style: follow statix's advisories

flake.nix

@@ -32,7 +32,18 @@
     };
   };
 
-  outputs = { self, nixpkgs, nixos-hardware, agenix, spicetify-nix, nix-index-database, lix-module, ... } @ inputs: {
+  outputs =
+    {
+      self,
+      nixpkgs,
+      nixos-hardware,
+      agenix,
+      spicetify-nix,
+      nix-index-database,
+      lix-module,
+      ...
+    }@inputs:
+    {
       nixosConfigurations.rhea-laptop = nixpkgs.lib.nixosSystem {
         specialArgs = {
           inherit inputs;
@@ -52,5 +63,7 @@
           ./home
         ];
       };
+
+      formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style;
     };
 }

home/default.nix

@@ -23,11 +23,12 @@
 
     users.rhea = {
       # The home.stateVersion option does not have a default and must be set
-      home.stateVersion = "24.05";
+      home = {
-      # Here goes the rest of your home-manager config, e.g. home.packages = [ pkgs.foo ];
+        stateVersion = "24.05";
-      # inherit ./hyprland.nix;
+        username = "rhea";
-      home.username = "rhea";
+        homeDirectory = "/home/rhea";
-      home.homeDirectory = "/home/rhea";
+      };
+
       programs.home-manager.enable = true;
 
       catppuccin = {

home/essentials/default.nix

@@ -1,4 +1,4 @@
-{ age, config, ... }: {
+{
   imports = [
     ./git.nix
     ./keyring.nix

home/essentials/zsh.nix

@@ -1,7 +1,8 @@
 {
-  programs.nix-index-database.comma.enable = true;
+  programs = {
+    nix-index-database.comma.enable = true;
 
-  programs.zsh = {
+    zsh = {
       enable = true;
 
       autocd = true;
@@ -17,7 +18,10 @@
 
       autosuggestion = {
         enable = true;
-      strategy = [ "history" "completion" ];
+        strategy = [
+          "history"
+          "completion"
+        ];
       };
 
       history = {
@@ -50,7 +54,7 @@
       };
     };
 
-  programs.starship = {
+    starship = {
       enable = true;
       enableZshIntegration = true;
       enableBashIntegration = true;
@@ -107,4 +111,5 @@
         };
       };
     };
+  };
 }

home/misc_pkgs/default.nix

@@ -1,4 +1,12 @@
-{ agenix, config, inputs, pkgs, spicetify-nix, ... }: {
+{
+  agenix,
+  config,
+  inputs,
+  pkgs,
+  spicetify-nix,
+  ...
+}:
+{
   imports = [
     ./packages.nix
     ./spicetify.nix

modules/essentials/bootloader.nix

@@ -1,5 +1,11 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
-  boot.loader.systemd-boot.enable = true;
+{
-  boot.loader.efi.canTouchEfiVariables = true;
+  boot = {
-  boot.kernelPackages = pkgs.linuxPackages_latest;
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+
+    kernelPackages = pkgs.linuxPackages_latest;
+  };
 }

modules/essentials/environment.nix

@@ -1,19 +1,22 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
+{
   programs.zsh.enable = true;
 
-  environment.pathsToLink = [ "/share/zsh" ];
+  environment = {
+    pathsToLink = [ "/share/zsh" ];
 
-  environment.sessionVariables = {
+    sessionVariables = {
       NIXOS_OZONE_WL = "1";
     };
 
+    systemPackages = with pkgs; [
+      fprintd
+      polkit_gnome
+    ];
+  };
+
   fonts.packages = with pkgs; [
     nerdfonts
     jetbrains-mono
   ];
-
-  environment.systemPackages = with pkgs; [
-    fprintd
-    polkit_gnome
-  ];
 }

modules/essentials/hardware_config.nix

@@ -1,34 +1,50 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}:
 
 {
-  imports =
+  imports = [
-    [
     (modulesPath + "/installer/scan/not-detected.nix")
   ];
 
-  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
+  boot = {
-  boot.initrd.kernelModules = [ ];
+    initrd = {
-  boot.kernelModules = [ "kvm-amd" ];
+      availableKernelModules = [
-  boot.extraModulePackages = [ ];
+        "nvme"
+        "xhci_pci"
+        "thunderbolt"
+        "usb_storage"
+        "sd_mod"
+      ];
+      kernelModules = [ ];
+    };
 
-  fileSystems."/" =
+    kernelModules = [ "kvm-amd" ];
-    {
+
+    extraModulePackages = [ ];
+  };
+
+  fileSystems."/" = {
     device = "/dev/disk/by-label/nix-root";
     fsType = "ext4";
   };
 
-  fileSystems."/boot" =
+  fileSystems."/boot" = {
-    {
     device = "/dev/disk/by-label/EFI";
     fsType = "vfat";
-      options = [ "fmask=0077" "dmask=0077" ];
+    options = [
+      "fmask=0077"
+      "dmask=0077"
+    ];
   };
 
-  swapDevices =
+  swapDevices = [ { device = "/dev/disk/by-label/swap"; } ];
-    [{ device = "/dev/disk/by-label/swap"; }];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's

modules/misc_hardware/networking.nix

@@ -1,14 +1,16 @@
 { config, ... }:
 {
-  networking.hostName = "rhea-laptop";
+  networking = {
+    hostName = "rhea-laptop";
 
     # Enable networking
-  networking.networkmanager.enable = true;
+    networkmanager.enable = true;
-  networking.networkmanager.wifi.powersave = true;
+    networkmanager.wifi.powersave = true;
 
-  networking.wireguard.enable = true;
+    wireguard.enable = true;
 
-  networking.firewall = {
+    firewall = {
       allowedUDPPorts = [ 51820 ]; # Clients and peers can use the same port, see listenport
     };
+  };
 }

modules/utils/agenix.nix

@@ -1,40 +1,44 @@
 { config, ... }:
 {
   # TODO: Get a token2 and set up https://github.com/oddlama/agenix-rekey
-  age.identityPaths = [ "/var/lib/persistent/host_id_ed25519" ];
+  age = {
+    identityPaths = [ "/var/lib/persistent/host_id_ed25519" ];
 
-  age.secrets.access-tokens-github.file = ../../secrets/gh_argstr.age;
+    secrets = {
+      access-tokens-github.file = ../../secrets/gh_argstr.age;
 
-  age.secrets.fbda-wg-privkey.file = ../../secrets/fbda_wg_priv_key.age;
+      fbda-wg-privkey.file = ../../secrets/fbda_wg_priv_key.age;
-  age.secrets.fbda-wg-psk.file = ../../secrets/fbda_wg_psk.age;
+      fbda-wg-psk.file = ../../secrets/fbda_wg_psk.age;
 
-  age.secrets.obvps-id = {
+      obvps-id = {
         file = ../../secrets/1bvps.age;
         path = "/home/rhea/.ssh/id_1bvps";
         owner = "rhea";
         symlink = false;
       };
 
-  age.secrets.gh_etwas = {
+      gh_etwas = {
         file = ../../secrets/gh_token.age;
         path = "/home/rhea/.ssh/id_gh_etwas";
         owner = "rhea";
         symlink = false;
       };
 
-  age.secrets.gcd_etwas = {
+      gcd_etwas = {
         file = ../../secrets/gcd_etwas.age;
         path = "/home/rhea/.ssh/id_gcd_etwas";
         owner = "rhea";
         symlink = false;
       };
 
-  age.secrets.etwas_sign_key = {
+      etwas_sign_key = {
         file = ../../secrets/sign_etwas.age;
         path = "/home/rhea/.ssh/etwas_sign_key";
         owner = "rhea";
         symlink = false;
       };
+    };
+  };
 
   nix.extraOptions = ''
     !include ${config.age.secrets.access-tokens-github.path}

modules/utils/auth.nix

@@ -2,9 +2,11 @@
 {
   services.fprintd.enable = true;
 
-  security.pam.services.login.fprintAuth = true;
+  security.pam.services = {
-  security.pam.services.sudo.fprintAuth = true;
+    login.fprintAuth = true;
-  security.pam.services.greetd.enableGnomeKeyring = true;
+    sudo.fprintAuth = true;
+    greetd.enableGnomeKeyring = true;
+  };
 
   services.greetd = {
     enable = true;