use rfc-style formatter

flake.nix

@@ -13,16 +13,18 @@
     };
   };
 
-  outputs = {
+  outputs =
+    {
       self,
       nixpkgs,
       home-manager,
       ...
-  } @ inputs: let
+    }@inputs:
+    let
       lib = nixpkgs.lib;
       inherit (self) outputs;
 
-    systems = ["x86_64-linux"];
+      systems = [ "x86_64-linux" ];
       forEachSystem = f: lib.genAttrs systems (system: f pkgsFor.${system});
       pkgsFor = lib.genAttrs systems (
         system:
@@ -33,22 +35,25 @@
           };
         }
       );
-  in {
+    in
-    packages = forEachSystem (pkgs: import ./pkgs {inherit pkgs;});
+    {
-    formatter = forEachSystem (pkgs: pkgs.alejandra);
+      packages = forEachSystem (pkgs: import ./pkgs { inherit pkgs; });
-    devShells = forEachSystem (pkgs: import ./shells {inherit pkgs;});
+      formatter = forEachSystem (pkgs: pkgs.nixfmt-rfc-style);
+      devShells = forEachSystem (pkgs: import ./shells { inherit pkgs; });
       nixosModules = import ./modules/nixos;
       homeManagerModules = import ./modules/home-manager;
-    overlays = import ./overlays {inherit inputs outputs;};
+      overlays = import ./overlays { inherit inputs outputs; };
 
-    nixosConfigurations = let
+      nixosConfigurations =
+        let
           pkgs = pkgsFor.x86_64-linux;
-    in {
+        in
+        {
           ytnix = lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
+            specialArgs = { inherit inputs outputs; };
             modules = [
               {
-            nixpkgs = {inherit pkgs;};
+                nixpkgs = { inherit pkgs; };
               }
               ./hosts/ytnix
               inputs.sops-nix.nixosModules.sops
@@ -56,10 +61,10 @@
           };
 
           chunk = lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
+            specialArgs = { inherit inputs outputs; };
             modules = [
               {
-            nixpkgs = {inherit pkgs;};
+                nixpkgs = { inherit pkgs; };
               }
               ./hosts/chunk
               inputs.sops-nix.nixosModules.sops
@@ -70,7 +75,7 @@
       homeConfigurations = {
         "yt@ytnix" = home-manager.lib.homeManagerConfiguration {
           pkgs = pkgsFor.x86_64-linux;
-        extraSpecialArgs = {inherit inputs outputs;};
+          extraSpecialArgs = { inherit inputs outputs; };
           modules = [
             ./home/yt/ytnix.nix
           ];
@@ -78,7 +83,7 @@
 
         "yt@chunk" = home-manager.lib.homeManagerConfiguration {
           pkgs = pkgsFor.x86_64-linux;
-        extraSpecialArgs = {inherit inputs outputs;};
+          extraSpecialArgs = { inherit inputs outputs; };
           modules = [
             ./home/yt/chunk.nix
           ];

home/foot.nix

@@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
   programs.foot = {
     enable = true;
     settings = {

home/tmux.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   programs.tmux = {
     enable = true;
     baseIndex = 1;

home/yt/chunk.nix

@@ -5,7 +5,8 @@
   inputs,
   outputs,
   ...
-}: {
+}:
+{
   imports = [
     ./common.nix
   ];

home/yt/common.nix

@@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
   imports = [
     ../tmux.nix
     ../zsh

home/yt/ytnix.nix

@@ -2,7 +2,8 @@
   pkgs,
   inputs,
   ...
-}: {
+}:
+{
   imports = [
     ./common.nix
     ../foot.nix

home/zsh/default.nix

@@ -1,13 +1,17 @@
-{...}: {
+{ ... }:
+{
   programs.zsh = {
     enable = true;
     autosuggestion = {
       enable = true;
-      strategy = ["history" "completion"];
+      strategy = [
+        "history"
+        "completion"
+      ];
     };
     syntaxHighlighting = {
       enable = true;
-      highlighters = ["brackets"];
+      highlighters = [ "brackets" ];
     };
     autocd = true;
     defaultKeymap = "emacs";
@@ -85,7 +89,7 @@
   programs.zoxide = {
     enable = true;
     enableZshIntegration = true;
-    options = ["--cmd cd"];
+    options = [ "--cmd cd" ];
   };
 
   programs.eza = {

hosts/chunk/adguard.nix

@@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
   services.adguardhome = {
     enable = true;
     host = "127.0.0.1";

hosts/chunk/borg.nix

@@ -2,11 +2,29 @@
   pkgs,
   config,
   ...
-}: {
+}:
+{
   services.borgbackup.jobs = {
     crashRsync = {
-      paths = ["/root" "/home" "/var/backup" "/var/lib" "/var/log" "/opt" "/etc" "/vw-data"];
+      paths = [
-      exclude = ["**/.cache" "**/node_modules" "**/cache" "**/Cache" "/var/lib/docker" "/var/lib/containers/cache" "/var/lib/containers/overlay*"];
+        "/root"
+        "/home"
+        "/var/backup"
+        "/var/lib"
+        "/var/log"
+        "/opt"
+        "/etc"
+        "/vw-data"
+      ];
+      exclude = [
+        "**/.cache"
+        "**/node_modules"
+        "**/cache"
+        "**/Cache"
+        "/var/lib/docker"
+        "/var/lib/containers/cache"
+        "/var/lib/containers/overlay*"
+      ];
       repo = "de3911@de3911.rsync.net:borg/crash";
       encryption = {
         mode = "repokey-blake2";
@@ -18,11 +36,13 @@
       };
       compression = "auto,zstd";
       startAt = "hourly";
-      extraCreateArgs = ["--stats"];
+      extraCreateArgs = [ "--stats" ];
       # warnings are often not that serious
       failOnWarnings = false;
       postHook = ''
-        ${pkgs.curl}/bin/curl -u $(cat ${config.sops.secrets."services/ntfy".path}) -d "chunk: backup completed with exit code: $exitStatus
+        ${pkgs.curl}/bin/curl -u $(cat ${
+          config.sops.secrets."services/ntfy".path
+        }) -d "chunk: backup completed with exit code: $exitStatus
         $(journalctl -u borgbackup-job-crashRsync.service|tail -n 5)" \
         https://ntfy.cything.io/chunk
       '';

hosts/chunk/conduit.nix

@@ -2,11 +2,12 @@
   pkgs,
   config,
   ...
-}: {
+}:
+{
   virtualisation.oci-containers.containers.conduit = {
     image = "matrixconduit/matrix-conduit:latest";
     autoStart = true;
-    ports = ["127.0.0.1:8448:8448"];
+    ports = [ "127.0.0.1:8448:8448" ];
     pull = "newer";
     environment = {
       CONDUIT_SERVER_NAME = "cything.io";
@@ -24,7 +25,7 @@
     volumes = [
       "/opt/conduit/db:/var/lib/matrix-conduit/"
     ];
-    networks = ["conduit-net"];
+    networks = [ "conduit-net" ];
   };
 
   systemd.services.create-conduit-net = {

hosts/chunk/default.nix

@@ -3,7 +3,8 @@
   lib,
   pkgs,
   ...
-}: {
+}:
+{
   imports = [
     ./hardware-configuration.nix
     ../common.nix
@@ -91,9 +92,20 @@
   networking.networkmanager.enable = true;
   networking.firewall = {
     enable = true;
-    allowedTCPPorts = [22 80 443 53 853];
+    allowedTCPPorts = [
-    allowedUDPPorts = [443 51820 53 853]; # 51820 is wireguard
+      22
-    trustedInterfaces = ["wg0"];
+      80
+      443
+      53
+      853
+    ];
+    allowedUDPPorts = [
+      443
+      51820
+      53
+      853
+    ]; # 51820 is wireguard
+    trustedInterfaces = [ "wg0" ];
   };
   networking.interfaces.ens18 = {
     ipv6.addresses = [
@@ -117,7 +129,10 @@
     address = "31.59.129.1";
     interface = "ens18";
   };
-  networking.nameservers = ["127.0.0.1" "::1"];
+  networking.nameservers = [
+    "127.0.0.1"
+    "::1"
+  ];
 
   time.timeZone = "America/Toronto";
 
@@ -129,12 +144,20 @@
 
   users.users.yt = {
     isNormalUser = true;
-    extraGroups = ["wheel" "networkmanager" "podman"];
+    extraGroups = [
-    openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux"];
+      "wheel"
+      "networkmanager"
+      "podman"
+    ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux"
+    ];
     shell = pkgs.zsh;
   };
   programs.zsh.enable = true;
-  users.users.root.openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux"];
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux"
+  ];
 
   environment.systemPackages = with pkgs; [
     vim

hosts/chunk/deluge.nix

@@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
   services.deluge = {
     enable = true;
     web = {

hosts/chunk/ghost.nix

@@ -2,11 +2,12 @@
   pkgs,
   config,
   ...
-}: {
+}:
+{
   virtualisation.oci-containers.containers.ghost = {
     image = "ghost:5-alpine";
     autoStart = true;
-    ports = ["127.0.0.1:8084:2368"];
+    ports = [ "127.0.0.1:8084:2368" ];
     pull = "newer";
     environment = {
       database__client = "mysql";
@@ -20,8 +21,8 @@
     volumes = [
       "/opt/ghost/data:/var/lib/ghost/content"
     ];
-    networks = ["ghost-net"];
+    networks = [ "ghost-net" ];
-    dependsOn = ["ghost-db"];
+    dependsOn = [ "ghost-db" ];
   };
 
   virtualisation.oci-containers.containers.ghost-db = {
@@ -34,7 +35,7 @@
     volumes = [
       "/opt/ghost/db:/var/lib/mysql"
     ];
-    networks = ["ghost-net"];
+    networks = [ "ghost-net" ];
   };
 
   systemd.services.create-ghost-net = {

hosts/chunk/gitlab.nix

@@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
   services.gitlab = {
     enable = true;
     https = true;

hosts/chunk/grafana.nix

@@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
   services.grafana = {
     enable = true;
     settings.server = {
@@ -16,7 +17,7 @@
     exporters = {
       node = {
         enable = true;
-        enabledCollectors = ["systemd"];
+        enabledCollectors = [ "systemd" ];
       };
     };
     scrapeConfigs = [
@@ -24,7 +25,7 @@
         job_name = "chrysalis";
         static_configs = [
           {
-            targets = ["127.0.0.1:${toString config.services.prometheus.exporters.node.port}"];
+            targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ];
           }
         ];
       }

hosts/chunk/hardware-configuration.nix

@@ -7,22 +7,29 @@
   pkgs,
   modulesPath,
   ...
-}: {
+}:
+{
   imports = [
     (modulesPath + "/profiles/qemu-guest.nix")
   ];
 
-  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];
+  boot.initrd.availableKernelModules = [
-  boot.initrd.kernelModules = [];
+    "ata_piix"
-  boot.kernelModules = ["kvm-intel"];
+    "uhci_hcd"
-  boot.extraModulePackages = [];
+    "virtio_pci"
+    "sr_mod"
+    "virtio_blk"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
 
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/6fff5dd4-8d7a-43fa-85be-eec74ef2089e";
     fsType = "ext4";
   };
 
-  swapDevices = [];
+  swapDevices = [ ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's

hosts/chunk/hedgedoc.nix

@@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
   services.hedgedoc = {
     enable = true;
     environmentFile = config.sops.secrets."hedgedoc/env".path;

hosts/chunk/immich.nix

@@ -2,18 +2,20 @@
   pkgs,
   config,
   ...
-}: let
+}:
+let
   uploadLocation = "/mnt/photos/immich";
   thumbsLocation = "/opt/immich/thumbs";
   profileLocation = "/opt/immich/profile";
   dbDataLocation = "/opt/immich/postgres";
   modelCache = "/opt/immich-ml";
-in {
+in
+{
   virtualisation.oci-containers.containers = {
     immich-server = {
       image = "ghcr.io/immich-app/immich-server:release";
       autoStart = true;
-      ports = ["127.0.0.1:2283:2283"];
+      ports = [ "127.0.0.1:2283:2283" ];
       pull = "newer";
       volumes = [
         "${uploadLocation}:/usr/src/app/upload"
@@ -24,15 +26,18 @@ in {
         REDIS_HOSTNAME = "immich-redis";
         DB_HOSTNAME = "immich-db";
       };
-      networks = ["immich-net"];
+      networks = [ "immich-net" ];
-      dependsOn = ["immich-db" "immich-redis"];
+      dependsOn = [
+        "immich-db"
+        "immich-redis"
+      ];
     };
 
     immich-redis = {
       image = "redis:6.2-alpine";
       autoStart = true;
       pull = "newer";
-      networks = ["immich-net"];
+      networks = [ "immich-net" ];
     };
 
     immich-db = {
@@ -45,17 +50,23 @@ in {
         POSTGRES_DB = "immich";
         POSTGRES_INITDB_ARGS = "--data-checksums";
       };
-      volumes = ["${dbDataLocation}:/var/lib/postgresql/data"];
+      volumes = [ "${dbDataLocation}:/var/lib/postgresql/data" ];
       cmd = [
         "postgres"
-        "-c" "shared_preload_libraries=vectors.so"
+        "-c"
-        "-c" ''search_path="$$user", public, vectors''
+        "shared_preload_libraries=vectors.so"
-        "-c" "logging_collector=on"
+        "-c"
-        "-c" "max_wal_size=2GB"
+        ''search_path="$$user", public, vectors''
-        "-c" "shared_buffers=512MB"
+        "-c"
-        "-c" "wal_compression=on"
+        "logging_collector=on"
+        "-c"
+        "max_wal_size=2GB"
+        "-c"
+        "shared_buffers=512MB"
+        "-c"
+        "wal_compression=on"
       ];
-      networks = ["immich-net"];
+      networks = [ "immich-net" ];
     };
 
     immich-ml = {
@@ -66,8 +77,8 @@ in {
         REDIS_HOSTNAME = "immich-redis";
         DB_HOSTNAME = "immich-db";
       };
-      volumes = ["${modelCache}:/cache"];
+      volumes = [ "${modelCache}:/cache" ];
-      networks = ["immich-net"];
+      networks = [ "immich-net" ];
     };
   };
 

hosts/chunk/jellyfin.nix

@@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
   services.jellyfin = {
     enable = true;
     dataDir = "/mnt/jellyfin";

hosts/chunk/miniflux.nix

@@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
   services.miniflux = {
     enable = true;
     adminCredentialsFile = config.sops.secrets."miniflux/env".path;

hosts/chunk/ntfy.nix

@@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
   services.ntfy-sh = {
     enable = true;
     settings = {

hosts/chunk/postgres.nix

@@ -2,7 +2,8 @@
   pkgs,
   lib,
   ...
-}: {
+}:
+{
   services.postgresql = {
     enable = true;
     settings.port = 5432;

hosts/chunk/rclone.nix

@@ -2,12 +2,13 @@
   pkgs,
   config,
   ...
-}: {
+}:
+{
   systemd.services.immich-mount = {
     enable = true;
     description = "Mount the immich data remote";
-    requires = ["network-online.target"];
+    requires = [ "network-online.target" ];
-    requiredBy = ["podman-immich-server.service"];
+    requiredBy = [ "podman-immich-server.service" ];
     serviceConfig = {
       Type = "notify";
       ExecStartPre = "/usr/bin/env mkdir -p /mnt/photos";
@@ -32,19 +33,19 @@
   #   };
   # };
 
-#   systemd.services.jellyfin-mount = {
+  #   systemd.services.jellyfin-mount = {
-#     enable = true;
+  #     enable = true;
-#     description = "Mount the jellyfin data remote";
+  #     description = "Mount the jellyfin data remote";
-#     after = ["network-online.target"];
+  #     after = ["network-online.target"];
-#     requires = ["network-online.target"];
+  #     requires = ["network-online.target"];
-#     requiredBy = ["jellyfin.service"];
+  #     requiredBy = ["jellyfin.service"];
-#     serviceConfig = {
+  #     serviceConfig = {
-#       Type = "notify";
+  #       Type = "notify";
-#       ExecStartPre = "/usr/bin/env mkdir -p /mnt/jellyfin";
+  #       ExecStartPre = "/usr/bin/env mkdir -p /mnt/jellyfin";
-#       ExecStart = "${pkgs.rclone}/bin/rclone mount --config /home/yt/.config/rclone/rclone.conf --allow-other --transfers=32 --dir-cache-time 72h --vfs-cache-mode writes --vfs-cache-max-size 2G jellyfin: /mnt/jellyfin";
+  #       ExecStart = "${pkgs.rclone}/bin/rclone mount --config /home/yt/.config/rclone/rclone.conf --allow-other --transfers=32 --dir-cache-time 72h --vfs-cache-mode writes --vfs-cache-max-size 2G jellyfin: /mnt/jellyfin";
-#       ExecStop = "${pkgs.fuse}/bin/fusermount -u /mnt/jellyfin";
+  #       ExecStop = "${pkgs.fuse}/bin/fusermount -u /mnt/jellyfin";
-#       EnvironmentFile = config.sops.secrets."rclone/env".path;
+  #       EnvironmentFile = config.sops.secrets."rclone/env".path;
-#     };
+  #     };
-#   };
+  #   };
   programs.fuse.userAllowOther = true;
 }

hosts/chunk/redlib.nix

@@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
   services.redlib = {
     enable = true;
     port = 8087;

hosts/chunk/tor.nix

@@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
   services.tor = {
     enable = true;
     openFirewall = true;

hosts/chunk/vaultwarden.nix

@@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
   services.vaultwarden = {
     enable = true;
     dbBackend = "postgresql";

hosts/chunk/wireguard.nix

@@ -2,16 +2,20 @@
   pkgs,
   config,
   ...
-}: {
+}:
+{
   networking.nat = {
     enable = true;
     enableIPv6 = true;
     externalInterface = "ens18";
-    internalInterfaces = ["wg0"];
+    internalInterfaces = [ "wg0" ];
   };
 
   networking.wg-quick.interfaces.wg0 = {
-    address = ["10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64"];
+    address = [
+      "10.0.0.1/24"
+      "fdc9:281f:04d7:9ee9::1/64"
+    ];
     listenPort = 51820;
     privateKeyFile = config.sops.secrets."wireguard/private".path;
     postUp = ''
@@ -33,12 +37,18 @@
     peers = [
       {
         publicKey = "qUhWoTPVC7jJdDEJLYY92OeiwPkaf8I5pv5kkMcSW3g=";
-        allowedIPs = ["10.0.0.2/32" "fdc9:281f:04d7:9ee9::2/128"];
+        allowedIPs = [
+          "10.0.0.2/32"
+          "fdc9:281f:04d7:9ee9::2/128"
+        ];
         presharedKeyFile = config.sops.secrets."wireguard/psk-yt".path;
       }
       {
         publicKey = "JIGi60wzLw717Cim1dSFoLCdJz5rePa5AIFfuisJI0k=";
-        allowedIPs = ["10.0.0.3/32" "fdc9:281f:04d7:9ee9::3/128"];
+        allowedIPs = [
+          "10.0.0.3/32"
+          "fdc9:281f:04d7:9ee9::3/128"
+        ];
         presharedKeyFile = config.sops.secrets."wireguard/psk-phone".path;
       }
     ];

hosts/common.nix

@@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
   nix = {
     settings = {
       experimental-features = "nix-command flakes";
@@ -8,7 +9,7 @@
     channel.enable = false;
     optimise = {
       automatic = true;
-      dates = ["03:45"];
+      dates = [ "03:45" ];
     };
     gc = {
       automatic = true;

hosts/ytnix/default.nix

@@ -2,7 +2,8 @@
   config,
   pkgs,
   ...
-}: {
+}:
+{
   imports = [
     ./hardware-configuration.nix
     ../common.nix
@@ -53,11 +54,14 @@
       dns = "none";
       wifi.backend = "iwd";
     };
-    nameservers = ["31.59.129.225" "2a0f:85c1:840:2bfb::1"];
+    nameservers = [
+      "31.59.129.225"
+      "2a0f:85c1:840:2bfb::1"
+    ];
     resolvconf.enable = true;
     firewall = {
-      allowedUDPPorts = [51820]; # for wireguard
+      allowedUDPPorts = [ 51820 ]; # for wireguard
-      trustedInterfaces = ["wg0"];
+      trustedInterfaces = [ "wg0" ];
     };
   };
   programs.nm-applet.enable = true;
@@ -76,7 +80,10 @@
         "bluez5.enable-sbc-xq" = true;
         "bluez5.enable-msbc" = true;
         "bluez5.enable-hw-volume" = true;
-        "bluez5.roles" = ["a2dp_sink" "a2dp_source"];
+        "bluez5.roles" = [
+          "a2dp_sink"
+          "a2dp_source"
+        ];
       };
     };
     # https://wiki.archlinux.org/title/Bluetooth_headset#Connecting_works,_sound_plays_fine_until_headphones_become_idle,_then_stutters
@@ -100,7 +107,11 @@
 
   users.users.yt = {
     isNormalUser = true;
-    extraGroups = ["wheel" "libvirtd" "docker"];
+    extraGroups = [
+      "wheel"
+      "libvirtd"
+      "docker"
+    ];
     shell = pkgs.zsh;
   };
   programs.zsh.enable = true;
@@ -168,7 +179,14 @@
   programs.sway.enable = true;
 
   services.borgbackup.jobs.ytnixRsync = {
-    paths = ["/root" "/home" "/var/lib" "/var/log" "/opt" "/etc"];
+    paths = [
+      "/root"
+      "/home"
+      "/var/lib"
+      "/var/log"
+      "/opt"
+      "/etc"
+    ];
     exclude = [
       "**/.cache"
       "**/node_modules"
@@ -194,11 +212,13 @@
     };
     compression = "auto,zstd";
     startAt = "daily";
-    extraCreateArgs = ["--stats"];
+    extraCreateArgs = [ "--stats" ];
     # warnings are often not that serious
     failOnWarnings = false;
     postHook = ''
-      ${pkgs.curl}/bin/curl -u $(cat ${config.sops.secrets."services/ntfy".path}) -d "ytnixRsync: backup completed with exit code: $exitStatus
+      ${pkgs.curl}/bin/curl -u $(cat ${
+        config.sops.secrets."services/ntfy".path
+      }) -d "ytnixRsync: backup completed with exit code: $exitStatus
       $(journalctl -u borgbackup-job-ytnixRsync.service|tail -n 5)" \
       https://ntfy.cything.io/chunk
     '';
@@ -211,8 +231,8 @@
       snapshot_preserve_min = "2d";
       snapshot_dir = "/snapshots";
       subvolume = {
-        "/home" = {};
+        "/home" = { };
-        "/" = {};
+        "/" = { };
       };
     };
   };
@@ -286,12 +306,18 @@
 
   # wireguard setup
   networking.wg-quick.interfaces.wg0 = {
-    address = ["10.0.0.2/24" "fdc9:281f:04d7:9ee9::2/64"];
+    address = [
+      "10.0.0.2/24"
+      "fdc9:281f:04d7:9ee9::2/64"
+    ];
     privateKeyFile = config.sops.secrets."wireguard/private".path;
     peers = [
       {
         publicKey = "a16/F/wP7HQIUtFywebqPSXQAktPsLgsMLH9ZfevMy0=";
-        allowedIPs = ["0.0.0.0/0" "::/0"];
+        allowedIPs = [
+          "0.0.0.0/0"
+          "::/0"
+        ];
         endpoint = "31.59.129.225:51820";
         persistentKeepalive = 25;
         presharedKeyFile = config.sops.secrets."wireguard/psk".path;

hosts/ytnix/hardware-configuration.nix

@@ -7,42 +7,63 @@
   pkgs,
   modulesPath,
   ...
-}: {
+}:
-  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod"];
+{
-  boot.initrd.kernelModules = [];
+  boot.initrd.availableKernelModules = [
-  boot.kernelModules = ["kvm-intel"];
+    "xhci_pci"
-  boot.extraModulePackages = [];
+    "ahci"
+    "nvme"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
 
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/17870658-6118-46af-837f-70c9175e09c3";
     fsType = "btrfs";
-    options = ["subvol=root" "compress=zstd"];
+    options = [
+      "subvol=root"
+      "compress=zstd"
+    ];
   };
 
-  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/c6098a16-c8a6-4a97-8648-6f46ca919d13";
+  boot.initrd.luks.devices."cryptroot".device =
+    "/dev/disk/by-uuid/c6098a16-c8a6-4a97-8648-6f46ca919d13";
 
   fileSystems."/home" = {
     device = "/dev/disk/by-uuid/17870658-6118-46af-837f-70c9175e09c3";
     fsType = "btrfs";
-    options = ["subvol=home" "compress=zstd"];
+    options = [
+      "subvol=home"
+      "compress=zstd"
+    ];
   };
 
   fileSystems."/nix" = {
     device = "/dev/disk/by-uuid/17870658-6118-46af-837f-70c9175e09c3";
     fsType = "btrfs";
-    options = ["subvol=nix" "compress=zstd" "noatime"];
+    options = [
+      "subvol=nix"
+      "compress=zstd"
+      "noatime"
+    ];
   };
 
   fileSystems."/swap" = {
     device = "/dev/disk/by-uuid/17870658-6118-46af-837f-70c9175e09c3";
     fsType = "btrfs";
-    options = ["subvol=swap"];
+    options = [ "subvol=swap" ];
   };
 
   fileSystems."/boot" = {
     device = "/dev/disk/by-uuid/29B7-F46D";
     fsType = "vfat";
-    options = ["fmask=0022" "dmask=0022"];
+    options = [
+      "fmask=0022"
+      "dmask=0022"
+    ];
   };
 
   swapDevices = [
@@ -52,7 +73,7 @@
   ];
 
   boot.resumeDevice = "/dev/disk/by-uuid/17870658-6118-46af-837f-70c9175e09c3";
-  boot.kernelParams = ["resume_offset=53224704"];
+  boot.kernelParams = [ "resume_offset=53224704" ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's