all: switch to nixpkgs-fmt

2023-09-12 08:44:05 -06:00 · 2023-09-12 08:44:05 -06:00 · a0228f4226
commit a0228f4226
parent dcd0acbdd7
143 changed files with 3151 additions and 2994 deletions
--- a/bin/fmt
+++ b/bin/fmt
@ -2,11 +2,12 @@

 set -e

-find . -name \*.nix -exec nix fmt -- -q {} \+
+find . -name \*.nix -exec nix fmt {} \+
 find . -name \*.sh -exec shfmt -w {} \+

 deadnix -f .
 shfmt -w bin/deploy
 shfmt -w bin/mkboot
 # TODO: https://github.com/nerdypepper/statix/issues/68
-statix check --ignore lib/default.nix .
+#statix check --ignore lib/default.nix .
+statix check .
--- a/bins/default.nix
+++ b/bins/default.nix
@ -1,8 +1,8 @@
-{
-  pkgs,
-  isUnstable,
-  ...
-}: let
+{ pkgs
+, isUnstable
+, ...
+}:
+let
  gosignify = pkgs.callPackage ../pkgs/gosignify.nix { inherit isUnstable; };

  ix = pkgs.writeScriptBin "ix" (import ./ix.nix { inherit (pkgs) perl; });
@ -19,7 +19,8 @@
    inherit (pkgs) curl;
  });
  genPatches = pkgs.callPackage ./gen-patches.nix { };
-in {
+in
+{
  environment.systemPackages = with pkgs; [
    checkRestart
    genPatches
--- a/bins/gen-patches.nix
+++ b/bins/gen-patches.nix
@ -1,10 +1,10 @@
-{
-  writeShellApplication,
-  diffutils,
-  findutils,
-  coreutils,
-  ...
-}: let
+{ writeShellApplication
+, diffutils
+, findutils
+, coreutils
+, ...
+}:
+let
  genPatches = writeShellApplication {
    name = "gen-patches";
    runtimeInputs = [ diffutils findutils coreutils ];
--- a/bins/icb-irc-tunnel.nix
+++ b/bins/icb-irc-tunnel.nix
@ -1,6 +1,6 @@
-{
-  pkgs,
-  icbirc,
+{ pkgs
+, icbirc
+,
 }: ''
  #!${pkgs.yash}/bin/yash
  ${pkgs.procps}/bin/pkill icbirc
--- a/bins/rage.nix
+++ b/bins/rage.nix
@ -1,4 +1,5 @@
-{pkgs}: let
+{ pkgs }:
+let
  oathPkg = pkgs.oath-toolkit or pkgs.oathToolkit;
  wlclip =
    if pkgs.system == "aarch64-darwin"
@ -8,7 +9,8 @@
    if pkgs.system == "aarch64-darwin"
    then "pbcopy"
    else "${pkgs.xclip}/bin/xclip";
-in ''
+in
+''
  #!${pkgs.yash}/bin/yash

  set -e
--- a/bins/restic.nix
+++ b/bins/restic.nix
@ -1,8 +1,7 @@
-{
-  lib,
-  pkgs,
-  config,
-  ...
+{ lib
+, pkgs
+, config
+, ...
 }:
 assert (builtins.length
  (lib.mapAttrsToList (a: _: a) config.services.restic.backups))
@ -10,7 +9,8 @@ assert (builtins.length
  resticBin = "${pkgs.restic}/bin/restic";
  cfg = config.services.restic.backups;
  bkp = lib.mapAttrs' (_: lib.nameValuePair "default") cfg;
-in ''
+in
+''
  #!/usr/bin/env sh

  set -e
--- a/bins/rpr.nix
+++ b/bins/rpr.nix
@ -1,12 +1,14 @@
-{
-  tea,
-  gh,
-  hut,
-}: let
+{ tea
+, gh
+, hut
+,
+}:
+let
  teaBin = "${tea}/bin/tea";
  ghBin = "${gh}/bin/gh";
  htBin = "${hut}/bin/hut";
-in ''
+in
+''
  #!/usr/bin/env sh

  set -eu
--- a/bins/sfetch.nix
+++ b/bins/sfetch.nix
@ -1,6 +1,6 @@
-{
-  curl,
-  gosignify,
+{ curl
+, gosignify
+,
 }: ''
  #!/usr/bin/env sh

--- a/bins/tstart.nix
+++ b/bins/tstart.nix
@ -1,6 +1,8 @@
-{tmux}: let
+{ tmux }:
+let
  tmuxBin = "${tmux}/bin/tmux";
-in ''
+in
+''
  #!/usr/bin/env sh

  set -e
--- a/bins/xin-status.nix
+++ b/bins/xin-status.nix
@ -1,7 +1,6 @@
-{
-  perl,
-  perlPackages,
-  ...
+{ perl
+, perlPackages
+, ...
 }: ''
  #!${perl}/bin/perl

--- a/configs/ca.nix
+++ b/configs/ca.nix
@ -1,9 +1,9 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: let
+{ config
+, lib
+, pkgs
+, ...
+}:
+let
  cfg = config.services.xinCA;
 in
 with lib; {
--- a/configs/ci.nix
+++ b/configs/ci.nix
@ -1,11 +1,11 @@
-{
-  config,
-  lib,
-  pkgs,
-  inputs,
-  xinlib,
-  ...
-}: let
+{ config
+, lib
+, pkgs
+, inputs
+, xinlib
+, ...
+}:
+let
  #inherit (xinlib) prIsOpen;
  jobs = [
    {
--- a/configs/colemak.nix
+++ b/configs/colemak.nix
@ -1,7 +1,6 @@
-{
-  config,
-  lib,
-  ...
+{ config
+, lib
+, ...
 }:
 with lib; {
  options = {
--- a/configs/dns.nix
+++ b/configs/dns.nix
@ -1,7 +1,6 @@
-{
-  config,
-  lib,
-  ...
+{ config
+, lib
+, ...
 }:
 with lib; {
  options = {
--- a/configs/doas.nix
+++ b/configs/doas.nix
@ -1,7 +1,6 @@
-{
-  config,
-  lib,
-  ...
+{ config
+, lib
+, ...
 }:
 with lib; {
  options = {
--- a/configs/emacs.nix
+++ b/configs/emacs.nix
@ -1,15 +1,15 @@
-{
-  runCommand,
-  emacsWithPackagesFromUsePackage,
-  pkgs,
-  lib,
-  makeWrapper,
-  mu,
-  writeTextDir,
-  emacs,
-  emacsPkg ? pkgs.emacsPgtkNativeComp,
-  ...
-}: let
+{ runCommand
+, emacsWithPackagesFromUsePackage
+, pkgs
+, lib
+, makeWrapper
+, mu
+, writeTextDir
+, emacs
+, emacsPkg ? pkgs.emacsPgtkNativeComp
+, ...
+}:
+let
  muDir = "${mu}/share/emacs/site-lisp/mu4e";

  # Generate a .el file from our emacs.org.
--- a/configs/git.nix
+++ b/configs/git.nix
@ -1,4 +1,5 @@
-{config, ...}: let
+{ config, ... }:
+let
  rewriteGitHub =
    if config.networking.hostName != "stan"
    then {
@ -7,7 +8,8 @@
    else {
      url = { };
    };
-in {
+in
+{
  programs.git = {
    enable = true;
    lfs.enable = true;
--- a/configs/helix.nix
+++ b/configs/helix.nix
@ -1,8 +1,8 @@
-{
-  pkgs,
-  linkFarm,
-  ...
-}: let
+{ pkgs
+, linkFarm
+, ...
+}:
+let
  tomlFmt = pkgs.formats.toml { };
  helixBin = "${pkgs.helix}/bin/hx";

--- a/configs/manager.nix
+++ b/configs/manager.nix
@ -1,10 +1,10 @@
-{
-  config,
-  lib,
-  pkgs,
-  inputs,
-  ...
-}: let
+{ config
+, lib
+, pkgs
+, inputs
+, ...
+}:
+let
  microcaBin = "${pkgs.microca}/bin/microca";
  microca = pkgs.writeScriptBin "microca" ''
    #!/usr/bin/env sh
--- a/configs/neovim.nix
+++ b/configs/neovim.nix
@ -139,13 +139,11 @@ with pkgs; let
    parchment
    vacme
  ];
-  myVimPackages =
-    if pkgs.system == "aarch64-linux"
-    then baseVimPackages
-    else baseVimPackages ++ [];
-in {
+  myVimPackages = baseVimPackages;
+in
+{
  environment.systemPackages = with pkgs; [
-    alejandra
+    nixpkgs-fmt
    elmPackages.elm
    elmPackages.elm-format
    elmPackages.elm-language-server
--- a/configs/net-overlay.nix
+++ b/configs/net-overlay.nix
@ -1,8 +1,7 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
+{ config
+, lib
+, pkgs
+, ...
 }:
 with lib; {
  options = {
--- a/configs/peerix.nix
+++ b/configs/peerix.nix
@ -1,8 +1,7 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
+{ config
+, lib
+, pkgs
+, ...
 }:
 with lib; {
  options = {
@ -55,7 +54,8 @@ with lib; {

    environment.systemPackages = [ pkgs.zerotierone ];

-    networking.firewall.interfaces = listToAttrs (flatten (map (i: {
+    networking.firewall.interfaces = listToAttrs (flatten (map
+      (i: {
        name = i;
        value = {
          allowedUDPPorts = [ 12304 ];
--- a/configs/tailnet.nix
+++ b/configs/tailnet.nix
@ -1,12 +1,13 @@
-{
-  config,
-  pkgs,
-  lib,
-  inputs,
-  xinlib,
-  ...
-}: let
-  tailnetACLs = let
+{ config
+, pkgs
+, lib
+, inputs
+, xinlib
+, ...
+}:
+let
+  tailnetACLs =
+    let
      acls = {
        hosts = {
          europa = "100.92.31.80";
--- a/dbuild/build-consumer.nix
+++ b/dbuild/build-consumer.nix
@ -1,7 +1,6 @@
-{
-  config,
-  lib,
-  ...
+{ config
+, lib
+, ...
 }:
 with lib; {
  options = {
@ -21,7 +20,8 @@ with lib; {
      	IdentitiesOnly yes
      	IdentityFile /root/.ssh/nix_remote
    '';
-    nix.buildMachines = [
+    nix = {
+      buildMachines = [
        {
          hostName = "pcake";
          systems = [ "x86_64-linux" "aarch64-linux" ];
@ -32,9 +32,10 @@ with lib; {
        }
      ];

-    nix.distributedBuilds = true;
-    nix.extraOptions = ''
+      distributedBuilds = true;
+      extraOptions = ''
        builders-use-substitutes = true
      '';
    };
+  };
 }
--- a/dbuild/build-server.nix
+++ b/dbuild/build-server.nix
@ -1,7 +1,6 @@
-{
-  config,
-  lib,
-  ...
+{ config
+, lib
+, ...
 }:
 with lib; {
  options = {
--- a/default.nix
+++ b/default.nix
@ -1,12 +1,12 @@
-{
-  config,
-  lib,
-  options,
-  pkgs,
-  xinlib,
-  isUnstable,
-  ...
-}: let
+{ config
+, lib
+, options
+, pkgs
+, xinlib
+, isUnstable
+, ...
+}:
+let
  inherit (xinlib) todo;
  caPubKeys = builtins.concatStringsSep "\n" [
    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5xMSYMwu6rjjLe2UYs1YGCIBVs35E9db2qAjNltCVPG5UoctxCDXxIz0PMOJrBbfqZzP/6qPU1WAhdGNTZ5eXq/ftnhI+2xFfMg1uzpXZ9vjy8lUCfXIObtoEdZ9h/7OUCN/BnL0ySqsamkcUo8SAj6wXoNCdwk6oncfyTmhPnoW5tCWCS9p7Q/LuWpYGsvW5nFDSxteP7re6SUe10eftIkFAPNhKA2lsrvzMgjxhnXqwIr1qJeY0otcuYA4V5V09FmElbnOWVuy4Pt8SqV4N9ykkAUXZN1Pi7Q4JnCUifRJVWpKHLoJe0mqwMDJbGtt2Akn3EwiGhyaVjq2FFgBKAb7w8UAE8gob8n4+DOx4TQAXlmWviYij2Xh6CvepbamxlJMvVdWgqk53+u4e+/oOQQ9QTmQvAuecg9dSO3m7+hNHEf+0TXjuTNlk9KHRg4s7ZAI+2Stfo1tBrvEeE2fAF//Mw7zaLPKmEbMiXdbDs816gvYtG6Y36fTGyzhowDQAMNm+zbg8YPz7xFukLdSCPt7RcpPnP1iJs/hGBnog5UaG/Cm4ftkm9zKvOaQKIoA/GQ3yQSyltczA+2h5fur6VQQGrQeVhAcXm9a6GaLPWxgvJX/og76CHps0rYzFM3QBlsiJ+Z0sstk5TtBex9nTjwRZ1U9+4DQes2TB4/uxnQ== SUAH CA"
@ -18,7 +18,8 @@
  '';
  gosignify = pkgs.callPackage ./pkgs/gosignify.nix { inherit isUnstable; };
  myOpenSSH = pkgs.callPackage ./pkgs/openssh { };
-in {
+in
+{
  imports = [
    ./configs
    ./dbuild
@ -151,7 +152,9 @@ in {
        };
    };

-    environment.systemPackages = with pkgs;
+    environment = {
+      etc."ssh/ca.pub" = { text = caPubKeys; };
+      systemPackages = with pkgs;
        [
          age
          apg
@ -181,9 +184,10 @@ in {
          else [ ]
        );

-    environment.interactiveShellInit = ''
+      interactiveShellInit = ''
        alias vi=nvim
      '';
+    };

    time.timeZone = "US/Mountain";

@ -216,8 +220,6 @@ in {
      };
    };

-    environment.etc."ssh/ca.pub" = {text = caPubKeys;};
-
    services.logrotate.checkConfig =
      todo "logrotate disabled: https://github.com/NixOS/nix/issues/8502" false;

--- a/flake.nix
+++ b/flake.nix
@ -80,24 +80,25 @@
    };
  };

-  outputs = {
-    self,
-    darwin,
-    gostart,
-    nixos-hardware,
-    peerix,
-    po,
-    pots,
-    pr-status,
-    stable,
-    tsRevProx,
-    tsvnstat,
-    unstable,
-    unstableSmall,
-    xin-secrets,
-    xintray,
-    ...
-  } @ inputs: let
+  outputs =
+    { self
+    , darwin
+    , gostart
+    , nixos-hardware
+    , peerix
+    , po
+    , pots
+    , pr-status
+    , stable
+    , tsRevProx
+    , tsvnstat
+    , unstable
+    , unstableSmall
+    , xin-secrets
+    , xintray
+    , ...
+    } @ inputs:
+    let
      xinlib = import ./lib { inherit (unstable) lib; };
      supportedSystems = [ "x86_64-linux" ];
      #[ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
@ -148,9 +149,11 @@
            ++ [
              {
                nix = {
-                registry.nixpkgs.flake = sysBase;
-                registry.stable.flake = stable;
-                registry.unstable.flake = unstable;
+                  registry = {
+                    nixpkgs.flake = sysBase;
+                    stable.flake = stable;
+                    unstable.flake = unstable;
+                  };
                  nixPath = [ "nixpkgs=${sysBase}" ];
                };
              }
@ -160,7 +163,8 @@
        };
      lpkgs = unstable.legacyPackages.x86_64-linux;
      darwinPkgs = unstableSmall.legacyPackages.aarch64-darwin;
-  in {
+    in
+    {
      darwinConfigurations = {
        plq = darwin.lib.darwinSystem {
          system = "aarch64-darwin";
@ -178,7 +182,8 @@
      # everything before deploying
      legacyPackages.x86_64-linux = import unstable {
        system = "x86_64-linux";
-      overlays = let
+        overlays =
+          let
            overlayFn = import ./overlays;
            stableList = overlayFn {
              isUnstable = true;
@ -189,11 +194,11 @@
              inherit xinlib;
            };
          in
-        [] ++ stableList.nixpkgs.overlays ++ unstableList.nixpkgs.overlays;
+          stableList.nixpkgs.overlays ++ unstableList.nixpkgs.overlays;
      };

-    formatter.x86_64-linux = stable.legacyPackages.x86_64-linux.alejandra;
-    formatter.aarch64-darwin = stable.legacyPackages.aarch64-darwin.alejandra;
+      formatter.x86_64-linux = stable.legacyPackages.x86_64-linux.nixpkgs-fmt;
+      formatter.aarch64-darwin = stable.legacyPackages.aarch64-darwin.nixpkgs-fmt;

      devShells.x86_64-linux.default = xinlib.buildShell lpkgs;
      devShells.aarch64-darwin.default = xinlib.buildShell darwinPkgs;
@ -259,10 +264,12 @@
        };
      };

-    packages = forAllSystems (system: let
+      packages = forAllSystems (system:
+        let
          upkgs = unstablePkgsFor.${system};
          spkgs = stablePkgsFor.${system};
-    in {
+        in
+        {
          ada_language_server =
            spkgs.callPackage ./pkgs/ada_language_server.nix { inherit spkgs; };
          alire = spkgs.callPackage ./pkgs/alire.nix { inherit spkgs; };
@ -330,35 +337,40 @@
          inherit (spkgs) matrix-synapse;
        });

-    templates."ada" = {
+      templates = {
+        "ada" = {
          path = ./templates/ada;
          description = "Ada template.";
        };
-    templates."go" = {
+        "go" = {
          path = ./templates/go;
          description = "Go template.";
        };
-    templates."perl" = {
+        "perl" = {
          path = ./templates/perl;
          description = "Perl template.";
        };
-    templates."mojo" = {
+        "mojo" = {
          path = ./templates/mojo;
          description = "Perl MojoLicious template.";
        };
-    templates."ocaml" = {
+        "ocaml" = {
          path = ./templates/ocaml;
          description = "OCaml template.";
        };
+      };

-    checks = let
+      checks =
+        let
          buildList = [ "europa" "stan" "h" "box" "faf" "weather" ];
        in
        with unstable.lib;
-        foldl' recursiveUpdate {} (mapAttrsToList (name: system: {
+        foldl' recursiveUpdate { } (mapAttrsToList
+          (name: system: {
            "${system.pkgs.stdenv.hostPlatform.system}"."${name}" =
              system.config.system.build.toplevel;
-          }) (filterAttrs (n: _: (builtins.elem n buildList))
+          })
+          (filterAttrs (n: _: (builtins.elem n buildList))
            self.nixosConfigurations));
    };
 }
--- a/gui/arcan.nix
+++ b/gui/arcan.nix
@ -1,8 +1,7 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
+{ config
+, lib
+, pkgs
+, ...
 }:
 with lib; {
  options = {
--- a/gui/default.nix
+++ b/gui/default.nix
@ -1,10 +1,10 @@
-{
-  config,
-  lib,
-  pkgs,
-  xinlib,
-  ...
-}: let
+{ config
+, lib
+, pkgs
+, xinlib
+, ...
+}:
+let
  firefox = import ../configs/firefox.nix { inherit pkgs; };
  rage = pkgs.writeScriptBin "rage" (import ../bins/rage.nix { inherit pkgs; });
  rpr =
--- a/gui/gnome.nix
+++ b/gui/gnome.nix
@ -1,7 +1,6 @@
-{
-  config,
-  lib,
-  ...
+{ config
+, lib
+, ...
 }:
 with lib; {
  options = { gnome = { enable = mkEnableOption "Enable GNOME desktop."; }; };
--- a/gui/kde.nix
+++ b/gui/kde.nix
@ -1,11 +1,12 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: let
+{ config
+, lib
+, pkgs
+, ...
+}:
+let
  inherit (pkgs.libsForQt5) callPackage;
-in {
+in
+{
  options = { kde = { enable = lib.mkEnableOption "Enable KDE desktop."; }; };

  config = lib.mkIf config.kde.enable {
--- a/gui/xfce.nix
+++ b/gui/xfce.nix
@ -1,8 +1,7 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
+{ config
+, lib
+, pkgs
+, ...
 }:
 with lib; {
  options = { xfce = { enable = mkEnableOption "Enable XFCE desktop."; }; };
--- a/hosts/box/default.nix
+++ b/hosts/box/default.nix
@ -1,11 +1,11 @@
-{
-  inputs,
-  config,
-  lib,
-  pkgs,
-  isUnstable,
-  ...
-}: let
+{ inputs
+, config
+, lib
+, pkgs
+, isUnstable
+, ...
+}:
+let
  #photoPrismTag = "220901-bullseye";
  httpCacheTime = "720m";
  httpAllow = ''
@ -44,7 +44,8 @@
    owner = config.users.users.nginx.name;
    mode = "400";
  };
-in {
+in
+{
  _module.args.isUnstable = false;
  imports = [
    ./hardware-configuration.nix
@ -67,39 +68,43 @@ in {
    };
    "bitwarden_rs.env" = { sopsFile = config.xin-secrets.box.services; };
    "wireguard_private_key" = { sopsFile = config.xin-secrets.box.services; };
+
+    books_cert = mkNginxSecret;
+    books_key = mkNginxSecret;
+    jelly_cert = mkNginxSecret;
+    jelly_key = mkNginxSecret;
+    lidarr_cert = mkNginxSecret;
+    lidarr_key = mkNginxSecret;
+    nzb_cert = mkNginxSecret;
+    nzb_key = mkNginxSecret;
+    prowlarr_cert = mkNginxSecret;
+    prowlarr_key = mkNginxSecret;
+    radarr_cert = mkNginxSecret;
+    radarr_key = mkNginxSecret;
+    reddit_cert = mkNginxSecret;
+    reddit_key = mkNginxSecret;
+    sonarr_cert = mkNginxSecret;
+    sonarr_key = mkNginxSecret;
+    graph_cert = mkNginxSecret;
+    graph_key = mkNginxSecret;
+    bw_cert = mkNginxSecret;
+    bw_key = mkNginxSecret;
+    invidious_cert = mkNginxSecret;
+    invidious_key = mkNginxSecret;
+    readarr_cert = mkNginxSecret;
+    readarr_key = mkNginxSecret;
+    home_cert = mkNginxSecret;
+    home_key = mkNginxSecret;
  };

-  sops.secrets.books_cert = mkNginxSecret;
-  sops.secrets.books_key = mkNginxSecret;
-  sops.secrets.jelly_cert = mkNginxSecret;
-  sops.secrets.jelly_key = mkNginxSecret;
-  sops.secrets.lidarr_cert = mkNginxSecret;
-  sops.secrets.lidarr_key = mkNginxSecret;
-  sops.secrets.nzb_cert = mkNginxSecret;
-  sops.secrets.nzb_key = mkNginxSecret;
-  sops.secrets.prowlarr_cert = mkNginxSecret;
-  sops.secrets.prowlarr_key = mkNginxSecret;
-  sops.secrets.radarr_cert = mkNginxSecret;
-  sops.secrets.radarr_key = mkNginxSecret;
-  sops.secrets.reddit_cert = mkNginxSecret;
-  sops.secrets.reddit_key = mkNginxSecret;
-  sops.secrets.sonarr_cert = mkNginxSecret;
-  sops.secrets.sonarr_key = mkNginxSecret;
-  sops.secrets.graph_cert = mkNginxSecret;
-  sops.secrets.graph_key = mkNginxSecret;
-  sops.secrets.bw_cert = mkNginxSecret;
-  sops.secrets.bw_key = mkNginxSecret;
-  sops.secrets.invidious_cert = mkNginxSecret;
-  sops.secrets.invidious_key = mkNginxSecret;
-  sops.secrets.readarr_cert = mkNginxSecret;
-  sops.secrets.readarr_key = mkNginxSecret;
-  sops.secrets.home_cert = mkNginxSecret;
-  sops.secrets.home_key = mkNginxSecret;
-
-  boot.supportedFilesystems = ["zfs"];
-  boot.loader.grub.copyKernels = true;
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
+  boot = {
+    supportedFilesystems = [ "zfs" ];
+    loader = {
+      grub.copyKernels = true;
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+  };

  doas.enable = true;

@ -200,21 +205,25 @@ in {
    defaults.email = "aaron@bolddaemon.com";
  };

-  users.groups.media = {
+  users = {
+    groups = {
+      media = {
        name = "media";
        members = [ "qbit" "sonarr" "radarr" "lidarr" "nzbget" "jellyfin" "headphones" "rtorrent" "readarr" ];
      };

-  users.groups.photos = {
+      photos = {
        name = "photos";
        members = [ "qbit" ];
      };

-  users.groups.photoprism = {
+      photoprism = {
        name = "photoprism";
        gid = 986;
      };
-  users.users.photoprism = {
+    };
+    users = {
+      photoprism = {
        uid = 991;
        name = "photoprism";
        isSystemUser = true;
@ -223,12 +232,7 @@ in {
        shell = "/bin/sh";
        openssh.authorizedKeys.keys = pubKeys;
      };
-
-  systemd.services.photoprism = {
-    serviceConfig = {
-      WorkingDirectory = lib.mkForce "/media/pictures/photoprism";
    };
-    preStart = lib.mkForce "";
  };

  hardware.rtl-sdr.enable = true;
@ -382,7 +386,8 @@ in {
    };
    cron = {
      enable = true;
-      systemCronJobs = let
+      systemCronJobs =
+        let
          tsCertsScript = pkgs.writeScriptBin "ts-certs.sh" ''
            #!/usr/bin/env sh
            . /etc/profile;
@ -396,7 +401,8 @@ in {
              chown nginx /etc/nixos/secrets/box.humpback-trout.ts.net.*
            ) >/dev/null 2>&1
          '';
-      in ["@daily root ${tsCertsScript}/bin/ts-certs.sh"];
+        in
+        [ "@daily root ${tsCertsScript}/bin/ts-certs.sh" ];
    };
    openssh = { settings.X11Forwarding = true; };

@ -1049,23 +1055,35 @@ in {
    };
  };

-  systemd.services.nginx.serviceConfig = {
+  systemd = {
+    services = {
+      photoprism = {
+        serviceConfig = {
+          WorkingDirectory = lib.mkForce "/media/pictures/photoprism";
+        };
+        preStart = lib.mkForce "";
+      };
+
+      nginx.serviceConfig = {
        ReadWritePaths = [ "/backups/nginx_cache" ];
        ReadOnlyPaths = [ "/etc/nixos/secrets" ];
      };

-  systemd.services.gitea.environment = {
+      gitea.environment = {
        GIT_CONFIG_NOGLOBAL = "true";
        GIT_CONFIG_NOSYSTEM = "true";
      };
-
-  #systemd.services."nextcloud-setup" = {
+      #"nextcloud-setup" = {
      #  requires = [ "postgresql.service" ];
      #  after = [ "postgresql.service" ];
      #};
+    };
+  };

-  users.users.qbit = userBase;
-  users.users.root = userBase;
+  users.users = {
+    qbit = userBase;
+    root = userBase;
+  };

  programs.zsh.enable = true;

--- a/hosts/box/hardware-configuration.nix
+++ b/hosts/box/hardware-configuration.nix
@ -1,70 +1,76 @@
 { ... }: {
-  boot.initrd.availableKernelModules = ["ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = ["kvm-intel" "wireguard"];
-  boot.extraModulePackages = [];
+  boot = {
+    initrd = {
+      availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+      kernelModules = [ ];
+    };
+    kernelModules = [ "kvm-intel" "wireguard" ];
+    extraModulePackages = [ ];
+  };

  hardware.enableRedistributableFirmware = true;

-  fileSystems."/" = {
+  fileSystems = {
+    "/" = {
      device = "/dev/disk/by-uuid/248dfcf7-999b-4dba-bfbf-0b10dbb376b1";
      fsType = "ext4";
    };

-  fileSystems."/home" = {
+    "/home" = {
      device = "rpool/home";
      fsType = "zfs";
    };

-  fileSystems."/backups" = {
+    "/backups" = {
      device = "rpool/backups";
      fsType = "zfs";
    };

-  fileSystems."/media/music" = {
+    "/media/music" = {
      device = "rpool/media/music";
      fsType = "zfs";
    };

-  fileSystems."/media/movies" = {
+    "/media/movies" = {
      device = "rpool/media/movies";
      fsType = "zfs";
    };

-  fileSystems."/media/pictures" = {
+    "/media/pictures" = {
      device = "rpool/pictures";
      fsType = "zfs";
    };

-  fileSystems."/media/tv" = {
+    "/media/tv" = {
      device = "rpool/media/tv";
      fsType = "zfs";
    };

-  fileSystems."/media/nextcloud" = {
+    "/media/nextcloud" = {
      device = "rpool/nextcloud";
      fsType = "zfs";
    };

-  fileSystems."/media/git" = {
+    "/media/git" = {
      device = "rpool/git";
      fsType = "zfs";
    };

-  fileSystems."/media/downloads" = {
+    "/media/downloads" = {
      device = "rpool/downloads";
      fsType = "zfs";
    };

-  fileSystems."/db/postgres" = {
+    "/db/postgres" = {
      device = "rpool/db/postgres";
      fsType = "zfs";
    };

-  fileSystems."/boot" = {
+    "/boot" = {
      device = "/dev/disk/by-uuid/2AC3-DB6C";
      fsType = "vfat";
    };
+  };

  swapDevices = [{ device = "/dev/disk/by-uuid/97d6ef56-ea18-493b-aac0-e58e773ced30"; }];
 }
--- a/hosts/europa/default.nix
+++ b/hosts/europa/default.nix
@ -1,11 +1,11 @@
-{
-  inputs,
-  config,
-  pkgs,
-  lib,
-  xinlib,
-  ...
-}: let
+{ inputs
+, config
+, pkgs
+, lib
+, xinlib
+, ...
+}:
+let
  inherit (inputs.stable.legacyPackages.${pkgs.system}) chirp;
  restic = pkgs.writeScriptBin "restic" (import ../../bins/restic.nix {
    inherit pkgs;
@ -40,7 +40,8 @@
      path = [ pkgs.taskobs ] ++ pkgs.taskobs.buildInputs;
    }
  ];
-in {
+in
+{
  _module.args.isUnstable = true;

  imports = [ ./hardware-configuration.nix ../../pkgs ../../configs/neomutt.nix ];
@ -231,9 +232,10 @@ in {
    ''
  ];

-  systemd.user.services =
+  systemd = {
+    user.services =
      lib.listToAttrs (builtins.map xinlib.jobToUserService jobs);
-  systemd.services."whytailscalewhy" = {
+    services."whytailscalewhy" = {
      description = "Tailscale restart on resume";
      wantedBy = [ "post-resume.target" ];
      after = [ "post-resume.target" ];
@ -243,6 +245,7 @@ in {
      '';
      serviceConfig.Type = "oneshot";
    };
+  };

  virtualisation.docker.enable = false;
  users.users.qbit.extraGroups = [
@ -358,7 +361,9 @@ in {
    }
  ];

-  system.autoUpgrade.allowReboot = false;
-  system.autoUpgrade.enable = false;
-  system.stateVersion = "21.11";
+  system = {
+    autoUpgrade.allowReboot = false;
+    autoUpgrade.enable = false;
+    stateVersion = "21.11";
+  };
 }
--- a/hosts/europa/hardware-configuration.nix
+++ b/hosts/europa/hardware-configuration.nix
@ -1,15 +1,18 @@
-{
-  config,
-  lib,
-  modulesPath,
-  ...
+{ config
+, lib
+, modulesPath
+, ...
 }: {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

-  boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = ["kvm-intel"];
-  boot.extraModulePackages = [];
+  boot = {
+    initrd = {
+      availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" ];
+      kernelModules = [ ];
+    };
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];
+  };

  fileSystems = {
    "/" = {
--- a/hosts/faf/default.nix
+++ b/hosts/faf/default.nix
@ -1,19 +1,25 @@
-{config, ...}: let
+{ config, ... }:
+let
  pubKeys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPMaAm4rDxyU975Z54YiNw3itC2fGc3SaE2VaS1fai8 root@box"
  ];
  userBase = {
    openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys;
  };
-in {
+in
+{
  _module.args.isUnstable = false;
  imports = [ ./hardware-configuration.nix ];

-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
+  boot = {
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };

-  boot.supportedFilesystems = ["zfs"];
-  boot.zfs.devNodes = "/dev/";
+    supportedFilesystems = [ "zfs" ];
+    zfs.devNodes = "/dev/";
+  };

  networking = {
    hostName = "faf";
@ -23,13 +29,17 @@ in {
    interfaces.enp1s0.useDHCP = true;
    interfaces.enp2s0.useDHCP = true;

-    firewall.allowedTCPPorts = [22 53 config.services.prometheus.exporters.node.port];
-    firewall.allowedUDPPorts = [53];
+    firewall = {
+      allowedTCPPorts = [ 22 53 config.services.prometheus.exporters.node.port ];
+      allowedUDPPorts = [ 53 ];
+    };
    hosts = { "100.122.61.43" = [ "nix-binary-cache.humpback-trout.ts.net" ]; };
  };

-  users.users.root = userBase;
-  users.users.qbit = userBase;
+  users.users = {
+    root = userBase;
+    qbit = userBase;
+  };

  services = {
    prometheus = {
--- a/hosts/faf/hardware-configuration.nix
+++ b/hosts/faf/hardware-configuration.nix
@ -1,15 +1,15 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  modulesPath,
-  ...
+{ config
+, lib
+, modulesPath
+, ...
 }: {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

-  boot.initrd.availableKernelModules = [
+  boot = {
+    initrd.availableKernelModules = [
      "uhci_hcd"
      "ehci_pci"
      "ahci"
@ -19,54 +19,57 @@
      "usbhid"
      "sd_mod"
    ];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = [];
-  boot.extraModulePackages = [];
+    initrd.kernelModules = [ ];
+    kernelModules = [ ];
+    extraModulePackages = [ ];
+  };

-  fileSystems."/" = {
+  fileSystems = {
+    "/" = {
      device = "tank/nixos";
      fsType = "zfs";
    };

-  fileSystems."/nix" = {
+    "/nix" = {
      device = "tank/nixos/nix";
      fsType = "zfs";
    };

-  fileSystems."/etc" = {
+    "/etc" = {
      device = "tank/nixos/etc";
      fsType = "zfs";
    };

-  fileSystems."/var" = {
+    "/var" = {
      device = "tank/nixos/var";
      fsType = "zfs";
    };

-  fileSystems."/var/lib" = {
+    "/var/lib" = {
      device = "tank/nixos/var/lib";
      fsType = "zfs";
    };

-  fileSystems."/var/log" = {
+    "/var/log" = {
      device = "tank/nixos/var/log";
      fsType = "zfs";
    };

-  fileSystems."/var/spool" = {
+    "/var/spool" = {
      device = "tank/nixos/var/spool";
      fsType = "zfs";
    };

-  fileSystems."/home" = {
+    "/home" = {
      device = "tank/userdata/home";
      fsType = "zfs";
    };

-  fileSystems."/boot" = {
+    "/boot" = {
      device = "/dev/disk/by-uuid/5851-DEF2";
      fsType = "vfat";
    };
+  };

  swapDevices = [ ];

--- a/hosts/h/default.nix
+++ b/hosts/h/default.nix
@ -1,9 +1,8 @@
-{
-  config,
-  pkgs,
-  isUnstable,
-  inputs,
-  ...
+{ config
+, pkgs
+, isUnstable
+, inputs
+, ...
 }:
 with pkgs; let
  restic = pkgs.writeScriptBin "restic" (import ../../bins/restic.nix {
@ -61,17 +60,22 @@ with pkgs; let
    proxyWebsockets = true;
    proxyPass = "http://${mtxCfg.address}:${toString mtxCfg.port}";
  };
-in {
+in
+{
  _module.args.isUnstable = false;
  imports = [
    ./hardware-configuration.nix
  ];

-  boot.loader.grub.enable = true;
-  boot.loader.grub.device = "/dev/sda";
-  boot.loader.grub.configurationLimit = 15;
+  boot = {
+    loader.grub = {
+      enable = true;
+      device = "/dev/sda";
+      configurationLimit = 15;
+    };

-  boot.kernelParams = ["net.ifnames=0"];
+    kernelParams = [ "net.ifnames=0" ];
+  };

  tailscale.sshOnly = true;

@ -231,16 +235,21 @@ in {
    defaults.email = "aaron@bolddaemon.com";
  };

-  users.groups.mcchunkie = {};
-
-  users.users.mcchunkie = {
+  users = {
+    users = {
+      qbit = userBase;
+      mcchunkie = {
        createHome = true;
        isSystemUser = true;
        home = "/var/lib/mcchunkie";
        group = "mcchunkie";
      };
+    };
+    groups.mcchunkie = { };
+  };

-  systemd.services.icb-tunnel = {
+  systemd.services = {
+    icb-tunnel = {
      wantedBy = [ "network.target" ];
      after = [ "network.target" "multi-user.target" ];
      serviceConfig = {
@ -250,7 +259,7 @@ in {
      };
    };

-  systemd.services.mcchunkie = {
+    mcchunkie = {
      wantedBy = [ "multi-user.target" ];
      serviceConfig = {
        User = "mcchunkie";
@ -260,6 +269,7 @@ in {
        ExecStart = "${mcchunkie}/bin/mcchunkie";
      };
    };
+  };

  services = {
    veilid-server = {
@ -569,17 +579,19 @@ in {
          forceSSL = true;
          enableACME = true;

-          locations."/" = {
+          locations = {
+            "/" = {
              proxyPass = "http://192.168.112.4:8222";
              proxyWebsockets = true;
            };
-          locations."/admin" = {
+            "/admin" = {
              extraConfig = ''
                ${httpAllow}
                 deny	all;
              '';
            };
          };
+        };

        "suah.dev" = {
          forceSSL = true;
@ -728,29 +740,33 @@ in {
            forceSSL = true;
            enableACME = true;
            root = "/var/www/tapenet.org";
-            locations."/.well-known/matrix/client".extraConfig =
+            locations = {
+              "/.well-known/matrix/client".extraConfig =
                mkMatrixWellKnown matrixClientConfig;
-            locations."/.well-known/matrix/server".extraConfig =
+              "/.well-known/matrix/server".extraConfig =
                mkMatrixWellKnown matrixServerConfig;

-            locations."/client" = mkMatrixSliderLoc;
-            locations."/_matrix/client/unstable/org.matrix.msc3575/sync" =
+              "/client" = mkMatrixSliderLoc;
+              "/_matrix/client/unstable/org.matrix.msc3575/sync" =
                mkMatrixSliderLoc;

-            locations."/_matrix" = mkMatrixLoc;
-            locations."/_synapse/client" = mkMatrixLoc;
+              "/_matrix" = mkMatrixLoc;
+              "/_synapse/client" = mkMatrixLoc;
+            };
          }
          else {
            forceSSL = true;
            enableACME = true;
            root = "/var/www/tapenet.org";
-            locations."/.well-known/matrix/client".extraConfig =
+            locations = {
+              "/.well-known/matrix/client".extraConfig =
                mkMatrixWellKnown matrixClientConfig;
-            locations."/.well-known/matrix/server".extraConfig =
+              "/.well-known/matrix/server".extraConfig =
                mkMatrixWellKnown matrixServerConfig;

-            locations."/_matrix" = mkMatrixLoc;
-            locations."/_synapse/client" = mkMatrixLoc;
+              "/_matrix" = mkMatrixLoc;
+              "/_synapse/client" = mkMatrixLoc;
+            };
          };
      };
    };
@ -884,7 +900,6 @@ in {
    };
  };

-  users.users.qbit = userBase;

  system.stateVersion = "22.11";
 }
--- a/hosts/h/hardware-configuration.nix
+++ b/hosts/h/hardware-configuration.nix
@ -1,18 +1,21 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  modulesPath,
-  ...
+{ config
+, lib
+, modulesPath
+, ...
 }: {
  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];

-  boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "sd_mod"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = ["wireguard"];
-  boot.extraModulePackages = [];
+  boot = {
+    initrd = {
+      availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" ];
+      kernelModules = [ ];
+    };
+    kernelModules = [ "wireguard" ];
+    extraModulePackages = [ ];
+  };

  fileSystems."/" = {
    device = "/dev/disk/by-uuid/b3caa6ff-5610-4ae2-999d-f8f0b1599c4f";
--- a/hosts/luna/default.nix
+++ b/hosts/luna/default.nix
@ -1,22 +1,28 @@
-{...}: let
+{ ... }:
+let
  pubKeys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPMaAm4rDxyU975Z54YiNw3itC2fGc3SaE2VaS1fai8 root@box"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq"
  ];
  userBase = { openssh.authorizedKeys.keys = pubKeys; };
-in {
+in
+{
  _module.args.isUnstable = false;
  imports = [ ./hardware-configuration.nix ];

-  boot.loader.grub.enable = true;
-  boot.loader.grub.device = "/dev/sdb";
-  boot.loader.grub.useOSProber = true;
+  boot.loader.grub = {
+    enable = true;
+    device = "/dev/sdb";
+    useOSProber = true;
+  };

  # The moon based shipyard
-  networking.hostName = "luna";
+  networking = {
+    hostName = "luna";

-  networking.networkmanager.enable = true;
-  networking.firewall.allowedTCPPorts = [22];
+    networkmanager.enable = true;
+    firewall.allowedTCPPorts = [ 22 ];
+  };

  environment.systemPackages = [ ];

--- a/hosts/luna/hardware-configuration.nix
+++ b/hosts/luna/hardware-configuration.nix
@ -1,12 +1,13 @@
-{
-  config,
-  lib,
-  modulesPath,
-  ...
+{ config
+, lib
+, modulesPath
+, ...
 }: {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

-  boot.initrd.availableKernelModules = [
+  boot = {
+    initrd = {
+      availableKernelModules = [
        "uhci_hcd"
        "ehci_pci"
        "ata_piix"
@ -16,9 +17,11 @@
        "sd_mod"
        "sr_mod"
      ];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = ["kvm-intel"];
-  boot.extraModulePackages = [];
+      kernelModules = [ ];
+    };
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];
+  };

  fileSystems."/" = {
    device = "/dev/disk/by-uuid/caa1051c-f7c3-4809-9a63-b3908de9c27c";
--- a/hosts/plq/default.nix
+++ b/hosts/plq/default.nix
@ -1,13 +1,14 @@
-{
-  pkgs,
-  lib,
-  isUnstable,
-  ...
-}: let
+{ pkgs
+, lib
+, isUnstable
+, ...
+}:
+let
  secretAgent = "Contents/Library/LoginItems/SecretAgent.app/Contents/MacOS/SecretAgent";
  rage =
    pkgs.writeScriptBin "rage" (import ../../bins/rage.nix { inherit pkgs; });
-in {
+in
+{
  _module.args.isUnstable = false;
  imports = [ ../../configs/tmux.nix ../../configs/zsh.nix ../../bins ];

--- a/hosts/pwntie/default.nix
+++ b/hosts/pwntie/default.nix
@ -1,13 +1,14 @@
-{
-  pkgs,
-  config,
-  ...
-}: let
+{ pkgs
+, config
+, ...
+}:
+let
  #myEmacs = pkgs.callPackage ../../configs/emacs.nix { };
  pubKeys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
  ];
-in {
+in
+{
  _module.args.isUnstable = false;
  imports = [
    ./hardware-configuration.nix
@ -16,12 +17,18 @@ in {
  hardware.rtl-sdr.enable = true;

  # Bootloader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-  boot.loader.efi.efiSysMountPoint = "/boot/efi";
-  boot.kernelPackages = pkgs.linuxPackages_latest;
+  boot = {
+    loader = {
+      systemd-boot.enable = true;
+      efi = {
+        canTouchEfiVariables = true;
+        efiSysMountPoint = "/boot/efi";
+      };
+    };
+    kernelPackages = pkgs.linuxPackages_latest;

-  boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
+    binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ];
+  };
  nixpkgs.config.allowUnsupportedSystem = true;

  networking = {
@ -46,8 +53,6 @@ in {
    PATH = [ "\${XDG_BIN_HOME}" ];
  };

-  users.users.qbit.extraGroups = ["dialout" "libvirtd" "docker" "plugdev"];
-
  #nixpkgs.config.allowUnfree = true;
  environment.systemPackages = with pkgs; [
    rtl-sdr
@ -116,8 +121,15 @@ in {
    };
  };

-  users.users.root = {openssh.authorizedKeys.keys = pubKeys;};
-  users.users.qbit = {openssh.authorizedKeys.keys = pubKeys;};
+  users = {
+    users = {
+      root = { openssh.authorizedKeys.keys = pubKeys; };
+      qbit = {
+        openssh.authorizedKeys.keys = pubKeys;
+        extraGroups = [ "dialout" "libvirtd" "docker" "plugdev" ];
+      };
+    };
+  };

  system.stateVersion = "22.11";
 }
--- a/hosts/pwntie/hardware-configuration.nix
+++ b/hosts/pwntie/hardware-configuration.nix
@ -1,28 +1,31 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  modulesPath,
-  ...
+{ config
+, lib
+, modulesPath
+, ...
 }: {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

-  boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = ["kvm-amd"];
-  boot.extraModulePackages = [];
+  boot = {
+    initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+    initrd.kernelModules = [ ];
+    kernelModules = [ "kvm-amd" ];
+    extraModulePackages = [ ];
+  };

-  fileSystems."/" = {
+  fileSystems = {
+    "/" = {
      device = "/dev/disk/by-uuid/dd7f2225-4c7a-4f40-8452-0aebf1a75aec";
      fsType = "ext4";
    };

-  fileSystems."/boot/efi" = {
+    "/boot/efi" = {
      device = "/dev/disk/by-uuid/2079-D1CE";
      fsType = "vfat";
    };
+  };

  swapDevices = [{ device = "/dev/disk/by-uuid/e14ac85b-d7b0-4a76-b9ab-a2c61fd67a5d"; }];

--- a/hosts/router/default.nix
+++ b/hosts/router/default.nix
@ -1,9 +1,9 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}: let
+{ config
+, pkgs
+, lib
+, ...
+}:
+let
  inherit
    (builtins)
    head
@ -299,7 +299,8 @@
      };
    };
  };
-in {
+in
+{
  _module.args.isUnstable = false;
  imports = [ ./hardware-configuration.nix ../../modules/tsvnstat.nix ];

--- a/hosts/router/hardware-configuration.nix
+++ b/hosts/router/hardware-configuration.nix
@ -1,22 +1,27 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  modulesPath,
-  ...
+{ config
+, lib
+, modulesPath
+, ...
 }: {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

-  boot.loader.grub.enable = true;
-  boot.loader.grub.device = "/dev/sda";
-  boot.loader.grub.useOSProber = true;
+  boot.loader.grub = {
+    enable = true;
+    device = "/dev/sda";
+    useOSProber = true;
+  };

-  boot.initrd.availableKernelModules = ["ehci_pci" "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = ["nf_tables" "nf_tables_ipv6" "nf_conntrack_tftp"];
-  boot.extraModulePackages = [];
+  boot = {
+    initrd = {
+      availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" ];
+      kernelModules = [ ];
+    };
+    kernelModules = [ "nf_tables" "nf_tables_ipv6" "nf_conntrack_tftp" ];
+    extraModulePackages = [ ];
+  };

  fileSystems."/" = {
    device = "/dev/disk/by-uuid/4c84fd36-f143-4db8-bfe5-65de0287f894";
--- a/hosts/stan/default.nix
+++ b/hosts/stan/default.nix
@ -1,9 +1,9 @@
-{
-  config,
-  inputs,
-  pkgs,
-  ...
-}: let
+{ config
+, inputs
+, pkgs
+, ...
+}:
+let
  pubKeys = [
    "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0= hosts@secretive.plq.local"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
@ -20,7 +20,8 @@
  doom-emacs = inputs.nix-doom-emacs.packages.${pkgs.system}.default.override {
    doomPrivateDir = ../../configs/doom.d;
  };
-in {
+in
+{
  _module.args.isUnstable = true;
  imports = [ ./hardware-configuration.nix ];

@ -189,11 +190,13 @@ in {

  virtualisation.libvirtd.enable = true;

-  programs.git.config.safe.directory = "/home/abieber/aef100";
-
  programs = {
+    git.config.safe.directory = "/home/abieber/aef100";
    dconf.enable = true;
    zsh.enable = true;
+    ssh.knownHosts = {
+      "[192.168.122.249]:7022".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAOzf2Rv6FZYuH758TlNBcq4CXAHTPJxe5qoQTRM3nRc";
+    };
  };

  tsPeerix = {
@ -213,9 +216,6 @@ in {
    };
  };

-  programs.ssh.knownHosts = {
-    "[192.168.122.249]:7022".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAOzf2Rv6FZYuH758TlNBcq4CXAHTPJxe5qoQTRM3nRc";
-  };

  system.autoUpgrade.allowReboot = false;
  system.stateVersion = "22.05"; # Did you read the comment?
--- a/hosts/stan/hardware-configuration.nix
+++ b/hosts/stan/hardware-configuration.nix
@ -1,16 +1,20 @@
-{
-  pkgs,
-  config,
-  lib,
-  modulesPath,
-  ...
+{ pkgs
+, config
+, lib
+, modulesPath
+, ...
 }: {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

-  boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = ["kvm-intel"];
-  boot.extraModulePackages = [];
+  boot = {
+    initrd = {
+      availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ];
+      kernelModules = [ ];
+      luks.devices."luks-e12e4b82-6f9e-4f80-b3f4-7e9a248e7827".device = "/dev/disk/by-uuid/e12e4b82-6f9e-4f80-b3f4-7e9a248e7827";
+    };
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];
+  };

  system.fsPackages = [ pkgs.sshfs ];

@ -43,7 +47,6 @@
    };
  };

-  boot.initrd.luks.devices."luks-e12e4b82-6f9e-4f80-b3f4-7e9a248e7827".device = "/dev/disk/by-uuid/e12e4b82-6f9e-4f80-b3f4-7e9a248e7827";

  swapDevices = [{ device = "/dev/disk/by-uuid/85a3b559-0c0f-485d-9107-9f6ba5ad31da"; }];

--- a/hosts/weather/default.nix
+++ b/hosts/weather/default.nix
@ -1,9 +1,9 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}: let
+{ config
+, pkgs
+, lib
+, ...
+}:
+let
  pubKeys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
    "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0= hosts@secretive.plq.local"
@ -12,7 +12,8 @@
    openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys;
  };
  firefox = import ../../configs/firefox.nix { inherit pkgs; };
-in {
+in
+{
  _module.args.isUnstable = false;
  imports = [ ./hardware-configuration.nix ];

--- a/hosts/weatherzero/default.nix
+++ b/hosts/weatherzero/default.nix
@ -1,9 +1,9 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}: let
+{ config
+, pkgs
+, lib
+, ...
+}:
+let
  pubKeys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
    "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0= hosts@secretive.plq.local"
@ -11,7 +11,8 @@
  userBase = {
    openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys;
  };
-in {
+in
+{
  _module.args.isUnstable = false;
  imports = [
    ./hardware-configuration.nix
--- a/install_template.nix
+++ b/install_template.nix
@ -1,4 +1,5 @@
-{pkgs, ...}: let
+{ pkgs, ... }:
+let
  pubKeys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDM2k2C6Ufx5RNf4qWA9BdQHJfAkskOaqEWf8yjpySwH Nix Manager"
    "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB1cBO17AFcS2NtIT+rIxR2Fhdu3HD4de4+IsFyKKuGQAAAACnNzaDpsZXNzZXI="
@ -6,12 +7,17 @@
    "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0="
    "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHrYWbbgBkGcOntDqdMaWVZ9xn+dHM+Ap6s1HSAalL28AAAACHNzaDptYWlu"
  ];
-in {
+in
+{
  imports = [ ./hardware-configuration.nix ];

-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-  boot.loader.efi.efiSysMountPoint = "/boot/efi";
+  boot.loader = {
+    systemd-boot.enable = true;
+    efi = {
+      canTouchEfiVariables = true;
+      efiSysMountPoint = "/boot/efi";
+    };
+  };

  nix = {
    package = pkgs.nixUnstable;
@ -20,9 +26,10 @@ in {
    '';
  };

-  networking.hostName = "changeme";
-
-  networking.networkmanager.enable = true;
+  networking = {
+    hostName = "changeme";
+    networkmanager.enable = true;
+  };

  time.timeZone = "America/Denver";

@ -34,12 +41,15 @@ in {
  };
  console = { keyMap = "colemak"; };

-  users.users.qbit = {
+  users.users = {
+    qbit = {
      isNormalUser = true;
      description = "Aaron Bieber";
      extraGroups = [ "networkmanager" "wheel" ];
      packages = [ ];
    };
+    root = { openssh.authorizedKeys.keys = pubKeys; };
+  };

  # neovim will overwrite my neovim!!
  environment.systemPackages = with pkgs; [ neovim jq ];
@ -49,7 +59,5 @@ in {
    permitRootLogin = "prohibit-password";
  };

-  users.users.root = {openssh.authorizedKeys.keys = pubKeys;};
-
  system.stateVersion = "22.05"; # Did you read the comment?
 }
--- a/installer.nix
+++ b/installer.nix
@ -1,12 +1,12 @@
-{
-  config,
-  lib,
-  options,
-  pkgs,
-  ...
-}: let
+{ config
+, lib
+, pkgs
+, ...
+}:
+let
  managementKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDM2k2C6Ufx5RNf4qWA9BdQHJfAkskOaqEWf8yjpySwH Nix Manager";
-in {
+in
+{
  imports = [ ./configs/colemak.nix ./configs/tmux.nix ./configs/neovim.nix ];

  options.myconf = {
@ -102,11 +102,13 @@ in {
    '';
    boot.tmp.cleanOnBoot = true;

-    environment.systemPackages = with pkgs; [apg inetutils];
+    environment = {
+      systemPackages = with pkgs; [ apg inetutils ];

-    environment.interactiveShellInit = ''
+      interactiveShellInit = ''
        alias vi=nvim
      '';
+    };

    time.timeZone = "US/Mountain";

--- a/lib/default.nix
+++ b/lib/default.nix
@ -1,18 +1,22 @@
-{lib, ...}: let
+{ lib, ... }:
+let
  inherit (builtins) toString readFile fromJSON filter;
-  getPrStatus = pr: let
+  getPrStatus = pr:
+    let
      prstr = toString pr;
      prStatus = fromJSON (readFile ../pull_requests/${prstr}.json);
    in
    prStatus;
  prIsOpen = {
-    option = pr: a: let
+    option = pr: a:
+      let
        prStatus = getPrStatus pr;
      in
      if prStatus.status == "open"
      then a
      else { };
-    pkg = pr: localPkg: upstreamPkg: let
+    pkg = pr: localPkg: upstreamPkg:
+      let
        prStatus = getPrStatus pr;
      in
      if prStatus.status == "open"
@ -22,7 +26,8 @@
          "PR: ${toString pr} (${prStatus.title}) is complete, ignoring pkg..."
          upstreamPkg;

-    overlay = pr: overlay: let
+    overlay = pr: overlay:
+      let
        prStatus = getPrStatus pr;
      in
      if pr == 0 || prStatus.status == "open"
@ -30,7 +35,8 @@
      else
        lib.warn "PR: ${
          toString pr
-        } (${prStatus.title}) is complete, ignoring overlay..." (_: _: {});
+        } (${prStatus.title}) is complete, ignoring overlay..."
+          (_: _: { });
  };

  todo = msg: lib.warn "TODO: ${msg}";
@ -91,9 +97,11 @@
  # Set our configurationRevison based on the status of our git repo.
  # If the repo is dirty, disable autoUpgrade as it means we are
  # testing something.
-  buildVer = self: let
+  buildVer = self:
+    let
      state = self.rev or "DIRTY";
-  in {
+    in
+    {
      system.configurationRevision = state;
      system.autoUpgrade.enable = lib.mkDefault (state != "DIRTY");
    };
--- a/modules/golink.nix
+++ b/modules/golink.nix
@ -1,13 +1,13 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
+{ config
+, lib
+, pkgs
+, ...
 }:
 with pkgs; let
  cfg = config.services.golink;
  golink = callPackage ../pkgs/golink.nix { };
-in {
+in
+{
  options = with lib; {
    services.golink = {
      enable = mkEnableOption "Enable golink";
--- a/modules/gotosocial.nix
+++ b/modules/gotosocial.nix
@ -1,8 +1,7 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
+{ config
+, lib
+, pkgs
+, ...
 }:
 with pkgs; let
  cfg = config.services.gotosocial;
@ -15,7 +14,8 @@ with pkgs; let
        builtins.toJSON conf
      }' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out
    '';
-in {
+in
+{
  options = with lib; {
    services.gotosocial = {
      enable = mkEnableOption "Enable gotosocial";
--- a/modules/rtlamr2mqtt.nix
+++ b/modules/rtlamr2mqtt.nix
@ -1,8 +1,7 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
+{ config
+, lib
+, pkgs
+, ...
 }:
 with pkgs; let
  cfg = config.services.rtlamr2mqtt;
@ -15,7 +14,8 @@ with pkgs; let
        builtins.toJSON conf
      }' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out
    '';
-in {
+in
+{
  options = with lib; {
    services.rtlamr2mqtt = {
      enable = mkEnableOption "Enable rtlamr2mqtt";
--- a/modules/sliding-sync.nix
+++ b/modules/sliding-sync.nix
@ -1,11 +1,12 @@
-{
-  lib,
-  config,
-  pkgs,
-  ...
-}: let
+{ lib
+, config
+, pkgs
+, ...
+}:
+let
  cfg = config.services.sliding-sync;
-in {
+in
+{
  options = with lib; {
    services.sliding-sync = {
      enable = lib.mkEnableOption "Enable sliding-sync";
--- a/modules/ssh-fido-agent.nix
+++ b/modules/ssh-fido-agent.nix
@ -1,9 +1,9 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: let
+{ config
+, lib
+, pkgs
+, ...
+}:
+let
  perl = "${pkgs.perl}/bin/perl";
  sshAdd = "${pkgs.openssh}/bin/ssh-add";
  pKill = "${pkgs.procps}/bin/pkill";
@ -45,7 +45,8 @@
    export SSH_AUTH_SOCK="$(echo $XDG_RUNTIME_DIR/ssh-agent)";
    exec ${config.programs.ssh.askPassword} "$@"
  '';
-in {
+in
+{
  options = {
    sshFidoAgent = {
      enable = lib.mkEnableOption "Add FIDO keys to ssh-agent when attached.";
--- a/modules/ts-rev-prox.nix
+++ b/modules/ts-rev-prox.nix
@ -1,11 +1,12 @@
-{
-  lib,
-  config,
-  pkgs,
-  ...
-}: let
+{ lib
+, config
+, pkgs
+, ...
+}:
+let
  cfg = config.services.tsrevprox;
-in {
+in
+{
  options = with lib; {
    services.tsrevprox = {
      enable = lib.mkEnableOption "Enable tsrevprox";
--- a/modules/tsvnstat.nix
+++ b/modules/tsvnstat.nix
@ -1,14 +1,14 @@
-{
-  config,
-  lib,
-  pkgs,
-  inputs,
-  ...
+{ config
+, lib
+, pkgs
+, inputs
+, ...
 }:
 with pkgs; let
  cfg = config.services.tsvnstat;
  inherit (inputs.tsvnstat.packages.${pkgs.system}) tsvnstat;
-in {
+in
+{
  options = with lib; {
    services.tsvnstat = {
      enable = mkEnableOption "Enable tsvnstat";
--- a/modules/veilid-server.nix
+++ b/modules/veilid-server.nix
@ -1,12 +1,12 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
+{ config
+, lib
+, pkgs
+, ...
 }:
 with pkgs; let
  cfg = config.services.veilid-server;
-in {
+in
+{
  options = with lib; {
    services.veilid-server = {
      enable = mkEnableOption "Enable velid-server";
--- a/modules/yarr.nix
+++ b/modules/yarr.nix
@ -1,13 +1,13 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
+{ config
+, lib
+, pkgs
+, ...
 }:
 with pkgs; let
  cfg = config.services.yarr;
  yarr = callPackage ../pkgs/yarr.nix { };
-in {
+in
+{
  options = with lib; {
    services.yarr = {
      enable = mkEnableOption "Enable yarr";
--- a/monitoring/default.nix
+++ b/monitoring/default.nix
@ -1,7 +1,6 @@
-{
-  config,
-  lib,
-  ...
+{ config
+, lib
+, ...
 }:
 with lib; let
  cfg = config.services.xin-monitoring;
@ -15,7 +14,8 @@ with lib; let
    ;

  nginxCfg = config.services.nginx;
-  buildFSChecker = fsList: (concatStringsSep "\n" (attrValues (mapAttrs (f: v:
+  buildFSChecker = fsList: (concatStringsSep "\n" (attrValues (mapAttrs
+    (f: v:
      if v.fsType != "sshfs"
      then ''
        check filesystem ${replaceStrings ["/"] ["_"] f} with path ${f}
@ -24,7 +24,8 @@ with lib; let
      ''
      else "")
    fsList)));
-  buildNginxChecker = vhostList: (concatStringsSep "\n" (attrValues (mapAttrs (f: v: ''
+  buildNginxChecker = vhostList: (concatStringsSep "\n" (attrValues (mapAttrs
+    (f: v: ''
      check host ${f} with address ${f}
          if failed port 80 protocol http then alert
          ${
@ -41,7 +42,8 @@ with lib; let
      then (buildNginxChecker nginxCfg.virtualHosts)
      else ""
    else "";
-in {
+in
+{
  options = {
    services.xin-monitoring = {
      enable = mkOption {
--- a/overlays/default.nix
+++ b/overlays/default.nix
@ -1,8 +1,8 @@
-{
-  isUnstable,
-  xinlib,
-  ...
-}: let
+{ isUnstable
+, xinlib
+, ...
+}:
+let
  inherit (xinlib) prIsOpen;
  #_1password-gui = prIsOpen.overlay 235900 (import ./1password-gui.nix);
  #openssh = import ./openssh.nix;
@ -13,7 +13,8 @@
  #nixd = prIsOpen.overlay 238779 (import ./nixd.nix);
  heisenbridge = prIsOpen.overlay 0 (import ./heisenbridge.nix);
  #rex = prIsOpen.overlay 0 (import ./rex.nix);
-in {
+in
+{
  nixpkgs.overlays =
    if isUnstable
    then [
--- a/pkgs/ada_language_server.nix
+++ b/pkgs/ada_language_server.nix
@ -1,10 +1,10 @@
-{
-  lib,
-  stdenv,
-  fetchFromGitHub,
-  pkgs,
-  ...
-}: let
+{ lib
+, stdenv
+, fetchFromGitHub
+, pkgs
+, ...
+}:
+let
  libadalang = stdenv.mkDerivation rec {
    pname = "libadalang";
    version = "22.0.0";
--- a/pkgs/alire.nix
+++ b/pkgs/alire.nix
@ -1,10 +1,9 @@
-{
-  stdenv,
-  lib,
-  fetchurl,
-  unzip,
-  autoPatchelfHook,
-  ...
+{ stdenv
+, lib
+, fetchurl
+, unzip
+, autoPatchelfHook
+, ...
 }:
 with lib;
 stdenv.mkDerivation rec {
--- a/pkgs/athens.nix
+++ b/pkgs/athens.nix
@ -1,14 +1,14 @@
-{
-  stdenv,
-  lib,
-  buildGoModule,
-  fetchFromGitHub,
-  isUnstable,
-  makeWrapper,
-  go,
-  git,
-  ...
-}: let
+{ stdenv
+, lib
+, buildGoModule
+, fetchFromGitHub
+, isUnstable
+, makeWrapper
+, go
+, git
+, ...
+}:
+let
  vendorHash =
    if isUnstable
    then ""
--- a/pkgs/bearclaw.nix
+++ b/pkgs/bearclaw.nix
@ -1,8 +1,7 @@
-{
-  lib,
-  buildGoModule,
-  fetchFromGitHub,
-  ...
+{ lib
+, buildGoModule
+, fetchFromGitHub
+, ...
 }:
 with lib;
 buildGoModule rec {
--- a/pkgs/cachew.nix
+++ b/pkgs/cachew.nix
@ -1,10 +1,9 @@
-{
-  buildPythonPackage,
-  fetchPypi,
-  setuptools-scm,
-  appdirs,
-  sqlalchemy,
-  ...
+{ buildPythonPackage
+, fetchPypi
+, setuptools-scm
+, appdirs
+, sqlalchemy
+, ...
 }:
 buildPythonPackage rec {
  pname = "cachew";
--- a/pkgs/cinny-desktop.nix
+++ b/pkgs/cinny-desktop.nix
@ -1,9 +1,9 @@
-{
-  fetchurl,
-  appimageTools,
-  desktop-file-utils,
-  ...
-}: let
+{ fetchurl
+, appimageTools
+, desktop-file-utils
+, ...
+}:
+let
  name = "cinny-desktop";
  version = "2.0.4";

--- a/pkgs/clilol.nix
+++ b/pkgs/clilol.nix
@ -1,8 +1,7 @@
-{
-  lib,
-  buildGoModule,
-  fetchgit,
-  ...
+{ lib
+, buildGoModule
+, fetchgit
+, ...
 }:
 buildGoModule rec {
  pname = "clilol";
--- a/pkgs/femtolisp.nix
+++ b/pkgs/femtolisp.nix
@ -1,8 +1,8 @@
-{
-  stdenv,
-  lib,
-  fetchgit,
-  gnumake,
+{ stdenv
+, lib
+, fetchgit
+, gnumake
+,
 }:
 stdenv.mkDerivation {
  pname = "femtolisp";
--- a/pkgs/flake-warn.nix
+++ b/pkgs/flake-warn.nix
@ -1,11 +1,10 @@
-{
-  stdenv,
-  lib,
-  substituteAll,
-  jq,
-  nix,
-  coreutils,
-  ...
+{ stdenv
+, lib
+, substituteAll
+, jq
+, nix
+, coreutils
+, ...
 }:
 stdenv.mkDerivation rec {
  pname = "flake-warn";
--- a/pkgs/fyne.nix
+++ b/pkgs/fyne.nix
@ -1,8 +1,7 @@
-{
-  lib,
-  buildGoModule,
-  fetchFromGitHub,
-  ...
+{ lib
+, buildGoModule
+, fetchFromGitHub
+, ...
 }:
 with lib;
 buildGoModule rec {
--- a/pkgs/ghexport.nix
+++ b/pkgs/ghexport.nix
@ -1,10 +1,9 @@
-{
-  buildPythonPackage,
-  setuptools-scm,
-  fetchFromGitHub,
-  PyGithub,
-  pytz,
-  ...
+{ buildPythonPackage
+, setuptools-scm
+, fetchFromGitHub
+, PyGithub
+, pytz
+, ...
 }:
 buildPythonPackage rec {
  pname = "ghexport";
--- a/pkgs/gokrazy.nix
+++ b/pkgs/gokrazy.nix
@ -1,8 +1,7 @@
-{
-  lib,
-  buildGoModule,
-  fetchFromGitHub,
-  ...
+{ lib
+, buildGoModule
+, fetchFromGitHub
+, ...
 }:
 with lib;
 buildGoModule {
--- a/pkgs/golink.nix
+++ b/pkgs/golink.nix
@ -1,8 +1,7 @@
-{
-  lib,
-  buildGoModule,
-  fetchFromGitHub,
-  ...
+{ lib
+, buildGoModule
+, fetchFromGitHub
+, ...
 }:
 with lib;
 buildGoModule rec {
--- a/pkgs/gosignify.nix
+++ b/pkgs/gosignify.nix
@ -1,8 +1,7 @@
-{
-  lib,
-  buildGoModule,
-  fetchFromGitHub,
-  ...
+{ lib
+, buildGoModule
+, fetchFromGitHub
+, ...
 }:
 with lib;
 buildGoModule rec {
--- a/pkgs/gotosocial.nix
+++ b/pkgs/gotosocial.nix
@ -1,11 +1,11 @@
-{
-  lib,
-  buildGoModule,
-  fetchFromGitHub,
-  go,
-  ffmpeg,
-  ...
-}: let
+{ lib
+, buildGoModule
+, fetchFromGitHub
+, go
+, ffmpeg
+, ...
+}:
+let
  gotosocialVersion = "0.11.0";
  gtswaHash = "sha256:0qbs4a3wblrlcr1l5155p54vdd6hn2szkdns99wxjhjr8kw6dbil";
  gtssHash = "sha256-qbq5pDvG2L1s6BG+sh7eagcFNH/DWyANMQaAl2WcQzE=";
--- a/pkgs/gqrss.nix
+++ b/pkgs/gqrss.nix
@ -1,9 +1,9 @@
-{
-  lib,
-  buildGoModule,
-  fetchFromGitHub,
-  ...
-}: let
+{ lib
+, buildGoModule
+, fetchFromGitHub
+, ...
+}:
+let
  vendorHash = "sha256-1zBZREClt8jy0TUXJ1FuBEAJEPQoUcl4DZZ6U2LtRzg=";
 in
 with lib;
--- a/pkgs/hammerspoon.nix
+++ b/pkgs/hammerspoon.nix
@ -1,9 +1,8 @@
-{
-  lib,
-  fetchurl,
-  stdenv,
-  unzip,
-  ...
+{ lib
+, fetchurl
+, stdenv
+, unzip
+, ...
 }:
 stdenv.mkDerivation rec {
  pname = "hammerspoon";
--- a/pkgs/hpi.nix
+++ b/pkgs/hpi.nix
@ -1,22 +1,21 @@
-{
-  pkgs,
-  buildPythonPackage,
-  setuptools-scm,
-  pytest,
-  fetchPypi,
-  appdirs,
-  click,
-  decorator,
-  geopy,
-  logzero,
-  lxml,
-  more-itertools,
-  mypy,
-  orjson,
-  pandas,
-  pytz,
-  simplejson,
-  ...
+{ pkgs
+, buildPythonPackage
+, setuptools-scm
+, pytest
+, fetchPypi
+, appdirs
+, click
+, decorator
+, geopy
+, logzero
+, lxml
+, more-itertools
+, mypy
+, orjson
+, pandas
+, pytz
+, simplejson
+, ...
 }:
 with pkgs; let
  orgparse = pkgs.python3Packages.callPackage ./orgparse.nix { inherit pkgs; };
--- a/pkgs/iamb.nix
+++ b/pkgs/iamb.nix
@ -1,7 +1,7 @@
-{
-  lib,
-  rustPlatform,
-  fetchFromGitHub,
+{ lib
+, rustPlatform
+, fetchFromGitHub
+,
 }:
 rustPlatform.buildRustPackage rec {
  pname = "iamb";
--- a/pkgs/icbirc.nix
+++ b/pkgs/icbirc.nix
@ -1,9 +1,8 @@
-{
-  lib,
-  stdenv,
-  fetchurl,
-  pkgs,
-  ...
+{ lib
+, stdenv
+, fetchurl
+, pkgs
+, ...
 }:
 stdenv.mkDerivation rec {
  pname = "icbirc";
--- a/pkgs/kobuddy.nix
+++ b/pkgs/kobuddy.nix
@ -1,15 +1,15 @@
-{
-  lib,
-  fetchFromGitHub,
-  buildPythonPackage,
-  fetchPypi,
-  setuptools-scm,
-  pytz,
-  alembic,
-  banal,
-  sqlalchemy,
-  ...
-}: let
+{ lib
+, fetchFromGitHub
+, buildPythonPackage
+, fetchPypi
+, setuptools-scm
+, pytz
+, alembic
+, banal
+, sqlalchemy
+, ...
+}:
+let
  myDataset = buildPythonPackage rec {
    pname = "dataset";
    version = "1.6.0";
--- a/pkgs/kurinto.nix
+++ b/pkgs/kurinto.nix
@ -1,7 +1,7 @@
-{
-  lib,
-  stdenvNoCC,
-  fetchzip,
+{ lib
+, stdenvNoCC
+, fetchzip
+,
 }:
 stdenvNoCC.mkDerivation rec {
  pname = "kurinto";
--- a/pkgs/mcchunkie.nix
+++ b/pkgs/mcchunkie.nix
@ -1,8 +1,7 @@
-{
-  lib,
-  buildGoModule,
-  fetchFromGitHub,
-  ...
+{ lib
+, buildGoModule
+, fetchFromGitHub
+, ...
 }:
 with lib;
 buildGoModule rec {
--- a/pkgs/mudita-center.nix
+++ b/pkgs/mudita-center.nix
@ -1,9 +1,9 @@
-{
-  fetchurl,
-  appimageTools,
-  desktop-file-utils,
-  ...
-}: let
+{ fetchurl
+, appimageTools
+, desktop-file-utils
+, ...
+}:
+let
  name = "mudita-center";
  version = "1.3.0";

--- a/pkgs/mvoice.nix
+++ b/pkgs/mvoice.nix
@ -1,9 +1,8 @@
-{
-  lib,
-  stdenv,
-  fetchFromGitHub,
-  pkgs,
-  ...
+{ lib
+, stdenv
+, fetchFromGitHub
+, pkgs
+, ...
 }:
 stdenv.mkDerivation {
  pname = "mvoice";
--- a/pkgs/nheko.nix
+++ b/pkgs/nheko.nix
@ -1,9 +1,8 @@
-{
-  lib,
-  fetchurl,
-  stdenv,
-  undmg,
-  ...
+{ lib
+, fetchurl
+, stdenv
+, undmg
+, ...
 }:
 stdenv.mkDerivation rec {
  pname = "nheko";
--- a/pkgs/openssh/common.nix
+++ b/pkgs/openssh/common.nix
@ -1,34 +1,34 @@
-{
-  pname,
-  version,
-  extraDesc ? "",
-  src,
-  extraPatches ? [],
-  extraNativeBuildInputs ? [],
-  extraConfigureFlags ? [],
-  extraMeta ? {},
-}: {
-  lib,
-  stdenv,
-  # This *is* correct, though unusual. as a way of getting krb5-config from the
+{ pname
+, version
+, extraDesc ? ""
+, src
+, extraPatches ? [ ]
+, extraNativeBuildInputs ? [ ]
+, extraConfigureFlags ? [ ]
+, extraMeta ? { }
+,
+}: { lib
+   , stdenv
+   , # This *is* correct, though unusual. as a way of getting krb5-config from the
     # package without splicing See: https://github.com/NixOS/nixpkgs/pull/107606
-  pkgs,
-  autoreconfHook,
-  zlib,
-  libressl,
-  libedit,
-  pkg-config,
-  pam,
-  libredirect,
-  etcDir ? "/etc/ssh",
-  withKerberos ? true,
-  libkrb5,
-  libfido2,
-  hostname,
-  nixosTests,
-  withFIDO ? stdenv.hostPlatform.isUnix && !stdenv.hostPlatform.isMusl,
-  withPAM ? stdenv.hostPlatform.isLinux,
-  linkOpenssl ? true,
+     pkgs
+   , autoreconfHook
+   , zlib
+   , libressl
+   , libedit
+   , pkg-config
+   , pam
+   , libredirect
+   , etcDir ? "/etc/ssh"
+   , withKerberos ? true
+   , libkrb5
+   , libfido2
+   , hostname
+   , nixosTests
+   , withFIDO ? stdenv.hostPlatform.isUnix && !stdenv.hostPlatform.isMusl
+   , withPAM ? stdenv.hostPlatform.isLinux
+   , linkOpenssl ? true
+   ,
   }:
 stdenv.mkDerivation {
  inherit pname version src;
--- a/pkgs/openssh/default.nix
+++ b/pkgs/openssh/default.nix
@ -1,12 +1,14 @@
-{
-  callPackage,
-  lib,
-  fetchFromGitHub,
-}: let
+{ callPackage
+, lib
+, fetchFromGitHub
+,
+}:
+let
  inherit (builtins) readFile fromJSON;
  common = opts: callPackage (import ./common.nix opts) { };
  verStr = fromJSON (readFile ./version.json);
-in {
+in
+{
  openssh = common {
    pname = "openssh";
    inherit (verStr) version;
--- a/pkgs/orgparse.nix
+++ b/pkgs/orgparse.nix
@ -1,9 +1,8 @@
-{
-  buildPythonPackage,
-  setuptools-scm,
-  pytest,
-  fetchPypi,
-  ...
+{ buildPythonPackage
+, setuptools-scm
+, pytest
+, fetchPypi
+, ...
 }:
 buildPythonPackage rec {
  pname = "orgparse";
--- a/pkgs/precursorupdater.nix
+++ b/pkgs/precursorupdater.nix
@ -1,12 +1,11 @@
-{
-  lib,
-  buildPythonPackage,
-  fetchPypi,
-  pyusb,
-  progressbar2,
-  requests,
-  pycryptodome,
-  ...
+{ lib
+, buildPythonPackage
+, fetchPypi
+, pyusb
+, progressbar2
+, requests
+, pycryptodome
+, ...
 }:
 buildPythonPackage rec {
  pname = "precursorupdater";
--- a/pkgs/promnesia.nix
+++ b/pkgs/promnesia.nix
@ -1,26 +1,25 @@
-{
-  lib,
-  buildPythonPackage,
-  fetchFromGitHub,
-  beautifulsoup4,
-  fastapi,
-  httptools,
-  logzero,
-  lxml,
-  mistletoe,
-  more-itertools,
-  mypy,
-  pytz,
-  setuptools,
-  tzlocal,
-  urlextract,
-  uvicorn,
-  uvloop,
-  watchfiles,
-  websockets,
-  setuptools-scm,
-  pkgs,
-  ...
+{ lib
+, buildPythonPackage
+, fetchFromGitHub
+, beautifulsoup4
+, fastapi
+, httptools
+, logzero
+, lxml
+, mistletoe
+, more-itertools
+, mypy
+, pytz
+, setuptools
+, tzlocal
+, urlextract
+, uvicorn
+, uvloop
+, watchfiles
+, websockets
+, setuptools-scm
+, pkgs
+, ...
 }:
 with pkgs; let
  hpi = pkgs.python3Packages.callPackage ./hpi.nix { inherit pkgs; };
--- a/pkgs/python-dotenv.nix
+++ b/pkgs/python-dotenv.nix
@ -1,13 +1,13 @@
-{
-  lib,
-  buildPythonPackage,
-  click,
-  fetchPypi,
-  ipython,
-  mock,
-  pytestCheckHook,
-  pythonOlder,
-  sh,
+{ lib
+, buildPythonPackage
+, click
+, fetchPypi
+, ipython
+, mock
+, pytestCheckHook
+, pythonOlder
+, sh
+,
 }:
 buildPythonPackage rec {
  pname = "python-dotenv";
--- a/pkgs/rkvm.nix
+++ b/pkgs/rkvm.nix
@ -1,13 +1,12 @@
-{
-  lib,
-  fetchFromGitHub,
-  rustPlatform,
-  pkg-config,
-  openssl_1_1,
-  llvmPackages,
-  libevdev,
-  linuxHeaders,
-  ...
+{ lib
+, fetchFromGitHub
+, rustPlatform
+, pkg-config
+, openssl_1_1
+, llvmPackages
+, libevdev
+, linuxHeaders
+, ...
 }:
 rustPlatform.buildRustPackage {
  pname = "rkvm";
--- a/pkgs/rtlamr.nix
+++ b/pkgs/rtlamr.nix
@ -1,8 +1,7 @@
-{
-  lib,
-  buildGoModule,
-  fetchFromGitHub,
-  ...
+{ lib
+, buildGoModule
+, fetchFromGitHub
+, ...
 }:
 with lib;
 buildGoModule rec {
--- a/pkgs/rtlamr2mqtt.nix
+++ b/pkgs/rtlamr2mqtt.nix
@ -1,14 +1,14 @@
-{
-  buildPythonPackage,
-  callPackage,
-  fetchFromGitHub,
-  paho-mqtt,
-  pyusb,
-  pyyaml,
-  requests,
-  rtl-sdr,
-  ...
-}: let
+{ buildPythonPackage
+, callPackage
+, fetchFromGitHub
+, paho-mqtt
+, pyusb
+, pyyaml
+, requests
+, rtl-sdr
+, ...
+}:
+let
  rtlamr = callPackage ./rtlamr.nix { };
 in
 buildPythonPackage {
--- a/Show More
+++ b/Show More