From ac21963ed957e1b374d722c101989c1af889de8f Mon Sep 17 00:00:00 2001
From: Tibor Pilz <tibor.pilz@iu.org>
Date: Sat, 6 Jul 2024 16:01:39 +0200
Subject: [PATCH] feat(home): add 'graphical' option

---
 flake.nix                                     |   9 +-
 home/config/doom/default.nix                  |   2 +-
 home/default.nix                              | 245 +++++++++---------
 home/modules/bitwarden.nix                    |   3 +-
 home/modules/editors/emacs.nix                |   6 +-
 home/modules/editors/lsp.nix                  |   2 +-
 home/modules/gui/terminal/alacritty.nix       |   2 +-
 home/modules/password-store.nix               |   3 +-
 home/modules/shell/gnupg.nix                  |  18 +-
 home/modules/util/create-applications.nix     |  38 +--
 hosts/darwin/bigmac/default.nix               |   2 +-
 hosts/nixos/klaus/default.nix                 |   2 +-
 hosts/nixos/klaus/hardware-configuration.nix  |  13 +-
 hosts/nixos/minithink/default.nix             |   2 +-
 .../minithink/hardware-configuration.nix      |  17 +-
 hosts/nixos/thinkyMcThinkpad/default.nix      |   4 +-
 lib/nixos.nix                                 |   2 +-
 modules/nixos/home.nix                        |   4 +-
 modules/nixos/podgroups.nix                   |  17 +-
 modules/nixos/services/firefly-iii.nix        |  10 +-
 modules/nixos/services/linkding.nix           |   2 +-
 modules/nixos/services/media/photoprism.nix   |  58 ++---
 modules/nixos/services/media/qbittorrent.nix  | 144 +++++-----
 modules/nixos/services/nextcloud.nix          |   2 +-
 modules/nixos/services/reverseProxy.nix       |  11 +-
 node-env.nix                                  | 225 ++++++++--------
 packages/emacs/default.nix                    |  44 ++--
 packages/emacs/packages/default.nix           |  96 +++----
 packages/node/node-env.nix                    | 225 ++++++++--------
 packages/node/node-packages.nix               |   2 +-
 packages/scripts/bw2pass/default.nix          |  10 +-
 packages/scripts/default.nix                  |   2 +-
 packages/scripts/git-utils/default.nix        |  10 +-
 packages/utils/default.nix                    |   2 +-
 packages/utils/generateTaskfile.nix           |   8 +-
 35 files changed, 643 insertions(+), 599 deletions(-)

diff --git a/flake.nix b/flake.nix
index c40c1cd..c4b64e3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -107,8 +107,8 @@
             inherit lib inputs;
             pkgs = channels.nixpkgs;
           }))) // {
-            default = packages.bw2pass;
-          };
+          default = packages.bw2pass;
+        };
 
 
         apps = (lib.mapAttrs' (name: value: { inherit name; value = lib.my.mkApp value; }) packages) // {
@@ -147,8 +147,9 @@
               }
             ];
           };
-          aliasConfigurations = lib.foldr (curr: prev: prev // { "${curr}" = homeConfiguration; }) {} aliases;
-        in { "${user}" = homeConfiguration; } // aliasConfigurations
+          aliasConfigurations = lib.foldr (curr: prev: prev // { "${curr}" = homeConfiguration; }) { } aliases;
+        in
+        { "${user}" = homeConfiguration; } // aliasConfigurations
       ));
 
       nixosModules = lib.my.mapModulesRec (toString ./modules) import;
diff --git a/home/config/doom/default.nix b/home/config/doom/default.nix
index a47b909..ab7bccf 100644
--- a/home/config/doom/default.nix
+++ b/home/config/doom/default.nix
@@ -5,7 +5,7 @@ stdenv.mkDerivation {
   inherit version;
   src = lib.sourceByRegex ./. [ "config.org" "init.el" ];
 
-  buildInputs = [emacs];
+  buildInputs = [ emacs ];
 
   buildPhase = ''
     cp $src/* .
diff --git a/home/default.nix b/home/default.nix
index a725a61..b67c0e5 100644
--- a/home/default.nix
+++ b/home/default.nix
@@ -1,4 +1,4 @@
-{ inputs, pkgs, lib, ... }:
+{ inputs, pkgs, lib, config, ... }:
 
 with lib;
 
@@ -9,147 +9,154 @@ with mylib;
 {
   imports = mylib.mapModulesRec' (toString ./modules) import;
 
-  home.stateVersion = "23.11";
+  options.graphical = mkBoolOpt true;
 
-  fonts = {
-    fontconfig.enable = true;
-  };
+  config = {
+    home.stateVersion = "23.11";
 
-  home.packages = with pkgs; [
-    # TODO: move fonts to own module
-    (nerdfonts.override { fonts = [ "FiraCode" ]; })
-    etBook
-    dejavu_fonts
+    fonts = {
+      fontconfig.enable = true;
+    };
 
-    # Need later version of bash for nix-shell to work correctly on macos
-    bash
+    home.packages = with pkgs; [
+      # TODO: move fonts to own module
+      (nerdfonts.override { fonts = [ "FiraCode" ]; })
+      etBook
+      dejavu_fonts
 
-    # Setuptools is missing from python
-    python3Packages.setuptools
+      # Need later version of bash for nix-shell to work correctly on macos
+      bash
 
-    # GNU Parallel my beloved
-    parallel
+      # Setuptools is missing from python
+      python3Packages.setuptools
 
-    # C stuff
-    gnumake
-    gcc
+      # GNU Parallel my beloved
+      parallel
 
-    # Task runner
-    just
+      # C stuff
+      gnumake
+      gcc
 
-    # bat is a better cat (as a program, at least)
-    bat
+      # Task runner
+      just
 
-    # mob.sh - git-powered pair/mob programming tool
-    mob
+      # bat is a better cat (as a program, at least)
+      bat
 
-    htop
+      # mob.sh - git-powered pair/mob programming tool
+      mob
 
-    pandoc
+      htop
 
-    # PHP & composer
-    php82
-    php82Packages.composer
+      pandoc
 
-    # Bun is a Node alternative
-    unstable.bun
+      # PHP & composer
+      php82
+      php82Packages.composer
 
-    esbuild
+      # Bun is a Node alternative
+      unstable.bun
 
-    # Latex stuff TODO: move to a module
-    # texlive.combined.scheme-full
-    # GNU roff - typesetting, pdf converting stuff
-    groff
+      esbuild
 
-    # Haskell
-    cabal-install
-    ghc
-  ];
+      # Latex stuff TODO: move to a module
+      # texlive.combined.scheme-full
+      # GNU roff - typesetting, pdf converting stuff
+      groff
 
-  # Let Home Manager install and manage itself.
-  programs.home-manager.enable = true;
+      # Haskell
+      cabal-install
+      ghc
+    ];
 
-  # Regardlass of whether I'm using Bash (I'm not),
-  # I need an up-to-date binary for nix-shell and some other settings in ".profile" that
-  # are only there when `bash` is enabled.
-  # programs.bash.enable = true;
+    # Let Home Manager install and manage itself.
+    programs.home-manager.enable = true;
 
-  programs.man.enable = true;
+    home.file.test-graphical = {
+      text =
+        if config.graphical
+        then "Graphical :D"
+        else "Not Graphical :(";
+    };
 
-  modules.scripts.enable = true;
+    # Regardlass of whether I'm using Bash (I'm not),
+    # I need an up-to-date binary for nix-shell and some other settings in ".profile" that
+    # are only there when `bash` is enabled.
+    # programs.bash.enable = true;
 
-  modules.shell.zsh.enable = true;
-  modules.shell.zsh.aliases.ungron = "gron --ungron";
+    programs.man.enable = true;
 
-  modules.shell.tmux.enable = true;
-  modules.shell.gnupg = {
-    enable = true;
-    public_key = "03746612698994281D322B09923BC5E9B4E9509B";
-    keygrip = "1050A7CD50EAFCD36E696470775BC39D6FFA47A4";
-  };
+    modules.scripts.enable = true;
 
-  modules.shell.git.enable = true;
-  modules.shell.direnv.enable = true;
-
-  modules.editors.neovim.enable = true;
-  modules.editors.emacs.enable = true;
-  modules.editors.emacs.useNix = false;
-
-  modules.dev.rust.enable = true;
-  modules.dev.web.enable = true;
-  modules.dev.jsonnet.enable = true;
-  modules.dev.dhall.enable = true;
-  modules.dev.cloud.enable = true;
-
-  modules.dev.colima.enable = pkgs.stdenv.isDarwin; # I only need a docker runtime on MacOs
-
-  # Bit of a catch-all for LSP stuff until I find a better spot
-  # without having to create a new module for every one
-  modules.editors.lsp.enable = true;
-
-  modules.tools.vagrant.enable = false;
-  modules.tools.podman.enable = true;
-
-  modules.syncthing.enable = true;
-
-  modules.bitwarden.enable = false;
-  modules.password-store.enable = true;
-
-  modules.colorschemes.enable = false;
-
-  modules.tools.container.enable = true;
-  modules.tools.aws.enable = true;
-
-  modules.terminal.kitty.enable = true;
-
-  modules.shell.manix.enable = true;
-
-  nix = {
-    registry.nixpkgs.flake = inputs.nixpkgs;
-    settings = {
-      build-users-group = "nixbld";
-      experimental-features = [ "nix-command flakes" ];
-      cores = 0;
-      max-jobs = "32";
-      trusted-users = [ "root" "tibor" "tibor.pilz" ];
-      trusted-substituters = [ "https://cache.nixos.org/" "https://tiborpilz.cachix.org/" ];
-      substituters = [
-        "https://cache.nixos.org/"
-        "https://nix-community.cachix.org/"
-        "https://tiborpilz.cachix.org/"
-        "https://cache.garnix.io"
-      ];
-      trusted-public-keys = [
-        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
-        "tiborpilz.cachix.org-1:KyBjAXY8eblxntQ+OG13IjT+M222VxT+25yw1lqnQS4="
-        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-        "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
-      ];
-      system-features = [ "big-parallel" "kvm" "recursive-nix" ];
+    modules.shell.zsh.enable = true;
+    modules.shell.zsh.aliases.ungron = "gron --ungron";
+
+    modules.shell.tmux.enable = true;
+    modules.shell.gnupg = {
+      enable = true;
+      public_key = "03746612698994281D322B09923BC5E9B4E9509B";
+      keygrip = "1050A7CD50EAFCD36E696470775BC39D6FFA47A4";
     };
-  };
 
-  # Copy Nix-installed MacOS applications to the home application folder, while resolving symlinks
-  # This is due to spotlight not resolving symlinks for some reason
-  # TODO: check if this will still work with a nix-managed doom config
+    modules.shell.git.enable = true;
+    modules.shell.direnv.enable = true;
+
+    modules.editors.neovim.enable = true;
+    modules.editors.emacs.enable = true;
+    modules.editors.emacs.useNix = false;
+
+    modules.dev.rust.enable = true;
+    modules.dev.web.enable = true;
+    modules.dev.jsonnet.enable = true;
+    modules.dev.dhall.enable = true;
+    modules.dev.cloud.enable = true;
+
+    modules.dev.colima.enable = pkgs.stdenv.isDarwin; # I only need a docker runtime on MacOs
+
+    # Bit of a catch-all for LSP stuff until I find a better spot
+    # without having to create a new module for every one
+    modules.editors.lsp.enable = true;
+
+    modules.tools.vagrant.enable = false;
+    modules.tools.podman.enable = true;
+
+    modules.syncthing.enable = true;
+
+    modules.bitwarden.enable = false;
+    modules.password-store.enable = true;
+
+    modules.colorschemes.enable = false;
+
+    modules.tools.container.enable = true;
+    modules.tools.aws.enable = true;
+
+    modules.terminal.kitty.enable = true;
+
+    modules.shell.manix.enable = true;
+
+    nix = {
+      registry.nixpkgs.flake = inputs.nixpkgs;
+      settings = {
+        build-users-group = "nixbld";
+        experimental-features = [ "nix-command flakes" ];
+        cores = 0;
+        max-jobs = "32";
+        trusted-users = [ "root" "tibor" "tibor.pilz" ];
+        trusted-substituters = [ "https://cache.nixos.org/" "https://tiborpilz.cachix.org/" ];
+        substituters = [
+          "https://cache.nixos.org/"
+          "https://nix-community.cachix.org/"
+          "https://tiborpilz.cachix.org/"
+          "https://cache.garnix.io"
+        ];
+        trusted-public-keys = [
+          "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+          "tiborpilz.cachix.org-1:KyBjAXY8eblxntQ+OG13IjT+M222VxT+25yw1lqnQS4="
+          "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+          "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
+        ];
+        system-features = [ "big-parallel" "kvm" "recursive-nix" ];
+      };
+    };
+  };
 }
diff --git a/home/modules/bitwarden.nix b/home/modules/bitwarden.nix
index 2d7e339..a6c8a4a 100644
--- a/home/modules/bitwarden.nix
+++ b/home/modules/bitwarden.nix
@@ -4,7 +4,8 @@ with lib;
 let
   cfg = config.modules.bitwarden;
   mylib = import ../../lib { inherit inputs pkgs lib; };
-in {
+in
+{
   options.modules.bitwarden = {
     enable = mylib.mkBoolOpt false;
   };
diff --git a/home/modules/editors/emacs.nix b/home/modules/editors/emacs.nix
index fe58f1e..473b0b9 100644
--- a/home/modules/editors/emacs.nix
+++ b/home/modules/editors/emacs.nix
@@ -112,7 +112,8 @@ in
     # home.sessionVariables.DOOMDIR = (if !cfg.useNix then "${config.home.homeDirectory}/.config/nixos/home/config/doom" else "");
 
     home.activation.installDoomEmacs =
-      let activationScript = ''
+      let
+        activationScript = ''
           if [ ! -d ".config/emacs" ]; then
               ${pkgs.git}/bin/git clone --depth=1 --single-branch https://github.com/doomemacs/doomemacs ".config/emacs"
           fi
@@ -128,6 +129,7 @@ in
           # fi
           # .config/emacs/bin/doom sync
         '';
-      in (lib.hm.dag.entryAfter ["WriteBoundary"] (if cfg.useNix then "" else activationScript ));
+      in
+      (lib.hm.dag.entryAfter [ "WriteBoundary" ] (if cfg.useNix then "" else activationScript));
   };
 }
diff --git a/home/modules/editors/lsp.nix b/home/modules/editors/lsp.nix
index b983933..43b8cd8 100644
--- a/home/modules/editors/lsp.nix
+++ b/home/modules/editors/lsp.nix
@@ -1,4 +1,4 @@
-{ lib, pkgs, inputs, config, ...}:
+{ lib, pkgs, inputs, config, ... }:
 with lib;
 let
   cfg = config.modules.editors.lsp;
diff --git a/home/modules/gui/terminal/alacritty.nix b/home/modules/gui/terminal/alacritty.nix
index 56be2f2..f30bfaf 100644
--- a/home/modules/gui/terminal/alacritty.nix
+++ b/home/modules/gui/terminal/alacritty.nix
@@ -2,7 +2,7 @@
 
 let
   cfg = config.modules.alacritty;
-  in
+in
 with lib;
 {
   # options.modules.gui.alacritty = {
diff --git a/home/modules/password-store.nix b/home/modules/password-store.nix
index 56a2b92..f78c84d 100644
--- a/home/modules/password-store.nix
+++ b/home/modules/password-store.nix
@@ -4,7 +4,8 @@ with lib;
 let
   cfg = config.modules.password-store;
   mylib = import ../../lib { inherit inputs lib pkgs; };
-in {
+in
+{
   options.modules.password-store = {
     enable = mylib.mkBoolOpt false;
     enable-sync = mylib.mkBoolOpt false;
diff --git a/home/modules/shell/gnupg.nix b/home/modules/shell/gnupg.nix
index 4e65bb8..d4c34bd 100644
--- a/home/modules/shell/gnupg.nix
+++ b/home/modules/shell/gnupg.nix
@@ -26,14 +26,16 @@ in
 
     # Automatically import public key from keyserver and, if connected, yubikey
     home.activation = {
-      importGpgKeys = let
-        gpg = "${pkgs.gnupg}/bin/gpg";
-        keyid = cfg.public_key;
-      in mkIf (cfg.public_key != "")
-        (lib.hm.dag.entryAfter [ "linkGeneration"] ''
-          ${gpg} --list-keys ${keyid} > /dev/null 2>&1 || ${gpg} --recv-keys ${keyid} > /dev/null 2>&1 || echo "Error during gpg import: No key!"
-          ${gpg} --list-secret-keys ${keyid} > /dev/null 2>&1 || ${gpg} --card-status > /dev/null 2>&1 || echo "Error during gpg import: No card!"
-        '');
+      importGpgKeys =
+        let
+          gpg = "${pkgs.gnupg}/bin/gpg";
+          keyid = cfg.public_key;
+        in
+        mkIf (cfg.public_key != "")
+          (lib.hm.dag.entryAfter [ "linkGeneration" ] ''
+            ${gpg} --list-keys ${keyid} > /dev/null 2>&1 || ${gpg} --recv-keys ${keyid} > /dev/null 2>&1 || echo "Error during gpg import: No key!"
+            ${gpg} --list-secret-keys ${keyid} > /dev/null 2>&1 || ${gpg} --card-status > /dev/null 2>&1 || echo "Error during gpg import: No card!"
+          '');
     };
 
     home.file.".gnupg/gpg-agent.conf" = {
diff --git a/home/modules/util/create-applications.nix b/home/modules/util/create-applications.nix
index 0448933..b3c85ed 100644
--- a/home/modules/util/create-applications.nix
+++ b/home/modules/util/create-applications.nix
@@ -2,23 +2,25 @@
 with lib;
 {
   home.activation = mkIf pkgs.stdenv.isDarwin {
-    copyApplications = let
-      apps = pkgs.buildEnv {
-        name = "home-manager-applications";
-        paths = config.home.packages;
-        pathsToLink = "/Applications";
-      };
-    in lib.hm.dag.entryAfter [ "writeBoundary" ] ''
-      base_dir="$HOME/Applications/hm-apps"
-      if [ -d "$base_dir" ]; then
-        rm -rf "$base_dir"
-      fi
-      mkdir -p "$base_dir"
-      for app_file in ${apps}/Applications/*; do
-        target="$base_dir/$(basename "$app_file")"
-        $DRY_RUN_CMD cp ''${VERBOSE_ARG:+-v} -fHRL "$app_file" "$base_dir"
-        $DRY_RUN_CMD chmod ''${VERBOSE_ARG:+-v} -R +w "$target"
-      done
-    '';
+    copyApplications =
+      let
+        apps = pkgs.buildEnv {
+          name = "home-manager-applications";
+          paths = config.home.packages;
+          pathsToLink = "/Applications";
+        };
+      in
+      lib.hm.dag.entryAfter [ "writeBoundary" ] ''
+        base_dir="$HOME/Applications/hm-apps"
+        if [ -d "$base_dir" ]; then
+          rm -rf "$base_dir"
+        fi
+        mkdir -p "$base_dir"
+        for app_file in ${apps}/Applications/*; do
+          target="$base_dir/$(basename "$app_file")"
+          $DRY_RUN_CMD cp ''${VERBOSE_ARG:+-v} -fHRL "$app_file" "$base_dir"
+          $DRY_RUN_CMD chmod ''${VERBOSE_ARG:+-v} -R +w "$target"
+        done
+      '';
   };
 }
diff --git a/hosts/darwin/bigmac/default.nix b/hosts/darwin/bigmac/default.nix
index 844c1aa..d768c5c 100644
--- a/hosts/darwin/bigmac/default.nix
+++ b/hosts/darwin/bigmac/default.nix
@@ -5,7 +5,7 @@ with lib;
   options = {
     systemd = mkOption {
       type = types.attrs;
-      default = {};
+      default = { };
     };
   };
 
diff --git a/hosts/nixos/klaus/default.nix b/hosts/nixos/klaus/default.nix
index be3cf5f..ea2fde9 100644
--- a/hosts/nixos/klaus/default.nix
+++ b/hosts/nixos/klaus/default.nix
@@ -63,7 +63,7 @@ with lib;
       driSupport32Bit = true;
     };
 
-    services.xserver.videoDrivers = ["nvidia"];
+    services.xserver.videoDrivers = [ "nvidia" ];
 
     hardware.nvidia = {
       modesetting.enable = true;
diff --git a/hosts/nixos/klaus/hardware-configuration.nix b/hosts/nixos/klaus/hardware-configuration.nix
index e840ba5..6d78bd9 100644
--- a/hosts/nixos/klaus/hardware-configuration.nix
+++ b/hosts/nixos/klaus/hardware-configuration.nix
@@ -5,7 +5,8 @@
 
 {
   imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
     ];
 
   boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
@@ -14,7 +15,7 @@
   boot.extraModulePackages = [ ];
 
   fileSystems."/" =
-    { 
+    {
       device = "/dev/disk/by-uuid/bb4ae743-fe70-4f6c-9524-20e824755caa";
       fsType = "ext4";
     };
@@ -26,10 +27,10 @@
     };
 
   fileSystems."/data" =
-   {
-     device = "zpool/data";
-     fsType = "zfs";
-   };
+    {
+      device = "zpool/data";
+      fsType = "zfs";
+    };
 
   swapDevices = [ ];
 
diff --git a/hosts/nixos/minithink/default.nix b/hosts/nixos/minithink/default.nix
index ce7ebdb..90bd1bb 100644
--- a/hosts/nixos/minithink/default.nix
+++ b/hosts/nixos/minithink/default.nix
@@ -1,7 +1,7 @@
 { pkgs, ... }:
 
 {
-  imports = [./hardware-configuration.nix];
+  imports = [ ./hardware-configuration.nix ];
 
   config = {
     # Bootloader.
diff --git a/hosts/nixos/minithink/hardware-configuration.nix b/hosts/nixos/minithink/hardware-configuration.nix
index ed61cba..b637268 100644
--- a/hosts/nixos/minithink/hardware-configuration.nix
+++ b/hosts/nixos/minithink/hardware-configuration.nix
@@ -4,7 +4,7 @@
 { config, lib, pkgs, modulesPath, ... }:
 
 {
-  imports = [(modulesPath + "/installer/scan/not-detected.nix")];
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
 
   boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" ];
   boot.initrd.kernelModules = [ ];
@@ -12,27 +12,32 @@
   boot.extraModulePackages = [ ];
 
   fileSystems."/" =
-    { device = "rpool/local/root";
+    {
+      device = "rpool/local/root";
       fsType = "zfs";
     };
 
   fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/b4dcebdd-300c-419a-9ab7-56ec66271074";
+    {
+      device = "/dev/disk/by-uuid/b4dcebdd-300c-419a-9ab7-56ec66271074";
       fsType = "ext4";
     };
 
   fileSystems."/nix" =
-    { device = "rpool/local/nix";
+    {
+      device = "rpool/local/nix";
       fsType = "zfs";
     };
 
   fileSystems."/home" =
-    { device = "rpool/safe/home";
+    {
+      device = "rpool/safe/home";
       fsType = "zfs";
     };
 
   fileSystems."/persist" =
-    { device = "rpool/safe/persist";
+    {
+      device = "rpool/safe/persist";
       fsType = "zfs";
     };
 
diff --git a/hosts/nixos/thinkyMcThinkpad/default.nix b/hosts/nixos/thinkyMcThinkpad/default.nix
index ce980df..d3e3dcc 100644
--- a/hosts/nixos/thinkyMcThinkpad/default.nix
+++ b/hosts/nixos/thinkyMcThinkpad/default.nix
@@ -55,7 +55,7 @@
     services.xserver = {
       enable = true;
 
-      desktopManager.plasma5.enable = true;
+      desktopManager.plasma6.enable = true;
 
       xkb = {
         layout = "us";
@@ -116,7 +116,9 @@
     };
 
     # Use home-manager
+    # (./modules/nixos/home.nix)
     home.enable = true;
+    home.graphical = true;
 
     # modules.services.paperless.enable = true;
 
diff --git a/lib/nixos.nix b/lib/nixos.nix
index be81425..e204075 100644
--- a/lib/nixos.nix
+++ b/lib/nixos.nix
@@ -4,7 +4,7 @@ with lib;
 with lib.my;
 let sys = "x86_64-linux";
 in {
-  mkHostAttrs = path: attrs @ { system ? sys, modules ? [], ... }:
+  mkHostAttrs = path: attrs @ { system ? sys, modules ? [ ], ... }:
     let isDarwin = system == "x86_64-darwin";
     in {
       inherit system;
diff --git a/modules/nixos/home.nix b/modules/nixos/home.nix
index 0a00294..880060b 100644
--- a/modules/nixos/home.nix
+++ b/modules/nixos/home.nix
@@ -1,4 +1,4 @@
-{ config, options, inputs, lib, home-manager, ... }:
+{ config, options, inputs, lib, ... }:
 
 with lib;
 with lib.my;
@@ -14,6 +14,7 @@ in
     enable = mkBoolOpt true;
     file = mkOpt' attrs { } "Files to place directly in $HOME";
     configFile = mkOpt' attrs { } "Files to place in $XDG_CONFIG_HOME";
+    graphical = mkBoolOpt false;
   };
 
   config = mkIf cfg.enable {
@@ -31,6 +32,7 @@ in
         imports = [ ../../home ];
         home.file = mkAliasDefinitions options.home.file;
         xdg.configFile = mkAliasDefinitions options.home.configFile;
+        graphical = cfg.graphical;
       }
     ];
 
diff --git a/modules/nixos/podgroups.nix b/modules/nixos/podgroups.nix
index fceb15d..6ffcd89 100644
--- a/modules/nixos/podgroups.nix
+++ b/modules/nixos/podgroups.nix
@@ -17,7 +17,7 @@ let
       ports = mkOption {
         type = types.listOf types.str;
         description = "Port bindings";
-        example = ["80:8080"];
+        example = [ "80:8080" ];
       };
 
       containers = mkOption {
@@ -44,18 +44,19 @@ let
   #   };
   # };
 
-  mkService = name: pod: let
-    ports = if pod.port != "" then [ pod.port ] else pod.ports;
-    portFlags = concatMapStringsSep " " (port: "-p ${port}") ports;
-  in
+  mkService = name: pod:
+    let
+      ports = if pod.port != "" then [ pod.port ] else pod.ports;
+      portFlags = concatMapStringsSep " " (port: "-p ${port}") ports;
+    in
     {
       serviceConfig.Type = "oneshot";
       wantedBy = map (containerName: "podman-${containerName}.service")
         (podContainerNames name pod);
       script = ''
-      ${pkgs.podman}/bin/podman pod exists ${name}-pod || \
-      ${pkgs.podman}/bin/podman pod create -n ${name}-pod ${portFlags}
-    '';
+        ${pkgs.podman}/bin/podman pod exists ${name}-pod || \
+        ${pkgs.podman}/bin/podman pod create -n ${name}-pod ${portFlags}
+      '';
     };
 
   mkContainers = pods:
diff --git a/modules/nixos/services/firefly-iii.nix b/modules/nixos/services/firefly-iii.nix
index ca13940..23f4aad 100644
--- a/modules/nixos/services/firefly-iii.nix
+++ b/modules/nixos/services/firefly-iii.nix
@@ -17,7 +17,7 @@ in
       default = "/data/firefly-iii";
     };
     fints = mkOption {
-      default = {};
+      default = { };
       description = ''
         Paths to sops-encrypted files containing the configuration for the respective bank.
       '';
@@ -66,8 +66,8 @@ in
 
     virtualisation.oci-containers.containers.firefly-iii = {
       image = "docker.io/fireflyiii/core:latest";
-      ports = ["${toString fireflyPort}:8080"];
-      extraOptions = ["--network=firefly-iii"];
+      ports = [ "${toString fireflyPort}:8080" ];
+      extraOptions = [ "--network=firefly-iii" ];
       volumes = [
         "${cfg.baseDir}/storage/upload:/var/www/html/storage/upload"
         "${cfg.baseDir}/storage/database:/var/www/html/storage/database"
@@ -90,8 +90,8 @@ in
 
     virtualisation.oci-containers.containers.firefly-fints-importer = {
       image = "docker.io/benkl/firefly-iii-fints-importer:latest";
-      extraOptions = ["--network=firefly-iii"];
-      ports = ["${toString fintsPort}:8080"];
+      extraOptions = [ "--network=firefly-iii" ];
+      ports = [ "${toString fintsPort}:8080" ];
       volumes = [
         "${cfg.configDir}/copies:/app/configurations"
       ];
diff --git a/modules/nixos/services/linkding.nix b/modules/nixos/services/linkding.nix
index 1283dd6..8a6e20f 100644
--- a/modules/nixos/services/linkding.nix
+++ b/modules/nixos/services/linkding.nix
@@ -33,7 +33,7 @@ with mylib;
         LD_CONTAINER_NAME = "linkding";
         LD_HOST_PORT = "9090";
         LD_HOST_DATA_DIR = "./data";
-        LD_SUPERUSER_NAME= "admin";
+        LD_SUPERUSER_NAME = "admin";
         LD_SUPERUSER_PASSWORD = "changeme";
         LD_DISABLE_BACKGROUND_TASKS = "False";
         LD_DISABLE_URL_VALIDATION = "False";
diff --git a/modules/nixos/services/media/photoprism.nix b/modules/nixos/services/media/photoprism.nix
index 5d2fdee..47328a0 100644
--- a/modules/nixos/services/media/photoprism.nix
+++ b/modules/nixos/services/media/photoprism.nix
@@ -32,37 +32,37 @@ in
           "${photoprismDataDir}/storage:/photoprism/storage"
         ];
         environment = {
-          "PHOTOPRISM_ADMIN_USER" = "admin";                 # admin login username
-          "PHOTOPRISM_ADMIN_PASSWORD" = "insecure";          # initial admin password (8-72 characters)
-          "PHOTOPRISM_AUTH_MODE" = "password";               # authentication mode (public, password)
+          "PHOTOPRISM_ADMIN_USER" = "admin"; # admin login username
+          "PHOTOPRISM_ADMIN_PASSWORD" = "insecure"; # initial admin password (8-72 characters)
+          "PHOTOPRISM_AUTH_MODE" = "password"; # authentication mode (public, password)
           "PHOTOPRISM_SITE_URL" = "https://photoprism.${config.modules.services.reverseProxy.hostname}";
-          "PHOTOPRISM_DISABLE_TLS" = "true";                # disables HTTPS/TLS even if the site URL starts with https:// and a certificate is available
-          "PHOTOPRISM_DEFAULT_TLS" = "false";                 # defaults to a self-signed HTTPS/TLS certificate if no other certificate is available
-          "PHOTOPRISM_ORIGINALS_LIMIT" = "5000";               # file size limit for originals in MB (increase for high-res video)
-          "PHOTOPRISM_HTTP_COMPRESSION" = "gzip";            # improves transfer speed and bandwidth utilization (none or gzip)
-          "PHOTOPRISM_LOG_LEVEL" = "info";                   # log level: trace, debug, info, warning, error, fatal, or panic
-          "PHOTOPRISM_READONLY" = "false";                   # do not modify originals directory (reduced functionality)
-          "PHOTOPRISM_EXPERIMENTAL" = "false";               # enables experimental features
-          "PHOTOPRISM_DISABLE_CHOWN" = "false";              # disables updating storage permissions via chmod and chown on startup
-          "PHOTOPRISM_DISABLE_WEBDAV" = "false";             # disables built-in WebDAV server
-          "PHOTOPRISM_DISABLE_SETTINGS" = "false";           # disables settings UI and API
-          "PHOTOPRISM_DISABLE_TENSORFLOW" = "false";         # disables all features depending on TensorFlow
-          "PHOTOPRISM_DISABLE_FACES" = "false";              # disables face detection and recognition (requires TensorFlow)
-          "PHOTOPRISM_DISABLE_CLASSIFICATION" = "false";     # disables image classification (requires TensorFlow)
-          "PHOTOPRISM_DISABLE_VECTORS" = "false";            # disables vector graphics support
-          "PHOTOPRISM_DISABLE_RAW" = "false";                # disables indexing and conversion of RAW images
-          "PHOTOPRISM_RAW_PRESETS" = "false";                # enables applying user presets when converting RAW images (reduces performance)
-          "PHOTOPRISM_JPEG_QUALITY" = "85";                    # a higher value increases the quality and file size of JPEG images and thumbnails (25-100)
-          "PHOTOPRISM_DETECT_NSFW" = "false";                # automatically flags photos as private that MAY be offensive (requires TensorFlow)
-          "PHOTOPRISM_UPLOAD_NSFW" = "true";                 # allows uploads that MAY be offensive (no effect without TensorFlow);;;;;;;;
-          "PHOTOPRISM_DATABASE_DRIVER" = "mysql";            # use MariaDB 10.5+ or MySQL 8+ instead of SQLite for improved performance
-          "PHOTOPRISM_DATABASE_SERVER" = "localhost:3306";   # MariaDB or MySQL database server (hostname:port)
-          "PHOTOPRISM_DATABASE_NAME" = db_name;              # MariaDB or MySQL database schema name
-          "PHOTOPRISM_DATABASE_USER" = db_user;               # MariaDB or MySQL database user name
-          "PHOTOPRISM_DATABASE_PASSWORD" = db_password;       # MariaDB or MySQL database user password
+          "PHOTOPRISM_DISABLE_TLS" = "true"; # disables HTTPS/TLS even if the site URL starts with https:// and a certificate is available
+          "PHOTOPRISM_DEFAULT_TLS" = "false"; # defaults to a self-signed HTTPS/TLS certificate if no other certificate is available
+          "PHOTOPRISM_ORIGINALS_LIMIT" = "5000"; # file size limit for originals in MB (increase for high-res video)
+          "PHOTOPRISM_HTTP_COMPRESSION" = "gzip"; # improves transfer speed and bandwidth utilization (none or gzip)
+          "PHOTOPRISM_LOG_LEVEL" = "info"; # log level: trace, debug, info, warning, error, fatal, or panic
+          "PHOTOPRISM_READONLY" = "false"; # do not modify originals directory (reduced functionality)
+          "PHOTOPRISM_EXPERIMENTAL" = "false"; # enables experimental features
+          "PHOTOPRISM_DISABLE_CHOWN" = "false"; # disables updating storage permissions via chmod and chown on startup
+          "PHOTOPRISM_DISABLE_WEBDAV" = "false"; # disables built-in WebDAV server
+          "PHOTOPRISM_DISABLE_SETTINGS" = "false"; # disables settings UI and API
+          "PHOTOPRISM_DISABLE_TENSORFLOW" = "false"; # disables all features depending on TensorFlow
+          "PHOTOPRISM_DISABLE_FACES" = "false"; # disables face detection and recognition (requires TensorFlow)
+          "PHOTOPRISM_DISABLE_CLASSIFICATION" = "false"; # disables image classification (requires TensorFlow)
+          "PHOTOPRISM_DISABLE_VECTORS" = "false"; # disables vector graphics support
+          "PHOTOPRISM_DISABLE_RAW" = "false"; # disables indexing and conversion of RAW images
+          "PHOTOPRISM_RAW_PRESETS" = "false"; # enables applying user presets when converting RAW images (reduces performance)
+          "PHOTOPRISM_JPEG_QUALITY" = "85"; # a higher value increases the quality and file size of JPEG images and thumbnails (25-100)
+          "PHOTOPRISM_DETECT_NSFW" = "false"; # automatically flags photos as private that MAY be offensive (requires TensorFlow)
+          "PHOTOPRISM_UPLOAD_NSFW" = "true"; # allows uploads that MAY be offensive (no effect without TensorFlow);;;;;;;;
+          "PHOTOPRISM_DATABASE_DRIVER" = "mysql"; # use MariaDB 10.5+ or MySQL 8+ instead of SQLite for improved performance
+          "PHOTOPRISM_DATABASE_SERVER" = "localhost:3306"; # MariaDB or MySQL database server (hostname:port)
+          "PHOTOPRISM_DATABASE_NAME" = db_name; # MariaDB or MySQL database schema name
+          "PHOTOPRISM_DATABASE_USER" = db_user; # MariaDB or MySQL database user name
+          "PHOTOPRISM_DATABASE_PASSWORD" = db_password; # MariaDB or MySQL database user password
           "PHOTOPRISM_SITE_CAPTION" = "AI-P;owered Photos App";
-          "PHOTOPRISM_SITE_DESCRIPTION" = "";                # meta site description
-          "PHOTOPRISM_SITE_AUTHOR" = "";                     # meta site author
+          "PHOTOPRISM_SITE_DESCRIPTION" = ""; # meta site description
+          "PHOTOPRISM_SITE_AUTHOR" = ""; # meta site author
         };
       };
 
diff --git a/modules/nixos/services/media/qbittorrent.nix b/modules/nixos/services/media/qbittorrent.nix
index e51e0e3..225543c 100644
--- a/modules/nixos/services/media/qbittorrent.nix
+++ b/modules/nixos/services/media/qbittorrent.nix
@@ -22,81 +22,81 @@ in
 
   config = mkIf cfg.enable {
     system.activationScripts.initQbittorrent = stringAfter [ "var" ] ''
-      # Create config directory
-      mkdir -p ${qbittorrentConfigDir}/openvpn
+            # Create config directory
+            mkdir -p ${qbittorrentConfigDir}/openvpn
 
-      echo << EOF > ${qbittorrentConfigDir}/openvpn/sweden.ovpn
-client
-dev tun
-proto udp
-remote sweden.privacy.network 1198
-resolv-retry infinite
-nobind
-persist-key
-persist-tun
-cipher aes-128-cbc
-auth sha1
-tls-client
-remote-cert-tls server
+            echo << EOF > ${qbittorrentConfigDir}/openvpn/sweden.ovpn
+      client
+      dev tun
+      proto udp
+      remote sweden.privacy.network 1198
+      resolv-retry infinite
+      nobind
+      persist-key
+      persist-tun
+      cipher aes-128-cbc
+      auth sha1
+      tls-client
+      remote-cert-tls server
 
-auth-user-pass
-compress
-verb 1
-reneg-sec 0
-<crl-verify>
------BEGIN X509 CRL-----
-MIICWDCCAUAwDQYJKoZIhvcNAQENBQAwgegxCzAJBgNVBAYTAlVTMQswCQYDVQQI
-EwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRl
-cm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAw
-HgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0
-ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRl
-aW50ZXJuZXRhY2Nlc3MuY29tFw0xNjA3MDgxOTAwNDZaFw0zNjA3MDMxOTAwNDZa
-MCYwEQIBARcMMTYwNzA4MTkwMDQ2MBECAQYXDDE2MDcwODE5MDA0NjANBgkqhkiG
-9w0BAQ0FAAOCAQEAQZo9X97ci8EcPYu/uK2HB152OZbeZCINmYyluLDOdcSvg6B5
-jI+ffKN3laDvczsG6CxmY3jNyc79XVpEYUnq4rT3FfveW1+Ralf+Vf38HdpwB8EW
-B4hZlQ205+21CALLvZvR8HcPxC9KEnev1mU46wkTiov0EKc+EdRxkj5yMgv0V2Re
-ze7AP+NQ9ykvDScH4eYCsmufNpIjBLhpLE2cuZZXBLcPhuRzVoU3l7A9lvzG9mjA
-5YijHJGHNjlWFqyrn1CfYS6koa4TGEPngBoAziWRbDGdhEgJABHrpoaFYaL61zqy
-MR6jC0K2ps9qyZAN74LEBedEfK7tBOzWMwr58A==
------END X509 CRL-----
-</crl-verify>
+      auth-user-pass
+      compress
+      verb 1
+      reneg-sec 0
+      <crl-verify>
+      -----BEGIN X509 CRL-----
+      MIICWDCCAUAwDQYJKoZIhvcNAQENBQAwgegxCzAJBgNVBAYTAlVTMQswCQYDVQQI
+      EwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRl
+      cm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAw
+      HgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0
+      ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRl
+      aW50ZXJuZXRhY2Nlc3MuY29tFw0xNjA3MDgxOTAwNDZaFw0zNjA3MDMxOTAwNDZa
+      MCYwEQIBARcMMTYwNzA4MTkwMDQ2MBECAQYXDDE2MDcwODE5MDA0NjANBgkqhkiG
+      9w0BAQ0FAAOCAQEAQZo9X97ci8EcPYu/uK2HB152OZbeZCINmYyluLDOdcSvg6B5
+      jI+ffKN3laDvczsG6CxmY3jNyc79XVpEYUnq4rT3FfveW1+Ralf+Vf38HdpwB8EW
+      B4hZlQ205+21CALLvZvR8HcPxC9KEnev1mU46wkTiov0EKc+EdRxkj5yMgv0V2Re
+      ze7AP+NQ9ykvDScH4eYCsmufNpIjBLhpLE2cuZZXBLcPhuRzVoU3l7A9lvzG9mjA
+      5YijHJGHNjlWFqyrn1CfYS6koa4TGEPngBoAziWRbDGdhEgJABHrpoaFYaL61zqy
+      MR6jC0K2ps9qyZAN74LEBedEfK7tBOzWMwr58A==
+      -----END X509 CRL-----
+      </crl-verify>
 
-<ca>
------BEGIN CERTIFICATE-----
-MIIFqzCCBJOgAwIBAgIJAKZ7D5Yv87qDMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYD
-VQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNV
-BAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIElu
-dGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3Mx
-IDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkB
-FiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTAeFw0xNDA0MTcxNzM1
-MThaFw0zNDA0MTIxNzM1MThaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex
-EzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQg
-QWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UE
-AxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50
-ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVy
-bmV0YWNjZXNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPXD
-L1L9tX6DGf36liA7UBTy5I869z0UVo3lImfOs/GSiFKPtInlesP65577nd7UNzzX
-lH/P/CnFPdBWlLp5ze3HRBCc/Avgr5CdMRkEsySL5GHBZsx6w2cayQ2EcRhVTwWp
-cdldeNO+pPr9rIgPrtXqT4SWViTQRBeGM8CDxAyTopTsobjSiYZCF9Ta1gunl0G/
-8Vfp+SXfYCC+ZzWvP+L1pFhPRqzQQ8k+wMZIovObK1s+nlwPaLyayzw9a8sUnvWB
-/5rGPdIYnQWPgoNlLN9HpSmsAcw2z8DXI9pIxbr74cb3/HSfuYGOLkRqrOk6h4RC
-OfuWoTrZup1uEOn+fw8CAwEAAaOCAVQwggFQMB0GA1UdDgQWBBQv63nQ/pJAt5tL
-y8VJcbHe22ZOsjCCAR8GA1UdIwSCARYwggESgBQv63nQ/pJAt5tLy8VJcbHe22ZO
-sqGB7qSB6zCB6DELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpM
-b3NBbmdlbGVzMSAwHgYDVQQKExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4G
-A1UECxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAMTF1ByaXZhdGUg
-SW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQpExdQcml2YXRlIEludGVybmV0IEFjY2Vz
-czEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5j
-b22CCQCmew+WL/O6gzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQAn
-a5PgrtxfwTumD4+3/SYvwoD66cB8IcK//h1mCzAduU8KgUXocLx7QgJWo9lnZ8xU
-ryXvWab2usg4fqk7FPi00bED4f4qVQFVfGfPZIH9QQ7/48bPM9RyfzImZWUCenK3
-7pdw4Bvgoys2rHLHbGen7f28knT2j/cbMxd78tQc20TIObGjo8+ISTRclSTRBtyC
-GohseKYpTS9himFERpUgNtefvYHbn70mIOzfOJFTVqfrptf9jXa9N8Mpy3ayfodz
-1wiqdteqFXkTYoSDctgKMiZ6GdocK9nMroQipIQtpnwd4yBDWIyC6Bvlkrq5TQUt
-YDQ8z9v+DMO6iwyIDRiU
------END CERTIFICATE-----
-</ca>
-EOF
+      <ca>
+      -----BEGIN CERTIFICATE-----
+      MIIFqzCCBJOgAwIBAgIJAKZ7D5Yv87qDMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYD
+      VQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNV
+      BAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIElu
+      dGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3Mx
+      IDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkB
+      FiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTAeFw0xNDA0MTcxNzM1
+      MThaFw0zNDA0MTIxNzM1MThaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex
+      EzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQg
+      QWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UE
+      AxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50
+      ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVy
+      bmV0YWNjZXNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPXD
+      L1L9tX6DGf36liA7UBTy5I869z0UVo3lImfOs/GSiFKPtInlesP65577nd7UNzzX
+      lH/P/CnFPdBWlLp5ze3HRBCc/Avgr5CdMRkEsySL5GHBZsx6w2cayQ2EcRhVTwWp
+      cdldeNO+pPr9rIgPrtXqT4SWViTQRBeGM8CDxAyTopTsobjSiYZCF9Ta1gunl0G/
+      8Vfp+SXfYCC+ZzWvP+L1pFhPRqzQQ8k+wMZIovObK1s+nlwPaLyayzw9a8sUnvWB
+      /5rGPdIYnQWPgoNlLN9HpSmsAcw2z8DXI9pIxbr74cb3/HSfuYGOLkRqrOk6h4RC
+      OfuWoTrZup1uEOn+fw8CAwEAAaOCAVQwggFQMB0GA1UdDgQWBBQv63nQ/pJAt5tL
+      y8VJcbHe22ZOsjCCAR8GA1UdIwSCARYwggESgBQv63nQ/pJAt5tLy8VJcbHe22ZO
+      sqGB7qSB6zCB6DELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpM
+      b3NBbmdlbGVzMSAwHgYDVQQKExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4G
+      A1UECxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAMTF1ByaXZhdGUg
+      SW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQpExdQcml2YXRlIEludGVybmV0IEFjY2Vz
+      czEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5j
+      b22CCQCmew+WL/O6gzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQAn
+      a5PgrtxfwTumD4+3/SYvwoD66cB8IcK//h1mCzAduU8KgUXocLx7QgJWo9lnZ8xU
+      ryXvWab2usg4fqk7FPi00bED4f4qVQFVfGfPZIH9QQ7/48bPM9RyfzImZWUCenK3
+      7pdw4Bvgoys2rHLHbGen7f28knT2j/cbMxd78tQc20TIObGjo8+ISTRclSTRBtyC
+      GohseKYpTS9himFERpUgNtefvYHbn70mIOzfOJFTVqfrptf9jXa9N8Mpy3ayfodz
+      1wiqdteqFXkTYoSDctgKMiZ6GdocK9nMroQipIQtpnwd4yBDWIyC6Bvlkrq5TQUt
+      YDQ8z9v+DMO6iwyIDRiU
+      -----END CERTIFICATE-----
+      </ca>
+      EOF
     '';
 
     virtualisation.oci-containers.containers.qbittorrent = {
diff --git a/modules/nixos/services/nextcloud.nix b/modules/nixos/services/nextcloud.nix
index f82a8b7..0c6eff8 100644
--- a/modules/nixos/services/nextcloud.nix
+++ b/modules/nixos/services/nextcloud.nix
@@ -52,7 +52,7 @@ in
       isSystemUser = true;
       group = "nextcloud";
     };
-    users.groups.nextcloud = {};
+    users.groups.nextcloud = { };
 
     containers.nextcloud = {
       bindMounts."${cfg.adminpassFile}" = {
diff --git a/modules/nixos/services/reverseProxy.nix b/modules/nixos/services/reverseProxy.nix
index b206c58..b19ec20 100644
--- a/modules/nixos/services/reverseProxy.nix
+++ b/modules/nixos/services/reverseProxy.nix
@@ -140,12 +140,13 @@ in
             password = cfg.basicAuth.password;
             host = "${n}.${cfg.hostname}";
             targetHost = v.targetHost;
-          })) cfg.proxies // {
-            health = {
-              serverAliases = [ "http://health.${cfg.hostname}" ];
-              extraConfig = "respond \"OK\"";
-            };
+          }))
+          cfg.proxies // {
+          health = {
+            serverAliases = [ "http://health.${cfg.hostname}" ];
+            extraConfig = "respond \"OK\"";
           };
+        };
         enable = true;
         email = cfg.email;
         globalConfig = ''
diff --git a/node-env.nix b/node-env.nix
index bc1e366..c8df27c 100644
--- a/node-env.nix
+++ b/node-env.nix
@@ -1,6 +1,6 @@
 # This file originates from node2nix
 
-{lib, stdenv, nodejs, python2, pkgs, libtool, runCommand, writeTextFile, writeShellScript}:
+{ lib, stdenv, nodejs, python2, pkgs, libtool, runCommand, writeTextFile, writeShellScript }:
 
 let
   # Workaround to cope with utillinux in Nixpkgs 20.09 and util-linux in Nixpkgs master
@@ -9,7 +9,7 @@ let
   python = if nodejs ? python then nodejs.python else python2;
 
   # Create a tar wrapper that filters all the 'Ignoring unknown extended header keyword' noise
-  tarWrapper = runCommand "tarWrapper" {} ''
+  tarWrapper = runCommand "tarWrapper" { } ''
     mkdir -p $out/bin
 
     cat > $out/bin/tar <<EOF
@@ -90,26 +90,28 @@ let
   # Bundle the dependencies of the package
   #
   # Only include dependencies if they don't exist. They may also be bundled in the package.
-  includeDependencies = {dependencies}:
-    lib.optionalString (dependencies != []) (
+  includeDependencies = { dependencies }:
+    lib.optionalString (dependencies != [ ]) (
       ''
         mkdir -p node_modules
         cd node_modules
       ''
-      + (lib.concatMapStrings (dependency:
-        ''
-          if [ ! -e "${dependency.packageName}" ]; then
-              ${composePackage dependency}
-          fi
-        ''
-      ) dependencies)
+      + (lib.concatMapStrings
+        (dependency:
+          ''
+            if [ ! -e "${dependency.packageName}" ]; then
+                ${composePackage dependency}
+            fi
+          ''
+        )
+        dependencies)
       + ''
         cd ..
       ''
     );
 
   # Recursively composes the dependencies of a package
-  composePackage = { name, packageName, src, dependencies ? [], ... }@args:
+  composePackage = { name, packageName, src, dependencies ? [ ], ... }@args:
     builtins.addErrorContext "while evaluating node package '${packageName}'" ''
       installPackage "${packageName}" "${src}"
       ${includeDependencies { inherit dependencies; }}
@@ -117,7 +119,7 @@ let
       ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
     '';
 
-  pinpointDependencies = {dependencies, production}:
+  pinpointDependencies = { dependencies, production }:
     let
       pinpointDependenciesFromPackageJSON = writeTextFile {
         name = "pinpointDependencies.js";
@@ -194,7 +196,7 @@ let
   # dependencies in the package.json file to the versions that are actually
   # being used.
 
-  pinpointDependenciesOfPackage = { packageName, dependencies ? [], production ? true, ... }@args:
+  pinpointDependenciesOfPackage = { packageName, dependencies ? [ ], production ? true, ... }@args:
     ''
       if [ -d "${packageName}" ]
       then
@@ -207,7 +209,7 @@ let
 
   # Extract the Node.js source code which is used to compile packages with
   # native bindings
-  nodeSources = runCommand "node-sources" {} ''
+  nodeSources = runCommand "node-sources" { } ''
     tar --no-same-owner --no-same-permissions -xf ${nodejs.src}
     mv node-* $out
   '';
@@ -414,64 +416,64 @@ let
     '';
   };
 
-  prepareAndInvokeNPM = {packageName, bypassCache, reconstructLock, npmFlags, production}:
+  prepareAndInvokeNPM = { packageName, bypassCache, reconstructLock, npmFlags, production }:
     let
       forceOfflineFlag = if bypassCache then "--offline" else "--registry http://www.example.com";
     in
     ''
-        # Pinpoint the versions of all dependencies to the ones that are actually being used
-        echo "pinpointing versions of dependencies..."
-        source $pinpointDependenciesScriptPath
-
-        # Patch the shebangs of the bundled modules to prevent them from
-        # calling executables outside the Nix store as much as possible
-        patchShebangs .
-
-        # Deploy the Node.js package by running npm install. Since the
-        # dependencies have been provided already by ourselves, it should not
-        # attempt to install them again, which is good, because we want to make
-        # it Nix's responsibility. If it needs to install any dependencies
-        # anyway (e.g. because the dependency parameters are
-        # incomplete/incorrect), it fails.
-        #
-        # The other responsibilities of NPM are kept -- version checks, build
-        # steps, postprocessing etc.
-
-        export HOME=$TMPDIR
-        cd "${packageName}"
-        runHook preRebuild
-
-        ${lib.optionalString bypassCache ''
-          ${lib.optionalString reconstructLock ''
-            if [ -f package-lock.json ]
-            then
-                echo "WARNING: Reconstruct lock option enabled, but a lock file already exists!"
-                echo "This will most likely result in version mismatches! We will remove the lock file and regenerate it!"
-                rm package-lock.json
-            else
-                echo "No package-lock.json file found, reconstructing..."
-            fi
-
-            node ${reconstructPackageLock}
-          ''}
+      # Pinpoint the versions of all dependencies to the ones that are actually being used
+      echo "pinpointing versions of dependencies..."
+      source $pinpointDependenciesScriptPath
+
+      # Patch the shebangs of the bundled modules to prevent them from
+      # calling executables outside the Nix store as much as possible
+      patchShebangs .
+
+      # Deploy the Node.js package by running npm install. Since the
+      # dependencies have been provided already by ourselves, it should not
+      # attempt to install them again, which is good, because we want to make
+      # it Nix's responsibility. If it needs to install any dependencies
+      # anyway (e.g. because the dependency parameters are
+      # incomplete/incorrect), it fails.
+      #
+      # The other responsibilities of NPM are kept -- version checks, build
+      # steps, postprocessing etc.
+
+      export HOME=$TMPDIR
+      cd "${packageName}"
+      runHook preRebuild
+
+      ${lib.optionalString bypassCache ''
+        ${lib.optionalString reconstructLock ''
+          if [ -f package-lock.json ]
+          then
+              echo "WARNING: Reconstruct lock option enabled, but a lock file already exists!"
+              echo "This will most likely result in version mismatches! We will remove the lock file and regenerate it!"
+              rm package-lock.json
+          else
+              echo "No package-lock.json file found, reconstructing..."
+          fi
 
-          node ${addIntegrityFieldsScript}
+          node ${reconstructPackageLock}
         ''}
 
-        npm ${forceOfflineFlag} --nodedir=${nodeSources} ${npmFlags} ${lib.optionalString production "--production"} rebuild
+        node ${addIntegrityFieldsScript}
+      ''}
 
-        runHook postRebuild
+      npm ${forceOfflineFlag} --nodedir=${nodeSources} ${npmFlags} ${lib.optionalString production "--production"} rebuild
 
-        if [ "''${dontNpmInstall-}" != "1" ]
-        then
-            # NPM tries to download packages even when they already exist if npm-shrinkwrap is used.
-            rm -f npm-shrinkwrap.json
+      runHook postRebuild
 
-            npm ${forceOfflineFlag} --nodedir=${nodeSources} --no-bin-links --ignore-scripts ${npmFlags} ${lib.optionalString production "--production"} install
-        fi
+      if [ "''${dontNpmInstall-}" != "1" ]
+      then
+          # NPM tries to download packages even when they already exist if npm-shrinkwrap is used.
+          rm -f npm-shrinkwrap.json
+
+          npm ${forceOfflineFlag} --nodedir=${nodeSources} --no-bin-links --ignore-scripts ${npmFlags} ${lib.optionalString production "--production"} install
+      fi
 
-        # Link executables defined in package.json
-        node ${linkBinsScript}
+      # Link executables defined in package.json
+      node ${linkBinsScript}
     '';
 
   # Builds and composes an NPM package including all its dependencies
@@ -479,8 +481,8 @@ let
     { name
     , packageName
     , version ? null
-    , dependencies ? []
-    , buildInputs ? []
+    , dependencies ? [ ]
+    , buildInputs ? [ ]
     , production ? true
     , npmFlags ? ""
     , dontNpmInstall ? false
@@ -490,8 +492,9 @@ let
     , dontStrip ? true
     , unpackPhase ? "true"
     , buildPhase ? "true"
-    , meta ? {}
-    , ... }@args:
+    , meta ? { }
+    , ...
+    }@args:
 
     let
       extraArgs = removeAttrs args [ "name" "dependencies" "buildInputs" "dontStrip" "dontNpmInstall" "preRebuild" "unpackPhase" "buildPhase" "meta" ];
@@ -572,8 +575,8 @@ let
     , packageName
     , version ? null
     , src
-    , dependencies ? []
-    , buildInputs ? []
+    , dependencies ? [ ]
+    , buildInputs ? [ ]
     , production ? true
     , npmFlags ? ""
     , dontNpmInstall ? false
@@ -582,60 +585,61 @@ let
     , dontStrip ? true
     , unpackPhase ? "true"
     , buildPhase ? "true"
-    , ... }@args:
+    , ...
+    }@args:
 
     let
       extraArgs = removeAttrs args [ "name" "dependencies" "buildInputs" ];
     in
-      stdenv.mkDerivation ({
-        name = "node-dependencies-${name}${if version == null then "" else "-${version}"}";
+    stdenv.mkDerivation ({
+      name = "node-dependencies-${name}${if version == null then "" else "-${version}"}";
 
-        buildInputs = [ tarWrapper python nodejs ]
-          ++ lib.optional (stdenv.isLinux) utillinux
-          ++ lib.optional (stdenv.isDarwin) libtool
-          ++ buildInputs;
+      buildInputs = [ tarWrapper python nodejs ]
+        ++ lib.optional (stdenv.isLinux) utillinux
+        ++ lib.optional (stdenv.isDarwin) libtool
+        ++ buildInputs;
 
-        inherit dontStrip; # Stripping may fail a build for some package deployments
-        inherit dontNpmInstall unpackPhase buildPhase;
+      inherit dontStrip; # Stripping may fail a build for some package deployments
+      inherit dontNpmInstall unpackPhase buildPhase;
 
-        includeScript = includeDependencies { inherit dependencies; };
-        pinpointDependenciesScript = pinpointDependenciesOfPackage args;
+      includeScript = includeDependencies { inherit dependencies; };
+      pinpointDependenciesScript = pinpointDependenciesOfPackage args;
 
-        passAsFile = [ "includeScript" "pinpointDependenciesScript" ];
+      passAsFile = [ "includeScript" "pinpointDependenciesScript" ];
 
-        installPhase = ''
-          source ${installPackage}
+      installPhase = ''
+        source ${installPackage}
 
-          mkdir -p $out/${packageName}
-          cd $out/${packageName}
+        mkdir -p $out/${packageName}
+        cd $out/${packageName}
 
-          source $includeScriptPath
+        source $includeScriptPath
 
-          # Create fake package.json to make the npm commands work properly
-          cp ${src}/package.json .
-          chmod 644 package.json
-          ${lib.optionalString bypassCache ''
-            if [ -f ${src}/package-lock.json ]
-            then
-                cp ${src}/package-lock.json .
-                chmod 644 package-lock.json
-            fi
-          ''}
+        # Create fake package.json to make the npm commands work properly
+        cp ${src}/package.json .
+        chmod 644 package.json
+        ${lib.optionalString bypassCache ''
+          if [ -f ${src}/package-lock.json ]
+          then
+              cp ${src}/package-lock.json .
+              chmod 644 package-lock.json
+          fi
+        ''}
 
-          # Go to the parent folder to make sure that all packages are pinpointed
-          cd ..
-          ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
+        # Go to the parent folder to make sure that all packages are pinpointed
+        cd ..
+        ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
 
-          ${prepareAndInvokeNPM { inherit packageName bypassCache reconstructLock npmFlags production; }}
+        ${prepareAndInvokeNPM { inherit packageName bypassCache reconstructLock npmFlags production; }}
 
-          # Expose the executables that were installed
-          cd ..
-          ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
+        # Expose the executables that were installed
+        cd ..
+        ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
 
-          mv ${packageName} lib
-          ln -s $out/lib/node_modules/.bin $out/bin
-        '';
-      } // extraArgs);
+        mv ${packageName} lib
+        ln -s $out/lib/node_modules/.bin $out/bin
+      '';
+    } // extraArgs);
 
   # Builds a development shell
   buildNodeShell =
@@ -643,8 +647,8 @@ let
     , packageName
     , version ? null
     , src
-    , dependencies ? []
-    , buildInputs ? []
+    , dependencies ? [ ]
+    , buildInputs ? [ ]
     , production ? true
     , npmFlags ? ""
     , dontNpmInstall ? false
@@ -653,7 +657,8 @@ let
     , dontStrip ? true
     , unpackPhase ? "true"
     , buildPhase ? "true"
-    , ... }@args:
+    , ...
+    }@args:
 
     let
       nodeDependencies = buildNodeDependencies args;
@@ -675,7 +680,7 @@ let
 
       # Provide the dependencies in a development shell through the NODE_PATH environment variable
       inherit nodeDependencies;
-      shellHook = lib.optionalString (dependencies != []) ''
+      shellHook = lib.optionalString (dependencies != [ ]) ''
         export NODE_PATH=${nodeDependencies}/lib/node_modules
         export PATH="${nodeDependencies}/bin:$PATH"
       '';
diff --git a/packages/emacs/default.nix b/packages/emacs/default.nix
index 743d610..28292b0 100644
--- a/packages/emacs/default.nix
+++ b/packages/emacs/default.nix
@@ -12,30 +12,30 @@ let
   '';
 
   wrap = with pkgs; emacsPkg:
-  let
-    emacsScriptPath = emacsScript emacsPkg;
-  in
+    let
+      emacsScriptPath = emacsScript emacsPkg;
+    in
     (symlinkJoin {
-    name = "emacs";
-    paths = [ emacsScriptPath emacsPkg ];
-    nativeBuildInputs = [ makeBinaryWrapper ];
-    meta = {
-      platforms = emacsPkg.meta.platforms;
-      mainProgram = emacsPkg.meta.mainProgram;
-    };
-    src = emacsPkg.src;
-    postBuild = ''
-    wrapProgram $out/bin/emacs \
-      --set LSP_USE_PLISTS true \
-      --set WEBKIT_DISABLE_COMPOSITING_MODE 1
+      name = "emacs";
+      paths = [ emacsScriptPath emacsPkg ];
+      nativeBuildInputs = [ makeBinaryWrapper ];
+      meta = {
+        platforms = emacsPkg.meta.platforms;
+        mainProgram = emacsPkg.meta.mainProgram;
+      };
+      src = emacsPkg.src;
+      postBuild = ''
+        wrapProgram $out/bin/emacs \
+          --set LSP_USE_PLISTS true \
+          --set WEBKIT_DISABLE_COMPOSITING_MODE 1
 
-      # Only applicable on Darwin
-      if [ -d $out/Applications ]; then
-        rm $out/Applications/Emacs.app/Contents/MacOS/Emacs
-        cp $out/bin/emacs $out/Applications/Emacs.app/Contents/MacOS/Emacs
-      fi
-    '';
-  });
+          # Only applicable on Darwin
+          if [ -d $out/Applications ]; then
+            rm $out/Applications/Emacs.app/Contents/MacOS/Emacs
+            cp $out/bin/emacs $out/Applications/Emacs.app/Contents/MacOS/Emacs
+          fi
+      '';
+    });
 in
 {
   emacsGitWrapped = (wrap pkgs.emacs-unstable);
diff --git a/packages/emacs/packages/default.nix b/packages/emacs/packages/default.nix
index 55f661a..fa34a8f 100644
--- a/packages/emacs/packages/default.nix
+++ b/packages/emacs/packages/default.nix
@@ -5,57 +5,61 @@
 with pkgs;
 with pkgs.emacsPackages;
 {
-  "copilot" = let
-  rev = inputs.copilot-el.shortRev;
-  in melpaBuild {
-    pname = "copilot";
-    ename = "copilot";
-    version = inputs.copilot-el.lastModifiedDate;
-    commit = rev;
-    packageRequires = [ s ];
+  "copilot" =
+    let
+      rev = inputs.copilot-el.shortRev;
+    in
+    melpaBuild {
+      pname = "copilot";
+      ename = "copilot";
+      version = inputs.copilot-el.lastModifiedDate;
+      commit = rev;
+      packageRequires = [ s ];
 
-    src = fetchFromGitHub {
-      inherit rev;
-      owner = "zerolfx";
-      repo = "copilot.el";
-      sha256 = inputs.copilot-el.narHash;
-    };
+      src = fetchFromGitHub {
+        inherit rev;
+        owner = "zerolfx";
+        repo = "copilot.el";
+        sha256 = inputs.copilot-el.narHash;
+      };
 
-    recipe = writeText "recipe" ''
+      recipe = writeText "recipe" ''
         (copilot
           :repo "zerolfx/copilot.el"
           :fetcher github
           :files ("*.el" "dist"))
-    '';
-  };
-  "lsp-mode" = let
-    rev = inputs.lsp-mode.shortRev;
-  in  melpaBuild rec {
-    ename = "lsp-mode";
-    pname = "lsp-mode";
-    fetcher = "github";
-    repo = "emacs-lsp/lsp-mode";
-    version = inputs.lsp-mode.lastModifiedDate;
-    packageRequires = [
-      dash
-      f
-      ht
-      lv
-      markdown-mode
-      spinner
-    ];
-    commit = rev;
-    recipe = writeText "recipe" ''
-    (lsp-mode
-      :repo "${repo}"
-      :fetcher github
-      :files (:defaults "clients/*.el"))
-    '';
-    src = fetchFromGitHub {
-      inherit rev;
-      owner = "emacs-lsp";
-      repo = "lsp-mode";
-      sha256 = inputs.lsp-mode.narHash;
+      '';
+    };
+  "lsp-mode" =
+    let
+      rev = inputs.lsp-mode.shortRev;
+    in
+    melpaBuild rec {
+      ename = "lsp-mode";
+      pname = "lsp-mode";
+      fetcher = "github";
+      repo = "emacs-lsp/lsp-mode";
+      version = inputs.lsp-mode.lastModifiedDate;
+      packageRequires = [
+        dash
+        f
+        ht
+        lv
+        markdown-mode
+        spinner
+      ];
+      commit = rev;
+      recipe = writeText "recipe" ''
+        (lsp-mode
+          :repo "${repo}"
+          :fetcher github
+          :files (:defaults "clients/*.el"))
+      '';
+      src = fetchFromGitHub {
+        inherit rev;
+        owner = "emacs-lsp";
+        repo = "lsp-mode";
+        sha256 = inputs.lsp-mode.narHash;
+      };
     };
-  };
 }
diff --git a/packages/node/node-env.nix b/packages/node/node-env.nix
index 5dad9ec..d5bf407 100644
--- a/packages/node/node-env.nix
+++ b/packages/node/node-env.nix
@@ -1,6 +1,6 @@
 # This file originates from node2nix
 
-{lib, stdenv, nodejs, python2, pkgs, libtool, runCommand, writeTextFile, writeShellScript}:
+{ lib, stdenv, nodejs, python2, pkgs, libtool, runCommand, writeTextFile, writeShellScript }:
 
 let
   # Workaround to cope with utillinux in Nixpkgs 20.09 and util-linux in Nixpkgs master
@@ -9,7 +9,7 @@ let
   python = if nodejs ? python then nodejs.python else python2;
 
   # Create a tar wrapper that filters all the 'Ignoring unknown extended header keyword' noise
-  tarWrapper = runCommand "tarWrapper" {} ''
+  tarWrapper = runCommand "tarWrapper" { } ''
     mkdir -p $out/bin
 
     cat > $out/bin/tar <<EOF
@@ -90,26 +90,28 @@ let
   # Bundle the dependencies of the package
   #
   # Only include dependencies if they don't exist. They may also be bundled in the package.
-  includeDependencies = {dependencies}:
-    lib.optionalString (dependencies != []) (
+  includeDependencies = { dependencies }:
+    lib.optionalString (dependencies != [ ]) (
       ''
         mkdir -p node_modules
         cd node_modules
       ''
-      + (lib.concatMapStrings (dependency:
-        ''
-          if [ ! -e "${dependency.packageName}" ]; then
-              ${composePackage dependency}
-          fi
-        ''
-      ) dependencies)
+      + (lib.concatMapStrings
+        (dependency:
+          ''
+            if [ ! -e "${dependency.packageName}" ]; then
+                ${composePackage dependency}
+            fi
+          ''
+        )
+        dependencies)
       + ''
         cd ..
       ''
     );
 
   # Recursively composes the dependencies of a package
-  composePackage = { name, packageName, src, dependencies ? [], ... }@args:
+  composePackage = { name, packageName, src, dependencies ? [ ], ... }@args:
     builtins.addErrorContext "while evaluating node package '${packageName}'" ''
       installPackage "${packageName}" "${src}"
       ${includeDependencies { inherit dependencies; }}
@@ -117,7 +119,7 @@ let
       ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
     '';
 
-  pinpointDependencies = {dependencies, production}:
+  pinpointDependencies = { dependencies, production }:
     let
       pinpointDependenciesFromPackageJSON = writeTextFile {
         name = "pinpointDependencies.js";
@@ -194,7 +196,7 @@ let
   # dependencies in the package.json file to the versions that are actually
   # being used.
 
-  pinpointDependenciesOfPackage = { packageName, dependencies ? [], production ? true, ... }@args:
+  pinpointDependenciesOfPackage = { packageName, dependencies ? [ ], production ? true, ... }@args:
     ''
       if [ -d "${packageName}" ]
       then
@@ -207,7 +209,7 @@ let
 
   # Extract the Node.js source code which is used to compile packages with
   # native bindings
-  nodeSources = runCommand "node-sources" {} ''
+  nodeSources = runCommand "node-sources" { } ''
     tar --no-same-owner --no-same-permissions -xf ${nodejs.src}
     mv node-* $out
   '';
@@ -414,64 +416,64 @@ let
     '';
   };
 
-  prepareAndInvokeNPM = {packageName, bypassCache, reconstructLock, npmFlags, production}:
+  prepareAndInvokeNPM = { packageName, bypassCache, reconstructLock, npmFlags, production }:
     let
       forceOfflineFlag = if bypassCache then "--offline" else "--registry http://www.example.com";
     in
     ''
-        # Pinpoint the versions of all dependencies to the ones that are actually being used
-        echo "pinpointing versions of dependencies..."
-        source $pinpointDependenciesScriptPath
-
-        # Patch the shebangs of the bundled modules to prevent them from
-        # calling executables outside the Nix store as much as possible
-        patchShebangs .
-
-        # Deploy the Node.js package by running npm install. Since the
-        # dependencies have been provided already by ourselves, it should not
-        # attempt to install them again, which is good, because we want to make
-        # it Nix's responsibility. If it needs to install any dependencies
-        # anyway (e.g. because the dependency parameters are
-        # incomplete/incorrect), it fails.
-        #
-        # The other responsibilities of NPM are kept -- version checks, build
-        # steps, postprocessing etc.
-
-        export HOME=$TMPDIR
-        cd "${packageName}"
-        runHook preRebuild
-
-        ${lib.optionalString bypassCache ''
-          ${lib.optionalString reconstructLock ''
-            if [ -f package-lock.json ]
-            then
-                echo "WARNING: Reconstruct lock option enabled, but a lock file already exists!"
-                echo "This will most likely result in version mismatches! We will remove the lock file and regenerate it!"
-                rm package-lock.json
-            else
-                echo "No package-lock.json file found, reconstructing..."
-            fi
-
-            node ${reconstructPackageLock}
-          ''}
+      # Pinpoint the versions of all dependencies to the ones that are actually being used
+      echo "pinpointing versions of dependencies..."
+      source $pinpointDependenciesScriptPath
+
+      # Patch the shebangs of the bundled modules to prevent them from
+      # calling executables outside the Nix store as much as possible
+      patchShebangs .
+
+      # Deploy the Node.js package by running npm install. Since the
+      # dependencies have been provided already by ourselves, it should not
+      # attempt to install them again, which is good, because we want to make
+      # it Nix's responsibility. If it needs to install any dependencies
+      # anyway (e.g. because the dependency parameters are
+      # incomplete/incorrect), it fails.
+      #
+      # The other responsibilities of NPM are kept -- version checks, build
+      # steps, postprocessing etc.
+
+      export HOME=$TMPDIR
+      cd "${packageName}"
+      runHook preRebuild
+
+      ${lib.optionalString bypassCache ''
+        ${lib.optionalString reconstructLock ''
+          if [ -f package-lock.json ]
+          then
+              echo "WARNING: Reconstruct lock option enabled, but a lock file already exists!"
+              echo "This will most likely result in version mismatches! We will remove the lock file and regenerate it!"
+              rm package-lock.json
+          else
+              echo "No package-lock.json file found, reconstructing..."
+          fi
 
-          node ${addIntegrityFieldsScript}
+          node ${reconstructPackageLock}
         ''}
 
-        npm ${forceOfflineFlag} --nodedir=${nodeSources} ${npmFlags} ${lib.optionalString production "--production"} rebuild
+        node ${addIntegrityFieldsScript}
+      ''}
 
-        runHook postRebuild
+      npm ${forceOfflineFlag} --nodedir=${nodeSources} ${npmFlags} ${lib.optionalString production "--production"} rebuild
 
-        if [ "''${dontNpmInstall-}" != "1" ]
-        then
-            # NPM tries to download packages even when they already exist if npm-shrinkwrap is used.
-            rm -f npm-shrinkwrap.json
+      runHook postRebuild
 
-            npm ${forceOfflineFlag} --nodedir=${nodeSources} --no-bin-links --ignore-scripts ${npmFlags} ${lib.optionalString production "--production"} install
-        fi
+      if [ "''${dontNpmInstall-}" != "1" ]
+      then
+          # NPM tries to download packages even when they already exist if npm-shrinkwrap is used.
+          rm -f npm-shrinkwrap.json
+
+          npm ${forceOfflineFlag} --nodedir=${nodeSources} --no-bin-links --ignore-scripts ${npmFlags} ${lib.optionalString production "--production"} install
+      fi
 
-        # Link executables defined in package.json
-        node ${linkBinsScript}
+      # Link executables defined in package.json
+      node ${linkBinsScript}
     '';
 
   # Builds and composes an NPM package including all its dependencies
@@ -479,8 +481,8 @@ let
     { name
     , packageName
     , version ? null
-    , dependencies ? []
-    , buildInputs ? []
+    , dependencies ? [ ]
+    , buildInputs ? [ ]
     , production ? true
     , npmFlags ? ""
     , dontNpmInstall ? false
@@ -490,8 +492,9 @@ let
     , dontStrip ? true
     , unpackPhase ? "true"
     , buildPhase ? "true"
-    , meta ? {}
-    , ... }@args:
+    , meta ? { }
+    , ...
+    }@args:
 
     let
       extraArgs = removeAttrs args [ "name" "dependencies" "buildInputs" "dontStrip" "dontNpmInstall" "preRebuild" "unpackPhase" "buildPhase" "meta" ];
@@ -569,8 +572,8 @@ let
     , packageName
     , version ? null
     , src
-    , dependencies ? []
-    , buildInputs ? []
+    , dependencies ? [ ]
+    , buildInputs ? [ ]
     , production ? true
     , npmFlags ? ""
     , dontNpmInstall ? false
@@ -579,60 +582,61 @@ let
     , dontStrip ? true
     , unpackPhase ? "true"
     , buildPhase ? "true"
-    , ... }@args:
+    , ...
+    }@args:
 
     let
       extraArgs = removeAttrs args [ "name" "dependencies" "buildInputs" ];
     in
-      stdenv.mkDerivation ({
-        name = "node-dependencies-${name}${if version == null then "" else "-${version}"}";
+    stdenv.mkDerivation ({
+      name = "node-dependencies-${name}${if version == null then "" else "-${version}"}";
 
-        buildInputs = [ tarWrapper python nodejs ]
-          ++ lib.optional (stdenv.isLinux) utillinux
-          ++ lib.optional (stdenv.isDarwin) libtool
-          ++ buildInputs;
+      buildInputs = [ tarWrapper python nodejs ]
+        ++ lib.optional (stdenv.isLinux) utillinux
+        ++ lib.optional (stdenv.isDarwin) libtool
+        ++ buildInputs;
 
-        inherit dontStrip; # Stripping may fail a build for some package deployments
-        inherit dontNpmInstall unpackPhase buildPhase;
+      inherit dontStrip; # Stripping may fail a build for some package deployments
+      inherit dontNpmInstall unpackPhase buildPhase;
 
-        includeScript = includeDependencies { inherit dependencies; };
-        pinpointDependenciesScript = pinpointDependenciesOfPackage args;
+      includeScript = includeDependencies { inherit dependencies; };
+      pinpointDependenciesScript = pinpointDependenciesOfPackage args;
 
-        passAsFile = [ "includeScript" "pinpointDependenciesScript" ];
+      passAsFile = [ "includeScript" "pinpointDependenciesScript" ];
 
-        installPhase = ''
-          source ${installPackage}
+      installPhase = ''
+        source ${installPackage}
 
-          mkdir -p $out/${packageName}
-          cd $out/${packageName}
+        mkdir -p $out/${packageName}
+        cd $out/${packageName}
 
-          source $includeScriptPath
+        source $includeScriptPath
 
-          # Create fake package.json to make the npm commands work properly
-          cp ${src}/package.json .
-          chmod 644 package.json
-          ${lib.optionalString bypassCache ''
-            if [ -f ${src}/package-lock.json ]
-            then
-                cp ${src}/package-lock.json .
-                chmod 644 package-lock.json
-            fi
-          ''}
+        # Create fake package.json to make the npm commands work properly
+        cp ${src}/package.json .
+        chmod 644 package.json
+        ${lib.optionalString bypassCache ''
+          if [ -f ${src}/package-lock.json ]
+          then
+              cp ${src}/package-lock.json .
+              chmod 644 package-lock.json
+          fi
+        ''}
 
-          # Go to the parent folder to make sure that all packages are pinpointed
-          cd ..
-          ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
+        # Go to the parent folder to make sure that all packages are pinpointed
+        cd ..
+        ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
 
-          ${prepareAndInvokeNPM { inherit packageName bypassCache reconstructLock npmFlags production; }}
+        ${prepareAndInvokeNPM { inherit packageName bypassCache reconstructLock npmFlags production; }}
 
-          # Expose the executables that were installed
-          cd ..
-          ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
+        # Expose the executables that were installed
+        cd ..
+        ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
 
-          mv ${packageName} lib
-          ln -s $out/lib/node_modules/.bin $out/bin
-        '';
-      } // extraArgs);
+        mv ${packageName} lib
+        ln -s $out/lib/node_modules/.bin $out/bin
+      '';
+    } // extraArgs);
 
   # Builds a development shell
   buildNodeShell =
@@ -640,8 +644,8 @@ let
     , packageName
     , version ? null
     , src
-    , dependencies ? []
-    , buildInputs ? []
+    , dependencies ? [ ]
+    , buildInputs ? [ ]
     , production ? true
     , npmFlags ? ""
     , dontNpmInstall ? false
@@ -650,7 +654,8 @@ let
     , dontStrip ? true
     , unpackPhase ? "true"
     , buildPhase ? "true"
-    , ... }@args:
+    , ...
+    }@args:
 
     let
       nodeDependencies = buildNodeDependencies args;
@@ -672,7 +677,7 @@ let
 
       # Provide the dependencies in a development shell through the NODE_PATH environment variable
       inherit nodeDependencies;
-      shellHook = lib.optionalString (dependencies != []) ''
+      shellHook = lib.optionalString (dependencies != [ ]) ''
         export NODE_PATH=${nodeDependencies}/lib/node_modules
         export PATH="${nodeDependencies}/bin:$PATH"
       '';
diff --git a/packages/node/node-packages.nix b/packages/node/node-packages.nix
index cbbc755..cf7108f 100644
--- a/packages/node/node-packages.nix
+++ b/packages/node/node-packages.nix
@@ -1,6 +1,6 @@
 # This file has been generated by node2nix 1.11.1. Do not edit!
 
-{nodeEnv, fetchurl, fetchgit, nix-gitignore, stdenv, lib, globalBuildInputs ? []}:
+{ nodeEnv, fetchurl, fetchgit, nix-gitignore, stdenv, lib, globalBuildInputs ? [ ] }:
 
 let
   sources = {
diff --git a/packages/scripts/bw2pass/default.nix b/packages/scripts/bw2pass/default.nix
index 59882f7..e03bfb0 100644
--- a/packages/scripts/bw2pass/default.nix
+++ b/packages/scripts/bw2pass/default.nix
@@ -7,9 +7,9 @@ stdenv.mkDerivation rec {
   buildInputs = [ bash coreutils jq bitwarden-cli ];
   nativeBuildInputs = [ makeWrapper ];
   installPhase = ''
-      mkdir -p $out/bin
-      cp $src $out/bin/bw2pass
-      wrapProgram $out/bin/bw2pass \
-        --prefix PATH : ${lib.makeBinPath [ bash jq bitwarden-cli ]}
-    '';
+    mkdir -p $out/bin
+    cp $src $out/bin/bw2pass
+    wrapProgram $out/bin/bw2pass \
+      --prefix PATH : ${lib.makeBinPath [ bash jq bitwarden-cli ]}
+  '';
 }
diff --git a/packages/scripts/default.nix b/packages/scripts/default.nix
index 22d24fc..a3e7dc8 100644
--- a/packages/scripts/default.nix
+++ b/packages/scripts/default.nix
@@ -1,2 +1,2 @@
 { inputs, pkgs, lib, ... }:
-  lib.my.mapModules (toString ./.) (package: (import package) { inherit inputs pkgs lib; })
+lib.my.mapModules (toString ./.) (package: (import package) { inherit inputs pkgs lib; })
diff --git a/packages/scripts/git-utils/default.nix b/packages/scripts/git-utils/default.nix
index 2f3383b..dc1e6a4 100644
--- a/packages/scripts/git-utils/default.nix
+++ b/packages/scripts/git-utils/default.nix
@@ -7,9 +7,9 @@ stdenv.mkDerivation {
   buildInputs = [ git fzf ];
   nativeBuildInputs = [ makeWrapper ];
   installPhase = ''
-      mkdir -p $out/bin
-      cp $src/gch.sh $out/bin/gch
-      wrapProgram $out/bin/gch \
-        --prefix PATH : ${lib.makeBinPath [ git fzf ]}
-    '';
+    mkdir -p $out/bin
+    cp $src/gch.sh $out/bin/gch
+    wrapProgram $out/bin/gch \
+      --prefix PATH : ${lib.makeBinPath [ git fzf ]}
+  '';
 }
diff --git a/packages/utils/default.nix b/packages/utils/default.nix
index 22d24fc..a3e7dc8 100644
--- a/packages/utils/default.nix
+++ b/packages/utils/default.nix
@@ -1,2 +1,2 @@
 { inputs, pkgs, lib, ... }:
-  lib.my.mapModules (toString ./.) (package: (import package) { inherit inputs pkgs lib; })
+lib.my.mapModules (toString ./.) (package: (import package) { inherit inputs pkgs lib; })
diff --git a/packages/utils/generateTaskfile.nix b/packages/utils/generateTaskfile.nix
index cedc2f8..91e3574 100644
--- a/packages/utils/generateTaskfile.nix
+++ b/packages/utils/generateTaskfile.nix
@@ -1,5 +1,6 @@
 { inputs, pkgs, lib, ... }:
-let taskFileSkeleton = lib.replaceStrings ["\"" "\n"] ["\\\"" ""] ''
+let
+  taskFileSkeleton = lib.replaceStrings [ "\"" "\n" ] [ "\\\"" "" ] ''
     {
       "version": "3",
       "tasks": {
@@ -8,8 +9,9 @@ let taskFileSkeleton = lib.replaceStrings ["\"" "\n"] ["\\\"" ""] ''
         }
       }
     }
-'';
-in pkgs.writeShellScriptBin "generateTaskFile" ''
+  '';
+in
+pkgs.writeShellScriptBin "generateTaskFile" ''
   base='{ "version": "3" }'
   defaultTask='{ "default": { "cmds": ["${pkgs.nix}/bin/nix flake check"] } }'
   nixosMachines=$(${pkgs.nix}/bin/nix flake show --json | ${pkgs.jq}/bin/jq -r '.nixosConfigurations | keys')