Run alejandra

system/shared/boot/generic.nix

@@ -1,4 +1,8 @@
-{ config, lib, ... }: let
+{
+  config,
+  lib,
+  ...
+}: let
   inherit (lib) mkDefault optionals;
 
   cfg = config.myOptions.system.boot;
@@ -25,7 +29,7 @@ in {
 
     tmp = {
       # /tmp on tmpfs, lets it live on your ram
-      # it defaults to false, which means you will use disk space instead of ram 
+      # it defaults to false, which means you will use disk space instead of ram
       # enable tmpfs tmp on anything where you have ram to spare
       useTmpfs = cfg.tmpOnTmpfs;
 
@@ -39,7 +43,7 @@ in {
       tmpfsSize = mkDefault "50%";
     };
 
-    kernelParams = (optionals cfg.silentBoot [
+    kernelParams = optionals cfg.silentBoot [
       # tell the kernel to not be verbose
       "quiet"
 
@@ -53,6 +57,6 @@ in {
       # disable systemd status messages
       "systemd.show_status=auto"
       "rd.systemd.show_status=auto"
-    ]);
+    ];
   };
 }

system/shared/boot/loaders/systemd-boot.nix

@@ -1,4 +1,8 @@
-{ config, lib, ... }: let 
+{
+  config,
+  lib,
+  ...
+}: let
   cfg = config.myOptions.system.boot;
 in {
   boot.loader.systemd-boot = {

system/shared/boot/numlock.nix

@@ -1,4 +1,4 @@
-{ pkgs, ... }: {
+{pkgs, ...}: {
   boot.initrd.systemd = {
     # Include setleds binary in the initrd
     # (the nix store doesn't exists in there yet, so we need to include
@@ -12,12 +12,12 @@
     services."numlock" = {
       enable = true;
       description = "Activate Numlock";
-      wantedBy = [ "initrd.target" ];
+      wantedBy = ["initrd.target"];
       # Delay disk decryption until this unit is started
-      before = [ "systemd-cryptsetup@cryptfs.service" ];
+      before = ["systemd-cryptsetup@cryptfs.service"];
       unitConfig.DefaultDependencies = "no";
       serviceConfig.Type = "oneshot";
-      # This is essentially runs the same code as present in the 
+      # This is essentially runs the same code as present in the
       # mkinitcpio-numlock hook on Arch Linux (AUR).
       script = ''
         #!/bin/bash

system/shared/boot/plymouth.nix

@@ -1,20 +1,26 @@
-{ config, lib, pkgs, ...}: let
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
   inherit (lib) mkIf;
   cfg = config.myOptions.system.boot.plymouth;
 in {
   config = mkIf cfg.enable {
     boot = {
-      plymouth = {
-        enable = true;
-        theme = cfg.selectedTheme;
-      }
-      // lib.optionalAttrs cfg.withThemes {
-        themePackages = [
-          (pkgs.adi1090x-plymouth-themes.override {
-            selected_themes = [ cfg.selectedTheme ];
-          })
-        ];
-      };
+      plymouth =
+        {
+          enable = true;
+          theme = cfg.selectedTheme;
+        }
+        // lib.optionalAttrs cfg.withThemes {
+          themePackages = [
+            (pkgs.adi1090x-plymouth-themes.override {
+              selected_themes = [cfg.selectedTheme];
+            })
+          ];
+        };
 
       kernelParams = ["splash"];
     };

system/shared/boot/secure-boot.nix

@@ -1,11 +1,16 @@
-{ config, pkgs, lib, ... }: let
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
   inherit (lib) mkIf;
 
   cfg = config.myOptions.system.boot.secure-boot;
 in {
   config = mkIf cfg.enable {
     # Secure Boot Key Manager
-    environment.systemPackages = [ pkgs.sbctl ];
+    environment.systemPackages = [pkgs.sbctl];
 
     # Persist the secure boot keys (for impermanence)
     myOptions.system.impermanence.root.extraDirectories = [

system/shared/hardware/bluetooth.nix

@@ -12,7 +12,7 @@ in {
     hardware.bluetooth = {
       enable = true;
       package = pkgs.bluez5-experimental;
-      powerOnBoot = cfg.powerOnBoot; 
+      powerOnBoot = cfg.powerOnBoot;
       #hsphfpd.enable = true;
       disabledPlugins = ["sap"];
       settings = {

system/shared/hardware/cpu/amd.nix

@@ -1,8 +1,10 @@
-{ config, lib, ... }:
-let
-  dev = config.myOptions.device;
-in
 {
+  config,
+  lib,
+  ...
+}: let
+  dev = config.myOptions.device;
+in {
   config = lib.mkIf (dev.cpu.type == "amd") {
     hardware.cpu.amd.updateMicrocode = true;
   };

system/shared/hardware/cpu/intel.nix

@@ -1,8 +1,10 @@
-{ config, lib, ... }:
-let
-  dev = config.myOptions.device;
-in
 {
+  config,
+  lib,
+  ...
+}: let
+  dev = config.myOptions.device;
+in {
   config = lib.mkIf (dev.cpu.type == "intel") {
     hardware.cpu.intel.updateMicrocode = true;
   };

system/shared/hardware/generic.nix

@@ -6,4 +6,3 @@
   # Without this, it defaults to `config.hardware.enableAllFirmware`.
   hardware.enableRedistributableFirmware = lib.mkDefault true;
 }
-

system/shared/hardware/gpu/amd.nix

@@ -1,15 +1,18 @@
-# WARNING: This file is currently untested 
+# WARNING: This file is currently untested
 # (I didn't yet run this NixOS config on any AMD GPU systems)
-{ config, lib, pkgs, ... }:
-let
-  dev = config.myOptions.device;
-in
 {
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  dev = config.myOptions.device;
+in {
   config = lib.mkIf (dev.gpu.type == "amd") {
     services.xserver.videoDrivers = lib.mkDefault ["modesetting" "amdgpu"];
 
     boot = {
-      initrd.kernelModules = ["amdgpu"];  # load amdgpu kernel module as early as initrd
+      initrd.kernelModules = ["amdgpu"]; # load amdgpu kernel module as early as initrd
       kernelModules = ["amdgpu"]; # if loading somehow fails during initrd but the boot continues, try again later
     };
 
@@ -26,7 +29,7 @@ in
       graphics = {
         enable = true;
 
-        extraPackages = with pkgs; [ 
+        extraPackages = with pkgs; [
           # Enable AMDVLK (AMD's open-source Vulkan driver)
           amdvlk
 
@@ -35,14 +38,14 @@ in
           rocmPackages.clr.icd
         ];
         # AMDVLK for 32-bit applications
-        extraPackages32 = with pkgs; [ driversi686Linux.amdvlk ];
+        extraPackages32 = with pkgs; [driversi686Linux.amdvlk];
       };
     };
 
     # HIP (SDK that allows running CUDA code on AMD GPUs)
     # Most software has the paths hard-coded
     systemd.tmpfiles.rules = [
-        "L+    /opt/rocm/hip   -    -    -     -    ${pkgs.rocmPackages.clr}"
+      "L+    /opt/rocm/hip   -    -    -     -    ${pkgs.rocmPackages.clr}"
     ];
   };
 }

system/shared/hardware/gpu/default.nix

@@ -4,4 +4,3 @@ _: {
     ./nvidia.nix
   ];
 }
-

system/shared/hardware/gpu/nvidia.nix

@@ -1,11 +1,14 @@
-{ config, lib, pkgs, ... }:
-let
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
   dev = config.myOptions.device;
   isWayland = config.myOptions.home-manager.wms.isWayland;
 
   inherit (lib) mkIf mkDefault mkMerge;
-in
-{
+in {
   config = mkIf (builtins.elem dev.gpu.type ["nvidia" "hybrid-nvidia"]) {
     # Nvidia drivers are unfree software
     nixpkgs.config.allowUnfree = true;
@@ -35,9 +38,9 @@ in
         # Use the NVidia open source kernel module (not to be confused with the
         # independent third-party "nouveau" open source driver).
         # Support is limited to the Turing and later architectures. Full list of
-        # supported GPUs is at: https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus 
+        # supported GPUs is at: https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
         #
-        # Enable this by default, hosts may override this option if their gpu is not 
+        # Enable this by default, hosts may override this option if their gpu is not
         # supported by the open source drivers
         open = mkDefault true;
 
@@ -88,7 +91,7 @@ in
       ];
 
       sessionVariables = mkMerge [
-        { LIBVA_DRIVER_NAME = "nvidia"; }
+        {LIBVA_DRIVER_NAME = "nvidia";}
 
         (mkIf isWayland {
           WLR_NO_HARDWARE_CURSORS = "1";

system/shared/hardware/tpm.nix

@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }: let
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
   inherit (lib) mkIf mkDefault;
 
   enabled = config.myOptions.device.hasTPM;
@@ -21,6 +26,6 @@ in {
       pkcs11.enable = mkDefault false;
     };
 
-    environment.systemPackages = with pkgs; [ tpm2-tss tpm2-tools ];
+    environment.systemPackages = with pkgs; [tpm2-tss tpm2-tools];
   };
 }

system/shared/impermanence/autowipe.nix

@@ -1,8 +1,11 @@
-{ config, lib, ... }: let
+{
+  config,
+  lib,
+  ...
+}: let
   inherit (lib) mkIf concatStringsSep flatten mapAttrsToList;
   cfg = config.myOptions.system.impermanence.autoWipeBtrfs;
-in
-{
+in {
   config = mkIf cfg.enable {
     boot.initrd.systemd = {
       enable = true; # This enables systemd support in stage 1 - required for below setup
@@ -10,11 +13,11 @@ in
       services.rollback = {
         description = "Rollback BTRFS subvolumes to a pristine state";
         enable = true;
-        wantedBy = [ "initrd.target" ];
+        wantedBy = ["initrd.target"];
         # Make sure it's done after decryption (i.e. LUKS/TPM process)
-        after = [ "systemd-cryptsetup@cryptfs.service" ];
+        after = ["systemd-cryptsetup@cryptfs.service"];
         # mount the root fs before clearing
-        before = [ "sysroot.mount" ];
+        before = ["sysroot.mount"];
         unitConfig.DefaultDependencies = "no";
         serviceConfig.Type = "oneshot";
         script = let
@@ -31,9 +34,10 @@ in
 
             # Recreate each specified subvolume
             ${concatStringsSep "\n" (map (subvolume: ''
-              delete_subvolume_recursively "/mnt/${subvolume}"
-              btrfs subvolume create "/mnt/${subvolume}"
-            '') subvolumes)}
+                delete_subvolume_recursively "/mnt/${subvolume}"
+                btrfs subvolume create "/mnt/${subvolume}"
+              '')
+              subvolumes)}
 
             # Cleanup: unmount the device
             echo "Unmounting BTRFS root from ${devicePath}"
@@ -62,9 +66,11 @@ in
             btrfs subvolume delete "$1"
           }
 
-          ${concatStringsSep "\n" (mapAttrsToList (devicePath: deviceOpts:
-            wipeScript devicePath deviceOpts.subvolumes
-          ) cfg.devices)}
+          ${concatStringsSep "\n" (mapAttrsToList (
+              devicePath: deviceOpts:
+                wipeScript devicePath deviceOpts.subvolumes
+            )
+            cfg.devices)}
         '';
       };
     };

system/shared/impermanence/default.nix

@@ -1,5 +1,4 @@
-{ inputs, ... }:
-{
+{inputs, ...}: {
   imports = [
     ./root.nix
     ./autowipe.nix

system/shared/impermanence/root.nix

@@ -1,10 +1,13 @@
-{ config, lib, ... }: let
+{
+  config,
+  lib,
+  ...
+}: let
   inherit (lib) mkIf mkForce;
 
   cfgSystem = config.myOptions.system;
   cfg = config.myOptions.system.impermanence.root;
-in
-{
+in {
   config = mkIf cfg.enable {
     users = {
       # This option makes it that users are not mutable outside of our configuration.
@@ -28,19 +31,23 @@ in
 
     environment.persistence."${cfg.persistentMountPoint}/system" = {
       hideMounts = true;
-      directories = [
-        "/etc/nixos" # NixOS configuration source
-        "/etc/NetworkManager/system-connections" # saved network connections
-        "/var/db/sudo" # keeps track of who got the sudo lecture already
-        # "/var/log" # I sometimes use a subvolume for this, added manually if not
-        "/var/lib/nixos"
-        "/var/lib/bluetooth"
-        "/var/lib/systemd/coredump" # captured coredumps 
-      ] ++ cfg.extraDirectories;
+      directories =
+        [
+          "/etc/nixos" # NixOS configuration source
+          "/etc/NetworkManager/system-connections" # saved network connections
+          "/var/db/sudo" # keeps track of who got the sudo lecture already
+          # "/var/log" # I sometimes use a subvolume for this, added manually if not
+          "/var/lib/nixos"
+          "/var/lib/bluetooth"
+          "/var/lib/systemd/coredump" # captured coredumps
+        ]
+        ++ cfg.extraDirectories;
 
-      files = [
-        "/etc/machine-id"
-      ] ++ cfg.extraFiles;
+      files =
+        [
+          "/etc/machine-id"
+        ]
+        ++ cfg.extraFiles;
     };
 
     # For some reason, NetworkManager needs this instead of the impermanence mode

system/shared/network.nix

@@ -1,5 +1,4 @@
-{ lib, ... }:
-{
+{lib, ...}: {
   networking = {
     firewall.enable = false;
 

system/shared/nix/default.nix

@@ -1,6 +1,4 @@
-{ pkgs, ... }:
-{
-
+{pkgs, ...}: {
   imports = [
     ./cachix.nix
     ./gc.nix
@@ -11,7 +9,7 @@
   nix = {
     settings = {
       # enable flakes support
-      experimental-features = [ "nix-command" "flakes" ];
+      experimental-features = ["nix-command" "flakes"];
 
       # Keep the built outputs of derivations in Nix store, even if the package is no longer needed
       # - prevents the need to rebuild/redownload if it becomes a dependency again
@@ -25,13 +23,13 @@
 
       # Give these users/groups additional rights when connecting to the Nix daemon
       # like specifying extra binary caches
-      trusted-users = [ "root" "@wheel" ];
+      trusted-users = ["root" "@wheel"];
 
       # Tell nix to use xdg base directories
       # If you're just setting this, you will need to move the directories
       # manually, nix won't do it for you:
       # - mv "$HOME/.nix-defexpr" "$XDG_STATE_HOME/nix/defexpr"
-      # - mv "$HOME/.nix-profile" "$XDG_STATE_HOME/nix/profile" 
+      # - mv "$HOME/.nix-profile" "$XDG_STATE_HOME/nix/profile"
       use-xdg-base-directories = true;
     };
   };
@@ -39,5 +37,5 @@
   nixpkgs.config.allowUnfree = true;
 
   # Git is needed for flakes
-  environment.systemPackages = [ pkgs.git ];
+  environment.systemPackages = [pkgs.git];
 }

system/shared/programs.nix

@@ -1,7 +1,6 @@
 {lib, ...}: let
   inherit (lib) mkForce;
 in {
-
   programs = {
     # Explicitly disable nano, it sucks and I don't want it
     nano.enable = mkForce false;

system/shared/security/apparmor.nix

@@ -1,4 +1,8 @@
-{ config, pkgs, ... }: {
+{
+  config,
+  pkgs,
+  ...
+}: {
   services.dbus.apparmor = "enabled";
 
   environment.systemPackages = with pkgs; [

system/shared/security/auditd.nix

@@ -1,4 +1,8 @@
-{ config, lib, ... }: let
+{
+  config,
+  lib,
+  ...
+}: let
   inherit (lib) mkIf;
 
   cfg = config.myOptions.security.auditd;

system/shared/security/polkit.nix

@@ -1,4 +1,8 @@
-{ config, lib, ... }: {
+{
+  config,
+  lib,
+  ...
+}: {
   security.polkit = {
     enable = true;
     debug = lib.mkDefault true;

system/shared/services/fstrim.nix

@@ -1,4 +1,8 @@
-{ config, lib, ... }: let
+{
+  config,
+  lib,
+  ...
+}: let
   inherit (lib.modules) mkIf;
 in {
   # if lvm is enabled, then tell it to issue discards

system/shared/services/fwupd.nix

@@ -2,6 +2,6 @@
   # firmware updater for machine hardware
   services.fwupd = {
     enable = true;
-    daemonSettings.EspLocation = config.boot.loader.efi.efiSysMountPoint;    
+    daemonSettings.EspLocation = config.boot.loader.efi.efiSysMountPoint;
   };
 }

system/shared/services/logrotate.nix

@@ -1,4 +1,8 @@
-{ pkgs, lib, ... }: {
+{
+  pkgs,
+  lib,
+  ...
+}: {
   services.logrotate.settings.header = {
     # general
     global = true;

system/shared/services/oomd.nix

@@ -1,4 +1,4 @@
-{ lib, ... }: {
+{lib, ...}: {
   systemd = {
     # OOMd: Out Of Memory daemon
     # By default, this will only kill cgroups. So either systemd services

system/shared/services/ssh.nix

@@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
   # TODO: This really shouldn't be a default service in system/
   services.openssh = {
     enable = true;
@@ -9,4 +9,3 @@
     };
   };
 }
-

system/shared/system.nix

@@ -1,7 +1,12 @@
-{ config, lib, pkgs, ... }: with lib; let
-  cfg = config.myOptions.system;
-in
 {
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.myOptions.system;
+in {
   networking.hostName = cfg.hostname;
 
   # Default shell for the user
@@ -10,7 +15,7 @@ in
   users = {
     users.${cfg.username} = {
       isNormalUser = true;
-      extraGroups = [ "wheel" ];
+      extraGroups = ["wheel"];
       shell = pkgs.zsh;
     };
   };