format

2026-03-16 10:11:08 +01:00 · 2025-12-27 22:22:54 +01:00
parent cb0307e8bf
commit c3db0404b3
139 changed files with 2630 additions and 1976 deletions
--- a/systems/fatteh/configuration.nix
+++ b/systems/fatteh/configuration.nix
@@ -2,7 +2,8 @@
  config,
  pkgs,
  ...
-}: {
+}:
+{
  imports = [
    ./hardware-configuration.nix
    ../../configs/networkmanager.nix
--- a/systems/fatteh/hardware-configuration.nix
+++ b/systems/fatteh/hardware-configuration.nix
@@ -7,15 +7,21 @@
  pkgs,
  modulesPath,
  ...
-}: {
+}:
+{
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];

-  boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = ["kvm-intel"];
-  boot.extraModulePackages = [];
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "nvme"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];

  boot = {
    loader = {
@@ -28,14 +34,16 @@
    };
  };

-  boot.initrd.luks.devices."luks-aa6beb1b-3e54-4a0e-ac9c-e0c007d73cd5".device = "/dev/disk/by-uuid/aa6beb1b-3e54-4a0e-ac9c-e0c007d73cd5";
+  boot.initrd.luks.devices."luks-aa6beb1b-3e54-4a0e-ac9c-e0c007d73cd5".device =
+    "/dev/disk/by-uuid/aa6beb1b-3e54-4a0e-ac9c-e0c007d73cd5";

  fileSystems."/" = {
    device = "/dev/disk/by-uuid/42b747ff-a432-4c0e-bb0a-59f0a68c44a2";
    fsType = "ext4";
  };

-  boot.initrd.luks.devices."luks-67c1f7da-4318-49f7-bd98-cc731990b595".device = "/dev/disk/by-uuid/67c1f7da-4318-49f7-bd98-cc731990b595";
+  boot.initrd.luks.devices."luks-67c1f7da-4318-49f7-bd98-cc731990b595".device =
+    "/dev/disk/by-uuid/67c1f7da-4318-49f7-bd98-cc731990b595";

  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/9051-0891";
@@ -43,7 +51,7 @@
  };

  swapDevices = [
-    {device = "/dev/disk/by-uuid/529a1893-773e-4d04-bf6c-16e67e1ed3c7";}
+    { device = "/dev/disk/by-uuid/529a1893-773e-4d04-bf6c-16e67e1ed3c7"; }
  ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
--- a/systems/ful/alew.nix
+++ b/systems/ful/alew.nix
@@ -1,4 +1,9 @@
-{ pkgs, config, inputs, ... }:
+{
+  pkgs,
+  config,
+  inputs,
+  ...
+}:
 let
  postgrestPort = 3001;
  alewPort = 3000;
@@ -6,8 +11,8 @@ in
 {
  systemd.services.postgrest = {
    enable = true;
-    wantedBy = ["podman-alew.service"];
-    wants = ["postgresql.service"];
+    wantedBy = [ "podman-alew.service" ];
+    wants = [ "postgresql.service" ];
    environment = {
      PGRST_DB_ANON_ROLE = "alew_1";
      PGRST_DB_SCHEMA = "alew_2022_05"; # alew_2023_09 for most recent (beta)
@@ -34,8 +39,8 @@ in
  # $ rsync -rav --delete . ful:/var/lib/alew --exclude .git --exclude .nuxt --exclude node_modules
  systemd.services.alew = {
    enable = true;
-    wantedBy = ["multi-user.target"];
-    wants = ["postgrest.service"];
+    wantedBy = [ "multi-user.target" ];
+    wants = [ "postgrest.service" ];
    path = [
      pkgs.yarn
      pkgs.python3
@@ -45,7 +50,7 @@ in
      pkgs.gnumake
    ];
    environment = {
-      NODE_OPTIONS= "--openssl-legacy-provider";
+      NODE_OPTIONS = "--openssl-legacy-provider";
      POSTGREST_URL = "http://localhost:${toString postgrestPort}";
      BETA = "0";
      PORT = toString alewPort;
@@ -70,13 +75,13 @@ in
    group = "alew";
  };

-  users.extraGroups.alew = {};
+  users.extraGroups.alew = { };

-  environment.systemPackages = [pkgs.podman];
+  environment.systemPackages = [ pkgs.podman ];

  services.postgresql = {
    enable = true;
-    ensureDatabases = ["alew"];
+    ensureDatabases = [ "alew" ];
    ensureUsers = [
      {
        name = "alew";
--- a/systems/ful/configuration.nix
+++ b/systems/ful/configuration.nix
@@ -3,7 +3,8 @@
  pkgs,
  lib,
  ...
-}: {
+}:
+{
  imports = [
    ./hardware-configuration.nix
    ./matomo.nix
@@ -27,8 +28,7 @@

  niveum.passport = {
    enable = true;
-    introductionHTML = ''
-    '';
+    introductionHTML = '''';
    virtualHost = "ful.r";

    services = [
@@ -70,7 +70,10 @@
  };

  networking = {
-    firewall.allowedTCPPorts = [80 443];
+    firewall.allowedTCPPorts = [
+      80
+      443
+    ];
    hostName = "ful";
    interfaces.enp0s3.useDHCP = true;
    retiolum = pkgs.lib.niveum.retiolumAddresses.ful;
@@ -95,7 +98,12 @@

  users.users.root.hashedPasswordFile = config.age.secrets.root.path;

-  environment.systemPackages = [pkgs.vim pkgs.git pkgs.tmux pkgs.python3];
+  environment.systemPackages = [
+    pkgs.vim
+    pkgs.git
+    pkgs.tmux
+    pkgs.python3
+  ];

  # since 22.05 timeout fails?
  # systemd.services.systemd-networkd-wait-online.enable = false;
--- a/systems/ful/go-webring.nix
+++ b/systems/ful/go-webring.nix
@@ -9,8 +9,14 @@ in
    listenAddress = "127.0.0.1:${toString port}";
    package = pkgs.go-webring;
    members = [
-      { username = "meteora"; site = "meteora.xn--kiern-0qa.de"; }
-      { username = "huldra"; site = "huldras-halbtraum.com"; }
+      {
+        username = "meteora";
+        site = "meteora.xn--kiern-0qa.de";
+      }
+      {
+        username = "huldra";
+        site = "huldras-halbtraum.com";
+      }
    ];
    homePageTemplate = ''
      <!DOCTYPE html>
--- a/systems/ful/hardware-configuration.nix
+++ b/systems/ful/hardware-configuration.nix
@@ -4,7 +4,8 @@
  pkgs,
  modulesPath,
  ...
-}: {
+}:
+{
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
  ];
@@ -18,7 +19,10 @@
      efi.canTouchEfiVariables = true;
    };
    initrd = {
-      availableKernelModules = ["virtio_pci" "usbhid"];
+      availableKernelModules = [
+        "virtio_pci"
+        "usbhid"
+      ];
    };
    kernelModules = [
      "console=ttyS0"
@@ -26,7 +30,7 @@
      "nvme.shutdown_timeout=10"
      "libiscsi.debug_libiscsi_eh=1"
    ];
-    extraModulePackages = [];
+    extraModulePackages = [ ];
  };

  fileSystems."/" = {
@@ -39,5 +43,5 @@
    fsType = "vfat";
  };

-  swapDevices = [];
+  swapDevices = [ ];
 }
--- a/systems/ful/hledger.nix
+++ b/systems/ful/hledger.nix
@@ -2,7 +2,8 @@
  config,
  pkgs,
  ...
-}: {
+}:
+{
  services.hledger-web = {
    enable = true;
    allow = "edit";
@@ -16,8 +17,8 @@
  systemd.services.hledger-backup = {
    enable = false;
    startAt = "hourly";
-    wants = ["network-online.target"];
-    wantedBy = ["multi-user.target"];
+    wants = [ "network-online.target" ];
+    wantedBy = [ "multi-user.target" ];
    script = ''
      ${pkgs.git}/bin/git config user.name "hledger-web"
      ${pkgs.git}/bin/git config user.email "hledger-web@${config.networking.hostName}"
--- a/systems/ful/matomo.nix
+++ b/systems/ful/matomo.nix
@@ -1,4 +1,5 @@
-{pkgs, lib, ...}: {
+{ pkgs, lib, ... }:
+{
  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
@@ -25,7 +26,7 @@
  services.mysql = {
    enable = true;
    package = pkgs.mariadb;
-    ensureDatabases = ["matomo"];
+    ensureDatabases = [ "matomo" ];
    ensureUsers = [
      {
        name = "matomo";
@@ -36,6 +37,6 @@

  services.mysqlBackup = {
    enable = true;
-    databases = ["matomo"];
+    databases = [ "matomo" ];
  };
 }
--- a/systems/ful/panoptikon.nix
+++ b/systems/ful/panoptikon.nix
@@ -3,16 +3,18 @@
  pkgs,
  lib,
  ...
-}: let
+}:
+let
  irc-xxx = pkgs.lib.panoptikon.kpaste-irc {
    target = lib.escapeShellArg "#xxx";
    retiolumLink = true;
  };

-  matrix = {
-    server ? "matrix.4d2.org",
-    target,
-  }:
+  matrix =
+    {
+      server ? "matrix.4d2.org",
+      target,
+    }:
    pkgs.writers.writeDash "matrix-reporter" ''
      export RAW_MESSAGE="$(cat)"
      export MESSAGE=$(printf '<b>%s</b><br><pre>%s</pre>' "$PANOPTIKON_WATCHER" "$RAW_MESSAGE")
@@ -26,9 +28,10 @@

  matrix-kmein = matrix { target = "!zlwCuPiCNMSxDviFzA:4d2.org"; };

-  telegram-kmein = let
-    chatId = "-1001796440545";
-  in
+  telegram-kmein =
+    let
+      chatId = "-1001796440545";
+    in
    pkgs.writers.writeDash "telegram-fulltext" ''
      export TOKEN="$(cat "$CREDENTIALS_DIRECTORY/token")"
      ${pkgs.curl}/bin/curl -X POST "https://api.telegram.org/bot''${TOKEN}/sendMessage" \
@@ -43,7 +46,8 @@
    nick = "panoptikon-kmein";
    retiolumLink = false;
  };
-in {
+in
+{
  age.secrets.telegram-token-kmein.file = ../../secrets/telegram-token-kmein.age;
  age.secrets.matrix-token-lakai = {
    file = ../../secrets/matrix-token-lakai.age;
@@ -64,83 +68,86 @@ in {
            }
          '';
        } "https://api.github.com/meta";
-        reporters = [irc-xxx];
+        reporters = [ irc-xxx ];
      };
      lammla = {
        script = pkgs.lib.panoptikon.url "http://lammla.info/index.php?reihe=30";
-        reporters = [matrix-kmein];
+        reporters = [ matrix-kmein ];
      };
      kratylos = {
        script = pkgs.lib.panoptikon.url "https://kratylos.reichert-online.org/current_issue/KRATYLOS";
-        reporters = [matrix-kmein];
+        reporters = [ matrix-kmein ];
      };
      kobudo-tesshinkan = {
        script = pkgs.lib.panoptikon.url "https://kobudo-tesshinkan.eu/index.php/de/termine-berichte/lehrgaenge/";
-        reporters = [telegram-kmein matrix-kmein];
+        reporters = [
+          telegram-kmein
+          matrix-kmein
+        ];
      };
      zeno-free = {
        script = pkgs.lib.panoptikon.urlSelector ".zenoCOMain" "http://www.zeno.org/Lesesaal/M/E-Books";
-        reporters = [matrix-kmein];
+        reporters = [ matrix-kmein ];
      };
      carolinawelslau = {
        script = pkgs.lib.panoptikon.urlSelector "#main" "https://carolinawelslau.de/";
-        reporters = [matrix-kmein];
+        reporters = [ matrix-kmein ];
      };
      humboldt-preis = {
        script = pkgs.lib.panoptikon.urlSelector "#content-core" "https://www.hu-berlin.de/de/ueberblick/menschen/ehrungen/humboldtpreis";
-        reporters = [matrix-kmein];
+        reporters = [ matrix-kmein ];
      };
      lisalittmann = {
        script = pkgs.lib.panoptikon.urlSelector "#site-content" "https://lisalittmann.de/";
-        reporters = [matrix-kmein];
+        reporters = [ matrix-kmein ];
      };
      lisalittmann-archive = {
        script = pkgs.lib.panoptikon.urlSelector "#site-content" "https://lisalittmann.de/archive/";
-        reporters = [matrix-kmein];
+        reporters = [ matrix-kmein ];
      };
      lisalittmann-projects = {
        script = pkgs.lib.panoptikon.urlSelector "#site-content" "https://lisalittmann.de/projects/";
-        reporters = [matrix-kmein];
+        reporters = [ matrix-kmein ];
      };
      tatort = {
        script = pkgs.lib.panoptikon.urlSelector ".linklist" "https://www.daserste.de/unterhaltung/krimi/tatort/sendung/index.html";
-        reporters = [matrix-kmein];
+        reporters = [ matrix-kmein ];
      };
      warpgrid-idiomarium = {
        script = pkgs.lib.panoptikon.urlSelector "#site-content" "https://warpgrid.de/idiomarium/";
-        reporters = [matrix-kmein];
+        reporters = [ matrix-kmein ];
      };
      warpgrid-futurism = {
        script = pkgs.lib.panoptikon.urlSelector "#site-content" "https://warpgrid.de/futurism/";
-        reporters = [matrix-kmein];
+        reporters = [ matrix-kmein ];
      };
      warpgrid-imagiary = {
        script = pkgs.lib.panoptikon.urlSelector "#site-content" "https://warpgrid.de/imagiary/";
-        reporters = [matrix-kmein];
+        reporters = [ matrix-kmein ];
      };
      warpgrid-alchemy = {
        script = pkgs.lib.panoptikon.urlSelector "#site-content" "https://warpgrid.de/alchemy/";
-        reporters = [matrix-kmein];
+        reporters = [ matrix-kmein ];
      };
      indogermanische-forschungen = {
        script = pkgs.lib.panoptikon.urlSelector "#latestIssue" "https://www.degruyter.com/journal/key/INDO/html";
-        reporters = [matrix-kmein];
+        reporters = [ matrix-kmein ];
      };
      ig-neuigkeiten = {
        script = pkgs.lib.panoptikon.urlSelector "[itemprop=articleBody]" "https://www.indogermanistik.org/aktuelles/neuigkeiten.html";
-        reporters = [matrix-kmein];
+        reporters = [ matrix-kmein ];
      };
      ig-tagungen = {
        script = pkgs.lib.panoptikon.urlSelector "[itemprop=articleBody]" "https://www.indogermanistik.org/tagungen/tagungen-der-ig.html";
-        reporters = [matrix-kmein];
+        reporters = [ matrix-kmein ];
      };
      fu-distant = {
        script = pkgs.lib.panoptikon.urlSelector "#current_events" "https://www.geschkult.fu-berlin.de/en/e/ma-distant/Termine/index.html";
-        reporters = [matrix-kmein];
+        reporters = [ matrix-kmein ];
      };
      fu-aegyptologie = {
        script = pkgs.lib.panoptikon.urlSelector "#current_events" "https://www.geschkult.fu-berlin.de/e/aegyptologie/termine/index.html";
-        reporters = [matrix-kmein];
+        reporters = [ matrix-kmein ];
      };
    };
  };
--- a/systems/ful/radio.nix
+++ b/systems/ful/radio.nix
@@ -3,7 +3,8 @@
  config,
  lib,
  ...
-}: let
+}:
+let
  liquidsoapDirectory = "/var/cache/liquidsoap";
  icecastPassword = "hackme";
  refresh-qasaid = pkgs.writers.writeDashBin "refresh-qasaid" ''
@@ -25,10 +26,12 @@
  '';
  qasida-poem = pkgs.writers.writeDash "qasida.sh" ''
    set -efu
-    ${pkgs.jq}/bin/jq -c '.[]' < ${pkgs.fetchurl {
-      url = "https://c.krebsco.de/qasaid.json";
-      sha256 = "0vh1jzdrvjrdyq7dzya9k9g3jyli9jr0zfsqb2m1phm39psy4g2b";
-    }} \
+    ${pkgs.jq}/bin/jq -c '.[]' < ${
+      pkgs.fetchurl {
+        url = "https://c.krebsco.de/qasaid.json";
+        sha256 = "0vh1jzdrvjrdyq7dzya9k9g3jyli9jr0zfsqb2m1phm39psy4g2b";
+      }
+    } \
      | shuf -n1 \
      | ${pkgs.jq}/bin/jq -r '"annotate:title=\"\(.poem) | https://www.hindawi.org/poems/\(.id)/\",artist=\"\(.author)\":https://downloads.hindawi.org/poems/\(.id)/\(.id).m4a"'
  '';
@@ -94,7 +97,8 @@
      "$(${pkgs.htmlq}/bin/htmlq -f "$html" --text h1)" \
      "$opus"
  '';
-in {
+in
+{
  # https://github.com/savonet/liquidsoap/issues/1043#issuecomment-593354427
  services.liquidsoap.streams.radio = pkgs.writeText "lyrikline.liq" ''
    set("protocol.external.curl","${pkgs.torsocks}/bin/torsocks ${pkgs.curl}/bin/curl")
@@ -124,14 +128,14 @@ in {

  systemd.services.radio = {
    environment.TMPDIR = liquidsoapDirectory;
-    wants = ["network-online.target"];
+    wants = [ "network-online.target" ];
    serviceConfig = {
      RuntimeMaxSec = "${toString (5 * 60 * 60)}s";
      Restart = "always";
    };
  };

-  environment.systemPackages = [refresh-qasaid];
+  environment.systemPackages = [ refresh-qasaid ];

  systemd.tmpfiles.rules = [
    (pkgs.lib.niveum.tmpfilesConfig {
--- a/systems/kabsa/configuration.nix
+++ b/systems/kabsa/configuration.nix
@@ -3,7 +3,8 @@
  pkgs,
  lib,
  ...
-}: {
+}:
+{
  imports = [
    ../kibbeh/hardware-configuration.nix
    ../../configs/tlp.nix
@@ -43,11 +44,11 @@
    wireguard-aether-psk.file = ../../secrets/kabsa-wireguard-aether-psk.age;
  };

-  environment.systemPackages = [pkgs.zeroad];
+  environment.systemPackages = [ pkgs.zeroad ];

  networking = {
    hostName = "kabsa";
-    wireless.interfaces = ["wlp3s0"];
+    wireless.interfaces = [ "wlp3s0" ];
    retiolum = pkgs.lib.niveum.retiolumAddresses.kabsa;
  };

--- a/systems/kabsa/hardware-configuration.nix
+++ b/systems/kabsa/hardware-configuration.nix
@@ -4,17 +4,25 @@
  pkgs,
  modulesPath,
  ...
-}: {
-  imports = [(modulesPath + "/installer/scan/not-detected.nix")];
+}:
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

  boot = {
    initrd = {
-      availableKernelModules = ["ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci"];
+      availableKernelModules = [
+        "ehci_pci"
+        "ahci"
+        "xhci_pci"
+        "usb_storage"
+        "sd_mod"
+        "sdhci_pci"
+      ];
      luks.devices."luksmap".device = "/dev/disk/by-uuid/03b6abd0-e9ce-49c8-9659-a1d94f645d0f";
-      kernelModules = [];
+      kernelModules = [ ];
    };
-    kernelModules = ["kvm-intel"];
-    extraModulePackages = [];
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];
    loader = {
      efi.canTouchEfiVariables = true;
      systemd-boot = {
@@ -37,7 +45,7 @@
    "/mnt/sd-card" = {
      device = "/dev/disk/by-id/mmc-5E4S5_0xc5155d05-part1";
      fsType = "ext4";
-      options = ["nofail"];
+      options = [ "nofail" ];
    };
  };

--- a/systems/makanek/configuration.nix
+++ b/systems/makanek/configuration.nix
@@ -3,7 +3,8 @@
  config,
  pkgs,
  ...
-}: {
+}:
+{
  imports = [
    ./gitea.nix
    ./hardware-configuration.nix
@@ -77,7 +78,10 @@
  };

  networking = {
-    firewall.allowedTCPPorts = [80 443];
+    firewall.allowedTCPPorts = [
+      80
+      443
+    ];
    hostName = "makanek";
    interfaces.ens3.useDHCP = true;
    retiolum = pkgs.lib.niveum.retiolumAddresses.makanek;
@@ -122,17 +126,17 @@
    locations."/" = {
      root = "/var/www/kmein.de";
      extraConfig = ''
-          add_header 'Access-Control-Allow-Origin' '*';
-          add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
-          add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization';
+        add_header 'Access-Control-Allow-Origin' '*';
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+        add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization';

-          # Handle preflight requests
-          if ($request_method = 'OPTIONS') {
-              add_header 'Access-Control-Allow-Origin' '*';
-              add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
-              add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization';
-              return 204; # No Content
-          }
+        # Handle preflight requests
+        if ($request_method = 'OPTIONS') {
+            add_header 'Access-Control-Allow-Origin' '*';
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+            add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization';
+            return 204; # No Content
+        }
      '';
    };
  };
--- a/systems/makanek/gitea.nix
+++ b/systems/makanek/gitea.nix
@@ -1,21 +1,26 @@
 { config, pkgs, ... }:
 let
  domain = "code.kmein.de";
-in {
+in
+{
  services.anubis = {
    defaultOptions.settings = {
      USER_DEFINED_DEFAULT = true;
    };
-    instances = let instance = "gitea"; in {
-      ${instance}.settings = {
-        BIND = "/run/anubis/anubis-${instance}/anubis.sock";
-        METRICS_BIND = "/run/anubis/anubis-${instance}/anubis-metrics.sock";
-        TARGET = "http://localhost:${toString config.services.gitea.settings.server.HTTP_PORT}";
-        USER_DEFINED_INSTANCE = true;
-        OG_PASSTHROUGH = true;
-        SERVE_ROBOTS_TXT = true;
+    instances =
+      let
+        instance = "gitea";
+      in
+      {
+        ${instance}.settings = {
+          BIND = "/run/anubis/anubis-${instance}/anubis.sock";
+          METRICS_BIND = "/run/anubis/anubis-${instance}/anubis-metrics.sock";
+          TARGET = "http://localhost:${toString config.services.gitea.settings.server.HTTP_PORT}";
+          USER_DEFINED_INSTANCE = true;
+          OG_PASSTHROUGH = true;
+          SERVE_ROBOTS_TXT = true;
+        };
      };
-    };
  };

  users.users.nginx.extraGroups = [ config.services.anubis.instances."gitea".group ];
@@ -39,7 +44,9 @@ in {
        proxyPass = "http://unix:${config.services.anubis.instances."gitea".settings.BIND}";
        proxyWebsockets = true;
      };
-      "/metrics".proxyPass = "http://unix:${config.services.anubis.instances."gitea".settings.METRICS_BIND}";
+      "/metrics".proxyPass = "http://unix:${
+        config.services.anubis.instances."gitea".settings.METRICS_BIND
+      }";
    };
  };

--- a/systems/makanek/hardware-configuration.nix
+++ b/systems/makanek/hardware-configuration.nix
@@ -4,19 +4,26 @@
  pkgs,
  modulesPath,
  ...
-}: {
-  imports = [(modulesPath + "/profiles/qemu-guest.nix")];
+}:
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];

  boot = {
    initrd = {
-      availableKernelModules = ["ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod"];
-      kernelModules = [];
+      availableKernelModules = [
+        "ata_piix"
+        "virtio_pci"
+        "xhci_pci"
+        "sd_mod"
+        "sr_mod"
+      ];
+      kernelModules = [ ];
    };
-    kernelModules = [];
-    extraModulePackages = [];
+    kernelModules = [ ];
+    extraModulePackages = [ ];
    loader.grub = {
      enable = true;
-      devices = ["/dev/sda"];
+      devices = [ "/dev/sda" ];
      configurationLimit = 3;
    };
  };
@@ -26,7 +33,7 @@
    fsType = "ext4";
  };

-  swapDevices = [];
+  swapDevices = [ ];
  zramSwap.enable = true;

  nix.settings.max-jobs = lib.mkDefault 2;
--- a/systems/makanek/hedgedoc.nix
+++ b/systems/makanek/hedgedoc.nix
@@ -3,11 +3,13 @@
  pkgs,
  lib,
  ...
-}: let
+}:
+let
  backupLocation = "/var/lib/codimd-backup";
  stateLocation = "/var/lib/codimd/state.sqlite";
  domain = "pad.kmein.de";
-in {
+in
+{
  services.nginx.virtualHosts.${domain} = {
    enableACME = true;
    forceSSL = true;
@@ -18,17 +20,20 @@ in {
  };

  security.acme.certs.${domain}.group = "hedgecert";
-  users.groups.hedgecert.members = ["codimd" "nginx"];
+  users.groups.hedgecert.members = [
+    "codimd"
+    "nginx"
+  ];

  security.dhparams = {
    enable = true;
-    params.hedgedoc = {};
+    params.hedgedoc = { };
  };

  services.hedgedoc = {
    enable = true;
    settings = {
-      allowOrigin = [domain];
+      allowOrigin = [ domain ];
      allowAnonymous = true;
      allowGravatar = false;
      allowFreeURL = true;
@@ -40,7 +45,7 @@ in {
      domain = domain;
      useSSL = true;
      protocolUseSSL = true;
-      sslCAPath = ["/etc/ssl/certs/ca-certificates.crt"];
+      sslCAPath = [ "/etc/ssl/certs/ca-certificates.crt" ];
      sslCertPath = "/var/lib/acme/${domain}/cert.pem";
      sslKeyPath = "/var/lib/acme/${domain}/key.pem";
      dhParamPath = config.security.dhparams.params.hedgedoc.path;
@@ -70,7 +75,7 @@ in {
    script = ''
      ${pkgs.sqlite}/bin/sqlite3 -json ${stateLocation} "select shortid, alias, ownerId, content from Notes" \
      | ${
-        pkgs.writers.writePython3 "hedgedoc-json-to-fs.py" {} ''
+        pkgs.writers.writePython3 "hedgedoc-json-to-fs.py" { } ''
          import json
          import pathlib
          import sys
--- a/systems/makanek/horoscopy.nix
+++ b/systems/makanek/horoscopy.nix
@@ -2,7 +2,8 @@
  pkgs,
  lib,
  ...
-}: let
+}:
+let
  port = 5040;
  punkt = pkgs.fetchzip {
    url = "https://raw.githubusercontent.com/nltk/nltk_data/gh-pages/packages/tokenizers/punkt.zip";
@@ -14,10 +15,11 @@
    hash = "sha256-KBAbCvayTEr4+cOHnMXHCBA+8RWDMiQF65xzP4fOdaE=";
  };
  horoscopy = import horoscopy-src;
-in {
+in
+{
  systemd.services.horoscopy = {
-    wants = ["network-online.target"];
-    wantedBy = ["multi-user.target"];
+    wants = [ "network-online.target" ];
+    wantedBy = [ "multi-user.target" ];
    description = "AI astrologer";
    serviceConfig = {
      DynamicUser = true;
--- a/systems/makanek/matterbridge.nix
+++ b/systems/makanek/matterbridge.nix
@@ -2,52 +2,58 @@
  pkgs,
  lib,
  ...
-}: {
+}:
+{
  services.matterbridge = {
    enable = false;
-    configPath = let
-      bridgeBotToken = lib.strings.fileContents <system-secrets/telegram/krebs.token>;
-    in
-      toString ((pkgs.formats.toml {}).generate "config.toml" {
-        general = {
-          RemoteNickFormat = "[{NICK}] ";
-          Charset = "utf-8";
-        };
-        telegram.krebs.Token = bridgeBotToken;
-        irc = let
-          Nick = "ponte";
-        in {
-          hackint = {
-            Server = "irc.hackint.org:6697";
-            UseTLS = true;
-            inherit Nick;
+    configPath =
+      let
+        bridgeBotToken = lib.strings.fileContents <system-secrets/telegram/krebs.token>;
+      in
+      toString (
+        (pkgs.formats.toml { }).generate "config.toml" {
+          general = {
+            RemoteNickFormat = "[{NICK}] ";
+            Charset = "utf-8";
          };
-        };
-        mumble.lassulus = {
-          Server = "lassul.us:64738";
-          Nick = "krebs_bridge";
-          SkipTLSVerify = true;
-        };
-        gateway = [
-          {
-            name = "krebs-bridge";
-            enable = true;
-            inout = [
-              {
-                account = "irc.hackint";
-                channel = "#krebs";
-              }
-              {
-                account = "telegram.krebs";
-                channel = "-330372458";
-              }
-              {
-                account = "mumble.lassulus";
-                channel = 6; # "nixos"
-              }
-            ];
-          }
-        ];
-      });
+          telegram.krebs.Token = bridgeBotToken;
+          irc =
+            let
+              Nick = "ponte";
+            in
+            {
+              hackint = {
+                Server = "irc.hackint.org:6697";
+                UseTLS = true;
+                inherit Nick;
+              };
+            };
+          mumble.lassulus = {
+            Server = "lassul.us:64738";
+            Nick = "krebs_bridge";
+            SkipTLSVerify = true;
+          };
+          gateway = [
+            {
+              name = "krebs-bridge";
+              enable = true;
+              inout = [
+                {
+                  account = "irc.hackint";
+                  channel = "#krebs";
+                }
+                {
+                  account = "telegram.krebs";
+                  channel = "-330372458";
+                }
+                {
+                  account = "mumble.lassulus";
+                  channel = 6; # "nixos"
+                }
+              ];
+            }
+          ];
+        }
+      );
  };
 }
--- a/systems/makanek/menstruation.nix
+++ b/systems/makanek/menstruation.nix
@@ -4,15 +4,17 @@
  lib,
  inputs,
  ...
-}: let
+}:
+let
  backendPort = 8000;
-in {
+in
+{
  services.redis.servers.menstruation = {
    enable = true;
    port = 6379;
  };

-  environment.systemPackages = [pkgs.redis];
+  environment.systemPackages = [ pkgs.redis ];

  niveum.passport.services = [
    {
@@ -28,7 +30,7 @@ in {
      "menstruation-backend.service"
      "redis-menstruation.service"
    ];
-    wantedBy = ["multi-user.target"];
+    wantedBy = [ "multi-user.target" ];
    environment = {
      MENSTRUATION_ENDPOINT = "http://localhost:${toString backendPort}";
      MENSTRUATION_MODERATORS = "18980945";
@@ -50,7 +52,7 @@ in {
  age.secrets.telegram-token-menstruation.file = ../../secrets/telegram-token-menstruation.age;

  systemd.services.menstruation-backend = {
-    wants = ["network-online.target"];
+    wants = [ "network-online.target" ];
    environment.ROCKET_PORT = toString backendPort;
    serviceConfig = {
      Restart = "always";
--- a/systems/makanek/moinbot.nix
+++ b/systems/makanek/moinbot.nix
@@ -1,7 +1,8 @@
 {
  pkgs,
  ...
-}: {
+}:
+{
  systemd.services.moinbot = {
    startAt = "7:00";
    script = ''
--- a/systems/makanek/monitoring/blackbox.nix
+++ b/systems/makanek/monitoring/blackbox.nix
@@ -8,7 +8,10 @@
      method = "GET";
      no_follow_redirects = false;
      preferred_ip_protocol = "ip4";
-      valid_http_versions = ["HTTP/1.1" "HTTP/2.0"];
+      valid_http_versions = [
+        "HTTP/1.1"
+        "HTTP/2.0"
+      ];
      tls_config.insecure_skip_verify = true;
    };
    prober = "http";