treefmt: formatted all nix files

globals.nix

@@ -1,11 +1,11 @@
 self: super: {
-  globals = import ./globals-defaults.nix // rec {
-
+  globals =
+    import ./globals-defaults.nix
+    // rec {
       deploymentName = "mio-ops";
 
       domain = "mcwhirter.io";
 
       environment = "${deploymentName}";
-
     };
 }

hardware/eeepc701.nix

@@ -1,8 +1,10 @@
 # Hardware configuration file common to ASUS 701 EeePC4G-BK004
-
-{ config, lib, pkgs, ... }:
-
 {
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
   imports = [
     <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
     ../profiles/host_common.nix
@@ -33,8 +35,12 @@
     config = {
       allowUnfree = true;
       packageOverrides = pkgs: {
-        stdenv = pkgs.stdenv // {
-          platform = pkgs.stdenv.platform // {
+        stdenv =
+          pkgs.stdenv
+          // {
+            platform =
+              pkgs.stdenv.platform
+              // {
                 kernelExtraConfig = ''
                   HIGHMEM64G? n  # 32-bit proc with > 4G RAM
                   HIGHMEM4G y    # 32-bit proc with =< 4G RAM

hardware/lenovo_x201.nix

@@ -1,12 +1,13 @@
 # Hardware configuration file common to all Lenovo x201 devices
-
-{ config, lib, pkgs, ... }:
-
 {
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
   imports = [<nixpkgs/nixos/modules/installer/scan/not-detected.nix>];
 
-  boot.initrd.availableKernelModules =
-    [ "ehci_pci" "ata_piix" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
+  boot.initrd.availableKernelModules = ["ehci_pci" "ata_piix" "usbhid" "usb_storage" "sd_mod" "sr_mod"];
   boot.initrd.kernelModules = [];
   boot.kernelModules = ["kvm-intel"];
   boot.extraModulePackages = [];

hardware/linode_vm-encrypted.nix

@@ -1,8 +1,10 @@
 # Configuration common to all my encrypted Linode VMs
-
-{ config, pkgs, lib, ... }:
-
 {
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   imports = [
     # Import the NixOS Qemu guest settings
     <nixpkgs/nixos/modules/profiles/qemu-guest.nix>

hardware/linode_vm.nix

@@ -1,8 +1,10 @@
 # Configuration common to all my Linode VMs
-
-{ config, pkgs, lib, ... }:
-
 {
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   imports = [
     # Import the NixOS Qemu guest settings
     <nixpkgs/nixos/modules/profiles/qemu-guest.nix>

hardware/odroid-hc4/default.nix

@@ -1,11 +1,13 @@
-{ config, lib, modulesPath, pkgs, ... }:
-
-with lib;
-
-let
+{
+  config,
+  lib,
+  modulesPath,
+  pkgs,
+  ...
+}:
+with lib; let
   sources = import ../../nix/sources.nix;
   unstable = import sources.nixpkgsUnstable {};
-
 in {
   imports = [
     "${modulesPath}/profiles/base.nix"

hardware/odroid-hc4/modules/sd-image/default.nix

@@ -1,4 +1,10 @@
-{ pkgs, lib, config, modulesPath, ... }: {
+{
+  pkgs,
+  lib,
+  config,
+  modulesPath,
+  ...
+}: {
   imports = [
     "${modulesPath}/installer/sd-card/sd-image.nix"
     # should we include this module or should we treat the SD

hardware/odroid-hc4/overlays/kernel/kernel.nix

@@ -1,7 +1,16 @@
-{ stdenv, buildPackages, fetchFromGitHub, perl, buildLinux, libelf, utillinux
-, lib, ... }@args:
-
-buildLinux (args // rec {
+{
+  stdenv,
+  buildPackages,
+  fetchFromGitHub,
+  perl,
+  buildLinux,
+  libelf,
+  utillinux,
+  lib,
+  ...
+} @ args:
+buildLinux (args
+// rec {
   version = "4.9.241-107";
 
   # modDirVersion needs to be x.y.z.
@@ -26,5 +35,5 @@ buildLinux (args // rec {
   };
 
   extraMeta.platforms = ["aarch64-linux"];
-
-} // (args.argsOverride or { }))
+}
+// (args.argsOverride or {}))

hardware/odroid-hc4/overlays/uboot/hardkernel.nix

@@ -1,10 +1,17 @@
-{ gcc49Stdenv, git, bc, bison, flex, nettools, buildPackages, arm-gcc49 }:
-
+{
+  gcc49Stdenv,
+  git,
+  bc,
+  bison,
+  flex,
+  nettools,
+  buildPackages,
+  arm-gcc49,
+}:
 gcc49Stdenv.mkDerivation {
   name = "hardkernel-uboot";
   src = builtins.fetchTarball {
-    url =
-      "https://github.com/hardkernel/u-boot/archive/766167bbe787e494e47376b31cd017b897e9594c.tar.gz";
+    url = "https://github.com/hardkernel/u-boot/archive/766167bbe787e494e47376b31cd017b897e9594c.tar.gz";
     sha256 = "0hj49jf9w2w55r7fjpx8asb92r85lws8mvq4mvl1v309z7k56zwv";
   };
   patches = [./pwd.diff ./fip_create.diff];

hardware/odroid-hc4/overlays/uboot/meson64-tools.nix

@@ -1,10 +1,13 @@
-{ stdenv, python2, python3 }:
+{
+  stdenv,
+  python2,
+  python3,
+}:
 stdenv.mkDerivation {
   name = "meson64-tools";
   nativeBuildInputs = [python2 python3];
   src = builtins.fetchTarball {
-    url =
-      "https://github.com/angerman/meson64-tools/archive/a2d57d11fd8b4242b903c10dca9d25f7f99d8ff0.tar.gz";
+    url = "https://github.com/angerman/meson64-tools/archive/a2d57d11fd8b4242b903c10dca9d25f7f99d8ff0.tar.gz";
     sha256 = "1487cr7sv34yry8f0chaj6s2g3736dzq0aqw239ahdy30yg7hb2v";
   };
 

hardware/odroid-hc4/overlays/uboot/overlay.nix

@@ -1,6 +1,7 @@
-final: prev:
-let
-  platform = final.lib.systems.examples.aarch64-multiplatform // {
+final: prev: let
+  platform =
+    final.lib.systems.examples.aarch64-multiplatform
+    // {
       gcc = {arch = "armv8-a+crypto";};
     };
   arm64 = final.pkgsCross.aarch64-embedded;
@@ -16,7 +17,9 @@ let
 in {
   uboot-hardkernel = uboot;
   ubootTools-hardkernel = final.buildPackages.ubootTools;
-  buildPackages = prev.buildPackages // {
+  buildPackages =
+    prev.buildPackages
+    // {
       ubootTools-hardkernel = final.buildPackages.buildPackages.ubootTools;
     };
 }

hardware/odroid-hc4/overlays/uboot/u-boot.nix

@@ -1,11 +1,21 @@
-{ stdenv, git, bc, bison, flex, nettools, openssl, buildPackages
-, uboot-hardkernel, meson64-tools, blx_fix }:
-let
-in stdenv.mkDerivation {
+{
+  stdenv,
+  git,
+  bc,
+  bison,
+  flex,
+  nettools,
+  openssl,
+  buildPackages,
+  uboot-hardkernel,
+  meson64-tools,
+  blx_fix,
+}: let
+in
+  stdenv.mkDerivation {
     name = "uboot";
     src = builtins.fetchTarball {
-    url =
-      "https://github.com/u-boot/u-boot/archive/15f7e0dc01d8a851fb1bfbf0e47eab5b67ed26b3.tar.gz";
+      url = "https://github.com/u-boot/u-boot/archive/15f7e0dc01d8a851fb1bfbf0e47eab5b67ed26b3.tar.gz";
       sha256 = "1ardkap35pi2dsajag728fnvlvpfmdrsa0igj93wbkbf2ypzzhf6";
     };
     CROSS_COMPILE = stdenv.cc.targetPrefix;

hardware/odroid-hc4/uboot/boot-ini-builder.nix

@@ -1,5 +1,4 @@
 {pkgs}:
-
 pkgs.substituteAll {
   src = ./boot-ini-builder.sh;
   isExecutable = true;

hardware/odroid-hc4/uboot/hardkernel-uboot.nix

@@ -1,12 +1,18 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
   blCfg = config.boot.loader;
   dtCfg = config.hardware.deviceTree;
   cfg = blCfg.hardkernel-uboot;
 
-  timeoutStr = if blCfg.timeout == null then "-1" else toString blCfg.timeout;
+  timeoutStr =
+    if blCfg.timeout == null
+    then "-1"
+    else toString blCfg.timeout;
 
   # The builder used to write during system activation
   builder = import ./boot-ini-builder.nix {inherit pkgs;};
@@ -38,17 +44,17 @@ in {
           Useful to have for sdImage.populateRootCommands
         '';
       };
-
     };
   };
 
   config = let
-    builderArgs = "-t ${timeoutStr}"
+    builderArgs =
+      "-t ${timeoutStr}"
       + lib.optionalString (dtCfg.name != null) " -n ${dtCfg.name}";
-  in mkIf cfg.enable {
+  in
+    mkIf cfg.enable {
       system.build.installBootLoader = "${builder} ${builderArgs} -c";
       system.boot.loader.id = "hardkernel-uboot";
-    boot.loader.hardkernel-uboot.populateCmd =
-      "${populateBuilder} ${builderArgs}";
+      boot.loader.hardkernel-uboot.populateCmd = "${populateBuilder} ${builderArgs}";
     };
 }

hardware/purism_librem_15.nix

@@ -1,8 +1,10 @@
 # Hardware configuration file common to all Purism Librem 15 ver 3 TPM devices
-
-{ config, lib, pkgs, ... }:
-
 {
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
   imports = [<nixpkgs/nixos/modules/installer/scan/not-detected.nix>];
 
   boot = {
@@ -18,8 +20,7 @@
         "cryptd" # Software async crypto daemon
       ];
       kernelModules = ["dm-snapshot"];
-      luks.devices."cryptroot".device =
-        "/dev/disk/by-uuid/52040288-dea9-4e74-9438-d0946b48a1f4";
+      luks.devices."cryptroot".device = "/dev/disk/by-uuid/52040288-dea9-4e74-9438-d0946b48a1f4";
     };
     kernelModules = ["kvm-intel"]; # Enable kvm for libvirtd
   };
@@ -34,8 +35,7 @@
     fsType = "ext4";
   };
 
-  swapDevices =
-    [{ device = "/dev/disk/by-uuid/ac308d76-cc12-4a73-83ee-64a2ad07b91e"; }];
+  swapDevices = [{device = "/dev/disk/by-uuid/ac308d76-cc12-4a73-83ee-64a2ad07b91e";}];
 
   nix.maxJobs = lib.mkDefault 4;
 }

hardware/raspberry_pi_2_model_B.nix

@@ -1,9 +1,10 @@
 # Configuration common to all Raspberry Pi 2 Model B devices
-
-{ config, pkgs, lib, ... }:
-
 {
-
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   boot = {
     consoleLogLevel = lib.mkDefault 7;
     initrd = {
@@ -59,10 +60,12 @@
   };
 
   # !!! Adding a swap file is optional, but strongly recommended!
-  swapDevices = [{
+  swapDevices = [
+    {
       device = "/swapfile";
       size = 1024;
-  }];
+    }
+  ];
 
   hardware = {
     enableRedistributableFirmware = true; # Enable support for Pi firmware blobs
@@ -74,9 +77,7 @@
 
   sound.enable = false; # Disable sound.
 
-  environment.systemPackages = with pkgs;
-    [
+  environment.systemPackages = with pkgs; [
     libraspberrypi # Userland tools for the Raspberry Pi board
   ];
-
 }

hardware/raspberry_pi_3_model_B.nix

@@ -1,9 +1,10 @@
 # Configuration common to all Raspberry Pi 3 Model B devices
-
-{ config, pkgs, lib, ... }:
-
 {
-
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   boot = {
     initrd = {
       availableKernelModules = [
@@ -62,10 +63,12 @@
   };
 
   # !!! Adding a swap file is optional, but strongly recommended!
-  swapDevices = [{
+  swapDevices = [
+    {
       device = "/swapfile";
       size = 1024;
-  }];
+    }
+  ];
 
   hardware = {
     enableRedistributableFirmware = true; # Enable support for Pi firmware blobs
@@ -75,9 +78,7 @@
     enableB43Firmware = false; # If true, enable Pi wireless firmware
   };
 
-  environment.systemPackages = with pkgs;
-    [
+  environment.systemPackages = with pkgs; [
     libraspberrypi # Userland tools for the Raspberry Pi board
   ];
-
 }

hosts/airgead.nix

@@ -1,9 +1,10 @@
 # NixOps configuration for airgead
-
-{ config, pkgs, lib, ... }:
-
 {
-
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   imports = [
     ../networks/linode.nix
     ../profiles/cardano-node.nix

hosts/ceilidh.nix

@@ -1,12 +1,14 @@
-# NixOps configuration for pàidh-tri
-
-{ config, pkgs, lib, ... }:
-
+# NixOps configuration for ceilidh
 {
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   imports = [../hardware/odroid-hc4];
 
   # Comment out deployment when building the SD Image.
-  deployment.targetHost = "10.42.0.121";
+  deployment.targetHost = "10.42.0.108";
   networking.hostName = "ceilidh"; # Define your hostname.
 
   # Ensure the right package architecture is used
@@ -21,8 +23,7 @@
     };
   };
 
-  environment.systemPackages = with pkgs;
-    [
+  environment.systemPackages = with pkgs; [
     gnupg # GPL OpenPGP implementation
   ];
 

hosts/cuallaidh.nix

@@ -1,9 +1,10 @@
 # NixOps configuration for cuallaidh
-
-{ config, pkgs, lib, ... }:
-
 {
-
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   imports = [
     ../networks/linode.nix
     ../profiles/coturn.nix
@@ -11,6 +12,8 @@
     ../profiles/gitea.nix
     #../profiles/hydra.nix
     ../profiles/iohk.nix
+    ../profiles/ipv6.nix
+    ../profiles/mastodon.nix
     ../profiles/matrix.nix
     ../profiles/mcwhirter.io.nix
     ../profiles/minecraftServer.nix
@@ -26,6 +29,12 @@
   deployment.targetHost = "172.105.171.16";
 
   networking.hostName = "cuallaidh"; # Define your hostname.
+  networking.interfaces.eth0.ipv6.addresses = [
+    {
+      address = "2400:8907::f03c:92ff:fe08:f1d4";
+      prefixLength = 64;
+    }
+  ];
 
   system.stateVersion = "19.03"; # The version of NixOS originally installed
 }

hosts/dhu.nix

@@ -1,8 +1,9 @@
 # Configuration for an ASUS ASUS 701 EeePC4G-BK004
-
-{ config, pkgs, ... }:
-
 {
+  config,
+  pkgs,
+  ...
+}: {
   imports = [
     ../hardware/eeepc701.nix # Include common configuration options
     ../secrets/wireless.nix
@@ -13,5 +14,4 @@
   networking.hostName = "dhu"; # Define your hostname.
 
   system.stateVersion = "20.09"; # The version of NixOS originally installed
-
 }

hosts/dionach.nix

@@ -1,9 +1,9 @@
 # NixOps configuration for dionach
-
-{ config, pkgs, ... }:
-
 {
-
+  config,
+  pkgs,
+  ...
+}: {
   imports = [
     ../hardware/purism_librem_15.nix # Include results of the hardware scan.
     ../profiles/android.nix # Provide an Android dev environment
@@ -14,6 +14,7 @@
     ../profiles/haskell-dev.nix # Haskell dev environment
     ../profiles/host_common.nix # Common host configuration options
     ../profiles/iohk.nix # IOHK environment
+    ../profiles/kde.nix # kdeenvironment
     ../profiles/keyboard.nix
     ../profiles/neomutt.nix # Neomutt email
     ../profiles/nix-community.nix # Nix community aarch64 tooling
@@ -219,5 +220,4 @@
   # servers. You should change this only after NixOS release notes say you
   # should.
   system.stateVersion = "20.03"; # Did you read the comment?
-
 }

hosts/iolear-beag.nix

@@ -1,8 +1,9 @@
 # NixOS Configuration for a Lenovo x201
-
-{ config, pkgs, ... }:
-
 {
+  config,
+  pkgs,
+  ...
+}: {
   imports = [
     ../hardware/lenovo_x201.nix
     ../profiles/desktop_common.nix
@@ -18,5 +19,4 @@
   networking.hostName = "iolear-beag"; # Define your hostname.
 
   system.stateVersion = "18.09"; # The version of NixOS originally installed
-
 }

hosts/paidh-aon.nix

@@ -1,8 +1,10 @@
 # NixOps configuration for pàidh-aon
-
-{ config, pkgs, lib, ... }:
-
 {
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   imports = [../networks/pi2B_rack.nix];
 
   # Comment out deployment when building the SD Image.

hosts/paidh-ceithir.nix

@@ -1,8 +1,10 @@
 # NixOps configuration for paidh-ceithir
-
-{ config, pkgs, lib, ... }:
-
 {
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   imports = [../networks/pi3B_rack.nix];
 
   # Comment out deployment when building the SD Image.

hosts/paidh-coig.nix

@@ -1,8 +1,10 @@
 # NixOps configuration for paidh-coig
-
-{ config, pkgs, lib, ... }:
-
 {
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   imports = [../networks/pi3B_rack.nix];
 
   # Comment out deployment when building the SD Image.

hosts/paidh-dha.nix

@@ -1,8 +1,10 @@
 # NixOps configuration for pàidh-dha
-
-{ config, pkgs, lib, ... }:
-
 {
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   imports = [
     ../networks/pi3B_rack.nix
     ../profiles/transmission.nix

hosts/paidh-tri.nix

@@ -1,16 +1,17 @@
 # NixOps configuration for pàidh-tri
-
-{ config, pkgs, lib, ... }:
-
 {
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   imports = [../networks/pi3B_rack.nix ../profiles/cyclone-ibis.nix];
 
   # Comment out deployment when building the SD Image.
   deployment.targetHost = "10.42.0.203";
   networking.hostName = "paidh-tri"; # Define your hostname.
 
-  environment.systemPackages = with pkgs;
-    [
+  environment.systemPackages = with pkgs; [
     gnupg # GPL OpenPGP implementation
   ];
 

hosts/paidh-uachdar.nix

@@ -1,8 +1,10 @@
 # NixOps configuration for pàidh-uachdar
-
-{ config, pkgs, lib, ... }:
-
 {
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   imports = [
     ../hardware/raspberry_pi_3_model_B.nix
     ../profiles/host_common.nix
@@ -34,8 +36,7 @@
     nixos.enable = false; # Save some space by disabling the manual
   };
 
-  environment.systemPackages = with pkgs;
-    [
+  environment.systemPackages = with pkgs; [
     gnupg # GPL OpenPGP implementation
   ];
 

hosts/sithlainnir.nix

@@ -1,8 +1,9 @@
 # Configuration for sithlainnir, a Lenovo x201
-
-{ config, pkgs, ... }:
-
 {
+  config,
+  pkgs,
+  ...
+}: {
   imports = [
     ../hardware/lenovo_x201.nix
     ../profiles/desktopFiona.nix
@@ -18,5 +19,4 @@
   networking.hostName = "sithlainnir"; # Define your hostname.
 
   system.stateVersion = "18.09"; # The version of NixOS originally installed
-
 }

hosts/teintidh.nix

@@ -1,8 +1,9 @@
 # Configuration for a Lenovo x201
-
-{ config, pkgs, ... }:
-
 {
+  config,
+  pkgs,
+  ...
+}: {
   imports = [
     ../hardware/lenovo_x201.nix
     ../profiles/desktop_common.nix
@@ -19,5 +20,4 @@
   networking.hostName = "teintidh"; # Define your hostname.
 
   system.stateVersion = "18.09"; # The version of NixOS originally installed
-
 }

images/sd-image_paidh-aarch64.nix

@@ -2,10 +2,12 @@
 #
 # To build, use:
 # imports = [ ./sd-image_paidh-base ]
-
-{ config, lib, pkgs, ... }:
-
-let
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
   extlinux-conf-builder = import
   <nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix> {
     pkgs = pkgs.buildPackages;
@@ -44,5 +46,4 @@ in {
       ${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot
     '';
   };
-
 }

images/sd-image_paidh-aon.nix

@@ -8,9 +8,6 @@
 # An example of how to write the image to SD card:
 #
 # bzcat ./result/sd-image/nixos-sd-image-20.03.1577.74a80c5a9ab-aarch64-linux.img.bz2 | sudo dd of=/dev/sdb
-
 {...}: {
-
   imports = [./sd-image_paidh-armv7.nix ../hosts/paidh-aon.nix];
-
 }

images/sd-image_paidh-armv7.nix

@@ -2,10 +2,12 @@
 #
 # To build, use:
 # imports = [ ./sd-image_paidh-armv7.nix ]
-
-{ config, lib, pkgs, ... }:
-
-let
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
   extlinux-conf-builder = import
   <nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix> {
     pkgs = pkgs.buildPackages;
@@ -42,5 +44,4 @@ in {
       ${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot
     '';
   };
-
 }

images/sd-image_paidh-ceithir.nix

@@ -8,9 +8,6 @@
 # An example of how to write the image to SD card:
 #
 # bzcat ./result/sd-image/nixos-sd-image-20.03.1577.74a80c5a9ab-aarch64-linux.img.bz2 | sudo dd of=/dev/sdb
-
 {...}: {
-
   imports = [./sd-image_paidh-aarch64.nix ../hosts/paidh-ceithir.nix];
-
 }

images/sd-image_paidh-coig.nix

@@ -8,9 +8,6 @@
 # An example of how to write the image to SD card:
 #
 # bzcat ./result/sd-image/nixos-sd-image-20.03.1577.74a80c5a9ab-aarch64-linux.img.bz2 | sudo dd of=/dev/sdb
-
 {...}: {
-
   imports = [./sd-image_paidh-aarch64.nix ../hosts/paidh-coig.nix];
-
 }

images/sd-image_paidh-dha.nix

@@ -1,7 +1,4 @@
 # SD image for paidh-dha
-
 {...}: {
-
   imports = [./sd-image_paidh-aarch64.nix ../hosts/paidh-dha.nix];
-
 }

images/sd-image_paidh-tri.nix

@@ -8,9 +8,6 @@
 # An example of how to write the image to SD card:
 #
 # bzcat ./result/sd-image/nixos-sd-image-20.03.1577.74a80c5a9ab-aarch64-linux.img.bz2 | sudo dd of=/dev/sdb
-
 {...}: {
-
   imports = [./sd-image_paidh-aarch64.nix ../hosts/paidh-tri.nix];
-
 }

images/usb-yubikey.nix

@@ -1,10 +1,10 @@
 # Configuration for USB image for air gapped Yubikey machine
 #
 # Usage: nix-build -A iso images/usb-yubikey.nix
-
-{ nixpkgs ? <nixpkgs>, system ? "x86_64-linux" }:
-
-let
+{
+  nixpkgs ? <nixpkgs>,
+  system ? "x86_64-linux",
+}: let
   config = {pkgs, ...}:
     with pkgs; {
       imports = [
@@ -33,5 +33,4 @@ let
     };
   evalNixos = configuration:
     import <nixpkgs/nixos> {inherit system configuration;};
-
 in {iso = (evalNixos config).config.system.build.isoImage;}

networks/linode-common.nix

@@ -1,8 +1,10 @@
 # NixOps configuration common to Linode VMs
-
-{ config, pkgs, lib, ... }:
-
 {
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   imports = [../profiles/host_common.nix ../profiles/server_common.nix];
 
   # Ensure the right package architecture is used
@@ -26,4 +28,9 @@
     };
   };
 
+  systemd.network.networks.eth0.ipv6SendRAConfig = {
+    EmitDNS = true;
+    Managed = true;
+    OtherInformation = true;
+  };
 }

networks/linode-encrypted.nix

@@ -1,7 +1,9 @@
 # NixOps configuration for the Linode VMs
-
-{ config, pkgs, lib, ... }:
-
 {
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   imports = [../hardware/linode_vm-encrypted.nix ./linode-common.nix];
 }

networks/linode.nix

@@ -1,7 +1,9 @@
 # NixOps configuration for the Linode VMs
-
-{ config, pkgs, lib, ... }:
-
 {
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   imports = [../hardware/linode_vm.nix ./linode-common.nix];
 }

networks/pi2B_rack.nix

@@ -1,7 +1,5 @@
 # NixOps configuration for the Raspberry Pi 2B Rack
-
 {
-
   imports = [
     <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
     ../hardware/raspberry_pi_2_model_B.nix
@@ -26,5 +24,4 @@
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFq6/C6ZSM8nS091fqw/om9LRszHDmS82ZTL7+GaSBnz craige@paidh-tri"
     ];
   };
-
 }

networks/pi3B_rack.nix

@@ -1,7 +1,5 @@
 # NixOps configuration for the Raspberry Pi 3B Rack
-
 {
-
   imports = [
     <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
     ../hardware/raspberry_pi_3_model_B.nix
@@ -20,6 +18,12 @@
   networking.wireless.enable =
     false; # Toggles wireless support via wpa_supplicant.
 
+  systemd.network.networks.eth0.ipv6SendRAConfig = {
+    EmitDNS = true;
+    Managed = true;
+    OtherInformation = true;
+  };
+
   documentation = {
     nixos.enable = false; # Save some space by disabling the manual
   };
@@ -30,5 +34,4 @@
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFq6/C6ZSM8nS091fqw/om9LRszHDmS82ZTL7+GaSBnz craige@pi-tri"
     ];
   };
-
 }

nix/default.nix

@@ -1,22 +1,24 @@
-{ sources ? import ./sources.nix, system ? builtins.currentSystem
-, crossSystem ? null, config ? { } }:
-
-let
+{
+  sources ? import ./sources.nix,
+  system ? builtins.currentSystem,
+  crossSystem ? null,
+  config ? {},
+}: let
   # our own overlays:
   local-overlays = [];
 
-  globals = if builtins.pathExists ../globals.nix then
-    [ (import ../globals.nix) ]
-  else
-    builtins.trace "globals.nix missing, please add symlink" [ ];
+  globals =
+    if builtins.pathExists ../globals.nix
+    then [(import ../globals.nix)]
+    else builtins.trace "globals.nix missing, please add symlink" [];
 
   # merge upstream sources with our own:
   upstream-overlays = [
     (_: super: {
-
       sources = (super.sources or {}) // sources;
     })
   ];
 
   overlays = local-overlays ++ globals ++ upstream-overlays;
-in import sources.nixpkgs { inherit overlays system crossSystem config; }
+in
+  import sources.nixpkgs {inherit overlays system crossSystem config;}

nix/sources.nix

@@ -1,22 +1,17 @@
 # This file has been generated by Niv.
-
 let
-
   #
   # The fetchers. fetch_<type> fetches specs of type <type>.
   #
-
   fetch_file = pkgs: spec:
-    if spec.builtin or true then
-      builtins_fetchurl { inherit (spec) url sha256; }
-    else
-      pkgs.fetchurl { inherit (spec) url sha256; };
+    if spec.builtin or true
+    then builtins_fetchurl {inherit (spec) url sha256;}
+    else pkgs.fetchurl {inherit (spec) url sha256;};
 
   fetch_tarball = pkgs: spec:
-    if spec.builtin or true then
-      builtins_fetchTarball { inherit (spec) url sha256; }
-    else
-      pkgs.fetchzip { inherit (spec) url sha256; };
+    if spec.builtin or true
+    then builtins_fetchTarball {inherit (spec) url sha256;}
+    else pkgs.fetchzip {inherit (spec) url sha256;};
 
   fetch_git = spec:
     builtins.fetchGit {
@@ -31,7 +26,8 @@ let
         instead use `builtin = true`.
 
         $ niv modify <package> -a type=tarball -a builtin=true
-    '' builtins_fetchTarball { inherit (spec) url sha256; };
+    ''
+    builtins_fetchTarball {inherit (spec) url sha256;};
 
   fetch_builtin-url = spec:
     builtins.trace ''
@@ -47,17 +43,17 @@ let
   #
 
   # The set of packages used when specs are fetched using non-builtins.
-  mkPkgs = sources:
-    let
+  mkPkgs = sources: let
     sourcesNixpkgs =
       import (builtins_fetchTarball {inherit (sources.nixpkgs) url sha256;})
       {};
     hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
     hasThisAsNixpkgsPath = <nixpkgs> == ./.;
-    in if builtins.hasAttr "nixpkgs" sources then
-      sourcesNixpkgs
-    else if hasNixpkgsPath && !hasThisAsNixpkgsPath then
-      import <nixpkgs> { }
+  in
+    if builtins.hasAttr "nixpkgs" sources
+    then sourcesNixpkgs
+    else if hasNixpkgsPath && !hasThisAsNixpkgsPath
+    then import <nixpkgs> {}
     else
       abort ''
         Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
@@ -66,19 +62,18 @@ let
 
   # The actual fetching function.
   fetch = pkgs: name: spec:
-
-    if !builtins.hasAttr "type" spec then
-      abort "ERROR: niv spec ${name} does not have a 'type' attribute"
-    else if spec.type == "file" then
-      fetch_file pkgs spec
-    else if spec.type == "tarball" then
-      fetch_tarball pkgs spec
-    else if spec.type == "git" then
-      fetch_git spec
-    else if spec.type == "builtin-tarball" then
-      fetch_builtin-tarball spec
-    else if spec.type == "builtin-url" then
-      fetch_builtin-url spec
+    if !builtins.hasAttr "type" spec
+    then abort "ERROR: niv spec ${name} does not have a 'type' attribute"
+    else if spec.type == "file"
+    then fetch_file pkgs spec
+    else if spec.type == "tarball"
+    then fetch_tarball pkgs spec
+    else if spec.type == "git"
+    then fetch_git spec
+    else if spec.type == "builtin-tarball"
+    then fetch_builtin-tarball spec
+    else if spec.type == "builtin-url"
+    then fetch_builtin-url spec
     else
       abort
       "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
@@ -86,7 +81,9 @@ let
   # Ports of functions for older nix versions
 
   # a Nix version of mapAttrs if the built-in doesn't exist
-  mapAttrs = builtins.mapAttrs or (f: set:
+  mapAttrs =
+    builtins.mapAttrs
+    or (f: set:
       with builtins;
         listToAttrs (map (attr: {
           name = attr;
@@ -94,40 +91,51 @@ let
         }) (attrNames set)));
 
   # fetchTarball version that is compatible between all the versions of Nix
-  builtins_fetchTarball = { url, sha256 }@attrs:
-    let inherit (builtins) lessThan nixVersion fetchTarball;
-    in if lessThan nixVersion "1.12" then
-      fetchTarball { inherit url; }
-    else
-      fetchTarball attrs;
+  builtins_fetchTarball = {
+    url,
+    sha256,
+  } @ attrs: let
+    inherit (builtins) lessThan nixVersion fetchTarball;
+  in
+    if lessThan nixVersion "1.12"
+    then fetchTarball {inherit url;}
+    else fetchTarball attrs;
 
   # fetchurl version that is compatible between all the versions of Nix
-  builtins_fetchurl = { url, sha256 }@attrs:
-    let inherit (builtins) lessThan nixVersion fetchurl;
-    in if lessThan nixVersion "1.12" then
-      fetchurl { inherit url; }
-    else
-      fetchurl attrs;
+  builtins_fetchurl = {
+    url,
+    sha256,
+  } @ attrs: let
+    inherit (builtins) lessThan nixVersion fetchurl;
+  in
+    if lessThan nixVersion "1.12"
+    then fetchurl {inherit url;}
+    else fetchurl attrs;
 
   # Create the final "sources" from the config
   mkSources = config:
     mapAttrs (name: spec:
-      if builtins.hasAttr "outPath" spec then
+      if builtins.hasAttr "outPath" spec
+      then
         abort
         "The values in sources.json should not have an 'outPath' attribute"
-      else
-        spec // { outPath = fetch config.pkgs name spec; }) config.sources;
+      else spec // {outPath = fetch config.pkgs name spec;})
+    config.sources;
 
   # The "config" used by the fetchers
-  mkConfig = { sourcesFile ? ./sources.json
-    , sources ? builtins.fromJSON (builtins.readFile sourcesFile)
-    , pkgs ? mkPkgs sources }: rec {
+  mkConfig = {
+    sourcesFile ? ./sources.json,
+    sources ? builtins.fromJSON (builtins.readFile sourcesFile),
+    pkgs ? mkPkgs sources,
+  }: rec {
     # The sources, i.e. the attribute set of spec name to spec
     inherit sources;
 
     # The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers
     inherit pkgs;
   };
-in mkSources (mkConfig { }) // {
+in
+  mkSources (mkConfig {})
+  // {
     __functor = _: settings: mkSources (mkConfig settings);
   }

nixops.nix

@@ -1,5 +1,4 @@
 # NixOps configuration for the mio-ops nodes
-
 {
   network = {
     description = "mio-ops nodes";
@@ -8,9 +7,12 @@
 
   network.storage.legacy = {databasefile = "~/.nixops/deployments.nixops";};
 
-  defaults = { config, pkgs, lib, ... }:
-
-    {
+  defaults = {
+    config,
+    pkgs,
+    lib,
+    ...
+  }: {
     system.autoUpgrade.enable = false; # Disabled as it conflicts with NixOps
   };
 

overlays/nixUnstable.nix

@@ -1,4 +1,6 @@
-let sources = import ../nix/sources.nix { };
-in final: prev: {
+let
+  sources = import ../nix/sources.nix {};
+in
+  final: prev: {
     nixUnstable = (import sources.nixos-unstable {}).nixUnstable;
   }

overlays/qemu/default.nix

@@ -1,13 +1,10 @@
 # Based up original waokr by cleverca22
 # https://github.com/cleverca22/nixos-configs/blob/master/overlays/qemu/default.nix
-
-self: super:
-
-{
-  qemu-user-arm = if self.stdenv.system == "x86_64-linux" then
-    self.pkgsi686Linux.callPackage ./qemu { user_arch = "arm"; }
-  else
-    self.callPackage ./qemu { user_arch = "arm"; };
+self: super: {
+  qemu-user-arm =
+    if self.stdenv.system == "x86_64-linux"
+    then self.pkgsi686Linux.callPackage ./qemu {user_arch = "arm";}
+    else self.callPackage ./qemu {user_arch = "arm";};
   qemu-user-x86 = self.callPackage ./qemu {user_arch = "x86_64";};
   qemu-user-arm64 = self.callPackage ./qemu {user_arch = "aarch64";};
   qemu-user-riscv32 = self.callPackage ./qemu {user_arch = "riscv32";};

overlays/qemu/qemu/default.nix

@@ -1,10 +1,20 @@
 # Based up original waokr by cleverca22
 # https://raw.githubusercontent.com/cleverca22/nixos-configs/master/overlays/qemu/qemu/default.nix
-
-{ stdenv, fetchurl, python, pkgconfig, zlib, glib, user_arch, flex, bison
-, makeStaticLibraries, glibc, qemu, fetchFromGitHub }:
-
-let
+{
+  stdenv,
+  fetchurl,
+  python,
+  pkgconfig,
+  zlib,
+  glib,
+  user_arch,
+  flex,
+  bison,
+  makeStaticLibraries,
+  glibc,
+  qemu,
+  fetchFromGitHub,
+}: let
   env2 = makeStaticLibraries stdenv;
   myglib = (glib.override {stdenv = env2;}).overrideAttrs (drv: {
     mesonFlags = (drv.mesonFlags or []) ++ ["-Ddefault_library=both"];
@@ -22,10 +32,14 @@ let
     riscv64 = "x86_64";
     x86_64 = "x86_64";
   };
-in stdenv.mkDerivation rec {
+in
+  stdenv.mkDerivation rec {
     name = "qemu-user-${user_arch}-${version}";
     version = "3.1.0";
-  src = if is_riscv then riscv_src else qemu.src;
+    src =
+      if is_riscv
+      then riscv_src
+      else qemu.src;
     buildInputs = [python pkgconfig zlib.static myglib flex bison glibc.static];
     patches = [./qemu-stack.patch];
     configureFlags = [

overlays/vim-cue.nix

@@ -1,9 +1,10 @@
 # Cue filetype plugin for Vim
 #
 # Provide an overlay to obtain vim-cue from upstream rather than nixpkgs
-
 final: prev: {
-  vimPlugins = prev.vimPlugins // {
+  vimPlugins =
+    prev.vimPlugins
+    // {
       vim-cue = prev.vimUtils.buildVimPlugin {
         name = "vim-cue";
         src = prev.fetchFromGitHub {

profiles/android.nix

@@ -1,9 +1,9 @@
 # Configuration for my Android development requirements
-
-{ config, pkgs, ... }:
-
 {
-
+  config,
+  pkgs,
+  ...
+}: {
   nixpkgs.config = {
     android_sdk.accept_license = true; # Accept the Android SDK licence
   };
@@ -18,5 +18,4 @@
   ];
 
   users.groups.adbusers.members = ["craige"];
-
 }

profiles/bash.nix

@@ -1,9 +1,5 @@
 # Configuration common to all my servers
-
-{ config, ... }:
-
-{
-
+{config, ...}: {
   # Program defaults for all hosts
   programs.bash = {
     interactiveShellInit = ''
@@ -15,5 +11,4 @@
     '';
     vteIntegration = true;
   };
-
 }

profiles/cardano-node.nix

@@ -1,19 +1,17 @@
 # NixOps configuration for the hosts running a Cardano node
-
-{ config, pkgs, lib, ... }:
-
-let
-
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
   sources = import ../nix/sources.nix;
   cardanoNodeProject = import (sources.cardano-node + "/nix") {
     gitrev = sources.cardano-node.rev;
   };
   iohkNix = import (sources.iohk-nix) {};
-
 in {
-
-  imports =
-    [ ../secrets/cardano/producers.nix "${sources.cardano-node}/nix/nixos" ];
+  imports = [../secrets/cardano/producers.nix "${sources.cardano-node}/nix/nixos"];
 
   environment.systemPackages = [cardanoNodeProject.cardano-cli];
 
@@ -22,13 +20,17 @@ in {
       enable = true;
       environment = "mainnet";
       hostAddr = "0.0.0.0";
-      nodeConfig = iohkNix.cardanoLib.environments.mainnet.nodeConfig // {
+      nodeConfig =
+        iohkNix.cardanoLib.environments.mainnet.nodeConfig
+        // {
           hasPrometheus = ["127.0.0.1" 12798];
-        setupScribes = [{
+          setupScribes = [
+            {
               scKind = "JournalSK";
               scName = "cardano";
               scFormat = "ScText";
-        }];
+            }
+          ];
           defaultScribes = [["JournalSK" "cardano"]];
         };
       kesKey = "/run/keys/cardano-kes";
@@ -45,7 +47,5 @@ in {
     };
   };
 
-  users.groups.keys.members =
-    [ "cardano-node" ]; # Required due to NixOps issue #1204
-
+  users.groups.keys.members = ["cardano-node"]; # Required due to NixOps issue #1204
 }

profiles/chrony.nix

@@ -1,11 +1,6 @@
 # NixOps configuration for the hosts running a Chrony service
-
-{ config, ... }:
-
-{
-
+{config, ...}: {
   services.chrony = {
-    enable = true; # Enable Chrony
+    #enable = true; # Enable Chrony
   };
-
 }

profiles/coturn.nix

@@ -1,24 +1,24 @@
 # NixOps configuration for the hosts running a TURN server (coturn)
-
-{ config, pkgs, lib, ... }:
-
 {
-
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   imports = [../secrets/coturn.nix];
 
   services = {
-
     coturn = {
       enable = true; # Enable the coturn server
       lt-cred-mech = true; # Enable long-term credentials
       use-auth-secret = true; # Enable TURN REST API
       realm = "turn.mcwhirter.io"; # Default realm for users
-      relay-ips = [ # Relay addresses
+      relay-ips = [
+        # Relay addresses
         "172.105.171.16"
       ];
       no-tcp-relay = true; # Disable TCP relay endpoints
-      extraConfig =
-        "\n        cipher-list=\"HIGH\"\n        no-loopback-peers\n        no-multicast-peers\n      ";
+      extraConfig = "\n        cipher-list=\"HIGH\"\n        no-loopback-peers\n        no-multicast-peers\n      ";
       secure-stun = true; # Require authentication of the STUN Binding request
       cert = "/var/lib/acme/turn.mcwhirter.io/fullchain.pem";
       pkey = "/var/lib/acme/turn.mcwhirter.io/key.pem";
@@ -52,7 +52,8 @@
       5350 # STUN tls alt
       443 # HTTPS
     ];
-    allowedUDPPortRanges = [{
+    allowedUDPPortRanges = [
+      {
         from = 49152;
         to = 49999;
       } # TURN relay
@@ -60,5 +61,4 @@
   };
 
   users.groups.turnserver.members = ["nginx"]; # Added for keys permissions
-
 }

profiles/craige4rocky.nix

@@ -1,8 +1,9 @@
 # NixOps configuration for deploying the craige4rocky website
-
-{ config, pkgs, ... }:
-
-let
+{
+  config,
+  pkgs,
+  ...
+}: let
   craige4rocky = import (pkgs.fetchgit {
     name = "craige4rocky-src";
     url = "https://source.mcwhirter.io/craige/craige4rocky.git";
@@ -10,9 +11,7 @@ let
     sha256 = "1cammdgszclrhvp56af3c7vnanyn0gplvkhqi6jkg1ygy01ard4w";
   }) {nixpkgs = pkgs;};
   webdomain = "craige4rocky.org";
-
 in {
-
   environment.sessionVariables = {
     LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
   };
@@ -24,16 +23,17 @@ in {
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
     virtualHosts = {
-      "${webdomain}" = { # website hostname
+      "${webdomain}" = {
+        # website hostname
         enableACME = true; # Use ACME certs
         forceSSL = true; # Force SSL
         root = "${craige4rocky}"; # Wesbite root
       };
-      "www.${webdomain}" = { # Respect our elders :-)
+      "www.${webdomain}" = {
+        # Respect our elders :-)
         forceSSL = true;
         enableACME = true;
-        locations."/".extraConfig =
-          "return 301 $scheme://${webdomain}$request_uri;";
+        locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;";
       };
     };
   };
@@ -47,5 +47,4 @@ in {
   };
 
   networking.firewall.allowedTCPPorts = [80 443];
-
 }

profiles/cron-craige.nix

@@ -1,9 +1,9 @@
 # NixOps configuration for Craige's cron jobs
-
-{ config, pkgs, ... }:
-
 {
-
+  config,
+  pkgs,
+  ...
+}: {
   services.cron = {
     enable = true; # Enable cron service
     systemCronJobs = [
@@ -12,5 +12,4 @@
       "*/5 * * * *     craige  /run/current-system/sw/bin/task rc:~/.taskrc_obair sync >> /home/craige/.tasksync_obair.log 2>&1"
     ];
   };
-
 }

profiles/cryptpad.nix

@@ -1,9 +1,10 @@
 # NixOps configuration for the hosts running a Cryptpad server
-
-{ config, pkgs, lib, ... }:
-
 {
-
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   services.cryptpad = {
     enable = true; # Enable Cryptpad server
   };
@@ -14,7 +15,8 @@
     recommendedOptimisation = true;
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
-    virtualHosts."pad.mcwhirter.io" = { # Cryptpad hostname
+    virtualHosts."pad.mcwhirter.io" = {
+      # Cryptpad hostname
       enableACME = true; # Use ACME certs
       forceSSL = true; # Force SSL
       locations = {
@@ -55,8 +57,7 @@
           '';
           tryFiles = "$uri =404";
         };
-        "~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams)$" =
-          {
+        "~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams)$" = {
           extraConfig = ''
             rewrite ^(.*)$ $1/ redirect;
           '';
@@ -72,5 +73,4 @@
     acceptTerms = true;
     certs = {"pad.mcwhirter.io".email = "craige@mcwhirter.io";};
   };
-
 }

profiles/cyclone-ibis.nix

@@ -1,8 +1,9 @@
 # NixOps configuration for deploying the Cyclone Ibis website
-
-{ config, pkgs, ... }:
-
-let
+{
+  config,
+  pkgs,
+  ...
+}: let
   cyclone-ibis = import (pkgs.fetchgit {
     name = "cyclone-ibis-src";
     url = "https://source.mcwhirter.io/craige/cyclone-ibis.git";
@@ -10,9 +11,7 @@ let
     sha256 = "sha256-NIEs0EuiHL9Zll0Sa4aR5zyzerw5akXxSC1pkDQPG5s=";
   }) {nixpkgs = pkgs;};
   webdomain = "cycloneibis.com";
-
 in {
-
   environment.sessionVariables = {
     LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
   };
@@ -26,16 +25,17 @@ in {
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
     virtualHosts = {
-      "${webdomain}" = { # website hostname
+      "${webdomain}" = {
+        # website hostname
         enableACME = true; # Use ACME certs
         forceSSL = true; # Force SSL
         root = "${cyclone-ibis}"; # Wesbite root
       };
-      "www.${webdomain}" = { # Respect our elders :-)
+      "www.${webdomain}" = {
+        # Respect our elders :-)
         forceSSL = true;
         enableACME = true;
-        locations."/".extraConfig =
-          "return 301 $scheme://${webdomain}$request_uri;";
+        locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;";
       };
     };
   };
@@ -49,5 +49,4 @@ in {
   };
 
   networking.firewall.allowedTCPPorts = [80 443];
-
 }

profiles/daedalus.nix

@@ -1,19 +1,17 @@
 # NixOps configuration for the hosts running Daedalus
-
-{ config, pkgs, lib, ... }:
-
-let
-
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
   sources = import ../nix/sources.nix;
   daedalusProject = import sources.daedalus {};
   daedalusMainnet = daedalusProject.daedalus;
   #daedalusFlight = daedalusProject.daedalus {--argstr cluster mainnet_flight -o daedalusFlight};
-
 in {
-
   environment.systemPackages = [
     daedalusMainnet
     #daedalusFlight
   ];
-
 }

profiles/desktop-feeds.nix

@@ -1,9 +1,10 @@
 # NixOps configuration for the hosts using feed applications
-
-{ config, pkgs, lib, ... }:
-
 {
-
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   # Set the system-wide environment
   environment = {
     systemPackages = with pkgs; [
@@ -13,5 +14,4 @@
       gpodder # A podcatcher written in python
     ];
   };
-
 }

profiles/desktopCraige.nix

@@ -1,8 +1,9 @@
 # Craige's desktop requirements
-
-{ config, pkgs, ... }:
-
 {
+  config,
+  pkgs,
+  ...
+}: {
   # Craige's Desktop Packages
   imports = [
     ../profiles/ebooks.nix

profiles/desktopFiona.nix

@@ -1,8 +1,9 @@
 # Fiona's desktop requirements
-
-{ config, pkgs, ... }:
-
 {
+  config,
+  pkgs,
+  ...
+}: {
   # Fiona's Desktop Packages
   environment.systemPackages = with pkgs; [
     slack-dark # Slack desktop client

profiles/desktop_common.nix

@@ -1,8 +1,9 @@
 # Common configuration for MIO desktops
-
-{ config, pkgs, ... }:
-
 {
+  config,
+  pkgs,
+  ...
+}: {
   imports = [
     ../profiles/games-kids.nix
     ../profiles/host_common.nix
@@ -101,5 +102,4 @@
     libvirtd.members = ["craige" "fiona" "hamish" "logan" "xander"];
     networkmanager.members = ["craige" "fiona" "hamish" "logan" "xander"];
   };
-
 }

profiles/ebooks.nix

@@ -1,9 +1,9 @@
 # ebook reading requirements
-
-{ config, pkgs, ... }:
-
 {
-
+  config,
+  pkgs,
+  ...
+}: {
   environment.variables = {FOLIATE_TTS_LANG = "en-gb";};
 
   environment.systemPackages = with pkgs; [
@@ -11,5 +11,4 @@
     foliate # A simple and modern GTK eBook reader
     vlc
   ];
-
 }

profiles/emacs.nix

@@ -1,4 +1,5 @@
-/* This is a nix expression to build Emacs and some Emacs packages I like
+/*
+ This is a nix expression to build Emacs and some Emacs packages I like
  from source on any distribution where Nix is installed. This will install
  all the dependencies from the nixpkgs repository and build the binary files
  without interfering with the host distribution.
@@ -11,23 +12,24 @@
  
  $ ./result/bin/emacs
  */
-{ pkgs ? import <nixpkgs> { } }:
-
-let
+{pkgs ? import <nixpkgs> {}}: let
   myEmacs = pkgs.emacs;
   emacsWithPackages = (pkgs.emacsPackagesNgGen myEmacs).emacsWithPackages;
-in emacsWithPackages (epkgs:
+in
+  emacsWithPackages (epkgs:
     (with epkgs.melpaStablePackages; [
       magit # ; Integrate git <C-x g>
       zerodark-theme # ; Nicolas' theme
-  ]) ++ (with epkgs.melpaPackages;
-    [
+    ])
+    ++ (with epkgs.melpaPackages; [
       #undo-tree      # ; <C-x u> to show the undo tree
       #zoom-frm       # ; increase/decrease font size for all buffers %lt;C-x C-+>
-    ]) ++ (with epkgs.elpaPackages; [
+    ])
+    ++ (with epkgs.elpaPackages; [
       auctex # ; LaTeX mode
       beacon # ; highlight my cursor when scrolling
       nameless # ; hide current package name everywhere in elisp code
-    ]) ++ [
+    ])
+    ++ [
       pkgs.notmuch # From main packages set
     ])

profiles/games-kids.nix

@@ -1,13 +1,12 @@
 # Configuration for
-
-{ config, pkgs, ... }:
-
-let
+{
+  config,
+  pkgs,
+  ...
+}: let
   sources = import ../nix/sources.nix;
   unstable = import sources.nixpkgsUnstable {};
-
 in {
-
   nixpkgs.config = {
     allowUnfree = true;
     permittedInsecurePackages = ["minecraft"];
@@ -36,5 +35,4 @@ in {
     superTuxKart # A Free 3D kart racing game
     wesnoth # Battle for Wesnoth server and client
   ];
-
 }

profiles/gitea_home.nix

@@ -1,9 +1,10 @@
 # NixOps configuration for the hosts running Gitea
-
-{ config, pkgs, lib, ... }:
-
 {
-
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   services.gitea = {
     enable = true; # Enable Gitea
     appName = "taigh,mcwhirter.io: Gitea Service"; # Give the site a name
@@ -39,7 +40,8 @@
     authentication = ''
       local gitea all ident map=gitea-users
     '';
-    identMap = # Map the gitea user to postgresql
+    identMap =
+      # Map the gitea user to postgresql
       ''
         gitea-users gitea gitea
       '';
@@ -51,7 +53,8 @@
     recommendedOptimisation = true;
     recommendedProxySettings = true;
     #recommendedTlsSettings = true;
-    virtualHosts."source.taigh.mcwhirter.io" = { # Gitea hostname
+    virtualHosts."source.taigh.mcwhirter.io" = {
+      # Gitea hostname
       #enableACME = true;                                    # Use ACME certs
       #forceSSL = true;                                      # Force SSL
       locations."/".proxyPass = "http://localhost:3001/"; # Proxy Gitea
@@ -70,5 +73,4 @@
   #security.acme.certs = {
   #    "source.mcwhirter.io".email = "craige@mcwhirter.io";
   #};
-
 }

profiles/grafana.nix

@@ -1,9 +1,10 @@
 # NixOps configuration for the hosts running Prometheus on a Cardano node
-
-{ config, pkgs, lib, ... }:
-
 {
-
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   imports = [../secrets/cardano/grafana.nix];
 
   services = {
@@ -13,8 +14,7 @@
       domain = "monitoring.mcwhirter.io";
       rootUrl = "https://monitoring.mcwhirter.io/grafana";
       security = {
-        adminPasswordFile =
-          "/run/keys/grafana-apass"; # Where to find the password
+        adminPasswordFile = "/run/keys/grafana-apass"; # Where to find the password
       };
       auth = {
         anonymous = {
@@ -30,16 +30,16 @@
         #    options.path = ../monitoring/NodeSystemDashboard.json;
         #  }
         #];
-        datasources = [{
+        datasources = [
+          {
             type = "prometheus";
             name = "prometheus";
             url = "http://localhost:9090/prometheus";
-        }];
-      };
-    };
-  };
-
-  users.groups.keys.members =
-    [ "grafana" ]; # Required due to NixOps issue #1204
-
+          }
+        ];
+      };
+    };
+  };
+
+  users.groups.keys.members = ["grafana"]; # Required due to NixOps issue #1204
 }

profiles/haskell-dev.nix

@@ -1,13 +1,12 @@
 # Configuration for Haskell development
-
-{ config, pkgs, ... }:
-
 {
-
+  config,
+  pkgs,
+  ...
+}: {
   environment.systemPackages = with pkgs.haskellPackages; [
     cabal-install # Haskell software automation
     ghc # Glasgow Haskell Compiler
     hlint # Haskell source linter
   ];
-
 }

profiles/host_common.nix

@@ -1,9 +1,10 @@
 # Configuration common to all my servers
-
-{ config, pkgs, lib, ... }:
-
 {
-
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   imports = [
     ../profiles/bash.nix
     ./chrony.nix
@@ -40,8 +41,7 @@
   # Configure and install required fonts
   fonts.enableDefaultFonts = true;
   fonts.fontDir.enable = true;
-  fonts.fonts = with pkgs;
-    [
+  fonts.fonts = with pkgs; [
     powerline-fonts # Required for Powerline prompts
   ];
   fonts.fontconfig.includeUserConf = false;
@@ -74,6 +74,8 @@
     trustedUsers = ["craige"];
   };
 
+  networking = {enableIPv6 = true;};
+
   system.extraSystemBuilderCmds = ''
     ln -sv ${pkgs.path} $out/nixpkgs
   '';
@@ -87,10 +89,9 @@
       bat # cat clone with syntax highlighting & Git integration
       dnsutils # Bind DNS utilities
       fd # A simple, fast and user-friendly alternative to find
-      (if config.services.xserver.enable then
-        gitAndTools.gitFull
-      else
-        git) # Distributed version control system
+      (if config.services.xserver.enable
+      then gitAndTools.gitFull
+      else git) # Distributed version control system
       htop # interactive process viewer
       hwinfo # Hardware detection tool
       killall # kill processes by name

profiles/hydra-dev.nix

@@ -1,6 +1,4 @@
-{ pkgs }:
-
-let
+{pkgs}: let
   hydraSrc = pkgs.fetchFromGitHub {
     owner = "nixos";
     repo = "hydra";
@@ -9,7 +7,8 @@ let
     #sha256 = "1vs3lyfyafsl7wbpmycv7c3n9n2rkrswp65msb6q1iskgpvr96d5";
     sha256 = "0i7szp04c873gfmj1h0dcl5rsbzzldc160pcls8z9v6iphils34i";
   };
-in pkgs.callPackage ./hydra-fork.nix {
+in
+  pkgs.callPackage ./hydra-fork.nix {
     nixpkgsPath = pkgs.path;
     #patches = [
     #  (pkgs.fetchpatch {

profiles/hydra-fork.nix

@@ -1,6 +1,8 @@
-{ fetchFromGitHub, nixpkgsPath, src }:
-
-let
+{
+  fetchFromGitHub,
+  nixpkgsPath,
+  src,
+}: let
   hydraRelease = (import (src + "/release.nix") {
     #hydraRelease = (import src {
     nixpkgs = nixpkgsPath;
@@ -10,5 +12,5 @@ let
       revCount = 1234;
     };
   });
-
-in hydraRelease.build.x86_64-linux.overrideAttrs (drv: { })
+in
+  hydraRelease.build.x86_64-linux.overrideAttrs (drv: {})

profiles/hydra.nix

@@ -1,8 +1,10 @@
 # NixOps configuration for the VMs running Hydra
-
-{ config, pkgs, lib, ... }:
-
 {
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   #disabledModules = [ "services/continuous-integration/hydra/default.nix" ];
 
   #imports = [
@@ -25,13 +27,16 @@
       hydra-users postgres postgres
     '';
     ensureDatabases = ["hydra"]; # Ensure the database persists
-    ensureUsers = [{
+    ensureUsers = [
+      {
         name = "hydra"; # Ensure the database user persists
-      ensurePermissions = { # Ensure the database permissions persist
+        ensurePermissions = {
+          # Ensure the database permissions persist
           "DATABASE hydra" = "ALL PRIVILEGES";
           "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
         };
-    }];
+      }
+    ];
   };
 
   networking.firewall.allowedTCPPorts = [config.services.hydra.port];
@@ -88,12 +93,14 @@
     '';
   };
   nix.trustedUsers = ["hydra" "hydra-evaluator" "hydra-queue-runner"];
-  nix.buildMachines = [{
+  nix.buildMachines = [
+    {
       hostName = "localhost";
       systems = ["x86_64-linux" "i686-linux"];
       maxJobs = 4;
       # for building VirtualBox VMs as build artifacts, you might need other
       # features depending on what you are doing
       supportedFeatures = ["big-parallel" "kvm" "nixos-test"];
-  }];
+    }
+  ];
 }

profiles/iohk.nix

@@ -1,13 +1,13 @@
 # NixOps configuration for the hosts utilising IOHK resources
-
-{ config, pkgs, lib, ... }:
-
-let
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
   sources = import ../nix/sources.nix;
   nixUnstable = (import sources.nixpkgsUnstable {}).nixVersions.unstable;
-
 in {
-
   imports = [../profiles/terminal-recording.nix ../profiles/nix-direnv.nix];
 
   nix = {
@@ -69,5 +69,4 @@ in {
   };
 
   users.groups.docker.members = ["craige"];
-
 }

profiles/jormungandr-stake.nix

@@ -1,7 +1,9 @@
-{ lib, config, pkgs, ... }:
-
 {
-
+  lib,
+  config,
+  pkgs,
+  ...
+}: {
   disabledModules = ["services/networking/jormungandr.nix"];
 
   imports = let
@@ -9,9 +11,7 @@
     "https://github.com/input-output-hk/jormungandr-nix/archive/master.tar.gz";
   in [(import (jormungandrNixSrc + "/nixos"))];
 
-  environment.systemPackages = with pkgs;
-    [
+  environment.systemPackages = with pkgs; [
     jq # CLI JSON processor
   ];
-
 }

profiles/jormungandr.nix

@@ -1,11 +1,14 @@
-{ config, pkgs, ... }: {
+{
+  config,
+  pkgs,
+  ...
+}: {
   imports = [/home/craige/source/IOHK/jormungandr-nix/nixos/jormungandr.nix];
   services = {
     jormungandr = {
       enable = true;
       enableExplorer = false;
-      genesisBlockHash =
-        "11e340f9c20a4bcdc19103d9794413be81c9a713374997b574e9f9d66419a2b2";
+      genesisBlockHash = "11e340f9c20a4bcdc19103d9794413be81c9a713374997b574e9f9d66419a2b2";
       trustedPeersAddresses = [
         "/ip4/3.123.177.192/tcp/3000"
         "/ip4/52.57.157.167/tcp/3000"

profiles/keyboard.nix

@@ -1,9 +1,9 @@
 # NixOps configuration for Moonlander mechanical keyboard
-
-{ config, pkgs, ... }:
-
 {
-
+  config,
+  pkgs,
+  ...
+}: {
   services.udev.extraRules = ''
     # STM32 rules for the Moonlander and Planck EZ
     SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", \
@@ -17,10 +17,8 @@
   '';
 
   environment = {
-    systemPackages = with pkgs;
-      [
+    systemPackages = with pkgs; [
       wally-cli # Flash firmware to mechanical keyboard
     ];
   };
-
 }

profiles/kids-dev.nix

@@ -1,12 +1,10 @@
 # Configuration for Haskell development
-
-{ config, pkgs, ... }:
-
 {
-
-  environment.systemPackages = with pkgs;
-    [
+  config,
+  pkgs,
+  ...
+}: {
+  environment.systemPackages = with pkgs; [
     kate # Multi-document editor with syntax highlighting
   ];
-
 }

profiles/logrotate.nix

@@ -1,11 +1,6 @@
 # logrotate configuration for NixOS / NixOps
-
-{ config, ... }:
-
-{
-
+{config, ...}: {
   services.logrotate = {
     enable = true; # Enable the logrotate service
   };
-
 }

profiles/matrix.nix

@@ -1,9 +1,10 @@
 # NixOps configuration for the hosts running a Matrix server (synapse)
-
-{ config, pkgs, lib, ... }:
-
 {
-
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   imports = [../secrets/matrix.nix];
 
   i18n = {
@@ -14,14 +15,14 @@
   };
 
   services = {
-
     matrix-synapse = {
       enable = true; # Enable the synapse server
       server_name = "mcwhirter.io"; # Server's public domain name
       public_baseurl = "https://synapse.mcwhirter.io:443/"; # Matrix target URL
       enable_registration = true; # Toggle user registration
       listeners = [
-        { # federation
+        {
+          # federation
           bind_address = "";
           port = 8448;
           resources = [
@@ -38,7 +39,8 @@
           type = "http";
           x_forwarded = false;
         }
-        { # client
+        {
+          # client
           bind_address = "::1"; # Listen on localhost only
           port = 8008; # Port to listen on
           resources = [
@@ -59,8 +61,7 @@
       max_upload_size = "200M"; # Also set client_max_body_size to at least this
       tls_certificate_path = "/var/lib/acme/mcwhirter.io/fullchain.pem";
       tls_private_key_path = "/var/lib/acme/mcwhirter.io/key.pem";
-      turn_shared_secret =
-        "IZI43ylg6aJdMwy5MyhUPqT8SJD4C3P1vDcIFMzqGvTXJiCjAEvnPcDCBZfig5Q6";
+      turn_shared_secret = "IZI43ylg6aJdMwy5MyhUPqT8SJD4C3P1vDcIFMzqGvTXJiCjAEvnPcDCBZfig5Q6";
       turn_uris = [
         "turn:turn.mcwhirter.io:5349?transport=udp"
         "turn:turn.mcwhirter.io:5350?transport=udp"
@@ -121,14 +122,18 @@
 
     postgresql = {
       enable = true;
+      package = pkgs.postgresql_10;
       ensureDatabases = ["matrix-synapse"]; # Ensure the database persists
-      ensureUsers = [{
+      ensureUsers = [
+        {
           name = "matrix-synapse"; # Ensure the database user persists
-        ensurePermissions = { # Ensure the database permissions persist
+          ensurePermissions = {
+            # Ensure the database permissions persist
             "DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES";
             "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
           };
-      }];
+        }
+      ];
       # Initial database creation
       initialScript = pkgs.writeText "synapse-init.sql" ''
         CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
@@ -149,8 +154,7 @@
       };
       "synapse.mcwhirter.io" = {
         group = "matrix-synapse";
-        postRun =
-          "systemctl reload nginx.service; systemctl restart matrix-synapse.service";
+        postRun = "systemctl reload nginx.service; systemctl restart matrix-synapse.service";
         email = "acme@mcwhirter.io";
       };
     };
@@ -164,7 +168,5 @@
     ];
   };
 
-  users.groups.matrix-synapse.members =
-    [ "nginx" ]; # Added for keys permissions
-
+  users.groups.matrix-synapse.members = ["nginx"]; # Added for keys permissions
 }

profiles/mcwhirter.io.nix

@@ -1,14 +1,13 @@
 # NixOps configuration for deploying the mcwhirter.io website
-
-{ config, pkgs, ... }:
-
-let
+{
+  config,
+  pkgs,
+  ...
+}: let
   sources = import ../nix/sources.nix;
   mcwhirter-io = import sources.mcwhirter-io {};
   webdomain = "mcwhirter.io";
-
 in {
-
   environment.sessionVariables = {
     LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
   };
@@ -20,14 +19,15 @@ in {
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
     virtualHosts = {
-      "${webdomain}" = { # website hostname
+      "${webdomain}" = {
+        # website hostname
         enableACME = true; # Use ACME certs
         forceSSL = true; # Force SSL
         root = "${mcwhirter-io}"; # Wesbite root
       };
-      "www.${webdomain}" = { # Respect our elders :-)
-        locations."/".extraConfig =
-          "return 301 $scheme://${webdomain}$request_uri;";
+      "www.${webdomain}" = {
+        # Respect our elders :-)
+        locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;";
       };
     };
   };
@@ -43,5 +43,4 @@ in {
   };
 
   networking.firewall.allowedTCPPorts = [80 443];
-
 }

profiles/minecraftServer.nix

@@ -1,9 +1,9 @@
 # Minecraft server configuration for NixOS / NixOps
-
-{ config, pkgs, ... }:
-
 {
-
+  config,
+  pkgs,
+  ...
+}: {
   imports = [../secrets/minecraftServer.nix];
 
   nixpkgs = {config = {allowUnfree = true;};};
@@ -22,8 +22,7 @@
     };
   };
 
-  environment.systemPackages = with pkgs;
-    [
+  environment.systemPackages = with pkgs; [
     mcron # Minecraft console client
   ];
 }

profiles/monitoring.nix

@@ -1,9 +1,10 @@
 # NixOps configuration for the monitoring host
-
-{ config, pkgs, lib, ... }:
-
 {
-
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   imports = [./grafana.nix ./prometheus.nix];
 
   services = {
@@ -13,7 +14,8 @@
       recommendedOptimisation = true;
       recommendedProxySettings = true;
       recommendedTlsSettings = true;
-      virtualHosts."monitoring.mcwhirter.io" = { # Monitoring hostname
+      virtualHosts."monitoring.mcwhirter.io" = {
+        # Monitoring hostname
         enableACME = true; # Use ACME certs
         forceSSL = true; # Force SSL
         locations = {
@@ -28,12 +30,10 @@
         };
       };
     };
-
   };
 
   security.acme = {
     acceptTerms = true;
     certs = {"monitoring.mcwhirter.io".email = "craige@mcwhirter.io";};
   };
-
 }

profiles/neomutt.nix

@@ -1,9 +1,9 @@
 # Configuration for my neomutt email requirements
-
-{ config, pkgs, ... }:
-
 {
-
+  config,
+  pkgs,
+  ...
+}: {
   # Install other packages that I require to be used with neomutt.
   environment.systemPackages = with pkgs; [
     isync # My mail fetcher
@@ -23,5 +23,4 @@
       "*/5 * * * *     craige  /run/current-system/sw/bin/mbsync -q IOHK >> /home/craige/.mailsync-IOHK.log 2>&1"
     ];
   };
-
 }

profiles/nextcloud.nix

@@ -1,28 +1,27 @@
 # NixOps configuration for the hosts running Nextcloud
-
-{ config, pkgs, lib, ... }:
-
 {
-
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   imports = [../secrets/nextcloud.nix];
 
   services.nextcloud = {
     enable = true; # Enable Nextcloud
     hostName = "cloud.mcwhirter.io"; # FQDN for the Nextcloud instance
     https = true; # Use HTTPS for links
-    config = { # Configure Nextcloud
+    config = {
+      # Configure Nextcloud
       dbtype = "pgsql"; # Set the database type
       dbname = "nextcloud"; # Set the database name
       dbhost = "/run/postgresql"; # Set the database connection
       dbuser = "nextcloud"; # Set the database user
-      dbpassFile =
-        "/run/keys/nextcloud-dbpass"; # Where to find the database password
-      adminpassFile =
-        "/run/keys/nextcloud-admin"; # Where to find the admin password
+      dbpassFile = "/run/keys/nextcloud-dbpass"; # Where to find the database password
+      adminpassFile = "/run/keys/nextcloud-admin"; # Where to find the admin password
       adminuser = "root"; # Set the admin user name
       overwriteProtocol = "https"; # Force Nextcloud to always use HTTPS
-      defaultPhoneRegion =
-        "AU"; # Country code for automatic phone-number detection
+      defaultPhoneRegion = "AU"; # Country code for automatic phone-number detection
     };
     autoUpdateApps = {
       enable = true; # Run regular auto update of all apps installed
@@ -34,13 +33,16 @@
   services.postgresql = {
     enable = true; # Ensure postgresql is enabled
     ensureDatabases = ["nextcloud"]; # Ensure the database persists
-    ensureUsers = [{
+    ensureUsers = [
+      {
         name = "nextcloud"; # Ensure the database user persists
-      ensurePermissions = { # Ensure the database permissions persist
+        ensurePermissions = {
+          # Ensure the database permissions persist
           "DATABASE nextcloud" = "ALL PRIVILEGES";
           "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
         };
-    }];
+      }
+    ];
   };
 
   services.nginx = {
@@ -49,16 +51,19 @@
     recommendedOptimisation = true;
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
-    virtualHosts."cloud.mcwhirter.io" = { # Nextcloud hostname
+    virtualHosts."cloud.mcwhirter.io" = {
+      # Nextcloud hostname
       enableACME = true; # Use ACME certs
       forceSSL = true; # Force SSL
     };
-    virtualHosts."owncloud.mcwhirter.io" = { # Hostname to be redirected
+    virtualHosts."owncloud.mcwhirter.io" = {
+      # Hostname to be redirected
       globalRedirect = "cloud.mcwhirter.io"; # Redirect permanently to the host
     };
   };
 
-  systemd.services."nextcloud-setup" = { # Ensure PostgreSQL is running first
+  systemd.services."nextcloud-setup" = {
+    # Ensure PostgreSQL is running first
     requires = ["postgresql.service"];
     after = ["postgresql.service"];
   };
@@ -68,11 +73,8 @@
     certs = {"cloud.mcwhirter.io" = {email = "craige@mcwhirter.io";};};
   };
 
-  users.groups.keys.members =
-    [ "nextcloud" ]; # Required due to NixOps issue #1204
+  users.groups.keys.members = ["nextcloud"]; # Required due to NixOps issue #1204
   users.groups.nextcloud.members = ["nextcloud"]; # Added for keys permissions
 
-  networking.firewall.allowedTCPPorts =
-    [ 80 443 ]; # Open the required firewall ports
-
+  networking.firewall.allowedTCPPorts = [80 443]; # Open the required firewall ports
 }

profiles/nix-community.nix

@@ -1,16 +1,17 @@
 # Use the Nix community aarch64 server as a build server
 # https://github.com/nix-community/aarch64-build-box
-
 {
   nix = {
     distributedBuilds = true;
-    buildMachines = [{
+    buildMachines = [
+      {
         hostName = "aarch64.nixos.community";
         maxJobs = 64;
         sshKey = "/root/.ssh/id_nixops_ed25519";
         sshUser = "craige";
         system = "aarch64-linux";
         supportedFeatures = ["big-parallel"];
-    }];
+      }
+    ];
   };
 }

profiles/nix-direnv.nix

@@ -1,9 +1,10 @@
 # NixOps configuration nix-direnv
-
-{ config, pkgs, lib, ... }:
-
 {
-
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   nix = {
     extraOptions = ''
       keep-outputs = true
@@ -25,5 +26,4 @@
       nix-direnv = super.nix-direnv.override {enableFlakes = true;};
     })
   ];
-
 }

profiles/nix-mio-ops.nix

@@ -1,15 +1,16 @@
 # Use the mio-ops build servers
-
 {
   nix = {
     distributedBuilds = true;
-    buildMachines = [{
+    buildMachines = [
+      {
         hostName = "cuallaidh.mcwhirter.io";
         maxJobs = 64;
         sshKey = "/root/.ssh/id_nixops_ed25519";
         sshUser = "craige";
         system = "x86_64-linux";
         supportedFeatures = ["big-parallel"];
-    }];
+      }
+    ];
   };
 }

profiles/nixpkgs-dev.nix

@@ -1,14 +1,15 @@
 # NixOps configuration for the hosts I'm doing nixpkgs dev work on
-
-{ config, pkgs, lib, ... }:
-
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 #let
 #  sources = import ../nix/sources.nix;
 #  unstable = import sources.nixpkgsUnstable {};
 #in
-
 {
-
   nixpkgs = {config = {allowUnfree = true;};};
 
   environment = {
@@ -27,5 +28,4 @@
       #unstable.statix          # Lints and suggestions for the nix programming language
     ];
   };
-
 }

profiles/openssh.nix

@@ -1,19 +1,21 @@
 # SSH service configuration common to all hosts
-
-{ config, pkgs, lib, ... }:
-
 {
-
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   services.openssh = {
     enable = true; # Enable the OpenSSH daemon.
     permitRootLogin = "prohibit-password";
     challengeResponseAuthentication = false;
     passwordAuthentication = false;
     openFirewall = true;
-    hostKeys = [{
+    hostKeys = [
+      {
         path = "/etc/ssh/ssh_host_ed25519_key";
         type = "ed25519";
-    }];
-  };
-
+      }
+    ];
+  };
 }

profiles/pi_common.nix

@@ -1,14 +1,14 @@
 # Configuration common to all my servers
-
-{ config, pkgs, lib, ... }:
-
 {
-
-  environment = { # Set the system-wide environment
-    systemPackages = with pkgs;
-      [
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  environment = {
+    # Set the system-wide environment
+    systemPackages = with pkgs; [
       usbutils # Tools for working with USB devices, such as lsusb
     ];
   };
-
 }

profiles/picom.nix

@@ -1,9 +1,5 @@
 # Configuration for the Picom Compositor
-
-{ config, ... }:
-
-{
-
+{config, ...}: {
   services = {
     picom = {
       enable = true;

profiles/powerManagement.nix

@@ -1,9 +1,10 @@
 # Power management configuration for the laptops
-
-{ config, pkgs, lib, ... }:
-
 {
-
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   powerManagement = {
     enable = true;
     cpuFreqGovernor = lib.mkDefault "performance";

profiles/prometheus.nix

@@ -1,9 +1,10 @@
 # NixOps configuration for the hosts running Prometheus on a Cardano node
-
-{ config, pkgs, lib, ... }:
-
 {
-
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   services = {
     prometheus = {
       enable = true;
@@ -52,7 +53,8 @@
       #} ];
       rules = [
         (builtins.toJSON {
-          groups = [{
+          groups = [
+            {
               name = "system";
               rules = [
                 {
@@ -62,8 +64,7 @@
                   labels = {severity = "page";};
                   annotations = {
                     summary = "{{$labels.alias}}: Node is down.";
-                  description =
-                    "{{$labels.alias}} has been down for more than 5 minutes.";
+                    description = "{{$labels.alias}} has been down for more than 5 minutes.";
                   };
                 }
                 {
@@ -72,10 +73,8 @@
                   for = "4m";
                   labels = {severity = "page";};
                   annotations = {
-                  summary =
-                    "{{$labels.alias}}: Service {{$labels.name}} failed to start.";
-                  description =
-                    "{{$labels.alias}} failed to (re)start service {{$labels.name}}.";
+                    summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.";
+                    description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}.";
                   };
                 }
                 {
@@ -85,10 +84,8 @@
                   for = "5m";
                   labels = {severity = "page";};
                   annotations = {
-                  summary =
-                    "{{$labels.alias}}: Filesystem is running out of space soon.";
-                  description =
-                    "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem.";
+                    summary = "{{$labels.alias}}: Filesystem is running out of space soon.";
+                    description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem.";
                   };
                 }
                 {
@@ -98,23 +95,18 @@
                   for = "5m";
                   labels = {severity = "page";};
                   annotations = {
-                  summary =
-                    "{{$labels.alias}}: Filesystem is running out of space in 4 hours.";
-                  description =
-                    "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours";
+                    summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours.";
+                    description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours";
                   };
                 }
                 {
                   alert = "node_filedescriptors_full_in_3h";
-                expr =
-                  "predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum";
+                  expr = "predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum";
                   for = "20m";
                   labels = {severity = "page";};
                   annotations = {
-                  summary =
-                    "{{$labels.alias}} is running out of available file descriptors in 3 hours.";
-                  description =
-                    "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours";
+                    summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours.";
+                    description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours";
                   };
                 }
                 {
@@ -125,8 +117,7 @@
                   labels = {severity = "page";};
                   annotations = {
                     summary = "{{$labels.alias}}: Running on high load.";
-                  description =
-                    "{{$labels.alias}} is running with > 90% total load for at least 1h.";
+                    description = "{{$labels.alias}} is running with > 90% total load for at least 1h.";
                   };
                 }
                 {
@@ -137,78 +128,76 @@
                   labels = {severity = "page";};
                   annotations = {
                     summary = "{{$labels.alias}}: High CPU utilization.";
-                  description =
-                    "{{$labels.alias}} has total CPU utilization over 90% for at least 1h.";
+                    description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h.";
                   };
                 }
                 {
                   alert = "node_ram_using_99percent";
-                expr =
-                  "node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.01";
+                  expr = "node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.01";
                   for = "30m";
                   labels = {severity = "page";};
                   annotations = {
                     summary = "{{$labels.alias}}: Using lots of RAM.";
-                  description =
-                    "{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.";
+                    description = "{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.";
                   };
                 }
                 {
                   alert = "node_swap_using_80percent";
-                expr =
-                  "node_memory_SwapTotal_bytes - (node_memory_SwapFree_bytes + node_memory_SwapCached_bytes) > node_memory_SwapTotal_bytes * 0.8";
+                  expr = "node_memory_SwapTotal_bytes - (node_memory_SwapFree_bytes + node_memory_SwapCached_bytes) > node_memory_SwapTotal_bytes * 0.8";
                   for = "10m";
                   labels = {severity = "page";};
                   annotations = {
                     summary = "{{$labels.alias}}: Running out of swap soon.";
-                  description =
-                    "{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now.";
+                    description = "{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now.";
                   };
                 }
                 {
                   alert = "node_time_unsync";
-                expr =
-                  "abs(node_timex_offset_seconds) > 0.050 or node_timex_sync_status != 1";
+                  expr = "abs(node_timex_offset_seconds) > 0.050 or node_timex_sync_status != 1";
                   for = "1m";
                   labels = {severity = "page";};
                   annotations = {
                     summary = "{{$labels.alias}}: Clock out of sync with NTP";
-                  description =
-                    "{{$labels.alias}} Local clock offset is too large or out of sync with NTP";
+                    description = "{{$labels.alias}} Local clock offset is too large or out of sync with NTP";
                   };
                 }
               ];
-          }];
+            }
+          ];
         })
       ];
       scrapeConfigs = [
         {
           job_name = "prometheus";
           scrape_interval = "5s";
-          static_configs = [{
+          static_configs = [
+            {
               targets = ["localhost:9090"];
               labels = {alias = "prometheus";};
-          }];
+            }
+          ];
         }
         {
           job_name = "cardano-node";
           scrape_interval = "10s";
-          static_configs = [{
+          static_configs = [
+            {
               targets = ["127.0.0.1:12798"];
               labels = {alias = "airgead";};
-          }];
+            }
+          ];
         }
         {
           job_name = "node";
           scrape_interval = "10s";
-          static_configs = [{
+          static_configs = [
+            {
               targets = ["airgead.mcwhirter.io:9100"];
               labels = {alias = "airgead.mcwhirter.io";};
-          }];
+            }
+          ];
         }
       ];
     };
-
   };
-
 }

profiles/qemu.nix

@@ -1,31 +1,27 @@
 # Based up original work by cleverca22
 # https://github.com/cleverca22/nixos-configs/blob/master/qemu.nix
-
-{ config, pkgs, lib, ... }:
-
-with lib;
-let
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+with lib; let
   cfg = config.qemu-user;
   arm = {
     interpreter = "${pkgs.qemu-user-arm}/bin/qemu-arm";
-    magicOrExtension =
-      "\\x7fELF\\x01\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x28\\x00";
-    mask =
-      "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
+    magicOrExtension = "\\x7fELF\\x01\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x28\\x00";
+    mask = "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
   };
   aarch64 = {
     interpreter = "${pkgs.qemu-user-arm64}/bin/qemu-aarch64";
-    magicOrExtension =
-      "\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xb7\\x00";
-    mask =
-      "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
+    magicOrExtension = "\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xb7\\x00";
+    mask = "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
   };
   riscv64 = {
     interpreter = "${pkgs.qemu-riscv64}/bin/qemu-riscv64";
-    magicOrExtension =
-      "\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xf3\\x00";
-    mask =
-      "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
+    magicOrExtension = "\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xf3\\x00";
+    mask = "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff";
   };
 in {
   options = {
@@ -42,7 +38,8 @@ in {
   };
   config = mkIf (cfg.arm || cfg.aarch64) {
     nixpkgs = {overlays = [(import ../overlays/qemu)];};
-    boot.binfmt.registrations = optionalAttrs cfg.arm { inherit arm; }
+    boot.binfmt.registrations =
+      optionalAttrs cfg.arm {inherit arm;}
       // optionalAttrs cfg.aarch64 {inherit aarch64;}
       // optionalAttrs cfg.riscv64 {inherit riscv64;};
     nix.supportedPlatforms =
@@ -51,7 +48,8 @@ in {
     nix.extraOptions = ''
       extra-platforms = ${toString config.nix.supportedPlatforms} i686-linux
     '';
-    nix.sandboxPaths = [ "/run/binfmt" ]
+    nix.sandboxPaths =
+      ["/run/binfmt"]
       ++ (optional cfg.arm "${pkgs.qemu-user-arm}")
       ++ (optional cfg.aarch64 "${pkgs.qemu-user-arm64}");
   };

profiles/retro-gaming.nix

@@ -1,13 +1,13 @@
 # Configuration for
-
-{ config, pkgs, ... }:
-
 {
+  config,
+  pkgs,
+  ...
+}: {
   # Retro Gaming Packages
   environment.systemPackages = with pkgs; [
     emulationstation
     libretro.stella
     retroarch
   ];
-
 }

profiles/server_common.nix

@@ -1,9 +1,10 @@
 # Configuration common to all my servers
-
-{ config, pkgs, lib, ... }:
-
 {
-
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   imports = [
     ../profiles/openssh.nix
     ../secrets/user-craige.nix
@@ -17,5 +18,4 @@
 
   # avoid CVE-2021-4034 (PwnKit)
   security.polkit.enable = false;
-
 }

profiles/spotify.nix

@@ -1,18 +1,16 @@
 # Spotify service configuration
-
-{ config, pkgs, lib, ... }:
-
 {
-
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
   services.spotifyd = {
     enable = false; # Enable the Spotify daemon.
-    config =
-      "\n      username = ${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty -d ~/.spotify/userName.gpg\n      password_cmd = ${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty -d ~/.spotify/passwd.gpg\n    ";
+    config = "\n      username = ${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty -d ~/.spotify/userName.gpg\n      password_cmd = ${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty -d ~/.spotify/passwd.gpg\n    ";
   };
 
-  environment.systemPackages = with pkgs;
-    [
+  environment.systemPackages = with pkgs; [
     ncspot # ncurses Spotify client
   ];
-
 }