chore: code cleanup

flake.nix

@@ -3,88 +3,85 @@
 
   inputs = {
     
-    nixpkgs.url = github:nixos/nixpkgs/nixos-unstable;
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
     
-    nixpkgs-stable.url = github:NixOS/nixpkgs/nixos-24.05;
+    nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05";
     
     # user-level configuration
     home-manager = {
-      url = github:nix-community/home-manager;
+      url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     
     # overlay to access bleeding edge emacs
     emacs-overlay = {
-      url = github:nix-community/emacs-overlay;
+      url = "github:nix-community/emacs-overlay";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     
     # nix user repository
     # i use this mainly to not have to build all firefox extensions
     # myself as well as for the emacs-init package (tbd)
-    nur.url = github:nix-community/NUR;
+    nur.url = "github:nix-community/NUR";
     
     # provides GL to non-NixOS hosts
-    nixgl.url = github:guibou/nixGL;
+    nixgl.url = "github:guibou/nixGL";
     
     # manages all theming using Home-Manager
-    stylix.url = github:danth/stylix;
+    stylix.url = "github:danth/stylix";
     
     # nix secrets management
-    sops-nix.url = github:Mic92/sops-nix;
+    sops-nix.url = "github:Mic92/sops-nix";
     
     # enable secure boot on NixOS
-    lanzaboote.url = github:nix-community/lanzaboote;
+    lanzaboote.url = "github:nix-community/lanzaboote";
     
     # nix for android
     nix-on-droid = {
-      url = github:t184256/nix-on-droid/release-23.05;
+      url = "github:t184256/nix-on-droid/release-23.05";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     
     # generate NixOS images
     nixos-generators = {
-      url = github:nix-community/nixos-generators;
+      url = "github:nix-community/nixos-generators";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     
     # patches for gaming on nix
     nix-gaming = {
-      url = github:fufexan/nix-gaming;
+      url = "github:fufexan/nix-gaming";
     };
     
     # hardware quirks on nix
     nixos-hardware = {
-      url = github:NixOS/nixos-hardware/master;
+      url = "github:NixOS/nixos-hardware/master";
     };
     
     # dynamic library loading
     nix-alien = {
-      url = github:thiagokokada/nix-alien;
+      url = "github:thiagokokada/nix-alien";
     };
     
     # automatic nintendo switch payload injection
     nswitch-rcm-nix = {
-      url = github:Swarsel/nswitch-rcm-nix;
+      url = "github:Swarsel/nswitch-rcm-nix";
     };
     
   };
 
   outputs = inputs@{
-    self,
     
     nixpkgs,
     nixpkgs-stable,
     home-manager,
     nix-on-droid,
-      nixos-generators,
     emacs-overlay,
     nur,
     nixgl,
     stylix,
     sops-nix,
     lanzaboote,
-      nix-gaming,
     nixos-hardware,
     nix-alien,
     nswitch-rcm-nix,
@@ -106,16 +103,6 @@
                             config.allowUnfree = true;
                           };
     
-    # for ovm arm hosts
-    armpkgs = import nixpkgs { system = "aarch64-linux";
-                            overlays = [ emacs-overlay.overlay
-                                         nur.overlay
-                                         nixgl.overlay
-                                       ];
-                            config.allowUnfree = true;
-                          };
-    
-    
     # NixOS modules that can only be used on NixOS systems
     nixModules = [ stylix.nixosModules.stylix
                    sops-nix.nixosModules.sops

profiles/TEMPLATE/home.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, lib, fetchFromGitHub, ... }:
+{ config, pkgs, ... }:
 
 {
 
@@ -118,7 +118,7 @@
       };
 
       keybindings = let
-        modifier = config.wayland.windowManager.sway.config.modifier;
+        inherit (config.wayland.windowManager.sway.config) modifier;
       in {
         # TEMPLATE
         "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\"";

profiles/TEMPLATE/nixos.nix

@@ -1,4 +1,4 @@
-{ config, lib, pkgs, inputs, ... }:
+{ pkgs, ... }:
 
 {
 
@@ -67,7 +67,7 @@
       };
   
       monospace = {
-        package = (pkgs.nerdfonts.override { fonts = [ "FiraCode"]; });
+        package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; };
         name = "FiraCode Nerd Font Mono";
       };
   

profiles/common/home.nix

@@ -155,7 +155,7 @@
     noto-fonts-cjk-sans
 
 # cura
-    (let cura5 = appimageTools.wrapType2 rec {
+(let cura5 = appimageTools.wrapType2 rec {
        name = "cura5";
        version = "5.4.0";
        src = fetchurl {
@@ -301,15 +301,17 @@
 
 ];
 
-sops.defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml";
+sops = {
-sops.validateSopsFiles = false;
+  defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml";
-
+  validateSopsFiles = false;
-# since we are using the home-manager implementation, we need to specify the runtime path for each secret
+  secrets = {
-sops.secrets.mrswarsel = {path = "/run/user/1000/secrets/mrswarsel";};
+    mrswarsel = {path = "/run/user/1000/secrets/mrswarsel";};
-sops.secrets.nautilus = {path = "/run/user/1000/secrets/nautilus";};
+    nautilus = {path = "/run/user/1000/secrets/nautilus";};
-sops.secrets.leon = {path = "/run/user/1000/secrets/leon";};
+    leon = {path = "/run/user/1000/secrets/leon";};
-sops.secrets.swarselmail = {path = "/run/user/1000/secrets/swarselmail";};
+    swarselmail = {path = "/run/user/1000/secrets/swarselmail";};
-sops.secrets.caldav = {path = "${config.home.homeDirectory}/.emacs.d/.caldav";};
+    caldav = {path = "${config.home.homeDirectory}/.emacs.d/.caldav";};
+  };
+};
 
 programs.ssh= {
   enable = true;
@@ -512,28 +514,29 @@ home.file = {
 xdg.configFile = {
   "tridactyl/tridactylrc".source = ../../programs/firefox/tridactyl/tridactylrc;
   "tridactyl/themes/base16-codeschool.css".source = ../../programs/firefox/tridactyl/themes/base16-codeschool.css;
-  };
+};
 
 home.sessionVariables = {
   EDITOR = "bash ~/.dotfiles/scripts/editor.sh";
 };
 
-# zsh Integration is enabled by default for these
+programs = {
-programs.bottom.enable = true;
+  bottom.enable = true;
-programs.imv.enable = true;
+  imv.enable = true;
-programs.sioyek.enable = true;
+  sioyek.enable = true;
-programs.bat.enable = true;
+  bat.enable = true;
-programs.carapace.enable = true;
+  carapace.enable = true;
-programs.wlogout.enable = true;
+  wlogout.enable = true;
-programs.swayr.enable = true;
+  swayr.enable = true;
-programs.yt-dlp.enable = true;
+  yt-dlp.enable = true;
-programs.mpv.enable = true;
+  mpv.enable = true;
-programs.jq.enable = true;
+  jq.enable = true;
-programs.nix-index.enable = true;
+  nix-index.enable = true;
-programs.ripgrep.enable = true;
+  ripgrep.enable = true;
-programs.pandoc.enable = true;
+  pandoc.enable = true;
-programs.fzf.enable = true;
+  fzf.enable = true;
-programs.zoxide.enable = true;
+  zoxide.enable = true;
+};
 
 programs.password-store = {
   enable = true;
@@ -543,7 +546,7 @@ programs.password-store = {
 programs.direnv = {
   enable = true;
   nix-direnv.enable = true;
-  };
+};
 
 programs.eza = {
   enable = true;
@@ -1154,7 +1157,7 @@ programs.firefox = {
   };
   profiles.default = {
     isDefault = true;
-    userChrome = (builtins.readFile ../../programs/firefox/chrome/userChrome.css);
+    userChrome = builtins.readFile ../../programs/firefox/chrome/userChrome.css;
     extensions = with pkgs.nur.repos.rycee.firefox-addons; [
       tridactyl
       browserpass
@@ -1172,42 +1175,10 @@ programs.firefox = {
       widegithub
       enhanced-github
       unpaywall
-      # fastforwardteam
       don-t-fuck-with-paste
       plasma-integration
-
-  #     (let version = "3.4.5.0";
-  #                             in buildFirefoxXpiAddon {
-  # pname = "bypass-paywalls-clean";
-  # inherit version;
-  # addonId = "magnolia@12.34";
-  # url =
-  #   "https://gitlab.com/magnolia1234/bpc-uploads/-/raw/master/bypass_paywalls_clean-3.4.5.0.xpi";
-  # sha256 = "703d30c15b88291bd0305cc59013693aea5f75a40ea98fb8e252d1c7bfb43514";
-  # meta = with lib; {
-  #   homepage =
-  #     "https://gitlab.com/magnolia1234/bypass-paywalls-firefox-clean";
-  #   description = "Bypass Paywalls of (custom) news sites";
-  #   license = licenses.mit;
-  #   platforms = platforms.all;
-  # };
-  # })
-
-      (buildFirefoxXpiAddon {
-        pname = ":emoji:";
-        version = "0.1.3";
-        addonId = "gonelf@gmail.com";
-        url = "https://addons.mozilla.org/firefox/downloads/file/3365324/emojidots-0.1.3.xpi";
-        sha256 = "4f7cc25c478fe52eb82f37c9ff4978dcaa3f95020398c5b184e517f6efa2c201";
-        meta = with lib;
-          {
-            description = "emoji autocomplete anywhere on the internet";
-            mozPermissions = [ "https://gist.githubusercontent.com/gonelf/d8ae3ccb7902b501c4a5dd625d4089da/raw/5eeda197ba92f8c8139e846a1225d5640077e06f/emoji_pretty.json" "tabs" "storage"];
-            platforms = platforms.all;
-          };
-      })
-
     ];
+
     search.engines = {
       "Nix Packages" = {
         urls = [{
@@ -1317,9 +1288,10 @@ wayland.windowManager.sway = {
   enable = true;
   checkConfig = false; # delete this line once SwayFX is fixed upstream
   package = pkgs.swayfx;
-  # package = pkgs.sway;
+  systemd = {
-  systemd.enable = true;
+    enable = true;
-  systemd.xdgAutostart = true;
+    xdgAutostart = true;
+  };
   wrapperFeatures.gtk = true;
   config = rec {
     modifier = "Mod4";
@@ -1327,7 +1299,7 @@ wayland.windowManager.sway = {
     menu = "fuzzel";
     bars = [{ command = "waybar";}];
     keybindings = let
-      modifier = config.wayland.windowManager.sway.config.modifier;
+      inherit (config.wayland.windowManager.sway.config) modifier;
     in {
       "${modifier}+q" = "kill";
       "${modifier}+f" = "exec firefox";
@@ -1539,7 +1511,7 @@ wayland.windowManager.sway = {
   # exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK
   # ";
   extraConfig =let
-    modifier = config.wayland.windowManager.sway.config.modifier;
+    inherit (config.wayland.windowManager.sway.config) modifier;
     swayfxSettings = "
         blur enable
         blur_xray disable
@@ -1550,7 +1522,6 @@ wayland.windowManager.sway = {
         titlebar_separator disable
         default_dim_inactive 0.02
     ";
-    swayfxSettingsOff = "";
   in "
       exec_always autotiling
       set $exit \"exit: [s]leep, [p]oweroff, [r]eboot, [l]ogout\"

profiles/common/nixos.nix

@@ -1,31 +1,35 @@
-{ config, lib, pkgs, inputs, ... }:
+{ config, lib, pkgs, ... }:
 
 {
-
+  home-manager = {
-  home-manager.useGlobalPkgs = true;
+    useGlobalPkgs = true;
-  home-manager.useUserPackages = true;
+    useUserPackages = true;
+  };
 
 services.xserver = {
-  xkb.layout = "us";
+  xkb = {
-  xkb.variant = "altgr-intl";
+    layout = "us";
+    variant = "altgr-intl";
+  };
 };
 
 nix.settings.experimental-features = ["nix-command" "flakes"];
 
 users.mutableUsers = false;
 
-# use ozone for wayland - chromium apps
+environment = {
-  environment.sessionVariables.NIXOS_OZONE_WL = "1";
+  wordlist.enable = true;
-
+  sessionVariables = {
-  # wordlist for look
+    NIXOS_OZONE_WL = "1";
-  environment.wordlist.enable = true;
+    GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [
-  # gstreamer plugins for nautilus (used for file metadata)
-  environment.sessionVariables.GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [
       gst-plugins-good
       gst-plugins-bad
       gst-plugins-ugly
       gst-libav
     ]);
+  };
+};
+# gstreamer plugins for nautilus (used for file metadata)
 
 time.hardwareClockInLocalTime = true;
 
@@ -47,28 +51,32 @@ nix.optimise = {
 };
 
 # systemd
-  systemd.extraConfig = ''
+systemd.extraConfig = ''
   DefaultTimeoutStartSec=60s
   DefaultTimeoutStopSec=15s
 '';
 
-hardware.graphics = {
+hardware = {
+  graphics = {
     enable = true;
     enable32Bit = true;
-};
+  };
 
-hardware.pulseaudio= {
+  pulseaudio= {
     enable = true;
     package = pkgs.pulseaudioFull;
-};
+  };
 
-hardware.enableAllFirmware = true;
+  enableAllFirmware = true;
 
-hardware.bluetooth.powerOnBoot = true;
+  bluetooth = {
-hardware.bluetooth.settings = {
+    powerOnBoot = true;
+    settings = {
       General = {
         Enable = "Source,Sink,Media,Socket";
       };
+    };
+  };
 };
 
 networking.networkmanager = {
@@ -278,8 +286,9 @@ systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.servic
 
 time.timeZone = "Europe/Vienna";
 
-i18n.defaultLocale = "en_US.UTF-8";
+i18n = {
-i18n.extraLocaleSettings = {
+  defaultLocale = "en_US.UTF-8";
+  extraLocaleSettings = {
     LC_ADDRESS = "de_AT.UTF-8";
     LC_IDENTIFICATION = "de_AT.UTF-8";
     LC_MEASUREMENT = "de_AT.UTF-8";
@@ -289,6 +298,7 @@ i18n.extraLocaleSettings = {
     LC_PAPER = "de_AT.UTF-8";
     LC_TELEPHONE = "de_AT.UTF-8";
     LC_TIME = "de_AT.UTF-8";
+  };
 };
 
 sops = {
@@ -400,17 +410,16 @@ environment.systemPackages = with pkgs; [
 
 ];
 
-programs.dconf.enable = true;
+programs = {
-programs.evince.enable = true;
+  dconf.enable = true;
-programs.kdeconnect.enable = true;
+  evince.enable = true;
+  kdeconnect.enable = true;
+};
 
-
-# zsh section, do not delete ------
 programs.zsh.enable = true;
 users.defaultUserShell = pkgs.zsh;
 environment.shells = with pkgs; [ zsh ];
 environment.pathsToLink = [ "/share/zsh" ];
-# ---------------------------------
 
 services.blueman.enable = true;
 
@@ -421,24 +430,26 @@ hardware.sane = {
 };
 
 # enable discovery and usage of network devices (esp. printers)
-  services.printing.enable = true;
+services.printing = {
-  services.printing.drivers = [
+  enable = true;
+  drivers = [
     pkgs.gutenprint
     pkgs.gutenprintBin
   ];
-  services.printing.browsedConf = ''
+  browsedConf = ''
 BrowseDNSSDSubTypes _cups,_print
 BrowseLocalProtocols all
 BrowseRemoteProtocols all
 CreateIPPPrinterQueues All
-
 BrowseProtocols all
     '';
-  services.avahi = {
+};
+
+services.avahi = {
   enable = true;
   nssmdns4 = true;
   openFirewall = true;
-  };
+};
 
 services.gvfs.enable = true;
 
@@ -473,10 +484,6 @@ services.pcscd.enable = true;
 
 hardware.ledger.enable = true;
 
-# environment.systemPackages = with pkgs; [
-# --- IN SYSTEM PACKAGES SECTION ---
-# ];
-
 services.udev.packages = with pkgs; [
   yubikey-personalization
   ledger-udev-rules

profiles/fourside/hardware-configuration.nix

@@ -1,7 +1,7 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{ config, lib, modulesPath, ... }:
 
 {
   imports =

profiles/fourside/home.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, lib, fetchFromGitHub, ... }:
+{ config, pkgs, ... }:
 
 {
 
@@ -97,7 +97,7 @@
 
 
       keybindings = let
-        modifier = config.wayland.windowManager.sway.config.modifier;
+        inherit (config.wayland.windowManager.sway.config) modifier;
       in {
         "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\"";
         "XF86MonBrightnessUp"  = "exec brightnessctl set +5%";

profiles/fourside/nixos.nix

@@ -1,4 +1,4 @@
-{ config, lib, pkgs, inputs, ... }:
+{ config, pkgs, ... }:
 
 {
 
@@ -94,7 +94,7 @@
       };
   
       monospace = {
-        package = (pkgs.nerdfonts.override { fonts = [ "FiraCode"]; });
+        package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; };
         name = "FiraCode Nerd Font Mono";
       };
   
@@ -143,10 +143,10 @@
 
   services.nswitch-rcm = {
     enable = true;
-    package =  (pkgs.fetchurl {
+    package =  pkgs.fetchurl {
       url = "https://github.com/Atmosphere-NX/Atmosphere/releases/download/1.3.2/fusee.bin";
       hash = "sha256-5AXzNsny45SPLIrvWJA9/JlOCal5l6Y++Cm+RtlJppI=";
-    });
+    };
   };
 
   users.users.swarsel = {

profiles/mysticant/configuration.nix

@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ pkgs, ... }:
 
 {
   environment.packages = with pkgs; [

profiles/remote/oracle/matrix/nixos.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, modulesPath, unstable, sops, ... }: let
+{ config, pkgs, sops, ... }: let
   matrixDomain = "swatrix.swarsel.win";
 in {
 
@@ -23,13 +23,42 @@ in {
 
   nix.settings.experimental-features = ["nix-command" "flakes"];
 
-  sops.age.sshKeyPaths = [ "/etc/ssh/sops" ];
+  sops = {
-  sops.defaultSopsFile = "/root/.dotfiles/secrets/omatrix/secrets.yaml";
+    age.sshKeyPaths = [ "/etc/ssh/sops" ];
-  sops.validateSopsFiles = false;
+    defaultSopsFile = "/root/.dotfiles/secrets/omatrix/secrets.yaml";
-  sops.secrets.dnstokenfull = {owner="acme";};
+    validateSopsFiles = false;
-  sops.templates."certs.secret".content = ''
+    secrets = {
+      dnstokenfull = {owner="acme";};
+      matrixsharedsecret = {owner="matrix-synapse";};
+      mautrixtelegram_as = {owner="matrix-synapse";};
+      mautrixtelegram_hs = {owner="matrix-synapse";};
+      mautrixtelegram_api_id = {owner="matrix-synapse";};
+      mautrixtelegram_api_hash = {owner="matrix-synapse";};
+    };
+    templates = {
+      "certs.secret".content = ''
           CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
           '';
+      "matrix_user_register.sh".content = ''
+          register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008
+          '';
+      mautrixtelegram = {
+        owner = "matrix-synapse";
+        content = ''
+          MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as}
+          MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs}
+          MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id}
+          MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash}
+          '';
+      };
+      matrixshared = {
+        owner = "matrix-synapse";
+        content = ''
+          registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret}
+          '';
+      };
+    };
+  };
 
   documentation = {
     enable = false;
@@ -69,11 +98,11 @@ in {
 
   boot.tmp.cleanOnBoot = true;
   zramSwap.enable = false;
-  networking.hostName = "swatrix";
+  networking = {
-  networking.enableIPv6 = false;
+    hostName = "swatrix";
-  # networking.domain = "subnet03112148.vcn03112148.oraclevcn.com";
+    enableIPv6 = false;
-  networking.domain = "swarsel.win";
+    domain = "swarsel.win";
-  networking.firewall.extraCommands = ''
+    firewall.extraCommands = ''
           iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
           iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
           iptables -I INPUT -m state --state NEW -p tcp --dport 8008 -j ACCEPT
@@ -81,6 +110,7 @@ in {
           iptables -I INPUT -m state --state NEW -p tcp --dport 29318 -j ACCEPT
           iptables -I INPUT -m state --state NEW -p tcp --dport 29328 -j ACCEPT
           '';
+  };
   services.openssh = {
     enable = true;
     settings.PermitRootLogin = "yes";
@@ -97,33 +127,9 @@ in {
 
   boot.loader.grub.device = "nodev";
 
-  sops.secrets.matrixsharedsecret = {owner="matrix-synapse";};
+  services.postgresql = {
-  sops.templates."matrix_user_register.sh".content = ''
+    enable = true;
-  register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008
+    initialScript = pkgs.writeText "synapse-init.sql" ''
-  '';
-  sops.templates.matrixshared.owner = "matrix-synapse";
-  sops.templates.matrixshared.content = ''
-  registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret}
-  '';
-  sops.secrets.mautrixtelegram_as = {owner="matrix-synapse";};
-  sops.secrets.mautrixtelegram_hs = {owner="matrix-synapse";};
-  sops.secrets.mautrixtelegram_api_id = {owner="matrix-synapse";};
-  sops.secrets.mautrixtelegram_api_hash = {owner="matrix-synapse";};
-  sops.templates.mautrixtelegram.owner = "matrix-synapse";
-  sops.templates.mautrixtelegram.content = ''
-  MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as}
-  MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs}
-  MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id}
-  MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash}
-  '';
-  # sops.secrets.mautrixwhatsapp_shared = {owner="matrix-synapse";};
-  # sops.templates.mautrixwhatsapp.owner = "matrix-synapse";
-  # sops.templates.mautrixwhatsapp.content = ''
-  # MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET=${config.sops.placeholder.mautrixwhatsapp_shared}
-  # '';
-
-  services.postgresql.enable = true;
-  services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
             CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
             CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
               TEMPLATE template0
@@ -145,7 +151,7 @@ in {
               LC_COLLATE = "C"
               LC_CTYPE = "C";
           '';
-
+  };
   services.matrix-synapse = {
     settings.app_service_config_files = [
       "/var/lib/matrix-synapse/telegram-registration.yaml"
@@ -154,12 +160,11 @@ in {
       "/var/lib/matrix-synapse/doublepuppet.yaml"
     ];
     enable = true;
-    settings.server_name = matrixDomain;
+    settings = {
-    settings.public_baseurl = "https://${matrixDomain}";
+      server_name = matrixDomain;
-    extraConfigFiles = [
+      public_baseurl = "https://${matrixDomain}";
-      config.sops.templates.matrixshared.path
+    };
-    ];
+    listeners = [
-    settings.listeners = [
       { port = 8008;
         bind_addresses = [ "0.0.0.0" ];
         type = "http";
@@ -173,6 +178,9 @@ in {
         ];
       }
     ];
+    extraConfigFiles = [
+      config.sops.templates.matrixshared.path
+    ];
   };
 
   services.mautrix-telegram = {
@@ -196,9 +204,6 @@ in {
         database = "postgresql:///mautrix-telegram?host=/run/postgresql";
       };
       bridge = {
-        # login_shared_secret_map = {
-          # matrixDomain = "as_token:doublepuppet";
-        # };
         relaybot.authless_portals = true;
         allow_avatar_remove = true;
         allow_contact_info = true;
@@ -211,12 +216,6 @@ in {
           "*" = "relaybot";
           "@swarsel:${matrixDomain}" = "admin";
         };
-        # Animated stickers conversion requires additional packages in the
-        # service's path.
-        # If this isn't a fresh installation, clearing the bridge's uploaded
-        # file cache might be necessary (make a database backup first!):
-        # delete from telegram_file where \
-        #   mime_type in ('application/gzip', 'application/octet-stream')
         animated_sticker = {
           target = "gif";
           args = {
@@ -236,7 +235,6 @@ in {
 
   services.mautrix-whatsapp = {
     enable = true;
-    # environmentFile = config.sops.templates.mautrixwhatsapp.path;
     settings = {
       homeserver = {
         address = "http://localhost:8008";
@@ -284,7 +282,6 @@ in {
   services.mautrix-signal = {
     enable = true;
     registerToSynapse = false; # this has the same effect as registering to app_service_config_file above
-    # environmentFile = config.sops.templates.mautrixwhatsapp.path;
     settings = {
       homeserver = {
         address = "http://localhost:8008";

profiles/remote/oracle/sync/hardware-configuration.nix

@@ -1,4 +1,4 @@
-{ config, lib, pkgs, modulesPath, ... }:
+{ config, lib, modulesPath, ... }:
 
 {
   imports =

profiles/remote/oracle/sync/nixos.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, modulesPath, ... }:
+{ config, pkgs, ... }:
 
 {
   imports = [
@@ -18,14 +18,16 @@
 
   nix.settings.experimental-features = ["nix-command" "flakes"];
 
-  sops.age.sshKeyPaths = [ "/etc/ssh/sops" ];
+  sops = {
-  sops.defaultSopsFile = "/root/.dotfiles/secrets/sync/secrets.yaml";
+    age.sshKeyPaths = [ "/etc/ssh/sops" ];
-  sops.validateSopsFiles = false;
+    defaultSopsFile = "/root/.dotfiles/secrets/sync/secrets.yaml";
-  sops.secrets.swarsel = { owner = "root";};
+    validateSopsFiles = false;
-  sops.secrets.dnstokenfull = {owner="acme";};
+    secrets.swarsel = { owner = "root";};
-  sops.templates."certs.secret".content = ''
+    secrets.dnstokenfull = {owner="acme";};
+    templates."certs.secret".content = ''
     CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
     '';
+  };
 
   security.acme = {
     acceptTerms = true;
@@ -89,10 +91,11 @@
 
   boot.tmp.cleanOnBoot = true;
   zramSwap.enable = false;
-  networking.hostName = "sync";
+  networking = {
-  networking.enableIPv6 = false;
+    hostName = "sync";
-  networking.domain = "subnet03112148.vcn03112148.oraclevcn.com";
+    enableIPv6 = false;
-  networking.firewall.extraCommands = ''
+    domain = "subnet03112148.vcn03112148.oraclevcn.com";
+    firewall.extraCommands = ''
     iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
     iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
     iptables -I INPUT -m state --state NEW -p tcp --dport 27701 -j ACCEPT
@@ -102,6 +105,7 @@
     iptables -I INPUT -m state --state NEW -p udp --dport 22000 -j ACCEPT
     iptables -I INPUT -m state --state NEW -p udp --dport 21027 -j ACCEPT
     '';
+  };
   services.openssh = {
     enable = true;
     settings.PermitRootLogin = "yes";

profiles/sandbox/hardware-configuration.nix

@@ -1,7 +1,7 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{ config, lib, modulesPath, ... }:
 
 {
   imports =

profiles/sandbox/nixos.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, modulesPath, unstable, sops, ... }: let
+{ config, pkgs, unstable, sops, ... }: let
     matrixDomain = "swatrix.swarsel.win";
   in {
 

profiles/server1/TEMPLATE/nixos.nix

@@ -1,6 +1,6 @@
 { pkgs, modulesPath, ... }:
 
-{
+  {
     imports = [
       (modulesPath + "/virtualisation/proxmox-lxc.nix")
     ];
@@ -18,12 +18,16 @@
 
     nix.settings.experimental-features = ["nix-command" "flakes"];
 
-  proxmoxLXC.manageNetwork = true; # manage network myself
+    proxmoxLXC = {
-  proxmoxLXC.manageHostName = false; # manage hostname myself
+manageNetwork = true; # manage network myself
-  networking.hostName = "TEMPLATE"; # Define your hostname.
+manageHostName = false; # manage hostname myself
-  networking.useDHCP = true;
+};
-  networking.enableIPv6 = false;
+    networking = {
-  networking.firewall.enable = false;
+hostName = "TEMPLATE"; # Define your hostname.
+useDHCP = true;
+enableIPv6 = false;
+firewall.enable = false;
+};
     services.openssh = {
       enable = true;
       settings.PermitRootLogin = "yes";
@@ -34,4 +38,4 @@
     # users.users.root.password = "TEMPLATE";
 
     system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
-}
+  }

profiles/server1/calibre/hardware-configuration.nix

@@ -1,7 +1,7 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{ lib, ... }:
 
 {
   imports = [ ];

profiles/server1/calibre/nixos.nix

@@ -1,6 +1,6 @@
 { config, pkgs, modulesPath, ... }:
 
-{
+  {
     imports = [
       (modulesPath + "/virtualisation/proxmox-lxc.nix")
       ./hardware-configuration.nix
@@ -29,24 +29,22 @@
 
     nix.settings.experimental-features = ["nix-command" "flakes"];
 
-  sops.age.sshKeyPaths = [ "/etc/ssh/sops" ];
+    sops = {
-  sops.defaultSopsFile = "/.dotfiles/secrets/calibre/secrets.yaml";
+age.sshKeyPaths = [ "/etc/ssh/sops" ];
-  sops.validateSopsFiles = false;
+defaultSopsFile = "/.dotfiles/secrets/calibre/secrets.yaml";
-  sops.secrets.kavita = { owner = "kavita";};
+validateSopsFiles = false;
-  # sops.secrets.smbuser = { };
+secrets.kavita = { owner = "kavita";};
-  # sops.secrets.smbpassword = { };
+};
-  # sops.secrets.smbdomain = { };
+    proxmoxLXC = {
-  # sops.templates."smb.cred".content = ''
+manageNetwork = true; # manage network myself
-  # user=${config.sops.placeholder.smbuser}
+manageHostName = false; # manage hostname myself
-  # password=${config.sops.placeholder.smbpassword}
+};
-  # domain=${config.sops.placeholder.smbdomain}
+    networking = {
-  # '';
+hostName = "calibre"; # Define your hostname.
-  proxmoxLXC.manageNetwork = true; # manage network myself
+useDHCP = true;
-  proxmoxLXC.manageHostName = false; # manage hostname myself
+enableIPv6 = false;
-  networking.hostName = "calibre"; # Define your hostname.
+firewall.enable = false;
-  networking.useDHCP = true;
+};
-  networking.enableIPv6 = false;
-  networking.firewall.enable = false;
     services.openssh = {
       enable = true;
       settings.PermitRootLogin = "yes";
@@ -61,35 +59,6 @@
       nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
     };
 
-
-    # services.calibre-server = {
-    # enable = true;
-    # user = "calibre-server";
-    # auth.enable = true;
-    # auth.userDb = "/srv/calibre/users.sqlite";
-    # libraries = [
-    #   /media/Books/main
-    #   /media/Books/diverse
-    #   /media/Books/language
-    #   /media/Books/science
-    #   /media/Books/sport
-    #   /media/Books/novels
-    # ];
-  # };
-
-  # services.calibre-web = {
-  #   enable = true;
-  #   user = "calibre-web";
-  #   group = "calibre-web";
-  #   listen.port = 8083;
-  #   listen.ip = "0.0.0.0";
-  #   options = {
-  #     enableBookUploading = true;
-  #     enableKepubify = true;
-  #     enableBookConversion = true;
-  #   };
-  # };
-
     services.kavita = {
       enable = true;
       user = "kavita";
@@ -98,4 +67,4 @@
     };
 
 
-}
+  }

profiles/server1/jellyfin/hardware-configuration.nix

@@ -1,7 +1,7 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{ lib, ... }:
 
 {
   imports = [ ];

profiles/server1/jellyfin/nixos.nix

@@ -31,16 +31,16 @@
 
   nix.settings.experimental-features = ["nix-command" "flakes"];
 
-  # sops.age.sshKeyPaths = [ "/etc/ssh/sops" ];
+  proxmoxLXC = {
-  # sops.defaultSopsFile = "/.dotfiles/secrets/jellyfin/secrets.yaml";
+    manageNetwork = true; # manage network myself
-  # sops.validateSopsFiles = false;
+    manageHostName = false; # manage hostname myself
-
+  };
-  proxmoxLXC.manageNetwork = true; # manage network myself
+  networking = {
-  proxmoxLXC.manageHostName = false; # manage hostname myself
+    hostName = "jellyfin"; # Define your hostname.
-  networking.hostName = "jellyfin"; # Define your hostname.
+    useDHCP = true;
-  networking.useDHCP = true;
+    enableIPv6 = false;
-  networking.enableIPv6 = false;
+    firewall.enable = false;
-  networking.firewall.enable = false;
+  };
   services.openssh = {
     enable = true;
     settings.PermitRootLogin = "yes";

profiles/server1/matrix/hardware-configuration.nix

@@ -1,7 +1,7 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{ lib, ... }:
 
 {
   imports = [ ];

profiles/server1/matrix/nixos.nix

@@ -1,18 +1,14 @@
-{ config, pkgs, modulesPath, unstable, sops, ... }: let
+{ config, pkgs, modulesPath, sops, ... }: let
   matrixDomain = "matrix2.swarsel.win";
 in {
   
   
-  services.xserver = {
+  services = {
+    xserver = {
       layout = "us";
       xkbVariant = "altgr-intl";
     };
-  nix.settings.experimental-features = ["nix-command" "flakes"];
+    openssh = {
-  proxmoxLXC.manageNetwork = true; # manage network myself
-  proxmoxLXC.manageHostName = false; # manage hostname myself
-  networking.useDHCP = true;
-  networking.enableIPv6 = false;
-  services.openssh = {
       enable = true;
       settings.PermitRootLogin = "yes";
       listenAddresses = [{
@@ -20,6 +16,20 @@ in {
         addr = "0.0.0.0";
       }];
     };
+  };
+  
+  nix.settings.experimental-features = ["nix-command" "flakes"];
+  
+  proxmoxLXC = {
+    manageNetwork = true; # manage network myself
+    manageHostName = false; # manage hostname myself
+  };
+  
+  networking = {
+    useDHCP = true;
+    enableIPv6 = false;
+  };
+  
   users.users.root.openssh.authorizedKeys.keyFiles = [
     ../../../secrets/keys/authorized_keys
   ];
@@ -38,8 +48,10 @@ in {
     # this module is hence not in the modules list, we add it ourselves
   ];
 
-  networking.hostName = "matrix"; # Define your hostname.
+  networking = {
-  networking.firewall.enable = false;
+    hostName = "matrix"; # Define your hostname.
+    firewall.enable = false;
+  };
   environment.systemPackages = with pkgs; [
     git
     gnupg
@@ -49,36 +61,42 @@ in {
     ffmpeg
   ];
 
-  sops.age.sshKeyPaths = [ "/etc/ssh/sops" ];
+  sops = {
-  sops.defaultSopsFile = "/.dotfiles/secrets/matrix/secrets.yaml";
+    age.sshKeyPaths = [ "/etc/ssh/sops" ];
-  sops.validateSopsFiles = false;
+    defaultSopsFile = "/.dotfiles/secrets/matrix/secrets.yaml";
-  sops.secrets.matrixsharedsecret = {owner="matrix-synapse";};
+    validateSopsFiles = false;
-  sops.templates."matrix_user_register.sh".content = ''
+    secrets = {
+      matrixsharedsecret = {owner="matrix-synapse";};
+      mautrixtelegram_as = {owner="matrix-synapse";};
+      mautrixtelegram_hs = {owner="matrix-synapse";};
+      mautrixtelegram_api_id = {owner="matrix-synapse";};
+      mautrixtelegram_api_hash = {owner="matrix-synapse";};
+    };
+    templates = {
+      "matrix_user_register.sh".content = ''
           register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008
           '';
-  sops.templates.matrixshared.owner = "matrix-synapse";
+      matrixshared = {
-  sops.templates.matrixshared.content = ''
+        owner = "matrix-synapse";
+        content = ''
           registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret}
           '';
-  sops.secrets.mautrixtelegram_as = {owner="matrix-synapse";};
+      };
-  sops.secrets.mautrixtelegram_hs = {owner="matrix-synapse";};
+      mautrixtelegram = {
-  sops.secrets.mautrixtelegram_api_id = {owner="matrix-synapse";};
+        owner = "matrix-synapse";
-  sops.secrets.mautrixtelegram_api_hash = {owner="matrix-synapse";};
+        content = ''
-  sops.templates.mautrixtelegram.owner = "matrix-synapse";
-  sops.templates.mautrixtelegram.content = ''
           MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as}
           MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs}
           MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id}
           MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash}
           '';
-  # sops.secrets.mautrixwhatsapp_shared = {owner="matrix-synapse";};
+      };
-  # sops.templates.mautrixwhatsapp.owner = "matrix-synapse";
+    };
-  # sops.templates.mautrixwhatsapp.content = ''
+  };
-  # MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET=${config.sops.placeholder.mautrixwhatsapp_shared}
-  # '';
 
-  services.postgresql.enable = true;
+  services.postgresql = {
-  services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
+    enable = true;
+    initialScript = pkgs.writeText "synapse-init.sql" ''
             CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
             CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
               TEMPLATE template0
@@ -100,21 +118,20 @@ in {
               LC_COLLATE = "C"
               LC_CTYPE = "C";
           '';
+  };
 
   services.matrix-synapse = {
-    settings.app_service_config_files = [
+    enable = true;
+    settings = {
+      app_service_config_files = [
         "/var/lib/matrix-synapse/telegram-registration.yaml"
         "/var/lib/matrix-synapse/whatsapp-registration.yaml"
         "/var/lib/matrix-synapse/signal-registration.yaml"
         "/var/lib/matrix-synapse/doublepuppet.yaml"
       ];
-    enable = true;
+      server_name = matrixDomain;
-    settings.server_name = matrixDomain;
+      public_baseurl = "https://${matrixDomain}";
-    settings.public_baseurl = "https://${matrixDomain}";
+      listeners = [
-    extraConfigFiles = [
-      config.sops.templates.matrixshared.path
-    ];
-    settings.listeners = [
         { port = 8008;
           bind_addresses = [ "0.0.0.0" ];
           type = "http";
@@ -129,6 +146,10 @@ in {
         }
       ];
     };
+    extraConfigFiles = [
+      config.sops.templates.matrixshared.path
+    ];
+  };
 
   services.mautrix-telegram = {
     enable = true;
@@ -151,9 +172,6 @@ in {
         database = "postgresql:///mautrix-telegram?host=/run/postgresql";
       };
       bridge = {
-        # login_shared_secret_map = {
-          # matrixDomain = "as_token:doublepuppet";
-        # };
         relaybot.authless_portals = true;
         allow_avatar_remove = true;
         allow_contact_info = true;
@@ -166,12 +184,6 @@ in {
           "*" = "relaybot";
           "@swarsel:${matrixDomain}" = "admin";
         };
-        # Animated stickers conversion requires additional packages in the
-        # service's path.
-        # If this isn't a fresh installation, clearing the bridge's uploaded
-        # file cache might be necessary (make a database backup first!):
-        # delete from telegram_file where \
-        #   mime_type in ('application/gzip', 'application/octet-stream')
         animated_sticker = {
           target = "gif";
           args = {
@@ -191,7 +203,6 @@ in {
 
   services.mautrix-whatsapp = {
     enable = true;
-    # environmentFile = config.sops.templates.mautrixwhatsapp.path;
     settings = {
       homeserver = {
         address = "http://localhost:8008";
@@ -238,7 +249,6 @@ in {
 
   services.mautrix-signal = {
     enable = true;
-    # environmentFile = config.sops.templates.mautrixwhatsapp.path;
     settings = {
       homeserver = {
         address = "http://localhost:8008";

profiles/server1/nginx/hardware-configuration.nix

@@ -1,7 +1,7 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{ lib, ... }:
 
 {
   imports = [ ];

profiles/server1/nginx/nixos.nix

@@ -20,19 +20,25 @@
 
   nix.settings.experimental-features = ["nix-command" "flakes"];
 
-  sops.age.sshKeyPaths = [ "/etc/ssh/sops" ];
+  sops = {
-  sops.defaultSopsFile = "/.dotfiles/secrets/nginx/secrets.yaml";
+    age.sshKeyPaths = [ "/etc/ssh/sops" ];
-  sops.validateSopsFiles = false;
+    defaultSopsFile = "/.dotfiles/secrets/nginx/secrets.yaml";
-  sops.secrets.dnstokenfull = {owner="acme";};
+    validateSopsFiles = false;
-  sops.templates."certs.secret".content = ''
+    secrets.dnstokenfull = {owner="acme";};
+    templates."certs.secret".content = ''
     CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
     '';
-  proxmoxLXC.manageNetwork = true; # manage network myself
+  };
-  proxmoxLXC.manageHostName = false; # manage hostname myself
+  proxmoxLXC = {
-  networking.hostName = "nginx"; # Define your hostname.
+    manageNetwork = true; # manage network myself
-  networking.useDHCP = true;
+    manageHostName = false; # manage hostname myself
-  networking.enableIPv6 = false;
+  };
-  networking.firewall.enable = false;
+  networking = {
+    hostName = "nginx"; # Define your hostname.
+    useDHCP = true;
+    enableIPv6 = false;
+    firewall.enable = false;
+  };
   services.openssh = {
     enable = true;
     settings.PermitRootLogin = "yes";
@@ -195,8 +201,4 @@
     };
   };
 
-
-
-
-
 }

profiles/server1/paperless/hardware-configuration.nix

@@ -1,7 +1,7 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{ lib, ... }:
 
 {
   imports = [ ];

profiles/server1/paperless/nixos.nix

@@ -9,16 +9,12 @@
   
   
   
-  services.xserver = {
+  services = {
+    xserver = {
       layout = "us";
       xkbVariant = "altgr-intl";
     };
-  nix.settings.experimental-features = ["nix-command" "flakes"];
+    openssh = {
-  proxmoxLXC.manageNetwork = true; # manage network myself
-  proxmoxLXC.manageHostName = false; # manage hostname myself
-  networking.useDHCP = true;
-  networking.enableIPv6 = false;
-  services.openssh = {
       enable = true;
       settings.PermitRootLogin = "yes";
       listenAddresses = [{
@@ -26,6 +22,20 @@
         addr = "0.0.0.0";
       }];
     };
+  };
+  
+  nix.settings.experimental-features = ["nix-command" "flakes"];
+  
+  proxmoxLXC = {
+    manageNetwork = true; # manage network myself
+    manageHostName = false; # manage hostname myself
+  };
+  
+  networking = {
+    useDHCP = true;
+    enableIPv6 = false;
+  };
+  
   users.users.root.openssh.authorizedKeys.keyFiles = [
     ../../../secrets/keys/authorized_keys
   ];
@@ -52,13 +62,17 @@
     ssh-to-age
   ];
 
-  networking.hostName = "paperless"; # Define your hostname.
+  networking = {
-  networking.firewall.enable = false;
+    hostName = "paperless"; # Define your hostname.
+    firewall.enable = false;
+  };
 
-  sops.age.sshKeyPaths = [ "/etc/ssh/sops" ];
+  sops = {
-  sops.defaultSopsFile = "/root/.dotfiles/secrets/paperless/secrets.yaml";
+    age.sshKeyPaths = [ "/etc/ssh/sops" ];
-  sops.validateSopsFiles = false;
+    defaultSopsFile = "/root/.dotfiles/secrets/paperless/secrets.yaml";
-  sops.secrets.admin = { owner = "paperless";};
+    validateSopsFiles = false;
+    secrets.admin = { owner = "paperless";};
+  };
 
   services.paperless = {
     enable = true;

profiles/server1/sound/hardware-configuration.nix

@@ -1,7 +1,7 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{ lib, ... }:
 
 {
   imports = [ ];

profiles/server1/sound/nixos.nix

@@ -9,16 +9,12 @@
   
   
   
-  services.xserver = {
+  services = {
+    xserver = {
       layout = "us";
       xkbVariant = "altgr-intl";
     };
-  nix.settings.experimental-features = ["nix-command" "flakes"];
+    openssh = {
-  proxmoxLXC.manageNetwork = true; # manage network myself
-  proxmoxLXC.manageHostName = false; # manage hostname myself
-  networking.useDHCP = true;
-  networking.enableIPv6 = false;
-  services.openssh = {
       enable = true;
       settings.PermitRootLogin = "yes";
       listenAddresses = [{
@@ -26,6 +22,20 @@
         addr = "0.0.0.0";
       }];
     };
+  };
+  
+  nix.settings.experimental-features = ["nix-command" "flakes"];
+  
+  proxmoxLXC = {
+    manageNetwork = true; # manage network myself
+    manageHostName = false; # manage hostname myself
+  };
+  
+  networking = {
+    useDHCP = true;
+    enableIPv6 = false;
+  };
+  
   users.users.root.openssh.authorizedKeys.keyFiles = [
     ../../../secrets/keys/authorized_keys
   ];
@@ -40,7 +50,9 @@
 
   proxmoxLXC.privileged = true; # manage hostname myself
 
-  users.groups.lxc_pshares = {
+  users = {
+    groups = {
+      lxc_pshares = {
         gid = 110000;
         members = [
           "navidrome"
@@ -49,32 +61,38 @@
         ];
       };
 
-  users.groups.navidrome = {
+      navidrome = {
         gid = 61593;
       };
 
-  users.groups.mpd = {};
+      mpd = {};
+    };
 
-  users.users.navidrome = {
+    users = {
+      navidrome = {
         isSystemUser = true;
         uid = 61593;
         group = "navidrome";
         extraGroups  = [ "audio" "utmp" ];
       };
 
-  users.users.mpd = {
+      mpd = {
         isSystemUser = true;
         group = "mpd";
         extraGroups  = [ "audio" "utmp" ];
       };
+    };
+  };
 
   sound = {
     enable = true;
   };
 
   hardware.enableAllFirmware = true;
-  networking.hostName = "sound"; # Define your hostname.
+  networking = {
-  networking.firewall.enable = false;
+    hostName = "sound"; # Define your hostname.
+    firewall.enable = false;
+  };
   environment.systemPackages = with pkgs; [
     git
     gnupg
@@ -84,10 +102,12 @@
     mpv
   ];
 
-  sops.age.sshKeyPaths = [ "/etc/ssh/sops" ];
+  sops = {
-  sops.defaultSopsFile = "/.dotfiles/secrets/sound/secrets.yaml";
+    age.sshKeyPaths = [ "/etc/ssh/sops" ];
-  sops.validateSopsFiles = false;
+    defaultSopsFile = "/.dotfiles/secrets/sound/secrets.yaml";
-  sops.secrets.mpdpass = { owner = "mpd";};
+    validateSopsFiles = false;
+    secrets.mpdpass = { owner = "mpd";};
+  };
 
   services.navidrome = {
     enable = true;

profiles/server1/spotifyd/hardware-configuration.nix

@@ -1,7 +1,7 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{ lib, ... }:
 
 {
   imports = [ ];

profiles/server1/spotifyd/nixos.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, modulesPath, ... }:
+{ pkgs, modulesPath, ... }:
 
 {
   
@@ -9,16 +9,12 @@
   
   
   
-  services.xserver = {
+  services = {
+    xserver = {
       layout = "us";
       xkbVariant = "altgr-intl";
     };
-  nix.settings.experimental-features = ["nix-command" "flakes"];
+    openssh = {
-  proxmoxLXC.manageNetwork = true; # manage network myself
-  proxmoxLXC.manageHostName = false; # manage hostname myself
-  networking.useDHCP = true;
-  networking.enableIPv6 = false;
-  services.openssh = {
       enable = true;
       settings.PermitRootLogin = "yes";
       listenAddresses = [{
@@ -26,6 +22,20 @@
         addr = "0.0.0.0";
       }];
     };
+  };
+  
+  nix.settings.experimental-features = ["nix-command" "flakes"];
+  
+  proxmoxLXC = {
+    manageNetwork = true; # manage network myself
+    manageHostName = false; # manage hostname myself
+  };
+  
+  networking = {
+    useDHCP = true;
+    enableIPv6 = false;
+  };
+  
   users.users.root.openssh.authorizedKeys.keyFiles = [
     ../../../secrets/keys/authorized_keys
   ];
@@ -56,18 +66,16 @@
   };
 
   hardware.enableAllFirmware = true;
-  networking.hostName = "spotifyd"; # Define your hostname.
+  networking = {
-  networking.firewall.enable = false;
+    hostName = "spotifyd"; # Define your hostname.
+    firewall.enable = false;
+  };
   environment.systemPackages = with pkgs; [
     git
     gnupg
     ssh-to-age
   ];
 
-  # sops.age.sshKeyPaths = [ "/etc/ssh/sops" ];
-  # sops.defaultSopsFile = "/.dotfiles/secrets/spotifyd/secrets.yaml";
-  # sops.validateSopsFiles = false;
-
   services.spotifyd = {
     enable = true;
     settings = {

profiles/server1/transmission/hardware-configuration.nix

@@ -1,7 +1,7 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{ lib, ... }:
 
 {
   imports = [ ];

profiles/server1/transmission/nixos.nix

@@ -1,6 +1,6 @@
 { config, pkgs, modulesPath, ... }:
 
-            {
+{
   imports = [
     (modulesPath + "/virtualisation/proxmox-lxc.nix")
     ./hardware-configuration.nix
@@ -44,62 +44,48 @@
 
   nix.settings.experimental-features = ["nix-command" "flakes"];
 
-              sops.age.sshKeyPaths = [ "/etc/ssh/sops" ];
+  sops = {
-              sops.defaultSopsFile = "/.dotfiles/secrets/transmission/secrets.yaml";
+    age.sshKeyPaths = [ "/etc/ssh/sops" ];
-              sops.validateSopsFiles = false;
+    defaultSopsFile = "/.dotfiles/secrets/transmission/secrets.yaml";
+    validateSopsFiles = false;
+  };
 
   boot.kernelModules = [ "tun" ];
-              proxmoxLXC.manageNetwork = true; # manage network myself
+  proxmoxLXC = {
-              proxmoxLXC.manageHostName = false; # manage hostname myself
+    manageNetwork = true; # manage network myself
-              networking.hostName = "transmission"; # Define your hostname.
+    manageHostName = false; # manage hostname myself
-              networking.useDHCP = true;
+  };
-              networking.enableIPv6 = false;
+  networking = {
-              networking.firewall.enable = false;
+    hostName = "transmission"; # Define your hostname.
-
+    useDHCP = true;
-              services.radarr = {
+    enableIPv6 = false;
-                enable = true;
+    firewall.enable = false;
   };
 
-              services.readarr = {
+  services = {
+    radarr = {
       enable = true;
     };
-              services.sonarr = {
+    readarr = {
       enable = true;
     };
-              services.lidarr = {
+    sonarr = {
       enable = true;
     };
-              services.prowlarr = {
+    lidarr = {
       enable = true;
     };
+    prowlarr = {
+      enable = true;
+    };
+  };
 
-              # networking.interfaces = {
-                  # lo = {
-                    # useDHCP = false;
-                    # ipv4.addresses = [
-                      # { address = "127.0.0.1"; prefixLength = 8; }
-                    # ];
-                  # };
-              #
-                  # eth0 = {
-                    # useDHCP = true;
-                  # };
-                # };
-
-              # networking.firewall.extraCommands = ''
-              # sudo iptables -A OUTPUT ! -o lo -m owner --uid-owner vpn -j DROP
-              # '';
   networking.iproute2 = {
     enable = true;
     rttablesExtraConfig = ''
                     200     vpn
                     '';
   };
-              # boot.kernel.sysctl = {
-              #   "net.ipv4.conf.all.rp_filter" = 2;
-              #   "net.ipv4.conf.default.rp_filter" = 2;
-              #   "net.ipv4.conf.eth0.rp_filter" = 2;
-              # };
   environment.etc = {
     "openvpn/iptables.sh" =
       { source = ../../../scripts/server1/iptables.sh;
@@ -141,26 +127,22 @@
     nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
   };
 
-              sops.secrets.vpnuser = {};
+  sops = {
-              sops.secrets.rpcuser = {owner="vpn";};
+    templates = {
-              sops.secrets.vpnpass = {};
+      "transmission-rpc" = {
-              sops.secrets.rpcpass = {owner="vpn";};
+        owner = "vpn";
-              sops.secrets.vpnprot = {};
+        content = builtins.toJSON {
-              sops.secrets.vpnloc = {};
-              # sops.secrets.crlpem = {};
-              # sops.secrets.capem = {};
-              sops.templates."transmission-rpc".owner = "vpn";
-              sops.templates."transmission-rpc".content = builtins.toJSON {
           rpc-username = config.sops.placeholder.rpcuser;
           rpc-password = config.sops.placeholder.rpcpass;
         };
+      };
 
-              sops.templates.pia.content = ''
+      pia.content = ''
                   ${config.sops.placeholder.vpnuser}
                   ${config.sops.placeholder.vpnpass}
                   '';
 
-              sops.templates.vpn.content = ''
+      vpn.content = ''
                     client
                     dev tun
                     proto ${config.sops.placeholder.vpnprot}
@@ -188,71 +170,20 @@
                     dhcp-option DNS 8.8.8.8
                     route-noexec
                   '';
-
+    };
-              # services.pia.enable = true;
+    secrets = {
-              # services.pia.authUserPass.username = "na";
+      vpnuser = {};
-              # services.pia.authUserPass.password = "na";
+      rpcuser = {owner="vpn";};
-
+      vpnpass = {};
-
+      rpcpass = {owner="vpn";};
-            #     systemd.services.openvpn-vpn = {
+      vpnprot = {};
-            # wantedBy = [ "multi-user.target" ];
+      vpnloc = {};
-            # after = [ "network.target" ];
+    };
-            # description = "OpenVPN connection to pia";
+  };
-            # serviceConfig = {
-            #   Type = "forking";
-            #   RuntimeDirectory="openvpn";
-            #   PrivateTmp=true;
-            #   KillMode="mixed";
-            #   ExecStart = ''@${pkgs.openvpn}/sbin/openvpn openvpn --daemon ovpn-pia --status /run/openvpn/pia.status 10 --cd /etc/openvpn --script-security 2 --config ${config.sops.templates.vpn.path} --writepid /run/openvpn/pia.pid'';
-            #   PIDFile=''/run/openvpn/pia.pid'';
-            #   ExecReload=''/run/current-system/sw/bin/kill -HUP $MAINPID'';
-            #   WorkingDirectory="/etc/openvpn";
-            #   Restart="on-failure";
-            #   RestartSec=30;
-            #   ProtectSystem="yes";
-            #   DeviceAllow=["/dev/null rw" "/dev/net/tun rw"];
-            # };
-         # };
   services.openvpn.servers = {
     pia = {
       autoStart = false;
       updateResolvConf = true;
-#               up = ''
-# export INTERFACE="tun0"
-# export VPNUSER="vpn"
-# export LOCALIP="192.168.1.191"
-# export NETIF="eth0"
-# export VPNIF="tun0"
-# export GATEWAYIP=$(ifconfig $VPNIF | egrep -o '([0-9]{1,3}\.){3}[0-9]{1,3}' | egrep -v '255|(127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | tail -n1)
-# iptables -F -t nat
-# iptables -F -t mangle
-# iptables -F -t filter
-# iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark
-# iptables -t mangle -A OUTPUT ! --dest $LOCALIP -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1
-# iptables -t mangle -A OUTPUT --dest $LOCALIP -p udp --dport 53 -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1
-# iptables -t mangle -A OUTPUT --dest $LOCALIP -p tcp --dport 53 -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1
-# iptables -t mangle -A OUTPUT ! --src $LOCALIP -j MARK --set-mark 0x1
-# iptables -t mangle -A OUTPUT -j CONNMARK --save-mark
-# iptables -A INPUT -i $INTERFACE -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-# iptables -A INPUT -i $INTERFACE -j REJECT
-# iptables -A OUTPUT -o lo -m owner --uid-owner $VPNUSER -j ACCEPT
-# iptables -A OUTPUT -o $INTERFACE -m owner --uid-owner $VPNUSER -j ACCEPT
-# iptables -t nat -A POSTROUTING -o $INTERFACE -j MASQUERADE
-# iptables -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-# iptables -A OUTPUT ! --src $LOCALIP -o $NETIF -j REJECT
-# if [[ `ip rule list | grep -c 0x1` == 0 ]]; then
-# ip rule add from all fwmark 0x1 lookup $VPNUSER
-# fi
-# ip route replace default via $GATEWAYIP table $VPNUSER
-# ip route append default via 127.0.0.1 dev lo table $VPNUSER
-# ip route flush cache
-              # '';
-              # down = "bash /etc/openvpn/update-resolv-conf";
-              # these are outsourced to a local file, I am not sure if it can be done with sops-nix
-              # authUserPass = {
-                # username = "TODO:secrets";
-                # password = "TODO:secrets";
-              # };
       config = "config ${config.sops.templates.vpn.path}";
     };
   };
@@ -335,24 +266,5 @@
     };
   };
 
-      # services.nginx = {
-      #       enable = true;
-      #       virtualHosts = {
 
-      #         "192.168.1.192" = {
+}
-      #           locations = {
-      #             "/transmission" = {
-      #               proxyPass = "http://127.0.0.1:9091";
-      #               extraConfig = ''
-      #               proxy_set_header Host $host;
-      #               proxy_set_header X-Real-IP $remote_addr;
-      #               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-      #               '';
-      #             };
-      #           };
-      #         };
-      #       };
-      # };
-
-
-            }

profiles/threed/hardware-configuration.nix

@@ -1,7 +1,7 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{ config, lib, modulesPath, ... }:
 
 {
   imports =

profiles/threed/home.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, lib, fetchFromGitHub, ... }:
+{ config, pkgs, ... }:
 
 {
 
@@ -76,7 +76,7 @@
       };
 
       keybindings = let
-        modifier = config.wayland.windowManager.sway.config.modifier;
+        inherit (config.wayland.windowManager.sway.config) modifier;
       in {
         "${modifier}+F2"  = "exec brightnessctl set +5%";
         "${modifier}+F1"= "exec brightnessctl set 5%-";

profiles/threed/nixos.nix

@@ -1,4 +1,4 @@
-{ config, lib, pkgs, inputs, ... }:
+{ lib, pkgs, ... }:
 
 {
   
@@ -71,7 +71,7 @@
       };
   
       monospace = {
-        package = (pkgs.nerdfonts.override { fonts = [ "FiraCode"]; });
+        package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; };
         name = "FiraCode Nerd Font Mono";
       };
   

profiles/winters/home.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, lib, fetchFromGitHub, ... }:
+{ config, pkgs, ... }:
 
 {
 
@@ -97,11 +97,11 @@
       ];
 
 
-      keybindings = let
+      # keybindings = let
-        modifier = config.wayland.windowManager.sway.config.modifier;
+      # inherit (config.wayland.windowManager.sway.config) modifier;
-      in {
+      # in {
 
-      };
+      # };
 
       startup = [
         

profiles/winters/nixos.nix

@@ -1,4 +1,4 @@
-{ config, lib, pkgs, inputs, ... }:
+{ pkgs, ... }:
 
 {
 
@@ -88,7 +88,7 @@
       };
   
       monospace = {
-        package = (pkgs.nerdfonts.override { fonts = [ "FiraCode"]; });
+        package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; };
         name = "FiraCode Nerd Font Mono";
       };
   

programs/emacs/init.el

@@ -219,11 +219,11 @@ create a new one."
   (evil-next-visual-line))
 
 ;; run the python inferior shell immediately upon entering a python buffer
-    ;; (add-hook 'python-mode-hook 'swarsel/run-python)
+;; (add-hook 'python-mode-hook 'swarsel/run-python)
 
-  ;; (defun swarsel/run-python ()
+;; (defun swarsel/run-python ()
-  ;;   (save-selected-window
+;;   (save-selected-window
-  ;;     (switch-to-buffer-other-window (process-buffer (python-shell-get-or-create-process (python-shell-parse-command))))))
+;;     (switch-to-buffer-other-window (process-buffer (python-shell-get-or-create-process (python-shell-parse-command))))))
 
 ;; reload python shell automatically
 (defun my-python-shell-run ()
@@ -533,7 +533,7 @@ create a new one."
   (setq forge-add-default-bindings nil))
 
 ;; enables 2-char inline search
-  (use-package evil-snipe
+(use-package evil-snipe
   :after evil
   :demand
   :config
@@ -914,7 +914,7 @@ create a new one."
 (setq TeX-auto-save t)
 (setq TeX-save-query nil)
 (setq TeX-parse-self t)
-  (setq-default TeX-master nil)
+(setq-default TeX-master nil)
 
 (add-hook 'LaTeX-mode-hook 'visual-line-mode)
 (add-hook 'LaTeX-mode-hook 'flyspell-mode)
@@ -923,7 +923,7 @@ create a new one."
 (setq LaTeX-electric-left-right-brace t)
 (setq font-latex-fontify-script nil)
 (setq TeX-electric-sub-and-superscript t)
-  ;; (setq reftex-plug-into-AUCTeX t)
+;; (setq reftex-plug-into-AUCTeX t)
 
 (use-package org-download
   :after org
@@ -962,9 +962,9 @@ create a new one."
   )
 
 
-    (use-package hide-mode-line)
+(use-package hide-mode-line)
 
-    (defun swarsel/org-present-start ()
+(defun swarsel/org-present-start ()
   (setq-local face-remapping-alist '((default (:height 1.5) variable-pitch)
                                      (header-line (:height 4.0) variable-pitch)
                                      (org-document-title (:height 1.75) org-document-title)
@@ -999,7 +999,7 @@ create a new one."
   (swarsel/org-present-slide)
   )
 
-    (defun swarsel/org-present-end ()
+(defun swarsel/org-present-end ()
   (setq-local face-remapping-alist '((default variable-pitch default)))
   (dolist (face '((org-level-1 . 1.1)
                   (org-level-2 . 0.9)
@@ -1023,18 +1023,18 @@ create a new one."
   ;; (org-present-show-cursor)
   )
 
-  (defun swarsel/org-present-slide ()
+(defun swarsel/org-present-slide ()
   (org-overview)
   (org-show-entry)
   (org-show-children)
   )
 
-  (defun swarsel/org-present-prev ()
+(defun swarsel/org-present-prev ()
   (interactive)
   (org-present-prev)
   (swarsel/org-present-slide))
 
-  (defun swarsel/org-present-next ()
+(defun swarsel/org-present-next ()
   (interactive)
   (unless (eobp)
     (org-next-visible-heading 1)
@@ -1048,9 +1048,9 @@ create a new one."
   )
 
 (add-hook 'buffer-list-update-hook #'clojure-leave-clojure-mode-function)
-    (add-hook 'org-present-mode-hook 'swarsel/org-present-start)
+(add-hook 'org-present-mode-hook 'swarsel/org-present-start)
-    (add-hook 'org-present-mode-quit-hook 'swarsel/org-present-end)
+(add-hook 'org-present-mode-quit-hook 'swarsel/org-present-end)
-    (add-hook 'org-present-after-navigate-functions 'swarsel/org-present-slide)
+(add-hook 'org-present-after-navigate-functions 'swarsel/org-present-slide)
 
 (use-package nix-mode
   :mode "\\.nix\\'")
@@ -1143,7 +1143,7 @@ create a new one."
 (add-hook 'c++-ts-mode-hook
           (lambda () (setq-local devdocs-current-docs '("cpp"))))
 
-; (devdocs-update-all)
+                                        ; (devdocs-update-all)
 
 (use-package projectile
   :diminish projectile-mode
@@ -1155,7 +1155,7 @@ create a new one."
   ;; NOTE: Set this to the folder where you keep your Git repos!
   (when (file-directory-p swarsel-projects-directory)
     (setq projectile-project-search-path (list swarsel-projects-directory)))
-(setq projectile-switch-project-action #'magit-status))
+  (setq projectile-switch-project-action #'magit-status))
 
 (use-package magit
   :config
@@ -1294,7 +1294,7 @@ create a new one."
   ;; (add-to-list 'completion-at-point-functions #'cape-dict)
   ;; (add-to-list 'completion-at-point-functions #'cape-elisp-symbol)
   ;; (add-to-list 'completion-at-point-functions #'cape-line)
-)
+  )
 
 (use-package rustic
   :init
@@ -1328,7 +1328,7 @@ create a new one."
                           (concat
                            "-o ControlPath=/tmp/ssh-tramp-%%r@%%h:%%p "
                            "-o ControlMaster=auto -o ControlPersist=yes"))
-)
+  )
 
 (use-package diff-hl
   :hook
@@ -1642,19 +1642,19 @@ create a new one."
           (:maildir "/Drafts"     :key ?d)
           (:maildir "/All Mail"     :key ?a)))
 
-(setq user-mail-address "leon@swarsel.win"
+  (setq user-mail-address "leon@swarsel.win"
         user-full-name "Leon Schwarzäugl")
 
 
-(setq mu4e-user-mail-address-list '(leon.schwarzaeugl@gmail.com leon@swarsel.win nautilus.dw@gmail.com mrswarsel@gmail.com)))
+  (setq mu4e-user-mail-address-list '(leon.schwarzaeugl@gmail.com leon@swarsel.win nautilus.dw@gmail.com mrswarsel@gmail.com)))
 
 
 (add-hook 'mu4e-compose-mode-hook #'swarsel/mu4e-send-from-correct-address)
 (add-hook 'mu4e-compose-post-hook #'swarsel/mu4e-restore-default)
 
 (use-package mu4e-alert
-:config
+  :config
-(setq mu4e-alert-set-default-style 'libnotify))
+  (setq mu4e-alert-set-default-style 'libnotify))
 
 (add-hook 'after-init-hook #'mu4e-alert-enable-notifications)
 

templates/cu_flake.nix

@@ -8,7 +8,6 @@
   outputs = {nixpkgs, ...}: let
     system = "x86_64-linux";
     pkgs = import nixpkgs { system = "x86_64-linux"; config.allowUnfree = true; };
-    llvm = pkgs.llvmPackages_latest;
   in {
     devShells.${system}.default = pkgs.mkShell {
 

templates/rust_flake.nix

@@ -5,7 +5,7 @@
     rust-overlay.url = "github:oxalica/rust-overlay";
   };
 
-  outputs = {self, nixpkgs, rust-overlay, ...}: let
+  outputs = { nixpkgs, rust-overlay, ...}: let
     system = "x86_64-linux";
     pkgs = import nixpkgs {
       inherit system;