Switch to nixfmt-rfc-style

flake.lock

@@ -89,11 +89,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1706182238,
+        "lastModified": 1706834982,
-        "narHash": "sha256-Ti7CerGydU7xyrP/ow85lHsOpf+XMx98kQnPoQCSi1g=",
+        "narHash": "sha256-3CfxA7gZ+DVv/N9Pvw61bV5Oe/mWfxYPyVQGqp9TMJA=",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "f84eaffc35d1a655e84749228cde19922fcf55f1",
+        "rev": "83e571bb291161682b9c3ccd48318f115143a550",
         "type": "github"
       },
       "original": {
@@ -104,11 +104,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1706098335,
+        "lastModified": 1706718339,
-        "narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=",
+        "narHash": "sha256-S+S97c/HzkO2A/YsU7ZmNF9w2s7Xk6P8dzmfDdckzLs=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "a77ab169a83a4175169d78684ddd2e54486ac651",
+        "rev": "53fbe41cf76b6a685004194e38e889bc8857e8c2",
         "type": "github"
       },
       "original": {
@@ -120,11 +120,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1706191920,
+        "lastModified": 1706550542,
-        "narHash": "sha256-eLihrZAPZX0R6RyM5fYAWeKVNuQPYjAkCUBr+JNvtdE=",
+        "narHash": "sha256-UcsnCG6wx++23yeER4Hg18CXWbgNpqNXcHIo5/1Y+hc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ae5c332cbb5827f6b1f02572496b141021de335f",
+        "rev": "97b17f32362e475016f942bbdfda4a4a72a8a652",
         "type": "github"
       },
       "original": {

flake.nix

@@ -19,16 +19,22 @@
     };
   };
 
-  outputs = inputs@{ self, agenix, nixpkgs, nixpkgs-unstable, nixos-hardware
+  outputs =
-    , home-manager }:
+    inputs@{
+      self,
+      agenix,
+      nixpkgs,
+      nixpkgs-unstable,
+      nixos-hardware,
+      home-manager,
+    }:
     let
       mkComputer = import "${inputs.self}/lib/mk_computer.nix";
       mkRaspi = import "${inputs.self}/lib/mk_raspi.nix";
-      mksdImage = host:
+      mksdImage =
+        host:
         (self.nixosConfigurations.${host}.extendModules {
-          modules = [
+          modules = [ "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" ];
-            "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
-          ];
         }).config.system.build.sdImage;
       # required for home-manager only setup {
       overlay-unstable = final: prev: {
@@ -39,11 +45,14 @@
       };
       pkgs = import inputs.nixpkgs {
         system = "x86_64-linux";
-        config = { allowUnfree = true; };
+        config = {
+          allowUnfree = true;
+        };
         overlays = [ overlay-unstable ];
       };
-      # }
+    in
-    in {
+    # }
+    {
       images = {
         git = mksdImage "git";
         loki-test = mksdImage "loki-test";
@@ -131,7 +140,9 @@
           ];
           extraSpecialArgs = {
             inherit inputs;
-            nixosConfig = { az-username = "zweili"; };
+            nixosConfig = {
+              az-username = "zweili";
+            };
           };
         };
       };

home-manager/modules/common/default.nix

@@ -1,4 +1,11 @@
-{ config, lib, nixosConfig, pkgs, ... }: {
+{
+  config,
+  lib,
+  nixosConfig,
+  pkgs,
+  ...
+}:
+{
   # Home Manager needs a bit of information about you and the
   # paths it should manage.
   programs = {
@@ -23,7 +30,9 @@
           "$git_status"
           "$character"
         ];
-        python = { format = "[\${symbol}($virtualenv) ]($style)"; };
+        python = {
+          format = "[\${symbol}($virtualenv) ]($style)";
+        };
       };
       enable = true;
     };
@@ -74,9 +83,8 @@
     };
 
     shellAliases = {
-      format-modules = "nixfmt **/*.nix";
+      format-modules = "unstable.nixfmt-rfc-style **/*.nix";
-      nix-generations =
+      nix-generations = "sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
-        "sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
       rebuild = ''
         nixos-rebuild -j auto switch --use-remote-sudo
       '';
@@ -93,7 +101,7 @@
       highlight
       killall
       ncdu
-      nixfmt
+      unstable.nixfmt-rfc-style
       nmon
       tree
       unzip

home-manager/modules/default.nix

@@ -1,4 +1,5 @@
-{ ... }: {
+{ ... }:
+{
   imports = [
     ./common
     ./programs/alacritty

home-manager/modules/programs/alacritty/default.nix

@@ -1,9 +1,10 @@
 { config, lib, ... }:
-let cfg = config.programs.az-alacritty;
+let
-in {
+  cfg = config.programs.az-alacritty;
+in
+{
   options = {
-    programs.az-alacritty.enable =
+    programs.az-alacritty.enable = lib.mkEnableOption "Enable alacritty terminal.";
-      lib.mkEnableOption "Enable alacritty terminal.";
   };
 
   config = lib.mkIf cfg.enable {

home-manager/modules/programs/ansible/default.nix

@@ -1,6 +1,13 @@
-{ config, lib, pkgs, ... }:
+{
-let cfg = config.programs.az-ansible;
+  config,
-in {
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.programs.az-ansible;
+in
+{
   options = {
     programs.az-ansible.enable = lib.mkEnableOption "Enable ansible.";
   };

home-manager/modules/programs/calibre/default.nix

@@ -1,6 +1,13 @@
-{ config, lib, pkgs, ... }:
+{
-let cfg = config.programs.az-calibre;
+  config,
-in {
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.programs.az-calibre;
+in
+{
   options = {
     programs.az-calibre.enable = lib.mkEnableOption "Enable calibre.";
   };

home-manager/modules/programs/czkawka/default.nix

@@ -1,6 +1,13 @@
-{ config, lib, pkgs, ... }:
+{
-let cfg = config.programs.az-czkawka;
+  config,
-in {
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.programs.az-czkawka;
+in
+{
   options = {
     programs.az-czkawka.enable = lib.mkEnableOption "Enable czkawka.";
   };

home-manager/modules/programs/emacs/default.nix

@@ -1,7 +1,16 @@
-{ config, lib, pkgs, ... }:
+{
-let cfg = config.programs.az-emacs;
+  config,
-in {
+  lib,
-  options = { programs.az-emacs.enable = lib.mkEnableOption "Enable emacs."; };
+  pkgs,
+  ...
+}:
+let
+  cfg = config.programs.az-emacs;
+in
+{
+  options = {
+    programs.az-emacs.enable = lib.mkEnableOption "Enable emacs.";
+  };
 
   config = lib.mkIf cfg.enable {
     home.packages = with pkgs; [
@@ -25,8 +34,8 @@ in {
               languagetool-console-command "${pkgs.languagetool}/share/languagetool-commandline.jar"
               languagetool-server-command "${pkgs.languagetool}/share/languagetool-server.jar")
       '';
-      extraPackages = epkgs:
+      extraPackages =
-        with pkgs; [
+        epkgs: with pkgs; [
           epkgs.ag
           epkgs.amx
           epkgs.annotate

home-manager/modules/programs/email/default.nix

@@ -1,9 +1,15 @@
-{ config, inputs, lib, ... }:
+{
-let cfg = config.programs.az-email;
+  config,
-in {
+  inputs,
+  lib,
+  ...
+}:
+let
+  cfg = config.programs.az-email;
+in
+{
   options = {
-    programs.az-email.enable =
+    programs.az-email.enable = lib.mkEnableOption "Configure everything required for sending emails.";
-      lib.mkEnableOption "Configure everything required for sending emails.";
   };
 
   config = lib.mkIf cfg.enable {
@@ -18,14 +24,21 @@ in {
       userName = "andreas@zweili.ch";
       primary = true;
       passwordCommand = "cat /run/user/1000/agenix/personalEmailKey";
-      aliases = [ "andreas.zweili@gmail.com" "andreas@2li.ch" ];
+      aliases = [
+        "andreas.zweili@gmail.com"
+        "andreas@2li.ch"
+      ];
       msmtp.enable = true;
       mu.enable = true;
       offlineimap = {
         enable = true;
         extraConfig = {
-          account = { autorefresh = 15; };
+          account = {
-          local = { sync_deletes = true; };
+            autorefresh = 15;
+          };
+          local = {
+            sync_deletes = true;
+          };
         };
       };
       imap = {

home-manager/modules/programs/evince/default.nix

@@ -1,6 +1,13 @@
-{ config, lib, pkgs, ... }:
+{
-let cfg = config.programs.az-evince;
+  config,
-in {
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.programs.az-evince;
+in
+{
   options = {
     programs.az-evince.enable = lib.mkEnableOption "Enable evince.";
   };

home-manager/modules/programs/git/default.nix

@@ -1,6 +1,8 @@
 { config, lib, ... }:
-let cfg = config.programs.az-git;
+let
-in {
+  cfg = config.programs.az-git;
+in
+{
   options = {
     programs.az-git = {
       enable = lib.mkEnableOption "Enable git.";
@@ -25,15 +27,25 @@ in {
           syntax-theme = "GitHub";
         };
       };
-      includes = [{
+      includes = [
-        path = "~/.config/git/workconfig";
+        {
-        condition = "gitdir:~/git_repos/work/";
+          path = "~/.config/git/workconfig";
-      }];
+          condition = "gitdir:~/git_repos/work/";
+        }
+      ];
       extraConfig = {
-        core = { hooksPath = "~/.config/git/hooks/"; };
+        core = {
-        safe = { directory = "*"; };
+          hooksPath = "~/.config/git/hooks/";
-        pull = { rebase = false; };
+        };
-        push = { autoSetupRemote = true; };
+        safe = {
+          directory = "*";
+        };
+        pull = {
+          rebase = false;
+        };
+        push = {
+          autoSetupRemote = true;
+        };
         merge.conflictStyle = "diff3";
         rerere.enabled = true;
       };
@@ -122,7 +134,6 @@ in {
 
         # ignore pycache"
         "__pycache__/"
-
       ];
     };
     # raw files

home-manager/modules/programs/hunspell/default.nix

@@ -1,6 +1,13 @@
-{ config, lib, pkgs, ... }:
+{
-let cfg = config.programs.az-hunspell;
+  config,
-in {
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.programs.az-hunspell;
+in
+{
   options = {
     programs.az-hunspell.enable = lib.mkEnableOption "Add dictionaries";
   };

home-manager/modules/programs/keeweb/default.nix

@@ -1,6 +1,13 @@
-{ config, lib, pkgs, ... }:
+{
-let cfg = config.programs.az-keeweb;
+  config,
-in {
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.programs.az-keeweb;
+in
+{
   options = {
     programs.az-keeweb.enable = lib.mkEnableOption "Enable keeweb.";
   };
@@ -17,7 +24,9 @@ in {
         Environment = "QT_SCALE_FACTOR=1.25";
         ExecStart = "${pkgs.keeweb}/bin/keeweb --no-sandbox";
       };
-      Install = { WantedBy = [ "graphical-session.target" ]; };
+      Install = {
+        WantedBy = [ "graphical-session.target" ];
+      };
     };
   };
 }

home-manager/modules/programs/mpv/default.nix

@@ -1,22 +1,31 @@
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 let
   cfg = config.programs.az-mpv;
-  delete-file = (pkgs.stdenvNoCC.mkDerivation rec {
+  delete-file = (
-    name = "mpv-delete-file";
+    pkgs.stdenvNoCC.mkDerivation rec {
-    src = pkgs.fetchurl {
+      name = "mpv-delete-file";
-      url =
+      src = pkgs.fetchurl {
-        "https://git.2li.ch/various/mpv-scripts/raw/commit/19ea069abcb794d1bf8fac2f59b50d71ab992130/delete_file.lua";
+        url = "https://git.2li.ch/various/mpv-scripts/raw/commit/19ea069abcb794d1bf8fac2f59b50d71ab992130/delete_file.lua";
-      sha256 = "sha256-1FX23t+O1aFZnbuvl+9zDT8OcKEziWNGj5cAMSvRIas=";
+        sha256 = "sha256-1FX23t+O1aFZnbuvl+9zDT8OcKEziWNGj5cAMSvRIas=";
-    };
+      };
-    dontBuild = true;
+      dontBuild = true;
-    dontUnpack = true;
+      dontUnpack = true;
-    installPhase = ''
+      installPhase = ''
-      install -Dm644 ${src} $out/share/mpv/scripts/delete_file.lua
+        install -Dm644 ${src} $out/share/mpv/scripts/delete_file.lua
-    '';
+      '';
-    passthru.scriptName = "delete_file.lua";
+      passthru.scriptName = "delete_file.lua";
-  });
+    }
-in {
+  );
-  options = { programs.az-mpv.enable = lib.mkEnableOption "Enable MPV."; };
+in
+{
+  options = {
+    programs.az-mpv.enable = lib.mkEnableOption "Enable MPV.";
+  };
 
   config = lib.mkIf cfg.enable {
     programs.mpv = {
@@ -25,13 +34,17 @@ in {
         s = "playlist-shuffle";
         r = "cycle_values video-rotate 90 180 270 0";
       };
-      config = { "keepaspect-window" = "no"; };
+      config = {
+        "keepaspect-window" = "no";
+      };
       scripts = [ delete-file ];
     };
 
     xdg.mimeApps = {
       enable = true;
-      associations.added = { "inode/directory" = [ "mpv.desktop" ]; };
+      associations.added = {
+        "inode/directory" = [ "mpv.desktop" ];
+      };
       defaultApplications = {
         "application/mxf" = "mpv.desktop";
         "application/sdp" = "mpv.desktop";

home-manager/modules/programs/open-port/default.nix

@@ -1,9 +1,10 @@
 { config, lib, ... }:
-let cfg = config.programs.az-open-port;
+let
-in {
+  cfg = config.programs.az-open-port;
+in
+{
   options = {
-    programs.az-open-port.enable =
+    programs.az-open-port.enable = lib.mkEnableOption "Two functions to quickly open a port in iptables.";
-      lib.mkEnableOption "Two functions to quickly open a port in iptables.";
   };
 
   config = lib.mkIf cfg.enable {

home-manager/modules/programs/rapid-photo-downloader/default.nix

@@ -1,9 +1,15 @@
-{ config, lib, pkgs, ... }:
+{
-let cfg = config.programs.az-rapid-photo-downloader;
+  config,
-in {
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.programs.az-rapid-photo-downloader;
+in
+{
   options = {
-    programs.az-rapid-photo-downloader.enable =
+    programs.az-rapid-photo-downloader.enable = lib.mkEnableOption "Enable Rapid Photo Downloader.";
-      lib.mkEnableOption "Enable Rapid Photo Downloader.";
   };
 
   config = lib.mkIf cfg.enable {

home-manager/modules/programs/signal/default.nix

@@ -1,6 +1,13 @@
-{ config, lib, pkgs, ... }:
+{
-let cfg = config.programs.az-signal;
+  config,
-in {
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.programs.az-signal;
+in
+{
   options = {
     programs.az-signal.enable = lib.mkEnableOption "Enable Signal.";
   };
@@ -12,14 +19,20 @@ in {
     xdg.desktopEntries = {
       signal = {
         name = "Signal with tray icon";
-        exec =
+        exec = "${pkgs.unstable.signal-desktop}/bin/signal-desktop --use-tray-icon --no-sandbox %U";
-          "${pkgs.unstable.signal-desktop}/bin/signal-desktop --use-tray-icon --no-sandbox %U";
         terminal = false;
         type = "Application";
         icon = "signal-desktop";
         comment = "Private messaging from your desktop";
-        mimeType = [ "x-scheme-handler/sgnl" "x-scheme-handler/signalcaptcha" ];
+        mimeType = [
-        categories = [ "Network" "InstantMessaging" "Chat" ];
+          "x-scheme-handler/sgnl"
+          "x-scheme-handler/signalcaptcha"
+        ];
+        categories = [
+          "Network"
+          "InstantMessaging"
+          "Chat"
+        ];
       };
     };
   };

home-manager/modules/programs/ssh/default.nix

@@ -1,7 +1,11 @@
 { config, lib, ... }:
-let cfg = config.programs.az-ssh;
+let
-in {
+  cfg = config.programs.az-ssh;
-  options = { programs.az-ssh.enable = lib.mkEnableOption "Enable SSH host."; };
+in
+{
+  options = {
+    programs.az-ssh.enable = lib.mkEnableOption "Enable SSH host.";
+  };
 
   config = lib.mkIf cfg.enable {
     programs.ssh = {

home-manager/modules/programs/telegram/default.nix

@@ -1,6 +1,13 @@
-{ config, lib, pkgs, ... }:
+{
-let cfg = config.programs.az-telegram;
+  config,
-in {
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.programs.az-telegram;
+in
+{
   options = {
     programs.az-telegram.enable = lib.mkEnableOption "Enable Telegram.";
   };

home-manager/modules/programs/tmux/default.nix

@@ -1,7 +1,11 @@
 { config, lib, ... }:
-let cfg = config.programs.az-tmux;
+let
-in {
+  cfg = config.programs.az-tmux;
-  options = { programs.az-tmux.enable = lib.mkEnableOption "Enable tmux"; };
+in
+{
+  options = {
+    programs.az-tmux.enable = lib.mkEnableOption "Enable tmux";
+  };
 
   config = lib.mkIf cfg.enable {
     programs.tmux = {
@@ -70,4 +74,3 @@ in {
     };
   };
 }
-

home-manager/modules/programs/vagrant-wsl/default.nix

@@ -1,9 +1,15 @@
-{ config, lib, pkgs, ... }:
+{
-let cfg = config.programs.az-vagrant-wsl;
+  config,
-in {
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.programs.az-vagrant-wsl;
+in
+{
   options = {
-    programs.az-vagrant-wsl.enable =
+    programs.az-vagrant-wsl.enable = lib.mkEnableOption "Enable Vagrant in WSL.";
-      lib.mkEnableOption "Enable Vagrant in WSL.";
   };
 
   config = lib.mkIf cfg.enable {

home-manager/modules/programs/work-desktop/default.nix

@@ -1,11 +1,21 @@
-{ config, lib, pkgs, ... }:
+{
-let cfg = config.programs.az-work-desktop;
+  config,
-in {
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.programs.az-work-desktop;
+in
+{
   options = {
-    programs.az-work-desktop.enable =
+    programs.az-work-desktop.enable = lib.mkEnableOption "Applications and config required for work.";
-      lib.mkEnableOption "Applications and config required for work.";
   };
 
-  config =
+  config = lib.mkIf cfg.enable {
-    lib.mkIf cfg.enable { home.packages = with pkgs; [ dbeaver vagrant ]; };
+    home.packages = with pkgs; [
+      dbeaver
+      vagrant
+    ];
+  };
 }

home-manager/modules/programs/yt-dlp/default.nix

@@ -1,6 +1,8 @@
 { config, lib, ... }:
-let cfg = config.programs.az-yt-dlp;
+let
-in {
+  cfg = config.programs.az-yt-dlp;
+in
+{
   options = {
     programs.az-yt-dlp.enable = lib.mkEnableOption "Enable yt-dlp.";
   };
@@ -11,7 +13,9 @@ in {
       extraConfig = ''
         -S "+codec:h264"
       '';
-      settings = { remux-video = "mkv"; };
+      settings = {
+        remux-video = "mkv";
+      };
     };
   };
 }

home-manager/modules/services/desktop-base/default.nix

@@ -1,9 +1,15 @@
-{ config, lib, pkgs, ... }:
+{
-let cfg = config.services.az-desktop-base;
+  config,
-in {
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.services.az-desktop-base;
+in
+{
   options = {
-    services.az-desktop-base.enable =
+    services.az-desktop-base.enable = lib.mkEnableOption "Base configuration for a destkop.";
-      lib.mkEnableOption "Base configuration for a destkop.";
   };
 
   config = lib.mkIf cfg.enable {
@@ -23,10 +29,8 @@ in {
       az-tmux.enable = true;
       bash = {
         shellAliases = {
-          management-server =
+          management-server = "mosh ${config.home.username}@10.7.89.150 -- tmux new -A -s 0";
-            "mosh ${config.home.username}@10.7.89.150 -- tmux new -A -s 0";
+          work-management = "mosh --ssh='ssh -i ~/.ssh/zweili.key' zweili@10.49.0.100 -- tmux new -A -s 0";
-          work-management =
-            "mosh --ssh='ssh -i ~/.ssh/zweili.key' zweili@10.49.0.100 -- tmux new -A -s 0";
         };
       };
     };
@@ -40,8 +44,7 @@ in {
       remmina
     ];
     # raw config files
-    home.file.".config/qtile/autostart.d/xdg-portal-add-path.sh".source =
+    home.file.".config/qtile/autostart.d/xdg-portal-add-path.sh".source = ./xdg-portal-add-path.sh;
-      ./xdg-portal-add-path.sh;
 
     gtk.theme.name = "Arc-Darker";
 
@@ -94,7 +97,9 @@ in {
       configFile."mimeapps.list".force = true;
     };
 
-    xsession = { numlock.enable = true; };
+    xsession = {
+      numlock.enable = true;
+    };
 
     services = {
       az-dunst.enable = true;
@@ -109,4 +114,3 @@ in {
     systemd.user.startServices = "sd-switch";
   };
 }
-

home-manager/modules/services/dunst/default.nix

@@ -1,7 +1,11 @@
 { config, lib, ... }:
-let cfg = config.services.az-dunst;
+let
-in {
+  cfg = config.services.az-dunst;
-  options = { services.az-dunst.enable = lib.mkEnableOption "Enable dunst."; };
+in
+{
+  options = {
+    services.az-dunst.enable = lib.mkEnableOption "Enable dunst.";
+  };
 
   config = lib.mkIf cfg.enable {
     services.dunst = {

home-manager/modules/services/espanso/default.nix

@@ -1,6 +1,8 @@
 { config, lib, ... }:
-let cfg = config.services.az-espanso;
+let
-in {
+  cfg = config.services.az-espanso;
+in
+{
   options = {
     services.az-espanso.enable = lib.mkEnableOption "Enable espanso.";
   };
@@ -16,23 +18,30 @@ in {
         {
           trigger = "<dd";
           replace = "{{current_date}}";
-          vars = [{
+          vars = [
-            name = "current_date";
+            {
-            type = "date";
+              name = "current_date";
-            params = { format = "%Y-%m-%d"; };
+              type = "date";
-          }];
+              params = {
+                format = "%Y-%m-%d";
+              };
+            }
+          ];
         }
         {
           trigger = "<ds";
           replace = "{{current_date}}";
-          vars = [{
+          vars = [
-            name = "current_date";
+            {
-            type = "date";
+              name = "current_date";
-            params = { format = "%Y-%m-%d_%H%M%S"; };
+              type = "date";
-          }];
+              params = {
+                format = "%Y-%m-%d_%H%M%S";
+              };
+            }
+          ];
         }
       ];
     };
   };
 }
-

home-manager/modules/services/grobi/default.nix

@@ -1,9 +1,15 @@
-{ config, lib, pkgs, ... }:
+{
-let cfg = config.services.az-grobi;
+  config,
-in {
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.services.az-grobi;
+in
+{
   options = {
-    services.az-grobi.enable =
+    services.az-grobi.enable = lib.mkEnableOption "Enabel grobi display manager.";
-      lib.mkEnableOption "Enabel grobi display manager.";
   };
 
   config = lib.mkIf cfg.enable {
@@ -23,7 +29,10 @@ in {
         }
         {
           name = "docked";
-          outputs_connected = [ "eDP-1" "DP-1-2" ];
+          outputs_connected = [
+            "eDP-1"
+            "DP-1-2"
+          ];
           atomic = true;
           configure_single = "DP-1-2";
           primary = true;

home-manager/profiles/desktop.nix

@@ -8,7 +8,8 @@ let
         nvidia-offload mpv --shuffle --mute=yes "/run/user/1000/gvfs/smb-share:server=10.7.89.108,share=various2/$directory/" &
     done
   '';
-in {
+in
+{
   imports = [ "${inputs.self}/home-manager/modules" ];
   home = {
     packages = with pkgs; [
@@ -22,8 +23,7 @@ in {
       az-media
     ];
     shellAliases = {
-      unlock-luks =
+      unlock-luks = "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o User=root";
-        "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o User=root";
     };
   };
 
@@ -34,6 +34,7 @@ in {
     az-yt-dlp.enable = true;
   };
 
-  services = { az-desktop-base.enable = true; };
+  services = {
+    az-desktop-base.enable = true;
+  };
 }
-

home-manager/profiles/headless.nix

@@ -1,4 +1,5 @@
-{ inputs, ... }: {
+{ inputs, ... }:
+{
   imports = [ "${inputs.self}/home-manager/modules" ];
   systemd.user.startServices = "sd-switch";
 }

home-manager/profiles/management.nix

@@ -1,4 +1,5 @@
-{ inputs, pkgs, ... }: {
+{ inputs, pkgs, ... }:
+{
   imports = [ "${inputs.self}/home-manager/modules" ];
 
   home = {
@@ -9,8 +10,7 @@
       xclip
     ];
     shellAliases = {
-      unlock-luks =
+      unlock-luks = "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o User=root";
-        "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o User=root";
     };
   };
 

home-manager/profiles/ubuntu.nix

@@ -1,4 +1,5 @@
-{ inputs, ... }: {
+{ inputs, ... }:
+{
   imports = [ "${inputs.self}/home-manager/modules" ];
 
   targets.genericLinux.enable = true;

home-manager/profiles/work-vm.nix

@@ -1,4 +1,5 @@
-{ inputs, pkgs, ... }: {
+{ inputs, pkgs, ... }:
+{
   imports = [ "${inputs.self}/home-manager/modules" ];
   home = {
     packages = with pkgs; [
@@ -8,10 +9,13 @@
   };
 
   programs = {
-    az-git = { userEmail = "zweili@contria.com"; };
+    az-git = {
+      userEmail = "zweili@contria.com";
+    };
     az-work-desktop.enable = true;
   };
 
-  services = { az-desktop-base.enable = true; };
+  services = {
+    az-desktop-base.enable = true;
+  };
 }
-

home-manager/profiles/work-wsl.nix

@@ -1,4 +1,10 @@
-{ config, inputs, pkgs, ... }: {
+{
+  config,
+  inputs,
+  pkgs,
+  ...
+}:
+{
   imports = [ "${inputs.self}/home-manager/modules" ];
 
   programs.direnv = {
@@ -15,7 +21,13 @@
       NIX_PATH = "nixpkgs=${inputs.nixpkgs}";
       PATH = "$PATH:$HOME/.local/bin";
     };
-    packages = with pkgs; [ keychain nixfmt mosh gyre-fonts source-code-pro ];
+    packages = with pkgs; [
+      keychain
+      unstable.nixfmt-rfc-style
+      mosh
+      gyre-fonts
+      source-code-pro
+    ];
   };
   nix = {
     package = pkgs.nix;
@@ -25,8 +37,10 @@
       experimental-features = "nix-command flakes";
       fallback = true;
       warn-dirty = false;
-      substituters =
+      substituters = [
-        [ "https://nix-community.cachix.org" "https://cache.nixos.org" ];
+        "https://nix-community.cachix.org"
+        "https://cache.nixos.org"
+      ];
       trusted-public-keys = [
         "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
         "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
@@ -38,7 +52,9 @@
   programs = {
     az-ansible.enable = true;
     az-emacs.enable = true;
-    az-git = { userEmail = "zweili@contria.com"; };
+    az-git = {
+      userEmail = "zweili@contria.com";
+    };
     az-hunspell.enable = true;
     az-tmux.enable = true;
     az-vagrant-wsl.enable = true;
@@ -47,8 +63,7 @@
         . /home/zweili/.nix-profile/etc/profile.d/nix.sh
       '';
       shellAliases = {
-        work-management =
+        work-management = "mosh --ssh='ssh -i ~/.ssh/zweili.key' zweili@10.49.0.100 -- tmux new -A -s 0";
-          "mosh --ssh='ssh -i ~/.ssh/zweili.key' zweili@10.49.0.100 -- tmux new -A -s 0";
         work-vm = ''ssh andreas@localhost -p 2222 -t "$@" "tmux new -A -s 0"'';
         hm-rebuild = "home-manager switch";
       };
@@ -56,4 +71,3 @@
   };
   systemd.user.startServices = "suggest";
 }
-

lib/mk_computer.nix

@@ -1,5 +1,10 @@
-{ hostname, inputs, system ? "x86_64-linux", home-module ? "headless"
+{
-, username ? "andreas" }:
+  hostname,
+  inputs,
+  system ? "x86_64-linux",
+  home-module ? "headless",
+  username ? "andreas",
+}:
 let
   overlay-unstable = final: prev: {
     unstable = import inputs.nixpkgs-unstable {
@@ -10,7 +15,9 @@ let
 
   pkgs = import inputs.nixpkgs {
     inherit system;
-    config = { allowUnfree = true; };
+    config = {
+      allowUnfree = true;
+    };
     overlays = [
       overlay-unstable
       #      (final: prev: {
@@ -26,9 +33,12 @@ let
       #      })
     ];
   };
-in inputs.nixpkgs.lib.nixosSystem {
+in
+inputs.nixpkgs.lib.nixosSystem {
   inherit system pkgs;
-  specialArgs = { inherit inputs; };
+  specialArgs = {
+    inherit inputs;
+  };
   modules = ([
     # System configuration for this host
     (import "${inputs.self}/systems/${hostname}" { inherit hostname; })
@@ -46,7 +56,9 @@ in inputs.nixpkgs.lib.nixosSystem {
     {
       home-manager.useGlobalPkgs = true;
       home-manager.useUserPackages = true;
-      home-manager.extraSpecialArgs = { inherit inputs system; };
+      home-manager.extraSpecialArgs = {
+        inherit inputs system;
+      };
       age.identityPaths = [ "/home/${username}/.ssh/id_rsa" ];
       home-manager.users.${username}.imports = [
         inputs.agenix.homeManagerModules.default

lib/mk_raspi.nix

@@ -1,5 +1,10 @@
-{ hostname, inputs, system ? "aarch64-linux", home-module ? "headless"
+{
-, username ? "andreas" }:
+  hostname,
+  inputs,
+  system ? "aarch64-linux",
+  home-module ? "headless",
+  username ? "andreas",
+}:
 let
   overlay-unstable = final: prev: {
     unstable = import inputs.nixpkgs-unstable {
@@ -10,34 +15,39 @@ let
 
   pkgs = import inputs.nixpkgs {
     inherit system;
-    config = { allowUnfree = true; };
+    config = {
+      allowUnfree = true;
+    };
     overlays = [
       overlay-unstable
       (final: prev: {
-        freshrss = prev.freshrss.overrideAttrs (_: rec {
+        freshrss = prev.freshrss.overrideAttrs (
-          version = "1.32.1";
+          _: rec {
-          src = pkgs.fetchFromGitHub {
+            version = "1.32.1";
-            owner = "FreshRSS";
+            src = pkgs.fetchFromGitHub {
-            repo = "FreshRSS";
+              owner = "FreshRSS";
-            rev = "c89073d60e491f775a13a9ec57915313eb073964";
+              repo = "FreshRSS";
-            sha256 = "sha256-DqfkbfvqGkAMQ2oawfb7Ggiv2u6/Qq6UgygLTNov9CA=";
+              rev = "c89073d60e491f775a13a9ec57915313eb073964";
-          };
+              sha256 = "sha256-DqfkbfvqGkAMQ2oawfb7Ggiv2u6/Qq6UgygLTNov9CA=";
-        });
+            };
+          }
+        );
       })
 
       # The following is requried for building images {
       # https://github.com/NixOS/nixpkgs/issues/126755#issuecomment-869149243
       (final: super: {
-        makeModulesClosure = x:
+        makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; });
-          super.makeModulesClosure (x // { allowMissing = true; });
       })
       # }
     ];
   };
-
+in
-in inputs.nixpkgs.lib.nixosSystem {
+inputs.nixpkgs.lib.nixosSystem {
   inherit pkgs system;
-  specialArgs = { inherit inputs; };
+  specialArgs = {
+    inherit inputs;
+  };
   modules = ([
     # System configuration for this host
     (import "${inputs.self}/systems/${hostname}" { inherit hostname; })
@@ -55,7 +65,9 @@ in inputs.nixpkgs.lib.nixosSystem {
     {
       home-manager.useGlobalPkgs = true;
       home-manager.useUserPackages = true;
-      home-manager.extraSpecialArgs = { inherit inputs system; };
+      home-manager.extraSpecialArgs = {
+        inherit inputs system;
+      };
       home-manager.users.${username}.imports = [
         inputs.agenix.homeManagerModules.default
         "${inputs.self}/home-manager/profiles/${home-module}.nix"

modules/default.nix

@@ -1,4 +1,5 @@
-{ ... }: {
+{ ... }:
+{
   imports = [
     ./hardware/bluetooth
     ./hardware/dvd

modules/hardware/bluetooth/default.nix

@@ -1,6 +1,8 @@
 { config, lib, ... }:
-let cfg = config.hardware.az-bluetooth;
+let
-in {
+  cfg = config.hardware.az-bluetooth;
+in
+{
   options = {
     hardware.az-bluetooth.enable = lib.mkEnableOption "Enable Bluetooth";
   };
@@ -21,4 +23,3 @@ in {
     };
   };
 }
-

modules/hardware/dvd/default.nix

@@ -1,7 +1,16 @@
-{ config, lib, pkgs, ... }:
+{
-let cfg = config.hardware.az-dvd;
+  config,
-in {
+  lib,
-  options = { hardware.az-dvd.enable = lib.mkEnableOption "DVD"; };
+  pkgs,
+  ...
+}:
+let
+  cfg = config.hardware.az-dvd;
+in
+{
+  options = {
+    hardware.az-dvd.enable = lib.mkEnableOption "DVD";
+  };
 
   config = lib.mkIf cfg.enable {
     environment.systemPackages = with pkgs; [

modules/hardware/nvidia/default.nix

@@ -1,12 +1,18 @@
 { config, lib, ... }:
-let cfg = config.hardware.az-nvidia;
+let
-in {
+  cfg = config.hardware.az-nvidia;
+in
+{
   options = {
     hardware.az-nvidia.enable = lib.mkEnableOption "Nvidia GPU Support";
   };
 
   config = lib.mkIf cfg.enable {
-    environment = { variables = { XDG_DATA_HOME = "$HOME/.local/share"; }; };
+    environment = {
+      variables = {
+        XDG_DATA_HOME = "$HOME/.local/share";
+      };
+    };
 
     hardware.nvidia.prime = {
       # Bus ID of the Intel GPU. You can find it using lspci, either under 3D or VGA

modules/hardware/raspi4/default.nix

@@ -1,3 +1,8 @@
-{ ... }: {
+{ ... }:
-  imports = [ ./raspi-base.nix ./raspi-ethernet.nix ./raspi-usb.nix ];
+{
+  imports = [
+    ./raspi-base.nix
+    ./raspi-ethernet.nix
+    ./raspi-usb.nix
+  ];
 }

modules/hardware/raspi4/init_config.nix

@@ -1,9 +1,7 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
+{
   imports = [
-    "${
+    "${fetchTarball "https://github.com/NixOS/nixos-hardware/archive/32f61571b486efc987baca553fb35df22532ba63.tar.gz"}/raspberry-pi/4"
-      fetchTarball
-      "https://github.com/NixOS/nixos-hardware/archive/32f61571b486efc987baca553fb35df22532ba63.tar.gz"
-    }/raspberry-pi/4"
   ];
 
   fileSystems = {
@@ -14,7 +12,10 @@
     };
   };
 
-  environment.systemPackages = with pkgs; [ raspberrypi-eeprom vim ];
+  environment.systemPackages = with pkgs; [
+    raspberrypi-eeprom
+    vim
+  ];
 
   system.stateVersion = "23.05";
   services.openssh.enable = true;
@@ -26,7 +27,12 @@
       experimental-features = nix-command flakes
       warn-dirty = false
     '';
-    settings = { trusted-users = [ "root" "@wheel" ]; };
+    settings = {
+      trusted-users = [
+        "root"
+        "@wheel"
+      ];
+    };
   };
 
   users = {
@@ -46,22 +52,24 @@
   };
 
   security.sudo = {
-    extraRules = [{
+    extraRules = [
-      users = [ "nixos" ];
+      {
-      commands = [
+        users = [ "nixos" ];
-        {
+        commands = [
-          command = "${pkgs.nixos-rebuild}/bin/nixos-rebuild -j auto switch";
+          {
-          options = [ "NOPASSWD" ];
+            command = "${pkgs.nixos-rebuild}/bin/nixos-rebuild -j auto switch";
-        }
+            options = [ "NOPASSWD" ];
-        {
+          }
-          command = "/run/current-system/sw/bin/nixos-rebuild";
+          {
-          options = [ "NOPASSWD" ];
+            command = "/run/current-system/sw/bin/nixos-rebuild";
-        }
+            options = [ "NOPASSWD" ];
-        {
+          }
-          command = "ALL";
+          {
-          options = [ "SETENV" ];
+            command = "ALL";
-        }
+            options = [ "SETENV" ];
-      ];
+          }
-    }];
+        ];
+      }
+    ];
   };
 }

modules/hardware/raspi4/raspi-base.nix

@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 let
   cfg = config.hardware.az-raspi4-base;
   test-sd-card = pkgs.writeShellScriptBin "test-sd-card" ''
@@ -53,16 +58,26 @@ let
 
     printf "microSD card benchmark complete!\n\n"
   '';
-in {
+in
+{
   options = {
-    hardware.az-raspi4-base.enable =
+    hardware.az-raspi4-base.enable = lib.mkEnableOption "Enable the base config for a Raspberry Pi 4.";
-      lib.mkEnableOption "Enable the base config for a Raspberry Pi 4.";
   };
 
   config = lib.mkIf cfg.enable {
-    boot.supportedFilesystems =
+    boot.supportedFilesystems = lib.mkForce [
-      lib.mkForce [ "f2fs" "ntfs" "cifs" "ext4" "vfat" "nfs" "nfs4" ];
+      "f2fs"
-    boot.kernelParams = [ "rootflags=atgc" "rw" ];
+      "ntfs"
+      "cifs"
+      "ext4"
+      "vfat"
+      "nfs"
+      "nfs4"
+    ];
+    boot.kernelParams = [
+      "rootflags=atgc"
+      "rw"
+    ];
 
     fileSystems."/" = {
       device = "/dev/disk/by-label/root";
@@ -96,7 +111,9 @@ in {
         device = "/dev/disk/by-label/cryptroot";
         allowDiscards = true; # required for TRIM
       };
-      loader = { systemd-boot.enable = true; };
+      loader = {
+        systemd-boot.enable = true;
+      };
     };
     boot.extraModulePackages = [ ];
 

modules/hardware/raspi4/raspi-ethernet.nix

@@ -1,6 +1,8 @@
 { config, lib, ... }:
-let cfg = config.hardware.az-raspi4-ethernet;
+let
-in {
+  cfg = config.hardware.az-raspi4-ethernet;
+in
+{
   options = {
     hardware.az-raspi4-ethernet = {
       enable = lib.mkEnableOption "Enable options required for Raspberry Pi 4.";
@@ -29,10 +31,12 @@ in {
       };
       defaultGateway = "10.7.89.1";
       nameservers = [ "10.7.89.1" ];
-      interfaces.eth0.ipv4.addresses = [{
+      interfaces.eth0.ipv4.addresses = [
-        address = cfg.ip;
+        {
-        prefixLength = 24;
+          address = cfg.ip;
-      }];
+          prefixLength = 24;
+        }
+      ];
     };
 
     services = {
@@ -41,4 +45,3 @@ in {
     };
   };
 }
-

modules/hardware/raspi4/raspi-usb.nix

@@ -1,6 +1,8 @@
 { config, lib, ... }:
-let cfg = config.hardware.az-raspi4-usb;
+let
-in {
+  cfg = config.hardware.az-raspi4-usb;
+in
+{
   options = {
     hardware.az-raspi4-usb = {
       enable = lib.mkEnableOption "Enable options required for Raspberry Pi 4.";
@@ -31,15 +33,21 @@ in {
         "127.0.0.1" = [ "${cfg.hostname}.2li.local" ];
         ip = [ "${cfg.hostname}.2li.local" ];
       };
-      interfaces.usb0.ipv4.addresses = [{
+      interfaces.usb0.ipv4.addresses = [
-        address = cfg.ip;
+        {
-        prefixLength = 24;
+          address = cfg.ip;
-      }];
+          prefixLength = 24;
+        }
+      ];
       wireless = {
         enable = true;
         userControlled.enable = true;
         interfaces = [ "wlan0" ];
-        networks = { "Gröibschi" = { psk = "schottland"; }; };
+        networks = {
+          "Gröibschi" = {
+            psk = "schottland";
+          };
+        };
       };
     };
 
@@ -52,7 +60,10 @@ in {
         dhcp-range = [ "10.213.0.100,10.213.0.200,255.255.255.0,24h" ];
         dhcp-option = [ "option:router,${cfg.ip}" ];
         interface = "usb0";
-        server = [ "84.200.69.80" "84.200.70.40" ];
+        server = [
+          "84.200.69.80"
+          "84.200.70.40"
+        ];
       };
     };
 
@@ -96,4 +107,3 @@ in {
     systemd.services."network-addresses-usb0".after = [ "usb-otg.service" ];
   };
 }
-

modules/misc/common/default.nix

@@ -1,4 +1,11 @@
-{ config, inputs, lib, pkgs, ... }: {
+{
+  config,
+  inputs,
+  lib,
+  pkgs,
+  ...
+}:
+{
   # The rough location
   location = {
     latitude = 46.948;
@@ -17,11 +24,15 @@
       allowPing = true;
       allowedTCPPorts = [ 22 ];
     };
-    timeServers = [ "10.7.89.1" "ch.pool.ntp.org" ];
+    timeServers = [
-
+      "10.7.89.1"
+      "ch.pool.ntp.org"
+    ];
   };
 
-  hardware = { enableRedistributableFirmware = true; };
+  hardware = {
+    enableRedistributableFirmware = true;
+  };
 
   # required in order to have apropos and whatis working
   programs.mosh.enable = true;
@@ -68,7 +79,11 @@
       btm = "btm --color default-light";
       sudo = "sudo ";
     };
-    systemPackages = [ pkgs.bottom pkgs.man-pages pkgs.vim ];
+    systemPackages = [
+      pkgs.bottom
+      pkgs.man-pages
+      pkgs.vim
+    ];
   };
   # Disable the root user
   users.users.root.hashedPassword = "!";
@@ -76,7 +91,10 @@
   users.users.${config.az-username} = {
     isNormalUser = true;
     initialPassword = "password";
-    extraGroups = [ "wheel" "networkmanager" ];
+    extraGroups = [
+      "wheel"
+      "networkmanager"
+    ];
     openssh.authorizedKeys.keys = [
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCR+JXNHSAEQamn2QiaKV0vejCPy6OmzOePXoaQF6CEknXyvBO4j7+qpgZ5RAhe7ups8xZrEpBKdtxRMf7OdQQEXg1PLlfWZSJTC8EGu1TbMltbwwHizgsK/15LkDhJ0Gk/GFz9O9GvGqjizik8Kvvqz8XWY0tEtYs5Riq8bB5D5Ctwl10iultqnIQkdaX0bNa/2X57XKeutWdbqhuSC/C7awC1aVDIdfy1BNT3weHhQhFVAeAlH7Fy4rx3gYPclICfzu27lulLeXKJj9F+NdeY84zEy7E8IkE7eqdo1zfdJJpXSIh3FqekWen5njzWJsXqZCa2Ynk1poK/Rv/ti+ySE+4XicyXp0VJM8fDz6iUI0S/pjumHwzpoN9CeNe5PDK3Y7iQzSlO9REvkj/+v7r2s6XKslk9B7hTKunvH5JgHlIeYymzXb4r2LggNrP/1KUgNk1Ztu+s1c5onXYfBNul1iQOFU3+kgTk8Oh/UFK3FA0dYeWrOLA02TdH2S7U6yE= andreas@gwyn"
 
@@ -98,8 +116,14 @@
     settings = {
       warn-dirty = false;
       auto-optimise-store = true;
-      experimental-features = [ "nix-command" "flakes" ];
+      experimental-features = [
-      trusted-users = [ "root" "@wheel" ];
+        "nix-command"
+        "flakes"
+      ];
+      trusted-users = [
+        "root"
+        "@wheel"
+      ];
       min-free = 1000000000;
       max-free = 10000000000;
       connect-timeout = 5;
@@ -113,7 +137,9 @@
     };
   };
 
-  security.sudo = { wheelNeedsPassword = false; };
+  security.sudo = {
+    wheelNeedsPassword = false;
+  };
 
   system.activationScripts.diff = {
     supportsDryActivation = true;
@@ -132,4 +158,3 @@
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
   system.stateVersion = "23.05";
 }
-

modules/misc/initrd-ssh/default.nix

@@ -1,12 +1,12 @@
-{ config, inputs, ... }: {
+{ config, inputs, ... }:
+{
   boot.initrd.network = {
     enable = true;
     ssh = {
       enable = true;
       port = 22;
       shell = "/bin/cryptsetup-askpass";
-      authorizedKeys =
+      authorizedKeys = config.users.users.${config.az-username}.openssh.authorizedKeys.keys;
-        config.users.users.${config.az-username}.openssh.authorizedKeys.keys;
       hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
     };
   };

modules/misc/username/default.nix

@@ -1,4 +1,5 @@
-{ lib, ... }: {
+{ lib, ... }:
+{
   options = {
     az-username = lib.mkOption {
       type = lib.types.str;

modules/profiles/desktop/default.nix

@@ -1,12 +1,21 @@
-{ config, lib, pkgs, ... }:
+{
-let cfg = config.profiles.az-desktop;
+  config,
-in {
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.profiles.az-desktop;
+in
+{
   options = {
     profiles.az-desktop.enable = lib.mkEnableOption "Enable desktop";
   };
 
   config = lib.mkIf cfg.enable {
-    networking = { networkmanager.enable = true; };
+    networking = {
+      networkmanager.enable = true;
+    };
 
     documentation = {
       man.generateCaches = true;
@@ -60,7 +69,10 @@ in {
         serif = [ "TeX Gyre Pagella" ];
         monospace = [ "Source Code Pro" ];
       };
-      packages = [ pkgs.gyre-fonts pkgs.source-code-pro ];
+      packages = [
+        pkgs.gyre-fonts
+        pkgs.source-code-pro
+      ];
     };
 
     # Enable keyring
@@ -109,7 +121,9 @@ in {
         source-code-pro
         unrar
       ];
-      variables = { WINIT_X11_SCALE_FACTOR = "1"; };
+      variables = {
+        WINIT_X11_SCALE_FACTOR = "1";
+      };
       sessionVariables = {
         DEFAULT_BROWSER = "${pkgs.firefox}/bin/firefox";
         QT_SCALE_FACTOR = "1.25";

modules/programs/distrobox/default.nix

@@ -1,13 +1,22 @@
-{ config, lib, pkgs, ... }:
+{
-let cfg = config.programs.az-distrobox;
+  config,
-in {
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.programs.az-distrobox;
+in
+{
   options = {
-    programs.az-distrobox.enable = lib.mkEnableOption
+    programs.az-distrobox.enable = lib.mkEnableOption "Install distrobox and configure it to run GUI applications.";
-      "Install distrobox and configure it to run GUI applications.";
   };
   config = lib.mkIf cfg.enable {
     environment = {
-      systemPackages = [ pkgs.unstable.distrobox pkgs.xorg.xhost ];
+      systemPackages = [
+        pkgs.unstable.distrobox
+        pkgs.xorg.xhost
+      ];
       shellInit = ''
         [ -n "$DISPLAY" ] && xhost +si:localuser:$USER || true
       '';

modules/programs/eog/default.nix

@@ -1,6 +1,13 @@
-{ config, lib, pkgs, ... }:
+{
-let cfg = config.programs.az-eog;
+  config,
-in {
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.programs.az-eog;
+in
+{
   options = {
     programs.az-eog.enable = lib.mkEnableOption "Gnome Image Viewer";
   };
@@ -24,4 +31,3 @@ in {
     };
   };
 }
-

modules/programs/libimobiledevice/default.nix

@@ -1,9 +1,15 @@
-{ config, lib, pkgs, ... }:
+{
-let cfg = config.programs.az-idevices;
+  config,
-in {
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.programs.az-idevices;
+in
+{
   options = {
-    programs.az-idevices.enable =
+    programs.az-idevices.enable = lib.mkEnableOption "Enable support for iDevices.";
-      lib.mkEnableOption "Enable support for iDevices.";
   };
 
   config = lib.mkIf cfg.enable {

modules/programs/lockscreen/default.nix

@@ -1,6 +1,13 @@
-{ config, lib, pkgs, ... }:
+{
-let cfg = config.programs.az-lockscreen;
+  config,
-in {
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.programs.az-lockscreen;
+in
+{
   options = {
     programs.az-lockscreen.enable = lib.mkEnableOption "Lockscreen";
   };
@@ -14,4 +21,3 @@ in {
     environment.systemPackages = with pkgs; [ i3lock ];
   };
 }
-

modules/programs/makemkv/default.nix

@@ -1,7 +1,16 @@
-{ config, lib, pkgs, ... }:
+{
-let cfg = config.programs.az-makemkv;
+  config,
-in {
+  lib,
-  options = { programs.az-makemkv.enable = lib.mkEnableOption "MakeMKV"; };
+  pkgs,
+  ...
+}:
+let
+  cfg = config.programs.az-makemkv;
+in
+{
+  options = {
+    programs.az-makemkv.enable = lib.mkEnableOption "MakeMKV";
+  };
 
   config = lib.mkIf cfg.enable {
     home-manager.users.${config.az-username} = {

modules/programs/nautilus/default.nix

@@ -1,6 +1,13 @@
-{ config, lib, pkgs, ... }:
+{
-let cfg = config.programs.az-nautilus;
+  config,
-in {
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.programs.az-nautilus;
+in
+{
   options = {
     programs.az-nautilus.enable = lib.mkEnableOption "Enable Nautilus";
   };

modules/programs/nix-direnv/default.nix

@@ -1,6 +1,8 @@
 { config, lib, ... }:
-let cfg = config.programs.az-nix-direnv;
+let
-in {
+  cfg = config.programs.az-nix-direnv;
+in
+{
   options = {
     programs.az-nix-direnv.enable = lib.mkEnableOption "Enable nix-direnv";
   };
@@ -16,5 +18,4 @@ in {
       programs.direnv.nix-direnv.enable = true;
     };
   };
-
 }

modules/programs/restic-management/default.nix

@@ -1,4 +1,10 @@
-{ config, inputs, lib, pkgs, ... }:
+{
+  config,
+  inputs,
+  lib,
+  pkgs,
+  ...
+}:
 let
   cfg = config.programs.az-restic-management;
   password_file = config.age.secrets.resticKey.path;
@@ -33,20 +39,19 @@ let
 
     ${pkgs.restic}/bin/restic --password-file ${password_file} snapshots'';
 
-  restic-infomaniak-mount =
+  restic-infomaniak-mount = pkgs.writeShellScriptBin "restic-infomaniak-mount" ''
-    pkgs.writeShellScriptBin "restic-infomaniak-mount" ''
+    export $(${pkgs.gnugrep}/bin/grep -v '^#' ${infomaniak-env} | ${pkgs.findutils}/bin/xargs)
-      export $(${pkgs.gnugrep}/bin/grep -v '^#' ${infomaniak-env} | ${pkgs.findutils}/bin/xargs)
+    export RESTIC_REPOSITORY="${infomaniak-repo}"
-      export RESTIC_REPOSITORY="${infomaniak-repo}"
+    export OS_AUTH_URL="${infomaniak-auth-url}"
-      export OS_AUTH_URL="${infomaniak-auth-url}"
+    export OS_USER_DOMAIN_NAME=default
-      export OS_USER_DOMAIN_NAME=default
 
-      mkdir -p /tmp/restic &&
+    mkdir -p /tmp/restic &&
 
-      ${pkgs.restic}/bin/restic --password-file ${password_file} mount /tmp/restic'';
+    ${pkgs.restic}/bin/restic --password-file ${password_file} mount /tmp/restic'';
-in {
+in
+{
   options = {
-    programs.az-restic-management.enable =
+    programs.az-restic-management.enable = lib.mkEnableOption "Enable restic management commands.";
-      lib.mkEnableOption "Enable restic management commands.";
   };
   config = lib.mkIf cfg.enable {
     age.secrets.infomaniakEnv = {

modules/programs/scripts/default.nix

@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 let
   cfg = config.programs.az-scripts;
   compress-pdf = pkgs.writeShellScriptBin "compress-pdf" ''
@@ -9,8 +14,7 @@ let
         -dBATCH \
         -sOutputFile=compressed_$1 $1'';
 
-  files-to-lowercase = pkgs.writeScriptBin "files-to-lowercase"
+  files-to-lowercase = pkgs.writeScriptBin "files-to-lowercase" "${builtins.readFile ./files-to-lowercase.sh}";
-    "${builtins.readFile ./files-to-lowercase.sh}";
 
   heif-to-jpeg = pkgs.writeShellScriptBin "heif-to-jpeg" ''
     for f in *.heic
@@ -19,17 +23,16 @@ let
     ${pkgs.libheif}/bin/heif-convert $f $f.jpg
     done'';
 
-  remove-special-characters = pkgs.writeScriptBin "remove-special-characters"
+  remove-special-characters = pkgs.writeScriptBin "remove-special-characters" "${builtins.readFile ./remove_special_characters.sh}";
-    "${builtins.readFile ./remove_special_characters.sh}";
 
-  replace-listings = pkgs.writeScriptBin "replace-listings"
+  replace-listings = pkgs.writeScriptBin "replace-listings" "${builtins.readFile ./replace-listings.sh}";
-    "${builtins.readFile ./replace-listings.sh}";
 
   thumbnails = pkgs.writeShellScriptBin "thumbnails" ''
     for d in $1/*; do
       ${pkgs.ffmpeg}/bin/ffmpeg -i "$d" -t 2 -r 0.5 "$d".jpg
     done'';
-in {
+in
+{
   options = {
     programs.az-scripts.enable = lib.mkEnableOption "Enable scripts";
   };
@@ -44,6 +47,4 @@ in {
       thumbnails
     ];
   };
-
 }
-

modules/programs/steam/default.nix

@@ -1,7 +1,11 @@
 { config, lib, ... }:
-let cfg = config.programs.az-steam;
+let
-in {
+  cfg = config.programs.az-steam;
-  options = { programs.az-steam.enable = lib.mkEnableOption "Enable Steam"; };
+in
+{
+  options = {
+    programs.az-steam.enable = lib.mkEnableOption "Enable Steam";
+  };
 
   config = lib.mkIf cfg.enable {
     programs.steam.enable = true;
@@ -11,8 +15,7 @@ in {
       allowedUDPPorts = [ 27031 ];
     };
     home-manager.users.${config.az-username} = {
-      home.file.".local/share/applications/steam.desktop".source =
+      home.file.".local/share/applications/steam.desktop".source = ./steam.desktop;
-        ./steam.desktop;
     };
   };
 }

modules/services/common-x86/default.nix

@@ -1,9 +1,10 @@
 { config, lib, ... }:
-let cfg = config.services.az-x86;
+let
-in {
+  cfg = config.services.az-x86;
+in
+{
   options = {
-    services.az-x86.enable =
+    services.az-x86.enable = lib.mkEnableOption "Enable options for x86 systems";
-      lib.mkEnableOption "Enable options for x86 systems";
   };
 
   config = lib.mkIf cfg.enable {
@@ -14,6 +15,8 @@ in {
       systemd-boot.enable = true;
       efi.canTouchEfiVariables = true;
     };
-    hardware = { cpu.intel.updateMicrocode = true; };
+    hardware = {
+      cpu.intel.updateMicrocode = true;
+    };
   };
 }

modules/services/data-share/default.nix

@@ -1,9 +1,10 @@
 { config, lib, ... }:
-let cfg = config.services.az-data-share;
+let
-in {
+  cfg = config.services.az-data-share;
+in
+{
   options = {
-    services.az-data-share.enable =
+    services.az-data-share.enable = lib.mkEnableOption "Enable the server data FNS share";
-      lib.mkEnableOption "Enable the server data FNS share";
   };
   config = lib.mkIf cfg.enable {
     fileSystems."/mnt/data" = {
@@ -19,4 +20,3 @@ in {
     };
   };
 }
-

modules/services/docker-mailserver/default.nix

@@ -1,22 +1,33 @@
-{ config, inputs, lib, pkgs, ... }:
+{
+  config,
+  inputs,
+  lib,
+  pkgs,
+  ...
+}:
 let
   cfg = config.services.az-mailserver;
   version = "13.2.0";
-  mailserver-setup = (pkgs.writeScriptBin "mailserver-setup"
+  mailserver-setup =
-    "${builtins.readFile (pkgs.fetchurl {
+    (pkgs.writeScriptBin "mailserver-setup" "${builtins.readFile (
-      url =
+      pkgs.fetchurl {
-        "https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/v${version}/setup.sh";
+        url = "https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/v${version}/setup.sh";
-      sha256 = "sha256-HMT790mp5ADdNYaOLUJfHJq9LWI0OPilTabAhogVXnc=";
+        sha256 = "sha256-HMT790mp5ADdNYaOLUJfHJq9LWI0OPilTabAhogVXnc=";
-    })}").overrideAttrs (old: {
+      }
-      buildCommand = ''
+    )}"
-        ${old.buildCommand}
+    ).overrideAttrs
-         patchShebangs $out'';
+      (
-    });
+        old: {
+          buildCommand = ''
+            ${old.buildCommand}
+             patchShebangs $out'';
+        }
+      );
   volumePath = "/mnt/server-data/docker-mailserver";
-in {
+in
+{
   options = {
-    services.az-mailserver.enable =
+    services.az-mailserver.enable = lib.mkEnableOption "Enable docker-mailserver";
-      lib.mkEnableOption "Enable docker-mailserver";
   };
 
   config = lib.mkIf cfg.enable {
@@ -51,7 +62,11 @@ in {
     fileSystems."${volumePath}" = {
       device = "10.7.89.108:server_data/docker-mailserver";
       fsType = "nfs";
-      options = [ "hard" "noatime" "rw" ];
+      options = [
+        "hard"
+        "noatime"
+        "rw"
+      ];
     };
     services.az-docker.enable = true;
 
@@ -62,8 +77,14 @@ in {
         image = "docker.io/mailserver/docker-mailserver:${version}";
         autoStart = true;
         environmentFiles = [ ./mailserver.env ];
-        ports =
+        ports = [
-          [ "25:25" "143:143" "465:465" "587:587" "993:993" "11334:11334" ];
+          "25:25"
+          "143:143"
+          "465:465"
+          "587:587"
+          "993:993"
+          "11334:11334"
+        ];
         volumes = [
           "/etc/localtime:/etc/localtime:ro"
           "/etc/dkim:/etc/dkim:ro"

modules/services/docker/default.nix

@@ -1,7 +1,16 @@
-{ config, lib, pkgs, ... }:
+{
-let cfg = config.services.az-docker;
+  config,
-in {
+  lib,
-  options = { services.az-docker.enable = lib.mkEnableOption "Enable Docker"; };
+  pkgs,
+  ...
+}:
+let
+  cfg = config.services.az-docker;
+in
+{
+  options = {
+    services.az-docker.enable = lib.mkEnableOption "Enable Docker";
+  };
 
   config = lib.mkIf cfg.enable {
     virtualisation.docker = {

modules/services/freshrss/default.nix

@@ -1,6 +1,14 @@
-{ config, inputs, lib, pkgs, ... }:
+{
-let cfg = config.services.az-freshrss;
+  config,
-in {
+  inputs,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.services.az-freshrss;
+in
+{
   options = {
     services.az-freshrss.enable = lib.mkEnableOption "Enable FreshRSS.";
   };
@@ -20,7 +28,10 @@ in {
       group = config.services.freshrss.user;
     };
 
-    networking.firewall.allowedTCPPorts = [ 80 443 ];
+    networking.firewall.allowedTCPPorts = [
+      80
+      443
+    ];
     security.acme = {
       acceptTerms = true;
       defaults.email = "admin+acme@zweili.ch";
@@ -42,11 +53,15 @@ in {
       mysql = {
         enable = true;
         package = pkgs.mariadb_110;
-        ensureUsers = [{
+        ensureUsers = [
-          name = "freshrss";
+          {
-          ensurePermissions = { "freshrss.*" = "ALL PRIVILEGES"; };
+            name = "freshrss";
-        }];
+            ensurePermissions = {
-        initialDatabases = [{ name = "freshrss"; }];
+              "freshrss.*" = "ALL PRIVILEGES";
+            };
+          }
+        ];
+        initialDatabases = [ { name = "freshrss"; } ];
         settings = {
           mysqld = {
             innodb_file_per_table = 1;
@@ -95,4 +110,3 @@ in {
     };
   };
 }
-

modules/services/gitea/default.nix

@@ -1,8 +1,14 @@
-{ config, inputs, lib, ... }:
+{
+  config,
+  inputs,
+  lib,
+  ...
+}:
 let
   cfg = config.services.az-gitea;
   volumePath = "/mnt/server-data/gitea";
-in {
+in
+{
   options = {
     services.az-gitea.enable = lib.mkEnableOption "Enable Gitea in Docker.";
     services.az-gitea.domain = lib.mkOption {
@@ -17,13 +23,19 @@ in {
     fileSystems."${volumePath}" = {
       device = "10.7.89.108:server_data/gitea/data";
       fsType = "nfs";
-      options = [ "hard" "noatime" "rw" ];
+      options = [
+        "hard"
+        "noatime"
+        "rw"
+      ];
     };
     services = {
       az-docker.enable = true;
       az-mariadb-for-containers.enable = true;
       mysql.settings = {
-        mysql = { default-character-set = "utf8mb4"; };
+        mysql = {
+          default-character-set = "utf8mb4";
+        };
         mysqld = {
           collation-server = "utf8mb4_unicode_ci";
           init-connect = "SET NAMES utf8mb4";
@@ -55,7 +67,10 @@ in {
           DISABLE_REGISTRATION = "true";
         };
         environmentFiles = [ config.age.secrets.giteaEnv.path ];
-        ports = [ "2222:22" "8080:3000" ];
+        ports = [
+          "2222:22"
+          "8080:3000"
+        ];
         volumes = [
           "/etc/timezone:/etc/timezone:ro"
           "/etc/localtime:/etc/localtime:ro"

modules/services/grav/default.nix

@@ -2,8 +2,11 @@
 let
   cfg = config.services.az-grav;
   volumePath = "/mnt/server-data/grav";
-in {
+in
-  options = { services.az-grav.enable = lib.mkEnableOption "Enable Grav."; };
+{
+  options = {
+    services.az-grav.enable = lib.mkEnableOption "Enable Grav.";
+  };
 
   config = lib.mkIf cfg.enable {
     services.az-docker.enable = true;
@@ -11,14 +14,17 @@ in {
     fileSystems."${volumePath}" = {
       device = "10.7.89.108:server_data/grav";
       fsType = "nfs";
-      options = [ "hard" "noatime" "rw" ];
+      options = [
+        "hard"
+        "noatime"
+        "rw"
+      ];
     };
     virtualisation.oci-containers = {
       backend = "docker";
       containers."grav" = {
         # https://fleet.linuxserver.io/image?name=linuxserver/grav
-        image =
+        image = "lscr.io/linuxserver/grav:1.7.43@sha256:6cc4e340eda8c72f4671f9b9a4c1fad195deac59b9a88b6221f8b31d4fd64c08";
-          "lscr.io/linuxserver/grav:1.7.43@sha256:6cc4e340eda8c72f4671f9b9a4c1fad195deac59b9a88b6221f8b31d4fd64c08";
         autoStart = true;
         environment = {
           TZ = "Europe/Zurich";
@@ -36,4 +42,3 @@ in {
     };
   };
 }
-

modules/services/haproxy/default.nix

@@ -1,6 +1,8 @@
 { config, lib, ... }:
-let cfg = config.services.az-haproxy;
+let
-in {
+  cfg = config.services.az-haproxy;
+in
+{
   options = {
     services.az-haproxy.enable = lib.mkEnableOption "Enable HAProxy";
   };
@@ -8,7 +10,11 @@ in {
   config = lib.mkIf cfg.enable {
     networking = {
       enableIPv6 = false;
-      firewall.allowedTCPPorts = [ 80 443 1936 ];
+      firewall.allowedTCPPorts = [
+        80
+        443
+        1936
+      ];
     };
     services.haproxy = {
       enable = true;

modules/services/heimdall/default.nix

@@ -2,7 +2,8 @@
 let
   cfg = config.services.az-heimdall;
   volumePath = "/mnt/server-data/heimdall";
-in {
+in
+{
   options = {
     services.az-heimdall.enable = lib.mkEnableOption "Enable Heimdall";
   };
@@ -13,14 +14,17 @@ in {
     fileSystems."${volumePath}" = {
       device = "10.7.89.108:server_data/heimdall";
       fsType = "nfs";
-      options = [ "hard" "noatime" "rw" ];
+      options = [
+        "hard"
+        "noatime"
+        "rw"
+      ];
     };
     virtualisation.oci-containers = {
       backend = "docker";
       containers."heimdall" = {
         # https://fleet.linuxserver.io/image?name=linuxserver/heimdall
-        image =
+        image = "linuxserver/heimdall:2.5.8@sha256:2bf4feba39a64ceabb8e8aef1395c69513c8ab7dd122caa605c307d7ffcdad6f";
-          "linuxserver/heimdall:2.5.8@sha256:2bf4feba39a64ceabb8e8aef1395c69513c8ab7dd122caa605c307d7ffcdad6f";
         autoStart = true;
         environment = {
           TZ = "Europe/Zurich";
@@ -28,11 +32,12 @@ in {
           PGID = "100";
         };
         ports = [ "8081:80" ];
-        volumes =
+        volumes = [
-          [ "/etc/localtime:/etc/localtime:ro" "${volumePath}:/config" ];
+          "/etc/localtime:/etc/localtime:ro"
+          "${volumePath}:/config"
+        ];
         extraOptions = [ "--log-opt=tag='heimdall'" ];
       };
     };
   };
 }
-

modules/services/log-to-ram/default.nix

@@ -1,6 +1,8 @@
 { config, lib, ... }:
-let cfg = config.services.az-log2ram;
+let
-in {
+  cfg = config.services.az-log2ram;
+in
+{
   options = {
     services.az-log2ram.enable = lib.mkEnableOption "Enable log to RAM";
   };
@@ -9,7 +11,10 @@ in {
     fileSystems."/var/log" = {
       device = "none";
       fsType = "tmpfs";
-      options = [ "defaults" "size=512M" ];
+      options = [
+        "defaults"
+        "size=512M"
+      ];
     };
     services.journald.extraConfig = ''
       SystemMaxUse=300M

modules/services/logs-share/default.nix

@@ -1,6 +1,13 @@
-{ config, lib, pkgs, ... }:
+{
-let cfg = config.services.az-logs-share;
+  config,
-in {
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.services.az-logs-share;
+in
+{
   options = {
     services.az-logs-share.enable = lib.mkEnableOption "Enable mount share";
   };

modules/services/mariadb-for-containers/default.nix

@@ -1,18 +1,27 @@
-{ config, lib, pkgs, ... }:
+{
-let cfg = config.services.az-mariadb-for-containers;
+  config,
-in {
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.services.az-mariadb-for-containers;
+in
+{
   options = {
-    services.az-mariadb-for-containers.enable =
+    services.az-mariadb-for-containers.enable = lib.mkEnableOption "Enable MariaDB configured for container clients.";
-      lib.mkEnableOption "Enable MariaDB configured for container clients.";
   };
 
   config = lib.mkIf cfg.enable {
     services.mysql = {
       enable = true;
       package = pkgs.mariadb_110;
-      settings = { mysqld = { bind-address = "172.17.0.1"; }; };
+      settings = {
+        mysqld = {
+          bind-address = "172.17.0.1";
+        };
+      };
     };
-    networking.firewall.extraCommands =
+    networking.firewall.extraCommands = "iptables -A INPUT -p tcp --destination-port 3306 -s 172.16.0.0/12 -j ACCEPT";
-      "iptables -A INPUT -p tcp --destination-port 3306 -s 172.16.0.0/12 -j ACCEPT";
   };
 }

modules/services/media-share/default.nix

@@ -1,16 +1,21 @@
 { config, lib, ... }:
-let cfg = config.services.az-media-share;
+let
-in {
+  cfg = config.services.az-media-share;
+in
+{
   options = {
-    services.az-media-share.enable =
+    services.az-media-share.enable = lib.mkEnableOption "Mount the NFS share for with my media.";
-      lib.mkEnableOption "Mount the NFS share for with my media.";
   };
 
   config = lib.mkIf cfg.enable {
     fileSystems."/mnt/media" = {
       device = "10.7.89.108:media";
       fsType = "nfs";
-      options = [ "noatime" "hard" "nfsvers=4.0" ];
+      options = [
+        "noatime"
+        "hard"
+        "nfsvers=4.0"
+      ];
     };
   };
 }

modules/services/nextcloud/default.nix

@@ -1,4 +1,10 @@
-{ config, inputs, lib, pkgs, ... }:
+{
+  config,
+  inputs,
+  lib,
+  pkgs,
+  ...
+}:
 let
   cfg = config.services.az-nextcloud;
   cronService = "${config.virtualisation.oci-containers.backend}-cron";
@@ -6,8 +12,7 @@ let
     MYSQL_DATABASE = "nextcloud";
     MYSQL_USER = "nextcloud";
     MYSQL_HOST = "172.17.0.1";
-    NEXTCLOUD_TRUSTED_DOMAINS =
+    NEXTCLOUD_TRUSTED_DOMAINS = "${cfg.domain} ${config.networking.hostName}.2li.local 10.7.89.103";
-      "${cfg.domain} ${config.networking.hostName}.2li.local 10.7.89.103";
     REDIS_HOST = "redis";
     SMTP_HOST = "mail.infomaniak.com";
     SMTP_SECURE = "ssl";
@@ -15,15 +20,13 @@ let
   };
   networkName = "nextcloud";
   # https://github.com/Nebucatnetzer/nextcloud-smb
-  nextcloudImage =
+  nextcloudImage = "ghcr.io/nebucatnetzer/nextcloud-smb/nextcloud-smb:28.0.1@sha256:2fc015f2844e44e861099474927696244ddb59bcfb3fc7b693468a30543a211e";
-    "ghcr.io/nebucatnetzer/nextcloud-smb/nextcloud-smb:28.0.1@sha256:2fc015f2844e44e861099474927696244ddb59bcfb3fc7b693468a30543a211e";
+  nextcloudService = "${config.virtualisation.oci-containers.backend}-nextcloud";
-  nextcloudService =
-    "${config.virtualisation.oci-containers.backend}-nextcloud";
   volumePath = "/mnt/server-data/nextcloud";
-in {
+in
+{
   options = {
-    services.az-nextcloud.enable =
+    services.az-nextcloud.enable = lib.mkEnableOption "Enable Nextcloud running in a container.";
-      lib.mkEnableOption "Enable Nextcloud running in a container.";
     services.az-nextcloud.domain = lib.mkOption {
       type = lib.types.str;
       description = "The domain Nextcloud is being run from.";
@@ -36,7 +39,11 @@ in {
     fileSystems."${volumePath}" = {
       device = "10.7.89.108:server_data/nextcloud/data";
       fsType = "nfs";
-      options = [ "hard" "noatime" "rw" ];
+      options = [
+        "hard"
+        "noatime"
+        "rw"
+      ];
     };
     services = {
       az-acme-base.enable = true;
@@ -99,8 +106,10 @@ in {
           "/etc/localtime:/etc/localtime:ro"
           "${volumePath}:/var/www/html"
         ];
-        extraOptions =
+        extraOptions = [
-          [ "--net=${networkName}" "--log-opt=tag='nextcloud-nginx'" ];
+          "--net=${networkName}"
+          "--log-opt=tag='nextcloud-nginx'"
+        ];
       };
       containers."cron" = {
         image = nextcloudImage;
@@ -109,8 +118,10 @@ in {
         environmentFiles = [ config.age.secrets.nextcloudEnv.path ];
         entrypoint = "/cron.sh";
         dependsOn = [ "redis" ];
-        volumes =
+        volumes = [
-          [ "/etc/localtime:/etc/localtime:ro" "${volumePath}:/var/www/html" ];
+          "/etc/localtime:/etc/localtime:ro"
+          "${volumePath}:/var/www/html"
+        ];
         extraOptions = [
           "--add-host=host.docker.internal:host-gateway"
           "--net=nextcloud"
@@ -121,7 +132,10 @@ in {
         image = "redis:alpine";
         autoStart = true;
         volumes = [ "/etc/localtime:/etc/localtime:ro" ];
-        extraOptions = [ "--net=${networkName}" "--log-opt=tag='redis'" ];
+        extraOptions = [
+          "--net=${networkName}"
+          "--log-opt=tag='redis'"
+        ];
       };
     };
     system.activationScripts.makeDockerNetwork = ''
@@ -129,7 +143,9 @@ in {
     '';
 
     systemd.services.nextcloud-previews = {
-      serviceConfig = { Type = "oneshot"; };
+      serviceConfig = {
+        Type = "oneshot";
+      };
       script = ''
         ${pkgs.docker}/bin/docker exec -u www-data nextcloud php occ preview:pre-generate
       '';
@@ -142,8 +158,10 @@ in {
     environment.shellAliases = {
       occ = "${pkgs.docker}/bin/docker exec -u www-data nextcloud php occ";
     };
-    systemd.services.${nextcloudService}.after =
+    systemd.services.${nextcloudService}.after = [
-      [ "mysql.service" "nginx.service" ];
+      "mysql.service"
+      "nginx.service"
+    ];
     systemd.services.${cronService}.after = [ "mysql.service" ];
   };
 }

modules/services/nginx-acme-base/default.nix

@@ -1,13 +1,17 @@
 { config, lib, ... }:
-let cfg = config.services.az-acme-base;
+let
-in {
+  cfg = config.services.az-acme-base;
+in
+{
   options = {
-    services.az-acme-base.enable =
+    services.az-acme-base.enable = lib.mkEnableOption "All the common options I need for ACME certs.";
-      lib.mkEnableOption "All the common options I need for ACME certs.";
   };
 
   config = lib.mkIf cfg.enable {
-    networking.firewall.allowedTCPPorts = [ 80 443 ];
+    networking.firewall.allowedTCPPorts = [
+      80
+      443
+    ];
     security.acme = {
       acceptTerms = true;
       defaults.email = "admin+acme@zweili.ch";

modules/services/nginx-fpm/default.nix

@@ -1,10 +1,16 @@
-{ config, lib, pkgs, ... }:
+{
-let cfg = config.services.az-nginx-fpm;
+  config,
-in {
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.services.az-nginx-fpm;
+in
+{
   options = {
     services.az-nginx-fpm = {
-      enable =
+      enable = lib.mkEnableOption "Enable Nginx with config for FPM in a container.";
-        lib.mkEnableOption "Enable Nginx with config for FPM in a container.";
       dataDir = lib.mkOption {
         type = lib.types.str;
         description = "The directory where the application lives on the host.";
@@ -53,5 +59,4 @@ in {
       };
     };
   };
-
 }

modules/services/nginx-proxy/default.nix

@@ -1,6 +1,8 @@
 { config, lib, ... }:
-let cfg = config.services.az-nginx-proxy;
+let
-in {
+  cfg = config.services.az-nginx-proxy;
+in
+{
   options = {
     services.az-nginx-proxy = {
       enable = lib.mkEnableOption "Enable Nginx proxy, mainly to provide SSL.";

modules/services/pipewire/default.nix

@@ -1,6 +1,8 @@
 { config, lib, ... }:
-let cfg = config.services.az-pipewire;
+let
-in {
+  cfg = config.services.az-pipewire;
+in
+{
   options = {
     services.az-pipewire.enable = lib.mkEnableOption "Enable pipewire";
   };

modules/services/plex/default.nix

@@ -1,11 +1,16 @@
-{ config, inputs, lib, ... }:
+{
+  config,
+  inputs,
+  lib,
+  ...
+}:
 let
   cfg = config.services.az-plex;
   volumePath = "/mnt/media";
-in {
+in
+{
   options = {
-    services.az-plex.enable =
+    services.az-plex.enable = lib.mkEnableOption "Enable Plex running in Docker";
-      lib.mkEnableOption "Enable Plex running in Docker";
   };
 
   config = lib.mkIf cfg.enable {
@@ -33,8 +38,7 @@ in {
       containers."plex" = {
         autoStart = true;
         # https://fleet.linuxserver.io/image?name=linuxserver/plex
-        image =
+        image = "lscr.io/linuxserver/plex:1.32.8@sha256:656cfa13024d3d1a96e2fa91aa4e8a9a5e2d8c4bb67fc1feb5da0e13ef99e705";
-          "lscr.io/linuxserver/plex:1.32.8@sha256:656cfa13024d3d1a96e2fa91aa4e8a9a5e2d8c4bb67fc1feb5da0e13ef99e705";
         environment = {
           TZ = " Europe/Zurich ";
           PUID = "1000";
@@ -48,7 +52,10 @@ in {
           "/var/lib/plex/tmp:/transcode"
           "/etc/localtime:/etc/localtime:ro"
         ];
-        extraOptions = [ "--network=host" "--log-opt=tag='plex'" ];
+        extraOptions = [
+          "--network=host"
+          "--log-opt=tag='plex'"
+        ];
       };
     };
   };

modules/services/postgresql/default.nix

@@ -1,9 +1,15 @@
-{ config, lib, pkgs, ... }:
+{
-let cfg = config.services.az-postgresql;
+  config,
-in {
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.services.az-postgresql;
+in
+{
   options = {
-    services.az-postgresql.enable = lib.mkEnableOption
+    services.az-postgresql.enable = lib.mkEnableOption "Enable PostgreSQL with settings for container clients.";
-      "Enable PostgreSQL with settings for container clients.";
   };
 
   config = lib.mkIf cfg.enable {
@@ -13,7 +19,6 @@ in {
       package = pkgs.postgresql_14;
       settings.listen_addresses = pkgs.lib.mkForce "127.0.0.1,172.17.0.1";
     };
-    networking.firewall.extraCommands =
+    networking.firewall.extraCommands = "iptables -A INPUT -p tcp --destination-port 5432 -s 172.16.0.0/12 -j ACCEPT";
-      "iptables -A INPUT -p tcp --destination-port 5432 -s 172.16.0.0/12 -j ACCEPT";
   };
 }

modules/services/qtile/default.nix

@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 let
   cfg = config.services.az-qtile;
   rofi-search = pkgs.writeShellScriptBin "rofi-search" ''
@@ -15,10 +20,10 @@ let
         echo "No input provided."
     fi
   '';
-in {
+in
+{
   options = {
-    services.az-qtile.enable =
+    services.az-qtile.enable = lib.mkEnableOption "Enable Qtile window manager.";
-      lib.mkEnableOption "Enable Qtile window manager.";
   };
 
   config = lib.mkIf cfg.enable {

modules/services/rdp/default.nix

@@ -1,7 +1,16 @@
-{ config, lib, pkgs, ... }:
+{
-let cfg = config.services.az-rdp;
+  config,
-in {
+  lib,
-  options = { services.az-rdp.enable = lib.mkEnableOption "enable rdp"; };
+  pkgs,
+  ...
+}:
+let
+  cfg = config.services.az-rdp;
+in
+{
+  options = {
+    services.az-rdp.enable = lib.mkEnableOption "enable rdp";
+  };
 
   config = lib.mkIf cfg.enable {
     services.xrdp = {

modules/services/restic-client-desktop/default.nix

@@ -1,12 +1,18 @@
-{ config, inputs, lib, pkgs, ... }:
+{
+  config,
+  inputs,
+  lib,
+  pkgs,
+  ...
+}:
 let
   cfg = config.services.az-restic-client-desktop;
   password_file = config.age.secrets.resticKey.path;
   repository = "rest:http://10.7.89.30:8000";
-in {
+in
+{
   options = {
-    services.az-restic-client-desktop.enable =
+    services.az-restic-client-desktop.enable = lib.mkEnableOption "Enable restic backups";
-      lib.mkEnableOption "Enable restic backups";
   };
   config = lib.mkIf cfg.enable {
     services.az-telegram-notifications.enable = true;

modules/services/restic-client-server-mysql/default.nix

@@ -1,6 +1,14 @@
-{ config, inputs, lib, pkgs, ... }:
+{
-let cfg = config.services.az-restic-client-server-mysql;
+  config,
-in {
+  inputs,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.services.az-restic-client-server-mysql;
+in
+{
   options = {
     services.az-restic-client-server-mysql = {
       enable = lib.mkEnableOption "Enable restic backups for MariaDB.";
@@ -21,14 +29,18 @@ in {
   };
 
   config = lib.mkIf cfg.enable {
-    services.az-telegram-notifications = { enable = true; };
+    services.az-telegram-notifications = {
+      enable = true;
+    };
 
     age.secrets.resticKey.file = "${inputs.self}/scrts/restic.key.age";
 
     systemd.timers."restic-backups" = {
       wantedBy = [ "timers.target" ];
       partOf = [ "restic-backups.service" ];
-      timerConfig = { OnCalendar = cfg.time; };
+      timerConfig = {
+        OnCalendar = cfg.time;
+      };
     };
 
     systemd.services."restic-backups" = {

modules/services/restic-client-server-postgres/default.nix

@@ -1,6 +1,14 @@
-{ config, inputs, lib, pkgs, ... }:
+{
-let cfg = config.services.az-restic-client-server-postgres;
+  config,
-in {
+  inputs,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.services.az-restic-client-server-postgres;
+in
+{
   options = {
     services.az-restic-client-server-postgres = {
       enable = lib.mkEnableOption "Enable restic backups for PostgreSQL.";
@@ -28,7 +36,9 @@ in {
     systemd.timers."restic-backups" = {
       wantedBy = [ "timers.target" ];
       partOf = [ "restic-backups.service" ];
-      timerConfig = { OnCalendar = cfg.time; };
+      timerConfig = {
+        OnCalendar = cfg.time;
+      };
     };
 
     systemd.services."restic-backups" = {

modules/services/restic-client-server/default.nix

@@ -1,6 +1,14 @@
-{ config, inputs, lib, pkgs, ... }:
+{
-let cfg = config.services.az-restic-client-server;
+  config,
-in {
+  inputs,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.services.az-restic-client-server;
+in
+{
   options = {
     services.az-restic-client-server = {
       enable = lib.mkEnableOption "Enable restic backups on server systems.";
@@ -27,7 +35,9 @@ in {
     systemd.timers."restic-backups" = {
       wantedBy = [ "timers.target" ];
       partOf = [ "restic-backups.service" ];
-      timerConfig = { OnCalendar = cfg.time; };
+      timerConfig = {
+        OnCalendar = cfg.time;
+      };
     };
 
     systemd.services."restic-backups" = {

modules/services/restic-server/default.nix

@@ -1,6 +1,14 @@
-{ config, inputs, lib, pkgs, ... }:
+{
-let cfg = config.services.az-restic-server;
+  config,
-in {
+  inputs,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.services.az-restic-server;
+in
+{
   options = {
     services.az-restic-server = {
       enable = lib.mkEnableOption "Enable a restic server.";
@@ -27,7 +35,11 @@ in {
     fileSystems."${cfg.repository}" = {
       device = "10.7.89.108:restic-server";
       fsType = "nfs";
-      options = [ "noatime" "hard" "nfsvers=4.0" ];
+      options = [
+        "noatime"
+        "hard"
+        "nfsvers=4.0"
+      ];
     };
     services.restic.server = {
       enable = true;

modules/services/rss-bridge/default.nix

@@ -2,7 +2,8 @@
 let
   cfg = config.services.az-rss-bridge;
   whitelist = builtins.toFile "whitelist.txt" "*";
-in {
+in
+{
   options = {
     services.az-rss-bridge.enable = lib.mkEnableOption "Enable RSS bridge.";
   };
@@ -14,8 +15,7 @@ in {
       backend = "docker";
       containers."rss-bridge" = {
         # https://hub.docker.com/r/rssbridge/rss-bridge/tags
-        image =
+        image = "rssbridge/rss-bridge@sha256:908ee2936c1acdddbff69020cf4f01f259b4e230fd924876b3c8dfbaa8e3326c";
-          "rssbridge/rss-bridge@sha256:908ee2936c1acdddbff69020cf4f01f259b4e230fd924876b3c8dfbaa8e3326c";
         autoStart = true;
         ports = [ "8082:80" ];
         volumes = [

modules/services/syslog/default.nix

@@ -1,7 +1,11 @@
 { config, lib, ... }:
-let cfg = config.services.az-syslog;
+let
-in {
+  cfg = config.services.az-syslog;
-  options = { services.az-syslog.enable = lib.mkEnableOption "Enable syslog"; };
+in
+{
+  options = {
+    services.az-syslog.enable = lib.mkEnableOption "Enable syslog";
+  };
 
   config = lib.mkIf cfg.enable {
     services.rsyslogd = {
@@ -15,4 +19,3 @@ in {
     systemd.services.syslog.after = [ "network-online.target" ];
   };
 }
-

modules/services/telegram-notifications/default.nix

@@ -1,4 +1,10 @@
-{ config, inputs, lib, pkgs, ... }:
+{
+  config,
+  inputs,
+  lib,
+  pkgs,
+  ...
+}:
 let
   cfg = config.services.az-telegram-notifications;
 
@@ -16,18 +22,19 @@ let
     ${send-to-telegram} "$ALERT Unit failed $UNIT $ALERT
     Status:
     $UNITSTATUS"'';
-in {
+in
+{
   options = {
-    services.az-telegram-notifications.enable =
+    services.az-telegram-notifications.enable = lib.mkEnableOption "Enable Telegram Notifications";
-      lib.mkEnableOption "Enable Telegram Notifications";
   };
 
   config = lib.mkIf cfg.enable {
-    age.secrets.telegramNotifyEnv.file =
+    age.secrets.telegramNotifyEnv.file = "${inputs.self}/scrts/telegram_notify_env.age";
-      "${inputs.self}/scrts/telegram_notify_env.age";
     systemd.services."unit-status-telegram@" = {
       description = "Unit Status Telegram Service";
-      unitConfig = { After = "network-online.target"; };
+      unitConfig = {
+        After = "network-online.target";
+      };
       serviceConfig = {
         Type = "simple";
         ExecStart = "${unit-status-telegram} %I";

modules/services/tlp/default.nix

@@ -1,7 +1,11 @@
 { config, lib, ... }:
-let cfg = config.services.az-tlp;
+let
-in {
+  cfg = config.services.az-tlp;
-  options = { services.az-tlp.enable = lib.mkEnableOption "Enable TLP"; };
+in
+{
+  options = {
+    services.az-tlp.enable = lib.mkEnableOption "Enable TLP";
+  };
 
   config = lib.mkIf cfg.enable {
     services.tlp = {

modules/services/virtualbox-guest/default.nix

@@ -1,15 +1,17 @@
 { config, lib, ... }:
-let cfg = config.services.az-virtualbox-guest;
+let
-in {
+  cfg = config.services.az-virtualbox-guest;
+in
+{
   options = {
-    services.az-virtualbox-guest.enable =
+    services.az-virtualbox-guest.enable = lib.mkEnableOption "Enable virtualbox services";
-      lib.mkEnableOption "Enable virtualbox services";
   };
 
   config = lib.mkIf cfg.enable {
     virtualisation.virtualbox.guest.enable = true;
     virtualisation.virtualbox.guest.x11 = true;
-    users.users.${config.az-username} = { extraGroups = [ "vboxsf" ]; };
+    users.users.${config.az-username} = {
+      extraGroups = [ "vboxsf" ];
+    };
   };
 }
-

scrts/secrets.nix

@@ -1,34 +1,23 @@
 let
-  andreas =
+  andreas = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCR+JXNHSAEQamn2QiaKV0vejCPy6OmzOePXoaQF6CEknXyvBO4j7+qpgZ5RAhe7ups8xZrEpBKdtxRMf7OdQQEXg1PLlfWZSJTC8EGu1TbMltbwwHizgsK/15LkDhJ0Gk/GFz9O9GvGqjizik8Kvvqz8XWY0tEtYs5Riq8bB5D5Ctwl10iultqnIQkdaX0bNa/2X57XKeutWdbqhuSC/C7awC1aVDIdfy1BNT3weHhQhFVAeAlH7Fy4rx3gYPclICfzu27lulLeXKJj9F+NdeY84zEy7E8IkE7eqdo1zfdJJpXSIh3FqekWen5njzWJsXqZCa2Ynk1poK/Rv/ti+ySE+4XicyXp0VJM8fDz6iUI0S/pjumHwzpoN9CeNe5PDK3Y7iQzSlO9REvkj/+v7r2s6XKslk9B7hTKunvH5JgHlIeYymzXb4r2LggNrP/1KUgNk1Ztu+s1c5onXYfBNul1iQOFU3+kgTk8Oh/UFK3FA0dYeWrOLA02TdH2S7U6yE= andreas@gwyn";
-    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCR+JXNHSAEQamn2QiaKV0vejCPy6OmzOePXoaQF6CEknXyvBO4j7+qpgZ5RAhe7ups8xZrEpBKdtxRMf7OdQQEXg1PLlfWZSJTC8EGu1TbMltbwwHizgsK/15LkDhJ0Gk/GFz9O9GvGqjizik8Kvvqz8XWY0tEtYs5Riq8bB5D5Ctwl10iultqnIQkdaX0bNa/2X57XKeutWdbqhuSC/C7awC1aVDIdfy1BNT3weHhQhFVAeAlH7Fy4rx3gYPclICfzu27lulLeXKJj9F+NdeY84zEy7E8IkE7eqdo1zfdJJpXSIh3FqekWen5njzWJsXqZCa2Ynk1poK/Rv/ti+ySE+4XicyXp0VJM8fDz6iUI0S/pjumHwzpoN9CeNe5PDK3Y7iQzSlO9REvkj/+v7r2s6XKslk9B7hTKunvH5JgHlIeYymzXb4r2LggNrP/1KUgNk1Ztu+s1c5onXYfBNul1iQOFU3+kgTk8Oh/UFK3FA0dYeWrOLA02TdH2S7U6yE= andreas@gwyn";
+  andreas-nixos-vm = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDA3/7NfN0GSFq4CCZa1BSizm95tFx7Ogz4IS2SaIosZ7xdjVpqAQ7iK/UG5GRKvBjhUnrGUwU9CRt6wYLhs47/qj20pMlnpvLb/0yDUwvY+2SfH6taZeLArL/o4d6jFrPuOGxP5Lt213qe/hZA0hnc6f7gZY13vXJ37Wm4K+st3N8qtk3lcTncb9aPrPoYBfrm7DGWBczdJtPPp/eJmgKATDHsy95hUuUYm17Pu2uzSVRaXIZnuevfySgRHi9qsk962GdC7CcWlctMGry7++1D0lzXdollseZQaKf40wRzMQJrOb7OueI0s5hlKsVNJR9SXbZm0rJhTeUJOzh3v+b5nNzcjqG4Cx6BOOg400ayvTxBC5pH7GRBO1Pgpj3+r2mWFOlPYwfIYS0EjoQIdKYQBefrqRrzDavancIFlqyifs8XQIru7PnF6IP6EmyQwIoybUlZzLPAWXSTXyyx7F0+w181+hYLnbHd7+u6ddVLXbUKfZ77SXiPThep9Tfw3J8= andreas@nixos";
-  andreas-nixos-vm =
+  users = [
-    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDA3/7NfN0GSFq4CCZa1BSizm95tFx7Ogz4IS2SaIosZ7xdjVpqAQ7iK/UG5GRKvBjhUnrGUwU9CRt6wYLhs47/qj20pMlnpvLb/0yDUwvY+2SfH6taZeLArL/o4d6jFrPuOGxP5Lt213qe/hZA0hnc6f7gZY13vXJ37Wm4K+st3N8qtk3lcTncb9aPrPoYBfrm7DGWBczdJtPPp/eJmgKATDHsy95hUuUYm17Pu2uzSVRaXIZnuevfySgRHi9qsk962GdC7CcWlctMGry7++1D0lzXdollseZQaKf40wRzMQJrOb7OueI0s5hlKsVNJR9SXbZm0rJhTeUJOzh3v+b5nNzcjqG4Cx6BOOg400ayvTxBC5pH7GRBO1Pgpj3+r2mWFOlPYwfIYS0EjoQIdKYQBefrqRrzDavancIFlqyifs8XQIru7PnF6IP6EmyQwIoybUlZzLPAWXSTXyyx7F0+w181+hYLnbHd7+u6ddVLXbUKfZ77SXiPThep9Tfw3J8= andreas@nixos";
+    andreas
-  users = [ andreas andreas-nixos-vm ];
+    andreas-nixos-vm
+  ];
 
-  git =
+  git = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDO40In82pEqQJexG9nlXOsYb4T/sYrb/4EVtGc0bfEb";
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDO40In82pEqQJexG9nlXOsYb4T/sYrb/4EVtGc0bfEb";
+  gwyn = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGNmtdodpXHcwEsX2x89RyxjX5F6eERanzM4OXlNDx50";
-  gwyn =
+  loki-test = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKqCmY9F2nWasFtmBpk401lacclXeddDm+OTZ4+tNM94";
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGNmtdodpXHcwEsX2x89RyxjX5F6eERanzM4OXlNDx50";
+  mail = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGQ64p/o1u8KUqxmOQkngMdNkfTCNkqYh8ptinatxUDX";
-  loki-test =
+  management = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICr5M2m7cic6fCaVNEesCn8Ii/VDB0EtyxYWs79aE4BD";
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKqCmY9F2nWasFtmBpk401lacclXeddDm+OTZ4+tNM94";
+  nextcloud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHASRPSKyADQUBe6lQEo8EHixPwktbHQjAPX24GIoWwg";
-  mail =
+  nixos-vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOcmWE9b7GQKOOq61gYLdFA5uZ+hhpBYePmmdRDGwIVu";
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGQ64p/o1u8KUqxmOQkngMdNkfTCNkqYh8ptinatxUDX";
+  plex = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDAp4qkxNLabAuwRSKjD1e7nNZ0QuB+BO2VxcYpdfr/X";
-  management =
+  proxy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINOhI/rT7BMrXmDgFC2VnrWyFwnMiZPED0z1QFwVgA4B";
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICr5M2m7cic6fCaVNEesCn8Ii/VDB0EtyxYWs79aE4BD";
+  staubfinger = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHaGKfqdWGUC5vg+EFHK19rR+fz29p0rV/9/lbT0lyq";
-  nextcloud =
+  restic-server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILX9Sm69VGPrek8PRgWa8xJPqzRrixs1g+8hBu2F6265";
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHASRPSKyADQUBe6lQEo8EHixPwktbHQjAPX24GIoWwg";
+  ttrss = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfWq/ZWeMNIMqXsI4rnkwR+wc/FVdb2jA70sdLMEnyX";
-  nixos-vm =
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOcmWE9b7GQKOOq61gYLdFA5uZ+hhpBYePmmdRDGwIVu";
-  plex =
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDAp4qkxNLabAuwRSKjD1e7nNZ0QuB+BO2VxcYpdfr/X";
-  proxy =
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINOhI/rT7BMrXmDgFC2VnrWyFwnMiZPED0z1QFwVgA4B";
-  staubfinger =
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHaGKfqdWGUC5vg+EFHK19rR+fz29p0rV/9/lbT0lyq";
-  restic-server =
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILX9Sm69VGPrek8PRgWa8xJPqzRrixs1g+8hBu2F6265";
-  ttrss =
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfWq/ZWeMNIMqXsI4rnkwR+wc/FVdb2jA70sdLMEnyX";
   systems = [
     git
     gwyn
@@ -43,10 +32,17 @@ let
     staubfinger
     ttrss
   ];
-  defaultKeys =
+  defaultKeys = [
-    [ andreas andreas-nixos-vm gwyn management nixos-vm staubfinger ];
+    andreas
+    andreas-nixos-vm
+    gwyn
+    management
+    nixos-vm
+    staubfinger
+  ];
   all = users ++ systems;
-in {
+in
+{
   "dkim_2li.ch.age".publicKeys = defaultKeys ++ [ mail ];
   "dkim_zweili.ch.age".publicKeys = defaultKeys ++ [ mail ];
   "freshrss_db_pass.age".publicKeys = defaultKeys ++ [ ttrss ];
@@ -60,4 +56,3 @@ in {
   "telegram_notify_env.age".publicKeys = all;
   "webdav_andreas.age".publicKeys = defaultKeys;
 }
-

setup-shell.nix

@@ -1,14 +1,13 @@
-{ pkgs ? import <nixpkgs> { } }:
+{
+  pkgs ? import <nixpkgs> { },
+}:
 pkgs.mkShell {
   name = "nixosbuildshell";
   nativeBuildInputs = with pkgs; [ nixFlakes ];
 
   shellHook = ''
-    PATH=${
+    PATH=${pkgs.writeShellScriptBin "nix" ''
-      pkgs.writeShellScriptBin "nix" ''
+      ${pkgs.nixFlakes}/bin/nix --experimental-features "nix-command flakes" "$@"
-        ${pkgs.nixFlakes}/bin/nix --experimental-features "nix-command flakes" "$@"
+    ''}/bin:$PATH
-      ''
-    }/bin:$PATH
   '';
 }
-

shell.nix

@@ -1,4 +1,6 @@
-{ pkgs ? import <nixpkgs> { } }:
+{
+  pkgs ? import <nixpkgs> { },
+}:
 pkgs.mkShell {
   name = "nixosbuildshell";
   nativeBuildInputs = with pkgs; [
@@ -14,11 +16,8 @@ pkgs.mkShell {
   ];
 
   shellHook = ''
-    PATH=${
+    PATH=${pkgs.writeShellScriptBin "nix" ''
-      pkgs.writeShellScriptBin "nix" ''
+      ${pkgs.nixFlakes}/bin/nix --experimental-features "nix-command flakes" "$@"
-        ${pkgs.nixFlakes}/bin/nix --experimental-features "nix-command flakes" "$@"
+    ''}/bin:$PATH
-      ''
-    }/bin:$PATH
   '';
 }
-

systems/desktop-vm/default.nix

@@ -1,7 +1,12 @@
 { hostname }:
-{ config, inputs, ... }: {
+{ config, inputs, ... }:
-  boot.initrd.availableKernelModules =
+{
-    [ "ata_piix" "ohci_pci" "sd_mod" "sr_mod" ];
+  boot.initrd.availableKernelModules = [
+    "ata_piix"
+    "ohci_pci"
+    "sd_mod"
+    "sr_mod"
+  ];
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ ];
   boot.extraModulePackages = [ ];
@@ -22,7 +27,7 @@
     interfaces.enp0s3.useDHCP = true;
   };
 
-  swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
+  swapDevices = [ { device = "/dev/disk/by-label/swap"; } ];
 
   users.users.${config.az-username} = {
     openssh.authorizedKeys.keys = [
@@ -30,10 +35,11 @@
     ];
   };
   profiles.az-desktop.enable = true;
-  programs = { az-distrobox.enable = true; };
+  programs = {
+    az-distrobox.enable = true;
+  };
   services = {
     az-virtualbox-guest.enable = true;
     az-x86.enable = true;
   };
 }
-

systems/git/default.nix

@@ -1,7 +1,9 @@
 { hostname }:
 { inputs, pkgs, ... }:
-let domain = "git.2li.ch";
+let
-in {
+  domain = "git.2li.ch";
+in
+{
   hardware = {
     az-raspi4-ethernet = {
       enable = true;

systems/gwyn/default.nix

@@ -1,5 +1,11 @@
 { hostname }:
-{ inputs, lib, pkgs, ... }: {
+{
+  inputs,
+  lib,
+  pkgs,
+  ...
+}:
+{
   imports = [
     inputs.nixos-hardware.nixosModules.dell-precision-5530
     inputs.nixos-hardware.nixosModules.common-gpu-nvidia
@@ -19,7 +25,10 @@
   ];
 
   boot.initrd.kernelModules = [ "dm-snapshot" ];
-  boot.kernelModules = [ "kvm-intel" "sg" ];
+  boot.kernelModules = [
+    "kvm-intel"
+    "sg"
+  ];
   boot.extraModulePackages = [ ];
   boot.kernelParams = [
     "ip=dhcp" # required for ssh at initrd
@@ -32,8 +41,16 @@
 
   # Required to build aarch64 packages
   boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
-  boot.supportedFilesystems =
+  boot.supportedFilesystems = [
-    [ "apfs" "exfat" "ext4" "nfs" "nfs4" "ntfs" "cifs" "f2fs" ];
+    "apfs"
+    "exfat"
+    "ext4"
+    "nfs"
+    "nfs4"
+    "ntfs"
+    "cifs"
+    "f2fs"
+  ];
 
   fileSystems."/" = {
     device = "/dev/disk/by-label/nixos";
@@ -46,7 +63,7 @@
 
   networking.hostName = hostname;
 
-  swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
+  swapDevices = [ { device = "/dev/disk/by-label/swap"; } ];
 
   hardware = {
     az-bluetooth.enable = true;
@@ -75,4 +92,3 @@
 
   virtualisation.virtualbox.host.enable = true;
 }
-

systems/loki-test/default.nix

@@ -1,5 +1,6 @@
 { hostname }:
-{ inputs, pkgs, ... }: {
+{ inputs, pkgs, ... }:
+{
   hardware = {
     az-raspi4-ethernet = {
       enable = true;

systems/mail/default.nix

@@ -1,5 +1,6 @@
 { hostname }:
-{ inputs, pkgs, ... }: {
+{ inputs, pkgs, ... }:
+{
   hardware = {
     az-raspi4-ethernet = {
       enable = true;
@@ -22,4 +23,3 @@
     };
   };
 }
-

systems/management/default.nix

@@ -1,5 +1,6 @@
 { hostname }:
-{ inputs, ... }: {
+{ inputs, ... }:
+{
   hardware = {
     az-raspi4-ethernet = {
       enable = true;
@@ -24,5 +25,4 @@
     az-nix-direnv.enable = true;
     az-restic-management.enable = true;
   };
-
 }