age: update sshconfig

Reviewed-on: https://codeberg.org/leana8959/.files/pulls/21
Co-authored-by: Léana 江 <leana.jiang+git@icloud.com>
Co-committed-by: Léana 江 <leana.jiang+git@icloud.com>

.config/nvim/ftplugin/haskell.lua

@@ -5,4 +5,4 @@ vim.bo.shiftwidth = 2
 vim.bo.expandtab = true
 
 -- useful for CPP extension
-vim.o.smartindent = true
+vim.bo.smartindent = true

.config/nvim/plugin/lsp.lua

@@ -21,7 +21,7 @@ local servers = {
     tinymist = {},
     nil_ls = {
         settings = {
-            ["nil"] = { formatting = { command = { "alejandra" } } },
+            ["nil"] = { formatting = { command = { "nixfmt" } } },
         },
     },
 }

.git-blame-ignore-revs

@@ -7,3 +7,6 @@ e91471432f7b7e3e5cb6cdb245819998d6653b5e
 
 # Reformat with stylua
 94ab5d51f10e609cee0159636c29cd404e3a6570
+
+# Reformat with nixfmt
+ebf84688079b537b3a34a7f5decdf30e165b7933

README.md

@@ -53,6 +53,30 @@ The `(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")` allows this.
 
 - profit
 
+## Hetzner, nixos-anywhere
+References:
+- <https://github.com/nix-community/nixos-anywhere/blob/main/docs/quickstart.md>
+- <https://wiki.nixos.org/wiki/Install_NixOS_on_Hetzner_Cloud>
+
+I haven't figured out how to use raid on this machine, as it failed half-way
+through the installer when I used the raid configuration.
+
+### Pitfalls
+- nixos-anywhere will wipe the disk, even if you use the flag `--generate-hardware-config`.
+
+- The command is quite long and isn't non-flake friendly.
+  Note that the diskoScript has to come before toplevel derivation.
+  Read more on the order <https://github.com/nix-community/nixos-anywhere/issues/597>.
+  ```fish
+  nixos-anywhere \
+      --generate-hardware-config nixos-generate-config ./hardware-configuration.nix \
+      -i <ssh_identity> \
+      --store-paths $(nix-build --no-out-link \
+          -A nixosConfigurations.hetzner_benchmark.config.system.build.diskoScript \
+          -A nixosConfigurations.hetzner_benchmark.config.system.build.toplevel) \
+      <user>@<host>
+  ```
+
 # Pitfalls
 ## `users.mutableUsers`
 NEVER set this to true without declaratively setting the passwords.

default.nix

@@ -1,22 +1,33 @@
-{sources ? import ./npins}: {
+{
+  sources ? import ./npins,
+}:
+{
   # for repl sessions
   inherit sources;
   lib = import (sources.nixpkgs + "/lib");
 
-  nixosConfigurations = builtins.mapAttrs (_: import (sources.nixpkgs + "/nixos/lib/eval-config.nix")) {
+  nixosConfigurations =
+    builtins.mapAttrs (_: import (sources.nixpkgs + "/nixos/lib/eval-config.nix"))
+      {
         vanadium = {
           system = "x86_64-linux";
-      modules = [./nix/configurations/vanadium.nix];
+          modules = [ ./nix/configurations/vanadium.nix ];
         };
         hydrogen = {
           system = "aarch64-linux";
-      modules = [./nix/configurations/hydrogen.nix];
+          modules = [ ./nix/configurations/hydrogen.nix ];
         };
         installer = {
           system = "x86_64-linux";
-      modules = [./nix/configurations/installer.nix];
+          modules = [ ./nix/configurations/installer.nix ];
+        };
+
+        # Not mine, rented on hetzner
+        hetzner_benchmark = {
+          system = "x86_64-linux";
+          modules = [ ./nix/configurations/hetzner_benchmark.nix ];
         };
       };
 
-  packages = import ./nix/packages {inherit sources;};
+  packages = import ./nix/packages { inherit sources; };
 }

nix/configurations/hetzner_benchmark.nix

@@ -0,0 +1,111 @@
+# The hetzner machine rented to benchmark the cabal comment parser
+let
+  sources = import ../../npins;
+
+  hostname = "hetzner_benchmark";
+  username = "leana";
+in
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
+let
+  inherit (lib.modules) mkAliasOptionModule;
+in
+{
+  imports = [
+    #
+    # Shorthands
+    #
+    (mkAliasOptionModule [ "me" ] [ "users" "users" username ])
+    (mkAliasOptionModule [ "hm" ] [ "home-manager" "users" username ])
+
+    #
+    # hostname
+    #
+    { _module.args = { inherit hostname; }; }
+
+    #
+    # nixpkgs
+    #
+    {
+      nixpkgs = {
+        overlays = map import [
+          ../packages/overlay.nix
+
+          # use lix everywhere and wrap it with nom
+          ../overlays/lix.nix
+          ../overlays/nix-monitored.nix
+        ];
+
+        # Set NIX_PATH and flake registry at the same time
+        # https://github.com/NixOS/nixpkgs/pull/254405
+        flake.source = sources.nixpkgs;
+      };
+
+      nix.package = pkgs.nix-monitored;
+
+      system.nixos.version = lib.substring 0 8 sources.nixpkgs.revision;
+    }
+
+    ./hetzner_benchmark/nixos/hardware-configuration.nix
+    ./hetzner_benchmark/nixos/misc.nix
+
+    ../nixosModules/common/fish.nix
+    ../nixosModules/common/disable-command-not-found.nix
+    ../nixosModules/common/network.nix
+    ../nixosModules/common/sudo-conf.nix
+    ../nixosModules/common/system-nixconf.nix
+
+    ../nixosModules/extra/leana.nix
+
+    #
+    # Extern modules
+    #
+    (sources.disko + "/module.nix")
+    ../disko/hetzner_benchmark/ext4.nix
+
+    #
+    # home-manager
+    #
+    (sources.home-manager + "/nixos")
+    {
+      home-manager = {
+        useGlobalPkgs = true;
+        useUserPackages = true;
+        sharedModules = [ { home.stateVersion = lib.mkDefault config.system.stateVersion; } ];
+      };
+
+      hm.imports = [
+        #
+        # hostname
+        #
+        { _module.args = { inherit hostname; }; }
+
+        #
+        # home modules
+        #
+        ./hetzner_benchmark/home/programs.nix
+        ./hetzner_benchmark/home/dev.nix
+
+        ../homeModules/common/btop
+        ../homeModules/common/fish
+        ../homeModules/common/starship
+        ../homeModules/common/fzf.nix
+        ../homeModules/common/tmux
+        ../homeModules/common/vim
+        ../homeModules/common/direnv.nix
+        ../homeModules/common/git.nix
+        ../homeModules/common/gpg.nix
+        ../homeModules/common/leana.nix
+        ../homeModules/common/locale.nix
+        ../homeModules/common/packages.nix
+        ../homeModules/common/tealdeer.nix
+
+        ../homeModules/extra/tmux-fish-integration.nix
+      ];
+    }
+  ];
+}

nix/configurations/hetzner_benchmark/home/dev.nix

@@ -0,0 +1,23 @@
+{
+  programs.git = {
+    enable = true;
+    signing.signByDefault = false; # no need to setup the key
+  };
+
+  programs.gpg.enable = true;
+
+  nix = {
+    settings = {
+      extra-substituters = [
+        "https://ghc-nix.cachix.org"
+        "https://haskell-language-server.cachix.org"
+        "https://cache.iog.io"
+      ];
+      extra-trusted-public-keys = [
+        "ghc-nix.cachix.org-1:ziC/I4BPqeA4VbtOFpFpu6D1t6ymFvRWke/lc2+qjcg="
+        "haskell-language-server.cachix.org-1:juFfHrwkOxqIOZShtC4YC1uT1bBcq2RSvC7OMKx0Nz8="
+        "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ="
+      ];
+    };
+  };
+}

nix/configurations/hetzner_benchmark/home/programs.nix

@@ -0,0 +1,54 @@
+# TODO: remove some packages for this machine
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+{
+  home.sessionVariables =
+    let
+      fishCfg = config.programs.fish;
+    in
+    {
+      "SHELL" = lib.mkIf fishCfg.enable (lib.getExe fishCfg.package);
+    };
+
+  home.packages = [
+    pkgs.stow
+    pkgs.zip
+    pkgs.unzip
+    pkgs.gnutar
+    pkgs.p7zip
+    pkgs.bc
+    pkgs.dig
+    pkgs.hutils
+
+    # pretty tui tools
+    pkgs.du-dust
+    pkgs.tokei
+    pkgs.hyperfine
+    pkgs.watchexec
+    pkgs.onefetch
+    pkgs.just
+  ];
+
+  programs = {
+    neovim = {
+      enable = true;
+      defaultEditor = true;
+    };
+    lazygit.enable = true;
+    fish.enable = true;
+    starship.enable = true;
+    tmux.enable = true;
+    direnv.enable = true;
+    ripgrep.enable = true;
+
+    btop.enable = true;
+  };
+
+  services = {
+    gpg-agent.enable = true;
+  };
+}

nix/configurations/hetzner_benchmark/nixos/hardware-configuration.nix

@@ -0,0 +1,35 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "nvme"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp41s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

nix/configurations/hetzner_benchmark/nixos/misc.nix

@@ -0,0 +1,13 @@
+{
+  boot.loader.grub.enable = true;
+
+  services.openssh.enable = true;
+
+  users.users = {
+    "root".openssh.authorizedKeys.keys = import ../../../identities.nix ++ [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFza3UN1gWQqh//FkJBzmssQ4lxHdllQGfqPHzG4LQI8 benchmark-machine"
+    ];
+  };
+
+  system.stateVersion = "25.05";
+}

nix/configurations/hydrogen.nix

@@ -4,15 +4,17 @@ let
   hostname = "hydrogen";
   username = "leana";
 in
-  {
+{
   modulesPath,
   config,
   pkgs,
   lib,
   ...
-  }: let
+}:
+let
   inherit (lib.modules) mkAliasOptionModule;
-  in {
+in
+{
   imports = [
     # The generator and hardware configuration
     (modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
@@ -20,13 +22,13 @@ in
     #
     # Shorthands
     #
-      (mkAliasOptionModule ["me"] ["users" "users" username])
+    (mkAliasOptionModule [ "me" ] [ "users" "users" username ])
-      (mkAliasOptionModule ["hm"] ["home-manager" "users" username])
+    (mkAliasOptionModule [ "hm" ] [ "home-manager" "users" username ])
 
     #
     # hostname
     #
-      {_module.args = {inherit hostname;};}
+    { _module.args = { inherit hostname; }; }
 
     #
     # nixpkgs
@@ -85,14 +87,14 @@ in
       home-manager = {
         useGlobalPkgs = true;
         useUserPackages = true;
-          sharedModules = [{home.stateVersion = lib.mkDefault config.system.stateVersion;}];
+        sharedModules = [ { home.stateVersion = lib.mkDefault config.system.stateVersion; } ];
       };
 
       hm.imports = [
         #
         # hostname
         #
-          {_module.args = {inherit hostname;};}
+        { _module.args = { inherit hostname; }; }
 
         #
         # home modules
@@ -120,7 +122,6 @@ in
         # Extern modules
         #
         (sources.agenix + "/modules/age-home.nix")
-          (import sources.wired-notify).homeManagerModules.default
       ];
     }
 
@@ -133,4 +134,4 @@ in
       };
     }
   ];
-  }
+}

nix/configurations/hydrogen/home/dev.nix

@@ -1,6 +1,6 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   home.packages = [
-    pkgs.nil # nix
     pkgs.pyright # python
   ];
 

nix/configurations/hydrogen/home/programs.nix

@@ -3,10 +3,13 @@
   lib,
   config,
   ...
-}: {
+}:
-  home.sessionVariables = let
+{
+  home.sessionVariables =
+    let
       fishCfg = config.programs.fish;
-  in {
+    in
+    {
       "SHELL" = lib.mkIf fishCfg.enable (lib.getExe fishCfg.package);
     };
 
@@ -21,23 +24,15 @@
     pkgs.dig
     pkgs.hutils
     pkgs.miniserve
-    pkgs.agenix
     pkgs.nix-which
 
-    # pretty tui tools
+    # # pretty tui tools
-    pkgs.du-dust
+    # pkgs.du-dust
-    pkgs.tokei
+    # pkgs.tokei
-    pkgs.hyperfine
+    # pkgs.hyperfine
-    pkgs.watchexec
+    # pkgs.watchexec
-    pkgs.onefetch
+    # pkgs.onefetch
-    pkgs.just
+    # pkgs.just
-
-    # nix tools
-    pkgs.alejandra
-    pkgs.nurl
-    pkgs.npins
-    pkgs.nix-tree
-    pkgs.nh
   ];
 
   programs = {

nix/configurations/hydrogen/nixos/connectivity.nix

@@ -2,7 +2,8 @@
   config,
   lib,
   ...
-}: {
+}:
+{
   users.users.root.openssh.authorizedKeys.keys = import ../../../identities.nix;
 
   networking = {
@@ -22,13 +23,12 @@
       userControlled.enable = true;
       secretsFile = config.age.secrets.wpa_password.path;
       scanOnLowSignal = false;
-      networks = let
+      networks =
+        let
           fromList = import ../../../networks/wpa_supplicant-compat.nix;
           networks = import ../../../networks/list.nix;
         in
-        fromList (
+        fromList (builtins.filter (x: x.ssid == "~") networks);
-          builtins.filter (x: x.ssid == "~") networks
-        );
     };
   };
 

nix/configurations/hydrogen/nixos/misc.nix

@@ -13,8 +13,7 @@
   # modprobe: FATAL: Module sun4i-drm not found in directory /nix/store/gvvwpdckzcr4iamp1iyrqw3nzb7bg6c4-linux-rpi-6.6.51-stable_20241008-modules/lib/modules/6.6.51
   nixpkgs.overlays = [
     (final: prev: {
-      makeModulesClosure = x:
+      makeModulesClosure = x: prev.makeModulesClosure (x // { allowMissing = true; });
-        prev.makeModulesClosure (x // {allowMissing = true;});
     })
   ];
 }

nix/configurations/hydrogen/nixos/programs.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   environment.systemPackages = [
     pkgs.man-pages
     pkgs.man-pages-posix

nix/configurations/installer.nix

@@ -9,7 +9,8 @@
   lib,
   modulesPath,
   ...
-}: {
+}:
+{
   imports = [
     ../nixosModules/common/system-nixconf.nix
     ../nixosModules/common/sudo-conf.nix
@@ -18,10 +19,15 @@
   ];
 
   nix.settings = {
-    extra-substituters = ["https://leana8959.cachix.org"];
+    extra-substituters = [ "https://leana8959.cachix.org" ];
-    extra-trusted-substituters = ["https://leana8959.cachix.org"];
+    extra-trusted-substituters = [ "https://leana8959.cachix.org" ];
-    extra-trusted-public-keys = ["leana8959.cachix.org-1:CxQSAp8lcgMv8Me459of0jdXRW2tcyeYRKTiiUq8z0M="];
+    extra-trusted-public-keys = [
-    experimental-features = ["nix-command" "flakes"];
+      "leana8959.cachix.org-1:CxQSAp8lcgMv8Me459of0jdXRW2tcyeYRKTiiUq8z0M="
+    ];
+    experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
   };
 
   nixpkgs = {
@@ -45,7 +51,7 @@
     pkgs.btop
   ];
 
-  networking.firewall.allowedTCPPorts = [8080]; # in case you wanna nc
+  networking.firewall.allowedTCPPorts = [ 8080 ]; # in case you wanna nc
 
   programs.tmux.enable = true;
   users.users.nixos.shell = pkgs.fish;

nix/configurations/vanadium.nix

@@ -5,25 +5,27 @@ let
   hostname = "vanadium";
   username = "leana";
 in
-  {
+{
   config,
   lib,
   pkgs,
   ...
-  }: let
+}:
+let
   inherit (lib.modules) mkAliasOptionModule;
-  in {
+in
+{
   imports = [
     #
     # Shorthands
     #
-      (mkAliasOptionModule ["me"] ["users" "users" username])
+    (mkAliasOptionModule [ "me" ] [ "users" "users" username ])
-      (mkAliasOptionModule ["hm"] ["home-manager" "users" username])
+    (mkAliasOptionModule [ "hm" ] [ "home-manager" "users" username ])
 
     #
     # hostname
     #
-      {_module.args = {inherit hostname;};}
+    { _module.args = { inherit hostname; }; }
 
     #
     # nixpkgs
@@ -135,14 +137,14 @@ in
       home-manager = {
         useGlobalPkgs = true;
         useUserPackages = true;
-          sharedModules = [{home.stateVersion = lib.mkDefault config.system.stateVersion;}];
+        sharedModules = [ { home.stateVersion = lib.mkDefault config.system.stateVersion; } ];
       };
 
       hm.imports = [
         #
         # hostname
         #
-          {_module.args = {inherit hostname;};}
+        { _module.args = { inherit hostname; }; }
 
         #
         # home modules
@@ -226,4 +228,4 @@ in
       };
     }
   ];
-  }
+}

nix/configurations/vanadium/home/dev.nix

@@ -3,7 +3,8 @@
   lib,
   config,
   ...
-}: {
+}:
+{
   home.packages = [
     # preview markdown
     pkgs.python3Packages.grip
@@ -42,7 +43,8 @@
         "haskell/cabal"
       ];
     };
-    includes = let
+    includes =
+      let
         fromList = import ../../../git-identities/git-compat.nix;
         identities = import ../../../git-identities/list.nix;
       in

nix/configurations/vanadium/home/firefox.nix

@@ -2,25 +2,15 @@
   pkgs,
   config,
   ...
-}: let
+}:
+let
   inherit (pkgs) nur;
-in {
+in
+{
   programs.firefox = {
     enable = true;
 
-    policies = {
+    policies.SearchEngines.Add = [
-      SearchEngines = {
-        Default = "leta";
-        Remove = ["Google"];
-        Add = [
-          {
-            Name = "leta";
-            Alias = "@lt";
-            IconURL = "https://leta.mullvad.net/favicon.ico";
-            URLTemplate = "https://leta.mullvad.net/search?q={searchTerms}&engine=brave";
-            SuggestURLTemplate = "https://suggestqueries.google.com/complete/search?q={searchTerms}";
-          }
-
       # Forges
       {
         Name = "GitHub";
@@ -103,8 +93,6 @@ in {
         URLTemplate = "https://genius.com/search?q={searchTerms}";
       }
     ];
-      };
-    };
 
     profiles = {
       default = {
@@ -120,9 +108,11 @@ in {
             font-family: monospace;
           }
         '';
-        extensions.packages = let
+        extensions.packages =
+          let
             addons = nur.repos.rycee.firefox-addons;
-        in [
+          in
+          [
             addons.sponsorblock
             addons.return-youtube-dislikes
             addons.consent-o-matic
@@ -131,15 +121,16 @@ in {
 
       junk = {
         id = 1;
-        inherit
+        inherit (config.programs.firefox.profiles.default)
-          (config.programs.firefox.profiles.default)
           settings
           userChrome
           ;
 
-        extensions.packages = let
+        extensions.packages =
+          let
             addons = nur.repos.rycee.firefox-addons;
-        in [addons.multi-account-containers];
+          in
+          [ addons.multi-account-containers ];
 
         containers = {
           raisin = {
@@ -158,15 +149,16 @@ in {
       # Isolate it because it's proprietary
       tampermonkey = {
         id = 2;
-        inherit
+        inherit (config.programs.firefox.profiles.default)
-          (config.programs.firefox.profiles.default)
           settings
           userChrome
           ;
 
-        extensions.packages = let
+        extensions.packages =
+          let
             addons = nur.repos.rycee.firefox-addons;
-        in [addons.tampermonkey];
+          in
+          [ addons.tampermonkey ];
       };
     };
   };

nix/configurations/vanadium/home/misc.nix

@@ -1,19 +1,23 @@
 {
   pkgs,
   lib,
-  nixosConfig ? {},
+  nixosConfig ? { },
   ...
-}: {
+}:
+{
   #
   # fonts
   #
   fonts.fontconfig = {
     enable = true;
-    defaultFonts = lib.mapAttrsRecursive (_: v: v ++ ["Last Resort"]) {
+    defaultFonts = lib.mapAttrsRecursive (_: v: v ++ [ "Last Resort" ]) {
-      sansSerif = ["Ubuntu" "Noto Sans CJK TC"];
+      sansSerif = [
-      serif = ["Noto Serif CJK TC"];
+        "Ubuntu"
-      monospace = ["Iosevka"];
+        "Noto Sans CJK TC"
-      emoji = ["Noto Color Emoji"];
+      ];
+      serif = [ "Noto Serif CJK TC" ];
+      monospace = [ "Iosevka" ];
+      emoji = [ "Noto Color Emoji" ];
     };
   };
   home.packages = [
@@ -39,8 +43,7 @@
     x11.enable = true;
     gtk.enable = true;
 
-    inherit
+    inherit (nixosConfig.services.xserver.displayManager.lightdm.greeters.gtk.cursorTheme)
-      (nixosConfig.services.xserver.displayManager.lightdm.greeters.gtk.cursorTheme)
       name
       package
       size
@@ -55,7 +58,7 @@
   xdg.mimeApps = {
     enable = true;
     defaultApplications = {
-      "x-scheme-handler/mailto" = ["org.gnome.Evolution.desktop"];
+      "x-scheme-handler/mailto" = [ "org.gnome.Evolution.desktop" ];
     };
   };
 }

nix/configurations/vanadium/home/programs.nix

@@ -3,14 +3,17 @@
   lib,
   config,
   ...
-}: {
+}:
+{
   home.sessionPath = [
     "${config.home.homeDirectory}/.local/bin"
   ];
 
-  home.sessionVariables = let
+  home.sessionVariables =
+    let
       fishCfg = config.programs.fish;
-  in {
+    in
+    {
       "SHELL" = lib.mkIf fishCfg.enable (lib.getExe fishCfg.package);
     };
 
@@ -37,9 +40,7 @@
     # lol
     pkgs.macchanger
 
-    /*
+    # The file picker is not ergonomic enough, sadly
-    The file picker is not ergonomic enough, sadly
-    */
     # pkgs.helix
     # pkgs.nushell
 
@@ -69,7 +70,10 @@
     pkgs.just
 
     # nix tools
-    pkgs.alejandra
+    # # Alejandra handles inline comments poorly
+    # # https://github.com/kamadorueda/alejandra/issues/429
+    # pkgs.alejandra
+    pkgs.nixfmt-rfc-style
     pkgs.nurl
     pkgs.dix
     pkgs.niv
@@ -169,7 +173,7 @@
 
     gnome-keyring = {
       enable = true;
-      components = ["secrets"];
+      components = [ "secrets" ];
     };
   };
 }

nix/configurations/vanadium/home/xmobar.nix

@@ -1,5 +1,7 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
-  home.packages = let
+{
+  home.packages =
+    let
       inherit (pkgs) lib;
 
       ghc = pkgs.haskellPackages.ghc.withPackages (haskellPackages: [
@@ -8,14 +10,20 @@
 
       wrapped-xmobar = pkgs.symlinkJoin {
         name = "xmobar";
-      paths = [pkgs.xmobar];
+        paths = [ pkgs.xmobar ];
-      buildInputs = [pkgs.makeWrapper];
+        buildInputs = [ pkgs.makeWrapper ];
         postBuild = ''
           wrapProgram $out/bin/xmobar \
-          --prefix PATH : "${lib.makeBinPath [ghc pkgs.libnotify]}"
+            --prefix PATH : "${
+              lib.makeBinPath [
+                ghc
+                pkgs.libnotify
+              ]
+            }"
         '';
       };
-  in [
+    in
+    [
       wrapped-xmobar
     ];
 

nix/configurations/vanadium/kernel-overlay.nix

@@ -1,6 +1,8 @@
-final: prev: let
+final: prev:
+let
   inherit (final) lib;
-in {
+in
+{
   linuxPackages = final.linuxPackagesFor (
     prev.linuxPackages.kernel.override {
       # TODO: The error message is quite unintuitive, maybe improve it?

nix/configurations/vanadium/nixos/audio.nix

@@ -5,5 +5,5 @@
     jack.enable = true;
   };
 
-  me.extraGroups = ["audio"];
+  me.extraGroups = [ "audio" ];
 }

nix/configurations/vanadium/nixos/connectivity.nix

@@ -3,12 +3,16 @@
   pkgs,
   lib,
   ...
-}: {
+}:
+{
   # For nautilius and iOS
   services.gvfs.enable = true;
   # iOS
   services.usbmuxd.enable = true;
-  environment.systemPackages = with pkgs; [libimobiledevice idevicerestore];
+  environment.systemPackages = with pkgs; [
+    libimobiledevice
+    idevicerestore
+  ];
 
   # https://unix.stackexchange.com/questions/592775/how-can-i-enable-apple-ios-fast-charge-support
   services.udev.extraRules = ''
@@ -34,7 +38,8 @@
       userControlled.enable = true;
       secretsFile = config.age.secrets.wpa_password.path;
       scanOnLowSignal = false;
-      networks = let
+      networks =
+        let
           fromList = import ../../../networks/wpa_supplicant-compat.nix;
           networks = import ../../../networks/list.nix;
         in

nix/configurations/vanadium/nixos/display.nix

@@ -2,13 +2,14 @@
   pkgs,
   lib,
   ...
-}: {
+}:
+{
   imports = [
     #
     # builtin screen
     #
     {
-      me.extraGroups = ["video"];
+      me.extraGroups = [ "video" ];
       programs.light.enable = true;
     }
 
@@ -16,10 +17,10 @@
     # external screen
     #
     {
-      me.extraGroups = ["i2c"];
+      me.extraGroups = [ "i2c" ];
       hardware.i2c.enable = true;
-      environment.systemPackages = [pkgs.ddcutil];
+      environment.systemPackages = [ pkgs.ddcutil ];
-      boot.kernelModules = ["i2c-dev"];
+      boot.kernelModules = [ "i2c-dev" ];
     }
   ];
 
@@ -33,31 +34,38 @@
       "20_xmonad" = "${lib.getExe pkgs.haskellPackages.xmonad} --restart"; # make sure feh keeps up
     };
 
-    profiles = let
+    profiles =
-      singleton = k: v: {${k} = v;};
+      let
+        singleton = k: v: { ${k} = v; };
 
         fingerprints = {
           built-in = singleton "eDP-1" "00ffffffffffff0009e5ca0b000000002f200104a51c137803de50a3544c99260f505400000001010101010101010101010101010101115cd01881e02d50302036001dbe1000001aa749d01881e02d50302036001dbe1000001a000000fe00424f452043510a202020202020000000fe004e4531333546424d2d4e34310a0073";
-        amethyst = device: singleton device "00ffffffffffff0006b35b27010101012c210103803c22782a29d5ad4f44a7240f5054bfef00714f81809500d1c0d1e8d1fc01010101565e00a0a0a029503020350055502100001a000000fd0030901edf3c000a202020202020000000fc005647323741514c33410a202020000000ff0052414c4d51533139373533370a0111020347f14a90030204014061603f1f230907078301000067030c002000384468d85dc401788003026d1a000002013090f00069096909e305ff01e6060701696900e2006ae20fc0eae70070a0a067500820980455502100001a6fc200a0a0a055503020350055502100001a5aa000a0a0a046503020350055502100001a0000bc";
+          amethyst =
-        orchid = device: singleton device "00ffffffffffff0004699a24642900002416010380341d782a2ac5a4564f9e280f5054b7ef00714f814081809500b300d1c081c08100023a801871382d40582c450009252100001e000000ff0043394c4d54463031303539360a000000fd00324b185311000a202020202020000000fc00415355532056533234370a20200173020322714f0102031112130414050e0f1d1e1f10230917078301000065030c0010008c0ad08a20e02d10103e9600092521000018011d007251d01e206e28550009252100001e011d00bc52d01e20b828554009252100001e8c0ad090204031200c4055000925210000180000000000000000000000000000000000000000005d";
+            device:
+            singleton device "00ffffffffffff0006b35b27010101012c210103803c22782a29d5ad4f44a7240f5054bfef00714f81809500d1c0d1e8d1fc01010101565e00a0a0a029503020350055502100001a000000fd0030901edf3c000a202020202020000000fc005647323741514c33410a202020000000ff0052414c4d51533139373533370a0111020347f14a90030204014061603f1f230907078301000067030c002000384468d85dc401788003026d1a000002013090f00069096909e305ff01e6060701696900e2006ae20fc0eae70070a0a067500820980455502100001a6fc200a0a0a055503020350055502100001a5aa000a0a0a046503020350055502100001a0000bc";
+          orchid =
+            device:
+            singleton device "00ffffffffffff0004699a24642900002416010380341d782a2ac5a4564f9e280f5054b7ef00714f814081809500b300d1c081c08100023a801871382d40582c450009252100001e000000ff0043394c4d54463031303539360a000000fd00324b185311000a202020202020000000fc00415355532056533234370a20200173020322714f0102031112130414050e0f1d1e1f10230917078301000065030c0010008c0ad08a20e02d10103e9600092521000018011d007251d01e206e28550009252100001e011d00bc52d01e20b828554009252100001e8c0ad090204031200c4055000925210000180000000000000000000000000000000000000000005d";
         };
 
         devices = rec {
           built-in = "eDP-1";
           # Run `xrandr` to see the max number
           extern = map (portNumber: "DP-${toString portNumber}") (lib.range 1 8);
-        all = [built-in] ++ extern;
+          all = [ built-in ] ++ extern;
         };
 
         switches = {
-        setDPI = {dpi}:
+          setDPI =
+            { dpi }:
             singleton "10_xrdb-dpi" "${lib.getExe pkgs.xorg.xrdb} -merge ${pkgs.writeText "xrdb-dpi-config" ''
               Xcursor.size: 64
               Xft.dpi:   ${toString dpi}
             ''}";
 
           # Is scoped to an output device, no need to be called on built-in display
-        setSoftwareBrightness = {
+          setSoftwareBrightness =
+            {
               device, # obtain with `xrandr`
               brightness, # [0..1]
             }:
@@ -66,27 +74,35 @@
             '';
 
           # Is scoped to an output device, no need to be called on built-in display
-        setDDCBrightness = {
+          setDDCBrightness =
+            {
               modelName, # obtain with `ddcutil detect`
               brightness, # [0..1]
             }:
             singleton "10_ddc_brightness" ''
-            ${lib.getExe pkgs.ddcutil} --model ${modelName} setvcp 10 ${toString (builtins.floor (brightness * 100))}
+              ${lib.getExe pkgs.ddcutil} --model ${modelName} setvcp 10 ${
+                toString (builtins.floor (brightness * 100))
+              }
             '';
 
-        setDDCContrast = {
+          setDDCContrast =
+            {
               modelName, # obtain with `ddcutil detect`
               contrast, # [0..1]
             }:
             singleton "10_ddc_contrast" ''
-            ${lib.getExe pkgs.ddcutil} --model ${modelName} setvcp 12 ${toString (builtins.floor (contrast * 100))}
+              ${lib.getExe pkgs.ddcutil} --model ${modelName} setvcp 12 ${
+                toString (builtins.floor (contrast * 100))
+              }
             '';
         };
 
         # Note: the "position" field corresponds to the "pos" field outputted by autorandr
         # To get the current config, run `xrandr --auto` and then `autorandr --config`
         configs = {
-        allOff = lib.genAttrs devices.all (_: {enable = lib.mkDefault false;});
+          allOff = lib.genAttrs devices.all (_: {
+            enable = lib.mkDefault false;
+          });
           enableBuiltin = {
             eDP-1 = {
               enable = true;
@@ -122,7 +138,7 @@
             configs.allOff
             configs.enableBuiltin
           ];
-        hooks.postswitch = switches.setDPI {dpi = 150;};
+          hooks.postswitch = switches.setDPI { dpi = 150; };
         };
 
         mkAmethyst = name: {
@@ -135,7 +151,7 @@
             (configs.enableAmethyst name)
           ];
           hooks.postswitch = lib.mkMerge [
-          (switches.setDPI {dpi = 110;})
+            (switches.setDPI { dpi = 110; })
             (switches.setSoftwareBrightness {
               device = name;
               brightness = 1;
@@ -162,7 +178,7 @@
           ];
           # seems like this display doesn't support DDC
           hooks.postswitch = lib.mkMerge [
-          (switches.setDPI {dpi = 100;})
+            (switches.setDPI { dpi = 100; })
             (switches.setSoftwareBrightness {
               device = name;
               brightness = 0.5;
@@ -171,7 +187,7 @@
         };
       in
       lib.mkMerge [
-        {default = frameworkBuiltin;}
+        { default = frameworkBuiltin; }
         (lib.genAttrs' devices.extern (name: lib.nameValuePair "amethyst-${name}" (mkAmethyst name)))
         (lib.genAttrs' devices.extern (name: lib.nameValuePair "orchid-${name}" (mkOrchid name)))
       ];

nix/configurations/vanadium/nixos/fs.nix

@@ -2,7 +2,8 @@
   config,
   pkgs,
   ...
-}: {
+}:
+{
   services.btrfs.autoScrub = {
     enable = true;
     fileSystems = [
@@ -53,17 +54,19 @@
     sgbk /dev/disk/by-uuid/21b5207e-c3cf-49da-b944-fb405ae1eee2 ${config.age.secrets.sgbk_pwd.path} noauto
   '';
 
-  systemd.mounts = let
+  systemd.mounts =
+    let
       bindToCryptDev = dev: {
         what = "/dev/mapper/${dev}";
         where = "/mnt/${dev}";
         unitConfig = {
-        Requires = ["systemd-cryptsetup@${dev}.service"];
+          Requires = [ "systemd-cryptsetup@${dev}.service" ];
-        After = ["systemd-cryptsetup@${dev}.service"];
+          After = [ "systemd-cryptsetup@${dev}.service" ];
-        PropagatesStopTo = ["systemd-cryptsetup@${dev}.service"];
+          PropagatesStopTo = [ "systemd-cryptsetup@${dev}.service" ];
         };
       };
-  in [
+    in
+    [
       (bindToCryptDev "four")
       (bindToCryptDev "two")
       (bindToCryptDev "sgbk")

nix/configurations/vanadium/nixos/gui.nix

@@ -2,7 +2,8 @@
   pkgs,
   lib,
   ...
-}: {
+}:
+{
   services.xserver.windowManager.xmonad = {
     enable = true;
     enableContribAndExtras = true;

nix/configurations/vanadium/nixos/hardware-configuration.nix

@@ -7,15 +7,20 @@
   pkgs,
   modulesPath,
   ...
-}: {
+}:
+{
   imports = [
     (modulesPath + "/installer/scan/not-detected.nix")
   ];
 
-  boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "thunderbolt"];
+  boot.initrd.availableKernelModules = [
-  boot.initrd.kernelModules = ["dm-snapshot"];
+    "nvme"
-  boot.kernelModules = ["kvm-amd"];
+    "xhci_pci"
-  boot.extraModulePackages = [];
+    "thunderbolt"
+  ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's

nix/configurations/vanadium/nixos/input.nix

@@ -13,7 +13,7 @@
     };
   };
 
-  me.extraGroups = ["scanner"];
+  me.extraGroups = [ "scanner" ];
   hardware.sane = {
     enable = true;
     brscan5.enable = true;

nix/configurations/vanadium/nixos/locale.nix

@@ -1,4 +1,5 @@
-{lib, ...}: {
+{ lib, ... }:
+{
   # https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
   # `timedatectl list-timezones`
   time.timeZone = "Asia/Taipei";

nix/configurations/vanadium/nixos/misc.nix

@@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
   system.stateVersion = "24.11";
 
   boot.loader = {
@@ -16,6 +17,6 @@
 
   # Cross building
   # https://discourse.nixos.org/t/how-do-i-get-my-aarch64-linux-machine-to-build-x86-64-linux-extra-platforms-doesnt-seem-to-work/38106/2?u=leana8959
-  boot.binfmt.emulatedSystems = ["aarch64-linux"];
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
   nix.settings.extra-platforms = config.boot.binfmt.emulatedSystems;
 }

nix/configurations/vanadium/nixos/programs.nix

@@ -2,14 +2,15 @@
   lib,
   pkgs,
   ...
-}: {
+}:
+{
   imports = [
     #
     # Docker
     #
     {
       virtualisation.docker.enable = true;
-      me.extraGroups = ["docker"];
+      me.extraGroups = [ "docker" ];
     }
 
     # #

nix/configurations/vanadium/nixos/restic.nix

@@ -1,12 +1,15 @@
-{config, ...}: {
+{ config, ... }:
-  services.restic.backups = let
+{
+  services.restic.backups =
+    let
       pruneOpts = [
         "--keep-daily 7"
         "--keep-weekly 4"
         "--keep-monthly 12"
         "--keep-yearly 10"
       ];
-  in {
+    in
+    {
       "backblaze" = {
         paths = [
           "/home/leana/Documents"
@@ -59,14 +62,14 @@
       };
 
       "two-to-four" = {
-      paths = ["/mnt/two"];
+        paths = [ "/mnt/two" ];
 
         timerConfig = null;
 
         repository = "/mnt/four/restic";
         passwordFile = config.age.secrets.restic_four_pwd.path;
 
-      exclude = ["lost+found"];
+        exclude = [ "lost+found" ];
 
         inherit pruneOpts;
       };
@@ -77,15 +80,15 @@
     # Wait for upstream to introduce direct access to unitConfig
     # c.f. https://github.com/NixOS/nixpkgs/pull/368234
     "restic-backups-four" = {
-      requires = ["mnt-four.mount"];
+      requires = [ "mnt-four.mount" ];
-      after = ["mnt-four.mount"];
+      after = [ "mnt-four.mount" ];
-      unitConfig.PropagatesStopTo = ["mnt-four.mount"];
+      unitConfig.PropagatesStopTo = [ "mnt-four.mount" ];
     };
 
     "restic-backups-sgbk" = {
-      requires = ["mnt-sgbk.mount"];
+      requires = [ "mnt-sgbk.mount" ];
-      after = ["mnt-sgbk.mount"];
+      after = [ "mnt-sgbk.mount" ];
-      unitConfig.PropagatesStopTo = ["mnt-sgbk.mount"];
+      unitConfig.PropagatesStopTo = [ "mnt-sgbk.mount" ];
     };
 
     "restic-backups-two-to-four" = {

nix/configurations/vanadium/nixos/unfree-predicate.nix

@@ -1,6 +1,8 @@
-{lib, ...}: {
+{ lib, ... }:
+{
   nixpkgs.config.allowUnfreePredicate = lib.mkDefault (
-    pkg: let
+    pkg:
+    let
       name = lib.getName pkg;
     in
     builtins.elem name [

nix/configurations/vanadium/overlay.nix

@@ -9,9 +9,9 @@ let
 
   infuse = lib.flip infuse-lib.v1.infuse;
 in
-  # Why shouldn't I go crazy with overlays?
+# Why shouldn't I go crazy with overlays?
-  final:
+final:
-    infuse {
+infuse {
   cmus.__input.alsaSupport = _: false;
 
   fish.__input.usePython = _: false;
@@ -35,7 +35,8 @@ in
   # TODO:
   # pinned branch of https://github.com/astrand/xclip/tree/xerror
   # use this until #43 gets resolved properly
-      xclip.__output.src = _:
+  xclip.__output.src =
+    _:
     final.fetchFromGitHub {
       owner = "astrand";
       repo = "xclip";
@@ -67,15 +68,16 @@ in
   # Backport has failed in upstream currently <https://github.com/NixOS/nixpkgs/pull/457804>,
   # might as well patch it while people are blogging about it <https://github.com/Xe/site/pull/1062>
   # Upstream talks about it here https://lists.x.org/archives/xorg-announce/2025-October/003635.html
-      xorg.xorgserver.__output.version = oldVersion: let
+  xorg.xorgserver.__output.version =
+    oldVersion:
+    let
       version = "21.1.20";
     in
-        if oldVersion == version
+    if oldVersion == version then throw "This patch has been merged upstream" else version;
-        then throw "This patch has been merged upstream"
+  xorg.xorgserver.__output.src =
-        else version;
+    _:
-      xorg.xorgserver.__output.src = _:
     final.fetchurl {
       url = "mirror://xorg/individual/xserver/xorg-server-21.1.20.tar.xz";
       sha256 = "sha256-dpW8YYJLOoG2utL3iwVADKAVAD3kAtGzIhFxBbcC6Tc=";
     };
-    }
+}

nix/devShells/flora.nix

@@ -4,8 +4,11 @@
 let
   sources = import ../../npins;
 in
-  {pkgs ? import sources.pin-florashell {}}:
+{
-    pkgs.mkShell (let
+  pkgs ? import sources.pin-florashell { },
+}:
+pkgs.mkShell (
+  let
     libs = with pkgs; [
       zlib
       libpq
@@ -14,16 +17,21 @@ in
 
     hlib = pkgs.haskell.lib;
 
-      callHackage = {
+    callHackage =
+      {
         name,
         version,
-      }: let
+      }:
-        pkg = pkgs.haskell.packages.ghc910.callHackage name version {};
+      let
+        pkg = pkgs.haskell.packages.ghc910.callHackage name version { };
       in
       hlib.dontCheck (hlib.doJailbreak pkg);
-    in {
+  in
+  {
     name = "flora";
-      packages = with pkgs; let
+    packages =
+      with pkgs;
+      let
         haskellPackages = haskell.packages.ghc910;
       in
       # These don't build directly and need to be pinned
@@ -56,4 +64,5 @@ in
       ++ libs;
 
     LD_LIBRARY_PATH = pkgs.lib.makeLibraryPath libs;
-    })
+  }
+)

nix/devShells/forgejo.nix

@@ -1,7 +1,10 @@
-{pkgs ? import <nixpkgs> {}}: let
+{
+  pkgs ? import <nixpkgs> { },
+}:
+let
   inherit (pkgs) lib;
 in
-  pkgs.mkShell {
+pkgs.mkShell {
   name = "forgejo";
   packages = with pkgs; [
     gnumake
@@ -14,7 +17,10 @@ in
     nodePackages.npm
   ];
 
-    LD_LIBRARY_PATH = lib.makeLibraryPath (with pkgs; [
+  LD_LIBRARY_PATH = lib.makeLibraryPath (
+    with pkgs;
+    [
       libuuid
-    ]);
+    ]
-  }
+  );
+}

nix/devShells/haddock2.nix

@@ -1,4 +1,6 @@
-{pkgs ? import <nixpkgs> {}}:
+{
+  pkgs ? import <nixpkgs> { },
+}:
 pkgs.mkShell rec {
   name = "haddock2";
 

nix/devShells/masna3.nix

@@ -1,8 +1,11 @@
 let
   sources = import ../../npins;
 in
-  {pkgs ? import sources.pin-masna3shell {}}:
+{
-    pkgs.mkShell (let
+  pkgs ? import sources.pin-masna3shell { },
+}:
+pkgs.mkShell (
+  let
     libs = with pkgs; [
       zlib
       libpq
@@ -11,20 +14,22 @@ in
 
     hlib = pkgs.haskell.lib;
 
-      callHackage = {
+    callHackage =
+      {
         name,
         version,
         haskellPackages ? pkgs.haskellPackages,
-      }: let
+      }:
-        pkg = haskellPackages.callHackage name version {};
+      let
+        pkg = haskellPackages.callHackage name version { };
       in
       hlib.dontCheck (hlib.doJailbreak pkg);
 
     haskellPackages = pkgs.haskell.packages.ghc910;
-    in {
+  in
+  {
     name = "masna3";
-      packages =
+    packages = [
-        [
       pkgs.haskell.packages.ghc9102.ghc
       pkgs.haskell.packages.ghc9102.haskell-language-server
 
@@ -50,4 +55,5 @@ in
     ++ libs;
 
     LD_LIBRARY_PATH = pkgs.lib.makeLibraryPath libs;
-    })
+  }
+)

nix/devShells/necro-man.nix

@@ -1,8 +1,12 @@
 let
   sources = import ../../npins;
 in
-  {pkgs ? import sources.pin-necro-man-nixpkgs {}}: let
+{
-    shell = {
+  pkgs ? import sources.pin-necro-man-nixpkgs { },
+}:
+let
+  shell =
+    {
       mkShell,
       #
       pkgs,
@@ -16,8 +20,7 @@ in
         python310Packages.pygments
 
         (texlive.combine {
-            inherit
+          inherit (texlive)
-              (texlive)
             scheme-medium
             #
             wrapfig
@@ -33,5 +36,5 @@ in
         })
       ];
     };
-  in
+in
-    pkgs.callPackage shell {}
+pkgs.callPackage shell { }

nix/devShells/vim-tw.nix

@@ -1,8 +1,10 @@
 let
   sources = import ../../npins;
 in
-  {pkgs ? import sources.pin-vim-tw {}}:
+{
-    pkgs.mkShell {
+  pkgs ? import sources.pin-vim-tw { },
+}:
+pkgs.mkShell {
   name = "vim-tw";
   packages = with pkgs; [
     haskellPackages.cabal-fmt
@@ -11,4 +13,4 @@ in
     haskellPackages.haskell-language-server
     haskellPackages.retrie
   ];
-    }
+}

nix/disko/hetzner_benchmark/ext4.nix

@@ -0,0 +1,37 @@
+{
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/nvme1n1";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02";
+              priority = 1;
+            };
+            ESP = {
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/";
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}

nix/disko/hetzner_benchmark/raid.nix

@@ -0,0 +1,93 @@
+# I can't get this working for now :(
+# Only nvme1n1 is detected in the installer environment
+{
+  disko.devices = {
+    disk = {
+      one = {
+        type = "disk";
+        device = "/dev/nvme0n1";
+        content = {
+          type = "gpt";
+          partitions = {
+            BOOT = {
+              size = "1M";
+              type = "EF02"; # for grub MBR
+            };
+            ESP = {
+              size = "500M";
+              type = "EF00";
+              content = {
+                type = "mdraid";
+                name = "boot";
+              };
+            };
+            mdadm = {
+              size = "100%";
+              content = {
+                type = "mdraid";
+                name = "raid1";
+              };
+            };
+          };
+        };
+      };
+      two = {
+        type = "disk";
+        device = "/dev/nvme1n1";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02"; # for grub MBR
+            };
+            ESP = {
+              size = "500M";
+              type = "EF00";
+              content = {
+                type = "mdraid";
+                name = "boot";
+              };
+            };
+            mdadm = {
+              size = "100%";
+              content = {
+                type = "mdraid";
+                name = "raid1";
+              };
+            };
+          };
+        };
+      };
+    };
+
+    mdadm = {
+      boot = {
+        type = "mdadm";
+        level = 1;
+        metadata = "1.0";
+        content = {
+          type = "filesystem";
+          format = "vfat";
+          mountpoint = "/boot";
+          mountOptions = [ "umask=0077" ];
+        };
+      };
+      raid1 = {
+        type = "mdadm";
+        level = 1;
+        content = {
+          type = "gpt";
+          partitions.primary = {
+            size = "100%";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+            };
+          };
+        };
+      };
+    };
+  };
+}

nix/disko/tungsten/btrfs.nix

@@ -14,7 +14,7 @@
                 type = "filesystem";
                 format = "vfat";
                 mountpoint = "/boot";
-                mountOptions = ["umask=0077"];
+                mountOptions = [ "umask=0077" ];
               };
             };
 
@@ -24,7 +24,7 @@
               content = {
                 type = "luks";
                 name = "crypted";
-                extraOpenArgs = [];
+                extraOpenArgs = [ ];
                 settings.allowDiscards = true;
                 content = {
                   type = "lvm_pv";
@@ -74,12 +74,15 @@
                 };
 
                 "/home" = {
-                  mountOptions = ["compress=zstd"];
+                  mountOptions = [ "compress=zstd" ];
                   mountpoint = "/home";
                 };
 
                 "/nix" = {
-                  mountOptions = ["compress=zstd" "noatime"];
+                  mountOptions = [
+                    "compress=zstd"
+                    "noatime"
+                  ];
                   mountpoint = "/nix";
                 };
               };

nix/disko/tungsten/default.nix

@@ -18,7 +18,7 @@
                 type = "filesystem";
                 format = "vfat";
                 mountpoint = "/boot";
-                mountOptions = ["umask=0077"];
+                mountOptions = [ "umask=0077" ];
               };
             };
             luks = {
@@ -26,7 +26,7 @@
               content = {
                 type = "luks";
                 name = "crypted";
-                extraOpenArgs = [];
+                extraOpenArgs = [ ];
                 settings = {
                   allowDiscards = true;
                 };
@@ -50,7 +50,7 @@
               type = "filesystem";
               format = "ext4";
               mountpoint = "/";
-              mountOptions = ["defaults"];
+              mountOptions = [ "defaults" ];
             };
           };
           nix = {
@@ -59,7 +59,7 @@
               type = "filesystem";
               format = "ext4";
               mountpoint = "/nix";
-              mountOptions = ["noatime"];
+              mountOptions = [ "noatime" ];
             };
           };
           swap = {

nix/disko/vanadium/btrfs.nix

@@ -14,7 +14,7 @@
                 type = "filesystem";
                 format = "vfat";
                 mountpoint = "/boot";
-                mountOptions = ["umask=0077"];
+                mountOptions = [ "umask=0077" ];
               };
             };
 
@@ -24,7 +24,7 @@
               content = {
                 type = "luks";
                 name = "crypted";
-                extraOpenArgs = [];
+                extraOpenArgs = [ ];
                 settings.allowDiscards = true;
                 content = {
                   type = "lvm_pv";
@@ -70,17 +70,20 @@
 
               subvolumes = {
                 "/root" = {
-                  mountOptions = ["noatime"];
+                  mountOptions = [ "noatime" ];
                   mountpoint = "/";
                 };
 
                 "/home" = {
-                  mountOptions = ["noatime"];
+                  mountOptions = [ "noatime" ];
                   mountpoint = "/home";
                 };
 
                 "/nix" = {
-                  mountOptions = ["compress=zstd" "noatime"];
+                  mountOptions = [
+                    "compress=zstd"
+                    "noatime"
+                  ];
                   mountpoint = "/nix";
                 };
               };

nix/disko/vanadium/default.nix

@@ -15,7 +15,7 @@
                 type = "filesystem";
                 format = "vfat";
                 mountpoint = "/boot";
-                mountOptions = ["umask=0077"];
+                mountOptions = [ "umask=0077" ];
               };
             };
             luks = {
@@ -23,7 +23,7 @@
               content = {
                 type = "luks";
                 name = "crypted";
-                extraOpenArgs = [];
+                extraOpenArgs = [ ];
                 settings = {
                   allowDiscards = true;
                 };
@@ -47,7 +47,7 @@
               type = "filesystem";
               format = "ext4";
               mountpoint = "/";
-              mountOptions = ["defaults"];
+              mountOptions = [ "defaults" ];
             };
           };
           nix = {
@@ -56,7 +56,7 @@
               type = "filesystem";
               format = "ext4";
               mountpoint = "/nix";
-              mountOptions = ["noatime"];
+              mountOptions = [ "noatime" ];
             };
           };
           swap = {

nix/git-identities/git-compat.nix

@@ -1,14 +1,20 @@
 let
-  hasconfigRemoteCondition = {
+  hasconfigRemoteCondition =
+    {
       # Custom arguments
       url,
       path ? "*/**",
       ...
-  } @ cfg: let
+    }@cfg:
-    cfg' = builtins.removeAttrs cfg ["url" "path"];
+    let
-  in [
+      cfg' = builtins.removeAttrs cfg [
-    (cfg' // {condition = "hasconfig:remote.*.url:git@${url}:${path}";})
+        "url"
-    (cfg' // {condition = "hasconfig:remote.*.url:https://${url}/${path}";})
+        "path"
+      ];
+    in
+    [
+      (cfg' // { condition = "hasconfig:remote.*.url:git@${url}:${path}"; })
+      (cfg' // { condition = "hasconfig:remote.*.url:https://${url}/${path}"; })
     ];
 in
-  builtins.concatMap hasconfigRemoteCondition
+builtins.concatMap hasconfigRemoteCondition

nix/git-identities/list.nix

@@ -16,7 +16,8 @@ let
   blameIgnore = {
     blame.ignoreRevsFile = ".git-blame-ignore-revs";
   };
-in [
+in
+[
   # Univ stuff
   {
     url = "gitlab.istic.univ-rennes1.fr";

nix/homeModules/common/atuin.nix

@@ -1,6 +1,6 @@
 {
   programs.atuin = {
-    flags = ["--disable-up-arrow"];
+    flags = [ "--disable-up-arrow" ];
     settings = {
       history_filter = [
         # privacy

nix/homeModules/common/btop/default.nix

@@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
   programs.btop = {
     settings.color_theme = "${config.programs.btop.package}/share/btop/themes/onedark.theme";
     extraConfig = builtins.readFile ./btop.conf;

nix/homeModules/common/cmus/default.nix

@@ -2,8 +2,10 @@
   pkgs,
   lib,
   ...
-}: {
+}:
-  programs.cmus.extraConfig = let
+{
+  programs.cmus.extraConfig =
+    let
       # dispatch to multiple callbacks
       callback-script = pkgs.writeShellApplication {
         name = "cmus-callback-script";

nix/homeModules/common/direnv.nix

@@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
   programs.direnv = {
     nix-direnv.enable = true;
     config = {

nix/homeModules/common/fcitx5/default.nix

@@ -3,9 +3,11 @@
   config,
   lib,
   ...
-}: let
+}:
+let
   cfg = config.i18n.inputMethod;
-in {
+in
+{
   i18n.inputMethod = {
     fcitx5.addons = [
       pkgs.fcitx5-chinese-addons

nix/homeModules/common/firefox.nix

@@ -3,11 +3,13 @@
   config,
   lib,
   ...
-}: let
+}:
+let
   inherit (pkgs) nur;
 
   cfg = config.programs.firefox;
-in {
+in
+{
   programs.firefox = {
     # https://mozilla.github.io/policy-templates
     # The following have more complex logic, keep them as policies and not profiles
@@ -19,7 +21,31 @@ in {
       ];
 
       SearchEngines = {
-        Remove = ["Bing" "DuckDuckGo" "Qwant" "eBay" "Perplexity"];
+        Remove = [
+          "Google"
+          "Bing"
+          "DuckDuckGo"
+          "Qwant"
+          "eBay"
+          "Perplexity"
+        ];
+        Default = "leta";
+        Add = [
+          {
+            Name = "leta";
+            Alias = "@lt";
+            IconURL = "https://leta.mullvad.net/favicon.ico";
+            URLTemplate = "https://leta.mullvad.net/search?q={searchTerms}&engine=brave";
+            SuggestURLTemplate = "https://suggestqueries.google.com/complete/search?q={searchTerms}";
+          }
+          {
+            Name = "leta";
+            Alias = "@ltfr";
+            IconURL = "https://leta.mullvad.net/favicon.ico";
+            URLTemplate = "https://leta.mullvad.net/search?q={searchTerms}&engine=brave&language=fr";
+            SuggestURLTemplate = "https://suggestqueries.google.com/complete/search?q={searchTerms}";
+          }
+        ];
       };
       NoDefaultBookmarks = true;
       DisplayMenuBar = "never";
@@ -85,9 +111,11 @@ in {
         "media.peerconnection.enabled" = false;
       };
 
-      extensions.packages = let
+      extensions.packages =
+        let
           addons = nur.repos.rycee.firefox-addons;
-      in [
+        in
+        [
           addons.ublock-origin
           addons.privacy-badger
           addons.user-agent-string-switcher

nix/homeModules/common/fish/aliasesAbbrs.nix

@@ -2,7 +2,8 @@
   pkgs,
   lib,
   ...
-}: {
+}:
+{
   programs.fish = {
     shellAbbrs = lib.mkMerge [
       (lib.mkIf pkgs.stdenv.isLinux {

nix/homeModules/common/fish/default.nix

@@ -2,7 +2,8 @@
   lib,
   pkgs,
   ...
-}: {
+}:
+{
   imports = [
     ./aliasesAbbrs.nix
   ];
@@ -10,7 +11,7 @@
   #
   # Script dependencies
   #
-  home.packages = [pkgs.vivid];
+  home.packages = [ pkgs.vivid ];
   programs = {
     fd.enable = true;
     fzf.enable = true;
@@ -24,11 +25,9 @@
   #
   # Scripts and functions
   #
-  xdg.configFile =
+  xdg.configFile = lib.mapAttrs' (
-    lib.mapAttrs'
+    path: _: lib.nameValuePair "fish/functions/${path}" { source = "${./functions}/${path}"; }
-    (path: _:
+  ) (builtins.readDir ./functions);
-      lib.nameValuePair "fish/functions/${path}" {source = "${./functions}/${path}";})
-    (builtins.readDir ./functions);
 
   programs.fish = {
     interactiveShellInit = builtins.readFile ./shellInit.fish;

nix/homeModules/common/git.nix

@@ -3,7 +3,8 @@
   config,
   pkgs,
   ...
-}: {
+}:
+{
   # git plugins
   programs.git = {
     lfs.enable = true;
@@ -11,8 +12,7 @@
       # known to fail on aarch64-linux
       (lib.mkIf (pkgs.system == "aarch64-linux") (
         # TODO: investigate this
-        lib.warn "patdiff has been forcibly disabled because it has previously failed to build"
+        lib.warn "patdiff has been forcibly disabled because it has previously failed to build" lib.mkForce
-        lib.mkForce
           false
       ))
       (lib.mkDefault true)
@@ -20,7 +20,8 @@
   };
 
   # 懶惰鬼賴皮
-  programs.lazygit = let
+  programs.lazygit =
+    let
       patdiffCfg = config.programs.git.patdiff;
     in
     lib.mkIf patdiffCfg.enable {

nix/homeModules/common/gpg.nix

@@ -1,24 +1,26 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   services = {
     gpg-agent.defaultCacheTtl = 1209600;
     gpg-agent.pinentry.package = pkgs.pinentry-tty;
   };
 
-  programs.gpg.publicKeys = let
+  programs.gpg.publicKeys =
-    fromUrl = {
+    let
+      fromUrl =
+        {
           url,
           hash,
           trust ? 5,
-    }: {
+        }:
-      source = pkgs.fetchurl {inherit url hash;};
+        {
+          source = pkgs.fetchurl { inherit url hash; };
           inherit trust;
         };
 
-    github = {user, ...} @ args:
+      github =
-      fromUrl (
+        { user, ... }@args:
-        builtins.removeAttrs args ["user"]
+        fromUrl (builtins.removeAttrs args [ "user" ] // { url = "https://github.com/${user}.gpg"; });
-        // {url = "https://github.com/${user}.gpg";}
-      );
     in
     map github [
       # Do not depend on my own forgejo instance / self-host server to avoid a single point of failure

nix/homeModules/common/kitty.nix

@@ -3,9 +3,11 @@
   lib,
   config,
   ...
-}: let
+}:
+let
   cfg = config.programs.kitty;
-in {
+in
+{
   config = lib.mkIf cfg.enable {
     home.packages = [
       pkgs.nerd-fonts.iosevka

nix/homeModules/common/lazygit.nix

@@ -2,9 +2,11 @@
   config,
   lib,
   ...
-}: let
+}:
+let
   cfg = config.programs.lazygit;
-in {
+in
+{
   programs.tmux.extraConfig = lib.mkIf cfg.enable ''
     bind g run-shell "tmux new-window ${lib.getExe cfg.package}"
   '';

nix/homeModules/common/leana.nix

@@ -3,10 +3,12 @@
   lib,
   config,
   ...
-}: {
+}:
+{
   home = {
     username = lib.mkDefault "leana";
-    homeDirectory = let
+    homeDirectory =
+      let
         inherit (config.home) username;
       in
       lib.mkMerge [

nix/homeModules/common/locale.nix

@@ -2,7 +2,8 @@
   nixosConfig ? null,
   lib,
   ...
-}: {
+}:
+{
   home.language = {
     base = lib.mkDefault nixosConfig.i18n.defaultLocale or "en_US.UTF-8";
   };

nix/homeModules/common/packages.nix

@@ -2,13 +2,13 @@
   pkgs,
   lib,
   ...
-}: {
+}:
+{
   programs = {
     vim.enable = true;
   };
 
-  home.packages =
+  home.packages = [
-    [
     pkgs.file
     pkgs.gnused
     pkgs.tree

nix/homeModules/common/password-store.nix

@@ -3,9 +3,11 @@
   pkgs,
   lib,
   ...
-}: let
+}:
+let
   cfg = config.programs.password-store;
-in {
+in
+{
   home.packages = lib.mkIf cfg.enable [
     pkgs.pwgen
     pkgs.diceware

nix/homeModules/common/sioyek.nix

@@ -2,7 +2,8 @@
   config,
   lib,
   ...
-}: {
+}:
+{
   programs.sioyek = {
     bindings = {
       "move_up" = "k";
@@ -17,8 +18,11 @@
         "u"
         "<C-u>"
       ];
-      "toggle_two_page_mode" = ["T"];
+      "toggle_two_page_mode" = [ "T" ];
-      "goto_mark" = ["`" "'"];
+      "goto_mark" = [
+        "`"
+        "'"
+      ];
     };
 
     config.should_launch_new_window = "1";
@@ -27,7 +31,7 @@
   xdg.mimeApps = lib.mkIf config.programs.sioyek.enable {
     enable = true;
     defaultApplications = {
-      "application/pdf" = ["sioyek.desktop"];
+      "application/pdf" = [ "sioyek.desktop" ];
     };
   };
 }

nix/homeModules/common/starship/default.nix

@@ -2,9 +2,11 @@
   lib,
   config,
   ...
-}: let
+}:
+let
   cfg = config.programs.starship;
-in {
+in
+{
   xdg.configFile = lib.mkIf cfg.enable {
     "starship.toml".source = "${./starship.toml}";
   };

nix/homeModules/common/tmux/default.nix

@@ -2,7 +2,8 @@
   pkgs,
   lib,
   ...
-}: {
+}:
+{
   programs.tmux.extraConfig =
     builtins.readFile ./tmux.conf
     + lib.optionalString pkgs.stdenv.isDarwin ''

nix/homeModules/common/user-nixconf.nix

@@ -3,7 +3,8 @@
   lib,
   pkgs,
   ...
-}: {
+}:
+{
   nix = {
     package = lib.mkDefault (nixosConfig.nix.package or pkgs.nix);
 

nix/homeModules/common/vim/default.nix

@@ -1,7 +1,9 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   programs.vim = {
     extraConfig = builtins.readFile ./vimrc;
-    plugins = let
+    plugins =
+      let
         vpkgs = pkgs.vimPlugins;
 
         paramount = pkgs.vimUtils.buildVimPlugin {
@@ -13,7 +15,8 @@
             hash = "sha256-j9nMjKYK7bqrGHprYp0ddLEWs1CNMudxXD13sOROVmY=";
           };
         };
-    in [
+      in
+      [
         vpkgs.vim-sleuth
         vpkgs.vim-surround
         vpkgs.vim-fugitive

nix/homeModules/common/wired/default.nix

@@ -1,5 +1,6 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
-  home.packages = [pkgs.iosevka];
+{
+  home.packages = [ pkgs.iosevka ];
   services.wired = {
     config = "${./wired.ron}";
   };

nix/homeModules/extra/tmux-fish-integration.nix

@@ -4,7 +4,8 @@
   lib,
   config,
   ...
-}: {
+}:
+{
   assertions = [
     {
       assertion = config.programs.fish.enable;
@@ -22,7 +23,9 @@
     WORKTREE_PATH = "wt";
   };
 
-  programs.direnv.config.whitelist.prefix = [(config.home.sessionVariables.REPO_PATH + "/leana8959")];
+  programs.direnv.config.whitelist.prefix = [
+    (config.home.sessionVariables.REPO_PATH + "/leana8959")
+  ];
   programs.tmux.extraConfig = lib.mkBefore ''
     # sessionizer binds
     bind -n C-f run-shell "tmux new-window tmux-sessionizer"

nix/lib/mkNerdFont.nix

@@ -3,9 +3,10 @@
   nerd-font-patcher,
   parallel,
   stdenvNoCC,
-}: {
+}:
+{
   font,
-  extraArgs ? [],
+  extraArgs ? [ ],
   useDefaultsArgs ? true,
 }:
 stdenvNoCC.mkDerivation {
@@ -24,7 +25,8 @@ stdenvNoCC.mkDerivation {
     parallel
   ];
 
-  buildPhase = let
+  buildPhase =
+    let
       args =
         lib.optionals useDefaultsArgs [
           "--careful"
@@ -33,7 +35,8 @@ stdenvNoCC.mkDerivation {
           "--no-progressbars"
         ]
         ++ extraArgs;
-  in ''
+    in
+    ''
       mkdir -p nerd-font
       find \( -name \*.ttf -o -name \*.otf \) | parallel --jobs=$NIX_BUILD_CORES nerd-font-patcher {} \
           --outputdir nerd-font ${builtins.concatStringsSep " " args}

nix/networks/list.nix

@@ -2,7 +2,8 @@ let
   preferredPriority = 20;
   privatePriority = 10;
   limitedPriority = -10;
-in [
+in
+[
   {
     ssid = "~";
     priority = preferredPriority;
@@ -36,7 +37,7 @@ in [
     priority = privatePriority;
     scanOnLowSignal = true;
 
-    authProtocols = ["WPA-EAP"];
+    authProtocols = [ "WPA-EAP" ];
     auth = ''
       pairwise=CCMP
       group=CCMP TKIP
@@ -81,13 +82,13 @@ in [
     randomizeMac = true;
   }
 
-  {ssid = "_SNCF_WIFI_INOUI";}
+  { ssid = "_SNCF_WIFI_INOUI"; }
-  {ssid = "_WIFI_LYRIA";}
+  { ssid = "_WIFI_LYRIA"; }
-  {ssid = "EurostarTrainsWiFi";}
+  { ssid = "EurostarTrainsWiFi"; }
-  {ssid = "SBB-FREE";}
+  { ssid = "SBB-FREE"; }
-  {ssid = "AOT Airport Free Wi-Fi by NT";}
+  { ssid = "AOT Airport Free Wi-Fi by NT"; }
-  {ssid = "NewTaipei";}
+  { ssid = "NewTaipei"; }
-  {ssid = "Fami-WiFi";}
+  { ssid = "Fami-WiFi"; }
 
   {
     ssid = "iPhone de Léana 江";

nix/networks/wpa_supplicant-compat.nix

@@ -6,18 +6,25 @@ let
   lib = import (sources.nixpkgs + "/lib");
 
   # wpa_supplicant uses `strchr` to seek to the first `=`, so the only forbidden character is `=`.
-  escapePwdKey = lib.replaceStrings ["="] ["_"];
+  escapePwdKey = lib.replaceStrings [ "=" ] [ "_" ];
 
-  go = networkArgs @ {
+  go =
+    networkArgs@{
       ssid,
       # Custom fields wrapping nixpkgs module options
       hasPassword ? false,
       scanOnLowSignal ? false,
       randomizeMac ? false,
       ...
-  }: {
+    }:
+    {
       ${ssid} = lib.mkMerge [
-      (builtins.removeAttrs networkArgs ["ssid" "hasPassword" "scanOnLowSignal" "randomizeMac"])
+        (builtins.removeAttrs networkArgs [
+          "ssid"
+          "hasPassword"
+          "scanOnLowSignal"
+          "randomizeMac"
+        ])
         (lib.optionalAttrs hasPassword {
           pskRaw = "ext:${escapePwdKey ssid}";
         })
@@ -34,4 +41,4 @@ let
       ];
     };
 in
-  ns: lib.mkMerge (map go ns)
+ns: lib.mkMerge (map go ns)

nix/nixosModules/common/disable-command-not-found.nix

@@ -1 +1 @@
-{programs.command-not-found.enable = false;}
+{ programs.command-not-found.enable = false; }

nix/nixosModules/common/fish.nix

@@ -5,15 +5,18 @@
   config,
   lib,
   ...
-}: let
+}:
+let
   fishNixOSEnabled = config.programs.fish.enable;
   fishHMEnabled =
-    if config ? home-manager
+    if config ? home-manager then
-    then lib.any (userConfig: userConfig.programs.fish.enable) (lib.attrValues config.home-manager.users)
+      lib.any (userConfig: userConfig.programs.fish.enable) (lib.attrValues config.home-manager.users)
-    else false;
+    else
+      false;
 
   fishEnabled = fishNixOSEnabled || fishHMEnabled;
-in {
+in
+{
   environment.pathsToLink = lib.mkIf fishEnabled [
     "/share/fish/vendor_conf.d"
     "/share/fish/vendor_completions.d"

nix/nixosModules/common/network.nix

@@ -1,4 +1,5 @@
-{hostname, ...}: {
+{ hostname, ... }:
+{
   networking.hostName = hostname;
 
   services.openssh = {

nix/nixosModules/common/sudo-conf.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   security.sudo.enable = false;
 
   environment.systemPackages = [
@@ -18,8 +19,8 @@
         #   doas's docs says it searches in a "limited subset of PATH" if it's relative.
         #   I suspect that it doesn't search the PATH added ad-hoc by the nix-shell, also not a good solution.
         #   Also, for some reason, the rule won't match.
-        users = [":wheel"];
+        users = [ ":wheel" ];
-        setEnv = ["PATH"];
+        setEnv = [ "PATH" ];
       }
     ];
   };

nix/nixosModules/common/system-nixconf.nix

@@ -2,7 +2,8 @@
   lib,
   pkgs,
   ...
-}: {
+}:
+{
   nix = {
     package = lib.mkDefault pkgs.nix;
 

nix/nixosModules/common/xscreensaver.nix

@@ -5,14 +5,16 @@
   config,
   lib,
   ...
-}: let
+}:
+let
   cfg = config.services.xscreensaver;
-in {
+in
+{
   options = {
     services.xscreensaver.hooks = lib.mkOption {
       type = with lib.types; attrsOf str;
       description = "An attrset of events mapped a block of shell command to be run";
-      default = {};
+      default = { };
     };
   };
 
@@ -20,19 +22,22 @@ in {
     systemd.user.services = {
       "xscreensaver-hooks" = {
         description = "Run commands on xscreensaver events";
-        after = ["graphical-session.target" "xscreensaver.service"];
+        after = [
-        partOf = ["graphical-session.target"];
+          "graphical-session.target"
-        wantedBy = ["graphical-session.target"];
+          "xscreensaver.service"
-        script = let
+        ];
-          handlers =
+        partOf = [ "graphical-session.target" ];
-            lib.concatMapAttrsStringSep "\n" (event: action: ''
+        wantedBy = [ "graphical-session.target" ];
+        script =
+          let
+            handlers = lib.concatMapAttrsStringSep "\n" (event: action: ''
               "${event}")
                       ( ${action}
                       )
                       ;;
-            '')
+            '') cfg.hooks;
-            cfg.hooks;
+          in
-        in ''
+          ''
             xscreensaver-command -watch | while read event rest; do
               echo "The handler script got \"$event\""
               case $event in

nix/nixosModules/extra/leana.nix

@@ -2,21 +2,22 @@
   config,
   pkgs,
   ...
-}: {
+}:
+{
   #
   # My user
   #
-  nix.settings.trusted-users = ["leana"];
+  nix.settings.trusted-users = [ "leana" ];
   users.users."leana" = {
     isNormalUser = true;
     home = "/home/leana";
     description = "Leana";
     group = "leana";
-    extraGroups = ["wheel"];
+    extraGroups = [ "wheel" ];
     shell = pkgs.bash;
     openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
   };
-  users.groups.leana = {};
+  users.groups.leana = { };
 
   #
   # My nix binary cache

nix/nixosModules/extra/macbook-pro-radeon.nix

@@ -1,5 +1,5 @@
 {
   # This will temporarily disable the dedicated graphics and boot into the system.
   # If your computer suffers from the GPU's death it won't boot unless you do this.
-  boot.kernelParams = ["radeon.modeset=0"];
+  boot.kernelParams = [ "radeon.modeset=0" ];
 }

nix/nixosModules/extra/parrot.nix

@@ -3,10 +3,12 @@
   lib,
   config,
   ...
-}: let
+}:
+let
   cfg = config.services.parrot;
   t = lib.types;
-in {
+in
+{
   options = {
     services.parrot = {
       enable = lib.mkEnableOption "parrot";
@@ -23,12 +25,12 @@ in {
       group = "parrot";
       isSystemUser = true;
     };
-    users.groups."parrot" = {};
+    users.groups."parrot" = { };
 
     systemd.services."parrot" = {
       description = " A hassle-free, highly performant, self-hosted Discord music bot with YouTube and Spotify support. Powered by yt-dlp.";
-      after = ["network.target"];
+      after = [ "network.target" ];
-      wantedBy = ["multi-user.target"];
+      wantedBy = [ "multi-user.target" ];
 
       serviceConfig = {
         User = "parrot";

nix/nixosModules/extra/secure_dns.nix

@@ -1,7 +1,11 @@
 # https://nixos.wiki/wiki/Encrypted_DNS
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   networking = {
-    nameservers = ["127.0.0.1" "::1"];
+    nameservers = [
+      "127.0.0.1"
+      "::1"
+    ];
     dhcpcd.extraConfig = "nohook resolv.conf";
     # networkmanager.dns = "none";
   };
@@ -13,7 +17,7 @@
     # Settings reference:
     # https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml
     settings = {
-      listen_addresses = ["127.0.0.1:53"];
+      listen_addresses = [ "127.0.0.1:53" ];
       ipv4_servers = true;
 
       require_dnssec = true;

nix/nixosModules/extra/typst-bot.nix

@@ -3,10 +3,12 @@
   config,
   lib,
   ...
-}: let
+}:
+let
   cfg = config.services.typst-bot;
   t = lib.types;
-in {
+in
+{
   options = {
     services.typst-bot = {
       enable = lib.mkEnableOption "typst-bot";
@@ -30,7 +32,7 @@ in {
       isSystemUser = true;
       home = cfg.dataDir;
     };
-    users.groups."typst-bot" = {};
+    users.groups."typst-bot" = { };
 
     systemd.tmpfiles.rules = [
       "d ${cfg.dataDir}/cache  700 typst-bot typst-bot - -"
@@ -39,15 +41,15 @@ in {
 
     systemd.services."typst-bot" = {
       description = "A discord bot to render Typst code";
-      after = ["network.target"];
+      after = [ "network.target" ];
-      wantedBy = ["multi-user.target"];
+      wantedBy = [ "multi-user.target" ];
 
       preStart = ''
         : >${cfg.dataDir}/sqlite/db.sqlite
       '';
 
       # Don't pollute the global path
-      path = [pkgs.typst-bot];
+      path = [ pkgs.typst-bot ];
       script = "typst-bot";
 
       serviceConfig = {

nix/nixosModules/extra/zram.nix

@@ -1 +1 @@
-{zramSwap.enable = true;}
+{ zramSwap.enable = true; }

nix/overlays/agenix.nix

@@ -1,7 +1,7 @@
 let
   sources = import ../../npins;
 in
-  final: _: {
+final: _: {
   # Use flake so the package inputs is pinned
   agenix = sources.agenix.asFlake.packages.${final.system}.default;
-  }
+}

nix/overlays/calibre-no-mime.nix

@@ -2,8 +2,8 @@
 final: prev: {
   calibre = final.symlinkJoin {
     name = "calibre";
-    paths = [prev.calibre];
+    paths = [ prev.calibre ];
-    buildInputs = [final.makeWrapper];
+    buildInputs = [ final.makeWrapper ];
     postBuild = ''
       rm -r $out/share/mime
     '';

nix/overlays/disko.nix

@@ -1,6 +1,6 @@
 let
   sources = import ../../npins;
 in
-  final: _: {
+final: _: {
   disko = sources.disko.asFlake.packages.${final.system}.default;
-  }
+}

nix/overlays/dix.nix

@@ -1,6 +1,6 @@
 let
   sources = import ../../npins;
 in
-  final: _: {
+final: _: {
   dix = sources.dix.asFlake.packages.${final.system}.default;
-  }
+}

nix/overlays/eepy.nix

@@ -1,6 +1,6 @@
 let
   sources = import ../../npins;
 in
-  final: _: {
+final: _: {
   eepy = sources.eepy.asFlake.packages.${final.system}.default;
-  }
+}

nix/overlays/fcitx5-table-extra-taiwanese.nix

@@ -1,18 +1,14 @@
 let
   sources = import ../../npins;
 in
-  final: prev: {
+final: prev: {
   fcitx5-table-extra = prev.fcitx5-table-extra.overrideAttrs (oldAttrs: {
     src = sources.fcitx5-table-extra;
-      nativeBuildInputs =
+    nativeBuildInputs = oldAttrs.nativeBuildInputs or [ ] ++ [
-        oldAttrs.nativeBuildInputs or []
-        ++ [
       final.python3
     ];
-      preConfigure =
+    preConfigure = oldAttrs.preConfigure or "" + ''
-        oldAttrs.preConfigure or ""
-        + ''
       python3 ./generate.py
     '';
   });
-  }
+}

nix/overlays/iosevka.nix

@@ -1,6 +1,7 @@
 final: prev: rec {
-  nerd-fonts = let
+  nerd-fonts =
-    mkNerdFont = final.callPackage ../lib/mkNerdFont.nix {};
+    let
+      mkNerdFont = final.callPackage ../lib/mkNerdFont.nix { };
     in
     prev.nerd-fonts
     // {

nix/overlays/nil.nix

@@ -2,21 +2,18 @@
 let
   sources = import ../../npins;
 in
-  final: _: {
+final: _: {
-    nil = let
+  nil =
+    let
       pkg = sources.nil.asFlake.packages.${final.system}.default;
     in
-      pkg.overrideAttrs (
+    pkg.overrideAttrs (oldAttrs: {
-        oldAttrs: {
+      patches = oldAttrs.patches or [ ] ++ [
-          patches =
-            oldAttrs.patches or []
-            ++ [
         (final.fetchpatch {
           name = "fix-handling-inherit-and-patfield-in-inline-assist";
           url = "https://github.com/oxalica/nil/pull/178.patch";
           hash = "sha256-4f7DeWJtt63IyOjqlwzz0f05rv1NBYZO4JWEkFeDimk=";
         })
       ];
-        }
+    });
-      );
+}
-  }

nix/overlays/nix-monitored.nix

@@ -1,12 +1,10 @@
 let
   sources = import ../../npins;
 in
-  # The final nix is lix in this case
+# The final nix is lix in this case
-  final: prev: {
+final: prev: {
-    nix-monitored =
+  nix-monitored = sources.nix-monitored.asFlake.packages.${final.system}.default.override {
-      sources.nix-monitored.asFlake.packages.${final.system}.default
-    .override {
     inherit (final) nix;
     withNotify = false; # noisy, spams "command completed" even for nix shells
   };
-  }
+}

nix/overlays/nix-tree.nix

@@ -3,6 +3,6 @@
 let
   sources = import ../../npins;
 in
-  final: _: {
+final: _: {
   nix-tree = (import sources.nix-tree).packages.${final.system}.default;
-  }
+}

nix/overlays/nur.nix

@@ -1,4 +1,4 @@
 let
   sources = import ../../npins;
 in
-  sources.nur.asFlake.overlays.default
+sources.nur.asFlake.overlays.default