style: follow statix's advisories

2024-10-27 09:25:21 +01:00 · 2024-10-27 09:25:21 +01:00 · 17a5f552a5
commit 17a5f552a5
parent c2e9df3771
11 changed files with 247 additions and 187 deletions
--- a/flake.nix
+++ b/flake.nix
@ -32,25 +32,38 @@
    };
  };

-  outputs = { self, nixpkgs, nixos-hardware, agenix, spicetify-nix, nix-index-database, lix-module, ... } @ inputs: {
-    nixosConfigurations.rhea-laptop = nixpkgs.lib.nixosSystem {
-      specialArgs = {
-        inherit inputs;
-        inherit spicetify-nix;
-        inherit agenix;
+  outputs =
+    {
+      self,
+      nixpkgs,
+      nixos-hardware,
+      agenix,
+      spicetify-nix,
+      nix-index-database,
+      lix-module,
+      ...
+    }@inputs:
+    {
+      nixosConfigurations.rhea-laptop = nixpkgs.lib.nixosSystem {
+        specialArgs = {
+          inherit inputs;
+          inherit spicetify-nix;
+          inherit agenix;
+        };
+
+        system = "x86_64-linux";
+
+        # List all Modules to load
+        modules = [
+          nixos-hardware.nixosModules.framework-13-7040-amd
+          lix-module.nixosModules.default
+          nix-index-database.nixosModules.nix-index
+          agenix.nixosModules.default
+          ./modules
+          ./home
+        ];
      };

-      system = "x86_64-linux";
-
-      # List all Modules to load
-      modules = [
-        nixos-hardware.nixosModules.framework-13-7040-amd
-        lix-module.nixosModules.default
-        nix-index-database.nixosModules.nix-index
-        agenix.nixosModules.default
-        ./modules
-        ./home
-      ];
+      formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style;
    };
-  };
 }
--- a/home/default.nix
+++ b/home/default.nix
@ -23,11 +23,12 @@

    users.rhea = {
      # The home.stateVersion option does not have a default and must be set
-      home.stateVersion = "24.05";
-      # Here goes the rest of your home-manager config, e.g. home.packages = [ pkgs.foo ];
-      # inherit ./hyprland.nix;
-      home.username = "rhea";
-      home.homeDirectory = "/home/rhea";
+      home = {
+        stateVersion = "24.05";
+        username = "rhea";
+        homeDirectory = "/home/rhea";
+      };
+
      programs.home-manager.enable = true;

      catppuccin = {
--- a/home/essentials/default.nix
+++ b/home/essentials/default.nix
@ -1,4 +1,4 @@
-{ age, config, ... }: {
+{
  imports = [
    ./git.nix
    ./keyring.nix
--- a/home/essentials/zsh.nix
+++ b/home/essentials/zsh.nix
@ -1,109 +1,114 @@
 {
-  programs.nix-index-database.comma.enable = true;
+  programs = {
+    nix-index-database.comma.enable = true;

-  programs.zsh = {
-    enable = true;
-
-    autocd = true;
-    shellAliases = {
-      os-update = "nh os switch /home/rhea/nix-config/";
-      os-upgrade = "cd ~/nix-config && nix flake update && nh os switch /home/rhea/nix-config/";
-      light-off = "echo -n \"{\\\"id\\\":1,\\\"method\\\":\\\"setState\\\",\\\"params\\\":{\\\"state\\\":false}}\" | nc -u -w 1 192.168.178.28 38899";
-      clr = "clear";
-      power-saver = "powerprofilesctl set power-saver";
-      power-balanced = "powerprofilesctl set balanced";
-      power-performance = "powerprofilesctl set performance";
-    };
-
-    autosuggestion = {
-      enable = true;
-      strategy = [ "history" "completion" ];
-    };
-
-    history = {
-      append = true;
-      expireDuplicatesFirst = true;
-      size = 2500;
-    };
-
-    syntaxHighlighting = {
+    zsh = {
      enable = true;

-      highlighters = [
-        "brackets"
-      ];
+      autocd = true;
+      shellAliases = {
+        os-update = "nh os switch /home/rhea/nix-config/";
+        os-upgrade = "cd ~/nix-config && nix flake update && nh os switch /home/rhea/nix-config/";
+        light-off = "echo -n \"{\\\"id\\\":1,\\\"method\\\":\\\"setState\\\",\\\"params\\\":{\\\"state\\\":false}}\" | nc -u -w 1 192.168.178.28 38899";
+        clr = "clear";
+        power-saver = "powerprofilesctl set power-saver";
+        power-balanced = "powerprofilesctl set balanced";
+        power-performance = "powerprofilesctl set performance";
+      };
+
+      autosuggestion = {
+        enable = true;
+        strategy = [
+          "history"
+          "completion"
+        ];
+      };
+
+      history = {
+        append = true;
+        expireDuplicatesFirst = true;
+        size = 2500;
+      };
+
+      syntaxHighlighting = {
+        enable = true;
+
+        highlighters = [
+          "brackets"
+        ];
+      };
+
+      oh-my-zsh = {
+        enable = true;
+
+        plugins = [
+          "git"
+          "sudo"
+          "virtualenv"
+          "safe-paste"
+          "timer"
+          "z"
+        ];
+
+        theme = "agnoster";
+      };
    };

-    oh-my-zsh = {
+    starship = {
      enable = true;
+      enableZshIntegration = true;
+      enableBashIntegration = true;

-      plugins = [
-        "git"
-        "sudo"
-        "virtualenv"
-        "safe-paste"
-        "timer"
-        "z"
-      ];
+      settings = {
+        add_newline = false;
+        command_timeout = 1000;

-      theme = "agnoster";
-    };
-  };
+        right_format = "$time";

-  programs.starship = {
-    enable = true;
-    enableZshIntegration = true;
-    enableBashIntegration = true;
+        character = {
+          success_symbol = "[](bold green)";
+          error_symbol = "[](bold red)";
+          vicmd_symbol = "[](bold yellow)";
+        };

-    settings = {
-      add_newline = false;
-      command_timeout = 1000;
+        username = {
+          show_always = true;
+          format = ''\[[$user]($style)'';
+        };

-      right_format = "$time";
+        hostname = {
+          ssh_only = false;
+          format = ''@[$ssh_symbol$hostname]($style)\]'';
+        };

-      character = {
-        success_symbol = "[](bold green)";
-        error_symbol = "[](bold red)";
-        vicmd_symbol = "[](bold yellow)";
-      };
+        directory = {
+          truncation_length = 6;
+          format = ''\[[$path]($style)[$read_only]($read_only_style)\]'';
+          read_only = " ";
+        };

-      username = {
-        show_always = true;
-        format = ''\[[$user]($style)'';
-      };
+        git_branch = {
+          symbol = " ";
+          format = ''\[[$symbol$branch]($style)\]'';
+        };

-      hostname = {
-        ssh_only = false;
-        format = ''@[$ssh_symbol$hostname]($style)\]'';
-      };
+        git_status = {
+          format = ''([\[$all_status$ahead_behind\]]($style))'';
+        };

-      directory = {
-        truncation_length = 6;
-        format = ''\[[$path]($style)[$read_only]($read_only_style)\]'';
-        read_only = " ";
-      };
+        nix_shell = {
+          symbol = "󱄅 ";
+          format = ''\[[$symbol$state(\($name\))]($style)\]'';
+        };

-      git_branch = {
-        symbol = " ";
-        format = ''\[[$symbol$branch]($style)\]'';
-      };
+        cmd_duration = {
+          format = ''\[[󰅐 $duration]($style)\]'';
+        };

-      git_status = {
-        format = ''([\[$all_status$ahead_behind\]]($style))'';
-      };
-
-      nix_shell = {
-        symbol = "󱄅 ";
-        format = ''\[[$symbol$state(\($name\))]($style)\]'';
-      };
-
-      cmd_duration = {
-        format = ''\[[󰅐 $duration]($style)\]'';
-      };
-
-      time = {
-        disabled = false;
-        format = ''\[[$time]($style)\]'';
+        time = {
+          disabled = false;
+          format = ''\[[$time]($style)\]'';
+        };
      };
    };
  };
--- a/home/misc_pkgs/default.nix
+++ b/home/misc_pkgs/default.nix
@ -1,4 +1,12 @@
-{ agenix, config, inputs, pkgs, spicetify-nix, ... }: {
+{
+  agenix,
+  config,
+  inputs,
+  pkgs,
+  spicetify-nix,
+  ...
+}:
+{
  imports = [
    ./packages.nix
    ./spicetify.nix
--- a/modules/essentials/bootloader.nix
+++ b/modules/essentials/bootloader.nix
@ -1,5 +1,11 @@
-{ pkgs, ... }: {
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-  boot.kernelPackages = pkgs.linuxPackages_latest;
+{ pkgs, ... }:
+{
+  boot = {
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+
+    kernelPackages = pkgs.linuxPackages_latest;
+  };
 }
--- a/modules/essentials/environment.nix
+++ b/modules/essentials/environment.nix
@ -1,19 +1,22 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
+{
  programs.zsh.enable = true;

-  environment.pathsToLink = [ "/share/zsh" ];
+  environment = {
+    pathsToLink = [ "/share/zsh" ];

-  environment.sessionVariables = {
-    NIXOS_OZONE_WL = "1";
+    sessionVariables = {
+      NIXOS_OZONE_WL = "1";
+    };
+
+    systemPackages = with pkgs; [
+      fprintd
+      polkit_gnome
+    ];
  };

  fonts.packages = with pkgs; [
    nerdfonts
    jetbrains-mono
  ];
-
-  environment.systemPackages = with pkgs; [
-    fprintd
-    polkit_gnome
-  ];
 }
--- a/modules/essentials/hardware_config.nix
+++ b/modules/essentials/hardware_config.nix
@ -1,34 +1,50 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}:

 {
-  imports =
-    [
-      (modulesPath + "/installer/scan/not-detected.nix")
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot = {
+    initrd = {
+      availableKernelModules = [
+        "nvme"
+        "xhci_pci"
+        "thunderbolt"
+        "usb_storage"
+        "sd_mod"
+      ];
+      kernelModules = [ ];
+    };
+
+    kernelModules = [ "kvm-amd" ];
+
+    extraModulePackages = [ ];
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/nix-root";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/EFI";
+    fsType = "vfat";
+    options = [
+      "fmask=0077"
+      "dmask=0077"
    ];
+  };

-  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    {
-      device = "/dev/disk/by-label/nix-root";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    {
-      device = "/dev/disk/by-label/EFI";
-      fsType = "vfat";
-      options = [ "fmask=0077" "dmask=0077" ];
-    };
-
-  swapDevices =
-    [{ device = "/dev/disk/by-label/swap"; }];
+  swapDevices = [ { device = "/dev/disk/by-label/swap"; } ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
--- a/modules/misc_hardware/networking.nix
+++ b/modules/misc_hardware/networking.nix
@ -1,14 +1,16 @@
 { config, ... }:
 {
-  networking.hostName = "rhea-laptop";
+  networking = {
+    hostName = "rhea-laptop";

-  # Enable networking
-  networking.networkmanager.enable = true;
-  networking.networkmanager.wifi.powersave = true;
+    # Enable networking
+    networkmanager.enable = true;
+    networkmanager.wifi.powersave = true;

-  networking.wireguard.enable = true;
+    wireguard.enable = true;

-  networking.firewall = {
-    allowedUDPPorts = [ 51820 ]; # Clients and peers can use the same port, see listenport
+    firewall = {
+      allowedUDPPorts = [ 51820 ]; # Clients and peers can use the same port, see listenport
+    };
  };
 }
--- a/modules/utils/agenix.nix
+++ b/modules/utils/agenix.nix
@ -1,39 +1,43 @@
 { config, ... }:
 {
  # TODO: Get a token2 and set up https://github.com/oddlama/agenix-rekey
-  age.identityPaths = [ "/var/lib/persistent/host_id_ed25519" ];
+  age = {
+    identityPaths = [ "/var/lib/persistent/host_id_ed25519" ];

-  age.secrets.access-tokens-github.file = ../../secrets/gh_argstr.age;
+    secrets = {
+      access-tokens-github.file = ../../secrets/gh_argstr.age;

-  age.secrets.fbda-wg-privkey.file = ../../secrets/fbda_wg_priv_key.age;
-  age.secrets.fbda-wg-psk.file = ../../secrets/fbda_wg_psk.age;
+      fbda-wg-privkey.file = ../../secrets/fbda_wg_priv_key.age;
+      fbda-wg-psk.file = ../../secrets/fbda_wg_psk.age;

-  age.secrets.obvps-id = {
-    file = ../../secrets/1bvps.age;
-    path = "/home/rhea/.ssh/id_1bvps";
-    owner = "rhea";
-    symlink = false;
-  };
+      obvps-id = {
+        file = ../../secrets/1bvps.age;
+        path = "/home/rhea/.ssh/id_1bvps";
+        owner = "rhea";
+        symlink = false;
+      };

-  age.secrets.gh_etwas = {
-    file = ../../secrets/gh_token.age;
-    path = "/home/rhea/.ssh/id_gh_etwas";
-    owner = "rhea";
-    symlink = false;
-  };
+      gh_etwas = {
+        file = ../../secrets/gh_token.age;
+        path = "/home/rhea/.ssh/id_gh_etwas";
+        owner = "rhea";
+        symlink = false;
+      };

-  age.secrets.gcd_etwas = {
-    file = ../../secrets/gcd_etwas.age;
-    path = "/home/rhea/.ssh/id_gcd_etwas";
-    owner = "rhea";
-    symlink = false;
-  };
+      gcd_etwas = {
+        file = ../../secrets/gcd_etwas.age;
+        path = "/home/rhea/.ssh/id_gcd_etwas";
+        owner = "rhea";
+        symlink = false;
+      };

-  age.secrets.etwas_sign_key = {
-    file = ../../secrets/sign_etwas.age;
-    path = "/home/rhea/.ssh/etwas_sign_key";
-    owner = "rhea";
-    symlink = false;
+      etwas_sign_key = {
+        file = ../../secrets/sign_etwas.age;
+        path = "/home/rhea/.ssh/etwas_sign_key";
+        owner = "rhea";
+        symlink = false;
+      };
+    };
  };

  nix.extraOptions = ''
--- a/modules/utils/auth.nix
+++ b/modules/utils/auth.nix
@ -2,9 +2,11 @@
 {
  services.fprintd.enable = true;

-  security.pam.services.login.fprintAuth = true;
-  security.pam.services.sudo.fprintAuth = true;
-  security.pam.services.greetd.enableGnomeKeyring = true;
+  security.pam.services = {
+    login.fprintAuth = true;
+    sudo.fprintAuth = true;
+    greetd.enableGnomeKeyring = true;
+  };

  services.greetd = {
    enable = true;