nixfmt

common/cloudsync.nix

@@ -57,7 +57,7 @@ in
                 let
                   remote_clean = lib.strings.concatStrings (builtins.match "/*(.+)" remote);
                 in
-                "${cloud_cmd} /${remote_clean} ${local} ${sync_server}"
+                "${cloud_cmd} /${remote_clean} ${local} ${sync_server} 1> /dev/null"
               ) paths
             );
           in

common/firefox.nix

@@ -38,11 +38,13 @@ in
       policies = {
         ExtensionSettings =
           # (mkIf firefox.disableUserPlugins { "*".installation_mode = "blocked"; }) // 
-          (mapAttrs (guid: shortId: {
+          (
+            mapAttrs (guid: shortId: {
               # explicit plugins by config 
               install_url = "https://addons.mozilla.org/en-US/firefox/downloads/latest/${shortId}/latest.xpi";
               installation_mode = "force_installed";
-          }) config.grimmShared.firefox.plugins);
+            }) config.grimmShared.firefox.plugins
+          );
         DisableTelemetry = true;
         DisableFirefoxStudies = true;
         EnableTrackingProtection = {

common/graphics/opengl.nix

@@ -50,9 +50,11 @@ in
       ];
     };
 
-    environment.sessionVariables = { LIBVA_DRIVER_NAME = "iHD"; }; # Force intel-media-driver
+    environment.sessionVariables = {
+      LIBVA_DRIVER_NAME = "iHD";
+    }; # Force intel-media-driver
 
-#    chaotic.mesa-git.enable = true;
+    #    chaotic.mesa-git.enable = true;
     boot.kernelParams = [ "nouveau.config=NvGspRm=1" ];
 
     environment.sessionVariables = {

common/graphics/qt.nix

@@ -19,10 +19,10 @@ in
       with pkgs;
       with kdePackages;
       [
-#        qtstyleplugin-kvantum
+        #        qtstyleplugin-kvantum
         catppuccin-sddm-corners
         libsForQt5.qtgraphicaleffects
-#        catppuccin-kvantum
+        #        catppuccin-kvantum
         breeze
         kdePackages.audiocd-kio
         kdePackages.kio-extras
@@ -33,7 +33,7 @@ in
         qtwayland
       ];
 
-#    environment.pathsToLink = [ "/share/Kvantum" ];
+    #    environment.pathsToLink = [ "/share/Kvantum" ];
 
     services.displayManager = {
       sddm = {

common/graphics/sway.nix

@@ -87,7 +87,9 @@ let
         export SWAYSOCK="/run/user/$uid/sway-ipc.$uid.$pid.sock"
         if [[ -e "$SWAYSOCK" ]] ; then
           echo "sock is $SWAYSOCK"
-          ${getExe' config.programs.sway.package "swaymsg"} '${concatMapStrings (s: s + " ; ") output_def}'
+          ${getExe' config.programs.sway.package "swaymsg"} '${
+            concatMapStrings (s: s + " ; ") output_def
+          }'
         fi
       done
     '';
@@ -210,7 +212,7 @@ in
         };
 
         extraPackages = with pkgs; [
-#          swaylock
+          #          swaylock
           swayidle
           wl-clipboard
           wf-recorder

common/hardware/laptop.nix

@@ -32,6 +32,9 @@ in
     # hardware.i2c.enable = true;
     services.libinput.enable = true;
     hardware.opentabletdriver.enable = true;
+
+    systemd.user.services.opentabletdriver.after = [ "local-fs.target" ];
+
     services.udisks2.enable = true;
 
     #services.udev.extraRules = ''
@@ -42,25 +45,29 @@ in
     #    ENV{SYSTEMD_WANTS}+="ddcci@$kernel.service"
     #'';
 
-    systemd.services."ddcci@" = {
-      scriptArgs = "%i";
-      script = ''
-        sleep 20
-        echo Trying to attach ddcci to $1
-        i=0
-        id=$(echo $1 | cut -d "-" -f 2)
-        if ${lib.getExe' pkgs.ddcutil "ddcutil"} getvcp 10 -b $id; then
-          echo ddcci 0x37 > /sys/bus/i2c/devices/$1/new_device
-        fi
-      '';
-      serviceConfig.Type = "oneshot";
-    };
+    # systemd.services."ddcci@" = {
+    #  scriptArgs = "%i";
+    #  script = ''
+    #    sleep 20
+    #    echo Trying to attach ddcci to $1
+    #    i=0
+    #    id=$(echo $1 | cut -d "-" -f 2)
+    #    if ${lib.getExe' pkgs.ddcutil "ddcutil"} getvcp 10 -b $id; then
+    #      echo ddcci 0x37 > /sys/bus/i2c/devices/$1/new_device
+    #    fi
+    #  '';
+    #  serviceConfig.Type = "oneshot";
+    #};
 
     systemd.enableCgroupAccounting = true;
     # systemd.enableUnifiedCgroupHierarchy = false;
 
     boot = {
-      kernelParams = [ "intel_iommu=on" "nohibernate" ];
+      kernelParams = [
+        "intel_iommu=on"
+        "nohibernate"
+        "pcie_aspm=off"
+      ];
       loader.efi.canTouchEfiVariables = true;
       initrd.availableKernelModules = [
         "xhci_pci"
@@ -70,12 +77,12 @@ in
         "usb_storage"
         "sd_mod"
       ];
-#      initrd.systemd.enable = true;
+      #      initrd.systemd.enable = true;
       loader.systemd-boot.enable = true;
       #      extraModulePackages = [ config.boot.kernelPackages.ddcci-driver ];
       kernelModules = [
-        "ddcci_backlight"
-        "i2c-dev"
+        #        "ddcci_backlight"
+        #        "i2c-dev"
         "ec_sys"
       ];
     };

common/sound/spotifyd.nix

@@ -61,9 +61,17 @@ in
         password_cmd =
           let
             pass = spotify.spotifyd.pass;
-            inherit (lib) isPath isString getExe getExe';
+            inherit (lib)
+              isPath
+              isString
+              getExe
+              getExe'
+              ;
           in
-          if (isPath pass || isString pass) then "${getExe' pkgs.coreutils-full "cat"} ${pass}" else (getExe pass);
+          if (isPath pass || isString pass) then
+            "${getExe' pkgs.coreutils-full "cat"} ${pass}"
+          else
+            (getExe pass);
         device_type = "computer";
         dbus_type = "system";
         device = "default";

common/tooling/apparmor/apparmor-d-module.nix

@@ -5,18 +5,30 @@
   ...
 }:
 let
-  inherit (lib) mkIf mapAttrs assertMsg pathIsRegularFile mkForce;
+  inherit (lib)
+    mkIf
+    mapAttrs
+    assertMsg
+    pathIsRegularFile
+    mkForce
+    ;
 
   cfg = config.security.apparmor_d;
-  apparmor-d = pkgs.callPackage ./apparmor-d-package.nix {};
-  in
+  apparmor-d = pkgs.callPackage ./apparmor-d-package.nix { };
+in
 {
   options.security.apparmor_d = with lib; {
     enable = mkEnableOption "enable apparmor.d support";
 
     profiles = mkOption {
-      type = types.attrsOf (types.enum [ "disable" "complain" "enforce" ]);
-      default = {};
+      type = types.attrsOf (
+        types.enum [
+          "disable"
+          "complain"
+          "enforce"
+        ]
+      );
+      default = { };
       description = "set of apparmor profiles to include from apparmor.d";
     };
   };
@@ -25,7 +37,8 @@ let
     security.apparmor.packages = [ apparmor-d ];
     security.apparmor.policies = mapAttrs (name: state: {
       inherit state;
-      path = let
+      path =
+        let
           file = "${apparmor-d}/etc/apparmor.d/${name}";
         in
         assert assertMsg (pathIsRegularFile file) "profile ${name} not found in apparmor.d path (${file})";

common/tooling/apparmor/apparmor-d-package.nix

@@ -1,4 +1,10 @@
-{ buildGoModule, fetchFromGitHub, git, lib, unstableGitUpdater }: 
+{
+  buildGoModule,
+  fetchFromGitHub,
+  git,
+  lib,
+  unstableGitUpdater,
+}:
 buildGoModule {
   pname = "apparmor-d";
   version = "unstable-2024-10-12";

common/tooling/apparmor/default.nix

@@ -23,7 +23,7 @@ in
       alias /bin/spotify -> ${pkgs.spotify}/share/spotify/spotify,
     '';
 
-#    security.apparmor.aa-alias-manager.enable = false;
+    #    security.apparmor.aa-alias-manager.enable = false;
 
     security.audit.backlogLimit = 512;
 
@@ -51,7 +51,6 @@ in
       };
     };
 
-
     security.apparmor.includes = {
       "abstractions/base" = ''
         /nix/store/*/bin/** mr,
@@ -61,12 +60,11 @@ in
         ${getExe' pkgs.coreutils-full "coreutils"} rix,
       '';
 
-#      "tunables/alias.d/store" = ''
-#        include <tunables/global>
-#        alias /bin -> @{bin},
-#        alias /bin/ -> /nix/store/*/bin/,
-#      '';
-
+      #      "tunables/alias.d/store" = ''
+      #        include <tunables/global>
+      #        alias /bin -> @{bin},
+      #        alias /bin/ -> /nix/store/*/bin/,
+      #      '';
 
       "local/speech-dispatcher" = ''
         @{nix_store}/libexec/speech-dispatcher-modules/* ix,
@@ -85,10 +83,10 @@ in
       '';
 
       "local/xdg-mime" = ''
-#        include <abstractions/app/bus>
+        #        include <abstractions/app/bus>
                 /bin/grep rix,
                 /bin/gawk rix,
-#        /bin/dbus-send Cx -> bus,
+        #        /bin/dbus-send Cx -> bus,
                 /dev/tty* rw,
       '';
 
@@ -123,7 +121,7 @@ in
                 @{bin}/grep ix,
                 /@{PROC}/version r,
                 @{bin}/gdbus Cx -> bus,
-#        @{bin}/gdbus Ux,
+        #        @{bin}/gdbus Ux,
       '';
 
       "local/vesktop" = ''
@@ -145,16 +143,16 @@ in
         @{bin}/unix_chkpwd rix,
       '';
 
-#      "local/spotify" = ''
-#        @{bin}/
-#      '';
+      #      "local/spotify" = ''
+      #        @{bin}/
+      #      '';
     };
 
     security.apparmor.policies = {
       passff = {
         state = "enforce";
-#        enable = true;
-#        enforce = true;
+        #        enable = true;
+        #        enforce = true;
         profile = ''
           abi <abi/4.0>,
           include <tunables/global>
@@ -168,8 +166,8 @@ in
 
       swaymux = {
         state = "enforce";
-#        enable = true;
-#        enforce = true;
+        #        enable = true;
+        #        enforce = true;
         profile = ''
           abi <abi/4.0>,
           include <tunables/global>
@@ -182,42 +180,41 @@ in
         '';
       };
 
-#      speech-dispatcher-test = {
-#        enable = true;
-#        enforce = true;
-#        profile = ''#
-#
-#abi <abi/4.0>,
-#
-#include <tunables/global>
-#
-#@{exec_path} = @{bin}/speech-dispatcher
-#profile speech-dispatcher ${getExe' pkgs.speechd "speech-dispatcher"} flags=(complain) {
-#  include <abstractions/base>
-#  include <abstractions/audio-client>
-#  include <abstractions/bus-session>
-#  include <abstractions/consoles>
-#  include <abstractions/nameservice-strict>
+      #      speech-dispatcher-test = {
+      #        enable = true;
+      #        enforce = true;
+      #        profile = ''#
+      #
+      #abi <abi/4.0>,
+      #
+      #include <tunables/global>
+      #
+      #@{exec_path} = @{bin}/speech-dispatcher
+      #profile speech-dispatcher ${getExe' pkgs.speechd "speech-dispatcher"} flags=(complain) {
+      #  include <abstractions/base>
+      #  include <abstractions/audio-client>
+      #  include <abstractions/bus-session>
+      #  include <abstractions/consoles>
+      #  include <abstractions/nameservice-strict>
 
-#  network inet stream,
-#  network inet6 stream,
+      #  network inet stream,
+      #  network inet6 stream,
 
-#  @{exec_path} mr,
+      #  @{exec_path} mr,
 
-#  @{sh_path} ix,
-#  @{lib}/speech-dispatcher/** r,
-#  @{lib}/speech-dispatcher/speech-dispatcher-modules/* ix,
+      #  @{sh_path} ix,
+      #  @{lib}/speech-dispatcher/** r,
+      #  @{lib}/speech-dispatcher/speech-dispatcher-modules/* ix,
 
-#  /etc/machine-id r,
-#  /etc/speech-dispatcher/{,**} r,
+      #  /etc/machine-id r,
+      #  /etc/speech-dispatcher/{,**} r,
 
-#  owner @{run}/user/@{uid}/speech-dispatcher/ rw,
-#  owner @{run}/user/@{uid}/speech-dispatcher/** rwk,
-
-#  include if exists <local/speech-dispatcher>
-#}        '';
-#      };
+      #  owner @{run}/user/@{uid}/speech-dispatcher/ rw,
+      #  owner @{run}/user/@{uid}/speech-dispatcher/** rwk,
 
+      #  include if exists <local/speech-dispatcher>
+      #}        '';
+      #      };
 
       sleep = {
         state = "enforce";
@@ -232,8 +229,8 @@ in
 
       osu-lazer = {
         state = "disable";
-#        enable = true;
-#        enforce = true;
+        #        enable = true;
+        #        enforce = true;
         profile = ''
           abi <abi/4.0>,
           include <tunables/global>

common/tooling/default.nix

@@ -54,7 +54,7 @@ in
         p7zip
 
         fbcat
-#        gomuks
+        #        gomuks
 
         imagemagick
         nmap

common/tooling/nix.nix

@@ -11,6 +11,7 @@
     nix-output-monitor
     nix-search-cli
     niv
+    nvd
     vulnix
     nix-init
   ];

common/tooling/opensnitch/block_lists.nix

@@ -1,4 +1,8 @@
-{ stdenv, fetchFromGitHub, lib }:
+{
+  stdenv,
+  fetchFromGitHub,
+  lib,
+}:
 stdenv.mkDerivation rec {
   pname = "stevenblack_block";
   version = "3.14.116";

common/tooling/ranger.nix

@@ -21,7 +21,7 @@ let
       rev = "981756147834bb485ebcfa0e41ad60d05ccc4351";
       hash = "sha256-5nFpEO/54MO6Esvkcqcyw2TI37ham70LkHtOXrYXfbY=";
     };
-#    inputs.ranger_udisk_menu;
+    #    inputs.ranger_udisk_menu;
   };
 in
 {

common/tooling/security.nix

@@ -46,7 +46,7 @@ in
         gnupg
         libsecret
         vulnix
-#        agenix
+        #        agenix
 
         yubikey-manager
         yubico-pam
@@ -70,7 +70,9 @@ in
       enableSSHSupport = true;
     };
 
-    grimmShared.firefox.plugins = mkIf (tooling.enable && tooling.pass) { "passff@invicem.pro" = "passff"; };
+    grimmShared.firefox.plugins = mkIf (tooling.enable && tooling.pass) {
+      "passff@invicem.pro" = "passff";
+    };
   };
 
   options.grimmShared.tooling.pass = mkEnableOption "Enables password-store, gnupg and such secret handling";

common/tooling/wine.nix

@@ -1,4 +1,9 @@
-{ pkgs, config, lib, ... }:
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
 let
   inherit (config.grimmShared) enable tooling;
   inherit (lib)
@@ -15,13 +20,12 @@ in
     programs.virt-manager.enable = true;
     virtualisation.spiceUSBRedirection.enable = true;
 
-#    dconf.settings = {
-#      "org/virt-manager/virt-manager/connections" = {
-#        autoconnect = ["qemu:///system"];
-#        uris = ["qemu:///system"];
-#      };
-#    };
-
+    #    dconf.settings = {
+    #      "org/virt-manager/virt-manager/connections" = {
+    #        autoconnect = ["qemu:///system"];
+    #        uris = ["qemu:///system"];
+    #      };
+    #    };
 
     environment.systemPackages = with pkgs; [
       winetricks
@@ -29,7 +33,7 @@ in
       dotnetCorePackages.dotnet_9.sdk
       # jetbrains.rider
       mono4
-#      (mono4.overrideAttrs { version="4.6.1"; sha256=""; })
+      #      (mono4.overrideAttrs { version="4.6.1"; sha256=""; })
       tesseract4
     ];
   };

common/xdg/portals.nix

@@ -51,14 +51,14 @@ in
 
     environment.sessionVariables = {
       XDG_CONFIG_HOME = "$HOME/.config";
-      XDG_DESKTOP_DIR="$HOME/Desktop";
-      XDG_DOCUMENTS_DIR="$HOME/Documents";
-      XDG_DOWNLOAD_DIR="$HOME/Downloads";
-      XDG_MUSIC_DIR="$HOME/Music";
-      XDG_PICTURES_DIR="$HOME/Pictures";
-      XDG_PUBLICSHARE_DIR="$HOME/Public";
-      XDG_TEMPLATES_DIR="$HOME/Templates";
-      XDG_VIDEOS_DIR="$HOME/Videos";
+      XDG_DESKTOP_DIR = "$HOME/Desktop";
+      XDG_DOCUMENTS_DIR = "$HOME/Documents";
+      XDG_DOWNLOAD_DIR = "$HOME/Downloads";
+      XDG_MUSIC_DIR = "$HOME/Music";
+      XDG_PICTURES_DIR = "$HOME/Pictures";
+      XDG_PUBLICSHARE_DIR = "$HOME/Public";
+      XDG_TEMPLATES_DIR = "$HOME/Templates";
+      XDG_VIDEOS_DIR = "$HOME/Videos";
     };
 
     environment.systemPackages = with pkgs; [

configuration.nix

@@ -3,7 +3,7 @@
   imports = [
     ./overlays
     ./common
-#    ./fake_flake.nix
+    #    ./fake_flake.nix
     ./users.nix
   ];
 

custom/ncspot/package.nix

@@ -1,22 +1,32 @@
-{ stdenv
-, lib
-, fetchFromGitHub
-, rustPlatform
-, pkg-config
-, ncurses
-, openssl
-, darwin
-, withALSA ? stdenv.isLinux, alsa-lib
-, withClipboard ? true, libxcb, python3
-, withCover ? false, ueberzug
-, withPulseAudio ? stdenv.isLinux, libpulseaudio
-, withPortAudio ? stdenv.isDarwin, portaudio
-, withMPRIS ? stdenv.isLinux, withNotify ? true, dbus
-, withCrossterm ? true
-, nix-update-script
-, testers
-, ncspot
-}: let 
+{
+  stdenv,
+  lib,
+  fetchFromGitHub,
+  rustPlatform,
+  pkg-config,
+  ncurses,
+  openssl,
+  darwin,
+  withALSA ? stdenv.isLinux,
+  alsa-lib,
+  withClipboard ? true,
+  libxcb,
+  python3,
+  withCover ? false,
+  ueberzug,
+  withPulseAudio ? stdenv.isLinux,
+  libpulseaudio,
+  withPortAudio ? stdenv.isDarwin,
+  portaudio,
+  withMPRIS ? stdenv.isLinux,
+  withNotify ? true,
+  dbus,
+  withCrossterm ? true,
+  nix-update-script,
+  testers,
+  ncspot,
+}:
+let
   inherit (darwin.apple_sdk.frameworks) Cocoa;
 in
 rustPlatform.buildRustPackage rec {
@@ -37,10 +47,10 @@ rustPlatform.buildRustPackage rec {
     };
   };
 
-  nativeBuildInputs = [ pkg-config ]
-    ++ lib.optional withClipboard python3;
+  nativeBuildInputs = [ pkg-config ] ++ lib.optional withClipboard python3;
 
-  buildInputs = [ ncurses ]
+  buildInputs =
+    [ ncurses ]
     ++ lib.optional stdenv.isLinux openssl
     ++ lib.optional withALSA alsa-lib
     ++ lib.optional withClipboard libxcb
@@ -54,7 +64,8 @@ rustPlatform.buildRustPackage rec {
 
   buildNoDefaultFeatures = true;
 
-  buildFeatures = [ "cursive/pancurses-backend" ]
+  buildFeatures =
+    [ "cursive/pancurses-backend" ]
     ++ lib.optional withALSA "alsa_backend"
     ++ lib.optional withClipboard "share_clipboard"
     ++ lib.optional withCover "cover"

flake.nix

@@ -22,8 +22,8 @@
       url = "github:dali99/nixos-matrix-modules";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-#    ranger_udisk_menu.url = "git+https://git.grimmauld.de/Grimmauld/ranger_udisk_menu";
-#    glibc-eac.url = "github:Frogging-Family/glibc-eac";
+    #    ranger_udisk_menu.url = "git+https://git.grimmauld.de/Grimmauld/ranger_udisk_menu";
+    #    glibc-eac.url = "github:Frogging-Family/glibc-eac";
     aagl-gtk-on-nix = {
       url = "github:ezKEa/aagl-gtk-on-nix";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -34,7 +34,18 @@
     };
   };
 
-  outputs = inputs @ { self, agenix, nixpkgs, chaotic, aagl-gtk-on-nix, nixos-mailserver, nixos-matrix-modules, aa-alias-manager, ... }:
+  outputs =
+    inputs@{
+      self,
+      agenix,
+      nixpkgs,
+      chaotic,
+      aagl-gtk-on-nix,
+      nixos-mailserver,
+      nixos-matrix-modules,
+      aa-alias-manager,
+      ...
+    }:
     let
       patches = [
         ./aa_mod.patch
@@ -44,7 +55,8 @@
         }
       ];
 
-      customNixosSystem = system: definitions:
+      customNixosSystem =
+        system: definitions:
         let
           unpatched = nixpkgs.legacyPackages.${system};
           patched = unpatched.applyPatches {
@@ -54,10 +66,15 @@
           };
           nixosSystem = import (patched + "/nixos/lib/eval-config.nix");
         in
-        nixosSystem ({
+        nixosSystem (
+          {
             inherit system;
-          specialArgs = { inherit inputs system; };
-        } // definitions);
+            specialArgs = {
+              inherit inputs system;
+            };
+          }
+          // definitions
+        );
     in
     {
       nixosConfigurations = {

modules/default.nix

@@ -13,7 +13,7 @@ in
     ./nextcloud.nix
     ./prometheus.nix
     # ./mjolnir.nix
-#    ./fail2ban.nix
+    #    ./fail2ban.nix
     ./email.nix
     # ./discord-matrix-bridge.nix
     ./mastodon.nix

modules/matrix_legacy.nix

@@ -11,7 +11,9 @@ let
   fqdn = vhosts.matrix_host.host;
   base_url = "https://${fqdn}";
 
-  clientConfig."m.homeserver" = {inherit base_url; }; # = "https://${vhosts.matrix_host.host}";
+  clientConfig."m.homeserver" = {
+    inherit base_url;
+  }; # = "https://${vhosts.matrix_host.host}";
   serverConfig."m.server" = "${vhosts.matrix_host.host}:443";
   mkWellKnown = data: ''
     default_type application/json;
@@ -33,7 +35,6 @@ in
     ];
   };
 
-  
   services.matrix-synapse = {
     enable = true;
     settings.server_name = domain;
@@ -43,21 +44,30 @@ in
     # in client applications.
     settings.public_baseurl = base_url;
     settings.listeners = [
-      { port = 8008;
+      {
+        port = 8008;
         bind_addresses = [ "::1" ];
         type = "http";
         tls = false;
         x_forwarded = true;
-        resources = [ {
-          names = [ "client" "federation" ];
+        resources = [
+          {
+            names = [
+              "client"
+              "federation"
+            ];
             compress = true;
-        } ];
+          }
+        ];
       }
     ];
 
     settings.database = {
       name = "psycopg2";
-      args = { user="synapse"; database= "synapse"; };
+      args = {
+        user = "synapse";
+        database = "synapse";
+      };
     };
     settings.log_config = ./matrix_synapse_log_config.yaml;
     settings.enable_registration = false;
@@ -75,47 +85,47 @@ in
     ];
   };
 
-#  services.matrix-synapse-next = {
-#    enable = true;
-#
-#    workers.federationSenders = 1;
-#    workers.federationReceivers = 1;
-#    workers.initialSyncers = 1;
-#    workers.normalSyncers = 1;
-#    workers.eventPersisters = 2;
-#    workers.useUserDirectoryWorker = true;
-#    mainLogConfig = ./matrix_synapse_log_config.yaml;
-#
-#    enableNginx = true;
-#    enableSlidingSync = false;
-#
-#    settings = {
-#      suppress_key_server_warning = true;
-#      server_name = domain;
-#      public_baseurl = "https://${domain}";
-#      enable_registration = true;
-#      registration_requires_token = true;
-#      registration_shared_secret_path = config.age.secrets.synapse_registration_shared_secret.path;
-#      # enable_registration_without_verification = true;
-#      # mainLogConfig = ./matrix_synapse_log_config.yaml;
-#
-#      # registrations_require_3pid = [ "email" ];
-#
-#      database = {
-#        name = "psycopg2";
-#        args = {
-#          host = "localhost";
-#          port = config.services.postgresql.settings.port;
-#          dbname = "synapse";
-#          user = "synapse";
-#          cp_min = 5;
-#          cp_max = 10;
-#          client_encoding = "auto";
-#          passfile = config.age.secrets.synapse_db_pass_prepared.path;
-#        };
-#      };
-#    };
-#  };
+  #  services.matrix-synapse-next = {
+  #    enable = true;
+  #
+  #    workers.federationSenders = 1;
+  #    workers.federationReceivers = 1;
+  #    workers.initialSyncers = 1;
+  #    workers.normalSyncers = 1;
+  #    workers.eventPersisters = 2;
+  #    workers.useUserDirectoryWorker = true;
+  #    mainLogConfig = ./matrix_synapse_log_config.yaml;
+  #
+  #    enableNginx = true;
+  #    enableSlidingSync = false;
+  #
+  #    settings = {
+  #      suppress_key_server_warning = true;
+  #      server_name = domain;
+  #      public_baseurl = "https://${domain}";
+  #      enable_registration = true;
+  #      registration_requires_token = true;
+  #      registration_shared_secret_path = config.age.secrets.synapse_registration_shared_secret.path;
+  #      # enable_registration_without_verification = true;
+  #      # mainLogConfig = ./matrix_synapse_log_config.yaml;
+  #
+  #      # registrations_require_3pid = [ "email" ];
+  #
+  #      database = {
+  #        name = "psycopg2";
+  #        args = {
+  #          host = "localhost";
+  #          port = config.services.postgresql.settings.port;
+  #          dbname = "synapse";
+  #          user = "synapse";
+  #          cp_min = 5;
+  #          cp_max = 10;
+  #          client_encoding = "auto";
+  #          passfile = config.age.secrets.synapse_db_pass_prepared.path;
+  #        };
+  #      };
+  #    };
+  #  };
   services.redis.servers."".enable = true;
 
   age.secrets.synapse_db_pass = {
@@ -141,7 +151,6 @@ in
     matrix-synapse
   ];
 
-
   services.nginx = {
     enable = true;
     recommendedTlsSettings = true;
@@ -181,60 +190,60 @@ in
     };
   };
 
-#  services.nginx = {
-#    enable = true;
-#    virtualHosts."${domain}" = {
-#      forceSSL = true;
-#      enableACME = lib.mkForce false; # use the cert above, not some weird one that matrix-synapse module supplies
-#      useACMEHost = domain;
-#      locations."/.well-known/matrix/server" = {
-#        return = "200 '{\"m.server\":\"${vhosts.matrix_host.host}:443\"}'";
-#        extraConfig = ''
-#          default_type application/json;
-#          add_header Access-Control-Allow-Origin *;
-#          add_header Accept-Ranges bytes;'';
-#      };
-#      locations."/.well-known/matrix/client" = {
-#        return = "200 '{\"m.homeserver\": {\"base_url\": \"https://${vhosts.matrix_host.host}\"}}'";
-#        extraConfig = ''
-#          add_header Access-Control-Allow-Origin *;
-#          default_type application/json;
-#        '';
-#      };
-#      locations."/_matrix" = {
-#        proxyPass = "http://$synapse_backend";
-#        extraConfig = ''
-#          add_header X-debug-backend $synapse_backend;
-#          add_header X-debug-group $synapse_uri_group;
-#          client_max_body_size ${config.services.matrix-synapse-next.settings.max_upload_size};
-#          proxy_read_timeout 10m;
-#        '';
-#      };
-#      locations."/_synapse/client" = {
-#        proxyPass = "http://$synapse_backend";
-#      };
-#      locations."~ ^/_matrix/client/(r0|v3)/sync$" = {
-#        proxyPass = "http://$synapse_backend";
-#        extraConfig = ''
-#          proxy_read_timeout 1h;
-#        '';
-#      };
-#      locations."~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$" = {
-#        proxyPass = "http://synapse_worker_initial_sync";
-#        extraConfig = ''
-#          proxy_read_timeout 1h;
-#        '';
-#      };
-#      locations."~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$" = {
-#        proxyPass = "http://synapse_worker_initial_sync";
-#        extraConfig = ''
-#          proxy_read_timeout 1h;
-#        '';
-#      };
-#      #      locations."/.well-known/matrix" = {
-#        proxyPass = "http://$synapse_backend";
-#      };
-#    };
-#  };
+  #  services.nginx = {
+  #    enable = true;
+  #    virtualHosts."${domain}" = {
+  #      forceSSL = true;
+  #      enableACME = lib.mkForce false; # use the cert above, not some weird one that matrix-synapse module supplies
+  #      useACMEHost = domain;
+  #      locations."/.well-known/matrix/server" = {
+  #        return = "200 '{\"m.server\":\"${vhosts.matrix_host.host}:443\"}'";
+  #        extraConfig = ''
+  #          default_type application/json;
+  #          add_header Access-Control-Allow-Origin *;
+  #          add_header Accept-Ranges bytes;'';
+  #      };
+  #      locations."/.well-known/matrix/client" = {
+  #        return = "200 '{\"m.homeserver\": {\"base_url\": \"https://${vhosts.matrix_host.host}\"}}'";
+  #        extraConfig = ''
+  #          add_header Access-Control-Allow-Origin *;
+  #          default_type application/json;
+  #        '';
+  #      };
+  #      locations."/_matrix" = {
+  #        proxyPass = "http://$synapse_backend";
+  #        extraConfig = ''
+  #          add_header X-debug-backend $synapse_backend;
+  #          add_header X-debug-group $synapse_uri_group;
+  #          client_max_body_size ${config.services.matrix-synapse-next.settings.max_upload_size};
+  #          proxy_read_timeout 10m;
+  #        '';
+  #      };
+  #      locations."/_synapse/client" = {
+  #        proxyPass = "http://$synapse_backend";
+  #      };
+  #      locations."~ ^/_matrix/client/(r0|v3)/sync$" = {
+  #        proxyPass = "http://$synapse_backend";
+  #        extraConfig = ''
+  #          proxy_read_timeout 1h;
+  #        '';
+  #      };
+  #      locations."~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$" = {
+  #        proxyPass = "http://synapse_worker_initial_sync";
+  #        extraConfig = ''
+  #          proxy_read_timeout 1h;
+  #        '';
+  #      };
+  #      locations."~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$" = {
+  #        proxyPass = "http://synapse_worker_initial_sync";
+  #        extraConfig = ''
+  #          proxy_read_timeout 1h;
+  #        '';
+  #      };
+  #      #      locations."/.well-known/matrix" = {
+  #        proxyPass = "http://$synapse_backend";
+  #      };
+  #    };
+  #  };
   #  networking.firewall.allowedTCPPorts = [ 8448 8008 ];
 }

modules/wireguard.nix

@@ -1,7 +1,10 @@
- {pkgs, ...}: {
+{ pkgs, ... }:
+{
   # enable NAT
-  networking.nat.enable = true; networking.nat.externalInterface = "eth0"; 
-  networking.nat.internalInterfaces = [ "wg0" ]; networking.firewall = {
+  networking.nat.enable = true;
+  networking.nat.externalInterface = "eth0";
+  networking.nat.internalInterfaces = [ "wg0" ];
+  networking.firewall = {
     allowedUDPPorts = [ 51820 ];
   };
 
@@ -18,18 +21,21 @@
       # This allows the wireguard server to route your traffic to the internet and 
       # hence be like a VPN For this to work you have to set the dnsserver IP of 
       # your router (or dnsserver of choice) in your clients
-      postSetup = '' ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ens18 -j MASQUERADE
+      postSetup = ''
+        ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ens18 -j MASQUERADE
       '';
       # This undoes the above command
-      postShutdown = '' ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ens18 -j MASQUERADE
+      postShutdown = ''
+        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ens18 -j MASQUERADE
       '';
 
       generatePrivateKeyFile = true;
       peers = [
         {
-publicKey="2aANdnPYtf78iXfwNVAtYjIlE5k/yDWvbdXZ2jw0hXk=";
+          publicKey = "2aANdnPYtf78iXfwNVAtYjIlE5k/yDWvbdXZ2jw0hXk=";
           allowedIPs = [ "10.100.0.2/32" ];
- } ];
+        }
+      ];
     };
   };
   environment.systemPackages = with pkgs; [ wireguard-tools ];

overlays/factorio.nix

@@ -4,6 +4,9 @@ let
 in
 {
   factorio = prev.factorio.override (
-    { versionsJson = ./versions.json; } // lib.optionalAttrs (builtins.pathExists loginFile) (import loginFile)
+    {
+      versionsJson = ./versions.json;
+    }
+    // lib.optionalAttrs (builtins.pathExists loginFile) (import loginFile)
   );
 }

specific/grimm-nixos-laptop/configuration.nix

@@ -9,7 +9,6 @@
 
   age.identityPaths = [ "/home/grimmauld/.ssh/id_ed25519" ];
 
-
   services.zfs.trim.enable = true;
   boot.supportedFilesystems.zfs = true;
   networking.hostId = "2ea79333";

specific/grimm-nixos-ssd/configuration.nix

@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 {
   imports = [
     # Include the results of the hardware scan.
@@ -14,7 +19,8 @@
 
   # security.pam.yubico.control = "required";
 
-  services.udev.extraRules = let 
+  services.udev.extraRules =
+    let
       inherit (lib) getExe' getExe;
       inherit (pkgs) procps writeShellScriptBin;
       exitSway = writeShellScriptBin "kill-sway" ''
@@ -28,17 +34,18 @@
           fi
         done
       '';
-  in ''
+    in
+    ''
             ACTION=="remove",\
              ENV{SUBSYSTEM}=="usb",\
              ENV{PRODUCT}=="1050/407/543",\
              RUN+="${lib.getExe exitSway}"
-#  '';
+      #  '';
 
   # RUN+="${lib.getExe' pkgs.systemd "loginctl"} lock-sessions"
 
-#  networking.hostId = "2ea79333";
-#  boot.kernelPackages = lib.mkForce config.boot.zfs.package.latestCompatibleLinuxPackages;
+  #  networking.hostId = "2ea79333";
+  #  boot.kernelPackages = lib.mkForce config.boot.zfs.package.latestCompatibleLinuxPackages;
 
   grimmShared = {
     tooling = {

specific/grimm-nixos-ssd/hardware-configuration.nix

@@ -1,24 +1,45 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
 
 {
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
   ];
 
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "uas" "sd_mod" "kvm-intel" ];
-  boot.initrd.kernelModules = [ "zfs" "nls_cp437" "nls_iso8859-1" "usbhid" "usb_storage" "nvme" ];
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "nvme"
+    "usbhid"
+    "uas"
+    "sd_mod"
+    "kvm-intel"
+  ];
+  boot.initrd.kernelModules = [
+    "zfs"
+    "nls_cp437"
+    "nls_iso8859-1"
+    "usbhid"
+    "usb_storage"
+    "nvme"
+  ];
   boot.zfs = {
     forceImportRoot = false;
     requestEncryptionCredentials = false; # none of the zfs datasets that should be mounted are encrypted. User homes happen later.
-#    [
-#      "zpool/home"
-#      "zpool/root"
-#      "zpool/nix"
-#      "zpool/var"
-#    ];
+    #    [
+    #      "zpool/home"
+    #      "zpool/root"
+    #      "zpool/nix"
+    #      "zpool/var"
+    #    ];
   };
   boot.kernelModules = [ "kvm-intel" ];
   boot.supportedFilesystems.zfs = true;
@@ -29,39 +50,42 @@
   boot.kernelParams = [ "mds=full,nosmt" ];
   services.homed.enable = true;
 
-  fileSystems."/" =
-    { device = "zpool/root";
+  fileSystems."/" = {
+    device = "zpool/root";
     fsType = "zfs";
   };
 
-  fileSystems."/nix" =
-    { device = "zpool/nix";
+  fileSystems."/nix" = {
+    device = "zpool/nix";
     fsType = "zfs";
   };
 
-  fileSystems."/var" =
-    { device = "zpool/var";
+  fileSystems."/var" = {
+    device = "zpool/var";
     fsType = "zfs";
   };
 
-  fileSystems."/etc/nixos" =
-    { device = "zpool/nix_conf";
+  fileSystems."/etc/nixos" = {
+    device = "zpool/nix_conf";
     fsType = "zfs";
     options = [ "noacl" ];
   };
 
-#  fileSystems."/home" =
-#    { device = "zpool/home";
-#      fsType = "zfs";
-#    };
+  #  fileSystems."/home" =
+  #    { device = "zpool/home";
+  #      fsType = "zfs";
+  #    };
 
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/12CE-A600";
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/12CE-A600";
     fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" "umask=077" ];
+    options = [
+      "fmask=0022"
+      "dmask=0022"
+      "umask=077"
+    ];
   };
 
-
   grimmShared = {
     screens = {
       external = {
@@ -80,17 +104,16 @@
     laptop_hardware.enable = true;
   };
 
+  #  fileSystems."/crypt-storage" =
+  #     { device = "/dev/disk/by-uuid/6f0d65a8-24f0-439d-b5ee-03c0ef051fcb";
+  #      fsType = "ext4";
+  #      options = [ "umask=077" ]; # read only so a fat-finger can't accidentially bonk our salts, rendering the disk useless.
+  #    };
 
-#  fileSystems."/crypt-storage" =
-#     { device = "/dev/disk/by-uuid/6f0d65a8-24f0-439d-b5ee-03c0ef051fcb";
-#      fsType = "ext4";
-#      options = [ "umask=077" ]; # read only so a fat-finger can't accidentially bonk our salts, rendering the disk useless.
-#    };
-
-#  fileSystems."/home/grimmauld" =
-#    { device = "zpool/home/grimmauld";
-#      fsType = "zfs";
-#    };
+  #  fileSystems."/home/grimmauld" =
+  #    { device = "zpool/home/grimmauld";
+  #      fsType = "zfs";
+  #    };
 
   security.pam = {
     zfs = {

sway/default.nix

@@ -1,4 +1,9 @@
-{ pkgs, lib, config, ... }:
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
 {
   imports = [ ./bar ];
 
@@ -51,7 +56,8 @@
           urgentcol = "#9e3c3c";
           realwhite = "#C7D3E3";
         };
-        keybinds = {
+        keybinds =
+          {
             "$mod+d" = "exec $menu";
             "$mod+Shift+d" = "exec $menu_run";
             "$mod+Shift+s" = ''exec ${getExe grim} -g "$(${getExe slurp} -d)" - | wl-copy'';
@@ -154,10 +160,18 @@
               in
               "exec ${getExe open}";
             # XF86Bluetooth = "exec blueman-manager";
-        } // (let inherit (builtins) toString; in lib.mergeAttrsList (map (n: {
+          }
+          // (
+            let
+              inherit (builtins) toString;
+            in
+            lib.mergeAttrsList (
+              map (n: {
                 "$mod+${toString n}" = "workspace number ${toString n}";
                 "$mod+Shift+${toString n}" = "move container to workspace number ${toString n}";
-        }) (lib.range 0 9)));
+              }) (lib.range 0 9)
+            )
+          );
         autolaunch = [
           (getExe' pkgs.dbus "dbus-update-activation-environment")
           (getExe' pkgs.xdg-user-dirs "xdg-user-dirs-update")

users.nix

@@ -10,7 +10,6 @@
     # shell = pkgs.xonsh;
     description = "grimmauld";
 
-
     openssh.authorizedKeys.keys = (import ./authorizedKeys.nix);
     extraGroups = lib.intersectLists (lib.attrNames config.users.groups) [
       "networkmanager"
@@ -41,8 +40,8 @@
       [
         vesktop
         obs-studio
-#        element-desktop
-#        ghidra
+        #        element-desktop
+        #        ghidra
         rmview
       ]
     );