feat: alejandra -> nixfmt

.envrc

@@ -1 +1,2 @@
+# shellcheck disable=SC2148
 use flake

configs/client.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   imports = [
     ./common.nix
 
@@ -7,7 +8,7 @@
   ];
 
   environment.systemPackages = with pkgs; [
-    (ffmpeg-full.override {withUnfree = true;})
+    (ffmpeg-full.override { withUnfree = true; })
     fastfetch
     lazygit
     nixd
@@ -15,8 +16,8 @@
 
   hm.programs.keychain = {
     enable = true;
-    agents = ["ssh"];
+    agents = [ "ssh" ];
-    keys = ["id_ed25519"];
+    keys = [ "id_ed25519" ];
   };
 
   networking = {
@@ -24,7 +25,7 @@
     networkmanager = {
       enable = true;
       dns = "systemd-resolved";
-      plugins = [pkgs.networkmanager-fortisslvpn];
+      plugins = [ pkgs.networkmanager-fortisslvpn ];
     };
   };
 

configs/common.nix

@@ -10,20 +10,25 @@
   vencord,
   hydro,
   ...
-}: let
+}:
+let
   username = "leo";
   stateVersion = "24.11";
 
-  rootPassword = _utils.setupSingleSecret config "rootPassword" {};
+  rootPassword = _utils.setupSingleSecret config "rootPassword" { };
   secrets = _utils.setupSharedSecrets config {
-    secrets = ["userPassword" "tailscaleKey"];
+    secrets = [
+      "userPassword"
+      "tailscaleKey"
+    ];
   };
-in {
+in
+{
   imports = [
     agenix.nixosModules.default
     home-manager.nixosModules.home-manager
 
-    (lib.mkAliasOptionModule ["hm"] ["home-manager" "users" username])
+    (lib.mkAliasOptionModule [ "hm" ] [ "home-manager" "users" username ])
 
     rootPassword.generate
     secrets.generate
@@ -35,12 +40,15 @@ in {
 
   age = {
     ageBin = lib.getExe pkgs.rage;
-    identityPaths = ["/etc/age/key"];
+    identityPaths = [ "/etc/age/key" ];
   };
 
   boot = {
     kernelPackages = lib.mkDefault pkgs.linuxPackages; # use lts
-    kernelParams = ["quiet" "loglevel=3"];
+    kernelParams = [
+      "quiet"
+      "loglevel=3"
+    ];
 
     # faster tcp !!!
     kernel.sysctl = {
@@ -65,7 +73,7 @@ in {
   ];
 
   hm = {
-    home = {inherit stateVersion;};
+    home = { inherit stateVersion; };
 
     programs.ssh = {
       enable = true;
@@ -83,14 +91,17 @@ in {
 
   networking = {
     useNetworkd = lib.mkDefault true;
-    nameservers = ["1.1.1.1" "1.0.0.1"];
+    nameservers = [
+      "1.1.1.1"
+      "1.0.0.1"
+    ];
   };
 
   nix = {
     # package = pkgs.nixVersions.latest;
     channel.enable = false;
     # The `flake:` syntax in `$NIX_PATH` seems to do some weird copying on Nix 2.24
-    nixPath = ["nixpkgs=${config.nixpkgs.flake.source}"];
+    nixPath = [ "nixpkgs=${config.nixpkgs.flake.source}" ];
 
     gc = {
       automatic = true;
@@ -110,8 +121,14 @@ in {
 
     settings = {
       auto-optimise-store = true;
-      experimental-features = ["nix-command" "flakes"];
+      experimental-features = [
-      trusted-users = ["root" "@wheel"];
+        "nix-command"
+        "flakes"
+      ];
+      trusted-users = [
+        "root"
+        "@wheel"
+      ];
       connect-timeout = 5; # fail fast if substituters are not available
       builders-use-substitutes = true;
       log-lines = 25;
@@ -132,7 +149,7 @@ in {
   nixpkgs = {
     config.allowUnfree = true;
     flake.setNixPath = false;
-    overlays = [(import ../exprs/overlay.nix {inherit vencord hydro;})];
+    overlays = [ (import ../exprs/overlay.nix { inherit vencord hydro; }) ];
   };
 
   programs = {
@@ -172,7 +189,10 @@ in {
     tailscale = {
       enable = true;
       useRoutingFeatures = "both";
-      extraUpFlags = ["--ssh" "--stateful-filtering"];
+      extraUpFlags = [
+        "--ssh"
+        "--stateful-filtering"
+      ];
       authKeyFile = secrets.get "tailscaleKey";
     };
   };
@@ -197,7 +217,14 @@ in {
     "${username}" = {
       isNormalUser = true;
       shell = pkgs.fish;
-      extraGroups = ["networkmanager" "wheel" "video" "libvirtd" "input" "docker"];
+      extraGroups = [
+        "networkmanager"
+        "wheel"
+        "video"
+        "libvirtd"
+        "input"
+        "docker"
+      ];
       hashedPasswordFile = secrets.get "userPassword";
       openssh.authorizedKeys.keys = [
         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+7+KfdOrhcnHayxvOENUeMx8rE4XEIV/AxMHiaNUP8"

configs/desktop.nix

@@ -5,7 +5,8 @@
   catppuccin,
   lanzaboote,
   ...
-}: {
+}:
+{
   imports = [
     catppuccin.nixosModules.catppuccin
     lanzaboote.nixosModules.lanzaboote
@@ -24,10 +25,10 @@
   boot = {
     kernelPackages = pkgs.linuxPackages_latest;
 
-    extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
+    extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
-    kernelModules = ["v4l2loopback"];
+    kernelModules = [ "v4l2loopback" ];
 
-    supportedFilesystems = ["ntfs"];
+    supportedFilesystems = [ "ntfs" ];
 
     loader = {
       systemd-boot.enable = lib.mkForce false;
@@ -61,7 +62,7 @@
     ];
 
     fontconfig.defaultFonts = {
-      emoji = ["Twitter Color Emoji"];
+      emoji = [ "Twitter Color Emoji" ];
     };
   };
 
@@ -91,7 +92,7 @@
         strawberry
         teams-for-linux
         thunderbird
-        (vesktop.override {withSystemVencord = true;})
+        (vesktop.override { withSystemVencord = true; })
         vscode
 
         # libreoffice stuff

configs/laptop.nix

@@ -3,10 +3,11 @@
   pkgs,
   config,
   ...
-}: {
+}:
-  imports = [./desktop.nix];
+{
+  imports = [ ./desktop.nix ];
 
-  boot.initrd.kernelModules = ["xe"];
+  boot.initrd.kernelModules = [ "xe" ];
 
   hardware = {
     bluetooth.enable = true;
@@ -18,7 +19,7 @@
         vpl-gpu-rt
       ];
 
-      extraPackages32 = [pkgs.driversi686Linux.intel-media-driver];
+      extraPackages32 = [ pkgs.driversi686Linux.intel-media-driver ];
     };
   };
 
@@ -30,7 +31,7 @@
   programs.light.enable = true;
 
   # hyprland stuff
-  services.blueman = lib.mkIf config.programs.hyprland.enable {enable = true;};
+  services.blueman = lib.mkIf config.programs.hyprland.enable { enable = true; };
   hm.wayland.windowManager.hyprland.settings.exec-once = with pkgs; [
     "${lib.getExe networkmanagerapplet}"
     "${lib.getExe' blueman "blueman-applet"}"

configs/server.nix

@@ -2,11 +2,13 @@
   config,
   _utils,
   ...
-}: let
+}:
+let
   secrets = _utils.setupSharedSecrets config {
-    secrets = ["vmAuthToken"];
+    secrets = [ "vmAuthToken" ];
   };
-in {
+in
+{
   imports = [
     ./common.nix
     secrets.generate
@@ -21,7 +23,7 @@ in {
   };
 
   services = {
-    tailscale.extraUpFlags = ["--advertise-exit-node"];
+    tailscale.extraUpFlags = [ "--advertise-exit-node" ];
 
     openssh = {
       enable = true;
@@ -46,20 +48,22 @@ in {
     prometheus.exporters.node = {
       enable = true;
       port = 9091;
-      enabledCollectors = ["systemd"];
+      enabledCollectors = [ "systemd" ];
     };
 
     vmagent = {
       enable = true;
       remoteWrite.url = "https://metrics.uku3lig.net/api/v1/write";
-      extraArgs = ["-remoteWrite.bearerTokenFile=\${CREDENTIALS_DIRECTORY}/vm_auth_token"];
+      extraArgs = [ "-remoteWrite.bearerTokenFile=\${CREDENTIALS_DIRECTORY}/vm_auth_token" ];
       prometheusConfig = {
         global.scrape_interval = "15s";
 
         scrape_configs = [
           {
             job_name = "node";
-            static_configs = [{targets = ["localhost:${builtins.toString config.services.prometheus.exporters.node.port}"];}];
+            static_configs = [
+              { targets = [ "localhost:${builtins.toString config.services.prometheus.exporters.node.port}" ]; }
+            ];
             relabel_configs = [
               {
                 target_label = "instance";
@@ -73,7 +77,7 @@ in {
   };
 
   systemd = {
-    services.vmagent.serviceConfig.LoadCredential = ["vm_auth_token:${secrets.get "vmAuthToken"}"];
+    services.vmagent.serviceConfig.LoadCredential = [ "vm_auth_token:${secrets.get "vmAuthToken"}" ];
 
     # For more detail, see:
     #   https://0pointer.de/blog/projects/watchdog.html

exprs/idea-fixed.nix

@@ -22,17 +22,19 @@
   pipewire,
   udev,
   xrandr,
-}: let
+}:
+let
   inherit (jetbrains) idea-ultimate;
 in
-  symlinkJoin {
+symlinkJoin {
-    name = "idea-ultimate-fixed-${idea-ultimate.version}";
+  name = "idea-ultimate-fixed-${idea-ultimate.version}";
 
-    paths = [idea-ultimate];
+  paths = [ idea-ultimate ];
 
-    nativeBuildInputs = [makeWrapper];
+  nativeBuildInputs = [ makeWrapper ];
 
-    postBuild = let
+  postBuild =
+    let
       runtimeLibs = [
         stdenv.cc.cc.lib
         ## native versions
@@ -63,9 +65,10 @@ in
         xrandr # needed for LWJGL [2.9.2, 3) https://github.com/LWJGL/lwjgl/issues/128
         esbuild
       ];
-    in ''
+    in
+    ''
       wrapProgram $out/bin/idea-ultimate \
         --set LD_LIBRARY_PATH ${lib.makeLibraryPath runtimeLibs} \
         --prefix PATH : ${lib.makeBinPath runtimePrograms}
     '';
-  }
+}

exprs/overlay.nix

@@ -1,16 +1,14 @@
 inputs: final: prev: {
-  idea-ultimate-fixed = prev.callPackage ./idea-fixed.nix {};
+  idea-ultimate-fixed = prev.callPackage ./idea-fixed.nix { };
 
   vencord = prev.vencord.overrideAttrs (old: rec {
     version = "${old.version}+git.${inputs.vencord.shortRev}";
     src = inputs.vencord;
 
-    env =
+    env = old.env // {
-      old.env
+      VENCORD_REMOTE = "Vendicated/Vencord";
-      // {
+      VENCORD_HASH = src.shortRev;
-        VENCORD_REMOTE = "Vendicated/Vencord";
+    };
-        VENCORD_HASH = src.shortRev;
-      };
 
     pnpmDeps = old.pnpmDeps.overrideAttrs (_: {
       outputHash = "sha256-vVzERis1W3QZB/i6SQR9dQR56yDWadKWvFr+nLTQY9Y=";

flake.lock

@@ -329,6 +329,7 @@
         "nixos-wsl": "nixos-wsl",
         "nixpkgs": "nixpkgs",
         "systems": "systems_2",
+        "treefmt-nix": "treefmt-nix",
         "ukubot-rs": "ukubot-rs",
         "vencord": "vencord",
         "vscode-extensions": "vscode-extensions"
@@ -385,6 +386,26 @@
         "type": "github"
       }
     },
+    "treefmt-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1735135567,
+        "narHash": "sha256-8T3K5amndEavxnludPyfj3Z1IkcFdRpR23q+T0BVeZE=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "9e09d30a644c57257715902efbb3adc56c79cf28",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "type": "github"
+      }
+    },
     "ukubot-rs": {
       "inputs": {
         "flake-parts": [

flake.nix

@@ -1,31 +1,38 @@
 {
   description = "example flake idk";
 
-  outputs = {
+  outputs =
-    self,
+    {
-    flake-parts,
+      self,
-    nixinate,
+      flake-parts,
-    agenix,
+      nixinate,
-    ...
+      agenix,
-  } @ inputs:
+      treefmt-nix,
-    flake-parts.lib.mkFlake {inherit inputs;} {
+      ...
-      systems = ["x86_64-linux" "aarch64-linux"];
+    }@inputs:
+    flake-parts.lib.mkFlake { inherit inputs; } {
+      systems = [
+        "x86_64-linux"
+        "aarch64-linux"
+      ];
 
       imports = [
+        treefmt-nix.flakeModule
         ./systems
       ];
 
-      perSystem = {
+      perSystem =
-        pkgs,
+        {
-        system,
+          pkgs,
-        self',
+          system,
-        ...
+          self',
-      }: {
+          ...
-        apps = (nixinate.nixinate.${system} self).nixinate;
+        }:
+        {
+          apps = (nixinate.nixinate.${system} self).nixinate;
 
-        devShells.default = with pkgs;
+          devShells.default = pkgs.mkShellNoCC {
-          mkShellNoCC {
+            packages = with pkgs; [
-            packages = [
               agenix.packages.${system}.default
               just
               self'.formatter
@@ -33,8 +40,25 @@
             ];
           };
 
-        formatter = pkgs.alejandra;
+          treefmt = {
-      };
+            projectRootFile = "flake.nix";
+
+            settings.excludes = [
+              ".envrc"
+              ".gitignore"
+              "*.age"
+              "flake.lock"
+              "justfile"
+              "LICENSE"
+            ];
+
+            programs = {
+              nixfmt.enable = true;
+              prettier.enable = true;
+              stylua.enable = true;
+            };
+          };
+        };
     };
 
   inputs = {
@@ -109,6 +133,11 @@
     # nix's most elaborate, overcomplicated joke
     systems.url = "github:nix-systems/default";
 
+    treefmt-nix = {
+      url = "github:numtide/treefmt-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     vscode-extensions = {
       url = "github:nix-community/nix-vscode-extensions";
       inputs.nixpkgs.follows = "nixpkgs";

global/utils.nix

@@ -1,66 +1,87 @@
-{lib, ...}: {
+{ lib, ... }:
-  setupSecrets = _config: {
+{
-    secrets,
+  setupSecrets =
-    extra ? {},
+    _config:
-  }: let
+    {
-    inherit (_config.networking) hostName;
+      secrets,
-  in {
+      extra ? { },
-    generate = {age.secrets = lib.genAttrs secrets (name: extra // {file = ../secrets/${hostName}/${name}.age;});};
+    }:
-    get = name: _config.age.secrets.${name}.path;
+    let
-  };
+      inherit (_config.networking) hostName;
-
+    in
-  setupSingleSecret = _config: name: extra: let
+    {
-    inherit (_config.networking) hostName;
+      generate = {
-  in {
+        age.secrets = lib.genAttrs secrets (name: extra // { file = ../secrets/${hostName}/${name}.age; });
-    generate = {age.secrets.${name} = extra // {file = ../secrets/${hostName}/${name}.age;};};
+      };
-    inherit (_config.age.secrets.${name}) path;
+      get = name: _config.age.secrets.${name}.path;
-  };
-
-  setupSharedSecrets = _config: {
-    secrets,
-    extra ? {},
-  }: {
-    generate = {age.secrets = lib.genAttrs secrets (name: extra // {file = ../secrets/shared/${name}.age;});};
-    get = name: _config.age.secrets.${name}.path;
-  };
-
-  mkMinecraftServer = _config: {
-    name,
-    port,
-    remotePort,
-    tag ? "java21",
-    dataDir ? "/var/lib/${name}",
-    memory ? "4G",
-    env ? {},
-    envFiles ? [],
-    extraPorts ? [],
-  }: let
-    inherit (_config.virtualisation.oci-containers) backend;
-  in {
-    virtualisation.oci-containers.containers."mc-${name}" = {
-      image = "itzg/minecraft-server:${tag}";
-      ports = ["${builtins.toString port}:25565"] ++ extraPorts;
-      volumes = ["${dataDir}:/data"];
-      environmentFiles = envFiles;
-      environment =
-        {
-          EULA = "true";
-          MEMORY = memory;
-        }
-        // env;
     };
 
-    networking.firewall.allowedTCPPorts = [port];
+  setupSingleSecret =
+    _config: name: extra:
+    let
+      inherit (_config.networking) hostName;
+    in
+    {
+      generate = {
+        age.secrets.${name} = extra // {
+          file = ../secrets/${hostName}/${name}.age;
+        };
+      };
+      inherit (_config.age.secrets.${name}) path;
+    };
 
-    services.frp.settings.proxies = [
+  setupSharedSecrets =
-      {
+    _config:
-        inherit name remotePort;
+    {
-        type = "tcp";
+      secrets,
-        localIp = "127.0.0.1";
+      extra ? { },
-        localPort = port;
+    }:
-      }
+    {
-    ];
+      generate = {
+        age.secrets = lib.genAttrs secrets (name: extra // { file = ../secrets/shared/${name}.age; });
+      };
+      get = name: _config.age.secrets.${name}.path;
+    };
 
-    systemd.services."${backend}-mc-${name}".serviceConfig.TimeoutSec = "300";
+  mkMinecraftServer =
-  };
+    _config:
+    {
+      name,
+      port,
+      remotePort,
+      tag ? "java21",
+      dataDir ? "/var/lib/${name}",
+      memory ? "4G",
+      env ? { },
+      envFiles ? [ ],
+      extraPorts ? [ ],
+    }:
+    let
+      inherit (_config.virtualisation.oci-containers) backend;
+    in
+    {
+      virtualisation.oci-containers.containers."mc-${name}" = {
+        image = "itzg/minecraft-server:${tag}";
+        ports = [ "${builtins.toString port}:25565" ] ++ extraPorts;
+        volumes = [ "${dataDir}:/data" ];
+        environmentFiles = envFiles;
+        environment = {
+          EULA = "true";
+          MEMORY = memory;
+        } // env;
+      };
+
+      networking.firewall.allowedTCPPorts = [ port ];
+
+      services.frp.settings.proxies = [
+        {
+          inherit name remotePort;
+          type = "tcp";
+          localIp = "127.0.0.1";
+          localPort = port;
+        }
+      ];
+
+      systemd.services."${backend}-mc-${name}".serviceConfig.TimeoutSec = "300";
+    };
 }

programs/alacritty.nix

@@ -2,22 +2,25 @@
   lib,
   pkgs,
   ...
-}: {
+}:
-  hm.programs.alacritty = let
+{
-    theme = pkgs.fetchurl {
+  hm.programs.alacritty =
-      # url = "https://raw.githubusercontent.com/catppuccin/alacritty/ce476fb41f307d90f841c1a4fd7f0727c21248b2/catppuccin-macchiato.toml";
+    let
-      url = "https://raw.githubusercontent.com/rose-pine/alacritty/3c3e36eb5225b0eb6f1aa989f9d9e783a5b47a83/dist/rose-pine.toml";
+      theme = pkgs.fetchurl {
-      hash = "sha256-MheSmzz02ZLAOS2uaclyazu6E//eikcdFydFfkio0/U=";
+        # url = "https://raw.githubusercontent.com/catppuccin/alacritty/ce476fb41f307d90f841c1a4fd7f0727c21248b2/catppuccin-macchiato.toml";
-    };
+        url = "https://raw.githubusercontent.com/rose-pine/alacritty/3c3e36eb5225b0eb6f1aa989f9d9e783a5b47a83/dist/rose-pine.toml";
+        hash = "sha256-MheSmzz02ZLAOS2uaclyazu6E//eikcdFydFfkio0/U=";
+      };
 
-    themeAttr = builtins.fromTOML (builtins.readFile theme);
+      themeAttr = builtins.fromTOML (builtins.readFile theme);
-  in {
+    in
-    enable = true;
+    {
-    settings = lib.recursiveUpdate themeAttr {
+      enable = true;
-      font = {
+      settings = lib.recursiveUpdate themeAttr {
-        normal.family = "Iosevka Nerd Font";
+        font = {
-        size = 12;
+          normal.family = "Iosevka Nerd Font";
+          size = 12;
+        };
       };
     };
-  };
 }

programs/dotnet.nix

@@ -3,14 +3,17 @@
   config,
   pkgs,
   ...
-}: let
+}:
+let
   inherit (config.lib.file) mkOutOfStoreSymlink;
-in {
+in
+{
   home = {
-    packages = [pkgs.jetbrains.rider];
+    packages = [ pkgs.jetbrains.rider ];
 
     file = {
-      ".dotnet/8".source = mkOutOfStoreSymlink "${pkgs.dotnetCorePackages.dotnet_8.sdk.unwrapped}/share/dotnet";
+      ".dotnet/8".source =
+        mkOutOfStoreSymlink "${pkgs.dotnetCorePackages.dotnet_8.sdk.unwrapped}/share/dotnet";
       ".dotnet/mono".source = mkOutOfStoreSymlink pkgs.mono;
     };
   };

programs/fish.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   programs.fish.enable = true;
 
   environment.systemPackages = with pkgs; [

programs/games.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   hardware = {
     xone.enable = true;
     xpadneo.enable = true;
@@ -9,7 +10,11 @@
     osu-lazer-bin
 
     (prismlauncher.override {
-      jdks = [temurin-bin-21 temurin-bin-17 temurin-bin-8];
+      jdks = [
+        temurin-bin-21
+        temurin-bin-17
+        temurin-bin-8
+      ];
     })
   ];
 

programs/ghostty.nix

@@ -2,9 +2,10 @@
   pkgs,
   ghostty,
   ...
-}: {
+}:
+{
   hm.home = {
-    packages = [ghostty.packages.${pkgs.system}.default];
+    packages = [ ghostty.packages.${pkgs.system}.default ];
 
     file.".config/ghostty/config".text = ''
       theme = light:catppuccin-latte,dark:catppuccin-mocha

programs/git.nix

@@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
   programs.git.enable = true;
 
   hm.programs = {

programs/gnome.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   services = {
     xserver.desktopManager.gnome.enable = true;
     displayManager = {
@@ -13,14 +14,14 @@
   hm.programs.gnome-shell = {
     enable = true;
     extensions = with pkgs.gnomeExtensions; [
-      {package = appindicator;}
+      { package = appindicator; }
-      {package = dash-to-dock;}
+      { package = dash-to-dock; }
-      {package = blur-my-shell;}
+      { package = blur-my-shell; }
     ];
   };
 
   environment = with pkgs; {
-    systemPackages = [gnome-tweaks];
+    systemPackages = [ gnome-tweaks ];
 
     gnome.excludePackages = [
       gnome-tour

programs/hyprland-misc.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   # utility packages for hyprland, since you know it's not a DE
 
   hm.home.packages = with pkgs; [
@@ -14,7 +15,10 @@
 
     thunar = {
       enable = true;
-      plugins = with pkgs.xfce; [thunar-volman thunar-archive-plugin];
+      plugins = with pkgs.xfce; [
+        thunar-volman
+        thunar-archive-plugin
+      ];
     };
   };
 }

programs/hyprland.nix

@@ -2,7 +2,8 @@
   lib,
   pkgs,
   ...
-}: {
+}:
+{
   imports = [
     ./hyprland-misc.nix
     ./alacritty.nix
@@ -20,7 +21,7 @@
     };
   };
 
-  xdg.portal.extraPortals = with pkgs; [xdg-desktop-portal-gtk];
+  xdg.portal.extraPortals = with pkgs; [ xdg-desktop-portal-gtk ];
 
   hm = {
     home.packages = with pkgs; [
@@ -37,11 +38,24 @@
 
     wayland.windowManager.hyprland = {
       enable = true;
-      settings = let
+      settings =
-        inherit (lib) getExe getExe';
+        let
-        keys = ["ampersand" "eacute" "quotedbl" "apostrophe" "parenleft" "minus" "egrave" "underscore" "ccedilla" "agrave"];
+          inherit (lib) getExe getExe';
-      in
+          keys = [
-        with pkgs; {
+            "ampersand"
+            "eacute"
+            "quotedbl"
+            "apostrophe"
+            "parenleft"
+            "minus"
+            "egrave"
+            "underscore"
+            "ccedilla"
+            "agrave"
+          ];
+        in
+        with pkgs;
+        {
           "$mod" = "SUPER";
           "$wl-paste" = getExe' wl-clipboard "wl-paste";
           "$wpctl" = getExe' wireplumber "wpctl";
@@ -152,12 +166,18 @@
             ++
             # Switch workspaces with mod + [0-9]
             # Move active window to a workspace with mod + SHIFT + [0-9]
-            lib.flatten (builtins.map (i: let
+            lib.flatten (
-              key = builtins.elemAt keys (i - 1);
+              builtins.map (
-            in [
+                i:
-              "$mod, ${key}, workspace, ${toString i}"
+                let
-              "$mod SHIFT, ${key}, movetoworkspace, ${toString i}"
+                  key = builtins.elemAt keys (i - 1);
-            ]) (lib.range 1 10));
+                in
+                [
+                  "$mod, ${key}, workspace, ${toString i}"
+                  "$mod SHIFT, ${key}, movetoworkspace, ${toString i}"
+                ]
+              ) (lib.range 1 10)
+            );
 
           bindm = [
             "$mod, mouse:272, movewindow"

programs/java.nix

@@ -3,9 +3,11 @@
   config,
   pkgs,
   ...
-}: let
+}:
+let
   inherit (config.lib.file) mkOutOfStoreSymlink;
-in {
+in
+{
   home.file = {
     ".jdks/temurin-21".source = mkOutOfStoreSymlink pkgs.temurin-bin-21;
     ".jdks/temurin-17".source = mkOutOfStoreSymlink pkgs.temurin-bin-17;

programs/kde.nix

@@ -2,7 +2,8 @@
   pkgs,
   camasca,
   ...
-}: {
+}:
+{
   services = {
     desktopManager.plasma6.enable = true;
     displayManager.sddm = {

programs/neovim/default.nix

@@ -1,11 +1,12 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   hm.programs.neovim = {
     enable = true;
     defaultEditor = true;
     extraLuaConfig = builtins.readFile ./init.lua;
 
     extraPackages = with pkgs; [
-      (lua5_1.withPackages (ps: with ps; [luarocks]))
+      (lua5_1.withPackages (ps: with ps; [ luarocks ]))
       tree-sitter
     ];
 

programs/neovim/init.lua

@@ -1,5 +1,5 @@
 -- sets the <Leader> "key", which can be used in shortcuts
-vim.g.mapleader = ' '
+vim.g.mapleader = " "
 
 vim.g.have_nerd_font = true
 
@@ -8,7 +8,7 @@ vim.g.have_nerd_font = true
 vim.opt.number = true
 
 -- enable mouse
-vim.opt.mouse = 'a'
+vim.opt.mouse = "a"
 
 -- save undo history
 vim.opt.undofile = true
@@ -31,21 +31,19 @@ vim.opt.splitbelow = true
 vim.opt.list = true
 
 -- preview substitutions (:s & :%s) while typing
-vim.opt.inccommand = 'split'
+vim.opt.inccommand = "split"
 
 -- highlight the line the cursor is on
 vim.opt.cursorline = true
 
 -- sync os clipboard and neovim
 vim.schedule(function()
-	vim.opt.clipboard = 'unnamedplus'
+	vim.opt.clipboard = "unnamedplus"
 end)
 
-
 -- [[ shortcuts, see `:help vim.keymap.set()` ]]
 -- hide search results when pressing esc
-vim.keymap.set('n', '<Esc>', '<cmd>nohlsearch<CR>')
+vim.keymap.set("n", "<Esc>", "<cmd>nohlsearch<CR>")
-
 
 -- disable arrow keys in normal mode
 -- vim.keymap.set('n', '<left>', '<cmd>echo "Use h to move!!"<CR>')
@@ -57,11 +55,10 @@ vim.keymap.set('n', '<Esc>', '<cmd>nohlsearch<CR>')
 --  Use CTRL+<hjkl> to switch between windows
 --
 --  See `:help wincmd` for a list of all window commands
-vim.keymap.set('n', '<C-h>', '<C-w><C-h>', { desc = 'Move focus to the left window' })
+vim.keymap.set("n", "<C-h>", "<C-w><C-h>", { desc = "Move focus to the left window" })
-vim.keymap.set('n', '<C-l>', '<C-w><C-l>', { desc = 'Move focus to the right window' })
+vim.keymap.set("n", "<C-l>", "<C-w><C-l>", { desc = "Move focus to the right window" })
-vim.keymap.set('n', '<C-j>', '<C-w><C-j>', { desc = 'Move focus to the lower window' })
+vim.keymap.set("n", "<C-j>", "<C-w><C-j>", { desc = "Move focus to the lower window" })
-vim.keymap.set('n', '<C-k>', '<C-w><C-k>', { desc = 'Move focus to the upper window' })
+vim.keymap.set("n", "<C-k>", "<C-w><C-k>", { desc = "Move focus to the upper window" })
-
 
 -- [[ plugin configuration ]]
 require("nvim-treesitter.configs").setup({

programs/rust.nix

@@ -3,15 +3,20 @@
   pkgs,
   config,
   ...
-}: let
+}:
-  toml = pkgs.formats.toml {};
+let
-in {
+  toml = pkgs.formats.toml { };
+in
+{
   hm.home.file.".cargo/config.toml".source = toml.generate "config.toml" {
     build.target-dir = "${config.hm.home.homeDirectory}/.cargo/target";
 
     target.x86_64-unknown-linux-gnu = {
       linker = "${lib.getExe pkgs.clang}";
-      rustflags = ["-C" "link-arg=-fuse-ld=${lib.getExe pkgs.mold}"];
+      rustflags = [
+        "-C"
+        "link-arg=-fuse-ld=${lib.getExe pkgs.mold}"
+      ];
     };
   };
 }

programs/starship/default.nix

@@ -1,15 +1,13 @@
 {
   hm.programs.starship = {
     enable = true;
-    settings =
+    settings = {
-      {
+      add_newline = false;
-        add_newline = false;
 
-        directory = {
+      directory = {
-          truncation_length = 3;
+        truncation_length = 3;
-          truncation_symbol = "…/";
+        truncation_symbol = "…/";
-        };
+      };
-      }
+    } // (import ./nerd-font.nix);
-      // (import ./nerd-font.nix);
   };
 }

programs/vscode.nix

@@ -2,7 +2,8 @@
   pkgs,
   vscode-extensions,
   ...
-}: let
+}:
+let
   inherit (pkgs.stdenv.hostPlatform) system;
   extensions = vscode-extensions.extensions.${system};
 
@@ -13,14 +14,16 @@
     rust-lang.rust-analyzer
     wakatime.vscode-wakatime
   ];
-in {
+in
+{
   hm.programs.vscode = {
     enable = true;
     enableUpdateCheck = false;
     enableExtensionUpdateCheck = false;
     mutableExtensionsDir = false;
 
-    extensions = with extensions.vscode-marketplace;
+    extensions =
+      with extensions.vscode-marketplace;
       patched
       ++ [
         # style
@@ -49,8 +52,12 @@ in {
 
         # cpp
         mesonbuild.mesonbuild
-        (ms-vscode.cmake-tools.overrideAttrs (_: {sourceRoot = "extension";}))
+        (ms-vscode.cmake-tools.overrideAttrs (_: {
-        (ms-vscode.makefile-tools.overrideAttrs (_: {sourceRoot = "extension";}))
+          sourceRoot = "extension";
+        }))
+        (ms-vscode.makefile-tools.overrideAttrs (_: {
+          sourceRoot = "extension";
+        }))
         twxs.cmake
         xaver.clang-format
 

programs/waybar/default.nix

@@ -3,7 +3,8 @@
   pkgs,
   config,
   ...
-}: {
+}:
+{
   hm.programs.waybar = {
     enable = true;
     style = ./style.css;
@@ -15,15 +16,23 @@
         height = 24;
         spacing = 2;
 
-        modules-left = ["hyprland/workspaces"];
+        modules-left = [ "hyprland/workspaces" ];
-        modules-center = [];
+        modules-center = [ ];
         modules-right =
-          ["memory"]
+          [ "memory" ]
-          ++ lib.optionals (builtins.elem "amdgpu" config.services.xserver.videoDrivers) ["custom/gpu-usage"]
+          ++ lib.optionals (builtins.elem "amdgpu" config.services.xserver.videoDrivers) [
-          ++ ["cpu" "wireplumber"]
+            "custom/gpu-usage"
-          ++ lib.optionals config.services.power-profiles-daemon.enable ["battery"]
+          ]
-          ++ lib.optionals config.programs.light.enable ["backlight"]
+          ++ [
-          ++ ["clock" "tray"];
+            "cpu"
+            "wireplumber"
+          ]
+          ++ lib.optionals config.services.power-profiles-daemon.enable [ "battery" ]
+          ++ lib.optionals config.programs.light.enable [ "backlight" ]
+          ++ [
+            "clock"
+            "tray"
+          ];
 
         "hyprland/workspaces" = {
           format = "{name}";

programs/waybar/style.css

@@ -31,28 +31,30 @@
 @define-color rosewater #f4dbd6;
 
 * {
-    font-family: Jetbrains Mono, sans-serif;
+  font-family:
-    font-size: 12px;
+    Jetbrains Mono,
+    sans-serif;
+  font-size: 12px;
 }
 
 window#waybar {
-    background-color: @base;
+  background-color: @base;
-    color: @text;
+  color: @text;
-    transition-property: background-color;
+  transition-property: background-color;
-    transition-duration: .5s;
+  transition-duration: 0.5s;
 }
 
 button {
-    /* Use box-shadow instead of border so the text isn't offset */
+  /* Use box-shadow instead of border so the text isn't offset */
-    box-shadow: inset 0 -3px transparent;
+  box-shadow: inset 0 -3px transparent;
-    /* Avoid rounded borders under each button name */
+  /* Avoid rounded borders under each button name */
-    border: none;
+  border: none;
-    border-radius: 0;
+  border-radius: 0;
 }
 
 /* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
 button:hover {
-    background: inherit;
+  background: inherit;
 }
 
 #clock,
@@ -72,93 +74,93 @@ button:hover {
 #idle_inhibitor,
 #scratchpad,
 #mpd {
-    padding: 0 10px;
+  padding: 0 10px;
-    color: @crust;
+  color: @crust;
 }
 
 #window,
 #workspaces {
-    margin: 0 4px;
+  margin: 0 4px;
 }
 
 /* If workspaces is the leftmost module, omit left margin */
-.modules-left>widget:first-child>#workspaces {
+.modules-left > widget:first-child > #workspaces {
-    margin-left: 0;
+  margin-left: 0;
 }
 
 /* If workspaces is the rightmost module, omit right margin */
-.modules-right>widget:last-child>#workspaces {
+.modules-right > widget:last-child > #workspaces {
-    margin-right: 0;
+  margin-right: 0;
 }
 
 #workspaces button {
-    padding: 0 2px;
+  padding: 0 2px;
-    background-color: transparent;
+  background-color: transparent;
-    color: @text;
+  color: @text;
 }
 
 #workspaces button:hover {
-    background: rgba(0, 0, 0, 0.2);
+  background: rgba(0, 0, 0, 0.2);
 }
 
 #workspaces button.active {
-    background-color: @surface1;
+  background-color: @surface1;
-    box-shadow: inset 0 -3px @yellow;
+  box-shadow: inset 0 -3px @yellow;
 }
 
 #workspaces button.urgent {
-    background-color: @red;
+  background-color: @red;
 }
 
 #clock {
-    background-color: @green;
+  background-color: @green;
 }
 
 #battery {
-    background-color: @sky;
+  background-color: @sky;
 }
 
 #battery.low:not(.charging) {
-    background-color: @red;
+  background-color: @red;
 }
 
 #cpu {
-    background-color: @sapphire;
+  background-color: @sapphire;
 }
 
 #custom-gpu-usage {
-    background-color: @blue;
+  background-color: @blue;
 }
 
 #memory {
-    background-color: @lavender;
+  background-color: @lavender;
 }
 
 #backlight {
-    background-color: @teal;
+  background-color: @teal;
 }
 
 #network {
-    background-color: @mauve;
+  background-color: @mauve;
 }
 
 #wireplumber {
-    background-color: @sapphire;
+  background-color: @sapphire;
 }
 
 #wireplumber.muted {
-    color: @base;
+  color: @base;
 }
 
 #tray {
-    background-color: @yellow;
+  background-color: @yellow;
 }
 
-#tray>.passive {
+#tray > .passive {
-    -gtk-icon-effect: dim;
+  -gtk-icon-effect: dim;
 }
 
-#tray>.needs-attention {
+#tray > .needs-attention {
-    -gtk-icon-effect: highlight;
+  -gtk-icon-effect: highlight;
-    background-color: #eb4d4b;
+  background-color: #eb4d4b;
 }

secrets/secrets.nix

@@ -5,9 +5,17 @@ let
   etna = "age1m3jm6c5ywc5zntv5j4xhals0h28mpea88zzddq88zxcshmhteqwqu89qnh";
   vesuvio = "age1g2z0tztrv2w7wtludjrd85q7px3lvjms0cjj32zej9dqpjwpscwsle6xhf";
 
-  main = [fuji kilimandjaro mottarone];
+  main = [
-  all = main ++ [etna vesuvio];
+    fuji
-in {
+    kilimandjaro
+    mottarone
+  ];
+  all = main ++ [
+    etna
+    vesuvio
+  ];
+in
+{
   "shared/userPassword.age".publicKeys = all;
   "shared/tailscaleKey.age".publicKeys = all;
   "shared/frpToken.age".publicKeys = all;
@@ -17,19 +25,19 @@ in {
   "fuji-wsl/rootPassword.age".publicKeys = main;
   "kilimandjaro/rootPassword.age".publicKeys = main;
   "mottarone/rootPassword.age".publicKeys = main;
-  "etna/rootPassword.age".publicKeys = main ++ [etna];
+  "etna/rootPassword.age".publicKeys = main ++ [ etna ];
-  "vesuvio/rootPassword.age".publicKeys = main ++ [vesuvio];
+  "vesuvio/rootPassword.age".publicKeys = main ++ [ vesuvio ];
 
-  "etna/tunnelCreds.age".publicKeys = main ++ [etna];
+  "etna/tunnelCreds.age".publicKeys = main ++ [ etna ];
-  "etna/apiRsEnv.age".publicKeys = main ++ [etna];
+  "etna/apiRsEnv.age".publicKeys = main ++ [ etna ];
-  "etna/ukubotRsEnv.age".publicKeys = main ++ [etna];
+  "etna/ukubotRsEnv.age".publicKeys = main ++ [ etna ];
-  "etna/minecraftEnv.age".publicKeys = main ++ [etna];
+  "etna/minecraftEnv.age".publicKeys = main ++ [ etna ];
-  "etna/dendriteKey.age".publicKeys = main ++ [etna];
+  "etna/dendriteKey.age".publicKeys = main ++ [ etna ];
-  "etna/nextcloudAdminPass.age".publicKeys = main ++ [etna];
+  "etna/nextcloudAdminPass.age".publicKeys = main ++ [ etna ];
-  "etna/turnstileSecret.age".publicKeys = main ++ [etna];
+  "etna/turnstileSecret.age".publicKeys = main ++ [ etna ];
-  "etna/navidromeEnv.age".publicKeys = main ++ [etna];
+  "etna/navidromeEnv.age".publicKeys = main ++ [ etna ];
-  "etna/forgejoRunnerSecret.age".publicKeys = main ++ [etna];
+  "etna/forgejoRunnerSecret.age".publicKeys = main ++ [ etna ];
-  "etna/vaultwardenEnv.age".publicKeys = main ++ [etna];
+  "etna/vaultwardenEnv.age".publicKeys = main ++ [ etna ];
-  "etna/vmauthEnv.age".publicKeys = main ++ [etna];
+  "etna/vmauthEnv.age".publicKeys = main ++ [ etna ];
-  "etna/upsdUserPass.age".publicKeys = main ++ [etna];
+  "etna/upsdUserPass.age".publicKeys = main ++ [ etna ];
 }

systems/default.nix

@@ -2,15 +2,17 @@
   lib,
   inputs,
   ...
-}: let
+}:
-  _utils = import ../global/utils.nix {inherit lib;};
+let
+  _utils = import ../global/utils.nix { inherit lib; };
 
-  toSystem = name: {
+  toSystem =
-    role,
+    name:
-    system,
-  }:
-    inputs.nixpkgs.lib.nixosSystem
     {
+      role,
+      system,
+    }:
+    inputs.nixpkgs.lib.nixosSystem {
       inherit system;
 
       modules = [
@@ -18,12 +20,15 @@
         ./${name}/hardware-configuration.nix
         ../configs/${role}.nix
 
-        {networking.hostName = name;}
+        { networking.hostName = name; }
       ];
 
-      specialArgs = inputs // {inherit _utils;};
+      specialArgs = inputs // {
+        inherit _utils;
+      };
     };
-in {
+in
+{
   flake.nixosConfigurations = lib.mapAttrs toSystem {
     fuji = {
       role = "desktop";

systems/etna/default.nix

@@ -4,15 +4,17 @@
   config,
   _utils,
   ...
-}: let
+}:
+let
   tunnelId = "57f51ad7-25a0-45f3-b113-0b6ae0b2c3e5";
 
-  secrets = _utils.setupSharedSecrets config {secrets = ["frpToken"];};
+  secrets = _utils.setupSharedSecrets config { secrets = [ "frpToken" ]; };
   cfTunnelSecret = _utils.setupSingleSecret config "tunnelCreds" {
     owner = "cloudflared";
     group = "cloudflared";
   };
-in {
+in
+{
   assertions = [
     {
       assertion = lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.6.31";
@@ -21,7 +23,7 @@ in {
   ];
 
   imports = [
-    (lib.mkAliasOptionModule ["cfTunnels"] ["services" "cloudflared" "tunnels" tunnelId "ingress"])
+    (lib.mkAliasOptionModule [ "cfTunnels" ] [ "services" "cloudflared" "tunnels" tunnelId "ingress" ])
 
     secrets.generate
     cfTunnelSecret.generate

systems/etna/dendrite.nix

@@ -2,60 +2,64 @@
   config,
   _utils,
   ...
-}: let
+}:
-  secretKey = _utils.setupSingleSecret config "dendriteKey" {};
+let
-in {
+  secretKey = _utils.setupSingleSecret config "dendriteKey" { };
-  imports = [secretKey.generate];
+in
+{
+  imports = [ secretKey.generate ];
 
   cfTunnels."m.uku.moe" = "http://localhost:80";
 
   systemd.services.dendrite = {
-    after = ["postgresql.service"];
+    after = [ "postgresql.service" ];
     serviceConfig.RestartSec = 10;
   };
 
   services = {
-    dendrite = let
+    dendrite =
-      database = {
+      let
-        connection_string = "postgres:///dendrite?host=/run/postgresql";
+        database = {
-        max_open_conns = 50;
+          connection_string = "postgres:///dendrite?host=/run/postgresql";
-        max_idle_conns = 5;
+          max_open_conns = 50;
-        conn_max_lifetime = -1;
+          max_idle_conns = 5;
-      };
+          conn_max_lifetime = -1;
-    in {
-      enable = true;
-      httpPort = 8008;
-      loadCredential = ["private_key:${secretKey.path}"];
-
-      settings = {
-        global = {
-          server_name = "m.uku.moe";
-          private_key = "$CREDENTIALS_DIRECTORY/private_key";
-          inherit database;
         };
+      in
+      {
+        enable = true;
+        httpPort = 8008;
+        loadCredential = [ "private_key:${secretKey.path}" ];
 
-        client_api = {
+        settings = {
-          registration_disabled = true;
+          global = {
-        };
+            server_name = "m.uku.moe";
+            private_key = "$CREDENTIALS_DIRECTORY/private_key";
+            inherit database;
+          };
 
-        app_service_api = {inherit database;};
+          client_api = {
-        federation_api = {inherit database;};
+            registration_disabled = true;
-        key_server = {inherit database;};
+          };
-        media_api = {inherit database;};
+
-        mscs = {inherit database;};
+          app_service_api = { inherit database; };
-        relay_api = {inherit database;};
+          federation_api = { inherit database; };
-        room_server = {inherit database;};
+          key_server = { inherit database; };
-        sync_api = {inherit database;};
+          media_api = { inherit database; };
-        user_api = {
+          mscs = { inherit database; };
-          account_database = database;
+          relay_api = { inherit database; };
-          device_database = database;
+          room_server = { inherit database; };
+          sync_api = { inherit database; };
+          user_api = {
+            account_database = database;
+            device_database = database;
+          };
         };
       };
-    };
 
     postgresql = {
       enable = true;
-      ensureDatabases = ["dendrite"];
+      ensureDatabases = [ "dendrite" ];
       ensureUsers = [
         {
           name = "dendrite";
@@ -64,28 +68,34 @@ in {
       ];
     };
 
-    nginx.virtualHosts."m.uku.moe".locations = let
+    nginx.virtualHosts."m.uku.moe".locations =
-      server = {"m.server" = "m.uku.moe:443";};
+      let
-      client = {"m.homeserver"."base_url" = "https://m.uku.moe";};
+        server = {
-    in {
+          "m.server" = "m.uku.moe:443";
-      "=/.well-known/matrix/server" = {
+        };
-        return = "200 '${builtins.toJSON server}'";
+        client = {
-      };
+          "m.homeserver"."base_url" = "https://m.uku.moe";
+        };
+      in
+      {
+        "=/.well-known/matrix/server" = {
+          return = "200 '${builtins.toJSON server}'";
+        };
 
-      "=/.well-known/matrix/client" = {
+        "=/.well-known/matrix/client" = {
-        return = "200 '${builtins.toJSON client}'";
+          return = "200 '${builtins.toJSON client}'";
-      };
+        };
 
-      "/" = {
+        "/" = {
-        proxyPass = "http://localhost:8008";
+          proxyPass = "http://localhost:8008";
-        proxyWebsockets = true;
+          proxyWebsockets = true;
-        extraConfig = ''
+          extraConfig = ''
-          proxy_set_header Host      $host;
+            proxy_set_header Host      $host;
-          proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Real-IP $remote_addr;
-          proxy_read_timeout         600;
+            proxy_read_timeout         600;
-          client_max_body_size       100M;
+            client_max_body_size       100M;
-        '';
+          '';
+        };
       };
-    };
   };
 }

systems/etna/forgejo.nix

@@ -3,16 +3,21 @@
   config,
   _utils,
   ...
-}: let
+}:
+let
   secrets = _utils.setupSecrets config {
-    secrets = ["turnstileSecret" "forgejoRunnerSecret"];
+    secrets = [
+      "turnstileSecret"
+      "forgejoRunnerSecret"
+    ];
     extra = {
       owner = "forgejo";
       group = "forgejo";
     };
   };
-in {
+in
-  imports = [secrets.generate];
+{
+  imports = [ secrets.generate ];
 
   cfTunnels."git.uku3lig.net" = "http://localhost:3000";
 

systems/etna/hardware-configuration.nix

@@ -7,15 +7,22 @@
   pkgs,
   modulesPath,
   ...
-}: {
+}:
+{
   imports = [
     (modulesPath + "/installer/scan/not-detected.nix")
   ];
 
-  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
+  boot.initrd.availableKernelModules = [
-  boot.initrd.kernelModules = [];
+    "xhci_pci"
-  boot.kernelModules = ["kvm-intel"];
+    "ahci"
-  boot.extraModulePackages = [];
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
 
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/e136f8ad-b8d5-4706-ad24-725926fd50ec";
@@ -25,7 +32,10 @@
   fileSystems."/boot" = {
     device = "/dev/disk/by-uuid/FBB1-A79D";
     fsType = "vfat";
-    options = ["fmask=0022" "dmask=0022"];
+    options = [
+      "fmask=0022"
+      "dmask=0022"
+    ];
   };
 
   fileSystems."/data" = {
@@ -34,7 +44,7 @@
   };
 
   swapDevices = [
-    {device = "/dev/disk/by-uuid/4982538e-5402-44c0-86c6-bf086c856615";}
+    { device = "/dev/disk/by-uuid/4982538e-5402-44c0-86c6-bf086c856615"; }
   ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

systems/etna/immich.nix

@@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
   services.immich = {
     enable = true;
 

systems/etna/metrics.nix

@@ -3,11 +3,13 @@
   mystia,
   _utils,
   ...
-}: let
+}:
+let
   vmcfg = config.services.victoriametrics;
-  secrets = _utils.setupSharedSecrets config {secrets = ["vmAuthToken"];};
+  secrets = _utils.setupSharedSecrets config { secrets = [ "vmAuthToken" ]; };
-  vmauthEnv = _utils.setupSingleSecret config "vmauthEnv" {};
+  vmauthEnv = _utils.setupSingleSecret config "vmauthEnv" { };
-in {
+in
+{
   imports = [
     mystia.nixosModules.vmauth
     secrets.generate
@@ -47,12 +49,12 @@ in {
       scrape_configs = [
         {
           job_name = "victoriametrics";
-          static_configs = [{targets = ["${builtins.toString vmcfg.listenAddress}"];}];
+          static_configs = [ { targets = [ "${builtins.toString vmcfg.listenAddress}" ]; } ];
         }
 
         {
           job_name = "api-rs";
-          static_configs = [{targets = ["localhost:5001"];}];
+          static_configs = [ { targets = [ "localhost:5001" ]; } ];
         }
       ];
     };

systems/etna/minecraft.nix

@@ -4,17 +4,18 @@
   config,
   _utils,
   ...
-}: let
+}:
+let
   inherit (config.virtualisation.oci-containers) backend;
 
-  secret = _utils.setupSingleSecret config "minecraftEnv" {};
+  secret = _utils.setupSingleSecret config "minecraftEnv" { };
 
   lynn = _utils.mkMinecraftServer config {
     name = "lynn";
     port = 25567;
     remotePort = 6002;
     memory = "4G";
-    envFiles = [secret.path];
+    envFiles = [ secret.path ];
     env = {
       USE_AIKAR_FLAGS = "true";
       TYPE = "MODRINTH";
@@ -27,7 +28,7 @@
     port = 25565;
     remotePort = 6005;
     memory = "4G";
-    envFiles = [secret.path];
+    envFiles = [ secret.path ];
     env = {
       USE_AIKAR_FLAGS = "true";
       TYPE = "MODRINTH";
@@ -40,7 +41,7 @@
     port = 25566;
     remotePort = 6006;
     memory = "4G";
-    envFiles = [secret.path];
+    envFiles = [ secret.path ];
     env = {
       USE_AIKAR_FLAGS = "true";
       TYPE = "MODRINTH";
@@ -48,7 +49,8 @@
       MODRINTH_PROJECTS = "spark, no-chat-reports";
     };
   };
-in {
+in
+{
   imports = [
     secret.generate
 
@@ -58,7 +60,7 @@ in {
   ];
 
   systemd.services.restart-minecraft-servers = {
-    wantedBy = ["multi-user.target"];
+    wantedBy = [ "multi-user.target" ];
     startAt = "*-*-* 05:00:00";
     restartIfChanged = false;
 

systems/etna/navidrome.nix

@@ -2,15 +2,17 @@
   config,
   _utils,
   ...
-}: let
+}:
+let
   cfg = config.services.navidrome;
 
   env = _utils.setupSingleSecret config "navidromeEnv" {
     inherit (cfg) group;
     owner = cfg.user;
   };
-in {
+in
-  imports = [env.generate];
+{
+  imports = [ env.generate ];
 
   cfTunnels."navidrome.uku3lig.net" = "http://localhost:4533";
 

systems/etna/nextcloud.nix

@@ -3,13 +3,15 @@
   config,
   _utils,
   ...
-}: let
+}:
+let
   adminPass = _utils.setupSingleSecret config "nextcloudAdminPass" {
     owner = config.users.users.nextcloud.name;
     group = config.users.users.nextcloud.name;
   };
-in {
+in
-  imports = [adminPass.generate];
+{
+  imports = [ adminPass.generate ];
 
   # nextcloud generates nginx config
   cfTunnels."cloud.uku3lig.net" = "http://localhost:80";

systems/etna/reposilite.nix

@@ -1,5 +1,6 @@
-{camasca, ...}: {
+{ camasca, ... }:
-  imports = [camasca.nixosModules.reposilite];
+{
+  imports = [ camasca.nixosModules.reposilite ];
 
   cfTunnels."maven.uku3lig.net" = "http://localhost:8080";
 

systems/etna/satisfactory.nix

@@ -1,10 +1,15 @@
-{config, ...}: let
+{ config, ... }:
+let
   inherit (config.virtualisation.oci-containers) backend;
-in {
+in
+{
   virtualisation.oci-containers.containers.satisfactory = {
     image = "wolveix/satisfactory-server:v1.8.5";
-    ports = ["7777:7777/udp" "7777:7777/tcp"];
+    ports = [
-    volumes = ["/var/lib/satisfactory-server:/config"];
+      "7777:7777/udp"
+      "7777:7777/tcp"
+    ];
+    volumes = [ "/var/lib/satisfactory-server:/config" ];
     environment = {
       MAXPLAYERS = "4";
       PGID = "1000";
@@ -20,7 +25,7 @@ in {
   };
 
   networking.firewall = {
-    allowedTCPPorts = [7777];
+    allowedTCPPorts = [ 7777 ];
-    allowedUDPPorts = [7777];
+    allowedUDPPorts = [ 7777 ];
   };
 }

systems/etna/shlink.nix

@@ -3,8 +3,8 @@
 
   virtualisation.oci-containers.containers.shlink = {
     image = "shlinkio/shlink:stable";
-    ports = ["8081:8080"];
+    ports = [ "8081:8080" ];
-    volumes = ["/data/shlink/database.sqlite:/etc/shlink/data/database.sqlite"];
+    volumes = [ "/data/shlink/database.sqlite:/etc/shlink/data/database.sqlite" ];
     environment = {
       DEFAULT_DOMAIN = "uku.moe";
       IS_HTTPS_ENABLED = "true";

systems/etna/uku.nix

@@ -4,11 +4,16 @@
   api-rs,
   ukubot-rs,
   ...
-}: let
+}:
+let
   secrets = _utils.setupSecrets config {
-    secrets = ["apiRsEnv" "ukubotRsEnv"];
+    secrets = [
+      "apiRsEnv"
+      "ukubotRsEnv"
+    ];
   };
-in {
+in
+{
   imports = [
     api-rs.nixosModules.default
     ukubot-rs.nixosModules.default

systems/etna/ups.nix

@@ -2,10 +2,12 @@
   _utils,
   config,
   ...
-}: let
+}:
-  upsdPass = _utils.setupSingleSecret config "upsdUserPass" {};
+let
-in {
+  upsdPass = _utils.setupSingleSecret config "upsdUserPass" { };
-  imports = [upsdPass.generate];
+in
+{
+  imports = [ upsdPass.generate ];
 
   power.ups = {
     enable = true;
@@ -20,8 +22,11 @@ in {
 
     users.admin = {
       passwordFile = upsdPass.path;
-      instcmds = ["ALL"];
+      instcmds = [ "ALL" ];
-      actions = ["SET" "FSD"];
+      actions = [
+        "SET"
+        "FSD"
+      ];
     };
 
     ups.eaton-3s-850 = {
@@ -57,10 +62,10 @@ in {
       {
         job_name = "nut";
         metrics_path = "/ups_metrics";
-        params.ups = ["eaton-3s-850"];
+        params.ups = [ "eaton-3s-850" ];
         static_configs = [
           {
-            targets = ["localhost:${builtins.toString config.services.prometheus.exporters.nut.port}"];
+            targets = [ "localhost:${builtins.toString config.services.prometheus.exporters.nut.port}" ];
             labels.ups = "eaton-3s-850";
           }
         ];

systems/etna/vaultwarden.nix

@@ -2,10 +2,12 @@
   config,
   _utils,
   ...
-}: let
+}:
-  envFile = _utils.setupSingleSecret config "vaultwardenEnv" {};
+let
-in {
+  envFile = _utils.setupSingleSecret config "vaultwardenEnv" { };
-  imports = [envFile.generate];
+in
+{
+  imports = [ envFile.generate ];
 
   cfTunnels."bw.uku3lig.net" = "http://localhost:8222";
 

systems/fuji-wsl/default.nix

@@ -3,12 +3,13 @@
   pkgs,
   nixos-wsl,
   ...
-}: {
+}:
+{
   imports = [
     nixos-wsl.nixosModules.default
   ];
 
-  environment.sessionVariables.LD_LIBRARY_PATH = ["/run/opengl-driver/lib"];
+  environment.sessionVariables.LD_LIBRARY_PATH = [ "/run/opengl-driver/lib" ];
 
   wsl = {
     enable = true;

systems/fuji/default.nix

@@ -1,10 +1,11 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   imports = [
     ./nvidia.nix
     ../../programs/games.nix
   ];
 
-  services.xserver.videoDrivers = ["amdgpu"];
+  services.xserver.videoDrivers = [ "amdgpu" ];
 
   hm = {
     home.packages = with pkgs; [

systems/fuji/hardware-configuration.nix

@@ -7,20 +7,27 @@
   pkgs,
   modulesPath,
   ...
-}: {
+}:
+{
   imports = [
     (modulesPath + "/installer/scan/not-detected.nix")
   ];
 
-  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod"];
+  boot.initrd.availableKernelModules = [
-  boot.initrd.kernelModules = [];
+    "xhci_pci"
-  boot.kernelModules = ["kvm-intel"];
+    "ahci"
-  boot.extraModulePackages = [];
+    "nvme"
+    "usbhid"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
 
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/660ff32b-308f-411a-815e-959706ec1bcb";
     fsType = "btrfs";
-    options = ["subvol=@"];
+    options = [ "subvol=@" ];
   };
 
   fileSystems."/boot" = {
@@ -39,7 +46,7 @@
   };
 
   swapDevices = [
-    {device = "/dev/disk/by-uuid/6ee8ec3d-3b26-4d6d-b43d-174f908fd8fe";}
+    { device = "/dev/disk/by-uuid/6ee8ec3d-3b26-4d6d-b43d-174f908fd8fe"; }
   ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

systems/fuji/nvidia.nix

@@ -2,8 +2,9 @@
   lib,
   pkgs,
   ...
-}: {
+}:
-  services.xserver.videoDrivers = lib.mkForce ["nvidia"];
+{
+  services.xserver.videoDrivers = lib.mkForce [ "nvidia" ];
 
   boot.kernelParams = [
     "nvidia.NVreg_EnableGpuFirmware=0"
@@ -16,7 +17,7 @@
   };
 
   hardware = {
-    graphics.extraPackages = [pkgs.vaapiVdpau];
+    graphics.extraPackages = [ pkgs.vaapiVdpau ];
     nvidia = {
       # package = config.boot.kernelPackages.nvidiaPackages.production;
       open = true;

systems/kilimandjaro/default.nix

@@ -1,10 +1,11 @@
-{camasca, ...}: {
+{ camasca, ... }:
+{
   imports = [
     camasca.nixosModules.asus-numpad
     ../../programs/games.nix
   ];
 
-  hm.imports = [../../programs/dotnet.nix];
+  hm.imports = [ ../../programs/dotnet.nix ];
 
   services.asus-numpad = {
     enable = true;

systems/kilimandjaro/hardware-configuration.nix

@@ -7,15 +7,24 @@
   pkgs,
   modulesPath,
   ...
-}: {
+}:
+{
   imports = [
     (modulesPath + "/installer/scan/not-detected.nix")
   ];
 
-  boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" "sd_mod" "rtsx_usb_sdmmc"];
+  boot.initrd.availableKernelModules = [
-  boot.initrd.kernelModules = [];
+    "xhci_pci"
-  boot.kernelModules = ["kvm-intel"];
+    "thunderbolt"
-  boot.extraModulePackages = [];
+    "vmd"
+    "nvme"
+    "usb_storage"
+    "sd_mod"
+    "rtsx_usb_sdmmc"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
 
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/e082a535-4b7c-4b24-af1c-0373eefd3c05";
@@ -33,7 +42,7 @@
   };
 
   swapDevices = [
-    {device = "/dev/disk/by-uuid/2a5ce834-4a58-45ab-955f-5b620d503f7b";}
+    { device = "/dev/disk/by-uuid/2a5ce834-4a58-45ab-955f-5b620d503f7b"; }
   ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

systems/mottarone/default.nix

@@ -3,9 +3,11 @@
   pkgs,
   camasca,
   ...
-}: let
+}:
+let
   inherit (pkgs.stdenv.hostPlatform) system;
-in {
+in
+{
   environment.systemPackages = with pkgs; [
     gtkterm
     remmina

systems/mottarone/hardware-configuration.nix

@@ -7,15 +7,23 @@
   pkgs,
   modulesPath,
   ...
-}: {
+}:
+{
   imports = [
     (modulesPath + "/installer/scan/not-detected.nix")
   ];
 
-  boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usbhid" "usb_storage" "sd_mod"];
+  boot.initrd.availableKernelModules = [
-  boot.initrd.kernelModules = [];
+    "xhci_pci"
-  boot.kernelModules = ["kvm-intel"];
+    "thunderbolt"
-  boot.extraModulePackages = [];
+    "nvme"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
 
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/e36f709d-a4ea-4310-8c0d-8752afacba3c";
@@ -25,11 +33,14 @@
   fileSystems."/boot" = {
     device = "/dev/disk/by-uuid/D4AA-EE25";
     fsType = "vfat";
-    options = ["fmask=0022" "dmask=0022"];
+    options = [
+      "fmask=0022"
+      "dmask=0022"
+    ];
   };
 
   swapDevices = [
-    {device = "/dev/disk/by-uuid/316ddc44-0359-40ac-9dce-2d78817fbb29";}
+    { device = "/dev/disk/by-uuid/316ddc44-0359-40ac-9dce-2d78817fbb29"; }
   ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

systems/vesuvio/default.nix

@@ -3,17 +3,22 @@
   config,
   _utils,
   ...
-}: let
+}:
-  secrets = _utils.setupSharedSecrets config {secrets = ["frpToken"];};
+let
-in {
+  secrets = _utils.setupSharedSecrets config { secrets = [ "frpToken" ]; };
-  imports = [secrets.generate];
+in
+{
+  imports = [ secrets.generate ];
 
   zramSwap.enable = true;
 
-  environment.systemPackages = with pkgs; [dig traceroute];
+  environment.systemPackages = with pkgs; [
+    dig
+    traceroute
+  ];
 
   services = {
-    openssh.ports = [4269];
+    openssh.ports = [ 4269 ];
 
     # Needed by the Hetzner Cloud password reset feature.
     qemuGuest.enable = true;
@@ -40,11 +45,11 @@ in {
     frp.serviceConfig.EnvironmentFile = secrets.get "frpToken";
 
     # https://discourse.nixos.org/t/qemu-guest-agent-on-hetzner-cloud-doesnt-work/8864/2
-    qemu-guest-agent.path = [pkgs.shadow];
+    qemu-guest-agent.path = [ pkgs.shadow ];
   };
 
   networking.firewall = {
-    allowedTCPPorts = [22]; # forgejo-ssh
+    allowedTCPPorts = [ 22 ]; # forgejo-ssh
     allowedTCPPortRanges = [
       {
         from = 6000;

systems/vesuvio/hardware-configuration.nix

@@ -1,5 +1,6 @@
-{modulesPath, ...}: {
+{ modulesPath, ... }:
-  imports = ["${modulesPath}/profiles/qemu-guest.nix"];
+{
+  imports = [ "${modulesPath}/profiles/qemu-guest.nix" ];
 
   boot = {
     # arm so we can use systemd-boot
@@ -11,11 +12,18 @@
     # set console because the console defaults to serial and
     # initialize the display early to get a complete log.
     # this is required for typing in LUKS passwords on boot too.
-    kernelParams = ["console=tty"];
+    kernelParams = [ "console=tty" ];
 
     initrd = {
-      availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];
+      availableKernelModules = [
-      kernelModules = ["nvme" "virtio_gpu"];
+        "ata_piix"
+        "uhci_hcd"
+        "xen_blkfront"
+      ];
+      kernelModules = [
+        "nvme"
+        "virtio_gpu"
+      ];
     };
   };