🎨 move to nixfmt-rfc-style

default.nix

@@ -10,4 +10,5 @@
   )
   {
     src = ./.;
-  }).defaultNix
+  }
+).defaultNix

flake.lock

@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1732603785,
+        "lastModified": 1733570843,
-        "narHash": "sha256-AEjWTJwOmSnVYsSJCojKgoguGfFfwel6z/6ud6UFMU8=",
+        "narHash": "sha256-sQJAxY1TYWD1UyibN/FnN97paTFuwBw3Vp3DNCyKsMk=",
         "owner": "lnl7",
         "repo": "nix-darwin",
-        "rev": "6ab87b7c84d4ee873e937108c4ff80c015a40c7a",
+        "rev": "a35b08d09efda83625bef267eb24347b446c80b8",
         "type": "github"
       },
       "original": {
@@ -62,11 +62,11 @@
     "flake-compat_2": {
       "flake": false,
       "locked": {
-        "lastModified": 1732722421,
+        "lastModified": 1733328505,
-        "narHash": "sha256-HRJ/18p+WoXpWJkcdsk9St5ZiukCqSDgbOGFa8Okehg=",
+        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "9ed2ac151eada2306ca8c418ebd97807bb08f6ac",
+        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
         "type": "github"
       },
       "original": {
@@ -137,11 +137,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1732884235,
+        "lastModified": 1733484277,
-        "narHash": "sha256-r8j6R3nrvwbT1aUp4EPQ1KC7gm0pu9VcV1aNaB+XG6Q=",
+        "narHash": "sha256-i5ay20XsvpW91N4URET/nOc0VQWOAd4c4vbqYtcH8Rc=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "819f682269f4e002884702b87e445c82840c68f2",
+        "rev": "d00c6f6d0ad16d598bf7e2956f52c1d9d5de3c3a",
         "type": "github"
       },
       "original": {
@@ -186,11 +186,11 @@
     },
     "nixlib": {
       "locked": {
-        "lastModified": 1732410305,
+        "lastModified": 1733015484,
-        "narHash": "sha256-/hxIKRTBsdrnudJWDGaBN8wIjHovqVAVxXdi8ByVtck=",
+        "narHash": "sha256-qiyO0GrTvbp869U4VGX5GhAZ00fSiPXszvosY1AgKQ8=",
         "owner": "nix-community",
         "repo": "nixpkgs.lib",
-        "rev": "87b6978992e2eb605732fba842cad0a7e14b2047",
+        "rev": "0e4fdd4a0ab733276b6d2274ff84ae353f17129e",
         "type": "github"
       },
       "original": {
@@ -207,11 +207,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1732496924,
+        "lastModified": 1733360821,
-        "narHash": "sha256-/MNhZLR0eh9z/d3l+ammq+F5XxHln0RHgO4Bhtjr0IM=",
+        "narHash": "sha256-bNXO+OGxrOjAxv/Lnyj84tNDicJ/FdLyLJHzOKSzYU8=",
         "owner": "nix-community",
         "repo": "nixos-generators",
-        "rev": "098e8b6ff72c86944a8d54b64ddd7b7e6635830a",
+        "rev": "8cdaf8885c9c85d9d27b594dbe882406aadfe00e",
         "type": "github"
       },
       "original": {
@@ -222,11 +222,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1732937961,
+        "lastModified": 1733376361,
-        "narHash": "sha256-B5pYT+IVaqcrfOekkwKvx/iToDnuQWzc2oyDxzzBDc4=",
+        "narHash": "sha256-aLJxoTDDSqB+/3orsulE6/qdlX6MzDLIITLZqdgMpqo=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "4703b8d2c708e13a8cab03d865f90973536dcdf5",
+        "rev": "929116e316068c7318c54eb4d827f7d9756d5e9c",
         "type": "github"
       },
       "original": {
@@ -278,11 +278,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1732021966,
+        "lastModified": 1733318908,
-        "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=",
+        "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "3308484d1a443fc5bc92012435d79e80458fe43c",
+        "rev": "6f4e2a2112050951a314d2733a994fbab94864c6",
         "type": "github"
       },
       "original": {
@@ -441,11 +441,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1732575825,
+        "lastModified": 1733128155,
-        "narHash": "sha256-xtt95+c7OUMoqZf4OvA/7AemiH3aVuWHQbErYQoPwFk=",
+        "narHash": "sha256-m6/qwJAJYcidGMEdLqjKzRIjapK4nUfMq7rDCTmZajc=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "3433ea14fbd9e6671d0ff0dd45ed15ee4c156ffa",
+        "rev": "c6134b6fff6bda95a1ac872a2a9d5f32e3c37856",
         "type": "github"
       },
       "original": {

flake.nix

@@ -42,20 +42,37 @@
     };
   };
 
-  outputs = { self, nixpkgs, flake-utils, deploy-rs, pre-commit-hooks, ... }@inputs:
+  outputs =
-    flake-utils.lib.eachDefaultSystem
+    {
-      (system:
+      self,
-        let
+      nixpkgs,
-          pkgs = import nixpkgs {
+      flake-utils,
-            inherit system;
+      deploy-rs,
-            overlays = [ self.overlays.default ];
+      pre-commit-hooks,
-          };
+      ...
-        in
+    }@inputs:
-        {
+    flake-utils.lib.eachDefaultSystem (
-          checks = import ./nix/checks.nix { inherit self pkgs deploy-rs system pre-commit-hooks; };
+      system:
-          devShells = import ./nix/shells.nix { inherit self pkgs system; };
+      let
-          formatter = pkgs.nixpkgs-fmt;
+        pkgs = import nixpkgs {
-        })
+          inherit system;
+          overlays = [ self.overlays.default ];
+        };
+      in
+      {
+        checks = import ./nix/checks.nix {
+          inherit
+            self
+            pkgs
+            deploy-rs
+            system
+            pre-commit-hooks
+            ;
+        };
+        devShells = import ./nix/shells.nix { inherit self pkgs system; };
+        formatter = pkgs.nixfmt-rfc-style;
+      }
+    )
     // {
       hosts = import ./nix/hosts.nix;
       overlays.default = nixpkgs.lib.composeManyExtensions [ ];

nix/checks.nix

@@ -1,11 +1,18 @@
-{ self, system, deploy-rs, pre-commit-hooks, ... }:
+{
+  self,
+  system,
+  deploy-rs,
+  pre-commit-hooks,
+  ...
+}:
 {
   pre-commit-check = pre-commit-hooks.lib.${system}.run {
     src = ./.;
     hooks = {
       deadnix.enable = true;
-      nixpkgs-fmt.enable = true;
+      nixfmt-rfc-style.enable = true;
       statix.enable = true;
     };
   };
-} // (deploy-rs.lib.${system}.deployChecks self.deploy)
+}
+// (deploy-rs.lib.${system}.deployChecks self.deploy)

nix/darwin.nix

@@ -1,6 +1,12 @@
-{ self, darwin, home-manager, ... }:
+{
+  self,
+  darwin,
+  home-manager,
+  ...
+}:
 let
-  mkDarwin = hostName: modules:
+  mkDarwin =
+    hostName: modules:
     let
       hostSystem = self.hosts.${hostName}.system;
     in

nix/deploy.nix

@@ -1,8 +1,19 @@
-{ self, nixpkgs, deploy-rs, ... }:
+{
+  self,
+  nixpkgs,
+  deploy-rs,
+  ...
+}:
 let
-  mkDeploy = hostName:
+  mkDeploy =
+    hostName:
     let
-      inherit (self.hosts.${hostName}) type address system sshUser;
+      inherit (self.hosts.${hostName})
+        type
+        address
+        system
+        sshUser
+        ;
       pkgs = import nixpkgs { inherit system; };
       deployPkgs = import nixpkgs {
         inherit system;
@@ -10,7 +21,8 @@ let
           deploy-rs.overlays.default
           (_self: super: {
             deploy-rs = {
-              inherit (pkgs) deploy-rs; inherit (super.deploy-rs) lib;
+              inherit (pkgs) deploy-rs;
+              inherit (super.deploy-rs) lib;
             };
           })
         ];

nix/hosts/aristotle/configuration.nix

@@ -60,6 +60,9 @@
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
   ];
 
-  environment.systemPackages = with pkgs; [ libraspberrypi raspberrypi-eeprom ];
+  environment.systemPackages = with pkgs; [
+    libraspberrypi
+    raspberrypi-eeprom
+  ];
   security.sudo.wheelNeedsPassword = false;
 }

nix/hosts/epicurus/homebrew.nix

@@ -8,7 +8,11 @@ _:
       "homebrew/services"
     ];
 
-    brews = [ "code-server" "coreutils" "mosh" ];
+    brews = [
+      "code-server"
+      "coreutils"
+      "mosh"
+    ];
 
     casks = [
       "1password"

nix/hosts/plato/configuration.nix

@@ -56,7 +56,11 @@ in
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5spf4diguK+w7iYLFr565++6DjHukWfvpN2ru9dCRk nixbuild"
   ];
 
-  environment.systemPackages = with pkgs; [ cifs-utils pinentry weechat ];
+  environment.systemPackages = with pkgs; [
+    cifs-utils
+    pinentry
+    weechat
+  ];
   fileSystems = {
     "/mnt/downloads" = {
       device = "//parthenon/Downloads";
@@ -82,7 +86,6 @@ in
     };
   };
 
-
   power.ups = {
     enable = true;
     mode = "netserver";
@@ -144,27 +147,36 @@ in
       scrapeConfigs = [
         {
           job_name = "node";
-          static_configs = [{
+          static_configs = [
-            targets = [
+            {
-              "plato:9100"
+              targets = [
-              "agent:9100"
+                "plato:9100"
-              "form:9100"
+                "agent:9100"
-              "matter:9100"
+                "form:9100"
-              "purpose:9100"
+                "matter:9100"
-              "socrates:9100"
+                "purpose:9100"
-            ];
+                "socrates:9100"
-          }];
+              ];
+            }
+          ];
         }
         {
           job_name = "coredns";
-          static_configs = [{ targets = [ "plato:9153" ]; }];
+          static_configs = [ { targets = [ "plato:9153" ]; } ];
         }
         {
           job_name = "ipfs";
           metrics_path = "/debug/metrics/prometheus";
-          static_configs = [{
+          static_configs = [
-            targets = [ "agent:5001" "form:5001" "matter:5001" "purpose:5001" ];
+            {
-          }];
+              targets = [
+                "agent:5001"
+                "form:5001"
+                "matter:5001"
+                "purpose:5001"
+              ];
+            }
+          ];
         }
       ];
     };
@@ -173,7 +185,9 @@ in
     };
   };
 
-  walkah.coredns = { enable = true; };
+  walkah.coredns = {
+    enable = true;
+  };
 
   virtualisation.docker = {
     enable = true;

nix/hosts/plato/hardware-configuration.nix

@@ -18,7 +18,10 @@
       "sr_mod"
     ];
     initrd.kernelModules = [ ];
-    kernelModules = [ "kvm-intel" "wl" ];
+    kernelModules = [
+      "kvm-intel"
+      "wl"
+    ];
     extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
   };
 
@@ -32,7 +35,6 @@
     fsType = "vfat";
   };
 
-  swapDevices =
+  swapDevices = [ { device = "/dev/disk/by-uuid/3a812874-3def-4e46-b20d-cd55fa7bdd5f"; } ];
-    [{ device = "/dev/disk/by-uuid/3a812874-3def-4e46-b20d-cd55fa7bdd5f"; }];
 
 }

nix/hosts/socrates/configuration.nix

@@ -1,4 +1,5 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
+{
   imports = [
     ./hardware-configuration.nix
     ./networking.nix # generated at runtime by nixos-infect
@@ -26,14 +27,20 @@
     hostName = "socrates";
     firewall = {
       allowPing = true;
-      allowedTCPPorts = [ 80 443 ];
+      allowedTCPPorts = [
+        80
+        443
+      ];
       trustedInterfaces = [ "tailscale0" ];
       checkReversePath = "loose";
     };
   };
 
   nix = {
-    settings.trusted-users = [ "@wheel" "root" ];
+    settings.trusted-users = [
+      "@wheel"
+      "root"
+    ];
   };
 
   security = {

nix/hosts/socrates/hardware-configuration.nix

@@ -2,5 +2,8 @@
 {
   imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
   boot.loader.grub.device = "/dev/vda";
-  fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; };
+  fileSystems."/" = {
+    device = "/dev/vda1";
+    fsType = "ext4";
+  };
 }

nix/hosts/socrates/networking.nix

@@ -1,4 +1,5 @@
-{ lib, ... }: {
+{ lib, ... }:
+{
   # This file was populated at runtime with the networking
   # details gathered from the active system.
   networking = {
@@ -28,14 +29,18 @@
             prefixLength = 64;
           }
         ];
-        ipv4.routes = [{
+        ipv4.routes = [
-          address = "167.99.176.1";
+          {
-          prefixLength = 32;
+            address = "167.99.176.1";
-        }];
+            prefixLength = 32;
-        ipv6.routes = [{
+          }
-          address = "2604:a880:cad:d0::1";
+        ];
-          prefixLength = 32;
+        ipv6.routes = [
-        }];
+          {
+            address = "2604:a880:cad:d0::1";
+            prefixLength = 32;
+          }
+        ];
       };
 
     };

nix/modules/akkoma/default.nix

@@ -41,9 +41,15 @@ in
           };
 
           "Pleroma.Web.Endpoint" = {
-            secret_key_base = { _secret = secrets.akkoma-secret-key-base.path; };
+            secret_key_base = {
-            signing_salt = { _secret = secrets.akkoma-signing-salt.path; };
+              _secret = secrets.akkoma-secret-key-base.path;
-            live_view.signing_salt = { _secret = secrets.akkoma-signing-salt.path; };
+            };
+            signing_salt = {
+              _secret = secrets.akkoma-signing-salt.path;
+            };
+            live_view.signing_salt = {
+              _secret = secrets.akkoma-signing-salt.path;
+            };
             url = {
               host = "walkah.social";
               scheme = "https";
@@ -57,12 +63,18 @@ in
         };
         ":web_push_encryption" = {
           ":vapid_details" = {
-            private_key = { _secret = secrets.akkoma-vapid-private-key.path; };
+            private_key = {
-            public_key = { _secret = secrets.akkoma-vapid-public-key.path; };
+              _secret = secrets.akkoma-vapid-private-key.path;
+            };
+            public_key = {
+              _secret = secrets.akkoma-vapid-public-key.path;
+            };
           };
         };
         ":joken" = {
-          ":default_signer" = { _secret = secrets.akkoma-joken-signer.path; };
+          ":default_signer" = {
+            _secret = secrets.akkoma-joken-signer.path;
+          };
         };
       };
       nginx = null; # doing this manually

nix/modules/akkoma/nginx.nix

@@ -1,5 +1,4 @@
-_:
+_: {
-{
   services.nginx = {
     enable = true;
     virtualHosts = {

nix/modules/base/darwin.nix

@@ -1,6 +1,10 @@
-{ ... }: {
+{ ... }:
+{
 
-  imports = [ ./common.nix ../../users ];
+  imports = [
+    ./common.nix
+    ../../users
+  ];
 
   nix = {
     configureBuildUsers = true;
@@ -18,7 +22,10 @@
       options = "--delete-older-than 30d";
     };
     settings = {
-      trusted-users = [ "root" "@admin" ];
+      trusted-users = [
+        "root"
+        "@admin"
+      ];
     };
   };
 

nix/modules/base/nixos.nix

@@ -1,6 +1,11 @@
-{ config, pkgs, ... }: {
+{ config, pkgs, ... }:
+{
 
-  imports = [ ./common.nix ../monitoring ../../users ];
+  imports = [
+    ./common.nix
+    ../monitoring
+    ../../users
+  ];
 
   documentation = {
     enable = false;
@@ -22,7 +27,10 @@
     settings = {
       auto-optimise-store = true;
 
-      trusted-users = [ "root" "walkah" ];
+      trusted-users = [
+        "root"
+        "walkah"
+      ];
     };
   };
 
@@ -40,7 +48,11 @@
       enable = true;
       flake = "github:walkah/athens#${config.networking.hostName}";
       dates = "hourly";
-      flags = [ "--option" "tarball-ttl" "0" ];
+      flags = [
+        "--option"
+        "tarball-ttl"
+        "0"
+      ];
     };
     stateVersion = "23.05";
   };

nix/modules/builder/default.nix

@@ -4,9 +4,16 @@ _: {
     buildMachines = [
       {
         hostName = "plato";
-        systems = [ "x86_64-linux" "aarch64-linux" ];
+        systems = [
+          "x86_64-linux"
+          "aarch64-linux"
+        ];
         maxJobs = 6;
-        supportedFeatures = [ "benchmark" "big-parallel" "kvm" ];
+        supportedFeatures = [
+          "benchmark"
+          "big-parallel"
+          "kvm"
+        ];
       }
     ];
     extraOptions = ''

nix/modules/coredns/default.nix

@@ -1,7 +1,8 @@
 { config, lib, ... }:
 with lib;
 
-let cfg = config.walkah.coredns;
+let
+  cfg = config.walkah.coredns;
 in
 {
   options.walkah.coredns = {

nix/modules/dev/default.nix

@@ -6,6 +6,6 @@
     cachix
     nixd
     nixf
-    nixpkgs-fmt
+    nixfmt-rfc-style
   ];
 }

nix/modules/drone/default.nix

@@ -1,4 +1,5 @@
-{ pkgs, config, ... }: {
+{ pkgs, config, ... }:
+{
   sops.secrets.drone = {
     owner = "drone";
   };

nix/modules/drone/runner-docker.nix

@@ -1,4 +1,5 @@
-{ pkgs, config, ... }: {
+{ pkgs, config, ... }:
+{
   systemd.services.drone-runner-docker = {
     wantedBy = [ "multi-user.target" ];
     serviceConfig = {

nix/modules/drone/runner-exec.nix

@@ -36,14 +36,14 @@
         "/etc/passwd:/etc/passwd"
         "/etc/group:/etc/group"
         "/nix/var/nix/profiles/system/etc/nix:/etc/nix"
-        "${config.environment.etc."ssl/certs/ca-certificates.crt".source}:/etc/ssl/certs/ca-certificates.crt"
-        "${config.environment.etc."ssh/ssh_known_hosts".source}:/etc/ssh/ssh_known_hosts"
         "${
-          builtins.toFile "ssh_config" ''
+          config.environment.etc."ssl/certs/ca-certificates.crt".source
-            Host eve.thalheim.io
+        }:/etc/ssl/certs/ca-certificates.crt"
-              ForwardAgent yes
+        "${config.environment.etc."ssh/ssh_known_hosts".source}:/etc/ssh/ssh_known_hosts"
-          ''
+        "${builtins.toFile "ssh_config" ''
-        }:/etc/ssh/ssh_config"
+          Host eve.thalheim.io
+            ForwardAgent yes
+        ''}:/etc/ssh/ssh_config"
         "/etc/machine-id"
         # channels are dynamic paths in the nix store, therefore we need to bind mount the whole thing
         "/nix/"

nix/modules/gitea/default.nix

@@ -1,6 +1,7 @@
 { config, ... }:
 
-let cfg = config.services.gitea;
+let
+  cfg = config.services.gitea;
 in
 {
   users.users.git = {
@@ -20,9 +21,15 @@ in
       lfs.enable = true;
 
       settings = {
-        log = { LEVEL = "Error"; };
+        log = {
-        other = { SHOW_FOOTER_VERSION = false; };
+          LEVEL = "Error";
-        repository = { DEFAULT_BRANCH = "main"; };
+        };
+        other = {
+          SHOW_FOOTER_VERSION = false;
+        };
+        repository = {
+          DEFAULT_BRANCH = "main";
+        };
         server = {
           DOMAIN = "walkah.dev";
           HTTP_ADDR = "0.0.0.0";
@@ -30,8 +37,12 @@ in
           ROOT_URL = "https://walkah.dev/";
           SSH_DOMAIN = "git.walkah.dev";
         };
-        service = { DISABLE_REGISTRATION = true; };
+        service = {
-        session = { COOKIE_SECURE = true; };
+          DISABLE_REGISTRATION = true;
+        };
+        session = {
+          COOKIE_SECURE = true;
+        };
       };
 
       dump.enable = false;

nix/modules/ipfs/cluster.nix

@@ -10,7 +10,11 @@
     kubo = {
       enable = true;
       settings = {
-        Discovery = { MDNS = { Enabled = true; }; };
+        Discovery = {
+          MDNS = {
+            Enabled = true;
+          };
+        };
         Swarm = {
           AddrFilters = null;
           ConnMgr = {

nix/modules/ipfs/default.nix

@@ -17,8 +17,14 @@ _:
             "/ip6/::/udp/4001/quic"
           ];
         };
-        API = { HTTPHeaders = { Access-Control-Allow-Origin = [ "*" ]; }; };
+        API = {
-        Routing = { Type = "dht"; };
+          HTTPHeaders = {
+            Access-Control-Allow-Origin = [ "*" ];
+          };
+        };
+        Routing = {
+          Type = "dht";
+        };
       };
     };
   };

nix/modules/ipfs/gateway.nix

@@ -40,9 +40,17 @@ in
     kubo = {
       enable = true;
       settings = {
-        Discovery = { MDNS = { Enabled = false; }; };
+        Discovery = {
-        Peering = { Peers = peers; };
+          MDNS = {
-        Swarm = { AddrFilters = null; };
+            Enabled = false;
+          };
+        };
+        Peering = {
+          Peers = peers;
+        };
+        Swarm = {
+          AddrFilters = null;
+        };
       };
     };
     nginx = {
@@ -50,14 +58,18 @@ in
       virtualHosts."walkah.cloud" = {
         forceSSL = true;
         enableACME = true;
-        locations."/" = { proxyPass = "http://127.0.0.1:8080"; };
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:8080";
+        };
       };
 
       # Hosted Sites
       virtualHosts."walkah.net" = {
         forceSSL = true;
         enableACME = true;
-        locations."/" = { proxyPass = "http://127.0.0.1:8080"; };
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:8080";
+        };
         serverAliases = [
           "www.walkah.net"
         ];

nix/modules/matrix/default.nix

@@ -17,7 +17,10 @@
             LC_CTYPE = "C";
       '';
     };
-    postgresqlBackup.databases = [ "matrix" "matrix-syncv3" ];
+    postgresqlBackup.databases = [
+      "matrix"
+      "matrix-syncv3"
+    ];
 
     matrix-synapse = {
       enable = true;
@@ -28,21 +31,30 @@
         enable_registration = false;
         database = {
           name = "psycopg2";
-          args = { database = "matrix"; };
+          args = {
+            database = "matrix";
+          };
         };
-        listeners = [{
+        listeners = [
-          bind_addresses = [
+          {
-            "0.0.0.0"
+            bind_addresses = [
-          ];
+              "0.0.0.0"
-          port = 8008;
+            ];
-          type = "http";
+            port = 8008;
-          tls = false;
+            type = "http";
-          x_forwarded = true;
+            tls = false;
-          resources = [{
+            x_forwarded = true;
-            compress = false;
+            resources = [
-            names = [ "client" "federation" ];
+              {
-          }];
+                compress = false;
-        }];
+                names = [
+                  "client"
+                  "federation"
+                ];
+              }
+            ];
+          }
+        ];
       };
       extraConfigFiles = [
         config.sops.secrets.matrix-registration-secret.path

nix/modules/matrix/nginx.nix

@@ -7,13 +7,17 @@
       "matrix.walkah.chat" = {
         forceSSL = true;
         enableACME = true;
-        locations."/" = { proxyPass = "http://100.111.208.75:8008"; };
+        locations."/" = {
+          proxyPass = "http://100.111.208.75:8008";
+        };
       };
 
       "syncv3.walkah.chat" = {
         forceSSL = true;
         enableACME = true;
-        locations."/" = { proxyPass = "http://100.111.208.75:8088"; };
+        locations."/" = {
+          proxyPass = "http://100.111.208.75:8088";
+        };
       };
 
       "walkah.chat" = {
@@ -21,7 +25,10 @@
         enableACME = true;
         locations = {
           "= /.well-known/matrix/server".extraConfig =
-            let server = { "m.server" = "matrix.walkah.chat:443"; };
+            let
+              server = {
+                "m.server" = "matrix.walkah.chat:443";
+              };
             in
             ''
               default_type application/json;
@@ -31,8 +38,12 @@
           "= /.well-known/matrix/client".extraConfig =
             let
               client = {
-                "m.homeserver" = { "base_url" = "https://matrix.walkah.chat"; };
+                "m.homeserver" = {
-                "org.matrix.msc3575.proxy" = { "url" = "https://syncv3.walkah.chat"; };
+                  "base_url" = "https://matrix.walkah.chat";
+                };
+                "org.matrix.msc3575.proxy" = {
+                  "url" = "https://syncv3.walkah.chat";
+                };
               };
             in
             ''
@@ -40,7 +51,9 @@
               add_header Access-Control-Allow-Origin *;
               return 200 '${builtins.toJSON client}';
             '';
-          "/" = { root = pkgs.element-web; };
+          "/" = {
+            root = pkgs.element-web;
+          };
         };
       };
     };

nix/modules/postgresql/default.nix

@@ -1,4 +1,5 @@
-{ pkgs, config, ... }: {
+{ pkgs, config, ... }:
+{
   services = {
     postgresql = {
       enable = true;

nix/nixos.nix

@@ -1,6 +1,14 @@
-{ self, nixpkgs, home-manager, raspberry-pi-nix, sops-nix, ... }:
+{
+  self,
+  nixpkgs,
+  home-manager,
+  raspberry-pi-nix,
+  sops-nix,
+  ...
+}:
 let
-  mkSystem = hostName: modules:
+  mkSystem =
+    hostName: modules:
     let
       hostSystem = self.hosts.${hostName}.system;
     in

nix/services/ipfs-cluster.nix

@@ -1,5 +1,10 @@
 ## From https://github.com/NixOS/nixpkgs/pull/100871
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 with lib;
 let
   cfg = config.services.ipfs-cluster;
@@ -14,8 +19,7 @@ in
   ###### interface
   options = {
     services.ipfs-cluster = {
-      enable = mkEnableOption
+      enable = mkEnableOption "Pinset orchestration for IPFS - requires ipfs daemon to be useful";
-        "Pinset orchestration for IPFS - requires ipfs daemon to be useful";
 
       user = mkOption {
         type = types.str;
@@ -30,7 +34,10 @@ in
       };
 
       consensus = mkOption {
-        type = types.enum [ "raft" "crdt" ];
+        type = types.enum [
+          "raft"
+          "crdt"
+        ];
         description = "Consensus protocol - 'raft' or 'crdt'. https://cluster.ipfs.io/documentation/guides/consensus/";
       };
 
@@ -74,27 +81,31 @@ in
   config = mkIf cfg.enable {
     environment.systemPackages = [ pkgs.ipfs-cluster ];
     systemd = {
-      tmpfiles.rules =
+      tmpfiles.rules = [ "d '${cfg.dataDir}' - ${cfg.user} ${cfg.group} - -" ];
-        [ "d '${cfg.dataDir}' - ${cfg.user} ${cfg.group} - -" ];
 
       services.ipfs-cluster-init = {
-        path = [ "/run/wrappers" pkgs.ipfs-cluster ];
+        path = [
+          "/run/wrappers"
+          pkgs.ipfs-cluster
+        ];
         environment.IPFS_CLUSTER_PATH = cfg.dataDir;
         wantedBy = [ "default.target" ];
 
-        serviceConfig = {
+        serviceConfig =
-          # "" clears exec list (man systemd.service -> execStart)
+          {
-          ExecStart = [
+            # "" clears exec list (man systemd.service -> execStart)
-            ""
+            ExecStart = [
-            "${pkgs.ipfs-cluster}/bin/ipfs-cluster-service init --consensus ${cfg.consensus} ${initFlags}"
+              ""
-          ];
+              "${pkgs.ipfs-cluster}/bin/ipfs-cluster-service init --consensus ${cfg.consensus} ${initFlags}"
-          Type = "oneshot";
+            ];
-          RemainAfterExit = true;
+            Type = "oneshot";
-          User = cfg.user;
+            RemainAfterExit = true;
-          Group = cfg.group;
+            User = cfg.user;
-        } // optionalAttrs (cfg.secretFile != null) {
+            Group = cfg.group;
-          EnvironmentFile = cfg.secretFile;
+          }
-        };
+          // optionalAttrs (cfg.secretFile != null) {
+            EnvironmentFile = cfg.secretFile;
+          };
         unitConfig.ConditionDirectoryNotEmpty = "!${cfg.dataDir}";
       };
 
@@ -105,16 +116,23 @@ in
         wants = [ "ipfs-cluster-init.service" ];
         after = [ "ipfs-cluster-init.service" ];
 
-        serviceConfig = {
+        serviceConfig =
-          ExecStart =
+          {
-            [ "" "${pkgs.ipfs-cluster}/bin/ipfs-cluster-service daemon" ];
+            ExecStart = [
-          User = cfg.user;
+              ""
-          Group = cfg.group;
+              "${pkgs.ipfs-cluster}/bin/ipfs-cluster-service daemon"
-        } // optionalAttrs (cfg.secretFile != null) {
+            ];
-          EnvironmentFile = cfg.secretFile;
+            User = cfg.user;
-        };
+            Group = cfg.group;
+          }
+          // optionalAttrs (cfg.secretFile != null) {
+            EnvironmentFile = cfg.secretFile;
+          };
       };
     };
-    networking.firewall.allowedTCPPorts = mkIf cfg.openSwarmPort [ 9094 9096 ];
+    networking.firewall.allowedTCPPorts = mkIf cfg.openSwarmPort [
+      9094
+      9096
+    ];
   };
 }

nix/shells.nix

@@ -1,4 +1,10 @@
-{ system, pkgs, self, ... }: {
+{
+  system,
+  pkgs,
+  self,
+  ...
+}:
+{
   default = pkgs.mkShell {
     name = "athens";
     buildInputs = with pkgs; [

nix/users/walkah/default.nix

@@ -1,18 +1,23 @@
 { lib, pkgs, ... }:
 
 {
-  users.users.walkah = {
+  users.users.walkah =
-    home = if pkgs.stdenv.isDarwin then "/Users/walkah" else "/home/walkah";
+    {
-    shell = pkgs.zsh;
+      home = if pkgs.stdenv.isDarwin then "/Users/walkah" else "/home/walkah";
-    openssh.authorizedKeys.keys = [
+      shell = pkgs.zsh;
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
+      openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8YMax7PGIrcPNIHkpuNRFgn3HJK6Wepm+ycZWO6jfR walkah@walkah-ipadpro11"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
-    ];
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8YMax7PGIrcPNIHkpuNRFgn3HJK6Wepm+ycZWO6jfR walkah@walkah-ipadpro11"
-  } // lib.optionalAttrs pkgs.stdenv.isLinux {
+      ];
-    extraGroups = [ "wheel" "docker" ];
+    }
-    group = "walkah";
+    // lib.optionalAttrs pkgs.stdenv.isLinux {
-    isNormalUser = true;
+      extraGroups = [
-  };
+        "wheel"
+        "docker"
+      ];
+      group = "walkah";
+      isNormalUser = true;
+    };
   users.groups.walkah = { };
 
   home-manager = {

nix/users/walkah/home.nix

@@ -1,4 +1,5 @@
-{ lib, pkgs, ... }: {
+{ lib, pkgs, ... }:
+{
   home = {
     packages = with pkgs; [
       chezmoi

shell.nix

@@ -10,4 +10,5 @@
   )
   {
     src = ./.;
-  }).shellNix
+  }
+).shellNix