style: format with nixfmt-rfc-style

config/acme.nix

@@ -1,9 +1,10 @@
-{config, ...}: {
+{ config, ... }:
+{
   security.acme = {
     acceptTerms = true;
     defaults.email = "hey@winston.sh";
     certs."winston.sh" = {
-      extraDomainNames = ["*.winston.sh"];
+      extraDomainNames = [ "*.winston.sh" ];
       dnsProvider = "porkbun";
       credentialsFile = config.age.secrets."lego/porkbun-credentials".path;
     };

config/default.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   imports = [
     ./games
     ./secrets
@@ -9,6 +10,6 @@
     ./users.nix
   ];
 
-  environment.systemPackages = with pkgs; [wezterm.terminfo];
+  environment.systemPackages = with pkgs; [ wezterm.terminfo ];
   programs.git.enable = true;
 }

config/games/valheim.nix

@@ -1,5 +1,7 @@
-{lib, ...}: {
+{ lib, ... }:
-  nixpkgs.config.allowUnfreePredicate = pkg:
+{
+  nixpkgs.config.allowUnfreePredicate =
+    pkg:
     builtins.elem (lib.getName pkg) [
       "valheim-server"
       "steamworks-sdk-redist"

config/network.nix

@@ -8,7 +8,7 @@
     };
     openssh = {
       enable = true;
-      ports = [22];
+      ports = [ 22 ];
       settings = {
         KexAlgorithms = [
           "curve25519-sha256"

config/nix.nix

@@ -1,12 +1,16 @@
 {
   nix = {
     gc.automatic = true;
-    settings =
+    settings = (import ../flake.nix).nixConfig // {
-      (import ../flake.nix).nixConfig
+      auto-optimise-store = true;
-      // {
+      experimental-features = [
-        auto-optimise-store = true;
+        "nix-command"
-        experimental-features = ["nix-command" "flakes"];
+        "flakes"
-        trusted-users = ["@wheel" "winston"];
+      ];
-      };
+      trusted-users = [
+        "@wheel"
+        "winston"
+      ];
+    };
   };
 }

config/secrets/default.nix

@@ -1,7 +1,13 @@
-{lib, ...}: {
+{ lib, ... }:
-  age.secrets = with builtins;
+{
-    listToAttrs (map (k: {
+  age.secrets =
-      name = lib.removeSuffix ".age" k;
+    with builtins;
-      value = {file = ./. + "/${k}";};
+    listToAttrs (
-    }) (attrNames (import ./secrets.nix)));
+      map (k: {
+        name = lib.removeSuffix ".age" k;
+        value = {
+          file = ./. + "/${k}";
+        };
+      }) (attrNames (import ./secrets.nix))
+    );
 }

config/secrets/secrets.nix

@@ -2,8 +2,12 @@ let
   users.winston = "age1yubikey1qfkn095xth4ukxjye98ew4ul6xdkyz7sek0hd67yfjs5z6tv7q9jgnfchls";
   systems.main-node = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFcY5fuyxK8rs3eocLuLnvSPDL6qcvq7oUdYrE+wLj0y";
 
-  default = [users.winston systems.main-node];
+  default = [
-in {
+    users.winston
+    systems.main-node
+  ];
+in
+{
   "containers/faerber.env.age".publicKeys = default;
   "containers/ghcr-token.age".publicKeys = default;
 

config/services/attic.nix

@@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
   services.atticd = {
     enable = true;
     credentialsFile = config.age.secrets."services/attic/atticd.env".path;

config/services/atuin.nix

@@ -1,8 +1,5 @@
+{ config, pkgs, ... }:
 {
-  config,
-  pkgs,
-  ...
-}: {
   services.atuin = {
     enable = true;
     package = pkgs.unstable.atuin;

config/services/containers.nix

@@ -1 +1 @@
-{}
+{ }

config/services/forgejo.nix

@@ -3,14 +3,17 @@
   inputs,
   pkgs,
   ...
-}: let
+}:
-  modules = ["services/misc/forgejo.nix" "services/continuous-integration/gitea-actions-runner.nix"];
+let
-in {
+  modules = [
+    "services/misc/forgejo.nix"
+    "services/continuous-integration/gitea-actions-runner.nix"
+  ];
+in
+{
   # swap out stable for unstable modules
   disabledModules = modules;
-  imports =
+  imports = builtins.map (v: "${inputs.nixpkgs-unstable}/nixos/modules/${v}") modules;
-    builtins.map (v: "${inputs.nixpkgs-unstable}/nixos/modules/${v}")
-    modules;
 
   age.secrets = {
     "services/forgejo/minio-secretkey".owner = config.services.forgejo.user;
@@ -18,7 +21,7 @@ in {
   };
 
   # forgejo ssh
-  networking.firewall.allowedTCPPorts = [22];
+  networking.firewall.allowedTCPPorts = [ 22 ];
 
   # indexer
   services.elasticsearch.enable = true;
@@ -44,16 +47,19 @@ in {
     settings = {
       DEFAULT.APP_NAME = "winston's forgejo";
 
-      indexer = with config.services.elasticsearch; let
+      indexer =
-        indexer = "elasticsearch";
+        with config.services.elasticsearch;
-        conn = "http://${listenAddress}:${toString port}";
+        let
-      in {
+          indexer = "elasticsearch";
-        REPO_INDEXER_ENABLED = true;
+          conn = "http://${listenAddress}:${toString port}";
-        REPO_INDEXER_CONN_STR = conn;
+        in
-        REPO_INDEXER_TYPE = indexer;
+        {
-        ISSUE_INDEXER_CONN_STR = conn;
+          REPO_INDEXER_ENABLED = true;
-        ISSUE_INDEXER_TYPE = indexer;
+          REPO_INDEXER_CONN_STR = conn;
-      };
+          REPO_INDEXER_TYPE = indexer;
+          ISSUE_INDEXER_CONN_STR = conn;
+          ISSUE_INDEXER_TYPE = indexer;
+        };
 
       metrics = {
         ENABLED = true;
@@ -121,7 +127,7 @@ in {
       name = "main";
       url = config.services.forgejo.settings.server.ROOT_URL;
       tokenFile = config.age.secrets."services/forgejo/runner-token".path;
-      labels = ["ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"];
+      labels = [ "ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest" ];
       settings.container = {
         network = "host";
         options = "--add-host=forgejo.winston.sh:host-gateway";

config/services/freshrss.nix

@@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
   services.freshrss = rec {
     enable = true;
 

config/services/geoipupdate.nix

@@ -1,10 +1,15 @@
-{config, ...}: {
+{ config, ... }:
+{
   services.geoipupdate = {
     enable = true;
     settings = {
       AccountID = 1062126;
       LicenseKey = config.age.secrets."services/geoipupdate/license".path;
-      EditionIDs = ["GeoLite2-ASN" "GeoLite2-City" "GeoLite2-Country"];
+      EditionIDs = [
+        "GeoLite2-ASN"
+        "GeoLite2-City"
+        "GeoLite2-Country"
+      ];
     };
   };
 }

config/services/minio.nix

@@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
   services.minio = {
     enable = true;
     browser = true;

config/services/monitoring.nix

@@ -3,7 +3,8 @@
   lib,
   pkgs,
   ...
-}: let
+}:
+let
   geoipDir = config.services.geoipupdate.settings.DatabaseDirectory;
 
   log_params = [
@@ -25,7 +26,8 @@
   ];
   log_format = lib.concatStringsSep " " (map (p: "${p}=\"\$${p}\"") log_params);
   log_file = "/var/log/nginx/access.log";
-in {
+in
+{
   services.grafana = {
     enable = true;
     settings = {
@@ -50,7 +52,7 @@ in {
   };
 
   services.nginx = {
-    additionalModules = [pkgs.nginxModules.geoip2];
+    additionalModules = [ pkgs.nginxModules.geoip2 ];
     commonHttpConfig =
       # nginx
       ''
@@ -82,10 +84,12 @@ in {
 
     globalConfig.scrape_interval = "10s";
     scrapeConfigs =
-      (builtins.map (config: {
+      (builtins.map
+        (config: {
           inherit (config) job_name;
-          static_configs = [{targets = ["localhost:${toString config.port}"];}];
+          static_configs = [ { targets = [ "localhost:${toString config.port}" ]; } ];
-        }) [
+        })
+        [
           {
             job_name = "fail2ban";
             port = 9191;
@@ -106,17 +110,20 @@ in {
             job_name = "postgres";
             port = config.services.prometheus.exporters.postgres.port;
           }
-        ])
+        ]
+      )
       ++ [
         {
           job_name = "minio";
           bearer_token_file = config.age.secrets."services/prometheus/minio-bearer-token".path;
           metrics_path = "/minio/v2/metrics/cluster";
-          static_configs = [{targets = [config.services.minio.listenAddress];}];
+          static_configs = [ { targets = [ config.services.minio.listenAddress ]; } ];
         }
         {
           job_name = "forgejo";
-          static_configs = with config.services.forgejo.settings.server; [{targets = ["${HTTP_ADDR}:${toString HTTP_PORT}"];}];
+          static_configs = with config.services.forgejo.settings.server; [
+            { targets = [ "${HTTP_ADDR}:${toString HTTP_PORT}" ]; }
+          ];
         }
       ];
 
@@ -159,14 +166,30 @@ in {
               }
             ];
 
-            source.files = [log_file];
+            source.files = [ log_file ];
           }
         ];
       };
       node = {
         enable = true;
-        enabledCollectors = ["logind" "processes" "systemd"];
+        enabledCollectors = [
-        disabledCollectors = ["bonding" "fibrechannel" "infiniband" "ipvs" "mdadm" "nfs" "nfsd" "nvme" "tapestats" "watchdog" "zfs"];
+          "logind"
+          "processes"
+          "systemd"
+        ];
+        disabledCollectors = [
+          "bonding"
+          "fibrechannel"
+          "infiniband"
+          "ipvs"
+          "mdadm"
+          "nfs"
+          "nfsd"
+          "nvme"
+          "tapestats"
+          "watchdog"
+          "zfs"
+        ];
       };
       postgres = {
         enable = true;
@@ -177,11 +200,11 @@ in {
   };
 
   systemd.services.prometheus-fail2ban-exporter = {
-    wantedBy = ["multi-user.target"];
+    wantedBy = [ "multi-user.target" ];
-    after = ["network.target"];
+    after = [ "network.target" ];
-    requires = ["network-online.target"];
+    requires = [ "network-online.target" ];
     serviceConfig = {
-      ExecStart = [(lib.getExe pkgs.prometheus-fail2ban-exporter)];
+      ExecStart = [ (lib.getExe pkgs.prometheus-fail2ban-exporter) ];
       Restart = "on-failure";
       NoNewPrivileges = true;
       User = "root";

config/services/nextcloud.nix

@@ -1,8 +1,5 @@
+{ config, pkgs, ... }:
 {
-  config,
-  pkgs,
-  ...
-}: {
   age.secrets = {
     "services/nextcloud/admin-password".owner = "nextcloud";
     "services/nextcloud/s3-secret".owner = "nextcloud";
@@ -20,8 +17,7 @@
     };
 
     extraApps = {
-      inherit
+      inherit (config.services.nextcloud.package.packages.apps)
-        (config.services.nextcloud.package.packages.apps)
         end_to_end_encryption
         previewgenerator
         twofactor_webauthn

config/services/nginx.nix

@@ -1,13 +1,11 @@
-{
+{ config, pkgs, ... }:
-  config,
+let
-  pkgs,
+  snakeoilCert = pkgs.runCommand "nginx-snakeoil-cert" { buildInputs = [ pkgs.openssl ]; } ''
-  ...
-}: let
-  snakeoilCert = pkgs.runCommand "nginx-snakeoil-cert" {buildInputs = [pkgs.openssl];} ''
     mkdir "$out"
     openssl req -newkey rsa:4096 -x509 -sha256 -days 36500 -subj '/CN=Snakeoil CA' -nodes -out "$out/cert.pem" -keyout "$out/cert.key"
   '';
-in {
+in
+{
   services.nginx = {
     enable = true;
     package = pkgs.nginxMainline;
@@ -44,11 +42,14 @@ in {
 
   security.dhparams = {
     enable = true;
-    params.nginx = {};
+    params.nginx = { };
   };
 
-  networking.firewall.allowedTCPPorts = [80 443];
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
 
   # allow nginx to access Acme secrets
-  users.users.nginx.extraGroups = ["acme"];
+  users.users.nginx.extraGroups = [ "acme" ];
 }

config/services/postgres.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   services.postgresql = {
     enable = true;
     package = pkgs.postgresql_14;

config/services/renovate.nix

@@ -3,8 +3,9 @@
   inputs,
   pkgs,
   ...
-}: {
+}:
-  imports = ["${inputs.nixpkgs-unstable}/nixos/modules/services/misc/renovate.nix"];
+{
+  imports = [ "${inputs.nixpkgs-unstable}/nixos/modules/services/misc/renovate.nix" ];
 
   services.renovate = {
     enable = true;
@@ -23,7 +24,7 @@
       platform = "gitea";
       gitAuthor = "renovate[bot] <renovate@winston.sh>";
       autodiscover = true;
-      autodiscoverTopics = ["managed-by-renovate"];
+      autodiscoverTopics = [ "managed-by-renovate" ];
 
       # performance
       cachePrivatePackages = true;

config/services/wakapi.nix

@@ -1,8 +1,5 @@
+{ config, pkgs, ... }:
 {
-  config,
-  pkgs,
-  ...
-}: {
   services.wakapi = {
     enable = true;
     package = pkgs.unstable.wakapi;
@@ -30,7 +27,7 @@
   # for agenix owner permissions
   age.secrets."services/wakapi/password-salt.env".owner = "wakapi";
   users = {
-    groups.wakapi = {};
+    groups.wakapi = { };
     users.wakapi = {
       isSystemUser = true;
       group = "wakapi";

config/users.nix

@@ -3,29 +3,35 @@
   lib,
   pkgs,
   ...
-}: let
+}:
+let
   nu_scripts = "${pkgs.nu_scripts}/share/nu_scripts";
-  mkCompletions = completions:
+  mkCompletions =
+    completions:
     lib.concatStringsSep "\n" (
       builtins.map (
         el: "source ${nu_scripts}/custom-completions/${el.name or el}/${el.filename or el}-completions.nu"
-      )
+      ) completions
-      completions
     );
-in {
+in
+{
   i18n.defaultLocale = "en_US.UTF-8";
 
   users = {
     mutableUsers = false;
     users.root = {
       hashedPasswordFile = config.age.secrets."system/password-root".path;
-      openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/mwLoiuaQ6KH+1IOvYO541gq37S43pYtMetilMG3v5"] ++ config.users.users.winston.openssh.authorizedKeys.keys;
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgFwSZPS1B3wndghjmgmamdM5LZ7hqv4fZsbcmYBQWT"
+      ] ++ config.users.users.winston.openssh.authorizedKeys.keys;
     };
     users.winston = {
-      extraGroups = ["wheel"];
+      extraGroups = [ "wheel" ];
       hashedPasswordFile = config.age.secrets."system/password-winston".path;
       isNormalUser = true;
-      openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILm0O46zW/XfVOSwz0okRWYeOAg+wCVkCtCAoVTpZsOh"];
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILm0O46zW/XfVOSwz0okRWYeOAg+wCVkCtCAoVTpZsOh"
+      ];
     };
   };
 
@@ -102,7 +108,12 @@ in {
               }
 
               source ${nu_scripts}/aliases/git/git-aliases.nu
-              ${mkCompletions ["git" "man" "rg" "tar"]}
+              ${mkCompletions [
+                "git"
+                "man"
+                "rg"
+                "tar"
+              ]}
             '';
         };
         starship.enable = true;

flake.nix

@@ -1,19 +1,21 @@
 {
-  outputs = {
+  outputs =
-    flake-parts,
+    {
-    nixpkgs,
+      flake-parts,
-    nixpkgs-unstable,
+      nixpkgs,
-    self,
+      nixpkgs-unstable,
-    ...
+      self,
-  } @ inputs: let
+      ...
-    overlays = [
+    }@inputs:
-      (final: _: {
+    let
-        unstable = nixpkgs-unstable.legacyPackages.${final.system};
+      overlays = [
-        prometheus-fail2ban-exporter = final.callPackage ./pkgs/prometheus-fail2ban-exporter {};
+        (final: _: {
-      })
+          unstable = nixpkgs-unstable.legacyPackages.${final.system};
-    ];
+          prometheus-fail2ban-exporter = final.callPackage ./pkgs/prometheus-fail2ban-exporter { };
-  in
+        })
-    flake-parts.lib.mkFlake {inherit inputs;} {
+      ];
+    in
+    flake-parts.lib.mkFlake { inherit inputs; } {
       flake = {
         nixosConfigurations.main-node = nixpkgs.lib.nixosSystem {
           system = "x86_64-linux";
@@ -33,7 +35,9 @@
             inputs.satisfactory-server.nixosModules.default
             inputs.valheim-server.nixosModules.default
           ];
-          specialArgs = {inherit inputs;};
+          specialArgs = {
+            inherit inputs;
+          };
         };
 
         checks = builtins.mapAttrs (_: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib;
@@ -47,48 +51,52 @@
         };
       };
 
-      perSystem = {
+      perSystem =
-        config,
+        {
-        inputs',
+          config,
-        pkgs,
+          inputs',
-        self',
+          pkgs,
-        system,
+          self',
-        ...
+          system,
-      }: {
+          ...
-        _module.args.pkgs = import nixpkgs {
+        }:
-          inherit overlays system;
+        {
-        };
+          _module.args.pkgs = import nixpkgs { inherit overlays system; };
 
-        devShells.default = pkgs.mkShell {
+          devShells.default = pkgs.mkShell {
-          inherit (config.pre-commit.devShell) shellHook;
+            inherit (config.pre-commit.devShell) shellHook;
-          buildInputs = [
+            buildInputs = [
-            inputs'.agenix.packages.agenix
+              inputs'.agenix.packages.agenix
-            pkgs.age-plugin-yubikey
+              pkgs.age-plugin-yubikey
-            pkgs.unstable.deploy-rs
+              pkgs.unstable.deploy-rs
-            pkgs.unstable.nh
+              pkgs.unstable.nh
-            pkgs.unstable.nixd
+              pkgs.unstable.nixd
-            self'.formatter
+              self'.formatter
-          ];
+            ];
-        };
+          };
 
-        formatter = pkgs.alejandra;
+          formatter = pkgs.nixfmt-rfc-style;
 
-        pre-commit = {
+          pre-commit = {
-          check.enable = true;
+            check.enable = true;
-          settings.excludes = ["_sources/"];
+            settings.excludes = [ "_sources/" ];
-          settings.hooks = {
+            settings.hooks = {
-            alejandra.enable = true;
+              commitizen.enable = true;
-            commitizen.enable = true;
+              editorconfig-checker.enable = true;
-            deadnix.enable = true;
+              nil.enable = true;
-            editorconfig-checker.enable = true;
+              nixfmt-rfc-style.enable = true;
-            nil.enable = true;
+              shellcheck.enable = true;
-            shellcheck.enable = true;
+            };
           };
         };
-      };
 
-      imports = [inputs.pre-commit-hooks.flakeModule];
+      imports = [ inputs.pre-commit-hooks.flakeModule ];
-      systems = ["x86_64-linux" "aarch64-linux" "aarch64-darwin" "x86_64-darwin"];
+      systems = [
+        "x86_64-linux"
+        "aarch64-linux"
+        "aarch64-darwin"
+        "x86_64-darwin"
+      ];
     };
 
   inputs = {

hosts/main-node/default.nix

@@ -1,5 +1,6 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
-  imports = [./hardware-configuration.nix];
+{
+  imports = [ ./hardware-configuration.nix ];
 
   boot = {
     loader = {

hosts/main-node/hardware-configuration.nix

@@ -3,35 +3,41 @@
   lib,
   modulesPath,
   ...
-}: {
+}:
-  imports = [
+{
-    (modulesPath + "/profiles/qemu-guest.nix")
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
-  ];
 
-  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
+  boot.initrd.availableKernelModules = [
-  boot.initrd.kernelModules = [];
+    "ata_piix"
-  boot.kernelModules = [];
+    "uhci_hcd"
-  boot.extraModulePackages = [];
+    "virtio_pci"
+    "virtio_scsi"
+    "sd_mod"
+    "sr_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
 
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/8e282da8-0e52-4515-8647-fff793b8ead8";
     fsType = "btrfs";
-    options = ["subvol=root"];
+    options = [ "subvol=root" ];
   };
 
   fileSystems."/home" = {
     device = "/dev/disk/by-uuid/8e282da8-0e52-4515-8647-fff793b8ead8";
     fsType = "btrfs";
-    options = ["subvol=home"];
+    options = [ "subvol=home" ];
   };
 
   fileSystems."/nix" = {
     device = "/dev/disk/by-uuid/8e282da8-0e52-4515-8647-fff793b8ead8";
     fsType = "btrfs";
-    options = ["subvol=nix"];
+    options = [ "subvol=nix" ];
   };
 
-  swapDevices = [];
+  swapDevices = [ ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's

modules/default.nix

@@ -1,5 +1 @@
-{
+{ imports = [ ./wakapi.nix ]; }
-  imports = [
-    ./wakapi.nix
-  ];
-}

modules/wakapi.nix

@@ -3,9 +3,10 @@
   lib,
   pkgs,
   ...
-}: let
+}:
+let
   cfg = config.services.wakapi;
-  settingsFormat = pkgs.formats.yaml {};
+  settingsFormat = pkgs.formats.yaml { };
   inherit (lib) types;
 
   settingsFile = settingsFormat.generate "wakapi-settings" cfg.settings;
@@ -13,9 +14,9 @@
   serviceConfig = {
     systemd.services.wakapi = {
       description = "Wakapi (self-hosted WakaTime-compatible backend)";
-      wants = ["network-online.target"];
+      wants = [ "network-online.target" ];
-      after = ["network-online.target"];
+      after = [ "network-online.target" ];
-      wantedBy = ["multi-user.target"];
+      wantedBy = [ "multi-user.target" ];
 
       script = ''
         exec ${pkgs.wakapi}/bin/wakapi -config ${settingsFile}
@@ -36,7 +37,11 @@
         ProtectKernelTunables = true;
         ProtectProc = "invisible";
         ProtectSystem = "strict";
-        RestrictAddressFamilies = ["AF_INET" "AF_INET6" "AF_UNIX"];
+        RestrictAddressFamilies = [
+          "AF_INET"
+          "AF_INET6"
+          "AF_UNIX"
+        ];
         RestrictNamespaces = true;
         RestrictRealtime = true;
         RestrictSUIDSGID = true;
@@ -77,8 +82,8 @@
     };
 
     systemd.services.wakapi = {
-      requires = ["postgresql.service"];
+      requires = [ "postgresql.service" ];
-      after = ["postgresql.service"];
+      after = [ "postgresql.service" ];
     };
   };
 
@@ -97,10 +102,11 @@
       public_url = lib.mkDefault cfg.domain;
     };
   };
-in {
+in
+{
   options.services.wakapi = {
     enable = lib.mkEnableOption "Wakapi";
-    package = lib.mkPackageOption pkgs "wakapi" {};
+    package = lib.mkPackageOption pkgs "wakapi" { };
 
     port = lib.mkOption {
       type = types.int;
@@ -176,7 +182,7 @@ in {
 
     settings = lib.mkOption {
       type = settingsFormat.type;
-      default = {};
+      default = { };
       description = lib.mkDoc ''
         Settings for Wakapi.
 
@@ -185,9 +191,11 @@ in {
     };
   };
 
-  config = lib.mkIf cfg.enable (lib.mkMerge [
+  config = lib.mkIf cfg.enable (
-    databaseConfig
+    lib.mkMerge [
-    nginxConfig
+      databaseConfig
-    serviceConfig
+      nginxConfig
-  ]);
+      serviceConfig
+    ]
+  );
 }

pkgs/prometheus-fail2ban-exporter/default.nix

@@ -2,26 +2,27 @@
   buildGoModule,
   fetchFromGitLab,
   lib,
-}: let
+}:
+let
   version = "0.10.1";
 in
-  buildGoModule {
+buildGoModule {
-    pname = "prometheus-fail2ban-exporter";
+  pname = "prometheus-fail2ban-exporter";
-    inherit version;
+  inherit version;
 
-    src = fetchFromGitLab {
+  src = fetchFromGitLab {
-      owner = "hectorjsmith";
+    owner = "hectorjsmith";
-      repo = "fail2ban-prometheus-exporter";
+    repo = "fail2ban-prometheus-exporter";
-      rev = "v${version}";
+    rev = "v${version}";
-      sha256 = "sha256-zGEhDy3uXIbvx4agSA8Mx7bRtiZZtoDZGbNbHc9L+yI=";
+    sha256 = "sha256-zGEhDy3uXIbvx4agSA8Mx7bRtiZZtoDZGbNbHc9L+yI=";
-    };
+  };
 
-    vendorHash = "sha256-5o8p5p0U/c0WAIV5dACnWA3ThzSh2tt5LIFMb59i9GY=";
+  vendorHash = "sha256-5o8p5p0U/c0WAIV5dACnWA3ThzSh2tt5LIFMb59i9GY=";
 
-    meta = with lib; {
+  meta = with lib; {
-      mainProgram = "fail2ban-prometheus-exporter";
+    mainProgram = "fail2ban-prometheus-exporter";
-      description = "Collect and export metrics on Fail2Ban";
+    description = "Collect and export metrics on Fail2Ban";
-      homepage = "https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter";
+    homepage = "https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter";
-      license = licenses.mit;
+    license = licenses.mit;
-    };
+  };
-  }
+}