use rfc-style formatter

2024-12-19 02:32:58 -05:00 · 2024-12-19 02:32:58 -05:00 · f57ed53bc5
commit f57ed53bc5
parent 993b457e0b
30 changed files with 324 additions and 176 deletions
--- a/flake.nix
+++ b/flake.nix
@ -13,76 +13,81 @@
    };
  };

-  outputs = {
-    self,
-    nixpkgs,
-    home-manager,
-    ...
-  } @ inputs: let
-    lib = nixpkgs.lib;
-    inherit (self) outputs;
+  outputs =
+    {
+      self,
+      nixpkgs,
+      home-manager,
+      ...
+    }@inputs:
+    let
+      lib = nixpkgs.lib;
+      inherit (self) outputs;

-    systems = ["x86_64-linux"];
-    forEachSystem = f: lib.genAttrs systems (system: f pkgsFor.${system});
-    pkgsFor = lib.genAttrs systems (
-      system:
+      systems = [ "x86_64-linux" ];
+      forEachSystem = f: lib.genAttrs systems (system: f pkgsFor.${system});
+      pkgsFor = lib.genAttrs systems (
+        system:
        import nixpkgs {
          inherit system;
          config = {
            allowUnfree = true;
          };
        }
-    );
-  in {
-    packages = forEachSystem (pkgs: import ./pkgs {inherit pkgs;});
-    formatter = forEachSystem (pkgs: pkgs.alejandra);
-    devShells = forEachSystem (pkgs: import ./shells {inherit pkgs;});
-    nixosModules = import ./modules/nixos;
-    homeManagerModules = import ./modules/home-manager;
-    overlays = import ./overlays {inherit inputs outputs;};
+      );
+    in
+    {
+      packages = forEachSystem (pkgs: import ./pkgs { inherit pkgs; });
+      formatter = forEachSystem (pkgs: pkgs.nixfmt-rfc-style);
+      devShells = forEachSystem (pkgs: import ./shells { inherit pkgs; });
+      nixosModules = import ./modules/nixos;
+      homeManagerModules = import ./modules/home-manager;
+      overlays = import ./overlays { inherit inputs outputs; };

-    nixosConfigurations = let
-      pkgs = pkgsFor.x86_64-linux;
-    in {
-      ytnix = lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
-        modules = [
-          {
-            nixpkgs = {inherit pkgs;};
-          }
-          ./hosts/ytnix
-          inputs.sops-nix.nixosModules.sops
-        ];
-      };
+      nixosConfigurations =
+        let
+          pkgs = pkgsFor.x86_64-linux;
+        in
+        {
+          ytnix = lib.nixosSystem {
+            specialArgs = { inherit inputs outputs; };
+            modules = [
+              {
+                nixpkgs = { inherit pkgs; };
+              }
+              ./hosts/ytnix
+              inputs.sops-nix.nixosModules.sops
+            ];
+          };

-      chunk = lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
-        modules = [
-          {
-            nixpkgs = {inherit pkgs;};
-          }
-          ./hosts/chunk
-          inputs.sops-nix.nixosModules.sops
-        ];
+          chunk = lib.nixosSystem {
+            specialArgs = { inherit inputs outputs; };
+            modules = [
+              {
+                nixpkgs = { inherit pkgs; };
+              }
+              ./hosts/chunk
+              inputs.sops-nix.nixosModules.sops
+            ];
+          };
+        };
+
+      homeConfigurations = {
+        "yt@ytnix" = home-manager.lib.homeManagerConfiguration {
+          pkgs = pkgsFor.x86_64-linux;
+          extraSpecialArgs = { inherit inputs outputs; };
+          modules = [
+            ./home/yt/ytnix.nix
+          ];
+        };
+
+        "yt@chunk" = home-manager.lib.homeManagerConfiguration {
+          pkgs = pkgsFor.x86_64-linux;
+          extraSpecialArgs = { inherit inputs outputs; };
+          modules = [
+            ./home/yt/chunk.nix
+          ];
+        };
      };
    };
-
-    homeConfigurations = {
-      "yt@ytnix" = home-manager.lib.homeManagerConfiguration {
-        pkgs = pkgsFor.x86_64-linux;
-        extraSpecialArgs = {inherit inputs outputs;};
-        modules = [
-          ./home/yt/ytnix.nix
-        ];
-      };
-
-      "yt@chunk" = home-manager.lib.homeManagerConfiguration {
-        pkgs = pkgsFor.x86_64-linux;
-        extraSpecialArgs = {inherit inputs outputs;};
-        modules = [
-          ./home/yt/chunk.nix
-        ];
-      };
-    };
-  };
 }
--- a/home/foot.nix
+++ b/home/foot.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
  programs.foot = {
    enable = true;
    settings = {
--- a/home/tmux.nix
+++ b/home/tmux.nix
@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
  programs.tmux = {
    enable = true;
    baseIndex = 1;
--- a/home/yt/chunk.nix
+++ b/home/yt/chunk.nix
@ -5,7 +5,8 @@
  inputs,
  outputs,
  ...
-}: {
+}:
+{
  imports = [
    ./common.nix
  ];
--- a/home/yt/common.nix
+++ b/home/yt/common.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
  imports = [
    ../tmux.nix
    ../zsh
--- a/home/yt/ytnix.nix
+++ b/home/yt/ytnix.nix
@ -2,7 +2,8 @@
  pkgs,
  inputs,
  ...
-}: {
+}:
+{
  imports = [
    ./common.nix
    ../foot.nix
--- a/home/zsh/default.nix
+++ b/home/zsh/default.nix
@ -1,13 +1,17 @@
-{...}: {
+{ ... }:
+{
  programs.zsh = {
    enable = true;
    autosuggestion = {
      enable = true;
-      strategy = ["history" "completion"];
+      strategy = [
+        "history"
+        "completion"
+      ];
    };
    syntaxHighlighting = {
      enable = true;
-      highlighters = ["brackets"];
+      highlighters = [ "brackets" ];
    };
    autocd = true;
    defaultKeymap = "emacs";
@ -85,7 +89,7 @@
  programs.zoxide = {
    enable = true;
    enableZshIntegration = true;
-    options = ["--cmd cd"];
+    options = [ "--cmd cd" ];
  };

  programs.eza = {
--- a/hosts/chunk/adguard.nix
+++ b/hosts/chunk/adguard.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
  services.adguardhome = {
    enable = true;
    host = "127.0.0.1";
--- a/hosts/chunk/borg.nix
+++ b/hosts/chunk/borg.nix
@ -2,11 +2,29 @@
  pkgs,
  config,
  ...
-}: {
+}:
+{
  services.borgbackup.jobs = {
    crashRsync = {
-      paths = ["/root" "/home" "/var/backup" "/var/lib" "/var/log" "/opt" "/etc" "/vw-data"];
-      exclude = ["**/.cache" "**/node_modules" "**/cache" "**/Cache" "/var/lib/docker" "/var/lib/containers/cache" "/var/lib/containers/overlay*"];
+      paths = [
+        "/root"
+        "/home"
+        "/var/backup"
+        "/var/lib"
+        "/var/log"
+        "/opt"
+        "/etc"
+        "/vw-data"
+      ];
+      exclude = [
+        "**/.cache"
+        "**/node_modules"
+        "**/cache"
+        "**/Cache"
+        "/var/lib/docker"
+        "/var/lib/containers/cache"
+        "/var/lib/containers/overlay*"
+      ];
      repo = "de3911@de3911.rsync.net:borg/crash";
      encryption = {
        mode = "repokey-blake2";
@ -18,11 +36,13 @@
      };
      compression = "auto,zstd";
      startAt = "hourly";
-      extraCreateArgs = ["--stats"];
+      extraCreateArgs = [ "--stats" ];
      # warnings are often not that serious
      failOnWarnings = false;
      postHook = ''
-        ${pkgs.curl}/bin/curl -u $(cat ${config.sops.secrets."services/ntfy".path}) -d "chunk: backup completed with exit code: $exitStatus
+        ${pkgs.curl}/bin/curl -u $(cat ${
+          config.sops.secrets."services/ntfy".path
+        }) -d "chunk: backup completed with exit code: $exitStatus
        $(journalctl -u borgbackup-job-crashRsync.service|tail -n 5)" \
        https://ntfy.cything.io/chunk
      '';
--- a/hosts/chunk/conduit.nix
+++ b/hosts/chunk/conduit.nix
@ -2,11 +2,12 @@
  pkgs,
  config,
  ...
-}: {
+}:
+{
  virtualisation.oci-containers.containers.conduit = {
    image = "matrixconduit/matrix-conduit:latest";
    autoStart = true;
-    ports = ["127.0.0.1:8448:8448"];
+    ports = [ "127.0.0.1:8448:8448" ];
    pull = "newer";
    environment = {
      CONDUIT_SERVER_NAME = "cything.io";
@ -24,7 +25,7 @@
    volumes = [
      "/opt/conduit/db:/var/lib/matrix-conduit/"
    ];
-    networks = ["conduit-net"];
+    networks = [ "conduit-net" ];
  };

  systemd.services.create-conduit-net = {
--- a/hosts/chunk/default.nix
+++ b/hosts/chunk/default.nix
@ -3,7 +3,8 @@
  lib,
  pkgs,
  ...
-}: {
+}:
+{
  imports = [
    ./hardware-configuration.nix
    ../common.nix
@ -91,9 +92,20 @@
  networking.networkmanager.enable = true;
  networking.firewall = {
    enable = true;
-    allowedTCPPorts = [22 80 443 53 853];
-    allowedUDPPorts = [443 51820 53 853]; # 51820 is wireguard
-    trustedInterfaces = ["wg0"];
+    allowedTCPPorts = [
+      22
+      80
+      443
+      53
+      853
+    ];
+    allowedUDPPorts = [
+      443
+      51820
+      53
+      853
+    ]; # 51820 is wireguard
+    trustedInterfaces = [ "wg0" ];
  };
  networking.interfaces.ens18 = {
    ipv6.addresses = [
@ -117,7 +129,10 @@
    address = "31.59.129.1";
    interface = "ens18";
  };
-  networking.nameservers = ["127.0.0.1" "::1"];
+  networking.nameservers = [
+    "127.0.0.1"
+    "::1"
+  ];

  time.timeZone = "America/Toronto";

@ -129,12 +144,20 @@

  users.users.yt = {
    isNormalUser = true;
-    extraGroups = ["wheel" "networkmanager" "podman"];
-    openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux"];
+    extraGroups = [
+      "wheel"
+      "networkmanager"
+      "podman"
+    ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux"
+    ];
    shell = pkgs.zsh;
  };
  programs.zsh.enable = true;
-  users.users.root.openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux"];
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux"
+  ];

  environment.systemPackages = with pkgs; [
    vim
--- a/hosts/chunk/deluge.nix
+++ b/hosts/chunk/deluge.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
  services.deluge = {
    enable = true;
    web = {
--- a/hosts/chunk/ghost.nix
+++ b/hosts/chunk/ghost.nix
@ -2,11 +2,12 @@
  pkgs,
  config,
  ...
-}: {
+}:
+{
  virtualisation.oci-containers.containers.ghost = {
    image = "ghost:5-alpine";
    autoStart = true;
-    ports = ["127.0.0.1:8084:2368"];
+    ports = [ "127.0.0.1:8084:2368" ];
    pull = "newer";
    environment = {
      database__client = "mysql";
@ -20,8 +21,8 @@
    volumes = [
      "/opt/ghost/data:/var/lib/ghost/content"
    ];
-    networks = ["ghost-net"];
-    dependsOn = ["ghost-db"];
+    networks = [ "ghost-net" ];
+    dependsOn = [ "ghost-db" ];
  };

  virtualisation.oci-containers.containers.ghost-db = {
@ -34,7 +35,7 @@
    volumes = [
      "/opt/ghost/db:/var/lib/mysql"
    ];
-    networks = ["ghost-net"];
+    networks = [ "ghost-net" ];
  };

  systemd.services.create-ghost-net = {
--- a/hosts/chunk/gitlab.nix
+++ b/hosts/chunk/gitlab.nix
@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
  services.gitlab = {
    enable = true;
    https = true;
--- a/hosts/chunk/grafana.nix
+++ b/hosts/chunk/grafana.nix
@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
  services.grafana = {
    enable = true;
    settings.server = {
@ -16,7 +17,7 @@
    exporters = {
      node = {
        enable = true;
-        enabledCollectors = ["systemd"];
+        enabledCollectors = [ "systemd" ];
      };
    };
    scrapeConfigs = [
@ -24,7 +25,7 @@
        job_name = "chrysalis";
        static_configs = [
          {
-            targets = ["127.0.0.1:${toString config.services.prometheus.exporters.node.port}"];
+            targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ];
          }
        ];
      }
--- a/hosts/chunk/hardware-configuration.nix
+++ b/hosts/chunk/hardware-configuration.nix
@ -7,22 +7,29 @@
  pkgs,
  modulesPath,
  ...
-}: {
+}:
+{
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
  ];

-  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = ["kvm-intel"];
-  boot.extraModulePackages = [];
+  boot.initrd.availableKernelModules = [
+    "ata_piix"
+    "uhci_hcd"
+    "virtio_pci"
+    "sr_mod"
+    "virtio_blk"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];

  fileSystems."/" = {
    device = "/dev/disk/by-uuid/6fff5dd4-8d7a-43fa-85be-eec74ef2089e";
    fsType = "ext4";
  };

-  swapDevices = [];
+  swapDevices = [ ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
--- a/hosts/chunk/hedgedoc.nix
+++ b/hosts/chunk/hedgedoc.nix
@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
  services.hedgedoc = {
    enable = true;
    environmentFile = config.sops.secrets."hedgedoc/env".path;
--- a/hosts/chunk/immich.nix
+++ b/hosts/chunk/immich.nix
@ -2,18 +2,20 @@
  pkgs,
  config,
  ...
-}: let
+}:
+let
  uploadLocation = "/mnt/photos/immich";
  thumbsLocation = "/opt/immich/thumbs";
  profileLocation = "/opt/immich/profile";
  dbDataLocation = "/opt/immich/postgres";
  modelCache = "/opt/immich-ml";
-in {
+in
+{
  virtualisation.oci-containers.containers = {
    immich-server = {
      image = "ghcr.io/immich-app/immich-server:release";
      autoStart = true;
-      ports = ["127.0.0.1:2283:2283"];
+      ports = [ "127.0.0.1:2283:2283" ];
      pull = "newer";
      volumes = [
        "${uploadLocation}:/usr/src/app/upload"
@ -24,15 +26,18 @@ in {
        REDIS_HOSTNAME = "immich-redis";
        DB_HOSTNAME = "immich-db";
      };
-      networks = ["immich-net"];
-      dependsOn = ["immich-db" "immich-redis"];
+      networks = [ "immich-net" ];
+      dependsOn = [
+        "immich-db"
+        "immich-redis"
+      ];
    };

    immich-redis = {
      image = "redis:6.2-alpine";
      autoStart = true;
      pull = "newer";
-      networks = ["immich-net"];
+      networks = [ "immich-net" ];
    };

    immich-db = {
@ -45,17 +50,23 @@ in {
        POSTGRES_DB = "immich";
        POSTGRES_INITDB_ARGS = "--data-checksums";
      };
-      volumes = ["${dbDataLocation}:/var/lib/postgresql/data"];
+      volumes = [ "${dbDataLocation}:/var/lib/postgresql/data" ];
      cmd = [
        "postgres"
-        "-c" "shared_preload_libraries=vectors.so"
-        "-c" ''search_path="$$user", public, vectors''
-        "-c" "logging_collector=on"
-        "-c" "max_wal_size=2GB"
-        "-c" "shared_buffers=512MB"
-        "-c" "wal_compression=on"
+        "-c"
+        "shared_preload_libraries=vectors.so"
+        "-c"
+        ''search_path="$$user", public, vectors''
+        "-c"
+        "logging_collector=on"
+        "-c"
+        "max_wal_size=2GB"
+        "-c"
+        "shared_buffers=512MB"
+        "-c"
+        "wal_compression=on"
      ];
-      networks = ["immich-net"];
+      networks = [ "immich-net" ];
    };

    immich-ml = {
@ -66,8 +77,8 @@ in {
        REDIS_HOSTNAME = "immich-redis";
        DB_HOSTNAME = "immich-db";
      };
-      volumes = ["${modelCache}:/cache"];
-      networks = ["immich-net"];
+      volumes = [ "${modelCache}:/cache" ];
+      networks = [ "immich-net" ];
    };
  };

--- a/hosts/chunk/jellyfin.nix
+++ b/hosts/chunk/jellyfin.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
  services.jellyfin = {
    enable = true;
    dataDir = "/mnt/jellyfin";
--- a/hosts/chunk/miniflux.nix
+++ b/hosts/chunk/miniflux.nix
@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
  services.miniflux = {
    enable = true;
    adminCredentialsFile = config.sops.secrets."miniflux/env".path;
--- a/hosts/chunk/ntfy.nix
+++ b/hosts/chunk/ntfy.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
  services.ntfy-sh = {
    enable = true;
    settings = {
--- a/hosts/chunk/postgres.nix
+++ b/hosts/chunk/postgres.nix
@ -2,7 +2,8 @@
  pkgs,
  lib,
  ...
-}: {
+}:
+{
  services.postgresql = {
    enable = true;
    settings.port = 5432;
--- a/hosts/chunk/rclone.nix
+++ b/hosts/chunk/rclone.nix
@ -2,12 +2,13 @@
  pkgs,
  config,
  ...
-}: {
+}:
+{
  systemd.services.immich-mount = {
    enable = true;
    description = "Mount the immich data remote";
-    requires = ["network-online.target"];
-    requiredBy = ["podman-immich-server.service"];
+    requires = [ "network-online.target" ];
+    requiredBy = [ "podman-immich-server.service" ];
    serviceConfig = {
      Type = "notify";
      ExecStartPre = "/usr/bin/env mkdir -p /mnt/photos";
@ -32,19 +33,19 @@
  #   };
  # };

-#   systemd.services.jellyfin-mount = {
-#     enable = true;
-#     description = "Mount the jellyfin data remote";
-#     after = ["network-online.target"];
-#     requires = ["network-online.target"];
-#     requiredBy = ["jellyfin.service"];
-#     serviceConfig = {
-#       Type = "notify";
-#       ExecStartPre = "/usr/bin/env mkdir -p /mnt/jellyfin";
-#       ExecStart = "${pkgs.rclone}/bin/rclone mount --config /home/yt/.config/rclone/rclone.conf --allow-other --transfers=32 --dir-cache-time 72h --vfs-cache-mode writes --vfs-cache-max-size 2G jellyfin: /mnt/jellyfin";
-#       ExecStop = "${pkgs.fuse}/bin/fusermount -u /mnt/jellyfin";
-#       EnvironmentFile = config.sops.secrets."rclone/env".path;
-#     };
-#   };
+  #   systemd.services.jellyfin-mount = {
+  #     enable = true;
+  #     description = "Mount the jellyfin data remote";
+  #     after = ["network-online.target"];
+  #     requires = ["network-online.target"];
+  #     requiredBy = ["jellyfin.service"];
+  #     serviceConfig = {
+  #       Type = "notify";
+  #       ExecStartPre = "/usr/bin/env mkdir -p /mnt/jellyfin";
+  #       ExecStart = "${pkgs.rclone}/bin/rclone mount --config /home/yt/.config/rclone/rclone.conf --allow-other --transfers=32 --dir-cache-time 72h --vfs-cache-mode writes --vfs-cache-max-size 2G jellyfin: /mnt/jellyfin";
+  #       ExecStop = "${pkgs.fuse}/bin/fusermount -u /mnt/jellyfin";
+  #       EnvironmentFile = config.sops.secrets."rclone/env".path;
+  #     };
+  #   };
  programs.fuse.userAllowOther = true;
 }
--- a/hosts/chunk/redlib.nix
+++ b/hosts/chunk/redlib.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
  services.redlib = {
    enable = true;
    port = 8087;
--- a/hosts/chunk/tor.nix
+++ b/hosts/chunk/tor.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
  services.tor = {
    enable = true;
    openFirewall = true;
--- a/hosts/chunk/vaultwarden.nix
+++ b/hosts/chunk/vaultwarden.nix
@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
  services.vaultwarden = {
    enable = true;
    dbBackend = "postgresql";
--- a/hosts/chunk/wireguard.nix
+++ b/hosts/chunk/wireguard.nix
@ -2,16 +2,20 @@
  pkgs,
  config,
  ...
-}: {
+}:
+{
  networking.nat = {
    enable = true;
    enableIPv6 = true;
    externalInterface = "ens18";
-    internalInterfaces = ["wg0"];
+    internalInterfaces = [ "wg0" ];
  };

  networking.wg-quick.interfaces.wg0 = {
-    address = ["10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64"];
+    address = [
+      "10.0.0.1/24"
+      "fdc9:281f:04d7:9ee9::1/64"
+    ];
    listenPort = 51820;
    privateKeyFile = config.sops.secrets."wireguard/private".path;
    postUp = ''
@ -33,12 +37,18 @@
    peers = [
      {
        publicKey = "qUhWoTPVC7jJdDEJLYY92OeiwPkaf8I5pv5kkMcSW3g=";
-        allowedIPs = ["10.0.0.2/32" "fdc9:281f:04d7:9ee9::2/128"];
+        allowedIPs = [
+          "10.0.0.2/32"
+          "fdc9:281f:04d7:9ee9::2/128"
+        ];
        presharedKeyFile = config.sops.secrets."wireguard/psk-yt".path;
      }
      {
        publicKey = "JIGi60wzLw717Cim1dSFoLCdJz5rePa5AIFfuisJI0k=";
-        allowedIPs = ["10.0.0.3/32" "fdc9:281f:04d7:9ee9::3/128"];
+        allowedIPs = [
+          "10.0.0.3/32"
+          "fdc9:281f:04d7:9ee9::3/128"
+        ];
        presharedKeyFile = config.sops.secrets."wireguard/psk-phone".path;
      }
    ];
--- a/hosts/common.nix
+++ b/hosts/common.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
  nix = {
    settings = {
      experimental-features = "nix-command flakes";
@ -8,7 +9,7 @@
    channel.enable = false;
    optimise = {
      automatic = true;
-      dates = ["03:45"];
+      dates = [ "03:45" ];
    };
    gc = {
      automatic = true;
--- a/hosts/ytnix/default.nix
+++ b/hosts/ytnix/default.nix
@ -2,7 +2,8 @@
  config,
  pkgs,
  ...
-}: {
+}:
+{
  imports = [
    ./hardware-configuration.nix
    ../common.nix
@ -53,11 +54,14 @@
      dns = "none";
      wifi.backend = "iwd";
    };
-    nameservers = ["31.59.129.225" "2a0f:85c1:840:2bfb::1"];
+    nameservers = [
+      "31.59.129.225"
+      "2a0f:85c1:840:2bfb::1"
+    ];
    resolvconf.enable = true;
    firewall = {
-      allowedUDPPorts = [51820]; # for wireguard
-      trustedInterfaces = ["wg0"];
+      allowedUDPPorts = [ 51820 ]; # for wireguard
+      trustedInterfaces = [ "wg0" ];
    };
  };
  programs.nm-applet.enable = true;
@ -76,7 +80,10 @@
        "bluez5.enable-sbc-xq" = true;
        "bluez5.enable-msbc" = true;
        "bluez5.enable-hw-volume" = true;
-        "bluez5.roles" = ["a2dp_sink" "a2dp_source"];
+        "bluez5.roles" = [
+          "a2dp_sink"
+          "a2dp_source"
+        ];
      };
    };
    # https://wiki.archlinux.org/title/Bluetooth_headset#Connecting_works,_sound_plays_fine_until_headphones_become_idle,_then_stutters
@ -100,7 +107,11 @@

  users.users.yt = {
    isNormalUser = true;
-    extraGroups = ["wheel" "libvirtd" "docker"];
+    extraGroups = [
+      "wheel"
+      "libvirtd"
+      "docker"
+    ];
    shell = pkgs.zsh;
  };
  programs.zsh.enable = true;
@ -168,7 +179,14 @@
  programs.sway.enable = true;

  services.borgbackup.jobs.ytnixRsync = {
-    paths = ["/root" "/home" "/var/lib" "/var/log" "/opt" "/etc"];
+    paths = [
+      "/root"
+      "/home"
+      "/var/lib"
+      "/var/log"
+      "/opt"
+      "/etc"
+    ];
    exclude = [
      "**/.cache"
      "**/node_modules"
@ -194,11 +212,13 @@
    };
    compression = "auto,zstd";
    startAt = "daily";
-    extraCreateArgs = ["--stats"];
+    extraCreateArgs = [ "--stats" ];
    # warnings are often not that serious
    failOnWarnings = false;
    postHook = ''
-      ${pkgs.curl}/bin/curl -u $(cat ${config.sops.secrets."services/ntfy".path}) -d "ytnixRsync: backup completed with exit code: $exitStatus
+      ${pkgs.curl}/bin/curl -u $(cat ${
+        config.sops.secrets."services/ntfy".path
+      }) -d "ytnixRsync: backup completed with exit code: $exitStatus
      $(journalctl -u borgbackup-job-ytnixRsync.service|tail -n 5)" \
      https://ntfy.cything.io/chunk
    '';
@ -211,8 +231,8 @@
      snapshot_preserve_min = "2d";
      snapshot_dir = "/snapshots";
      subvolume = {
-        "/home" = {};
-        "/" = {};
+        "/home" = { };
+        "/" = { };
      };
    };
  };
@ -286,12 +306,18 @@

  # wireguard setup
  networking.wg-quick.interfaces.wg0 = {
-    address = ["10.0.0.2/24" "fdc9:281f:04d7:9ee9::2/64"];
+    address = [
+      "10.0.0.2/24"
+      "fdc9:281f:04d7:9ee9::2/64"
+    ];
    privateKeyFile = config.sops.secrets."wireguard/private".path;
    peers = [
      {
        publicKey = "a16/F/wP7HQIUtFywebqPSXQAktPsLgsMLH9ZfevMy0=";
-        allowedIPs = ["0.0.0.0/0" "::/0"];
+        allowedIPs = [
+          "0.0.0.0/0"
+          "::/0"
+        ];
        endpoint = "31.59.129.225:51820";
        persistentKeepalive = 25;
        presharedKeyFile = config.sops.secrets."wireguard/psk".path;
--- a/hosts/ytnix/hardware-configuration.nix
+++ b/hosts/ytnix/hardware-configuration.nix
@ -7,42 +7,63 @@
  pkgs,
  modulesPath,
  ...
-}: {
-  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = ["kvm-intel"];
-  boot.extraModulePackages = [];
+}:
+{
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "nvme"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];

  fileSystems."/" = {
    device = "/dev/disk/by-uuid/17870658-6118-46af-837f-70c9175e09c3";
    fsType = "btrfs";
-    options = ["subvol=root" "compress=zstd"];
+    options = [
+      "subvol=root"
+      "compress=zstd"
+    ];
  };

-  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/c6098a16-c8a6-4a97-8648-6f46ca919d13";
+  boot.initrd.luks.devices."cryptroot".device =
+    "/dev/disk/by-uuid/c6098a16-c8a6-4a97-8648-6f46ca919d13";

  fileSystems."/home" = {
    device = "/dev/disk/by-uuid/17870658-6118-46af-837f-70c9175e09c3";
    fsType = "btrfs";
-    options = ["subvol=home" "compress=zstd"];
+    options = [
+      "subvol=home"
+      "compress=zstd"
+    ];
  };

  fileSystems."/nix" = {
    device = "/dev/disk/by-uuid/17870658-6118-46af-837f-70c9175e09c3";
    fsType = "btrfs";
-    options = ["subvol=nix" "compress=zstd" "noatime"];
+    options = [
+      "subvol=nix"
+      "compress=zstd"
+      "noatime"
+    ];
  };

  fileSystems."/swap" = {
    device = "/dev/disk/by-uuid/17870658-6118-46af-837f-70c9175e09c3";
    fsType = "btrfs";
-    options = ["subvol=swap"];
+    options = [ "subvol=swap" ];
  };

  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/29B7-F46D";
    fsType = "vfat";
-    options = ["fmask=0022" "dmask=0022"];
+    options = [
+      "fmask=0022"
+      "dmask=0022"
+    ];
  };

  swapDevices = [
@ -52,7 +73,7 @@
  ];

  boot.resumeDevice = "/dev/disk/by-uuid/17870658-6118-46af-837f-70c9175e09c3";
-  boot.kernelParams = ["resume_offset=53224704"];
+  boot.kernelParams = [ "resume_offset=53224704" ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's