reformat --> alejandra

2025-03-06 09:51:33 -06:00 · 2025-03-06 09:51:33 -06:00 · e6e258feeb
commit e6e258feeb
parent f4e15b7e90
89 changed files with 875 additions and 901 deletions
--- a/.archive/flake.nix
+++ b/.archive/flake.nix
@ -11,7 +11,7 @@
    profileModules = [
      ./nixos/profiles/role-workstation.nix
      ./nixos/profiles/role-dev.nix
-      { home-manager.users.jahanson = ./nixos/home/jahanson/workstation.nix; }
+      {home-manager.users.jahanson = ./nixos/home/jahanson/workstation.nix;}
    ];
  };
@ -24,13 +24,13 @@
      inputs.nixos-hardware.nixosModules.lenovo-legion-15arh05h
      ./nixos/profiles/hw-legion-15arh05h.nix
      disko.nixosModules.disko
-      (import ./nixos/profiles/disko-nixos.nix { disks = [ "/dev/nvme0n1" ]; })
+      (import ./nixos/profiles/disko-nixos.nix {disks = ["/dev/nvme0n1"];})
    ];
    profileModules = [
      ./nixos/profiles/role-dev.nix
      ./nixos/profiles/role-gaming.nix
      ./nixos/profiles/role-workstation.nix
-      { home-manager.users.jahanson = ./nixos/home/jahanson/workstation.nix; }
+      {home-manager.users.jahanson = ./nixos/home/jahanson/workstation.nix;}
    ];
  };
 }
--- a/.archive/home/modules/programs/de/gnome/default.nix
+++ b/.archive/home/modules/programs/de/gnome/default.nix
@ -6,8 +6,7 @@
  osConfig,
  ...
 }:
-with lib.hm.gvariant;
+with lib.hm.gvariant; {
 {
  config = lib.mkIf osConfig.mySystem.de.gnome.enable {
    # add user packages
    home.packages = with pkgs; [
@ -23,7 +22,7 @@ with lib.hm.gvariant;
        workspaces-only-on-primary = false;
      };
      "org/gnome/settings-daemon/plugins/media-keys" = {
-        home = [ "<Super>e" ];
+        home = ["<Super>e"];
      };
      "org/gnome/desktop/wm/preferences" = {
        workspace-names = [
--- a/.archive/hosts/durincore/default.nix
+++ b/.archive/hosts/durincore/default.nix
@ -1,5 +1,4 @@
-{ ... }:
+{...}: {
 {
  config = {
    networking.hostId = "ad4380db";
    networking.hostName = "durincore";
@ -12,10 +11,10 @@
          "usb_storage"
          "sd_mod"
        ];
-        kernelModules = [ ];
+        kernelModules = [];
      };
-      kernelModules = [ "kvm-intel" ];
+      kernelModules = ["kvm-intel"];
-      extraModulePackages = [ ];
+      extraModulePackages = [];
    };
    fileSystems = {
@ -39,7 +38,7 @@
      };
    };
-    swapDevices = [ ];
+    swapDevices = [];
    # System settings and services.
    mySystem = {
@ -48,6 +47,5 @@
        "wlp4s0"
      ];
    };
  };
 }
--- a/.archive/hosts/gandalf/config/incus-preseed.nix
+++ b/.archive/hosts/gandalf/config/incus-preseed.nix
@ -1,5 +1,4 @@
-{ ... }:
+{...}: {
 {
  config = {
    "core.https_address" = "10.1.1.15:8445"; # Need quotes around key
  };
@ -27,7 +26,7 @@
  ];
  profiles = [
    {
-      config = { };
+      config = {};
      description = "";
      devices = {
        eth0 = {
@ -44,6 +43,6 @@
      name = "default";
    }
  ];
-  projects = [ ];
+  projects = [];
  cluster = null;
 }
--- a/.archive/hosts/gandalf/config/samba-config.nix
+++ b/.archive/hosts/gandalf/config/samba-config.nix
@ -1,5 +1,4 @@
-{ ... }:
+{...}: {
 {
  global = {
    "workgroup" = "WORKGROUP";
    "server string" = "gandalf";
--- a/.archive/hosts/gandalf/config/sanoid.nix
+++ b/.archive/hosts/gandalf/config/sanoid.nix
@ -1,5 +1,4 @@
-{ ... }:
+{...}: {
 {
  outputs = {
    # ZFS automated snapshots
    templates = {
@ -14,22 +13,22 @@
    };
    datasets = {
      "eru/xen-backups" = {
-        useTemplate = [ "production" ];
+        useTemplate = ["production"];
      };
      "eru/hansonhive" = {
-        useTemplate = [ "production" ];
+        useTemplate = ["production"];
      };
      "eru/tm_joe" = {
-        useTemplate = [ "production" ];
+        useTemplate = ["production"];
      };
      "eru/tm_elisia" = {
-        useTemplate = [ "production" ];
+        useTemplate = ["production"];
      };
      "eru/containers/volumes/xo-data" = {
-        useTemplate = [ "production" ];
+        useTemplate = ["production"];
      };
      "eru/containers/volumes/xo-redis-data" = {
-        useTemplate = [ "production" ];
+        useTemplate = ["production"];
      };
    };
  };
--- a/.archive/hosts/gandalf/default.nix
+++ b/.archive/hosts/gandalf/default.nix
@ -17,7 +17,7 @@
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    inputs.disko.nixosModules.disko
-    (import ../../profiles/disko-nixos.nix { disks = [ "/dev/sda" ]; })
+    (import ../../profiles/disko-nixos.nix {disks = ["/dev/sda"];})
  ];
  boot = {
@ -31,8 +31,8 @@
        "usb_storage"
        "sd_mod"
      ];
-      kernelModules = [ "nfs" ];
+      kernelModules = ["nfs"];
-      supportedFilesystems = [ "nfs" ];
+      supportedFilesystems = ["nfs"];
    };
    kernelModules = [
@ -42,7 +42,7 @@
      "vfio_pci"
      "vfio_virqfd"
    ];
-    extraModulePackages = [ ];
+    extraModulePackages = [];
    kernelParams = [
      "iommu=pt"
      "intel_iommu=on"
@ -50,7 +50,7 @@
    ]; # 100GB
  };
-  swapDevices = [ ];
+  swapDevices = [];
  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGSFTSVPt43PBpSMSF1dGTzN2JbxztDZUml7g4+PnWe CSI-Driver@talos"
@ -107,13 +107,13 @@
        sopsFile = ./secrets.sops.yaml;
        owner = "jahanson";
        mode = "400";
-        restartUnits = [ "syncthing.service" ];
+        restartUnits = ["syncthing.service"];
      };
      "syncthing/privateKey" = {
        sopsFile = ./secrets.sops.yaml;
        owner = "jahanson";
        mode = "400";
-        restartUnits = [ "syncthing.service" ];
+        restartUnits = ["syncthing.service"];
      };
    };
  };
--- a/.archive/hosts/legiondary/default.nix
+++ b/.archive/hosts/legiondary/default.nix
@ -6,9 +6,7 @@
  lib,
  modulesPath,
  ...
-}:
+}: {
 {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
@ -24,9 +22,9 @@
      "usbhid"
      "sd_mod"
    ];
-    initrd.kernelModules = [ ];
+    initrd.kernelModules = [];
-    kernelModules = [ "kvm-amd" ];
+    kernelModules = ["kvm-amd"];
-    extraModulePackages = [ ];
+    extraModulePackages = [];
  };
  fileSystems = {
@ -57,7 +55,7 @@
  #     options = [ "fmask=0022" "dmask=0022" ];
  #   };
-  swapDevices = [ ];
+  swapDevices = [];
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
--- a/.archive/modules/nixos/containers/lego-auto/default.nix
+++ b/.archive/modules/nixos/containers/lego-auto/default.nix
@ -1,6 +1,9 @@
-{ lib, config, ... }:
+{
-with lib;
+  lib,
-let
+  config,
  ...
 }:
 with lib; let
  app = "lego-auto";
  image = "ghcr.io/bjw-s/lego-auto:v0.3.0";
  user = "999"; # string
@ -8,8 +11,7 @@ let
  port = 9898; # int
  cfg = config.mySystem.services.${app};
  appFolder = "/eru/containers/volumes/${app}";
-in
+in {
 {
  options.mySystem.services.${app} = {
    enable = mkEnableOption "${app}";
    dnsimpleTokenPath = mkOption {
@ -56,9 +58,11 @@ in
          DNSIMPLE_OAUTH_TOKEN_FILE = "/config/dnsimple-token";
        };
-      volumes = [
+      volumes =
-        "${appFolder}/cert:/cert"
+        [
-      ] ++ optionals (cfg.provider == "dnsimple") [ "${cfg.dnsimpleTokenPath}:/config/dnsimple-token" ];
+          "${appFolder}/cert:/cert"
        ]
        ++ optionals (cfg.provider == "dnsimple") ["${cfg.dnsimpleTokenPath}:/config/dnsimple-token"];
    };
  };
 }
--- a/.archive/modules/nixos/containers/unifi/default.nix
+++ b/.archive/modules/nixos/containers/unifi/default.nix
@ -1,54 +1,57 @@
-{ lib, config, ... }:
+{
-with lib;
+  lib,
-let
+  config,
  ...
 }:
 with lib; let
  app = "unifi";
  # renovate: depName=goofball222/unifi datasource=github-releases
  version = "8.4.62";
  cfg = config.mySystem.services.${app};
  appFolder = "/eru/containers/volumes/${app}";
 in
-# persistentFolder = "${config.mySystem.persistentFolder}/var/lib/${appFolder}";
+  # persistentFolder = "${config.mySystem.persistentFolder}/var/lib/${appFolder}";
-{
+  {
-  options.mySystem.services.${app} = {
+    options.mySystem.services.${app} = {
-    enable = mkEnableOption "${app}";
+      enable = mkEnableOption "${app}";
-  };
+    };
-  config = mkIf cfg.enable {
+    config = mkIf cfg.enable {
-    networking.firewall.interfaces = {
+      networking.firewall.interfaces = {
-      enp130s0f0 = {
+        enp130s0f0 = {
-        allowedTCPPorts = [ 8443 ];
+          allowedTCPPorts = [8443];
        };
        podman0 = {
          allowedTCPPorts = [
            8080
            8443
            8880
            8843
          ];
          allowedUDPPorts = [3478];
        };
      };
-      podman0 = {
+      virtualisation.oci-containers.containers.${app} = {
-        allowedTCPPorts = [
+        image = "ghcr.io/goofball222/unifi:${version}";
-          8080
+        autoStart = true;
-          8443
+        ports = [
-          8880
+          "3478:3478/udp" # STUN
-          8843
+          "8080:8080" # inform controller
          "8443:8443" # https
          "8880:8880" # HTTP portal redirect
          "8843:8843" # HTTPS portal redirect
        ];
        environment = {
          TZ = "America/Chicago";
          RUNAS_UID0 = "false";
          PGID = "102";
          PUID = "999";
        };
        volumes = [
          "${appFolder}/cert:/usr/lib/unifi/cert"
          "${appFolder}/data:/usr/lib/unifi/data"
          "${appFolder}/logs:/usr/lib/unifi/logs"
        ];
        allowedUDPPorts = [ 3478 ];
      };
    };
-    virtualisation.oci-containers.containers.${app} = {
+  }
      image = "ghcr.io/goofball222/unifi:${version}";
      autoStart = true;
      ports = [
        "3478:3478/udp" # STUN
        "8080:8080" # inform controller
        "8443:8443" # https
        "8880:8880" # HTTP portal redirect
        "8843:8843" # HTTPS portal redirect
      ];
      environment = {
        TZ = "America/Chicago";
        RUNAS_UID0 = "false";
        PGID = "102";
        PUID = "999";
      };
      volumes = [
        "${appFolder}/cert:/usr/lib/unifi/cert"
        "${appFolder}/data:/usr/lib/unifi/data"
        "${appFolder}/logs:/usr/lib/unifi/logs"
      ];
    };
  };
 }
--- a/.archive/modules/nixos/de/gnome.nix
+++ b/.archive/modules/nixos/de/gnome.nix
@ -3,24 +3,27 @@
  config,
  pkgs,
  ...
-}:
+}: let
 let
  cfg = config.mySystem.de.gnome;
-in
+in {
 {
  options = {
    mySystem.de.gnome = {
-      enable = lib.mkEnableOption "GNOME" // {
+      enable =
-        default = false;
+        lib.mkEnableOption "GNOME"
-      };
+        // {
-      systrayicons = lib.mkEnableOption "Enable systray icons" // {
+          default = false;
-        default = true;
+        };
-      };
+      systrayicons =
-      gsconnect = lib.mkEnableOption "Enable gsconnect (KDEConnect for GNOME)" // {
+        lib.mkEnableOption "Enable systray icons"
-        default = true;
+        // {
-      };
+          default = true;
        };
      gsconnect =
        lib.mkEnableOption "Enable gsconnect (KDEConnect for GNOME)"
        // {
          default = true;
        };
    };
  };
  config = lib.mkIf cfg.enable {
@ -49,14 +52,13 @@ in
        };
      };
-      udev.packages = lib.optionals cfg.systrayicons [ pkgs.gnome.gnome-settings-daemon ]; # support appindicator
+      udev.packages = lib.optionals cfg.systrayicons [pkgs.gnome.gnome-settings-daemon]; # support appindicator
    };
    # systyray icons
    # extra pkgs and extensions
    environment = {
-      systemPackages =
+      systemPackages = with pkgs;
        with pkgs;
        [
          wl-clipboard # ls ~/Downloads | wl-copy or wl-paste > clipboard.txt
          playerctl # gsconnect play/pause command
@ -70,7 +72,7 @@ in
          gnomeExtensions.caffeine
          gnomeExtensions.dash-to-dock
        ]
-        ++ optionals cfg.systrayicons [ pkgs.gnomeExtensions.appindicator ];
+        ++ optionals cfg.systrayicons [pkgs.gnomeExtensions.appindicator];
    };
    # enable gsconnect
--- a/.archive/modules/nixos/de/kde.nix
+++ b/.archive/modules/nixos/de/kde.nix
@ -3,17 +3,17 @@
  config,
  pkgs,
  ...
-}:
+}: let
 let
  cfg = config.mySystem.de.kde;
-  flameshotOverride = pkgs.unstable.flameshot.override { enableWlrSupport = true; };
+  flameshotOverride = pkgs.unstable.flameshot.override {enableWlrSupport = true;};
-in
+in {
 {
  options = {
    mySystem.de.kde = {
-      enable = lib.mkEnableOption "KDE" // {
+      enable =
-        default = false;
+        lib.mkEnableOption "KDE"
-      };
+        // {
          default = false;
        };
    };
  };
--- a/.archive/modules/nixos/services/cockpit/default.nix
+++ b/.archive/modules/nixos/services/cockpit/default.nix
@ -4,11 +4,9 @@
  pkgs,
  ...
 }:
-with lib;
+with lib; let
 let
  cfg = config.mySystem.services.cockpit;
-in
+in {
 {
  options.mySystem.services.cockpit.enable = mkEnableOption "Cockpit";
  config.services.cockpit = mkIf cfg.enable {
--- a/.archive/modules/nixos/services/vault/default.nix
+++ b/.archive/modules/nixos/services/vault/default.nix
@ -3,11 +3,9 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  cfg = config.mySystem.services.vault;
-in
+in {
 {
  options.mySystem.services.vault = {
    enable = lib.mkEnableOption "vault";
    address = lib.mkOption {
--- a/.archive/profiles/disko-telchar.nix
+++ b/.archive/profiles/disko-telchar.nix
@ -23,7 +23,7 @@
              size = "100%";
              content = {
                type = "btrfs";
-                extraArgs = [ "-f" ]; # Override existing partition
+                extraArgs = ["-f"]; # Override existing partition
                # Subvolumes must set a mountpoint in order to be mounted,
                # unless their parent is mounted
                subvolumes = {
@ -33,11 +33,11 @@
                  };
                  # Subvolume name is the same as the mountpoint
                  "/home" = {
-                    mountOptions = [ "compress=zstd" ];
+                    mountOptions = ["compress=zstd"];
                    mountpoint = "/home";
                  };
                  # Sub(sub)volume doesn't need a mountpoint as its parent is mounted
-                  "/home/user" = { };
+                  "/home/user" = {};
                  # Parent is not mounted so the mountpoint must be set
                  "/nix" = {
                    mountOptions = [
--- a/.archive/profiles/hw-legion-15arh05h.nix
+++ b/.archive/profiles/hw-legion-15arh05h.nix
@ -1,5 +1,8 @@
 { lib, pkgs, ... }:
 {
  lib,
  pkgs,
  ...
 }: {
  # Support windows partition
  mySystem = {
    security.wheelNeedsSudoPassword = false;
@ -22,7 +25,7 @@
        device = "nodev";
        mirroredBoots = [
          {
-            devices = [ "nodev" ];
+            devices = ["nodev"];
            path = "/boot";
          }
        ];
--- a/.archive/profiles/hw-thinkpad-t470.nix
+++ b/.archive/profiles/hw-thinkpad-t470.nix
@ -1,5 +1,8 @@
 { config, lib, ... }:
 {
  config,
  lib,
  ...
 }: {
  boot = {
    # Use the systemd-boot EFI boot loader.
    loader = {
--- a/.archive/profiles/role-gaming.nix
+++ b/.archive/profiles/role-gaming.nix
@ -1,12 +1,15 @@
 { lib, pkgs, ... }:
 {
  lib,
  pkgs,
  ...
 }: {
  # Enable module for NVIDIA graphics
  mySystem = {
    hardware.nvidia.enable = true;
  };
  # set xserver videodrivers for NVIDIA gpu
-  services.xserver.videoDrivers = [ "nvidia" ];
+  services.xserver.videoDrivers = ["nvidia"];
  # Install steam systemwide
  programs.steam = {
    enable = true;
@ -35,5 +38,4 @@
    pulse.enable = true;
    jack.enable = true;
  };
 }
--- a/nixos/home/jahanson/server.nix
+++ b/nixos/home/jahanson/server.nix
@ -1,5 +1,4 @@
-{ ... }:
+{...}: {
 {
  imports = [
    ./global.nix
  ];
--- a/nixos/home/modules/programs/browsers/default.nix
+++ b/nixos/home/modules/programs/browsers/default.nix
@ -1,5 +1,4 @@
-{ ... }:
+{...}: {
 {
  imports = [
    ./firefox
  ];
--- a/nixos/home/modules/programs/thunderbird/default.nix
+++ b/nixos/home/modules/programs/thunderbird/default.nix
@ -3,8 +3,7 @@
  pkgs,
  lib,
  ...
-}:
+}: let
 let
  cfg = config.myHome.programs.thunderbird;
  policies = {
@ -25,15 +24,14 @@ let
      };
    };
  };
-in
+in {
 {
  options.myHome.programs.thunderbird.enable = lib.mkEnableOption "Thunderbird";
  config = lib.mkIf cfg.enable {
    programs.thunderbird = {
      enable = true;
      package = pkgs.thunderbird-128.override (old: {
-        extraPolicies = (old.extrapPolicies or { }) // policies;
+        extraPolicies = (old.extrapPolicies or {}) // policies;
      });
      profiles.default.isDefault = true;
--- a/nixos/home/modules/security/default.nix
+++ b/nixos/home/modules/security/default.nix
@ -1,5 +1,4 @@
-{ ... }:
+{...}: {
 {
  imports = [
    ./ssh
  ];
--- a/nixos/home/modules/security/ssh/default.nix
+++ b/nixos/home/modules/security/ssh/default.nix
@ -1,14 +1,16 @@
 { config, lib, ... }:
 with lib;
 let
  cfg = config.myHome.security.ssh;
 in
 {
  config,
  lib,
  ...
 }:
 with lib; let
  cfg = config.myHome.security.ssh;
 in {
  options.myHome.security.ssh = {
    enable = mkEnableOption "ssh";
    matchBlocks = mkOption {
      type = types.attrs;
-      default = { };
+      default = {};
    };
  };
--- a/nixos/home/modules/shell/atuind/default.nix
+++ b/nixos/home/modules/shell/atuind/default.nix
@ -4,11 +4,9 @@
  lib,
  ...
 }:
-with lib;
+with lib; let
 let
  cfg = config.myHome.shell.atuind;
-in
+in {
 {
  options.myHome.shell.atuind = {
    enable = mkEnableOption "atuind";
  };
@ -17,10 +15,10 @@ in
    (mkIf cfg.enable {
      systemd.user.services.atuind = {
        Install = {
-          WantedBy = [ "default.target" ];
+          WantedBy = ["default.target"];
        };
        Unit = {
-          After = [ "network.target" ];
+          After = ["network.target"];
        };
        Service = {
          Environment = "ATUIN_LOG=info";
--- a/nixos/home/modules/shell/default.nix
+++ b/nixos/home/modules/shell/default.nix
@ -1,5 +1,4 @@
-{ ... }:
+{...}: {
 {
  imports = [
    ./atuind
    ./fish
--- a/nixos/home/modules/shell/starship/default.nix
+++ b/nixos/home/modules/shell/starship/default.nix
@ -3,11 +3,9 @@
  config,
  ...
 }:
-with lib;
+with lib; let
 let
  cfg = config.myHome.shell.starship;
-in
+in {
 {
  options.myHome.shell.starship = {
    enable = mkEnableOption "starship";
  };
--- a/nixos/home/modules/shell/wezterm/default.nix
+++ b/nixos/home/modules/shell/wezterm/default.nix
@ -4,11 +4,9 @@
  lib,
  ...
 }:
-with lib;
+with lib; let
 let
  cfg = config.myHome.shell.wezterm;
-in
+in {
 {
  options.myHome.shell.wezterm = {
    enable = mkEnableOption "wezterm";
    configPath = mkOption {
--- a/nixos/hosts/shadowfax/config/incus-preseed.nix
+++ b/nixos/hosts/shadowfax/config/incus-preseed.nix
@ -1,5 +1,4 @@
-{ ... }:
+{...}: {
 {
  config = {
    "core.https_address" = "10.1.1.61:8443"; # Need quotes around key
  };
@ -27,7 +26,7 @@
  ];
  profiles = [
    {
-      config = { };
+      config = {};
      description = "";
      devices = {
        eth0 = {
@ -44,6 +43,6 @@
      name = "default";
    }
  ];
-  projects = [ ];
+  projects = [];
  cluster = null;
 }
--- a/nixos/hosts/shadowfax/config/sanoid.nix
+++ b/nixos/hosts/shadowfax/config/sanoid.nix
@ -1,5 +1,4 @@
-{ ... }:
+{...}: {
 {
  outputs = {
    # ZFS automated snapshots
    templates = {
@ -14,27 +13,27 @@
    datasets = {
      "nahar/qbittorrent" = {
-        useTemplate = [ "production" ];
+        useTemplate = ["production"];
        recursive = true;
      };
      "nahar/sabnzbd" = {
-        useTemplate = [ "production" ];
+        useTemplate = ["production"];
        recursive = true;
      };
      "nahar/containers/volumes/jellyfin" = {
-        useTemplate = [ "production" ];
+        useTemplate = ["production"];
        recursive = true;
      };
      "nahar/containers/volumes/plex" = {
-        useTemplate = [ "production" ];
+        useTemplate = ["production"];
        recursive = true;
      };
      "nahar/containers/volumes/scrutiny" = {
-        useTemplate = [ "production" ];
+        useTemplate = ["production"];
        recursive = true;
      };
      "nahar/containers/volumes/scrypted" = {
-        useTemplate = [ "production" ];
+        useTemplate = ["production"];
        recursive = true;
      };
    };
--- a/nixos/hosts/telperion/config/bind.nix
+++ b/nixos/hosts/telperion/config/bind.nix
@ -1,5 +1,4 @@
-{ config, ... }:
+{config, ...}: ''
 ''
  include "${config.sops.secrets."bind/rndc-keys/externaldns".path}";
  acl trusted {
--- a/nixos/hosts/telperion/config/haproxy.nix
+++ b/nixos/hosts/telperion/config/haproxy.nix
@ -1,5 +1,4 @@
-{ ... }:
+{...}: ''
 ''
  global
    log /dev/log local0
    log /dev/log local1 notice
--- a/nixos/hosts/telperion/default.nix
+++ b/nixos/hosts/telperion/default.nix
@ -7,9 +7,7 @@
  modulesPath,
  pkgs,
  ...
-}:
+}: {
 {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
@ -25,9 +23,9 @@
      "usb_storage"
      "sd_mod"
    ];
-    initrd.kernelModules = [ ];
+    initrd.kernelModules = [];
-    kernelModules = [ "kvm-intel" ];
+    kernelModules = ["kvm-intel"];
-    extraModulePackages = [ ];
+    extraModulePackages = [];
  };
  fileSystems = {
    "/" = {
@ -51,7 +49,7 @@
    };
  };
-  swapDevices = [ ];
+  swapDevices = [];
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  # Until I can figure out why the tftp port is not opening, disable the firewall.
@ -118,12 +116,12 @@
      bind = {
        enable = true;
-        extraConfig = import ./config/bind.nix { inherit config; };
+        extraConfig = import ./config/bind.nix {inherit config;};
      };
      haproxy = {
        enable = true;
-        config = import ./config/haproxy.nix { inherit config; };
+        config = import ./config/haproxy.nix {inherit config;};
        tcpPorts = [
          6443
          6444
--- a/nixos/hosts/varda/resources/prune-backup.nix
+++ b/nixos/hosts/varda/resources/prune-backup.nix
@ -1,13 +1,10 @@
-{ pkgs, ... }:
+{pkgs, ...}: let
 let
  cleanupScript = pkgs.writeShellScriptBin "cleanup-backups.sh" (
    builtins.readFile ./prune-backups.sh
  );
-in
+in {
 {
  systemd.timers.cleanup-backups = {
-    wantedBy = [ "timers.target" ];
+    wantedBy = ["timers.target"];
    timerConfig = {
      OnCalendar = "daily";
      Persistent = true;
--- a/nixos/modules/nixos/containers/scrutiny/default.nix
+++ b/nixos/modules/nixos/containers/scrutiny/default.nix
@ -1,12 +1,14 @@
-{ lib, config, ... }:
+{
-with lib;
+  lib,
-let
+  config,
  ...
 }:
 with lib; let
  app = "scrutiny";
  # renovate: depName=AnalogJ/scrutiny datasource=github-releases
  version = "v0.8.1";
  cfg = config.mySystem.services.${app};
-in
+in {
 {
  options.mySystem.services.${app} = {
    enable = mkEnableOption "${app}";
@ -33,7 +35,7 @@ in
    # --device /dev/disk/by-id/nvme-XXXXXXXXXXXXXXXXXXXXXXXXXXXX
    devices = mkOption {
      type = types.listOf types.str;
-      default = [ ];
+      default = [];
      description = ''
        Devices to monitor on Scrutiny.
      '';
--- a/nixos/modules/nixos/de/kde.nix
+++ b/nixos/modules/nixos/de/kde.nix
@ -3,17 +3,17 @@
  config,
  pkgs,
  ...
-}:
+}: let
 let
  cfg = config.mySystem.de.kde;
-  flameshotOverride = pkgs.unstable.flameshot.override { enableWlrSupport = true; };
+  flameshotOverride = pkgs.unstable.flameshot.override {enableWlrSupport = true;};
-in
+in {
 {
  options = {
    mySystem.de.kde = {
-      enable = lib.mkEnableOption "KDE" // {
+      enable =
-        default = false;
+        lib.mkEnableOption "KDE"
-      };
+        // {
          default = false;
        };
    };
  };
--- a/nixos/modules/nixos/editor/vim.nix
+++ b/nixos/modules/nixos/editor/vim.nix
@ -1,12 +1,13 @@
 # /home/jahanson/projects/mochi/nixos/modules/nixos/editor/vim.nix
 { config, lib, ... }:
 with lib;
 let
  cfg = config.mySystem.editor.vim;
  users = [ "jahanson" ];
 in
 {
  config,
  lib,
  ...
 }:
 with lib; let
  cfg = config.mySystem.editor.vim;
  users = ["jahanson"];
 in {
  options.mySystem.editor.vim.enable = mkEnableOption "vim";
  config = mkIf cfg.enable {
    # Enable vim and set as default editor
@ -16,19 +17,20 @@ in
    # Visual mode off and syntax highlighting on
    home-manager.users =
      mapAttrs
-        (user: _: {
+      (user: _: {
-          home.file.".vimrc".text = ''
+        home.file.".vimrc".text = ''
-            set mouse-=a
+          set mouse-=a
-            syntax on
+          syntax on
-          '';
+        '';
-        })
+      })
-        (
+      (
-          listToAttrs (
+        listToAttrs (
-            map (u: {
+          map (u: {
-              name = u;
+            name = u;
-              value = { };
+            value = {};
-            }) users
+          })
-          )
+          users
-        );
+        )
      );
  };
 }
--- a/nixos/modules/nixos/games/steam/steam.nix
+++ b/nixos/modules/nixos/games/steam/steam.nix
@ -3,11 +3,9 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  cfg = config.mySystem.games.steam;
-in
+in {
 {
  options.mySystem.games.steam = {
    enable = lib.mkEnableOption "Steam";
  };
@ -24,6 +22,5 @@ in
    environment.systemPackages = with pkgs; [
      protonup-qt
    ];
  };
 }
--- a/nixos/modules/nixos/hardware/nvidia/default.nix
+++ b/nixos/modules/nixos/hardware/nvidia/default.nix
@ -4,15 +4,12 @@
  pkgs,
  ...
 }:
-with lib;
+with lib; let
 let
  cfg = config.mySystem.hardware.nvidia;
-in
+in {
 {
  options.mySystem.hardware.nvidia.enable = mkEnableOption "NVIDIA config";
  config = mkIf cfg.enable {
    environment.sessionVariables.NIXOS_OZONE_WL = "1";
    # ref: https://nixos.wiki/wiki/Nvidia
    # Enable OpenGL
@ -30,7 +27,6 @@ in
      # This is for the benefit of VSCODE running natively in wayland
      nvidia = {
        # Modesetting is required.
        modesetting.enable = true;
--- a/nixos/modules/nixos/programs/shell/fish.nix
+++ b/nixos/modules/nixos/programs/shell/fish.nix
@ -1,9 +1,11 @@
 { lib, config, ... }:
 with lib;
 let
  cfg = config.mySystem.shell.fish;
 in
 {
  lib,
  config,
  ...
 }:
 with lib; let
  cfg = config.mySystem.shell.fish;
 in {
  options.mySystem.shell.fish = {
    enable = mkEnableOption "Fish";
    enablePlugins = mkOption {
@ -22,5 +24,4 @@ in
      functions.enable = true;
    };
  };
 }
--- a/nixos/modules/nixos/security/1password/default.nix
+++ b/nixos/modules/nixos/security/1password/default.nix
@ -1,10 +1,12 @@
-{ config, lib, ... }:
+{
-with lib;
+  config,
-let
+  lib,
  ...
 }:
 with lib; let
  cfg = config.mySystem.security._1password;
  user = "jahanson";
-in
+in {
 {
  options.mySystem.security._1password = {
    enable = mkEnableOption "_1password";
  };
@ -14,7 +16,7 @@ in
      _1password.enable = true;
      _1password-gui = {
        enable = true;
-        polkitPolicyOwners = [ "${user}" ];
+        polkitPolicyOwners = ["${user}"];
      };
    };
--- a/nixos/modules/nixos/security/acme/default.nix
+++ b/nixos/modules/nixos/security/acme/default.nix
@ -1,15 +1,17 @@
 { lib, config, ... }:
 with lib;
 let
  cfg = config.mySystem.security.acme;
 in
 {
  lib,
  config,
  ...
 }:
 with lib; let
  cfg = config.mySystem.security.acme;
 in {
  options.mySystem.security.acme.enable = mkEnableOption "acme";
  config = mkIf cfg.enable {
    sops.secrets = {
      "security/acme/env".sopsFile = ./secrets.sops.yaml;
-      "security/acme/env".restartUnits = [ "lego.service" ];
+      "security/acme/env".restartUnits = ["lego.service"];
    };
    security.acme = {
--- a/nixos/modules/nixos/security/default.nix
+++ b/nixos/modules/nixos/security/default.nix
@ -1,5 +1,4 @@
-{ ... }:
+{...}: {
 {
  imports = [
    ./1password
    ./acme
--- a/nixos/modules/nixos/services/bind/default.nix
+++ b/nixos/modules/nixos/services/bind/default.nix
@ -4,14 +4,12 @@
  pkgs,
  ...
 }:
-with lib;
+with lib; let
 let
  cfg = config.mySystem.services.bind;
-in
+in {
 {
  options.mySystem.services.bind = {
    enable = mkEnableOption "bind";
-    package = mkPackageOption pkgs "bind" { };
+    package = mkPackageOption pkgs "bind" {};
    extraConfig = mkOption {
      type = types.str;
    };
@ -19,8 +17,8 @@ in
  config = mkIf cfg.enable {
    networking.firewall = {
-      allowedTCPPorts = [ 53 ];
+      allowedTCPPorts = [53];
-      allowedUDPPorts = [ 53 ];
+      allowedUDPPorts = [53];
    };
    # Forces the machine to use the resolver provided by the network
--- a/nixos/modules/nixos/services/dnsmasq/default.nix
+++ b/nixos/modules/nixos/services/dnsmasq/default.nix
@ -4,14 +4,12 @@
  pkgs,
  ...
 }:
-with lib;
+with lib; let
 let
  cfg = config.mySystem.services.dnsmasq;
-in
+in {
 {
  options.mySystem.services.dnsmasq = {
    enable = mkEnableOption "dnsmasq";
-    package = mkPackageOption pkgs "dnsmasq" { };
+    package = mkPackageOption pkgs "dnsmasq" {};
    bootAsset = mkOption {
      type = types.str;
      example = "http://10.1.1.57:8086/boot.ipxe";
@ -48,7 +46,7 @@ in
      settings = {
        # Disables only the DNS port.
        port = 0;
-        dhcp-range = [ "10.1.1.1,proxy,255.255.255.0" ];
+        dhcp-range = ["10.1.1.1,proxy,255.255.255.0"];
        # serves TFTP from dnsmasq
        enable-tftp = true;
        tftp-root = cfg.tftpRoot;
--- a/nixos/modules/nixos/services/libvirt-qemu/default.nix
+++ b/nixos/modules/nixos/services/libvirt-qemu/default.nix
@ -5,12 +5,10 @@
  inputs,
  ...
 }:
-with lib;
+with lib; let
 let
  cfg = config.mySystem.services.libvirt-qemu;
-in
+in {
-{
+  imports = [inputs.nixvirt-git.nixosModules.default];
  imports = [ inputs.nixvirt-git.nixosModules.default ];
  options.mySystem.services.libvirt-qemu = {
    enable = mkEnableOption "libvirt-qemu";
  };
@ -30,7 +28,7 @@ in
      qemu = {
        package = pkgs.qemu_kvm;
        ovmf.enable = true;
-        ovmf.packages = [ pkgs.OVMFFull.fd ];
+        ovmf.packages = [pkgs.OVMFFull.fd];
      };
    };
  };
--- a/nixos/modules/nixos/services/matchbox/default.nix
+++ b/nixos/modules/nixos/services/matchbox/default.nix
@ -4,14 +4,12 @@
  pkgs,
  ...
 }:
-with lib;
+with lib; let
 let
  cfg = config.mySystem.services.matchbox;
-in
+in {
 {
  options.mySystem.services.matchbox = {
    enable = mkEnableOption "matchbox";
-    package = mkPackageOption pkgs "matchbox-server" { };
+    package = mkPackageOption pkgs "matchbox-server" {};
    dataPath = mkOption {
      type = types.str;
      example = "/var/lib/matchbox";
@ -38,10 +36,10 @@ in
    networking.firewall = {
      # HTTP communication
-      allowedTCPPorts = [ 8086 ];
+      allowedTCPPorts = [8086];
    };
-    users.groups.matchbox = { };
+    users.groups.matchbox = {};
    users.users = {
      matchbox = {
        home = cfg.dataPath;
@ -51,8 +49,8 @@ in
    };
    systemd.services.matchbox = {
-      wantedBy = [ "multi-user.target" ];
+      wantedBy = ["multi-user.target"];
-      after = [ "network.target" ];
+      after = ["network.target"];
      serviceConfig = {
        ExecStart = "${pkgs.matchbox-server}/bin/matchbox -address=0.0.0.0:8086 -data-path=${cfg.dataPath} -assets-path=${cfg.assetPath} -log-level=debug";
        Restart = "on-failure";
--- a/nixos/modules/nixos/services/nginx/default.nix
+++ b/nixos/modules/nixos/services/nginx/default.nix
@ -1,13 +1,14 @@
 { lib, config, ... }:
 with lib;
 let
  cfg = config.mySystem.services.nginx;
 in
 {
  lib,
  config,
  ...
 }:
 with lib; let
  cfg = config.mySystem.services.nginx;
 in {
  options.mySystem.services.nginx.enable = mkEnableOption "nginx";
  config = mkIf cfg.enable {
    services.nginx = {
      enable = true;
@ -63,6 +64,6 @@ in
    };
    # required for using acme certs
-    users.users.nginx.extraGroups = [ "acme" ];
+    users.users.nginx.extraGroups = ["acme"];
  };
 }
--- a/nixos/modules/nixos/services/nix-index-daily/default.nix
+++ b/nixos/modules/nixos/services/nix-index-daily/default.nix
@ -3,11 +3,9 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  cfg = config.mySystem.services.nix-index-daily;
-in
+in {
 {
  options.mySystem.services.nix-index-daily = {
    enable = lib.mkEnableOption "Automatic daily nix-index database updates";
@ -29,8 +27,8 @@ in
    systemd.user = {
      # Timer for nix-index update
      timers.nix-index-update = {
-        wantedBy = [ "timers.target" ];
+        wantedBy = ["timers.target"];
-        partOf = [ "nix-index-update.service" ];
+        partOf = ["nix-index-update.service"];
        timerConfig = {
          OnCalendar = cfg.startTime;
          Persistent = true;
--- a/nixos/modules/nixos/services/onepassword-connect/default.nix
+++ b/nixos/modules/nixos/services/onepassword-connect/default.nix
@ -1,9 +1,11 @@
 { lib, config, ... }:
 with lib;
 let
  cfg = config.mySystem.services.onepassword-connect;
 in
 {
  lib,
  config,
  ...
 }:
 with lib; let
  cfg = config.mySystem.services.onepassword-connect;
 in {
  options.mySystem.services.onepassword-connect = {
    enable = mkEnableOption "onepassword-connect";
    apiVersion = lib.mkOption {
@ -27,7 +29,7 @@ in
  config = mkIf cfg.enable {
    # Create data dir
-    system.activationScripts.makeOnePasswordConnectDataDir = lib.stringAfter [ "var" ] ''
+    system.activationScripts.makeOnePasswordConnectDataDir = lib.stringAfter ["var"] ''
      mkdir -p "${cfg.dataDir}"
      chown -R 999:999 ${cfg.dataDir}
    '';
@ -37,7 +39,7 @@ in
      onepassword-connect-api = {
        image = "docker.io/1password/connect-api:${cfg.apiVersion}";
        autoStart = true;
-        ports = [ "8080:8080" ];
+        ports = ["8080:8080"];
        volumes = [
          "${cfg.credentialsFile}:/home/opuser/.op/1password-credentials.json"
          "${cfg.dataDir}:/home/opuser/.op/data"
@ -47,7 +49,7 @@ in
      onepassword-connect-sync = {
        image = "docker.io/1password/connect-sync:${cfg.syncVersion}";
        autoStart = true;
-        ports = [ "8081:8080" ];
+        ports = ["8081:8080"];
        volumes = [
          "${cfg.credentialsFile}:/home/opuser/.op/1password-credentials.json"
          "${cfg.dataDir}:/home/opuser/.op/data"
--- a/nixos/modules/nixos/services/podman/default.nix
+++ b/nixos/modules/nixos/services/podman/default.nix
@ -4,11 +4,9 @@
  pkgs,
  ...
 }:
-with lib;
+with lib; let
 let
  cfg = config.mySystem.services.podman;
-in
+in {
 {
  options.mySystem.services.podman.enable = mkEnableOption "Podman";
  config = mkIf cfg.enable {
@ -16,7 +14,7 @@ in
      enable = true;
      dockerCompat = true;
-      extraPackages = [ pkgs.zfs ];
+      extraPackages = [pkgs.zfs];
      # regular cleanup
      autoPrune.enable = true;
@ -42,16 +40,16 @@ in
      lazypodman = "sudo DOCKER_HOST=unix:///run/podman/podman.sock lazydocker";
    };
-    networking.firewall.interfaces.podman0.allowedUDPPorts = [ 53 ];
+    networking.firewall.interfaces.podman0.allowedUDPPorts = [53];
    # extra user for containers
-    users.groups.kah = { };
+    users.groups.kah = {};
    users.users = {
      kah = {
        uid = 568;
        group = "kah";
      };
-      jahanson.extraGroups = [ "kah" ];
+      jahanson.extraGroups = ["kah"];
    };
  };
 }
--- a/nixos/modules/nixos/services/qbittorrent/default.nix
+++ b/nixos/modules/nixos/services/qbittorrent/default.nix
@ -4,11 +4,9 @@
  pkgs,
  ...
 }:
-with lib;
+with lib; let
 let
  cfg = config.mySystem.services.qbittorrent;
-in
+in {
 {
  options.mySystem.services.qbittorrent = {
    enable = mkEnableOption "qBittorrent";
@ -68,7 +66,7 @@ in
  };
  config = mkIf cfg.enable {
-    users.groups.${cfg.group} = { };
+    users.groups.${cfg.group} = {};
    users.users = mkIf (cfg.user == "qbittorrent") {
      qbittorrent = {
        inherit (cfg) group;
@ -108,8 +106,8 @@ in
          Group = cfg.group;
        }
        (lib.mkIf cfg.hardening {
-          CapabilityBoundingSet = [ "" ];
+          CapabilityBoundingSet = [""];
-          DeviceAllow = [ "" ];
+          DeviceAllow = [""];
          DevicePolicy = "closed";
          LockPersonality = true;
          MemoryDenyWriteExecute = true;
@ -154,7 +152,7 @@ in
        cfg.webuiPort
        cfg.qbittorrentPort
      ];
-      allowedUDPPorts = [ cfg.qbittorrentPort ];
+      allowedUDPPorts = [cfg.qbittorrentPort];
    };
  };
 }
--- a/nixos/modules/nixos/services/reboot-required-check.nix
+++ b/nixos/modules/nixos/services/reboot-required-check.nix
@ -1,15 +1,17 @@
 { lib, config, ... }:
 with lib;
 let
  cfg = config.mySystem.services.rebootRequiredCheck;
 in
 {
  lib,
  config,
  ...
 }:
 with lib; let
  cfg = config.mySystem.services.rebootRequiredCheck;
 in {
  options.mySystem.services.rebootRequiredCheck.enable = mkEnableOption "Reboot required check";
  config = mkIf cfg.enable {
    # Enable timer
    systemd.timers."reboot-required-check" = {
-      wantedBy = [ "timers.target" ];
+      wantedBy = ["timers.target"];
      timerConfig = {
        # start at boot
        OnBootSec = "0m";
--- a/nixos/modules/nixos/services/sanoid/default.nix
+++ b/nixos/modules/nixos/services/sanoid/default.nix
@ -4,14 +4,12 @@
  pkgs,
  ...
 }:
-with lib;
+with lib; let
 let
  cfg = config.mySystem.services.sanoid;
-in
+in {
 {
  options.mySystem.services.sanoid = {
    enable = mkEnableOption "sanoid";
-    package = mkPackageOption pkgs "sanoid" { };
+    package = mkPackageOption pkgs "sanoid" {};
    datasets = mkOption {
      type = lib.types.attrsOf (lib.types.attrsOf lib.types.unspecified);
    };
--- a/nixos/modules/nixos/services/syncthing/config/default.nix
+++ b/nixos/modules/nixos/services/syncthing/config/default.nix
@ -1,5 +1,4 @@
-{ sops, ... }:
+{sops, ...}: {
 {
  gui = {
    user = sops.secrets.username;
    password = sops.secrets.password;
@ -9,22 +8,22 @@
    gandalf = {
      name = "gandalf";
      id = "2VYHSOB-4QE3UIJ-EFKAD4D-J7YTLYG-4KF36C2-3SOLD4G-MFR6NK3-C2VSAQV";
-      addresses = [ "tcp://10.1.1.13:22000" ];
+      addresses = ["tcp://10.1.1.13:22000"];
    };
    legiondary = {
      name = "legiondary";
      id = "O4WI2YC-BZBPF2W-2ALNQ2D-UOP3BK5-ZDSEHVH-DIHS2FG-BSVJCXG-GF47XAE";
-      addresses = [ "dynamic" ];
+      addresses = ["dynamic"];
    };
    shadowfax = {
      name = "shadowfax";
      id = "U3DS7CW-GBZT44M-IFP3MOB-AV6SHVY-YFVEL5P-HE3ACC5-NDDGAOB-HOTKJAC";
-      addresses = [ "tcp://10.1.1.61:22000" ];
+      addresses = ["tcp://10.1.1.61:22000"];
    };
    telchar = {
      name = "telchar";
      id = "ENO4NVK-DUKOLUT-ASJZOEI-IFBVBTA-GDNWKWS-DQF3TZW-JJ72VVB-VWTHNAH";
-      addresses = [ "dynamic" ];
+      addresses = ["dynamic"];
    };
  };
--- a/nixos/modules/nixos/services/syncthing/default.nix
+++ b/nixos/modules/nixos/services/syncthing/default.nix
@ -2,11 +2,9 @@
  config,
  lib,
  ...
-}:
+}: let
 let
  cfg = config.mySystem.services.syncthing;
-in
+in {
 {
  options.mySystem.services.syncthing = {
    enable = lib.mkEnableOption "Syncthing";
    publicCertPath = lib.mkOption {
@ -30,13 +28,13 @@ in
        sopsFile = ./secrets.sops.yaml;
        owner = "jahanson";
        mode = "400";
-        restartUnits = [ "syncthing.service" ];
+        restartUnits = ["syncthing.service"];
      };
      "password" = {
        sopsFile = ./secrets.sops.yaml;
        owner = "jahanson";
        mode = "400";
-        restartUnits = [ "syncthing.service" ];
+        restartUnits = ["syncthing.service"];
      };
    };
@ -48,7 +46,7 @@ in
        openDefaultPorts = true;
        key = "${cfg.privateKeyPath}";
        cert = "${cfg.publicCertPath}";
-        settings = import ./config { inherit (config) sops; };
+        settings = import ./config {inherit (config) sops;};
      };
    };
    # Don't create default ~/Sync folder
--- a/nixos/modules/nixos/services/unpackerr/default.nix
+++ b/nixos/modules/nixos/services/unpackerr/default.nix
@ -4,17 +4,13 @@
  pkgs,
  ...
 }:
-
+with lib; let
 with lib;
 let
  cfg = config.mySystem.services.unpackerr;
-in
+in {
 {
  options.mySystem.services.unpackerr = {
    enable = mkEnableOption "Unpackerr";
-    package = mkPackageOption pkgs "unpackerr" { };
+    package = mkPackageOption pkgs "unpackerr" {};
    user = mkOption {
      type = types.str;
@ -43,7 +39,7 @@ in
  };
  config = mkIf cfg.enable {
-    users.groups.${cfg.group} = { };
+    users.groups.${cfg.group} = {};
    users.users = mkIf (cfg.user == "unpackerr") {
      unpackerr = {
        inherit (cfg) group;
@ -53,8 +49,8 @@ in
    systemd.services.unpackerr = {
      description = "Unpackerr service";
-      after = [ "network.target" ];
+      after = ["network.target"];
-      wantedBy = [ "multi-user.target" ];
+      wantedBy = ["multi-user.target"];
      serviceConfig = {
        User = cfg.user;
        Group = cfg.group;
@ -66,9 +62,11 @@ in
          ]
        );
-        EnvironmentFile = lib.optional (
+        EnvironmentFile =
-          cfg.extraEnvVarsFile != null && cfg.extraEnvVarsFile != ""
+          lib.optional (
-        ) cfg.extraEnvVarsFile;
+            cfg.extraEnvVarsFile != null && cfg.extraEnvVarsFile != ""
          )
          cfg.extraEnvVarsFile;
      };
    };
  };
--- a/nixos/modules/nixos/system/borg/borgbackup/default.nix
+++ b/nixos/modules/nixos/system/borg/borgbackup/default.nix
@ -1,17 +1,19 @@
 { lib, config, ... }:
 let
  cfg = config.mySystem.system.borgbackup;
 in
 {
  lib,
  config,
  ...
 }: let
  cfg = config.mySystem.system.borgbackup;
 in {
  options.mySystem.system.borgbackup = {
    enable = lib.mkEnableOption "borgbackup";
    paths = lib.mkOption {
      type = lib.types.listOf lib.types.str;
-      default = [ ];
+      default = [];
    };
    exclude = lib.mkOption {
      type = lib.types.listOf lib.types.str;
-      default = [ ];
+      default = [];
    };
    repo = lib.mkOption {
      example = "borgbackup@myserver:repo";
--- a/nixos/modules/nixos/system/borg/default.nix
+++ b/nixos/modules/nixos/system/borg/default.nix
@ -1,5 +1,4 @@
-{ ... }:
+{...}: {
 {
  imports = [
    ./borgbackup
    ./pikabackup
--- a/nixos/modules/nixos/system/borg/pikabackup/default.nix
+++ b/nixos/modules/nixos/system/borg/pikabackup/default.nix
@ -3,12 +3,10 @@
  config,
  pkgs,
  ...
-}:
+}: let
 let
  cfg = config.mySystem.system.borg.pika-backup;
  user = "jahanson";
-in
+in {
 {
  options.mySystem.system.borg.pika-backup = {
    enable = lib.mkEnableOption "pika-backup";
  };
--- a/nixos/modules/nixos/system/incus/default.nix
+++ b/nixos/modules/nixos/system/incus/default.nix
@ -3,12 +3,10 @@
  pkgs,
  lib,
  ...
-}:
+}: let
 let
  cfg = config.mySystem.system.incus;
  user = "jahanson";
-in
+in {
 {
  # sops.secrets.secret-domain-0 = {
  #   sopsFile = ./secret.sops.yaml;
  # };
@ -27,14 +25,13 @@ in
  };
  config = lib.mkIf cfg.enable {
    virtualisation.incus = {
      inherit (cfg) preseed;
      enable = true;
      ui.enable = true;
    };
-    users.users.${user}.extraGroups = [ "incus-admin" ];
+    users.users.${user}.extraGroups = ["incus-admin"];
    # systemd.services.incus-preseed.postStart = "${oidcSetup}";
--- a/nixos/modules/nixos/system/motd/default.nix
+++ b/nixos/modules/nixos/system/motd/default.nix
@ -3,8 +3,7 @@
  lib,
  pkgs,
  ...
-}:
+}: let
 let
  motd = pkgs.writeShellScriptBin "motd" ''
    #! /usr/bin/env bash
    source /etc/os-release
@ -41,8 +40,7 @@ let
    printf "\n"
    ${lib.strings.concatStrings (
      lib.lists.forEach cfg.networkInterfaces (
-        x:
+        x: "printf \"$BOLD  * %-20s$ENDCOLOR %s\\n\" \"IPv4 ${x}\" \"$(ip -4 addr show ${x} | grep -oP '(?<=inet\\s)\\d+(\\.\\d+){3}')\"\n"
        "printf \"$BOLD  * %-20s$ENDCOLOR %s\\n\" \"IPv4 ${x}\" \"$(ip -4 addr show ${x} | grep -oP '(?<=inet\\s)\\d+(\\.\\d+){3}')\"\n"
      )
    )}
    printf "$BOLD  * %-20s$ENDCOLOR %s\n" "Release" "$PRETTY_NAME"
@ -82,17 +80,15 @@ let
    fi
  '';
  cfg = config.mySystem.system.motd;
-in
+in {
 {
  options.mySystem.system.motd = {
    enable = lib.mkEnableOption "MOTD";
    networkInterfaces = lib.mkOption {
      description = "Network interfaces to monitor";
      type = lib.types.listOf lib.types.str;
      # default = lib.mapAttrsToList (_: val: val.interface)
-      default = [ ];
+      default = [];
    };
  };
  config = lib.mkIf cfg.enable {
    environment.systemPackages = [
--- a/nixos/modules/nixos/system/nfs/default.nix
+++ b/nixos/modules/nixos/system/nfs/default.nix
@ -1,8 +1,10 @@
 { lib, config, ... }:
 let
  cfg = config.mySystem.system.nfs;
 in
 {
  lib,
  config,
  ...
 }: let
  cfg = config.mySystem.system.nfs;
 in {
  options.mySystem.system.nfs = {
    enable = lib.mkEnableOption "nfs";
    exports = lib.mkOption {
--- a/nixos/modules/nixos/system/nix.nix
+++ b/nixos/modules/nixos/system/nix.nix
@ -1,9 +1,11 @@
 { lib, config, ... }:
 with lib;
 let
  cfg = config.mySystem.nix;
 in
 {
  lib,
  config,
  ...
 }:
 with lib; let
  cfg = config.mySystem.nix;
 in {
  options.mySystem.nix = {
    autoOptimiseStore = mkOption {
      type = lib.types.bool;
@ -11,9 +13,11 @@ in
      default = true;
    };
    gc = {
-      enable = mkEnableOption "automatic garbage collection" // {
+      enable =
-        default = true;
+        mkEnableOption "automatic garbage collection"
-      };
+        // {
          default = true;
        };
      persistent = mkOption {
        type = lib.types.bool;
        description = "Persistent timer for gc, runs at startup if timer missed";
--- a/nixos/modules/nixos/system/openssh.nix
+++ b/nixos/modules/nixos/system/openssh.nix
@ -1,13 +1,17 @@
 { lib, config, ... }:
 with lib;
 let
  cfg = config.mySystem.services.openssh;
 in
 {
  lib,
  config,
  ...
 }:
 with lib; let
  cfg = config.mySystem.services.openssh;
 in {
  options.mySystem.services.openssh = {
-    enable = mkEnableOption "openssh" // {
+    enable =
-      default = true;
+      mkEnableOption "openssh"
-    };
+      // {
        default = true;
      };
    passwordAuthentication = mkOption {
      type = lib.types.bool;
      description = "If password can be accepted for ssh (commonly disable for security hardening)";
--- a/nixos/modules/nixos/system/pushover/default.nix
+++ b/nixos/modules/nixos/system/pushover/default.nix
@ -4,21 +4,18 @@
  pkgs,
  ...
 }:
-with lib;
+with lib; let
 let
  cfg = config.mySystem.system.systemd.pushover-alerts;
-in
+in {
 {
  options.mySystem.system.systemd.pushover-alerts.enable =
    mkEnableOption "Pushover alerts for systemd failures"
    // {
      default = true;
    };
  options.systemd.services = mkOption {
-    type =
+    type = with types;
      with types;
      attrsOf (submodule {
-        config.onFailure = [ "notify-pushover@%n.service" ];
+        config.onFailure = ["notify-pushover@%n.service"];
      });
  };
@ -32,7 +29,7 @@ in
    systemd.services."notify-pushover@" = mkIf cfg.enable {
      enable = true;
-      onFailure = lib.mkForce [ ]; # cant refer to itself on failure
+      onFailure = lib.mkForce []; # cant refer to itself on failure
      description = "Notify on failed unit %i";
      serviceConfig = {
        Type = "oneshot";
--- a/nixos/modules/nixos/system/security.nix
+++ b/nixos/modules/nixos/system/security.nix
@ -1,9 +1,11 @@
 { lib, config, ... }:
 with lib;
 let
  cfg = config.mySystem.security;
 in
 {
  lib,
  config,
  ...
 }:
 with lib; let
  cfg = config.mySystem.security;
 in {
  options.mySystem.security = {
    sshAgentAuth.enable = lib.mkEnableOption "openssh";
    wheelNeedsSudoPassword = lib.mkOption {
--- a/nixos/modules/nixos/system/systempackages.nix
+++ b/nixos/modules/nixos/system/systempackages.nix
@ -1,14 +1,16 @@
 { lib, config, ... }:
 with lib;
 let
  cfg = config.mySystem.system;
 in
 {
  lib,
  config,
  ...
 }:
 with lib; let
  cfg = config.mySystem.system;
 in {
  options.mySystem.system = {
    packages = mkOption {
      type = with types; listOf package;
      description = "List of system level package installs";
-      default = [ ];
+      default = [];
    };
  };
  # System packages deployed globally.
--- a/nixos/modules/nixos/system/time.nix
+++ b/nixos/modules/nixos/system/time.nix
@ -1,8 +1,10 @@
 { lib, config, ... }:
 let
  cfg = config.mySystem.time;
 in
 {
  lib,
  config,
  ...
 }: let
  cfg = config.mySystem.time;
 in {
  options.mySystem.time = {
    timeZone = lib.mkOption {
      type = lib.types.str;
--- a/nixos/modules/nixos/system/wifi_swap/default.nix
+++ b/nixos/modules/nixos/system/wifi_swap/default.nix
@ -5,8 +5,7 @@
  pkgs,
  ...
 }:
-with lib;
+with lib; let
 let
  cfg = config.mySystem.framework_wifi_swap;
  wifiSwap = pkgs.writeShellScriptBin "wifi_swap" ''
    #! /usr/bin/env bash
@ -34,12 +33,13 @@ let
        ;;
    esac
  '';
-in
+in {
 {
  options.mySystem.framework_wifi_swap = {
-    enable = mkEnableOption "framework_wifi_swap" // {
+    enable =
-      default = false;
+      mkEnableOption "framework_wifi_swap"
-    };
+      // {
        default = false;
      };
  };
  config = mkIf cfg.enable {
    # Create bash script and add it to nix store
--- a/nixos/modules/nixos/system/zfs.nix
+++ b/nixos/modules/nixos/system/zfs.nix
@ -3,45 +3,43 @@
  config,
  pkgs,
  ...
-}:
+}: let
 let
  cfg = config.mySystem.system.zfs;
 in
-with lib;
+  with lib; {
-{
+    options.mySystem.system.zfs = {
-  options.mySystem.system.zfs = {
+      enable = lib.mkEnableOption "zfs";
-    enable = lib.mkEnableOption "zfs";
+      mountPoolsAtBoot = lib.mkOption {
-    mountPoolsAtBoot = lib.mkOption {
+        type = lib.types.listOf lib.types.str;
-      type = lib.types.listOf lib.types.str;
+        default = [];
      default = [ ];
    };
  };
  config = lib.mkIf cfg.enable {
    # setup boot
    boot = {
      supportedFilesystems = [
        "zfs"
      ];
      zfs = {
        forceImportRoot = false; # if stuck on boot, modify grub options, force importing isnt secure
        extraPools = cfg.mountPoolsAtBoot;
      };
    };
    config = lib.mkIf cfg.enable {
      # setup boot
      boot = {
        supportedFilesystems = [
          "zfs"
        ];
        zfs = {
          forceImportRoot = false; # if stuck on boot, modify grub options, force importing isnt secure
          extraPools = cfg.mountPoolsAtBoot;
        };
      };
-    services.zfs = {
+      services.zfs = {
-      autoScrub.enable = true;
+        autoScrub.enable = true;
-      autoScrub.interval = "weekly";
+        autoScrub.interval = "weekly";
-      trim.enable = true;
+        trim.enable = true;
      };
      # Pushover notifications
      environment.systemPackages = with pkgs; [
        busybox
      ];
      services.zfs.zed.settings = {
        ZED_PUSHOVER_TOKEN = "$(${pkgs.busybox}/bin/cat ${config.sops.secrets.pushover-api-key.path})";
        ZED_PUSHOVER_USER = "$(${pkgs.busybox}/bin/cat ${config.sops.secrets.pushover-user-key.path})";
      };
    };
-
+  }
    # Pushover notifications
    environment.systemPackages = with pkgs; [
      busybox
    ];
    services.zfs.zed.settings = {
      ZED_PUSHOVER_TOKEN = "$(${pkgs.busybox}/bin/cat ${config.sops.secrets.pushover-api-key.path})";
      ZED_PUSHOVER_USER = "$(${pkgs.busybox}/bin/cat ${config.sops.secrets.pushover-user-key.path})";
    };
  };
 }
--- a/nixos/overlays/cargo-tauri/default.nix
+++ b/nixos/overlays/cargo-tauri/default.nix
@ -1,10 +1,9 @@
-{ ... }:
+{...}: let
 let
  finalVersion = "tauri-v2.0.4";
 in
-final: prev: {
+  final: prev: {
-  cargo-tauri = prev.cargo-tauri.overrideAttrs (oldAttrs: {
+    cargo-tauri = prev.cargo-tauri.overrideAttrs (oldAttrs: {
-    version = finalVersion;
+      version = finalVersion;
-    vendorHash = "sha256-aTtvVpL979BUvSBwBqRqCWSWIBBmmty9vBD97Q5P4+E=";
+      vendorHash = "sha256-aTtvVpL979BUvSBwBqRqCWSWIBBmmty9vBD97Q5P4+E=";
-  });
+    });
-}
+  }
--- a/nixos/overlays/coder/default.nix
+++ b/nixos/overlays/coder/default.nix
@ -8,9 +8,7 @@
  stdenvNoCC,
  unzip,
  nixosTests,
-}:
+}: let
 let
  inherit (stdenvNoCC.hostPlatform) system;
  channels = {
@ -34,14 +32,13 @@ let
    };
  };
 in
-stdenvNoCC.mkDerivation (finalAttrs: {
+  stdenvNoCC.mkDerivation (finalAttrs: {
-  pname = "coder";
+    pname = "coder";
-  version = channels.${channel}.version;
+    version = channels.${channel}.version;
-  src = fetchurl {
+    src = fetchurl {
-    hash = (channels.${channel}.hash).${system};
+      hash = (channels.${channel}.hash).${system};
-    url =
+      url = let
      let
        systemName =
          {
            x86_64-linux = "linux_amd64";
@ -59,59 +56,58 @@ stdenvNoCC.mkDerivation (finalAttrs: {
            aarch64-darwin = "zip";
          }
          .${system};
-      in
+      in "https://github.com/coder/coder/releases/download/v${finalAttrs.version}/coder_${finalAttrs.version}_${systemName}.${ext}";
      "https://github.com/coder/coder/releases/download/v${finalAttrs.version}/coder_${finalAttrs.version}_${systemName}.${ext}";
  };
  nativeBuildInputs = [
    installShellFiles
    makeBinaryWrapper
    unzip
  ];
  unpackPhase = ''
    runHook preUnpack
    case $src in
        *.tar.gz) tar -xz -f "$src" ;;
        *.zip)    unzip      "$src" ;;
    esac
    runHook postUnpack
  '';
  installPhase = ''
    runHook preInstall
    install -D -m755 coder $out/bin/coder
    runHook postInstall
  '';
  postInstall = ''
    wrapProgram $out/bin/coder \
      --prefix PATH : ${lib.makeBinPath [ terraform ]}
  '';
  # integration tests require network access
  doCheck = false;
  meta = {
    description = "Provision remote development environments via Terraform";
    homepage = "https://coder.com";
    license = lib.licenses.agpl3Only;
    mainProgram = "coder";
    maintainers = with lib.maintainers; [
      ghuntley
      kylecarbs
      urandom
    ];
  };
  passthru = {
    updateScript = ./update.sh;
    tests = {
      inherit (nixosTests) coder;
    };
-  };
+
-})
+    nativeBuildInputs = [
      installShellFiles
      makeBinaryWrapper
      unzip
    ];
    unpackPhase = ''
      runHook preUnpack
      case $src in
          *.tar.gz) tar -xz -f "$src" ;;
          *.zip)    unzip      "$src" ;;
      esac
      runHook postUnpack
    '';
    installPhase = ''
      runHook preInstall
      install -D -m755 coder $out/bin/coder
      runHook postInstall
    '';
    postInstall = ''
      wrapProgram $out/bin/coder \
        --prefix PATH : ${lib.makeBinPath [terraform]}
    '';
    # integration tests require network access
    doCheck = false;
    meta = {
      description = "Provision remote development environments via Terraform";
      homepage = "https://coder.com";
      license = lib.licenses.agpl3Only;
      mainProgram = "coder";
      maintainers = with lib.maintainers; [
        ghuntley
        kylecarbs
        urandom
      ];
    };
    passthru = {
      updateScript = ./update.sh;
      tests = {
        inherit (nixosTests) coder;
      };
    };
  })
--- a/nixos/overlays/smartmontools/default.nix
+++ b/nixos/overlays/smartmontools/default.nix
@ -1,15 +1,14 @@
-{ ... }:
+{...}: let
 let
  dbrev = "5613";
  drivedbBranch = "RELEASE_7_4";
 in
-final: prev: {
+  final: prev: {
-  smartmontools = prev.smartmontools.overrideAttrs (oldAttrs: {
+    smartmontools = prev.smartmontools.overrideAttrs (oldAttrs: {
-    inherit dbrev drivedbBranch;
+      inherit dbrev drivedbBranch;
-    driverdb = builtins.fetchurl {
+      driverdb = builtins.fetchurl {
-      url = "https://sourceforge.net/p/smartmontools/code/${dbrev}/tree/trunk/smartmontools/drivedb.h?format=raw";
+        url = "https://sourceforge.net/p/smartmontools/code/${dbrev}/tree/trunk/smartmontools/drivedb.h?format=raw";
-      sha256 = "sha256-6r7Pd298Ea55AXOLijUEQoJq+Km5cE+Ygti65yacdoM=";
+        sha256 = "sha256-6r7Pd298Ea55AXOLijUEQoJq+Km5cE+Ygti65yacdoM=";
-      name = "smartmontools-drivedb.h";
+        name = "smartmontools-drivedb.h";
-    };
+      };
-  });
+    });
-}
+  }
--- a/nixos/overlays/talosctl/default.nix
+++ b/nixos/overlays/talosctl/default.nix
@ -5,7 +5,6 @@
  installShellFiles,
  git,
 }:
 buildGoModule rec {
  pname = "talosctl";
  version = "1.9.0";
@ -24,7 +23,7 @@ buildGoModule rec {
    "-w"
  ];
-  subPackages = [ "cmd/talosctl" ];
+  subPackages = ["cmd/talosctl"];
  doCheck = false;
@ -58,7 +57,7 @@ buildGoModule rec {
    description = "A CLI for out-of-band management of Kubernetes nodes created by Talos";
    homepage = "https://www.talos.dev/";
    license = licenses.mpl20;
-    maintainers = with maintainers; [ flokli ];
+    maintainers = with maintainers; [flokli];
    mainProgram = "talosctl";
  };
 }
--- a/nixos/overlays/termius/default.nix
+++ b/nixos/overlays/termius/default.nix
@ -12,7 +12,6 @@
  udev,
  wrapGAppsHook3,
 }:
 stdenv.mkDerivation rec {
  pname = "termius";
  version = "9.5.0";
@ -31,7 +30,7 @@ stdenv.mkDerivation rec {
  };
  desktopItem = makeDesktopItem {
-    categories = [ "Network" ];
+    categories = ["Network"];
    comment = "The SSH client that works on Desktop and Mobile";
    desktopName = "Termius";
    exec = "termius-app";
@ -82,7 +81,7 @@ stdenv.mkDerivation rec {
    install -Dm644 meta/gui/icon.png $out/share/icons/hicolor/128x128/apps/termius-app.png
  '';
-  runtimeDependencies = [ (lib.getLib udev) ];
+  runtimeDependencies = [(lib.getLib udev)];
  postFixup = ''
    makeWrapper $out/opt/termius/termius-app $out/bin/termius-app \
@ -93,13 +92,13 @@ stdenv.mkDerivation rec {
    description = "A cross-platform SSH client with cloud data sync and more";
    homepage = "https://termius.com/";
    downloadPage = "https://termius.com/linux/";
-    sourceProvenance = with sourceTypes; [ binaryNativeCode ];
+    sourceProvenance = with sourceTypes; [binaryNativeCode];
    license = licenses.unfree;
    maintainers = with maintainers; [
      Br1ght0ne
      th0rgal
    ];
-    platforms = [ "x86_64-linux" ];
+    platforms = ["x86_64-linux"];
    mainProgram = "termius-app";
  };
 }
--- a/nixos/overlays/vivaldi/default.nix
+++ b/nixos/overlays/vivaldi/default.nix
@ -62,183 +62,189 @@
  libpulseaudio,
  kerberosSupport ? true,
  libkrb5,
-}:
+}: let
-
+  branch =
-let
+    if isSnapshot
-  branch = if isSnapshot then "snapshot" else "stable";
+    then "snapshot"
-  vivaldiName = if isSnapshot then "vivaldi-snapshot" else "vivaldi";
+    else "stable";
  vivaldiName =
    if isSnapshot
    then "vivaldi-snapshot"
    else "vivaldi";
 in
-stdenv.mkDerivation rec {
+  stdenv.mkDerivation rec {
-  pname = "vivaldi";
+    pname = "vivaldi";
-  version = "6.9.3447.37";
+    version = "6.9.3447.37";
-  suffix =
+    suffix =
    {
      aarch64-linux = "arm64";
      x86_64-linux = "amd64";
    }
    .${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
  src = fetchurl {
    url = "https://downloads.vivaldi.com/${branch}/vivaldi-${branch}_${version}-1_${suffix}.deb";
    hash =
      {
-        aarch64-linux = "sha256-kYTnWad/jrJt9z+AhjXzHYxVSIwIIO3RKD7szuPEg2s=";
+        aarch64-linux = "arm64";
-        x86_64-linux = "sha256-+h7SHci8gZ+epKFHD0PiXyME2xT+loD2KXpJGFCfIFg=";
+        x86_64-linux = "amd64";
      }
-      .${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
+      .${stdenv.hostPlatform.system}
-  };
+      or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
-  unpackPhase = ''
+    src = fetchurl {
-    ar vx $src
+      url = "https://downloads.vivaldi.com/${branch}/vivaldi-${branch}_${version}-1_${suffix}.deb";
-    tar -xvf data.tar.xz
+      hash =
-  '';
+        {
          aarch64-linux = "sha256-kYTnWad/jrJt9z+AhjXzHYxVSIwIIO3RKD7szuPEg2s=";
          x86_64-linux = "sha256-+h7SHci8gZ+epKFHD0PiXyME2xT+loD2KXpJGFCfIFg=";
        }
        .${stdenv.hostPlatform.system}
        or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
    };
-  nativeBuildInputs = [
+    unpackPhase = ''
-    patchelf
+      ar vx $src
-    makeWrapper
+      tar -xvf data.tar.xz
  ];
  dontWrapQtApps = true;
  buildInputs =
    [
      stdenv.cc.cc
      stdenv.cc.libc
      zlib
      libX11
      libXt
      libXext
      libSM
      libICE
      libxcb
      libxkbcommon
      libxshmfence
      libXi
      libXft
      libXcursor
      libXfixes
      libXScrnSaver
      libXcomposite
      libXdamage
      libXtst
      libXrandr
      atk
      at-spi2-atk
      at-spi2-core
      alsa-lib
      dbus
      cups
      gtk3
      gdk-pixbuf
      libexif
      ffmpeg
      systemd
      libva
      qt5.qtbase
      freetype
      fontconfig
      libXrender
      libuuid
      expat
      glib
      nss
      nspr
      libGL
      libxml2
      pango
      cairo
      libdrm
      mesa
      vulkan-loader
      wayland
      pipewire
    ]
    ++ lib.optional proprietaryCodecs vivaldi-ffmpeg-codecs
    ++ lib.optional pulseSupport libpulseaudio
    ++ lib.optional kerberosSupport libkrb5;
  libPath =
    lib.makeLibraryPath buildInputs
    + lib.optionalString (stdenv.is64bit) (":" + lib.makeSearchPathOutput "lib" "lib64" buildInputs)
    + ":$out/opt/${vivaldiName}/lib";
  buildPhase =
    ''
      runHook preBuild
      echo "Patching Vivaldi binaries"
      for f in chrome_crashpad_handler vivaldi-bin vivaldi-sandbox ; do
        patchelf \
          --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
          --set-rpath "${libPath}" \
          opt/${vivaldiName}/$f
      done
      for f in libGLESv2.so libqt5_shim.so ; do
        patchelf --set-rpath "${libPath}" opt/${vivaldiName}/$f
      done
    ''
    + lib.optionalString proprietaryCodecs ''
      ln -s ${vivaldi-ffmpeg-codecs}/lib/libffmpeg.so opt/${vivaldiName}/libffmpeg.so.''${version%\.*\.*}
    ''
    + ''
      echo "Finished patching Vivaldi binaries"
      runHook postBuild
    '';
-  dontPatchELF = true;
+    nativeBuildInputs = [
-  dontStrip = true;
+      patchelf
-
+      makeWrapper
  installPhase =
    ''
      runHook preInstall
      mkdir -p "$out"
      cp -r opt "$out"
      mkdir "$out/bin"
      ln -s "$out/opt/${vivaldiName}/${vivaldiName}" "$out/bin/vivaldi"
      mkdir -p "$out/share"
      cp -r usr/share/{applications,xfce4} "$out"/share
      substituteInPlace "$out"/share/applications/*.desktop \
        --replace /usr/bin/${vivaldiName} "$out"/bin/vivaldi
      substituteInPlace "$out"/share/applications/*.desktop \
        --replace vivaldi-stable vivaldi
      local d
      for d in 16 22 24 32 48 64 128 256; do
        mkdir -p "$out"/share/icons/hicolor/''${d}x''${d}/apps
        ln -s \
          "$out"/opt/${vivaldiName}/product_logo_''${d}.png \
          "$out"/share/icons/hicolor/''${d}x''${d}/apps/vivaldi.png
      done
      wrapProgram "$out/bin/vivaldi" \
        --add-flags ${lib.escapeShellArg commandLineArgs} \
        --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \
        --set-default FONTCONFIG_FILE "${fontconfig.out}/etc/fonts/fonts.conf" \
        --set-default FONTCONFIG_PATH "${fontconfig.out}/etc/fonts" \
        --suffix XDG_DATA_DIRS : ${gtk3}/share/gsettings-schemas/${gtk3.name}/ \
        ${lib.optionalString enableWidevine "--suffix LD_LIBRARY_PATH : ${libPath}"}
    ''
    + lib.optionalString enableWidevine ''
      ln -sf ${widevine-cdm}/share/google/chrome/WidevineCdm $out/opt/${vivaldiName}/WidevineCdm
    ''
    + ''
      runHook postInstall
    '';
  passthru.updateScript = ./update-vivaldi.sh;
  meta = with lib; {
    description = "Browser for our Friends, powerful and personal";
    homepage = "https://vivaldi.com";
    license = licenses.unfree;
    sourceProvenance = with sourceTypes; [ binaryNativeCode ];
    mainProgram = "vivaldi";
    maintainers = with maintainers; [
      otwieracz
      badmutex
    ];
-    platforms = [
+
-      "x86_64-linux"
+    dontWrapQtApps = true;
-      "aarch64-linux"
+
-    ];
+    buildInputs =
-  };
+      [
-}
+        stdenv.cc.cc
        stdenv.cc.libc
        zlib
        libX11
        libXt
        libXext
        libSM
        libICE
        libxcb
        libxkbcommon
        libxshmfence
        libXi
        libXft
        libXcursor
        libXfixes
        libXScrnSaver
        libXcomposite
        libXdamage
        libXtst
        libXrandr
        atk
        at-spi2-atk
        at-spi2-core
        alsa-lib
        dbus
        cups
        gtk3
        gdk-pixbuf
        libexif
        ffmpeg
        systemd
        libva
        qt5.qtbase
        freetype
        fontconfig
        libXrender
        libuuid
        expat
        glib
        nss
        nspr
        libGL
        libxml2
        pango
        cairo
        libdrm
        mesa
        vulkan-loader
        wayland
        pipewire
      ]
      ++ lib.optional proprietaryCodecs vivaldi-ffmpeg-codecs
      ++ lib.optional pulseSupport libpulseaudio
      ++ lib.optional kerberosSupport libkrb5;
    libPath =
      lib.makeLibraryPath buildInputs
      + lib.optionalString (stdenv.is64bit) (":" + lib.makeSearchPathOutput "lib" "lib64" buildInputs)
      + ":$out/opt/${vivaldiName}/lib";
    buildPhase =
      ''
        runHook preBuild
        echo "Patching Vivaldi binaries"
        for f in chrome_crashpad_handler vivaldi-bin vivaldi-sandbox ; do
          patchelf \
            --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
            --set-rpath "${libPath}" \
            opt/${vivaldiName}/$f
        done
        for f in libGLESv2.so libqt5_shim.so ; do
          patchelf --set-rpath "${libPath}" opt/${vivaldiName}/$f
        done
      ''
      + lib.optionalString proprietaryCodecs ''
        ln -s ${vivaldi-ffmpeg-codecs}/lib/libffmpeg.so opt/${vivaldiName}/libffmpeg.so.''${version%\.*\.*}
      ''
      + ''
        echo "Finished patching Vivaldi binaries"
        runHook postBuild
      '';
    dontPatchELF = true;
    dontStrip = true;
    installPhase =
      ''
        runHook preInstall
        mkdir -p "$out"
        cp -r opt "$out"
        mkdir "$out/bin"
        ln -s "$out/opt/${vivaldiName}/${vivaldiName}" "$out/bin/vivaldi"
        mkdir -p "$out/share"
        cp -r usr/share/{applications,xfce4} "$out"/share
        substituteInPlace "$out"/share/applications/*.desktop \
          --replace /usr/bin/${vivaldiName} "$out"/bin/vivaldi
        substituteInPlace "$out"/share/applications/*.desktop \
          --replace vivaldi-stable vivaldi
        local d
        for d in 16 22 24 32 48 64 128 256; do
          mkdir -p "$out"/share/icons/hicolor/''${d}x''${d}/apps
          ln -s \
            "$out"/opt/${vivaldiName}/product_logo_''${d}.png \
            "$out"/share/icons/hicolor/''${d}x''${d}/apps/vivaldi.png
        done
        wrapProgram "$out/bin/vivaldi" \
          --add-flags ${lib.escapeShellArg commandLineArgs} \
          --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \
          --set-default FONTCONFIG_FILE "${fontconfig.out}/etc/fonts/fonts.conf" \
          --set-default FONTCONFIG_PATH "${fontconfig.out}/etc/fonts" \
          --suffix XDG_DATA_DIRS : ${gtk3}/share/gsettings-schemas/${gtk3.name}/ \
          ${lib.optionalString enableWidevine "--suffix LD_LIBRARY_PATH : ${libPath}"}
      ''
      + lib.optionalString enableWidevine ''
        ln -sf ${widevine-cdm}/share/google/chrome/WidevineCdm $out/opt/${vivaldiName}/WidevineCdm
      ''
      + ''
        runHook postInstall
      '';
    passthru.updateScript = ./update-vivaldi.sh;
    meta = with lib; {
      description = "Browser for our Friends, powerful and personal";
      homepage = "https://vivaldi.com";
      license = licenses.unfree;
      sourceProvenance = with sourceTypes; [binaryNativeCode];
      mainProgram = "vivaldi";
      maintainers = with maintainers; [
        otwieracz
        badmutex
      ];
      platforms = [
        "x86_64-linux"
        "aarch64-linux"
      ];
    };
  }
--- a/nixos/overlays/vivaldi/ffmpeg-codecs.nix
+++ b/nixos/overlays/vivaldi/ffmpeg-codecs.nix
@ -4,7 +4,6 @@
  lib,
  stdenv,
 }:
 # This derivation roughly follows the update-ffmpeg script that ships with the official Vivaldi
 # downloads at https://vivaldi.com/download/
 stdenv.mkDerivation rec {
@ -16,7 +15,7 @@ stdenv.mkDerivation rec {
    hash = "sha256-a1peHhku+OaGvPyChvLdh6/7zT+v8OHNwt60QUq7VvU=";
  };
-  buildInputs = [ squashfsTools ];
+  buildInputs = [squashfsTools];
  unpackPhase = ''
    unsquashfs -dest . $src
@ -29,13 +28,13 @@ stdenv.mkDerivation rec {
  meta = with lib; {
    description = "Additional support for proprietary codecs for Vivaldi";
    homepage = "https://ffmpeg.org/";
-    sourceProvenance = with sourceTypes; [ binaryNativeCode ];
+    sourceProvenance = with sourceTypes; [binaryNativeCode];
    license = licenses.lgpl21;
    maintainers = with maintainers; [
      betaboon
      cawilliamson
      fptje
    ];
-    platforms = [ "x86_64-linux" ];
+    platforms = ["x86_64-linux"];
  };
 }
--- a/nixos/overlays/xpipe/ptb.nix
+++ b/nixos/overlays/xpipe/ptb.nix
@ -25,9 +25,7 @@
  util-linux,
  socat,
  hicolor-icon-theme,
-}:
+}: let
 let
  inherit (stdenvNoCC.hostPlatform) system;
  throwSystem = throw "Unsupported system: ${system}";
@ -36,99 +34,100 @@ let
      x86_64-linux = "x86_64";
      aarch64-linux = "arm64";
    }
-    .${system} or throwSystem;
+    .${system}
    or throwSystem;
  hash =
    {
      x86_64-linux = "sha256-O4gl0WulhDyqL9lDwqR1oxNAzVjHn+3q0UB8KP0/sBk=";
      aarch64-linux = "";
    }
-    .${system} or throwSystem;
+    .${system}
    or throwSystem;
  displayname = "XPipe PTB";
 in
-stdenvNoCC.mkDerivation rec {
+  stdenvNoCC.mkDerivation rec {
-  pname = "xpipe-ptb";
+    pname = "xpipe-ptb";
-  version = "13.0-10";
+    version = "13.0-10";
-  src = fetchzip {
+    src = fetchzip {
-    url = "https://github.com/xpipe-io/${pname}/releases/download/${version}/xpipe-portable-linux-${arch}.tar.gz";
+      url = "https://github.com/xpipe-io/${pname}/releases/download/${version}/xpipe-portable-linux-${arch}.tar.gz";
-    inherit hash;
+      inherit hash;
-  };
+    };
-  nativeBuildInputs = [
+    nativeBuildInputs = [
-    autoPatchelfHook
+      autoPatchelfHook
-    makeShellWrapper
+      makeShellWrapper
-  ];
+    ];
-  # Ignore libavformat dependencies as we don't need them
+    # Ignore libavformat dependencies as we don't need them
-  autoPatchelfIgnoreMissingDeps = true;
+    autoPatchelfIgnoreMissingDeps = true;
-  buildInputs = [
+    buildInputs = [
-    fontconfig
+      fontconfig
-    zlib
+      zlib
-    udev
+      udev
-    freetype
+      freetype
-    gtk3
+      gtk3
-    alsa-lib
+      alsa-lib
-    libX11
+      libX11
-    libX11
+      libX11
-    libXext
+      libXext
-    libXdamage
+      libXdamage
-    libXfixes
+      libXfixes
-    libxcb
+      libxcb
-    libXcomposite
+      libXcomposite
-    libXcursor
+      libXcursor
-    libXi
+      libXi
-    libXrender
+      libXrender
-    libXtst
+      libXtst
-    libXxf86vm
+      libXxf86vm
-  ];
+    ];
-  desktopItem = makeDesktopItem {
+    desktopItem = makeDesktopItem {
-    categories = [ "Network" ];
+      categories = ["Network"];
-    comment = "XPipe (Public Test Build) releases";
+      comment = "XPipe (Public Test Build) releases";
-    desktopName = displayname;
+      desktopName = displayname;
-    exec = "/opt/${pname}/cli/bin/xpipe open %U";
+      exec = "/opt/${pname}/cli/bin/xpipe open %U";
-    genericName = "Shell connection hub";
+      genericName = "Shell connection hub";
-    icon = "/opt/${pname}/logo.png";
+      icon = "/opt/${pname}/logo.png";
-    name = displayname;
+      name = displayname;
-  };
+    };
-  installPhase = ''
+    installPhase = ''
-    runHook preInstall
+      runHook preInstall
-    pkg="${pname}"
+      pkg="${pname}"
-    mkdir -p $out/opt/$pkg
+      mkdir -p $out/opt/$pkg
-    cp -r ./ $out/opt/$pkg
+      cp -r ./ $out/opt/$pkg
-    mkdir -p "$out/bin"
+      mkdir -p "$out/bin"
-    ln -s "$out/opt/$pkg/cli/bin/xpipe" "$out/bin/$pkg"
+      ln -s "$out/opt/$pkg/cli/bin/xpipe" "$out/bin/$pkg"
-    mkdir -p "$out/share/applications"
+      mkdir -p "$out/share/applications"
-    cp -r "${desktopItem}/share/applications/" "$out/share/"
+      cp -r "${desktopItem}/share/applications/" "$out/share/"
-    mkdir -p "$out/etc/bash_completion.d"
+      mkdir -p "$out/etc/bash_completion.d"
-    ln -s "$out/opt/$pkg/cli/xpipe_completion" "$out/etc/bash_completion.d/$pkg"
+      ln -s "$out/opt/$pkg/cli/xpipe_completion" "$out/etc/bash_completion.d/$pkg"
-    substituteInPlace "$out/share/applications/${displayname}.desktop" --replace "Exec=" "Exec=$out"
+      substituteInPlace "$out/share/applications/${displayname}.desktop" --replace "Exec=" "Exec=$out"
-    substituteInPlace "$out/share/applications/${displayname}.desktop" --replace "Icon=" "Icon=$out"
+      substituteInPlace "$out/share/applications/${displayname}.desktop" --replace "Icon=" "Icon=$out"
-    mv "$out/opt/$pkg/app/bin/xpiped" "$out/opt/$pkg/app/bin/xpiped_raw"
+      mv "$out/opt/$pkg/app/bin/xpiped" "$out/opt/$pkg/app/bin/xpiped_raw"
-    mv "$out/opt/$pkg/app/lib/app/xpiped.cfg" "$out/opt/$pkg/app/lib/app/xpiped_raw.cfg"
+      mv "$out/opt/$pkg/app/lib/app/xpiped.cfg" "$out/opt/$pkg/app/lib/app/xpiped_raw.cfg"
-    mv "$out/opt/$pkg/app/scripts/xpiped_debug.sh" "$out/opt/$pkg/app/scripts/xpiped_debug_raw.sh"
+      mv "$out/opt/$pkg/app/scripts/xpiped_debug.sh" "$out/opt/$pkg/app/scripts/xpiped_debug_raw.sh"
-    makeShellWrapper "$out/opt/$pkg/app/bin/xpiped_raw" "$out/opt/$pkg/app/bin/xpiped" \
+      makeShellWrapper "$out/opt/$pkg/app/bin/xpiped_raw" "$out/opt/$pkg/app/bin/xpiped" \
-      --prefix LD_LIBRARY_PATH : "${
+        --prefix LD_LIBRARY_PATH : "${
        lib.makeLibraryPath [
          fontconfig
          gtk3
          udev
        ]
      }"
-    makeShellWrapper "$out/opt/$pkg/app/scripts/xpiped_debug_raw.sh" "$out/opt/$pkg/app/scripts/xpiped_debug.sh" \
+      makeShellWrapper "$out/opt/$pkg/app/scripts/xpiped_debug_raw.sh" "$out/opt/$pkg/app/scripts/xpiped_debug.sh" \
-      --prefix LD_LIBRARY_PATH : "${
+        --prefix LD_LIBRARY_PATH : "${
        lib.makeLibraryPath [
          fontconfig
          gtk3
@ -136,24 +135,24 @@ stdenvNoCC.mkDerivation rec {
        ]
      }"
-    runHook postInstall
+      runHook postInstall
-  '';
+    '';
-  meta = with lib; {
+    meta = with lib; {
-    description = "XPipe (Public Test Build) releases";
+      description = "XPipe (Public Test Build) releases";
-    homepage = "https://github.com/xpipe-io/${pname}";
+      homepage = "https://github.com/xpipe-io/${pname}";
-    downloadPage = "https://github.com/xpipe-io/${pname}/releases/latest";
+      downloadPage = "https://github.com/xpipe-io/${pname}/releases/latest";
-    sourceProvenance = with sourceTypes; [ binaryNativeCode ];
+      sourceProvenance = with sourceTypes; [binaryNativeCode];
-    changelog = "https://github.com/xpipe-io/${pname}/releases/tag/${version}";
+      changelog = "https://github.com/xpipe-io/${pname}/releases/tag/${version}";
-    license = [
+      license = [
-      licenses.asl20
+        licenses.asl20
-      licenses.unfree
+        licenses.unfree
-    ];
+      ];
-    maintainers = with maintainers; [ crschnick ];
+      maintainers = with maintainers; [crschnick];
-    platforms = [
+      platforms = [
-      "x86_64-linux"
+        "x86_64-linux"
-      "aarch64-linux"
+        "aarch64-linux"
-    ];
+      ];
-    mainProgram = pname;
+      mainProgram = pname;
-  };
+    };
-}
+  }
--- a/nixos/overlays/zed-editor/default.nix
+++ b/nixos/overlays/zed-editor/default.nix
@ -1,15 +1,14 @@
-{ ... }:
+{...}: let
 let
  finalVersion = "0.149.3";
 in
-final: prev: {
+  final: prev: {
-  zed-editor = prev.zed-editor.overrideAttrs (oldAttrs: {
+    zed-editor = prev.zed-editor.overrideAttrs (oldAttrs: {
-    version = finalVersion;
+      version = finalVersion;
-    src = prev.fetchFromGithub {
+      src = prev.fetchFromGithub {
-      hash = "sha256-ed6/QQObmclSA36g+civhii1aFKTBSjqB+LOyp2LUPg=";
+        hash = "sha256-ed6/QQObmclSA36g+civhii1aFKTBSjqB+LOyp2LUPg=";
-    };
+      };
-    cargoLock = prev.outputHashes {
+      cargoLock = prev.outputHashes {
-      "blade-graphics-0.4.0" = "sha256-sGXhXmgtd7Wx/Gf7HCWro4RsQOGS4pQt8+S3T+2wMfY=";
+        "blade-graphics-0.4.0" = "sha256-sGXhXmgtd7Wx/Gf7HCWro4RsQOGS4pQt8+S3T+2wMfY=";
-    };
+      };
-  });
+    });
-}
+  }
--- a/nixos/profiles/disko-nixos.nix
+++ b/nixos/profiles/disko-nixos.nix
@ -1,8 +1,4 @@
-{
+{disks ? ["/dev/sda"], ...}: {
  disks ? [ "/dev/sda" ],
  ...
 }:
 {
  disko.devices = {
    disk = {
      main = {
--- a/nixos/profiles/global/nix.nix
+++ b/nixos/profiles/global/nix.nix
@ -1,5 +1,8 @@
 { lib, nixpkgs, ... }:
 {
  lib,
  nixpkgs,
  ...
 }: {
  ## Below is to align shell/system to flake's nixpkgs
  ## ref: https://nixos-and-flakes.thiscute.world/best-practices/nix-path-and-flake-registry
@ -10,7 +13,7 @@
    registry.nixpkgs.flake = nixpkgs;
    channel.enable = false; # remove nix-channel related tools & configs, we use flakes instead.
-    nixPath = [ "nixpkgs=${nixpkgs}" ];
+    nixPath = ["nixpkgs=${nixpkgs}"];
    settings = {
      # but NIX_PATH is still used by many useful tools, so we set it to the same value as the one used by this flake.
--- a/nixos/profiles/global/sops.nix
+++ b/nixos/profiles/global/sops.nix
@ -1,6 +1,5 @@
-{ ... }:
+{...}: {
-{
+  sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
  # Secret for machine-specific pushover
  sops.secrets = {
    "services/pushover/env" = {
--- a/nixos/profiles/global/system.nix
+++ b/nixos/profiles/global/system.nix
@ -1,5 +1,8 @@
 { lib, pkgs, ... }:
 {
  lib,
  pkgs,
  ...
 }: {
  system = {
    # Enable printing changes on nix build etc with nvd
    activationScripts.report-changes = ''
--- a/nixos/profiles/hw-generic-x86.nix
+++ b/nixos/profiles/hw-generic-x86.nix
@ -1,8 +1,10 @@
 { lib, pkgs, ... }:
 with lib;
 {
  lib,
  pkgs,
  ...
 }:
 with lib; {
  boot = {
    initrd.availableKernelModules = [
      "nvme"
      "xhci_pci"
@ -11,20 +13,18 @@ with lib;
      "usb_storage"
      "sd_mod"
    ];
-    kernelModules = [ ];
+    kernelModules = [];
-    extraModulePackages = [ ];
+    extraModulePackages = [];
    # for managing/mounting nfs
-    supportedFilesystems = [ "nfs" ];
+    supportedFilesystems = ["nfs"];
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
      grub.memtest86.enable = true;
    };
  };
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }
--- a/nixos/profiles/hw-hetzner-cax.nix
+++ b/nixos/profiles/hw-hetzner-cax.nix
@ -1,6 +1,5 @@
-{ lib, ... }:
+{lib, ...}: {
-{
+  imports = [];
  imports = [ ];
  boot = {
    loader.systemd-boot.enable = true;
@ -12,9 +11,9 @@
      "usbhid"
      "sr_mod"
    ];
-    initrd.kernelModules = [ ];
+    initrd.kernelModules = [];
-    kernelModules = [ ];
+    kernelModules = [];
-    extraModulePackages = [ ];
+    extraModulePackages = [];
  };
  mySystem = {
--- a/nixos/profiles/hw-hp-s01.nix
+++ b/nixos/profiles/hw-hp-s01.nix
@ -1,5 +1,4 @@
-{ lib, ... }:
+{lib, ...}: {
 {
  mySystem = {
    security.wheelNeedsSudoPassword = false;
  };
--- a/nixos/profiles/hw-supermicro.nix
+++ b/nixos/profiles/hw-supermicro.nix
@ -1,8 +1,11 @@
 { lib, pkgs, ... }:
 {
  lib,
  pkgs,
  ...
 }: {
  boot = {
    # for managing/mounting nfs
-    supportedFilesystems = [ "nfs" ];
+    supportedFilesystems = ["nfs"];
    loader = {
      grub = {
@ -11,7 +14,7 @@
        efiInstallAsRemovable = true;
        mirroredBoots = [
          {
-            devices = [ "nodev" ];
+            devices = ["nodev"];
            path = "/boot";
          }
        ];
--- a/nixos/profiles/role-server.nix
+++ b/nixos/profiles/role-server.nix
@ -1,7 +1,10 @@
 { lib, pkgs, ... }:
 # Role for headless servers
 with lib;
 {
  lib,
  pkgs,
  ...
 }:
 # Role for headless servers
 with lib; {
  config = {
    mySystem = {
      services.rebootRequiredCheck.enable = true;
@ -20,7 +23,7 @@ with lib;
    };
    environment = {
-      systemPackages = [ pkgs.unstable.lazygit ];
+      systemPackages = [pkgs.unstable.lazygit];
    };
    documentation = {
--- a/shell.nix
+++ b/shell.nix
@ -1,24 +1,24 @@
 # Need the unstable nixpkgs to get latest dev tools
 let
  nixpkgs = fetchTarball "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz";
-  pkgs = import nixpkgs { allowUnfree = true; };
+  pkgs = import nixpkgs {allowUnfree = true;};
 in
-pkgs.mkShell {
+  pkgs.mkShell {
-  # Enable experimental features without having to specify the argument
+    # Enable experimental features without having to specify the argument
-  NIX_CONFIG = "experimental-features = nix-command flakes";
+    NIX_CONFIG = "experimental-features = nix-command flakes";
-  shellHook = ''
+    shellHook = ''
-    export TMP=$(mktemp -d "/tmp/nix-shell-XXXXXX")
+      export TMP=$(mktemp -d "/tmp/nix-shell-XXXXXX")
-    export TEMP=$TMP
+      export TEMP=$TMP
-    export TMPDIR=$TMP
+      export TMPDIR=$TMP
-  '';
+    '';
-  nativeBuildInputs = with pkgs; [
+    nativeBuildInputs = with pkgs; [
-    cachix
+      cachix
-    git
+      git
-    gitleaks
+      gitleaks
-    go-task
+      go-task
-    pre-commit
+      pre-commit
-    sops
+      sops
-    statix
+      statix
-  ];
+    ];
-}
+  }