all: format .nix filex with nixfmt-rfc

magpie/configuration.nix

@@ -6,11 +6,15 @@
   nvim,
   system,
   ...
-}: {
-  imports = [];
+}:
+{
+  imports = [ ];
 
   nix.optimise.automatic = true;
-  nix.settings.experimental-features = ["nix-command" "flakes"];
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];
   system.switch = {
     enable = false;
     enableNg = true;
@@ -21,7 +25,10 @@
   boot.loader.systemd-boot.configurationLimit = 2;
   boot.loader.efi.canTouchEfiVariables = true;
   boot.kernelPackages = pkgs.linuxPackages_latest;
-  boot.kernelParams = ["ip=dhcp" "console=tty"];
+  boot.kernelParams = [
+    "ip=dhcp"
+    "console=tty"
+  ];
   boot.kernel.sysctl = {
     "net.core.default_qdisc" = "fq";
     "net.ipv4.tcp_congestion_control" = "bbr";
@@ -29,14 +36,17 @@
 
   boot.initrd = {
     compressor = "zstd";
-    availableKernelModules = ["virtio-pci" "virtio-gpu"];
+    availableKernelModules = [
+      "virtio-pci"
+      "virtio-gpu"
+    ];
     systemd.enable = true;
     network = {
       enable = true;
       ssh = {
         enable = true;
-        hostKeys = [/etc/ssh_dummy_ed25519_key];
-        authorizedKeyFiles = [../nixy/ssh_pubkey];
+        hostKeys = [ /etc/ssh_dummy_ed25519_key ];
+        authorizedKeyFiles = [ ../nixy/ssh_pubkey ];
       };
     };
   };
@@ -74,7 +84,7 @@
     enable = true;
     debug = false;
     fqdn = "mail.project-cloud.net";
-    domains = ["project-cloud.net"];
+    domains = [ "project-cloud.net" ];
     enableSubmissionSsl = true;
     enableImap = false;
     enableImapSsl = true;
@@ -84,11 +94,11 @@
     loginAccounts = {
       "gitea@project-cloud.net" = {
         hashedPasswordFile = config.sops.secrets."gitea_mail_pw_hash".path;
-        aliases = ["git@project-cloud.net"];
+        aliases = [ "git@project-cloud.net" ];
       };
       "asmir@project-cloud.net" = {
         hashedPasswordFile = config.sops.secrets."asmir_mail_pw_hash".path;
-        aliases = ["asmir.abdulahovic@project-cloud.net"];
+        aliases = [ "asmir.abdulahovic@project-cloud.net" ];
       };
     };
     certificateScheme = "acme-nginx";
@@ -170,12 +180,12 @@
     };
 
     /*
-    virtualHosts.${config.services.nextcloud.hostName} = {
-      quic = true;
-      http3 = true;
-      forceSSL = true;
-      enableACME = true;
-    };
+      virtualHosts.${config.services.nextcloud.hostName} = {
+        quic = true;
+        http3 = true;
+        forceSSL = true;
+        enableACME = true;
+      };
     */
 
     virtualHosts."miniflux.project-cloud.net" = {
@@ -236,15 +246,21 @@
       REGISTER_EMAIL_CONFIRM = true;
     };
 
-    settings."markup.restructuredtext" = let
-      docutils =
-        pkgs.python3.withPackages (ps: with ps; [docutils pygments]);
-    in {
-      ENABLED = true;
-      FILE_EXTENSIONS = ".rst";
-      RENDER_COMMAND = "${docutils}/bin/rst2html.py";
-      IS_INPUT_FILE = false;
-    };
+    settings."markup.restructuredtext" =
+      let
+        docutils = pkgs.python3.withPackages (
+          ps: with ps; [
+            docutils
+            pygments
+          ]
+        );
+      in
+      {
+        ENABLED = true;
+        FILE_EXTENSIONS = ".rst";
+        RENDER_COMMAND = "${docutils}/bin/rst2html.py";
+        IS_INPUT_FILE = false;
+      };
   };
 
   services.nfs.server.enable = false;
@@ -262,7 +278,7 @@
     paths = [
       "/var/lib/gitea"
     ];
-    exclude = [];
+    exclude = [ ];
     repo = "ssh://na9fqv67@na9fqv67.repo.borgbase.com/./repo";
     encryption = {
       mode = "repokey-blake2";
@@ -279,12 +295,10 @@
     adminEmail = "asmir.abdulahovic" + "@" + "gmail.com";
   };
 
-  /*
-  needed for sendmail mail functionality
-  */
-  users.users.gitea.extraGroups = ["postdrop"];
+  # needed for sendmail mail functionality
+  users.users.gitea.extraGroups = [ "postdrop" ];
   systemd.services.gitea.serviceConfig = {
-    RestrictAddressFamilies = ["AF_NETLINK"];
+    RestrictAddressFamilies = [ "AF_NETLINK" ];
     ProtectSystem = lib.mkForce false;
   };
 
@@ -294,7 +308,7 @@
   };
 
   sops = {
-    age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
     secrets = {
       "asmir_mail_pw_hash".sopsFile = ./secrets/asmir_mail_pw_hash.yaml;
       "borgbase_enc_key".sopsFile = ./secrets/borgbase_enc_key.yaml;
@@ -310,10 +324,10 @@
         owner = config.users.users.gitea.name;
       };
       /*
-      "nextcloud_admin" = {
-        sopsFile = ./secrets/nextcloud_admin.yaml;
-        owner = config.users.users.nextcloud.name;
-      };
+        "nextcloud_admin" = {
+          sopsFile = ./secrets/nextcloud_admin.yaml;
+          owner = config.users.users.nextcloud.name;
+        };
       */
     };
   };
@@ -321,21 +335,29 @@
   networking.hostName = "magpie";
 
   networking.firewall.enable = true;
-  networking.firewall.allowedTCPPorts = [80 443 587 2049]; # http, mail, mail, nfs
-  networking.firewall.allowedUDPPorts = [443 51820]; #mail, wireguard
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+    587
+    2049
+  ]; # http, mail, mail, nfs
+  networking.firewall.allowedUDPPorts = [
+    443
+    51820
+  ]; # mail, wireguard
   networking.firewall.allowPing = true;
   networking.firewall.logRefusedConnections = lib.mkDefault false;
 
   networking.nat.enable = true;
   networking.nat.externalInterface = "enp1s0";
-  networking.nat.internalInterfaces = ["wg0"];
+  networking.nat.internalInterfaces = [ "wg0" ];
 
   networking.networkmanager.enable = true;
   networking.wireless.enable = false;
 
   networking.wireguard.interfaces = {
     wg0 = {
-      ips = ["10.100.0.1/24"];
+      ips = [ "10.100.0.1/24" ];
       listenPort = 51820;
 
       # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
@@ -353,17 +375,17 @@
         {
           publicKey = builtins.readFile ../nixy/wg_pubkey;
           presharedKeyFile = config.sops.secrets."wg_preshared/nixy".path;
-          allowedIPs = ["10.100.0.6/32"];
+          allowedIPs = [ "10.100.0.6/32" ];
         }
         {
           publicKey = builtins.readFile ../mediabox/wg_pubkey;
           presharedKeyFile = config.sops.secrets."wg_preshared/mediabox".path;
-          allowedIPs = ["10.100.0.5/32"];
+          allowedIPs = [ "10.100.0.5/32" ];
         }
         {
           publicKey = builtins.readFile ../common/wg_pubkey_workstation;
           presharedKeyFile = config.sops.secrets."wg_preshared/workstation".path;
-          allowedIPs = ["10.100.0.4/32"];
+          allowedIPs = [ "10.100.0.4/32" ];
         }
       ];
     };

magpie/hardware-configuration.nix

@@ -5,15 +5,21 @@
   lib,
   modulesPath,
   ...
-}: {
+}:
+{
   imports = [
     (modulesPath + "/installer/scan/not-detected.nix")
   ];
 
-  boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "usbhid" "sr_mod"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = [];
-  boot.extraModulePackages = [];
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "virtio_pci"
+    "usbhid"
+    "sr_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
 
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/118de1e5-f23e-4af3-a10a-054eded78152";
@@ -25,7 +31,7 @@
     fsType = "vfat";
   };
 
-  swapDevices = [];
+  swapDevices = [ ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's