feat: alejandra -> nixfmt

2024-12-25 18:21:24 +01:00 · 2024-12-25 18:21:24 +01:00 · 65ce9c5882
commit 65ce9c5882
parent acc6e6e825
56 changed files with 737 additions and 456 deletions
--- a/.envrc
+++ b/.envrc
@ -1 +1,2 @@
+# shellcheck disable=SC2148
 use flake
--- a/configs/client.nix
+++ b/configs/client.nix
@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
  imports = [
    ./common.nix

@ -7,7 +8,7 @@
  ];

  environment.systemPackages = with pkgs; [
-    (ffmpeg-full.override {withUnfree = true;})
+    (ffmpeg-full.override { withUnfree = true; })
    fastfetch
    lazygit
    nixd
@ -15,8 +16,8 @@

  hm.programs.keychain = {
    enable = true;
-    agents = ["ssh"];
-    keys = ["id_ed25519"];
+    agents = [ "ssh" ];
+    keys = [ "id_ed25519" ];
  };

  networking = {
@ -24,7 +25,7 @@
    networkmanager = {
      enable = true;
      dns = "systemd-resolved";
-      plugins = [pkgs.networkmanager-fortisslvpn];
+      plugins = [ pkgs.networkmanager-fortisslvpn ];
    };
  };

--- a/configs/common.nix
+++ b/configs/common.nix
@ -10,20 +10,25 @@
  vencord,
  hydro,
  ...
-}: let
+}:
+let
  username = "leo";
  stateVersion = "24.11";

-  rootPassword = _utils.setupSingleSecret config "rootPassword" {};
+  rootPassword = _utils.setupSingleSecret config "rootPassword" { };
  secrets = _utils.setupSharedSecrets config {
-    secrets = ["userPassword" "tailscaleKey"];
+    secrets = [
+      "userPassword"
+      "tailscaleKey"
+    ];
  };
-in {
+in
+{
  imports = [
    agenix.nixosModules.default
    home-manager.nixosModules.home-manager

-    (lib.mkAliasOptionModule ["hm"] ["home-manager" "users" username])
+    (lib.mkAliasOptionModule [ "hm" ] [ "home-manager" "users" username ])

    rootPassword.generate
    secrets.generate
@ -35,12 +40,15 @@ in {

  age = {
    ageBin = lib.getExe pkgs.rage;
-    identityPaths = ["/etc/age/key"];
+    identityPaths = [ "/etc/age/key" ];
  };

  boot = {
    kernelPackages = lib.mkDefault pkgs.linuxPackages; # use lts
-    kernelParams = ["quiet" "loglevel=3"];
+    kernelParams = [
+      "quiet"
+      "loglevel=3"
+    ];

    # faster tcp !!!
    kernel.sysctl = {
@ -65,7 +73,7 @@ in {
  ];

  hm = {
-    home = {inherit stateVersion;};
+    home = { inherit stateVersion; };

    programs.ssh = {
      enable = true;
@ -83,14 +91,17 @@ in {

  networking = {
    useNetworkd = lib.mkDefault true;
-    nameservers = ["1.1.1.1" "1.0.0.1"];
+    nameservers = [
+      "1.1.1.1"
+      "1.0.0.1"
+    ];
  };

  nix = {
    # package = pkgs.nixVersions.latest;
    channel.enable = false;
    # The `flake:` syntax in `$NIX_PATH` seems to do some weird copying on Nix 2.24
-    nixPath = ["nixpkgs=${config.nixpkgs.flake.source}"];
+    nixPath = [ "nixpkgs=${config.nixpkgs.flake.source}" ];

    gc = {
      automatic = true;
@ -110,8 +121,14 @@ in {

    settings = {
      auto-optimise-store = true;
-      experimental-features = ["nix-command" "flakes"];
-      trusted-users = ["root" "@wheel"];
+      experimental-features = [
+        "nix-command"
+        "flakes"
+      ];
+      trusted-users = [
+        "root"
+        "@wheel"
+      ];
      connect-timeout = 5; # fail fast if substituters are not available
      builders-use-substitutes = true;
      log-lines = 25;
@ -132,7 +149,7 @@ in {
  nixpkgs = {
    config.allowUnfree = true;
    flake.setNixPath = false;
-    overlays = [(import ../exprs/overlay.nix {inherit vencord hydro;})];
+    overlays = [ (import ../exprs/overlay.nix { inherit vencord hydro; }) ];
  };

  programs = {
@ -172,7 +189,10 @@ in {
    tailscale = {
      enable = true;
      useRoutingFeatures = "both";
-      extraUpFlags = ["--ssh" "--stateful-filtering"];
+      extraUpFlags = [
+        "--ssh"
+        "--stateful-filtering"
+      ];
      authKeyFile = secrets.get "tailscaleKey";
    };
  };
@ -197,7 +217,14 @@ in {
    "${username}" = {
      isNormalUser = true;
      shell = pkgs.fish;
-      extraGroups = ["networkmanager" "wheel" "video" "libvirtd" "input" "docker"];
+      extraGroups = [
+        "networkmanager"
+        "wheel"
+        "video"
+        "libvirtd"
+        "input"
+        "docker"
+      ];
      hashedPasswordFile = secrets.get "userPassword";
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+7+KfdOrhcnHayxvOENUeMx8rE4XEIV/AxMHiaNUP8"
--- a/configs/desktop.nix
+++ b/configs/desktop.nix
@ -5,7 +5,8 @@
  catppuccin,
  lanzaboote,
  ...
-}: {
+}:
+{
  imports = [
    catppuccin.nixosModules.catppuccin
    lanzaboote.nixosModules.lanzaboote
@ -24,10 +25,10 @@
  boot = {
    kernelPackages = pkgs.linuxPackages_latest;

-    extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
-    kernelModules = ["v4l2loopback"];
+    extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
+    kernelModules = [ "v4l2loopback" ];

-    supportedFilesystems = ["ntfs"];
+    supportedFilesystems = [ "ntfs" ];

    loader = {
      systemd-boot.enable = lib.mkForce false;
@ -61,7 +62,7 @@
    ];

    fontconfig.defaultFonts = {
-      emoji = ["Twitter Color Emoji"];
+      emoji = [ "Twitter Color Emoji" ];
    };
  };

@ -91,7 +92,7 @@
        strawberry
        teams-for-linux
        thunderbird
-        (vesktop.override {withSystemVencord = true;})
+        (vesktop.override { withSystemVencord = true; })
        vscode

        # libreoffice stuff
--- a/configs/laptop.nix
+++ b/configs/laptop.nix
@ -3,10 +3,11 @@
  pkgs,
  config,
  ...
-}: {
-  imports = [./desktop.nix];
+}:
+{
+  imports = [ ./desktop.nix ];

-  boot.initrd.kernelModules = ["xe"];
+  boot.initrd.kernelModules = [ "xe" ];

  hardware = {
    bluetooth.enable = true;
@ -18,7 +19,7 @@
        vpl-gpu-rt
      ];

-      extraPackages32 = [pkgs.driversi686Linux.intel-media-driver];
+      extraPackages32 = [ pkgs.driversi686Linux.intel-media-driver ];
    };
  };

@ -30,7 +31,7 @@
  programs.light.enable = true;

  # hyprland stuff
-  services.blueman = lib.mkIf config.programs.hyprland.enable {enable = true;};
+  services.blueman = lib.mkIf config.programs.hyprland.enable { enable = true; };
  hm.wayland.windowManager.hyprland.settings.exec-once = with pkgs; [
    "${lib.getExe networkmanagerapplet}"
    "${lib.getExe' blueman "blueman-applet"}"
--- a/configs/server.nix
+++ b/configs/server.nix
@ -2,11 +2,13 @@
  config,
  _utils,
  ...
-}: let
+}:
+let
  secrets = _utils.setupSharedSecrets config {
-    secrets = ["vmAuthToken"];
+    secrets = [ "vmAuthToken" ];
  };
-in {
+in
+{
  imports = [
    ./common.nix
    secrets.generate
@ -21,7 +23,7 @@ in {
  };

  services = {
-    tailscale.extraUpFlags = ["--advertise-exit-node"];
+    tailscale.extraUpFlags = [ "--advertise-exit-node" ];

    openssh = {
      enable = true;
@ -46,20 +48,22 @@ in {
    prometheus.exporters.node = {
      enable = true;
      port = 9091;
-      enabledCollectors = ["systemd"];
+      enabledCollectors = [ "systemd" ];
    };

    vmagent = {
      enable = true;
      remoteWrite.url = "https://metrics.uku3lig.net/api/v1/write";
-      extraArgs = ["-remoteWrite.bearerTokenFile=\${CREDENTIALS_DIRECTORY}/vm_auth_token"];
+      extraArgs = [ "-remoteWrite.bearerTokenFile=\${CREDENTIALS_DIRECTORY}/vm_auth_token" ];
      prometheusConfig = {
        global.scrape_interval = "15s";

        scrape_configs = [
          {
            job_name = "node";
-            static_configs = [{targets = ["localhost:${builtins.toString config.services.prometheus.exporters.node.port}"];}];
+            static_configs = [
+              { targets = [ "localhost:${builtins.toString config.services.prometheus.exporters.node.port}" ]; }
+            ];
            relabel_configs = [
              {
                target_label = "instance";
@ -73,7 +77,7 @@ in {
  };

  systemd = {
-    services.vmagent.serviceConfig.LoadCredential = ["vm_auth_token:${secrets.get "vmAuthToken"}"];
+    services.vmagent.serviceConfig.LoadCredential = [ "vm_auth_token:${secrets.get "vmAuthToken"}" ];

    # For more detail, see:
    #   https://0pointer.de/blog/projects/watchdog.html
--- a/exprs/idea-fixed.nix
+++ b/exprs/idea-fixed.nix
@ -22,17 +22,19 @@
  pipewire,
  udev,
  xrandr,
-}: let
+}:
+let
  inherit (jetbrains) idea-ultimate;
 in
-  symlinkJoin {
-    name = "idea-ultimate-fixed-${idea-ultimate.version}";
+symlinkJoin {
+  name = "idea-ultimate-fixed-${idea-ultimate.version}";

-    paths = [idea-ultimate];
+  paths = [ idea-ultimate ];

-    nativeBuildInputs = [makeWrapper];
+  nativeBuildInputs = [ makeWrapper ];

-    postBuild = let
+  postBuild =
+    let
      runtimeLibs = [
        stdenv.cc.cc.lib
        ## native versions
@ -63,9 +65,10 @@ in
        xrandr # needed for LWJGL [2.9.2, 3) https://github.com/LWJGL/lwjgl/issues/128
        esbuild
      ];
-    in ''
+    in
+    ''
      wrapProgram $out/bin/idea-ultimate \
        --set LD_LIBRARY_PATH ${lib.makeLibraryPath runtimeLibs} \
        --prefix PATH : ${lib.makeBinPath runtimePrograms}
    '';
-  }
+}
--- a/exprs/overlay.nix
+++ b/exprs/overlay.nix
@ -1,16 +1,14 @@
 inputs: final: prev: {
-  idea-ultimate-fixed = prev.callPackage ./idea-fixed.nix {};
+  idea-ultimate-fixed = prev.callPackage ./idea-fixed.nix { };

  vencord = prev.vencord.overrideAttrs (old: rec {
    version = "${old.version}+git.${inputs.vencord.shortRev}";
    src = inputs.vencord;

-    env =
-      old.env
-      // {
-        VENCORD_REMOTE = "Vendicated/Vencord";
-        VENCORD_HASH = src.shortRev;
-      };
+    env = old.env // {
+      VENCORD_REMOTE = "Vendicated/Vencord";
+      VENCORD_HASH = src.shortRev;
+    };

    pnpmDeps = old.pnpmDeps.overrideAttrs (_: {
      outputHash = "sha256-vVzERis1W3QZB/i6SQR9dQR56yDWadKWvFr+nLTQY9Y=";
--- a/flake.lock
+++ b/flake.lock
@ -329,6 +329,7 @@
        "nixos-wsl": "nixos-wsl",
        "nixpkgs": "nixpkgs",
        "systems": "systems_2",
+        "treefmt-nix": "treefmt-nix",
        "ukubot-rs": "ukubot-rs",
        "vencord": "vencord",
        "vscode-extensions": "vscode-extensions"
@ -385,6 +386,26 @@
        "type": "github"
      }
    },
+    "treefmt-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1735135567,
+        "narHash": "sha256-8T3K5amndEavxnludPyfj3Z1IkcFdRpR23q+T0BVeZE=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "9e09d30a644c57257715902efbb3adc56c79cf28",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "type": "github"
+      }
+    },
    "ukubot-rs": {
      "inputs": {
        "flake-parts": [
--- a/flake.nix
+++ b/flake.nix
@ -1,31 +1,38 @@
 {
  description = "example flake idk";

-  outputs = {
-    self,
-    flake-parts,
-    nixinate,
-    agenix,
-    ...
-  } @ inputs:
-    flake-parts.lib.mkFlake {inherit inputs;} {
-      systems = ["x86_64-linux" "aarch64-linux"];
+  outputs =
+    {
+      self,
+      flake-parts,
+      nixinate,
+      agenix,
+      treefmt-nix,
+      ...
+    }@inputs:
+    flake-parts.lib.mkFlake { inherit inputs; } {
+      systems = [
+        "x86_64-linux"
+        "aarch64-linux"
+      ];

      imports = [
+        treefmt-nix.flakeModule
        ./systems
      ];

-      perSystem = {
-        pkgs,
-        system,
-        self',
-        ...
-      }: {
-        apps = (nixinate.nixinate.${system} self).nixinate;
+      perSystem =
+        {
+          pkgs,
+          system,
+          self',
+          ...
+        }:
+        {
+          apps = (nixinate.nixinate.${system} self).nixinate;

-        devShells.default = with pkgs;
-          mkShellNoCC {
-            packages = [
+          devShells.default = pkgs.mkShellNoCC {
+            packages = with pkgs; [
              agenix.packages.${system}.default
              just
              self'.formatter
@ -33,8 +40,25 @@
            ];
          };

-        formatter = pkgs.alejandra;
-      };
+          treefmt = {
+            projectRootFile = "flake.nix";
+
+            settings.excludes = [
+              ".envrc"
+              ".gitignore"
+              "*.age"
+              "flake.lock"
+              "justfile"
+              "LICENSE"
+            ];
+
+            programs = {
+              nixfmt.enable = true;
+              prettier.enable = true;
+              stylua.enable = true;
+            };
+          };
+        };
    };

  inputs = {
@ -109,6 +133,11 @@
    # nix's most elaborate, overcomplicated joke
    systems.url = "github:nix-systems/default";

+    treefmt-nix = {
+      url = "github:numtide/treefmt-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
    vscode-extensions = {
      url = "github:nix-community/nix-vscode-extensions";
      inputs.nixpkgs.follows = "nixpkgs";
--- a/global/utils.nix
+++ b/global/utils.nix
@ -1,66 +1,87 @@
-{lib, ...}: {
-  setupSecrets = _config: {
-    secrets,
-    extra ? {},
-  }: let
-    inherit (_config.networking) hostName;
-  in {
-    generate = {age.secrets = lib.genAttrs secrets (name: extra // {file = ../secrets/${hostName}/${name}.age;});};
-    get = name: _config.age.secrets.${name}.path;
-  };
-
-  setupSingleSecret = _config: name: extra: let
-    inherit (_config.networking) hostName;
-  in {
-    generate = {age.secrets.${name} = extra // {file = ../secrets/${hostName}/${name}.age;};};
-    inherit (_config.age.secrets.${name}) path;
-  };
-
-  setupSharedSecrets = _config: {
-    secrets,
-    extra ? {},
-  }: {
-    generate = {age.secrets = lib.genAttrs secrets (name: extra // {file = ../secrets/shared/${name}.age;});};
-    get = name: _config.age.secrets.${name}.path;
-  };
-
-  mkMinecraftServer = _config: {
-    name,
-    port,
-    remotePort,
-    tag ? "java21",
-    dataDir ? "/var/lib/${name}",
-    memory ? "4G",
-    env ? {},
-    envFiles ? [],
-    extraPorts ? [],
-  }: let
-    inherit (_config.virtualisation.oci-containers) backend;
-  in {
-    virtualisation.oci-containers.containers."mc-${name}" = {
-      image = "itzg/minecraft-server:${tag}";
-      ports = ["${builtins.toString port}:25565"] ++ extraPorts;
-      volumes = ["${dataDir}:/data"];
-      environmentFiles = envFiles;
-      environment =
-        {
-          EULA = "true";
-          MEMORY = memory;
-        }
-        // env;
+{ lib, ... }:
+{
+  setupSecrets =
+    _config:
+    {
+      secrets,
+      extra ? { },
+    }:
+    let
+      inherit (_config.networking) hostName;
+    in
+    {
+      generate = {
+        age.secrets = lib.genAttrs secrets (name: extra // { file = ../secrets/${hostName}/${name}.age; });
+      };
+      get = name: _config.age.secrets.${name}.path;
    };

-    networking.firewall.allowedTCPPorts = [port];
+  setupSingleSecret =
+    _config: name: extra:
+    let
+      inherit (_config.networking) hostName;
+    in
+    {
+      generate = {
+        age.secrets.${name} = extra // {
+          file = ../secrets/${hostName}/${name}.age;
+        };
+      };
+      inherit (_config.age.secrets.${name}) path;
+    };

-    services.frp.settings.proxies = [
-      {
-        inherit name remotePort;
-        type = "tcp";
-        localIp = "127.0.0.1";
-        localPort = port;
-      }
-    ];
+  setupSharedSecrets =
+    _config:
+    {
+      secrets,
+      extra ? { },
+    }:
+    {
+      generate = {
+        age.secrets = lib.genAttrs secrets (name: extra // { file = ../secrets/shared/${name}.age; });
+      };
+      get = name: _config.age.secrets.${name}.path;
+    };

-    systemd.services."${backend}-mc-${name}".serviceConfig.TimeoutSec = "300";
-  };
+  mkMinecraftServer =
+    _config:
+    {
+      name,
+      port,
+      remotePort,
+      tag ? "java21",
+      dataDir ? "/var/lib/${name}",
+      memory ? "4G",
+      env ? { },
+      envFiles ? [ ],
+      extraPorts ? [ ],
+    }:
+    let
+      inherit (_config.virtualisation.oci-containers) backend;
+    in
+    {
+      virtualisation.oci-containers.containers."mc-${name}" = {
+        image = "itzg/minecraft-server:${tag}";
+        ports = [ "${builtins.toString port}:25565" ] ++ extraPorts;
+        volumes = [ "${dataDir}:/data" ];
+        environmentFiles = envFiles;
+        environment = {
+          EULA = "true";
+          MEMORY = memory;
+        } // env;
+      };
+
+      networking.firewall.allowedTCPPorts = [ port ];
+
+      services.frp.settings.proxies = [
+        {
+          inherit name remotePort;
+          type = "tcp";
+          localIp = "127.0.0.1";
+          localPort = port;
+        }
+      ];
+
+      systemd.services."${backend}-mc-${name}".serviceConfig.TimeoutSec = "300";
+    };
 }
--- a/programs/alacritty.nix
+++ b/programs/alacritty.nix
@ -2,22 +2,25 @@
  lib,
  pkgs,
  ...
-}: {
-  hm.programs.alacritty = let
-    theme = pkgs.fetchurl {
-      # url = "https://raw.githubusercontent.com/catppuccin/alacritty/ce476fb41f307d90f841c1a4fd7f0727c21248b2/catppuccin-macchiato.toml";
-      url = "https://raw.githubusercontent.com/rose-pine/alacritty/3c3e36eb5225b0eb6f1aa989f9d9e783a5b47a83/dist/rose-pine.toml";
-      hash = "sha256-MheSmzz02ZLAOS2uaclyazu6E//eikcdFydFfkio0/U=";
-    };
+}:
+{
+  hm.programs.alacritty =
+    let
+      theme = pkgs.fetchurl {
+        # url = "https://raw.githubusercontent.com/catppuccin/alacritty/ce476fb41f307d90f841c1a4fd7f0727c21248b2/catppuccin-macchiato.toml";
+        url = "https://raw.githubusercontent.com/rose-pine/alacritty/3c3e36eb5225b0eb6f1aa989f9d9e783a5b47a83/dist/rose-pine.toml";
+        hash = "sha256-MheSmzz02ZLAOS2uaclyazu6E//eikcdFydFfkio0/U=";
+      };

-    themeAttr = builtins.fromTOML (builtins.readFile theme);
-  in {
-    enable = true;
-    settings = lib.recursiveUpdate themeAttr {
-      font = {
-        normal.family = "Iosevka Nerd Font";
-        size = 12;
+      themeAttr = builtins.fromTOML (builtins.readFile theme);
+    in
+    {
+      enable = true;
+      settings = lib.recursiveUpdate themeAttr {
+        font = {
+          normal.family = "Iosevka Nerd Font";
+          size = 12;
+        };
      };
    };
-  };
 }
--- a/programs/dotnet.nix
+++ b/programs/dotnet.nix
@ -3,14 +3,17 @@
  config,
  pkgs,
  ...
-}: let
+}:
+let
  inherit (config.lib.file) mkOutOfStoreSymlink;
-in {
+in
+{
  home = {
-    packages = [pkgs.jetbrains.rider];
+    packages = [ pkgs.jetbrains.rider ];

    file = {
-      ".dotnet/8".source = mkOutOfStoreSymlink "${pkgs.dotnetCorePackages.dotnet_8.sdk.unwrapped}/share/dotnet";
+      ".dotnet/8".source =
+        mkOutOfStoreSymlink "${pkgs.dotnetCorePackages.dotnet_8.sdk.unwrapped}/share/dotnet";
      ".dotnet/mono".source = mkOutOfStoreSymlink pkgs.mono;
    };
  };
--- a/programs/fish.nix
+++ b/programs/fish.nix
@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
  programs.fish.enable = true;

  environment.systemPackages = with pkgs; [
--- a/programs/games.nix
+++ b/programs/games.nix
@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
  hardware = {
    xone.enable = true;
    xpadneo.enable = true;
@ -9,7 +10,11 @@
    osu-lazer-bin

    (prismlauncher.override {
-      jdks = [temurin-bin-21 temurin-bin-17 temurin-bin-8];
+      jdks = [
+        temurin-bin-21
+        temurin-bin-17
+        temurin-bin-8
+      ];
    })
  ];

--- a/programs/ghostty.nix
+++ b/programs/ghostty.nix
@ -2,9 +2,10 @@
  pkgs,
  ghostty,
  ...
-}: {
+}:
+{
  hm.home = {
-    packages = [ghostty.packages.${pkgs.system}.default];
+    packages = [ ghostty.packages.${pkgs.system}.default ];

    file.".config/ghostty/config".text = ''
      theme = light:catppuccin-latte,dark:catppuccin-mocha
--- a/programs/git.nix
+++ b/programs/git.nix
@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
  programs.git.enable = true;

  hm.programs = {
--- a/programs/gnome.nix
+++ b/programs/gnome.nix
@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
  services = {
    xserver.desktopManager.gnome.enable = true;
    displayManager = {
@ -13,14 +14,14 @@
  hm.programs.gnome-shell = {
    enable = true;
    extensions = with pkgs.gnomeExtensions; [
-      {package = appindicator;}
-      {package = dash-to-dock;}
-      {package = blur-my-shell;}
+      { package = appindicator; }
+      { package = dash-to-dock; }
+      { package = blur-my-shell; }
    ];
  };

  environment = with pkgs; {
-    systemPackages = [gnome-tweaks];
+    systemPackages = [ gnome-tweaks ];

    gnome.excludePackages = [
      gnome-tour
--- a/programs/hyprland-misc.nix
+++ b/programs/hyprland-misc.nix
@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
  # utility packages for hyprland, since you know it's not a DE

  hm.home.packages = with pkgs; [
@ -14,7 +15,10 @@

    thunar = {
      enable = true;
-      plugins = with pkgs.xfce; [thunar-volman thunar-archive-plugin];
+      plugins = with pkgs.xfce; [
+        thunar-volman
+        thunar-archive-plugin
+      ];
    };
  };
 }
--- a/programs/hyprland.nix
+++ b/programs/hyprland.nix
@ -2,7 +2,8 @@
  lib,
  pkgs,
  ...
-}: {
+}:
+{
  imports = [
    ./hyprland-misc.nix
    ./alacritty.nix
@ -20,7 +21,7 @@
    };
  };

-  xdg.portal.extraPortals = with pkgs; [xdg-desktop-portal-gtk];
+  xdg.portal.extraPortals = with pkgs; [ xdg-desktop-portal-gtk ];

  hm = {
    home.packages = with pkgs; [
@ -37,11 +38,24 @@

    wayland.windowManager.hyprland = {
      enable = true;
-      settings = let
-        inherit (lib) getExe getExe';
-        keys = ["ampersand" "eacute" "quotedbl" "apostrophe" "parenleft" "minus" "egrave" "underscore" "ccedilla" "agrave"];
-      in
-        with pkgs; {
+      settings =
+        let
+          inherit (lib) getExe getExe';
+          keys = [
+            "ampersand"
+            "eacute"
+            "quotedbl"
+            "apostrophe"
+            "parenleft"
+            "minus"
+            "egrave"
+            "underscore"
+            "ccedilla"
+            "agrave"
+          ];
+        in
+        with pkgs;
+        {
          "$mod" = "SUPER";
          "$wl-paste" = getExe' wl-clipboard "wl-paste";
          "$wpctl" = getExe' wireplumber "wpctl";
@ -152,12 +166,18 @@
            ++
            # Switch workspaces with mod + [0-9]
            # Move active window to a workspace with mod + SHIFT + [0-9]
-            lib.flatten (builtins.map (i: let
-              key = builtins.elemAt keys (i - 1);
-            in [
-              "$mod, ${key}, workspace, ${toString i}"
-              "$mod SHIFT, ${key}, movetoworkspace, ${toString i}"
-            ]) (lib.range 1 10));
+            lib.flatten (
+              builtins.map (
+                i:
+                let
+                  key = builtins.elemAt keys (i - 1);
+                in
+                [
+                  "$mod, ${key}, workspace, ${toString i}"
+                  "$mod SHIFT, ${key}, movetoworkspace, ${toString i}"
+                ]
+              ) (lib.range 1 10)
+            );

          bindm = [
            "$mod, mouse:272, movewindow"
--- a/programs/java.nix
+++ b/programs/java.nix
@ -3,9 +3,11 @@
  config,
  pkgs,
  ...
-}: let
+}:
+let
  inherit (config.lib.file) mkOutOfStoreSymlink;
-in {
+in
+{
  home.file = {
    ".jdks/temurin-21".source = mkOutOfStoreSymlink pkgs.temurin-bin-21;
    ".jdks/temurin-17".source = mkOutOfStoreSymlink pkgs.temurin-bin-17;
--- a/programs/kde.nix
+++ b/programs/kde.nix
@ -2,7 +2,8 @@
  pkgs,
  camasca,
  ...
-}: {
+}:
+{
  services = {
    desktopManager.plasma6.enable = true;
    displayManager.sddm = {
--- a/programs/neovim/default.nix
+++ b/programs/neovim/default.nix
@ -1,11 +1,12 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
  hm.programs.neovim = {
    enable = true;
    defaultEditor = true;
    extraLuaConfig = builtins.readFile ./init.lua;

    extraPackages = with pkgs; [
-      (lua5_1.withPackages (ps: with ps; [luarocks]))
+      (lua5_1.withPackages (ps: with ps; [ luarocks ]))
      tree-sitter
    ];

--- a/programs/neovim/init.lua
+++ b/programs/neovim/init.lua
@ -1,5 +1,5 @@
 -- sets the <Leader> "key", which can be used in shortcuts
-vim.g.mapleader = ' '
+vim.g.mapleader = " "

 vim.g.have_nerd_font = true

@ -8,7 +8,7 @@ vim.g.have_nerd_font = true
 vim.opt.number = true

 -- enable mouse
-vim.opt.mouse = 'a'
+vim.opt.mouse = "a"

 -- save undo history
 vim.opt.undofile = true
@ -31,21 +31,19 @@ vim.opt.splitbelow = true
 vim.opt.list = true

 -- preview substitutions (:s & :%s) while typing
-vim.opt.inccommand = 'split'
+vim.opt.inccommand = "split"

 -- highlight the line the cursor is on
 vim.opt.cursorline = true

 -- sync os clipboard and neovim
 vim.schedule(function()
-	vim.opt.clipboard = 'unnamedplus'
+	vim.opt.clipboard = "unnamedplus"
 end)

-
 -- [[ shortcuts, see `:help vim.keymap.set()` ]]
 -- hide search results when pressing esc
-vim.keymap.set('n', '<Esc>', '<cmd>nohlsearch<CR>')
-
+vim.keymap.set("n", "<Esc>", "<cmd>nohlsearch<CR>")

 -- disable arrow keys in normal mode
 -- vim.keymap.set('n', '<left>', '<cmd>echo "Use h to move!!"<CR>')
@ -57,11 +55,10 @@ vim.keymap.set('n', '<Esc>', '<cmd>nohlsearch<CR>')
 --  Use CTRL+<hjkl> to switch between windows
 --
 --  See `:help wincmd` for a list of all window commands
-vim.keymap.set('n', '<C-h>', '<C-w><C-h>', { desc = 'Move focus to the left window' })
-vim.keymap.set('n', '<C-l>', '<C-w><C-l>', { desc = 'Move focus to the right window' })
-vim.keymap.set('n', '<C-j>', '<C-w><C-j>', { desc = 'Move focus to the lower window' })
-vim.keymap.set('n', '<C-k>', '<C-w><C-k>', { desc = 'Move focus to the upper window' })
-
+vim.keymap.set("n", "<C-h>", "<C-w><C-h>", { desc = "Move focus to the left window" })
+vim.keymap.set("n", "<C-l>", "<C-w><C-l>", { desc = "Move focus to the right window" })
+vim.keymap.set("n", "<C-j>", "<C-w><C-j>", { desc = "Move focus to the lower window" })
+vim.keymap.set("n", "<C-k>", "<C-w><C-k>", { desc = "Move focus to the upper window" })

 -- [[ plugin configuration ]]
 require("nvim-treesitter.configs").setup({
--- a/programs/rust.nix
+++ b/programs/rust.nix
@ -3,15 +3,20 @@
  pkgs,
  config,
  ...
-}: let
-  toml = pkgs.formats.toml {};
-in {
+}:
+let
+  toml = pkgs.formats.toml { };
+in
+{
  hm.home.file.".cargo/config.toml".source = toml.generate "config.toml" {
    build.target-dir = "${config.hm.home.homeDirectory}/.cargo/target";

    target.x86_64-unknown-linux-gnu = {
      linker = "${lib.getExe pkgs.clang}";
-      rustflags = ["-C" "link-arg=-fuse-ld=${lib.getExe pkgs.mold}"];
+      rustflags = [
+        "-C"
+        "link-arg=-fuse-ld=${lib.getExe pkgs.mold}"
+      ];
    };
  };
 }
--- a/programs/starship/default.nix
+++ b/programs/starship/default.nix
@ -1,15 +1,13 @@
 {
  hm.programs.starship = {
    enable = true;
-    settings =
-      {
-        add_newline = false;
+    settings = {
+      add_newline = false;

-        directory = {
-          truncation_length = 3;
-          truncation_symbol = "…/";
-        };
-      }
-      // (import ./nerd-font.nix);
+      directory = {
+        truncation_length = 3;
+        truncation_symbol = "…/";
+      };
+    } // (import ./nerd-font.nix);
  };
 }
--- a/programs/vscode.nix
+++ b/programs/vscode.nix
@ -2,7 +2,8 @@
  pkgs,
  vscode-extensions,
  ...
-}: let
+}:
+let
  inherit (pkgs.stdenv.hostPlatform) system;
  extensions = vscode-extensions.extensions.${system};

@ -13,14 +14,16 @@
    rust-lang.rust-analyzer
    wakatime.vscode-wakatime
  ];
-in {
+in
+{
  hm.programs.vscode = {
    enable = true;
    enableUpdateCheck = false;
    enableExtensionUpdateCheck = false;
    mutableExtensionsDir = false;

-    extensions = with extensions.vscode-marketplace;
+    extensions =
+      with extensions.vscode-marketplace;
      patched
      ++ [
        # style
@ -49,8 +52,12 @@ in {

        # cpp
        mesonbuild.mesonbuild
-        (ms-vscode.cmake-tools.overrideAttrs (_: {sourceRoot = "extension";}))
-        (ms-vscode.makefile-tools.overrideAttrs (_: {sourceRoot = "extension";}))
+        (ms-vscode.cmake-tools.overrideAttrs (_: {
+          sourceRoot = "extension";
+        }))
+        (ms-vscode.makefile-tools.overrideAttrs (_: {
+          sourceRoot = "extension";
+        }))
        twxs.cmake
        xaver.clang-format

--- a/programs/waybar/default.nix
+++ b/programs/waybar/default.nix
@ -3,7 +3,8 @@
  pkgs,
  config,
  ...
-}: {
+}:
+{
  hm.programs.waybar = {
    enable = true;
    style = ./style.css;
@ -15,15 +16,23 @@
        height = 24;
        spacing = 2;

-        modules-left = ["hyprland/workspaces"];
-        modules-center = [];
+        modules-left = [ "hyprland/workspaces" ];
+        modules-center = [ ];
        modules-right =
-          ["memory"]
-          ++ lib.optionals (builtins.elem "amdgpu" config.services.xserver.videoDrivers) ["custom/gpu-usage"]
-          ++ ["cpu" "wireplumber"]
-          ++ lib.optionals config.services.power-profiles-daemon.enable ["battery"]
-          ++ lib.optionals config.programs.light.enable ["backlight"]
-          ++ ["clock" "tray"];
+          [ "memory" ]
+          ++ lib.optionals (builtins.elem "amdgpu" config.services.xserver.videoDrivers) [
+            "custom/gpu-usage"
+          ]
+          ++ [
+            "cpu"
+            "wireplumber"
+          ]
+          ++ lib.optionals config.services.power-profiles-daemon.enable [ "battery" ]
+          ++ lib.optionals config.programs.light.enable [ "backlight" ]
+          ++ [
+            "clock"
+            "tray"
+          ];

        "hyprland/workspaces" = {
          format = "{name}";
--- a/programs/waybar/style.css
+++ b/programs/waybar/style.css
@ -31,28 +31,30 @@
@define-color rosewater #f4dbd6;

 * {
-    font-family: Jetbrains Mono, sans-serif;
-    font-size: 12px;
+  font-family:
+    Jetbrains Mono,
+    sans-serif;
+  font-size: 12px;
 }

 window#waybar {
-    background-color: @base;
-    color: @text;
-    transition-property: background-color;
-    transition-duration: .5s;
+  background-color: @base;
+  color: @text;
+  transition-property: background-color;
+  transition-duration: 0.5s;
 }

 button {
-    /* Use box-shadow instead of border so the text isn't offset */
-    box-shadow: inset 0 -3px transparent;
-    /* Avoid rounded borders under each button name */
-    border: none;
-    border-radius: 0;
+  /* Use box-shadow instead of border so the text isn't offset */
+  box-shadow: inset 0 -3px transparent;
+  /* Avoid rounded borders under each button name */
+  border: none;
+  border-radius: 0;
 }

 /* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
 button:hover {
-    background: inherit;
+  background: inherit;
 }

 #clock,
@ -72,93 +74,93 @@ button:hover {
 #idle_inhibitor,
 #scratchpad,
 #mpd {
-    padding: 0 10px;
-    color: @crust;
+  padding: 0 10px;
+  color: @crust;
 }

 #window,
 #workspaces {
-    margin: 0 4px;
+  margin: 0 4px;
 }

 /* If workspaces is the leftmost module, omit left margin */
-.modules-left>widget:first-child>#workspaces {
-    margin-left: 0;
+.modules-left > widget:first-child > #workspaces {
+  margin-left: 0;
 }

 /* If workspaces is the rightmost module, omit right margin */
-.modules-right>widget:last-child>#workspaces {
-    margin-right: 0;
+.modules-right > widget:last-child > #workspaces {
+  margin-right: 0;
 }

 #workspaces button {
-    padding: 0 2px;
-    background-color: transparent;
-    color: @text;
+  padding: 0 2px;
+  background-color: transparent;
+  color: @text;
 }

 #workspaces button:hover {
-    background: rgba(0, 0, 0, 0.2);
+  background: rgba(0, 0, 0, 0.2);
 }

 #workspaces button.active {
-    background-color: @surface1;
-    box-shadow: inset 0 -3px @yellow;
+  background-color: @surface1;
+  box-shadow: inset 0 -3px @yellow;
 }

 #workspaces button.urgent {
-    background-color: @red;
+  background-color: @red;
 }

 #clock {
-    background-color: @green;
+  background-color: @green;
 }

 #battery {
-    background-color: @sky;
+  background-color: @sky;
 }

 #battery.low:not(.charging) {
-    background-color: @red;
+  background-color: @red;
 }

 #cpu {
-    background-color: @sapphire;
+  background-color: @sapphire;
 }

 #custom-gpu-usage {
-    background-color: @blue;
+  background-color: @blue;
 }

 #memory {
-    background-color: @lavender;
+  background-color: @lavender;
 }

 #backlight {
-    background-color: @teal;
+  background-color: @teal;
 }

 #network {
-    background-color: @mauve;
+  background-color: @mauve;
 }

 #wireplumber {
-    background-color: @sapphire;
+  background-color: @sapphire;
 }

 #wireplumber.muted {
-    color: @base;
+  color: @base;
 }

 #tray {
-    background-color: @yellow;
+  background-color: @yellow;
 }

-#tray>.passive {
-    -gtk-icon-effect: dim;
+#tray > .passive {
+  -gtk-icon-effect: dim;
 }

-#tray>.needs-attention {
-    -gtk-icon-effect: highlight;
-    background-color: #eb4d4b;
+#tray > .needs-attention {
+  -gtk-icon-effect: highlight;
+  background-color: #eb4d4b;
 }
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -5,9 +5,17 @@ let
  etna = "age1m3jm6c5ywc5zntv5j4xhals0h28mpea88zzddq88zxcshmhteqwqu89qnh";
  vesuvio = "age1g2z0tztrv2w7wtludjrd85q7px3lvjms0cjj32zej9dqpjwpscwsle6xhf";

-  main = [fuji kilimandjaro mottarone];
-  all = main ++ [etna vesuvio];
-in {
+  main = [
+    fuji
+    kilimandjaro
+    mottarone
+  ];
+  all = main ++ [
+    etna
+    vesuvio
+  ];
+in
+{
  "shared/userPassword.age".publicKeys = all;
  "shared/tailscaleKey.age".publicKeys = all;
  "shared/frpToken.age".publicKeys = all;
@ -17,19 +25,19 @@ in {
  "fuji-wsl/rootPassword.age".publicKeys = main;
  "kilimandjaro/rootPassword.age".publicKeys = main;
  "mottarone/rootPassword.age".publicKeys = main;
-  "etna/rootPassword.age".publicKeys = main ++ [etna];
-  "vesuvio/rootPassword.age".publicKeys = main ++ [vesuvio];
+  "etna/rootPassword.age".publicKeys = main ++ [ etna ];
+  "vesuvio/rootPassword.age".publicKeys = main ++ [ vesuvio ];

-  "etna/tunnelCreds.age".publicKeys = main ++ [etna];
-  "etna/apiRsEnv.age".publicKeys = main ++ [etna];
-  "etna/ukubotRsEnv.age".publicKeys = main ++ [etna];
-  "etna/minecraftEnv.age".publicKeys = main ++ [etna];
-  "etna/dendriteKey.age".publicKeys = main ++ [etna];
-  "etna/nextcloudAdminPass.age".publicKeys = main ++ [etna];
-  "etna/turnstileSecret.age".publicKeys = main ++ [etna];
-  "etna/navidromeEnv.age".publicKeys = main ++ [etna];
-  "etna/forgejoRunnerSecret.age".publicKeys = main ++ [etna];
-  "etna/vaultwardenEnv.age".publicKeys = main ++ [etna];
-  "etna/vmauthEnv.age".publicKeys = main ++ [etna];
-  "etna/upsdUserPass.age".publicKeys = main ++ [etna];
+  "etna/tunnelCreds.age".publicKeys = main ++ [ etna ];
+  "etna/apiRsEnv.age".publicKeys = main ++ [ etna ];
+  "etna/ukubotRsEnv.age".publicKeys = main ++ [ etna ];
+  "etna/minecraftEnv.age".publicKeys = main ++ [ etna ];
+  "etna/dendriteKey.age".publicKeys = main ++ [ etna ];
+  "etna/nextcloudAdminPass.age".publicKeys = main ++ [ etna ];
+  "etna/turnstileSecret.age".publicKeys = main ++ [ etna ];
+  "etna/navidromeEnv.age".publicKeys = main ++ [ etna ];
+  "etna/forgejoRunnerSecret.age".publicKeys = main ++ [ etna ];
+  "etna/vaultwardenEnv.age".publicKeys = main ++ [ etna ];
+  "etna/vmauthEnv.age".publicKeys = main ++ [ etna ];
+  "etna/upsdUserPass.age".publicKeys = main ++ [ etna ];
 }
--- a/systems/default.nix
+++ b/systems/default.nix
@ -2,15 +2,17 @@
  lib,
  inputs,
  ...
-}: let
-  _utils = import ../global/utils.nix {inherit lib;};
+}:
+let
+  _utils = import ../global/utils.nix { inherit lib; };

-  toSystem = name: {
-    role,
-    system,
-  }:
-    inputs.nixpkgs.lib.nixosSystem
+  toSystem =
+    name:
    {
+      role,
+      system,
+    }:
+    inputs.nixpkgs.lib.nixosSystem {
      inherit system;

      modules = [
@ -18,12 +20,15 @@
        ./${name}/hardware-configuration.nix
        ../configs/${role}.nix

-        {networking.hostName = name;}
+        { networking.hostName = name; }
      ];

-      specialArgs = inputs // {inherit _utils;};
+      specialArgs = inputs // {
+        inherit _utils;
+      };
    };
-in {
+in
+{
  flake.nixosConfigurations = lib.mapAttrs toSystem {
    fuji = {
      role = "desktop";
--- a/systems/etna/default.nix
+++ b/systems/etna/default.nix
@ -4,15 +4,17 @@
  config,
  _utils,
  ...
-}: let
+}:
+let
  tunnelId = "57f51ad7-25a0-45f3-b113-0b6ae0b2c3e5";

-  secrets = _utils.setupSharedSecrets config {secrets = ["frpToken"];};
+  secrets = _utils.setupSharedSecrets config { secrets = [ "frpToken" ]; };
  cfTunnelSecret = _utils.setupSingleSecret config "tunnelCreds" {
    owner = "cloudflared";
    group = "cloudflared";
  };
-in {
+in
+{
  assertions = [
    {
      assertion = lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.6.31";
@ -21,7 +23,7 @@ in {
  ];

  imports = [
-    (lib.mkAliasOptionModule ["cfTunnels"] ["services" "cloudflared" "tunnels" tunnelId "ingress"])
+    (lib.mkAliasOptionModule [ "cfTunnels" ] [ "services" "cloudflared" "tunnels" tunnelId "ingress" ])

    secrets.generate
    cfTunnelSecret.generate
--- a/systems/etna/dendrite.nix
+++ b/systems/etna/dendrite.nix
@ -2,60 +2,64 @@
  config,
  _utils,
  ...
-}: let
-  secretKey = _utils.setupSingleSecret config "dendriteKey" {};
-in {
-  imports = [secretKey.generate];
+}:
+let
+  secretKey = _utils.setupSingleSecret config "dendriteKey" { };
+in
+{
+  imports = [ secretKey.generate ];

  cfTunnels."m.uku.moe" = "http://localhost:80";

  systemd.services.dendrite = {
-    after = ["postgresql.service"];
+    after = [ "postgresql.service" ];
    serviceConfig.RestartSec = 10;
  };

  services = {
-    dendrite = let
-      database = {
-        connection_string = "postgres:///dendrite?host=/run/postgresql";
-        max_open_conns = 50;
-        max_idle_conns = 5;
-        conn_max_lifetime = -1;
-      };
-    in {
-      enable = true;
-      httpPort = 8008;
-      loadCredential = ["private_key:${secretKey.path}"];
-
-      settings = {
-        global = {
-          server_name = "m.uku.moe";
-          private_key = "$CREDENTIALS_DIRECTORY/private_key";
-          inherit database;
+    dendrite =
+      let
+        database = {
+          connection_string = "postgres:///dendrite?host=/run/postgresql";
+          max_open_conns = 50;
+          max_idle_conns = 5;
+          conn_max_lifetime = -1;
        };
+      in
+      {
+        enable = true;
+        httpPort = 8008;
+        loadCredential = [ "private_key:${secretKey.path}" ];

-        client_api = {
-          registration_disabled = true;
-        };
+        settings = {
+          global = {
+            server_name = "m.uku.moe";
+            private_key = "$CREDENTIALS_DIRECTORY/private_key";
+            inherit database;
+          };

-        app_service_api = {inherit database;};
-        federation_api = {inherit database;};
-        key_server = {inherit database;};
-        media_api = {inherit database;};
-        mscs = {inherit database;};
-        relay_api = {inherit database;};
-        room_server = {inherit database;};
-        sync_api = {inherit database;};
-        user_api = {
-          account_database = database;
-          device_database = database;
+          client_api = {
+            registration_disabled = true;
+          };
+
+          app_service_api = { inherit database; };
+          federation_api = { inherit database; };
+          key_server = { inherit database; };
+          media_api = { inherit database; };
+          mscs = { inherit database; };
+          relay_api = { inherit database; };
+          room_server = { inherit database; };
+          sync_api = { inherit database; };
+          user_api = {
+            account_database = database;
+            device_database = database;
+          };
        };
      };
-    };

    postgresql = {
      enable = true;
-      ensureDatabases = ["dendrite"];
+      ensureDatabases = [ "dendrite" ];
      ensureUsers = [
        {
          name = "dendrite";
@ -64,28 +68,34 @@ in {
      ];
    };

-    nginx.virtualHosts."m.uku.moe".locations = let
-      server = {"m.server" = "m.uku.moe:443";};
-      client = {"m.homeserver"."base_url" = "https://m.uku.moe";};
-    in {
-      "=/.well-known/matrix/server" = {
-        return = "200 '${builtins.toJSON server}'";
-      };
+    nginx.virtualHosts."m.uku.moe".locations =
+      let
+        server = {
+          "m.server" = "m.uku.moe:443";
+        };
+        client = {
+          "m.homeserver"."base_url" = "https://m.uku.moe";
+        };
+      in
+      {
+        "=/.well-known/matrix/server" = {
+          return = "200 '${builtins.toJSON server}'";
+        };

-      "=/.well-known/matrix/client" = {
-        return = "200 '${builtins.toJSON client}'";
-      };
+        "=/.well-known/matrix/client" = {
+          return = "200 '${builtins.toJSON client}'";
+        };

-      "/" = {
-        proxyPass = "http://localhost:8008";
-        proxyWebsockets = true;
-        extraConfig = ''
-          proxy_set_header Host      $host;
-          proxy_set_header X-Real-IP $remote_addr;
-          proxy_read_timeout         600;
-          client_max_body_size       100M;
-        '';
+        "/" = {
+          proxyPass = "http://localhost:8008";
+          proxyWebsockets = true;
+          extraConfig = ''
+            proxy_set_header Host      $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_read_timeout         600;
+            client_max_body_size       100M;
+          '';
+        };
      };
-    };
  };
 }
--- a/systems/etna/forgejo.nix
+++ b/systems/etna/forgejo.nix
@ -3,16 +3,21 @@
  config,
  _utils,
  ...
-}: let
+}:
+let
  secrets = _utils.setupSecrets config {
-    secrets = ["turnstileSecret" "forgejoRunnerSecret"];
+    secrets = [
+      "turnstileSecret"
+      "forgejoRunnerSecret"
+    ];
    extra = {
      owner = "forgejo";
      group = "forgejo";
    };
  };
-in {
-  imports = [secrets.generate];
+in
+{
+  imports = [ secrets.generate ];

  cfTunnels."git.uku3lig.net" = "http://localhost:3000";

--- a/systems/etna/hardware-configuration.nix
+++ b/systems/etna/hardware-configuration.nix
@ -7,15 +7,22 @@
  pkgs,
  modulesPath,
  ...
-}: {
+}:
+{
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];

-  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = ["kvm-intel"];
-  boot.extraModulePackages = [];
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];

  fileSystems."/" = {
    device = "/dev/disk/by-uuid/e136f8ad-b8d5-4706-ad24-725926fd50ec";
@ -25,7 +32,10 @@
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/FBB1-A79D";
    fsType = "vfat";
-    options = ["fmask=0022" "dmask=0022"];
+    options = [
+      "fmask=0022"
+      "dmask=0022"
+    ];
  };

  fileSystems."/data" = {
@ -34,7 +44,7 @@
  };

  swapDevices = [
-    {device = "/dev/disk/by-uuid/4982538e-5402-44c0-86c6-bf086c856615";}
+    { device = "/dev/disk/by-uuid/4982538e-5402-44c0-86c6-bf086c856615"; }
  ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
--- a/systems/etna/immich.nix
+++ b/systems/etna/immich.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
  services.immich = {
    enable = true;

--- a/systems/etna/metrics.nix
+++ b/systems/etna/metrics.nix
@ -3,11 +3,13 @@
  mystia,
  _utils,
  ...
-}: let
+}:
+let
  vmcfg = config.services.victoriametrics;
-  secrets = _utils.setupSharedSecrets config {secrets = ["vmAuthToken"];};
-  vmauthEnv = _utils.setupSingleSecret config "vmauthEnv" {};
-in {
+  secrets = _utils.setupSharedSecrets config { secrets = [ "vmAuthToken" ]; };
+  vmauthEnv = _utils.setupSingleSecret config "vmauthEnv" { };
+in
+{
  imports = [
    mystia.nixosModules.vmauth
    secrets.generate
@ -47,12 +49,12 @@ in {
      scrape_configs = [
        {
          job_name = "victoriametrics";
-          static_configs = [{targets = ["${builtins.toString vmcfg.listenAddress}"];}];
+          static_configs = [ { targets = [ "${builtins.toString vmcfg.listenAddress}" ]; } ];
        }

        {
          job_name = "api-rs";
-          static_configs = [{targets = ["localhost:5001"];}];
+          static_configs = [ { targets = [ "localhost:5001" ]; } ];
        }
      ];
    };
--- a/systems/etna/minecraft.nix
+++ b/systems/etna/minecraft.nix
@ -4,17 +4,18 @@
  config,
  _utils,
  ...
-}: let
+}:
+let
  inherit (config.virtualisation.oci-containers) backend;

-  secret = _utils.setupSingleSecret config "minecraftEnv" {};
+  secret = _utils.setupSingleSecret config "minecraftEnv" { };

  lynn = _utils.mkMinecraftServer config {
    name = "lynn";
    port = 25567;
    remotePort = 6002;
    memory = "4G";
-    envFiles = [secret.path];
+    envFiles = [ secret.path ];
    env = {
      USE_AIKAR_FLAGS = "true";
      TYPE = "MODRINTH";
@ -27,7 +28,7 @@
    port = 25565;
    remotePort = 6005;
    memory = "4G";
-    envFiles = [secret.path];
+    envFiles = [ secret.path ];
    env = {
      USE_AIKAR_FLAGS = "true";
      TYPE = "MODRINTH";
@ -40,7 +41,7 @@
    port = 25566;
    remotePort = 6006;
    memory = "4G";
-    envFiles = [secret.path];
+    envFiles = [ secret.path ];
    env = {
      USE_AIKAR_FLAGS = "true";
      TYPE = "MODRINTH";
@ -48,7 +49,8 @@
      MODRINTH_PROJECTS = "spark, no-chat-reports";
    };
  };
-in {
+in
+{
  imports = [
    secret.generate

@ -58,7 +60,7 @@ in {
  ];

  systemd.services.restart-minecraft-servers = {
-    wantedBy = ["multi-user.target"];
+    wantedBy = [ "multi-user.target" ];
    startAt = "*-*-* 05:00:00";
    restartIfChanged = false;

--- a/systems/etna/navidrome.nix
+++ b/systems/etna/navidrome.nix
@ -2,15 +2,17 @@
  config,
  _utils,
  ...
-}: let
+}:
+let
  cfg = config.services.navidrome;

  env = _utils.setupSingleSecret config "navidromeEnv" {
    inherit (cfg) group;
    owner = cfg.user;
  };
-in {
-  imports = [env.generate];
+in
+{
+  imports = [ env.generate ];

  cfTunnels."navidrome.uku3lig.net" = "http://localhost:4533";

--- a/systems/etna/nextcloud.nix
+++ b/systems/etna/nextcloud.nix
@ -3,13 +3,15 @@
  config,
  _utils,
  ...
-}: let
+}:
+let
  adminPass = _utils.setupSingleSecret config "nextcloudAdminPass" {
    owner = config.users.users.nextcloud.name;
    group = config.users.users.nextcloud.name;
  };
-in {
-  imports = [adminPass.generate];
+in
+{
+  imports = [ adminPass.generate ];

  # nextcloud generates nginx config
  cfTunnels."cloud.uku3lig.net" = "http://localhost:80";
--- a/systems/etna/reposilite.nix
+++ b/systems/etna/reposilite.nix
@ -1,5 +1,6 @@
-{camasca, ...}: {
-  imports = [camasca.nixosModules.reposilite];
+{ camasca, ... }:
+{
+  imports = [ camasca.nixosModules.reposilite ];

  cfTunnels."maven.uku3lig.net" = "http://localhost:8080";

--- a/systems/etna/satisfactory.nix
+++ b/systems/etna/satisfactory.nix
@ -1,10 +1,15 @@
-{config, ...}: let
+{ config, ... }:
+let
  inherit (config.virtualisation.oci-containers) backend;
-in {
+in
+{
  virtualisation.oci-containers.containers.satisfactory = {
    image = "wolveix/satisfactory-server:v1.8.5";
-    ports = ["7777:7777/udp" "7777:7777/tcp"];
-    volumes = ["/var/lib/satisfactory-server:/config"];
+    ports = [
+      "7777:7777/udp"
+      "7777:7777/tcp"
+    ];
+    volumes = [ "/var/lib/satisfactory-server:/config" ];
    environment = {
      MAXPLAYERS = "4";
      PGID = "1000";
@ -20,7 +25,7 @@ in {
  };

  networking.firewall = {
-    allowedTCPPorts = [7777];
-    allowedUDPPorts = [7777];
+    allowedTCPPorts = [ 7777 ];
+    allowedUDPPorts = [ 7777 ];
  };
 }
--- a/systems/etna/shlink.nix
+++ b/systems/etna/shlink.nix
@ -3,8 +3,8 @@

  virtualisation.oci-containers.containers.shlink = {
    image = "shlinkio/shlink:stable";
-    ports = ["8081:8080"];
-    volumes = ["/data/shlink/database.sqlite:/etc/shlink/data/database.sqlite"];
+    ports = [ "8081:8080" ];
+    volumes = [ "/data/shlink/database.sqlite:/etc/shlink/data/database.sqlite" ];
    environment = {
      DEFAULT_DOMAIN = "uku.moe";
      IS_HTTPS_ENABLED = "true";
--- a/systems/etna/uku.nix
+++ b/systems/etna/uku.nix
@ -4,11 +4,16 @@
  api-rs,
  ukubot-rs,
  ...
-}: let
+}:
+let
  secrets = _utils.setupSecrets config {
-    secrets = ["apiRsEnv" "ukubotRsEnv"];
+    secrets = [
+      "apiRsEnv"
+      "ukubotRsEnv"
+    ];
  };
-in {
+in
+{
  imports = [
    api-rs.nixosModules.default
    ukubot-rs.nixosModules.default
--- a/systems/etna/ups.nix
+++ b/systems/etna/ups.nix
@ -2,10 +2,12 @@
  _utils,
  config,
  ...
-}: let
-  upsdPass = _utils.setupSingleSecret config "upsdUserPass" {};
-in {
-  imports = [upsdPass.generate];
+}:
+let
+  upsdPass = _utils.setupSingleSecret config "upsdUserPass" { };
+in
+{
+  imports = [ upsdPass.generate ];

  power.ups = {
    enable = true;
@ -20,8 +22,11 @@ in {

    users.admin = {
      passwordFile = upsdPass.path;
-      instcmds = ["ALL"];
-      actions = ["SET" "FSD"];
+      instcmds = [ "ALL" ];
+      actions = [
+        "SET"
+        "FSD"
+      ];
    };

    ups.eaton-3s-850 = {
@ -57,10 +62,10 @@ in {
      {
        job_name = "nut";
        metrics_path = "/ups_metrics";
-        params.ups = ["eaton-3s-850"];
+        params.ups = [ "eaton-3s-850" ];
        static_configs = [
          {
-            targets = ["localhost:${builtins.toString config.services.prometheus.exporters.nut.port}"];
+            targets = [ "localhost:${builtins.toString config.services.prometheus.exporters.nut.port}" ];
            labels.ups = "eaton-3s-850";
          }
        ];
--- a/systems/etna/vaultwarden.nix
+++ b/systems/etna/vaultwarden.nix
@ -2,10 +2,12 @@
  config,
  _utils,
  ...
-}: let
-  envFile = _utils.setupSingleSecret config "vaultwardenEnv" {};
-in {
-  imports = [envFile.generate];
+}:
+let
+  envFile = _utils.setupSingleSecret config "vaultwardenEnv" { };
+in
+{
+  imports = [ envFile.generate ];

  cfTunnels."bw.uku3lig.net" = "http://localhost:8222";

--- a/systems/fuji-wsl/default.nix
+++ b/systems/fuji-wsl/default.nix
@ -3,12 +3,13 @@
  pkgs,
  nixos-wsl,
  ...
-}: {
+}:
+{
  imports = [
    nixos-wsl.nixosModules.default
  ];

-  environment.sessionVariables.LD_LIBRARY_PATH = ["/run/opengl-driver/lib"];
+  environment.sessionVariables.LD_LIBRARY_PATH = [ "/run/opengl-driver/lib" ];

  wsl = {
    enable = true;
--- a/systems/fuji/default.nix
+++ b/systems/fuji/default.nix
@ -1,10 +1,11 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
  imports = [
    ./nvidia.nix
    ../../programs/games.nix
  ];

-  services.xserver.videoDrivers = ["amdgpu"];
+  services.xserver.videoDrivers = [ "amdgpu" ];

  hm = {
    home.packages = with pkgs; [
--- a/systems/fuji/hardware-configuration.nix
+++ b/systems/fuji/hardware-configuration.nix
@ -7,20 +7,27 @@
  pkgs,
  modulesPath,
  ...
-}: {
+}:
+{
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];

-  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = ["kvm-intel"];
-  boot.extraModulePackages = [];
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "nvme"
+    "usbhid"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];

  fileSystems."/" = {
    device = "/dev/disk/by-uuid/660ff32b-308f-411a-815e-959706ec1bcb";
    fsType = "btrfs";
-    options = ["subvol=@"];
+    options = [ "subvol=@" ];
  };

  fileSystems."/boot" = {
@ -39,7 +46,7 @@
  };

  swapDevices = [
-    {device = "/dev/disk/by-uuid/6ee8ec3d-3b26-4d6d-b43d-174f908fd8fe";}
+    { device = "/dev/disk/by-uuid/6ee8ec3d-3b26-4d6d-b43d-174f908fd8fe"; }
  ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
--- a/systems/fuji/nvidia.nix
+++ b/systems/fuji/nvidia.nix
@ -2,8 +2,9 @@
  lib,
  pkgs,
  ...
-}: {
-  services.xserver.videoDrivers = lib.mkForce ["nvidia"];
+}:
+{
+  services.xserver.videoDrivers = lib.mkForce [ "nvidia" ];

  boot.kernelParams = [
    "nvidia.NVreg_EnableGpuFirmware=0"
@ -16,7 +17,7 @@
  };

  hardware = {
-    graphics.extraPackages = [pkgs.vaapiVdpau];
+    graphics.extraPackages = [ pkgs.vaapiVdpau ];
    nvidia = {
      # package = config.boot.kernelPackages.nvidiaPackages.production;
      open = true;
--- a/systems/kilimandjaro/default.nix
+++ b/systems/kilimandjaro/default.nix
@ -1,10 +1,11 @@
-{camasca, ...}: {
+{ camasca, ... }:
+{
  imports = [
    camasca.nixosModules.asus-numpad
    ../../programs/games.nix
  ];

-  hm.imports = [../../programs/dotnet.nix];
+  hm.imports = [ ../../programs/dotnet.nix ];

  services.asus-numpad = {
    enable = true;
--- a/systems/kilimandjaro/hardware-configuration.nix
+++ b/systems/kilimandjaro/hardware-configuration.nix
@ -7,15 +7,24 @@
  pkgs,
  modulesPath,
  ...
-}: {
+}:
+{
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];

-  boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" "sd_mod" "rtsx_usb_sdmmc"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = ["kvm-intel"];
-  boot.extraModulePackages = [];
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "thunderbolt"
+    "vmd"
+    "nvme"
+    "usb_storage"
+    "sd_mod"
+    "rtsx_usb_sdmmc"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];

  fileSystems."/" = {
    device = "/dev/disk/by-uuid/e082a535-4b7c-4b24-af1c-0373eefd3c05";
@ -33,7 +42,7 @@
  };

  swapDevices = [
-    {device = "/dev/disk/by-uuid/2a5ce834-4a58-45ab-955f-5b620d503f7b";}
+    { device = "/dev/disk/by-uuid/2a5ce834-4a58-45ab-955f-5b620d503f7b"; }
  ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
--- a/systems/mottarone/default.nix
+++ b/systems/mottarone/default.nix
@ -3,9 +3,11 @@
  pkgs,
  camasca,
  ...
-}: let
+}:
+let
  inherit (pkgs.stdenv.hostPlatform) system;
-in {
+in
+{
  environment.systemPackages = with pkgs; [
    gtkterm
    remmina
--- a/systems/mottarone/hardware-configuration.nix
+++ b/systems/mottarone/hardware-configuration.nix
@ -7,15 +7,23 @@
  pkgs,
  modulesPath,
  ...
-}: {
+}:
+{
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];

-  boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usbhid" "usb_storage" "sd_mod"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = ["kvm-intel"];
-  boot.extraModulePackages = [];
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "thunderbolt"
+    "nvme"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];

  fileSystems."/" = {
    device = "/dev/disk/by-uuid/e36f709d-a4ea-4310-8c0d-8752afacba3c";
@ -25,11 +33,14 @@
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/D4AA-EE25";
    fsType = "vfat";
-    options = ["fmask=0022" "dmask=0022"];
+    options = [
+      "fmask=0022"
+      "dmask=0022"
+    ];
  };

  swapDevices = [
-    {device = "/dev/disk/by-uuid/316ddc44-0359-40ac-9dce-2d78817fbb29";}
+    { device = "/dev/disk/by-uuid/316ddc44-0359-40ac-9dce-2d78817fbb29"; }
  ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
--- a/systems/vesuvio/default.nix
+++ b/systems/vesuvio/default.nix
@ -3,17 +3,22 @@
  config,
  _utils,
  ...
-}: let
-  secrets = _utils.setupSharedSecrets config {secrets = ["frpToken"];};
-in {
-  imports = [secrets.generate];
+}:
+let
+  secrets = _utils.setupSharedSecrets config { secrets = [ "frpToken" ]; };
+in
+{
+  imports = [ secrets.generate ];

  zramSwap.enable = true;

-  environment.systemPackages = with pkgs; [dig traceroute];
+  environment.systemPackages = with pkgs; [
+    dig
+    traceroute
+  ];

  services = {
-    openssh.ports = [4269];
+    openssh.ports = [ 4269 ];

    # Needed by the Hetzner Cloud password reset feature.
    qemuGuest.enable = true;
@ -40,11 +45,11 @@ in {
    frp.serviceConfig.EnvironmentFile = secrets.get "frpToken";

    # https://discourse.nixos.org/t/qemu-guest-agent-on-hetzner-cloud-doesnt-work/8864/2
-    qemu-guest-agent.path = [pkgs.shadow];
+    qemu-guest-agent.path = [ pkgs.shadow ];
  };

  networking.firewall = {
-    allowedTCPPorts = [22]; # forgejo-ssh
+    allowedTCPPorts = [ 22 ]; # forgejo-ssh
    allowedTCPPortRanges = [
      {
        from = 6000;
--- a/systems/vesuvio/hardware-configuration.nix
+++ b/systems/vesuvio/hardware-configuration.nix
@ -1,5 +1,6 @@
-{modulesPath, ...}: {
-  imports = ["${modulesPath}/profiles/qemu-guest.nix"];
+{ modulesPath, ... }:
+{
+  imports = [ "${modulesPath}/profiles/qemu-guest.nix" ];

  boot = {
    # arm so we can use systemd-boot
@ -11,11 +12,18 @@
    # set console because the console defaults to serial and
    # initialize the display early to get a complete log.
    # this is required for typing in LUKS passwords on boot too.
-    kernelParams = ["console=tty"];
+    kernelParams = [ "console=tty" ];

    initrd = {
-      availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];
-      kernelModules = ["nvme" "virtio_gpu"];
+      availableKernelModules = [
+        "ata_piix"
+        "uhci_hcd"
+        "xen_blkfront"
+      ];
+      kernelModules = [
+        "nvme"
+        "virtio_gpu"
+      ];
    };
  };