treewide: alejandra -> nixfmt-rfc-style

flake.lock

@@ -201,11 +201,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1722181846,
+        "lastModified": 1724599287,
-        "narHash": "sha256-/yyqi39qr7Z+Bkv8gVVqB5q/gu1cLna3TtzbADLzEbc=",
+        "narHash": "sha256-M4OllWFNDcvgY2rgx/9uWn9jpunSb2CzmqPDcuS27SQ=",
         "ref": "refs/heads/master",
-        "rev": "214725ef364950e5b086f0cd3f7978f38655a58b",
+        "rev": "a2f4145923cbbabb63e7749a49c86052a17389f7",
-        "revCount": 70,
+        "revCount": 72,
         "type": "git",
         "url": "https://git.ny4.dev/nyancat/nvim"
       },

flake.nix

@@ -83,28 +83,33 @@
     };
   };
 
-  outputs = inputs:
+  outputs =
-    inputs.flake-utils.lib.eachDefaultSystem (system: let
+    inputs:
-      pkgs = inputs.nixpkgs.legacyPackages.${system};
+    inputs.flake-utils.lib.eachDefaultSystem (
-      treefmtEval = inputs.treefmt-nix.lib.evalModule pkgs ./treefmt.nix;
+      system:
-    in {
+      let
-      ### nix fmt
+        pkgs = inputs.nixpkgs.legacyPackages.${system};
-      formatter = treefmtEval.config.build.wrapper;
+        treefmtEval = inputs.treefmt-nix.lib.evalModule pkgs ./treefmt.nix;
+      in
+      {
+        ### nix fmt
+        formatter = treefmtEval.config.build.wrapper;
 
-      ### nix flake check
+        ### nix flake check
-      checks.formatting = treefmtEval.config.build.check inputs.self;
+        checks.formatting = treefmtEval.config.build.check inputs.self;
 
-      ### nix {run,shell,build}
+        ### nix {run,shell,build}
-      legacyPackages = import ./pkgs pkgs;
+        legacyPackages = import ./pkgs pkgs;
 
-      ### nix develop
+        ### nix develop
-      devShells.default = pkgs.mkShell {
+        devShells.default = pkgs.mkShell {
-        packages = with pkgs; [
+          packages = with pkgs; [
-          colmena
+            colmena
-          sops
+            sops
-        ];
+          ];
-      };
+        };
-    })
+      }
+    )
     // {
       ### imports = [];
       nixosModules.default = ./nixos/modules;
@@ -120,12 +125,16 @@
           ./nixos/profiles/core
           ./hosts/dust
         ];
-        specialArgs = {inherit inputs;};
+        specialArgs = {
+          inherit inputs;
+        };
       };
 
       colmena = {
         meta = {
-          specialArgs = {inherit inputs;};
+          specialArgs = {
+            inherit inputs;
+          };
           nixpkgs = import inputs.nixpkgs {
             system = "x86_64-linux"; # How does this work?
           };
@@ -137,12 +146,12 @@
         ];
 
         "tyo0" = {
-          imports = [./hosts/tyo0];
+          imports = [ ./hosts/tyo0 ];
           deployment.targetHost = "tyo0.ny4.dev";
         };
 
         "blacksteel" = {
-          imports = [./hosts/blacksteel];
+          imports = [ ./hosts/blacksteel ];
           deployment.targetHost = "blacksteel"; # thru tailscale
         };
       };

home/applications/atuin/default.nix

@@ -1,7 +1,7 @@
 {
   programs.atuin = {
     enable = true;
-    flags = ["--disable-up-arrow"];
+    flags = [ "--disable-up-arrow" ];
     settings = {
       style = "compact";
       show_help = false;
@@ -9,9 +9,26 @@
 
       stats = {
         common_subcommands =
-          ["nix" "nom" "nh" "podman" "docker" "atuin" "hugo" "adb"]
+          [
+            "nix"
+            "nom"
+            "nh"
+            "podman"
+            "docker"
+            "atuin"
+            "hugo"
+            "adb"
+          ]
           # default
-          ++ ["cargo" "go" "git" "npm" "yarn" "pnpm" "kubectl"];
+          ++ [
+            "cargo"
+            "go"
+            "git"
+            "npm"
+            "yarn"
+            "pnpm"
+            "kubectl"
+          ];
       };
     };
   };

home/applications/bash/default.nix

@@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
   programs.bash = {
     enable = true;
     historyFile = "${config.xdg.configHome}/bash/.bash_history";

home/applications/fcitx5/default.nix

@@ -2,7 +2,8 @@
   lib,
   pkgs,
   ...
-}: let
+}:
+let
   package = pkgs.qt6Packages.fcitx5-with-addons.override {
     addons = with pkgs; [
       qt6Packages.fcitx5-chinese-addons
@@ -11,16 +12,17 @@
       fcitx5-pinyin-zhwiki
     ];
   };
-in {
+in
+{
   home.packages = [
     package
   ];
 
   systemd.user.services.fcitx5-daemon = {
     Unit.Description = "Fcitx5 input method editor";
-    Unit.PartOf = ["graphical-session.target"];
+    Unit.PartOf = [ "graphical-session.target" ];
     Service.ExecStart = lib.getExe' package "fcitx5";
-    Install.WantedBy = ["graphical-session.target"];
+    Install.WantedBy = [ "graphical-session.target" ];
   };
 
   xdg.configFile."fcitx5/conf/classicui.conf".text = ''

home/applications/firefox/default.nix

@@ -1,16 +1,17 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   programs.firefox = {
     enable = true;
     package = pkgs.firefox.override {
       extraPrefsFiles = [
         "${pkgs.arkenfox-userjs}/user.cfg"
-        (pkgs.runCommandLocal "userjs" {} ''
+        (pkgs.runCommandLocal "userjs" { } ''
           install -Dm644 ${./user-overrides.js} $out
           substituteInPlace $out \
             --replace-fail "user_pref" "defaultPref"
         '')
       ];
     };
-    profiles."default" = {};
+    profiles."default" = { };
   };
 }

home/applications/fish/default.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   programs.fish = {
     enable = true;
     interactiveShellInit = ''

home/applications/git/default.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   programs.git = rec {
     enable = true;
     package = pkgs.gitFull; # overriding takes forever to compile

home/applications/go/default.nix

@@ -2,7 +2,8 @@
   pkgs,
   config,
   ...
-}: {
+}:
+{
   programs.go.enable = true;
   home.packages = with pkgs; [
     gopls

home/applications/gpg/default.nix

@@ -3,7 +3,8 @@
   lib,
   pkgs,
   ...
-}: {
+}:
+{
   programs.gpg = {
     enable = true;
     homedir = "${config.xdg.dataHome}/gnupg";

home/applications/i3status-rust/default.nix

@@ -4,10 +4,10 @@
     bars.default = {
       icons = "material-nf";
       blocks = [
-        {block = "backlight";}
+        { block = "backlight"; }
-        {block = "sound";}
+        { block = "sound"; }
-        {block = "battery";}
+        { block = "battery"; }
-        {block = "time";}
+        { block = "time"; }
       ];
     };
   };

home/applications/mpv/default.nix

@@ -2,7 +2,8 @@
   pkgs,
   lib,
   ...
-}: {
+}:
+{
   programs.mpv = {
     enable = true;
     config = {
@@ -22,65 +23,72 @@
         modernx-zydezu
         thumbfast
       ])
-      ++ lib.optionals pkgs.stdenv.hostPlatform.isLinux (with pkgs.mpvScripts; [
+      ++ lib.optionals pkgs.stdenv.hostPlatform.isLinux (
-        mpris
+        with pkgs.mpvScripts;
-      ]);
+        [
+          mpris
+        ]
+      );
 
-    bindings = let
+    bindings =
-      inherit (pkgs) anime4k;
+      let
-      setShader = message: files: ''no-osd change-list glsl-shaders set "${lib.concatStringsSep ":" files}"; show-text "${message}"'';
+        inherit (pkgs) anime4k;
-    in {
+        setShader =
-      "CTRL+1" = setShader "Anime4K: Mode A (Fast)" [
+          message: files:
-        "${anime4k}/Anime4K_Clamp_Highlights.glsl"
+          ''no-osd change-list glsl-shaders set "${lib.concatStringsSep ":" files}"; show-text "${message}"'';
-        "${anime4k}/Anime4K_Restore_CNN_M.glsl"
+      in
-        "${anime4k}/Anime4K_Upscale_CNN_x2_M.glsl"
+      {
-        "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl"
+        "CTRL+1" = setShader "Anime4K: Mode A (Fast)" [
-        "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl"
+          "${anime4k}/Anime4K_Clamp_Highlights.glsl"
-        "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl"
+          "${anime4k}/Anime4K_Restore_CNN_M.glsl"
-      ];
+          "${anime4k}/Anime4K_Upscale_CNN_x2_M.glsl"
-      "CTRL+2" = setShader "Anime4K: Mode B (Fast)" [
+          "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl"
-        "${anime4k}/Anime4K_Clamp_Highlights.glsl"
+          "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl"
-        "${anime4k}/Anime4K_Restore_CNN_Soft_M.glsl"
+          "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl"
-        "${anime4k}/Anime4K_Upscale_CNN_x2_M.glsl"
+        ];
-        "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl"
+        "CTRL+2" = setShader "Anime4K: Mode B (Fast)" [
-        "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl"
+          "${anime4k}/Anime4K_Clamp_Highlights.glsl"
-        "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl"
+          "${anime4k}/Anime4K_Restore_CNN_Soft_M.glsl"
-      ];
+          "${anime4k}/Anime4K_Upscale_CNN_x2_M.glsl"
-      "CTRL+3" = setShader "Anime4K: Mode C (Fast)" [
+          "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl"
-        "${anime4k}/Anime4K_Clamp_Highlights.glsl"
+          "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl"
-        "${anime4k}/Anime4K_Upscale_Denoise_CNN_x2_M.glsl"
+          "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl"
-        "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl"
+        ];
-        "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl"
+        "CTRL+3" = setShader "Anime4K: Mode C (Fast)" [
-        "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl"
+          "${anime4k}/Anime4K_Clamp_Highlights.glsl"
-      ];
+          "${anime4k}/Anime4K_Upscale_Denoise_CNN_x2_M.glsl"
-      "CTRL+4" = setShader "Anime4K: Mode A+A (Fast)" [
+          "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl"
-        "${anime4k}/Anime4K_Clamp_Highlights.glsl"
+          "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl"
-        "${anime4k}/Anime4K_Restore_CNN_M.glsl"
+          "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl"
-        "${anime4k}/Anime4K_Upscale_CNN_x2_M.glsl"
+        ];
-        "${anime4k}/Anime4K_Restore_CNN_S.glsl"
+        "CTRL+4" = setShader "Anime4K: Mode A+A (Fast)" [
-        "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl"
+          "${anime4k}/Anime4K_Clamp_Highlights.glsl"
-        "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl"
+          "${anime4k}/Anime4K_Restore_CNN_M.glsl"
-        "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl"
+          "${anime4k}/Anime4K_Upscale_CNN_x2_M.glsl"
-      ];
+          "${anime4k}/Anime4K_Restore_CNN_S.glsl"
-      "CTRL+5" = setShader "Anime4K: Mode B+B (Fast)" [
+          "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl"
-        "${anime4k}/Anime4K_Clamp_Highlights.glsl"
+          "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl"
-        "${anime4k}/Anime4K_Restore_CNN_Soft_M.glsl"
+          "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl"
-        "${anime4k}/Anime4K_Upscale_CNN_x2_M.glsl"
+        ];
-        "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl"
+        "CTRL+5" = setShader "Anime4K: Mode B+B (Fast)" [
-        "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl"
+          "${anime4k}/Anime4K_Clamp_Highlights.glsl"
-        "${anime4k}/Anime4K_Restore_CNN_Soft_S.glsl"
+          "${anime4k}/Anime4K_Restore_CNN_Soft_M.glsl"
-        "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl"
+          "${anime4k}/Anime4K_Upscale_CNN_x2_M.glsl"
-      ];
+          "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl"
-      "CTRL+6" = setShader "Anime4K: Mode C+A (Fast)" [
+          "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl"
-        "${anime4k}/Anime4K_Clamp_Highlights.glsl"
+          "${anime4k}/Anime4K_Restore_CNN_Soft_S.glsl"
-        "${anime4k}/Anime4K_Upscale_Denoise_CNN_x2_M.glsl"
+          "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl"
-        "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl"
+        ];
-        "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl"
+        "CTRL+6" = setShader "Anime4K: Mode C+A (Fast)" [
-        "${anime4k}/Anime4K_Restore_CNN_S.glsl"
+          "${anime4k}/Anime4K_Clamp_Highlights.glsl"
-        "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl"
+          "${anime4k}/Anime4K_Upscale_Denoise_CNN_x2_M.glsl"
-      ];
+          "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl"
+          "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl"
+          "${anime4k}/Anime4K_Restore_CNN_S.glsl"
+          "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl"
+        ];
 
-      "CTRL+0" = ''no-osd change-list glsl-shaders clr ""; show-text "GLSL shaders cleared"'';
+        "CTRL+0" = ''no-osd change-list glsl-shaders clr ""; show-text "GLSL shaders cleared"'';
-    };
+      };
   };
 }

home/applications/nautilus/default.nix

@@ -1,5 +1,6 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
-  home.packages = [pkgs.nautilus];
+{
+  home.packages = [ pkgs.nautilus ];
   dconf.settings = {
     "org/gnome/nautilus/list-view".default-zoom-level = "small";
     "org/gnome/nautilus/preferences".default-folder-viewer = "list-view";

home/applications/neovim/default.nix

@@ -2,7 +2,8 @@
   pkgs,
   inputs,
   ...
-}: {
+}:
+{
   home.packages = [
     (inputs.neovim.packages.${pkgs.stdenv.hostPlatform.system}.default.override {
       viAlias = true;

home/applications/nix/default.nix

@@ -1,6 +1,6 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   home.packages = with pkgs; [
-    alejandra
     colmena
     deadnix
     nh

home/applications/ssh/default.nix

@@ -1,11 +1,14 @@
-{config, ...}: {
+{ config, ... }:
+{
   programs.ssh = {
     enable = true;
-    matchBlocks = let
+    matchBlocks =
-      inherit (config.home) homeDirectory;
+      let
-    in {
+        inherit (config.home) homeDirectory;
-      "blacksteel".identityFile = "${homeDirectory}/.ssh/id_github_signing";
+      in
-      "tyo0.ny4.dev".identityFile = "${homeDirectory}/.ssh/id_github_signing";
+      {
-    };
+        "blacksteel".identityFile = "${homeDirectory}/.ssh/id_github_signing";
+        "tyo0.ny4.dev".identityFile = "${homeDirectory}/.ssh/id_github_signing";
+      };
   };
 }

home/applications/starship/default.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   programs.starship = {
     enable = true;
   };

home/applications/sway/default.nix

@@ -4,7 +4,8 @@
   inputs,
   pkgs,
   ...
-}: {
+}:
+{
   imports = [
     ../i3status-rust
     ../kanshi
@@ -67,9 +68,10 @@
 
       ### Keybinds
       modifier = "Mod4";
-      keybindings = let
+      keybindings =
-        inherit (config.wayland.windowManager.sway.config) modifier;
+        let
-      in
+          inherit (config.wayland.windowManager.sway.config) modifier;
+        in
         {
           ### Sway itself
           # Window
@@ -116,17 +118,19 @@
           "XF86AudioStop" = "exec ${lib.getExe pkgs.playerctl} stop";
         }
         //
-        # workspace binds
+          # workspace binds
-        lib.listToAttrs (lib.concatMap (x: [
+          lib.listToAttrs (
-          {
+            lib.concatMap (x: [
-            name = "${modifier}+${x}";
+              {
-            value = "workspace ${x}";
+                name = "${modifier}+${x}";
-          }
+                value = "workspace ${x}";
-          {
+              }
-            name = "${modifier}+Shift+${x}";
+              {
-            value = "move container to workspace ${x}";
+                name = "${modifier}+Shift+${x}";
-          }
+                value = "move container to workspace ${x}";
-        ]) (lib.genList (x: toString (x + 1)) 9));
+              }
+            ]) (lib.genList (x: toString (x + 1)) 9)
+          );
     };
   };
 }

home/applications/swayidle/default.nix

@@ -3,36 +3,39 @@
   lib,
   config,
   ...
-}: {
+}:
+{
   imports = [
     ../swaylock
   ];
 
-  services.swayidle = let
+  services.swayidle =
-    lock = lib.getExe config.programs.swaylock.package;
+    let
-    brightness = lib.getExe pkgs.brightnessctl;
+      lock = lib.getExe config.programs.swaylock.package;
-  in {
+      brightness = lib.getExe pkgs.brightnessctl;
-    enable = true;
+    in
-    timeouts = [
+    {
-      {
+      enable = true;
-        timeout = 60 * 9;
+      timeouts = [
-        command = "${brightness} -s set 20%";
+        {
-        resumeCommand = "${brightness} -r";
+          timeout = 60 * 9;
-      }
+          command = "${brightness} -s set 20%";
-      {
+          resumeCommand = "${brightness} -r";
-        timeout = 60 * 10;
+        }
-        command = "systemctl suspend";
+        {
-      }
+          timeout = 60 * 10;
-    ];
+          command = "systemctl suspend";
-    events = [
+        }
-      {
+      ];
-        event = "lock";
+      events = [
-        command = lock;
+        {
-      }
+          event = "lock";
-      {
+          command = lock;
-        event = "before-sleep";
+        }
-        command = lock;
+        {
-      }
+          event = "before-sleep";
-    ];
+          command = lock;
-  };
+        }
+      ];
+    };
 }

home/applications/swaylock/default.nix

@@ -2,7 +2,8 @@
   inputs,
   pkgs,
   ...
-}: {
+}:
+{
   programs.swaylock = {
     enable = true;
     settings = {

home/applications/thunderbird/default.nix

@@ -1,14 +1,17 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   programs.thunderbird = {
     enable = true;
     package = pkgs.thunderbird-128;
     profiles.default = {
       isDefault = true;
       extraConfig = ''
-        ${builtins.readFile (builtins.fetchurl {
+        ${builtins.readFile (
-          url = "https://raw.githubusercontent.com/HorlogeSkynet/thunderbird-user.js/824edabe6303d6b85a32fcba96901706ed4c5922/user.js";
+          builtins.fetchurl {
-          sha256 = "0jg7i39yp21r66azlzk7978qj57rgb8c09d1hccpcw058isgymq6";
+            url = "https://raw.githubusercontent.com/HorlogeSkynet/thunderbird-user.js/824edabe6303d6b85a32fcba96901706ed4c5922/user.js";
-        })}
+            sha256 = "0jg7i39yp21r66azlzk7978qj57rgb8c09d1hccpcw058isgymq6";
+          }
+        )}
         ${builtins.readFile ./user-overrides.js}
       '';
     };

home/applications/tmux/default.nix

@@ -1,5 +1,6 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
-  home.packages = [pkgs.tmux];
+{
+  home.packages = [ pkgs.tmux ];
 
   xdg.configFile."tmux/tmux.conf".text = ''
     run-shell ${pkgs.tmuxPlugins.sensible.rtp}

home/applications/ydict/default.nix

@@ -1,5 +1,6 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
-  home.packages = [pkgs.ydict];
+{
+  home.packages = [ pkgs.ydict ];
   home.shellAliases = {
     "yd" = "ydict -c";
   };

home/default.nix

@@ -2,7 +2,8 @@
   lib,
   pkgs,
   ...
-}: {
+}:
+{
   home = {
     username = "guanranwang";
     homeDirectory = "/home/guanranwang";
@@ -33,20 +34,22 @@
     fd
   ];
 
-  programs.fish.functions = let
+  programs.fish.functions =
-    jq = lib.getExe pkgs.jq;
+    let
-    nix = lib.getExe pkgs.nix;
+      jq = lib.getExe pkgs.jq;
-    curl = lib.getExe pkgs.curl;
+      nix = lib.getExe pkgs.nix;
-  in {
+      curl = lib.getExe pkgs.curl;
-    "pb" = ''
+    in
-      ${jq} -Rns '{text: inputs}' | \
+    {
-        ${curl} -s -H 'Content-Type: application/json' --data-binary @- https://pb.ny4.dev | \
+      "pb" = ''
-        ${jq} -r '. | "https://pb.ny4.dev\(.path)"'
+        ${jq} -Rns '{text: inputs}' | \
-    '';
+          ${curl} -s -H 'Content-Type: application/json' --data-binary @- https://pb.ny4.dev | \
+          ${jq} -r '. | "https://pb.ny4.dev\(.path)"'
+      '';
 
-    "getmnter" = ''
+      "getmnter" = ''
-      ${nix} eval nixpkgs#{$argv}.meta.maintainers --json | \
+        ${nix} eval nixpkgs#{$argv}.meta.maintainers --json | \
-        ${jq} '.[].github | "@" + .' -r
+          ${jq} '.[].github | "@" + .' -r
-    '';
+      '';
-  };
+    };
 }

hosts/blacksteel/anti-feature.nix

@@ -1,7 +1,9 @@
-{lib, ...}: {
+{ lib, ... }:
+{
   nixpkgs.config = {
     allowNonSource = false;
-    allowNonSourcePredicate = pkg:
+    allowNonSourcePredicate =
+      pkg:
       lib.elem (lib.getName pkg) [
         "adoptopenjdk-hotspot-bin"
         "cargo-bootstrap"
@@ -13,7 +15,8 @@
       ];
 
     allowUnfree = false;
-    allowUnfreePredicate = pkg:
+    allowUnfreePredicate =
+      pkg:
       lib.elem (lib.getName pkg) [
         "broadcom-sta"
         "minecraft-server"

hosts/blacksteel/default.nix

@@ -3,7 +3,8 @@
   config,
   pkgs,
   ...
-}: {
+}:
+{
   imports = [
     # OS
     ../../nixos/profiles/sing-box
@@ -27,24 +28,25 @@
   system.stateVersion = "24.05";
 
   ######## Secrets
-  sops.secrets = lib.mapAttrs (_name: value: value // {sopsFile = ./secrets.yaml;}) {
+  sops.secrets = lib.mapAttrs (_name: value: value // { sopsFile = ./secrets.yaml; }) {
     "synapse/secret" = {
-      restartUnits = ["matrix-synapse.service"];
+      restartUnits = [ "matrix-synapse.service" ];
       owner = config.systemd.services.matrix-synapse.serviceConfig.User;
     };
     "synapse/oidc" = {
-      restartUnits = ["matrix-synapse.service"];
+      restartUnits = [ "matrix-synapse.service" ];
       owner = config.systemd.services.matrix-synapse.serviceConfig.User;
     };
     "syncv3/environment" = {
-      restartUnits = ["matrix-sliding-sync.service"];
+      restartUnits = [ "matrix-sliding-sync.service" ];
     };
     "mastodon/environment" = {
-      restartUnits = ["mastodon-web.service"];
+      restartUnits = [ "mastodon-web.service" ];
     };
     "cloudflared/secret" = {
-      restartUnits = ["cloudflared-tunnel-6222a3e0-98da-4325-be19-0f86a7318a41.service"];
+      restartUnits = [ "cloudflared-tunnel-6222a3e0-98da-4325-be19-0f86a7318a41.service" ];
-      owner = config.systemd.services."cloudflared-tunnel-6222a3e0-98da-4325-be19-0f86a7318a41".serviceConfig.User;
+      owner =
+        config.systemd.services."cloudflared-tunnel-6222a3e0-98da-4325-be19-0f86a7318a41".serviceConfig.User;
     };
   };
 
@@ -77,7 +79,10 @@
   };
 
   systemd.services.caddy.serviceConfig = {
-    SupplementaryGroups = ["mastodon" "matrix-synapse"];
+    SupplementaryGroups = [
+      "mastodon"
+      "matrix-synapse"
+    ];
   };
 
   services.postgresql = {

hosts/blacksteel/hardware-configuration.nix

@@ -2,7 +2,8 @@
   inputs,
   config,
   ...
-}: {
+}:
+{
   imports = [
     inputs.nixpkgs.nixosModules.notDetected
     inputs.nixos-hardware.nixosModules.apple-macbook-pro
@@ -14,9 +15,18 @@
 
   services.thermald.enable = true;
 
-  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
+  boot.initrd.availableKernelModules = [
-  boot.kernelModules = ["kvm-intel" "wl"];
+    "xhci_pci"
-  boot.extraModulePackages = [config.boot.kernelPackages.broadcom_sta];
+    "ahci"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.kernelModules = [
+    "kvm-intel"
+    "wl"
+  ];
+  boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
 
   nixpkgs.hostPlatform = "x86_64-linux";
 
@@ -26,7 +36,7 @@
     "/" = {
       device = "/dev/disk/by-uuid/ab9b92a9-b67b-43b4-b0d9-9dd59ccd594b";
       fsType = "btrfs";
-      options = ["subvol=@"];
+      options = [ "subvol=@" ];
     };
     "/boot" = {
       device = "/dev/disk/by-uuid/E5DE-9C92";
@@ -34,6 +44,6 @@
     };
   };
   swapDevices = [
-    {device = "/dev/disk/by-uuid/8a2e90a9-5cc2-40fc-82fe-69ef3cd88e29";}
+    { device = "/dev/disk/by-uuid/8a2e90a9-5cc2-40fc-82fe-69ef3cd88e29"; }
   ];
 }

hosts/blacksteel/services/mastodon.nix

@@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
   services.mastodon = {
     enable = true;
     localDomain = "ny4.dev";
@@ -30,7 +31,7 @@
 
   systemd.services.mastodon-web = {
     environment = config.networking.proxy.envVars;
-    serviceConfig.EnvironmentFile = [config.sops.secrets."mastodon/environment".path];
+    serviceConfig.EnvironmentFile = [ config.sops.secrets."mastodon/environment".path ];
   };
 
   systemd.services.mastodon-sidekiq-all.environment = config.networking.proxy.envVars;

hosts/blacksteel/services/matrix.nix

@@ -1,9 +1,10 @@
-{config, ...}: {
+{ config, ... }:
+{
   services.matrix-synapse = {
     enable = true;
     withJemalloc = true;
     enableRegistrationScript = false;
-    extraConfigFiles = [config.sops.secrets."synapse/secret".path];
+    extraConfigFiles = [ config.sops.secrets."synapse/secret".path ];
     settings = {
       server_name = "ny4.dev";
       public_baseurl = "https://matrix.ny4.dev";
@@ -14,7 +15,10 @@
           type = "http";
           resources = [
             {
-              names = ["client" "federation"];
+              names = [
+                "client"
+                "federation"
+              ];
               compress = true;
             }
           ];
@@ -29,7 +33,10 @@
           issuer = "https://id.ny4.dev/realms/ny4";
           client_id = "synapse";
           client_secret_path = config.sops.secrets."synapse/oidc".path;
-          scopes = ["openid" "profile"];
+          scopes = [
+            "openid"
+            "profile"
+          ];
           user_mapping_provider.config = {
             localpart_template = "{{ user.preferred_username }}";
             display_name_template = "{{ user.name }}";
@@ -43,7 +50,7 @@
 
   systemd.services.matrix-synapse = {
     environment = config.networking.proxy.envVars;
-    serviceConfig.RuntimeDirectory = ["matrix-synapse"];
+    serviceConfig.RuntimeDirectory = [ "matrix-synapse" ];
   };
 
   services.matrix-sliding-sync = {
@@ -56,7 +63,7 @@
   };
 
   systemd.services.matrix-sliding-sync.serviceConfig = {
-    RuntimeDirectory = ["matrix-sliding-sync"];
+    RuntimeDirectory = [ "matrix-sliding-sync" ];
-    SupplementaryGroups = ["matrix-synapse"];
+    SupplementaryGroups = [ "matrix-synapse" ];
   };
 }

hosts/blacksteel/services/minecraft.nix

@@ -2,7 +2,8 @@
   lib,
   pkgs,
   ...
-}: {
+}:
+{
   services.minecraft-server = {
     enable = true;
     eula = true;

hosts/blacksteel/services/qbittorrent.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   # TODO: https://github.com/NixOS/nixpkgs/pull/287923
   # currently running qbittorrent-nox with tmux :c
   environment.systemPackages = with pkgs; [

hosts/dust/anti-feature.nix

@@ -1,9 +1,11 @@
-{lib, ...}: {
+{ lib, ... }:
+{
   nixpkgs.config = {
     allowAliases = false;
 
     allowNonSource = false;
-    allowNonSourcePredicate = pkg:
+    allowNonSourcePredicate =
+      pkg:
       lib.elem (lib.getName pkg) [
         "cargo-bootstrap"
         "cef-binary"
@@ -15,7 +17,8 @@
       ];
 
     allowUnfree = false;
-    allowUnfreePredicate = pkg:
+    allowUnfreePredicate =
+      pkg:
       lib.elem (lib.getName pkg) [
         "fcitx5-pinyin-minecraft"
         "fcitx5-pinyin-moegirl"

hosts/dust/default.nix

@@ -2,7 +2,8 @@
   lib,
   pkgs,
   ...
-}: {
+}:
+{
   imports = [
     ../../nixos/profiles/sing-box
     ../../nixos/profiles/wireless
@@ -31,8 +32,8 @@
     yubikey-manager
   ];
 
-  networking.firewall.allowedTCPPorts = [53317];
+  networking.firewall.allowedTCPPorts = [ 53317 ];
-  networking.firewall.allowedUDPPorts = [53317];
+  networking.firewall.allowedUDPPorts = [ 53317 ];
 
   programs.adb.enable = true;
   programs.localsend.enable = true;
@@ -51,13 +52,13 @@
 
   # yubikey
   services.pcscd.enable = true;
-  services.udev.packages = [pkgs.yubikey-personalization];
+  services.udev.packages = [ pkgs.yubikey-personalization ];
 
   fonts = {
     enableDefaultPackages = false;
     packages = with pkgs; [
       (nerdfonts.override {
-        fonts = ["NerdFontsSymbolsOnly"];
+        fonts = [ "NerdFontsSymbolsOnly" ];
       })
       (inter.overrideAttrs {
         installPhase = ''
@@ -139,9 +140,9 @@
   security.polkit.enable = true;
   systemd.user.services.polkit-gnome-authentication-agent-1 = {
     description = "polkit-gnome-authentication-agent-1";
-    wantedBy = ["graphical-session.target"];
+    wantedBy = [ "graphical-session.target" ];
-    wants = ["graphical-session.target"];
+    wants = [ "graphical-session.target" ];
-    after = ["graphical-session.target"];
+    after = [ "graphical-session.target" ];
     serviceConfig = {
       Type = "simple";
       ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
@@ -151,11 +152,11 @@
     };
   };
 
-  security.pam.services.swaylock = {};
+  security.pam.services.swaylock = { };
   xdg.portal = {
     enable = true;
     wlr.enable = true;
-    extraPortals = [pkgs.xdg-desktop-portal-gtk];
+    extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
     # https://gitlab.archlinux.org/archlinux/packaging/packages/sway/-/blob/main/sway-portals.conf
     config."sway" = {
       default = "gtk";

hosts/dust/disko.nix

@@ -1,11 +1,15 @@
 let
   # compress-force: https://t.me/archlinuxcn_group/3054167
-  mountOptions = ["compress-force=zstd" "noatime"];
+  mountOptions = [
+    "compress-force=zstd"
+    "noatime"
+  ];
   cryptSettings = {
     allowDiscards = true;
     bypassWorkqueues = true;
   };
-in {
+in
+{
   disko.devices = {
     disk = {
       "one" = {
@@ -22,7 +26,10 @@ in {
                 type = "filesystem";
                 format = "vfat";
                 mountpoint = "/boot";
-                mountOptions = ["defaults" "umask=007"];
+                mountOptions = [
+                  "defaults"
+                  "umask=007"
+                ];
               };
             };
             "cryptroot" = {

hosts/dust/hardware-configuration.nix

@@ -1,4 +1,5 @@
-{inputs, ...}: {
+{ inputs, ... }:
+{
   imports = [
     inputs.nixpkgs.nixosModules.notDetected
     inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-12th-gen
@@ -21,12 +22,18 @@
   boot.loader.timeout = 0;
   boot.loader.efi.canTouchEfiVariables = true;
 
-  boot.kernelParams = ["ia32_emulation=0"];
+  boot.kernelParams = [ "ia32_emulation=0" ];
 
-  boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"];
+  boot.initrd.availableKernelModules = [
-  boot.initrd.kernelModules = [];
+    "xhci_pci"
-  boot.kernelModules = ["kvm-intel"];
+    "thunderbolt"
-  boot.extraModulePackages = [];
+    "nvme"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
 
   nixpkgs.hostPlatform = "x86_64-linux";
 }

hosts/dust/home/default.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   imports =
     [
       ./theme.nix

hosts/dust/home/theme.nix

@@ -3,7 +3,8 @@
   config,
   lib,
   ...
-}: {
+}:
+{
   home.pointerCursor = {
     name = "Adwaita";
     package = pkgs.adwaita-icon-theme;

hosts/dust/home/xdg-mime.nix

@@ -1,10 +1,11 @@
-{lib, ...}: {
+{ lib, ... }:
+{
   # https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types
   xdg.mimeApps = {
     enable = true;
     defaultApplications =
       {
-        "inode/directory" = ["org.gnome.Nautilus.desktop"];
+        "inode/directory" = [ "org.gnome.Nautilus.desktop" ];
       }
       ### Browser
       // lib.genAttrs [
@@ -13,7 +14,7 @@
         "x-scheme-handler/https"
         "x-scheme-handler/about"
         "x-scheme-handler/unknown"
-      ] (_n: ["firefox.desktop"])
+      ] (_n: [ "firefox.desktop" ])
       ### Audio player
       // lib.genAttrs [
         "audio/aac"
@@ -21,31 +22,31 @@
         "audio/mpeg"
         "audio/ogg"
         "audio/wav"
-      ] (_n: ["io.bassi.Amberol.desktop"])
+      ] (_n: [ "io.bassi.Amberol.desktop" ])
       ### Image viewer
       // lib.genAttrs [
         "image/gif"
         "image/jpeg"
         "image/png"
         "image/webp"
-      ] (_n: ["org.gnome.Loupe.desktop"])
+      ] (_n: [ "org.gnome.Loupe.desktop" ])
       ### Video player
       // lib.genAttrs [
         "video/mp4"
         "video/mpeg"
         "video/webm"
-      ] (_n: ["mpv.desktop"])
+      ] (_n: [ "mpv.desktop" ])
       ### Code editor
       // lib.genAttrs [
         "text/css"
         "text/html"
         "text/javascript"
         "text/plain"
-      ] (_n: ["nvim.desktop"])
+      ] (_n: [ "nvim.desktop" ])
       ### Mail client
       // lib.genAttrs [
         "x-scheme-handler/mailto"
         "x-scheme-handler/mid"
-      ] (_n: ["thunderbird.desktop"]);
+      ] (_n: [ "thunderbird.desktop" ]);
   };
 }

hosts/dust/impermanence.nix

@@ -1,5 +1,6 @@
-{lib, ...}: {
+{ lib, ... }:
-  sops.age.sshKeyPaths = lib.mkForce ["/persist/etc/ssh/ssh_host_ed25519_key"];
+{
+  sops.age.sshKeyPaths = lib.mkForce [ "/persist/etc/ssh/ssh_host_ed25519_key" ];
   fileSystems."/persist".neededForBoot = true;
   environment.persistence."/persist" = {
     hideMounts = true;

hosts/dust/lanzaboote.nix

@@ -1,5 +1,6 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
-  environment.systemPackages = [pkgs.sbctl];
+{
+  environment.systemPackages = [ pkgs.sbctl ];
   boot.lanzaboote = {
     enable = true;
     pkiBundle = "/etc/secureboot";

hosts/tyo0/anti-feature.nix

@@ -1,7 +1,9 @@
-{lib, ...}: {
+{ lib, ... }:
+{
   nixpkgs.config = {
     allowNonSource = false;
-    allowNonSourcePredicate = pkg:
+    allowNonSourcePredicate =
+      pkg:
       lib.elem (lib.getName pkg) [
         "adoptopenjdk-hotspot-bin"
         "cargo-bootstrap"
@@ -12,9 +14,11 @@
       ];
 
     allowUnfree = false;
-    allowUnfreePredicate = pkg:
+    allowUnfreePredicate =
-      lib.elem (lib.getName pkg) [
+      pkg:
-      ];
+      lib.elem (lib.getName pkg)
+        [
+        ];
 
     permittedInsecurePackages = [
       "cinny-4.1.0"

hosts/tyo0/default.nix

@@ -3,7 +3,8 @@
   modulesPath,
   pkgs,
   ...
-}: {
+}:
+{
   imports = [
     "${modulesPath}/virtualisation/amazon-image.nix"
     ./anti-feature.nix
@@ -33,27 +34,30 @@
   systemd.services."print-host-key".enable = false;
 
   ### Secrets
-  sops.secrets = lib.mapAttrs (_name: value: value // {sopsFile = ./secrets.yaml;}) {
+  sops.secrets = lib.mapAttrs (_name: value: value // { sopsFile = ./secrets.yaml; }) {
     "hysteria/auth" = {
-      restartUnits = ["hysteria.service"];
+      restartUnits = [ "hysteria.service" ];
     };
     "pixivfe/environment" = {
-      restartUnits = ["pixivfe.service"];
+      restartUnits = [ "pixivfe.service" ];
     };
     "searx/environment" = {
-      restartUnits = ["searx.service"];
+      restartUnits = [ "searx.service" ];
     };
     "miniflux/environment" = {
-      restartUnits = ["miniflux.service"];
+      restartUnits = [ "miniflux.service" ];
     };
     "vaultwarden/environment" = {
-      restartUnits = ["vaultwarden.service"];
+      restartUnits = [ "vaultwarden.service" ];
     };
   };
 
   ### Services
-  networking.firewall.allowedUDPPorts = [443]; # hysteria
+  networking.firewall.allowedUDPPorts = [ 443 ]; # hysteria
-  networking.firewall.allowedTCPPorts = [80 443]; # caddy
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ]; # caddy
 
   systemd.tmpfiles.settings = {
     "10-www" = {
@@ -76,7 +80,7 @@
       "cinny" = pkgs.cinny.override {
         conf = {
           defaultHomeserver = 0;
-          homeserverList = ["ny4.dev"];
+          homeserverList = [ "ny4.dev" ];
         };
       };
     };
@@ -122,7 +126,12 @@
   services.vnstat.enable = true;
   systemd.services."no-bankrupt" = {
     serviceConfig.Type = "oneshot";
-    path = with pkgs; [coreutils gawk vnstat systemd];
+    path = with pkgs; [
+      coreutils
+      gawk
+      vnstat
+      systemd
+    ];
     script = ''
       TRAFF_TOTAL=1900
       TRAFF_USED=$(vnstat --oneline b | awk -F ';' '{print $11}')

hosts/tyo0/services/forgejo.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   services.forgejo = {
     enable = true;
     package = pkgs.forgejo;

hosts/tyo0/services/hysteria.nix

@@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
   services.hysteria = {
     enable = true;
     settings = {

hosts/tyo0/services/keycloak.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   services.keycloak = {
     enable = true;
     settings = {

hosts/tyo0/services/miniflux.nix

@@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
   services.miniflux = {
     enable = true;
     adminCredentialsFile = config.sops.secrets."miniflux/environment".path;

hosts/tyo0/services/ntfy.nix

@@ -10,5 +10,5 @@
     };
   };
 
-  systemd.services.ntfy-sh.serviceConfig.RuntimeDirectory = ["ntfy-sh"];
+  systemd.services.ntfy-sh.serviceConfig.RuntimeDirectory = [ "ntfy-sh" ];
 }

hosts/tyo0/services/pixivfe.nix

@@ -2,7 +2,8 @@
   pkgs,
   config,
   ...
-}: {
+}:
+{
   services.pixivfe = {
     enable = true;
     EnvironmentFile = config.sops.secrets."pixivfe/environment".path;
@@ -13,7 +14,7 @@
   };
 
   systemd.services.pixivfe.serviceConfig = {
-    RuntimeDirectory = ["pixivfe"];
+    RuntimeDirectory = [ "pixivfe" ];
     ExecStartPost = pkgs.writeShellScript "pixivfe-unixsocket" ''
       ${pkgs.coreutils}/bin/sleep 5
       ${pkgs.coreutils}/bin/chmod 777 /run/pixivfe/pixiv.sock

hosts/tyo0/services/searx.nix

@@ -2,7 +2,8 @@
   pkgs,
   config,
   ...
-}: {
+}:
+{
   services.searx = {
     enable = true;
     package = pkgs.searxng;

hosts/tyo0/services/vaultwarden.nix

@@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
   services.vaultwarden = {
     enable = true;
     environmentFile = config.sops.secrets."vaultwarden/environment".path;

nixos/modules/default.nix

@@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
   imports = [
     ./services/hysteria.nix
     ./services/pixivfe.nix

nixos/modules/services/hysteria.nix

@@ -4,17 +4,22 @@
   pkgs,
   utils,
   ...
-}: let
+}:
+let
   cfg = config.services.hysteria;
-  settingsFormat = pkgs.formats.json {};
+  settingsFormat = pkgs.formats.json { };
-in {
+in
+{
   options.services.hysteria = {
     enable = lib.mkEnableOption "Hysteria, a powerful, lightning fast and censorship resistant proxy";
 
-    package = lib.mkPackageOption pkgs "hysteria" {};
+    package = lib.mkPackageOption pkgs "hysteria" { };
 
     mode = lib.mkOption {
-      type = lib.types.enum ["server" "client"];
+      type = lib.types.enum [
+        "server"
+        "client"
+      ];
       default = "server";
       description = "Whether to use Hysteria as a client or a server.";
     };
@@ -23,7 +28,7 @@ in {
       type = lib.types.submodule {
         freeformType = settingsFormat.type;
       };
-      default = {};
+      default = { };
       description = ''
         The Hysteria configuration, see https://hysteria.network/ for documentation.
 
@@ -38,10 +43,10 @@ in {
   config = lib.mkIf cfg.enable {
     systemd.services."hysteria" = {
       description = "Hysteria daemon, a powerful, lightning fast and censorship resistant proxy.";
-      documentation = ["https://hysteria.network/"];
+      documentation = [ "https://hysteria.network/" ];
-      wantedBy = ["multi-user.target"];
+      wantedBy = [ "multi-user.target" ];
-      after = ["network-online.target"];
+      after = [ "network-online.target" ];
-      wants = ["network-online.target"];
+      wants = [ "network-online.target" ];
       preStart = utils.genJqSecretsReplacementSnippet cfg.settings "/var/lib/private/hysteria/config.json";
       serviceConfig = {
         ExecStart = lib.concatStringsSep " " [
@@ -54,8 +59,16 @@ in {
         StateDirectory = "hysteria";
 
         ### Hardening
-        AmbientCapabilities = ["CAP_NET_ADMIN" "CAP_NET_BIND_SERVICE" "CAP_NET_RAW"];
+        AmbientCapabilities = [
-        CapabilityBoundingSet = ["CAP_NET_ADMIN" "CAP_NET_BIND_SERVICE" "CAP_NET_RAW"];
+          "CAP_NET_ADMIN"
+          "CAP_NET_BIND_SERVICE"
+          "CAP_NET_RAW"
+        ];
+        CapabilityBoundingSet = [
+          "CAP_NET_ADMIN"
+          "CAP_NET_BIND_SERVICE"
+          "CAP_NET_RAW"
+        ];
         NoNewPrivileges = true;
         PrivateMounts = true;
         PrivateTmp = true;

nixos/modules/services/pixivfe.nix

@@ -4,13 +4,17 @@
   inputs,
   pkgs,
   ...
-}: let
+}:
+let
   cfg = config.services.pixivfe;
-in {
+in
+{
   options.services.pixivfe = {
     enable = lib.mkEnableOption "PixivFE, a privacy respecting frontend for Pixiv";
 
-    package = lib.mkPackageOption inputs.self.legacyPackages.${pkgs.stdenv.hostPlatform.system} "pixivfe" {};
+    package =
+      lib.mkPackageOption inputs.self.legacyPackages.${pkgs.stdenv.hostPlatform.system} "pixivfe"
+        { };
 
     openFirewall = lib.mkEnableOption "open ports in the firewall needed for the daemon to function";
 
@@ -46,10 +50,7 @@ in {
   config = lib.mkIf cfg.enable {
     assertions = [
       {
-        assertion =
+        assertion = if cfg.openFirewall then (cfg.settings ? PIXIVFE_PORT) else true;
-          if cfg.openFirewall
-          then (cfg.settings ? PIXIVFE_PORT)
-          else true;
         message = ''
           PIXIVFE_PORT must be specified for NixOS to open a port.
 
@@ -58,9 +59,10 @@ in {
       }
       {
         assertion =
-          if (cfg.EnvironmentFile == null)
+          if (cfg.EnvironmentFile == null) then
-          then (cfg.settings ? PIXIVFE_UNIXSOCKET) || (cfg.settings ? PIXIVFE_PORT)
+            (cfg.settings ? PIXIVFE_UNIXSOCKET) || (cfg.settings ? PIXIVFE_PORT)
-          else true;
+          else
+            true;
         message = ''
           PIXIVFE_PORT or PIXIVFE_UNIXSOCKET must be set for PixivFE to run.
 
@@ -68,10 +70,7 @@ in {
         '';
       }
       {
-        assertion =
+        assertion = if (cfg.EnvironmentFile == null) then cfg.settings ? PIXIVFE_TOKEN else true;
-          if (cfg.EnvironmentFile == null)
-          then cfg.settings ? PIXIVFE_TOKEN
-          else true;
         message = ''
           PIXIVFE_TOKEN must be set for PixivFE to run.
 
@@ -82,23 +81,21 @@ in {
 
     systemd.services."pixivfe" = {
       description = "PixivFE, a privacy respecting frontend for Pixiv.";
-      documentation = ["https://pixivfe.pages.dev/"];
+      documentation = [ "https://pixivfe.pages.dev/" ];
-      wantedBy = ["multi-user.target"];
+      wantedBy = [ "multi-user.target" ];
-      after = ["network-online.target"];
+      after = [ "network-online.target" ];
-      wants = ["network-online.target"];
+      wants = [ "network-online.target" ];
-      environment = lib.mkIf (cfg.settings != null) (lib.mapAttrs (_: v:
+      environment = lib.mkIf (cfg.settings != null) (
-        if lib.isBool v
+        lib.mapAttrs (_: v: if lib.isBool v then lib.boolToString v else toString v) cfg.settings
-        then lib.boolToString v
+      );
-        else toString v)
-      cfg.settings);
       serviceConfig = {
         inherit (cfg) EnvironmentFile;
         ExecStart = lib.getExe cfg.package;
         DynamicUser = true;
 
         ### Hardening
-        AmbientCapabilities = ["CAP_NET_BIND_SERVICE"]; # For ports <= 1024
+        AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; # For ports <= 1024
-        CapabilityBoundingSet = ["CAP_NET_BIND_SERVICE"];
+        CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
         NoNewPrivileges = true;
         PrivateMounts = true;
         PrivateTmp = true;
@@ -122,7 +119,7 @@ in {
     };
 
     networking.firewall = lib.mkIf cfg.openFirewall {
-      allowedTCPPorts = [cfg.settings.PIXIVFE_PORT];
+      allowedTCPPorts = [ cfg.settings.PIXIVFE_PORT ];
     };
   };
 }

nixos/profiles/core/default.nix

@@ -4,7 +4,8 @@
   inputs,
   pkgs,
   ...
-}: {
+}:
+{
   imports =
     [
       ./hardening.nix
@@ -29,7 +30,9 @@
     users.guanranwang = import ../../../home;
     useGlobalPkgs = true;
     useUserPackages = true;
-    extraSpecialArgs = {inherit inputs;};
+    extraSpecialArgs = {
+      inherit inputs;
+    };
   };
 
   boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
@@ -80,13 +83,13 @@
 
   # Avoid TOFU MITM with github by providing their public key here.
   programs.ssh.knownHosts = {
-    "github.com".hostNames = ["github.com"];
+    "github.com".hostNames = [ "github.com" ];
     "github.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
 
-    "gitlab.com".hostNames = ["gitlab.com"];
+    "gitlab.com".hostNames = [ "gitlab.com" ];
     "gitlab.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf";
 
-    "git.sr.ht".hostNames = ["git.sr.ht"];
+    "git.sr.ht".hostNames = [ "git.sr.ht" ];
     "git.sr.ht".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvRd4EtM7R+IHVMWmDkVU3VLQTSwQDSAvW0t2Tkj60";
   };
 
@@ -120,8 +123,8 @@
   ### sops-nix
   sops = {
     defaultSopsFile = ../../../secrets.yaml;
-    age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
-    gnupg.sshKeyPaths = [];
+    gnupg.sshKeyPaths = [ ];
     secrets."hashed-passwd".neededForUsers = true;
   };
 }

nixos/profiles/core/networking.nix

@@ -2,7 +2,7 @@
   services.resolved.enable = true;
 
   ### https://wiki.archlinux.org/title/Sysctl#Improving_performance
-  boot.kernelModules = ["tcp_bbr"];
+  boot.kernelModules = [ "tcp_bbr" ];
   boot.kernel.sysctl = {
     "net.core.default_qdisc" = "cake";
     "net.ipv4.tcp_congestion_control" = "bbr";

nixos/profiles/core/nix.nix

@@ -3,7 +3,8 @@
   config,
   inputs,
   ...
-}: {
+}:
+{
   nix.settings = {
     substituters =
       (lib.optionals (config.time.timeZone == "Asia/Shanghai") [
@@ -26,7 +27,7 @@
       "no-url-literals"
     ];
     flake-registry = "";
-    trusted-users = ["@wheel"];
+    trusted-users = [ "@wheel" ];
     allow-import-from-derivation = false;
     auto-allocate-uids = true;
     auto-optimise-store = true;
@@ -38,7 +39,7 @@
   nix = {
     # Add each flake input as a registry
     # To make nix3 commands consistent with the flake
-    registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
+    registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
 
     # Disable nix-channel
     channel.enable = false;
@@ -52,7 +53,7 @@
     extraOptions = "!include ${config.sops.secrets.nix-access-tokens.path}";
   };
 
-  users.groups."nix-access-tokens" = {};
+  users.groups."nix-access-tokens" = { };
   sops.secrets."nix-access-tokens" = {
     group = config.users.groups."nix-access-tokens".name;
     mode = "0440";

nixos/profiles/core/zram.nix

@@ -1,4 +1,5 @@
-{lib, ...}: {
+{ lib, ... }:
+{
   services.zram-generator = {
     enable = true;
     settings.zram0 = {

nixos/profiles/server/default.nix

@@ -2,14 +2,16 @@
   pkgs,
   config,
   ...
-}: {
+}:
+{
   environment.systemPackages = with pkgs; [
     foot.terminfo
   ];
 
   # TODO: colmena
   services.openssh.settings.PermitRootLogin = "prohibit-password";
-  users.users."root".openssh.authorizedKeys.keys = config.users.users.guanranwang.openssh.authorizedKeys.keys;
+  users.users."root".openssh.authorizedKeys.keys =
+    config.users.users.guanranwang.openssh.authorizedKeys.keys;
 
   time.timeZone = "UTC";
 }

nixos/profiles/sing-box/default.nix

@@ -2,7 +2,8 @@
   pkgs,
   config,
   ...
-}: {
+}:
+{
   services.sing-box = {
     enable = true;
     settings = {
@@ -94,16 +95,18 @@
     httpsProxy = "http://127.0.0.1:1080/";
   };
 
-  environment.shellAliases = let
+  environment.shellAliases =
-    inherit (config.networking.proxy) httpProxy httpsProxy;
+    let
-  in {
+      inherit (config.networking.proxy) httpProxy httpsProxy;
-    "setproxy" = "export http_proxy=${httpProxy} https_proxy=${httpsProxy}";
+    in
-    "unsetproxy" = "set -e http_proxy https_proxy";
+    {
-  };
+      "setproxy" = "export http_proxy=${httpProxy} https_proxy=${httpsProxy}";
+      "unsetproxy" = "set -e http_proxy https_proxy";
+    };
 
   ### sops-nix
   sops.secrets."sing-box/tyo0" = {
-    restartUnits = ["sing-box.service"];
+    restartUnits = [ "sing-box.service" ];
     sopsFile = ./secrets.yaml;
   };
 }

nixos/profiles/wireless/default.nix

@@ -1,5 +1,6 @@
-{lib, ...}: {
+{ lib, ... }:
-  sops.secrets = lib.mapAttrs (_name: value: value // {sopsFile = ./secrets.yaml;}) {
+{
+  sops.secrets = lib.mapAttrs (_name: value: value // { sopsFile = ./secrets.yaml; }) {
     "wireless/wangxiaobo".path = "/var/lib/iwd/wangxiaobo.psk";
     "wireless/ImmortalWrt".path = "/var/lib/iwd/ImmortalWrt.psk";
   };

overlays/default.nix

@@ -1,9 +1,11 @@
 let
-  addPatches = pkg: patches:
+  addPatches =
+    pkg: patches:
     pkg.overrideAttrs (old: {
-      patches = (old.patches or []) ++ patches;
+      patches = (old.patches or [ ]) ++ patches;
     });
-in {
+in
+{
   patches = _final: prev: {
     # https://aur.archlinux.org/pkgbase/nautilus-typeahead
     nautilus = prev.nautilus.overrideAttrs {
@@ -21,39 +23,42 @@ in {
       '';
     };
 
-    qt6Packages = prev.qt6Packages.overrideScope (_final': prev': {
+    qt6Packages = prev.qt6Packages.overrideScope (
-      # HACK: no more qt5
+      _final': prev': {
-      fcitx5-with-addons = prev'.fcitx5-with-addons.override {
+        # HACK: no more qt5
-        libsForQt5.fcitx5-qt = prev.emptyDirectory;
+        fcitx5-with-addons = prev'.fcitx5-with-addons.override {
-      };
+          libsForQt5.fcitx5-qt = prev.emptyDirectory;
+        };
 
-      # HACK: no more qtwebengine, opencc
+        # HACK: no more qtwebengine, opencc
-      fcitx5-chinese-addons =
+        fcitx5-chinese-addons =
-        (prev'.fcitx5-chinese-addons.override {
+          (prev'.fcitx5-chinese-addons.override {
-          curl = prev.emptyDirectory;
+            curl = prev.emptyDirectory;
-          opencc = prev.emptyDirectory;
+            opencc = prev.emptyDirectory;
-          qtwebengine = prev.emptyDirectory;
+            qtwebengine = prev.emptyDirectory;
-        })
+          }).overrideAttrs
-        .overrideAttrs (oldAttrs: {
+            (oldAttrs: {
-          buildInputs = oldAttrs.buildInputs ++ [prev.gettext prev'.qtbase];
+              buildInputs = oldAttrs.buildInputs ++ [
-          cmakeFlags =
+                prev.gettext
-            oldAttrs.cmakeFlags
+                prev'.qtbase
-            ++ [
+              ];
-              (prev.lib.cmakeBool "ENABLE_BROWSER" false)
+              cmakeFlags = oldAttrs.cmakeFlags ++ [
-              (prev.lib.cmakeBool "ENABLE_CLOUDPINYIN" false)
+                (prev.lib.cmakeBool "ENABLE_BROWSER" false)
-              (prev.lib.cmakeBool "ENABLE_OPENCC" false)
+                (prev.lib.cmakeBool "ENABLE_CLOUDPINYIN" false)
-            ];
+                (prev.lib.cmakeBool "ENABLE_OPENCC" false)
-        });
+              ];
-    });
+            });
+      }
+    );
 
     # HACK: no more gtk2
     gnome-themes-extra =
       (prev.gnome-themes-extra.override {
         gtk2 = prev.emptyDirectory;
-      })
+      }).overrideAttrs
-      .overrideAttrs {
+        {
-        configureFlags = ["--disable-gtk2-engine"];
+          configureFlags = [ "--disable-gtk2-engine" ];
-      };
+        };
 
     sway-unwrapped = addPatches prev.sway-unwrapped [
       # text_input: Implement input-method popups

pkgs/default.nix

@@ -1,10 +1,12 @@
 # NOTE: 301: All packages are migrated to `github:Guanran928/nur-packages`,
 #       only keeping some packages that only fits for personal use.
-pkgs: let
+pkgs:
+let
   inherit (pkgs) callPackage;
-in {
+in
+{
   # https://github.com/NixOS/nixpkgs/pull/308720
-  pixivfe = callPackage ./pixivfe.nix {};
+  pixivfe = callPackage ./pixivfe.nix { };
 
   background = pkgs.nixos-artwork.wallpapers.nineish-dark-gray.src;
 }

pkgs/pixivfe.nix

@@ -23,7 +23,7 @@ buildGoModule rec {
     "-w"
   ];
 
-  nativeBuildInputs = [makeBinaryWrapper];
+  nativeBuildInputs = [ makeBinaryWrapper ];
 
   postInstall = ''
     mkdir -p $out/share/pixivfe
@@ -37,7 +37,7 @@ buildGoModule rec {
     homepage = "https://codeberg.org/VnPower/PixivFE";
     license = lib.licenses.agpl3Only;
     mainProgram = "pixivfe";
-    maintainers = with lib.maintainers; [Guanran928];
+    maintainers = with lib.maintainers; [ Guanran928 ];
     platforms = lib.platforms.linux;
   };
 }

treefmt.nix

@@ -2,7 +2,7 @@
   projectRootFile = "flake.nix";
 
   ### nix
-  programs.alejandra.enable = true;
+  programs.nixfmt.enable = true;
   programs.deadnix.enable = true;
   programs.statix.enable = true;