Apply treefmt

2025-03-25 14:10:54 +02:00 · 2025-03-25 14:10:54 +02:00 · b2c240e87f
commit b2c240e87f
parent b2395ce611
86 changed files with 374 additions and 456 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -1,11 +1,8 @@
 name: CI
 on:
  push:
 env:
  ATTIC_AUTH_TOKEN: ${{ secrets.ATTIC_AUTH_TOKEN }}
 jobs:
  build:
    runs-on: nix
@ -15,18 +12,14 @@ jobs:
        with:
          token: ${{ secrets.CI_TOKEN }}
          lfs: false
      - name: Use attic cache
        run: nix run .#cache use
      - name: Build
        run: |
          nix build --max-jobs 12 --cores 12
          nix run .#cache push
      - name: Run Checks
        run: nix flake check
      - name: Deploy Docs
        if: success() && github.ref == 'refs/heads/main'
        run: |
@ -36,4 +29,3 @@ jobs:
          # Remote build might be neccessary due to non-wheel nix users signing restrictions.
          # However, the build should come from the cache anyway.
          nix develop --command deploy --skip-checks --remote-build .#lindberg-webapps.\"docs-ops.qo.is\"
--- a/.nixd.json
+++ b/.nixd.json
@ -1,7 +1,10 @@
 {
  "eval": {
    "target": {
-            "args": ["-f", "default.nix"],
+      "args": [
        "-f",
        "default.nix"
      ],
      "installable": ""
    }
  },
--- a/README.md
+++ b/README.md
@ -6,29 +6,29 @@ Check out the current [rendered documentation](https://docs-ops.qo.is).
 ## Structure
-`nixos-configurations`: Main nixos configuration for every host.  
+`nixos-configurations`: Main nixos configuration for every host.\
-`defaults`: Configuration defaults  
+`defaults`: Configuration defaults\
-`nixos-modules`: Custom modules (e.g. for vpn and routers)  
+`nixos-modules`: Custom modules (e.g. for vpn and routers)\
 `private`: Private configuration values (like users, sops-encrypted secrets and keys)
 ## Building
 This repository requires [nix flakes](https://nixos.wiki/wiki/Flakes)
- `nix build`  
+- `nix build`\
  Build all host configurations and docs
- `nix build .#nixosConfigurations.<hostname>.config.system.build.toplevel`  
+- `nix build .#nixosConfigurations.<hostname>.config.system.build.toplevel`\
  Build a single host configuration with
- `nix build .#docs`  
+- `nix build .#docs`\
  Build the documentation website
 ## Development
- `nix develop`  
+- `nix develop`\
  Development environment
- `nix flake check`  
+- `nix flake check`\
  Execute the project's checks
- `nix fmt`  
+- `nix fmt`\
  Autofix formatting
 ### Working with the private submodule
--- a/SUMMARY.md
+++ b/SUMMARY.md
@ -4,7 +4,7 @@
 - [Testing](checks/README.md)
 - [Deployment](deploy/README.md)
---
+______________________________________________________________________
 - [Network Topology](defaults/meta/network.md)
 - [Hardware (generic)](defaults/hardware/README.md)
@ -12,7 +12,6 @@
 - [Updates](updates.md)
 - [New Host Setup](nixos-configurations/setup.md)
 # Services
 - [E-mail](email.md)
--- a/checks/README.md
+++ b/checks/README.md
@ -5,7 +5,7 @@
 We test our nixos modules with [NixOS tests](https://nixos.org/manual/nixos/stable/index.html#sec-nixos-tests).
 Running nixos tests requires QEMU virtualisation, so make sure you have KVM virtualisation support enabled.
-Run all: `nix build .#checks.x86_64-linux.nixos-modules`  
+Run all: `nix build .#checks.x86_64-linux.nixos-modules`\
 Run single test: `nix build .#checks.x86_64-linux.nixos-modules.entries.vm-test-run-testNameAsInDerivationName`
 ### Run Test Interactively
--- a/checks/nixos-configurations/default.nix
+++ b/checks/nixos-configurations/default.nix
@ -1,4 +1,4 @@
 { self, pkgs, ... }:
 pkgs.linkFarmFromDrvs "all" (
-  pkgs.lib.mapAttrsToList (n: v: v.config.system.build.toplevel) self.nixosConfigurations
+  pkgs.lib.mapAttrsToList (_n: v: v.config.system.build.toplevel) self.nixosConfigurations
 )
--- a/defaults/hardware/README.md
+++ b/defaults/hardware/README.md
@ -1,4 +1,3 @@
 # APU
 ## Setup
@ -7,5 +6,5 @@ To boot the nixos installer with the console port, add `console=ttyS0,115200n8`
 # ASROCK Mainboards
-`F2`: Boot into BIOS  
+`F2`: Boot into BIOS\
 `F11`: Select boot device
--- a/defaults/hardware/apu.nix
+++ b/defaults/hardware/apu.nix
@ -2,9 +2,7 @@
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }:
--- a/defaults/hardware/apu1.nix
+++ b/defaults/hardware/apu1.nix
@ -2,9 +2,7 @@
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }:
--- a/defaults/hardware/asrock-z790m.nix
+++ b/defaults/hardware/asrock-z790m.nix
@ -2,9 +2,7 @@
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }:
--- a/defaults/hardware/asrock.nix
+++ b/defaults/hardware/asrock.nix
@ -1,7 +1,5 @@
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }:
--- a/defaults/meta/default.nix
+++ b/defaults/meta/default.nix
@ -1,7 +1,4 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
--- a/defaults/meta/network-physical.nix
+++ b/defaults/meta/network-physical.nix
@ -1,7 +1,4 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
--- a/defaults/meta/network-virtual.nix
+++ b/defaults/meta/network-virtual.nix
@ -1,7 +1,5 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
--- a/defaults/meta/network.md
+++ b/defaults/meta/network.md
@ -74,7 +74,6 @@ All Services are published under the *qo.is* domain name. Following services are
 ## Contacts
 ### Init7
 - [Status Netzwerkdienste](https://www.init7.net/status/)
--- a/deploy/README.md
+++ b/deploy/README.md
@ -4,7 +4,6 @@ Note that you have to be connected to the `vpn.qo.is`
 (or execute the deployment from a host that is in the `backplane.net.qo.is` overlay network)
 and that you need to have SSH root access to the target machines.
 ## Deploy to selected target hosts
 ```bash
--- a/deploy/default.nix
+++ b/deploy/default.nix
@ -1,5 +1,4 @@
 {
  deployPkgs,
  pkgs,
  self,
  ...
--- a/email.md
+++ b/email.md
@ -9,7 +9,6 @@ E-Mail accounts should be created in a `first.lastname@qo.is` fashion.
 Alias/forwarding Domains may be added on an best effort basis.
 Bills for these domains should go directly to the respective owner (i.e. should be registered with own accounts).
 ## System E-mails
 For groups, systems, services that require e-mail access, other accounts may be created.
--- a/flake.nix
+++ b/flake.nix
@ -46,7 +46,7 @@
        inherit system;
        overlays = [
          deploy-rs.overlay
-          (self: super: {
+          (_self: super: {
            deploy-rs = {
              inherit (pkgs) deploy-rs;
              lib = super.deploy-rs.lib;
--- a/lib/default.nix
+++ b/lib/default.nix
@ -8,7 +8,7 @@ let
    path
    ;
  # Get a list of all subdirectories of a directory.
-  getSubDirs = base: attrNames (filterAttrs (n: t: t == "directory") (builtins.readDir base));
+  getSubDirs = base: attrNames (filterAttrs (_n: t: t == "directory") (builtins.readDir base));
  # Check if a folder with a base path and folder name contains a file with a specific name
  isFolderWithFile =
    fileName: basePath: folderName:
--- a/nixos-configurations/calanda/default.nix
+++ b/nixos-configurations/calanda/default.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ ... }:
 {
  imports = [
--- a/nixos-configurations/calanda/filesystems.nix
+++ b/nixos-configurations/calanda/filesystems.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ ... }:
 {
  fileSystems."/" = {
--- a/nixos-configurations/calanda/networking.nix
+++ b/nixos-configurations/calanda/networking.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, ... }:
 let
  meta = config.qois.meta;
--- a/nixos-configurations/cyprianspitz/README.md
+++ b/nixos-configurations/cyprianspitz/README.md
@ -1,17 +1,16 @@
 # Host: Cyprianspitz
-## Operations {#_operations}
+## Operations {#\_operations}
 Reboot requires passphrase.
-``` bash
+```bash
 # Get HDD Password:
 sops decrypt --extract '["system"]["hdd"]' private/nixos-configurations/cyprianspitz/secrets.sops.yaml
 ssh -p 8223 root@calanda.plessur-ext.net.qo.is
 ```
 Direct remote ssh access:
 ```
@ -24,8 +23,6 @@ TODO
 - [Mainboard Manual](docs/z790m-itx-wifi.pdf)
 ### Top Overview
 ![](docs/top-view.jpg)
--- a/nixos-configurations/cyprianspitz/applications/backup.nix
+++ b/nixos-configurations/cyprianspitz/applications/backup.nix
@ -1,4 +1,4 @@
-{ pkgs, config, ... }:
+{ config, ... }:
 {
  qois.backup-server = {
--- a/nixos-configurations/cyprianspitz/applications/default.nix
+++ b/nixos-configurations/cyprianspitz/applications/default.nix
@ -1,6 +1,4 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
--- a/nixos-configurations/cyprianspitz/applications/vpn.nix
+++ b/nixos-configurations/cyprianspitz/applications/vpn.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ ... }:
 {
  qois.vpn-server.enable = true;
 }
--- a/nixos-configurations/cyprianspitz/default.nix
+++ b/nixos-configurations/cyprianspitz/default.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ ... }:
 {
  imports = [
--- a/nixos-configurations/cyprianspitz/networking.nix
+++ b/nixos-configurations/cyprianspitz/networking.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, ... }:
 let
  meta = config.qois.meta;
--- a/nixos-configurations/cyprianspitz/virtualisation.nix
+++ b/nixos-configurations/cyprianspitz/virtualisation.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ pkgs, ... }:
 {
  virtualisation.libvirtd = {
    enable = true;
--- a/nixos-configurations/lindberg-build/applications/default.nix
+++ b/nixos-configurations/lindberg-build/applications/default.nix
@ -1,5 +1,4 @@
 {
  config,
  pkgs,
  lib,
  ...
--- a/nixos-configurations/lindberg-build/default.nix
+++ b/nixos-configurations/lindberg-build/default.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ ... }:
 {
  imports = [
--- a/nixos-configurations/lindberg-build/networking.nix
+++ b/nixos-configurations/lindberg-build/networking.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, ... }:
 {
--- a/nixos-configurations/lindberg-nextcloud/backup.nix
+++ b/nixos-configurations/lindberg-nextcloud/backup.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ ... }:
 {
--- a/nixos-configurations/lindberg-nextcloud/default.nix
+++ b/nixos-configurations/lindberg-nextcloud/default.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, ... }:
 {
  imports = [
--- a/nixos-configurations/lindberg-webapps/applications/README.md
+++ b/nixos-configurations/lindberg-webapps/applications/README.md
@ -2,7 +2,6 @@
 ## Setting up new static sites
 Generate ssh key for deployment:
 ```bash
--- a/nixos-configurations/lindberg-webapps/applications/default.nix
+++ b/nixos-configurations/lindberg-webapps/applications/default.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ pkgs, ... }:
 {
  imports = [ ];
--- a/nixos-configurations/lindberg-webapps/default.nix
+++ b/nixos-configurations/lindberg-webapps/default.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ ... }:
 {
  imports = [
--- a/nixos-configurations/lindberg-webapps/networking.nix
+++ b/nixos-configurations/lindberg-webapps/networking.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, ... }:
 {
--- a/nixos-configurations/lindberg/README.md
+++ b/nixos-configurations/lindberg/README.md
@ -1,10 +1,10 @@
 # Host: Lindberg
-## Operations {#_operations}
+## Operations {#\_operations}
 Reboot requires passphrase (see pass `host/lindberg/hdd_luks`)
-``` bash
+```bash
 ssh -p 2222 root@lindberg.riedbach-ext.net.qo.is
 ```
@ -12,7 +12,6 @@ ssh -p 2222 root@lindberg.riedbach-ext.net.qo.is
 - [Mainboard Manual](docs/X570Pro4-mainboard-manual.pdf)
 ### Front / Back
 #### Front Overview
--- a/nixos-configurations/lindberg/applications/default.nix
+++ b/nixos-configurations/lindberg/applications/default.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ ... }:
 {
  imports = [ ./loadbalancer.nix ];
--- a/nixos-configurations/lindberg/applications/loadbalancer.nix
+++ b/nixos-configurations/lindberg/applications/loadbalancer.nix
@ -1,7 +1,4 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
--- a/nixos-configurations/lindberg/backup.nix
+++ b/nixos-configurations/lindberg/backup.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ ... }:
 {
  qois.backup-client.includePaths = [ "/mnt/data" ];
--- a/nixos-configurations/lindberg/default.nix
+++ b/nixos-configurations/lindberg/default.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ ... }:
 {
  imports = [
--- a/nixos-configurations/lindberg/networking.nix
+++ b/nixos-configurations/lindberg/networking.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, ... }:
 let
  meta = config.qois.meta;
--- a/nixos-configurations/lindberg/virtualisation.nix
+++ b/nixos-configurations/lindberg/virtualisation.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ pkgs, ... }:
 {
  virtualisation.libvirtd = {
    enable = true;
--- a/nixos-configurations/setup.md
+++ b/nixos-configurations/setup.md
@ -3,8 +3,8 @@
 ## Prepare Remote Machine
 1. Boot nixos installer image
-2. Set a root password: `sudo passwd root`
+1. Set a root password: `sudo passwd root`
-3. Get host ip to connect to ssh with `ip a`
+1. Get host ip to connect to ssh with `ip a`
 ## Verify configuration
@ -12,7 +12,7 @@
 ## Installation
-```bash
+````bash
 nix develop
 # Set according to what we want
@ -60,11 +60,11 @@ sops exec-file --no-fifo --filename secret.key private/nixos-configurations/$REM
    --disk-encryption-keys /run/secrets/system/hdd.key <(yq --raw-output '.system.hdd' {}) \
    --disk-encryption-keys /run/secrets/system/initrd-ssh-key <(yq --raw-output '.system.\"initrd-ssh-key\"' {})
 "
-```
+````
 ## Post-Setup
-* Add backplane-vpn pubkey to `network-virtual.nix` configuration with
+- Add backplane-vpn pubkey to `network-virtual.nix` configuration with
  ```bash
  wg pubkey < /secrets/wireguard/private/backplane
  ```
--- a/nixos-configurations/stompert/README.md
+++ b/nixos-configurations/stompert/README.md
@ -1,7 +1,7 @@
-# Operations {#_operations}
+# Operations {#\_operations}
 Reboot requires passphrase (see pass `host/stompert/hdd_luks`)
-``` bash
+```bash
 ssh -p 2222 root@stompert.eem-ext.net.qo.is
 ```
--- a/nixos-configurations/stompert/default.nix
+++ b/nixos-configurations/stompert/default.nix
@ -2,7 +2,7 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
-{ config, pkgs, ... }:
+{ ... }:
 {
  imports = [
--- a/nixos-modules/attic/default.nix
+++ b/nixos-modules/attic/default.nix
@ -1,6 +1,5 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
--- a/nixos-modules/backplane-net.hosts/default.nix
+++ b/nixos-modules/backplane-net.hosts/default.nix
@ -1,6 +1,5 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
@ -35,7 +34,7 @@ in
    networking.hosts = pipe cfg.loadbalancers [
      (map (hostname: config.qois.meta.network.virtual.backplane.hosts.${hostname}.v4.ip))
-      (flip genAttrs (lb: cfg.domains))
+      (flip genAttrs (_lb: cfg.domains))
    ];
  };
--- a/nixos-modules/backplane-net/default.nix
+++ b/nixos-modules/backplane-net/default.nix
@ -1,7 +1,6 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 with lib;
--- a/nixos-modules/backup-client/default.nix
+++ b/nixos-modules/backup-client/default.nix
@ -2,8 +2,6 @@
  config,
  lib,
  options,
  pkgs,
  self,
  ...
 }:
--- a/nixos-modules/backup-server/default.nix
+++ b/nixos-modules/backup-server/default.nix
@ -2,8 +2,6 @@
  config,
  lib,
  options,
  pkgs,
  self,
  ...
 }:
--- a/nixos-modules/cloud/README.md
+++ b/nixos-modules/cloud/README.md
@ -11,7 +11,7 @@ For user documentation, refer to the [upstream Nextcloud docs](https://docs.next
 ## Backup / Restore
 1. Stop all related services: nextcloud, php-fpm, redis etc.
-2. (mabe dump redis data?)
+1. (mabe dump redis data?)
-3. Import Database Backup
+1. Import Database Backup
-4. Restore `/var/lib/nextcloud`, which is currently a bind mount on `lindberg`'s `/mnt/data` volume
+1. Restore `/var/lib/nextcloud`, which is currently a bind mount on `lindberg`'s `/mnt/data` volume
-5. Resync nextcloud files and database, see [nextcloud docs](https://docs.nextcloud.com/server/latest/admin_manual/maintenance/restore.html)
+1. Resync nextcloud files and database, see [nextcloud docs](https://docs.nextcloud.com/server/latest/admin_manual/maintenance/restore.html)
--- a/nixos-modules/git-ci-runner/README.md
+++ b/nixos-modules/git-ci-runner/README.md
@ -2,7 +2,6 @@
 Runner for the [Forgejo git instance](../git/README.md).
 ## Default docker/ubuntu Runner
 Registers a default runner with ubuntu OS or executes user's OCI container with podman.
--- a/nixos-modules/git-ci-runner/default.nix
+++ b/nixos-modules/git-ci-runner/default.nix
@ -146,7 +146,7 @@ with lib;
    {
      systemd.services =
        genAttrs (genList (n: "gitea-runner-nix${builtins.toString n}") cfg.nixInstances)
-          (name: {
+          (_name: {
            after = [
              "gitea-runner-nix-image.service"
            ];
--- a/nixos-modules/git/README.md
+++ b/nixos-modules/git/README.md
@ -38,7 +38,6 @@ sudo -u forgejo 'nix run nixpkgs#forgejo -- admin user create --config ~custom/c
 ## Backup / Restore
 1. `systemctl stop forgejo.service`
-2. Import Postgresql Database Backup
+1. Import Postgresql Database Backup
-3. Restore `/var/lib/forgejo`
+1. Restore `/var/lib/forgejo`
-4. `systemctl start forgejo.service`
+1. `systemctl start forgejo.service`
--- a/nixos-modules/loadbalancer/default.nix
+++ b/nixos-modules/loadbalancer/default.nix
@ -9,7 +9,7 @@ with lib;
 let
  # We assume that all static pages are hosted on lindberg-webapps
  staticPages = pipe config.qois.static-page.pages [
-    (mapAttrsToList (name: { domain, domainAliases, ... }: [ domain ] ++ domainAliases))
+    (mapAttrsToList (_name: { domain, domainAliases, ... }: [ domain ] ++ domainAliases))
    flatten
    (map (name: {
      inherit name;
--- a/nixos-modules/luks-ssh/default.nix
+++ b/nixos-modules/luks-ssh/default.nix
@ -1,7 +1,6 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
@ -83,7 +82,7 @@ in
          with lib;
          concatLists (
            mapAttrsToList (
-              name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else [ ]
+              _name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else [ ]
            ) config.users.users
          );
        hostKeys = [ cfg.sshHostKey ];
--- a/nixos-modules/meta/default.nix
+++ b/nixos-modules/meta/default.nix
@ -1,8 +1,4 @@
 {
  config,
  lib,
  pkgs,
  options,
  ...
 }:
 {
--- a/nixos-modules/meta/hosts.nix
+++ b/nixos-modules/meta/hosts.nix
@ -1,7 +1,6 @@
 {
  config,
  lib,
  pkgs,
  options,
  ...
 }:
@ -43,10 +42,10 @@ in
  };
  config =
    let
-      hostsWithSshKey = lib.filterAttrs (name: hostCfg: hostCfg.sshKey != null) cfg;
+      hostsWithSshKey = lib.filterAttrs (_name: hostCfg: hostCfg.sshKey != null) cfg;
    in
    {
-      programs.ssh.knownHosts = lib.mapAttrs (name: hostCfg: {
+      programs.ssh.knownHosts = lib.mapAttrs (_name: hostCfg: {
        publicKey = hostCfg.sshKey;
      }) hostsWithSshKey;
    };
--- a/nixos-modules/meta/network.nix
+++ b/nixos-modules/meta/network.nix
@ -1,7 +1,6 @@
 {
  config,
  lib,
  pkgs,
  options,
  ...
 }:
@ -17,13 +16,6 @@ let
      type = str;
      inherit description;
    });
  mkOptStr =
    description:
    (mkOption {
      type = nullOr str;
      default = null;
      inherit description;
    });
  mkNetworkIdOpts =
    v:
@ -225,10 +217,10 @@ in
          (getHostNamesForNetworks hostname cfg.virtual) ++ (getHostNamesForNetworks hostname cfg.physical);
        hostsWithPublicKey = lib.filterAttrs (
-          hostName: hostConfig: hostConfig.sshKey != null
+          _hostName: hostConfig: hostConfig.sshKey != null
        ) config.qois.meta.hosts;
      in
-      mapAttrs (name: hostCfg: { extraHostNames = getHostNames name; }) hostsWithPublicKey;
+      mapAttrs (name: _hostCfg: { extraHostNames = getHostNames name; }) hostsWithPublicKey;
  };
 }
--- a/nixos-modules/nixpkgs-cache/default.nix
+++ b/nixos-modules/nixpkgs-cache/default.nix
@ -1,6 +1,5 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
--- a/nixos-modules/router-dhcp/default.nix
+++ b/nixos-modules/router-dhcp/default.nix
@ -1,7 +1,6 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
--- a/nixos-modules/router-dns/default.nix
+++ b/nixos-modules/router-dns/default.nix
@ -1,7 +1,6 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
--- a/nixos-modules/router-wireless-ap/default.nix
+++ b/nixos-modules/router-wireless-ap/default.nix
@ -1,14 +1,12 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 with lib;
 let
  routerCfg = config.qois.router;
  cfg = config.qois.router.wireless;
 in
 {
--- a/nixos-modules/router/README.md
+++ b/nixos-modules/router/README.md
@ -1,4 +1,4 @@
-# Router Role {#_router_role}
+# Router Role {#\_router_role}
 The `router` role set is applied on hosts which serve the rule of a SOHO
 router.
--- a/nixos-modules/router/default.nix
+++ b/nixos-modules/router/default.nix
@ -1,7 +1,6 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
--- a/nixos-modules/static-page/README.md
+++ b/nixos-modules/static-page/README.md
@ -3,4 +3,3 @@
 This module enables static nginx sites, with data served from "/var/lib/nginx/$domain/root".
 To deploy the site, a user `nginx-$domain` is added, of which a `root` profile in the home folder can be deployed, e.g. with deploy-rs.
--- a/nixos-modules/static-page/default.nix
+++ b/nixos-modules/static-page/default.nix
@ -53,7 +53,7 @@ with lib;
  config = mkIf cfg.enable (
    let
      pageConfigs = concatMapAttrs (
-        name: page:
+        _name: page:
        let
          home = "/var/lib/nginx-${page.domain}";
        in
@ -76,7 +76,7 @@ with lib;
      users = {
        groups = concatMapAttrs (
-          name:
+          _name:
          { user, ... }:
          {
            "${user}" = { };
@ -84,10 +84,10 @@ with lib;
        ) pageConfigs;
        users =
          {
-            ${config.services.nginx.user}.extraGroups = mapAttrsToList (domain: getAttr "user") pageConfigs;
+            ${config.services.nginx.user}.extraGroups = mapAttrsToList (_domain: getAttr "user") pageConfigs;
          }
          // (concatMapAttrs (
-            name:
+            _name:
            {
              user,
              home,
@ -134,10 +134,10 @@ with lib;
                    globalRedirect = domain;
                  };
                });
-            aliasVhosts = concatMapAttrs (name: mkAliasVhost) pageConfigs;
+            aliasVhosts = concatMapAttrs (_name: mkAliasVhost) pageConfigs;
          in
-          aliasVhosts // (mapAttrs (name: mkVhost) pageConfigs);
+          aliasVhosts // (mapAttrs (_name: mkVhost) pageConfigs);
      };
    }
  );
--- a/nixos-modules/static-page/test.py
+++ b/nixos-modules/static-page/test.py
@ -12,9 +12,11 @@ def test(subtest, webserver):
    # Helpers
    def curl_variable_test(node, variable, expected, url):
        value = node.succeed(
-            f"curl -s --no-location -o /dev/null -w '%{{{variable}}}' '{url}'")
+            f"curl -s --no-location -o /dev/null -w '%{{{variable}}}' '{url}'"
-        assert value == expected, \
+        )
        assert value == expected, (
            f"expected {variable} to be '{expected}' but got '{value}'"
        )
    def expect_http_code(node, code, url):
        curl_variable_test(node, "http_code", code, url)
@ -24,23 +26,21 @@ def test(subtest, webserver):
    def expect_http_content(node, expectedContent, url):
        content = node.succeed(f"curl --no-location --silent '{url}'")
-        assert content.strip() == expectedContent.strip(), f'''
+        assert content.strip() == expectedContent.strip(), f"""
                expected content:
                  {expectedContent}
                at {url} but got following content:
                  {content}
-            '''
+            """
    # Tests
    with subtest("website is successfully served on localhost"):
        expect_http_code(webserver, "200", "http://localhost/index.html")
-        expect_http_content(webserver, indexContent,
+        expect_http_content(webserver, indexContent, "http://localhost/index.html")
                            "http://localhost/index.html")
    with subtest("example.com is in hosts file and a redirect to localhost"):
        webserver.succeed("grep example.com /etc/hosts")
        url = "http://example.com/index.html"
        expect_http_code(webserver, "301", url)
-        expect_http_location(
+        expect_http_location(webserver, "http://localhost/index.html", url)
            webserver, "http://localhost/index.html", url)
--- a/nixos-modules/system/applications.nix
+++ b/nixos-modules/system/applications.nix
@ -1,6 +1,4 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
--- a/nixos-modules/system/overlays.nix
+++ b/nixos-modules/system/overlays.nix
@ -1,7 +1,4 @@
 {
  config,
  lib,
  pkgs,
  options,
  ...
 }:
--- a/nixos-modules/system/security.nix
+++ b/nixos-modules/system/security.nix
@ -1,7 +1,5 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 with lib;
--- a/nixos-modules/system/unfree.nix
+++ b/nixos-modules/system/unfree.nix
@ -1,7 +1,6 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
--- a/nixos-modules/vault/README.md
+++ b/nixos-modules/vault/README.md
@ -3,7 +3,7 @@
 To use our Vaultwarden instance, you can use the regular
 [Bitwarden apps](https://bitwarden.com/download/) with our custom server when logging in:
-Username: `first.lastname@qo.is`  
+Username: `first.lastname@qo.is`\
 Server Name: `https://vault.qo.is`
 ## Create Accounts
@ -17,7 +17,6 @@ Please instruct users to:
 - the password cannot be reset without loosing all the passwords.
  Use of [Emergency Contacts](https://bitwarden.com/help/emergency-access/) or Organizations may be advisable.
 ## Administration
 An admin panel is available under [vault.qo.is/admin](https://vault.qo.is/admin).
@ -26,12 +25,10 @@ The password is saved in the pass database under `vaultwarden-admin`.
 In the administration panel, users and organizations may be managed.
 Instance settings should be changed with the nixos module in the infrastructure repository only.
 ## Backup / Restore
 1. `systemctl stop vaultwarden.service`
-2. Import Postgresql Database Backup
+1. Import Postgresql Database Backup
-3. Restore `/var/lib/bitwarden_rs`
+1. Restore `/var/lib/bitwarden_rs`
-4. `systemctl start vaultwarden.service`
+1. `systemctl start vaultwarden.service`
-5. Click `Force clients to resync` in the [Administration interface under _Users_](https://vault.qo.is/admin/users/overview)
+1. Click `Force clients to resync` in the [Administration interface under _Users_](https://vault.qo.is/admin/users/overview)
--- a/nixos-modules/vpn-exit-node/default.nix
+++ b/nixos-modules/vpn-exit-node/default.nix
@ -1,6 +1,5 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
--- a/nixos-modules/vpn-server/README.md
+++ b/nixos-modules/vpn-server/README.md
@ -29,14 +29,13 @@ These nodes allow access to the internet for clients connected to the VPN:
 > ⚠️ Currently, name resolution for these do not work reliably on first starts, hence the IP must be used. This hould be fixed in the future.
 ### Add exit nodes:
 1. Create a preauth secret on the `vpn.qo.is` host:
   ```bash
    headscale preauthkeys create --user srv --reusable
   ```
-2. Configure the new exit-node host with the `qois.vpn-exit-node` module.
+1. Configure the new exit-node host with the `qois.vpn-exit-node` module.
 When using the `srv` user, exit nodes and routes are automatically accepted as trusted.
@ -50,12 +49,10 @@ To use the service, you can use a normal Tailscale client with following additio
 | `exit-node` | `100.64.0.5` (lindberg) or `100.64.0.6` (cypriaspitz) | Use host as [exit node](#exit-nodes) |
 | `login-server` | `https://vpn.qo.is` | Use our own VPN service. |
 > ⚠️ Currently, if the client is in an IPv6 network, the transport is broken.
 > Disable IPv6 connectivity to use the VPN.
 > See [#4](https://git.qo.is/qo.is/infrastructure/issues/4) for details.
 ### NixOS
 Sample config with automatic connectivity to VPN on boot:
@ -90,15 +87,15 @@ See [this Headscale documentation for more](https://headscale.net/stable/usage/c
 ### Server
 1. `systemctl stop headscale`
-2. Replace `/var/lib/headscale`
+1. Replace `/var/lib/headscale`
-3. `systemctl start headscale`
+1. `systemctl start headscale`
-4. Monitor logs for errors
+1. Monitor logs for errors
 Note: `/var/lib/headscale` contains a sqlite database.
 ### Clients
 1. `systemctl stop tailscaled`
-2. Replace `/var/lib/tailscale`
+1. Replace `/var/lib/tailscale`
-3. `systemctl start tailscaled`
+1. `systemctl start tailscaled`
-4. Monitor logs for errors
+1. Monitor logs for errors
--- a/nixos-modules/vpn-server/default.nix
+++ b/nixos-modules/vpn-server/default.nix
@ -10,7 +10,7 @@ let
  cfgLoadbalancer = config.qois.loadbalancer;
  defaultDnsRecords =
    (mapAttrs (
-      name: value: mkIf (cfgLoadbalancer.hostmap ? ${value}) cfgLoadbalancer.hostmap.${value}
+      _name: value: mkIf (cfgLoadbalancer.hostmap ? ${value}) cfgLoadbalancer.hostmap.${value}
    ) cfgLoadbalancer.domains)
    // {
      "vpn.qo.is" = config.services.headscale.address;
--- a/nixos-modules/wwan/README.md
+++ b/nixos-modules/wwan/README.md
@ -1,8 +1,8 @@
-# WWAN Module {#_wwan_module}
+# WWAN Module {#\_wwan_module}
 This module configures WWAN adapters that support MBIM
-## Current limitations {#_current_limitations}
+## Current limitations {#\_current_limitations}
 - IPv4 tested only
 - Currently, it is not simple to get network failures or address
--- a/nixos-modules/wwan/mbim-ip.bash
+++ b/nixos-modules/wwan/mbim-ip.bash
@ -43,7 +43,7 @@ function print_debug {
 }
 function print_full_configuration {
-	if [[ "${#ipv4_addresses[@]}" > 0 ]]; then
+  if [[ ${#ipv4_addresses[@]} > 0 ]]; then
    printf "IPv4: "
    printf '%s, ' "${ipv4_addresses[@]}"
    printf "\n"
@ -57,7 +57,7 @@ function print_full_configuration {
    printf "MTU: $ipv4_mtu\n"
  fi
-	if [[ "${#ipv6_addresses[@]}" > 0 ]]; then
+  if [[ ${#ipv6_addresses[@]} > 0 ]]; then
    echo
    printf "IPv6: "
    printf '%s, ' "${ipv6_addresses[@]}"
@ -123,7 +123,7 @@ function parse_mtu {
 function parse_input_state_machine {
  state="start"
  while true; do
-		if [[ "$skip_line" == 0 ]]; then
+    if [[ $skip_line == 0 ]]; then
      read line || break # TODO: Clean up
    else
      skip_line=0
@ -161,7 +161,7 @@ function parse_input_state_machine {
    "ipv4_ip")
      ipv4=$(parse_ip "$line")
      if [ -z "$ipv4" ]; then
-					if [[ "${#ipv4_addresses[@]}" < 1 ]]; then
+        if [[ ${#ipv4_addresses[@]} < 1 ]]; then
          next_state "error"
          continue
        else
@ -186,7 +186,7 @@ function parse_input_state_machine {
    "ipv4_dns")
      ipv4=$(parse_dns "$line")
      if [ -z "$ipv4" ]; then
-					if [[ "${#ipv4_dns[@]}" < 1 ]]; then
+        if [[ ${#ipv4_dns[@]} < 1 ]]; then
          next_state "error"
          continue
        else
@ -211,7 +211,7 @@ function parse_input_state_machine {
    "ipv6_ip")
      ipv6=$(parse_ip "$line")
      if [ -z "$ipv6" ]; then
-					if [[ "${#ipv6_addresses[@]}" < 1 ]]; then
+        if [[ ${#ipv6_addresses[@]} < 1 ]]; then
          next_state "error"
          continue
        else
@ -236,7 +236,7 @@ function parse_input_state_machine {
    "ipv6_dns")
      ipv6=$(parse_dns "$line")
      if [ -z "$ipv6" ]; then
-					if [[ "${#ipv6_dns[@]}" < 1 ]]; then
+        if [[ ${#ipv6_dns[@]} < 1 ]]; then
          next_state "error"
          continue
        else
@ -266,8 +266,7 @@ function parse_input_state_machine {
  done
 }
-
+interface_stop() {
 interface_stop(){
  ip addr flush dev $DEV
  ip route flush dev $DEV
@ -280,7 +279,7 @@ interface_stop(){
 interface_start() {
  ip link set $DEV up
-	if [[ "${#ipv4_addresses[@]}" > 0 ]]; then
+  if [[ ${#ipv4_addresses[@]} > 0 ]]; then
    ip addr add ${ipv4_addresses[@]} dev $DEV broadcast + #TODO: Works for multiple addresses?
    ip link set $DEV mtu $ipv4_mtu
    ip route add default via $ipv4_gateway dev $DEV
@ -289,7 +288,7 @@ interface_start() {
    echo "No IPv4 address, skipping v4 configuration..."
  fi
-	if [[ "${#ipv6_addresses[@]}" > 0 ]]; then
+  if [[ ${#ipv6_addresses[@]} > 0 ]]; then
    ip -6 addr add ${ipv6_addresses[@]} dev $DEV #TODO: Works for multiple addresses?
    ip -6 route add default via $ipv6_gateway dev $DEV
    ip -6 link set $DEV mtu $ipv6_mtu
@ -307,7 +306,7 @@ set -e
 echo "NOTE: This script does not yet support nameserver configuration."
 case "$MODE" in
-        "start")
+"start")
  mbim-network $MBIM_INTERFACE start
  sleep 1
  mbimcli -d $MBIM_INTERFACE -p --query-ip-configuration=0 | {
@ -317,11 +316,11 @@ case "$MODE" in
    interface_start
  }
  ;;
-        "stop")
+"stop")
  mbim-network $MBIM_INTERFACE stop
  interface_stop
  ;;
-        *)
+*)
  echo "USAGE: $0 start|stop INTERFACE" >&2
  echo "You can set an env variable DEBUG to gather debugging output." >&2
  exit 1
--- a/packages/sops-config/default.nix
+++ b/packages/sops-config/default.nix
@ -41,9 +41,9 @@ let
  userAgeKeys = [ ];
  serverAgeKeys =
    let
-      getHostsWithSshKeys = filterAttrs (name: cfg: cfg ? sshKey);
+      getHostsWithSshKeys = filterAttrs (_name: cfg: cfg ? sshKey);
      mapHostToAgeKey = mapAttrs (
-        name: cfg:
+        _name: cfg:
        readFile (
          runCommand "sshToAgeKey"
            {
--- a/renovate.json
+++ b/renovate.json
@ -1,13 +1,16 @@
 {
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": [ "config:recommended" ],
+  "extends": [
    "config:recommended"
  ],
  "lockFileMaintenance": {
    "enabled": true,
-    "extends": [ "schedule:weekly" ]
+    "extends": [
      "schedule:weekly"
    ]
  },
  "cloneSubmodules": true,
  "nix": {
    "enabled": true
  }
 }
--- a/updates.md
+++ b/updates.md
@ -47,11 +47,10 @@ pssh -l root -H lindberg-nextcloud.backplane.net.qo.is -H lindberg-build.backpla
 ## Application Updates
-Some applications have pinned versions to prevent problems due to accidental upgrades.  
+Some applications have pinned versions to prevent problems due to accidental upgrades.\
 The version switch has to be done manually by switching the package used.
 This includes the modules for:
 - `nextcloud`
- `postgresql`, [&rarr; Nixpkgs manual page](https://nixos.org/manual/nixos/stable/#module-services-postgres-upgrading)
+- `postgresql`, [→ Nixpkgs manual page](https://nixos.org/manual/nixos/stable/#module-services-postgres-upgrading)
`@ -1,4 +1,4 @@`
	`{ config, pkgs, ... }:`	`{ config, ... }:`

	`{`	`{`
`@ -3,4 +3,3 @@`
	`This module enables static nginx sites, with data served from "/var/lib/nginx/$domain/root".`	`This module enables static nginx sites, with data served from "/var/lib/nginx/$domain/root".`

	To deploy the site, a user `nginx-$domain` is added, of which a `root` profile in the home folder can be deployed, e.g. with deploy-rs.	To deploy the site, a user `nginx-$domain` is added, of which a `root` profile in the home folder can be deployed, e.g. with deploy-rs.