feat: format via 'ls **/*.nix | each { |it| nixfmt $it.name }'

hardening/apparmor/default.nix

@@ -2,7 +2,8 @@
   config,
   pkgs,
   ...
-}: {
+}:
+{
   services.dbus.apparmor = "enabled";
   security.apparmor = {
     enable = true;

hardening/bwraps/default.nix

@@ -2,7 +2,7 @@
   nixpkgs.overlays = [
     (_: super: {
       bwraps = {
-        wechat = super.callPackage ./wechat.nix {};
+        wechat = super.callPackage ./wechat.nix { };
       };
     })
   ];

hardening/bwraps/wechat.nix

@@ -10,7 +10,8 @@
   appimageTools,
   fetchurl,
   stdenvNoCC,
-}: let
+}:
+let
   pname = "wechat";
   # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/we/wechat/package.nix
   sources = {
@@ -41,58 +42,58 @@
     '';
   };
 in
-  appimageTools.wrapAppImage {
+appimageTools.wrapAppImage {
-    inherit pname version;
+  inherit pname version;
 
-    src = appimageContents;
+  src = appimageContents;
 
-    extraInstallCommands = ''
+  extraInstallCommands = ''
-      mkdir -p $out/share/applications
+    mkdir -p $out/share/applications
-      cp ${appimageContents}/wechat.desktop $out/share/applications/
+    cp ${appimageContents}/wechat.desktop $out/share/applications/
-      mkdir -p $out/share/pixmaps
+    mkdir -p $out/share/pixmaps
-      cp ${appimageContents}/wechat.png $out/share/pixmaps/
+    cp ${appimageContents}/wechat.png $out/share/pixmaps/
 
-      substituteInPlace $out/share/applications/wechat.desktop --replace-fail AppRun wechat
+    substituteInPlace $out/share/applications/wechat.desktop --replace-fail AppRun wechat
-    '';
+  '';
 
-    # Add these root paths to FHS sandbox to prevent WeChat from accessing them by default
+  # Add these root paths to FHS sandbox to prevent WeChat from accessing them by default
-    # Adapted from https://aur.archlinux.org/cgit/aur.git/tree/wechat-universal.sh?h=wechat-universal-bwrap
+  # Adapted from https://aur.archlinux.org/cgit/aur.git/tree/wechat-universal.sh?h=wechat-universal-bwrap
-    extraPreBwrapCmds = ''
+  extraPreBwrapCmds = ''
-      XDG_DOCUMENTS_DIR="''${XDG_DOCUMENTS_DIR:-$(xdg-user-dir DOCUMENTS)}"
+    XDG_DOCUMENTS_DIR="''${XDG_DOCUMENTS_DIR:-$(xdg-user-dir DOCUMENTS)}"
-      if [[ -z "''${XDG_DOCUMENTS_DIR}" ]]; then
+    if [[ -z "''${XDG_DOCUMENTS_DIR}" ]]; then
-          echo 'Error: Failed to get XDG_DOCUMENTS_DIR, refuse to continue'
+        echo 'Error: Failed to get XDG_DOCUMENTS_DIR, refuse to continue'
-          exit 1
+        exit 1
-      fi
+    fi
 
-      WECHAT_DATA_DIR="''${XDG_DOCUMENTS_DIR}/WeChat_Data"
+    WECHAT_DATA_DIR="''${XDG_DOCUMENTS_DIR}/WeChat_Data"
 
-      # Using ''${WECHAT_DATA_DIR} as Wechat Data folder
+    # Using ''${WECHAT_DATA_DIR} as Wechat Data folder
-      WECHAT_HOME_DIR="''${WECHAT_DATA_DIR}/home"
+    WECHAT_HOME_DIR="''${WECHAT_DATA_DIR}/home"
-      WECHAT_FILES_DIR="''${WECHAT_DATA_DIR}/xwechat_files"
+    WECHAT_FILES_DIR="''${WECHAT_DATA_DIR}/xwechat_files"
 
-      mkdir -p "''${WECHAT_FILES_DIR}"
+    mkdir -p "''${WECHAT_FILES_DIR}"
-      mkdir -p "''${WECHAT_HOME_DIR}"
+    mkdir -p "''${WECHAT_HOME_DIR}"
-      ln -snf "''${WECHAT_FILES_DIR}" "''${WECHAT_HOME_DIR}/xwechat_files"
+    ln -snf "''${WECHAT_FILES_DIR}" "''${WECHAT_HOME_DIR}/xwechat_files"
-    '';
+  '';
-    extraBwrapArgs = [
+  extraBwrapArgs = [
-      "--tmpfs /home"
+    "--tmpfs /home"
-      "--tmpfs /root"
+    "--tmpfs /root"
-      # format: --bind <host-path> <sandbox-path>
+    # format: --bind <host-path> <sandbox-path>
-      "--bind \${WECHAT_HOME_DIR} \${HOME}"
+    "--bind \${WECHAT_HOME_DIR} \${HOME}"
-      "--bind \${WECHAT_FILES_DIR} \${WECHAT_FILES_DIR}"
+    "--bind \${WECHAT_FILES_DIR} \${WECHAT_FILES_DIR}"
-      "--chdir \${HOME}"
+    "--chdir \${HOME}"
-      # wechat-universal only supports xcb
+    # wechat-universal only supports xcb
-      "--setenv QT_QPA_PLATFORM xcb"
+    "--setenv QT_QPA_PLATFORM xcb"
-      "--setenv QT_AUTO_SCREEN_SCALE_FACTOR 1"
+    "--setenv QT_AUTO_SCREEN_SCALE_FACTOR 1"
-      # use fcitx as IME
+    # use fcitx as IME
-      "--setenv QT_IM_MODULE fcitx"
+    "--setenv QT_IM_MODULE fcitx"
-      "--setenv GTK_IM_MODULE fcitx"
+    "--setenv GTK_IM_MODULE fcitx"
-    ];
+  ];
-    chdirToPwd = false;
+  chdirToPwd = false;
-    unshareNet = false;
+  unshareNet = false;
-    unshareIpc = true;
+  unshareIpc = true;
-    unsharePid = true;
+  unsharePid = true;
-    unshareUts = true;
+  unshareUts = true;
-    unshareCgroup = true;
+  unshareCgroup = true;
-    privateTmp = true;
+  privateTmp = true;
-  }
+}

hardening/nixpaks/default.nix

@@ -2,7 +2,8 @@
   pkgs,
   nixpak,
   ...
-}: let
+}:
+let
   callArgs = {
     mkNixPak = nixpak.lib.nixpak {
       inherit (pkgs) lib;
@@ -14,19 +15,20 @@
     ];
   };
   wrapper = _pkgs: path: (_pkgs.callPackage path callArgs).config.script;
-in {
+in
+{
   # Add nixpaked Apps into nixpkgs, and reference them in home-manager or other nixos modules
   nixpkgs.overlays = [
     (_: super: {
       nixpaks = {
         qq = wrapper super ./qq.nix;
-        qq-desktop-item = super.callPackage ./qq-desktop-item.nix {};
+        qq-desktop-item = super.callPackage ./qq-desktop-item.nix { };
 
         wechat = wrapper super ./wechat.nix;
-        wechat-desktop-item = super.callPackage ./wechat-desktop-item.nix {};
+        wechat-desktop-item = super.callPackage ./wechat-desktop-item.nix { };
 
         firefox = wrapper super ./firefox.nix;
-        firefox-desktop-item = super.callPackage ./firefox-desktop-item.nix {};
+        firefox-desktop-item = super.callPackage ./firefox-desktop-item.nix { };
       };
     })
   ];

hardening/nixpaks/firefox-desktop-item.nix

@@ -1,4 +1,4 @@
-{makeDesktopItem}:
+{ makeDesktopItem }:
 makeDesktopItem {
   name = "firefox";
   desktopName = "firefox";
@@ -6,6 +6,6 @@ makeDesktopItem {
   terminal = false;
   icon = "firefox";
   type = "Application";
-  categories = ["Network"];
+  categories = [ "Network" ];
   comment = "firefox boxed";
 }

hardening/nixpaks/firefox.nix

@@ -10,74 +10,79 @@
   ...
 }:
 mkNixPak {
-  config = {
+  config =
-    config,
+    {
-    sloth,
+      config,
-    ...
+      sloth,
-  }: {
+      ...
-    app = {
+    }:
-      package = pkgs.firefox-wayland;
+    {
-      binPath = "bin/firefox";
+      app = {
-    };
+        package = pkgs.firefox-wayland;
-    flatpak.appId = "org.mozilla.firefox";
+        binPath = "bin/firefox";
+      };
+      flatpak.appId = "org.mozilla.firefox";
 
-    imports = [
+      imports = [
-      ./modules/gui-base.nix
+        ./modules/gui-base.nix
-      ./modules/network.nix
+        ./modules/network.nix
-    ];
-
-    # list all dbus services:
-    #   ls -al /run/current-system/sw/share/dbus-1/services/
-    #   ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/
-    dbus.policies = {
-      "org.mozilla.firefox.*" = "own"; # firefox
-      "org.mozilla.firefox_beta.*" = "own"; # firefox beta
-      "org.mpris.MediaPlayer2.firefox.*" = "own";
-      "org.freedesktop.NetworkManager" = "talk";
-
-      "org.gnome.Shell.Screencast" = "talk";
-      # System tray icon
-      "org.freedesktop.Notifications" = "talk";
-      "org.kde.StatusNotifierWatcher" = "talk";
-      # File Manager
-      "org.freedesktop.FileManager1" = "talk";
-      # Uses legacy StatusNotifier implementation
-      "org.kde.*" = "own";
-    };
-
-    bubblewrap = {
-      # To trace all the home files QQ accesses, you can use the following nushell command:
-      #   just trace-access firefox
-      # See the Justfile in the root of this repository for more information.
-      bind.rw = [
-        # given the read write permission to the following directories.
-        # NOTE: sloth.mkdir is used to create the directory if it does not exist!
-        (sloth.mkdir (sloth.concat' sloth.homeDir "/.mozilla"))
-
-        sloth.xdgDocumentsDir
-        sloth.xdgDownloadDir
-        sloth.xdgMusicDir
-        sloth.xdgVideosDir
-      ];
-      bind.ro = [
-        "/sys/bus/pci"
-        ["${config.app.package}/lib/firefox" "/app/etc/firefox"]
-
-        # ================ for browserpass extension ===============================
-        "/etc/gnupg"
-        (sloth.concat' sloth.homeDir "/.gnupg") # gpg's config
-        (sloth.concat' sloth.homeDir "/.local/share/password-store") # my secrets
-        (sloth.concat' sloth.runtimeDir "/gnupg") # for access gpg-agent socket
-
-        # Unsure
-        (sloth.concat' sloth.xdgConfigHome "/dconf")
       ];
 
-      sockets = {
+      # list all dbus services:
-        x11 = false;
+      #   ls -al /run/current-system/sw/share/dbus-1/services/
-        wayland = true;
+      #   ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/
-        pipewire = true;
+      dbus.policies = {
+        "org.mozilla.firefox.*" = "own"; # firefox
+        "org.mozilla.firefox_beta.*" = "own"; # firefox beta
+        "org.mpris.MediaPlayer2.firefox.*" = "own";
+        "org.freedesktop.NetworkManager" = "talk";
+
+        "org.gnome.Shell.Screencast" = "talk";
+        # System tray icon
+        "org.freedesktop.Notifications" = "talk";
+        "org.kde.StatusNotifierWatcher" = "talk";
+        # File Manager
+        "org.freedesktop.FileManager1" = "talk";
+        # Uses legacy StatusNotifier implementation
+        "org.kde.*" = "own";
+      };
+
+      bubblewrap = {
+        # To trace all the home files QQ accesses, you can use the following nushell command:
+        #   just trace-access firefox
+        # See the Justfile in the root of this repository for more information.
+        bind.rw = [
+          # given the read write permission to the following directories.
+          # NOTE: sloth.mkdir is used to create the directory if it does not exist!
+          (sloth.mkdir (sloth.concat' sloth.homeDir "/.mozilla"))
+
+          sloth.xdgDocumentsDir
+          sloth.xdgDownloadDir
+          sloth.xdgMusicDir
+          sloth.xdgVideosDir
+        ];
+        bind.ro = [
+          "/sys/bus/pci"
+          [
+            "${config.app.package}/lib/firefox"
+            "/app/etc/firefox"
+          ]
+
+          # ================ for browserpass extension ===============================
+          "/etc/gnupg"
+          (sloth.concat' sloth.homeDir "/.gnupg") # gpg's config
+          (sloth.concat' sloth.homeDir "/.local/share/password-store") # my secrets
+          (sloth.concat' sloth.runtimeDir "/gnupg") # for access gpg-agent socket
+
+          # Unsure
+          (sloth.concat' sloth.xdgConfigHome "/dconf")
+        ];
+
+        sockets = {
+          x11 = false;
+          wayland = true;
+          pipewire = true;
+        };
       };
     };
-  };
 }

hardening/nixpaks/modules/gui-base.nix

@@ -5,12 +5,14 @@
   pkgs,
   sloth,
   ...
-}: let
+}:
+let
   envSuffix = envKey: suffix: sloth.concat' (sloth.env envKey) suffix;
   # cursor & icon's theme should be the same as the host's one.
   cursorTheme = pkgs.bibata-cursors;
   iconTheme = pkgs.papirus-icon-theme;
-in {
+in
+{
   config = {
     dbus.policies = {
       "${config.flatpak.appId}" = "own";
@@ -89,15 +91,19 @@ in {
       ];
 
       env = {
-        XDG_DATA_DIRS = lib.mkForce (lib.makeSearchPath "share" [
+        XDG_DATA_DIRS = lib.mkForce (
-          iconTheme
+          lib.makeSearchPath "share" [
-          cursorTheme
+            iconTheme
-          pkgs.shared-mime-info
+            cursorTheme
-        ]);
+            pkgs.shared-mime-info
-        XCURSOR_PATH = lib.mkForce (lib.concatStringsSep ":" [
+          ]
-          "${cursorTheme}/share/icons"
+        );
-          "${cursorTheme}/share/pixmaps"
+        XCURSOR_PATH = lib.mkForce (
-        ]);
+          lib.concatStringsSep ":" [
+            "${cursorTheme}/share/icons"
+            "${cursorTheme}/share/pixmaps"
+          ]
+        );
       };
     };
   };

hardening/nixpaks/modules/network.nix

@@ -2,7 +2,7 @@
 {
   etc.sslCertificates.enable = true;
   bubblewrap = {
-    bind.ro = ["/etc/resolv.conf"];
+    bind.ro = [ "/etc/resolv.conf" ];
     network = true;
   };
 }

hardening/nixpaks/qq-desktop-item.nix

@@ -12,6 +12,6 @@ makeDesktopItem {
   #   tree $"($p)/share/icons"
   icon = "${qq}/share/icons/hicolor/512x512/apps/qq.png";
   type = "Application";
-  categories = ["Network"];
+  categories = [ "Network" ];
   comment = "QQ boxed";
 }

hardening/nixpaks/qq.nix

@@ -10,53 +10,60 @@
   ...
 }:
 mkNixPak {
-  config = {sloth, ...}: {
+  config =
-    app = {
+    { sloth, ... }:
-      package = pkgs.qq.override {
+    {
-        # fix fcitx5 input method
+      app = {
-        commandLineArgs = lib.concatStringsSep " " ["--enable-wayland-ime"];
+        package = pkgs.qq.override {
+          # fix fcitx5 input method
+          commandLineArgs = lib.concatStringsSep " " [ "--enable-wayland-ime" ];
+        };
+        binPath = "bin/qq";
       };
-      binPath = "bin/qq";
+      flatpak.appId = "com.tencent.qq";
-    };
-    flatpak.appId = "com.tencent.qq";
 
-    imports = [
+      imports = [
-      ./modules/gui-base.nix
+        ./modules/gui-base.nix
-      ./modules/network.nix
+        ./modules/network.nix
-    ];
-
-    # list all dbus services:
-    #   ls -al /run/current-system/sw/share/dbus-1/services/
-    #   ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/
-    dbus.policies = {
-      "org.gnome.Shell.Screencast" = "talk";
-      # System tray icon
-      "org.freedesktop.Notifications" = "talk";
-      "org.kde.StatusNotifierWatcher" = "talk";
-      # File Manager
-      "org.freedesktop.FileManager1" = "talk";
-      # Uses legacy StatusNotifier implementation
-      "org.kde.*" = "own";
-    };
-    bubblewrap = {
-      # To trace all the home files QQ accesses, you can use the following nushell command:
-      #   just trace-access qq
-      # See the Justfile in the root of this repository for more information.
-      bind.rw = [
-        # given the read write permission to the following directories.
-        # NOTE: sloth.mkdir is used to create the directory if it does not exist!
-        (sloth.mkdir (sloth.concat [sloth.xdgConfigHome "/QQ"]))
-
-        sloth.xdgDocumentsDir
-        sloth.xdgDownloadDir
-        sloth.xdgMusicDir
-        sloth.xdgVideosDir
       ];
-      sockets = {
+
-        x11 = false;
+      # list all dbus services:
-        wayland = true;
+      #   ls -al /run/current-system/sw/share/dbus-1/services/
-        pipewire = true;
+      #   ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/
+      dbus.policies = {
+        "org.gnome.Shell.Screencast" = "talk";
+        # System tray icon
+        "org.freedesktop.Notifications" = "talk";
+        "org.kde.StatusNotifierWatcher" = "talk";
+        # File Manager
+        "org.freedesktop.FileManager1" = "talk";
+        # Uses legacy StatusNotifier implementation
+        "org.kde.*" = "own";
+      };
+      bubblewrap = {
+        # To trace all the home files QQ accesses, you can use the following nushell command:
+        #   just trace-access qq
+        # See the Justfile in the root of this repository for more information.
+        bind.rw = [
+          # given the read write permission to the following directories.
+          # NOTE: sloth.mkdir is used to create the directory if it does not exist!
+          (sloth.mkdir (
+            sloth.concat [
+              sloth.xdgConfigHome
+              "/QQ"
+            ]
+          ))
+
+          sloth.xdgDocumentsDir
+          sloth.xdgDownloadDir
+          sloth.xdgMusicDir
+          sloth.xdgVideosDir
+        ];
+        sockets = {
+          x11 = false;
+          wayland = true;
+          pipewire = true;
+        };
       };
     };
-  };
 }

hardening/profiles/default.nix

@@ -1,4 +1,5 @@
-{modulesPath, ...}: {
+{ modulesPath, ... }:
+{
   imports = [
     (modulesPath + "/profiles/hardened.nix")
   ];

home/base/core/core.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   home.packages = with pkgs; [
     # Misc
     cowsay
@@ -12,7 +13,7 @@
     # search for files by name, faster than find
     fd
     # search for files by its content, replacement of grep
-    (ripgrep.override {withPCRE2 = true;})
+    (ripgrep.override { withPCRE2 = true; })
 
     # A fast and polyglot tool for code searching, linting, rewriting at large scale
     # supported languages: only some mainstream languages currently(do not support nix/nginx/yaml/toml/...)

home/base/core/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/base/core/editors/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/base/core/editors/helix/default.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   programs.helix = {
     enable = true;
   };

home/base/core/editors/neovim/default.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   programs = {
     neovim = {
       enable = true;

home/base/core/git.nix

@@ -4,12 +4,13 @@
   pkgs,
   myvars,
   ...
-}: {
+}:
+{
   # `programs.git` will generate the config file: ~/.config/git/config
   # to make git use this config file, `~/.gitconfig` should not exist!
   #
   #    https://git-scm.com/docs/git-config#Documentation/git-config.txt---global
-  home.activation.removeExistingGitconfig = lib.hm.dag.entryBefore ["checkLinkTargets"] ''
+  home.activation.removeExistingGitconfig = lib.hm.dag.entryBefore [ "checkLinkTargets" ] ''
     rm -f ${config.home.homeDirectory}/.gitconfig
   '';
 

home/base/core/npm.nix

@@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
   # make `npm install -g <pkg>` happey
   #
   # mainly used to install npm packages that updates frequently

home/base/core/shells/default.nix

@@ -1,4 +1,5 @@
-{config, ...}: let
+{ config, ... }:
+let
   shellAliases = {
     k = "kubectl";
 
@@ -10,7 +11,8 @@
   goBin = "${config.home.homeDirectory}/go/bin";
   rustBin = "${config.home.homeDirectory}/.cargo/bin";
   npmBin = "${config.home.homeDirectory}/.npm/bin";
-in {
+in
+{
   programs.bash = {
     enable = true;
     enableCompletion = true;

home/base/core/theme.nix

@@ -1,4 +1,5 @@
-{catppuccin, ...}: {
+{ catppuccin, ... }:
+{
   # https://github.com/catppuccin/nix
   imports = [
     catppuccin.homeModules.catppuccin

home/base/core/yazi.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   # terminal file manager
   programs.yazi = {
     enable = true;

home/base/core/zellij/default.nix

@@ -2,7 +2,8 @@ let
   shellAliases = {
     "zj" = "zellij";
   };
-in {
+in
+{
   programs.zellij = {
     enable = true;
   };

home/base/gui/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/base/gui/dev-tools.nix

@@ -1,5 +1,7 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
-  home.packages = with pkgs;
+{
+  home.packages =
+    with pkgs;
     [
       mitmproxy # http/https proxy tool
       wireshark # network analyzer

home/base/gui/terminal/alacritty/default.nix

@@ -52,10 +52,7 @@
         bold_italic = {
           family = "Maple Mono NF CN";
         };
-        size =
+        size = if pkgs.stdenv.isDarwin then 14 else 13;
-          if pkgs.stdenv.isDarwin
-          then 14
-          else 13;
       };
       terminal = {
         # Spawn a nushell in login mode via `bash`

home/base/gui/terminal/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/base/gui/terminal/foot.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   programs.foot = {
     # foot is designed only for Linux
     enable = pkgs.stdenv.isLinux;

home/base/gui/terminal/ghostty.nix

@@ -12,9 +12,10 @@
   programs.ghostty = {
     enable = true;
     package =
-      if pkgs.stdenv.isDarwin
+      if pkgs.stdenv.isDarwin then
-      then pkgs.hello # pkgs.ghostty is currently broken on darwin
+        pkgs.hello # pkgs.ghostty is currently broken on darwin
-      else pkgs.ghostty; # the stable version
+      else
+        pkgs.ghostty; # the stable version
     # package = ghostty.packages.${pkgs.system}.default; # the latest version
     enableBashIntegration = false;
     installBatSyntax = false;

home/base/gui/terminal/kitty.nix

@@ -19,10 +19,7 @@
     font = {
       name = "Maple Mono NF CN";
       # use different font size on macOS
-      size =
+      size = if pkgs.stdenv.isDarwin then 14 else 13;
-        if pkgs.stdenv.isDarwin
-        then 14
-        else 13;
     };
 
     # consistent with other terminal emulators
@@ -48,6 +45,6 @@
     };
 
     # macOS specific settings
-    darwinLaunchOptions = ["--start-as=maximized"];
+    darwinLaunchOptions = [ "--start-as=maximized" ];
   };
 }

home/base/home.nix

@@ -1,4 +1,5 @@
-{myvars, ...}: {
+{ myvars, ... }:
+{
   # Home Manager needs a bit of information about you and the
   # paths it should manage.
   home = {

home/base/tui/cloud/default.nix

@@ -2,7 +2,8 @@
   lib,
   pkgs,
   ...
-}: {
+}:
+{
   # https://developer.hashicorp.com/terraform/cli/config/config-file
   home.file.".terraformrc".source = ./terraformrc;
 
@@ -30,9 +31,12 @@
     # digitalocean
     doctl
     # google cloud
-    (google-cloud-sdk.withExtraComponents (with google-cloud-sdk.components; [
+    (google-cloud-sdk.withExtraComponents (
-      gke-gcloud-auth-plugin
+      with google-cloud-sdk.components;
-    ]))
+      [
+        gke-gcloud-auth-plugin
+      ]
+    ))
 
     # cloud tools that nix do not have cache for.
     terraform

home/base/tui/container.nix

@@ -3,7 +3,8 @@
   pkgs-unstable,
   nur-ryan4yin,
   ...
-}: {
+}:
+{
   home.packages = with pkgs; [
     podman-compose
     dive # explore docker layers

home/base/tui/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/base/tui/dev-tools.nix

@@ -2,7 +2,8 @@
   pkgs,
   pkgs-unstable,
   ...
-}: {
+}:
+{
   #############################################################
   #
   #  Basic settings for development environment

home/base/tui/editors/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/base/tui/editors/helix/default.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   programs.helix = {
     enable = true;
     package = pkgs.helix;

home/base/tui/editors/neovim/default.nix

@@ -18,7 +18,8 @@ let
   # the path to nvim directory
   # to make this symlink work, we need to git clone this repo to your home directory.
   configPath = "${config.home.homeDirectory}/nix-config/home/base/tui/editors/neovim/nvim";
-in {
+in
+{
   xdg.configFile."nvim".source = config.lib.file.mkOutOfStoreSymlink configPath;
   # Disable catppuccin to avoid conflict with my non-nix config.
   catppuccin.nvim.enable = false;

home/base/tui/editors/packages.nix

@@ -2,153 +2,155 @@
   pkgs,
   pkgs-unstable,
   ...
-}: {
+}:
-  home.packages = with pkgs; (
+{
-    # -*- Data & Configuration Languages -*-#
+  home.packages =
-    [
+    with pkgs;
-      #-- nix
+    (
-      nil
+      # -*- Data & Configuration Languages -*-#
-      nixd
+      [
-      statix # Lints and suggestions for the nix programming language
+        #-- nix
-      deadnix # Find and remove unused code in .nix source files
+        nil
-      nixfmt # Nix Code Formatter
+        nixd
+        statix # Lints and suggestions for the nix programming language
+        deadnix # Find and remove unused code in .nix source files
+        nixfmt # Nix Code Formatter
 
-      #-- nickel lang
+        #-- nickel lang
-      nickel
+        nickel
 
-      #-- json like
+        #-- json like
-      # terraform  # install via brew on macOS
+        # terraform  # install via brew on macOS
-      terraform-ls
+        terraform-ls
-      jsonnet
+        jsonnet
-      jsonnet-language-server
+        jsonnet-language-server
-      taplo # TOML language server / formatter / validator
+        taplo # TOML language server / formatter / validator
-      nodePackages.yaml-language-server
+        nodePackages.yaml-language-server
-      actionlint # GitHub Actions linter
+        actionlint # GitHub Actions linter
 
-      #-- dockerfile
+        #-- dockerfile
-      hadolint # Dockerfile linter
+        hadolint # Dockerfile linter
-      nodePackages.dockerfile-language-server-nodejs
+        nodePackages.dockerfile-language-server-nodejs
 
-      #-- markdown
+        #-- markdown
-      marksman # language server for markdown
+        marksman # language server for markdown
-      glow # markdown previewer
+        glow # markdown previewer
-      pandoc # document converter
+        pandoc # document converter
-      pkgs-unstable.hugo # static site generator
+        pkgs-unstable.hugo # static site generator
 
-      #-- sql
+        #-- sql
-      sqlfluff
+        sqlfluff
 
-      #-- protocol buffer
+        #-- protocol buffer
-      buf # linting and formatting
+        buf # linting and formatting
-    ]
+      ]
-    ++
+      ++
-    #-*- General Purpose Languages -*-#
+        #-*- General Purpose Languages -*-#
-    [
+        [
-      #-- c/c++
+          #-- c/c++
-      cmake
+          cmake
-      cmake-language-server
+          cmake-language-server
-      gnumake
+          gnumake
-      checkmake
+          checkmake
-      # c/c++ compiler, required by nvim-treesitter!
+          # c/c++ compiler, required by nvim-treesitter!
-      gcc
+          gcc
-      gdb
+          gdb
-      # c/c++ tools with clang-tools, the unwrapped version won't
+          # c/c++ tools with clang-tools, the unwrapped version won't
-      # add alias like `cc` and `c++`, so that it won't conflict with gcc
+          # add alias like `cc` and `c++`, so that it won't conflict with gcc
-      # llvmPackages.clang-unwrapped
+          # llvmPackages.clang-unwrapped
-      clang-tools
+          clang-tools
-      lldb
+          lldb
-      vscode-extensions.vadimcn.vscode-lldb.adapter # codelldb - debugger
+          vscode-extensions.vadimcn.vscode-lldb.adapter # codelldb - debugger
 
-      #-- python
+          #-- python
-      pipx # Install and Run Python Applications in Isolated Environments
+          pipx # Install and Run Python Applications in Isolated Environments
-      uv # python project package manager
+          uv # python project package manager
-      pyright # python language server
+          pyright # python language server
-      (python313.withPackages (
+          (python313.withPackages (
-        ps:
+            ps: with ps; [
-          with ps; [
+              ruff
-            ruff
+              black # python formatter
-            black # python formatter
+              # debugpy
-            # debugpy
 
-            # my commonly used python packages
+              # my commonly used python packages
-            jupyter
+              jupyter
-            ipython
+              ipython
-            pandas
+              pandas
-            requests
+              requests
-            pyquery
+              pyquery
-            pyyaml
+              pyyaml
-            boto3
+              boto3
-          ]
+            ]
-      ))
+          ))
 
-      #-- rust
+          #-- rust
-      # we'd better use the rust-overlays for rust development
+          # we'd better use the rust-overlays for rust development
-      pkgs-unstable.rustc
+          pkgs-unstable.rustc
-      pkgs-unstable.rust-analyzer
+          pkgs-unstable.rust-analyzer
-      pkgs-unstable.cargo # rust package manager
+          pkgs-unstable.cargo # rust package manager
-      pkgs-unstable.rustfmt
+          pkgs-unstable.rustfmt
-      pkgs-unstable.clippy # rust linter
+          pkgs-unstable.clippy # rust linter
 
-      #-- golang
+          #-- golang
-      go
+          go
-      gomodifytags
+          gomodifytags
-      iferr # generate error handling code for go
+          iferr # generate error handling code for go
-      impl # generate function implementation for go
+          impl # generate function implementation for go
-      gotools # contains tools like: godoc, goimports, etc.
+          gotools # contains tools like: godoc, goimports, etc.
-      gopls # go language server
+          gopls # go language server
-      delve # go debugger
+          delve # go debugger
 
-      # -- java
+          # -- java
-      jdk17
+          jdk17
-      gradle
+          gradle
-      maven
+          maven
-      spring-boot-cli
+          spring-boot-cli
-      jdt-language-server
+          jdt-language-server
 
-      #-- zig
+          #-- zig
-      zls
+          zls
 
-      #-- lua
+          #-- lua
-      stylua
+          stylua
-      lua-language-server
+          lua-language-server
 
-      #-- bash
+          #-- bash
-      nodePackages.bash-language-server
+          nodePackages.bash-language-server
-      shellcheck
+          shellcheck
-      shfmt
+          shfmt
-    ]
+        ]
-    #-*- Web Development -*-#
+      #-*- Web Development -*-#
-    ++ [
+      ++ [
-      nodePackages.nodejs
+        nodePackages.nodejs
-      nodePackages.typescript
+        nodePackages.typescript
-      nodePackages.typescript-language-server
+        nodePackages.typescript-language-server
-      # HTML/CSS/JSON/ESLint language servers extracted from vscode
+        # HTML/CSS/JSON/ESLint language servers extracted from vscode
-      nodePackages.vscode-langservers-extracted
+        nodePackages.vscode-langservers-extracted
-      nodePackages."@tailwindcss/language-server"
+        nodePackages."@tailwindcss/language-server"
-      emmet-ls
+        emmet-ls
-    ]
+      ]
-    # -*- Lisp like Languages -*-#
+      # -*- Lisp like Languages -*-#
-    # ++ [
+      # ++ [
-    #   guile
+      #   guile
-    #   racket-minimal
+      #   racket-minimal
-    #   fnlfmt # fennel
+      #   fnlfmt # fennel
-    #   (
+      #   (
-    #     if pkgs.stdenv.isLinux && pkgs.stdenv.isx86
+      #     if pkgs.stdenv.isLinux && pkgs.stdenv.isx86
-    #     then pkgs-unstable.akkuPackages.scheme-langserver
+      #     then pkgs-unstable.akkuPackages.scheme-langserver
-    #     else pkgs.emptyDirectory
+      #     else pkgs.emptyDirectory
-    #   )
+      #   )
-    # ]
+      # ]
-    ++ [
+      ++ [
-      proselint # English prose linter
+        proselint # English prose linter
 
-      #-- verilog / systemverilog
+        #-- verilog / systemverilog
-      verible
+        verible
 
-      #-- Optional Requirements:
+        #-- Optional Requirements:
-      nodePackages.prettier # common code formatter
+        nodePackages.prettier # common code formatter
-      fzf
+        fzf
-      gdu # disk usage analyzer, required by AstroNvim
+        gdu # disk usage analyzer, required by AstroNvim
-      (ripgrep.override {withPCRE2 = true;}) # recursively searches directories for a regex pattern
+        (ripgrep.override { withPCRE2 = true; }) # recursively searches directories for a regex pattern
-    ]
+      ]
-  );
+    );
 }

home/base/tui/encryption/default.nix

@@ -2,7 +2,8 @@
   pkgs,
   pkgs-unstable,
   ...
-}: {
+}:
+{
   home.packages = with pkgs; [
     age
     sops

home/base/tui/gpg/default.nix

@@ -2,7 +2,8 @@
   config,
   mysecrets,
   ...
-}: {
+}:
+{
   programs.gpg = {
     enable = true;
     homedir = "${config.home.homeDirectory}/.gnupg";

home/base/tui/password-store/default.nix

@@ -3,9 +3,11 @@
   config,
   lib,
   ...
-}: let
+}:
+let
   passwordStoreDir = "${config.xdg.dataHome}/password-store";
-in {
+in
+{
   programs.password-store = {
     enable = true;
     package = pkgs.pass.withExtensions (exts: [

home/base/tui/shell.nix

@@ -2,9 +2,11 @@
   config,
   pkgs-unstable,
   ...
-}: let
+}:
+let
   inherit (pkgs-unstable) nu_scripts;
-in {
+in
+{
   programs.nushell = {
     # load the alias file for work
     # the file must exist, otherwise nushell will complain about it!

home/base/tui/ssh.nix

@@ -2,7 +2,8 @@
   config,
   mysecrets,
   ...
-}: {
+}:
+{
   home.file.".ssh/romantic.pub".source = "${mysecrets}/public/romantic.pub";
 
   programs.ssh = {

home/base/tui/zellij/default.nix

@@ -1,8 +1,10 @@
-{pkgs, ...}: let
+{ pkgs, ... }:
+let
   shellAliases = {
     "zj" = "zellij";
   };
-in {
+in
+{
   programs.zellij = {
     enable = true;
     package = pkgs.zellij;

home/darwin/aerospace/default.nix

@@ -1,5 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
   home.file.".aerospace.toml".source =
-    config.lib.file.mkOutOfStoreSymlink
+    config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nix-config/home/darwin/aerospace/aerospace.toml";
-    "${config.home.homeDirectory}/nix-config/home/darwin/aerospace/aerospace.toml";
 }

home/darwin/default.nix

@@ -2,16 +2,15 @@
   mylib,
   myvars,
   ...
-}: {
+}:
+{
   home.homeDirectory = "/Users/${myvars.username}";
-  imports =
+  imports = (mylib.scanPaths ./.) ++ [
-    (mylib.scanPaths ./.)
+    ../base/core
-    ++ [
+    ../base/tui
-      ../base/core
+    ../base/gui
-      ../base/tui
+    ../base/home.nix
-      ../base/gui
+  ];
-      ../base/home.nix
-    ];
 
   # enable management of XDG base directories on macOS.
   xdg.enable = true;

home/darwin/proxy/default.nix

@@ -2,12 +2,12 @@
   config,
   pkgs,
   ...
-}: {
+}:
+{
   home.packages = with pkgs; [
     clash-meta
   ];
 
   home.file.".proxychains/proxychains.conf".source =
-    config.lib.file.mkOutOfStoreSymlink
+    config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nix-config/home/darwin/proxy/proxychains.conf";
-    "${config.home.homeDirectory}/nix-config/home/darwin/proxy/proxychains.conf";
 }

home/darwin/rime-squirrel.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   # Squirrel Input Method
   home.file."Library/Rime" = {
     # my custom squirrel data (flypy input method)

home/darwin/shell.nix

@@ -1,4 +1,5 @@
-{lib, ...}: let
+{ lib, ... }:
+let
   envExtra = ''
     export PATH="$PATH:/opt/homebrew/bin:/usr/local/bin"
   '';
@@ -20,7 +21,8 @@
       true
     fi
   '';
-in {
+in
+{
   # Homebrew's default install location:
   #   /opt/homebrew for Apple Silicon
   #   /usr/local for macOS Intel

home/linux/base/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/linux/base/shell.nix

@@ -2,11 +2,13 @@
   config,
   myvars,
   ...
-}: let
+}:
+let
   d = config.xdg.dataHome;
   c = config.xdg.configHome;
   cache = config.xdg.cacheHome;
-in rec {
+in
+rec {
   home.homeDirectory = "/home/${myvars.username}";
 
   # environment variables that always set at login

home/linux/base/tools.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   # Linux Only Packages, not available on Darwin
   home.packages = with pkgs; [
     # misc

home/linux/gui/base/creative.nix

@@ -6,8 +6,10 @@
   nur-ryan4yin,
   blender-bin,
   ...
-}: {
+}:
-  home.packages = with pkgs;
+{
+  home.packages =
+    with pkgs;
     [
       # creative
       # gimp      # image editing, I prefer using figma in browser instead of this one
@@ -41,7 +43,8 @@
     # live streaming
     obs-studio = {
       enable = pkgs.stdenv.isx86_64;
-      plugins = with pkgs.obs-studio-plugins;
+      plugins =
+        with pkgs.obs-studio-plugins;
         [
           # screen capture
           wlrobs

home/linux/gui/base/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/linux/gui/base/dev-tools.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   home.packages = with pkgs; [
     android-tools
   ];

home/linux/gui/base/eye-protection.nix

@@ -2,7 +2,8 @@
   pkgs,
   lib,
   ...
-}: {
+}:
+{
   # Adjust the color temperature(& brightness) of your screen according to
   # your surroundings. This may help your eyes hurt less if you are
   # working in front of the screen at night.

home/linux/gui/base/fcitx5/default.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   xdg.configFile = {
     "fcitx5/profile" = {
       source = ./profile;

home/linux/gui/base/games.nix

@@ -2,7 +2,8 @@
   pkgs,
   nix-gaming,
   ...
-}: {
+}:
+{
   home.packages = with pkgs; [
     # nix-gaming.packages.${pkgs.system}.osu-laser-bin
     gamescope # SteamOS session compositing window manager

home/linux/gui/base/gtk.nix

@@ -2,7 +2,8 @@
   pkgs,
   config,
   ...
-}: {
+}:
+{
   # If your themes for mouse cursor, icons or windows don’t load correctly,
   # try setting them with home.pointerCursor and gtk.theme,
   # which enable a bunch of compatibility options that should make the themes load in all situations.

home/linux/gui/base/immutable-file.nix

@@ -16,7 +16,8 @@
 #  TODO not used yet, need to test it.
 #
 ##############################################################################################
-with lib; let
+with lib;
+let
   cfg = config.home.immutable-file;
   immutableFileOpts = _: {
     options = {
@@ -42,24 +43,25 @@ with lib; let
     sudo cp $2 $1
     sudo chattr +i $1
   '';
-in {
+in
+{
   options.home.immutable-file = mkOption {
     type = with types; attrsOf (submodule immutableFileOpts);
-    default = {};
+    default = { };
   };
 
-  config = mkIf (cfg != {}) {
+  config = mkIf (cfg != { }) {
-    home.activation =
+    home.activation = mapAttrs' (
-      mapAttrs'
+      name:
-      (name: {
+      {
         src,
         dst,
       }:
-        nameValuePair
+      nameValuePair "make-immutable-${name}" (
-        "make-immutable-${name}"
+        lib.hm.dag.entryAfter [ "writeBoundary" ] ''
-        (lib.hm.dag.entryAfter ["writeBoundary"] ''
           ${mkImmutableFile} ${dst} ${src}
-        ''))
+        ''
-      cfg;
+      )
+    ) cfg;
   };
 }

home/linux/gui/base/media.nix

@@ -6,7 +6,8 @@
 }:
 # media - control and enjoy audio/video
 {
-  home.packages = with pkgs;
+  home.packages =
+    with pkgs;
     [
       # audio control
       pavucontrol
@@ -22,13 +23,13 @@
       nvitop
     ]
     ++ (lib.optionals pkgs.stdenv.isx86_64 [
-      (zoom-us.override {hyprlandXdgDesktopPortalSupport = true;})
+      (zoom-us.override { hyprlandXdgDesktopPortalSupport = true; })
     ]);
 
   programs.mpv = {
     enable = true;
-    defaultProfiles = ["gpu-hq"];
+    defaultProfiles = [ "gpu-hq" ];
-    scripts = [pkgs.mpvScripts.mpris];
+    scripts = [ pkgs.mpvScripts.mpris ];
   };
 
   services = {

home/linux/gui/base/misc.nix

@@ -2,7 +2,8 @@
   pkgs,
   pkgs-unstable,
   ...
-}: {
+}:
+{
   home.packages = with pkgs; [
     # GUI apps
     # e-book viewer(.epub/.mobi/...)

home/linux/gui/base/note-taking.nix

@@ -1,7 +1,10 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
-  home.packages = with pkgs; (lib.optionals pkgs.stdenv.isx86_64 [
+{
-    # https://joplinapp.org/help/
+  home.packages =
-    joplin # joplin-cli
+    with pkgs;
-    joplin-desktop
+    (lib.optionals pkgs.stdenv.isx86_64 [
-  ]);
+      # https://joplinapp.org/help/
+      joplin # joplin-cli
+      joplin-desktop
+    ]);
 }

home/linux/gui/base/wallpaper/default.nix

@@ -4,26 +4,37 @@
   lib,
   wallpapers,
   ...
-}: {
+}:
+{
   systemd.user.services.wallpaper = {
     Unit = {
       Description = "Wallpaper Switcher daemon";
-      After = ["graphical-session-pre.target" "xdg-desktop-autostart.target"];
+      After = [
-      Wants = ["graphical-session-pre.target"];
+        "graphical-session-pre.target"
+        "xdg-desktop-autostart.target"
+      ];
+      Wants = [ "graphical-session-pre.target" ];
     };
-    Install.WantedBy = ["graphical-session.target"];
+    Install.WantedBy = [ "graphical-session.target" ];
     Service = {
-      ExecStart = lib.getExe (pkgs.writeShellApplication {
+      ExecStart = lib.getExe (
-        name = "wallpaper";
+        pkgs.writeShellApplication {
-        runtimeInputs = with pkgs; [procps feh swaybg python3];
+          name = "wallpaper";
-        text = ''
+          runtimeInputs = with pkgs; [
-          export WALLPAPERS_DIR="${wallpapers}"
+            procps
-          export WALLPAPERS_STATE_FILEPATH="${config.xdg.stateHome}/wallpaper-switcher/switcher_state"
+            feh
-          export WALLPAPER_WAIT_MIN=60
+            swaybg
-          export WALLPAPER_WAIT_MAX=180
+            python3
-          exec ${./wallpaper-switcher.py}
+          ];
-        '';
+          text = ''
-      });
+            export WALLPAPERS_DIR="${wallpapers}"
+            export WALLPAPERS_STATE_FILEPATH="${config.xdg.stateHome}/wallpaper-switcher/switcher_state"
+            export WALLPAPER_WAIT_MIN=60
+            export WALLPAPER_WAIT_MAX=180
+            exec ${./wallpaper-switcher.py}
+          '';
+        }
+      );
       RestartSec = 3;
       Restart = "on-failure";
     };

home/linux/gui/base/xdg.nix

@@ -6,7 +6,8 @@
   config,
   pkgs,
   ...
-}: {
+}:
+{
   home.packages = with pkgs; [
     xdg-utils # provides cli tools such as `xdg-mime` `xdg-open`
     xdg-user-dirs
@@ -31,53 +32,63 @@
     mimeApps = {
       enable = true;
       # let `xdg-open` to open the url with the correct application.
-      defaultApplications = let
+      defaultApplications =
-        browser = ["google-chrome.desktop" "firefox.desktop"];
+        let
-        editor = ["nvim.desktop" "Helix.desktop" "code.desktop" "code-insiders.desktop"];
+          browser = [
-      in {
+            "google-chrome.desktop"
-        "application/json" = browser;
+            "firefox.desktop"
-        "application/pdf" = browser; # TODO: pdf viewer
+          ];
+          editor = [
+            "nvim.desktop"
+            "Helix.desktop"
+            "code.desktop"
+            "code-insiders.desktop"
+          ];
+        in
+        {
+          "application/json" = browser;
+          "application/pdf" = browser; # TODO: pdf viewer
 
-        "text/html" = browser;
+          "text/html" = browser;
-        "text/xml" = browser;
+          "text/xml" = browser;
-        "text/plain" = editor;
+          "text/plain" = editor;
-        "application/xml" = browser;
+          "application/xml" = browser;
-        "application/xhtml+xml" = browser;
+          "application/xhtml+xml" = browser;
-        "application/xhtml_xml" = browser;
+          "application/xhtml_xml" = browser;
-        "application/rdf+xml" = browser;
+          "application/rdf+xml" = browser;
-        "application/rss+xml" = browser;
+          "application/rss+xml" = browser;
-        "application/x-extension-htm" = browser;
+          "application/x-extension-htm" = browser;
-        "application/x-extension-html" = browser;
+          "application/x-extension-html" = browser;
-        "application/x-extension-shtml" = browser;
+          "application/x-extension-shtml" = browser;
-        "application/x-extension-xht" = browser;
+          "application/x-extension-xht" = browser;
-        "application/x-extension-xhtml" = browser;
+          "application/x-extension-xhtml" = browser;
-        "application/x-wine-extension-ini" = editor;
+          "application/x-wine-extension-ini" = editor;
 
-        # define default applications for some url schemes.
+          # define default applications for some url schemes.
-        "x-scheme-handler/about" = browser; # open `about:` url with `browser`
+          "x-scheme-handler/about" = browser; # open `about:` url with `browser`
-        "x-scheme-handler/ftp" = browser; # open `ftp:` url with `browser`
+          "x-scheme-handler/ftp" = browser; # open `ftp:` url with `browser`
-        "x-scheme-handler/http" = browser;
+          "x-scheme-handler/http" = browser;
-        "x-scheme-handler/https" = browser;
+          "x-scheme-handler/https" = browser;
-        # https://github.com/microsoft/vscode/issues/146408
+          # https://github.com/microsoft/vscode/issues/146408
-        "x-scheme-handler/vscode" = ["code-url-handler.desktop"]; # open `vscode://` url with `code-url-handler.desktop`
+          "x-scheme-handler/vscode" = [ "code-url-handler.desktop" ]; # open `vscode://` url with `code-url-handler.desktop`
-        "x-scheme-handler/vscode-insiders" = ["code-insiders-url-handler.desktop"]; # open `vscode-insiders://` url with `code-insiders-url-handler.desktop`
+          "x-scheme-handler/vscode-insiders" = [ "code-insiders-url-handler.desktop" ]; # open `vscode-insiders://` url with `code-insiders-url-handler.desktop`
-        "x-scheme-handler/zoommtg" = ["Zoom.desktop"];
+          "x-scheme-handler/zoommtg" = [ "Zoom.desktop" ];
 
-        # all other unknown schemes will be opened by this default application.
+          # all other unknown schemes will be opened by this default application.
-        # "x-scheme-handler/unknown" = editor;
+          # "x-scheme-handler/unknown" = editor;
 
-        "x-scheme-handler/tg" = ["org.telegram.desktop.desktop "];
+          "x-scheme-handler/tg" = [ "org.telegram.desktop.desktop " ];
 
-        "audio/*" = ["mpv.desktop"];
+          "audio/*" = [ "mpv.desktop" ];
-        "video/*" = ["mpv.desktop"];
+          "video/*" = [ "mpv.desktop" ];
-        "image/*" = ["imv-dir.desktop"];
+          "image/*" = [ "imv-dir.desktop" ];
-        "image/gif" = ["imv-dir.desktop"];
+          "image/gif" = [ "imv-dir.desktop" ];
-        "image/jpeg" = ["imv-dir.desktop"];
+          "image/jpeg" = [ "imv-dir.desktop" ];
-        "image/png" = ["imv-dir.desktop"];
+          "image/png" = [ "imv-dir.desktop" ];
-        "image/webp" = ["imv-dir.desktop"];
+          "image/webp" = [ "imv-dir.desktop" ];
 
-        "inode/directory" = ["yazi.desktop"];
+          "inode/directory" = [ "yazi.desktop" ];
-      };
+        };
 
       associations.removed = {
         # ......

home/linux/gui/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/linux/gui/editors/default.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   home.packages = with pkgs; [
     zed-editor
     code-cursor

home/linux/gui/hyprland/default.nix

@@ -4,10 +4,12 @@
   lib,
   anyrun,
   ...
-} @ args:
+}@args:
-with lib; let
+with lib;
+let
   cfg = config.modules.desktop.hyprland;
-in {
+in
+{
   imports = [
     # anyrun.homeManagerModules.default # the module is already in hm now.
     ./options
@@ -16,32 +18,36 @@ in {
   options.modules.desktop.hyprland = {
     enable = mkEnableOption "hyprland compositor";
     settings = lib.mkOption {
-      type = with lib.types; let
+      type =
-        valueType =
+        with lib.types;
-          nullOr (oneOf [
+        let
-            bool
+          valueType =
-            int
+            nullOr (oneOf [
-            float
+              bool
-            str
+              int
-            path
+              float
-            (attrsOf valueType)
+              str
-            (listOf valueType)
+              path
-          ])
+              (attrsOf valueType)
-          // {
+              (listOf valueType)
-            description = "Hyprland configuration value";
+            ])
-          };
+            // {
-      in
+              description = "Hyprland configuration value";
+            };
+        in
         valueType;
-      default = {};
+      default = { };
     };
   };
 
   config = mkIf cfg.enable (
-    mkMerge ([
+    mkMerge (
+      [
         {
           wayland.windowManager.hyprland.settings = cfg.settings;
         }
       ]
-      ++ (import ./values args))
+      ++ (import ./values args)
+    )
   );
 }

home/linux/gui/hyprland/options/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

home/linux/gui/hyprland/options/nvidia.nix

@@ -3,9 +3,11 @@
   lib,
   ...
 }:
-with lib; let
+with lib;
+let
   cfg = config.modules.desktop.hyprland;
-in {
+in
+{
   options.modules.desktop.hyprland = {
     nvidia = mkEnableOption "whether nvidia GPU is used";
   };

home/linux/gui/hyprland/values/anyrun.nix

@@ -2,7 +2,8 @@
   pkgs,
   anyrun,
   ...
-}: {
+}:
+{
   programs.anyrun = {
     enable = true;
     config = {

home/linux/gui/hyprland/values/default.nix

@@ -1,4 +1 @@
-{mylib, ...} @ args:
+{ mylib, ... }@args: map (path: import path args) (mylib.scanPaths ./.)
-map
-(path: import path args)
-(mylib.scanPaths ./.)

home/linux/gui/hyprland/values/hyprland.nix

@@ -2,19 +2,23 @@
   pkgs,
   config,
   ...
-}: let
+}:
+let
   package = pkgs.hyprland;
-in {
+in
-  xdg.configFile = let
+{
-    mkSymlink = config.lib.file.mkOutOfStoreSymlink;
+  xdg.configFile =
-    hyprPath = "${config.home.homeDirectory}/nix-config/home/linux/gui/hyprland/conf";
+    let
-  in {
+      mkSymlink = config.lib.file.mkOutOfStoreSymlink;
-    "mako".source = mkSymlink "${hyprPath}/mako";
+      hyprPath = "${config.home.homeDirectory}/nix-config/home/linux/gui/hyprland/conf";
-    "waybar".source = mkSymlink "${hyprPath}/waybar";
+    in
-    "wlogout".source = mkSymlink "${hyprPath}/wlogout";
+    {
-    "hypr/hypridle.conf".source = mkSymlink "${hyprPath}/hypridle.conf";
+      "mako".source = mkSymlink "${hyprPath}/mako";
-    "hypr/configs".source = mkSymlink "${hyprPath}/configs";
+      "waybar".source = mkSymlink "${hyprPath}/waybar";
-  };
+      "wlogout".source = mkSymlink "${hyprPath}/wlogout";
+      "hypr/hypridle.conf".source = mkSymlink "${hyprPath}/hypridle.conf";
+      "hypr/configs".source = mkSymlink "${hyprPath}/configs";
+    };
 
   # status bar
   programs.waybar = {
@@ -46,15 +50,17 @@ in {
     inherit package;
     enable = true;
     settings = {
-      source = let
+      source =
-        configPath = "${config.home.homeDirectory}/.config/hypr/configs";
+        let
-      in [
+          configPath = "${config.home.homeDirectory}/.config/hypr/configs";
-        "${configPath}/exec.conf"
+        in
-        "${configPath}/fcitx5.conf"
+        [
-        "${configPath}/keybindings.conf"
+          "${configPath}/exec.conf"
-        "${configPath}/settings.conf"
+          "${configPath}/fcitx5.conf"
-        "${configPath}/windowrules.conf"
+          "${configPath}/keybindings.conf"
-      ];
+          "${configPath}/settings.conf"
+          "${configPath}/windowrules.conf"
+        ];
       env = [
         "NIXOS_OZONE_WL,1" # for any ozone-based browser & electron apps to run on wayland
         "MOZ_ENABLE_WAYLAND,1" # for firefox to run on wayland
@@ -71,7 +77,7 @@ in {
     # gammastep/wallpaper-switcher need this to be enabled.
     systemd = {
       enable = true;
-      variables = ["--all"];
+      variables = [ "--all" ];
     };
   };
 

home/linux/gui/hyprland/values/packages.nix

@@ -1,8 +1,8 @@
 {
   pkgs,
   ...
-}: {
+}:
-
+{
 
   home.packages = with pkgs; [
     swaybg # the wallpaper

home/linux/gui/hyprland/values/wayland-apps.nix

@@ -1,7 +1,8 @@
 {
   pkgs,
   ...
-}: {
+}:
+{
   home.packages = with pkgs; [
     # firefox-wayland
     nixpaks.firefox
@@ -31,25 +32,23 @@
 
     vscode = {
       enable = true;
-      package =
+      package = pkgs.vscode.override {
-        pkgs.vscode.override
+        isInsiders = false;
-        {
+        # https://wiki.archlinux.org/title/Wayland#Electron
-          isInsiders = false;
+        commandLineArgs = [
-          # https://wiki.archlinux.org/title/Wayland#Electron
+          "--ozone-platform-hint=auto"
-          commandLineArgs = [
+          "--ozone-platform=wayland"
-            "--ozone-platform-hint=auto"
+          # make it use GTK_IM_MODULE if it runs with Gtk4, so fcitx5 can work with it.
-            "--ozone-platform=wayland"
+          # (only supported by chromium/chrome at this time, not electron)
-            # make it use GTK_IM_MODULE if it runs with Gtk4, so fcitx5 can work with it.
+          "--gtk-version=4"
-            # (only supported by chromium/chrome at this time, not electron)
+          # make it use text-input-v1, which works for kwin 5.27 and weston
-            "--gtk-version=4"
+          "--enable-wayland-ime"
-            # make it use text-input-v1, which works for kwin 5.27 and weston
-            "--enable-wayland-ime"
 
-            # TODO: fix https://github.com/microsoft/vscode/issues/187436
+          # TODO: fix https://github.com/microsoft/vscode/issues/187436
-            # still not works...
+          # still not works...
-            "--password-store=gnome" # use gnome-keyring as password store
+          "--password-store=gnome" # use gnome-keyring as password store
-          ];
+        ];
-        };
+      };
     };
   };
 }

home/linux/gui/hyprland/values/xdg.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   xdg.portal = {
     enable = true;
 

hosts/12kingdoms-shoukei/hardware-configuration.nix

@@ -24,7 +24,10 @@ in
   boot.loader.efi.efiSysMountPoint = "/boot";
 
   # Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
-  boot.binfmt.emulatedSystems = ["x86_64-linux" "riscv64-linux"];
+  boot.binfmt.emulatedSystems = [
+    "x86_64-linux"
+    "riscv64-linux"
+  ];
   # supported file systems, so we can mount any removable disks with these filesystems
   boot.supportedFilesystems = lib.mkForce [
     "ext4"

hosts/darwin-fern/default.nix

@@ -6,7 +6,8 @@ _:
 #############################################################
 let
   hostname = "fern";
-in {
+in
+{
   networking.hostName = hostname;
   networking.computerName = hostname;
   system.defaults.smb.NetBIOSName = hostname;

hosts/darwin-fern/home.nix

@@ -1,5 +1,8 @@
-{config, ...}: let
+{ config, ... }:
+let
   hostName = "fern";
-in {
+in
-  programs.ssh.matchBlocks."github.com".identityFile = "${config.home.homeDirectory}/.ssh/${hostName}";
+{
+  programs.ssh.matchBlocks."github.com".identityFile =
+    "${config.home.homeDirectory}/.ssh/${hostName}";
 }

hosts/darwin-frieren/default.nix

@@ -6,7 +6,8 @@ _:
 #############################################################
 let
   hostname = "frieren";
-in {
+in
+{
   networking.hostName = hostname;
   networking.computerName = hostname;
   system.defaults.smb.NetBIOSName = hostname;

hosts/darwin-frieren/home.nix

@@ -1,5 +1,8 @@
-{config, ...}: let
+{ config, ... }:
+let
   hostName = "frieren";
-in {
+in
-  programs.ssh.matchBlocks."github.com".identityFile = "${config.home.homeDirectory}/.ssh/${hostName}";
+{
+  programs.ssh.matchBlocks."github.com".identityFile =
+    "${config.home.homeDirectory}/.ssh/${hostName}";
 }

hosts/idols-ai/ai/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

hosts/idols-ai/ai/ollama.nix

@@ -2,13 +2,15 @@
   pkgs,
   nixpkgs-ollama,
   ...
-}: let
+}:
+let
   pkgs-ollama = import nixpkgs-ollama {
     inherit (pkgs) system;
     # To use cuda, we need to allow the installation of non-free software
     config.allowUnfree = true;
   };
-in {
+in
+{
   services.ollama = rec {
     enable = true;
     package = pkgs-ollama.ollama;

hosts/idols-ai/default.nix

@@ -1,4 +1,4 @@
-{myvars, ...}:
+{ myvars, ... }:
 #############################################################
 #
 #  Ai - my main computer, with NixOS + I5-13600KF + RTX 4090 GPU, for gaming & daily use.
@@ -11,7 +11,8 @@ let
   inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4 ipv6;
   ipv4WithMask = "${ipv4}/24";
   ipv6WithMask = "${ipv6}/64";
-in {
+in
+{
   imports = [
     ./netdev-mount.nix
     # Include the results of the hardware scan.
@@ -35,9 +36,12 @@ in {
   systemd.network.enable = true;
 
   systemd.network.networks."10-${iface}" = {
-    matchConfig.Name = [iface];
+    matchConfig.Name = [ iface ];
     networkConfig = {
-      Address = [ipv4WithMask ipv6WithMask];
+      Address = [
+        ipv4WithMask
+        ipv6WithMask
+      ];
       DNS = nameservers;
       DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA.
       IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC)

hosts/idols-ai/game/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

hosts/idols-ai/game/gamemode.nix

@@ -5,7 +5,8 @@
   nix-gaming,
   lib,
   ...
-}: let
+}:
+let
   programs = lib.makeBinPath [
     config.programs.hyprland.package
     pkgs.coreutils
@@ -25,7 +26,8 @@
     hyprctl --batch 'keyword decoration:blur 1 ; keyword animations:enabled 1 ; keyword misc:vfr 1'
     powerprofilesctl set power-saver
   '';
-in {
+in
+{
   # Optimise Linux system performance on demand
   # https://github.com/FeralInteractive/GameMode
   # https://wiki.archlinux.org/title/Gamemode

hosts/idols-ai/game/steam.nix

@@ -1,5 +1,6 @@
 # https://github.com/fufexan/dotfiles/blob/483680e/system/programs/steam.nix
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   # https://wiki.archlinux.org/title/steam
   # Games installed by Steam works fine on NixOS, no other configuration needed.
   programs.steam = {
@@ -15,8 +16,8 @@
 
     # fix gamescope inside steam
     package = pkgs.steam.override {
-      extraPkgs = pkgs:
+      extraPkgs =
-        with pkgs; [
+        pkgs: with pkgs; [
           xorg.libXcursor
           xorg.libXi
           xorg.libXinerama

hosts/idols-ai/hardware-configuration.nix

@@ -7,7 +7,8 @@
   pkgs,
   modulesPath,
   ...
-}: {
+}:
+{
   imports = [
     (modulesPath + "/installer/scan/not-detected.nix")
   ];
@@ -21,16 +22,26 @@
   boot.kernelPackages = pkgs.linuxPackages_latest;
   # boot.kernelPackages = pkgs.linuxPackages_xanmod_latest;
 
-  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
+  boot.initrd.availableKernelModules = [
-  boot.initrd.kernelModules = [];
+    "xhci_pci"
-  boot.kernelModules = ["kvm-intel"]; # kvm virtualization support
+    "ahci"
+    "nvme"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ]; # kvm virtualization support
   boot.extraModprobeConfig = "options kvm_intel nested=1"; # for intel cpu
-  boot.extraModulePackages = [];
+  boot.extraModulePackages = [ ];
   # clear /tmp on boot to get a stateless /tmp directory.
   boot.tmp.cleanOnBoot = true;
 
   # Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
-  boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
+  boot.binfmt.emulatedSystems = [
+    "aarch64-linux"
+    "riscv64-linux"
+  ];
   # supported file systems, so we can mount any removable disks with these filesystems
   boot.supportedFilesystems = [
     "ext4"
@@ -67,7 +78,7 @@
     fsType = "btrfs";
     # btrfs's top-level subvolume, internally has an id 5
     # we can access all other subvolumes from this subvolume.
-    options = ["subvolid=5"];
+    options = [ "subvolid=5" ];
   };
 
   # equal to `mount -t tmpfs tmpfs /`
@@ -76,26 +87,40 @@
     fsType = "tmpfs";
     # set mode to 755, otherwise systemd will set it to 777, which cause problems.
     # relatime: Update inode access times relative to modify or change time.
-    options = ["relatime" "mode=755"];
+    options = [
+      "relatime"
+      "mode=755"
+    ];
   };
 
   fileSystems."/nix" = {
     device = "/dev/disk/by-uuid/1167076c-dee1-486c-83c1-4b1af37555cd";
     fsType = "btrfs";
-    options = ["subvol=@nix" "noatime" "compress-force=zstd:1"];
+    options = [
+      "subvol=@nix"
+      "noatime"
+      "compress-force=zstd:1"
+    ];
   };
 
   # for guix store, which use `/gnu/store` as its store directory.
   fileSystems."/gnu" = {
     device = "/dev/disk/by-uuid/1167076c-dee1-486c-83c1-4b1af37555cd";
     fsType = "btrfs";
-    options = ["subvol=@guix" "noatime" "compress-force=zstd:1"];
+    options = [
+      "subvol=@guix"
+      "noatime"
+      "compress-force=zstd:1"
+    ];
   };
 
   fileSystems."/persistent" = {
     device = "/dev/disk/by-uuid/1167076c-dee1-486c-83c1-4b1af37555cd";
     fsType = "btrfs";
-    options = ["subvol=@persistent" "compress-force=zstd:1"];
+    options = [
+      "subvol=@persistent"
+      "compress-force=zstd:1"
+    ];
     # preservation's data is required for booting.
     neededForBoot = true;
   };
@@ -103,30 +128,42 @@
   fileSystems."/snapshots" = {
     device = "/dev/disk/by-uuid/1167076c-dee1-486c-83c1-4b1af37555cd";
     fsType = "btrfs";
-    options = ["subvol=@snapshots" "compress-force=zstd:1"];
+    options = [
+      "subvol=@snapshots"
+      "compress-force=zstd:1"
+    ];
   };
 
   fileSystems."/tmp" = {
     device = "/dev/disk/by-uuid/1167076c-dee1-486c-83c1-4b1af37555cd";
     fsType = "btrfs";
-    options = ["subvol=@tmp" "compress-force=zstd:1"];
+    options = [
+      "subvol=@tmp"
+      "compress-force=zstd:1"
+    ];
   };
 
   # mount swap subvolume in readonly mode.
   fileSystems."/swap" = {
     device = "/dev/disk/by-uuid/1167076c-dee1-486c-83c1-4b1af37555cd";
     fsType = "btrfs";
-    options = ["subvol=@swap" "ro"];
+    options = [
+      "subvol=@swap"
+      "ro"
+    ];
   };
 
   # remount swapfile in read-write mode
   fileSystems."/swap/swapfile" = {
     # the swapfile is located in /swap subvolume, so we need to mount /swap first.
-    depends = ["/swap"];
+    depends = [ "/swap" ];
 
     device = "/swap/swapfile";
     fsType = "none";
-    options = ["bind" "rw"];
+    options = [
+      "bind"
+      "rw"
+    ];
   };
 
   fileSystems."/boot" = {
@@ -135,7 +172,7 @@
   };
 
   swapDevices = [
-    {device = "/swap/swapfile";}
+    { device = "/swap/swapfile"; }
   ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

hosts/idols-ai/home.nix

@@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
   modules.desktop = {
     hyprland = {
       nvidia = true;

hosts/idols-ai/netdev-mount.nix

@@ -2,7 +2,8 @@
   config,
   myvars,
   ...
-}: {
+}:
+{
   # supported file systems, so we can mount any removable disks with these filesystems
   boot.supportedFilesystems = [
     # "cifs"

hosts/idols-ai/nvidia.nix

@@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
   # ===============================================================================================
   # for Nvidia GPU
   # https://wiki.nixos.org/wiki/NVIDIA
@@ -10,7 +11,7 @@
     # enabling it is required to make Wayland compositors function properly.
     "nvidia-drm.fbdev=1"
   ];
-  services.xserver.videoDrivers = ["nvidia"]; # will install nvidia-vaapi-driver by default
+  services.xserver.videoDrivers = [ "nvidia" ]; # will install nvidia-vaapi-driver by default
   hardware.nvidia = {
     # Open-source kernel modules are preferred over and planned to steadily replace proprietary modules
     open = true;

hosts/idols-ai/preservation.nix

@@ -3,9 +3,11 @@
   pkgs,
   myvars,
   ...
-}: let
+}:
+let
   inherit (myvars) username;
-in {
+in
+{
   imports = [
     preservation.nixosModules.default
   ];
@@ -330,27 +332,29 @@ in {
   # Note that immediate parent directories of persisted files can also be
   # configured with ownership and permissions from the `parent` settings if
   # `configureParent = true` is set for the file.
-  systemd.tmpfiles.settings.preservation = let
+  systemd.tmpfiles.settings.preservation =
-    permission = {
+    let
-      user = username;
+      permission = {
-      group = "users";
+        user = username;
-      mode = "0755";
+        group = "users";
+        mode = "0755";
+      };
+    in
+    {
+      "/home/${username}/.config".d = permission;
+      "/home/${username}/.cache".d = permission;
+      "/home/${username}/.local".d = permission;
+      "/home/${username}/.local/share".d = permission;
+      "/home/${username}/.local/state".d = permission;
+      "/home/${username}/.local/state/nix".d = permission;
+      "/home/${username}/.terraform.d".d = permission;
     };
-  in {
-    "/home/${username}/.config".d = permission;
-    "/home/${username}/.cache".d = permission;
-    "/home/${username}/.local".d = permission;
-    "/home/${username}/.local/share".d = permission;
-    "/home/${username}/.local/state".d = permission;
-    "/home/${username}/.local/state/nix".d = permission;
-    "/home/${username}/.terraform.d".d = permission;
-  };
 
   # systemd-machine-id-commit.service would fail but it is not relevant
   # in this specific setup for a persistent machine-id so we disable it
   #
   # see the firstboot example below for an alternative approach
-  systemd.suppressedSystemUnits = ["systemd-machine-id-commit.service"];
+  systemd.suppressedSystemUnits = [ "systemd-machine-id-commit.service" ];
 
   # let the service commit the transient ID to the persistent volume
   systemd.services.systemd-machine-id-commit = {

hosts/idols-ai/secureboot.nix

@@ -3,7 +3,8 @@
   lib,
   lanzaboote,
   ...
-}: {
+}:
+{
   # How to enter setup mode - msi motherboard
   ## 1. enter BIOS via [Del] Key
   ## 2. <Advance mode> => <Settings> => <Security> => <Secure Boot>

hosts/idols-aquamarine/caddy.nix

@@ -3,7 +3,8 @@
   config,
   wallpapers,
   ...
-}: let
+}:
+let
   hostCommonConfig = ''
     encode zstd gzip
     tls ${../../certs/ecc-server.crt} ${config.age.secrets."caddy-ecc-server.key".path} {
@@ -11,7 +12,8 @@
       curves x25519 secp384r1 secp521r1
     }
   '';
-in {
+in
+{
   services.caddy = {
     enable = true;
     # Reload Caddy instead of restarting it when configuration file changes.
@@ -124,7 +126,10 @@ in {
     #   reverse_proxy http://localhost:9090
     # '';
   };
-  networking.firewall.allowedTCPPorts = [80 443];
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
 
   # Create Directories
   # https://www.freedesktop.org/software/systemd/man/latest/tmpfiles.d.html#Type

hosts/idols-aquamarine/default.nix

@@ -17,12 +17,11 @@ let
   inherit (myvars.networking) defaultGateway defaultGateway6 nameservers;
   inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4;
   ipv4WithMask = "${ipv4}/24";
-in {
+in
-  imports =
+{
-    (mylib.scanPaths ./.)
+  imports = (mylib.scanPaths ./.) ++ [
-    ++ [
+    disko.nixosModules.default
-      disko.nixosModules.default
+  ];
-    ];
 
   # supported file systems, so we can mount any removable disks with these filesystems
   boot.supportedFilesystems = [
@@ -42,7 +41,7 @@ in {
   zramSwap.memoryPercent = lib.mkForce 100;
 
   boot.kernelPackages = pkgs.linuxPackages_latest;
-  boot.kernelModules = ["kvm-amd"];
+  boot.kernelModules = [ "kvm-amd" ];
   boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu
 
   networking = {
@@ -57,9 +56,9 @@ in {
   systemd.network.enable = true;
 
   systemd.network.networks."10-${iface}" = {
-    matchConfig.Name = [iface];
+    matchConfig.Name = [ iface ];
     networkConfig = {
-      Address = [ipv4WithMask];
+      Address = [ ipv4WithMask ];
       DNS = nameservers;
       DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA.
       IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC)

hosts/idols-aquamarine/disko-fs.nix

@@ -3,8 +3,9 @@
 let
   cryptKeyFile = "/etc/agenix/hdd-luks-crypt-key";
   unlockDisk = "data-encrypted";
-in {
+in
-  fileSystems."/data/fileshare/public".depends = ["/data/fileshare"];
+{
+  fileSystems."/data/fileshare/public".depends = [ "/data/fileshare" ];
 
   # By adding this crypttab entry, the disk will be unlocked by systemd-cryptsetup@xxx.service at boot time.
   # This systemd service is running after agenix, so that the keyfile is already available.
@@ -59,7 +60,7 @@ in {
               ];
               content = {
                 type = "btrfs";
-                extraArgs = ["-f"]; # Force override existing partition
+                extraArgs = [ "-f" ]; # Force override existing partition
                 subvolumes = {
                   "@apps" = {
                     mountpoint = "/data/apps";
@@ -71,15 +72,27 @@ in {
                   };
                   "@fileshare" = {
                     mountpoint = "/data/fileshare";
-                    mountOptions = ["compress-force=zstd:1" "noatime" "nofail"];
+                    mountOptions = [
+                      "compress-force=zstd:1"
+                      "noatime"
+                      "nofail"
+                    ];
                   };
                   "@backups" = {
                     mountpoint = "/data/backups";
-                    mountOptions = ["compress-force=zstd:1" "noatime" "nofail"];
+                    mountOptions = [
+                      "compress-force=zstd:1"
+                      "noatime"
+                      "nofail"
+                    ];
                   };
                   "@snapshots" = {
                     mountpoint = "/data/apps-snapshots";
-                    mountOptions = ["compress-force=zstd:1" "noatime" "nofail"];
+                    mountOptions = [
+                      "compress-force=zstd:1"
+                      "noatime"
+                      "nofail"
+                    ];
                   };
                 };
               };
@@ -101,7 +114,10 @@ in {
             subvolumes = {
               "@persistent" = {
                 mountpoint = "/data/fileshare/public";
-                mountOptions = ["compress-force=zstd:1" "nofail"];
+                mountOptions = [
+                  "compress-force=zstd:1"
+                  "nofail"
+                ];
               };
             };
           };

hosts/idols-aquamarine/exporters/default.nix

@@ -1,3 +1,4 @@
-{mylib, ...}: {
+{ mylib, ... }:
+{
   imports = mylib.scanPaths ./.;
 }

hosts/idols-aquamarine/gitea.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   # https://github.com/NixOS/nixpkgs/blob/nixos-25.05/nixos/modules/services/misc/gitea.nix
   services.gitea = {
     enable = true;

hosts/idols-aquamarine/grafana/default.nix

@@ -2,7 +2,8 @@
   config,
   myvars,
   ...
-}: {
+}:
+{
   services.grafana = {
     enable = true;
     dataDir = "/data/apps/grafana";

hosts/idols-aquamarine/minio.nix

@@ -1,7 +1,9 @@
-{config, ...}: let
+{ config, ... }:
-  dataDir = ["/data/apps/minio/data"];
+let
+  dataDir = [ "/data/apps/minio/data" ];
   configDir = "/data/apps/minio/config";
-in {
+in
+{
   # https://github.com/NixOS/nixpkgs/blob/nixos-25.05/nixos/modules/services/web-servers/minio.nix
   services.minio = {
     enable = true;