reformat all the nix files

using
    nix run -f channel:nixos-unstable nixfmt -c nixfmt $(git ls-files *.nix)

hardware/apu.nix

@@ -4,16 +4,19 @@
 { config, lib, pkgs, ... }:
 
 {
-  imports =
+  imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
-    [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
-    ];
 
-  boot.loader.grub.extraConfig = "
+  boot.loader.grub.extraConfig =
-    serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1
+    "\n    serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1\n    terminal_input serial\n    terminal_output serial\n  ";
-    terminal_input serial
+  boot.initrd.availableKernelModules = [
-    terminal_output serial
+    "xhci_pci"
-  ";
+    "ahci"
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
+    "ehci_pci"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+    "sdhci_pci"
+  ];
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ "kvm-amd" "virtio" "tun" ];
   boot.extraModulePackages = [ ];
@@ -21,6 +24,5 @@
 
   hardware.cpu.amd.updateMicrocode = true;
 
-
   nix.maxJobs = lib.mkDefault 4;
 }

hardware/nuc.nix

@@ -4,16 +4,15 @@
 { config, lib, pkgs, ... }:
 
 {
-  imports =
+  imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
-    [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
-    ];
 
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "e1000e" "virtio-pci"];
+  boot.initrd.availableKernelModules =
+    [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "e1000e" "virtio-pci" ];
   boot.initrd.kernelModules = [ ];
-#  boot.kernelModules = [ "kvm-intel" "virtio" "tun" ];
+  #  boot.kernelModules = [ "kvm-intel" "virtio" "tun" ];
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
-#  boot.kernelParams = [ "console=ttyS0,115200n8" ];
+  #  boot.kernelParams = [ "console=ttyS0,115200n8" ];
 
   hardware.cpu.intel.updateMicrocode = true;
   powerManagement.cpuFreqGovernor = "ondemand";

hardware/wle900vx.nix

@@ -1,14 +1,13 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, ... }: {
-{
   boot.kernelPatches = [{
     name = "ath10k-override-eeprom-regulatory-domain";
     patch = ./wle900vx/ath10k-override-eeprom-regulatory-domain.patch;
     extraConfig = ''
-       EXPERT y
+      EXPERT y
-       CFG80211_CERTIFICATION_ONUS y
+      CFG80211_CERTIFICATION_ONUS y
-       ATH_REG_DYNAMIC_USER_REG_HINTS y
+      ATH_REG_DYNAMIC_USER_REG_HINTS y
-       ATH_REG_DYNAMIC_USER_CERT_TESTING y
+      ATH_REG_DYNAMIC_USER_CERT_TESTING y
-       ATH_REG_DYNAMIC_USER_CERT_TESTING y
+      ATH_REG_DYNAMIC_USER_CERT_TESTING y
-     '';
+    '';
   }];
 }

host/bachtel.nix

@@ -4,47 +4,44 @@
 
 { config, pkgs, ... }:
 
-let routerConfig = {
+let
-  wanInterface = "wwp0s19u1u3i12";
+  routerConfig = {
-  wireless = {
+    wanInterface = "wwp0s19u1u3i12";
-    wleInterface = "wlp5s0";
+    wireless = {
-    wleSSID = "hauser";
+      wleInterface = "wlp5s0";
-    wlePassphrase = "mifatielma";
+      wleSSID = "hauser";
-  };
+      wlePassphrase = "mifatielma";
-  lanInterfaces = [ "enp1s0" "enp2s0" "enp3s0" "enp4s0" ];
-  lanNetwork = {
-    routerAddress = "10.2.1.1";
-    netid = "10.2.1.0";
-    revIpDomain = "1.2.10";
-    prefixLength = 24;
-    domain = "rappi.fh2.ch";
-    dhcpRange = "10.2.1.2,10.2.1.249";
-    routerHostName = "bachtel";
-  };
-};
-
-in
-
-{
-
-  imports =
-    [
-      ../hardware/apu.nix
-      ../hardware/wle900vx.nix
-      ../role/base
-      ../role/wwan
-      (import ../role/router routerConfig)
-    ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/360a6bc9-fc4e-4803-bd53-69320ac32ac5";
-      fsType = "btrfs";
-      options = [ "defaults" "subvol=nixos" "noatime" ];
     };
+    lanInterfaces = [ "enp1s0" "enp2s0" "enp3s0" "enp4s0" ];
+    lanNetwork = {
+      routerAddress = "10.2.1.1";
+      netid = "10.2.1.0";
+      revIpDomain = "1.2.10";
+      prefixLength = 24;
+      domain = "rappi.fh2.ch";
+      dhcpRange = "10.2.1.2,10.2.1.249";
+      routerHostName = "bachtel";
+    };
+  };
+
+in {
+
+  imports = [
+    ../hardware/apu.nix
+    ../hardware/wle900vx.nix
+    ../role/base
+    ../role/wwan
+    (import ../role/router routerConfig)
+  ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/360a6bc9-fc4e-4803-bd53-69320ac32ac5";
+    fsType = "btrfs";
+    options = [ "defaults" "subvol=nixos" "noatime" ];
+  };
 
   swapDevices =
-    [ { device = "/dev/disk/by-uuid/73f91e99-d856-4504-b6b2-d60f855d6d95"; }
+    [{ device = "/dev/disk/by-uuid/73f91e99-d856-4504-b6b2-d60f855d6d95"; }];
-    ];
 
   services.wwan = {
     enable = true;
@@ -61,7 +58,8 @@ in
   # Define on which hard drive you want to install Grub.
   boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
 
-  networking.hostName = routerConfig.lanNetwork.routerHostName; # Define your hostname.
+  networking.hostName =
+    routerConfig.lanNetwork.routerHostName; # Define your hostname.
   #networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
   #networking.wireless.networks = {
   #  yummi = {

host/calanda.nix

@@ -5,22 +5,20 @@
 { config, pkgs, ... }:
 
 {
-  imports =
+  imports = [
-    [
+    ../hardware/apu.nix
-      ../hardware/apu.nix
+    ../role/base
-      ../role/base
+    #      ../role/router.nix #TODO
-#      ../role/router.nix #TODO
+  ];
-    ];
 
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "/dev/disk/by-uuid/16efc5db-0697-4f39-b64b-fc18ac318625";
+    device = "/dev/disk/by-uuid/16efc5db-0697-4f39-b64b-fc18ac318625";
-      fsType = "btrfs";
+    fsType = "btrfs";
-      options = [ "defaults" "subvol=nixos" "noatime" ];
+    options = [ "defaults" "subvol=nixos" "noatime" ];
-    };
+  };
 
   swapDevices =
-    [ { device = "/dev/disk/by-uuid/b5104a7c-4a4a-4048-a9f8-44ddb0082632"; }
+    [{ device = "/dev/disk/by-uuid/b5104a7c-4a4a-4048-a9f8-44ddb0082632"; }];
-    ];
 
   # Use the GRUB 2 boot loader.
   boot.loader.grub.enable = true;

host/kastanje.nix

@@ -5,17 +5,13 @@
 { config, pkgs, ... }:
 
 {
-  imports =
+  imports = [ ../hardware/apu.nix ../role/base ];
-    [
-      ../hardware/apu.nix
-      ../role/base
-    ];
 
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "/dev/disk/by-uuid/ab5a598b-6609-465f-8ab8-b894b8a5e32a";
+    device = "/dev/disk/by-uuid/ab5a598b-6609-465f-8ab8-b894b8a5e32a";
-      fsType = "btrfs";
+    fsType = "btrfs";
-      options = [ "defaults" "noatime" ];
+    options = [ "defaults" "noatime" ];
-    };
+  };
 
   # Use the GRUB 2 boot loader.
   boot.loader.grub.enable = true;

host/montalin.nix

@@ -6,13 +6,15 @@
 
 {
 
-  imports =
+  imports = [
-    [
+    ../hardware/nuc.nix
-      ../hardware/nuc.nix
+    ../role/base
-      ../role/base
+    ../role/dropbear
-      ../role/dropbear
+    (import ../role/backup {
-      (import ../role/backup { systemdMount = "var-backup.mount"; borgArchiveFolder = "/var/backup/montalin";})
+      systemdMount = "var-backup.mount";
-    ];
+      borgArchiveFolder = "/var/backup/montalin";
+    })
+  ];
 
   boot.initrd.luks.devices = {
     "root".device = "/dev/disk/by-uuid/3a0a5071-67ab-4e13-a0b7-d31b86f5e8b1";
@@ -21,9 +23,21 @@
   };
 
   fileSystems = {
-    "/" = { device = "/dev/mapper/root"; fsType = "btrfs";  options = [ "defaults" "noatime" ]; };
+    "/" = {
-    "/var/backup" = { device = "/dev/mapper/backup"; fsType = "ext4"; options = [ "defaults" "noauto" "noatime" ]; };
+      device = "/dev/mapper/root";
-    "/boot" = { device = "/dev/disk/by-uuid/0065-E4EA"; fsType = "vfat"; options = [ "defaults" "noatime" ]; };
+      fsType = "btrfs";
+      options = [ "defaults" "noatime" ];
+    };
+    "/var/backup" = {
+      device = "/dev/mapper/backup";
+      fsType = "ext4";
+      options = [ "defaults" "noauto" "noatime" ];
+    };
+    "/boot" = {
+      device = "/dev/disk/by-uuid/0065-E4EA";
+      fsType = "vfat";
+      options = [ "defaults" "noatime" ];
+    };
   };
 
   swapDevices = [{ device = "/dev/mapper/swap"; }];

role/backup/default.nix

@@ -1,21 +1,17 @@
 # Regular backup role to a separate device
-{
+{ systemdMount, # Systemd mount name
- systemdMount, # Systemd mount name
+borgArchiveFolder, # Absolute borg root folder
- borgArchiveFolder, # Absolute borg root folder
+keepWithin ? "14d", keepWeekly ? "4", keepMonthly ? "6", keepYearly ? "-1"
- keepWithin? "14d",
+, schedule ? "13:37", # Systemd Schedule of backup timer
- keepWeekly? "4",
- keepMonthly? "6",
- keepYearly? "-1",
- schedule? "13:37", # Systemd Schedule of backup timer
 }:
 
-let pkgs = import<nixpkgs>{};
+let pkgs = import <nixpkgs> { };
-in
+in {
-{
 
-  systemd =  {
+  systemd = {
     services.backup = {
-      description = "Backup of all user data and system configuration with BorgBackup";
+      description =
+        "Backup of all user data and system configuration with BorgBackup";
       serviceConfig.Type = "oneshot";
       path = with pkgs; [ bash borgbackup ];
       script = ''

role/base/default.nix

@@ -15,14 +15,24 @@
   };
 
   environment.systemPackages = with pkgs; [
-    wget curl vim tmux git ncat bind ack
+    wget
-    fwupd pciutils dmidecode smartmontools parted
+    curl
+    vim
+    tmux
+    git
+    ncat
+    bind
+    ack
+    fwupd
+    pciutils
+    dmidecode
+    smartmontools
+    parted
     borgbackup
   ];
 
   services.fwupd.enable = true;
 
-
   # Networking
   networking.firewall = {
     allowPing = true;

role/dropbear/default.nix

@@ -18,7 +18,7 @@
       echo 'cryptsetup-askpass' >> /root/.profile
     '';
   };
-  boot.kernelParams = ["ip=::::montalin:eth0:dhcp"];
+  boot.kernelParams = [ "ip=::::montalin:eth0:dhcp" ];
 
   boot.initrd.postMountCommands = ''
     ip link set eth0 down

role/router/default.nix

@@ -1,31 +1,27 @@
 {
-  # To get the MAC address of each card, use this command: cat /sys/class/net/*device_name*/address
+# To get the MAC address of each card, use this command: cat /sys/class/net/*device_name*/address
-  # Make sure to use the lower-case hex values in your udev rules. It does not like upper-case.
+# Make sure to use the lower-case hex values in your udev rules. It does not like upper-case.
-  wanInterface,
+wanInterface, wireless ? {
-  wireless ? {
+  wleInterface = "wlp5s0";
-    wleInterface = "wlp5s0";
+  wleSSID = "hauser";
-    wleSSID = "hauser";
+  # Generate Encrypted Passphrase with: wpa_passphrase <wleSSID> <passphrase>
-    # Generate Encrypted Passphrase with: wpa_passphrase <wleSSID> <passphrase>
+  wlePassphrase =
-    wlePassphrase = "a5e42b914b5ad2b7e0474c3b9b35d0843a52668d30cd6aa8650ec43263a60b6e";
+    "a5e42b914b5ad2b7e0474c3b9b35d0843a52668d30cd6aa8650ec43263a60b6e";
-  },
+}, lanInterfaces ? [ "enp2s0" "enp3s0" ], lanNetwork ? {
-  lanInterfaces ? [ "enp2s0" "enp3s0" ],
+  routerAddress = "10.1.1.1";
-  lanNetwork ? {
+  netid = "10.1.1.0";
-    routerAddress = "10.1.1.1";
+  revIpDomain = "1.1.10";
-    netid = "10.1.1.0";
+  prefixLength = 24;
-    revIpDomain = "1.1.10";
+  domain = "ilanz.fh2.ch";
-    prefixLength = 24;
+  dhcpRange = "10.1.1.2,10.1.1.249";
-    domain = "ilanz.fh2.ch";
+  routerHostName = "router";
-    dhcpRange = "10.1.1.2,10.1.1.249";
+}, }:
-    routerHostName = "router";
-  },
-}:
 
-let pkgs = import<nixpkgs>{};
+let pkgs = import <nixpkgs> { };
-in
+in {
-{
   imports = [
-   (import ./wireless-access-point.nix wireless)
+    (import ./wireless-access-point.nix wireless)
-   (import ./dns-recursive.nix lanNetwork)
+    (import ./dns-recursive.nix lanNetwork)
   ];
 
   networking = {
@@ -37,8 +33,11 @@ in
 
     bridges.lan.interfaces = lanInterfaces ++ [ wireless.wleInterface ];
     interfaces.lan = {
-        ipv4 = {
+      ipv4 = {
-        addresses = [ { address = lanNetwork.routerAddress; prefixLength = lanNetwork.prefixLength; } ];
+        addresses = [{
+          address = lanNetwork.routerAddress;
+          prefixLength = lanNetwork.prefixLength;
+        }];
       };
     };
     firewall.trustedInterfaces = [ "lan" ];

role/router/dns-recursive.nix

@@ -1,22 +1,13 @@
+{ routerAddress, netid, revIpDomain, prefixLength, domain, dhcpRange
+, routerHostName, }:
 
-{
+let pkgs = import <nixpkgs> { };
-  routerAddress,
+in {
-  netid,
-  revIpDomain,
-  prefixLength,
-  domain,
-  dhcpRange,
-  routerHostName,
-}:
-
-let pkgs = import<nixpkgs>{};
-in
-{
 
   services.unbound = {
     enable = true;
     interfaces = [ "127.0.0.1" routerAddress ];
-    allowedAccess = [ "127.0.0.0/24"  "${netid}/${toString prefixLength}" ];
+    allowedAccess = [ "127.0.0.0/24" "${netid}/${toString prefixLength}" ];
     extraConfig = ''
       # Custom configuration (leave this note to assure indentation!)
         do-not-query-localhost: no
@@ -656,7 +647,5 @@ in
     #log-dhcp
   '';
 
-  systemd.services.dnsmasq = {
+  systemd.services.dnsmasq = { bindsTo = [ "network-addresses-lan.service" ]; };
-    bindsTo = [ "network-addresses-lan.service" ];
-  };
 }

role/router/wireless-access-point.nix

@@ -1,15 +1,12 @@
-{
+{ wleInterface, wleSSID,
-  wleInterface,
+# Generate Encrypted Passphrase with: wpa_passphrase <wleSSID> <passphrase>
-  wleSSID,
+wlePassphrase,
-  # Generate Encrypted Passphrase with: wpa_passphrase <wleSSID> <passphrase>
+# TODO: Type
-  wlePassphrase,
+# TODO: Multi-Band, if available
-  # TODO: Type
-  # TODO: Multi-Band, if available
 }:
 
-let pkgs = import<nixpkgs>{};
+let pkgs = import <nixpkgs> { };
-in
+in {
-{
   boot.extraModprobeConfig = ''
     options cfg80211 ieee80211_regdom=US
   '';

role/wwan/default.nix

@@ -24,47 +24,48 @@ let
       systemctl restart wwan.service
     fi
   '';
-in
+in {
-{
   options.services.wwan = {
     enable = mkEnableOption "wwan client service";
 
     apn = mkOption {
-      type    = types.str;
+      type = types.str;
       description = ''
-          APN domain of provider.
+        APN domain of provider.
       '';
     };
 
     apnUser = mkOption {
-      type    = types.str;
+      type = types.str;
       default = "";
       description = ''
-          APN username (optional).
+        APN username (optional).
       '';
     };
 
     apnPass = mkOption {
-      type    = types.str;
+      type = types.str;
       default = "";
       description = ''
-          APN password (optional).
+        APN password (optional).
       '';
     };
 
     apnAuth = mkOption {
-      type    = types.enum [ "PAP" "CHAP" "MSCHAPV2" "" ];
+      type = types.enum [ "PAP" "CHAP" "MSCHAPV2" "" ];
       default = "";
       description = ''
-          APN authentication type, one of ${concatMapStringsSep ", " show values} (optional).
+        APN authentication type, one of ${
+          concatMapStringsSep ", " show values
+        } (optional).
       '';
     };
 
     mbimProxy = mkOption {
-      type    = types.bool;
+      type = types.bool;
       default = true;
       description = ''
-          Whether to use the mbim proxy or not.
+        Whether to use the mbim proxy or not.
       '';
     };
 
@@ -91,8 +92,10 @@ in
         path = with pkgs; [ libmbim iproute ];
 
         serviceConfig = {
-          ExecStart = "${mbim-ip-configured}/bin/mbim-ip-configured start ${cfg.networkInterface}";
+          ExecStart =
-          ExecStop =  "${mbim-ip-configured}/bin/mbim-ip-configured stop  ${cfg.networkInterface}";
+            "${mbim-ip-configured}/bin/mbim-ip-configured start ${cfg.networkInterface}";
+          ExecStop =
+            "${mbim-ip-configured}/bin/mbim-ip-configured stop  ${cfg.networkInterface}";
 
           RemainAfterExit = true;
         };
@@ -111,8 +114,8 @@ in
       wantedBy = [ "timers.target" ];
       timerConfig = {
         Unit = "wwan-check";
-        OnBootSec="2m";
+        OnBootSec = "2m";
-        OnUnitActiveSec="1m";
+        OnUnitActiveSec = "1m";
       };
     };