chore: nix fmt

2025-01-13 11:52:09 +08:00 · 2025-01-13 11:52:09 +08:00 · 7266fff06e
commit 7266fff06e
parent a80bd4ed3b
128 changed files with 3402 additions and 2013 deletions
--- a/global/acme/default.nix
+++ b/global/acme/default.nix
@ -1,9 +1,14 @@
-{ pkgs
-, lib
-, config
-, ... }: with lib; let
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib;
+let
  cfg = config.global.acme;
-in {
+in
+{
  options.global.acme = {
    enable = mkEnableOption "ACME SSL certificates";
  };
--- a/global/android/default.nix
+++ b/global/android/default.nix
@ -1,9 +1,14 @@
-{ pkgs
-, lib
-, config
-, ... }: with lib; let
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib;
+let
  cfg = config.global.android;
-in {
+in
+{
  options.global.android = {
    enable = mkEnableOption "android tools";
  };
--- a/global/asusd/default.nix
+++ b/global/asusd/default.nix
@ -1,9 +1,14 @@
-{ pkgs
-, lib
-, config
-, ... }: with lib; let
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib;
+let
  cfg = config.global.asusd;
-in {
+in
+{
  options.global.asusd = {
    enable = mkEnableOption "ASUS laptop userland support daemon";
  };
--- a/global/auth/default.nix
+++ b/global/auth/default.nix
@ -1,7 +1,11 @@
-{ pkgs
-, lib
-, config
-, ... }: with lib; let
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib;
+let
  cfg = config.global.auth;
  pub = lib.pipe ./pub [
    builtins.readDir
@ -10,9 +14,12 @@
    (foldr (payload: keys: (splitString "\n" payload) ++ keys) [ ])
    (foldr (candidate: keys: keys ++ (if candidate == "" then [ ] else [ candidate ])) [ ])
  ];
-in {
+in
+{
  options.global.auth = {
-    enable = mkEnableOption "identity authentication in various software" // { default = true; };
+    enable = mkEnableOption "identity authentication in various software" // {
+      default = true;
+    };
    openssh = {
      enable = mkEnableOption "openssh server";
      password = mkEnableOption "password authentication";
@ -42,10 +49,13 @@ in {
      settings.PasswordAuthentication = cfg.openssh.password;
    };

-    networking.firewall.allowedTCPPorts = [ 1300 ] ++ # utility port
-    optional (cfg.openssh.enable && (cfg.openssh.port != null)) cfg.openssh.port;
+    networking.firewall.allowedTCPPorts =
+      [ 1300 ]
+      # utility port
+      ++ optional (cfg.openssh.enable && (cfg.openssh.port != null)) cfg.openssh.port;

-    environment.persistence."/nix/persist/fhs".directories = [ ] ++
-    optional cfg.openssh.enable "/etc/ssh";
+    environment.persistence."/nix/persist/fhs".directories =
+      [ ]
+      ++ optional cfg.openssh.enable "/etc/ssh";
  };
 }
--- a/global/boot/default.nix
+++ b/global/boot/default.nix
@ -1,12 +1,21 @@
-{ pkgs
-, lib
-, config
-, ... }: with lib; let
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib;
+let
  cfg = config.global.boot;
-in {
+in
+{
  options.global.boot = {
-    enable = mkEnableOption "bootloader installation and maintenance" // { default = true; };
-    systemd-boot = mkEnableOption "generation selection via systemd-boot" // { default = !cfg.lanzaboote; };
+    enable = mkEnableOption "bootloader installation and maintenance" // {
+      default = true;
+    };
+    systemd-boot = mkEnableOption "generation selection via systemd-boot" // {
+      default = !cfg.lanzaboote;
+    };
    lanzaboote = mkEnableOption "secure boot maintenance via lanzaboote";
    memtest = mkOption {
      type = with types; nullOr int;
@ -15,21 +24,23 @@ in {
    };
  };

-  config = let
-    sbPath = "/nix/persist/lanzaboote";
-  in mkIf cfg.enable {
-    boot = {
-      initrd.systemd.enable = true;
-      lanzaboote.enable = cfg.lanzaboote;
-      lanzaboote.pkiBundle = sbPath;
-      loader.systemd-boot.enable = cfg.systemd-boot;
-      loader.efi.canTouchEfiVariables = true;
-      tmp.cleanOnBoot = true;
-      kernelParams = optional (cfg.memtest != null) "memtest=${toString cfg.memtest}";
-    };
+  config =
+    let
+      sbPath = "/nix/persist/lanzaboote";
+    in
+    mkIf cfg.enable {
+      boot = {
+        initrd.systemd.enable = true;
+        lanzaboote.enable = cfg.lanzaboote;
+        lanzaboote.pkiBundle = sbPath;
+        loader.systemd-boot.enable = cfg.systemd-boot;
+        loader.efi.canTouchEfiVariables = true;
+        tmp.cleanOnBoot = true;
+        kernelParams = optional (cfg.memtest != null) "memtest=${toString cfg.memtest}";
+      };

-    # symlink for sbctl
-    environment.etc.secureboot.source = sbPath;
-    environment.systemPackages = [ pkgs.sbctl ];
-  };
+      # symlink for sbctl
+      environment.etc.secureboot.source = sbPath;
+      environment.systemPackages = [ pkgs.sbctl ];
+    };
 }
--- a/global/default.nix
+++ b/global/default.nix
@ -1,4 +1,5 @@
-{ lib, ... }: {
+{ lib, ... }:
+{
  imports = lib.pipe ./. [
    builtins.readDir
    (lib.filterAttrs (n: ty: ty == "directory" && builtins.pathExists ./${n}/default.nix))
--- a/global/flatpak/default.nix
+++ b/global/flatpak/default.nix
@ -1,9 +1,14 @@
-{ pkgs
-, lib
-, config
-, ... }: with lib; let
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib;
+let
  cfg = config.global.flatpak;
-in {
+in
+{
  options.global.flatpak = {
    enable = mkEnableOption "flatpak sandbox";
  };
@ -11,7 +16,10 @@ in {
  config = mkIf cfg.enable {
    services.flatpak.enable = true;
    xdg.portal.enable = true;
-    users.home.persist.directories = [ ".local/share/flatpak" ".var" ];
+    users.home.persist.directories = [
+      ".local/share/flatpak"
+      ".var"
+    ];
    environment.persistence."/nix/persist/fhs".directories = [ "/var/lib/flatpak" ];
  };
 }
--- a/global/fs/bcachefs.nix
+++ b/global/fs/bcachefs.nix
@ -1,20 +1,28 @@
-{ pkgs
-, lib
-, config
-, ... }: with lib; let
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib;
+let
  cfg = config.global.fs;
-in {
+in
+{
  options.global.fs.bcachefs = {
    options = mkOption {
      type = with types; listOf str;
-      default = [ "noatime" "compression=zstd" ];
+      default = [
+        "noatime"
+        "compression=zstd"
+      ];
      description = "bcachefs mount options";
    };
  };

  config = mkIf (cfg.type == "bcachefs") {
-    fileSystems."/nix" =
-    { inherit (cfg.bcachefs) options;
+    fileSystems."/nix" = {
+      inherit (cfg.bcachefs) options;
      device = "/dev/disk/by-uuid/${cfg.store}";
      fsType = "bcachefs";
    };
--- a/global/fs/default.nix
+++ b/global/fs/default.nix
@ -1,9 +1,14 @@
-{ pkgs
-, lib
-, config
-, ... }: with lib; let
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib;
+let
  cfg = config.global.fs;
-in {
+in
+{
  imports = [
    ./ext4.nix
    ./f2fs.nix
@ -14,7 +19,15 @@ in {

  options.global.fs = {
    type = mkOption {
-      type = with types; enum [ "ext4" "f2fs" "xfs" "zfs" "bcachefs" ];
+      type =
+        with types;
+        enum [
+          "ext4"
+          "f2fs"
+          "xfs"
+          "zfs"
+          "bcachefs"
+        ];
      default = "bcachefs";
      description = "filesystem type to use for persistent state storage";
    };
@ -24,7 +37,9 @@ in {
      description = "UUID/dataset of nix store backing device";
    };
    esp = {
-      enable = mkEnableOption "EFI system partition" // { default = true; };
+      enable = mkEnableOption "EFI system partition" // {
+        default = true;
+      };
      uuid = mkOption {
        type = with types; str;
        default = "CAFE-BABE";
@ -53,8 +68,12 @@ in {
    };
    cryptsetup = {
      enable = mkEnableOption "full disk encryption device early setup";
-      allowDiscards = mkEnableOption "allow discards via device-mapper" // { default = true; };
-      bypassWorkqueues = mkEnableOption "bypass dm-crypt's internal workqueues" // { default = true; };
+      allowDiscards = mkEnableOption "allow discards via device-mapper" // {
+        default = true;
+      };
+      bypassWorkqueues = mkEnableOption "bypass dm-crypt's internal workqueues" // {
+        default = true;
+      };
      uuids = mkOption {
        type = with types; attrsOf str;
        description = "device-mapper name to encrypted block device UUID mapping";
@ -63,22 +82,25 @@ in {
  };

  config = {
-    fileSystems."/" =
-    { device = "rootfs";
+    fileSystems."/" = {
+      device = "rootfs";
      fsType = "tmpfs";
-      options = [ "size=2G" "mode=755" ];
+      options = [
+        "size=2G"
+        "mode=755"
+      ];
    };
-    fileSystems."/boot" = mkIf cfg.esp.enable
-    { device = "/dev/disk/by-uuid/${cfg.esp.uuid}";
+    fileSystems."/boot" = mkIf cfg.esp.enable {
+      device = "/dev/disk/by-uuid/${cfg.esp.uuid}";
      fsType = "vfat";
    };
-    fileSystems."/nix/persist" = mkIf cfg.external.enable
-    { inherit (cfg.external) device fsType options;
+    fileSystems."/nix/persist" = mkIf cfg.external.enable {
+      inherit (cfg.external) device fsType options;
      neededForBoot = true;
      depends = [ "/nix" ];
    };
-    fileSystems."/tmp" =
-    { device = "/nix/tmp";
+    fileSystems."/tmp" = {
+      device = "/nix/tmp";
      options = [ "bind" ];
      depends = [ "/nix/tmp" ];
    };
@ -86,14 +108,20 @@ in {
    services.fstrim.enable = mkIf ((cfg.type == "ext4") || (cfg.type == "xfs")) true;

    boot.initrd.luks.devices = mkIf cfg.cryptsetup.enable (
-    mapAttrs' (name: uuid: nameValuePair "luks-${name}" {
-      inherit (cfg.cryptsetup) allowDiscards bypassWorkqueues;
-      device = "/dev/disk/by-uuid/${uuid}";
-    }) cfg.cryptsetup.uuids);
+      mapAttrs' (
+        name: uuid:
+        nameValuePair "luks-${name}" {
+          inherit (cfg.cryptsetup) allowDiscards bypassWorkqueues;
+          device = "/dev/disk/by-uuid/${uuid}";
+        }
+      ) cfg.cryptsetup.uuids
+    );

-    environment.persistence."/nix/persist/fhs".files = [ {
-      file = "/var/lib/private/mode";
-      parentDirectory.mode = "0700";
-    } ];
+    environment.persistence."/nix/persist/fhs".files = [
+      {
+        file = "/var/lib/private/mode";
+        parentDirectory.mode = "0700";
+      }
+    ];
  };
 }
--- a/global/fs/ext4.nix
+++ b/global/fs/ext4.nix
@ -1,10 +1,15 @@
-{ lib
-, config
-, ... }: with lib; let
+{
+  lib,
+  config,
+  ...
+}:
+with lib;
+let
  cfg = config.global.fs;
-in mkIf (cfg.type == "ext4") {
-  fileSystems."/nix" =
-  { device = "/dev/disk/by-uuid/${cfg.store}";
+in
+mkIf (cfg.type == "ext4") {
+  fileSystems."/nix" = {
+    device = "/dev/disk/by-uuid/${cfg.store}";
    fsType = "ext4";
    options = [ "noatime" ];
  };
--- a/global/fs/f2fs.nix
+++ b/global/fs/f2fs.nix
@ -1,10 +1,15 @@
-{ lib
-, config
-, ... }: with lib; let
+{
+  lib,
+  config,
+  ...
+}:
+with lib;
+let
  cfg = config.global.fs;
-in mkIf (cfg.type == "f2fs") {
-  fileSystems."/nix" =
-  { device = "/dev/disk/by-uuid/${cfg.store}";
+in
+mkIf (cfg.type == "f2fs") {
+  fileSystems."/nix" = {
+    device = "/dev/disk/by-uuid/${cfg.store}";
    fsType = "f2fs";
  };
 }
--- a/global/fs/xfs.nix
+++ b/global/fs/xfs.nix
@ -1,11 +1,16 @@
-{ lib
-, config
-, ... }: with lib; let
+{
+  lib,
+  config,
+  ...
+}:
+with lib;
+let
  cfg = config.global.fs;
-in mkIf (cfg.type == "xfs") {
+in
+mkIf (cfg.type == "xfs") {
  # NOTE: -m reflink=1
-  fileSystems."/nix" =
-  { device = "/dev/disk/by-uuid/${cfg.store}";
+  fileSystems."/nix" = {
+    device = "/dev/disk/by-uuid/${cfg.store}";
    fsType = "xfs";
    options = [ "noatime" ];
  };
--- a/global/fs/zfs/alert.nix
+++ b/global/fs/zfs/alert.nix
@ -1,7 +1,11 @@
-{ pkgs
-, lib
-, config
-, ... }: with lib; let
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib;
+let
  cfg = config.global.fs.zfs.alert;

  backend = {
@ -103,7 +107,8 @@
    export ALERT
    exec ${backend.text}
  '';
-in mkIf (cfg.secret != null) {
+in
+mkIf (cfg.secret != null) {
  services.zfs.zed = mkIf cfg.zed {
    settings = {
      ZED_EMAIL_ADDR = [ "root" ];
--- a/global/fs/zfs/default.nix
+++ b/global/fs/zfs/default.nix
@ -1,9 +1,14 @@
-{ pkgs
-, lib
-, config
-, ... }: with lib; let
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib;
+let
  cfg = config.global.fs;
-in {
+in
+{
  imports = [
    ./alert.nix
    ./split.nix
@ -15,8 +20,12 @@ in {
  # -O compression=on -O mountpoint=none -O xattr=sa -O acltype=posixacl
  options.global.fs.zfs = {
    alert = {
-      zed = mkEnableOption "zfs event alerts" // { default = true; };
-      swraid = mkEnableOption "software raid alerts" // { default = true; };
+      zed = mkEnableOption "zfs event alerts" // {
+        default = true;
+      };
+      swraid = mkEnableOption "software raid alerts" // {
+        default = true;
+      };
      secret = mkOption {
        type = with types; nullOr str;
        default = null;
@ -68,7 +77,11 @@ in {
      };
      datasets = mkOption {
        type = with types; listOf str;
-        default = [ "persist" "service" "storage" ];
+        default = [
+          "persist"
+          "service"
+          "storage"
+        ];
        description = "list of filesystems to perform replication for";
      };
      sendOptions = mkOption {
@ -80,19 +93,25 @@ in {
  };

  config = mkIf (cfg.type == "zfs") {
-    fileSystems = (mapAttrs (path: dataset: {
-      device = "${cfg.zfs.persist}/${dataset}";
-      fsType = "zfs";
-      options = [ "zfsutil" ];
-      # required by impermanence
-      neededForBoot = true;
-    }) cfg.zfs.mountpoints) // {
-      "/nix" = (if !cfg.zfs.externalStore then
-        { device = "${cfg.store}/nix";
-          fsType = "zfs";
-        } else
-        { inherit (cfg.external) device fsType options; });
-    };
+    fileSystems =
+      (mapAttrs (path: dataset: {
+        device = "${cfg.zfs.persist}/${dataset}";
+        fsType = "zfs";
+        options = [ "zfsutil" ];
+        # required by impermanence
+        neededForBoot = true;
+      }) cfg.zfs.mountpoints)
+      // {
+        "/nix" = (
+          if !cfg.zfs.externalStore then
+            {
+              device = "${cfg.store}/nix";
+              fsType = "zfs";
+            }
+          else
+            { inherit (cfg.external) device fsType options; }
+        );
+      };
    global.fs.zfs.mountpoints."/nix/persist" = "persist";

    services.zfs.trim.enable = true;
--- a/global/fs/zfs/replication.nix
+++ b/global/fs/zfs/replication.nix
@ -1,9 +1,14 @@
-{ pkgs
-, lib
-, config
-, ... }: with lib; let
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib;
+let
  cfg = config.global.fs.zfs.replication;
-in mkIf cfg.enable {
+in
+mkIf cfg.enable {
  services.syncoid = {
    enable = mkDefault true;
    interval = mkDefault "daily";
@ -16,12 +21,18 @@ in mkIf cfg.enable {
    ];
    localSourceAllow = mkOptionDefault [ "mount" ];

-    commands = (lists.foldr (name: commands: commands // {
-      "${config.global.fs.store}/${name}" = {
-        inherit (cfg) sendOptions;
-        target = "${cfg.remote}/${name}";
-      };
-    }) { }) cfg.datasets;
+    commands =
+      (lists.foldr (
+        name: commands:
+        commands
+        // {
+          "${config.global.fs.store}/${name}" = {
+            inherit (cfg) sendOptions;
+            target = "${cfg.remote}/${name}";
+          };
+        }
+      ) { })
+        cfg.datasets;
  };

  users.users.syncoid.uid = 82;
--- a/global/fs/zfs/split.nix
+++ b/global/fs/zfs/split.nix
@ -1,9 +1,14 @@
-{ pkgs
-, lib
-, config
-, ... }: with lib; let
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib;
+let
  cfg = config.global.fs.zfs.split;
-in mkIf cfg.enable {
+in
+mkIf cfg.enable {
  # unconditionally enable fstrim for xfs and ext4
  services.fstrim.enable = mkDefault true;

@ -14,8 +19,8 @@ in mkIf cfg.enable {
  '';

  # secret filesystem backed by swraid
-  fileSystems."/nix/var/secret" =
-  { device = "/dev/disk/by-uuid/${cfg.secret}";
+  fileSystems."/nix/var/secret" = {
+    device = "/dev/disk/by-uuid/${cfg.secret}";
    fsType = "ext4";
    options = [ "noatime" ];
    neededForBoot = true;
@ -31,5 +36,8 @@ in mkIf cfg.enable {
  };

  # import system state pool after encrypted filesystems become available for key loading
-  boot.initrd.systemd.services."zfs-import-${config.global.fs.store}".after = [ "sysroot-nix-var-secret.mount" "cryptsetup.target" ];
+  boot.initrd.systemd.services."zfs-import-${config.global.fs.store}".after = [
+    "sysroot-nix-var-secret.mount"
+    "cryptsetup.target"
+  ];
 }
--- a/global/gpu/default.nix
+++ b/global/gpu/default.nix
@ -1,13 +1,20 @@
-{ pkgs
-, lib
-, config
-, ... }: with lib; let
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib;
+let
  cfg = config.global.gpu;

-  intel = cfg.type == "intel" || (cfg.type == "prime" && config.hardware.nvidia.prime.intelBusId != "");
-  amdgpu = cfg.type == "amdgpu" || (cfg.type == "prime" && config.hardware.nvidia.prime.amdgpuBusId != "");
+  intel =
+    cfg.type == "intel" || (cfg.type == "prime" && config.hardware.nvidia.prime.intelBusId != "");
+  amdgpu =
+    cfg.type == "amdgpu" || (cfg.type == "prime" && config.hardware.nvidia.prime.amdgpuBusId != "");
  nvidia = cfg.type == "nvidia" || cfg.type == "prime";
-in {
+in
+{
  imports = [
    ./plymouth.nix
    ./greetd.nix
@ -15,9 +22,18 @@ in {

  options.global.gpu = {
    enable = mkEnableOption "various setup required for GUI and support software";
-    session = mkEnableOption "software required for a graphical session" // { default = true; };
+    session = mkEnableOption "software required for a graphical session" // {
+      default = true;
+    };
    type = mkOption {
-      type = with types; nullOr (enum [ "intel" "amdgpu" "nvidia" "prime" ]);
+      type =
+        with types;
+        nullOr (enum [
+          "intel"
+          "amdgpu"
+          "nvidia"
+          "prime"
+        ]);
      default = null;
      description = "type of graphics acceleration used";
    };
@ -34,21 +50,21 @@ in {
      enable32Bit = true;

      # https://nixos.wiki/wiki/Accelerated_Video_Playback
-      extraPackages = with pkgs; optionals intel [
-        intel-media-driver # LIBVA_DRIVER_NAME=iHD
-        vaapiIntel         # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
-        vaapiVdpau
-        libvdpau-va-gl
-        intel-compute-runtime
-      ] ++
-      optional nvidia nvidia-vaapi-driver ++
-      optional (cfg.type == "nvidia") vulkan-validation-layers;
+      extraPackages =
+        with pkgs;
+        optionals intel [
+          intel-media-driver # LIBVA_DRIVER_NAME=iHD
+          vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
+          vaapiVdpau
+          libvdpau-va-gl
+          intel-compute-runtime
+        ]
+        ++ optional nvidia nvidia-vaapi-driver
+        ++ optional (cfg.type == "nvidia") vulkan-validation-layers;
    };

    services.xserver = mkIf cfg.session {
-      videoDrivers =
-      optional nvidia "nvidia" ++
-      optional (cfg.type == "amdgpu") "amdgpu";
+      videoDrivers = optional nvidia "nvidia" ++ optional (cfg.type == "amdgpu") "amdgpu";
      # inhibits default display manager

      displayManager.startx.enable = mkDefault true;
@ -79,7 +95,14 @@ in {

    specialisation.integratedGraphics = mkIf (cfg.type == "prime") {
      configuration = {
-        global.gpu.type = mkForce (if intel then "intel" else if amdgpu then "amdgpu" else "prime");
+        global.gpu.type = mkForce (
+          if intel then
+            "intel"
+          else if amdgpu then
+            "amdgpu"
+          else
+            "prime"
+        );
        boot.blacklistedKernelModules = [ "nouveau" ];
      };
    };
@ -92,10 +115,15 @@ in {
    };

    boot.initrd.kernelModules =
-    optional amdgpu "amdgpu" ++
-    optional (intel && cfg.arc == null) "i915" ++
-    optionals nvidia [ "nvidia" "nvidia_drm" "nvidia_modeset" "nvidia_uvm" ] ++
-    optional (cfg.arc != null) "vfio-pci";
+      optional amdgpu "amdgpu"
+      ++ optional (intel && cfg.arc == null) "i915"
+      ++ optionals nvidia [
+        "nvidia"
+        "nvidia_drm"
+        "nvidia_modeset"
+        "nvidia_uvm"
+      ]
+      ++ optional (cfg.arc != null) "vfio-pci";

    boot.extraModulePackages = optional nvidia config.boot.kernelPackages.nvidia_x11;

@ -105,7 +133,10 @@ in {
    '';

    boot.kernelParams =
-    optional intel "i915.fastboot=1" ++
-    optionals nvidia [ "nvidia_drm.modeset=1" "nvidia_drm.fbdev=1" ];
+      optional intel "i915.fastboot=1"
+      ++ optionals nvidia [
+        "nvidia_drm.modeset=1"
+        "nvidia_drm.fbdev=1"
+      ];
  };
 }
--- a/global/gpu/greetd.nix
+++ b/global/gpu/greetd.nix
@ -1,13 +1,23 @@
-{ pkgs
-, lib
-, config
-, ... }: with lib; let
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib;
+let
  cfg = config.global.gpu;
  gui = with cfg; enable && session;
-in mkIf gui {
+in
+mkIf gui {
  programs.regreet = {
    enable = mkDefault true;
-    cageArgs = [ "-s" "-d" "-m" "last" ];
+    cageArgs = [
+      "-s"
+      "-d"
+      "-m"
+      "last"
+    ];
    settings = {
      background.path = mkDefault ../../share/54345906_p0.jpg;
      background.fit = "Fill";
--- a/global/gpu/plymouth.nix
+++ b/global/gpu/plymouth.nix
@ -1,10 +1,15 @@
-{ pkgs
-, lib
-, config
-, ... }: with lib; let
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib;
+let
  cfg = config.global.gpu;
  gui = with cfg; enable && session;
-in mkIf gui {
+in
+mkIf gui {
  boot = {
    loader.timeout = mkDefault 0;
    consoleLogLevel = 0;
--- a/global/id/default.nix
+++ b/global/id/default.nix
@ -1,9 +1,14 @@
-{ pkgs
-, lib
-, config
-, ... }: with lib; let
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib;
+let
  cfg = config.global.id;
-in {
+in
+{
  options.global.id = mkOption {
    type = with types; str;
    description = "systemd machine id";
--- a/global/io/default.nix
+++ b/global/io/default.nix
@ -1,26 +1,44 @@
-{ pkgs
-, lib
-, config
-, ... }: with lib; let
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib;
+let
  cfg = config.global.io;
  gui = with config.global.gpu; enable && session;
-in {
+in
+{
  options.global.io = {
-    betaflight = mkEnableOption "betaflight udev rules" // { default = gui; };
-    bluetooth = mkEnableOption "bluetooth daemons and state persistence" // { default = gui; };
-    audio = mkEnableOption "pulseaudio server configuration" // { default = gui; };
+    betaflight = mkEnableOption "betaflight udev rules" // {
+      default = gui;
+    };
+    bluetooth = mkEnableOption "bluetooth daemons and state persistence" // {
+      default = gui;
+    };
+    audio = mkEnableOption "pulseaudio server configuration" // {
+      default = gui;
+    };
    coredump = mkEnableOption "save coredumps handled by systemd";
  };

  config = {
-    services.udev.extraRules = ''
-      # ignore zvols
-      KERNEL=="zd*", ENV{UDISKS_IGNORE}="1"
-    '' + (if cfg.betaflight then ''
-      # DFU (Internal bootloader for STM32 and AT32 MCUs)
-      SUBSYSTEM=="usb", ATTRS{idVendor}=="2e3c", ATTRS{idProduct}=="df11", MODE="0664", GROUP="dialout"
-      SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE="0664", GROUP="dialout"
-    '' else "");
+    services.udev.extraRules =
+      ''
+        # ignore zvols
+        KERNEL=="zd*", ENV{UDISKS_IGNORE}="1"
+      ''
+      + (
+        if cfg.betaflight then
+          ''
+            # DFU (Internal bootloader for STM32 and AT32 MCUs)
+            SUBSYSTEM=="usb", ATTRS{idVendor}=="2e3c", ATTRS{idProduct}=="df11", MODE="0664", GROUP="dialout"
+            SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE="0664", GROUP="dialout"
+          ''
+        else
+          ""
+      );

    networking.networkmanager.enable = mkDefault true;
    networking.hosts = {
@ -43,20 +61,25 @@ in {
      jack.enable = true;
    };

-    security.pam.loginLimits = mkIf (!cfg.coredump) (singleton { domain = "*"; item = "core"; type = "hard"; value = "0"; });
+    security.pam.loginLimits = mkIf (!cfg.coredump) (singleton {
+      domain = "*";
+      item = "core";
+      type = "hard";
+      value = "0";
+    });
    systemd.coredump.extraConfig = mkIf (!cfg.coredump) "Storage=none";

-    environment.persistence."/nix/persist/fhs".directories = [
-      "/var/log"
-      "/var/lib/nixos"
-      "/var/lib/systemd/backlight"
-    ] ++
-    optional config.networking.networkmanager.enable "/etc/NetworkManager/system-connections" ++
-    optional cfg.bluetooth "/var/lib/bluetooth" ++
-    optional cfg.coredump "/var/lib/systemd/coredump";
+    environment.persistence."/nix/persist/fhs".directories =
+      [
+        "/var/log"
+        "/var/lib/nixos"
+        "/var/lib/systemd/backlight"
+      ]
+      ++ optional config.networking.networkmanager.enable "/etc/NetworkManager/system-connections"
+      ++ optional cfg.bluetooth "/var/lib/bluetooth"
+      ++ optional cfg.coredump "/var/lib/systemd/coredump";
    environment.persistence."/nix/persist/fhs".hideMounts = true;

-    users.home.persist.directories = [ ] ++
-    optional cfg.audio ".local/state/wireplumber";
+    users.home.persist.directories = [ ] ++ optional cfg.audio ".local/state/wireplumber";
  };
 }
--- a/global/kernel/default.nix
+++ b/global/kernel/default.nix
@ -1,15 +1,26 @@
-{ pkgs
-, lib
-, config
-, ... }: with lib; let
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib;
+let
  cfg = config.global.kernel;
-in {
+in
+{
  options.global.kernel = {
-    enable = mkEnableOption "kernel version and configuration" // { default = true; };
+    enable = mkEnableOption "kernel version and configuration" // {
+      default = true;
+    };
    lts = mkEnableOption "longterm kernel releases";
    sysctl = {
-      enable = mkEnableOption "sysctl presets" // { default = true; };
-      harden = mkEnableOption "hardening sysctls" // { default = true; };
+      enable = mkEnableOption "sysctl presets" // {
+        default = true;
+      };
+      harden = mkEnableOption "hardening sysctls" // {
+        default = true;
+      };
      swappiness = mkOption {
        type = with types; int;
        default = 0;
@ -23,6 +34,8 @@ in {
      "kernel.dmesg_restrict" = mkIf cfg.sysctl.harden 1;
      "vm.swappiness" = cfg.sysctl.swappiness;
    };
-    boot.kernelPackages = with pkgs; mkOverride 1001 (if cfg.lts then linuxPackages else linuxPackages_latest);
+    boot.kernelPackages =
+      with pkgs;
+      mkOverride 1001 (if cfg.lts then linuxPackages else linuxPackages_latest);
  };
 }
--- a/global/libvirt/default.nix
+++ b/global/libvirt/default.nix
@ -1,11 +1,18 @@
-{ pkgs
-, lib
-, config
-, ... }: with lib; let
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib;
+let
  cfg = config.global.libvirt;
-in {
+in
+{
  options.global.libvirt = {
-    enable = mkEnableOption "libvirt virtualisation daemon" // { default = true; };
+    enable = mkEnableOption "libvirt virtualisation daemon" // {
+      default = true;
+    };
  };

  config = mkIf cfg.enable {
--- a/global/lowmem/default.nix
+++ b/global/lowmem/default.nix
@ -1,9 +1,14 @@
-{ pkgs
-, lib
-, config
-, ... }: with lib; let
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib;
+let
  cfg = config.global.lowmem;
-in {
+in
+{
  options.global.lowmem = {
    enable = mkEnableOption "low memory optimisations";
    swapsize = mkOption {
@ -17,9 +22,11 @@ in {
    # enables remote nixos-rebuild
    nix.settings.trusted-users = [ "koishi" ];

-    swapDevices = [ {
-      device = "/nix/persist/secret/swap";
-      size = cfg.swapsize;
-    } ];
+    swapDevices = [
+      {
+        device = "/nix/persist/secret/swap";
+        size = cfg.swapsize;
+      }
+    ];
  };
 }
--- a/global/netdata/default.nix
+++ b/global/netdata/default.nix
@ -1,9 +1,14 @@
-{ pkgs
-, lib
-, config
-, ... }: with lib; let
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib;
+let
  cfg = config.global.netdata;
-in {
+in
+{
  options.global.netdata = {
    enable = mkEnableOption "netdata";
    host = mkOption {
--- a/global/oci/default.nix
+++ b/global/oci/default.nix
@ -1,9 +1,14 @@
-{ pkgs
-, lib
-, config
-, ... }: with lib; let
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib;
+let
  cfg = config.global.oci;
-in {
+in
+{
  options.global.oci = {
    enable = mkEnableOption "oci container runtime";
  };
--- a/global/virtualbox/default.nix
+++ b/global/virtualbox/default.nix
@ -1,9 +1,14 @@
-{ pkgs
-, lib
-, config
-, ... }: with lib; let
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib;
+let
  cfg = config.global.virtualbox;
-in {
+in
+{
  options.global.virtualbox = {
    enable = mkEnableOption "virtualbox host (kvm)";
  };
@ -25,10 +30,15 @@ in {
      ".config/VirtualBox"
    ];

-    users.homeModules = [ {
-      wayland.windowManager.sway.config.window.commands = [
-        { criteria.class = "VirtualBox Manager"; command = "floating enable"; }
-      ];
-    } ];
+    users.homeModules = [
+      {
+        wayland.windowManager.sway.config.window.commands = [
+          {
+            criteria.class = "VirtualBox Manager";
+            command = "floating enable";
+          }
+        ];
+      }
+    ];
  };
 }