format nix files

flake.nix

@@ -19,16 +19,27 @@
     };
     nixos-hardware.url = "github:NixOS/nixos-hardware/master";
   };
-  
+
-  outputs = { nixpkgs, home-manager, homeage, agenix, nur, nixos-hardware, ... }: {
+  outputs = {
+    nixpkgs,
+    home-manager,
+    homeage,
+    agenix,
+    nur,
+    nixos-hardware,
+    ...
+  }: {
+    formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra;
+
     nixosConfigurations.pim = nixpkgs.lib.nixosSystem {
-      system =  "x86_64-linux";
+      system = "x86_64-linux";
       modules = [
-        { nixpkgs.overlays = [ nur.overlay ]; }
+        {nixpkgs.overlays = [nur.overlay];}
         ./nixos
         agenix.nixosModules.default
         nixos-hardware.nixosModules.lenovo-thinkpad-x260
-        home-manager.nixosModules.home-manager {
+        home-manager.nixosModules.home-manager
+        {
           home-manager.useGlobalPkgs = true;
           home-manager.useUserPackages = true;
           home-manager.users.pim = {

home-manager/default.nix

@@ -1,6 +1,9 @@
-{ pkgs, lib, config, ... }:
-
 {
+  pkgs,
+  lib,
+  config,
+  ...
+}: {
   imports = [
     ./bash
     ./neovim
@@ -30,7 +33,7 @@
       strawberry
       gimp
       libreoffice
-      (pkgs.nerdfonts.override { fonts = [ "Hack" ]; })
+      (pkgs.nerdfonts.override {fonts = ["Hack"];})
       virt-manager
       gnome.gnome-tweaks
     ];
@@ -82,22 +85,22 @@
   xdg.userDirs.enable = true;
 
   homeage = {
-    identityPaths = [ "/home/pim/.ssh/age_ed25519" ];
+    identityPaths = ["/home/pim/.ssh/age_ed25519"];
     installationType = "systemd";
 
     file."common-pg-tfbackend" = {
       source = ../secrets/common-pg-tfbackend.age;
-      symlinks = [ "${config.xdg.configHome}/home/common.pg.tfbackend" ];
+      symlinks = ["${config.xdg.configHome}/home/common.pg.tfbackend"];
     };
 
     file."ansible-vault-secret" = {
       source = ../secrets/ansible-vault-secret.age;
-      symlinks = [ "${config.xdg.configHome}/home/ansible-vault-secret" ];
+      symlinks = ["${config.xdg.configHome}/home/ansible-vault-secret"];
     };
 
     file."powerdns-api-key" = {
       source = ../secrets/powerdns-api-key.json.age;
-      symlinks = [ "${config.xdg.configHome}/home/powerdns-api-key.json" ];
+      symlinks = ["${config.xdg.configHome}/home/powerdns-api-key.json"];
     };
   };
 
@@ -105,8 +108,8 @@
 
   dconf.settings = with lib.hm.gvariant; {
     "org/gnome/desktop/input-sources" = {
-      sources = [ (mkTuple [ "xkb" "us" ]) ];
+      sources = [(mkTuple ["xkb" "us"])];
-      xkb-options = [ "terminate:ctrl_alt_bksp" "caps:escape" ];
+      xkb-options = ["terminate:ctrl_alt_bksp" "caps:escape"];
     };
 
     "org/gnome/desktop/interface" = {

home-manager/firefox/addons.nix

@@ -1,33 +1,31 @@
-pkgs: lib:
+pkgs: lib: let
-let
   rycee-addons = pkgs.nur.repos.rycee.firefox-addons;
   custom-addons = import ./custom-addons.nix pkgs lib;
-in
+in {
-  {
+  default = lib.concatLists [
-    default = lib.concatLists [
+    (with rycee-addons; [
-      (with rycee-addons; [
-        ublock-origin
-        clearurls
-        cookie-autodelete
-        istilldontcareaboutcookies
-        keepassxc-browser
-        redirector
-        ublacklist
-        umatrix
-        violentmonkey
-        boring-rss
-        # rycee.bypass-paywalls-clean
-      ])
-      (with custom-addons; [
-        http-version-indicator
-        indicatetls
-        sixindicator
-      ])
-    ];
-    sue = with rycee-addons; [
       ublock-origin
+      clearurls
+      cookie-autodelete
       istilldontcareaboutcookies
       keepassxc-browser
-      custom-addons.simple-style-fox-2
+      redirector
-    ];
+      ublacklist
-  }
+      umatrix
+      violentmonkey
+      boring-rss
+      # rycee.bypass-paywalls-clean
+    ])
+    (with custom-addons; [
+      http-version-indicator
+      indicatetls
+      sixindicator
+    ])
+  ];
+  sue = with rycee-addons; [
+    ublock-origin
+    istilldontcareaboutcookies
+    keepassxc-browser
+    custom-addons.simple-style-fox-2
+  ];
+}

home-manager/firefox/custom-addons.nix

@@ -1,88 +1,92 @@
-pkgs: lib:
+pkgs: lib: let
-let
   # Stolen from: https://github.com/nix-community/nur-combined/blob/master/repos/rycee/pkgs/firefox-addons/default.nix
-  buildFirefoxXpiAddon = lib.makeOverridable ({ stdenv ? pkgs.stdenv, fetchurl ? pkgs.fetchurl,
+  buildFirefoxXpiAddon = lib.makeOverridable ({
-      pname, version, addonId, url, sha256, meta, ... }: stdenv.mkDerivation {
+    stdenv ? pkgs.stdenv,
-    name = "${pname}-${version}";
+    fetchurl ? pkgs.fetchurl,
+    pname,
+    version,
+    addonId,
+    url,
+    sha256,
+    meta,
+    ...
+  }:
+    stdenv.mkDerivation {
+      name = "${pname}-${version}";
 
-    inherit meta;
+      inherit meta;
 
-    src = fetchurl { inherit url sha256; };
+      src = fetchurl {inherit url sha256;};
 
-    preferLocalBuild = true;
+      preferLocalBuild = true;
-    allowSubstitutes = true;
+      allowSubstitutes = true;
 
-    buildCommand = ''
+      buildCommand = ''
-      dst="$out/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"
+        dst="$out/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"
-      mkdir -p "$dst"
+        mkdir -p "$dst"
-      install -v -m644 "$src" "$dst/${addonId}.xpi"
+        install -v -m644 "$src" "$dst/${addonId}.xpi"
-    '';
+      '';
-  });
+    });
-in
+in {
-  {
+  "http-version-indicator" = buildFirefoxXpiAddon {
-    "http-version-indicator" = buildFirefoxXpiAddon {
+    pname = "http-version-indicator";
-      pname = "http-version-indicator";
+    version = "3.2.1";
-      version = "3.2.1";
+    addonId = "spdyindicator@chengsun.github.com";
-      addonId = "spdyindicator@chengsun.github.com";
+    url = "https://addons.mozilla.org/firefox/downloads/file/3767224/http2_indicator-3.2.1.xpi";
-      url = "https://addons.mozilla.org/firefox/downloads/file/3767224/http2_indicator-3.2.1.xpi";
+    sha256 = "be9518017334ce502a1da514542c2ca4f974217d0c8e6c7c31d518aba57c09a8";
-      sha256 = "be9518017334ce502a1da514542c2ca4f974217d0c8e6c7c31d518aba57c09a8";
+    meta = with lib; {
-      meta = with lib;
+      homepage = "https://github.com/bsiegel/http-version-indicator";
-      {
+      description = "An indicator showing the HTTP version used to load the page in the address bar.";
-        homepage = "https://github.com/bsiegel/http-version-indicator";
+      mozPermissions = ["<all_urls>" "tabs" "webNavigation" "webRequest"];
-        description = "An indicator showing the HTTP version used to load the page in the address bar.";
+      platforms = platforms.all;
-        mozPermissions = [ "<all_urls>" "tabs" "webNavigation" "webRequest" ];
+    };
-        platforms = platforms.all;
+  };
-        };
+  "indicatetls" = buildFirefoxXpiAddon {
-      };
+    pname = "indicatetls";
-    "indicatetls" = buildFirefoxXpiAddon {
+    version = "0.3.0";
-      pname = "indicatetls";
+    addonId = "{252ee273-8c8d-4609-b54d-62ae345be0a1}";
-      version = "0.3.0";
+    url = "https://addons.mozilla.org/firefox/downloads/file/3608595/indicatetls-0.3.0.xpi";
-      addonId = "{252ee273-8c8d-4609-b54d-62ae345be0a1}";
+    sha256 = "7a3b7edb1085f7b15d279c1013fac1d68f5247cfd6312d5275cb053e24a79465";
-      url = "https://addons.mozilla.org/firefox/downloads/file/3608595/indicatetls-0.3.0.xpi";
+    meta = with lib; {
-      sha256 = "7a3b7edb1085f7b15d279c1013fac1d68f5247cfd6312d5275cb053e24a79465";
+      homepage = "https://github.com/jannispinter/indicatetls";
-      meta = with lib;
+      description = "Displays negotiated SSL/TLS protocol version and additional security information in the address bar";
-      {
+      license = licenses.mpl20;
-        homepage = "https://github.com/jannispinter/indicatetls";
+      mozPermissions = [
-        description = "Displays negotiated SSL/TLS protocol version and additional security information in the address bar";
+        "tabs"
-        license = licenses.mpl20;
+        "webNavigation"
-        mozPermissions = [
+        "webRequest"
-          "tabs"
+        "webRequestBlocking"
-          "webNavigation"
+        "http://*/*"
-          "webRequest"
+        "https://*/*"
-          "webRequestBlocking"
+      ];
-          "http://*/*"
+      platforms = platforms.all;
-          "https://*/*"
+    };
-          ];
+  };
-        platforms = platforms.all;
+  "sixindicator" = buildFirefoxXpiAddon {
-        };
+    pname = "sixindicator";
-      };
+    version = "1.3.0";
-    "sixindicator" = buildFirefoxXpiAddon {
+    addonId = "{8c9cad02-c069-4e93-909d-d874da819c49}";
-      pname = "sixindicator";
+    url = "https://addons.mozilla.org/firefox/downloads/file/3493442/sixindicator-1.3.0.xpi";
-      version = "1.3.0";
+    sha256 = "415ab83ed4ac94d1efe114752a09df29536d1bd54cc9b7e5ce5d9ee55a84226d";
-      addonId = "{8c9cad02-c069-4e93-909d-d874da819c49}";
+    meta = with lib; {
-      url = "https://addons.mozilla.org/firefox/downloads/file/3493442/sixindicator-1.3.0.xpi";
+      homepage = "https://github.com/HostedDinner/SixIndicator";
-      sha256 = "415ab83ed4ac94d1efe114752a09df29536d1bd54cc9b7e5ce5d9ee55a84226d";
+      description = "Shows a simple icon, if IPv6 or IPv4 was used for the request of the site. When clicking on the icon, more information is shown, like the number of requests per domain and if these requests were made via IPv6 or IPv4.";
-      meta = with lib;
+      license = licenses.mit;
-      {
+      mozPermissions = ["tabs" "webRequest" "<all_urls>"];
-        homepage = "https://github.com/HostedDinner/SixIndicator";
+      platforms = platforms.all;
-        description = "Shows a simple icon, if IPv6 or IPv4 was used for the request of the site. When clicking on the icon, more information is shown, like the number of requests per domain and if these requests were made via IPv6 or IPv4.";
+    };
-        license = licenses.mit;
+  };
-        mozPermissions = [ "tabs" "webRequest" "<all_urls>" ];
+  "simple-style-fox-2" = buildFirefoxXpiAddon {
-        platforms = platforms.all;
+    pname = "simple-style-fox-2";
-        };
+    version = "10.0";
-      };
+    addonId = "{317526c6-ff2b-49c9-822e-d77b4a3da1d1}";
-    "simple-style-fox-2" = buildFirefoxXpiAddon {
+    url = "https://addons.mozilla.org/firefox/downloads/file/3934220/simple_style_fox_2-10.0.xpi";
-      pname = "simple-style-fox-2";
+    sha256 = "1aaac3ba08d21086d7087015f92a27661940df45a97bf5680588c883f799a97d";
-      version = "10.0";
+    meta = with lib; {
-      addonId = "{317526c6-ff2b-49c9-822e-d77b4a3da1d1}";
+      description = "Simple style fox 2";
-      url = "https://addons.mozilla.org/firefox/downloads/file/3934220/simple_style_fox_2-10.0.xpi";
+      license = licenses.cc-by-30;
-      sha256 = "1aaac3ba08d21086d7087015f92a27661940df45a97bf5680588c883f799a97d";
+      mozPermissions = [];
-      meta = with lib;
+      platforms = platforms.all;
-      {
+    };
-        description = "Simple style fox 2";
+  };
-        license = licenses.cc-by-30;
+}
-        mozPermissions = [];
-        platforms = platforms.all;
-        };
-      };
-    }

home-manager/firefox/default.nix

@@ -1,6 +1,8 @@
-{ pkgs, lib, ... }:
+{
-
+  pkgs,
-let
+  lib,
+  ...
+}: let
   firefoxAddons = import ./addons.nix pkgs lib;
   firefoxSettings = {
     "browser.aboutConfig.showWarning" = false;
@@ -13,12 +15,11 @@ let
     "browser.gesture.swipe.left" = false;
     "browser.gesture.swipe.right" = false;
   };
-in
+in {
-{
   config = {
     programs.firefox = {
       enable = true;
-      profiles =  {
+      profiles = {
         default = {
           id = 0;
           isDefault = true;
@@ -34,7 +35,7 @@ in
     };
 
     xdg.desktopEntries.firefox-sue = {
-      categories = [ "Network" "WebBrowser" ];
+      categories = ["Network" "WebBrowser"];
       exec = "firefox -P sue --name firefox %U";
       genericName = "Web Browser";
       icon = "firefox";
@@ -53,7 +54,7 @@ in
     };
 
     xdg.desktopEntries.firefox = lib.mkForce {
-      categories = [ "Network" "WebBrowser" ];
+      categories = ["Network" "WebBrowser"];
       exec = "firefox --new-window --name firefox %U";
       genericName = "Web Browser";
       icon = "firefox";

home-manager/git/default.nix

@@ -9,10 +9,12 @@
         commit.verbose = true;
         pull.rebase = true;
       };
-      includes = [{
+      includes = [
-        path = "~/git/suecode/.gitconfig";
+        {
-        condition = "gitdir:~/git/suecode/**";
+          path = "~/git/suecode/.gitconfig";
-      }];
+          condition = "gitdir:~/git/suecode/**";
+        }
+      ];
     };
   };
 }

home-manager/keepassxc/default.nix

@@ -1,11 +1,13 @@
-{ pkgs, config, ...}:
-
 {
+  pkgs,
+  config,
+  ...
+}: {
   config = {
-    home.packages = [ pkgs.keepassxc ];
+    home.packages = [pkgs.keepassxc];
     homeage.file."keepassxc.ini" = {
       source = ../../secrets/keepassxc.ini.age;
-      symlinks = [ "${config.xdg.configHome}/keepassxc/keepassxc.ini" ];
+      symlinks = ["${config.xdg.configHome}/keepassxc/keepassxc.ini"];
     };
   };
 }

home-manager/neovim/default.nix

@@ -1,6 +1,4 @@
-{ pkgs, ... }:
+{pkgs, ...}: {
-
-{
   config = {
     programs.neovim = {
       enable = true;

home-manager/ssh/default.nix

@@ -1,36 +1,38 @@
-{ config, lib, ...}:
-
 {
+  config,
+  lib,
+  ...
+}: {
   config = {
     programs.ssh = {
       enable = true;
       extraConfig = "User root";
 
       matchBlocks = {
-        github = lib.hm.dag.entryBefore [ "*" ] {
+        github = lib.hm.dag.entryBefore ["*"] {
           hostname = "github.com";
           user = "pizzapim";
           identitiesOnly = true;
         };
-        lewis = lib.hm.dag.entryBefore [ "*" ] {
+        lewis = lib.hm.dag.entryBefore ["*"] {
           hostname = "lewis.hyp";
         };
-        atlas = lib.hm.dag.entryBefore [ "*" ] {
+        atlas = lib.hm.dag.entryBefore ["*"] {
           hostname = "atlas.hyp";
         };
-        jefke = lib.hm.dag.entryBefore [ "*" ] {
+        jefke = lib.hm.dag.entryBefore ["*"] {
           hostname = "jefke.hyp";
         };
-        hermes = lib.hm.dag.entryBefore [ "*" ] {
+        hermes = lib.hm.dag.entryBefore ["*"] {
           hostname = "hermes.dmz";
         };
-        maestro = lib.hm.dag.entryBefore [ "*" ] {
+        maestro = lib.hm.dag.entryBefore ["*"] {
           hostname = "maestro.dmz";
         };
-        bancomart = lib.hm.dag.entryBefore [ "*" ] {
+        bancomart = lib.hm.dag.entryBefore ["*"] {
           hostname = "bancomart.dmz";
         };
-        handjecontantje = lib.hm.dag.entryBefore [ "*" ] {
+        handjecontantje = lib.hm.dag.entryBefore ["*"] {
           hostname = "handjecontantje.dmz";
         };
       };
@@ -38,12 +40,12 @@
 
     homeage.file."sue_ed25519" = {
       source = ../../secrets/sue_ed25519.age;
-      symlinks = [ "${config.home.homeDirectory}/.ssh/sue_ed25519" ];
+      symlinks = ["${config.home.homeDirectory}/.ssh/sue_ed25519"];
     };
 
     homeage.file."sue_azure_rsa" = {
       source = ../../secrets/sue_azure_rsa.age;
-      symlinks = [ "${config.home.homeDirectory}/.ssh/sue_azure_rsa" ];
+      symlinks = ["${config.home.homeDirectory}/.ssh/sue_azure_rsa"];
     };
   };
 }

home-manager/syncthing/default.nix

@@ -1,6 +1,4 @@
-{ config, ... }:
+{config, ...}: {
-
-{
   config = {
     services.syncthing.enable = true;
     xdg.configFile."syncthing/config.xml".source = ./syncthing.xml;
@@ -8,12 +6,12 @@
 
     homeage.file."syncthing-key.pem" = {
       source = ../../secrets/syncthing-key.pem.age;
-      symlinks = [ "${config.xdg.configHome}/syncthing/key.pem" ];
+      symlinks = ["${config.xdg.configHome}/syncthing/key.pem"];
     };
 
     homeage.file."syncthing-cert.pem" = {
       source = ../../secrets/syncthing-cert.pem.age;
-      symlinks = [ "${config.xdg.configHome}/syncthing/cert.pem" ];
+      symlinks = ["${config.xdg.configHome}/syncthing/cert.pem"];
     };
   };
 }

nixos/default.nix

@@ -1,4 +1,9 @@
-{ pkgs, config, lib, ... }: {
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}: {
   imports = [
     ./hardware-configuration.nix
   ];
@@ -19,12 +24,12 @@
         enable = true;
       };
       desktopManager.gnome.enable = true;
-      excludePackages = with pkgs; [ xterm ];
+      excludePackages = with pkgs; [xterm];
     };
 
     printing = {
       enable = true;
-      drivers = [ pkgs.hplip pkgs.gutenprint ];
+      drivers = [pkgs.hplip pkgs.gutenprint];
     };
 
     fprintd = {
@@ -40,7 +45,7 @@
   users = {
     users.pim = {
       isNormalUser = true;
-      extraGroups = [ "wheel" "docker" "input" ];
+      extraGroups = ["wheel" "docker" "input"];
     };
   };
 
@@ -104,7 +109,7 @@
   };
 
   age = {
-    identityPaths = [ "/home/pim/.ssh/age_ed25519" ];
+    identityPaths = ["/home/pim/.ssh/age_ed25519"];
 
     secrets = {
       wg-quick-home-privkey.file = ../secrets/wg-quick-home-privkey.age;
@@ -121,16 +126,18 @@
         "10.225.191.4/24"
         "fd11:5ee:bad:c0de::4/64"
       ];
-      dns = [ "192.168.30.8" ];
+      dns = ["192.168.30.8"];
-      peers = [{
+      peers = [
-        presharedKeyFile = config.age.secrets.wg-quick-home-preshared-key.path;
+        {
-        endpoint = "84.245.14.149:51820";
+          presharedKeyFile = config.age.secrets.wg-quick-home-preshared-key.path;
-        publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
+          endpoint = "84.245.14.149:51820";
-        allowedIPs = [
+          publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
-          "0.0.0.0/0"
+          allowedIPs = [
-          "::0/0"
+            "0.0.0.0/0"
-        ];
+            "::0/0"
-      }];
+          ];
+        }
+      ];
     };
   };
 

nixos/hardware-configuration.nix

@@ -1,33 +1,37 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
 {
-  imports =
+  config,
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+  lib,
-    ];
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
 
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "sd_mod" "rtsx_pci_sdmmc"];
-  boot.initrd.kernelModules = [ ];
+  boot.initrd.kernelModules = [];
-  boot.kernelModules = [ "kvm-intel" ];
+  boot.kernelModules = ["kvm-intel"];
-  boot.extraModulePackages = [ ];
+  boot.extraModulePackages = [];
 
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "/dev/disk/by-uuid/33e4587b-fba3-4a9d-82d2-a9e49a8e75fa";
+    device = "/dev/disk/by-uuid/33e4587b-fba3-4a9d-82d2-a9e49a8e75fa";
-      fsType = "ext4";
+    fsType = "ext4";
-    };
+  };
 
   boot.initrd.luks.devices."luks-cd1139a7-0c1b-4459-b586-29b577825ee9".device = "/dev/disk/by-uuid/cd1139a7-0c1b-4459-b586-29b577825ee9";
 
-  fileSystems."/boot" =
+  fileSystems."/boot" = {
-    { device = "/dev/disk/by-uuid/87DA-B083";
+    device = "/dev/disk/by-uuid/87DA-B083";
-      fsType = "vfat";
+    fsType = "vfat";
-    };
+  };
 
-  swapDevices =
+  swapDevices = [
-    [ { device = "/dev/disk/by-uuid/908399cd-2f4f-4555-8805-80c9faf190aa"; }
+    {device = "/dev/disk/by-uuid/908399cd-2f4f-4555-8805-80c9faf190aa";}
-    ];
+  ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's

secrets/secrets.nix

@@ -1,10 +1,9 @@
 let
   pkgs = import <nixpkgs> {};
   publicKeysURL = "https://git.kun.is/pim.keys"; # https://github.com/pizzapim.keys
-  publicKeysFile = builtins.fetchurl { url = publicKeysURL; };
+  publicKeysFile = builtins.fetchurl {url = publicKeysURL;};
   publicKeys = pkgs.lib.strings.splitString "\n" (pkgs.lib.strings.fileContents publicKeysFile);
-in
+in {
-{
   "wg-quick-home-privkey.age".publicKeys = publicKeys;
   "wg-quick-home-preshared-key.age".publicKeys = publicKeys;
   "sue_ed25519.age".publicKeys = publicKeys;