Alejandra 💅

2024-03-05 22:57:41 +01:00 · 2024-03-05 22:57:41 +01:00 · a7b28837ee
parent 163a7f38c4
commit a7b28837ee
61 changed files with 472 additions and 306 deletions
--- a/flake.nix
+++ b/flake.nix
@ -38,40 +38,44 @@
    };
  };
-  outputs = { self, nixpkgs, ... } @ inputs: {
+  outputs = {
-    # https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-fmt.html
+    self,
-    formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
+    nixpkgs,
    ...
  } @ inputs: {
    # https://kamadorueda.com/alejandra/
    formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra;
    nixosConfigurations = {
      # Home desktop
      omega = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        specialArgs = inputs; # pass flake inputs to modules
-        modules = [ ./hosts/omega ];
+        modules = [./hosts/omega];
      };
      # Laptop
      zeta = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        specialArgs = inputs; # pass flake inputs to modules
-        modules = [ ./hosts/zeta ];
+        modules = [./hosts/zeta];
      };
      # Work laptop
      mu = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        specialArgs = inputs; # pass flake inputs to modules
-        modules = [ ./hosts/mu ];
+        modules = [./hosts/mu];
      };
      # Hetzner VPS
      alpha = nixpkgs.lib.nixosSystem {
        system = "aarch64-linux";
        specialArgs = inputs; # pass flake inputs to modules
-        modules = [ ./hosts/alpha ];
+        modules = [./hosts/alpha];
      };
      # Tor relay
      tor = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        specialArgs = inputs; # pass flake inputs to modules
-        modules = [ ./hosts/tor ];
+        modules = [./hosts/tor];
      };
    };
  };
--- a/hosts/alpha/default.nix
+++ b/hosts/alpha/default.nix
@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
  imports = [
    ../../overlays
    ../../modules/base
--- a/hosts/alpha/hardware.nix
+++ b/hosts/alpha/hardware.nix
@ -1,20 +1,26 @@
-{ config, lib, pkgs, modulesPath, ... }: {
+{
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }: {
  # https://nixos.wiki/wiki/Install_NixOS_on_Hetzner_Cloud
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
  ];
-  boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" "sr_mod" ];
+  boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" "sr_mod"];
-  boot.initrd.kernelModules = [ "dm-snapshot" "virtio_gpu" ];
+  boot.initrd.kernelModules = ["dm-snapshot" "virtio_gpu"];
-  boot.kernelParams = [ "console=tty" ];
+  boot.kernelParams = ["console=tty"];
-  boot.kernelModules = [ ];
+  boot.kernelModules = [];
-  boot.extraModulePackages = [ ];
+  boot.extraModulePackages = [];
  # https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/
  fileSystems."/" = {
    device = "none";
    fsType = "tmpfs";
-    options = [ "defaults" "size=2G" "mode=755" ]; # mode=755 so only root can write to those files
+    options = ["defaults" "size=2G" "mode=755"]; # mode=755 so only root can write to those files
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-label/BOOT";
@ -38,4 +44,3 @@
  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
 }
--- a/hosts/alpha/network.nix
+++ b/hosts/alpha/network.nix
@ -1,4 +1,4 @@
-{ config, ... }: {
+{config, ...}: {
  systemd.network = {
    # Main interface
    networks."10-lan" = {
@ -8,7 +8,7 @@
        "2a01:4f8:c2c:71c0::/64"
      ];
      routes = [
-        { routeConfig = { Gateway = "fe80::1"; }; }
+        {routeConfig = {Gateway = "fe80::1";};}
      ];
    };
@ -31,7 +31,7 @@
            PresharedKeyFile = config.age.secrets.wireguard-preshared-key-file.path;
            # Add to the main routing table that traffic for the address should
            # be sent to sigma.
-            AllowedIPs = [ "49.13.33.75/32" ];
+            AllowedIPs = ["49.13.33.75/32"];
            RouteTable = "main";
          };
        }
@ -58,7 +58,7 @@
          wireguardPeerConfig = {
            PublicKey = "sigmaH/DKSU8KWyrPtucYmS2ewUvDvCNLxd/qYEo0n0=";
            PresharedKeyFile = config.age.secrets.wireguard-preshared-key-file.path;
-            AllowedIPs = [ "116.203.6.156/32" ];
+            AllowedIPs = ["116.203.6.156/32"];
            RouteTable = "main";
          };
        }
@ -76,7 +76,7 @@
  };
  networking = {
-    firewall.allowedUDPPorts = [ 51820 51821 ];
+    firewall.allowedUDPPorts = [51820 51821];
  };
  age.secrets.wireguard-preshared-key-file = {
--- a/hosts/mu/default.nix
+++ b/hosts/mu/default.nix
@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
  imports = [
    ../../overlays
    ../../modules/base
--- a/hosts/mu/fan.nix
+++ b/hosts/mu/fan.nix
@ -1,15 +1,15 @@
-{ ... }: {
+{...}: {
  # Disable jet engine
  services.thinkfan = {
    enable = true;
    levels = [
-      [ 0 0 70 ]
+      [0 0 70]
-      [ 1 65 75 ]
+      [1 65 75]
-      [ 2 70 80 ]
+      [2 70 80]
-      [ 3 75 85 ]
+      [3 75 85]
-      [ 6 80 90 ]
+      [6 80 90]
-      [ 7 90 95 ]
+      [7 90 95]
-      [ "level auto" 95 32767 ]
+      ["level auto" 95 32767]
    ];
  };
  boot.extraModprobeConfig = ''
--- a/hosts/mu/fish.nix
+++ b/hosts/mu/fish.nix
@ -1,4 +1,4 @@
-{ home-manager, ... }: {
+{home-manager, ...}: {
  home-manager.users.caspervk = {
    programs.fish.shellAliases = {
      sm = "bw get totp e2be31fb-135f-4b28-88cd-b094000ddb67 | wl-copy; gcloud --project magenta-os2mo-production compute ssh --tunnel-through-iap saltmaster";
--- a/hosts/mu/git.nix
+++ b/hosts/mu/git.nix
@ -1,4 +1,8 @@
-{ home-manager, lib, ... }: {
+{
  home-manager,
  lib,
  ...
 }: {
  home-manager.users.caspervk = {
    programs.git = {
      userEmail = lib.mkForce "vk@magenta.dk";
@ -6,7 +10,6 @@
        # https://docs.gitlab.com/ee/user/project/push_options.html
        mr = "push --push-option=merge_request.create --push-option=merge_request.assign='vk'";
      };
    };
  };
 }
--- a/hosts/mu/hardware.nix
+++ b/hosts/mu/hardware.nix
@ -1,4 +1,11 @@
-{ config, lib, pkgs, modulesPath, nixos-hardware, ... }: {
+{
  config,
  lib,
  pkgs,
  modulesPath,
  nixos-hardware,
  ...
 }: {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    nixos-hardware.nixosModules.common-cpu-intel
@ -9,17 +16,16 @@
    nixos-hardware.nixosModules.common-pc-ssd
  ];
-  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usbhid" "sdhci_pci" ];
+  boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usbhid" "sdhci_pci"];
-  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.initrd.kernelModules = ["dm-snapshot"];
-  boot.kernelModules = [ "kvm-intel" ];
+  boot.kernelModules = ["kvm-intel"];
-  boot.extraModulePackages = [ ];
+  boot.extraModulePackages = [];
  # https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/
  fileSystems."/" = {
    device = "none";
    fsType = "tmpfs";
-    options = [ "defaults" "size=2G" "mode=755" ]; # mode=755 so only root can write to those files
+    options = ["defaults" "size=2G" "mode=755"]; # mode=755 so only root can write to those files
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-label/BOOT";
--- a/hosts/mu/hosts.nix
+++ b/hosts/mu/hosts.nix
@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
  networking.hosts = {
    "127.0.0.1" = [
      # not in git
--- a/hosts/mu/packages.nix
+++ b/hosts/mu/packages.nix
@ -1,4 +1,4 @@
-{ pkgs, ... }: {
+{pkgs, ...}: {
  environment.systemPackages = with pkgs; [
    android-studio
    azure-cli
--- a/hosts/mu/sway.nix
+++ b/hosts/mu/sway.nix
@ -1,4 +1,4 @@
-{ home-manager, ... }: {
+{home-manager, ...}: {
  home-manager.users.caspervk = {
    wayland.windowManager.sway = {
      config = {
@ -18,7 +18,10 @@
          };
        };
        workspaceOutputAssign = [
-          { workspace = "9"; output = "eDP-1"; }
+          {
            workspace = "9";
            output = "eDP-1";
          }
        ];
      };
    };
--- a/hosts/omega/borg.nix
+++ b/hosts/omega/borg.nix
@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
  imports = [
    ../../modules/borg.nix
  ];
--- a/hosts/omega/default.nix
+++ b/hosts/omega/default.nix
@ -1,4 +1,4 @@
-{ pkgs, ... }: {
+{pkgs, ...}: {
  imports = [
    ../../overlays
    ../../modules/base
@ -12,10 +12,10 @@
  systemd.services.qbittorrent = {
    description = "qBittorrent service";
-    documentation = [ "man:qbittorrent-nox(1)" ];
+    documentation = ["man:qbittorrent-nox(1)"];
-    wantedBy = [ "multi-user.target" ];
+    wantedBy = ["multi-user.target"];
-    wants = [ "multi-user.target" ];
+    wants = ["multi-user.target"];
-    after = [ "network-online.target" "nss-lookup.target" ];
+    after = ["network-online.target" "nss-lookup.target"];
    serviceConfig = {
      Type = "exec";
      User = "caspervk";
--- a/hosts/omega/hardware.nix
+++ b/hosts/omega/hardware.nix
@ -1,4 +1,11 @@
-{ config, lib, pkgs, modulesPath, nixos-hardware, ... }: {
+{
  config,
  lib,
  pkgs,
  modulesPath,
  nixos-hardware,
  ...
 }: {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    nixos-hardware.nixosModules.common-cpu-amd
@ -8,17 +15,17 @@
    nixos-hardware.nixosModules.common-pc-ssd
  ];
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"];
-  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.initrd.kernelModules = ["dm-snapshot"];
-  boot.kernelModules = [ "kvm-amd" ];
+  boot.kernelModules = ["kvm-amd"];
-  boot.extraModulePackages = [ ];
+  boot.extraModulePackages = [];
-  boot.supportedFilesystems = [ "ntfs" ];
+  boot.supportedFilesystems = ["ntfs"];
  # https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/
  fileSystems."/" = {
    device = "none";
    fsType = "tmpfs";
-    options = [ "defaults" "size=2G" "mode=755" ]; # mode=755 so only root can write to those files
+    options = ["defaults" "size=2G" "mode=755"]; # mode=755 so only root can write to those files
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-label/BOOT";
@ -41,12 +48,12 @@
  fileSystems."/mnt/C" = {
    device = "/dev/disk/by-label/C";
    fsType = "ntfs-3g";
-    options = [ "rw" "uid=1000" ];
+    options = ["rw" "uid=1000"];
  };
  fileSystems."/mnt/Backup" = {
    device = "/dev/disk/by-label/Backup";
    fsType = "ntfs-3g";
-    options = [ "rw" "uid=1000" ];
+    options = ["rw" "uid=1000"];
  };
  # Enables DHCP on all ethernet and wireless LAN interfaces.
--- a/hosts/omega/network.nix
+++ b/hosts/omega/network.nix
@ -1,4 +1,4 @@
-{ config, ... }: {
+{config, ...}: {
  systemd.network = {
    config = {
      routeTables = {
@ -35,7 +35,7 @@
            # we add these routes to a specific routing table and configure a
            # routing policy rule to only use it for packets being sent as the
            # public IP.
-            AllowedIPs = [ "0.0.0.0/0" ];
+            AllowedIPs = ["0.0.0.0/0"];
            RouteTable = "wg-sigma-public";
          };
        }
@ -43,7 +43,7 @@
    };
    networks."wg-sigma-public" = {
      name = "wg-sigma-public";
-      address = [ "49.13.33.75/32" ];
+      address = ["49.13.33.75/32"];
      routingPolicyRules = [
        {
          routingPolicyRuleConfig = {
@ -73,7 +73,7 @@
            PresharedKeyFile = config.age.secrets.wireguard-preshared-key-file.path;
            Endpoint = "alpha.caspervk.net:51821";
            PersistentKeepalive = 25;
-            AllowedIPs = [ "0.0.0.0/0" ];
+            AllowedIPs = ["0.0.0.0/0"];
            RouteTable = "wg-sigma-p2p";
          };
        }
@ -81,7 +81,7 @@
    };
    networks."wg-sigma-p2p" = {
      name = "wg-sigma-p2p";
-      address = [ "116.203.6.156/32" ];
+      address = ["116.203.6.156/32"];
      routingPolicyRules = [
        {
          routingPolicyRuleConfig = {
--- a/hosts/omega/sway.nix
+++ b/hosts/omega/sway.nix
@ -1,4 +1,4 @@
-{ home-manager, ... }: {
+{home-manager, ...}: {
  home-manager.users.caspervk = {
    wayland.windowManager.sway = {
      config = {
@ -14,8 +14,14 @@
          };
        };
        workspaceOutputAssign = [
-          { workspace = "8"; output = "DP-2"; }
+          {
-          { workspace = "9"; output = "DP-2"; }
+            workspace = "8";
            output = "DP-2";
          }
          {
            workspace = "9";
            output = "DP-2";
          }
        ];
      };
    };
--- a/hosts/tor/default.nix
+++ b/hosts/tor/default.nix
@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
  imports = [
    ../../overlays
    ../../modules/base
--- a/hosts/tor/hardware.nix
+++ b/hosts/tor/hardware.nix
@ -1,18 +1,24 @@
-{ config, lib, pkgs, modulesPath, ... }: {
+{
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }: {
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
  ];
-  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
+  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];
-  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.initrd.kernelModules = ["dm-snapshot"];
-  boot.kernelModules = [ ];
+  boot.kernelModules = [];
-  boot.extraModulePackages = [ ];
+  boot.extraModulePackages = [];
  # https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/
  fileSystems."/" = {
    device = "none";
    fsType = "tmpfs";
-    options = [ "defaults" "size=2G" "mode=755" ]; # mode=755 so only root can write to those files
+    options = ["defaults" "size=2G" "mode=755"]; # mode=755 so only root can write to those files
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-label/BOOT";
@ -36,4 +42,3 @@
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }
--- a/hosts/tor/network.nix
+++ b/hosts/tor/network.nix
@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
  systemd.network = {
    networks."10-lan" = {
      # IPv4 settings are from `sudo dhcpcd --test`.
@ -9,8 +9,13 @@
        "2a0d:3e83:1:b284::1/64"
      ];
      routes = [
-        { routeConfig = { Gateway = "91.210.59.1"; }; }
+        {routeConfig = {Gateway = "91.210.59.1";};}
-        { routeConfig = { Gateway = "2a0d:3e83:1::1"; GatewayOnLink = true; }; }
+        {
          routeConfig = {
            Gateway = "2a0d:3e83:1::1";
            GatewayOnLink = true;
          };
        }
      ];
    };
  };
--- a/hosts/tor/tor.nix
+++ b/hosts/tor/tor.nix
@ -1,10 +1,16 @@
-{ ... }: {
+{...}: {
  services.tor = {
    settings = {
      Nickname = "DXV7520";
      ORPort = [
-        { addr = "91.210.59.57"; port = 443; }
+        {
-        { addr = "[2a0d:3e83:1:b284::1]"; port = 443; }
+          addr = "91.210.59.57";
          port = 443;
        }
        {
          addr = "[2a0d:3e83:1:b284::1]";
          port = 443;
        }
      ];
    };
  };
--- a/hosts/zeta/borg.nix
+++ b/hosts/zeta/borg.nix
@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
  imports = [
    ../../modules/borg.nix
  ];
--- a/hosts/zeta/default.nix
+++ b/hosts/zeta/default.nix
@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
  imports = [
    ../../overlays
    ../../modules/base
--- a/hosts/zeta/hardware.nix
+++ b/hosts/zeta/hardware.nix
@ -1,4 +1,11 @@
-{ config, lib, pkgs, modulesPath, nixos-hardware, ... }: {
+{
  config,
  lib,
  pkgs,
  modulesPath,
  nixos-hardware,
  ...
 }: {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    nixos-hardware.nixosModules.common-cpu-intel
@ -9,16 +16,16 @@
    nixos-hardware.nixosModules.common-pc-ssd
  ];
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
+  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "sd_mod"];
-  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.initrd.kernelModules = ["dm-snapshot"];
-  boot.kernelModules = [ "kvm-intel" ];
+  boot.kernelModules = ["kvm-intel"];
-  boot.extraModulePackages = [ ];
+  boot.extraModulePackages = [];
  # https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/
  fileSystems."/" = {
    device = "none";
    fsType = "tmpfs";
-    options = [ "defaults" "size=2G" "mode=755" ]; # mode=755 so only root can write to those files
+    options = ["defaults" "size=2G" "mode=755"]; # mode=755 so only root can write to those files
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-label/BOOT";
--- a/hosts/zeta/sway.nix
+++ b/hosts/zeta/sway.nix
@ -1,4 +1,4 @@
-{ home-manager, ... }: {
+{home-manager, ...}: {
  home-manager.users.caspervk = {
    wayland.windowManager.sway = {
      config = {
--- a/modules/base/agenix.nix
+++ b/modules/base/agenix.nix
@ -1,4 +1,8 @@
-{ agenix, pkgs, ... }: {
+{
  agenix,
  pkgs,
  ...
 }: {
  # Agenix manages the deployment of secrets by public-key encrypting them to
  # each system's ssh host key. See the README for more information.
  # https://github.com/ryantm/agenix
@ -12,7 +16,7 @@
  # host key. Refer directly to the key on the persistent partition, which is
  # mounted in stage 1 of the boot process, before agenix runs.
  # https://github.com/ryantm/agenix/issues/45#issuecomment-901383985
-  age.identityPaths = [ "/nix/persist/etc/ssh/ssh_host_ed25519_key" ];
+  age.identityPaths = ["/nix/persist/etc/ssh/ssh_host_ed25519_key"];
  # `agenix` cli tool
  environment.systemPackages = [
--- a/modules/base/default.nix
+++ b/modules/base/default.nix
@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
  imports = [
    ./agenix.nix
    ./docker.nix
--- a/modules/base/docker.nix
+++ b/modules/base/docker.nix
@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
  # Docker is a utility to pack, ship and run any application as a lightweight
  # container.
  # https://nixos.wiki/wiki/Docker
@ -14,12 +14,17 @@
  # Being a member of the docker group is effectively equivalent to being root,
  # but without the annoyance of having to type your sudo password all the time.
-  users.extraGroups.docker.members = [ "caspervk" ];
+  users.extraGroups.docker.members = ["caspervk"];
  # Persist docker volumes
  environment.persistence."/nix/persist" = {
    directories = [
-      { directory = "/var/lib/docker"; user = "root"; group = "root"; mode = "0700"; }
+      {
        directory = "/var/lib/docker";
        user = "root";
        group = "root";
        mode = "0700";
      }
    ];
  };
 }
--- a/modules/base/fish.nix
+++ b/modules/base/fish.nix
@ -1,4 +1,4 @@
-{ pkgs, ... }: {
+{pkgs, ...}: {
  # Fish is a Unix shell with a focus on interactivity and usability. Fish is
  # designed to give the user features by default, rather than by
  # configuration.
@ -24,7 +24,7 @@
  users.defaultUserShell = pkgs.fish;
  # Add fish to the list of permissible login shells for user accounts
-  environment.shells = with pkgs; [ fish ];
+  environment.shells = with pkgs; [fish];
  # Enabling fish in both NixOS and home manager is required to pick up
  # completions and environment variables set by NixOS nixpkgs _and_ home
--- a/modules/base/git.nix
+++ b/modules/base/git.nix
@ -1,4 +1,4 @@
-{ home-manager, ... }: {
+{home-manager, ...}: {
  # Git version control system.
  # https://nixos.wiki/wiki/Git
--- a/modules/base/hardware.nix
+++ b/modules/base/hardware.nix
@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
  # Enable all firmware with a license allowing redistribution
  hardware.enableRedistributableFirmware = true;
 }
--- a/modules/base/home-manager.nix
+++ b/modules/base/home-manager.nix
@ -1,4 +1,8 @@
-{ config, home-manager, ... }: {
+{
  config,
  home-manager,
  ...
 }: {
  # Like NixOS manages the system configuration, Home Manager manages the user
  # environment.
  #
--- a/modules/base/impermanence.nix
+++ b/modules/base/impermanence.nix
@ -1,4 +1,4 @@
-{ impermanence, ... }: {
+{impermanence, ...}: {
  # Impermanence in NixOS is where the root directory isn't permanent, but gets
  # wiped every reboot (such as by mounting it as tmpfs). Such a setup is
  # possible because NixOS only needs /boot and /nix in order to boot, all
@ -28,10 +28,25 @@
    hideMounts = true;
    directories = [
      # See comment above for /tmp
-      { directory = "/tmp"; user = "root"; group = "root"; mode = "1777"; }
+      {
        directory = "/tmp";
        user = "root";
        group = "root";
        mode = "1777";
      }
      # Save the last run time of persistent timers so systemd knows if they were missed
-      { directory = "/var/lib/systemd/timers"; user = "root"; group = "root"; mode = "0755"; }
+      {
-      { directory = "/var/log"; user = "root"; group = "root"; mode = "0755"; }
+        directory = "/var/lib/systemd/timers";
        user = "root";
        group = "root";
        mode = "0755";
      }
      {
        directory = "/var/log";
        user = "root";
        group = "root";
        mode = "0755";
      }
    ];
    files = [
      "/etc/machine-id" # needed for /var/log
--- a/modules/base/locale.nix
+++ b/modules/base/locale.nix
@ -1,4 +1,4 @@
-{ lib, ... }: {
+{lib, ...}: {
  i18n = {
    defaultLocale = "en_DK.UTF-8";
    extraLocaleSettings = {
--- a/modules/base/network.nix
+++ b/modules/base/network.nix
@ -1,17 +1,17 @@
-{ ... }: {
+{...}: {
  # https://nixos.wiki/wiki/Networking
  # https://nixos.wiki/wiki/Systemd-networkd
  networking = {
    firewall = {
      # Allow some ports for ad-hoc use
-      allowedTCPPorts = [ 1234 1337 8000 8080 ];
+      allowedTCPPorts = [1234 1337 8000 8080];
-      allowedUDPPorts = [ 1234 1337 8000 8080 ];
+      allowedUDPPorts = [1234 1337 8000 8080];
      # Do not spam dmesg/journalctl with refused connections
      logRefusedConnections = false;
    };
-    nameservers = [ "127.0.0.53" ]; # resolved stub resolver
+    nameservers = ["127.0.0.53"]; # resolved stub resolver
-    search = [ "caspervk.net" ];
+    search = ["caspervk.net"];
  };
  # TODO: these systemd networkd settings will be the default once
@ -34,7 +34,7 @@
    # Resolved falls back to DNS servers operated by American internet
    # surveillance and adtech companies by default. No thanks, I'd rather have
    # no DNS at all.
-    fallbackDns = [ "159.69.4.2#dns.caspervk.net" "2a01:4f8:1c0c:70d1::1#dns.caspervk.net" ];
+    fallbackDns = ["159.69.4.2#dns.caspervk.net" "2a01:4f8:1c0c:70d1::1#dns.caspervk.net"];
    extraConfig = ''
      DNS=159.69.4.2#dns.caspervk.net 2a01:4f8:1c0c:70d1::1#dns.caspervk.net
      DNSOverTLS=yes
@ -51,7 +51,12 @@
  services.vnstat.enable = true;
  environment.persistence."/nix/persist" = {
    directories = [
-      { directory = "/var/lib/vnstat"; user = "root"; group = "root"; mode = "0755"; }
+      {
        directory = "/var/lib/vnstat";
        user = "root";
        group = "root";
        mode = "0755";
      }
    ];
  };
 }
--- a/modules/base/nix.nix
+++ b/modules/base/nix.nix
@ -1,4 +1,9 @@
-{ nix-index-database, nixpkgs-unstable, nixpkgs, ... }: {
+{
  nix-index-database,
  nixpkgs-unstable,
  nixpkgs,
  ...
 }: {
  imports = [
    nix-index-database.nixosModules.nix-index
  ];
@ -22,7 +27,7 @@
      auto-optimise-store = true;
      # Enable flakes
-      experimental-features = [ "nix-command" "flakes" ];
+      experimental-features = ["nix-command" "flakes"];
      # Timeout connections to the binary cache instead of waiting forever
      connect-timeout = 5;
--- a/modules/base/packages.nix
+++ b/modules/base/packages.nix
@ -1,4 +1,4 @@
-{ pkgs, ... }: {
+{pkgs, ...}: {
  environment.systemPackages = with pkgs; [
    bat
    black
--- a/modules/base/ripgrep.nix
+++ b/modules/base/ripgrep.nix
@ -1,4 +1,4 @@
-{ home-manager, ... }: {
+{home-manager, ...}: {
  # ripgrep is a line-oriented search tool that recursively searches the
  # current directory for a regex pattern.
  # https://github.com/BurntSushi/ripgrep
--- a/modules/base/ssh.nix
+++ b/modules/base/ssh.nix
@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
  services.openssh = {
    enable = true;
    settings = {
--- a/modules/base/sudo.nix
+++ b/modules/base/sudo.nix
@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
  security.sudo = {
    # Only allow members of the wheel group to execute sudo by setting the
    # executable’s permissions accordingly. This prevents users that are not
--- a/modules/base/users.nix
+++ b/modules/base/users.nix
@ -1,4 +1,8 @@
-{ config, pkgs, ... }: {
+{
  config,
  pkgs,
  ...
 }: {
  users = {
    # Don't allow imperative modifications to users (incompatible with impermanence)
    mutableUsers = false;
@ -17,7 +21,7 @@
          # todo: systemd-journal, audio, input, power, nix ?
        ];
        uid = 1000;
-        packages = with pkgs; [ ];
+        packages = with pkgs; [];
      };
    };
  };
--- a/modules/base/vim/default.nix
+++ b/modules/base/vim/default.nix
@ -1,4 +1,8 @@
-{ home-manager, pkgs, ... }: {
+{
  home-manager,
  pkgs,
  ...
 }: {
  home-manager.users.caspervk = {
    programs.neovim = {
      enable = true;
@ -27,7 +31,7 @@
        nvim-dap-virtual-text # show variable values in-line
        salt-vim # salt syntax-highlighting
      ];
-      extraPackages = with pkgs; [ ];
+      extraPackages = with pkgs; [];
      extraConfig = builtins.readFile ./config.vim;
      extraLuaConfig = builtins.readFile ./config.lua;
--- a/modules/borg.nix
+++ b/modules/borg.nix
@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }: {
+{
  config,
  lib,
  pkgs,
  ...
 }: {
  # BorgBackup (short: Borg) is a deduplicating backup program.
  # https://nixos.wiki/wiki/Borg_backup
  # https://nixos.org/manual/nixos/stable/#module-borgbase
@ -69,7 +74,7 @@
    # patterns is used, so if an include pattern (prefix `+`) matches before an
    # exclude pattern (prefix `-`), the file is backed up. Prefix `!` is
    # exclude-norecurse. See `borg help patterns` for pattern syntax.
-    paths = [ "/" ];
+    paths = ["/"];
    patterns = [
      "! /dev"
      "! /lost+found"
--- a/modules/desktop/alacritty.nix
+++ b/modules/desktop/alacritty.nix
@ -1,4 +1,4 @@
-{ home-manager, ... }: {
+{home-manager, ...}: {
  # Terminal emulator
  # https://wiki.archlinux.org/title/Alacritty
@ -10,7 +10,11 @@
          # It's easy to open a new terminal using Mod+Enter in sway, but it
          # always opens in the home directly. This binds Control+Shift+Enter
          # to open a new terminal in the current directory.
-          { key = "Return"; mods = "Control|Shift"; action = "SpawnNewInstance"; }
+          {
            key = "Return";
            mods = "Control|Shift";
            action = "SpawnNewInstance";
          }
        ];
      };
    };
--- a/modules/desktop/clipman.nix
+++ b/modules/desktop/clipman.nix
@ -1,4 +1,9 @@
-{ home-manager, lib, pkgs, ... }: {
+{
  home-manager,
  lib,
  pkgs,
  ...
 }: {
  # Clipboard manager. It can help persist clipboard contents after closing an
  # application - which otherwise isn't supported in Wayland - but that breaks
  # rich content copying in general. Therefore, we only use it for clipboard
--- a/modules/desktop/default.nix
+++ b/modules/desktop/default.nix
@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
  imports = [
    ./alacritty.nix
    ./clipman.nix
--- a/modules/desktop/flatpak.nix
+++ b/modules/desktop/flatpak.nix
@ -1,4 +1,4 @@
-{ home-manager, ... }: {
+{home-manager, ...}: {
  # https://flatpak.org/setup/NixOS
  # https://nixos.wiki/wiki/Flatpak
@ -14,7 +14,12 @@
  # Persist flatpaks
  environment.persistence."/nix/persist" = {
    directories = [
-      { directory = "/var/lib/flatpak"; user = "root"; group = "root"; mode = "0755"; }
+      {
        directory = "/var/lib/flatpak";
        user = "root";
        group = "root";
        mode = "0755";
      }
    ];
  };
 }
--- a/modules/desktop/gammastep.nix
+++ b/modules/desktop/gammastep.nix
@ -1,4 +1,4 @@
-{ home-manager, ... }: {
+{home-manager, ...}: {
  # Gammestep automatically adjusts the screen's colour temperature. It's
  # basically redshift for Wayland.
  # https://gitlab.com/chinstrap/gammastep
--- a/modules/desktop/network.nix
+++ b/modules/desktop/network.nix
@ -1,4 +1,4 @@
-{ lib, ... }: {
+{lib, ...}: {
  networking = {
    # It's a little too much to define every WiFi network declaratively.
    # Instead, we enable NetworkManager and the nmtui interface.
@ -9,12 +9,17 @@
  };
  # Allow our user to configure the network
-  users.extraGroups.networkmanager.members = [ "caspervk" ];
+  users.extraGroups.networkmanager.members = ["caspervk"];
  # Persist WiFi passwords and other network configuration
  environment.persistence."/nix/persist" = {
    directories = [
-      { directory = "/etc/NetworkManager/system-connections"; user = "root"; group = "root"; mode = "0700"; }
+      {
        directory = "/etc/NetworkManager/system-connections";
        user = "root";
        group = "root";
        mode = "0700";
      }
    ];
  };
--- a/modules/desktop/pipewire.nix
+++ b/modules/desktop/pipewire.nix
@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
  # PipeWire is a new low-level multimedia framework. It aims to offer capture
  # and playback for both audio and video with minimal latency and support for
  # PulseAudio-, JACK-, ALSA- and GStreamer-based applications.
--- a/modules/desktop/programs.nix
+++ b/modules/desktop/programs.nix
@ -1,4 +1,10 @@
-{ home-manager, lib, nixpkgs, pkgs, ... }: {
+{
  home-manager,
  lib,
  nixpkgs,
  pkgs,
  ...
 }: {
  # Packages useful on a desktop computer which don't require their own module
  environment.systemPackages = with pkgs; [
@ -6,9 +12,10 @@
    gimp
    jetbrains.pycharm-professional
    keepassxc
-    (kodi-wayland.withPackages (kodiPackages: with kodiPackages; [
+    (kodi-wayland.withPackages (kodiPackages:
-      jellyfin
+      with kodiPackages; [
-    ]))
+        jellyfin
      ]))
    libqalculate
    libreoffice
    mpv
@ -19,12 +26,13 @@
    webcord # discord
  ];
-  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
+  nixpkgs.config.allowUnfreePredicate = pkg:
-    "android-studio-stable"
+    builtins.elem (lib.getName pkg) [
-    "pycharm-professional"
+      "android-studio-stable"
-    "spotify"
+      "pycharm-professional"
-    "terraform"
+      "spotify"
-  ];
+      "terraform"
    ];
  home-manager.users.caspervk = {
    home.sessionVariables = {
--- a/modules/desktop/rofi.nix
+++ b/modules/desktop/rofi.nix
@ -1,4 +1,8 @@
-{ home-manager, pkgs, ... }: {
+{
  home-manager,
  pkgs,
  ...
 }: {
  # A window switcher, application launcher and dmenu replacement. Used to open
  # programs, view the clipboard history, and select emojis.
  # https://github.com/davatorium/rofi
--- a/modules/desktop/ssh.nix
+++ b/modules/desktop/ssh.nix
@ -1,4 +1,4 @@
-{ home-manager, ... }: {
+{home-manager, ...}: {
  # https://nix-community.github.io/home-manager/options.html
  home-manager.users.caspervk = {
--- a/modules/desktop/sway.nix
+++ b/modules/desktop/sway.nix
@ -1,4 +1,9 @@
-{ home-manager, lib, pkgs, ... }: {
+{
  home-manager,
  lib,
  pkgs,
  ...
 }: {
  # https://nixos.wiki/wiki/Sway
  programs.sway = {
@ -77,14 +82,14 @@
          "XF86AudioPrev" = "exec 'playerctl previous'";
        };
        assigns = {
-          "8" = [{ class = "WebCord"; }];
+          "8" = [{class = "WebCord";}];
-          "9" = [{ class = "Spotify"; }];
+          "9" = [{class = "Spotify";}];
        };
        floating = {
          criteria = [
-            { app_id = "org.keepassxc.KeePassXC"; }
+            {app_id = "org.keepassxc.KeePassXC";}
-            { app_id = "pavucontrol"; }
+            {app_id = "pavucontrol";}
-            { app_id = "wdisplays"; }
+            {app_id = "wdisplays";}
          ];
        };
        focus = {
@ -114,7 +119,7 @@
          };
        };
        terminal = "alacritty";
-        bars = [{ command = "${pkgs.waybar}/bin/waybar"; }];
+        bars = [{command = "${pkgs.waybar}/bin/waybar";}];
      };
      # Execute sway with required environment variables for GTK applications
@ -125,104 +130,102 @@
    # https://github.com/Alexays/Waybar/wiki/Configuration
    # https://github.com/Alexays/Waybar/blob/master/resources/config
-    programs.waybar =
+    programs.waybar = let
-      let
+      # It isn't possible to extend the default Waybar config in Home
-        # It isn't possible to extend the default Waybar config in Home
+      # Manager; as soon as any setting is defined it overwrites the entire
-        # Manager; as soon as any setting is defined it overwrites the entire
+      # default configuration. To combat  this, we parse the default config
-        # default configuration. To combat  this, we parse the default config
+      # into Nix and merge it with our changes.
-        # into Nix and merge it with our changes.
+      mkDefaultConfig = pkgs.stdenv.mkDerivation {
-        mkDefaultConfig = pkgs.stdenv.mkDerivation {
+        name = "waybarDefaultConfig";
-          name = "waybarDefaultConfig";
+        src = "${pkgs.waybar}/etc/xdg/waybar";
-          src = "${pkgs.waybar}/etc/xdg/waybar";
+        installPhase = ''
-          installPhase = ''
+          # JSON isn't valid if it contains comments
-            # JSON isn't valid if it contains comments
+          sed 's#//.*##' config | ${pkgs.jq}/bin/jq > $out
            sed 's#//.*##' config | ${pkgs.jq}/bin/jq > $out
          '';
        };
        defaultConfig = builtins.fromJSON (lib.readFile "${mkDefaultConfig}");
      in
      {
        enable = true;
        settings = {
          bar = lib.mkMerge [
            defaultConfig
            {
              modules-right = lib.mkForce [ "tray" "pulseaudio" "backlight" "network" "battery" "clock" ];
              battery = {
                states = lib.mkForce {
                  warning = 15;
                  critical = 5;
                };
              };
              clock = {
                interval = 5;
                locale = "da_DK.UTF-8";
                format = "{:%a %e. %b  %H:%M}";
                calendar = {
                  mode = "year";
                  mode-mon-col = 3;
                  weeks-pos = "left";
                  on-scroll = 1;
                  format = {
                    months = "<span color='#ffead3'><b>{}</b></span>";
                    days = "<span color='#ecc6d9'><b>{}</b></span>";
                    weeks = "<span color='#99ffdd'><b>W{}</b></span>";
                    weekdays = "<span color='#ffcc66'><b>{}</b></span>";
                    today = "<span color='#ff6699'><b><u>{}</u></b></span>";
                  };
                };
                actions = {
                  on-click-right = "mode";
                  on-scroll-up = "shift_down";
                  on-scroll-down = "shift_up";
                };
              };
            }
          ];
        };
        # https://github.com/Alexays/Waybar/wiki/Styling
        # https://github.com/Alexays/Waybar/blob/master/resources/style.css
        style = ''
          window#waybar {
            color: white;
            background-color: rgba(0, 0, 0, 0.5);
            border-bottom: 1px solid rgba(0, 0, 0, 0.5);
            transition-duration: 0s;
          }
          #workspaces button {
            color: white;
            box-shadow: inset 0 3px transparent;
            border: none;
            border-radius: 0;
          }
          #workspaces button.focused {
            box-shadow: inset 0 3px #FF9E3B;  /* kanagawa roninYellow */
            background-color: transparent;
          }
          #workspaces button:hover {
            /* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
            background: rgba(0, 0, 0, 0.25);  
            text-shadow: inherit;
          }
          #mode {
              background-color: rgba(255, 255, 255, 0.4);
              border: none;
          }
          #tray, #pulseaudio, #backlight, #network, #battery, #clock {
            background-color: transparent;
            padding: 0 10px;
          }
          #battery.warning:not(.charging) {
            color: #FF9E3B;  /* kanagawa roninYellow */
          }
          #battery.critical:not(.charging) {
            color: #E82424;  /* kanagawa samuraiRed */
          }
          #network.disconnected {
            color: #E82424;  /* kanagawa samuraiRed */
          }
        '';
      };
      defaultConfig = builtins.fromJSON (lib.readFile "${mkDefaultConfig}");
    in {
      enable = true;
      settings = {
        bar = lib.mkMerge [
          defaultConfig
          {
            modules-right = lib.mkForce ["tray" "pulseaudio" "backlight" "network" "battery" "clock"];
            battery = {
              states = lib.mkForce {
                warning = 15;
                critical = 5;
              };
            };
            clock = {
              interval = 5;
              locale = "da_DK.UTF-8";
              format = "{:%a %e. %b  %H:%M}";
              calendar = {
                mode = "year";
                mode-mon-col = 3;
                weeks-pos = "left";
                on-scroll = 1;
                format = {
                  months = "<span color='#ffead3'><b>{}</b></span>";
                  days = "<span color='#ecc6d9'><b>{}</b></span>";
                  weeks = "<span color='#99ffdd'><b>W{}</b></span>";
                  weekdays = "<span color='#ffcc66'><b>{}</b></span>";
                  today = "<span color='#ff6699'><b><u>{}</u></b></span>";
                };
              };
              actions = {
                on-click-right = "mode";
                on-scroll-up = "shift_down";
                on-scroll-down = "shift_up";
              };
            };
          }
        ];
      };
      # https://github.com/Alexays/Waybar/wiki/Styling
      # https://github.com/Alexays/Waybar/blob/master/resources/style.css
      style = ''
        window#waybar {
          color: white;
          background-color: rgba(0, 0, 0, 0.5);
          border-bottom: 1px solid rgba(0, 0, 0, 0.5);
          transition-duration: 0s;
        }
        #workspaces button {
          color: white;
          box-shadow: inset 0 3px transparent;
          border: none;
          border-radius: 0;
        }
        #workspaces button.focused {
          box-shadow: inset 0 3px #FF9E3B;  /* kanagawa roninYellow */
          background-color: transparent;
        }
        #workspaces button:hover {
          /* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
          background: rgba(0, 0, 0, 0.25);
          text-shadow: inherit;
        }
        #mode {
            background-color: rgba(255, 255, 255, 0.4);
            border: none;
        }
        #tray, #pulseaudio, #backlight, #network, #battery, #clock {
          background-color: transparent;
          padding: 0 10px;
        }
        #battery.warning:not(.charging) {
          color: #FF9E3B;  /* kanagawa roninYellow */
        }
        #battery.critical:not(.charging) {
          color: #E82424;  /* kanagawa samuraiRed */
        }
        #network.disconnected {
          color: #E82424;  /* kanagawa samuraiRed */
        }
      '';
    };
    # https://github.com/swaywm/swaylock
    programs.swaylock = {
@ -234,24 +237,35 @@
    };
    # https://github.com/swaywm/swayidle
-    services.swayidle =
+    services.swayidle = let
-      let
+      lock = "${pkgs.swaylock}/bin/swaylock --daemonize";
-        lock = "${pkgs.swaylock}/bin/swaylock --daemonize";
+      outputOff = "${pkgs.sway}/bin/swaymsg 'output * power off'";
-        outputOff = "${pkgs.sway}/bin/swaymsg 'output * power off'";
+      outputOn = "${pkgs.sway}/bin/swaymsg 'output * power on'";
-        outputOn = "${pkgs.sway}/bin/swaymsg 'output * power on'";
+      suspend = "${pkgs.systemd}/bin/systemctl suspend";
-        suspend = "${pkgs.systemd}/bin/systemctl suspend";
+    in {
-      in
+      enable = true;
-      {
+      events = [
-        enable = true;
+        {
-        events = [
+          event = "lock";
-          { event = "lock"; command = lock; }
+          command = lock;
-          { event = "before-sleep"; command = lock; }
+        }
-        ];
+        {
-        timeouts = [
+          event = "before-sleep";
-          { timeout = 60 * 20; command = outputOff; resumeCommand = outputOn; }
+          command = lock;
-          { timeout = 60 * 60 * 3; command = suspend; }
+        }
-        ];
+      ];
-      };
+      timeouts = [
        {
          timeout = 60 * 20;
          command = outputOff;
          resumeCommand = outputOn;
        }
        {
          timeout = 60 * 60 * 3;
          command = suspend;
        }
      ];
    };
    # https://github.com/emersion/mako
    services.mako = {
@ -277,12 +291,12 @@
    enableDefaultPackages = true;
    packages = with pkgs; [
      # Nerd Fonts patches glyph icons, such as from Font Awesome, into existing fonts
-      (nerdfonts.override { fonts = [ "JetBrainsMono" ]; })
+      (nerdfonts.override {fonts = ["JetBrainsMono"];})
      font-awesome # waybar uses Font Awesome icons directly
    ];
    fontDir.enable = true; # TODO?
    fontconfig.defaultFonts = {
-      monospace = [ "JetBrainsMonoNL Nerd Font" ]; # NL = NoLigatures
+      monospace = ["JetBrainsMonoNL Nerd Font"]; # NL = NoLigatures
    };
  };
--- a/modules/desktop/virtd.nix
+++ b/modules/desktop/virtd.nix
@ -1,4 +1,4 @@
-{ home-manager, ... }: {
+{home-manager, ...}: {
  # https://nixos.wiki/wiki/Virt-manager
  virtualisation.libvirtd.enable = true;
@ -8,19 +8,24 @@
  home-manager.users.caspervk = {
    dconf.settings = {
      "org/virt-manager/virt-manager/connections" = {
-        autoconnect = [ "qemu:///system" ];
+        autoconnect = ["qemu:///system"];
-        uris = [ "qemu:///system" ];
+        uris = ["qemu:///system"];
      };
    };
  };
  # Allow our user to use libvird
-  users.extraGroups.libvirtd.members = [ "caspervk" ];
+  users.extraGroups.libvirtd.members = ["caspervk"];
  # Persist libvirt data
  environment.persistence."/nix/persist" = {
    directories = [
-      { directory = "/var/lib/libvirt"; user = "root"; group = "root"; mode = "0755"; }
+      {
        directory = "/var/lib/libvirt";
        user = "root";
        group = "root";
        mode = "0755";
      }
    ];
  };
 }
--- a/modules/server/default.nix
+++ b/modules/server/default.nix
@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
  imports = [
    ./system.nix
  ];
--- a/modules/server/system.nix
+++ b/modules/server/system.nix
@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
  # Automatically `nixos-rebuild switch` daily with the latest configuration
  # from git. This overwrites any uncommitted changes in ~/nixos/, which is why
  # it is only enabled on servers. Note that this requires updating flake.lock
--- a/modules/syncthing.nix
+++ b/modules/syncthing.nix
@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
  # Syncthing is a continuous file synchronization program. It synchronizes
  # files between two or more computers in real time. It's basically a
  # self-hosted Dropbox for Linux users, but without FTP, curlftpfs, and SVN.
@ -19,20 +19,20 @@
      devices = {
        "lambda" = {
          id = "WES3JH4-S34HTC5-42YZHUJ-MX3Z6PA-PFO72KA-YIJMDOB-GQWZXZ3-I7BBTAS";
-          addresses = [ "tcp://lambda.caspervk.net" ];
+          addresses = ["tcp://lambda.caspervk.net"];
        };
-        "omega" = { id = "EZIQ7SI-Y6BBLUY-QI4EEYU-UNIXPSG-R6X5E77-AA2UC7S-VRV2LKQ-RNBOGQT"; };
+        "omega" = {id = "EZIQ7SI-Y6BBLUY-QI4EEYU-UNIXPSG-R6X5E77-AA2UC7S-VRV2LKQ-RNBOGQT";};
-        "S10e" = { id = "DWC6YHB-FRYKFHD-FPOUITV-7GL2WZH-RSFOJXR-PHYXDO7-74NLBUZ-TZENVAC"; };
+        "S10e" = {id = "DWC6YHB-FRYKFHD-FPOUITV-7GL2WZH-RSFOJXR-PHYXDO7-74NLBUZ-TZENVAC";};
-        "zeta" = { id = "GQRNHAQ-MMRQYMD-P4RCA6I-5DJ3HXO-J2N2GVP-UGI55YR-HD3EYSO-ERU5QQV"; };
+        "zeta" = {id = "GQRNHAQ-MMRQYMD-P4RCA6I-5DJ3HXO-J2N2GVP-UGI55YR-HD3EYSO-ERU5QQV";};
      };
      folders = {
        "keepass" = {
          path = "~/keepass";
-          devices = [ "lambda" "omega" "S10e" "zeta" ];
+          devices = ["lambda" "omega" "S10e" "zeta"];
        };
        "sync" = {
          path = "~/sync";
-          devices = [ "lambda" "omega" "zeta" ];
+          devices = ["lambda" "omega" "zeta"];
        };
      };
    };
--- a/modules/tor/default.nix
+++ b/modules/tor/default.nix
@ -1,4 +1,8 @@
-{ config, pkgs, ... }: {
+{
  config,
  pkgs,
  ...
 }: {
  services.tor = {
    enable = true;
    openFirewall = true;
@ -26,7 +30,12 @@
  environment.persistence."/nix/persist" = {
    directories = [
-      { directory = "/var/lib/tor"; user = "tor"; group = "tor"; mode = "0700"; }
+      {
        directory = "/var/lib/tor";
        user = "tor";
        group = "tor";
        mode = "0700";
      }
    ];
  };
 }
--- a/overlays/default.nix
+++ b/overlays/default.nix
@ -1,3 +1,3 @@
-{ ... }: {
+{...}: {
-  imports = [ ];
+  imports = [];
 }
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -2,7 +2,6 @@
 # the agenix CLI tool to know which public keys to use for encryption. See the
 # README for more information.
 # https://github.com/ryantm/agenix
 let
  # Get a system's public key using:
  # > cat /etc/ssh/ssh_host_ed25519_key.pub
@ -18,21 +17,21 @@ let
  # > agenix -i $AGE_KEY_FILE -e foo.age
  recovery = "age1rd6hhd724s3r9xe4gfuy38rl0xfu8c7pkuefsrdwqfcknujzecyqz7ldyj";
-  all = [ alpha mu omega tor zeta ];
+  all = [alpha mu omega tor zeta];
 in
-builtins.mapAttrs (name: value: { publicKeys = value ++ [ recovery ]; }) {
+  builtins.mapAttrs (name: value: {publicKeys = value ++ [recovery];}) {
-  # Borg backup
+    # Borg backup
-  "borg-passphrase-file-omega.age" = [ omega ];
+    "borg-passphrase-file-omega.age" = [omega];
-  "borg-passphrase-file-zeta.age" = [ zeta ];
+    "borg-passphrase-file-zeta.age" = [zeta];
-  # User passwords
+    # User passwords
-  "users-hashed-password-file.age" = all;
+    "users-hashed-password-file.age" = all;
-  # Wireguard
+    # Wireguard
-  # The preshared key adds an additional layer of symmetric-key crypto to be
+    # The preshared key adds an additional layer of symmetric-key crypto to be
-  # mixed into the already existing public-key crypto, for post-quantum
+    # mixed into the already existing public-key crypto, for post-quantum
-  # resistance. Public-keys are generated using `wireguard-vanity-address`.
+    # resistance. Public-keys are generated using `wireguard-vanity-address`.
-  "wireguard-preshared-key-file.age" = [ alpha omega ];
+    "wireguard-preshared-key-file.age" = [alpha omega];
-  "wireguard-private-key-file-alpha.age" = [ alpha ];
+    "wireguard-private-key-file-alpha.age" = [alpha];
-  "wireguard-private-key-file-omega.age" = [ omega ];
+    "wireguard-private-key-file-omega.age" = [omega];
-}
+  }