fmt: alejandra

nixos/common/global/age.nix

@@ -1,8 +1,11 @@
-{ config, pkgs, inputs, ... }:
-let
-  hostname = config.networking.hostName;
-in
 {
+  config,
+  pkgs,
+  inputs,
+  ...
+}: let
+  hostname = config.networking.hostName;
+in {
   imports = [
     inputs.agenix.nixosModules.default
     inputs.agenix-rekey.nixosModules.default
@@ -20,7 +23,7 @@ in
     # Pubkey for rekeying
     hostPubkey = ../../${hostname}/ssh_host_ed25519_key.pub;
     # Master identity used for decryption
-    masterIdentities = [ ../users/sajenim/agenix-rekey.pub ];
+    masterIdentities = [../users/sajenim/agenix-rekey.pub];
     # Where we store the rekeyed secrets
     storageMode = "local";
     localStorageDir = ./. + "/secrets/rekeyed/${config.networking.hostName}";

nixos/common/global/default.nix

@@ -1,6 +1,4 @@
-{ outputs, ... }:
-
-{
+{outputs, ...}: {
   imports = [
     ./age.nix
     ./env.nix

nixos/common/global/env.nix

@@ -1,35 +1,33 @@
-{ pkgs, ... }:
-
-{
+{pkgs, ...}: {
   environment = {
     binsh = "${pkgs.bash}/bin/bash";
-    shells = with pkgs; [ zsh ];
+    shells = with pkgs; [zsh];
     systemPackages = with pkgs; [
       # Ensure home-manager is on all systems
       home-manager
 
       # Useful system utilities
-      tree    # directory structure
-      bc      # basic calculator
-      vim     # editor
-      ranger  # console file manager
-      htop    # system monitor
-      scrot   # screenshot
-      direnv  # load environment
-      jq      # JSON processor
-      git     # version control
-      nmap    # network mapper
-      xclip   # clipboard
+      tree # directory structure
+      bc # basic calculator
+      vim # editor
+      ranger # console file manager
+      htop # system monitor
+      scrot # screenshot
+      direnv # load environment
+      jq # JSON processor
+      git # version control
+      nmap # network mapper
+      xclip # clipboard
       ripgrep # searches the current directory for a regex pattern
 
       # HTTP
-      curl    # transfer dato to/from server
-      wget    # download files from web
+      curl # transfer dato to/from server
+      wget # download files from web
 
       # Archive
-      unrar   # extract roshal archive
-      unzip   # extract zip archive
+      unrar # extract roshal archive
+      unzip # extract zip archive
     ];
-    pathsToLink = [ "/share/zsh" ];
+    pathsToLink = ["/share/zsh"];
   };
 }

nixos/common/global/nix.nix

@@ -1,6 +1,9 @@
-{ config, inputs, lib, ... }:
-
 {
+  config,
+  inputs,
+  lib,
+  ...
+}: {
   nix = {
     gc = {
       # Automatically run the garbage collector an a specified time.
@@ -11,7 +14,7 @@
 
     # This will add each flake input as a registry
     # To make nix commands consistent with your flake
-    registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
+    registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
 
     # This will additionally add your inputs to the system's legacy channels
     # Making legacy nix commands consistent as well, awesome!

nixos/common/global/ssh.nix

@@ -1,6 +1,4 @@
-{ ... }:
-
-{
+{...}: {
   services.openssh = {
     enable = true;
     settings = {
@@ -8,7 +6,7 @@
       PasswordAuthentication = false;
       LogLevel = "VERBOSE";
     };
-    ports = [ 22 ];
+    ports = [22];
     openFirewall = true;
   };
 

nixos/common/optional/ephemeral-btrfs.nix

@@ -1,8 +1,10 @@
-{ lib, config, ... }:
-let
-  hostname = config.networking.hostName;
-in
 {
+  lib,
+  config,
+  ...
+}: let
+  hostname = config.networking.hostName;
+in {
   imports = [
     ./persist.nix
   ];
@@ -36,26 +38,26 @@ in
     "/" = {
       device = "/dev/disk/by-label/${hostname}";
       fsType = "btrfs";
-      options = [ "subvol=root" "compress=zstd" ];
+      options = ["subvol=root" "compress=zstd"];
     };
 
     "/nix" = {
       device = "/dev/disk/by-label/${hostname}";
       fsType = "btrfs";
-      options = [ "subvol=nix" "compress=zstd" ];
+      options = ["subvol=nix" "compress=zstd"];
     };
 
     "/persist" = {
       device = "/dev/disk/by-label/${hostname}";
       fsType = "btrfs";
-      options = [ "subvol=persist" "compress=zstd" ];
+      options = ["subvol=persist" "compress=zstd"];
       neededForBoot = true;
     };
 
     "/swap" = {
       device = "/dev/disk/by-label/${hostname}";
       fsType = "btrfs";
-      options = [ "subvol=swap" "compress=zstd" ];
+      options = ["subvol=swap" "compress=zstd"];
     };
   };
 }

nixos/common/optional/key.nix

@@ -1,6 +1,4 @@
-{ pkgs, ... }:
-
-{
+{pkgs, ...}: {
   environment.systemPackages = with pkgs; [
     # Enables files to be encrypted to age identities stored on YubiKeys
     age-plugin-yubikey
@@ -17,7 +15,7 @@
     pinentryPackage = pkgs.pinentry-curses;
   };
 
-  # Use our yubikey as a user login or for sudo access 
+  # Use our yubikey as a user login or for sudo access
   security.pam.services = {
     login.u2fAuth = true;
     sudo.u2fAuth = true;

nixos/common/optional/persist.nix

@@ -1,6 +1,4 @@
-{ inputs, ... }:
-
-{
+{inputs, ...}: {
   imports = [
     inputs.impermanence.nixosModules.impermanence
   ];

nixos/common/users/sajenim/default.nix

@@ -1,22 +1,26 @@
-{ inputs, outputs, pkgs, config, ... }:
-
 {
+  inputs,
+  outputs,
+  pkgs,
+  config,
+  ...
+}: {
   imports = [
     inputs.home-manager.nixosModules.home-manager
   ];
   users.users.sajenim = {
-      isNormalUser = true;
-      extraGroups = [ "audio" "docker" "networkmanager" "wheel" "adbusers" ];
-      shell = pkgs.zsh;
-      openssh.authorizedKeys.keyFiles = [
-        "${inputs.self}/home-manager/sajenim/sajenim_sk.pub"
-      ];
-      hashedPassword = "$y$j9T$qIhW5qL9J9w.w6JWa.bGo/$oddG3HJyOZ1mwHzYnYPJ/MzN38oHEBEvPDc0sB3rAf9";
+    isNormalUser = true;
+    extraGroups = ["audio" "docker" "networkmanager" "wheel" "adbusers"];
+    shell = pkgs.zsh;
+    openssh.authorizedKeys.keyFiles = [
+      "${inputs.self}/home-manager/sajenim/sajenim_sk.pub"
+    ];
+    hashedPassword = "$y$j9T$qIhW5qL9J9w.w6JWa.bGo/$oddG3HJyOZ1mwHzYnYPJ/MzN38oHEBEvPDc0sB3rAf9";
   };
   users.mutableUsers = false;
 
   home-manager = {
-    extraSpecialArgs = { inherit inputs outputs; };
+    extraSpecialArgs = {inherit inputs outputs;};
     users = {
       sajenim = import "${inputs.self}/home-manager/sajenim/${config.networking.hostName}.nix";
     };

nixos/common/users/sajenim/samba/default.nix

@@ -1,12 +1,14 @@
-{ pkgs, config, ... }:
-
 {
+  pkgs,
+  config,
+  ...
+}: {
   age.secrets.smb-secrets = {
     rekeyFile = ./smb-secrets.age;
   };
 
   # For mount.cifs, required unless domain name resolution is not needed.
-  environment.systemPackages = [ pkgs.cifs-utils ];
+  environment.systemPackages = [pkgs.cifs-utils];
 
   fileSystems."/home/sajenim/.backup" = {
     device = "//192.168.20.4/sajenim";
@@ -14,12 +16,10 @@
     options = let
       # this line prevents hanging on network split
       automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
-
-      in ["${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1000,gid=100"];
+    in ["${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1000,gid=100"];
   };
 
   environment.etc = {
     "nixos/smb-secrets".source = config.age.secrets.smb-secrets.path;
   };
 }
-

nixos/common/users/sajenim/steam/default.nix

@@ -1,6 +1,4 @@
-{ ... }:
-
-{
+{...}: {
   fileSystems."/home/sajenim/.local/share/Steam" = {
     device = "/dev/disk/by-label/data";
     fsType = "btrfs";

nixos/common/users/spectre/default.nix

@@ -1,13 +1,15 @@
-{ inputs, pkgs, ... }:
-
 {
+  inputs,
+  pkgs,
+  ...
+}: {
   imports = [
     inputs.home-manager.nixosModules.home-manager
   ];
   users.users.spectre = {
-      isNormalUser = true;
-      shell = pkgs.zsh;
-      hashedPassword = "$y$j9T$eCJ0MDPsx3tww9LP0LU8..$sE8u5keO7QNKNAR1t2R6GqsDzvGD0Xn9Fi3to14Gf9/";
+    isNormalUser = true;
+    shell = pkgs.zsh;
+    hashedPassword = "$y$j9T$eCJ0MDPsx3tww9LP0LU8..$sE8u5keO7QNKNAR1t2R6GqsDzvGD0Xn9Fi3to14Gf9/";
   };
   users.mutableUsers = false;
 }

nixos/fuchsia/configuration.nix

@@ -1,6 +1,4 @@
-{ pkgs, ... }:
-
-{
+{pkgs, ...}: {
   imports = [
     ../common/global
 
@@ -15,18 +13,18 @@
     ./hardware-configuration.nix
   ];
 
-  /* Boot configuration */
+  # Boot configuration
   boot = {
     kernelPackages = pkgs.linuxPackages_latest;
-    kernelParams = [ 
+    kernelParams = [
       # Enable amdgpu driver sysfs API that allows fine grain control of GPU
       "amdgpu.ppfeaturemask=0xffffffff"
     ];
-    kernelModules = [ "i2c-dev" "i2c-piix4" ];
-    initrd.kernelModules = [ "amdgpu" ];
+    kernelModules = ["i2c-dev" "i2c-piix4"];
+    initrd.kernelModules = ["amdgpu"];
   };
 
-  /* Hardware configuration */
+  # Hardware configuration
   hardware = {
     bluetooth = {
       enable = true;
@@ -49,7 +47,7 @@
     };
   };
 
-  /* Networking configuration */
+  # Networking configuration
   networking = {
     hostName = "fuchsia";
     networkmanager.enable = true;

nixos/fuchsia/hardware-configuration.nix

@@ -1,14 +1,16 @@
-{ config, lib, ... }:
-
 {
+  config,
+  lib,
+  ...
+}: {
   imports = [
     ../common/optional/ephemeral-btrfs.nix
   ];
 
   boot = {
     initrd = {
-      availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
-      kernelModules = [ "kvm-amd" ];
+      availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"];
+      kernelModules = ["kvm-amd"];
     };
     loader = {
       systemd-boot.enable = true;
@@ -25,8 +27,9 @@
   };
 
   swapDevices = [
-    { device = "/swap/swapfile";
-      size = 16*1024;
+    {
+      device = "/swap/swapfile";
+      size = 16 * 1024;
     }
   ];
 

nixos/fuchsia/programs/default.nix

@@ -1,6 +1,4 @@
-{ ... }:
-
-{
+{...}: {
   programs = {
     zsh.enable = true;
     # Load and unload environment variables.
@@ -9,4 +7,3 @@
     adb.enable = true;
   };
 }
-

nixos/fuchsia/services/amdgpu-clocks.nix

@@ -1,6 +1,4 @@
-{ pkgs, ... }:
-
-{
+{pkgs, ...}: {
   # Our custom power state
   environment.etc = {
     "default/amdgpu-custom-states.card0" = {
@@ -26,6 +24,5 @@
   };
 
   # Install our overclocking script.
-  environment.systemPackages = with pkgs; [ amdgpu-clocks ];
+  environment.systemPackages = with pkgs; [amdgpu-clocks];
 }
-

nixos/fuchsia/services/default.nix

@@ -1,6 +1,4 @@
-{ ... }:
-
-{
+{...}: {
   imports = [
     ./amdgpu-clocks.nix
     ./flatpak.nix

nixos/fuchsia/services/flatpak.nix

@@ -1,11 +1,9 @@
-{ pkgs, ... }:
-
-{
+{pkgs, ...}: {
   # Required to install flatpak
   xdg.portal = {
     enable = true;
-    config.common.default = [ "gtk" ];
-    extraPortals = [ pkgs.xdg-desktop-portal-wlr ];
+    config.common.default = ["gtk"];
+    extraPortals = [pkgs.xdg-desktop-portal-wlr];
   };
 
   services.flatpak.enable = true;

nixos/fuchsia/services/libinput.nix

@@ -1,9 +1,7 @@
-{ ... }:
-
-{
+{...}: {
   services.libinput = {
     enable = true;
-    mouse = { accelProfile = "flat"; };
+    mouse = {accelProfile = "flat";};
   };
 
   # DBus daemon to configure input devices.

nixos/fuchsia/services/ollama.nix

@@ -1,6 +1,4 @@
-{ ... }:
-
-{
+{...}: {
   # Get up and running with large language models locally.
   services.ollama = {
     enable = true;

nixos/fuchsia/services/udev.nix

@@ -1,6 +1,4 @@
-{ pkgs, ... }:
-
-{
+{pkgs, ...}: {
   # Enable necessary udev rules.
   services.udev.packages = with pkgs; [
     openrgb

nixos/fuchsia/services/xserver.nix

@@ -1,11 +1,9 @@
-{ ... }:
-
-{
+{...}: {
   # Setup our display server
   services.xserver = {
     enable = true;
     xkb.layout = "au";
-    videoDrivers = [ "amdgpu" ];
+    videoDrivers = ["amdgpu"];
     displayManager.startx.enable = true;
   };
 }

nixos/viridian/configuration.nix

@@ -1,6 +1,4 @@
-{ pkgs, ... }: 
-
-{
+{pkgs, ...}: {
   imports = [
     ../common/global
     ../common/users/sajenim
@@ -33,24 +31,24 @@
       enable = true;
       allowPing = true;
       allowedTCPPorts = [
-        53    # adguardhome (DNS)
-        80    # traefik     (HTTP)
-        443   # traefik     (HTTPS)
+        53 # adguardhome (DNS)
+        80 # traefik     (HTTP)
+        443 # traefik     (HTTPS)
         32372 # qbittorrent
-        6600  # mpd
+        6600 # mpd
       ];
       allowedUDPPorts = [
-        53    # adguardhome (DNS)
-        80    # traefik     (HTTP)
-        443   # traefik     (HTTPS)
+        53 # adguardhome (DNS)
+        80 # traefik     (HTTP)
+        443 # traefik     (HTTPS)
         32372 # qbittorrent
         51820 # Wireguard
-        6600  # mpd
+        6600 # mpd
       ];
     };
   };
 
- programs = {
+  programs = {
     zsh.enable = true;
   };
 
@@ -65,4 +63,3 @@
   # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
   system.stateVersion = "24.05";
 }
-

nixos/viridian/containers/default.nix

@@ -1,6 +1,4 @@
-{ ... }:
-
-{
+{...}: {
   imports = [
     ./jellyfin.nix
     ./jellyseerr.nix

nixos/viridian/containers/jellyfin.nix

@@ -1,8 +1,6 @@
-{ ... }:
-let
+{...}: let
   port = "8096";
-in
-{
+in {
   virtualisation.oci-containers.containers = {
     # Volunteer-built media solution that puts you in control of your media
     jellyfin = {
@@ -35,7 +33,7 @@ in
 
   services.traefik.dynamicConfigOptions.http.routers = {
     jellyfin = {
-     rule = "Host(`jellyfin.kanto.dev`)";
+      rule = "Host(`jellyfin.kanto.dev`)";
       entryPoints = [
         "websecure"
       ];
@@ -48,8 +46,7 @@ in
 
   services.traefik.dynamicConfigOptions.http.services = {
     jellyfin.loadBalancer.servers = [
-      { url = "http://127.0.0.1:${port}"; }
+      {url = "http://127.0.0.1:${port}";}
     ];
   };
 }
-

nixos/viridian/containers/jellyseerr.nix

@@ -1,8 +1,6 @@
-{ ... }:
-let
+{...}: let
   port = "5055";
-in
-{
+in {
   virtualisation.oci-containers.containers = {
     # Request management
     jellyseerr = {
@@ -39,8 +37,7 @@ in
 
   services.traefik.dynamicConfigOptions.http.services = {
     jellyseerr.loadBalancer.servers = [
-      { url = "http://127.0.0.1:${port}"; }
+      {url = "http://127.0.0.1:${port}";}
     ];
   };
 }
-

nixos/viridian/containers/lidarr.nix

@@ -1,8 +1,6 @@
-{ ... }:
-let
+{...}: let
   port = "8686";
-in
-{
+in {
   virtualisation.oci-containers.containers = {
     # # Music collection manager for Usenet and BitTorrent users
     lidarr = {
@@ -42,8 +40,7 @@ in
 
   services.traefik.dynamicConfigOptions.http.services = {
     lidarr.loadBalancer.servers = [
-      { url = "http://127.0.0.1:${port}"; }
+      {url = "http://127.0.0.1:${port}";}
     ];
   };
 }
-

nixos/viridian/containers/mealie.nix

@@ -1,8 +1,6 @@
-{ ... }:
-let
+{...}: let
   port = "9925";
-in
-{
+in {
   virtualisation.oci-containers.containers = {
     mealie = {
       autoStart = true;
@@ -29,7 +27,7 @@ in
 
   services.traefik.dynamicConfigOptions.http.routers = {
     mealie = {
-     rule = "Host(`mealie.kanto.dev`)";
+      rule = "Host(`mealie.kanto.dev`)";
       entryPoints = [
         "websecure"
       ];
@@ -43,9 +41,7 @@ in
 
   services.traefik.dynamicConfigOptions.http.services = {
     mealie.loadBalancer.servers = [
-      { url = "http://127.0.0.1:${port}"; }
+      {url = "http://127.0.0.1:${port}";}
     ];
   };
-
 }
-

nixos/viridian/containers/microbin/default.nix

@@ -1,13 +1,11 @@
-{ config, ... }:
-let
+{config, ...}: let
   port = "8181";
-in
-{
+in {
   age.secrets.microbin = {
-   # Environment variables for microbin
-   rekeyFile = ./environment.age;
-   owner = "sajenim";
-   group = "users";
+    # Environment variables for microbin
+    rekeyFile = ./environment.age;
+    owner = "sajenim";
+    group = "users";
   };
 
   virtualisation.oci-containers.containers = {
@@ -43,8 +41,7 @@ in
 
   services.traefik.dynamicConfigOptions.http.services = {
     microbin.loadBalancer.servers = [
-      { url = "http://127.0.0.1:${port}"; }
+      {url = "http://127.0.0.1:${port}";}
     ];
   };
 }
-

nixos/viridian/containers/prowlarr.nix

@@ -1,8 +1,6 @@
-{ ... }:
-let
+{...}: let
   port = "9696";
-in
-{
+in {
   virtualisation.oci-containers.containers = {
     # Indexer manager/proxy built on the popular arr .net/reactjs base stack to integrate with your various PVR apps.
     prowlarr = {
@@ -36,11 +34,10 @@ in
       service = "prowlarr";
     };
   };
-  
+
   services.traefik.dynamicConfigOptions.http.services = {
     prowlarr.loadBalancer.servers = [
-      { url = "http://127.0.0.1:${port}"; }
+      {url = "http://127.0.0.1:${port}";}
     ];
   };
 }
-

nixos/viridian/containers/qbittorrent.nix

@@ -1,16 +1,14 @@
-{ ... }:
-let
+{...}: let
   port = "8487";
-in
-{
+in {
   virtualisation.oci-containers.containers = {
     # # Open-source software alternative to µTorrent
     qbittorrent = {
       autoStart = true;
       image = "ghcr.io/hotio/qbittorrent:release-4.6.5";
       ports = [
-        "${port}:8080/tcp"  # WebUI
-        "32372:32372/tcp"   # Transport protocol
+        "${port}:8080/tcp" # WebUI
+        "32372:32372/tcp" # Transport protocol
       ];
       volumes = [
         # Seedbox
@@ -42,8 +40,7 @@ in
 
   services.traefik.dynamicConfigOptions.http.services = {
     qbittorrent.loadBalancer.servers = [
-      { url = "http://127.0.0.1:${port}"; }
+      {url = "http://127.0.0.1:${port}";}
     ];
   };
 }
-

nixos/viridian/containers/radarr.nix

@@ -1,8 +1,6 @@
-{ ... }:
-let
+{...}: let
   port = "7878";
-in
-{
+in {
   virtualisation.oci-containers.containers = {
     # Movie collection manager for Usenet and BitTorrent users
     radarr = {
@@ -41,8 +39,7 @@ in
 
   services.traefik.dynamicConfigOptions.http.services = {
     radarr.loadBalancer.servers = [
-      { url = "http://127.0.0.1:${port}"; }
+      {url = "http://127.0.0.1:${port}";}
     ];
   };
 }
-

nixos/viridian/containers/recyclarr.nix

@@ -1,6 +1,4 @@
-{ ... }:
-
-{
+{...}: {
   virtualisation.oci-containers.containers = {
     # Automatically synchronize recommended settings from the TRaSH guides to your Sonarr/Radarr instances
     recyclarr = {

nixos/viridian/containers/sonarr.nix

@@ -1,8 +1,6 @@
-{ ... }:
-let
+{...}: let
   port = "8989";
-in
-{
+in {
   virtualisation.oci-containers.containers = {
     # PVR for Usenet and BitTorrent users
     sonarr = {
@@ -42,8 +40,7 @@ in
 
   services.traefik.dynamicConfigOptions.http.services = {
     sonarr.loadBalancer.servers = [
-      { url = "http://127.0.0.1:${port}"; }
+      {url = "http://127.0.0.1:${port}";}
     ];
   };
 }
-

nixos/viridian/hardware-configuration.nix

@@ -1,16 +1,18 @@
-{ config, lib, ... }:
-let
-  hostname = config.networking.hostName;
-in
 {
+  config,
+  lib,
+  ...
+}: let
+  hostname = config.networking.hostName;
+in {
   imports = [
     ../common/optional/ephemeral-btrfs.nix
   ];
 
   boot = {
     initrd = {
-      availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
-      kernelModules = [ "kvm-intel" ];
+      availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
+      kernelModules = ["kvm-intel"];
     };
     loader = {
       systemd-boot.enable = true;
@@ -21,12 +23,12 @@ in
     };
   };
 
-  fileSystems."/boot" = { 
+  fileSystems."/boot" = {
     device = "/dev/disk/by-label/ESP";
     fsType = "vfat";
   };
 
-  fileSystems."/srv/multimedia" = { 
+  fileSystems."/srv/multimedia" = {
     device = "/dev/disk/by-label/multimedia";
     fsType = "ext4";
   };
@@ -34,30 +36,31 @@ in
   fileSystems."/srv/containers" = {
     device = "/dev/disk/by-label/${hostname}";
     fsType = "btrfs";
-    options = [ "subvol=containers" "compress=zstd" ];
+    options = ["subvol=containers" "compress=zstd"];
   };
 
   fileSystems."/srv/services" = {
     device = "/dev/disk/by-label/${hostname}";
     fsType = "btrfs";
-    options = [ "subvol=services" "compress=zstd" ];
+    options = ["subvol=services" "compress=zstd"];
   };
 
   fileSystems."/srv/shares" = {
     device = "/dev/disk/by-label/data";
     fsType = "btrfs";
-    options = [ "subvol=shares" "compress=zstd" ];
+    options = ["subvol=shares" "compress=zstd"];
   };
 
   fileSystems."/srv/backup" = {
     device = "/dev/disk/by-label/data";
     fsType = "btrfs";
-    options = [ "subvol=backup" "compress=zstd" ];
+    options = ["subvol=backup" "compress=zstd"];
   };
 
-  swapDevices = [ 
-    { device = "/swap/swapfile";
-      size = 16*1024;
+  swapDevices = [
+    {
+      device = "/swap/swapfile";
+      size = 16 * 1024;
     }
   ];
 

nixos/viridian/services/borgbackup.nix

@@ -1,6 +1,4 @@
-{ ... }:
-
-{
+{...}: {
   services.borgbackup.jobs = {
     containers = {
       paths = [
@@ -33,4 +31,3 @@
     };
   };
 }
-

nixos/viridian/services/crowdsec/default.nix

@@ -1,8 +1,11 @@
-{ config, inputs, pkgs, ... }:
-let
-  port = "8080";
-in
 {
+  config,
+  inputs,
+  pkgs,
+  ...
+}: let
+  port = "8080";
+in {
   imports = [
     inputs.crowdsec.nixosModules.crowdsec
     inputs.crowdsec.nixosModules.crowdsec-firewall-bouncer
@@ -86,9 +89,12 @@ in
 
   environment.persistence."/persist" = {
     directories = [
-      { directory = "/var/lib/crowdsec"; user = "crowdsec"; group = "crowdsec"; }
+      {
+        directory = "/var/lib/crowdsec";
+        user = "crowdsec";
+        group = "crowdsec";
+      }
     ];
     hideMounts = true;
   };
 }
-

nixos/viridian/services/default.nix

@@ -1,6 +1,4 @@
-{ ... }:
-
-{
+{...}: {
   imports = [
     ./traefik
     ./crowdsec

nixos/viridian/services/forgejo.nix

@@ -1,6 +1,4 @@
-{ config, ... }:
-
-{
+{config, ...}: {
   services.forgejo = {
     enable = true;
     stateDir = "/srv/services/forgejo";
@@ -34,8 +32,7 @@
 
   services.traefik.dynamicConfigOptions.http.services = {
     forgejo.loadBalancer.servers = [
-      { url = "http://127.0.0.1:${toString config.services.forgejo.settings.server.HTTP_PORT}"; }
+      {url = "http://127.0.0.1:${toString config.services.forgejo.settings.server.HTTP_PORT}";}
     ];
   };
 }
-

nixos/viridian/services/grafana.nix

@@ -1,6 +1,4 @@
-{ config, ... }:
-
-{
+{config, ...}: {
   # Setup grafana our grafana instance.
   services.grafana = {
     enable = true;
@@ -24,13 +22,15 @@
 
   # Setup our database for grafana.
   services.mysql = {
-    ensureUsers = [{
-      name = "grafana";
-      ensurePermissions = {
-        "grafana.*" = "ALL PRIVILEGES";
-      };
-    }];
-    ensureDatabases = [ "grafana" ];
+    ensureUsers = [
+      {
+        name = "grafana";
+        ensurePermissions = {
+          "grafana.*" = "ALL PRIVILEGES";
+        };
+      }
+    ];
+    ensureDatabases = ["grafana"];
   };
 
   # Setup our traefik router.
@@ -50,7 +50,7 @@
   # Setup our traefik service.
   services.traefik.dynamicConfigOptions.http.services = {
     grafana.loadBalancer.servers = [
-      { url = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}"; }
+      {url = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";}
     ];
   };
 }

nixos/viridian/services/lighttpd.nix

@@ -1,6 +1,4 @@
-{ config, ... }:
-
-{
+{config, ...}: {
   services.lighttpd = {
     enable = true;
     port = 5624;
@@ -23,8 +21,7 @@
 
   services.traefik.dynamicConfigOptions.http.services = {
     lighttpd.loadBalancer.servers = [
-      { url = "http://127.0.0.1:${toString config.services.lighttpd.port}"; }
+      {url = "http://127.0.0.1:${toString config.services.lighttpd.port}";}
     ];
   };
 }
-

nixos/viridian/services/minecraft/default.nix

@@ -1,5 +1,10 @@
-{ inputs, pkgs, lib, config, ... }:
-let
+{
+  inputs,
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
   modpack = pkgs.fetchPackwizModpack rec {
     version = "7091175a49";
     url = "https://git.sajenim.dev/jasmine/minecraft-modpack/raw/commit/${version}/pack.toml";
@@ -7,9 +12,8 @@ let
   };
   mcVersion = modpack.manifest.versions.minecraft;
   fabricVersion = modpack.manifest.versions.fabric;
-  serverVersion = lib.replaceStrings [ "." ] [ "_" ] "fabric-${mcVersion}";
-in
-{
+  serverVersion = lib.replaceStrings ["."] ["_"] "fabric-${mcVersion}";
+in {
   imports = [
     inputs.nix-minecraft.nixosModules.minecraft-servers
   ];
@@ -27,7 +31,7 @@ in
       kanto = {
         enable = true;
         # The minecraft server package to use.
-        package = pkgs.fabricServers.${serverVersion}.override { loaderVersion = fabricVersion; }; # Specific fabric loader version.
+        package = pkgs.fabricServers.${serverVersion}.override {loaderVersion = fabricVersion;}; # Specific fabric loader version.
 
         # Allowed players
         whitelist = {
@@ -46,10 +50,10 @@ in
           server-port = 25565;
           white-list = true;
         };
-        
+
         # Things to symlink into this server's data directory.
         symlinks = {
-         "mods" = "${modpack}/mods";
+          "mods" = "${modpack}/mods";
         };
 
         # Things to copy into this server's data directory.
@@ -90,8 +94,7 @@ in
 
   services.traefik.dynamicConfigOptions.http.services = {
     minecraft.loadBalancer.servers = [
-      { url = "http://127.0.0.1:${toString config.services.minecraft-servers.servers.kanto.serverProperties.server-port}"; }
+      {url = "http://127.0.0.1:${toString config.services.minecraft-servers.servers.kanto.serverProperties.server-port}";}
     ];
   };
 }
-

nixos/viridian/services/mpd.nix

@@ -1,6 +1,4 @@
-{ ... }:
-
-{
+{...}: {
   services.mpd = {
     enable = true;
     musicDirectory = "/srv/multimedia/library/music";
@@ -28,7 +26,7 @@
   };
   networking.firewall = {
     # # for NFSv3; view with `rpcinfo -p`
-    allowedTCPPorts = [ 111 2049 4000 4001 4002 20048 ];
-    allowedUDPPorts = [ 111 2049 4000 4001 4002 20048 ];
+    allowedTCPPorts = [111 2049 4000 4001 4002 20048];
+    allowedUDPPorts = [111 2049 4000 4001 4002 20048];
   };
 }

nixos/viridian/services/mysql.nix

@@ -1,10 +1,7 @@
-{ pkgs, ... }:
-
-{
+{pkgs, ...}: {
   services.mysql = {
     enable = true;
     package = pkgs.mariadb;
     dataDir = "/srv/services/mysql";
   };
 }
-

nixos/viridian/services/prometheus.nix

@@ -1,9 +1,7 @@
-{ config, ... }:
-
-{
+{config, ...}: {
   services.prometheus = {
     enable = true;
-    port = 9001;  # Port to listen on.
+    port = 9001; # Port to listen on.
 
     # Valid in all configuration contexts, defaults for other configuration sections.
     globalConfig = {
@@ -14,7 +12,7 @@
     exporters = {
       node = {
         enable = true;
-        enabledCollectors = [ "systemd" "processes" ];
+        enabledCollectors = ["systemd" "processes"];
         port = 9100;
       };
     };
@@ -23,11 +21,12 @@
     scrapeConfigs = [
       {
         job_name = "node";
-        static_configs = [{
-          targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ];
-        }];
+        static_configs = [
+          {
+            targets = ["127.0.0.1:${toString config.services.prometheus.exporters.node.port}"];
+          }
+        ];
       }
     ];
   };
 }
-

nixos/viridian/services/samba.nix

@@ -1,6 +1,4 @@
-{ ... }:
-
-{
+{...}: {
   services.samba = {
     enable = true;
     securityType = "user";
@@ -9,7 +7,7 @@
       workgroup = WORKGROUP
       server string = smbnix
       netbios name = smbnix
-      security = user 
+      security = user
       #use sendfile = yes
       #max protocol = smb2
       # note: localhost is the ipv6 localhost ::1
@@ -47,5 +45,5 @@
     openFirewall = true;
   };
 
-  environment.persistence."/persist".directories = [ "/var/lib/samba" ];
+  environment.persistence."/persist".directories = ["/var/lib/samba"];
 }

nixos/viridian/services/traefik/default.nix

@@ -1,7 +1,10 @@
-{ inputs, config, pkgs, ... }:
-
 {
-  disabledModules = [ "services/web-servers/traefik.nix" ];
+  inputs,
+  config,
+  pkgs,
+  ...
+}: {
+  disabledModules = ["services/web-servers/traefik.nix"];
 
   imports = [
     "${inputs.nixpkgs-unstable}/nixos/modules/services/web-servers/traefik.nix"
@@ -86,12 +89,14 @@
             # List of domains in our network
             domains = [
               # Internal services
-              { main = "kanto.dev";
-                sans = [ "*.kanto.dev" ];
+              {
+                main = "kanto.dev";
+                sans = ["*.kanto.dev"];
               }
               # Public services
-              { main = "sajenim.dev";
-                sans = [ "*.sajenim.dev" ];
+              {
+                main = "sajenim.dev";
+                sans = ["*.sajenim.dev"];
               }
             ];
           };
@@ -106,7 +111,7 @@
       metrics = {
         prometheus = {
           entryPoint = "metrics";
-          buckets = [ "0.1" "0.3" "1.2" "5.0" ];
+          buckets = ["0.1" "0.3" "1.2" "5.0"];
           addEntryPointsLabels = true;
           addRoutersLabels = true;
           addServicesLabels = true;
@@ -144,20 +149,33 @@
   services.prometheus.scrapeConfigs = [
     {
       job_name = "traefik";
-      static_configs = [{
-        targets = [ "127.0.0.1:8082" ];
-      }];
+      static_configs = [
+        {
+          targets = ["127.0.0.1:8082"];
+        }
+      ];
     }
   ];
 
   # Persist our traefik data & logs
   environment.persistence."/persist" = {
     directories = [
-      { directory = "/var/lib/traefik"; user = "traefik"; group = "traefik"; }
-      { directory = "/var/log/traefik"; user = "traefik"; group = "traefik"; }
-      { directory = "/plugins-storage"; user = "traefik"; group = "traefik"; }
+      {
+        directory = "/var/lib/traefik";
+        user = "traefik";
+        group = "traefik";
+      }
+      {
+        directory = "/var/log/traefik";
+        user = "traefik";
+        group = "traefik";
+      }
+      {
+        directory = "/plugins-storage";
+        user = "traefik";
+        group = "traefik";
+      }
     ];
     hideMounts = true;
   };
 }
-

nixos/viridian/services/traefik/middlewares.nix

@@ -1,6 +1,4 @@
-{ config, ... }:
-
-{
+{config, ...}: {
   # Crowdsec Local API key for the bouncer.
   age.secrets.traefik-bouncer-key = {
     rekeyFile = ../crowdsec/traefik-bouncer-key.age;
@@ -12,7 +10,7 @@
   services.traefik.dynamicConfigOptions.http.middlewares = {
     # Restrict access to internal networks
     internal.ipwhitelist.sourcerange = [
-      "127.0.0.1/32"    # localhost
+      "127.0.0.1/32" # localhost
       "192.168.20.1/24" # lan
     ];
 
@@ -49,7 +47,7 @@
     crowdsec.plugin.bouncer = {
       enabled = "true";
       crowdsecMode = "appsec";
-      crowdsecLapiKeyFile = config.age.secrets.traefik-bouncer-key.path; 
+      crowdsecLapiKeyFile = config.age.secrets.traefik-bouncer-key.path;
       crowdsecLapiScheme = "http";
       crowdsecLapiHost = "127.0.0.1:8080";
       crowdsecAppsecEnabled = "true";
@@ -57,4 +55,3 @@
     };
   };
 }
-

nixos/viridian/services/traefik/routers.nix

@@ -1,6 +1,4 @@
-{ ... }:
-
-{ 
+{...}: {
   services.traefik.dynamicConfigOptions.http.routers = {
     traefik-dashboard = {
       rule = "Host(`traefik.kanto.dev`)";
@@ -25,4 +23,3 @@
     };
   };
 }
-

nixos/viridian/services/traefik/services.nix

@@ -1,10 +1,7 @@
-{ ... }:
-
-{
+{...}: {
   services.traefik.dynamicConfigOptions.http.services = {
     ender1.loadBalancer.servers = [
-      { url = "http://192.168.1.103:80"; }
+      {url = "http://192.168.1.103:80";}
     ];
   };
 }
-