feat: format via 'ls **/*.nix | each { |it| nixfmt $it.name }'

hardening/apparmor/default.nix

@@ -2,7 +2,8 @@
   config,
   pkgs,
   ...
-}: {
+}:
+{
   services.dbus.apparmor = "enabled";
   security.apparmor = {
     enable = true;

hardening/bwraps/wechat.nix

@@ -10,7 +10,8 @@
   appimageTools,
   fetchurl,
   stdenvNoCC,
-}: let
+}:
+let
   pname = "wechat";
   # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/we/wechat/package.nix
   sources = {

hardening/nixpaks/default.nix

@@ -2,7 +2,8 @@
   pkgs,
   nixpak,
   ...
-}: let
+}:
+let
   callArgs = {
     mkNixPak = nixpak.lib.nixpak {
       inherit (pkgs) lib;
@@ -14,7 +15,8 @@
     ];
   };
   wrapper = _pkgs: path: (_pkgs.callPackage path callArgs).config.script;
-in {
+in
+{
   # Add nixpaked Apps into nixpkgs, and reference them in home-manager or other nixos modules
   nixpkgs.overlays = [
     (_: super: {

hardening/nixpaks/firefox.nix

@@ -10,11 +10,13 @@
   ...
 }:
 mkNixPak {
-  config = {
+  config =
+    {
       config,
       sloth,
       ...
-  }: {
+    }:
+    {
       app = {
         package = pkgs.firefox-wayland;
         binPath = "bin/firefox";
@@ -61,7 +63,10 @@ mkNixPak {
         ];
         bind.ro = [
           "/sys/bus/pci"
-        ["${config.app.package}/lib/firefox" "/app/etc/firefox"]
+          [
+            "${config.app.package}/lib/firefox"
+            "/app/etc/firefox"
+          ]
 
           # ================ for browserpass extension ===============================
           "/etc/gnupg"

hardening/nixpaks/modules/gui-base.nix

@@ -5,12 +5,14 @@
   pkgs,
   sloth,
   ...
-}: let
+}:
+let
   envSuffix = envKey: suffix: sloth.concat' (sloth.env envKey) suffix;
   # cursor & icon's theme should be the same as the host's one.
   cursorTheme = pkgs.bibata-cursors;
   iconTheme = pkgs.papirus-icon-theme;
-in {
+in
+{
   config = {
     dbus.policies = {
       "${config.flatpak.appId}" = "own";
@@ -89,15 +91,19 @@ in {
       ];
 
       env = {
-        XDG_DATA_DIRS = lib.mkForce (lib.makeSearchPath "share" [
+        XDG_DATA_DIRS = lib.mkForce (
+          lib.makeSearchPath "share" [
             iconTheme
             cursorTheme
             pkgs.shared-mime-info
-        ]);
+          ]
-        XCURSOR_PATH = lib.mkForce (lib.concatStringsSep ":" [
+        );
+        XCURSOR_PATH = lib.mkForce (
+          lib.concatStringsSep ":" [
             "${cursorTheme}/share/icons"
             "${cursorTheme}/share/pixmaps"
-        ]);
+          ]
+        );
       };
     };
   };

hardening/nixpaks/qq.nix

@@ -10,7 +10,9 @@
   ...
 }:
 mkNixPak {
-  config = {sloth, ...}: {
+  config =
+    { sloth, ... }:
+    {
       app = {
         package = pkgs.qq.override {
           # fix fcitx5 input method
@@ -45,7 +47,12 @@ mkNixPak {
         bind.rw = [
           # given the read write permission to the following directories.
           # NOTE: sloth.mkdir is used to create the directory if it does not exist!
-        (sloth.mkdir (sloth.concat [sloth.xdgConfigHome "/QQ"]))
+          (sloth.mkdir (
+            sloth.concat [
+              sloth.xdgConfigHome
+              "/QQ"
+            ]
+          ))
 
           sloth.xdgDocumentsDir
           sloth.xdgDownloadDir

hardening/profiles/default.nix

@@ -1,4 +1,5 @@
-{modulesPath, ...}: {
+{ modulesPath, ... }:
+{
   imports = [
     (modulesPath + "/profiles/hardened.nix")
   ];

home/base/core/core.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   home.packages = with pkgs; [
     # Misc
     cowsay

home/base/core/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/base/core/editors/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/base/core/editors/helix/default.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   programs.helix = {
     enable = true;
   };

home/base/core/editors/neovim/default.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   programs = {
     neovim = {
       enable = true;

home/base/core/git.nix

@@ -4,7 +4,8 @@
   pkgs,
   myvars,
   ...
-}: {
+}:
+{
   # `programs.git` will generate the config file: ~/.config/git/config
   # to make git use this config file, `~/.gitconfig` should not exist!
   #

home/base/core/npm.nix

@@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
   # make `npm install -g <pkg>` happey
   #
   # mainly used to install npm packages that updates frequently

home/base/core/shells/default.nix

@@ -1,4 +1,5 @@
-{config, ...}: let
+{ config, ... }:
+let
   shellAliases = {
     k = "kubectl";
 
@@ -10,7 +11,8 @@
   goBin = "${config.home.homeDirectory}/go/bin";
   rustBin = "${config.home.homeDirectory}/.cargo/bin";
   npmBin = "${config.home.homeDirectory}/.npm/bin";
-in {
+in
+{
   programs.bash = {
     enable = true;
     enableCompletion = true;

home/base/core/theme.nix

@@ -1,4 +1,5 @@
-{catppuccin, ...}: {
+{ catppuccin, ... }:
+{
   # https://github.com/catppuccin/nix
   imports = [
     catppuccin.homeModules.catppuccin

home/base/core/yazi.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   # terminal file manager
   programs.yazi = {
     enable = true;

home/base/core/zellij/default.nix

@@ -2,7 +2,8 @@ let
   shellAliases = {
     "zj" = "zellij";
   };
-in {
+in
+{
   programs.zellij = {
     enable = true;
   };

home/base/gui/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/base/gui/dev-tools.nix

@@ -1,5 +1,7 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
-  home.packages = with pkgs;
+{
+  home.packages =
+    with pkgs;
     [
       mitmproxy # http/https proxy tool
       wireshark # network analyzer

home/base/gui/terminal/alacritty/default.nix

@@ -52,10 +52,7 @@
         bold_italic = {
           family = "Maple Mono NF CN";
         };
-        size =
+        size = if pkgs.stdenv.isDarwin then 14 else 13;
-          if pkgs.stdenv.isDarwin
-          then 14
-          else 13;
       };
       terminal = {
         # Spawn a nushell in login mode via `bash`

home/base/gui/terminal/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/base/gui/terminal/foot.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   programs.foot = {
     # foot is designed only for Linux
     enable = pkgs.stdenv.isLinux;

home/base/gui/terminal/ghostty.nix

@@ -12,9 +12,10 @@
   programs.ghostty = {
     enable = true;
     package =
-      if pkgs.stdenv.isDarwin
+      if pkgs.stdenv.isDarwin then
-      then pkgs.hello # pkgs.ghostty is currently broken on darwin
+        pkgs.hello # pkgs.ghostty is currently broken on darwin
-      else pkgs.ghostty; # the stable version
+      else
+        pkgs.ghostty; # the stable version
     # package = ghostty.packages.${pkgs.system}.default; # the latest version
     enableBashIntegration = false;
     installBatSyntax = false;

home/base/gui/terminal/kitty.nix

@@ -19,10 +19,7 @@
     font = {
       name = "Maple Mono NF CN";
       # use different font size on macOS
-      size =
+      size = if pkgs.stdenv.isDarwin then 14 else 13;
-        if pkgs.stdenv.isDarwin
-        then 14
-        else 13;
     };
 
     # consistent with other terminal emulators

home/base/home.nix

@@ -1,4 +1,5 @@
-{myvars, ...}: {
+{ myvars, ... }:
+{
   # Home Manager needs a bit of information about you and the
   # paths it should manage.
   home = {

home/base/tui/cloud/default.nix

@@ -2,7 +2,8 @@
   lib,
   pkgs,
   ...
-}: {
+}:
+{
   # https://developer.hashicorp.com/terraform/cli/config/config-file
   home.file.".terraformrc".source = ./terraformrc;
 
@@ -30,9 +31,12 @@
     # digitalocean
     doctl
     # google cloud
-    (google-cloud-sdk.withExtraComponents (with google-cloud-sdk.components; [
+    (google-cloud-sdk.withExtraComponents (
+      with google-cloud-sdk.components;
+      [
         gke-gcloud-auth-plugin
-    ]))
+      ]
+    ))
 
     # cloud tools that nix do not have cache for.
     terraform

home/base/tui/container.nix

@@ -3,7 +3,8 @@
   pkgs-unstable,
   nur-ryan4yin,
   ...
-}: {
+}:
+{
   home.packages = with pkgs; [
     podman-compose
     dive # explore docker layers

home/base/tui/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/base/tui/dev-tools.nix

@@ -2,7 +2,8 @@
   pkgs,
   pkgs-unstable,
   ...
-}: {
+}:
+{
   #############################################################
   #
   #  Basic settings for development environment

home/base/tui/editors/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/base/tui/editors/helix/default.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   programs.helix = {
     enable = true;
     package = pkgs.helix;

home/base/tui/editors/neovim/default.nix

@@ -18,7 +18,8 @@ let
   # the path to nvim directory
   # to make this symlink work, we need to git clone this repo to your home directory.
   configPath = "${config.home.homeDirectory}/nix-config/home/base/tui/editors/neovim/nvim";
-in {
+in
+{
   xdg.configFile."nvim".source = config.lib.file.mkOutOfStoreSymlink configPath;
   # Disable catppuccin to avoid conflict with my non-nix config.
   catppuccin.nvim.enable = false;

home/base/tui/editors/packages.nix

@@ -2,8 +2,11 @@
   pkgs,
   pkgs-unstable,
   ...
-}: {
+}:
-  home.packages = with pkgs; (
+{
+  home.packages =
+    with pkgs;
+    (
       # -*- Data & Configuration Languages -*-#
       [
         #-- nix
@@ -64,8 +67,7 @@
           uv # python project package manager
           pyright # python language server
           (python313.withPackages (
-        ps:
+            ps: with ps; [
-          with ps; [
               ruff
               black # python formatter
               # debugpy

home/base/tui/encryption/default.nix

@@ -2,7 +2,8 @@
   pkgs,
   pkgs-unstable,
   ...
-}: {
+}:
+{
   home.packages = with pkgs; [
     age
     sops

home/base/tui/gpg/default.nix

@@ -2,7 +2,8 @@
   config,
   mysecrets,
   ...
-}: {
+}:
+{
   programs.gpg = {
     enable = true;
     homedir = "${config.home.homeDirectory}/.gnupg";

home/base/tui/password-store/default.nix

@@ -3,9 +3,11 @@
   config,
   lib,
   ...
-}: let
+}:
+let
   passwordStoreDir = "${config.xdg.dataHome}/password-store";
-in {
+in
+{
   programs.password-store = {
     enable = true;
     package = pkgs.pass.withExtensions (exts: [

home/base/tui/shell.nix

@@ -2,9 +2,11 @@
   config,
   pkgs-unstable,
   ...
-}: let
+}:
+let
   inherit (pkgs-unstable) nu_scripts;
-in {
+in
+{
   programs.nushell = {
     # load the alias file for work
     # the file must exist, otherwise nushell will complain about it!

home/base/tui/ssh.nix

@@ -2,7 +2,8 @@
   config,
   mysecrets,
   ...
-}: {
+}:
+{
   home.file.".ssh/romantic.pub".source = "${mysecrets}/public/romantic.pub";
 
   programs.ssh = {

home/base/tui/zellij/default.nix

@@ -1,8 +1,10 @@
-{pkgs, ...}: let
+{ pkgs, ... }:
+let
   shellAliases = {
     "zj" = "zellij";
   };
-in {
+in
+{
   programs.zellij = {
     enable = true;
     package = pkgs.zellij;

home/darwin/aerospace/default.nix

@@ -1,5 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
   home.file.".aerospace.toml".source =
-    config.lib.file.mkOutOfStoreSymlink
+    config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nix-config/home/darwin/aerospace/aerospace.toml";
-    "${config.home.homeDirectory}/nix-config/home/darwin/aerospace/aerospace.toml";
 }

home/darwin/default.nix

@@ -2,11 +2,10 @@
   mylib,
   myvars,
   ...
-}: {
+}:
+{
   home.homeDirectory = "/Users/${myvars.username}";
-  imports =
+  imports = (mylib.scanPaths ./.) ++ [
-    (mylib.scanPaths ./.)
-    ++ [
     ../base/core
     ../base/tui
     ../base/gui

home/darwin/proxy/default.nix

@@ -2,12 +2,12 @@
   config,
   pkgs,
   ...
-}: {
+}:
+{
   home.packages = with pkgs; [
     clash-meta
   ];
 
   home.file.".proxychains/proxychains.conf".source =
-    config.lib.file.mkOutOfStoreSymlink
+    config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nix-config/home/darwin/proxy/proxychains.conf";
-    "${config.home.homeDirectory}/nix-config/home/darwin/proxy/proxychains.conf";
 }

home/darwin/rime-squirrel.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   # Squirrel Input Method
   home.file."Library/Rime" = {
     # my custom squirrel data (flypy input method)

home/darwin/shell.nix

@@ -1,4 +1,5 @@
-{lib, ...}: let
+{ lib, ... }:
+let
   envExtra = ''
     export PATH="$PATH:/opt/homebrew/bin:/usr/local/bin"
   '';
@@ -20,7 +21,8 @@
       true
     fi
   '';
-in {
+in
+{
   # Homebrew's default install location:
   #   /opt/homebrew for Apple Silicon
   #   /usr/local for macOS Intel

home/linux/base/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/linux/base/shell.nix

@@ -2,11 +2,13 @@
   config,
   myvars,
   ...
-}: let
+}:
+let
   d = config.xdg.dataHome;
   c = config.xdg.configHome;
   cache = config.xdg.cacheHome;
-in rec {
+in
+rec {
   home.homeDirectory = "/home/${myvars.username}";
 
   # environment variables that always set at login

home/linux/base/tools.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   # Linux Only Packages, not available on Darwin
   home.packages = with pkgs; [
     # misc

home/linux/gui/base/creative.nix

@@ -6,8 +6,10 @@
   nur-ryan4yin,
   blender-bin,
   ...
-}: {
+}:
-  home.packages = with pkgs;
+{
+  home.packages =
+    with pkgs;
     [
       # creative
       # gimp      # image editing, I prefer using figma in browser instead of this one
@@ -41,7 +43,8 @@
     # live streaming
     obs-studio = {
       enable = pkgs.stdenv.isx86_64;
-      plugins = with pkgs.obs-studio-plugins;
+      plugins =
+        with pkgs.obs-studio-plugins;
         [
           # screen capture
           wlrobs

home/linux/gui/base/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/linux/gui/base/dev-tools.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   home.packages = with pkgs; [
     android-tools
   ];

home/linux/gui/base/eye-protection.nix

@@ -2,7 +2,8 @@
   pkgs,
   lib,
   ...
-}: {
+}:
+{
   # Adjust the color temperature(& brightness) of your screen according to
   # your surroundings. This may help your eyes hurt less if you are
   # working in front of the screen at night.

home/linux/gui/base/fcitx5/default.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   xdg.configFile = {
     "fcitx5/profile" = {
       source = ./profile;

home/linux/gui/base/games.nix

@@ -2,7 +2,8 @@
   pkgs,
   nix-gaming,
   ...
-}: {
+}:
+{
   home.packages = with pkgs; [
     # nix-gaming.packages.${pkgs.system}.osu-laser-bin
     gamescope # SteamOS session compositing window manager

home/linux/gui/base/gtk.nix

@@ -2,7 +2,8 @@
   pkgs,
   config,
   ...
-}: {
+}:
+{
   # If your themes for mouse cursor, icons or windows don’t load correctly,
   # try setting them with home.pointerCursor and gtk.theme,
   # which enable a bunch of compatibility options that should make the themes load in all situations.

home/linux/gui/base/immutable-file.nix

@@ -16,7 +16,8 @@
 #  TODO not used yet, need to test it.
 #
 ##############################################################################################
-with lib; let
+with lib;
+let
   cfg = config.home.immutable-file;
   immutableFileOpts = _: {
     options = {
@@ -42,24 +43,25 @@ with lib; let
     sudo cp $2 $1
     sudo chattr +i $1
   '';
-in {
+in
+{
   options.home.immutable-file = mkOption {
     type = with types; attrsOf (submodule immutableFileOpts);
     default = { };
   };
 
   config = mkIf (cfg != { }) {
-    home.activation =
+    home.activation = mapAttrs' (
-      mapAttrs'
+      name:
-      (name: {
+      {
         src,
         dst,
       }:
-        nameValuePair
+      nameValuePair "make-immutable-${name}" (
-        "make-immutable-${name}"
+        lib.hm.dag.entryAfter [ "writeBoundary" ] ''
-        (lib.hm.dag.entryAfter ["writeBoundary"] ''
           ${mkImmutableFile} ${dst} ${src}
-        ''))
+        ''
-      cfg;
+      )
+    ) cfg;
   };
 }

home/linux/gui/base/media.nix

@@ -6,7 +6,8 @@
 }:
 # media - control and enjoy audio/video
 {
-  home.packages = with pkgs;
+  home.packages =
+    with pkgs;
     [
       # audio control
       pavucontrol

home/linux/gui/base/misc.nix

@@ -2,7 +2,8 @@
   pkgs,
   pkgs-unstable,
   ...
-}: {
+}:
+{
   home.packages = with pkgs; [
     # GUI apps
     # e-book viewer(.epub/.mobi/...)

home/linux/gui/base/note-taking.nix

@@ -1,5 +1,8 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
-  home.packages = with pkgs; (lib.optionals pkgs.stdenv.isx86_64 [
+{
+  home.packages =
+    with pkgs;
+    (lib.optionals pkgs.stdenv.isx86_64 [
       # https://joplinapp.org/help/
       joplin # joplin-cli
       joplin-desktop

home/linux/gui/base/wallpaper/default.nix

@@ -4,18 +4,28 @@
   lib,
   wallpapers,
   ...
-}: {
+}:
+{
   systemd.user.services.wallpaper = {
     Unit = {
       Description = "Wallpaper Switcher daemon";
-      After = ["graphical-session-pre.target" "xdg-desktop-autostart.target"];
+      After = [
+        "graphical-session-pre.target"
+        "xdg-desktop-autostart.target"
+      ];
       Wants = [ "graphical-session-pre.target" ];
     };
     Install.WantedBy = [ "graphical-session.target" ];
     Service = {
-      ExecStart = lib.getExe (pkgs.writeShellApplication {
+      ExecStart = lib.getExe (
+        pkgs.writeShellApplication {
           name = "wallpaper";
-        runtimeInputs = with pkgs; [procps feh swaybg python3];
+          runtimeInputs = with pkgs; [
+            procps
+            feh
+            swaybg
+            python3
+          ];
           text = ''
             export WALLPAPERS_DIR="${wallpapers}"
             export WALLPAPERS_STATE_FILEPATH="${config.xdg.stateHome}/wallpaper-switcher/switcher_state"
@@ -23,7 +33,8 @@
             export WALLPAPER_WAIT_MAX=180
             exec ${./wallpaper-switcher.py}
           '';
-      });
+        }
+      );
       RestartSec = 3;
       Restart = "on-failure";
     };

home/linux/gui/base/xdg.nix

@@ -6,7 +6,8 @@
   config,
   pkgs,
   ...
-}: {
+}:
+{
   home.packages = with pkgs; [
     xdg-utils # provides cli tools such as `xdg-mime` `xdg-open`
     xdg-user-dirs
@@ -31,10 +32,20 @@
     mimeApps = {
       enable = true;
       # let `xdg-open` to open the url with the correct application.
-      defaultApplications = let
+      defaultApplications =
-        browser = ["google-chrome.desktop" "firefox.desktop"];
+        let
-        editor = ["nvim.desktop" "Helix.desktop" "code.desktop" "code-insiders.desktop"];
+          browser = [
-      in {
+            "google-chrome.desktop"
+            "firefox.desktop"
+          ];
+          editor = [
+            "nvim.desktop"
+            "Helix.desktop"
+            "code.desktop"
+            "code-insiders.desktop"
+          ];
+        in
+        {
           "application/json" = browser;
           "application/pdf" = browser; # TODO: pdf viewer
 

home/linux/gui/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/linux/gui/editors/default.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   home.packages = with pkgs; [
     zed-editor
     code-cursor

home/linux/gui/hyprland/default.nix

@@ -5,9 +5,11 @@
   anyrun,
   ...
 }@args:
-with lib; let
+with lib;
+let
   cfg = config.modules.desktop.hyprland;
-in {
+in
+{
   imports = [
     # anyrun.homeManagerModules.default # the module is already in hm now.
     ./options
@@ -16,7 +18,9 @@ in {
   options.modules.desktop.hyprland = {
     enable = mkEnableOption "hyprland compositor";
     settings = lib.mkOption {
-      type = with lib.types; let
+      type =
+        with lib.types;
+        let
           valueType =
             nullOr (oneOf [
               bool
@@ -37,11 +41,13 @@ in {
   };
 
   config = mkIf cfg.enable (
-    mkMerge ([
+    mkMerge (
+      [
         {
           wayland.windowManager.hyprland.settings = cfg.settings;
         }
       ]
-      ++ (import ./values args))
+      ++ (import ./values args)
+    )
   );
 }

home/linux/gui/hyprland/options/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/linux/gui/hyprland/options/nvidia.nix

@@ -3,9 +3,11 @@
   lib,
   ...
 }:
-with lib; let
+with lib;
+let
   cfg = config.modules.desktop.hyprland;
-in {
+in
+{
   options.modules.desktop.hyprland = {
     nvidia = mkEnableOption "whether nvidia GPU is used";
   };

home/linux/gui/hyprland/values/anyrun.nix

@@ -2,7 +2,8 @@
   pkgs,
   anyrun,
   ...
-}: {
+}:
+{
   programs.anyrun = {
     enable = true;
     config = {

home/linux/gui/hyprland/values/default.nix

@@ -1,4 +1 @@
-{mylib, ...} @ args:
+{ mylib, ... }@args: map (path: import path args) (mylib.scanPaths ./.)
-map
-(path: import path args)
-(mylib.scanPaths ./.)

home/linux/gui/hyprland/values/hyprland.nix

@@ -2,13 +2,17 @@
   pkgs,
   config,
   ...
-}: let
+}:
+let
   package = pkgs.hyprland;
-in {
+in
-  xdg.configFile = let
+{
+  xdg.configFile =
+    let
       mkSymlink = config.lib.file.mkOutOfStoreSymlink;
       hyprPath = "${config.home.homeDirectory}/nix-config/home/linux/gui/hyprland/conf";
-  in {
+    in
+    {
       "mako".source = mkSymlink "${hyprPath}/mako";
       "waybar".source = mkSymlink "${hyprPath}/waybar";
       "wlogout".source = mkSymlink "${hyprPath}/wlogout";
@@ -46,9 +50,11 @@ in {
     inherit package;
     enable = true;
     settings = {
-      source = let
+      source =
+        let
           configPath = "${config.home.homeDirectory}/.config/hypr/configs";
-      in [
+        in
+        [
           "${configPath}/exec.conf"
           "${configPath}/fcitx5.conf"
           "${configPath}/keybindings.conf"

home/linux/gui/hyprland/values/packages.nix

@@ -1,8 +1,8 @@
 {
   pkgs,
   ...
-}: {
+}:
-
+{
 
   home.packages = with pkgs; [
     swaybg # the wallpaper

home/linux/gui/hyprland/values/wayland-apps.nix

@@ -1,7 +1,8 @@
 {
   pkgs,
   ...
-}: {
+}:
+{
   home.packages = with pkgs; [
     # firefox-wayland
     nixpaks.firefox
@@ -31,9 +32,7 @@
 
     vscode = {
       enable = true;
-      package =
+      package = pkgs.vscode.override {
-        pkgs.vscode.override
-        {
         isInsiders = false;
         # https://wiki.archlinux.org/title/Wayland#Electron
         commandLineArgs = [

home/linux/gui/hyprland/values/xdg.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   xdg.portal = {
     enable = true;
 

hosts/12kingdoms-shoukei/hardware-configuration.nix

@@ -24,7 +24,10 @@ in
   boot.loader.efi.efiSysMountPoint = "/boot";
 
   # Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
-  boot.binfmt.emulatedSystems = ["x86_64-linux" "riscv64-linux"];
+  boot.binfmt.emulatedSystems = [
+    "x86_64-linux"
+    "riscv64-linux"
+  ];
   # supported file systems, so we can mount any removable disks with these filesystems
   boot.supportedFilesystems = lib.mkForce [
     "ext4"

hosts/darwin-fern/default.nix

@@ -6,7 +6,8 @@ _:
 #############################################################
 let
   hostname = "fern";
-in {
+in
+{
   networking.hostName = hostname;
   networking.computerName = hostname;
   system.defaults.smb.NetBIOSName = hostname;

hosts/darwin-fern/home.nix

@@ -1,5 +1,8 @@
-{config, ...}: let
+{ config, ... }:
+let
   hostName = "fern";
-in {
+in
-  programs.ssh.matchBlocks."github.com".identityFile = "${config.home.homeDirectory}/.ssh/${hostName}";
+{
+  programs.ssh.matchBlocks."github.com".identityFile =
+    "${config.home.homeDirectory}/.ssh/${hostName}";
 }

hosts/darwin-frieren/default.nix

@@ -6,7 +6,8 @@ _:
 #############################################################
 let
   hostname = "frieren";
-in {
+in
+{
   networking.hostName = hostname;
   networking.computerName = hostname;
   system.defaults.smb.NetBIOSName = hostname;

hosts/darwin-frieren/home.nix

@@ -1,5 +1,8 @@
-{config, ...}: let
+{ config, ... }:
+let
   hostName = "frieren";
-in {
+in
-  programs.ssh.matchBlocks."github.com".identityFile = "${config.home.homeDirectory}/.ssh/${hostName}";
+{
+  programs.ssh.matchBlocks."github.com".identityFile =
+    "${config.home.homeDirectory}/.ssh/${hostName}";
 }

hosts/idols-ai/ai/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

hosts/idols-ai/ai/ollama.nix

@@ -2,13 +2,15 @@
   pkgs,
   nixpkgs-ollama,
   ...
-}: let
+}:
+let
   pkgs-ollama = import nixpkgs-ollama {
     inherit (pkgs) system;
     # To use cuda, we need to allow the installation of non-free software
     config.allowUnfree = true;
   };
-in {
+in
+{
   services.ollama = rec {
     enable = true;
     package = pkgs-ollama.ollama;

hosts/idols-ai/default.nix

@@ -11,7 +11,8 @@ let
   inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4 ipv6;
   ipv4WithMask = "${ipv4}/24";
   ipv6WithMask = "${ipv6}/64";
-in {
+in
+{
   imports = [
     ./netdev-mount.nix
     # Include the results of the hardware scan.
@@ -37,7 +38,10 @@ in {
   systemd.network.networks."10-${iface}" = {
     matchConfig.Name = [ iface ];
     networkConfig = {
-      Address = [ipv4WithMask ipv6WithMask];
+      Address = [
+        ipv4WithMask
+        ipv6WithMask
+      ];
       DNS = nameservers;
       DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA.
       IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC)

hosts/idols-ai/game/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

hosts/idols-ai/game/gamemode.nix

@@ -5,7 +5,8 @@
   nix-gaming,
   lib,
   ...
-}: let
+}:
+let
   programs = lib.makeBinPath [
     config.programs.hyprland.package
     pkgs.coreutils
@@ -25,7 +26,8 @@
     hyprctl --batch 'keyword decoration:blur 1 ; keyword animations:enabled 1 ; keyword misc:vfr 1'
     powerprofilesctl set power-saver
   '';
-in {
+in
+{
   # Optimise Linux system performance on demand
   # https://github.com/FeralInteractive/GameMode
   # https://wiki.archlinux.org/title/Gamemode

hosts/idols-ai/game/steam.nix

@@ -1,5 +1,6 @@
 # https://github.com/fufexan/dotfiles/blob/483680e/system/programs/steam.nix
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   # https://wiki.archlinux.org/title/steam
   # Games installed by Steam works fine on NixOS, no other configuration needed.
   programs.steam = {
@@ -15,8 +16,8 @@
 
     # fix gamescope inside steam
     package = pkgs.steam.override {
-      extraPkgs = pkgs:
+      extraPkgs =
-        with pkgs; [
+        pkgs: with pkgs; [
           xorg.libXcursor
           xorg.libXi
           xorg.libXinerama

hosts/idols-ai/hardware-configuration.nix

@@ -7,7 +7,8 @@
   pkgs,
   modulesPath,
   ...
-}: {
+}:
+{
   imports = [
     (modulesPath + "/installer/scan/not-detected.nix")
   ];
@@ -21,7 +22,14 @@
   boot.kernelPackages = pkgs.linuxPackages_latest;
   # boot.kernelPackages = pkgs.linuxPackages_xanmod_latest;
 
-  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "nvme"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+  ];
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ "kvm-intel" ]; # kvm virtualization support
   boot.extraModprobeConfig = "options kvm_intel nested=1"; # for intel cpu
@@ -30,7 +38,10 @@
   boot.tmp.cleanOnBoot = true;
 
   # Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
-  boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
+  boot.binfmt.emulatedSystems = [
+    "aarch64-linux"
+    "riscv64-linux"
+  ];
   # supported file systems, so we can mount any removable disks with these filesystems
   boot.supportedFilesystems = [
     "ext4"
@@ -76,26 +87,40 @@
     fsType = "tmpfs";
     # set mode to 755, otherwise systemd will set it to 777, which cause problems.
     # relatime: Update inode access times relative to modify or change time.
-    options = ["relatime" "mode=755"];
+    options = [
+      "relatime"
+      "mode=755"
+    ];
   };
 
   fileSystems."/nix" = {
     device = "/dev/disk/by-uuid/1167076c-dee1-486c-83c1-4b1af37555cd";
     fsType = "btrfs";
-    options = ["subvol=@nix" "noatime" "compress-force=zstd:1"];
+    options = [
+      "subvol=@nix"
+      "noatime"
+      "compress-force=zstd:1"
+    ];
   };
 
   # for guix store, which use `/gnu/store` as its store directory.
   fileSystems."/gnu" = {
     device = "/dev/disk/by-uuid/1167076c-dee1-486c-83c1-4b1af37555cd";
     fsType = "btrfs";
-    options = ["subvol=@guix" "noatime" "compress-force=zstd:1"];
+    options = [
+      "subvol=@guix"
+      "noatime"
+      "compress-force=zstd:1"
+    ];
   };
 
   fileSystems."/persistent" = {
     device = "/dev/disk/by-uuid/1167076c-dee1-486c-83c1-4b1af37555cd";
     fsType = "btrfs";
-    options = ["subvol=@persistent" "compress-force=zstd:1"];
+    options = [
+      "subvol=@persistent"
+      "compress-force=zstd:1"
+    ];
     # preservation's data is required for booting.
     neededForBoot = true;
   };
@@ -103,20 +128,29 @@
   fileSystems."/snapshots" = {
     device = "/dev/disk/by-uuid/1167076c-dee1-486c-83c1-4b1af37555cd";
     fsType = "btrfs";
-    options = ["subvol=@snapshots" "compress-force=zstd:1"];
+    options = [
+      "subvol=@snapshots"
+      "compress-force=zstd:1"
+    ];
   };
 
   fileSystems."/tmp" = {
     device = "/dev/disk/by-uuid/1167076c-dee1-486c-83c1-4b1af37555cd";
     fsType = "btrfs";
-    options = ["subvol=@tmp" "compress-force=zstd:1"];
+    options = [
+      "subvol=@tmp"
+      "compress-force=zstd:1"
+    ];
   };
 
   # mount swap subvolume in readonly mode.
   fileSystems."/swap" = {
     device = "/dev/disk/by-uuid/1167076c-dee1-486c-83c1-4b1af37555cd";
     fsType = "btrfs";
-    options = ["subvol=@swap" "ro"];
+    options = [
+      "subvol=@swap"
+      "ro"
+    ];
   };
 
   # remount swapfile in read-write mode
@@ -126,7 +160,10 @@
 
     device = "/swap/swapfile";
     fsType = "none";
-    options = ["bind" "rw"];
+    options = [
+      "bind"
+      "rw"
+    ];
   };
 
   fileSystems."/boot" = {

hosts/idols-ai/home.nix

@@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
   modules.desktop = {
     hyprland = {
       nvidia = true;

hosts/idols-ai/netdev-mount.nix

@@ -2,7 +2,8 @@
   config,
   myvars,
   ...
-}: {
+}:
+{
   # supported file systems, so we can mount any removable disks with these filesystems
   boot.supportedFilesystems = [
     # "cifs"

hosts/idols-ai/nvidia.nix

@@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
   # ===============================================================================================
   # for Nvidia GPU
   # https://wiki.nixos.org/wiki/NVIDIA

hosts/idols-ai/preservation.nix

@@ -3,9 +3,11 @@
   pkgs,
   myvars,
   ...
-}: let
+}:
+let
   inherit (myvars) username;
-in {
+in
+{
   imports = [
     preservation.nixosModules.default
   ];
@@ -330,13 +332,15 @@ in {
   # Note that immediate parent directories of persisted files can also be
   # configured with ownership and permissions from the `parent` settings if
   # `configureParent = true` is set for the file.
-  systemd.tmpfiles.settings.preservation = let
+  systemd.tmpfiles.settings.preservation =
+    let
       permission = {
         user = username;
         group = "users";
         mode = "0755";
       };
-  in {
+    in
+    {
       "/home/${username}/.config".d = permission;
       "/home/${username}/.cache".d = permission;
       "/home/${username}/.local".d = permission;

hosts/idols-ai/secureboot.nix

@@ -3,7 +3,8 @@
   lib,
   lanzaboote,
   ...
-}: {
+}:
+{
   # How to enter setup mode - msi motherboard
   ## 1. enter BIOS via [Del] Key
   ## 2. <Advance mode> => <Settings> => <Security> => <Secure Boot>

hosts/idols-aquamarine/caddy.nix

@@ -3,7 +3,8 @@
   config,
   wallpapers,
   ...
-}: let
+}:
+let
   hostCommonConfig = ''
     encode zstd gzip
     tls ${../../certs/ecc-server.crt} ${config.age.secrets."caddy-ecc-server.key".path} {
@@ -11,7 +12,8 @@
       curves x25519 secp384r1 secp521r1
     }
   '';
-in {
+in
+{
   services.caddy = {
     enable = true;
     # Reload Caddy instead of restarting it when configuration file changes.
@@ -124,7 +126,10 @@ in {
     #   reverse_proxy http://localhost:9090
     # '';
   };
-  networking.firewall.allowedTCPPorts = [80 443];
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
 
   # Create Directories
   # https://www.freedesktop.org/software/systemd/man/latest/tmpfiles.d.html#Type

hosts/idols-aquamarine/default.nix

@@ -17,10 +17,9 @@ let
   inherit (myvars.networking) defaultGateway defaultGateway6 nameservers;
   inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4;
   ipv4WithMask = "${ipv4}/24";
-in {
+in
-  imports =
+{
-    (mylib.scanPaths ./.)
+  imports = (mylib.scanPaths ./.) ++ [
-    ++ [
     disko.nixosModules.default
   ];
 

hosts/idols-aquamarine/disko-fs.nix

@@ -3,7 +3,8 @@
 let
   cryptKeyFile = "/etc/agenix/hdd-luks-crypt-key";
   unlockDisk = "data-encrypted";
-in {
+in
+{
   fileSystems."/data/fileshare/public".depends = [ "/data/fileshare" ];
 
   # By adding this crypttab entry, the disk will be unlocked by systemd-cryptsetup@xxx.service at boot time.
@@ -71,15 +72,27 @@ in {
                   };
                   "@fileshare" = {
                     mountpoint = "/data/fileshare";
-                    mountOptions = ["compress-force=zstd:1" "noatime" "nofail"];
+                    mountOptions = [
+                      "compress-force=zstd:1"
+                      "noatime"
+                      "nofail"
+                    ];
                   };
                   "@backups" = {
                     mountpoint = "/data/backups";
-                    mountOptions = ["compress-force=zstd:1" "noatime" "nofail"];
+                    mountOptions = [
+                      "compress-force=zstd:1"
+                      "noatime"
+                      "nofail"
+                    ];
                   };
                   "@snapshots" = {
                     mountpoint = "/data/apps-snapshots";
-                    mountOptions = ["compress-force=zstd:1" "noatime" "nofail"];
+                    mountOptions = [
+                      "compress-force=zstd:1"
+                      "noatime"
+                      "nofail"
+                    ];
                   };
                 };
               };
@@ -101,7 +114,10 @@ in {
             subvolumes = {
               "@persistent" = {
                 mountpoint = "/data/fileshare/public";
-                mountOptions = ["compress-force=zstd:1" "nofail"];
+                mountOptions = [
+                  "compress-force=zstd:1"
+                  "nofail"
+                ];
               };
             };
           };

hosts/idols-aquamarine/exporters/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

hosts/idols-aquamarine/gitea.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   # https://github.com/NixOS/nixpkgs/blob/nixos-25.05/nixos/modules/services/misc/gitea.nix
   services.gitea = {
     enable = true;

hosts/idols-aquamarine/grafana/default.nix

@@ -2,7 +2,8 @@
   config,
   myvars,
   ...
-}: {
+}:
+{
   services.grafana = {
     enable = true;
     dataDir = "/data/apps/grafana";

hosts/idols-aquamarine/minio.nix

@@ -1,7 +1,9 @@
-{config, ...}: let
+{ config, ... }:
+let
   dataDir = [ "/data/apps/minio/data" ];
   configDir = "/data/apps/minio/config";
-in {
+in
+{
   # https://github.com/NixOS/nixpkgs/blob/nixos-25.05/nixos/modules/services/web-servers/minio.nix
   services.minio = {
     enable = true;

hosts/idols-aquamarine/monitoring/alertmanager.nix

@@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
   services.prometheus.alertmanager = {
     enable = true;
     listenAddress = "127.0.0.1";

hosts/idols-aquamarine/monitoring/default.nix

@@ -1,4 +1,5 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = [
     ./victoriametrics.nix
     ./alertmanager.nix

hosts/idols-aquamarine/monitoring/victoriametrics.nix

@@ -2,7 +2,8 @@
   lib,
   myvars,
   ...
-}: {
+}:
+{
   # Since victoriametrics use DynamicUser, the user & group do not exists before the service starts.
   # this group is used as a supplementary Unix group for the service to access our data dir(/data/apps/xxx)
   users.groups.victoriametrics-data = { };
@@ -36,8 +37,7 @@
     # specifies a set of targets and parameters describing how to scrape metrics from them.
     # https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config
     prometheusConfig = {
-      scrape_configs =
+      scrape_configs = [
-        [
         # --- Homelab Applications --- #
 
         {
@@ -95,9 +95,8 @@
         }
       ]
       # --- Hosts --- #
-        ++ (
+      ++ (lib.attrsets.foldlAttrs (
-          lib.attrsets.foldlAttrs
+        acc: hostname: addr:
-          (acc: hostname: addr:
         acc
         ++ [
           {
@@ -113,10 +112,8 @@
               }
             ];
           }
-            ])
+        ]
-          []
+      ) [ ] myvars.networking.hostsAddr);
-          myvars.networking.hostsAddr
-        );
     };
   };
 

hosts/idols-aquamarine/oci-containers/default.nix

@@ -2,7 +2,8 @@
   lib,
   mylib,
   ...
-}: {
+}:
+{
   imports = mylib.scanPaths ./.;
 
   virtualisation = {