add formatting and sops

add fonts
format all code
2024-11-09 15:26:52 +01:00 · 2024-11-09 15:06:57 +01:00 · 2024-11-09 15:02:26 +01:00 · 2024-11-09 15:01:22 +01:00
87 changed files with 847 additions and 601 deletions
--- a/config/default.nix
+++ b/config/default.nix
@ -1,4 +1,5 @@
-{nixos-config, ...}: {
+{ nixos-config, ... }:
 {
  imports = [
    "${nixos-config}/modules"
    "${nixos-config}/services/tailscale.nix"
--- a/config/documentation.nix
+++ b/config/documentation.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
 {
  documentation.nixos.includeAllModules = true;
  documentation.nixos.options.warningsAreErrors = false;
  home-manager.users.darkkirb.manual = {
--- a/config/graphical.nix
+++ b/config/graphical.nix
@ -1,8 +1,10 @@
-{config, ...}: {
+{ config, ... }:
 {
  time.timeZone = "Etc/GMT-1";
  isGraphical = true;
  imports = [
    ./kde
    ./documentation.nix
    ./graphical/fonts.nix
  ];
 }
--- a/config/graphical/fonts.nix
+++ b/config/graphical/fonts.nix
@ -0,0 +1,40 @@
 { pkgs, ... }:
 {
  fonts = {
    fontDir.enable = true;
    fontconfig = {
      enable = true;
      defaultFonts = {
        emoji = [ "Noto Color Emoji" ];
        monospace = [
          "Fira Code"
          "Font Awesome 5 Free"
        ];
        sansSerif = [
          "Noto Sans"
          "Font Awesome 5 Free"
        ];
        serif = [
          "Noto Serif"
          "Font Awesome 5 Free"
        ];
      };
    };
    packages = with pkgs; [
      fira-code
      fira-code-symbols
      font-awesome
      noto-fonts
      noto-fonts-cjk-sans
      noto-fonts-emoji
      noto-fonts-extra
      (nerdfonts.override {
        fonts = [
          "FiraCode"
          "DroidSansMono"
          "Noto"
        ];
      })
    ];
  };
 }
--- a/config/graphical/plymouth.nix
+++ b/config/graphical/plymouth.nix
@ -1,6 +1,7 @@
 # Unlike other modules in this directory, this one is not enabled by default
 # The default graphical configuration would enable this, the verbose configuration would not.
-{config, ...}: {
+{ config, ... }:
 {
  boot = {
    plymouth.enable = true;
    consoleLogLevel = 0;
--- a/config/i18n.nix
+++ b/config/i18n.nix
@ -1,11 +1,12 @@
-{config, ...}: {
+{ config, ... }:
 {
  console.keyMap = "neo";
  i18n.extraLocaleSettings = {
-    LC_ADDRESS="de_DE.UTF-8";
+    LC_ADDRESS = "de_DE.UTF-8";
-    LC_MONETARY="de_DE.UTF-8";
+    LC_MONETARY = "de_DE.UTF-8";
-    LC_NAME="de_DE.UTF-8";
+    LC_NAME = "de_DE.UTF-8";
-    LC_PAPER="de_DE.UTF-8";
+    LC_PAPER = "de_DE.UTF-8";
-    LC_TELEPHONE="de_DE.UTF-8";
+    LC_TELEPHONE = "de_DE.UTF-8";
-    LC_TIME="de_DE.UTF-8";
+    LC_TIME = "de_DE.UTF-8";
  };
 }
--- a/config/kde/default.nix
+++ b/config/kde/default.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
 {
  services.xserver.enable = true;
  services.displayManager.sddm.enable = true;
  services.desktopManager.plasma6.enable = true;
--- a/config/kde/home-manager.nix
+++ b/config/kde/home-manager.nix
@ -1,4 +1,5 @@
-{plasma-manager, ...}: {
+{ plasma-manager, ... }:
 {
  programs.plasma.enable = true;
  programs.plasma.configFile.baloofilerc."Basic Settings"."Indexing-Enabled" = false;
  imports = [
--- a/config/kde/i18n.nix
+++ b/config/kde/i18n.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
 {
  services.libinput.enable = true;
  services.xserver.xkb = {
    layout = "de";
--- a/config/kde/theming.nix
+++ b/config/kde/theming.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
 {
  programs.plasma = {
    workspace.lookAndFeel = "org.kde.breezedark.desktop";
    hotkeys.commands."launch-konsole" = {
--- a/config/networkmanager.nix
+++ b/config/networkmanager.nix
@ -1,6 +1,7 @@
-{...}: {
+{ ... }:
 {
  networking.networkmanager.enable = true;
-  users.users.darkkirb.extraGroups = ["networkmanager"];
+  users.users.darkkirb.extraGroups = [ "networkmanager" ];
  environment.persistence."/persistent".directories = [
    "/var/lib/NetworkManager"
    "/etc/NetworkManager"
--- a/config/systemd-boot.nix
+++ b/config/systemd-boot.nix
@ -1,6 +1,8 @@
-{system, ...}: let
+{ system, ... }:
 let
  isx86 = system == "x86_64-linux";
-in {
+in
 {
  boot.loader.systemd-boot = {
    enable = true;
    memtest86.enable = isx86;
--- a/containers/default-configuration.nix
+++ b/containers/default-configuration.nix
@ -1,4 +1,5 @@
-{system, ...}: {
+{ system, ... }:
 {
  inherit system;
  config = import ./default.nix;
  autoStart = true;
--- a/containers/default.nix
+++ b/containers/default.nix
@ -1,4 +1,5 @@
-{nixos-config, ...}: {
+{ nixos-config, ... }:
 {
  imports = [
    nixos-config.nixosModules.containers
  ];
--- a/default.nix
+++ b/default.nix
@ -1,14 +1,11 @@
-(
+(import (
-  import
+  let
-  (
+    lock = builtins.fromJSON (builtins.readFile ./flake.lock);
-    let
+  in
-      lock = builtins.fromJSON (builtins.readFile ./flake.lock);
+  fetchTarball {
-    in
+    url =
-      fetchTarball {
+      lock.nodes.flake-compat.locked.url
-        url = lock.nodes.flake-compat.locked.url or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
+        or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
-        sha256 = lock.nodes.flake-compat.locked.narHash;
+    sha256 = lock.nodes.flake-compat.locked.narHash;
-      }
+  }
-  )
+) { src = ./.; }).defaultNix
  {src = ./.;}
 )
 .defaultNix
--- a/flake.nix
+++ b/flake.nix
@ -78,132 +78,161 @@
    };
  };
-  outputs = {
+  outputs =
-    self,
+    {
-    nixpkgs,
+      self,
-    ...
+      nixpkgs,
-  } @ inputs': let
+      ...
-    inputs =
+    }@inputs':
-      inputs'
+    let
-      // {
+      inputs = inputs' // {
        nixos-config = self;
        inherit inputs;
        inTester = false;
        pureInputs = inputs';
      };
-    pkgsFor = system: let
+      pkgsFor =
-      inputs' =
+        system:
-        inputs
+        let
-        // {
+          inputs' = inputs // {
            inherit system;
            inputs = inputs';
          };
        in
        import nixpkgs {
          inherit system;
-          inputs = inputs';
+          overlays =
-        };
+            [
-    in
+              (
-      import nixpkgs {
+                _: _:
-        inherit system;
+                inputs'
-        overlays =
+                // {
-          [
+                  inputs = inputs';
-            (_: _:
+                }
-              inputs'
+              )
              // {
                inputs = inputs';
              })
          ]
          ++ (
            if system == "riscv64-linux"
            then [
              inputs.riscv-overlay.overlays.default
            ]
-            else []
+            ++ (
              if system == "riscv64-linux" then
                [
                  inputs.riscv-overlay.overlays.default
                ]
              else
                [ ]
            );
        };
    in
    {
      checks.x86_64-linux = nixpkgs.lib.listToAttrs (
        map (testName: {
          name = testName;
          value = (pkgsFor "x86_64-linux").callPackage ./tests/${testName}.nix { };
        }) [ "containers-default" ]
      );
      nixosModules = {
        containers = import ./modules/containers/default.nix;
        default = import ./modules/default.nix;
      };
      nixosContainers =
        with nixpkgs.lib;
        let
          containerNames = [
            "default"
          ];
          containerArches = [
            "x86_64-linux"
            "aarch64-linux"
            "riscv64-linux"
          ];
          containers = listToAttrs (
            flatten (
              map (
                system:
                let
                  pkgs = pkgsFor system;
                in
                map (container: {
                  name = "container-${container}-${system}";
                  value = pkgs.callPackage ./containers/${container}-configuration.nix { };
                }) containerNames
              ) containerArches
            )
          );
        in
        containers;
      nixosConfigurations =
        with nixpkgs.lib;
        let
          mkSystem =
            args:
            let
              inputs' = inputs // {
                inherit (args) system;
              };
            in
            nixosSystem (
              args
              // {
                specialArgs = args.specialArgs or { } // inputs';
              }
            );
          systems' = {
            not522 = {
              config = ./machine/not522;
              system = "riscv64-linux";
            };
            not522-installer = {
              config = ./machine/not522/installer;
              system = "riscv64-linux";
            };
            pc-installer = {
              config = ./machine/pc-installer;
              system = "x86_64-linux";
            };
            rainbow-resort = {
              config = ./machine/rainbow-resort;
              system = "x86_64-linux";
            };
            thinkrac = {
              config = ./machine/thinkrac;
              system = "x86_64-linux";
            };
          };
          containers = mapAttrs (
            _: container:
            mkSystem {
              inherit (container) system;
              modules = [
                container.config
              ];
            }
          ) self.nixosContainers;
          systems = mapAttrs (
            _: system:
            mkSystem {
              inherit (system) system;
              modules = [
                system.config
              ];
            }
          ) systems';
        in
        containers // systems;
      hydraJobs = {
        inherit (self) checks devShells;
        nixosConfigurations = nixpkgs.lib.mapAttrs (
          _: v: v.config.system.build.toplevel
        ) self.nixosConfigurations;
      };
-  in {
+      devShells.x86_64-linux.default =
-    checks.x86_64-linux = nixpkgs.lib.listToAttrs (map (testName: {
+        with pkgsFor "x86_64-linux";
-      name = testName;
+        mkShell {
-      value = (pkgsFor "x86_64-linux").callPackage ./tests/${testName}.nix {};
+          nativeBuildInputs = with pkgs; [
-    }) ["containers-default"]);
+            age
-    nixosModules = {
+            sops
-      containers = import ./modules/containers/default.nix;
+            ssh-to-age
-      default = import ./modules/default.nix;
+            nixfmt-rfc-style
    };
    nixosContainers = with nixpkgs.lib; let
      containerNames = [
        "default"
      ];
      containerArches = ["x86_64-linux" "aarch64-linux" "riscv64-linux"];
      containers = listToAttrs (flatten (map (system: let
        pkgs = pkgsFor system;
      in
        map (container: {
          name = "container-${container}-${system}";
          value = pkgs.callPackage ./containers/${container}-configuration.nix {};
        })
        containerNames)
      containerArches));
    in
      containers;
    nixosConfigurations = with nixpkgs.lib; let
      mkSystem = args: let
        inputs' = inputs // {inherit (args) system;};
      in
        nixosSystem (args
          // {
            specialArgs =
              args.specialArgs
              or {}
              // inputs';
          });
      systems' = {
        not522 = {
          config = ./machine/not522;
          system = "riscv64-linux";
        };
        not522-installer = {
          config = ./machine/not522/installer;
          system = "riscv64-linux";
        };
        pc-installer = {
          config = ./machine/pc-installer;
          system = "x86_64-linux";
        };
        rainbow-resort = {
          config = ./machine/rainbow-resort;
          system = "x86_64-linux";
        };
        thinkrac = {
          config = ./machine/thinkrac;
          system = "x86_64-linux";
        };
      };
      containers = mapAttrs (_: container:
        mkSystem {
          inherit (container) system;
          modules = [
            container.config
          ];
-        })
+        };
-      self.nixosContainers;
+      formatter.x86_64-linux = (pkgsFor "x86_64-linux").nixfmt-rfc-style;
      systems = mapAttrs (_: system:
        mkSystem {
          inherit (system) system;
          modules = [
            system.config
          ];
        })
      systems';
    in
      containers // systems;
    hydraJobs = {
      inherit (self) checks devShells;
      nixosConfigurations = nixpkgs.lib.mapAttrs (_: v: v.config.system.build.toplevel) self.nixosConfigurations;
    };
    devShells.x86_64-linux.default = with pkgsFor "x86_64-linux";
      mkShell {
        nativeBuildInputs = with pkgs; [
          age
          sops
          ssh-to-age
        ];
      };
  };
 }
--- a/hydra/default.nix
+++ b/hydra/default.nix
@ -1 +1 @@
-{nixos-config}: (import nixos-config).hydraJobs
+{ nixos-config }: (import nixos-config).hydraJobs
--- a/machine/not522/cross-packages.nix
+++ b/machine/not522/cross-packages.nix
@ -3,13 +3,15 @@
  nixpkgs,
  lix,
  ...
-}: let
+}:
 let
  pkgs_x86_64 = import nixpkgs {
    system = "x86_64-linux";
    crossSystem.system = "riscv64-linux";
-    overlays = [lix.overlays.default];
+    overlays = [ lix.overlays.default ];
  };
-in {
+in
 {
  nixpkgs.overlays = [
    (self: super: {
      inherit (pkgs_x86_64) lix nixos-option;
--- a/machine/not522/default.nix
+++ b/machine/not522/default.nix
@ -3,7 +3,8 @@
  nixos-hardware,
  nixpkgs,
  ...
-}: {
+}:
 {
  networking.hostName = "not522";
  imports = [
    "${nixos-config}/config"
@ -14,5 +15,5 @@
  ];
  system.stateVersion = "24.11";
  nixpkgs.config.allowUnsupportedSystem = true;
-  nix.settings.system-features = ["native-riscv"];
+  nix.settings.system-features = [ "native-riscv" ];
 }
--- a/machine/not522/disko.nix
+++ b/machine/not522/disko.nix
@ -17,30 +17,33 @@
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
-                mountOptions = ["umask=0077"];
+                mountOptions = [ "umask=0077" ];
              };
            };
            root = {
              end = "-8G";
              content = {
                type = "btrfs";
-                extraArgs = ["-f"]; # Override existing partition
+                extraArgs = [ "-f" ]; # Override existing partition
                # Subvolumes must set a mountpoint in order to be mounted,
                # unless their parent is mounted
                subvolumes = {
                  # Subvolume name is different from mountpoint
                  "/root" = {
-                    mountOptions = ["compress=zstd"];
+                    mountOptions = [ "compress=zstd" ];
                    mountpoint = "/";
                  };
                  # Subvolume name is the same as the mountpoint
                  "/persistent" = {
-                    mountOptions = ["compress=zstd"];
+                    mountOptions = [ "compress=zstd" ];
                    mountpoint = "/persistent";
                  };
                  # Parent is not mounted so the mountpoint must be set
                  "/nix" = {
-                    mountOptions = ["compress=zstd" "noatime"];
+                    mountOptions = [
                      "compress=zstd"
                      "noatime"
                    ];
                    mountpoint = "/nix";
                  };
                };
--- a/machine/not522/hardware.nix
+++ b/machine/not522/hardware.nix
@ -3,7 +3,8 @@
  nixos-hardware,
  config,
  ...
-}: {
+}:
 {
  imports = [
    "${nixos-hardware}/starfive/visionfive/v2/default.nix"
  ];
--- a/machine/not522/installer/default.nix
+++ b/machine/not522/installer/default.nix
@ -7,19 +7,19 @@
  lib,
  nixpkgs,
  ...
-}: let
+}:
-  dependencies =
+let
-    [
+  dependencies = [
-      nixos-config.nixosConfigurations.not522.config.system.build.toplevel
+    nixos-config.nixosConfigurations.not522.config.system.build.toplevel
-      nixos-config.nixosConfigurations.not522.config.system.build.diskoScript
+    nixos-config.nixosConfigurations.not522.config.system.build.diskoScript
-      nixos-config.nixosConfigurations.not522.config.system.build.diskoScript.drvPath
+    nixos-config.nixosConfigurations.not522.config.system.build.diskoScript.drvPath
-      nixos-config.nixosConfigurations.not522.pkgs.stdenv.drvPath
+    nixos-config.nixosConfigurations.not522.pkgs.stdenv.drvPath
-      (nixos-config.nixosConfigurations.not522.pkgs.closureInfo {rootPaths = [];}).drvPath
+    (nixos-config.nixosConfigurations.not522.pkgs.closureInfo { rootPaths = [ ]; }).drvPath
-    ]
+  ] ++ map (i: i.outPath) (builtins.filter builtins.isAttrs (builtins.attrValues pureInputs));
    ++ map (i: i.outPath) (builtins.filter builtins.isAttrs (builtins.attrValues pureInputs));
-  closureInfo = pkgs.closureInfo {rootPaths = dependencies;};
+  closureInfo = pkgs.closureInfo { rootPaths = dependencies; };
-in {
+in
 {
  networking.hostName = "not522-installer";
  imports = [
    "${nixos-config}/config"
--- a/machine/not522/installer/disko.nix
+++ b/machine/not522/installer/disko.nix
@ -17,30 +17,33 @@
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
-                mountOptions = ["umask=0077"];
+                mountOptions = [ "umask=0077" ];
              };
            };
            root = {
              size = "100%";
              content = {
                type = "btrfs";
-                extraArgs = ["-f"]; # Override existing partition
+                extraArgs = [ "-f" ]; # Override existing partition
                # Subvolumes must set a mountpoint in order to be mounted,
                # unless their parent is mounted
                subvolumes = {
                  # Subvolume name is different from mountpoint
                  "/root" = {
-                    mountOptions = ["compress=zstd"];
+                    mountOptions = [ "compress=zstd" ];
                    mountpoint = "/";
                  };
                  # Subvolume name is the same as the mountpoint
                  "/persistent" = {
-                    mountOptions = ["compress=zstd"];
+                    mountOptions = [ "compress=zstd" ];
                    mountpoint = "/persistent";
                  };
                  # Parent is not mounted so the mountpoint must be set
                  "/nix" = {
-                    mountOptions = ["compress=zstd" "noatime"];
+                    mountOptions = [
                      "compress=zstd"
                      "noatime"
                    ];
                    mountpoint = "/nix";
                  };
                };
--- a/machine/pc-installer/default.nix
+++ b/machine/pc-installer/default.nix
@ -5,21 +5,23 @@
  pkgs,
  pureInputs,
  ...
-}: let
+}:
 let
  getDeps = name: [
    nixos-config.nixosConfigurations.${name}.config.system.build.toplevel
    nixos-config.nixosConfigurations.${name}.config.system.build.diskoScript
    nixos-config.nixosConfigurations.${name}.config.system.build.diskoScript.drvPath
    nixos-config.nixosConfigurations.${name}.pkgs.stdenv.drvPath
-    (nixos-config.nixosConfigurations.${name}.pkgs.closureInfo {rootPaths = [];}).drvPath
+    (nixos-config.nixosConfigurations.${name}.pkgs.closureInfo { rootPaths = [ ]; }).drvPath
  ];
  dependencies =
    (getDeps "rainbow-resort")
    ++ (getDeps "thinkrac")
    ++ map (i: i.outPath) (builtins.filter builtins.isAttrs (builtins.attrValues pureInputs));
-  closureInfo = pkgs.closureInfo {rootPaths = dependencies;};
+  closureInfo = pkgs.closureInfo { rootPaths = dependencies; };
-in {
+in
 {
  networking.hostName = "pc-installer";
  imports = [
    "${nixos-config}/config"
--- a/machine/pc-installer/disko.nix
+++ b/machine/pc-installer/disko.nix
@ -18,30 +18,33 @@
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
-                mountOptions = ["umask=0077"];
+                mountOptions = [ "umask=0077" ];
              };
            };
            root = {
              size = "100%";
              content = {
                type = "btrfs";
-                extraArgs = ["-f"]; # Override existing partition
+                extraArgs = [ "-f" ]; # Override existing partition
                # Subvolumes must set a mountpoint in order to be mounted,
                # unless their parent is mounted
                subvolumes = {
                  # Subvolume name is different from mountpoint
                  "/root" = {
-                    mountOptions = ["compress=zstd"];
+                    mountOptions = [ "compress=zstd" ];
                    mountpoint = "/";
                  };
                  # Subvolume name is the same as the mountpoint
                  "/persistent" = {
-                    mountOptions = ["compress=zstd"];
+                    mountOptions = [ "compress=zstd" ];
                    mountpoint = "/persistent";
                  };
                  # Parent is not mounted so the mountpoint must be set
                  "/nix" = {
-                    mountOptions = ["compress=zstd" "noatime"];
+                    mountOptions = [
                      "compress=zstd"
                      "noatime"
                    ];
                    mountpoint = "/nix";
                  };
                };
--- a/machine/pc-installer/graphical.nix
+++ b/machine/pc-installer/graphical.nix
@ -2,7 +2,8 @@
  config,
  nixos-config,
  ...
-}: {
+}:
 {
  imports = [
    "${nixos-config}/config/graphical.nix"
  ];
--- a/machine/pc-installer/grub.nix
+++ b/machine/pc-installer/grub.nix
@ -2,7 +2,8 @@
  config,
  lib,
  ...
-}: {
+}:
 {
  # For legacy pc reason, this needs to be grub
  boot.loader.systemd-boot.enable = lib.mkForce false;
  boot.loader.grub = {
--- a/machine/pc-installer/hardware.nix
+++ b/machine/pc-installer/hardware.nix
@ -1,5 +1,13 @@
-{...}: {
+{ ... }:
-  boot.initrd.availableKernelModules = ["nvme" "ahci" "xhci_pci" "usbhid" "uas" "sd_mod"];
+{
  boot.initrd.availableKernelModules = [
    "nvme"
    "ahci"
    "xhci_pci"
    "usbhid"
    "uas"
    "sd_mod"
  ];
  hardware.cpu.amd.updateMicrocode = true;
  hardware.cpu.intel.updateMicrocode = true;
 }
--- a/machine/rainbow-resort/default.nix
+++ b/machine/rainbow-resort/default.nix
@ -3,7 +3,8 @@
  nixos-config,
  lib,
  ...
-}: {
+}:
 {
  networking.hostName = "rainbow-resort";
  imports = [
    "${nixos-config}/config"
@ -21,5 +22,5 @@
      }
    ];
  };
-  home-manager.users.darkkirb.imports = [./home-manager.nix];
+  home-manager.users.darkkirb.imports = [ ./home-manager.nix ];
 }
--- a/machine/rainbow-resort/disko.nix
+++ b/machine/rainbow-resort/disko.nix
@ -17,30 +17,33 @@
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
-                mountOptions = ["umask=0077"];
+                mountOptions = [ "umask=0077" ];
              };
            };
            root = {
              end = "-64G";
              content = {
                type = "btrfs";
-                extraArgs = ["-f"]; # Override existing partition
+                extraArgs = [ "-f" ]; # Override existing partition
                # Subvolumes must set a mountpoint in order to be mounted,
                # unless their parent is mounted
                subvolumes = {
                  # Subvolume name is different from mountpoint
                  "/root" = {
-                    mountOptions = ["compress=zstd"];
+                    mountOptions = [ "compress=zstd" ];
                    mountpoint = "/";
                  };
                  # Subvolume name is the same as the mountpoint
                  "/persistent" = {
-                    mountOptions = ["compress=zstd"];
+                    mountOptions = [ "compress=zstd" ];
                    mountpoint = "/persistent";
                  };
                  # Parent is not mounted so the mountpoint must be set
                  "/nix" = {
-                    mountOptions = ["compress=zstd" "noatime"];
+                    mountOptions = [
                      "compress=zstd"
                      "noatime"
                    ];
                    mountpoint = "/nix";
                  };
                };
--- a/machine/rainbow-resort/hardware.nix
+++ b/machine/rainbow-resort/hardware.nix
@ -2,7 +2,8 @@
  modulesPath,
  nixos-hardware,
  ...
-}: {
+}:
 {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    nixos-hardware.nixosModules.common-cpu-amd
@ -13,10 +14,23 @@
    nixos-hardware.nixosModules.common-pc-ssd
  ];
  hardware.cpu.amd.updateMicrocode = true;
-  boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" "k10temp"];
+  boot.initrd.availableKernelModules = [
-  boot.initrd.kernelModules = ["amdgpu"];
+    "nvme"
-  boot.kernelModules = ["kvm-amd" "i2c-dev" "i2c-piix4"];
+    "xhci_pci"
-  boot.extraModulePackages = [];
+    "ahci"
    "usb_storage"
    "usbhid"
    "sd_mod"
    "sr_mod"
    "k10temp"
  ];
  boot.initrd.kernelModules = [ "amdgpu" ];
  boot.kernelModules = [
    "kvm-amd"
    "i2c-dev"
    "i2c-piix4"
  ];
  boot.extraModulePackages = [ ];
  nix.settings.cores = 16;
  boot.binfmt.emulatedSystems = [
    "armv7l-linux"
--- a/machine/rainbow-resort/home-manager.nix
+++ b/machine/rainbow-resort/home-manager.nix
@ -1,4 +1,5 @@
-{lib, ...}: {
+{ lib, ... }:
 {
  xdg.configFile."kwinoutputconfig.json".text = lib.strings.toJSON [
    {
      data = [
--- a/machine/thinkrac/default.nix
+++ b/machine/thinkrac/default.nix
@ -3,7 +3,8 @@
  nixos-config,
  lib,
  ...
-}: {
+}:
 {
  networking.hostName = "thinkrac";
  imports = [
    "${nixos-config}/config"
--- a/machine/thinkrac/disko.nix
+++ b/machine/thinkrac/disko.nix
@ -17,30 +17,33 @@
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
-                mountOptions = ["umask=0077"];
+                mountOptions = [ "umask=0077" ];
              };
            };
            root = {
              end = "-24G";
              content = {
                type = "btrfs";
-                extraArgs = ["-f"]; # Override existing partition
+                extraArgs = [ "-f" ]; # Override existing partition
                # Subvolumes must set a mountpoint in order to be mounted,
                # unless their parent is mounted
                subvolumes = {
                  # Subvolume name is different from mountpoint
                  "/root" = {
-                    mountOptions = ["compress=zstd"];
+                    mountOptions = [ "compress=zstd" ];
                    mountpoint = "/";
                  };
                  # Subvolume name is the same as the mountpoint
                  "/persistent" = {
-                    mountOptions = ["compress=zstd"];
+                    mountOptions = [ "compress=zstd" ];
                    mountpoint = "/persistent";
                  };
                  # Parent is not mounted so the mountpoint must be set
                  "/nix" = {
-                    mountOptions = ["compress=zstd" "noatime"];
+                    mountOptions = [
                      "compress=zstd"
                      "noatime"
                    ];
                    mountpoint = "/nix";
                  };
                };
--- a/machine/thinkrac/hardware.nix
+++ b/machine/thinkrac/hardware.nix
@ -2,7 +2,8 @@
  modulesPath,
  nixos-hardware,
  ...
-}: {
+}:
 {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    nixos-hardware.nixosModules.lenovo-thinkpad-t470s
@ -11,10 +12,15 @@
    nixos-hardware.nixosModules.common-pc-laptop-ssd
  ];
  hardware.cpu.intel.updateMicrocode = true;
-  boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"];
+  boot.initrd.availableKernelModules = [
-  boot.initrd.kernelModules = [];
+    "xhci_pci"
-  boot.kernelModules = ["kvm-intel"];
+    "nvme"
-  boot.extraModulePackages = [];
+    "usb_storage"
    "sd_mod"
  ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  nix.settings.cores = 4;
  # use the lowest frequency possible, to save power
  powerManagement.cpuFreqGovernor = "powersave";
--- a/modules/containers/autoconfig.nix
+++ b/modules/containers/autoconfig.nix
@ -6,27 +6,28 @@
  inputs,
  ...
 }:
-with lib; let
+with lib;
 let
  badNames = [
    "system"
    "override"
    "overrideDerivation"
  ];
  filterBad = filterAttrs (n: _: lib.all (m: n != m) badNames);
-in {
+in
 {
  options.autoContainers = mkOption {
-    default = [];
+    default = [ ];
    type = types.listOf types.str;
  };
  config = {
-    containers = listToAttrs (map (container: {
+    containers = listToAttrs (
      map (container: {
        name = container;
-        value =
+        value = filterBad (pkgs.callPackage ../../containers/${container}-configuration.nix { }) // {
-          filterBad (pkgs.callPackage ../../containers/${container}-configuration.nix {})
+          specialArgs = inputs;
-          // {
+        };
-            specialArgs = inputs;
+      }) config.autoContainers
-          };
+    );
      })
      config.autoContainers);
  };
 }
--- a/modules/containers/default.nix
+++ b/modules/containers/default.nix
@ -2,7 +2,8 @@
  nixos-config,
  lib,
  ...
-}: {
+}:
 {
  imports = [
    nixos-config.nixosModules.default
    ./hostName.nix
--- a/modules/containers/hostName.nix
+++ b/modules/containers/hostName.nix
@ -3,7 +3,8 @@
  lib,
  ...
 }:
-with lib; {
+with lib;
 {
  options.networking = {
    rootHostName = mkOption {
      description = "Hostname of the running host";
@ -26,9 +27,10 @@ with lib; {
  config = {
    networking = rec {
      fullHostName =
-        if config.networking.rootHostName == ""
+        if config.networking.rootHostName == "" then
-        then config.networking.hostName
+          config.networking.hostName
-        else "${config.networking.rootHostName}-${config.networking.hostName}";
+        else
          "${config.networking.rootHostName}-${config.networking.hostName}";
      nodeID = lib.substring 0 8 (builtins.hashString "sha256" fullHostName);
    };
  };
--- a/modules/containers/minimize.nix
+++ b/modules/containers/minimize.nix
@ -1,4 +1,5 @@
-{nixpkgs, ...}: {
+{ nixpkgs, ... }:
 {
  imports = [
    (nixpkgs.outPath + "/nixos/modules/profiles/minimal.nix")
    (nixpkgs.outPath + "/nixos/modules/profiles/headless.nix")
--- a/modules/default.nix
+++ b/modules/default.nix
@ -5,7 +5,8 @@
  nur,
  ...
 }:
-with lib; {
+with lib;
 {
  imports = [
    ./riscv.nix
    ./containers/autoconfig.nix
--- a/modules/environment/impermanence.nix
+++ b/modules/environment/impermanence.nix
@ -6,7 +6,8 @@
  inTester,
  ...
 }:
-with lib; {
+with lib;
 {
  imports = [
    "${impermanence}/nixos.nix"
    ./user-impermanence.nix
@ -70,26 +71,23 @@ with lib; {
        }
        {
          assertion =
-            if hasAttr "/" config.fileSystems
+            if hasAttr "/" config.fileSystems then config.fileSystems."/".fsType == "btrfs" else false;
            then config.fileSystems."/".fsType == "btrfs"
            else false;
          message = "rootfs must be btrfs";
        }
        {
          assertion =
-            if hasAttr "/" config.fileSystems
+            if hasAttr "/" config.fileSystems then
-            then any (t: t == "subvol=root" || t == "subvol=/root") config.fileSystems."/".options
+              any (t: t == "subvol=root" || t == "subvol=/root") config.fileSystems."/".options
-            else false;
+            else
              false;
          message = "rootfs must mount subvolume root";
        }
      ];
      fileSystems."/persistent" = {
        device =
-          if hasAttr "/" config.fileSystems
+          if hasAttr "/" config.fileSystems then mkDefault config.fileSystems."/".device else "/dev/null";
          then mkDefault config.fileSystems."/".device
          else "/dev/null";
        fsType = "btrfs";
-        options = ["subvol=persistent"];
+        options = [ "subvol=persistent" ];
        neededForBoot = true;
      };
      environment.persistence."/persistent" = {
--- a/modules/environment/user-impermanence.nix
+++ b/modules/environment/user-impermanence.nix
@ -5,107 +5,121 @@
  inTester,
  ...
 }:
-with lib; {
+with lib;
 {
  options = {
    environment.impermanence.users = mkOption {
      description = "Which users to clean up the home directory for";
-      default = [];
+      default = [ ];
      type = types.listOf types.str;
    };
  };
-  config = mkIf (config.environment.impermanence.enable && config.environment.impermanence.users != []) {
+  config =
-    programs.fuse.userAllowOther = true;
+    mkIf (config.environment.impermanence.enable && config.environment.impermanence.users != [ ])
-    home-manager.users = listToAttrs (map (name: {
+      {
-        inherit name;
+        programs.fuse.userAllowOther = true;
-        value = {config, ...}: {
+        home-manager.users = listToAttrs (
-          home.file."${config.home.homeDirectory}/.cache/.keep" = {
+          map (name: {
-            enable = false;
+            inherit name;
-          };
+            value =
-          home.persistence.default = {
+              { config, ... }:
            persistentStoragePath = "/persistent/home/${name}";
            allowOther = true;
            directories = [
              "Downloads"
              "Music"
              "Pictures"
              "Documents"
              "Videos"
              {
-                directory = ".cache";
+                home.file."${config.home.homeDirectory}/.cache/.keep" = {
-                method = "symlink";
+                  enable = false;
-              }
+                };
-              "Data"
+                home.persistence.default = {
-            ];
+                  persistentStoragePath = "/persistent/home/${name}";
-          };
+                  allowOther = true;
-        };
+                  directories = [
-      })
+                    "Downloads"
-      config.environment.impermanence.users);
+                    "Music"
-    systemd.tmpfiles.rules = mkMerge (map (name: [
+                    "Pictures"
-        "d /persistent/home/${name} 700 ${name} ${config.users.users.${name}.group} - -"
+                    "Documents"
-        "d /persistent/home/${name}/.cache 700 ${name} ${config.users.users.${name}.group} 7d -"
+                    "Videos"
-      ])
+                    {
-      config.environment.impermanence.users);
+                      directory = ".cache";
-    systemd.services = listToAttrs (flatten (map (name: let
+                      method = "symlink";
-        cfg = config.users.users.${name};
+                    }
-      in [
+                    "Data"
-        {
+                  ];
-          name = "cleanup-home-${name}";
+                };
-          description = "Clean home directory for ${name}";
+              };
-          value = {
+          }) config.environment.impermanence.users
-            before = [
+        );
-              "user@${toString cfg.uid}.service"
+        systemd.tmpfiles.rules = mkMerge (
-              "home-manager-${name}.service"
+          map (name: [
-            ];
+            "d /persistent/home/${name} 700 ${name} ${config.users.users.${name}.group} - -"
-            partOf = [
+            "d /persistent/home/${name}/.cache 700 ${name} ${config.users.users.${name}.group} 7d -"
-              "user@${toString cfg.uid}.service"
+          ]) config.environment.impermanence.users
-            ];
+        );
-            serviceConfig.Type = "oneshot";
+        systemd.services = listToAttrs (
-            script = ''
+          flatten (
-              if [[ -e ${cfg.home} ]]; then
+            map (
-                timestamp=$(date --date="@$(stat -c %X ${cfg.home})" "+%Y-%m-%d_%H:%M:%S")
+              name:
-                mkdir -p /persistent/old-homedirs/${name}
+              let
-                mv ${cfg.home} /persistent/old-homedirs/${name}/$timestamp
+                cfg = config.users.users.${name};
-              fi
+              in
              [
                {
                  name = "cleanup-home-${name}";
                  description = "Clean home directory for ${name}";
                  value = {
                    before = [
                      "user@${toString cfg.uid}.service"
                      "home-manager-${name}.service"
                    ];
                    partOf = [
                      "user@${toString cfg.uid}.service"
                    ];
                    serviceConfig.Type = "oneshot";
                    script = ''
                      if [[ -e ${cfg.home} ]]; then
                        timestamp=$(date --date="@$(stat -c %X ${cfg.home})" "+%Y-%m-%d_%H:%M:%S")
                        mkdir -p /persistent/old-homedirs/${name}
                        mv ${cfg.home} /persistent/old-homedirs/${name}/$timestamp
                      fi
-              delete_subvolume_recursively() {
+                      delete_subvolume_recursively() {
-                IFS=$'\n'
+                        IFS=$'\n'
-                for i in $(${pkgs.btrfs-progs}/bin/btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
+                        for i in $(${pkgs.btrfs-progs}/bin/btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
-                  delete_subvolume_recursively "/persistent/old-homedirs/${name}/$i"
+                          delete_subvolume_recursively "/persistent/old-homedirs/${name}/$i"
-                done
+                        done
-                ${pkgs.btrfs-progs}/bin/btrfs subvolume delete "$1" || rm -rf "$1"
+                        ${pkgs.btrfs-progs}/bin/btrfs subvolume delete "$1" || rm -rf "$1"
-              }
+                      }
-              for i in $(find /persistent/old-homedirs/${name} -maxdepth 1 -atime +30); do
+                      for i in $(find /persistent/old-homedirs/${name} -maxdepth 1 -atime +30); do
-                delete_subvolume_recursively "$i"
+                        delete_subvolume_recursively "$i"
-              done
+                      done
-              ${pkgs.btrfs-progs}/bin/btrfs subvolume create ${cfg.home}
+                      ${pkgs.btrfs-progs}/bin/btrfs subvolume create ${cfg.home}
-              chown -R ${name}:${cfg.group} ${cfg.home}
+                      chown -R ${name}:${cfg.group} ${cfg.home}
-              mkdir -p /persistent/home/${name}
+                      mkdir -p /persistent/home/${name}
-              chown -R ${name}:${cfg.group} /persistent/home/${name}
+                      chown -R ${name}:${cfg.group} /persistent/home/${name}
-            '';
+                    '';
-          };
+                  };
-        }
+                }
-        {
+                {
-          name = "home-manager-${name}";
+                  name = "home-manager-${name}";
-          value = {
+                  value = {
-            wantedBy = mkForce [
+                    wantedBy = mkForce [
-              "user@${toString cfg.uid}.service"
+                      "user@${toString cfg.uid}.service"
-            ];
+                    ];
-            after = [
+                    after = [
-              "cleanup-home-${name}.service"
+                      "cleanup-home-${name}.service"
-            ];
+                    ];
-            before = [
+                    before = [
-              "user@${toString cfg.uid}.service"
+                      "user@${toString cfg.uid}.service"
-            ];
+                    ];
-            partOf = [
+                    partOf = [
-              "user@${toString cfg.uid}.service"
+                      "user@${toString cfg.uid}.service"
-            ];
+                    ];
-          };
+                  };
-        }
+                }
-      ])
+              ]
-      config.environment.impermanence.users));
+            ) config.environment.impermanence.users
-  };
+          )
        );
      };
 }
--- a/modules/hydra/build-server.nix
+++ b/modules/hydra/build-server.nix
@ -3,13 +3,15 @@
  config,
  ...
 }:
-with lib; {
+with lib;
 {
  options.hydra.buildServer.enable = mkEnableOption "Make this device a build server";
  imports = [
    {
-      config.hydra.buildServer.enable = let
+      config.hydra.buildServer.enable =
-        buildServers = import ./build-server-list.nix;
+        let
-      in
+          buildServers = import ./build-server-list.nix;
        in
        mkDefault (any (t: t == config.networking.hostName) buildServers);
    }
  ];
@ -21,6 +23,6 @@ with lib; {
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5Q/L2FyB3DIgdJRYnTGHW3naw5VQ9coOdwHYmv0aZ darkkirb@thinkrac"
      ];
    };
-    nix.settings.trusted-users = ["remote-build"];
+    nix.settings.trusted-users = [ "remote-build" ];
  };
 }
--- a/modules/nix/autoupdater.nix
+++ b/modules/nix/autoupdater.nix
@ -3,60 +3,62 @@
  pkgs,
  lib,
  ...
-}: let
+}:
 let
  cfg = config.nix.auto-update;
 in
-  with lib; {
+with lib;
-    options.nix.auto-update = {
+{
-      enable = mkEnableOption "enable automatic updates";
+  options.nix.auto-update = {
-      reboot = mkEnableOption "Reboot if kernel change";
+    enable = mkEnableOption "enable automatic updates";
-      hydraServer = mkOption {
+    reboot = mkEnableOption "Reboot if kernel change";
-        type = types.str;
+    hydraServer = mkOption {
-        description = "Location of hydra server";
+      type = types.str;
-        default = "https://hydra.chir.rs";
+      description = "Location of hydra server";
-      };
+      default = "https://hydra.chir.rs";
      project = mkOption {
        type = types.str;
        description = "Project name to use";
        default = "nixos-config";
      };
      jobset = mkOption {
        type = types.str;
        description = "Jobset name to use";
        default = "pr618";
      };
      job = mkOption {
        type = types.str;
        description = "Job name to use";
        default = "nixosConfigurations.${config.networking.hostName}";
        defaultText = literalExpression ''"nixosConfigurations.''${config.networking.hostName}"'';
      };
      specialisation = mkOption {
        type = types.nullOr types.str;
        description = "specialisation to switch into";
        default = null;
      };
    };
    project = mkOption {
      type = types.str;
      description = "Project name to use";
      default = "nixos-config";
    };
    jobset = mkOption {
      type = types.str;
      description = "Jobset name to use";
      default = "pr618";
    };
    job = mkOption {
      type = types.str;
      description = "Job name to use";
      default = "nixosConfigurations.${config.networking.hostName}";
      defaultText = literalExpression ''"nixosConfigurations.''${config.networking.hostName}"'';
    };
    specialisation = mkOption {
      type = types.nullOr types.str;
      description = "specialisation to switch into";
      default = null;
    };
  };
-    config.nix.auto-update.enable = mkDefault config.nix.enable;
+  config.nix.auto-update.enable = mkDefault config.nix.enable;
-    config.nix.auto-update.reboot = mkDefault true;
+  config.nix.auto-update.reboot = mkDefault true;
-    config.systemd.services.nixos-upgrade = mkIf config.nix.enable {
+  config.systemd.services.nixos-upgrade = mkIf config.nix.enable {
-      description = "NixOS Upgrade";
+    description = "NixOS Upgrade";
-      restartIfChanged = false;
+    restartIfChanged = false;
-      unitConfig.X-StopOnRemoval = false;
+    unitConfig.X-StopOnRemoval = false;
-      wants = ["network-online.target"];
+    wants = [ "network-online.target" ];
-      after = ["network-online.target"];
+    after = [ "network-online.target" ];
-      serviceConfig.Type = "oneshot";
+    serviceConfig.Type = "oneshot";
-      script = let
+    script =
-        output = 
+      let
-          if cfg.specialisation == null
+        output =
-          then "$output"
+          if cfg.specialisation == null then "$output" else "$output/specialisation/${cfg.specialisation}";
          else "$output/specialisation/${cfg.specialisation}";
        switchToConfiguration = "${output}/bin/switch-to-configuration";
-      in ''
+      in
      ''
        #!${pkgs.bash}/bin/bash
        set -euxo pipefail
        build=$(${pkgs.curl}/bin/curl -H "accept: application/json" -G ${cfg.hydraServer}/api/latestbuilds -d "nr=10" -d "project=${cfg.project}" -d "jobset=${cfg.jobset}" -d "job=${cfg.job}" | ${pkgs.jq}/bin/jq -r '[.[]|select(.buildstatus==0)][0].id')
@ -65,49 +67,50 @@ in
        output=$(${pkgs.nix}/bin/nix-store -r $drvname)
        ${pkgs.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set ${output}
        ${
-          if cfg.reboot
+          if cfg.reboot then
-          then ''
+            ''
-            ${switchToConfiguration} boot
+              ${switchToConfiguration} boot
-            booted="$(${pkgs.coreutils}/bin/readlink /run/booted-system/{initrd,kernel,kernel-modules})"
+              booted="$(${pkgs.coreutils}/bin/readlink /run/booted-system/{initrd,kernel,kernel-modules})"
-            built="$(${pkgs.coreutils}/bin/readlink ${output}/{initrd,kernel,kernel-modules})"
+              built="$(${pkgs.coreutils}/bin/readlink ${output}/{initrd,kernel,kernel-modules})"
-            if [ "$booted" = "$built" ]; then
+              if [ "$booted" = "$built" ]; then
                ${switchToConfiguration} switch
              else
                ${pkgs.systemd}/bin/shutdown -r +1
              fi
              exit
            ''
          else
            ''
              ${switchToConfiguration} switch
-            else
+            ''
              ${pkgs.systemd}/bin/shutdown -r +1
            fi
            exit
          ''
          else ''
            ${switchToConfiguration} switch
          ''
        }
      '';
-    };
+  };
-    config.systemd.timers.nixos-upgrade = {
+  config.systemd.timers.nixos-upgrade = {
-      enable = cfg.enable;
+    enable = cfg.enable;
-      description = "Automatically update nixos";
+    description = "Automatically update nixos";
-      requires = ["nixos-upgrade.service"];
+    requires = [ "nixos-upgrade.service" ];
-      wants = ["network-online.target"];
+    wants = [ "network-online.target" ];
-      after = ["network-online.target"];
+    after = [ "network-online.target" ];
-      wantedBy = ["multi-user.target"];
+    wantedBy = [ "multi-user.target" ];
-      timerConfig = {
+    timerConfig = {
-        OnUnitActiveSec = "30min";
+      OnUnitActiveSec = "30min";
-        RandomizedDelaySec = "1h";
+      RandomizedDelaySec = "1h";
      };
    };
-    config.assertions = [
+  };
-      {
+  config.assertions = [
-        assertion = cfg.enable -> config.nix.enable;
+    {
-        message = "Auto updating will only work when nix itself is enabled.";
+      assertion = cfg.enable -> config.nix.enable;
-      }
+      message = "Auto updating will only work when nix itself is enabled.";
-      {
+    }
-        assertion = (cfg.specialisation != null) -> config.isSpecialisation;
+    {
-        message = "Automatic update switching to specialisation is only allowed in specialisations";
+      assertion = (cfg.specialisation != null) -> config.isSpecialisation;
-      }
+      message = "Automatic update switching to specialisation is only allowed in specialisations";
-      {
+    }
-        assertion = config.isSpecialisation -> (cfg.specialisation != null);
+    {
-        message = "Specifying the specialization name is required for autoupdate to work!";
+      assertion = config.isSpecialisation -> (cfg.specialisation != null);
-      }
+      message = "Specifying the specialization name is required for autoupdate to work!";
-    ];
+    }
-  }
+  ];
 }
--- a/modules/nix/build-server.nix
+++ b/modules/nix/build-server.nix
@ -3,7 +3,8 @@
  lib,
  ...
 }:
-with lib; {
+with lib;
 {
  config = mkIf (!config.isInstaller) {
    nix.distributedBuilds = true;
    nix.buildMachines = mkMerge [
@ -17,7 +18,15 @@ with lib; {
          ];
          maxJobs = 4;
          speedFactor = 1;
-          supportedFeatures = ["nixos-test" "benchmark" "ca-derivations" "gccarch-armv8-a" "gccarch-armv8.1-a" "gccarch-armv8.2-a" "big-parallel"];
+          supportedFeatures = [
            "nixos-test"
            "benchmark"
            "ca-derivations"
            "gccarch-armv8-a"
            "gccarch-armv8.1-a"
            "gccarch-armv8.2-a"
            "big-parallel"
          ];
        }
      ]
      [
--- a/modules/nix/default.nix
+++ b/modules/nix/default.nix
@ -3,7 +3,8 @@
  lib,
  ...
 }:
-with lib; {
+with lib;
 {
  imports = [
    ./link-inputs.nix
    ./lix.nix
@ -12,9 +13,9 @@ with lib; {
  ];
  nix.settings = {
    substituters = mkMerge [
-      ["https://attic.chir.rs/chir-rs/"]
+      [ "https://attic.chir.rs/chir-rs/" ]
-      (mkIf (!config.isInstaller) ["https://hydra.int.chir.rs"])
+      (mkIf (!config.isInstaller) [ "https://hydra.int.chir.rs" ])
-      (mkIf config.isInstaller ["https://hydra.chir.rs"])
+      (mkIf config.isInstaller [ "https://hydra.chir.rs" ])
    ];
    trusted-public-keys = [
      "nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg="
--- a/modules/nix/link-inputs.nix
+++ b/modules/nix/link-inputs.nix
@ -2,22 +2,20 @@
  lib,
  inputs,
  ...
-}: let
+}:
 let
  # Taken from https://github.com/gytis-ivaskevicius/flake-utils-plus/blob/master/lib/options.nix
  inherit (lib) filterAttrs mapAttrs';
  flakes = filterAttrs (name: value: (value ? outputs)) inputs;
-  nixRegistry =
+  nixRegistry = builtins.mapAttrs (name: v: { flake = v; }) flakes;
-    builtins.mapAttrs
+in
-    (name: v: {flake = v;})
+{
    flakes;
 in {
  nix.registry = nixRegistry;
-  environment.etc =
+  environment.etc = mapAttrs' (name: value: {
-    mapAttrs'
+    name = "nix/inputs/${name}";
-    (name: value: {
+    value = {
-      name = "nix/inputs/${name}";
+      source = value.outPath;
-      value = {source = value.outPath;};
+    };
-    })
+  }) flakes;
-    flakes;
+  nix.nixPath = [ "/etc/nix/inputs" ];
  nix.nixPath = ["/etc/nix/inputs"];
 }
--- a/modules/nix/lix.nix
+++ b/modules/nix/lix.nix
@ -5,11 +5,9 @@
  pkgs,
  lib,
  ...
-}: {
+}:
-  imports =
+{
-    if inTester
+  imports = if inTester then [ ] else [ lix-module.nixosModules.default ];
    then []
    else [lix-module.nixosModules.default];
  environment.systemPackages = lib.mkIf config.nix.enable [
    pkgs.git
--- a/modules/riscv.nix
+++ b/modules/riscv.nix
@ -3,10 +3,11 @@
  riscv-overlay,
  ...
 }:
-if system == "riscv64-linux"
+if system == "riscv64-linux" then
-then {
+  {
-  nixpkgs.overlays = [
+    nixpkgs.overlays = [
-    riscv-overlay.overlays.default
+      riscv-overlay.overlays.default
-  ];
+    ];
-}
+  }
-else {}
+else
  { }
--- a/modules/secrets/sops.nix
+++ b/modules/secrets/sops.nix
@ -2,7 +2,8 @@
  sops-nix,
  config,
  ...
-}: {
+}:
 {
  imports = [
    "${sops-nix}/modules/sops"
  ];
--- a/programs/desktop/audacious.nix
+++ b/programs/desktop/audacious.nix
@ -1,5 +1,6 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
-  home.packages = with pkgs; [audacious];
+{
  home.packages = with pkgs; [ audacious ];
  home.persistence.default.directories = [
    ".config/audacious"
  ];
--- a/programs/desktop/default.nix
+++ b/programs/desktop/default.nix
@ -1,13 +1,15 @@
-{config, pkgs, ...}: {
+{ config, pkgs, ... }:
 {
  imports = [
    ./steam
  ];
  home-manager.users.darkkirb.imports =
-    if config.isGraphical
+    if config.isGraphical then
-    then [
+      [
-      ./home-manager.nix
+        ./home-manager.nix
-    ]
+      ]
-    else [];
+    else
      [ ];
  environment.plasma6.excludePackages = with pkgs.kdePackages; [
    pkgs.elisa
--- a/programs/desktop/firefox/default.nix
+++ b/programs/desktop/firefox/default.nix
@ -4,7 +4,8 @@
  lib,
  nur,
  ...
-}: let
+}:
 let
  extensions = {
    "ublock-origin" = [
      "alarms"
@ -102,7 +103,8 @@
    nurpkgs = pkgs;
    inherit pkgs;
  };
-in {
+in
 {
  programs.firefox = {
    enable = true;
    nativeMessagingHosts = with pkgs; [
@ -139,18 +141,16 @@ in {
      '';
    };
  };
-  assertions =
+  assertions = lib.mapAttrsToList (
-    lib.mapAttrsToList (k: v: let
+    k: v:
-      unaccepted =
+    let
-        lib.subtractLists
+      unaccepted = lib.subtractLists v nur'.repos.rycee.firefox-addons.${k}.meta.mozPermissions;
-        v
+    in
-        nur'.repos.rycee.firefox-addons.${k}.meta.mozPermissions;
+    {
-    in {
+      assertion = unaccepted == [ ];
-      assertion = unaccepted == [];
+      message = ''Extension ${k} has unaccepted permissions: ${builtins.toJSON unaccepted}'';
-      message = ''
+    }
-        Extension ${k} has unaccepted permissions: ${builtins.toJSON unaccepted}'';
+  ) extensions;
    })
    extensions;
  home.persistence.default.directories = [
    ".mozilla"
  ];
--- a/programs/desktop/games/default.nix
+++ b/programs/desktop/games/default.nix
@ -1,6 +1,7 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
 {
  imports = [
    ./ff14
  ];
-  home.packages = with pkgs; [factorio];
+  home.packages = with pkgs; [ factorio ];
 }
--- a/programs/desktop/games/ff14/default.nix
+++ b/programs/desktop/games/ff14/default.nix
@ -1,6 +1,13 @@
-{ config, pkgs, lib, systemConfig, ... }: {
+{
  config,
  pkgs,
  lib,
  systemConfig,
  ...
 }:
 {
  config = lib.mkIf (systemConfig.networking.hostName == "rainbow-resort") {
-    home.packages = with pkgs; [xivlauncher];
+    home.packages = with pkgs; [ xivlauncher ];
    systemd.user.tmpfiles.rules = [
      "L ${config.home.homeDirectory}/.xlcore - - - - ${config.home.homeDirectory}/Games/FF14/xlcore"
    ];
--- a/programs/desktop/home-manager.nix
+++ b/programs/desktop/home-manager.nix
@ -1,4 +1,5 @@
-{pkgs, nixos-config, ...}: {
+{ pkgs, nixos-config, ... }:
 {
  imports = [
    ./firefox
    ./password-manager.nix
--- a/programs/desktop/ims.nix
+++ b/programs/desktop/ims.nix
@ -1,8 +1,9 @@
-{config, pkgs, ...}: {
+{ config, pkgs, ... }:
 {
  home.packages = with pkgs; [
    telegram-desktop
  ];
-  home.persistence.default.directories = [".local/share/TelegramDesktop"];
+  home.persistence.default.directories = [ ".local/share/TelegramDesktop" ];
  systemd.user.tmpfiles.rules = [
    "d ${config.xdg.cacheHome}/TelegramDesktop/cache - - - - -"
    "d ${config.xdg.cacheHome}/TelegramDesktop/media_cache - - - - -"
--- a/programs/desktop/password-manager.nix
+++ b/programs/desktop/password-manager.nix
@ -1,8 +1,9 @@
-{ pkgs, lib, ... }: {
+{ pkgs, lib, ... }:
 {
  home.packages = with pkgs; [
    keepassxc
  ];
-  xdg.configFile."keepassxc.ini".text = lib.generators.toINI {} {
+  xdg.configFile."keepassxc.ini".text = lib.generators.toINI { } {
    General.ConfigVersion = 2;
    Browser = {
      CustomProxyLocation = "";
--- a/programs/desktop/steam/default.nix
+++ b/programs/desktop/steam/default.nix
@ -1,4 +1,5 @@
-{lib, config, ...}: {
+{ lib, config, ... }:
 {
  programs.steam = lib.mkIf config.isGraphical {
    enable = !config.isInstaller;
    remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
@ -7,5 +8,5 @@
  };
  nixpkgs.config.allowUnfree = true;
-  home-manager.users.darkkirb.imports = if config.isGraphical then [./home-manager.nix] else [];
+  home-manager.users.darkkirb.imports = if config.isGraphical then [ ./home-manager.nix ] else [ ];
 }
--- a/programs/desktop/steam/home-manager.nix
+++ b/programs/desktop/steam/home-manager.nix
@ -1,6 +1,9 @@
-{...}: {
+{ ... }:
-  home.persistence.default.directories = [{
+{
-    directory = ".local/share/Steam";
+  home.persistence.default.directories = [
-    method = "symlink";
+    {
-  }];
+      directory = ".local/share/Steam";
      method = "symlink";
    }
  ];
 }
--- a/programs/desktop/syncthing/default.nix
+++ b/programs/desktop/syncthing/default.nix
@ -1,7 +1,8 @@
-{config, systemConfig, ...}: {
+{ config, systemConfig, ... }:
 {
  services.syncthing = {
    enable = true;
    tray.enable = true;
  };
-  home.persistence.default.directories = [".local/state/syncthing"];
+  home.persistence.default.directories = [ ".local/state/syncthing" ];
 }
--- a/programs/editors/default.nix
+++ b/programs/editors/default.nix
@ -1,6 +1,7 @@
-{config, ...}: {
+{ config, ... }:
 {
  imports = [
    ./nvim
  ];
-  home-manager.users.darkkirb.imports = if config.isGraphical then [./vscode] else [];
+  home-manager.users.darkkirb.imports = if config.isGraphical then [ ./vscode ] else [ ];
 }
--- a/programs/editors/nvim/globals.nix
+++ b/programs/editors/nvim/globals.nix
@ -3,16 +3,12 @@
  pkgs,
  lib,
  ...
-}: let
+}:
-  boolToStr = b:
+let
-    if b
+  boolToStr = b: if b then "true" else "false";
-    then "true"
+  boolToStr' = b: if b then "1" else "0";
-    else "false";
+in
-  boolToStr' = b:
+{
    if b
    then "1"
    else "0";
 in {
  xdg.configFile."nvim/lua/globals.lua".text = ''
    local fn = vim.fn
    local api = vim.api
--- a/programs/editors/nvim/home-manager.nix
+++ b/programs/editors/nvim/home-manager.nix
@ -2,13 +2,14 @@
  pkgs,
  config,
  ...
-}: {
+}:
 {
  imports = [
    ./globals.nix
    ./plugins/lazy-nvim.nix
  ];
  programs.neovim = {
-    plugins = with pkgs.vimPlugins; [lazy-nvim];
+    plugins = with pkgs.vimPlugins; [ lazy-nvim ];
    enable = true;
    viAlias = true;
    vimAlias = true;
--- a/programs/editors/nvim/plugins/lazy-nvim.nix
+++ b/programs/editors/nvim/plugins/lazy-nvim.nix
@ -2,11 +2,13 @@
  pkgs,
  config,
  ...
-}: {
+}:
 {
  programs.neovim = {
-    plugins = with pkgs.vimPlugins;
+    plugins =
      with pkgs.vimPlugins;
      [
-        (nvim-treesitter.withPlugins (p: []))
+        (nvim-treesitter.withPlugins (p: [ ]))
        (pkgs.vimUtils.buildVimPlugin {
          name = "vim-highlighturl";
          src = pkgs.fetchFromGitHub {
@ -39,7 +41,10 @@
        indent-blankline-nvim
        lazy-nvim
        (LeaderF.overrideAttrs (super: {
-          buildInputs = [pkgs.python3 pkgs.python3Packages.setuptools];
+          buildInputs = [
            pkgs.python3
            pkgs.python3Packages.setuptools
          ];
        }))
        lspkind-nvim
        lualine-nvim
@ -84,12 +89,13 @@
        zen-mode-nvim
      ]
      ++ (
-        if pkgs.targetPlatform.system != "riscv64-linux"
+        if pkgs.targetPlatform.system != "riscv64-linux" then
-        then [
+          [
-          diffview-nvim
+            diffview-nvim
-          vim-grammarous
+            vim-grammarous
-        ]
+          ]
-        else []
+        else
          [ ]
      );
  };
  xdg.configFile."nvim/lua/config/lazy-nvim.lua".text = ''
@ -280,12 +286,14 @@
      -- Better git commit experience
      { "rhysd/committia.vim", lazy = true },
      ${
-      if pkgs.targetPlatform.system != "riscv64-linux"
+        if pkgs.targetPlatform.system != "riscv64-linux" then
-      then ''        {
+          ''
-                "sindrets/diffview.nvim"
+            {
-              },''
+                    "sindrets/diffview.nvim"
-      else ""
+                  },''
-    }
+        else
          ""
      }
      {
        "kevinhwang91/nvim-bqf",
        ft = "qf",
@ -310,13 +318,15 @@
        end,
      },
      ${
-      if pkgs.targetPlatform.system != "riscv64-linux"
+        if pkgs.targetPlatform.system != "riscv64-linux" then
-      then ''        {
+          ''
-                "rhysd/vim-grammarous",
+            {
-                ft = { "markdown" },
+                    "rhysd/vim-grammarous",
-              },''
+                    ft = { "markdown" },
-      else ""
+                  },''
-    }
+        else
          ""
      }
      { "chrisbra/unicode.vim", event = "VeryLazy" },
      -- Additional powerful text object for vim, this plugin should be studied
      -- carefully to use its full power
--- a/programs/editors/vscode/default.nix
+++ b/programs/editors/vscode/default.nix
@ -1,4 +1,5 @@
-{vscode-server, ...}: {
+{ vscode-server, pkgs, ... }:
 {
  imports = [
    "${vscode-server}/modules/vscode-server/home.nix"
  ];
@ -7,6 +8,25 @@
    enableExtensionUpdateCheck = false;
    enableUpdateCheck = false;
    mutableExtensionsDir = false;
    extensions = with pkgs.vscode-extensions; [
      jnoortheen.nix-ide
      mkhl.direnv
      pkief.material-icon-theme
      signageos.signageos-vscode-sops
    ];
    userSettings = {
      "editor.formatOnPaste" = true;
      "editor.formatOnSave" = true;
      "editor.formatOnType" = true;
      "nix.enableLanguageServer" = true;
      "nix.formatterPath" = "${pkgs.nixfmt-rfc-style}/bin/nixfmt";
      "nix.serverPath" = "${pkgs.nil}/bin/nil";
      "nix.serverSettings" = {
        nil.formatting.command = [ "${pkgs.nixfmt-rfc-style}/bin/nixfmt" ];
      };
      "sops.binPath" = "${pkgs.sops}/bin/sops";
      "workbench.iconTheme" = "material-icon-theme";
    };
  };
  services.vscode-server.enable = true;
 }
--- a/programs/home-manager.nix
+++ b/programs/home-manager.nix
@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
 {
  programs.eza.enable = true;
  programs.bat.enable = true;
  programs.fzf.enable = true;
@ -6,5 +7,8 @@
    cat = "bat";
    less = "bat";
  };
-  home.packages = with pkgs; [ripgrep fd];
+  home.packages = with pkgs; [
    ripgrep
    fd
  ];
 }
--- a/programs/shell/fish/default.nix
+++ b/programs/shell/fish/default.nix
@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
 {
  programs.fish.enable = true;
  home-manager.users.root.imports = [
    ./home-manager.nix
--- a/programs/shell/fish/home-manager.nix
+++ b/programs/shell/fish/home-manager.nix
@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
 {
  imports = [
    ./tide.nix
    ./z.nix
--- a/programs/shell/fish/tide.nix
+++ b/programs/shell/fish/tide.nix
@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
 {
  programs.fish.plugins = with pkgs.fishPlugins; [
    {
      name = "tide";
--- a/programs/shell/fish/z.nix
+++ b/programs/shell/fish/z.nix
@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
 {
  programs.fish.plugins = with pkgs.fishPlugins; [
    {
      name = "z";
--- a/programs/shell/tmux/default.nix
+++ b/programs/shell/tmux/default.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
 {
  home-manager.users.root.imports = [
    ./home-manager.nix
  ];
--- a/programs/shell/tmux/home-manager.nix
+++ b/programs/shell/tmux/home-manager.nix
@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
 {
  programs.tmux = {
    enable = true;
    baseIndex = 1;
--- a/programs/ssh/builders.nix
+++ b/programs/ssh/builders.nix
@ -3,12 +3,15 @@
  systemConfig,
  lib,
  ...
-}: let
+}:
 let
  identityFile =
-    if config.home.username == "root"
+    if config.home.username == "root" then
-    then systemConfig.sops.secrets.".ssh/builder_id_ed25519".path
+      systemConfig.sops.secrets.".ssh/builder_id_ed25519".path
-    else config.sops.secrets.".ssh/builder_id_ed25519".path;
+    else
-in {
+      config.sops.secrets.".ssh/builder_id_ed25519".path;
 in
 {
  programs.ssh = {
    enable = true;
    matchBlocks = {
--- a/programs/ssh/home-manager.nix
+++ b/programs/ssh/home-manager.nix
@ -3,19 +3,29 @@
  config,
  systemConfig,
  ...
-}: {
+}:
 {
  imports = [
    ./builders.nix
  ];
  programs.ssh = {
    controlMaster = "auto";
    controlPersist = "10m";
-    matchBlocks."*" = lib.hm.dag.entryAfter ["build-nas" "build-rainbow-resort" "build-aarch64" "build-riscv"] {
+    matchBlocks."*" =
-      identityFile =
+      lib.hm.dag.entryAfter
-        if config.home.username == "root"
+        [
-        then systemConfig.sops.secrets.".ssh/id_ed25519_sk".path
+          "build-nas"
-        else config.sops.secrets.".ssh/id_ed25519_sk".path;
+          "build-rainbow-resort"
-    };
+          "build-aarch64"
          "build-riscv"
        ]
        {
          identityFile =
            if config.home.username == "root" then
              systemConfig.sops.secrets.".ssh/id_ed25519_sk".path
            else
              config.sops.secrets.".ssh/id_ed25519_sk".path;
        };
    enable = true;
  };
  sops.secrets = lib.mkIf (config.home.username != "root") {
--- a/services/desktop/default.nix
+++ b/services/desktop/default.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
 {
  imports = [
    ./kdeconnect.nix
  ];
--- a/services/desktop/kdeconnect.nix
+++ b/services/desktop/kdeconnect.nix
@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
 {
  services.kdeconnect = {
    enable = true;
    indicator = true;
--- a/services/openssh.nix
+++ b/services/openssh.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
 {
  services.openssh.enable = true;
  services.openssh.settings = {
    PermitRootLogin = "yes";
@ -9,5 +10,5 @@
    "instance-20221213-1915.int.chir.rs".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+GanuiV1I08OP8+nNy24+zagQN08rtJnCoU/ixiQNn";
    "not522.tailbab65.ts.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpOcmvVODaja3wDdnocb/k6MK7vsh5uH8gpeHR9+/rY";
  };
-  networking.firewall.allowedTCPPorts = [22];
+  networking.firewall.allowedTCPPorts = [ 22 ];
 }
--- a/services/tailscale.nix
+++ b/services/tailscale.nix
@ -3,7 +3,8 @@
  lib,
  ...
 }:
-with lib; {
+with lib;
 {
  config = mkIf (!config.isInstaller) {
    services.tailscale = {
      enable = true;
--- a/tests/containers-default.nix
+++ b/tests/containers-default.nix
@ -6,18 +6,22 @@
 }:
 testers.runNixOSTest {
  name = "container-default-test";
-  nodes.default = {
+  nodes.default =
-    config,
+    {
-    pkgs,
+      config,
-    nixos-config,
+      pkgs,
-    ...
+      nixos-config,
-  }: {
+      ...
-    imports = [
+    }:
-      nixos-config.nixosModules.default
+    {
-    ];
+      imports = [
-    autoContainers = ["default"];
+        nixos-config.nixosModules.default
      ];
      autoContainers = [ "default" ];
    };
  node.specialArgs = inputs // {
    inTester = true;
  };
  node.specialArgs = inputs // {inTester = true;};
  testScript = ''
    machine.wait_for_unit("container@default.service")
  '';
--- a/users/common/default.nix
+++ b/users/common/default.nix
@ -1,3 +1,4 @@
-{...}: {
+{ ... }:
 {
  home.stateVersion = "24.11";
 }
--- a/users/darkkirb/default.nix
+++ b/users/darkkirb/default.nix
@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
 {
  users.users.darkkirb = {
    createHome = true;
    isNormalUser = true;
@ -6,7 +7,7 @@
      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDXQlfvRUm/z6eP1EjsajIbMibkq9n+ymlbBi7NFiOuaAAAABHNzaDo= ssh:"
    ];
    hashedPasswordFile = config.sops.secrets."users/users/darkkirb/hashedPassword".path;
-    extraGroups = ["wheel"];
+    extraGroups = [ "wheel" ];
  };
  sops.secrets."users/users/darkkirb/hashedPassword" = {
    neededForUsers = true;
@ -16,7 +17,8 @@
    owner = "darkkirb";
    sopsFile = ./system.yaml;
  };
-  home-manager.users.darkkirb.sops.age.keyFile = config.sops.secrets."users/users/darkkirb/age-key".path;
+  home-manager.users.darkkirb.sops.age.keyFile =
    config.sops.secrets."users/users/darkkirb/age-key".path;
  home-manager.users.darkkirb.home.persistence.default.directories = [
    "sources"
    {
@ -24,6 +26,6 @@
      method = "symlink";
    }
  ];
-  home-manager.users.darkkirb.imports = [./home-manager];
+  home-manager.users.darkkirb.imports = [ ./home-manager ];
-  environment.impermanence.users = ["darkkirb"];
+  environment.impermanence.users = [ "darkkirb" ];
 }
--- a/users/darkkirb/home-manager/default.nix
+++ b/users/darkkirb/home-manager/default.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
 {
  imports = [
    ./git.nix
  ];
--- a/users/darkkirb/home-manager/git.nix
+++ b/users/darkkirb/home-manager/git.nix
@ -1,10 +1,8 @@
-{pkgs, systemConfig, ...}: {
+{ pkgs, systemConfig, ... }:
 {
  programs.git = {
    enable = true;
-    package =
+    package = if systemConfig.isGraphical then pkgs.gitAndTools.gitFull else pkgs.git;
      if systemConfig.isGraphical
      then pkgs.gitAndTools.gitFull
      else pkgs.git;
    lfs.enable = true;
    userEmail = "lotte@chir.rs";
    userName = "Charlotte 🦝 Delenk";
@ -17,4 +15,3 @@
    delta.enable = true;
  };
 }
--- a/users/default.nix
+++ b/users/default.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
 {
  imports = [
    ./home-manager.nix
    ./root
--- a/users/home-manager.nix
+++ b/users/home-manager.nix
@ -5,17 +5,16 @@
  config,
  sops-nix,
  ...
-}: {
+}:
 {
  home-manager = {
    useUserPackages = true;
    useGlobalPkgs = true;
    backupFileExtension = "backup";
-    extraSpecialArgs =
+    extraSpecialArgs = inputs // {
-      inputs
+      inherit inputs inputs';
-      // {
+      systemConfig = config;
-        inherit inputs inputs';
+    };
        systemConfig = config;
      };
    sharedModules = [
      ./common
      "${impermanence}/home-manager.nix"
--- a/users/root/default.nix
+++ b/users/root/default.nix
@ -3,7 +3,8 @@
  config,
  lib,
  ...
-}: {
+}:
 {
  users.users.root = {
    createHome = true;
    openssh.authorizedKeys.keys = [
@ -23,6 +24,6 @@
    mode = "600";
    sopsFile = "${nixos-config}/programs/ssh/shared-keys.yaml";
  };
-  home-manager.users.root.sops.secrets = lib.mkForce {};
+  home-manager.users.root.sops.secrets = lib.mkForce { };
-  environment.impermanence.users = ["root"];
+  environment.impermanence.users = [ "root" ];
 }
Author	SHA1	Message	Date
Charlotte 🦝 Delenk	73b74531a2	add formatting and sops All checks were successful Hydra nixosConfigurations.not522 Hydra build #24542 of nixos-config:pr618:nixosConfigurations.not522 Details Hydra devShells.x86_64-linux.default Hydra build #24538 of nixos-config:pr618:devShells.x86_64-linux.default Details Hydra nixosConfigurations.container-default-riscv64-linux Hydra build #24540 of nixos-config:pr618:nixosConfigurations.container-default-riscv64-linux Details Hydra nixosConfigurations.container-default-x86_64-linux Hydra build #24541 of nixos-config:pr618:nixosConfigurations.container-default-x86_64-linux Details Hydra nixosConfigurations.container-default-aarch64-linux Hydra build #24539 of nixos-config:pr618:nixosConfigurations.container-default-aarch64-linux Details Hydra nixosConfigurations.not522-installer Hydra build #24543 of nixos-config:pr618:nixosConfigurations.not522-installer Details Hydra checks.x86_64-linux.containers-default Hydra build #24537 of nixos-config:pr618:checks.x86_64-linux.containers-default Details Hydra nixosConfigurations.thinkrac Hydra build #24546 of nixos-config:pr618:nixosConfigurations.thinkrac Details Hydra nixosConfigurations.rainbow-resort Hydra build #24545 of nixos-config:pr618:nixosConfigurations.rainbow-resort Details Hydra nixosConfigurations.pc-installer Hydra build #24544 of nixos-config:pr618:nixosConfigurations.pc-installer Details	2024-11-09 15:26:52 +01:00
Charlotte 🦝 Delenk	bb0abe5988	add fonts	2024-11-09 15:06:57 +01:00
Charlotte 🦝 Delenk	0fe2e334bb	format all code	2024-11-09 15:02:26 +01:00
Charlotte 🦝 Delenk	c524dcaa0f	add some vscode plugins	2024-11-09 15:01:22 +01:00
`@ -1 +1 @@`
	`{nixos-config}: (import nixos-config).hydraJobs`	`{ nixos-config }: (import nixos-config).hydraJobs`