feat: introduce treefmt and fmt all

nix/os/devices/default.nix

@@ -1,20 +1,25 @@
 {
   dir,
-  pkgs ? import <channels-nixos-stable> {},
-  ownLib ? import ../lib/default.nix {inherit (pkgs) lib;},
+  pkgs ? import <channels-nixos-stable> { },
+  ownLib ? import ../lib/default.nix { inherit (pkgs) lib; },
   gitRoot ? "$(git rev-parse --show-toplevel)",
   # FIXME: why do these need explicit mentioning?
   moreargs ? "",
   rebuildarg ? "",
   ...
-} @ args: let
-  rebuildargsSudo = ["switch" "boot"];
-  rebuild = {
-    gitRoot,
-    rebuildarg ? "dry-activate",
-    moreargs ? "",
-    ...
-  }:
+}@args:
+let
+  rebuildargsSudo = [
+    "switch"
+    "boot"
+  ];
+  rebuild =
+    {
+      gitRoot,
+      rebuildarg ? "dry-activate",
+      moreargs ? "",
+      ...
+    }:
     pkgs.writeScript "script" ''
       #!/usr/bin/env bash
       set -xe
@@ -30,25 +35,24 @@
 
       ${
         if
-          (builtins.elem rebuildarg rebuildargsSudo)
-          && (builtins.match ".*--target-host.*" moreargs) == null
-        then "sudo -E \\"
-        else ""
+          (builtins.elem rebuildarg rebuildargsSudo) && (builtins.match ".*--target-host.*" moreargs) == null
+        then
+          "sudo -E \\"
+        else
+          ""
       }
       nixos-rebuild --show-trace -I nixos-config=''${NIXOS_CONFIG} ${rebuildarg} ${moreargs}
     '';
-in {
-  recipes =
-    {
-      rebuild =
-        rebuild {
-          inherit gitRoot;
-          inherit moreargs;
-          inherit rebuildarg;
-        }
-        # // pkgs.lib.attrsets.optionalAttrs (moreargs != "") { inherit moreargs; }
-        # // pkgs.lib.attrsets.optionalAttrs (rebuildarg != "") { inherit rebuildarg; }
-        ;
+in
+{
+  recipes = {
+    rebuild = rebuild {
+      inherit gitRoot;
+      inherit moreargs;
+      inherit rebuildarg;
     }
-    // (import ./disk.nix (args // {inherit pkgs ownLib gitRoot;}));
+    # // pkgs.lib.attrsets.optionalAttrs (moreargs != "") { inherit moreargs; }
+    # // pkgs.lib.attrsets.optionalAttrs (rebuildarg != "") { inherit rebuildarg; }
+    ;
+  } // (import ./disk.nix (args // { inherit pkgs ownLib gitRoot; }));
 }

nix/os/devices/disk.nix

@@ -3,40 +3,29 @@
   ownLib,
   dir,
   gitRoot,
-  diskId ?
-    (import ((builtins.getEnv "PWD") + "/${dir}/hw.nix")
-      {})
-    .hardware
-    .opinionatedDisk
-    .diskId,
+  diskId ? (import ((builtins.getEnv "PWD") + "/${dir}/hw.nix") { }).hardware.opinionatedDisk.diskId,
   encrypted ?
-    (import ((builtins.getEnv "PWD") + "/${dir}/hw.nix")
-      {})
-    .hardware
-    .opinionatedDisk
-    .encrypted,
+    (import ((builtins.getEnv "PWD") + "/${dir}/hw.nix") { }).hardware.opinionatedDisk.encrypted,
   previousDiskId ? "",
   ...
-}: let
+}:
+let
   mntRootVol = "/mnt/${diskId}-root";
-in rec {
+in
+rec {
   diskMount = pkgs.writeScript "script" ''
     #!/usr/bin/env bash
     set -xe
     echo Mounting ${diskId}
     ${pkgs.lib.strings.optionalString encrypted ''
-      sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${
-        ownLib.disk.luksName diskId
-      }
+      sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId}
     ''}
     sleep 1
     sudo vgchange -ay ${ownLib.disk.volumeGroup diskId}
     sudo mkdir -p /mnt
     sudo mkdir ${mntRootVol}
     sudo mount ${ownLib.disk.rootFsDevice diskId} ${mntRootVol}
-    sudo mount ${
-      ownLib.disk.rootFsDevice diskId
-    } ${mntRootVol}/nixos/home -o subvol=home
+    sudo mount ${ownLib.disk.rootFsDevice diskId} ${mntRootVol}/nixos/home -o subvol=home
     sudo mount ${ownLib.disk.bootFsDevice diskId} ${mntRootVol}/nixos/boot
   '';
 
@@ -73,9 +62,7 @@ in rec {
     #!/usr/bin/env bash
     set -xe
 
-    read -p "Continue to format ${
-      ownLib.disk.bootGrubDevice diskId
-    } (YES/n)? " choice
+    read -p "Continue to format ${ownLib.disk.bootGrubDevice diskId} (YES/n)? " choice
     case "$choice" in
       YES ) echo "Continuing in 3 seconds..."; sleep 3;;
       n|N ) echo "Exiting..."; exit 0;;
@@ -122,15 +109,11 @@ in rec {
     ${pkgs.lib.strings.optionalString encrypted ''
       # Encrypt
       sudo cryptsetup luksFormat ${ownLib.disk.bootLuksDevice diskId} -
-      sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${
-        ownLib.disk.luksName diskId
-      }
+      sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId}
     ''}
 
     # LVM
-    sudo vgcreate ${ownLib.disk.volumeGroup diskId} ${
-      ownLib.disk.lvmPv diskId encrypted
-    }
+    sudo vgcreate ${ownLib.disk.volumeGroup diskId} ${ownLib.disk.lvmPv diskId encrypted}
     sudo lvcreate ${ownLib.disk.volumeGroup diskId} -L 2G -n swap
     sudo lvcreate ${ownLib.disk.volumeGroup diskId} -l 100%FREE -n root
 
@@ -154,9 +137,7 @@ in rec {
     #!/usr/bin/env bash
     set -xe
 
-    read -p "Continue to relabel ${
-      ownLib.disk.bootGrubDevice diskId
-    } (YES/n)?" choice
+    read -p "Continue to relabel ${ownLib.disk.bootGrubDevice diskId} (YES/n)?" choice
     case "$choice" in
       YES ) echo "Continuing in 3 seconds..."; sleep 3;;
       n|N ) echo "Exiting..."; exit 0;;
@@ -187,13 +168,9 @@ in rec {
 
 
     if test "${previousDiskId}"; then
-      ${
-      pkgs.lib.strings.optionalString encrypted ''
-        sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${
-          ownLib.disk.luksName diskId
-        }
-      ''
-    }
+      ${pkgs.lib.strings.optionalString encrypted ''
+        sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId}
+      ''}
       sync
       sleep 1
       if sudo vgs ${previousDiskId}; then

nix/os/devices/elias-e525/boot.nix

@@ -1,4 +1,5 @@
-{lib, ...}: {
+{ lib, ... }:
+{
   boot.loader.grub.efiSupport = lib.mkForce false;
   boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
 }

nix/os/devices/elias-e525/configuration.nix

@@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
   imports = [
     ../../profiles/common/configuration.nix
     ../../profiles/graphical/configuration.nix

nix/os/devices/elias-e525/default.nix

@@ -3,17 +3,17 @@
   repoFlake,
   nodeFlake,
   ...
-}: let
+}:
+let
   system = "x86_64-linux";
-in {
+in
+{
   meta.nodeSpecialArgs.${nodeName} = {
     inherit repoFlake nodeName nodeFlake;
     packages' = repoFlake.packages.${system};
   };
 
-  meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath {
-    inherit system;
-  };
+  meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; };
 
   ${nodeName} = {
     deployment.targetHost = "elias-e525.lan";

nix/os/devices/elias-e525/flake.nix

@@ -6,5 +6,5 @@
     inputs.nixpkgs.follows = "nixpkgs";
   };
 
-  outputs = _: {};
+  outputs = _: { };
 }

nix/os/devices/elias-e525/hw.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   # TASK: new device
   hardware.opinionatedDisk = {
     enable = true;

nix/os/devices/elias-e525/pkg.nix

@@ -1,8 +1,5 @@
-{
-  pkgs,
-  lib,
-  ...
-}: let
+{ pkgs, lib, ... }:
+let
   homeEnv = keyboard: {
     imports = [
       ../../../home-manager/profiles/common.nix
@@ -22,26 +19,27 @@
       rustdesk
     ];
   };
-in {
-  services.gnome = builtins.mapAttrs (attr: value: lib.mkForce value) {
+in
+{
+  services.gnome = builtins.mapAttrs (_attr: value: lib.mkForce value) {
     gnome-remote-desktop.enable = true;
   };
 
   home-manager.users.steveej = homeEnv {
     layout = "en";
-    options = ["nodeadkey"];
+    options = [ "nodeadkey" ];
     variant = "altgr-intl";
   };
 
   home-manager.users.elias = homeEnv {
     layout = "de";
-    options = [];
+    options = [ ];
     variant = "";
   };
 
   home-manager.users.justyna = homeEnv {
     layout = "de";
-    options = [];
+    options = [ ];
     variant = "";
   };
 

nix/os/devices/elias-e525/system.nix

@@ -1,10 +1,5 @@
+{ pkgs, lib, ... }:
 {
-  pkgs,
-  lib,
-  config,
-  ...
-}: let
-in {
   # TASK: new device
   networking.hostName = "elias-e525"; # Define your hostname.
 
@@ -38,11 +33,13 @@ in {
     # udev.packages = [ pkgs.gnome3.gnome-settings-daemon ];
   };
 
-  security.pki.certificateFiles = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"];
+  security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
 
-  services.xserver.videoDrivers = ["modesetting"];
+  services.xserver.videoDrivers = [ "modesetting" ];
 
   boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
 
-  nix.gc = {automatic = true;};
+  nix.gc = {
+    automatic = true;
+  };
 }

nix/os/devices/elias-e525/user.nix

@@ -1,12 +1,9 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}: let
+{ config, pkgs, ... }:
+let
   keys = import ../../../variables/keys.nix;
-  inherit (pkgs.callPackage ../../lib/default.nix {}) mkUser;
-in {
+  inherit (pkgs.callPackage ../../lib/default.nix { }) mkUser;
+in
+{
   sops.secrets.sharedUsers-elias = {
     sopsFile = ../../../../secrets/shared-users.yaml;
     neededForUsers = true;

nix/os/devices/fwhost1/boot.nix

@@ -1,4 +1,5 @@
-{lib, ...}: {
+{ lib, ... }:
+{
   boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
   boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
 }

nix/os/devices/fwhost1/configuration.nix

@@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
   imports = [
     ../../profiles/common/configuration.nix
     ../../modules/opinionatedDisk.nix

nix/os/devices/fwhost1/hw.nix

@@ -1,5 +1,4 @@
-{...}: let
-in {
+_: {
   # TASK: new device
   hardware.opinionatedDisk = {
     enable = true;

nix/os/devices/fwhost1/pkg.nix

@@ -1,17 +1,17 @@
-{pkgs, ...}: {
-  nixpkgs.config.packageOverrides = pkgs:
-    with pkgs; {
-      nixPath =
-        (import ../../../default.nix {
-          versionsPath = ./versions.nix;
-        })
-        .nixPath;
+{ pkgs, ... }:
+{
+  nixpkgs.config.packageOverrides =
+    pkgs: with pkgs; {
+      inherit ((import ../../../default.nix { versionsPath = ./versions.nix; })) nixPath;
     };
   home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {
     inherit pkgs;
   };
 
-  environment.systemPackages = with pkgs; [iw wirelesstools];
+  environment.systemPackages = with pkgs; [
+    iw
+    wirelesstools
+  ];
 
   system.stateVersion = "21.11";
 }

nix/os/devices/fwhost1/system.nix

@@ -1,12 +1,8 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}: let
-  keys = import ../../../variables/keys.nix;
+{ pkgs, lib, ... }:
+let
   passwords = import ../../../variables/passwords.crypt.nix;
-in {
+in
+{
   # TASK: new device
   networking.hostName = "fwhost1"; # Define your hostname.
 
@@ -21,11 +17,14 @@ in {
   networking.firewall.logRefusedConnections = false;
   networking.usePredictableInterfaceNames = false;
 
-  networking.bridges.breth.interfaces = ["eth0" "eth1"];
+  networking.bridges.breth.interfaces = [
+    "eth0"
+    "eth1"
+  ];
   networking.bridges.breth.rstp = true;
 
   networking.defaultGateway.address = "172.172.171.10";
-  networking.nameservers = ["172.172.171.10"];
+  networking.nameservers = [ "172.172.171.10" ];
 
   # WAN interfaces, currently unused because the OPNsense guest acts as a router.
   networking.vlans.wan1.id = 3;

nix/os/devices/fwhost1/user.nix

@@ -1,9 +1 @@
-{
-  config,
-  pkgs,
-  ...
-}: let
-  passwords = import ../../../variables/passwords.crypt.nix;
-  keys = import ../../../variables/keys.nix;
-  inherit (import ../../lib/default.nix {}) mkUser;
-in {}
+_: { }

nix/os/devices/fwhost1/versions.nix

@@ -4,9 +4,12 @@ let
     ref = "nixos-21.11";
     rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb";
   };
-in {
+in
+{
   inherit nixpkgs;
-  nixos = nixpkgs // {suffix = "/nixos";};
+  nixos = nixpkgs // {
+    suffix = "/nixos";
+  };
   "channels-nixos-stable" = nixpkgs;
 
   "channels-nixos-unstable" = {

nix/os/devices/fwhost1/versions.tmpl.nix

@@ -6,9 +6,12 @@ let
       <% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
       ' -%>'';
   };
-in {
+in
+{
   inherit nixpkgs;
-  nixos = nixpkgs // {suffix = "/nixos";};
+  nixos = nixpkgs // {
+    suffix = "/nixos";
+  };
   "channels-nixos-stable" = nixpkgs;
 
   "channels-nixos-unstable" = {

nix/os/devices/fwhost2/boot.nix

@@ -1,4 +1,5 @@
-{lib, ...}: {
+{ lib, ... }:
+{
   boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
   boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
 }

nix/os/devices/fwhost2/configuration.nix

@@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
   imports = [
     ../../profiles/common/configuration.nix
     ../../modules/opinionatedDisk.nix

nix/os/devices/fwhost2/hw.nix

@@ -1,5 +1,4 @@
-{...}: let
-in {
+_: {
   # TASK: new device
   hardware.opinionatedDisk = {
     enable = true;

nix/os/devices/fwhost2/pkg.nix

@@ -1,17 +1,17 @@
-{pkgs, ...}: {
-  nixpkgs.config.packageOverrides = pkgs:
-    with pkgs; {
-      nixPath =
-        (import ../../../default.nix {
-          versionsPath = ./versions.nix;
-        })
-        .nixPath;
+{ pkgs, ... }:
+{
+  nixpkgs.config.packageOverrides =
+    pkgs: with pkgs; {
+      inherit ((import ../../../default.nix { versionsPath = ./versions.nix; })) nixPath;
     };
   home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {
     inherit pkgs;
   };
 
-  environment.systemPackages = with pkgs; [iw wirelesstools];
+  environment.systemPackages = with pkgs; [
+    iw
+    wirelesstools
+  ];
 
   system.stateVersion = "21.11";
 }

nix/os/devices/fwhost2/system.nix

@@ -1,13 +1,8 @@
-{
-  pkgs,
-  lib,
-  config,
-  utils,
-  ...
-}: let
-  keys = import ../../../variables/keys.nix;
+{ pkgs, lib, ... }:
+let
   passwords = import ../../../variables/passwords.crypt.nix;
-in {
+in
+{
   # TASK: new device
   networking.hostName = "fwhost2"; # Define your hostname.
 
@@ -22,11 +17,14 @@ in {
   networking.firewall.logRefusedConnections = false;
   networking.usePredictableInterfaceNames = false;
 
-  networking.bridges.breth.interfaces = ["eth0" "eth1"];
+  networking.bridges.breth.interfaces = [
+    "eth0"
+    "eth1"
+  ];
   networking.bridges.breth.rstp = true;
 
   networking.defaultGateway.address = "172.172.171.10";
-  networking.nameservers = ["172.172.171.10"];
+  networking.nameservers = [ "172.172.171.10" ];
 
   # WAN interfaces, currently unused because the OPNsense guest acts as a router.
   networking.vlans.wan1.id = 3;

nix/os/devices/fwhost2/user.nix

@@ -1,12 +1,4 @@
-{
-  config,
-  pkgs,
-  ...
-}: let
-  passwords = import ../../../variables/passwords.crypt.nix;
-  keys = import ../../../variables/keys.nix;
-  inherit (import ../../lib/default.nix {inherit (pkgs) lib;}) mkUser;
-in {
+_: {
   # users.extraUsers.steveej2 = mkUser {
   #   uid = 1001;
   #   openssh.authorizedKeys.keys = keys.users.steveej.openssh;

nix/os/devices/fwhost2/versions.nix

@@ -4,9 +4,12 @@ let
     ref = "nixos-21.11";
     rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb";
   };
-in {
+in
+{
   inherit nixpkgs;
-  nixos = nixpkgs // {suffix = "/nixos";};
+  nixos = nixpkgs // {
+    suffix = "/nixos";
+  };
   "channels-nixos-stable" = nixpkgs;
 
   "channels-nixos-unstable" = {

nix/os/devices/fwhost2/versions.tmpl.nix

@@ -6,9 +6,12 @@ let
       <% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
       ' -%>'';
   };
-in {
+in
+{
   inherit nixpkgs;
-  nixos = nixpkgs // {suffix = "/nixos";};
+  nixos = nixpkgs // {
+    suffix = "/nixos";
+  };
   "channels-nixos-stable" = nixpkgs;
 
   "channels-nixos-unstable" = {

nix/os/devices/hstk0/README.md

@@ -1,7 +1,6 @@
 ## bootstrapping
 
 ```
-# TODO: generate an SSH host-key and deploy it via --extra-files 
+# TODO: generate an SSH host-key and deploy it via --extra-files
 nixos-anywhere --flake .\#sj-bm-hostkey0 root@185.130.227.252
 ```
-

nix/os/devices/hstk0/configuration.nix

@@ -1,17 +1,14 @@
 {
-  modulesPath,
   repoFlake,
-  packages',
   pkgs,
   lib,
-  config,
   nodeFlake,
   nodeName,
   system,
   ...
-}: {
-  disabledModules = [
-  ];
+}:
+{
+  disabledModules = [ ];
 
   imports = [
     nodeFlake.inputs.disko.nixosModules.disko
@@ -28,9 +25,7 @@
     }
 
     ../../snippets/nix-settings.nix
-    {
-      nix.settings.sandbox = lib.mkForce "relaxed";
-    }
+    { nix.settings.sandbox = lib.mkForce "relaxed"; }
 
     ../../snippets/mycelium.nix
 
@@ -80,60 +75,58 @@
     nat.enable = true;
     firewall.enable = true;
 
-    firewall.allowedTCPPorts = [
-      5201
-    ];
-    firewall.allowedUDPPorts = [
-      5201
-    ];
+    firewall.allowedTCPPorts = [ 5201 ];
+    firewall.allowedUDPPorts = [ 5201 ];
   };
 
-  disko.devices = let
-    disk = id: {
-      type = "disk";
-      device = "/dev/${id}";
-      content = {
-        type = "gpt";
-        partitions = {
-          boot = {
-            size = "1M";
-            type = "EF02"; # for grub MBR
-          };
-          mdadm = {
-            size = "100%";
-            content = {
-              type = "mdraid";
-              name = "raid0";
+  disko.devices =
+    let
+      disk = id: {
+        type = "disk";
+        device = "/dev/${id}";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02"; # for grub MBR
+            };
+            mdadm = {
+              size = "100%";
+              content = {
+                type = "mdraid";
+                name = "raid0";
+              };
             };
           };
         };
       };
-    };
-  in {
-    disk = {
-      sda = disk "sda";
-      sdb = disk "sdb";
-    };
-    mdadm = {
-      raid0 = {
-        type = "mdadm";
-        level = 0;
-        content = {
-          type = "gpt";
-          partitions = {
-            primary = {
-              size = "100%";
-              content = {
-                type = "filesystem";
-                format = "btrfs";
-                mountpoint = "/";
+    in
+    {
+      disk = {
+        sda = disk "sda";
+        sdb = disk "sdb";
+      };
+      mdadm = {
+        raid0 = {
+          type = "mdadm";
+          level = 0;
+          content = {
+            type = "gpt";
+            partitions = {
+              primary = {
+                size = "100%";
+                content = {
+                  type = "filesystem";
+                  format = "btrfs";
+                  mountpoint = "/";
+                };
               };
             };
           };
         };
       };
     };
-  };
 
   system.stateVersion = "24.05";
 
@@ -149,7 +142,5 @@
 
   virtualisation.libvirtd.enable = true;
 
-  boot.binfmt.emulatedSystems = [
-    "aarch64-linux"
-  ];
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
 }

nix/os/devices/hstk0/default.nix

@@ -3,19 +3,22 @@
   repoFlake,
   nodeFlake,
   ...
-}: let
+}:
+let
   system = "x86_64-linux";
-in {
+in
+{
   meta.nodeSpecialArgs.${nodeName} = {
-    inherit repoFlake nodeName nodeFlake system;
+    inherit
+      repoFlake
+      nodeName
+      nodeFlake
+      system
+      ;
     packages' = repoFlake.packages.${system};
   };
 
-  meta.nodeNixpkgs.${nodeName} =
-    import nodeFlake.inputs.nixpkgs.outPath
-    {
-      inherit system;
-    };
+  meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; };
 
   ${nodeName} = {
     deployment.targetHost = "185.130.224.33";

nix/os/devices/hstk0/flake.nix

@@ -16,38 +16,37 @@
 
   # outputs = _: {};
 
-  outputs = {
-    self,
-    get-flake,
-    nixpkgs,
-    ...
-  } @ attrs: let
-    system = "x86_64-linux";
-    nodeName = "hostkey-0";
+  outputs =
+    {
+      self,
+      get-flake,
+      nixpkgs,
+      ...
+    }:
+    let
+      system = "x86_64-linux";
+      nodeName = "hostkey-0";
 
-    mkNixosConfiguration = {extraModules ? [], ...} @ attrs:
-      nixpkgs.lib.nixosSystem (
-        nixpkgs.lib.attrsets.recursiveUpdate
-        attrs
+      mkNixosConfiguration =
         {
-          specialArgs = {
-            nodeFlake = self;
-            repoFlake = get-flake ../../../..;
-            inherit nodeName;
-          };
+          extraModules ? [ ],
+          ...
+        }@attrs:
+        nixpkgs.lib.nixosSystem (
+          nixpkgs.lib.attrsets.recursiveUpdate attrs {
+            specialArgs = {
+              nodeFlake = self;
+              repoFlake = get-flake ../../../..;
+              inherit nodeName;
+            };
 
-          modules =
-            [
-              ./configuration.nix
-            ]
-            ++ extraModules;
-        }
-      );
-  in {
-    nixosConfigurations = {
-      native = mkNixosConfiguration {
-        inherit system;
+            modules = [ ./configuration.nix ] ++ extraModules;
+          }
+        );
+    in
+    {
+      nixosConfigurations = {
+        native = mkNixosConfiguration { inherit system; };
       };
     };
-  };
 }

nix/os/devices/hydra.json

@@ -1,16 +1,24 @@
 {
-    "enabled": 1,
-    "hidden": false,
-    "description": "Jobsets",
-    "nixexprinput": "src",
-    "nixexprpath": "default.nix",
-    "checkinterval": 300,
-    "schedulingshares": 100,
-    "enableemail": false,
-    "emailoverride": "",
-    "keepnr": 3,
-    "inputs": {
-        "src": { "type": "git", "value": "git://github.com/shlevy/declarative-hydra-example.git", "emailresponsible": false },
-        "nixpkgs": { "type": "git", "value": "git://github.com/NixOS/nixpkgs.git release-16.03", "emailresponsible": false }
+  "enabled": 1,
+  "hidden": false,
+  "description": "Jobsets",
+  "nixexprinput": "src",
+  "nixexprpath": "default.nix",
+  "checkinterval": 300,
+  "schedulingshares": 100,
+  "enableemail": false,
+  "emailoverride": "",
+  "keepnr": 3,
+  "inputs": {
+    "src": {
+      "type": "git",
+      "value": "git://github.com/shlevy/declarative-hydra-example.git",
+      "emailresponsible": false
+    },
+    "nixpkgs": {
+      "type": "git",
+      "value": "git://github.com/NixOS/nixpkgs.git release-16.03",
+      "emailresponsible": false
     }
+  }
 }

nix/os/devices/justyna-p300/boot.nix

@@ -1,4 +1,5 @@
-{lib, ...}: {
+{ lib, ... }:
+{
   boot.loader.grub.efiInstallAsRemovable = lib.mkForce false;
   boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
   boot.loader.grub.efiSupport = lib.mkForce false;

nix/os/devices/justyna-p300/configuration.nix

@@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
   imports = [
     ../../profiles/common/configuration.nix
     ../../profiles/graphical/configuration.nix

nix/os/devices/justyna-p300/default.nix

@@ -3,17 +3,17 @@
   repoFlake,
   nodeFlake,
   ...
-}: let
+}:
+let
   system = "x86_64-linux";
-in {
+in
+{
   meta.nodeSpecialArgs.${nodeName} = {
     inherit repoFlake nodeName nodeFlake;
     packages' = repoFlake.packages.${system};
   };
 
-  meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath {
-    inherit system;
-  };
+  meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; };
 
   ${nodeName} = {
     deployment.targetHost = nodeName;

nix/os/devices/justyna-p300/flake.nix

@@ -6,8 +6,8 @@
     inputs.nixpkgs.follows = "nixpkgs";
   };
 
-  inputs.disko.url = github:nix-community/disko;
+  inputs.disko.url = "github:nix-community/disko";
   inputs.disko.inputs.nixpkgs.follows = "nixpkgs";
 
-  outputs = _: {};
+  outputs = _: { };
 }

nix/os/devices/justyna-p300/hw.nix

@@ -1,12 +1,6 @@
+{ nodeFlake, ... }:
 {
-  repoFlake,
-  nodeFlake,
-  lib,
-  ...
-}: {
-  imports = [
-    nodeFlake.inputs.disko.nixosModules.disko
-  ];
+  imports = [ nodeFlake.inputs.disko.nixosModules.disko ];
 
   disko.devices.disk.sda = {
     device = "/dev/sda";
@@ -20,7 +14,7 @@
           start = "0";
           end = "1M";
           part-type = "primary";
-          flags = ["bios_grub"];
+          flags = [ "bios_grub" ];
         }
         {
           name = "root";
@@ -30,14 +24,14 @@
           bootable = true;
           content = {
             type = "btrfs";
-            extraArgs = ["-f"]; # Override existing partition
+            extraArgs = [ "-f" ]; # Override existing partition
             subvolumes = {
               # Subvolume name is different from mountpoint
               "/rootfs" = {
                 mountpoint = "/";
               };
               "/nix" = {
-                mountOptions = ["noatime"];
+                mountOptions = [ "noatime" ];
               };
             };
           };

nix/os/devices/justyna-p300/pkg.nix

@@ -3,7 +3,8 @@
   lib,
   packages',
   ...
-}: let
+}:
+let
   homeEnv = keyboard: {
     imports = [
       ../../../home-manager/profiles/common.nix
@@ -23,15 +24,19 @@
       rustdesk
     ];
   };
-in {
-  services.gnome = builtins.mapAttrs (attr: value: lib.mkForce value) {
+in
+{
+  services.gnome = builtins.mapAttrs (_attr: value: lib.mkForce value) {
     gnome-remote-desktop.enable = true;
   };
 
-  services.printing.drivers = lib.mkForce (with packages'; [
-    dcpj4110dwDriver
-    dcpj4110dwCupswrapper
-  ]);
+  services.printing.drivers = lib.mkForce (
+    with packages';
+    [
+      dcpj4110dwDriver
+      dcpj4110dwCupswrapper
+    ]
+  );
 
   services.printing.extraConf = ''
     LogLevel debug
@@ -39,31 +44,29 @@ in {
 
   home-manager.users.steveej = homeEnv {
     layout = "en";
-    options = ["nodeadkey"];
+    options = [ "nodeadkey" ];
     variant = "altgr-intl";
   };
 
   home-manager.users.elias = homeEnv {
     layout = "de";
-    options = [];
+    options = [ ];
     variant = "";
   };
 
   home-manager.users.justyna =
     lib.attrsets.recursiveUpdate
-    (homeEnv {
-      layout = "de";
-      options = [];
-      variant = "";
-    })
-    {
-      services.syncthing.enable = true;
-      services.syncthing.tray = true;
+      (homeEnv {
+        layout = "de";
+        options = [ ];
+        variant = "";
+      })
+      {
+        services.syncthing.enable = true;
+        services.syncthing.tray = true;
 
-      home.packages = with pkgs; [
-        session-desktop
-      ];
-    };
+        home.packages = with pkgs; [ session-desktop ];
+      };
 
   system.stateVersion = "21.11";
 }

nix/os/devices/justyna-p300/system.nix

@@ -1,11 +1,8 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}: let
+{ pkgs, lib, ... }:
+let
   passwords = import ../../../variables/passwords.crypt.nix;
-in {
+in
+{
   networking.firewall.enable = true;
   networking.firewall.allowedTCPPorts = [
     # iperf3
@@ -39,11 +36,13 @@ in {
     # udev.packages = [ pkgs.gnome3.gnome-settings-daemon ];
   };
 
-  security.pki.certificateFiles = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"];
+  security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
 
-  services.xserver.videoDrivers = ["modesetting"];
+  services.xserver.videoDrivers = [ "modesetting" ];
 
   boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
 
-  nix.gc = {automatic = true;};
+  nix.gc = {
+    automatic = true;
+  };
 }

nix/os/devices/justyna-p300/user.nix

@@ -1,11 +1,9 @@
-{
-  config,
-  pkgs,
-  ...
-}: let
+{ config, pkgs, ... }:
+let
   keys = import ../../../variables/keys.nix;
-  inherit (pkgs.callPackage ../../lib/default.nix {}) mkUser;
-in {
+  inherit (pkgs.callPackage ../../lib/default.nix { }) mkUser;
+in
+{
   sops.secrets.sharedUsers-elias = {
     sopsFile = ../../../../secrets/shared-users.yaml;
     neededForUsers = true;

nix/os/devices/router0-dmz0/default.nix

@@ -5,25 +5,24 @@
   nodeFlake,
   localDomainName ? "internal",
   ...
-}: {
+}:
+{
   meta.nodeSpecialArgs.${nodeName} = {
-    inherit repoFlake nodeName nodeFlake system;
+    inherit
+      repoFlake
+      nodeName
+      nodeFlake
+      system
+      ;
     packages' = repoFlake.packages.${system};
     nodePackages' = nodeFlake.packages.${system};
 
-    inherit
-      (nodeFlake.inputs.bpir3.packages.${system})
-      armTrustedFirmwareMT7986
-      ;
+    inherit (nodeFlake.inputs.bpir3.packages.${system}) armTrustedFirmwareMT7986;
 
     inherit localDomainName;
   };
 
-  meta.nodeNixpkgs.${nodeName} =
-    import nodeFlake.inputs.nixpkgs.outPath
-    {
-      inherit system;
-    };
+  meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; };
 
   ${nodeName} = {
     deployment.targetHost = "${nodeName}.${localDomainName}";

nix/os/devices/router0-dmz0/flake.nix

@@ -18,8 +18,8 @@
       # "github:steveej-forks/nakato_nixos-sbc/kernel-6.9_and_cross-compile"
       # "github:steveej-forks/nakato_nixos-sbc/kernel-6.10_and_cross-compile"
       "github:steveej-forks/nakato_nixos-sbc/kernel-6.10_and_cross-compile_mtkbump"
-      # "git+file:///home/steveej/src/others/nakato_nixos-sbc/"
-      ;
+    # "git+file:///home/steveej/src/others/nakato_nixos-sbc/"
+    ;
     nixos-sbc.inputs.nixpkgs.follows = "nixpkgs";
 
     nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall";
@@ -39,43 +39,34 @@
     # };
   };
 
-  outputs = {
-    self,
-    get-flake,
-    nixpkgs,
-    nixos-sbc,
-    ...
-  }: let
-    nativeSystem = "aarch64-linux";
-    nodeName = "router0-dmz0";
+  outputs =
+    {
+      self,
+      get-flake,
+      nixpkgs,
+      ...
+    }:
+    let
+      nativeSystem = "aarch64-linux";
+      nodeName = "router0-dmz0";
 
-    pkgs = nixpkgs.legacyPackages.${nativeSystem};
-    pkgsCross = import self.inputs.nixpkgs {
-      system = "x86_64-linux";
-      crossSystem = {
-        config = "aarch64-unknown-linux-gnu";
-      };
-    };
-
-    mkNixosConfiguration = {extraModules ? [], ...} @ attrs:
-      nixpkgs.lib.nixosSystem (
-        nixpkgs.lib.attrsets.recursiveUpdate
-        attrs
+      mkNixosConfiguration =
         {
-          specialArgs =
-            (import ./default.nix {
-              system = nativeSystem;
-              inherit nodeName;
+          extraModules ? [ ],
+          ...
+        }@attrs:
+        nixpkgs.lib.nixosSystem (
+          nixpkgs.lib.attrsets.recursiveUpdate attrs {
+            specialArgs =
+              (import ./default.nix {
+                system = nativeSystem;
+                inherit nodeName;
 
-              repoFlake = get-flake ../../../..;
-              nodeFlake = self;
-            })
-            .meta
-            .nodeSpecialArgs
-            .${nodeName};
+                repoFlake = get-flake ../../../..;
+                nodeFlake = self;
+              }).meta.nodeSpecialArgs.${nodeName};
 
-          modules =
-            [
+            modules = [
               ./configuration.nix
 
               # flake registry
@@ -83,34 +74,30 @@
                 nixpkgs.overlays = builtins.attrValues self.overlays;
                 nix.registry.nixpkgs.flake = nixpkgs;
               }
-            ]
-            ++ extraModules;
-        }
-      );
-  in {
-    nixosConfigurations = {
-      native = mkNixosConfiguration {
-        system = nativeSystem;
-      };
-
-      cross = mkNixosConfiguration {
-        extraModules = [
-          {
-            nixpkgs.buildPlatform.system = "x86_64-linux";
-            nixpkgs.hostPlatform.system = nativeSystem;
+            ] ++ extraModules;
           }
-        ];
-      };
-    };
+        );
+    in
+    {
+      nixosConfigurations = {
+        native = mkNixosConfiguration { system = nativeSystem; };
 
-    overlays.default = final: previous: {
-      hostapd = previous.hostapd.overrideDerivation (attrs: {
-        patches =
-          attrs.patches
-          ++ [
+        cross = mkNixosConfiguration {
+          extraModules = [
+            {
+              nixpkgs.buildPlatform.system = "x86_64-linux";
+              nixpkgs.hostPlatform.system = nativeSystem;
+            }
+          ];
+        };
+      };
+
+      overlays.default = _final: previous: {
+        hostapd = previous.hostapd.overrideDerivation (attrs: {
+          patches = attrs.patches ++ [
             "${self.inputs.openwrt}/package/network/services/hostapd/patches/710-vlan_no_bridge.patch"
           ];
-      });
+        });
+      };
     };
-  };
 }

nix/os/devices/router0-hosthatch/configuration.nix

@@ -5,11 +5,11 @@
   config,
   nodeFlake,
   nodeName,
-  localDomainName,
   system,
   variables,
   ...
-}: {
+}:
+{
   system.stateVersion = "24.05";
 
   imports = [
@@ -48,7 +48,7 @@
       boot.loader.grub.efiSupport = false;
 
       # forcing seems required or else there's an error about duplicated devices
-      boot.loader.grub.devices = lib.mkForce ["/dev/vda"];
+      boot.loader.grub.devices = lib.mkForce [ "/dev/vda" ];
 
       disko.devices.disk.vda = {
         device = "/dev/vda";
@@ -64,14 +64,14 @@
               size = "100%";
               content = {
                 type = "btrfs";
-                extraArgs = ["-f"]; # Override existing partition
+                extraArgs = [ "-f" ]; # Override existing partition
                 subvolumes = {
                   # Subvolume name is different from mountpoint
                   "/rootfs" = {
                     mountpoint = "/";
                   };
                   "/nix" = {
-                    mountOptions = ["noatime"];
+                    mountOptions = [ "noatime" ];
                     mountpoint = "/nix";
                   };
                   "/boot" = {
@@ -156,9 +156,7 @@
       interface = "eth0";
       address = variables.ipv4gateway;
     };
-    nameservers = [
-      variables.ipv4dns
-    ];
+    nameservers = [ variables.ipv4dns ];
 
     # these will be configured via nftables
     nat.enable = lib.mkForce false;
@@ -176,17 +174,20 @@
         snippets.nnf-common.enable = true;
 
         zones.wan = {
-          interfaces = ["eth0"];
+          interfaces = [ "eth0" ];
         };
 
         zones.vpn = {
-          interfaces = ["wg0" "wg1"];
+          interfaces = [
+            "wg0"
+            "wg1"
+          ];
         };
 
         rules = {
           to-fw = {
             from = "all";
-            to = ["fw"];
+            to = [ "fw" ];
             verdict = "drop";
 
             allowedTCPPorts = [
@@ -202,8 +203,8 @@
           };
 
           vpn-to-wan-nat = {
-            from = ["vpn"];
-            to = ["wan"];
+            from = [ "vpn" ];
+            to = [ "wan" ];
             masquerade = true;
             verdict = "accept";
           };
@@ -283,9 +284,7 @@
   systemd.network.networks.wg0 = {
     enable = true;
     matchConfig.Name = "wg0";
-    address = [
-      "10.0.1.0/31"
-    ];
+    address = [ "10.0.1.0/31" ];
 
     routes = [
       {
@@ -299,9 +298,7 @@
   systemd.network.networks.wg1 = {
     enable = true;
     matchConfig.Name = "wg1";
-    address = [
-      "10.0.1.2/31"
-    ];
+    address = [ "10.0.1.2/31" ];
 
     routes = [
       {

nix/os/devices/router0-hosthatch/default.nix

@@ -4,20 +4,24 @@
   repoFlake,
   nodeFlake,
   ...
-}: let
+}:
+let
   variables = import ./variables.crypt.nix;
-in {
+in
+{
   meta.nodeSpecialArgs.${nodeName} = {
-    inherit repoFlake nodeName nodeFlake system variables;
+    inherit
+      repoFlake
+      nodeName
+      nodeFlake
+      system
+      variables
+      ;
     packages' = repoFlake.packages.${system};
     nodePackages' = nodeFlake.packages.${system};
   };
 
-  meta.nodeNixpkgs.${nodeName} =
-    import nodeFlake.inputs.nixpkgs.outPath
-    {
-      inherit system;
-    };
+  meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; };
 
   ${nodeName} = {
     deployment.targetHost = variables.ipv4;

nix/os/devices/router0-hosthatch/flake.nix

@@ -15,5 +15,5 @@
     nixos-nftables-firewall.inputs.nixpkgs.follows = "nixpkgs";
   };
 
-  outputs = _: {};
+  outputs = _: { };
 }

nix/os/devices/router0-ifog/configuration.nix

@@ -5,11 +5,11 @@
   config,
   nodeFlake,
   nodeName,
-  localDomainName,
   system,
   variables,
   ...
-}: {
+}:
+{
   system.stateVersion = "23.11";
 
   imports = [
@@ -48,7 +48,7 @@
       boot.loader.grub.efiSupport = false;
 
       # forcing seems required or else there's an error about duplicated devices
-      boot.loader.grub.devices = lib.mkForce ["/dev/vda"];
+      boot.loader.grub.devices = lib.mkForce [ "/dev/vda" ];
 
       disko.devices.disk.vda = {
         device = "/dev/vda";
@@ -64,14 +64,14 @@
               size = "100%";
               content = {
                 type = "btrfs";
-                extraArgs = ["-f"]; # Override existing partition
+                extraArgs = [ "-f" ]; # Override existing partition
                 subvolumes = {
                   # Subvolume name is different from mountpoint
                   "/rootfs" = {
                     mountpoint = "/";
                   };
                   "/nix" = {
-                    mountOptions = ["noatime"];
+                    mountOptions = [ "noatime" ];
                     mountpoint = "/nix";
                   };
                   "/boot" = {
@@ -156,9 +156,7 @@
       interface = "eth0";
       address = variables.ipv4gateway;
     };
-    nameservers = [
-      variables.ipv4dns
-    ];
+    nameservers = [ variables.ipv4dns ];
 
     # these will be configured via nftables
     nat.enable = lib.mkForce false;
@@ -176,17 +174,20 @@
         snippets.nnf-common.enable = true;
 
         zones.wan = {
-          interfaces = ["eth0"];
+          interfaces = [ "eth0" ];
         };
 
         zones.vpn = {
-          interfaces = ["wg0" "wg1"];
+          interfaces = [
+            "wg0"
+            "wg1"
+          ];
         };
 
         rules = {
           to-fw = {
             from = "all";
-            to = ["fw"];
+            to = [ "fw" ];
             verdict = "drop";
 
             allowedTCPPorts = [
@@ -202,8 +203,8 @@
           };
 
           vpn-to-wan-nat = {
-            from = ["vpn"];
-            to = ["wan"];
+            from = [ "vpn" ];
+            to = [ "wan" ];
             masquerade = true;
             verdict = "accept";
           };
@@ -283,9 +284,7 @@
   systemd.network.networks.wg0 = {
     enable = true;
     matchConfig.Name = "wg0";
-    address = [
-      "10.0.0.0/31"
-    ];
+    address = [ "10.0.0.0/31" ];
 
     routes = [
       {
@@ -299,9 +298,7 @@
   systemd.network.networks.wg1 = {
     enable = true;
     matchConfig.Name = "wg1";
-    address = [
-      "10.0.0.2/31"
-    ];
+    address = [ "10.0.0.2/31" ];
 
     routes = [
       {

nix/os/devices/router0-ifog/default.nix

@@ -4,20 +4,24 @@
   repoFlake,
   nodeFlake,
   ...
-}: let
+}:
+let
   variables = import ./variables.crypt.nix;
-in {
+in
+{
   meta.nodeSpecialArgs.${nodeName} = {
-    inherit repoFlake nodeName nodeFlake system variables;
+    inherit
+      repoFlake
+      nodeName
+      nodeFlake
+      system
+      variables
+      ;
     packages' = repoFlake.packages.${system};
     nodePackages' = nodeFlake.packages.${system};
   };
 
-  meta.nodeNixpkgs.${nodeName} =
-    import nodeFlake.inputs.nixpkgs.outPath
-    {
-      inherit system;
-    };
+  meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; };
 
   ${nodeName} = {
     deployment.targetHost = variables.ipv4;

nix/os/devices/router0-ifog/flake.nix

@@ -15,5 +15,5 @@
     nixos-nftables-firewall.inputs.nixpkgs.follows = "nixpkgs";
   };
 
-  outputs = _: {};
+  outputs = _: { };
 }

nix/os/devices/sj-srv1/boot.nix

@@ -1,3 +1 @@
-{lib, ...}: {
-  boot.extraModulePackages = [];
-}
+_: { boot.extraModulePackages = [ ]; }

nix/os/devices/sj-srv1/configuration.nix

@@ -1,10 +1,6 @@
+{ nodeName, config, ... }:
 {
-  nodeName,
-  config,
-  pkgs,
-  ...
-}: {
-  disabledModules = [];
+  disabledModules = [ ];
   imports = [
     ../../profiles/common/configuration.nix
     {

nix/os/devices/sj-srv1/default.nix

@@ -3,17 +3,17 @@
   repoFlake,
   nodeFlake,
   ...
-}: let
+}:
+let
   system = "x86_64-linux";
-in {
+in
+{
   meta.nodeSpecialArgs.${nodeName} = {
     inherit repoFlake nodeName nodeFlake;
     packages' = repoFlake.packages.${system};
   };
 
-  meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath {
-    inherit system;
-  };
+  meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; };
 
   ${nodeName} = {
     deployment.targetHost = "${nodeName}.dmz.internal";

nix/os/devices/sj-srv1/flake.nix

@@ -12,5 +12,5 @@
   inputs.nixpkgs_forgejo.url = "github:NixOS/nixpkgs/af4ac075a3e97cb239078e187112afdf380cd47b";
   # nixpkgs_forgejo.url = "github:steveej-forks/nixpkgs/9c3519ab3beb11b8d997281f8922330f707df419";
 
-  outputs = _: {};
+  outputs = _: { };
 }

nix/os/devices/sj-srv1/hw.nix

@@ -1,4 +1,5 @@
-{...}: let
+_:
+let
   stage1Modules = [
     "virtio_balloon"
     "virtio_scsi"
@@ -38,7 +39,8 @@
     "cdc_ether"
     "uas"
   ];
-in {
+in
+{
   hardware.opinionatedDisk = {
     enable = true;
     encrypted = false;

nix/os/devices/sj-srv1/system.nix

@@ -6,29 +6,29 @@
   nodeFlake,
   nodeName,
   ...
-}: let
+}:
+let
   hostBridgeAddress = "192.168.101.1";
-in {
+in
+{
   imports = [
     ../../snippets/systemd-resolved.nix
     {
       # make sure it uses the DNS that comes in via DHCP
-      networking.nameservers = lib.mkForce [];
+      networking.nameservers = lib.mkForce [ ];
       services.resolved.enable = true;
 
       # provide DNS to the containers
       services.resolved.extraConfig = ''
         DNSStubListenerExtra=${hostBridgeAddress}
       '';
-      networking.firewall.interfaces.br0.allowedTCPPorts = [53];
-      networking.firewall.interfaces.br0.allowedUDPPorts = [53];
+      networking.firewall.interfaces.br0.allowedTCPPorts = [ 53 ];
+      networking.firewall.interfaces.br0.allowedUDPPorts = [ 53 ];
     }
   ];
 
   programs.wireshark.enable = true;
-  environment.systemPackages = [
-    pkgs.dnsutils
-  ];
+  environment.systemPackages = [ pkgs.dnsutils ];
 
   networking.firewall.enable = true;
   networking.nftables.enable = true;
@@ -48,13 +48,13 @@ in {
 
   networking.nat = {
     enable = true;
-    internalInterfaces = ["br0"];
+    internalInterfaces = [ "br0" ];
     externalInterface = "dmz0";
   };
 
   networking.bridges = {
     br0 = {
-      interfaces = [];
+      interfaces = [ ];
     };
   };
   networking.interfaces = {
@@ -89,9 +89,7 @@ in {
     networkConfig.LinkLocalAddressing = "no";
 
     # TODO: i'm not sure if and if so why this is required
-    macvlan = [
-      "dmz0"
-    ];
+    macvlan = [ "dmz0" ];
 
     DHCP = "no";
   };
@@ -111,45 +109,49 @@ in {
   };
 
   # virtualization
-  virtualisation = {docker.enable = false;};
+  virtualisation = {
+    docker.enable = false;
+  };
 
-  nix.gc = {automatic = true;};
+  nix.gc = {
+    automatic = true;
+  };
 
   sops.secrets.restic-password.sopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
 
   # adapted from https://github.com/lilyinstarlight/foosteros/blob/5c75ded111878970fd4f600c7adc013f971d5e71/config/restic.nix
-  services.restic.backups.${nodeName} = let
-    btrfs = "${pkgs.btrfs-progs}/bin/btrfs";
-  in {
-    initialize = true;
-    repository = "sftp://u217879-sub3@u217879-sub3.your-storagebox.de:23/restic/${nodeName}";
+  services.restic.backups.${nodeName} =
+    let
+      btrfs = "${pkgs.btrfs-progs}/bin/btrfs";
+    in
+    {
+      initialize = true;
+      repository = "sftp://u217879-sub3@u217879-sub3.your-storagebox.de:23/restic/${nodeName}";
 
-    paths = [
-      "/backup"
-    ];
+      paths = [ "/backup" ];
 
-    pruneOpts = [
-      "--keep-daily 7"
-      "--keep-weekly 5"
-      "--keep-monthly 12"
-      "--keep-yearly 2"
-    ];
+      pruneOpts = [
+        "--keep-daily 7"
+        "--keep-weekly 5"
+        "--keep-monthly 12"
+        "--keep-yearly 2"
+      ];
 
-    timerConfig = {
-      OnCalendar = lib.mkDefault "daily";
-      Persistent = true;
+      timerConfig = {
+        OnCalendar = lib.mkDefault "daily";
+        Persistent = true;
+      };
+
+      passwordFile = config.sops.secrets.restic-password.path;
+
+      backupPrepareCommand = ''
+        ${btrfs} su snapshot -r /var/lib/container-volumes /backup/container-volumes
+      '';
+      backupCleanupCommand = ''
+        ${btrfs} su delete /backup/container-volumes
+      '';
     };
 
-    passwordFile = config.sops.secrets.restic-password.path;
-
-    backupPrepareCommand = ''
-      ${btrfs} su snapshot -r /var/lib/container-volumes /backup/container-volumes
-    '';
-    backupCleanupCommand = ''
-      ${btrfs} su delete /backup/container-volumes
-    '';
-  };
-
   containers = {
     mailserver = import ../../containers/mailserver.nix {
       specialArgs = {
@@ -167,25 +169,23 @@ in {
       sievePort = 4190;
     };
 
-    webserver =
-      import ../../containers/webserver.nix
-      {
-        specialArgs = {
-          inherit repoFlake nodeFlake;
-          hostAddress = hostBridgeAddress;
-        };
-
-        autoStart = true;
-
-        hostBridge = "br0";
+    webserver = import ../../containers/webserver.nix {
+      specialArgs = {
+        inherit repoFlake nodeFlake;
         hostAddress = hostBridgeAddress;
-        localAddress = "192.168.101.11/24";
-
-        httpPort = 80;
-        httpsPort = 443;
-        forgejoSshPort = 2222;
       };
 
+      autoStart = true;
+
+      hostBridge = "br0";
+      hostAddress = hostBridgeAddress;
+      localAddress = "192.168.101.11/24";
+
+      httpPort = 80;
+      httpsPort = 443;
+      forgejoSshPort = 2222;
+    };
+
     syncthing = import ../../containers/syncthing.nix {
       specialArgs = {
         inherit repoFlake nodeFlake;

nix/os/devices/sj-vps-htz0/boot.nix

@@ -1,4 +1,5 @@
-{lib, ...}: {
+{ lib, ... }:
+{
   boot.loader.grub.efiSupport = lib.mkForce false;
-  boot.extraModulePackages = [];
+  boot.extraModulePackages = [ ];
 }

nix/os/devices/sj-vps-htz0/configuration.nix

@@ -1,10 +1,6 @@
+{ nodeName, config, ... }:
 {
-  nodeName,
-  config,
-  pkgs,
-  ...
-}: {
-  disabledModules = [];
+  disabledModules = [ ];
   imports = [
     ../../profiles/common/configuration.nix
     {

nix/os/devices/sj-vps-htz0/default.nix

@@ -3,17 +3,17 @@
   repoFlake,
   nodeFlake,
   ...
-}: let
+}:
+let
   system = "x86_64-linux";
-in {
+in
+{
   meta.nodeSpecialArgs.${nodeName} = {
     inherit repoFlake nodeName nodeFlake;
     packages' = repoFlake.packages.${system};
   };
 
-  meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath {
-    inherit system;
-  };
+  meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; };
 
   ${nodeName} = {
     deployment.targetHost = "${nodeName}.infra.stefanjunker.de";

nix/os/devices/sj-vps-htz0/flake.nix

@@ -8,5 +8,5 @@
     inputs.nixpkgs.follows = "nixpkgs";
   };
 
-  outputs = _: {};
+  outputs = _: { };
 }

nix/os/devices/sj-vps-htz0/hw.nix

@@ -1,4 +1,5 @@
-{...}: let
+_:
+let
   stage1Modules = [
     "virtio_balloon"
     "virtio_scsi"
@@ -14,7 +15,8 @@
     "pata_acpi"
     "ata_generic"
   ];
-in {
+in
+{
   hardware.opinionatedDisk = {
     enable = true;
     encrypted = false;

nix/os/devices/sj-vps-htz0/system.nix

@@ -1,16 +1,14 @@
 {
   pkgs,
-  lib,
   config,
-  repoFlake,
   nodeName,
   ...
-}: let
+}:
+let
   wireguardPort = 51820;
-in {
-  imports = [
-    ../../snippets/systemd-resolved.nix
-  ];
+in
+{
+  imports = [ ../../snippets/systemd-resolved.nix ];
 
   networking.firewall.enable = true;
   networking.nftables.enable = true;
@@ -19,9 +17,7 @@ in {
     # iperf3
     5201
   ];
-  networking.firewall.allowedUDPPorts = [
-    wireguardPort
-  ];
+  networking.firewall.allowedUDPPorts = [ wireguardPort ];
 
   networking.firewall.logRefusedConnections = false;
 
@@ -38,7 +34,7 @@ in {
         "prefixLength" = 29;
       }
     ];
-    ipv6.addresses = [];
+    ipv6.addresses = [ ];
   };
 
   networking.defaultGateway = {
@@ -53,7 +49,10 @@ in {
 
   networking.nat = {
     enable = true;
-    internalInterfaces = ["ve-*" "wg*"];
+    internalInterfaces = [
+      "ve-*"
+      "wg*"
+    ];
     externalInterface = "eth0";
   };
 
@@ -70,15 +69,12 @@ in {
   networking.wireguard.interfaces.wg0 = {
     # eth0 MTU (1400) - 80
     mtu = 1320;
-    ips = [
-      "192.168.99.1/31"
-    ];
-    listenPort =
-      wireguardPort;
+    ips = [ "192.168.99.1/31" ];
+    listenPort = wireguardPort;
     privateKeyFile = config.sops.secrets.wg0-private.path;
     peers = [
       {
-        allowedIPs = ["192.168.99.2/32"];
+        allowedIPs = [ "192.168.99.2/32" ];
         publicKey = "O3k4jEdX6jkV1fHP/J8KSH5tvi+n1VvnBTD5na6Naw0=";
         presharedKeyFile = config.sops.secrets.wg0-psk-steveej-psk.path;
       }
@@ -86,14 +82,18 @@ in {
   };
 
   # virtualization
-  virtualisation = {docker.enable = false;};
+  virtualisation = {
+    docker.enable = false;
+  };
 
   services.spice-vdagentd.enable = true;
   services.qemuGuest.enable = true;
 
-  nix.gc = {automatic = true;};
+  nix.gc = {
+    automatic = true;
+  };
 
-  containers = {};
+  containers = { };
 
   home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {
     inherit pkgs;

nix/os/devices/srv0-dmz0/README.md

@@ -1,7 +1,6 @@
 ## bootstrapping
 
 ```
-# TODO: generate an SSH host-key and deploy it via --extra-files 
+# TODO: generate an SSH host-key and deploy it via --extra-files
 nixos-anywhere --flake .\#srv0-dmz0 root@srv0.dmz0.noosphere.life
 ```
-

nix/os/devices/srv0-dmz0/configuration.nix

@@ -1,14 +1,14 @@
 {
   modulesPath,
   repoFlake,
-  packages',
-  pkgs,
   config,
   ...
-}: let
+}:
+let
   disk = "/dev/disk/by-id/ata-INTEL_SSDSC2BW240A4_PHDA435602332403GN";
-in {
-  disabledModules = [];
+in
+{
+  disabledModules = [ ];
   imports = [
     repoFlake.inputs.disko.nixosModules.disko
     repoFlake.inputs.srvos.nixosModules.server
@@ -23,7 +23,7 @@ in {
   ];
 
   ## bare-metal machines
-  srvos.boot.consoles = ["tty0"];
+  srvos.boot.consoles = [ "tty0" ];
   boot.loader.grub.enable = false;
   boot.loader.efi.canTouchEfiVariables = false;
 
@@ -39,7 +39,7 @@ in {
           start = "0";
           end = "1M";
           part-type = "primary";
-          flags = ["bios_grub"];
+          flags = [ "bios_grub" ];
         }
         {
           name = "ESP";
@@ -60,14 +60,14 @@ in {
           bootable = true;
           content = {
             type = "btrfs";
-            extraArgs = ["-f"]; # Override existing partition
+            extraArgs = [ "-f" ]; # Override existing partition
             subvolumes = {
               # Subvolume name is different from mountpoint
               "/rootfs" = {
                 mountpoint = "/";
               };
               "/nix" = {
-                mountOptions = ["noatime"];
+                mountOptions = [ "noatime" ];
               };
             };
           };
@@ -109,7 +109,7 @@ in {
 
   networking.nat = {
     enable = true;
-    internalInterfaces = ["ve-+"];
+    internalInterfaces = [ "ve-+" ];
     externalInterface = "eth0";
   };
 
@@ -119,9 +119,11 @@ in {
   # virtualization
   # virtualisation = {docker.enable = true;};
 
-  nix.gc = {automatic = true;};
+  nix.gc = {
+    automatic = true;
+  };
 
-  containers = {};
+  containers = { };
 
   # sops.secrets.holochain-nomad-agent-ca = {
   #   sopsFile = ../../../../secrets/holochain-infra/nomad.yaml;

nix/os/devices/srv0-dmz0/default.nix

@@ -3,17 +3,17 @@
   repoFlake,
   nodeFlake,
   ...
-}: let
+}:
+let
   system = "x86_64-linux";
-in {
+in
+{
   meta.nodeSpecialArgs.${nodeName} = {
     inherit repoFlake nodeName nodeFlake;
     packages' = repoFlake.packages.${system};
   };
 
-  meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath {
-    inherit system;
-  };
+  meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; };
 
   ${nodeName} = {
     deployment.targetHost = "srv0.dmz0.noosphere.life";

nix/os/devices/srv0-dmz0/flake.nix

@@ -8,5 +8,5 @@
     inputs.nixpkgs.follows = "nixpkgs";
   };
 
-  outputs = _: {};
+  outputs = _: { };
 }

nix/os/devices/srv0.home-ch.stefanjunker.de/boot.nix

@@ -1,4 +1,4 @@
-{lib, ...}: {
+_: {
   boot.loader.grub.efiSupport = true;
-  boot.extraModulePackages = [];
+  boot.extraModulePackages = [ ];
 }

nix/os/devices/srv0.home-ch.stefanjunker.de/configuration.nix

@@ -1,5 +1,6 @@
-{...}: {
-  disabledModules = [];
+{ ... }:
+{
+  disabledModules = [ ];
   imports = [
     ../../profiles/common/configuration.nix
     ../../modules/opinionatedDisk.nix

nix/os/devices/srv0.home-ch.stefanjunker.de/hw.nix

@@ -1,4 +1,5 @@
-{...}: let
+_:
+let
   stage1Modules = [
     "aesni_intel"
     "kvm-intel"
@@ -17,7 +18,8 @@
     "xhci_hcd"
     "xhci_pci"
   ];
-in {
+in
+{
   # TASK: new device
   hardware.opinionatedDisk = {
     enable = true;

nix/os/devices/srv0.home-ch.stefanjunker.de/pkg.nix

@@ -1,16 +1,8 @@
+{ config, pkgs, ... }:
 {
-  config,
-  pkgs,
-  lib,
-  ...
-}: {
-  nixpkgs.config.packageOverrides = pkgs:
-    with pkgs; {
-      nixPath =
-        (import ../../../default.nix {
-          versionsPath = ./versions.nix;
-        })
-        .nixPath;
+  nixpkgs.config.packageOverrides =
+    pkgs: with pkgs; {
+      inherit ((import ../../../default.nix { versionsPath = ./versions.nix; })) nixPath;
     };
   home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {
     inherit pkgs;
@@ -20,7 +12,12 @@
     {
       hostName = "localhost";
       system = "x86_64-linux";
-      supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
+      supportedFeatures = [
+        "kvm"
+        "nixos-test"
+        "big-parallel"
+        "benchmark"
+      ];
       maxJobs = 4;
     }
   ];

nix/os/devices/srv0.home-ch.stefanjunker.de/system.nix

@@ -1,11 +1,4 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}: let
-  keys = import ../../../variables/keys.nix;
-in {
+_: {
   # TASK: new device
   networking.hostName = "srv0"; # Define your hostname.
   # networking.domain =  "home-ch.stefanjunker.de";
@@ -37,7 +30,7 @@ in {
 
   networking.nat = {
     enable = true;
-    internalInterfaces = ["ve-+"];
+    internalInterfaces = [ "ve-+" ];
     externalInterface = "eth0";
   };
 
@@ -45,14 +38,20 @@ in {
   # services.kubernetes.roles = ["master" "node"];
 
   # virtualization
-  virtualisation = {docker.enable = true;};
+  virtualisation = {
+    docker.enable = true;
+  };
 
-  nix.gc = {automatic = true;};
+  nix.gc = {
+    automatic = true;
+  };
 
   networking.useHostResolvConf = false;
-  services.resolved = {enable = true;};
+  services.resolved = {
+    enable = true;
+  };
 
-  containers = {};
+  containers = { };
 
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions

nix/os/devices/srv0.home-ch.stefanjunker.de/versions.nix

@@ -4,7 +4,8 @@ let
     ref = "nixos-22.05";
     rev = "040c6d8374d090f46ab0e99f1f7c27a4529ecffd";
   };
-in {
+in
+{
   inherit nixpkgs;
   "channels-nixos-stable" = nixpkgs;
   "nixpkgs-master" = {

nix/os/devices/srv0.home-ch.stefanjunker.de/versions.tmpl.nix

@@ -6,7 +6,8 @@ let
       <% git ls-remote https://github.com/nixos/nixpkgs nixos-22.05 | awk '{ print $1 }' | tr -d '
       ' -%>'';
   };
-in {
+in
+{
   inherit nixpkgs;
   "channels-nixos-stable" = nixpkgs;
   "nixpkgs-master" = {

nix/os/devices/steveej-nuc7pjyh-work/configuration.nix

@@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
   imports = [
     ../../profiles/common/configuration.nix
     ../../profiles/graphical/configuration.nix

nix/os/devices/steveej-nuc7pjyh-work/hw.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   # TASK: new device
   hardware.encryptedDisk = {
     enable = true;

nix/os/devices/steveej-nuc7pjyh-work/system.nix

@@ -1,11 +1,7 @@
+{ pkgs, lib, ... }:
 {
-  pkgs,
-  lib,
-  ...
-}: let
-in {
   services.udev.extraRules = ''SUBSYSTEM=="sgx", MODE="0660", GROUP="sgx"'';
-  users.groups.sgx = {};
+  users.groups.sgx = { };
   networking.hostName = "steveej-nuc7pjyh-work"; # Define your hostname.
   boot.kernelPackages = lib.mkForce pkgs.linuxPackages_sgx_latest;
 }

nix/os/devices/steveej-nuc7pjyh-work/user.nix

@@ -1,12 +1,9 @@
-{
-  config,
-  pkgs,
-  ...
-}: let
-  passwords = import ../../../variables/passwords.crypt.nix;
+{ pkgs, ... }:
+let
   keys = import ../../../variables/keys.nix;
-  inherit (import ../../lib/default.nix {inherit (pkgs) lib;}) mkUser;
-in {
+  inherit (import ../../lib/default.nix { inherit (pkgs) lib; }) mkUser;
+in
+{
   users.extraUsers.sjunker = mkUser {
     uid = 1001;
     openssh.authorizedKeys.keys = keys.users.steveej.openssh;
@@ -14,7 +11,7 @@ in {
       image = "quay.io/enarx/fedora";
       run_args = "-v /dev/sgx:/dev/sgx";
     };
-    extraGroups = ["sgx"];
+    extraGroups = [ "sgx" ];
 
     subUidRanges = [
       {

nix/os/devices/steveej-pa600/boot.nix

@@ -1,4 +1,5 @@
-{lib, ...}: {
+{ lib, ... }:
+{
   boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
   boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
 }

nix/os/devices/steveej-pa600/configuration.nix

@@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
   imports = [
     ../../profiles/common/configuration.nix
     ../../profiles/graphical/configuration.nix

nix/os/devices/steveej-pa600/hw.nix

@@ -1,4 +1,5 @@
-{...}: let
+_:
+let
   stage1Modules = [
     "aesni_intel"
     "kvm-intel"
@@ -7,7 +8,8 @@
     "xhci_pci"
     "hxci_hcd"
   ];
-in {
+in
+{
   # TASK: new device
   hardware.opinionatedDisk = {
     enable = true;

nix/os/devices/steveej-pa600/pkg.nix

@@ -1,11 +1,8 @@
-{pkgs, ...}: {
-  nixpkgs.config.packageOverrides = pkgs:
-    with pkgs; {
-      nixPath =
-        (import ../../../default.nix {
-          versionsPath = ./versions.nix;
-        })
-        .nixPath;
+{ pkgs, ... }:
+{
+  nixpkgs.config.packageOverrides =
+    pkgs: with pkgs; {
+      inherit ((import ../../../default.nix { versionsPath = ./versions.nix; })) nixPath;
     };
   home-manager.users.steveej = import ../../../home-manager/configuration/graphical-fullblown.nix {
     inherit pkgs;

nix/os/devices/steveej-pa600/system.nix

@@ -1,11 +1,5 @@
+{ pkgs, lib, ... }:
 {
-  pkgs,
-  lib,
-  config,
-  ...
-}: let
-  keys = import ../../../variables/keys.nix;
-in {
   # TASK: new device
   networking.hostName = "steveej-pa600"; # Define your hostname.
 
@@ -20,7 +14,11 @@ in {
 
   services.printing = {
     enable = true;
-    drivers = with pkgs; [hplip mfcl3770cdw.driver mfcl3770cdw.cupswrapper];
+    drivers = with pkgs; [
+      hplip
+      mfcl3770cdw.driver
+      mfcl3770cdw.cupswrapper
+    ];
   };
 
   services.fprintd.enable = true;
@@ -29,9 +27,9 @@ in {
     sudo.fprintAuth = true;
   };
 
-  security.pki.certificateFiles = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"];
+  security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
 
-  services.xserver.videoDrivers = ["modesetting"];
+  services.xserver.videoDrivers = [ "modesetting" ];
   services.xserver.serverFlagsSection = ''
     Option "BlankTime" "0"
     Option "StandbyTime" "0"

nix/os/devices/steveej-pa600/user.nix

@@ -1,12 +1,9 @@
-{
-  config,
-  pkgs,
-  ...
-}: let
-  passwords = import ../../../variables/passwords.crypt.nix;
+{ pkgs, ... }:
+let
   keys = import ../../../variables/keys.nix;
-  inherit (import ../../lib/default.nix {inherit (pkgs) lib;}) mkUser;
-in {
+  inherit (import ../../lib/default.nix { inherit (pkgs) lib; }) mkUser;
+in
+{
   users.extraUsers.steveej2 = mkUser {
     uid = 1001;
     openssh.authorizedKeys.keys = keys.users.steveej.openssh;

nix/os/devices/steveej-pa600/versions.nix

@@ -4,9 +4,12 @@ let
     ref = "nixos-20.09";
     rev = "e065200fc90175a8f6e50e76ef10a48786126e1c";
   };
-in {
+in
+{
   inherit nixpkgs;
-  nixos = nixpkgs // {suffix = "/nixos";};
+  nixos = nixpkgs // {
+    suffix = "/nixos";
+  };
   "channels-nixos-stable" = nixpkgs;
   "channels-nixos-unstable" = {
     url = "https://github.com/NixOS/nixpkgs/";

nix/os/devices/steveej-pa600/versions.tmpl.nix

@@ -6,9 +6,12 @@ let
       <% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '
       ' -%>'';
   };
-in {
+in
+{
   inherit nixpkgs;
-  nixos = nixpkgs // {suffix = "/nixos";};
+  nixos = nixpkgs // {
+    suffix = "/nixos";
+  };
   "channels-nixos-stable" = nixpkgs;
   "channels-nixos-unstable" = {
     url = "https://github.com/NixOS/nixpkgs/";

nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/configuration.nix

@@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
   imports = [
     ../../profiles/common/configuration.nix
     ../../profiles/graphical/configuration.nix

nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/hw.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   # TASK: new device
   hardware.encryptedDisk = {
     enable = true;

nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/system.nix

@@ -1,3 +1,3 @@
-{...}: {
+_: {
   networking.hostName = "steveej-rmvbl-mmc-SL32G_0x259093f6"; # Define your hostname.
 }

nix/os/devices/steveej-rmvbl-sdep0/configuration.nix

@@ -1,11 +1,8 @@
-{...}: {
-  nixpkgs.config.packageOverrides = pkgs:
-    with pkgs; {
-      nixPath =
-        (import ../../../default.nix {
-          versionsPath = ./versions.nix;
-        })
-        .nixPath;
+{ ... }:
+{
+  nixpkgs.config.packageOverrides =
+    pkgs: with pkgs; {
+      inherit ((import ../../../default.nix { versionsPath = ./versions.nix; })) nixPath;
     };
 
   imports = [

nix/os/devices/steveej-rmvbl-sdep0/hw.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   # TASK: new device
   hardware.opinionatedDisk.diskId = "usb-SanDisk_Extreme_Pro_12345978EC62-0:0";
   hardware.opinionatedDisk.encrypted = true;

nix/os/devices/steveej-rmvbl-sdep0/system.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   networking.hostName = "steveej-rmvbl-sdep0"; # Define your hostname.
   system.stateVersion = "21.05";
 }

nix/os/devices/steveej-rmvbl-sdep0/versions.nix

@@ -2,35 +2,33 @@ let
   nixpkgs = {
     url = "https://github.com/NixOS/nixpkgs/";
     ref = "nixos-22.11";
-    rev = ''
-      0040164e473509b4aee6aedb3b923e400d6df10b'';
+    rev = ''0040164e473509b4aee6aedb3b923e400d6df10b'';
   };
-in {
+in
+{
   inherit nixpkgs;
-  nixos = nixpkgs // {suffix = "/nixos";};
+  nixos = nixpkgs // {
+    suffix = "/nixos";
+  };
   "channels-nixos-stable" = nixpkgs;
   "channels-nixos-unstable" = {
     url = "https://github.com/NixOS/nixpkgs/";
     ref = "nixos-unstable";
-    rev = ''
-      d9f759f2ea8d265d974a6e1259bd510ac5844c5d'';
+    rev = ''d9f759f2ea8d265d974a6e1259bd510ac5844c5d'';
   };
   "channels-nixos-unstable-small" = {
     url = "https://github.com/NixOS/nixpkgs/";
     ref = "nixos-unstable-small";
-    rev = ''
-      9c34c8adba80180608794cce600b10183b048942'';
+    rev = ''9c34c8adba80180608794cce600b10183b048942'';
   };
   "nixpkgs-master" = {
     url = "https://github.com/NixOS/nixpkgs/";
     ref = "master";
-    rev = ''
-      f9adb566707a492bd3d17fee1e223695d939b52a'';
+    rev = ''f9adb566707a492bd3d17fee1e223695d939b52a'';
   };
   "home-manager-module" = {
     url = "https://github.com/nix-community/home-manager";
     ref = "release-22.11";
-    rev = ''
-      d6f3ba090ed090ae664ab5bac329654093aae725'';
+    rev = ''d6f3ba090ed090ae664ab5bac329654093aae725'';
   };
 }

nix/os/devices/steveej-rmvbl-sdep0/versions.tmpl.nix

@@ -6,9 +6,12 @@ let
       <% git ls-remote https://github.com/nixos/nixpkgs nixos-22.11 | awk '{ print $1 }' | tr -d '
       ' -%>'';
   };
-in {
+in
+{
   inherit nixpkgs;
-  nixos = nixpkgs // {suffix = "/nixos";};
+  nixos = nixpkgs // {
+    suffix = "/nixos";
+  };
   "channels-nixos-stable" = nixpkgs;
   "channels-nixos-unstable" = {
     url = "https://github.com/NixOS/nixpkgs/";

nix/os/devices/steveej-t14/boot.nix

@@ -1,8 +1,5 @@
+{ lib, pkgs, ... }:
 {
-  lib,
-  pkgs,
-  ...
-}: {
   boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
   boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
   boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;

nix/os/devices/steveej-t14/configuration.nix

@@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
   imports = [
     ../../snippets/home-manager-with-zsh.nix
     ../../snippets/nix-settings-holo-chain.nix
@@ -19,7 +20,7 @@
     ./boot.nix
 
     # samba seerver
-    ({lib, ...}: {
+    (_: {
       # networking.firewall.enable = lib.mkForce false;
       services.samba-wsdd.enable = true; # make shares visible for windows 10 clients
       networking.firewall.allowedTCPPorts = [

nix/os/devices/steveej-t14/default.nix

@@ -4,26 +4,24 @@
   repoFlakeWithSystem,
   nodeFlake,
   ...
-}: let
+}:
+let
   system = "x86_64-linux";
-in {
+in
+{
   meta.nodeSpecialArgs.${nodeName} = {
     inherit repoFlake nodeName nodeFlake;
     packages' = repoFlake.packages.${system};
-    repoFlakeInputs' = repoFlakeWithSystem system ({inputs', ...}: inputs');
+    repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs');
   };
 
-  meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath {
-    inherit system;
-  };
+  meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; };
 
   ${nodeName} = {
     deployment.targetHost = nodeName;
     deployment.replaceUnknownProfiles = false;
     deployment.allowLocalDeployment = true;
 
-    imports = [
-      (repoFlake + "/nix/os/devices/${nodeName}/configuration.nix")
-    ];
+    imports = [ (repoFlake + "/nix/os/devices/${nodeName}/configuration.nix") ];
   };
 }

nix/os/devices/steveej-t14/flake.nix

@@ -12,5 +12,5 @@
     inputs.nixpkgs.follows = "nixpkgs";
   };
 
-  outputs = _: {};
+  outputs = _: { };
 }

nix/os/devices/steveej-t14/hw.nix

@@ -1,5 +1,4 @@
-{lib, ...}: let
-in {
+_: {
   # TASK: new device
   hardware.opinionatedDisk = {
     enable = true;
@@ -66,16 +65,56 @@ in {
     enable = false;
     levels = [
       # ["level auto" 0 60]
-      [0 0 60]
-      [1 60 65]
-      [1 65 75]
-      [2 75 78]
-      [3 78 80]
-      [4 80 82]
-      [5 82 84]
-      [6 84 86]
-      [7 86 88]
-      ["level full-speed" 88 999]
+      [
+        0
+        0
+        60
+      ]
+      [
+        1
+        60
+        65
+      ]
+      [
+        1
+        65
+        75
+      ]
+      [
+        2
+        75
+        78
+      ]
+      [
+        3
+        78
+        80
+      ]
+      [
+        4
+        80
+        82
+      ]
+      [
+        5
+        82
+        84
+      ]
+      [
+        6
+        84
+        86
+      ]
+      [
+        7
+        86
+        88
+      ]
+      [
+        "level full-speed"
+        88
+        999
+      ]
     ];
 
     extraArgs = [

nix/os/devices/steveej-t14/pkg.nix

@@ -1,14 +1,7 @@
+{ pkgs, ... }:
 {
-  pkgs,
-  lib,
-  repoFlake,
-  nodeFlake,
-  ...
-}: {
   system.stateVersion = "23.05";
-  home-manager.users.root = _: {
-    home.stateVersion = "22.05";
-  };
+  home-manager.users.root = _: { home.stateVersion = "22.05"; };
   home-manager.users.steveej = _: {
     home.stateVersion = "22.05";
     imports = [
@@ -21,10 +14,9 @@
       })
     ];
 
-    home.sessionVariables = {};
+    home.sessionVariables = { };
 
-    home.packages = with pkgs; [
-    ];
+    home.packages = with pkgs; [ ];
   };
 
   # TODO: fix the following errors with regreet
@@ -38,26 +30,28 @@
   #
   # (regreet:505614): Gtk-WARNING **: 10:31:42.532: Theme parser warning: <data>:6:17-18: Empty declaration
   # Failed to create /var/empty/.cache for shader cache (Operation not permitted)---disabling.
-  services.greetd = let
-    # exec "${pkgs.greetd.gtkgreet}/bin/gtkgreet -l; swaymsg exit"
-    swayConfig = pkgs.writeText "greetd-sway-config" ''
-      # `-l` activates layer-shell mode. Notice that `swaymsg exit` will run after gtkgreet.
-      exec "dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK; ${pkgs.greetd.regreet}/bin/regreet; swaymsg exit"
-      bindsym Mod4+shift+e exec swaynag \
-        -t warning \
-        -m 'What do you want to do?' \
-        -b 'Poweroff' 'systemctl poweroff' \
-        -b 'Reboot' 'systemctl reboot'
-    '';
-  in {
-    enable = false;
-    settings = {
-      vt = 1;
-      default_session = {
-        command = "${pkgs.sway}/bin/sway --config ${swayConfig}";
+  services.greetd =
+    let
+      # exec "${pkgs.greetd.gtkgreet}/bin/gtkgreet -l; swaymsg exit"
+      swayConfig = pkgs.writeText "greetd-sway-config" ''
+        # `-l` activates layer-shell mode. Notice that `swaymsg exit` will run after gtkgreet.
+        exec "dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK; ${pkgs.greetd.regreet}/bin/regreet; swaymsg exit"
+        bindsym Mod4+shift+e exec swaynag \
+          -t warning \
+          -m 'What do you want to do?' \
+          -b 'Poweroff' 'systemctl poweroff' \
+          -b 'Reboot' 'systemctl reboot'
+      '';
+    in
+    {
+      enable = false;
+      settings = {
+        vt = 1;
+        default_session = {
+          command = "${pkgs.sway}/bin/sway --config ${swayConfig}";
+        };
       };
     };
-  };
 
   environment.etc."greetd/environments".text = ''
     sway

nix/os/devices/steveej-t14/system.nix

@@ -2,10 +2,10 @@
   pkgs,
   lib,
   config,
-  nodeName,
   repoFlake,
   ...
-}: let
+}:
+let
   localTcpPorts = [
     22
 
@@ -21,12 +21,11 @@
     22000
     21027
   ];
-in {
+in
+{
   nix.settings = {
-    substituters = [
-    ];
-    trusted-public-keys = [
-    ];
+    substituters = [ ];
+    trusted-public-keys = [ ];
   };
 
   nix.distributedBuilds = true;
@@ -39,7 +38,7 @@ in {
       system = "x86_64-linux";
       maxJobs = 32;
       speedFactor = 100;
-      supportedFeatures = repoFlake.nixosConfigurations.steveej-t14.config.nix.settings.system-features ++ [];
+      supportedFeatures = repoFlake.nixosConfigurations.steveej-t14.config.nix.settings.system-features;
     }
 
     {
@@ -50,16 +49,15 @@ in {
       system = "aarch64-linux";
       maxJobs = 32;
       speedFactor = 100;
-      supportedFeatures = repoFlake.nixosConfigurations.router0-dmz0.config.nix.settings.system-features ++ [];
+      supportedFeatures = repoFlake.nixosConfigurations.router0-dmz0.config.nix.settings.system-features;
     }
   ];
 
   networking.networkmanager.enable = true;
 
-  networking.extraHosts = ''
-  '';
+  networking.extraHosts = '''';
 
-  networking.bridges."virbr1".interfaces = [];
+  networking.bridges."virbr1".interfaces = [ ];
   networking.interfaces."virbr1".ipv4.addresses = [
     {
       address = "10.254.254.254";
@@ -92,7 +90,9 @@ in {
 
   # virtualization
   virtualisation = {
-    libvirtd = {enable = true;};
+    libvirtd = {
+      enable = true;
+    };
 
     virtualbox.host = {
       enable = false;
@@ -110,13 +110,11 @@ in {
     # client min protocol = NT1
   '';
 
-  security.pki.certificateFiles = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"];
+  security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
 
-  services.xserver.videoDrivers = lib.mkForce ["amdgpu"];
+  services.xserver.videoDrivers = lib.mkForce [ "amdgpu" ];
 
   hardware.ledger.enable = true;
 
-  boot.binfmt.emulatedSystems = [
-    "aarch64-linux"
-  ];
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
 }

nix/os/devices/steveej-t14/user.nix

@@ -1,19 +1,16 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}: let
+{ config, pkgs, ... }:
+let
   keys = import ../../../variables/keys.nix;
-  inherit (pkgs.callPackage ../../lib/default.nix {}) mkUser;
-in {
+  inherit (pkgs.callPackage ../../lib/default.nix { }) mkUser;
+in
+{
   users.users.steveej2 = mkUser {
     uid = 1001;
     openssh.authorizedKeys.keys = keys.users.steveej.openssh;
     hashedPasswordFile = config.sops.secrets.sharedUsers-steveej.path;
   };
 
-  nix.settings.trusted-users = ["steveej"];
+  nix.settings.trusted-users = [ "steveej" ];
 
   security.pam.u2f.enable = true;
   security.pam.services.steveej.u2fAuth = true;

nix/os/devices/steveej-utilitepro/configuration.nix

@@ -1,13 +1,11 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
-{
-  config,
-  pkgs,
-  ...
-}: let
+{ config, pkgs, ... }:
+let
   passwords = import ../common/passwords.crypt.nix;
-in {
+in
+{
   # The NixOS release to be compatible with for stateful data such as databases.
   system.stateVersion = "16.03";
   nix.maxJobs = 4;
@@ -19,22 +17,18 @@ in {
   '';
 
   nixpkgs.config = {
-    packageOverrides = super: let
-      self = super.pkgs;
-    in {
+    packageOverrides = super: {
       linux_4_1 = super.linux_4_1.override {
-        kernelPatches =
-          super.linux_4_1.kernelPatches
-          ++ [
-            {
-              patch = ./patches/utilitepro-kernel-dts.patch;
-              name = "utilitepro-dts";
-            }
-            {
-              patch = ./patches/utilitepro-kernel-dts-Makefile.patch;
-              name = "utilitepro-dts-Makefile";
-            }
-          ];
+        kernelPatches = super.linux_4_1.kernelPatches ++ [
+          {
+            patch = ./patches/utilitepro-kernel-dts.patch;
+            name = "utilitepro-dts";
+          }
+          {
+            patch = ./patches/utilitepro-kernel-dts-Makefile.patch;
+            name = "utilitepro-dts-Makefile";
+          }
+        ];
         # add "CONFIG_PPP_FILTER y" option to the set of kernel options
         extraConfig = ''
           BTRFS_FS y
@@ -279,7 +273,10 @@ in {
     uid = 1000;
     isNormalUser = true;
     home = "/home/steveej";
-    extraGroups = ["wheel" "libvirtd"];
+    extraGroups = [
+      "wheel"
+      "libvirtd"
+    ];
     # FIXME: this is deprecated but so is this device probably
     hashedPassword = passwords.users.steveej;
     openssh.authorizedKeys.keys = [