev: {
+  final: prev: {
     zed-editor = prev.zed-editor.overrideAttrs (oldAttrs: {
       version = finalVersion;
       src = prev.fetchFromGithub {
@@ -12,4 +11,4 @@ final: prev: {
         "blade-graphics-0.4.0" = "sha256-sGXhXmgtd7Wx/Gf7HCWro4RsQOGS4pQt8+S3T+2wMfY=";
       };
     });
-}
+  }

nixos/profiles/disko-nixos.nix

@@ -1,8 +1,4 @@
-{
+{disks ? ["/dev/sda"], ...}: {
-  disks ? [ "/dev/sda" ],
-  ...
-}:
-{
   disko.devices = {
     disk = {
       main = {

nixos/profiles/global/nix.nix

@@ -1,5 +1,8 @@
-{ lib, nixpkgs, ... }:
 {
+  lib,
+  nixpkgs,
+  ...
+}: {
   ## Below is to align shell/system to flake's nixpkgs
   ## ref: https://nixos-and-flakes.thiscute.world/best-practices/nix-path-and-flake-registry
 
@@ -10,7 +13,7 @@
     registry.nixpkgs.flake = nixpkgs;
     channel.enable = false; # remove nix-channel related tools & configs, we use flakes instead.
 
-    nixPath = [ "nixpkgs=${nixpkgs}" ];
+    nixPath = ["nixpkgs=${nixpkgs}"];
 
     settings = {
       # but NIX_PATH is still used by many useful tools, so we set it to the same value as the one used by this flake.

nixos/profiles/global/sops.nix

@@ -1,6 +1,5 @@
-{ ... }:
+{...}: {
-{
+  sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
-  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
   # Secret for machine-specific pushover
   sops.secrets = {
     "services/pushover/env" = {

nixos/profiles/global/system.nix

@@ -1,5 +1,8 @@
-{ lib, pkgs, ... }:
 {
+  lib,
+  pkgs,
+  ...
+}: {
   system = {
     # Enable printing changes on nix build etc with nvd
     activationScripts.report-changes = ''

nixos/profiles/hw-generic-x86.nix

@@ -1,8 +1,10 @@
-{ lib, pkgs, ... }:
-with lib;
 {
+  lib,
+  pkgs,
+  ...
+}:
+with lib; {
   boot = {
-
     initrd.availableKernelModules = [
       "nvme"
       "xhci_pci"
@@ -11,20 +13,18 @@ with lib;
       "usb_storage"
       "sd_mod"
     ];
-    kernelModules = [ ];
+    kernelModules = [];
-    extraModulePackages = [ ];
+    extraModulePackages = [];
 
     # for managing/mounting nfs
-    supportedFilesystems = [ "nfs" ];
+    supportedFilesystems = ["nfs"];
 
     loader = {
       systemd-boot.enable = true;
       efi.canTouchEfiVariables = true;
       grub.memtest86.enable = true;
-
     };
   };
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-
 }

nixos/profiles/hw-hetzner-cax.nix

@@ -1,6 +1,5 @@
-{ lib, ... }:
+{lib, ...}: {
-{
+  imports = [];
-  imports = [ ];
 
   boot = {
     loader.systemd-boot.enable = true;
@@ -12,9 +11,9 @@
       "usbhid"
       "sr_mod"
     ];
-    initrd.kernelModules = [ ];
+    initrd.kernelModules = [];
-    kernelModules = [ ];
+    kernelModules = [];
-    extraModulePackages = [ ];
+    extraModulePackages = [];
   };
 
   mySystem = {

nixos/profiles/hw-hp-s01.nix

@@ -1,5 +1,4 @@
-{ lib, ... }:
+{lib, ...}: {
-{
   mySystem = {
     security.wheelNeedsSudoPassword = false;
   };

nixos/profiles/hw-supermicro.nix

@@ -1,8 +1,11 @@
-{ lib, pkgs, ... }:
 {
+  lib,
+  pkgs,
+  ...
+}: {
   boot = {
     # for managing/mounting nfs
-    supportedFilesystems = [ "nfs" ];
+    supportedFilesystems = ["nfs"];
 
     loader = {
       grub = {
@@ -11,7 +14,7 @@
         efiInstallAsRemovable = true;
         mirroredBoots = [
           {
-            devices = [ "nodev" ];
+            devices = ["nodev"];
             path = "/boot";
           }
         ];

nixos/profiles/role-server.nix

@@ -1,7 +1,10 @@
-{ lib, pkgs, ... }:
-# Role for headless servers
-with lib;
 {
+  lib,
+  pkgs,
+  ...
+}:
+# Role for headless servers
+with lib; {
   config = {
     mySystem = {
       services.rebootRequiredCheck.enable = true;
@@ -20,7 +23,7 @@ with lib;
     };
 
     environment = {
-      systemPackages = [ pkgs.unstable.lazygit ];
+      systemPackages = [pkgs.unstable.lazygit];
     };
 
     documentation = {

shell.nix

@@ -1,9 +1,9 @@
 # Need the unstable nixpkgs to get latest dev tools
 let
   nixpkgs = fetchTarball "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz";
-  pkgs = import nixpkgs { allowUnfree = true; };
+  pkgs = import nixpkgs {allowUnfree = true;};
 in
-pkgs.mkShell {
+  pkgs.mkShell {
     # Enable experimental features without having to specify the argument
     NIX_CONFIG = "experimental-features = nix-command flakes";
     shellHook = ''
@@ -21,4 +21,4 @@ pkgs.mkShell {
       sops
       statix
     ];
-}
+  }