nixpkgs-fmt everything

2023-04-04 23:30:28 -06:00 · 2023-04-04 23:30:28 -06:00 · f68a4f4431
commit f68a4f4431
parent 3c683e7b9e
67 changed files with 400 additions and 320 deletions
--- a/common/auto-update.nix
+++ b/common/auto-update.nix
@ -4,7 +4,8 @@
 let
  cfg = config.system.autoUpgrade;
-in {
+in
 {
  config = lib.mkIf cfg.enable {
    system.autoUpgrade = {
      flake = "git+https://git.neet.dev/zuckerberg/nix-config.git";
--- a/common/boot/bios.nix
+++ b/common/boot/bios.nix
@ -3,7 +3,8 @@
 with lib;
 let
  cfg = config.bios;
-in {
+in
 {
  options.bios = {
    enable = mkEnableOption "enable bios boot";
    device = mkOption {
--- a/common/boot/efi.nix
+++ b/common/boot/efi.nix
@ -3,7 +3,8 @@
 with lib;
 let
  cfg = config.efi;
-in {
+in
 {
  options.efi = {
    enable = mkEnableOption "enable efi boot";
  };
@ -19,7 +20,7 @@ in {
        version = 2;
        efiSupport = true;
        useOSProber = true;
-#       memtest86.enable = true;
+        #       memtest86.enable = true;
        configurationLimit = 20;
        theme = pkgs.nixos-grub2-theme;
      };
--- a/common/boot/firmware.nix
+++ b/common/boot/firmware.nix
@ -3,7 +3,8 @@
 with lib;
 let
  cfg = config.firmware;
-in {
+in
 {
  options.firmware.x86_64 = {
    enable = mkEnableOption "enable x86_64 firmware";
  };
--- a/common/boot/remote-luks-unlock.nix
+++ b/common/boot/remote-luks-unlock.nix
@ -2,7 +2,8 @@
 let
  cfg = config.remoteLuksUnlock;
-in {
+in
 {
  options.remoteLuksUnlock = {
    enable = lib.mkEnableOption "enable luks root remote decrypt over ssh/tor";
    enableTorUnlock = lib.mkOption {
@ -61,18 +62,22 @@ in {
      copy_bin_and_libs ${pkgs.haveged}/bin/haveged
    '';
    boot.initrd.network.postCommands = lib.mkMerge [
-      (''
+      (
        ''
          # Add nice prompt for giving LUKS passphrase over ssh
          echo 'read -s -p "Unlock Passphrase: " passphrase && echo $passphrase > /crypt-ramfs/passphrase && exit' >> /root/.profile
-      '')
+        ''
      )
-      (let torRc = (pkgs.writeText "tor.rc" ''
+      (
        let torRc = (pkgs.writeText "tor.rc" ''
          DataDirectory /etc/tor
          SOCKSPort 127.0.0.1:9050 IsolateDestAddr
          SOCKSPort 127.0.0.1:9063
          HiddenServiceDir /etc/tor/onion/bootup
          HiddenServicePort 22 127.0.0.1:22
-      ''); in lib.mkIf cfg.enableTorUnlock ''
+        ''); in
        lib.mkIf cfg.enableTorUnlock ''
          echo "tor: preparing onion folder"
          # have to do this otherwise tor does not want to start
          chmod -R 700 /etc/tor
@ -87,7 +92,8 @@ in {
          echo "tor: starting tor"
          tor -f ${torRc} --verify-config
          tor -f ${torRc} &
-      '')
+        ''
      )
    ];
  };
 }
--- a/common/default.nix
+++ b/common/default.nix
@ -40,7 +40,8 @@ in
    wget
    kakoune
    htop
-    git git-lfs
+    git
    git-lfs
    dnsutils
    tmux
    nethogs
--- a/common/flakes.nix
+++ b/common/flakes.nix
@ -2,7 +2,8 @@
 with lib;
 let
  cfg = config.nix.flakes;
-in {
+in
 {
  options.nix.flakes = {
    enable = mkEnableOption "use nix flakes";
  };
--- a/common/network/hosts.nix
+++ b/common/network/hosts.nix
@ -22,7 +22,8 @@ let
    ponyo = "cfamr6artx75qvt7ho3rrbsc7mkucmv5aawebwflsfuorusayacffryd.onion";
    s0 = "r3zvf7f2ppaeithzswigma46pajt3hqytmkg3rshgknbl3jbni455fqd.onion";
  };
-in {
+in
 {
  programs.ssh.knownHosts = {
    ponyo = {
      hostNames = [ "ponyo" "ponyo.neet.dev" "git.neet.dev" ];
@ -56,7 +57,7 @@ in {
  # prebuilt cmds for easy ssh LUKS unlock
  environment.shellAliases =
-    concatMapAttrs (host: addr: {"unlock-over-tor_${host}" = "torsocks ssh root@${addr}";}) unlock-onion-hosts
+    concatMapAttrs (host: addr: { "unlock-over-tor_${host}" = "torsocks ssh root@${addr}"; }) unlock-onion-hosts
    //
-    concatMapAttrs (host: addr: {"unlock_${host}" = "ssh root@${addr}";}) unlock-clearnet-hosts;
+    concatMapAttrs (host: addr: { "unlock_${host}" = "ssh root@${addr}"; }) unlock-clearnet-hosts;
 }
--- a/common/network/pia-wireguard.nix
+++ b/common/network/pia-wireguard.nix
@ -72,7 +72,8 @@ let
  portForwarding = cfg.forwardPortForTransmission || cfg.forwardedPort != null;
  containerServiceName = "container@${config.vpn-container.containerName}.service";
-in {
+in
 {
  options.pia.wireguard = {
    enable = mkEnableOption "Enable private internet access";
    badPortForwardPorts = mkOption {
@ -157,7 +158,7 @@ in {
        # restart once a month; PIA forwarded port expires after two months
        # because the container is "PartOf" this unit, it gets restarted too
-        RuntimeMaxSec="30d";
+        RuntimeMaxSec = "30d";
      };
      script = ''
--- a/common/network/ping.nix
+++ b/common/network/ping.nix
@ -18,7 +18,7 @@ let
        requires = [ "network-online.target" ];
        after = [ "network.target" "network-online.target" ];
        wantedBy = [ "multi-user.target" ];
-      serviceConfig.Restart="always";
+        serviceConfig.Restart = "always";
        path = with pkgs; [ iputils ];
@ -28,17 +28,18 @@ let
      };
    };
-  combineAttrs = foldl recursiveUpdate {};
+  combineAttrs = foldl recursiveUpdate { };
  serviceList = map serviceTemplate cfg.hosts;
  services = combineAttrs serviceList;
-in {
+in
 {
  options.keepalive-ping = {
    enable = mkEnableOption "Enable keep alive ping task";
    hosts = mkOption {
      type = types.listOf types.str;
-      default = [];
+      default = [ ];
      description = ''
        Hosts to ping periodically
      '';
--- a/common/network/vpn.nix
+++ b/common/network/vpn.nix
@ -30,7 +30,7 @@ in
    config = mkOption {
      type = types.anything;
-      default = {};
+      default = { };
      example = ''
        {
          services.nginx.enable = true;
@ -70,7 +70,7 @@ in
      localAddress = "172.16.100.2";
      config = {
-        imports = allModules ++ [cfg.config];
+        imports = allModules ++ [ cfg.config ];
        # speeds up evaluation
        nixpkgs.pkgs = pkgs;
--- a/common/pc/audio.nix
+++ b/common/pc/audio.nix
@ -2,7 +2,8 @@
 let
  cfg = config.de;
-in {
+in
 {
  config = lib.mkIf cfg.enable {
    # enable pulseaudio support for packages
    nixpkgs.config.pulseaudio = true;
--- a/common/pc/chromium.nix
+++ b/common/pc/chromium.nix
@ -49,7 +49,8 @@ let
    ];
  };
-in {
+in
 {
  config = lib.mkIf cfg.enable {
    # chromium with specific extensions + settings
    programs.chromium = {
--- a/common/pc/default.nix
+++ b/common/pc/default.nix
@ -2,15 +2,16 @@
 let
  cfg = config.de;
-in {
+in
 {
  imports = [
    ./kde.nix
    ./xfce.nix
    ./yubikey.nix
    ./chromium.nix
-#    ./firefox.nix
+    #    ./firefox.nix
    ./audio.nix
-#    ./torbrowser.nix
+    #    ./torbrowser.nix
    ./pithos.nix
    ./spotify.nix
    ./vscodium.nix
@ -52,6 +53,10 @@ in {
      jellyfin-media-player
      joplin-desktop
      config.inputs.deploy-rs.packages.${config.currentSystem}.deploy-rs
      # For Nix IDE
      nixpkgs-fmt
      rnix-lsp
    ];
    # Networking
--- a/common/pc/discord.nix
+++ b/common/pc/discord.nix
@ -2,7 +2,8 @@
 let
  cfg = config.de;
-in {
+in
 {
  config = lib.mkIf cfg.enable {
    users.users.googlebot.packages = [
      pkgs.discord
--- a/common/pc/kde.nix
+++ b/common/pc/kde.nix
@ -2,7 +2,8 @@
 let
  cfg = config.de;
-in {
+in
 {
  config = lib.mkIf cfg.enable {
    # kde plasma
    services.xserver = {
--- a/common/pc/mount-samba.nix
+++ b/common/pc/mount-samba.nix
@ -14,7 +14,8 @@ let
  version_opts = "vers=3.1.1";
  opts = "${systemd_opts},${network_opts},${user_opts},${version_opts},${auth_opts}";
-in {
+in
 {
  options.services.mount-samba = {
    enable = lib.mkEnableOption "enable mounting samba shares";
  };
--- a/common/pc/pithos.nix
+++ b/common/pc/pithos.nix
@ -2,7 +2,8 @@
 let
  cfg = config.de;
-in {
+in
 {
  config = lib.mkIf cfg.enable {
    nixpkgs.overlays = [
      (self: super: {
--- a/common/pc/spotify.nix
+++ b/common/pc/spotify.nix
@ -4,7 +4,7 @@ with lib;
 let
  cfg = config.services.spotifyd;
-  toml = pkgs.formats.toml {};
+  toml = pkgs.formats.toml { };
  spotifydConf = toml.generate "spotify.conf" cfg.settings;
 in
 {
@ -17,7 +17,7 @@ in
      enable = mkEnableOption "spotifyd, a Spotify playing daemon";
      settings = mkOption {
-        default = {};
+        default = { };
        type = toml.type;
        example = { global.bitrate = 320; };
        description = ''
@ -28,7 +28,7 @@ in
      users = mkOption {
        type = with types; listOf str;
-        default = [];
+        default = [ ];
        description = ''
          Usernames to be added to the "spotifyd" group, so that they
          can start and interact with the userspace daemon.
--- a/common/pc/steam.nix
+++ b/common/pc/steam.nix
@ -2,7 +2,8 @@
 let
  cfg = config.de;
-in {
+in
 {
  config = lib.mkIf cfg.enable {
    programs.steam.enable = true;
    hardware.steam-hardware.enable = true; # steam controller
--- a/common/pc/torbrowser.nix
+++ b/common/pc/torbrowser.nix
@ -2,7 +2,8 @@
 let
  cfg = config.de;
-in {
+in
 {
  config = lib.mkIf cfg.enable {
    nixpkgs.overlays = [
      (self: super: {
--- a/common/pc/touchpad.nix
+++ b/common/pc/touchpad.nix
@ -2,7 +2,8 @@
 let
  cfg = config.de.touchpad;
-in {
+in
 {
  options.de.touchpad = {
    enable = lib.mkEnableOption "enable touchpad";
  };
--- a/common/pc/vscodium.nix
+++ b/common/pc/vscodium.nix
@ -4,8 +4,8 @@ let
  cfg = config.de;
  extensions = with pkgs.vscode-extensions; [
-#    bbenoist.Nix # nix syntax support
+    #    bbenoist.Nix # nix syntax support
-#    arrterian.nix-env-selector  # nix dev envs
+    #    arrterian.nix-env-selector  # nix dev envs
  ];
  vscodium-with-extensions = pkgs.vscode-with-extensions.override {
--- a/common/pc/xfce.nix
+++ b/common/pc/xfce.nix
@ -2,7 +2,8 @@
 let
  cfg = config.de;
-in {
+in
 {
  config = lib.mkIf cfg.enable {
    services.xserver = {
      enable = true;
--- a/common/pc/yubikey.nix
+++ b/common/pc/yubikey.nix
@ -2,7 +2,8 @@
 let
  cfg = config.de;
-in {
+in
 {
  config = lib.mkIf cfg.enable {
    # yubikey
    services.pcscd.enable = true;
--- a/common/server/ceph.nix
+++ b/common/server/ceph.nix
@ -3,9 +3,9 @@
 with lib;
 let
  cfg = config.ceph;
-in {
+in
-  options.ceph = {
+{
-  };
+  options.ceph = { };
  config = mkIf cfg.enable {
    # ceph.enable = true;
--- a/common/server/gitea.nix
+++ b/common/server/gitea.nix
@ -2,7 +2,8 @@
 let
  cfg = config.services.gitea;
-in {
+in
 {
  options.services.gitea = {
    hostname = lib.mkOption {
      type = lib.types.str;
--- a/common/server/hydra.nix
+++ b/common/server/hydra.nix
@ -20,6 +20,6 @@ in
    hydraURL = "https://${domain}";
    useSubstitutes = true;
    notificationSender = notifyEmail;
-    buildMachinesFiles = [];
+    buildMachinesFiles = [ ];
  };
 }
--- a/common/server/icecast.nix
+++ b/common/server/icecast.nix
@ -7,7 +7,8 @@
 let
  cfg = config.services.icecast;
-in {
+in
 {
  options.services.icecast = {
    mount = lib.mkOption {
      type = lib.types.str;
--- a/common/server/iodine.nix
+++ b/common/server/iodine.nix
@ -2,7 +2,8 @@
 let
  cfg = config.services.iodine.server;
-in {
+in
 {
  config = lib.mkIf cfg.enable {
    # iodine DNS-based vpn
    services.iodine.server = {
--- a/common/server/mailserver.nix
+++ b/common/server/mailserver.nix
@ -15,7 +15,8 @@ let
    "bsd.ninja"
    "bsd.rocks"
  ];
-in {
+in
 {
  config = lib.mkIf cfg.enable {
    # kresd doesn't work with tailscale MagicDNS
    mailserver.localDnsResolver = false;
@ -60,9 +61,11 @@ in {
      sender_dependent_relayhost_maps = "hash:/var/lib/postfix/conf/sender_relay";
      smtp_sender_dependent_authentication = "yes";
    };
-    services.postfix.mapFiles.sender_relay = let
+    services.postfix.mapFiles.sender_relay =
      let
        relayHost = "[smtp.mailgun.org]:587";
-    in pkgs.writeText "sender_relay"
+      in
      pkgs.writeText "sender_relay"
        (concatStringsSep "\n" (map (domain: "@${domain} ${relayHost}") domains));
    services.postfix.mapFiles.sasl_relay_passwd = "/run/agenix/sasl_relay_passwd";
    age.secrets.sasl_relay_passwd.file = ../../secrets/sasl_relay_passwd.age;
--- a/common/server/matrix.nix
+++ b/common/server/matrix.nix
@ -3,7 +3,8 @@
 let
  cfg = config.services.matrix;
  certs = config.security.acme.certs;
-in {
+in
 {
  options.services.matrix = {
    enable = lib.mkEnableOption "enable matrix";
    element-web = {
@ -62,15 +63,15 @@ in {
      settings = {
        server_name = cfg.host;
        enable_registration = cfg.enable_registration;
-        listeners = [ {
+        listeners = [{
-          bind_addresses = ["127.0.0.1"];
+          bind_addresses = [ "127.0.0.1" ];
          port = cfg.port;
          tls = false;
-          resources = [ {
+          resources = [{
            compress = true;
            names = [ "client" "federation" ];
-          } ];
+          }];
-        } ];
+        }];
        turn_uris = [
          "turn:${cfg.turn.host}:${toString cfg.turn.port}?transport=udp"
          "turn:${cfg.turn.host}:${toString cfg.turn.port}?transport=tcp"
@ -137,7 +138,8 @@ in {
        ];
        locations."/".proxyPass = "http://localhost:${toString cfg.port}";
      };
-      virtualHosts.${cfg.turn.host} =  { # get TLS cert for TURN server
+      virtualHosts.${cfg.turn.host} = {
        # get TLS cert for TURN server
        enableACME = true;
        forceSSL = true;
      };
--- a/common/server/mumble.nix
+++ b/common/server/mumble.nix
@ -3,7 +3,8 @@
 let
  cfg = config.services.murmur;
  certs = config.security.acme.certs;
-in {
+in
 {
  options.services.murmur.domain = lib.mkOption {
    type = lib.types.str;
  };
--- a/common/server/nextcloud.nix
+++ b/common/server/nextcloud.nix
@ -3,7 +3,8 @@
 let
  cfg = config.services.nextcloud;
-in {
+in
 {
  config = lib.mkIf cfg.enable {
    services.nextcloud = {
      https = true;
--- a/common/server/nginx-stream.nix
+++ b/common/server/nginx-stream.nix
@ -5,7 +5,8 @@ let
  nginxWithRTMP = pkgs.nginx.override {
    modules = [ pkgs.nginxModules.rtmp ];
  };
-in {
+in
 {
  options.services.nginx.stream = {
    enable = lib.mkEnableOption "enable nginx rtmp/hls/dash video streaming";
    port = lib.mkOption {
--- a/common/server/nginx.nix
+++ b/common/server/nginx.nix
@ -2,7 +2,8 @@
 let
  cfg = config.services.nginx;
-in {
+in
 {
  config = lib.mkIf cfg.enable {
    services.nginx = {
      recommendedGzipSettings = true;
--- a/common/server/owncast.nix
+++ b/common/server/owncast.nix
@ -4,7 +4,8 @@ with lib;
 let
  cfg = config.services.owncast;
-in {
+in
 {
  options.services.owncast = {
    hostname = lib.mkOption {
      type = types.str;
--- a/common/server/privatebin/privatebin.nix
+++ b/common/server/privatebin/privatebin.nix
@ -14,7 +14,8 @@ let
      cp -ar $src $out
    '';
  };
-in {
+in
 {
  options.services.privatebin = {
    enable = lib.mkEnableOption "enable privatebin";
    host = lib.mkOption {
@ -30,7 +31,7 @@ in {
      group = "privatebin";
      isSystemUser = true;
    };
-    users.groups.privatebin = {};
+    users.groups.privatebin = { };
    services.nginx.enable = true;
    services.nginx.virtualHosts.${cfg.host} = {
--- a/common/server/radio.nix
+++ b/common/server/radio.nix
@ -3,7 +3,8 @@
 let
  cfg = config.services.radio;
  radioPackage = config.inputs.radio.packages.${config.currentSystem}.radio;
-in {
+in
 {
  options.services.radio = {
    enable = lib.mkEnableOption "enable radio";
    user = lib.mkOption {
@ -56,11 +57,11 @@ in {
      home = cfg.dataDir;
      createHome = true;
    };
-    users.groups.${cfg.group} = {};
+    users.groups.${cfg.group} = { };
    systemd.services.radio = {
      enable = true;
-      after = ["network.target"];
+      after = [ "network.target" ];
-      wantedBy = ["multi-user.target"];
+      wantedBy = [ "multi-user.target" ];
      serviceConfig.ExecStart = "${radioPackage}/bin/radio ${config.services.icecast.listen.address}:${toString config.services.icecast.listen.port} ${config.services.icecast.mount} 5500";
      serviceConfig.User = cfg.user;
      serviceConfig.Group = cfg.group;
--- a/common/server/samba.nix
+++ b/common/server/samba.nix
@ -110,6 +110,6 @@
    # samba user for share
    users.users.cris.isSystemUser = true;
    users.users.cris.group = "cris";
-    users.groups.cris = {};
+    users.groups.cris = { };
  };
 }
--- a/common/server/searx.nix
+++ b/common/server/searx.nix
@ -2,19 +2,20 @@
 let
  cfg = config.services.searx;
-in {
+in
 {
  config = lib.mkIf cfg.enable {
    services.searx = {
      environmentFile = "/run/agenix/searx";
      settings = {
        server.port = 43254;
        server.secret_key = "@SEARX_SECRET_KEY@";
-        engines = [ {
+        engines = [{
          name = "wolframalpha";
          shortcut = "wa";
          api_key = "@WOLFRAM_API_KEY@";
          engine = "wolframalpha_api";
-        } ];
+        }];
      };
    };
    services.nginx.virtualHosts."search.neet.space" = {
--- a/common/server/thelounge.nix
+++ b/common/server/thelounge.nix
@ -2,7 +2,8 @@
 let
  cfg = config.services.thelounge;
-in {
+in
 {
  options.services.thelounge = {
    fileUploadBaseUrl = lib.mkOption {
      type = lib.types.str;
--- a/common/server/video-stream.nix
+++ b/common/server/video-stream.nix
@ -15,14 +15,14 @@ let
 in
 {
  networking.firewall.allowedUDPPorts = [ rtp-port ];
-  networking.firewall.allowedTCPPortRanges = [ {
+  networking.firewall.allowedTCPPortRanges = [{
    from = webrtc-peer-lower-port;
    to = webrtc-peer-upper-port;
-  } ];
+  }];
-  networking.firewall.allowedUDPPortRanges = [ { 
+  networking.firewall.allowedUDPPortRanges = [{
    from = webrtc-peer-lower-port;
    to = webrtc-peer-upper-port;
-  } ];
+  }];
  virtualisation.docker.enable = true;
@ -49,12 +49,12 @@ in
        ports = [
          "${toStr ingest-port}:8084"
        ];
-#        imageFile = pkgs.dockerTools.pullImage {
+        #        imageFile = pkgs.dockerTools.pullImage {
-#          imageName = "projectlightspeed/ingest";
+        #          imageName = "projectlightspeed/ingest";
-#          finalImageTag = "version-0.1.4";
+        #          finalImageTag = "version-0.1.4";
-#          imageDigest = "sha256:9fc51833b7c27a76d26e40f092b9cec1ac1c4bfebe452e94ad3269f1f73ff2fc";
+        #          imageDigest = "sha256:9fc51833b7c27a76d26e40f092b9cec1ac1c4bfebe452e94ad3269f1f73ff2fc";
-#          sha256 = "19kxl02x0a3i6hlnsfcm49hl6qxnq2f3hfmyv1v8qdaz58f35kd5";
+        #          sha256 = "19kxl02x0a3i6hlnsfcm49hl6qxnq2f3hfmyv1v8qdaz58f35kd5";
-#        };
+        #        };
      };
      "lightspeed-react" = {
        workdir = "/var/lib/lightspeed-react";
@ -62,12 +62,12 @@ in
        ports = [
          "${toStr web-port}:80"
        ];
-#        imageFile = pkgs.dockerTools.pullImage {
+        #        imageFile = pkgs.dockerTools.pullImage {
-#          imageName = "projectlightspeed/react";
+        #          imageName = "projectlightspeed/react";
-#          finalImageTag = "version-0.1.3";
+        #          finalImageTag = "version-0.1.3";
-#          imageDigest = "sha256:b7c58425f1593f7b4304726b57aa399b6e216e55af9c0962c5c19333fae638b6";
+        #          imageDigest = "sha256:b7c58425f1593f7b4304726b57aa399b6e216e55af9c0962c5c19333fae638b6";
-#          sha256 = "0d2jh7mr20h7dxgsp7ml7cw2qd4m8ja9rj75dpy59zyb6v0bn7js";
+        #          sha256 = "0d2jh7mr20h7dxgsp7ml7cw2qd4m8ja9rj75dpy59zyb6v0bn7js";
-#        };
+        #        };
      };
      "lightspeed-webrtc" = {
        workdir = "/var/lib/lightspeed-webrtc";
@ -79,15 +79,18 @@ in
          "${toStr webrtc-peer-lower-port}-${toStr webrtc-peer-upper-port}:${toStr webrtc-peer-lower-port}-${toStr webrtc-peer-upper-port}/udp"
        ];
        cmd = [
-          "lightspeed-webrtc" "--addr=0.0.0.0" "--ip=${domain}"
+          "lightspeed-webrtc"
-          "--ports=${toStr webrtc-peer-lower-port}-${toStr webrtc-peer-upper-port}" "run"
+          "--addr=0.0.0.0"
          "--ip=${domain}"
          "--ports=${toStr webrtc-peer-lower-port}-${toStr webrtc-peer-upper-port}"
          "run"
        ];
-#        imageFile = pkgs.dockerTools.pullImage {
+        #        imageFile = pkgs.dockerTools.pullImage {
-#          imageName = "projectlightspeed/webrtc";
+        #          imageName = "projectlightspeed/webrtc";
-#          finalImageTag = "version-0.1.2";
+        #          finalImageTag = "version-0.1.2";
-#          imageDigest = "sha256:ddf8b3dd294485529ec11d1234a3fc38e365a53c4738998c6bc2c6930be45ecf";
+        #          imageDigest = "sha256:ddf8b3dd294485529ec11d1234a3fc38e365a53c4738998c6bc2c6930be45ecf";
-#          sha256 = "1bdy4ak99fjdphj5bsk8rp13xxmbqdhfyfab14drbyffivg9ad2i";
+        #          sha256 = "1bdy4ak99fjdphj5bsk8rp13xxmbqdhfyfab14drbyffivg9ad2i";
-#        };
+        #        };
      };
    };
  };
--- a/common/server/vscode/modules/vscode-server/default.nix
+++ b/common/server/vscode/modules/vscode-server/default.nix
@ -1,8 +1,8 @@
 import ./module.nix ({ name, description, serviceConfig }:
-{
+  {
    systemd.user.services.${name} = {
      inherit description serviceConfig;
      wantedBy = [ "default.target" ];
    };
-})
+  })
--- a/common/server/vscode/modules/vscode-server/home.nix
+++ b/common/server/vscode/modules/vscode-server/home.nix
@ -1,6 +1,6 @@
 import ./module.nix ({ name, description, serviceConfig }:
-{
+  {
    systemd.user.services.${name} = {
      Unit = {
        Description = description;
@ -12,4 +12,4 @@ import ./module.nix ({ name, description, serviceConfig }:
        WantedBy = [ "default.target" ];
      };
    };
-})
+  })
--- a/common/server/zerobin.nix
+++ b/common/server/zerobin.nix
@ -2,7 +2,8 @@
 let
  cfg = config.services.zerobin;
-in {
+in
 {
  options.services.zerobin = {
    host = lib.mkOption {
      type = lib.types.str;
--- a/flake.nix
+++ b/flake.nix
@ -78,11 +78,12 @@
                inputs.nixpkgs-hostapd-pr
              ];
            };
-          patchedNixpkgs = nixpkgs.lib.fix (self: (import "${patchedNixpkgsSrc}/flake.nix").outputs { self=nixpkgs; });
+            patchedNixpkgs = nixpkgs.lib.fix (self: (import "${patchedNixpkgsSrc}/flake.nix").outputs { self = nixpkgs; });
-        in patchedNixpkgs.lib.nixosSystem {
+          in
          patchedNixpkgs.lib.nixosSystem {
            inherit system;
-          modules = allModules ++ [path];
+            modules = allModules ++ [ path ];
            specialArgs = {
              inherit allModules;
@ -97,7 +98,8 @@
        "s0" = mkSystem "x86_64-linux" nixpkgs ./machines/storage/s0/configuration.nix;
      };
-    packages = let
+    packages =
      let
        mkKexec = system:
          (nixpkgs.lib.nixosSystem {
            inherit system;
@ -108,7 +110,8 @@
            inherit system;
            modules = [ ./machines/ephemeral/iso.nix ];
          }).config.system.build.isoImage;
-    in {
+      in
      {
        "x86_64-linux"."kexec" = mkKexec "x86_64-linux";
        "x86_64-linux"."iso" = mkIso "x86_64-linux";
        "aarch64-linux"."kexec" = mkKexec "aarch64-linux";
@ -124,7 +127,8 @@
          profiles.system.path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${configName};
        };
-      in {
+      in
      {
        s0 = mkDeploy "s0" "s0";
        router = mkDeploy "router" "router";
        ponyo = mkDeploy "ponyo" "ponyo.neet.dev";
--- a/machines/ephemeral/minimal.nix
+++ b/machines/ephemeral/minimal.nix
@ -7,7 +7,8 @@
  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "e1000" "e1000e" "virtio_pci" "r8169" ];
  boot.kernelParams = [
-    "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
+    "panic=30"
    "boot.panic_on_fail" # reboot the machine upon fatal boot issues
    "console=ttyS0,115200" # enable serial console
    "console=tty1"
  ];
@ -21,7 +22,8 @@
  environment.systemPackages = with pkgs; [
    cryptsetup
    btrfs-progs
-    git git-lfs
+    git
    git-lfs
    wget
    htop
    dnsutils
--- a/machines/nat/hardware-configuration.nix
+++ b/machines/nat/hardware-configuration.nix
@ -12,12 +12,14 @@
  boot.extraModulePackages = [ ];
  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/02a8c0c7-fd4e-4443-a83c-2d0b63848779";
+    {
      device = "/dev/disk/by-uuid/02a8c0c7-fd4e-4443-a83c-2d0b63848779";
      fsType = "btrfs";
    };
  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/0C95-1290";
+    {
      device = "/dev/disk/by-uuid/0C95-1290";
      fsType = "vfat";
    };
--- a/machines/ponyo/configuration.nix
+++ b/machines/ponyo/configuration.nix
@ -1,7 +1,7 @@
 { config, pkgs, lib, ... }:
 {
-  imports =[
+  imports = [
    ./hardware-configuration.nix
  ];
@ -61,7 +61,7 @@
      host = "radio.runyan.org";
    };
  };
-  pia.wireguard.badPortForwardPorts = [];
+  pia.wireguard.badPortForwardPorts = [ ];
  services.nginx.virtualHosts."radio.runyan.org" = {
    enableACME = true;
    forceSSL = true;
--- a/machines/ponyo/hardware-configuration.nix
+++ b/machines/ponyo/hardware-configuration.nix
@ -2,7 +2,8 @@
 {
  imports =
-    [ (modulesPath + "/profiles/qemu-guest.nix")
+    [
      (modulesPath + "/profiles/qemu-guest.nix")
    ];
  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ];
@ -22,12 +23,14 @@
  boot.initrd.luks.devices."enc-pv2".device = "/dev/disk/by-uuid/e52b01b3-81c8-4bb2-ae7e-a3d9c793cb00"; # expanded disk
  fileSystems."/" =
-    { device = "/dev/mapper/enc-pv";
+    {
      device = "/dev/mapper/enc-pv";
      fsType = "btrfs";
    };
  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/d3a3777d-1e70-47fa-a274-804dc70ee7fd";
+    {
      device = "/dev/disk/by-uuid/d3a3777d-1e70-47fa-a274-804dc70ee7fd";
      fsType = "ext4";
    };
--- a/machines/ray/hardware-configuration.nix
+++ b/machines/ray/hardware-configuration.nix
@ -5,7 +5,8 @@
 {
  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+    [
      (modulesPath + "/installer/scan/not-detected.nix")
    ];
  # boot
@ -40,22 +41,24 @@
    allowDiscards = true;
  };
  fileSystems."/" =
-    { device = "/dev/vg/root";
+    {
      device = "/dev/vg/root";
      fsType = "btrfs";
      options = [ "subvol=root" ];
    };
  fileSystems."/home" =
-    { device = "/dev/vg/root";
+    {
      device = "/dev/vg/root";
      fsType = "btrfs";
      options = [ "subvol=home" ];
    };
  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/2C85-2B59";
+    {
      device = "/dev/disk/by-uuid/2C85-2B59";
      fsType = "vfat";
    };
  swapDevices =
-    [ { device = "/dev/vg/swap"; }
+    [{ device = "/dev/vg/swap"; }];
    ];
  # high-resolution display
  hardware.video.hidpi.enable = lib.mkDefault true;
--- a/machines/router/hardware-configuration.nix
+++ b/machines/router/hardware-configuration.nix
@ -10,7 +10,8 @@
  # Enable serial output
  boot.kernelParams = [
-    "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
+    "panic=30"
    "boot.panic_on_fail" # reboot the machine upon fatal boot issues
    "console=ttyS0,115200n8" # enable serial console
  ];
  boot.loader.grub.extraConfig = "
@ -33,16 +34,17 @@
  remoteLuksUnlock.enable = true;
  boot.initrd.luks.devices."enc-pv".device = "/dev/disk/by-uuid/9b090551-f78e-45ca-8570-196ed6a4af0c";
  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/421c82b9-d67c-4811-8824-8bb57cb10fce";
+    {
      device = "/dev/disk/by-uuid/421c82b9-d67c-4811-8824-8bb57cb10fce";
      fsType = "btrfs";
    };
  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/d97f324f-3a2e-4b84-ae2a-4b3d1209c689";
+    {
      device = "/dev/disk/by-uuid/d97f324f-3a2e-4b84-ae2a-4b3d1209c689";
      fsType = "ext3";
    };
  swapDevices =
-    [ { device = "/dev/disk/by-uuid/45bf58dd-67eb-45e4-9a98-246e23fa7abd"; }
+    [{ device = "/dev/disk/by-uuid/45bf58dd-67eb-45e4-9a98-246e23fa7abd"; }];
    ];
  nixpkgs.hostPlatform = "x86_64-linux";
 }
--- a/machines/router/router.nix
+++ b/machines/router/router.nix
@ -97,11 +97,11 @@ in
          channel = 6;
          countryCode = "US";
          wifi4 = {
-            capabilities = ["LDPC" "GF" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "HT40+"];
+            capabilities = [ "LDPC" "GF" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "HT40+" ];
          };
          wifi5 = {
            operatingChannelWidth = "20or40";
-            capabilities = ["MAX-A-MPDU-LEN-EXP0"];
+            capabilities = [ "MAX-A-MPDU-LEN-EXP0" ];
          };
          wifi6 = {
            enable = true;
@ -137,11 +137,11 @@ in
          channel = 128;
          countryCode = "US";
          wifi4 = {
-            capabilities = ["LDPC" "GF" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "HT40-"];
+            capabilities = [ "LDPC" "GF" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "HT40-" ];
          };
          wifi5 = {
            operatingChannelWidth = "160";
-            capabilities = ["RXLDPC" "SHORT-GI-80" "SHORT-GI-160" "TX-STBC-2BY1" "SU-BEAMFORMER" "SU-BEAMFORMEE" "MU-BEAMFORMER" "MU-BEAMFORMEE" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "SOUNDING-DIMENSION-3" "BF-ANTENNA-3" "VHT160" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7"];
+            capabilities = [ "RXLDPC" "SHORT-GI-80" "SHORT-GI-160" "TX-STBC-2BY1" "SU-BEAMFORMER" "SU-BEAMFORMEE" "MU-BEAMFORMER" "MU-BEAMFORMEE" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "SOUNDING-DIMENSION-3" "BF-ANTENNA-3" "VHT160" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7" ];
          };
          wifi6 = {
            enable = true;
--- a/machines/storage/s0/configuration.nix
+++ b/machines/storage/s0/configuration.nix
@ -1,7 +1,7 @@
 { config, pkgs, lib, ... }:
 {
-  imports =[
+  imports = [
    ./hardware-configuration.nix
  ];
--- a/machines/storage/s0/hardware-configuration.nix
+++ b/machines/storage/s0/hardware-configuration.nix
@ -2,7 +2,8 @@
 {
  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+    [
      (modulesPath + "/installer/scan/not-detected.nix")
    ];
  # boot
@ -31,28 +32,39 @@
  # mounts
  fileSystems."/" =
-    { device = "rpool/nixos/root";
+    {
-      fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
+      device = "rpool/nixos/root";
      fsType = "zfs";
      options = [ "zfsutil" "X-mount.mkdir" ];
    };
  fileSystems."/home" =
-    { device = "rpool/nixos/home";
+    {
-      fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
+      device = "rpool/nixos/home";
      fsType = "zfs";
      options = [ "zfsutil" "X-mount.mkdir" ];
    };
  fileSystems."/var/lib" =
-    { device = "rpool/nixos/var/lib";
+    {
-      fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
+      device = "rpool/nixos/var/lib";
      fsType = "zfs";
      options = [ "zfsutil" "X-mount.mkdir" ];
    };
  fileSystems."/var/log" =
-    { device = "rpool/nixos/var/log";
+    {
-      fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
+      device = "rpool/nixos/var/log";
      fsType = "zfs";
      options = [ "zfsutil" "X-mount.mkdir" ];
    };
  fileSystems."/data" =
-    { device = "rpool/nixos/data";
+    {
-      fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
+      device = "rpool/nixos/data";
      fsType = "zfs";
      options = [ "zfsutil" "X-mount.mkdir" ];
    };
  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/4FB4-738E";
+    {
      device = "/dev/disk/by-uuid/4FB4-738E";
      fsType = "vfat";
    };
  swapDevices = [ ];