treefmt: formatted all nix files

2022-03-08 00:26:15 +10:00 · 2022-03-08 00:26:15 +10:00 · c05057015e
parent 80f4fbcb61
commit c05057015e
117 changed files with 1640 additions and 1568 deletions
--- a/globals-defaults.nix
+++ b/globals-defaults.nix
@ -1 +1 @@
-{ }
+{}
--- a/globals.nix
+++ b/globals.nix
@ -1,11 +1,11 @@
 self: super: {
-  globals = import ./globals-defaults.nix // rec {
+  globals =
    import ./globals-defaults.nix
    // rec {
      deploymentName = "mio-ops";
-    deploymentName = "mio-ops";
+      domain = "mcwhirter.io";
-    domain = "mcwhirter.io";
+      environment = "${deploymentName}";
-
+    };
    environment = "${deploymentName}";
  };
 }
--- a/hardware/eeepc701.nix
+++ b/hardware/eeepc701.nix
@ -1,8 +1,10 @@
 # Hardware configuration file common to ASUS 701 EeePC4G-BK004
 { config, lib, pkgs, ... }:
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  imports = [
    <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
    ../profiles/host_common.nix
@ -33,14 +35,18 @@
    config = {
      allowUnfree = true;
      packageOverrides = pkgs: {
-        stdenv = pkgs.stdenv // {
+        stdenv =
-          platform = pkgs.stdenv.platform // {
+          pkgs.stdenv
-            kernelExtraConfig = ''
+          // {
-              HIGHMEM64G? n  # 32-bit proc with > 4G RAM
+            platform =
-              HIGHMEM4G y    # 32-bit proc with =< 4G RAM
+              pkgs.stdenv.platform
-            '';
+              // {
                kernelExtraConfig = ''
                  HIGHMEM64G? n  # 32-bit proc with > 4G RAM
                  HIGHMEM4G y    # 32-bit proc with =< 4G RAM
                '';
              };
          };
        };
      };
    };
    localSystem = {
@ -55,7 +61,7 @@
    fsType = "ext4";
  };
-  swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
+  swapDevices = [{device = "/dev/disk/by-label/swap";}];
  networking.wireless.enable = true; # Enable wireless via wpa_supplicant.
  nix.maxJobs = lib.mkDefault 1;
--- a/hardware/lenovo_x201.nix
+++ b/hardware/lenovo_x201.nix
@ -1,24 +1,25 @@
 # Hardware configuration file common to all Lenovo x201 devices
 { config, lib, pkgs, ... }:
 {
-  imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
+  config,
  lib,
  pkgs,
  ...
 }: {
  imports = [<nixpkgs/nixos/modules/installer/scan/not-detected.nix>];
-  boot.initrd.availableKernelModules =
+  boot.initrd.availableKernelModules = ["ehci_pci" "ata_piix" "usbhid" "usb_storage" "sd_mod" "sr_mod"];
-    [ "ehci_pci" "ata_piix" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [];
-  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = ["kvm-intel"];
-  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [];
  boot.extraModulePackages = [ ];
  fileSystems."/" = {
    device = "/dev/disk/by-label/nixos";
    fsType = "ext4";
  };
-  swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
+  swapDevices = [{device = "/dev/disk/by-label/swap";}];
-  hardware.opengl.extraPackages = with pkgs; [ vaapiIntel ];
+  hardware.opengl.extraPackages = with pkgs; [vaapiIntel];
  nix.maxJobs = lib.mkDefault 4;
  services.thinkfan = {
--- a/hardware/linode_vm-encrypted.nix
+++ b/hardware/linode_vm-encrypted.nix
@ -1,18 +1,20 @@
 # Configuration common to all my encrypted Linode VMs
 { config, pkgs, lib, ... }:
 {
  config,
  pkgs,
  lib,
  ...
 }: {
  imports = [
    # Import the NixOS Qemu guest settings
    <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
  ];
  boot = {
-    extraModulePackages = [ ];
+    extraModulePackages = [];
    initrd = {
-      availableKernelModules = [ "virtio_pci" "ahci" "sd_mod" ];
+      availableKernelModules = ["virtio_pci" "ahci" "sd_mod"];
-      kernelModules = [ "dm-snapshot" ];
+      kernelModules = ["dm-snapshot"];
      luks = {
        devices = {
          root = {
@ -22,8 +24,8 @@
        };
      };
    };
-    kernelModules = [ ];
+    kernelModules = [];
-    kernelParams = [ "console=ttyS0,19200n8" ];
+    kernelParams = ["console=ttyS0,19200n8"];
    loader = {
      grub = {
        forceInstall = true;
@ -46,7 +48,7 @@
    fsType = "ext4";
  };
-  swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
+  swapDevices = [{device = "/dev/disk/by-label/swap";}];
  nix.maxJobs = lib.mkDefault 8;
 }
--- a/hardware/linode_vm.nix
+++ b/hardware/linode_vm.nix
@ -1,18 +1,20 @@
 # Configuration common to all my Linode VMs
 { config, pkgs, lib, ... }:
 {
  config,
  pkgs,
  lib,
  ...
 }: {
  imports = [
    # Import the NixOS Qemu guest settings
    <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
  ];
-  boot.initrd.availableKernelModules = [ "virtio_pci" "ahci" "sd_mod" ];
+  boot.initrd.availableKernelModules = ["virtio_pci" "ahci" "sd_mod"];
-  boot.initrd.kernelModules = [ ];
+  boot.initrd.kernelModules = [];
-  boot.kernelModules = [ ];
+  boot.kernelModules = [];
-  boot.extraModulePackages = [ ];
+  boot.extraModulePackages = [];
-  boot.kernelParams = [ "console=ttyS0,19200n8" ];
+  boot.kernelParams = ["console=ttyS0,19200n8"];
  boot.loader = {
    grub = {
      extraConfig = ''
@ -31,7 +33,7 @@
    fsType = "ext4";
  };
-  swapDevices = [{ device = "/dev/sdb"; }];
+  swapDevices = [{device = "/dev/sdb";}];
  nix.maxJobs = lib.mkDefault 4;
 }
--- a/hardware/odroid-hc4/default.nix
+++ b/hardware/odroid-hc4/default.nix
@ -1,11 +1,13 @@
-{ config, lib, modulesPath, pkgs, ... }:
+{
-
+  config,
-with lib;
+  lib,
-
+  modulesPath,
-let
+  pkgs,
  ...
 }:
 with lib; let
  sources = import ../../nix/sources.nix;
-  unstable = import sources.nixpkgsUnstable { };
+  unstable = import sources.nixpkgsUnstable {};
 in {
  imports = [
    "${modulesPath}/profiles/base.nix"
@ -17,7 +19,7 @@ in {
  # The linux kernel used is compiled from the Hardkernel fork of
  # torvalds/linux
  boot = {
-    initrd.availableKernelModules = mkForce [ ];
+    initrd.availableKernelModules = mkForce [];
    kernelPackages = pkgs.linuxPackagesFor pkgs.linux_hardkernel;
    # Bootloader (use Hardkernel fork of Das U-Boot)
    loader = {
--- a/hardware/odroid-hc4/modules/sd-image/default.nix
+++ b/hardware/odroid-hc4/modules/sd-image/default.nix
@ -1,4 +1,10 @@
-{ pkgs, lib, config, modulesPath, ... }: {
+{
  pkgs,
  lib,
  config,
  modulesPath,
  ...
 }: {
  imports = [
    "${modulesPath}/installer/sd-card/sd-image.nix"
    # should we include this module or should we treat the SD
@ -11,14 +17,14 @@
  nixpkgs.overlays = [
    (final: prev: {
-      smartmontools = prev.smartmontools.override { enableMail = false; };
+      smartmontools = prev.smartmontools.override {enableMail = false;};
    })
  ];
  # Remove zfs from supported filesystems as it fails when cross-compiling due
  # to not being able to build kernel module
  boot.supportedFilesystems =
-    lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
+    lib.mkForce ["btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs"];
  sdImage = {
    compressImage = false;
--- a/hardware/odroid-hc4/overlays/kernel/kernel.nix
+++ b/hardware/odroid-hc4/overlays/kernel/kernel.nix
@ -1,7 +1,16 @@
-{ stdenv, buildPackages, fetchFromGitHub, perl, buildLinux, libelf, utillinux
+{
-, lib, ... }@args:
+  stdenv,
-
+  buildPackages,
-buildLinux (args // rec {
+  fetchFromGitHub,
  perl,
  buildLinux,
  libelf,
  utillinux,
  lib,
  ...
 } @ args:
 buildLinux (args
 // rec {
  version = "4.9.241-107";
  # modDirVersion needs to be x.y.z.
@ -25,6 +34,6 @@ buildLinux (args // rec {
    NR_CPUS = lib.mkForce (freeform "8");
  };
-  extraMeta.platforms = [ "aarch64-linux" ];
+  extraMeta.platforms = ["aarch64-linux"];
-
+}
-} // (args.argsOverride or { }))
+// (args.argsOverride or {}))
--- a/hardware/odroid-hc4/overlays/uboot/blx_fix.nix
+++ b/hardware/odroid-hc4/overlays/uboot/blx_fix.nix
@ -1,4 +1,4 @@
-{ writeShellScript }:
+{writeShellScript}:
 writeShellScript "blx_fix" ''
  #bl2 file size 41K, bl21 file size 3K (file size not equal runtime size)
  #total 44K
--- a/hardware/odroid-hc4/overlays/uboot/hardkernel.nix
+++ b/hardware/odroid-hc4/overlays/uboot/hardkernel.nix
@ -1,16 +1,23 @@
-{ gcc49Stdenv, git, bc, bison, flex, nettools, buildPackages, arm-gcc49 }:
+{
-
+  gcc49Stdenv,
  git,
  bc,
  bison,
  flex,
  nettools,
  buildPackages,
  arm-gcc49,
 }:
 gcc49Stdenv.mkDerivation {
  name = "hardkernel-uboot";
  src = builtins.fetchTarball {
-    url =
+    url = "https://github.com/hardkernel/u-boot/archive/766167bbe787e494e47376b31cd017b897e9594c.tar.gz";
      "https://github.com/hardkernel/u-boot/archive/766167bbe787e494e47376b31cd017b897e9594c.tar.gz";
    sha256 = "0hj49jf9w2w55r7fjpx8asb92r85lws8mvq4mvl1v309z7k56zwv";
  };
-  patches = [ ./pwd.diff ./fip_create.diff ];
+  patches = [./pwd.diff ./fip_create.diff];
-  nativeBuildInputs = [ git gcc49Stdenv.cc bc bison flex nettools ];
+  nativeBuildInputs = [git gcc49Stdenv.cc bc bison flex nettools];
-  depsBuildBuild = [ arm-gcc49 buildPackages.gcc49Stdenv.cc ];
+  depsBuildBuild = [arm-gcc49 buildPackages.gcc49Stdenv.cc];
-  makeFlags = [ "CROSS_COMPILE=${gcc49Stdenv.cc.targetPrefix}" ];
+  makeFlags = ["CROSS_COMPILE=${gcc49Stdenv.cc.targetPrefix}"];
  configurePhase = ''
    make odroidc4_defconfig
  '';
--- a/hardware/odroid-hc4/overlays/uboot/meson64-tools.nix
+++ b/hardware/odroid-hc4/overlays/uboot/meson64-tools.nix
@ -1,10 +1,13 @@
-{ stdenv, python2, python3 }:
+{
  stdenv,
  python2,
  python3,
 }:
 stdenv.mkDerivation {
  name = "meson64-tools";
-  nativeBuildInputs = [ python2 python3 ];
+  nativeBuildInputs = [python2 python3];
  src = builtins.fetchTarball {
-    url =
+    url = "https://github.com/angerman/meson64-tools/archive/a2d57d11fd8b4242b903c10dca9d25f7f99d8ff0.tar.gz";
      "https://github.com/angerman/meson64-tools/archive/a2d57d11fd8b4242b903c10dca9d25f7f99d8ff0.tar.gz";
    sha256 = "1487cr7sv34yry8f0chaj6s2g3736dzq0aqw239ahdy30yg7hb2v";
  };
@ -12,5 +15,5 @@ stdenv.mkDerivation {
    patchShebangs .
    patchShebangs ./mbedtls/scripts/generate_psa_constants.py
  '';
-  makeFlags = [ "PREFIX=$(out)/bin" ];
+  makeFlags = ["PREFIX=$(out)/bin"];
 }
--- a/hardware/odroid-hc4/overlays/uboot/overlay.nix
+++ b/hardware/odroid-hc4/overlays/uboot/overlay.nix
@ -1,22 +1,25 @@
-final: prev:
+final: prev: let
-let
+  platform =
-  platform = final.lib.systems.examples.aarch64-multiplatform // {
+    final.lib.systems.examples.aarch64-multiplatform
-    gcc = { arch = "armv8-a+crypto"; };
+    // {
-  };
+      gcc = {arch = "armv8-a+crypto";};
    };
  arm64 = final.pkgsCross.aarch64-embedded;
  arm = final.pkgsCross.arm-embedded;
  uboot-hardkernel =
-    arm64.callPackage ./hardkernel.nix { arm-gcc49 = arm.buildPackages.gcc49; };
+    arm64.callPackage ./hardkernel.nix {arm-gcc49 = arm.buildPackages.gcc49;};
-  with-crypto = import final.path { crossSystem = platform; };
+  with-crypto = import final.path {crossSystem = platform;};
-  meson64-tools = with-crypto.buildPackages.callPackage ./meson64-tools.nix { };
+  meson64-tools = with-crypto.buildPackages.callPackage ./meson64-tools.nix {};
-  blx_fix = arm64.buildPackages.callPackage ./blx_fix.nix { };
+  blx_fix = arm64.buildPackages.callPackage ./blx_fix.nix {};
  uboot = arm64.callPackage ./u-boot.nix {
    inherit uboot-hardkernel meson64-tools blx_fix;
  };
 in {
  uboot-hardkernel = uboot;
  ubootTools-hardkernel = final.buildPackages.ubootTools;
-  buildPackages = prev.buildPackages // {
+  buildPackages =
-    ubootTools-hardkernel = final.buildPackages.buildPackages.ubootTools;
+    prev.buildPackages
-  };
+    // {
      ubootTools-hardkernel = final.buildPackages.buildPackages.ubootTools;
    };
 }
--- a/hardware/odroid-hc4/overlays/uboot/u-boot.nix
+++ b/hardware/odroid-hc4/overlays/uboot/u-boot.nix
@ -1,79 +1,89 @@
-{ stdenv, git, bc, bison, flex, nettools, openssl, buildPackages
+{
-, uboot-hardkernel, meson64-tools, blx_fix }:
+  stdenv,
-let
+  git,
-in stdenv.mkDerivation {
+  bc,
-  name = "uboot";
+  bison,
-  src = builtins.fetchTarball {
+  flex,
-    url =
+  nettools,
-      "https://github.com/u-boot/u-boot/archive/15f7e0dc01d8a851fb1bfbf0e47eab5b67ed26b3.tar.gz";
+  openssl,
-    sha256 = "1ardkap35pi2dsajag728fnvlvpfmdrsa0igj93wbkbf2ypzzhf6";
+  buildPackages,
-  };
+  uboot-hardkernel,
-  CROSS_COMPILE = stdenv.cc.targetPrefix;
+  meson64-tools,
-  configurePhase = ''
+  blx_fix,
-    make odroid-c4_defconfig
+}: let
-  '';
+in
-  buildPhase = ''
+  stdenv.mkDerivation {
-    make
+    name = "uboot";
-  '';
+    src = builtins.fetchTarball {
-  installPhase = ''
+      url = "https://github.com/u-boot/u-boot/archive/15f7e0dc01d8a851fb1bfbf0e47eab5b67ed26b3.tar.gz";
-    mkdir fip
+      sha256 = "1ardkap35pi2dsajag728fnvlvpfmdrsa0igj93wbkbf2ypzzhf6";
-    cp ${uboot-hardkernel}/fip/* fip/
+    };
-    cp u-boot.bin fip/bl33.bin
+    CROSS_COMPILE = stdenv.cc.targetPrefix;
-    ${blx_fix} \
+    configurePhase = ''
-      fip/bl30.bin \
+      make odroid-c4_defconfig
-      fip/zero_tmp \
+    '';
-      fip/bl30_zero.bin \
+    buildPhase = ''
-      fip/bl301.bin \
+      make
-      fip/bl301_zero.bin \
+    '';
-      fip/bl30_new.bin \
+    installPhase = ''
-      bl30
+      mkdir fip
      cp ${uboot-hardkernel}/fip/* fip/
      cp u-boot.bin fip/bl33.bin
      ${blx_fix} \
        fip/bl30.bin \
        fip/zero_tmp \
        fip/bl30_zero.bin \
        fip/bl301.bin \
        fip/bl301_zero.bin \
        fip/bl30_new.bin \
        bl30
-    ${blx_fix} \
+      ${blx_fix} \
-      fip/bl2.bin \
+        fip/bl2.bin \
-      fip/zero_tmp \
+        fip/zero_tmp \
-      fip/bl2_zero.bin \
+        fip/bl2_zero.bin \
-      fip/acs.bin \
+        fip/acs.bin \
-      fip/bl21_zero.bin \
+        fip/bl21_zero.bin \
-      fip/bl2_new.bin \
+        fip/bl2_new.bin \
-      bl2
+        bl2
-    ${meson64-tools}/bin/bl30sig \
+      ${meson64-tools}/bin/bl30sig \
-      --input fip/bl30_new.bin \
+        --input fip/bl30_new.bin \
-      --output fip/bl30_new.bin.g12a.enc \
+        --output fip/bl30_new.bin.g12a.enc \
-      --level v3
+        --level v3
-    ${meson64-tools}/bin/bl3sig \
+      ${meson64-tools}/bin/bl3sig \
-      --input fip/bl30_new.bin.g12a.enc \
+        --input fip/bl30_new.bin.g12a.enc \
-      --output fip/bl30_new.bin.enc \
+        --output fip/bl30_new.bin.enc \
-      --level v3 --type bl30
+        --level v3 --type bl30
-    ${meson64-tools}/bin/bl3sig \
+      ${meson64-tools}/bin/bl3sig \
-      --input fip/bl31.img \
+        --input fip/bl31.img \
-      --output fip/bl31.img.enc \
+        --output fip/bl31.img.enc \
-      --level v3 --type bl31
+        --level v3 --type bl31
-    ${meson64-tools}/bin/bl3sig \
+      ${meson64-tools}/bin/bl3sig \
-      --input fip/bl33.bin --compress lz4 \
+        --input fip/bl33.bin --compress lz4 \
-      --output fip/bl33.bin.enc \
+        --output fip/bl33.bin.enc \
-      --level v3 --type bl33 --compress lz4
+        --level v3 --type bl33 --compress lz4
-    ${meson64-tools}/bin/bl2sig \
+      ${meson64-tools}/bin/bl2sig \
-      --input fip/bl2_new.bin \
+        --input fip/bl2_new.bin \
-      --output fip/bl2.n.bin.sig
+        --output fip/bl2.n.bin.sig
-    ${meson64-tools}/bin/bootmk \
+      ${meson64-tools}/bin/bootmk \
-      --output $out \
+        --output $out \
-      --bl2 fip/bl2.n.bin.sig \
+        --bl2 fip/bl2.n.bin.sig \
-      --bl30 fip/bl30_new.bin.enc \
+        --bl30 fip/bl30_new.bin.enc \
-      --bl31 fip/bl31.img.enc \
+        --bl31 fip/bl31.img.enc \
-      --bl33 fip/bl33.bin.enc \
+        --bl33 fip/bl33.bin.enc \
-      --ddrfw1 fip/ddr4_1d.fw \
+        --ddrfw1 fip/ddr4_1d.fw \
-      --ddrfw2 fip/ddr4_2d.fw \
+        --ddrfw2 fip/ddr4_2d.fw \
-      --ddrfw3 fip/ddr3_1d.fw \
+        --ddrfw3 fip/ddr3_1d.fw \
-      --ddrfw4 fip/piei.fw \
+        --ddrfw4 fip/piei.fw \
-      --ddrfw5 fip/lpddr4_1d.fw \
+        --ddrfw5 fip/lpddr4_1d.fw \
-      --ddrfw6 fip/lpddr4_2d.fw \
+        --ddrfw6 fip/lpddr4_2d.fw \
-      --ddrfw7 fip/diag_lpddr4.fw \
+        --ddrfw7 fip/diag_lpddr4.fw \
-      --ddrfw8 fip/aml_ddr.fw \
+        --ddrfw8 fip/aml_ddr.fw \
-      --ddrfw9 fip/lpddr3_1d.fw \
+        --ddrfw9 fip/lpddr3_1d.fw \
-      --level v3
+        --level v3
-  '';
+    '';
-  nativeBuildInputs = [ git bc bison flex nettools ];
+    nativeBuildInputs = [git bc bison flex nettools];
-  depsBuildBuild = [ buildPackages.stdenv.cc buildPackages.openssl.dev ];
+    depsBuildBuild = [buildPackages.stdenv.cc buildPackages.openssl.dev];
-}
+  }
--- a/hardware/odroid-hc4/uboot/boot-ini-builder.nix
+++ b/hardware/odroid-hc4/uboot/boot-ini-builder.nix
@ -1,5 +1,4 @@
-{ pkgs }:
+{pkgs}:
 pkgs.substituteAll {
  src = ./boot-ini-builder.sh;
  isExecutable = true;
--- a/hardware/odroid-hc4/uboot/hardkernel-uboot.nix
+++ b/hardware/odroid-hc4/uboot/hardkernel-uboot.nix
@ -1,18 +1,24 @@
-{ config, lib, pkgs, ... }:
+{
-
+  config,
-with lib;
+  lib,
-let
+  pkgs,
  ...
 }:
 with lib; let
  blCfg = config.boot.loader;
  dtCfg = config.hardware.deviceTree;
  cfg = blCfg.hardkernel-uboot;
-  timeoutStr = if blCfg.timeout == null then "-1" else toString blCfg.timeout;
+  timeoutStr =
    if blCfg.timeout == null
    then "-1"
    else toString blCfg.timeout;
  # The builder used to write during system activation
-  builder = import ./boot-ini-builder.nix { inherit pkgs; };
+  builder = import ./boot-ini-builder.nix {inherit pkgs;};
  # The builder exposed in populateCmd, which runs on the build architecture
  populateBuilder =
-    import ./boot-ini-builder.nix { pkgs = pkgs.buildPackages; };
+    import ./boot-ini-builder.nix {pkgs = pkgs.buildPackages;};
 in {
  options = {
    boot.loader.hardkernel-uboot = {
@ -38,17 +44,17 @@ in {
          Useful to have for sdImage.populateRootCommands
        '';
      };
    };
  };
  config = let
-    builderArgs = "-t ${timeoutStr}"
+    builderArgs =
      "-t ${timeoutStr}"
      + lib.optionalString (dtCfg.name != null) " -n ${dtCfg.name}";
-  in mkIf cfg.enable {
+  in
-    system.build.installBootLoader = "${builder} ${builderArgs} -c";
+    mkIf cfg.enable {
-    system.boot.loader.id = "hardkernel-uboot";
+      system.build.installBootLoader = "${builder} ${builderArgs} -c";
-    boot.loader.hardkernel-uboot.populateCmd =
+      system.boot.loader.id = "hardkernel-uboot";
-      "${populateBuilder} ${builderArgs}";
+      boot.loader.hardkernel-uboot.populateCmd = "${populateBuilder} ${builderArgs}";
-  };
+    };
 }
--- a/hardware/purism_librem_15.nix
+++ b/hardware/purism_librem_15.nix
@ -1,9 +1,11 @@
 # Hardware configuration file common to all Purism Librem 15 ver 3 TPM devices
 { config, lib, pkgs, ... }:
 {
-  imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
+  config,
  lib,
  pkgs,
  ...
 }: {
  imports = [<nixpkgs/nixos/modules/installer/scan/not-detected.nix>];
  boot = {
    initrd = {
@ -17,11 +19,10 @@
        "aesni_intel" # AES-NI + SSE2 implementation of AEGIS-128
        "cryptd" # Software async crypto daemon
      ];
-      kernelModules = [ "dm-snapshot" ];
+      kernelModules = ["dm-snapshot"];
-      luks.devices."cryptroot".device =
+      luks.devices."cryptroot".device = "/dev/disk/by-uuid/52040288-dea9-4e74-9438-d0946b48a1f4";
        "/dev/disk/by-uuid/52040288-dea9-4e74-9438-d0946b48a1f4";
    };
-    kernelModules = [ "kvm-intel" ]; # Enable kvm for libvirtd
+    kernelModules = ["kvm-intel"]; # Enable kvm for libvirtd
  };
  fileSystems."/" = {
@ -34,8 +35,7 @@
    fsType = "ext4";
  };
-  swapDevices =
+  swapDevices = [{device = "/dev/disk/by-uuid/ac308d76-cc12-4a73-83ee-64a2ad07b91e";}];
    [{ device = "/dev/disk/by-uuid/ac308d76-cc12-4a73-83ee-64a2ad07b91e"; }];
  nix.maxJobs = lib.mkDefault 4;
 }
--- a/hardware/raspberry_pi_2_model_B.nix
+++ b/hardware/raspberry_pi_2_model_B.nix
@ -1,9 +1,10 @@
 # Configuration common to all Raspberry Pi 2 Model B devices
 { config, pkgs, lib, ... }:
 {
-
+  config,
  pkgs,
  lib,
  ...
 }: {
  boot = {
    consoleLogLevel = lib.mkDefault 7;
    initrd = {
@ -50,7 +51,7 @@
      # Alternatively, this could be removed from the configuration.
      # The filesystem is not needed at runtime, it could be treated
      # as an opaque blob instead of a discrete FAT32 filesystem.
-      options = [ "nofail" "noauto" ];
+      options = ["nofail" "noauto"];
    };
    "/var" = {
      device = "/dev/disk/by-label/var";
@ -59,10 +60,12 @@
  };
  # !!! Adding a swap file is optional, but strongly recommended!
-  swapDevices = [{
+  swapDevices = [
-    device = "/swapfile";
+    {
-    size = 1024;
+      device = "/swapfile";
-  }];
+      size = 1024;
    }
  ];
  hardware = {
    enableRedistributableFirmware = true; # Enable support for Pi firmware blobs
@ -74,9 +77,7 @@
  sound.enable = false; # Disable sound.
-  environment.systemPackages = with pkgs;
+  environment.systemPackages = with pkgs; [
-    [
+    libraspberrypi # Userland tools for the Raspberry Pi board
-      libraspberrypi # Userland tools for the Raspberry Pi board
+  ];
    ];
 }
--- a/hardware/raspberry_pi_3_model_B.nix
+++ b/hardware/raspberry_pi_3_model_B.nix
@ -1,9 +1,10 @@
 # Configuration common to all Raspberry Pi 3 Model B devices
 { config, pkgs, lib, ... }:
 {
-
+  config,
  pkgs,
  lib,
  ...
 }: {
  boot = {
    initrd = {
      availableKernelModules = [
@ -53,7 +54,7 @@
      # Alternatively, this could be removed from the configuration.
      # The filesystem is not needed at runtime, it could be treated
      # as an opaque blob instead of a discrete FAT32 filesystem.
-      options = [ "nofail" "noauto" ];
+      options = ["nofail" "noauto"];
    };
    #"/var" = {
    #  device = "/dev/disk/by-label/var";
@ -62,10 +63,12 @@
  };
  # !!! Adding a swap file is optional, but strongly recommended!
-  swapDevices = [{
+  swapDevices = [
-    device = "/swapfile";
+    {
-    size = 1024;
+      device = "/swapfile";
-  }];
+      size = 1024;
    }
  ];
  hardware = {
    enableRedistributableFirmware = true; # Enable support for Pi firmware blobs
@ -75,9 +78,7 @@
    enableB43Firmware = false; # If true, enable Pi wireless firmware
  };
-  environment.systemPackages = with pkgs;
+  environment.systemPackages = with pkgs; [
-    [
+    libraspberrypi # Userland tools for the Raspberry Pi board
-      libraspberrypi # Userland tools for the Raspberry Pi board
+  ];
    ];
 }
--- a/hosts/airgead.nix
+++ b/hosts/airgead.nix
@ -1,9 +1,10 @@
 # NixOps configuration for airgead
 { config, pkgs, lib, ... }:
 {
-
+  config,
  pkgs,
  lib,
  ...
 }: {
  imports = [
    ../networks/linode.nix
    ../profiles/cardano-node.nix
--- a/hosts/ceilidh.nix
+++ b/hosts/ceilidh.nix
@ -1,12 +1,14 @@
-# NixOps configuration for pàidh-tri
+# NixOps configuration for ceilidh
 { config, pkgs, lib, ... }:
 {
-  imports = [ ../hardware/odroid-hc4 ];
+  config,
  pkgs,
  lib,
  ...
 }: {
  imports = [../hardware/odroid-hc4];
  # Comment out deployment when building the SD Image.
-  deployment.targetHost = "10.42.0.121";
+  deployment.targetHost = "10.42.0.108";
  networking.hostName = "ceilidh"; # Define your hostname.
  # Ensure the right package architecture is used
@ -21,10 +23,9 @@
    };
  };
-  environment.systemPackages = with pkgs;
+  environment.systemPackages = with pkgs; [
-    [
+    gnupg # GPL OpenPGP implementation
-      gnupg # GPL OpenPGP implementation
+  ];
    ];
  system.stateVersion = "21.05"; # The version of NixOS originally installed
 }
--- a/hosts/cuallaidh.nix
+++ b/hosts/cuallaidh.nix
@ -1,9 +1,10 @@
 # NixOps configuration for cuallaidh
 { config, pkgs, lib, ... }:
 {
-
+  config,
  pkgs,
  lib,
  ...
 }: {
  imports = [
    ../networks/linode.nix
    ../profiles/coturn.nix
@ -11,6 +12,8 @@
    ../profiles/gitea.nix
    #../profiles/hydra.nix
    ../profiles/iohk.nix
    ../profiles/ipv6.nix
    ../profiles/mastodon.nix
    ../profiles/matrix.nix
    ../profiles/mcwhirter.io.nix
    ../profiles/minecraftServer.nix
@ -26,6 +29,12 @@
  deployment.targetHost = "172.105.171.16";
  networking.hostName = "cuallaidh"; # Define your hostname.
  networking.interfaces.eth0.ipv6.addresses = [
    {
      address = "2400:8907::f03c:92ff:fe08:f1d4";
      prefixLength = 64;
    }
  ];
  system.stateVersion = "19.03"; # The version of NixOS originally installed
 }
--- a/hosts/dhu.nix
+++ b/hosts/dhu.nix
@ -1,8 +1,9 @@
 # Configuration for an ASUS ASUS 701 EeePC4G-BK004
 { config, pkgs, ... }:
 {
  config,
  pkgs,
  ...
 }: {
  imports = [
    ../hardware/eeepc701.nix # Include common configuration options
    ../secrets/wireless.nix
@ -13,5 +14,4 @@
  networking.hostName = "dhu"; # Define your hostname.
  system.stateVersion = "20.09"; # The version of NixOS originally installed
 }
--- a/hosts/dionach.nix
+++ b/hosts/dionach.nix
@ -1,9 +1,9 @@
 # NixOps configuration for dionach
 { config, pkgs, ... }:
 {
-
+  config,
  pkgs,
  ...
 }: {
  imports = [
    ../hardware/purism_librem_15.nix # Include results of the hardware scan.
    ../profiles/android.nix # Provide an Android dev environment
@ -14,6 +14,7 @@
    ../profiles/haskell-dev.nix # Haskell dev environment
    ../profiles/host_common.nix # Common host configuration options
    ../profiles/iohk.nix # IOHK environment
    ../profiles/kde.nix # kdeenvironment
    ../profiles/keyboard.nix
    ../profiles/neomutt.nix # Neomutt email
    ../profiles/nix-community.nix # Nix community aarch64 tooling
@ -35,7 +36,7 @@
  nixpkgs.config = {
    allowUnfree = true;
-    permittedInsecurePackages = [ "openssl-1.0.2u" "minecraft" ];
+    permittedInsecurePackages = ["openssl-1.0.2u" "minecraft"];
  };
  # Use the GRUB 2 boot loader.
@ -153,7 +154,7 @@
  ];
  environment.variables = {
-    GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ];
+    GIO_EXTRA_MODULES = ["${pkgs.gvfs}/lib/gio/modules"];
  };
  services.acpid.enable = true;
@ -165,7 +166,7 @@
  networking.firewall = {
    enable = true;
    checkReversePath = false; # Needed for libvirtd
-    allowedTCPPorts = [ 15000 ];
+    allowedTCPPorts = [15000];
  };
  # Virtualisation configuration:
@ -193,13 +194,13 @@
    pulseaudio = {
      enable = true;
      systemWide = false;
-      extraModules = [ pkgs.pulseaudio-modules-bt ];
+      extraModules = [pkgs.pulseaudio-modules-bt];
      package = pkgs.pulseaudioFull;
    };
    bluetooth = {
      enable = true;
      hsphfpd.enable = true;
-      settings = { Policy = { AutoEnable = "true"; }; };
+      settings = {Policy = {AutoEnable = "true";};};
    };
    opengl.enable = true;
  };
@ -212,12 +213,11 @@
    TCPKeepAlive no
  '';
-  users.groups = { lp.members = [ "messagebus" ]; };
+  users.groups = {lp.members = ["messagebus"];};
  # This value determines the NixOS release with which your system is to be
  # compatible, in order to avoid breaking some software such as database
  # servers. You should change this only after NixOS release notes say you
  # should.
  system.stateVersion = "20.03"; # Did you read the comment?
 }
--- a/hosts/iolear-beag.nix
+++ b/hosts/iolear-beag.nix
@ -1,8 +1,9 @@
 # NixOS Configuration for a Lenovo x201
 { config, pkgs, ... }:
 {
  config,
  pkgs,
  ...
 }: {
  imports = [
    ../hardware/lenovo_x201.nix
    ../profiles/desktop_common.nix
@ -18,5 +19,4 @@
  networking.hostName = "iolear-beag"; # Define your hostname.
  system.stateVersion = "18.09"; # The version of NixOS originally installed
 }
--- a/hosts/paidh-aon.nix
+++ b/hosts/paidh-aon.nix
@ -1,9 +1,11 @@
 # NixOps configuration for pàidh-aon
 { config, pkgs, lib, ... }:
 {
-  imports = [ ../networks/pi2B_rack.nix ];
+  config,
  pkgs,
  lib,
  ...
 }: {
  imports = [../networks/pi2B_rack.nix];
  # Comment out deployment when building the SD Image.
  #deployment.targetHost = "10.69.0.201";
--- a/hosts/paidh-ceithir.nix
+++ b/hosts/paidh-ceithir.nix
@ -1,15 +1,17 @@
 # NixOps configuration for paidh-ceithir
 { config, pkgs, lib, ... }:
 {
-  imports = [ ../networks/pi3B_rack.nix ];
+  config,
  pkgs,
  lib,
  ...
 }: {
  imports = [../networks/pi3B_rack.nix];
  # Comment out deployment when building the SD Image.
  deployment.targetHost = "10.42.0.204";
  networking.hostName = "paidh-ceithir"; # Define your hostname.
-  environment.systemPackages = with pkgs; [ ];
+  environment.systemPackages = with pkgs; [];
  system.stateVersion = "20.09"; # The version of NixOS originally installed
 }
--- a/hosts/paidh-coig.nix
+++ b/hosts/paidh-coig.nix
@ -1,15 +1,17 @@
 # NixOps configuration for paidh-coig
 { config, pkgs, lib, ... }:
 {
-  imports = [ ../networks/pi3B_rack.nix ];
+  config,
  pkgs,
  lib,
  ...
 }: {
  imports = [../networks/pi3B_rack.nix];
  # Comment out deployment when building the SD Image.
  deployment.targetHost = "10.42.0.205";
  networking.hostName = "paidh-coig"; # Define your hostname.
-  environment.systemPackages = with pkgs; [ ];
+  environment.systemPackages = with pkgs; [];
  system.stateVersion = "20.09"; # The version of NixOS originally installed
 }
--- a/hosts/paidh-dha.nix
+++ b/hosts/paidh-dha.nix
@ -1,8 +1,10 @@
 # NixOps configuration for pàidh-dha
 { config, pkgs, lib, ... }:
 {
  config,
  pkgs,
  lib,
  ...
 }: {
  imports = [
    ../networks/pi3B_rack.nix
    ../profiles/transmission.nix
--- a/hosts/paidh-tri.nix
+++ b/hosts/paidh-tri.nix
@ -1,18 +1,19 @@
 # NixOps configuration for pàidh-tri
 { config, pkgs, lib, ... }:
 {
-  imports = [ ../networks/pi3B_rack.nix ../profiles/cyclone-ibis.nix ];
+  config,
  pkgs,
  lib,
  ...
 }: {
  imports = [../networks/pi3B_rack.nix ../profiles/cyclone-ibis.nix];
  # Comment out deployment when building the SD Image.
  deployment.targetHost = "10.42.0.203";
  networking.hostName = "paidh-tri"; # Define your hostname.
-  environment.systemPackages = with pkgs;
+  environment.systemPackages = with pkgs; [
-    [
+    gnupg # GPL OpenPGP implementation
-      gnupg # GPL OpenPGP implementation
+  ];
    ];
  system.stateVersion = "20.09"; # The version of NixOS originally installed
 }
--- a/hosts/paidh-uachdar.nix
+++ b/hosts/paidh-uachdar.nix
@ -1,8 +1,10 @@
 # NixOps configuration for pàidh-uachdar
 { config, pkgs, lib, ... }:
 {
  config,
  pkgs,
  lib,
  ...
 }: {
  imports = [
    ../hardware/raspberry_pi_3_model_B.nix
    ../profiles/host_common.nix
@ -34,10 +36,9 @@
    nixos.enable = false; # Save some space by disabling the manual
  };
-  environment.systemPackages = with pkgs;
+  environment.systemPackages = with pkgs; [
-    [
+    gnupg # GPL OpenPGP implementation
-      gnupg # GPL OpenPGP implementation
+  ];
    ];
  system.stateVersion = "20.09"; # The version of NixOS originally installed
 }
--- a/hosts/sithlainnir.nix
+++ b/hosts/sithlainnir.nix
@ -1,8 +1,9 @@
 # Configuration for sithlainnir, a Lenovo x201
 { config, pkgs, ... }:
 {
  config,
  pkgs,
  ...
 }: {
  imports = [
    ../hardware/lenovo_x201.nix
    ../profiles/desktopFiona.nix
@ -18,5 +19,4 @@
  networking.hostName = "sithlainnir"; # Define your hostname.
  system.stateVersion = "18.09"; # The version of NixOS originally installed
 }
--- a/hosts/teintidh.nix
+++ b/hosts/teintidh.nix
@ -1,8 +1,9 @@
 # Configuration for a Lenovo x201
 { config, pkgs, ... }:
 {
  config,
  pkgs,
  ...
 }: {
  imports = [
    ../hardware/lenovo_x201.nix
    ../profiles/desktop_common.nix
@ -19,5 +20,4 @@
  networking.hostName = "teintidh"; # Define your hostname.
  system.stateVersion = "18.09"; # The version of NixOS originally installed
 }
--- a/images/sd-image_paidh-aarch64.nix
+++ b/images/sd-image_paidh-aarch64.nix
@ -2,14 +2,16 @@
 #
 # To build, use:
 # imports = [ ./sd-image_paidh-base ]
-
+{
-{ config, lib, pkgs, ... }:
+  config,
-
+  lib,
-let
+  pkgs,
  ...
 }: let
  extlinux-conf-builder = import
-    <nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix> {
+  <nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix> {
-      pkgs = pkgs.buildPackages;
+    pkgs = pkgs.buildPackages;
-    };
+  };
 in {
  imports = [
    <nixpkgs/nixos/modules/profiles/base.nix>
@ -44,5 +46,4 @@ in {
      ${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot
    '';
  };
 }
--- a/images/sd-image_paidh-aon.nix
+++ b/images/sd-image_paidh-aon.nix
@ -8,9 +8,6 @@
 # An example of how to write the image to SD card:
 #
 # bzcat ./result/sd-image/nixos-sd-image-20.03.1577.74a80c5a9ab-aarch64-linux.img.bz2 | sudo dd of=/dev/sdb
-
+{...}: {
-{ ... }: {
+  imports = [./sd-image_paidh-armv7.nix ../hosts/paidh-aon.nix];
  imports = [ ./sd-image_paidh-armv7.nix ../hosts/paidh-aon.nix ];
 }
--- a/images/sd-image_paidh-armv7.nix
+++ b/images/sd-image_paidh-armv7.nix
@ -2,14 +2,16 @@
 #
 # To build, use:
 # imports = [ ./sd-image_paidh-armv7.nix ]
-
+{
-{ config, lib, pkgs, ... }:
+  config,
-
+  lib,
-let
+  pkgs,
  ...
 }: let
  extlinux-conf-builder = import
-    <nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix> {
+  <nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix> {
-      pkgs = pkgs.buildPackages;
+    pkgs = pkgs.buildPackages;
-    };
+  };
 in {
  imports = [
    <nixpkgs/nixos/modules/profiles/base.nix>
@ -42,5 +44,4 @@ in {
      ${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot
    '';
  };
 }
--- a/images/sd-image_paidh-ceithir.nix
+++ b/images/sd-image_paidh-ceithir.nix
@ -8,9 +8,6 @@
 # An example of how to write the image to SD card:
 #
 # bzcat ./result/sd-image/nixos-sd-image-20.03.1577.74a80c5a9ab-aarch64-linux.img.bz2 | sudo dd of=/dev/sdb
-
+{...}: {
-{ ... }: {
+  imports = [./sd-image_paidh-aarch64.nix ../hosts/paidh-ceithir.nix];
  imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-ceithir.nix ];
 }
--- a/images/sd-image_paidh-coig.nix
+++ b/images/sd-image_paidh-coig.nix
@ -8,9 +8,6 @@
 # An example of how to write the image to SD card:
 #
 # bzcat ./result/sd-image/nixos-sd-image-20.03.1577.74a80c5a9ab-aarch64-linux.img.bz2 | sudo dd of=/dev/sdb
-
+{...}: {
-{ ... }: {
+  imports = [./sd-image_paidh-aarch64.nix ../hosts/paidh-coig.nix];
  imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-coig.nix ];
 }
--- a/images/sd-image_paidh-dha.nix
+++ b/images/sd-image_paidh-dha.nix
@ -1,7 +1,4 @@
 # SD image for paidh-dha
-
+{...}: {
-{ ... }: {
+  imports = [./sd-image_paidh-aarch64.nix ../hosts/paidh-dha.nix];
  imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-dha.nix ];
 }
--- a/images/sd-image_paidh-tri.nix
+++ b/images/sd-image_paidh-tri.nix
@ -8,9 +8,6 @@
 # An example of how to write the image to SD card:
 #
 # bzcat ./result/sd-image/nixos-sd-image-20.03.1577.74a80c5a9ab-aarch64-linux.img.bz2 | sudo dd of=/dev/sdb
-
+{...}: {
-{ ... }: {
+  imports = [./sd-image_paidh-aarch64.nix ../hosts/paidh-tri.nix];
  imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-tri.nix ];
 }
--- a/images/usb-yubikey.nix
+++ b/images/usb-yubikey.nix
@ -1,17 +1,17 @@
 # Configuration for USB image for air gapped Yubikey machine
 #
 # Usage: nix-build -A iso images/usb-yubikey.nix
-
+{
-{ nixpkgs ? <nixpkgs>, system ? "x86_64-linux" }:
+  nixpkgs ? <nixpkgs>,
-
+  system ? "x86_64-linux",
-let
+}: let
-  config = { pkgs, ... }:
+  config = {pkgs, ...}:
    with pkgs; {
      imports = [
        <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
      ];
-      boot.supportedFilesystems = [ "zfs" ];
+      boot.supportedFilesystems = ["zfs"];
-      boot.kernelParams = [ "console=ttyS0,115200n8" ];
+      boot.kernelParams = ["console=ttyS0,115200n8"];
      programs = {
        ssh.startAgent = false;
        gnupg.agent = {
@ -20,7 +20,7 @@ let
        };
      };
      services.pcscd.enable = true;
-      services.udev.packages = [ yubikey-personalization ];
+      services.udev.packages = [yubikey-personalization];
      environment.systemPackages = [
        curl # Tool for transferring files with URL syntax
        gnupg # GNU Privacy Guard
@ -32,6 +32,5 @@ let
      #services.openssh.enable = false;
    };
  evalNixos = configuration:
-    import <nixpkgs/nixos> { inherit system configuration; };
+    import <nixpkgs/nixos> {inherit system configuration;};
-
+in {iso = (evalNixos config).config.system.build.isoImage;}
 in { iso = (evalNixos config).config.system.build.isoImage; }
--- a/networks/linode-common.nix
+++ b/networks/linode-common.nix
@ -1,9 +1,11 @@
 # NixOps configuration common to Linode VMs
 { config, pkgs, lib, ... }:
 {
-  imports = [ ../profiles/host_common.nix ../profiles/server_common.nix ];
+  config,
  pkgs,
  lib,
  ...
 }: {
  imports = [../profiles/host_common.nix ../profiles/server_common.nix];
  # Ensure the right package architecture is used
  nixpkgs.localSystem = {
@ -12,7 +14,7 @@
  };
  # Tools that Linode support like to have install if you need them.
-  environment.systemPackages = with pkgs; [ inetutils mtr sysstat ];
+  environment.systemPackages = with pkgs; [inetutils mtr sysstat];
  # Configure firewall defaults:
  networking = {
@ -21,9 +23,14 @@
    interfaces.eth0.useDHCP = true;
    firewall = {
      enable = true;
-      allowedTCPPorts = [ 80 443 ];
+      allowedTCPPorts = [80 443];
-      trustedInterfaces = [ "lo" ];
+      trustedInterfaces = ["lo"];
    };
  };
  systemd.network.networks.eth0.ipv6SendRAConfig = {
    EmitDNS = true;
    Managed = true;
    OtherInformation = true;
  };
 }
--- a/networks/linode-encrypted.nix
+++ b/networks/linode-encrypted.nix
@ -1,7 +1,9 @@
 # NixOps configuration for the Linode VMs
 { config, pkgs, lib, ... }:
 {
-  imports = [ ../hardware/linode_vm-encrypted.nix ./linode-common.nix ];
+  config,
  pkgs,
  lib,
  ...
 }: {
  imports = [../hardware/linode_vm-encrypted.nix ./linode-common.nix];
 }
--- a/networks/linode.nix
+++ b/networks/linode.nix
@ -1,7 +1,9 @@
 # NixOps configuration for the Linode VMs
 { config, pkgs, lib, ... }:
 {
-  imports = [ ../hardware/linode_vm.nix ./linode-common.nix ];
+  config,
  pkgs,
  lib,
  ...
 }: {
  imports = [../hardware/linode_vm.nix ./linode-common.nix];
 }
--- a/networks/pi2B_rack.nix
+++ b/networks/pi2B_rack.nix
@ -1,7 +1,5 @@
 # NixOps configuration for the Raspberry Pi 2B Rack
 {
  imports = [
    <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
    ../hardware/raspberry_pi_2_model_B.nix
@ -11,7 +9,7 @@
  ];
  # Ensure the right package architecture is used
-  nixpkgs.crossSystem = { system = "armv7l-linux"; };
+  nixpkgs.crossSystem = {system = "armv7l-linux";};
  networking.wireless.enable =
    false; # Toggles wireless support via wpa_supplicant.
@ -26,5 +24,4 @@
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFq6/C6ZSM8nS091fqw/om9LRszHDmS82ZTL7+GaSBnz craige@paidh-tri"
    ];
  };
 }
--- a/networks/pi3B_rack.nix
+++ b/networks/pi3B_rack.nix
@ -1,7 +1,5 @@
 # NixOps configuration for the Raspberry Pi 3B Rack
 {
  imports = [
    <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
    ../hardware/raspberry_pi_3_model_B.nix
@ -20,6 +18,12 @@
  networking.wireless.enable =
    false; # Toggles wireless support via wpa_supplicant.
  systemd.network.networks.eth0.ipv6SendRAConfig = {
    EmitDNS = true;
    Managed = true;
    OtherInformation = true;
  };
  documentation = {
    nixos.enable = false; # Save some space by disabling the manual
  };
@ -30,5 +34,4 @@
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFq6/C6ZSM8nS091fqw/om9LRszHDmS82ZTL7+GaSBnz craige@pi-tri"
    ];
  };
 }
--- a/nix/default.nix
+++ b/nix/default.nix
@ -1,22 +1,24 @@
-{ sources ? import ./sources.nix, system ? builtins.currentSystem
+{
-, crossSystem ? null, config ? { } }:
+  sources ? import ./sources.nix,
-
+  system ? builtins.currentSystem,
-let
+  crossSystem ? null,
  config ? {},
 }: let
  # our own overlays:
-  local-overlays = [ ];
+  local-overlays = [];
-  globals = if builtins.pathExists ../globals.nix then
+  globals =
-    [ (import ../globals.nix) ]
+    if builtins.pathExists ../globals.nix
-  else
+    then [(import ../globals.nix)]
-    builtins.trace "globals.nix missing, please add symlink" [ ];
+    else builtins.trace "globals.nix missing, please add symlink" [];
  # merge upstream sources with our own:
  upstream-overlays = [
    (_: super: {
-
+      sources = (super.sources or {}) // sources;
      sources = (super.sources or { }) // sources;
    })
  ];
  overlays = local-overlays ++ globals ++ upstream-overlays;
-in import sources.nixpkgs { inherit overlays system crossSystem config; }
+in
  import sources.nixpkgs {inherit overlays system crossSystem config;}
--- a/nix/sources.nix
+++ b/nix/sources.nix
@ -1,22 +1,17 @@
 # This file has been generated by Niv.
 let
  #
  # The fetchers. fetch_<type> fetches specs of type <type>.
  #
  fetch_file = pkgs: spec:
-    if spec.builtin or true then
+    if spec.builtin or true
-      builtins_fetchurl { inherit (spec) url sha256; }
+    then builtins_fetchurl {inherit (spec) url sha256;}
-    else
+    else pkgs.fetchurl {inherit (spec) url sha256;};
      pkgs.fetchurl { inherit (spec) url sha256; };
  fetch_tarball = pkgs: spec:
-    if spec.builtin or true then
+    if spec.builtin or true
-      builtins_fetchTarball { inherit (spec) url sha256; }
+    then builtins_fetchTarball {inherit (spec) url sha256;}
-    else
+    else pkgs.fetchzip {inherit (spec) url sha256;};
      pkgs.fetchzip { inherit (spec) url sha256; };
  fetch_git = spec:
    builtins.fetchGit {
@ -31,7 +26,8 @@ let
        instead use `builtin = true`.
        $ niv modify <package> -a type=tarball -a builtin=true
-    '' builtins_fetchTarball { inherit (spec) url sha256; };
+    ''
    builtins_fetchTarball {inherit (spec) url sha256;};
  fetch_builtin-url = spec:
    builtins.trace ''
@ -40,24 +36,24 @@ let
        instead use `builtin = true`.
        $ niv modify <package> -a type=file -a builtin=true
-    '' (builtins_fetchurl { inherit (spec) url sha256; });
+    '' (builtins_fetchurl {inherit (spec) url sha256;});
  #
  # Various helpers
  #
  # The set of packages used when specs are fetched using non-builtins.
-  mkPkgs = sources:
+  mkPkgs = sources: let
-    let
+    sourcesNixpkgs =
-      sourcesNixpkgs =
+      import (builtins_fetchTarball {inherit (sources.nixpkgs) url sha256;})
-        import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; })
+      {};
-        { };
+    hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
-      hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
+    hasThisAsNixpkgsPath = <nixpkgs> == ./.;
-      hasThisAsNixpkgsPath = <nixpkgs> == ./.;
+  in
-    in if builtins.hasAttr "nixpkgs" sources then
+    if builtins.hasAttr "nixpkgs" sources
-      sourcesNixpkgs
+    then sourcesNixpkgs
-    else if hasNixpkgsPath && !hasThisAsNixpkgsPath then
+    else if hasNixpkgsPath && !hasThisAsNixpkgsPath
-      import <nixpkgs> { }
+    then import <nixpkgs> {}
    else
      abort ''
        Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
@ -66,19 +62,18 @@ let
  # The actual fetching function.
  fetch = pkgs: name: spec:
-
+    if !builtins.hasAttr "type" spec
-    if !builtins.hasAttr "type" spec then
+    then abort "ERROR: niv spec ${name} does not have a 'type' attribute"
-      abort "ERROR: niv spec ${name} does not have a 'type' attribute"
+    else if spec.type == "file"
-    else if spec.type == "file" then
+    then fetch_file pkgs spec
-      fetch_file pkgs spec
+    else if spec.type == "tarball"
-    else if spec.type == "tarball" then
+    then fetch_tarball pkgs spec
-      fetch_tarball pkgs spec
+    else if spec.type == "git"
-    else if spec.type == "git" then
+    then fetch_git spec
-      fetch_git spec
+    else if spec.type == "builtin-tarball"
-    else if spec.type == "builtin-tarball" then
+    then fetch_builtin-tarball spec
-      fetch_builtin-tarball spec
+    else if spec.type == "builtin-url"
-    else if spec.type == "builtin-url" then
+    then fetch_builtin-url spec
      fetch_builtin-url spec
    else
      abort
      "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
@ -86,48 +81,61 @@ let
  # Ports of functions for older nix versions
  # a Nix version of mapAttrs if the built-in doesn't exist
-  mapAttrs = builtins.mapAttrs or (f: set:
+  mapAttrs =
-    with builtins;
+    builtins.mapAttrs
-    listToAttrs (map (attr: {
+    or (f: set:
-      name = attr;
+      with builtins;
-      value = f attr set.${attr};
+        listToAttrs (map (attr: {
-    }) (attrNames set)));
+          name = attr;
          value = f attr set.${attr};
        }) (attrNames set)));
  # fetchTarball version that is compatible between all the versions of Nix
-  builtins_fetchTarball = { url, sha256 }@attrs:
+  builtins_fetchTarball = {
-    let inherit (builtins) lessThan nixVersion fetchTarball;
+    url,
-    in if lessThan nixVersion "1.12" then
+    sha256,
-      fetchTarball { inherit url; }
+  } @ attrs: let
-    else
+    inherit (builtins) lessThan nixVersion fetchTarball;
-      fetchTarball attrs;
+  in
    if lessThan nixVersion "1.12"
    then fetchTarball {inherit url;}
    else fetchTarball attrs;
  # fetchurl version that is compatible between all the versions of Nix
-  builtins_fetchurl = { url, sha256 }@attrs:
+  builtins_fetchurl = {
-    let inherit (builtins) lessThan nixVersion fetchurl;
+    url,
-    in if lessThan nixVersion "1.12" then
+    sha256,
-      fetchurl { inherit url; }
+  } @ attrs: let
-    else
+    inherit (builtins) lessThan nixVersion fetchurl;
-      fetchurl attrs;
+  in
    if lessThan nixVersion "1.12"
    then fetchurl {inherit url;}
    else fetchurl attrs;
  # Create the final "sources" from the config
  mkSources = config:
    mapAttrs (name: spec:
-      if builtins.hasAttr "outPath" spec then
+      if builtins.hasAttr "outPath" spec
      then
        abort
        "The values in sources.json should not have an 'outPath' attribute"
-      else
+      else spec // {outPath = fetch config.pkgs name spec;})
-        spec // { outPath = fetch config.pkgs name spec; }) config.sources;
+    config.sources;
  # The "config" used by the fetchers
-  mkConfig = { sourcesFile ? ./sources.json
+  mkConfig = {
-    , sources ? builtins.fromJSON (builtins.readFile sourcesFile)
+    sourcesFile ? ./sources.json,
-    , pkgs ? mkPkgs sources }: rec {
+    sources ? builtins.fromJSON (builtins.readFile sourcesFile),
-      # The sources, i.e. the attribute set of spec name to spec
+    pkgs ? mkPkgs sources,
-      inherit sources;
+  }: rec {
    # The sources, i.e. the attribute set of spec name to spec
    inherit sources;
-      # The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers
+    # The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers
-      inherit pkgs;
+    inherit pkgs;
-    };
+  };
-in mkSources (mkConfig { }) // {
+in
-  __functor = _: settings: mkSources (mkConfig settings);
+  mkSources (mkConfig {})
-}
+  // {
    __functor = _: settings: mkSources (mkConfig settings);
  }
--- a/nixops.nix
+++ b/nixops.nix
@ -1,18 +1,20 @@
 # NixOps configuration for the mio-ops nodes
 {
  network = {
    description = "mio-ops nodes";
    enableRollback = true;
  };
-  network.storage.legacy = { databasefile = "~/.nixops/deployments.nixops"; };
+  network.storage.legacy = {databasefile = "~/.nixops/deployments.nixops";};
-  defaults = { config, pkgs, lib, ... }:
+  defaults = {
-
+    config,
-    {
+    pkgs,
-      system.autoUpgrade.enable = false; # Disabled as it conflicts with NixOps
+    lib,
-    };
+    ...
  }: {
    system.autoUpgrade.enable = false; # Disabled as it conflicts with NixOps
  };
  airgead = import hosts/airgead.nix;
  ceilidh = import hosts/ceilidh.nix;
--- a/overlays/nixUnstable.nix
+++ b/overlays/nixUnstable.nix
@ -1,4 +1,6 @@
-let sources = import ../nix/sources.nix { };
+let
-in final: prev: {
+  sources = import ../nix/sources.nix {};
-  nixUnstable = (import sources.nixos-unstable { }).nixUnstable;
+in
-}
+  final: prev: {
    nixUnstable = (import sources.nixos-unstable {}).nixUnstable;
  }
--- a/overlays/qemu/default.nix
+++ b/overlays/qemu/default.nix
@ -1,15 +1,12 @@
 # Based up original waokr by cleverca22
 # https://github.com/cleverca22/nixos-configs/blob/master/overlays/qemu/default.nix
-
+self: super: {
-self: super:
+  qemu-user-arm =
-
+    if self.stdenv.system == "x86_64-linux"
-{
+    then self.pkgsi686Linux.callPackage ./qemu {user_arch = "arm";}
-  qemu-user-arm = if self.stdenv.system == "x86_64-linux" then
+    else self.callPackage ./qemu {user_arch = "arm";};
-    self.pkgsi686Linux.callPackage ./qemu { user_arch = "arm"; }
+  qemu-user-x86 = self.callPackage ./qemu {user_arch = "x86_64";};
-  else
+  qemu-user-arm64 = self.callPackage ./qemu {user_arch = "aarch64";};
-    self.callPackage ./qemu { user_arch = "arm"; };
+  qemu-user-riscv32 = self.callPackage ./qemu {user_arch = "riscv32";};
-  qemu-user-x86 = self.callPackage ./qemu { user_arch = "x86_64"; };
+  qemu-user-riscv64 = self.callPackage ./qemu {user_arch = "riscv64";};
  qemu-user-arm64 = self.callPackage ./qemu { user_arch = "aarch64"; };
  qemu-user-riscv32 = self.callPackage ./qemu { user_arch = "riscv32"; };
  qemu-user-riscv64 = self.callPackage ./qemu { user_arch = "riscv64"; };
 }
--- a/overlays/qemu/qemu/default.nix
+++ b/overlays/qemu/qemu/default.nix
@ -1,13 +1,23 @@
 # Based up original waokr by cleverca22
 # https://raw.githubusercontent.com/cleverca22/nixos-configs/master/overlays/qemu/qemu/default.nix
-
+{
-{ stdenv, fetchurl, python, pkgconfig, zlib, glib, user_arch, flex, bison
+  stdenv,
-, makeStaticLibraries, glibc, qemu, fetchFromGitHub }:
+  fetchurl,
-
+  python,
-let
+  pkgconfig,
  zlib,
  glib,
  user_arch,
  flex,
  bison,
  makeStaticLibraries,
  glibc,
  qemu,
  fetchFromGitHub,
 }: let
  env2 = makeStaticLibraries stdenv;
-  myglib = (glib.override { stdenv = env2; }).overrideAttrs (drv: {
+  myglib = (glib.override {stdenv = env2;}).overrideAttrs (drv: {
-    mesonFlags = (drv.mesonFlags or [ ]) ++ [ "-Ddefault_library=both" ];
+    mesonFlags = (drv.mesonFlags or []) ++ ["-Ddefault_library=both"];
  });
  riscv_src = fetchFromGitHub {
    owner = "riscv";
@ -22,32 +32,36 @@ let
    riscv64 = "x86_64";
    x86_64 = "x86_64";
  };
-in stdenv.mkDerivation rec {
+in
-  name = "qemu-user-${user_arch}-${version}";
+  stdenv.mkDerivation rec {
-  version = "3.1.0";
+    name = "qemu-user-${user_arch}-${version}";
-  src = if is_riscv then riscv_src else qemu.src;
+    version = "3.1.0";
-  buildInputs = [ python pkgconfig zlib.static myglib flex bison glibc.static ];
+    src =
-  patches = [ ./qemu-stack.patch ];
+      if is_riscv
-  configureFlags = [
+      then riscv_src
-    "--enable-linux-user"
+      else qemu.src;
-    "--target-list=${user_arch}-linux-user"
+    buildInputs = [python pkgconfig zlib.static myglib flex bison glibc.static];
-    "--disable-bsd-user"
+    patches = [./qemu-stack.patch];
-    "--disable-system"
+    configureFlags = [
-    "--disable-vnc"
+      "--enable-linux-user"
-    "--disable-curses"
+      "--target-list=${user_arch}-linux-user"
-    "--disable-sdl"
+      "--disable-bsd-user"
-    "--disable-vde"
+      "--disable-system"
-    "--disable-bluez"
+      "--disable-vnc"
-    "--disable-kvm"
+      "--disable-curses"
-    "--static"
+      "--disable-sdl"
-    "--disable-tools"
+      "--disable-vde"
-    "--cpu=${arch_map.${user_arch}}"
+      "--disable-bluez"
-  ];
+      "--disable-kvm"
-  NIX_LDFLAGS = [ "-lglib-2.0" ];
+      "--static"
-  enableParallelBuilding = true;
+      "--disable-tools"
-  postInstall = ''
+      "--cpu=${arch_map.${user_arch}}"
-    cc -static ${
+    ];
-      ./qemu-wrap.c
+    NIX_LDFLAGS = ["-lglib-2.0"];
-    } -D QEMU_ARM_BIN="\"qemu-${user_arch}"\" -o $out/bin/qemu-wrap
+    enableParallelBuilding = true;
-  '';
+    postInstall = ''
-}
+      cc -static ${
        ./qemu-wrap.c
      } -D QEMU_ARM_BIN="\"qemu-${user_arch}"\" -o $out/bin/qemu-wrap
    '';
  }
--- a/overlays/vim-cue.nix
+++ b/overlays/vim-cue.nix
@ -1,17 +1,18 @@
 # Cue filetype plugin for Vim
 #
 # Provide an overlay to obtain vim-cue from upstream rather than nixpkgs
 final: prev: {
-  vimPlugins = prev.vimPlugins // {
+  vimPlugins =
-    vim-cue = prev.vimUtils.buildVimPlugin {
+    prev.vimPlugins
-      name = "vim-cue";
+    // {
-      src = prev.fetchFromGitHub {
+      vim-cue = prev.vimUtils.buildVimPlugin {
-        owner = "jjo";
+        name = "vim-cue";
-        repo = "vim-cue";
+        src = prev.fetchFromGitHub {
-        rev = "9e8bef1198817b6bae1143fecd965403d65d2466";
+          owner = "jjo";
-        sha256 = "sha256-VEJh3u2s4Ccc/JQa383FDcurCgUiNFlEuqXXhO0nB2c=";
+          repo = "vim-cue";
          rev = "9e8bef1198817b6bae1143fecd965403d65d2466";
          sha256 = "sha256-VEJh3u2s4Ccc/JQa383FDcurCgUiNFlEuqXXhO0nB2c=";
        };
      };
    };
  };
 }
--- a/profiles/android.nix
+++ b/profiles/android.nix
@ -1,9 +1,9 @@
 # Configuration for my Android development requirements
 { config, pkgs, ... }:
 {
-
+  config,
  pkgs,
  ...
 }: {
  nixpkgs.config = {
    android_sdk.accept_license = true; # Accept the Android SDK licence
  };
@ -17,6 +17,5 @@
    kconfig-frontends # Linux kconfig infrastructure
  ];
-  users.groups.adbusers.members = [ "craige" ];
+  users.groups.adbusers.members = ["craige"];
 }
--- a/profiles/bash.nix
+++ b/profiles/bash.nix
@ -1,9 +1,5 @@
 # Configuration common to all my servers
-
+{config, ...}: {
 { config, ... }:
 {
  # Program defaults for all hosts
  programs.bash = {
    interactiveShellInit = ''
@ -15,5 +11,4 @@
    '';
    vteIntegration = true;
  };
 }
--- a/profiles/cardano-node.nix
+++ b/profiles/cardano-node.nix
@ -1,36 +1,38 @@
 # NixOps configuration for the hosts running a Cardano node
-
+{
-{ config, pkgs, lib, ... }:
+  config,
-
+  pkgs,
-let
+  lib,
-
+  ...
 }: let
  sources = import ../nix/sources.nix;
  cardanoNodeProject = import (sources.cardano-node + "/nix") {
    gitrev = sources.cardano-node.rev;
  };
-  iohkNix = import (sources.iohk-nix) { };
+  iohkNix = import (sources.iohk-nix) {};
 in {
  imports = [../secrets/cardano/producers.nix "${sources.cardano-node}/nix/nixos"];
-  imports =
+  environment.systemPackages = [cardanoNodeProject.cardano-cli];
    [ ../secrets/cardano/producers.nix "${sources.cardano-node}/nix/nixos" ];
  environment.systemPackages = [ cardanoNodeProject.cardano-cli ];
  services = {
    cardano-node = {
      enable = true;
      environment = "mainnet";
      hostAddr = "0.0.0.0";
-      nodeConfig = iohkNix.cardanoLib.environments.mainnet.nodeConfig // {
+      nodeConfig =
-        hasPrometheus = [ "127.0.0.1" 12798 ];
+        iohkNix.cardanoLib.environments.mainnet.nodeConfig
-        setupScribes = [{
+        // {
-          scKind = "JournalSK";
+          hasPrometheus = ["127.0.0.1" 12798];
-          scName = "cardano";
+          setupScribes = [
-          scFormat = "ScText";
+            {
-        }];
+              scKind = "JournalSK";
-        defaultScribes = [[ "JournalSK" "cardano" ]];
+              scName = "cardano";
-      };
+              scFormat = "ScText";
            }
          ];
          defaultScribes = [["JournalSK" "cardano"]];
        };
      kesKey = "/run/keys/cardano-kes";
      vrfKey = "/run/keys/cardano-vrf";
      operationalCertificate = "/run/keys/cardano-opcert";
@ -45,7 +47,5 @@ in {
    };
  };
-  users.groups.keys.members =
+  users.groups.keys.members = ["cardano-node"]; # Required due to NixOps issue #1204
    [ "cardano-node" ]; # Required due to NixOps issue #1204
 }
--- a/profiles/chrony.nix
+++ b/profiles/chrony.nix
@ -1,11 +1,6 @@
 # NixOps configuration for the hosts running a Chrony service
-
+{config, ...}: {
 { config, ... }:
 {
  services.chrony = {
-    enable = true; # Enable Chrony
+    #enable = true; # Enable Chrony
  };
 }
--- a/profiles/coturn.nix
+++ b/profiles/coturn.nix
@ -1,24 +1,24 @@
 # NixOps configuration for the hosts running a TURN server (coturn)
 { config, pkgs, lib, ... }:
 {
-
+  config,
-  imports = [ ../secrets/coturn.nix ];
+  pkgs,
  lib,
  ...
 }: {
  imports = [../secrets/coturn.nix];
  services = {
    coturn = {
      enable = true; # Enable the coturn server
      lt-cred-mech = true; # Enable long-term credentials
      use-auth-secret = true; # Enable TURN REST API
      realm = "turn.mcwhirter.io"; # Default realm for users
-      relay-ips = [ # Relay addresses
+      relay-ips = [
        # Relay addresses
        "172.105.171.16"
      ];
      no-tcp-relay = true; # Disable TCP relay endpoints
-      extraConfig =
+      extraConfig = "\n        cipher-list=\"HIGH\"\n        no-loopback-peers\n        no-multicast-peers\n      ";
        "\n        cipher-list=\"HIGH\"\n        no-loopback-peers\n        no-multicast-peers\n      ";
      secure-stun = true; # Require authentication of the STUN Binding request
      cert = "/var/lib/acme/turn.mcwhirter.io/fullchain.pem";
      pkey = "/var/lib/acme/turn.mcwhirter.io/key.pem";
@ -52,13 +52,13 @@
      5350 # STUN tls alt
      443 # HTTPS
    ];
-    allowedUDPPortRanges = [{
+    allowedUDPPortRanges = [
-      from = 49152;
+      {
-      to = 49999;
+        from = 49152;
-    } # TURN relay
+        to = 49999;
-      ];
+      } # TURN relay
    ];
  };
-  users.groups.turnserver.members = [ "nginx" ]; # Added for keys permissions
+  users.groups.turnserver.members = ["nginx"]; # Added for keys permissions
 }
--- a/profiles/craige4rocky.nix
+++ b/profiles/craige4rocky.nix
@ -1,18 +1,17 @@
 # NixOps configuration for deploying the craige4rocky website
-
+{
-{ config, pkgs, ... }:
+  config,
-
+  pkgs,
-let
+  ...
 }: let
  craige4rocky = import (pkgs.fetchgit {
    name = "craige4rocky-src";
    url = "https://source.mcwhirter.io/craige/craige4rocky.git";
    branchName = "master";
    sha256 = "1cammdgszclrhvp56af3c7vnanyn0gplvkhqi6jkg1ygy01ard4w";
-  }) { nixpkgs = pkgs; };
+  }) {nixpkgs = pkgs;};
  webdomain = "craige4rocky.org";
 in {
  environment.sessionVariables = {
    LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
  };
@ -24,16 +23,17 @@ in {
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    virtualHosts = {
-      "${webdomain}" = { # website hostname
+      "${webdomain}" = {
        # website hostname
        enableACME = true; # Use ACME certs
        forceSSL = true; # Force SSL
        root = "${craige4rocky}"; # Wesbite root
      };
-      "www.${webdomain}" = { # Respect our elders :-)
+      "www.${webdomain}" = {
        # Respect our elders :-)
        forceSSL = true;
        enableACME = true;
-        locations."/".extraConfig =
+        locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;";
          "return 301 $scheme://${webdomain}$request_uri;";
      };
    };
  };
@ -46,6 +46,5 @@ in {
    };
  };
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  networking.firewall.allowedTCPPorts = [80 443];
 }
--- a/profiles/cron-craige.nix
+++ b/profiles/cron-craige.nix
@ -1,9 +1,9 @@
 # NixOps configuration for Craige's cron jobs
 { config, pkgs, ... }:
 {
-
+  config,
  pkgs,
  ...
 }: {
  services.cron = {
    enable = true; # Enable cron service
    systemCronJobs = [
@ -12,5 +12,4 @@
      "*/5 * * * *     craige  /run/current-system/sw/bin/task rc:~/.taskrc_obair sync >> /home/craige/.tasksync_obair.log 2>&1"
    ];
  };
 }
--- a/profiles/cryptpad.nix
+++ b/profiles/cryptpad.nix
@ -1,9 +1,10 @@
 # NixOps configuration for the hosts running a Cryptpad server
 { config, pkgs, lib, ... }:
 {
-
+  config,
  pkgs,
  lib,
  ...
 }: {
  services.cryptpad = {
    enable = true; # Enable Cryptpad server
  };
@ -14,7 +15,8 @@
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
-    virtualHosts."pad.mcwhirter.io" = { # Cryptpad hostname
+    virtualHosts."pad.mcwhirter.io" = {
      # Cryptpad hostname
      enableACME = true; # Use ACME certs
      forceSSL = true; # Force SSL
      locations = {
@ -55,12 +57,11 @@
          '';
          tryFiles = "$uri =404";
        };
-        "~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams)$" =
+        "~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams)$" = {
-          {
+          extraConfig = ''
-            extraConfig = ''
+            rewrite ^(.*)$ $1/ redirect;
-              rewrite ^(.*)$ $1/ redirect;
+          '';
-            '';
+        };
          };
      };
      #extraConfig = ''
      #  try_files /www/$uri /www/$uri/index.html /customize/$uri;
@ -70,7 +71,6 @@
  security.acme = {
    acceptTerms = true;
-    certs = { "pad.mcwhirter.io".email = "craige@mcwhirter.io"; };
+    certs = {"pad.mcwhirter.io".email = "craige@mcwhirter.io";};
  };
 }
--- a/profiles/cyclone-ibis.nix
+++ b/profiles/cyclone-ibis.nix
@ -1,18 +1,17 @@
 # NixOps configuration for deploying the Cyclone Ibis website
-
+{
-{ config, pkgs, ... }:
+  config,
-
+  pkgs,
-let
+  ...
 }: let
  cyclone-ibis = import (pkgs.fetchgit {
    name = "cyclone-ibis-src";
    url = "https://source.mcwhirter.io/craige/cyclone-ibis.git";
    branchName = "consensus";
    sha256 = "sha256-NIEs0EuiHL9Zll0Sa4aR5zyzerw5akXxSC1pkDQPG5s=";
-  }) { nixpkgs = pkgs; };
+  }) {nixpkgs = pkgs;};
  webdomain = "cycloneibis.com";
 in {
  environment.sessionVariables = {
    LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
  };
@ -26,16 +25,17 @@ in {
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    virtualHosts = {
-      "${webdomain}" = { # website hostname
+      "${webdomain}" = {
        # website hostname
        enableACME = true; # Use ACME certs
        forceSSL = true; # Force SSL
        root = "${cyclone-ibis}"; # Wesbite root
      };
-      "www.${webdomain}" = { # Respect our elders :-)
+      "www.${webdomain}" = {
        # Respect our elders :-)
        forceSSL = true;
        enableACME = true;
-        locations."/".extraConfig =
+        locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;";
          "return 301 $scheme://${webdomain}$request_uri;";
      };
    };
  };
@ -48,6 +48,5 @@ in {
    };
  };
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  networking.firewall.allowedTCPPorts = [80 443];
 }
--- a/profiles/daedalus.nix
+++ b/profiles/daedalus.nix
@ -1,19 +1,17 @@
 # NixOps configuration for the hosts running Daedalus
-
+{
-{ config, pkgs, lib, ... }:
+  config,
-
+  pkgs,
-let
+  lib,
-
+  ...
 }: let
  sources = import ../nix/sources.nix;
-  daedalusProject = import sources.daedalus { };
+  daedalusProject = import sources.daedalus {};
  daedalusMainnet = daedalusProject.daedalus;
  #daedalusFlight = daedalusProject.daedalus {--argstr cluster mainnet_flight -o daedalusFlight};
 in {
  environment.systemPackages = [
    daedalusMainnet
    #daedalusFlight
  ];
 }
--- a/profiles/desktop-feeds.nix
+++ b/profiles/desktop-feeds.nix
@ -1,9 +1,10 @@
 # NixOps configuration for the hosts using feed applications
 { config, pkgs, lib, ... }:
 {
-
+  config,
  pkgs,
  lib,
  ...
 }: {
  # Set the system-wide environment
  environment = {
    systemPackages = with pkgs; [
@ -13,5 +14,4 @@
      gpodder # A podcatcher written in python
    ];
  };
 }
--- a/profiles/desktopCraige.nix
+++ b/profiles/desktopCraige.nix
@ -1,8 +1,9 @@
 # Craige's desktop requirements
 { config, pkgs, ... }:
 {
  config,
  pkgs,
  ...
 }: {
  # Craige's Desktop Packages
  imports = [
    ../profiles/ebooks.nix
--- a/profiles/desktopFiona.nix
+++ b/profiles/desktopFiona.nix
@ -1,8 +1,9 @@
 # Fiona's desktop requirements
 { config, pkgs, ... }:
 {
  config,
  pkgs,
  ...
 }: {
  # Fiona's Desktop Packages
  environment.systemPackages = with pkgs; [
    slack-dark # Slack desktop client
--- a/profiles/desktop_common.nix
+++ b/profiles/desktop_common.nix
@ -1,8 +1,9 @@
 # Common configuration for MIO desktops
 { config, pkgs, ... }:
 {
  config,
  pkgs,
  ...
 }: {
  imports = [
    ../profiles/games-kids.nix
    ../profiles/host_common.nix
@ -68,7 +69,7 @@
  hardware = {
    pulseaudio = {
      enable = true;
-      extraModules = [ pkgs.pulseaudio-modules-bt ];
+      extraModules = [pkgs.pulseaudio-modules-bt];
      package = pkgs.pulseaudioFull;
    };
    bluetooth = {
@ -79,14 +80,14 @@
          Enable = "Source,Sink,Media,Socket";
          NoPlugin = "sap";
        };
-        Policy = { AutoEnable = "true"; };
+        Policy = {AutoEnable = "true";};
      };
    };
    opengl.enable = true;
  };
  # Configure Firefox and Chromium
-  nixpkgs.config = { allowUnfree = true; };
+  nixpkgs.config = {allowUnfree = true;};
  programs = {
    chromium = {
@ -97,9 +98,8 @@
  # Groups to add
  users.groups = {
-    audio.members = [ "craige" "fiona" "hamish" "logan" "xander" ];
+    audio.members = ["craige" "fiona" "hamish" "logan" "xander"];
-    libvirtd.members = [ "craige" "fiona" "hamish" "logan" "xander" ];
+    libvirtd.members = ["craige" "fiona" "hamish" "logan" "xander"];
-    networkmanager.members = [ "craige" "fiona" "hamish" "logan" "xander" ];
+    networkmanager.members = ["craige" "fiona" "hamish" "logan" "xander"];
  };
 }
--- a/profiles/ebooks.nix
+++ b/profiles/ebooks.nix
@ -1,15 +1,14 @@
 # ebook reading requirements
 { config, pkgs, ... }:
 {
-
+  config,
-  environment.variables = { FOLIATE_TTS_LANG = "en-gb"; };
+  pkgs,
  ...
 }: {
  environment.variables = {FOLIATE_TTS_LANG = "en-gb";};
  environment.systemPackages = with pkgs; [
    #python39Packages.gtts   # Speech synthesizer, required for text to speech.
    foliate # A simple and modern GTK eBook reader
    vlc
  ];
 }
--- a/profiles/emacs.nix
+++ b/profiles/emacs.nix
@ -1,33 +1,35 @@
-/* This is a nix expression to build Emacs and some Emacs packages I like
+/*
-   from source on any distribution where Nix is installed. This will install
+ This is a nix expression to build Emacs and some Emacs packages I like
-   all the dependencies from the nixpkgs repository and build the binary files
+ from source on any distribution where Nix is installed. This will install
-   without interfering with the host distribution.
+ all the dependencies from the nixpkgs repository and build the binary files
-
+ without interfering with the host distribution.
-   To build the project, type the following from the current directory:
+ 
-
+ To build the project, type the following from the current directory:
-   $ nix-build emacs.nix
+ 
-
+ $ nix-build emacs.nix
-   To run the newly compiled executable:
+ 
-
+ To run the newly compiled executable:
-   $ ./result/bin/emacs
+ 
-*/
+ $ ./result/bin/emacs
-{ pkgs ? import <nixpkgs> { } }:
+ */
-
+{pkgs ? import <nixpkgs> {}}: let
 let
  myEmacs = pkgs.emacs;
  emacsWithPackages = (pkgs.emacsPackagesNgGen myEmacs).emacsWithPackages;
-in emacsWithPackages (epkgs:
+in
-  (with epkgs.melpaStablePackages; [
+  emacsWithPackages (epkgs:
-    magit # ; Integrate git <C-x g>
+    (with epkgs.melpaStablePackages; [
-    zerodark-theme # ; Nicolas' theme
+      magit # ; Integrate git <C-x g>
-  ]) ++ (with epkgs.melpaPackages;
+      zerodark-theme # ; Nicolas' theme
-    [
+    ])
    ++ (with epkgs.melpaPackages; [
      #undo-tree      # ; <C-x u> to show the undo tree
      #zoom-frm       # ; increase/decrease font size for all buffers %lt;C-x C-+>
-    ]) ++ (with epkgs.elpaPackages; [
+    ])
    ++ (with epkgs.elpaPackages; [
      auctex # ; LaTeX mode
      beacon # ; highlight my cursor when scrolling
      nameless # ; hide current package name everywhere in elisp code
-    ]) ++ [
+    ])
    ++ [
      pkgs.notmuch # From main packages set
    ])
--- a/profiles/games-kids.nix
+++ b/profiles/games-kids.nix
@ -1,16 +1,15 @@
 # Configuration for
-
+{
-{ config, pkgs, ... }:
+  config,
-
+  pkgs,
-let
+  ...
 }: let
  sources = import ../nix/sources.nix;
-  unstable = import sources.nixpkgsUnstable { };
+  unstable = import sources.nixpkgsUnstable {};
 in {
  nixpkgs.config = {
    allowUnfree = true;
-    permittedInsecurePackages = [ "minecraft" ];
+    permittedInsecurePackages = ["minecraft"];
  };
  # Retro Gaming Packages
@ -36,5 +35,4 @@ in {
    superTuxKart # A Free 3D kart racing game
    wesnoth # Battle for Wesnoth server and client
  ];
 }
--- a/profiles/gitea_home.nix
+++ b/profiles/gitea_home.nix
@ -1,9 +1,10 @@
 # NixOps configuration for the hosts running Gitea
 { config, pkgs, lib, ... }:
 {
-
+  config,
  pkgs,
  lib,
  ...
 }: {
  services.gitea = {
    enable = true; # Enable Gitea
    appName = "taigh,mcwhirter.io: Gitea Service"; # Give the site a name
@ -39,7 +40,8 @@
    authentication = ''
      local gitea all ident map=gitea-users
    '';
-    identMap = # Map the gitea user to postgresql
+    identMap =
      # Map the gitea user to postgresql
      ''
        gitea-users gitea gitea
      '';
@ -51,7 +53,8 @@
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    #recommendedTlsSettings = true;
-    virtualHosts."source.taigh.mcwhirter.io" = { # Gitea hostname
+    virtualHosts."source.taigh.mcwhirter.io" = {
      # Gitea hostname
      #enableACME = true;                                    # Use ACME certs
      #forceSSL = true;                                      # Force SSL
      locations."/".proxyPass = "http://localhost:3001/"; # Proxy Gitea
@ -62,13 +65,12 @@
  networking = {
    firewall = {
      enable = true;
-      allowedTCPPorts = [ 80 ];
+      allowedTCPPorts = [80];
-      trustedInterfaces = [ "lo" ];
+      trustedInterfaces = ["lo"];
    };
  };
  #security.acme.certs = {
  #    "source.mcwhirter.io".email = "craige@mcwhirter.io";
  #};
 }
--- a/profiles/grafana.nix
+++ b/profiles/grafana.nix
@ -1,10 +1,11 @@
 # NixOps configuration for the hosts running Prometheus on a Cardano node
 { config, pkgs, lib, ... }:
 {
-
+  config,
-  imports = [ ../secrets/cardano/grafana.nix ];
+  pkgs,
  lib,
  ...
 }: {
  imports = [../secrets/cardano/grafana.nix];
  services = {
    grafana = {
@ -13,8 +14,7 @@
      domain = "monitoring.mcwhirter.io";
      rootUrl = "https://monitoring.mcwhirter.io/grafana";
      security = {
-        adminPasswordFile =
+        adminPasswordFile = "/run/keys/grafana-apass"; # Where to find the password
          "/run/keys/grafana-apass"; # Where to find the password
      };
      auth = {
        anonymous = {
@ -30,16 +30,16 @@
        #    options.path = ../monitoring/NodeSystemDashboard.json;
        #  }
        #];
-        datasources = [{
+        datasources = [
-          type = "prometheus";
+          {
-          name = "prometheus";
+            type = "prometheus";
-          url = "http://localhost:9090/prometheus";
+            name = "prometheus";
-        }];
+            url = "http://localhost:9090/prometheus";
          }
        ];
      };
    };
  };
-  users.groups.keys.members =
+  users.groups.keys.members = ["grafana"]; # Required due to NixOps issue #1204
    [ "grafana" ]; # Required due to NixOps issue #1204
 }
--- a/profiles/haskell-dev.nix
+++ b/profiles/haskell-dev.nix
@ -1,13 +1,12 @@
 # Configuration for Haskell development
 { config, pkgs, ... }:
 {
-
+  config,
  pkgs,
  ...
 }: {
  environment.systemPackages = with pkgs.haskellPackages; [
    cabal-install # Haskell software automation
    ghc # Glasgow Haskell Compiler
    hlint # Haskell source linter
  ];
 }
--- a/profiles/host_common.nix
+++ b/profiles/host_common.nix
@ -1,9 +1,10 @@
 # Configuration common to all my servers
 { config, pkgs, lib, ... }:
 {
-
+  config,
  pkgs,
  lib,
  ...
 }: {
  imports = [
    ../profiles/bash.nix
    ./chrony.nix
@ -40,10 +41,9 @@
  # Configure and install required fonts
  fonts.enableDefaultFonts = true;
  fonts.fontDir.enable = true;
-  fonts.fonts = with pkgs;
+  fonts.fonts = with pkgs; [
-    [
+    powerline-fonts # Required for Powerline prompts
-      powerline-fonts # Required for Powerline prompts
+  ];
    ];
  fonts.fontconfig.includeUserConf = false;
  # Adapted from gchristensen and clever
@ -71,15 +71,17 @@
      show-trace = true                 # Enable --show-trace by default for nix
      builders-use-substitutes = true   # Set builders to use caches
    '';
-    trustedUsers = [ "craige" ];
+    trustedUsers = ["craige"];
  };
  networking = {enableIPv6 = true;};
  system.extraSystemBuilderCmds = ''
    ln -sv ${pkgs.path} $out/nixpkgs
  '';
  environment.etc.host-nix-channel.source = pkgs.path;
-  environment.variables = { BAT_THEME = "Dracula"; };
+  environment.variables = {BAT_THEME = "Dracula";};
  # Set the system-wide environment
  environment = {
@ -87,10 +89,9 @@
      bat # cat clone with syntax highlighting & Git integration
      dnsutils # Bind DNS utilities
      fd # A simple, fast and user-friendly alternative to find
-      (if config.services.xserver.enable then
+      (if config.services.xserver.enable
-        gitAndTools.gitFull
+      then gitAndTools.gitFull
-      else
+      else git) # Distributed version control system
        git) # Distributed version control system
      htop # interactive process viewer
      hwinfo # Hardware detection tool
      killall # kill processes by name
--- a/profiles/hydra-dev.nix
+++ b/profiles/hydra-dev.nix
@ -1,6 +1,4 @@
-{ pkgs }:
+{pkgs}: let
 let
  hydraSrc = pkgs.fetchFromGitHub {
    owner = "nixos";
    repo = "hydra";
@ -9,13 +7,14 @@ let
    #sha256 = "1vs3lyfyafsl7wbpmycv7c3n9n2rkrswp65msb6q1iskgpvr96d5";
    sha256 = "0i7szp04c873gfmj1h0dcl5rsbzzldc160pcls8z9v6iphils34i";
  };
-in pkgs.callPackage ./hydra-fork.nix {
+in
-  nixpkgsPath = pkgs.path;
+  pkgs.callPackage ./hydra-fork.nix {
-  #patches = [
+    nixpkgsPath = pkgs.path;
-  #  (pkgs.fetchpatch {
+    #patches = [
-  #    url = "https://github.com/NixOS/hydra/pull/648/commits/4171ab4c4fd576c516dc03ba64d1c7945f769af0.patch";
+    #  (pkgs.fetchpatch {
-  #    sha256 = "1fxa2459kdws6qc419dv4084c1ssmys7kqg4ic7n643kybamsgrx";
+    #    url = "https://github.com/NixOS/hydra/pull/648/commits/4171ab4c4fd576c516dc03ba64d1c7945f769af0.patch";
-  #  })
+    #    sha256 = "1fxa2459kdws6qc419dv4084c1ssmys7kqg4ic7n643kybamsgrx";
-  #];
+    #  })
-  src = hydraSrc;
+    #];
-}
+    src = hydraSrc;
  }
--- a/profiles/hydra-fork.nix
+++ b/profiles/hydra-fork.nix
@ -1,6 +1,8 @@
-{ fetchFromGitHub, nixpkgsPath, src }:
+{
-
+  fetchFromGitHub,
-let
+  nixpkgsPath,
  src,
 }: let
  hydraRelease = (import (src + "/release.nix") {
    #hydraRelease = (import src {
    nixpkgs = nixpkgsPath;
@ -10,5 +12,5 @@ let
      revCount = 1234;
    };
  });
-
+in
-in hydraRelease.build.x86_64-linux.overrideAttrs (drv: { })
+  hydraRelease.build.x86_64-linux.overrideAttrs (drv: {})
--- a/profiles/hydra.nix
+++ b/profiles/hydra.nix
@ -1,8 +1,10 @@
 # NixOps configuration for the VMs running Hydra
 { config, pkgs, lib, ... }:
 {
  config,
  pkgs,
  lib,
  ...
 }: {
  #disabledModules = [ "services/continuous-integration/hydra/default.nix" ];
  #imports = [
@ -24,17 +26,20 @@
      hydra-users root postgres
      hydra-users postgres postgres
    '';
-    ensureDatabases = [ "hydra" ]; # Ensure the database persists
+    ensureDatabases = ["hydra"]; # Ensure the database persists
-    ensureUsers = [{
+    ensureUsers = [
-      name = "hydra"; # Ensure the database user persists
+      {
-      ensurePermissions = { # Ensure the database permissions persist
+        name = "hydra"; # Ensure the database user persists
-        "DATABASE hydra" = "ALL PRIVILEGES";
+        ensurePermissions = {
-        "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
+          # Ensure the database permissions persist
-      };
+          "DATABASE hydra" = "ALL PRIVILEGES";
-    }];
+          "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
        };
      }
    ];
  };
-  networking.firewall.allowedTCPPorts = [ config.services.hydra.port ];
+  networking.firewall.allowedTCPPorts = [config.services.hydra.port];
  #services.hydra-dev = {
  services.hydra = {
@ -59,18 +64,18 @@
    };
  };
-  security.acme.certs = { "hydra.mcwhirter.io".email = "craige@mcwhirter.io"; };
+  security.acme.certs = {"hydra.mcwhirter.io".email = "craige@mcwhirter.io";};
  systemd.services.hydra-manual-setup = {
    description = "Create Admin User for Hydra";
    serviceConfig.Type = "oneshot";
    serviceConfig.RemainAfterExit = true;
-    wantedBy = [ "multi-user.target" ];
+    wantedBy = ["multi-user.target"];
-    requires = [ "hydra-init.service" ];
+    requires = ["hydra-init.service"];
-    after = [ "hydra-init.service" ];
+    after = ["hydra-init.service"];
    environment =
      builtins.removeAttrs (config.systemd.services.hydra-init.environment)
-      [ "PATH" ];
+      ["PATH"];
    script = ''
      if [ ! -e ~hydra/.setup-is-complete ]; then
        # create signing keys
@ -87,13 +92,15 @@
      fi
    '';
  };
-  nix.trustedUsers = [ "hydra" "hydra-evaluator" "hydra-queue-runner" ];
+  nix.trustedUsers = ["hydra" "hydra-evaluator" "hydra-queue-runner"];
-  nix.buildMachines = [{
+  nix.buildMachines = [
-    hostName = "localhost";
+    {
-    systems = [ "x86_64-linux" "i686-linux" ];
+      hostName = "localhost";
-    maxJobs = 4;
+      systems = ["x86_64-linux" "i686-linux"];
-    # for building VirtualBox VMs as build artifacts, you might need other
+      maxJobs = 4;
-    # features depending on what you are doing
+      # for building VirtualBox VMs as build artifacts, you might need other
-    supportedFeatures = [ "big-parallel" "kvm" "nixos-test" ];
+      # features depending on what you are doing
-  }];
+      supportedFeatures = ["big-parallel" "kvm" "nixos-test"];
    }
  ];
 }
--- a/profiles/iohk.nix
+++ b/profiles/iohk.nix
@ -1,14 +1,14 @@
 # NixOps configuration for the hosts utilising IOHK resources
-
+{
-{ config, pkgs, lib, ... }:
+  config,
-
+  pkgs,
-let
+  lib,
  ...
 }: let
  sources = import ../nix/sources.nix;
-  nixUnstable = (import sources.nixpkgsUnstable { }).nixVersions.unstable;
+  nixUnstable = (import sources.nixpkgsUnstable {}).nixVersions.unstable;
 in {
-
+  imports = [../profiles/terminal-recording.nix ../profiles/nix-direnv.nix];
  imports = [ ../profiles/terminal-recording.nix ../profiles/nix-direnv.nix ];
  nix = {
    package = nixUnstable;
@ -68,6 +68,5 @@ in {
    #  package = pkgs.postgresql_10;   # Set the required version, if needed
  };
-  users.groups.docker.members = [ "craige" ];
+  users.groups.docker.members = ["craige"];
 }
--- a/profiles/jormungandr-stake.nix
+++ b/profiles/jormungandr-stake.nix
@ -1,17 +1,17 @@
 { lib, config, pkgs, ... }:
 {
-
+  lib,
-  disabledModules = [ "services/networking/jormungandr.nix" ];
+  config,
  pkgs,
  ...
 }: {
  disabledModules = ["services/networking/jormungandr.nix"];
  imports = let
    jormungandrNixSrc = builtins.fetchTarball
-      "https://github.com/input-output-hk/jormungandr-nix/archive/master.tar.gz";
+    "https://github.com/input-output-hk/jormungandr-nix/archive/master.tar.gz";
-  in [ (import (jormungandrNixSrc + "/nixos")) ];
+  in [(import (jormungandrNixSrc + "/nixos"))];
  environment.systemPackages = with pkgs;
    [
      jq # CLI JSON processor
    ];
  environment.systemPackages = with pkgs; [
    jq # CLI JSON processor
  ];
 }
--- a/profiles/jormungandr.nix
+++ b/profiles/jormungandr.nix
@ -1,11 +1,14 @@
-{ config, pkgs, ... }: {
+{
-  imports = [ /home/craige/source/IOHK/jormungandr-nix/nixos/jormungandr.nix ];
+  config,
  pkgs,
  ...
 }: {
  imports = [/home/craige/source/IOHK/jormungandr-nix/nixos/jormungandr.nix];
  services = {
    jormungandr = {
      enable = true;
      enableExplorer = false;
-      genesisBlockHash =
+      genesisBlockHash = "11e340f9c20a4bcdc19103d9794413be81c9a713374997b574e9f9d66419a2b2";
        "11e340f9c20a4bcdc19103d9794413be81c9a713374997b574e9f9d66419a2b2";
      trustedPeersAddresses = [
        "/ip4/3.123.177.192/tcp/3000"
        "/ip4/52.57.157.167/tcp/3000"
--- a/profiles/keyboard.nix
+++ b/profiles/keyboard.nix
@ -1,9 +1,9 @@
 # NixOps configuration for Moonlander mechanical keyboard
 { config, pkgs, ... }:
 {
-
+  config,
  pkgs,
  ...
 }: {
  services.udev.extraRules = ''
    # STM32 rules for the Moonlander and Planck EZ
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", \
@ -17,10 +17,8 @@
  '';
  environment = {
-    systemPackages = with pkgs;
+    systemPackages = with pkgs; [
-      [
+      wally-cli # Flash firmware to mechanical keyboard
-        wally-cli # Flash firmware to mechanical keyboard
+    ];
      ];
  };
 }
--- a/profiles/kids-dev.nix
+++ b/profiles/kids-dev.nix
@ -1,12 +1,10 @@
 # Configuration for Haskell development
 { config, pkgs, ... }:
 {
-
+  config,
-  environment.systemPackages = with pkgs;
+  pkgs,
-    [
+  ...
-      kate # Multi-document editor with syntax highlighting
+}: {
-    ];
+  environment.systemPackages = with pkgs; [
-
+    kate # Multi-document editor with syntax highlighting
  ];
 }
--- a/profiles/logrotate.nix
+++ b/profiles/logrotate.nix
@ -1,11 +1,6 @@
 # logrotate configuration for NixOS / NixOps
-
+{config, ...}: {
 { config, ... }:
 {
  services.logrotate = {
    enable = true; # Enable the logrotate service
  };
 }
--- a/profiles/matrix.nix
+++ b/profiles/matrix.nix
@ -1,10 +1,11 @@
 # NixOps configuration for the hosts running a Matrix server (synapse)
 { config, pkgs, lib, ... }:
 {
-
+  config,
-  imports = [ ../secrets/matrix.nix ];
+  pkgs,
  lib,
  ...
 }: {
  imports = [../secrets/matrix.nix];
  i18n = {
    extraLocaleSettings = {
@ -14,41 +15,42 @@
  };
  services = {
    matrix-synapse = {
      enable = true; # Enable the synapse server
      server_name = "mcwhirter.io"; # Server's public domain name
      public_baseurl = "https://synapse.mcwhirter.io:443/"; # Matrix target URL
      enable_registration = true; # Toggle user registration
      listeners = [
-        { # federation
+        {
          # federation
          bind_address = "";
          port = 8448;
          resources = [
            {
              compress = true;
-              names = [ "client" ];
+              names = ["client"];
            }
            {
              compress = false;
-              names = [ "federation" ];
+              names = ["federation"];
            }
          ];
          tls = true;
          type = "http";
          x_forwarded = false;
        }
-        { # client
+        {
          # client
          bind_address = "::1"; # Listen on localhost only
          port = 8008; # Port to listen on
          resources = [
            {
              compress = true;
-              names = [ "client" ];
+              names = ["client"];
            }
            {
              compress = false;
-              names = [ "federation" ];
+              names = ["federation"];
            }
          ];
          tls = true;
@ -59,8 +61,7 @@
      max_upload_size = "200M"; # Also set client_max_body_size to at least this
      tls_certificate_path = "/var/lib/acme/mcwhirter.io/fullchain.pem";
      tls_private_key_path = "/var/lib/acme/mcwhirter.io/key.pem";
-      turn_shared_secret =
+      turn_shared_secret = "IZI43ylg6aJdMwy5MyhUPqT8SJD4C3P1vDcIFMzqGvTXJiCjAEvnPcDCBZfig5Q6";
        "IZI43ylg6aJdMwy5MyhUPqT8SJD4C3P1vDcIFMzqGvTXJiCjAEvnPcDCBZfig5Q6";
      turn_uris = [
        "turn:turn.mcwhirter.io:5349?transport=udp"
        "turn:turn.mcwhirter.io:5350?transport=udp"
@ -84,11 +85,11 @@
          forceSSL = true;
          enableACME = true;
          locations = {
-            "/_matrix" = { proxyPass = "https://[::1]:8008"; };
+            "/_matrix" = {proxyPass = "https://[::1]:8008";};
            "/.well-known/matrix/server".extraConfig = let
              # use 443 instead of the default 8448 port to unite
              # the client-server and server-server port for simplicity
-              server = { "m.server" = "synapse.mcwhirter.io:443"; };
+              server = {"m.server" = "synapse.mcwhirter.io:443";};
            in ''
              add_header Content-Type application/json;
              return 200 '${builtins.toJSON server}';
@ -98,7 +99,7 @@
                "m.homeserver" = {
                  "base_url" = "https://synapse.mcwhirter.io";
                };
-                "m.identity_server" = { "base_url" = "https://vector.im"; };
+                "m.identity_server" = {"base_url" = "https://vector.im";};
              };
              # ACAO required to allow element-web on any URL to request this json file
            in ''
@ -121,14 +122,18 @@
    postgresql = {
      enable = true;
-      ensureDatabases = [ "matrix-synapse" ]; # Ensure the database persists
+      package = pkgs.postgresql_10;
-      ensureUsers = [{
+      ensureDatabases = ["matrix-synapse"]; # Ensure the database persists
-        name = "matrix-synapse"; # Ensure the database user persists
+      ensureUsers = [
-        ensurePermissions = { # Ensure the database permissions persist
+        {
-          "DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES";
+          name = "matrix-synapse"; # Ensure the database user persists
-          "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
+          ensurePermissions = {
-        };
+            # Ensure the database permissions persist
-      }];
+            "DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES";
            "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
          };
        }
      ];
      # Initial database creation
      initialScript = pkgs.writeText "synapse-init.sql" ''
        CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
@ -149,8 +154,7 @@
      };
      "synapse.mcwhirter.io" = {
        group = "matrix-synapse";
-        postRun =
+        postRun = "systemctl reload nginx.service; systemctl restart matrix-synapse.service";
          "systemctl reload nginx.service; systemctl restart matrix-synapse.service";
        email = "acme@mcwhirter.io";
      };
    };
@ -164,7 +168,5 @@
    ];
  };
-  users.groups.matrix-synapse.members =
+  users.groups.matrix-synapse.members = ["nginx"]; # Added for keys permissions
    [ "nginx" ]; # Added for keys permissions
 }
--- a/profiles/mcwhirter.io.nix
+++ b/profiles/mcwhirter.io.nix
@ -1,14 +1,13 @@
 # NixOps configuration for deploying the mcwhirter.io website
-
+{
-{ config, pkgs, ... }:
+  config,
-
+  pkgs,
-let
+  ...
 }: let
  sources = import ../nix/sources.nix;
-  mcwhirter-io = import sources.mcwhirter-io { };
+  mcwhirter-io = import sources.mcwhirter-io {};
  webdomain = "mcwhirter.io";
 in {
  environment.sessionVariables = {
    LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
  };
@ -20,14 +19,15 @@ in {
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    virtualHosts = {
-      "${webdomain}" = { # website hostname
+      "${webdomain}" = {
        # website hostname
        enableACME = true; # Use ACME certs
        forceSSL = true; # Force SSL
        root = "${mcwhirter-io}"; # Wesbite root
      };
-      "www.${webdomain}" = { # Respect our elders :-)
+      "www.${webdomain}" = {
-        locations."/".extraConfig =
+        # Respect our elders :-)
-          "return 301 $scheme://${webdomain}$request_uri;";
+        locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;";
      };
    };
  };
@ -42,6 +42,5 @@ in {
    };
  };
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  networking.firewall.allowedTCPPorts = [80 443];
 }
--- a/profiles/minecraftServer.nix
+++ b/profiles/minecraftServer.nix
@ -1,12 +1,12 @@
 # Minecraft server configuration for NixOS / NixOps
 { config, pkgs, ... }:
 {
  config,
  pkgs,
  ...
 }: {
  imports = [../secrets/minecraftServer.nix];
-  imports = [ ../secrets/minecraftServer.nix ];
+  nixpkgs = {config = {allowUnfree = true;};};
  nixpkgs = { config = { allowUnfree = true; }; };
  services.minecraft-server = {
    enable = true; # Enable the Minecraft server.
@ -22,8 +22,7 @@
    };
  };
-  environment.systemPackages = with pkgs;
+  environment.systemPackages = with pkgs; [
-    [
+    mcron # Minecraft console client
-      mcron # Minecraft console client
+  ];
    ];
 }
--- a/profiles/monitoring.nix
+++ b/profiles/monitoring.nix
@ -1,10 +1,11 @@
 # NixOps configuration for the monitoring host
 { config, pkgs, lib, ... }:
 {
-
+  config,
-  imports = [ ./grafana.nix ./prometheus.nix ];
+  pkgs,
  lib,
  ...
 }: {
  imports = [./grafana.nix ./prometheus.nix];
  services = {
    nginx = {
@ -13,7 +14,8 @@
      recommendedOptimisation = true;
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
-      virtualHosts."monitoring.mcwhirter.io" = { # Monitoring hostname
+      virtualHosts."monitoring.mcwhirter.io" = {
        # Monitoring hostname
        enableACME = true; # Use ACME certs
        forceSSL = true; # Force SSL
        locations = {
@ -28,12 +30,10 @@
        };
      };
    };
  };
  security.acme = {
    acceptTerms = true;
-    certs = { "monitoring.mcwhirter.io".email = "craige@mcwhirter.io"; };
+    certs = {"monitoring.mcwhirter.io".email = "craige@mcwhirter.io";};
  };
 }
--- a/profiles/neomutt.nix
+++ b/profiles/neomutt.nix
@ -1,9 +1,9 @@
 # Configuration for my neomutt email requirements
 { config, pkgs, ... }:
 {
-
+  config,
  pkgs,
  ...
 }: {
  # Install other packages that I require to be used with neomutt.
  environment.systemPackages = with pkgs; [
    isync # My mail fetcher
@ -23,5 +23,4 @@
      "*/5 * * * *     craige  /run/current-system/sw/bin/mbsync -q IOHK >> /home/craige/.mailsync-IOHK.log 2>&1"
    ];
  };
 }
--- a/profiles/nextcloud.nix
+++ b/profiles/nextcloud.nix
@ -1,28 +1,27 @@
 # NixOps configuration for the hosts running Nextcloud
 { config, pkgs, lib, ... }:
 {
-
+  config,
-  imports = [ ../secrets/nextcloud.nix ];
+  pkgs,
  lib,
  ...
 }: {
  imports = [../secrets/nextcloud.nix];
  services.nextcloud = {
    enable = true; # Enable Nextcloud
    hostName = "cloud.mcwhirter.io"; # FQDN for the Nextcloud instance
    https = true; # Use HTTPS for links
-    config = { # Configure Nextcloud
+    config = {
      # Configure Nextcloud
      dbtype = "pgsql"; # Set the database type
      dbname = "nextcloud"; # Set the database name
      dbhost = "/run/postgresql"; # Set the database connection
      dbuser = "nextcloud"; # Set the database user
-      dbpassFile =
+      dbpassFile = "/run/keys/nextcloud-dbpass"; # Where to find the database password
-        "/run/keys/nextcloud-dbpass"; # Where to find the database password
+      adminpassFile = "/run/keys/nextcloud-admin"; # Where to find the admin password
      adminpassFile =
        "/run/keys/nextcloud-admin"; # Where to find the admin password
      adminuser = "root"; # Set the admin user name
      overwriteProtocol = "https"; # Force Nextcloud to always use HTTPS
-      defaultPhoneRegion =
+      defaultPhoneRegion = "AU"; # Country code for automatic phone-number detection
        "AU"; # Country code for automatic phone-number detection
    };
    autoUpdateApps = {
      enable = true; # Run regular auto update of all apps installed
@ -33,14 +32,17 @@
  services.postgresql = {
    enable = true; # Ensure postgresql is enabled
-    ensureDatabases = [ "nextcloud" ]; # Ensure the database persists
+    ensureDatabases = ["nextcloud"]; # Ensure the database persists
-    ensureUsers = [{
+    ensureUsers = [
-      name = "nextcloud"; # Ensure the database user persists
+      {
-      ensurePermissions = { # Ensure the database permissions persist
+        name = "nextcloud"; # Ensure the database user persists
-        "DATABASE nextcloud" = "ALL PRIVILEGES";
+        ensurePermissions = {
-        "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
+          # Ensure the database permissions persist
-      };
+          "DATABASE nextcloud" = "ALL PRIVILEGES";
-    }];
+          "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
        };
      }
    ];
  };
  services.nginx = {
@ -49,30 +51,30 @@
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
-    virtualHosts."cloud.mcwhirter.io" = { # Nextcloud hostname
+    virtualHosts."cloud.mcwhirter.io" = {
      # Nextcloud hostname
      enableACME = true; # Use ACME certs
      forceSSL = true; # Force SSL
    };
-    virtualHosts."owncloud.mcwhirter.io" = { # Hostname to be redirected
+    virtualHosts."owncloud.mcwhirter.io" = {
      # Hostname to be redirected
      globalRedirect = "cloud.mcwhirter.io"; # Redirect permanently to the host
    };
  };
-  systemd.services."nextcloud-setup" = { # Ensure PostgreSQL is running first
+  systemd.services."nextcloud-setup" = {
-    requires = [ "postgresql.service" ];
+    # Ensure PostgreSQL is running first
-    after = [ "postgresql.service" ];
+    requires = ["postgresql.service"];
    after = ["postgresql.service"];
  };
  security.acme = {
    acceptTerms = true;
-    certs = { "cloud.mcwhirter.io" = { email = "craige@mcwhirter.io"; }; };
+    certs = {"cloud.mcwhirter.io" = {email = "craige@mcwhirter.io";};};
  };
-  users.groups.keys.members =
+  users.groups.keys.members = ["nextcloud"]; # Required due to NixOps issue #1204
-    [ "nextcloud" ]; # Required due to NixOps issue #1204
+  users.groups.nextcloud.members = ["nextcloud"]; # Added for keys permissions
  users.groups.nextcloud.members = [ "nextcloud" ]; # Added for keys permissions
  networking.firewall.allowedTCPPorts =
    [ 80 443 ]; # Open the required firewall ports
  networking.firewall.allowedTCPPorts = [80 443]; # Open the required firewall ports
 }
--- a/profiles/nix-community.nix
+++ b/profiles/nix-community.nix
@ -1,16 +1,17 @@
 # Use the Nix community aarch64 server as a build server
 # https://github.com/nix-community/aarch64-build-box
 {
  nix = {
    distributedBuilds = true;
-    buildMachines = [{
+    buildMachines = [
-      hostName = "aarch64.nixos.community";
+      {
-      maxJobs = 64;
+        hostName = "aarch64.nixos.community";
-      sshKey = "/root/.ssh/id_nixops_ed25519";
+        maxJobs = 64;
-      sshUser = "craige";
+        sshKey = "/root/.ssh/id_nixops_ed25519";
-      system = "aarch64-linux";
+        sshUser = "craige";
-      supportedFeatures = [ "big-parallel" ];
+        system = "aarch64-linux";
-    }];
+        supportedFeatures = ["big-parallel"];
      }
    ];
  };
 }
--- a/profiles/nix-direnv.nix
+++ b/profiles/nix-direnv.nix
@ -1,9 +1,10 @@
 # NixOps configuration nix-direnv
 { config, pkgs, lib, ... }:
 {
-
+  config,
  pkgs,
  lib,
  ...
 }: {
  nix = {
    extraOptions = ''
      keep-outputs = true
@ -17,13 +18,12 @@
      direnv # A shell extension that manages your environment
      nix-direnv # A fast, persistent use_nix implementation for direnv
    ];
-    pathsToLink = [ "/share/nix-direnv" ];
+    pathsToLink = ["/share/nix-direnv"];
  };
  nixpkgs.overlays = [
    (self: super: {
-      nix-direnv = super.nix-direnv.override { enableFlakes = true; };
+      nix-direnv = super.nix-direnv.override {enableFlakes = true;};
    })
  ];
 }
--- a/profiles/nix-mio-ops.nix
+++ b/profiles/nix-mio-ops.nix
@ -1,15 +1,16 @@
 # Use the mio-ops build servers
 {
  nix = {
    distributedBuilds = true;
-    buildMachines = [{
+    buildMachines = [
-      hostName = "cuallaidh.mcwhirter.io";
+      {
-      maxJobs = 64;
+        hostName = "cuallaidh.mcwhirter.io";
-      sshKey = "/root/.ssh/id_nixops_ed25519";
+        maxJobs = 64;
-      sshUser = "craige";
+        sshKey = "/root/.ssh/id_nixops_ed25519";
-      system = "x86_64-linux";
+        sshUser = "craige";
-      supportedFeatures = [ "big-parallel" ];
+        system = "x86_64-linux";
-    }];
+        supportedFeatures = ["big-parallel"];
      }
    ];
  };
 }
--- a/profiles/nixpkgs-dev.nix
+++ b/profiles/nixpkgs-dev.nix
@ -1,15 +1,16 @@
 # NixOps configuration for the hosts I'm doing nixpkgs dev work on
-
+{
-{ config, pkgs, lib, ... }:
+  config,
-
+  pkgs,
  lib,
  ...
 }:
 #let
 #  sources = import ../nix/sources.nix;
 #  unstable = import sources.nixpkgsUnstable {};
 #in
 {
-
+  nixpkgs = {config = {allowUnfree = true;};};
  nixpkgs = { config = { allowUnfree = true; }; };
  environment = {
    systemPackages = with pkgs; [
@ -27,5 +28,4 @@
      #unstable.statix          # Lints and suggestions for the nix programming language
    ];
  };
 }
--- a/profiles/openssh.nix
+++ b/profiles/openssh.nix
@ -1,19 +1,21 @@
 # SSH service configuration common to all hosts
 { config, pkgs, lib, ... }:
 {
-
+  config,
  pkgs,
  lib,
  ...
 }: {
  services.openssh = {
    enable = true; # Enable the OpenSSH daemon.
    permitRootLogin = "prohibit-password";
    challengeResponseAuthentication = false;
    passwordAuthentication = false;
    openFirewall = true;
-    hostKeys = [{
+    hostKeys = [
-      path = "/etc/ssh/ssh_host_ed25519_key";
+      {
-      type = "ed25519";
+        path = "/etc/ssh/ssh_host_ed25519_key";
-    }];
+        type = "ed25519";
      }
    ];
  };
 }
--- a/profiles/pi_common.nix
+++ b/profiles/pi_common.nix
@ -1,14 +1,14 @@
 # Configuration common to all my servers
 { config, pkgs, lib, ... }:
 {
-
+  config,
-  environment = { # Set the system-wide environment
+  pkgs,
-    systemPackages = with pkgs;
+  lib,
-      [
+  ...
-        usbutils # Tools for working with USB devices, such as lsusb
+}: {
-      ];
+  environment = {
    # Set the system-wide environment
    systemPackages = with pkgs; [
      usbutils # Tools for working with USB devices, such as lsusb
    ];
  };
 }
--- a/profiles/picom.nix
+++ b/profiles/picom.nix
@ -1,9 +1,5 @@
 # Configuration for the Picom Compositor
-
+{config, ...}: {
 { config, ... }:
 {
  services = {
    picom = {
      enable = true;
@ -11,8 +7,8 @@
      fade = true;
      inactiveOpacity = 0.8;
      menuOpacity = 0.8;
-      opacityRules = [ "100:class_g = 'XScreenSaver'" ];
+      opacityRules = ["100:class_g = 'XScreenSaver'"];
-      settings = { use-ewmh-active-win = true; };
+      settings = {use-ewmh-active-win = true;};
      vSync = true;
    };
  };
--- a/profiles/powerManagement.nix
+++ b/profiles/powerManagement.nix
@ -1,9 +1,10 @@
 # Power management configuration for the laptops
 { config, pkgs, lib, ... }:
 {
-
+  config,
  pkgs,
  lib,
  ...
 }: {
  powerManagement = {
    enable = true;
    cpuFreqGovernor = lib.mkDefault "performance";
--- a/profiles/prometheus.nix
+++ b/profiles/prometheus.nix
@ -1,14 +1,15 @@
 # NixOps configuration for the hosts running Prometheus on a Cardano node
 { config, pkgs, lib, ... }:
 {
-
+  config,
  pkgs,
  lib,
  ...
 }: {
  services = {
    prometheus = {
      enable = true;
      webExternalUrl = "https://monitoring.mcwhirter.io/prometheus/";
-      extraFlags = [ "--storage.tsdb.retention.time 8760h" ];
+      extraFlags = ["--storage.tsdb.retention.time 8760h"];
      exporters = {
        node = {
          enable = true;
@ -52,163 +53,151 @@
      #} ];
      rules = [
        (builtins.toJSON {
-          groups = [{
+          groups = [
-            name = "system";
+            {
-            rules = [
+              name = "system";
-              {
+              rules = [
-                alert = "node_down";
+                {
-                expr = "up == 0";
+                  alert = "node_down";
-                for = "5m";
+                  expr = "up == 0";
-                labels = { severity = "page"; };
+                  for = "5m";
-                annotations = {
+                  labels = {severity = "page";};
-                  summary = "{{$labels.alias}}: Node is down.";
+                  annotations = {
-                  description =
+                    summary = "{{$labels.alias}}: Node is down.";
-                    "{{$labels.alias}} has been down for more than 5 minutes.";
+                    description = "{{$labels.alias}} has been down for more than 5 minutes.";
-                };
+                  };
-              }
+                }
-              {
+                {
-                alert = "node_systemd_service_failed";
+                  alert = "node_systemd_service_failed";
-                expr = ''node_systemd_unit_state{state="failed"} == 1'';
+                  expr = ''node_systemd_unit_state{state="failed"} == 1'';
-                for = "4m";
+                  for = "4m";
-                labels = { severity = "page"; };
+                  labels = {severity = "page";};
-                annotations = {
+                  annotations = {
-                  summary =
+                    summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.";
-                    "{{$labels.alias}}: Service {{$labels.name}} failed to start.";
+                    description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}.";
-                  description =
+                  };
-                    "{{$labels.alias}} failed to (re)start service {{$labels.name}}.";
+                }
-                };
+                {
-              }
+                  alert = "node_filesystem_full_90percent";
-              {
+                  expr = ''
-                alert = "node_filesystem_full_90percent";
+                    sort(node_filesystem_free_bytes{device!="ramfs"} < node_filesystem_size_bytes{device!="ramfs"} * 0.1) / 1024^3'';
-                expr = ''
+                  for = "5m";
-                  sort(node_filesystem_free_bytes{device!="ramfs"} < node_filesystem_size_bytes{device!="ramfs"} * 0.1) / 1024^3'';
+                  labels = {severity = "page";};
-                for = "5m";
+                  annotations = {
-                labels = { severity = "page"; };
+                    summary = "{{$labels.alias}}: Filesystem is running out of space soon.";
-                annotations = {
+                    description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem.";
-                  summary =
+                  };
-                    "{{$labels.alias}}: Filesystem is running out of space soon.";
+                }
-                  description =
+                {
-                    "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem.";
+                  alert = "node_filesystem_full_in_4h";
-                };
+                  expr = ''
-              }
+                    predict_linear(node_filesystem_free_bytes{device!="ramfs",device!="tmpfs",fstype!="autofs",fstype!="cd9660"}[4h], 4*3600) <= 0'';
-              {
+                  for = "5m";
-                alert = "node_filesystem_full_in_4h";
+                  labels = {severity = "page";};
-                expr = ''
+                  annotations = {
-                  predict_linear(node_filesystem_free_bytes{device!="ramfs",device!="tmpfs",fstype!="autofs",fstype!="cd9660"}[4h], 4*3600) <= 0'';
+                    summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours.";
-                for = "5m";
+                    description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours";
-                labels = { severity = "page"; };
+                  };
-                annotations = {
+                }
-                  summary =
+                {
-                    "{{$labels.alias}}: Filesystem is running out of space in 4 hours.";
+                  alert = "node_filedescriptors_full_in_3h";
-                  description =
+                  expr = "predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum";
-                    "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours";
+                  for = "20m";
-                };
+                  labels = {severity = "page";};
-              }
+                  annotations = {
-              {
+                    summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours.";
-                alert = "node_filedescriptors_full_in_3h";
+                    description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours";
-                expr =
+                  };
-                  "predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum";
+                }
-                for = "20m";
+                {
-                labels = { severity = "page"; };
+                  alert = "node_load1_90percent";
-                annotations = {
+                  expr = ''
-                  summary =
+                    node_load1 / on(alias) count(node_cpu_seconds_total{mode="system"}) by (alias) >= 0.9'';
-                    "{{$labels.alias}} is running out of available file descriptors in 3 hours.";
+                  for = "1h";
-                  description =
+                  labels = {severity = "page";};
-                    "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours";
+                  annotations = {
-                };
+                    summary = "{{$labels.alias}}: Running on high load.";
-              }
+                    description = "{{$labels.alias}} is running with > 90% total load for at least 1h.";
-              {
+                  };
-                alert = "node_load1_90percent";
+                }
-                expr = ''
+                {
-                  node_load1 / on(alias) count(node_cpu_seconds_total{mode="system"}) by (alias) >= 0.9'';
+                  alert = "node_cpu_util_90percent";
-                for = "1h";
+                  expr = ''
-                labels = { severity = "page"; };
+                    100 - (avg by (alias) (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) >= 90'';
-                annotations = {
+                  for = "1h";
-                  summary = "{{$labels.alias}}: Running on high load.";
+                  labels = {severity = "page";};
-                  description =
+                  annotations = {
-                    "{{$labels.alias}} is running with > 90% total load for at least 1h.";
+                    summary = "{{$labels.alias}}: High CPU utilization.";
-                };
+                    description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h.";
-              }
+                  };
-              {
+                }
-                alert = "node_cpu_util_90percent";
+                {
-                expr = ''
+                  alert = "node_ram_using_99percent";
-                  100 - (avg by (alias) (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) >= 90'';
+                  expr = "node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.01";
-                for = "1h";
+                  for = "30m";
-                labels = { severity = "page"; };
+                  labels = {severity = "page";};
-                annotations = {
+                  annotations = {
-                  summary = "{{$labels.alias}}: High CPU utilization.";
+                    summary = "{{$labels.alias}}: Using lots of RAM.";
-                  description =
+                    description = "{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.";
-                    "{{$labels.alias}} has total CPU utilization over 90% for at least 1h.";
+                  };
-                };
+                }
-              }
+                {
-              {
+                  alert = "node_swap_using_80percent";
-                alert = "node_ram_using_99percent";
+                  expr = "node_memory_SwapTotal_bytes - (node_memory_SwapFree_bytes + node_memory_SwapCached_bytes) > node_memory_SwapTotal_bytes * 0.8";
-                expr =
+                  for = "10m";
-                  "node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.01";
+                  labels = {severity = "page";};
-                for = "30m";
+                  annotations = {
-                labels = { severity = "page"; };
+                    summary = "{{$labels.alias}}: Running out of swap soon.";
-                annotations = {
+                    description = "{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now.";
-                  summary = "{{$labels.alias}}: Using lots of RAM.";
+                  };
-                  description =
+                }
-                    "{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.";
+                {
-                };
+                  alert = "node_time_unsync";
-              }
+                  expr = "abs(node_timex_offset_seconds) > 0.050 or node_timex_sync_status != 1";
-              {
+                  for = "1m";
-                alert = "node_swap_using_80percent";
+                  labels = {severity = "page";};
-                expr =
+                  annotations = {
-                  "node_memory_SwapTotal_bytes - (node_memory_SwapFree_bytes + node_memory_SwapCached_bytes) > node_memory_SwapTotal_bytes * 0.8";
+                    summary = "{{$labels.alias}}: Clock out of sync with NTP";
-                for = "10m";
+                    description = "{{$labels.alias}} Local clock offset is too large or out of sync with NTP";
-                labels = { severity = "page"; };
+                  };
-                annotations = {
+                }
-                  summary = "{{$labels.alias}}: Running out of swap soon.";
+              ];
-                  description =
+            }
-                    "{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now.";
+          ];
                };
              }
              {
                alert = "node_time_unsync";
                expr =
                  "abs(node_timex_offset_seconds) > 0.050 or node_timex_sync_status != 1";
                for = "1m";
                labels = { severity = "page"; };
                annotations = {
                  summary = "{{$labels.alias}}: Clock out of sync with NTP";
                  description =
                    "{{$labels.alias}} Local clock offset is too large or out of sync with NTP";
                };
              }
            ];
          }];
        })
      ];
      scrapeConfigs = [
        {
          job_name = "prometheus";
          scrape_interval = "5s";
-          static_configs = [{
+          static_configs = [
-            targets = [ "localhost:9090" ];
+            {
-            labels = { alias = "prometheus"; };
+              targets = ["localhost:9090"];
-          }];
+              labels = {alias = "prometheus";};
            }
          ];
        }
        {
          job_name = "cardano-node";
          scrape_interval = "10s";
-          static_configs = [{
+          static_configs = [
-            targets = [ "127.0.0.1:12798" ];
+            {
-            labels = { alias = "airgead"; };
+              targets = ["127.0.0.1:12798"];
-          }];
+              labels = {alias = "airgead";};
            }
          ];
        }
        {
          job_name = "node";
          scrape_interval = "10s";
-          static_configs = [{
+          static_configs = [
-            targets = [ "airgead.mcwhirter.io:9100" ];
+            {
-            labels = { alias = "airgead.mcwhirter.io"; };
+              targets = ["airgead.mcwhirter.io:9100"];
-          }];
+              labels = {alias = "airgead.mcwhirter.io";};
            }
          ];
        }
      ];
    };
  };
 }
--- a/profiles/qemu.nix
+++ b/profiles/qemu.nix
@ -1,31 +1,27 @@
 # Based up original work by cleverca22
 # https://github.com/cleverca22/nixos-configs/blob/master/qemu.nix
-
+{
-{ config, pkgs, lib, ... }:
+  config,
-
+  pkgs,
-with lib;
+  lib,
-let
+  ...
 }:
 with lib; let
  cfg = config.qemu-user;
  arm = {
    interpreter = "${pkgs.qemu-user-arm}/bin/qemu-arm";
-    magicOrExtension =
+    magicOrExtension = "\\x7fELF\\x01\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x28\\x00";
-      "\\x7fELF\\x01\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x28\\x00";
+    mask = "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
    mask =
      "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
  };
  aarch64 = {
    interpreter = "${pkgs.qemu-user-arm64}/bin/qemu-aarch64";
-    magicOrExtension =
+    magicOrExtension = "\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xb7\\x00";
-      "\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xb7\\x00";
+    mask = "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
    mask =
      "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
  };
  riscv64 = {
    interpreter = "${pkgs.qemu-riscv64}/bin/qemu-riscv64";
-    magicOrExtension =
+    magicOrExtension = "\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xf3\\x00";
-      "\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xf3\\x00";
+    mask = "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
    mask =
      "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
  };
 in {
  options = {
@ -37,21 +33,23 @@ in {
    nix.supportedPlatforms = mkOption {
      type = types.listOf types.str;
      description = "extra platforms that nix will run binaries for";
-      default = [ ];
+      default = [];
    };
  };
  config = mkIf (cfg.arm || cfg.aarch64) {
-    nixpkgs = { overlays = [ (import ../overlays/qemu) ]; };
+    nixpkgs = {overlays = [(import ../overlays/qemu)];};
-    boot.binfmt.registrations = optionalAttrs cfg.arm { inherit arm; }
+    boot.binfmt.registrations =
-      // optionalAttrs cfg.aarch64 { inherit aarch64; }
+      optionalAttrs cfg.arm {inherit arm;}
-      // optionalAttrs cfg.riscv64 { inherit riscv64; };
+      // optionalAttrs cfg.aarch64 {inherit aarch64;}
      // optionalAttrs cfg.riscv64 {inherit riscv64;};
    nix.supportedPlatforms =
-      (optionals cfg.arm [ "armv6l-linux" "armv7l-linux" ])
+      (optionals cfg.arm ["armv6l-linux" "armv7l-linux"])
      ++ (optional cfg.aarch64 "aarch64-linux");
    nix.extraOptions = ''
      extra-platforms = ${toString config.nix.supportedPlatforms} i686-linux
    '';
-    nix.sandboxPaths = [ "/run/binfmt" ]
+    nix.sandboxPaths =
      ["/run/binfmt"]
      ++ (optional cfg.arm "${pkgs.qemu-user-arm}")
      ++ (optional cfg.aarch64 "${pkgs.qemu-user-arm64}");
  };
--- a/profiles/retro-gaming.nix
+++ b/profiles/retro-gaming.nix
@ -1,13 +1,13 @@
 # Configuration for
 { config, pkgs, ... }:
 {
  config,
  pkgs,
  ...
 }: {
  # Retro Gaming Packages
  environment.systemPackages = with pkgs; [
    emulationstation
    libretro.stella
    retroarch
  ];
 }
--- a/Show more
+++ b/Show more