about summary refs log tree commit diff
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2024-12-19 12:54:16 -0800
committerFranck Cuny <franck@fcuny.net>2024-12-19 12:54:16 -0800
commitbc40b7e0ad2ef5960b7f1695b4520909252a0e49 (patch)
treef22e9e5001720bbc82055a5d4d3b24077b9647de
parentuse treefmt to format all the files (diff)
downloadworld-bc40b7e0ad2ef5960b7f1695b4520909252a0e49.tar.gz
switch to the newer version of nixfmt
`nixfmt-rfc-style' replaces `nixfmt-classic'. It's actively
maintained, but also changes the style, so this commit touches all the
files in the repository.
Diffstat (limited to '')
-rw-r--r--flake.nix126
-rw-r--r--nix/lib/mkSystem.nix18
-rw-r--r--nix/lib/overlays.nix14
-rw-r--r--nix/machines/darwin-shared.nix18
-rw-r--r--nix/machines/hq-c02fk3q7md6t/default.nix3
-rw-r--r--nix/machines/mba-m2/default.nix3
-rw-r--r--nix/machines/vm-aarch64/default.nix8
-rw-r--r--nix/machines/vm-aarch64/hardware.nix13
-rw-r--r--nix/machines/vm-hetzner/default.nix71
-rw-r--r--nix/machines/vm-hetzner/hardware.nix11
-rw-r--r--nix/machines/vm-shared.nix24
-rw-r--r--nix/machines/vm-synology/ddns.nix6
-rw-r--r--nix/machines/vm-synology/default.nix11
-rw-r--r--nix/machines/vm-synology/git.nix37
-rw-r--r--nix/machines/vm-synology/hardware.nix15
-rw-r--r--nix/machines/vm-synology/web.nix11
-rw-r--r--nix/users/fcuny/1password.nix14
-rw-r--r--nix/users/fcuny/darwin.nix3
-rw-r--r--nix/users/fcuny/git.nix18
-rw-r--r--nix/users/fcuny/go.nix16
-rw-r--r--nix/users/fcuny/home-manager.nix28
-rw-r--r--nix/users/fcuny/k8s.nix6
-rw-r--r--nix/users/fcuny/nixos.nix12
-rw-r--r--nix/users/fcuny/shell.nix17
-rw-r--r--nix/users/fcuny/ssh.nix19
-rw-r--r--nix/users/fcuny/work.nix6
-rw-r--r--packages/hashi/default.nix13
-rw-r--r--packages/perf-flamegraph-pid/default.nix16
-rw-r--r--packages/sapi/default.nix11
-rw-r--r--secrets/secrets.nix14
30 files changed, 382 insertions, 200 deletions
diff --git a/flake.nix b/flake.nix
index b65a7dd..b71d627 100644
--- a/flake.nix
+++ b/flake.nix
@@ -38,24 +38,40 @@
   };
 
   # Output config, or config for NixOS system
-  outputs = { self, nixpkgs, darwin, flake-utils, pre-commit-hooks, devshell
-    , treefmt-nix, agenix, ... }@inputs:
-    flake-utils.lib.eachDefaultSystem (system:
+  outputs =
+    {
+      self,
+      nixpkgs,
+      darwin,
+      flake-utils,
+      pre-commit-hooks,
+      devshell,
+      treefmt-nix,
+      agenix,
+      ...
+    }@inputs:
+    flake-utils.lib.eachDefaultSystem (
+      system:
       let
         pkgs = import nixpkgs {
           inherit system;
           overlays = [ devshell.overlays.default ];
         };
-        treefmt = (treefmt-nix.lib.mkWrapper pkgs {
-          projectRootFile = "flake.nix";
-          programs = { nixfmt-classic.enable = true; };
-          settings.formatter.deadnix = {
-            command = "${pkgs.deadnix}/bin/deadnix";
-            options = [ "--edit" ];
-            includes = [ "*.nix" ];
-          };
-        });
-      in {
+        treefmt = (
+          treefmt-nix.lib.mkWrapper pkgs {
+            projectRootFile = "flake.nix";
+            programs = {
+              nixfmt.enable = true;
+            };
+            settings.formatter.deadnix = {
+              command = "${pkgs.deadnix}/bin/deadnix";
+              options = [ "--edit" ];
+              includes = [ "*.nix" ];
+            };
+          }
+        );
+      in
+      {
         checks = {
           pre-commit-check = pre-commit-hooks.lib.${system}.run {
             src = ./.;
@@ -80,49 +96,55 @@
             treefmt
             inputs.agenix.packages."${system}".default
           ];
-          devshell.startup.pre-commit.text =
-            self.checks.${system}.pre-commit-check.shellHook;
-          env = [{
-            name = "DEVSHELL_NO_MOTD";
-            value = "1";
-          }];
+          devshell.startup.pre-commit.text = self.checks.${system}.pre-commit-check.shellHook;
+          env = [
+            {
+              name = "DEVSHELL_NO_MOTD";
+              value = "1";
+            }
+          ];
         };
 
-      }) // (flake-utils.lib.eachDefaultSystemPassThrough (system:
-        let
-          mkSystem = import ./nix/lib/mkSystem.nix { inherit nixpkgs inputs; };
-        in {
-
-          # a VM running on the MacBook Air
-          nixosConfigurations.vm-aarch64 = mkSystem "vm-aarch64" {
-            system = "aarch64-linux";
-            user = "fcuny";
-          };
+      }
+    )
+    // (flake-utils.lib.eachDefaultSystemPassThrough (
+      system:
+      let
+        mkSystem = import ./nix/lib/mkSystem.nix { inherit nixpkgs inputs; };
+      in
+      {
+
+        # a VM running on the MacBook Air
+        nixosConfigurations.vm-aarch64 = mkSystem "vm-aarch64" {
+          system = "aarch64-linux";
+          user = "fcuny";
+        };
 
-          # a VM running on the synology DS923+
-          nixosConfigurations.vm-synology = mkSystem "vm-synology" {
-            system = "x86_64-linux";
-            user = "fcuny";
-          };
+        # a VM running on the synology DS923+
+        nixosConfigurations.vm-synology = mkSystem "vm-synology" {
+          system = "x86_64-linux";
+          user = "fcuny";
+        };
 
-          # a VM running on hetzner cloud
-          nixosConfigurations.vm-hetzner = mkSystem "vm-hetzner" {
-            system = "x86_64-linux";
-            user = "fcuny";
-          };
+        # a VM running on hetzner cloud
+        nixosConfigurations.vm-hetzner = mkSystem "vm-hetzner" {
+          system = "x86_64-linux";
+          user = "fcuny";
+        };
 
-          # my personal MacBook Air
-          darwinConfigurations.mba-m2 = mkSystem "mba-m2" {
-            system = "aarch64-darwin";
-            user = "fcuny";
-            darwin = true;
-          };
+        # my personal MacBook Air
+        darwinConfigurations.mba-m2 = mkSystem "mba-m2" {
+          system = "aarch64-darwin";
+          user = "fcuny";
+          darwin = true;
+        };
 
-          # my work MacBook Pro
-          darwinConfigurations.hq-c02fk3q7md6t = mkSystem "hq-c02fk3q7md6t" {
-            system = "x86_64-darwin";
-            user = "fcuny";
-            darwin = true;
-          };
-        }));
+        # my work MacBook Pro
+        darwinConfigurations.hq-c02fk3q7md6t = mkSystem "hq-c02fk3q7md6t" {
+          system = "x86_64-darwin";
+          user = "fcuny";
+          darwin = true;
+        };
+      }
+    ));
 }
diff --git a/nix/lib/mkSystem.nix b/nix/lib/mkSystem.nix
index c9c8074..b54a4f4 100644
--- a/nix/lib/mkSystem.nix
+++ b/nix/lib/mkSystem.nix
@@ -3,7 +3,11 @@
 { nixpkgs, inputs }:
 
 name:
-{ system, user, darwin ? false, }:
+{
+  system,
+  user,
+  darwin ? false,
+}:
 
 let
   # The config files for this system.
@@ -12,13 +16,11 @@ let
   userHMConfig = ../users/${user}/home-manager.nix;
 
   # NixOS vs nix-darwin functionst
-  systemFunc =
-    if darwin then inputs.darwin.lib.darwinSystem else nixpkgs.lib.nixosSystem;
-  home-manager = if darwin then
-    inputs.home-manager.darwinModules
-  else
-    inputs.home-manager.nixosModules;
-in systemFunc rec {
+  systemFunc = if darwin then inputs.darwin.lib.darwinSystem else nixpkgs.lib.nixosSystem;
+  home-manager =
+    if darwin then inputs.home-manager.darwinModules else inputs.home-manager.nixosModules;
+in
+systemFunc rec {
   inherit system;
 
   modules = [
diff --git a/nix/lib/overlays.nix b/nix/lib/overlays.nix
index 531c725..7b338c6 100644
--- a/nix/lib/overlays.nix
+++ b/nix/lib/overlays.nix
@@ -1,5 +1,9 @@
-let path = ../../overlays;
-in with builtins;
-map (n: import (path + ("/" + n))) (filter (n:
-  match ".*\\.nix" n != null || pathExists (path + ("/" + n + "/default.nix")))
-  (attrNames (readDir path)))
+let
+  path = ../../overlays;
+in
+with builtins;
+map (n: import (path + ("/" + n))) (
+  filter (n: match ".*\\.nix" n != null || pathExists (path + ("/" + n + "/default.nix"))) (
+    attrNames (readDir path)
+  )
+)
diff --git a/nix/machines/darwin-shared.nix b/nix/machines/darwin-shared.nix
index 344ff00..b56670d 100644
--- a/nix/machines/darwin-shared.nix
+++ b/nix/machines/darwin-shared.nix
@@ -1,9 +1,16 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
+{
   nix = {
     package = pkgs.nixVersions.stable;
     settings = {
-      trusted-users = [ "@admin" "fcuny" ];
-      experimental-features = [ "nix-command" "flakes" ];
+      trusted-users = [
+        "@admin"
+        "fcuny"
+      ];
+      experimental-features = [
+        "nix-command"
+        "flakes"
+      ];
     };
   };
 
@@ -58,7 +65,10 @@
   '';
 
   # Required for homebrew on aarch64
-  environment.systemPath = [ "/opt/homebrew/bin" "/opt/homebrew/sbin" ];
+  environment.systemPath = [
+    "/opt/homebrew/bin"
+    "/opt/homebrew/sbin"
+  ];
 
   homebrew = {
     enable = true;
diff --git a/nix/machines/hq-c02fk3q7md6t/default.nix b/nix/machines/hq-c02fk3q7md6t/default.nix
index 001f3d5..5910d09 100644
--- a/nix/machines/hq-c02fk3q7md6t/default.nix
+++ b/nix/machines/hq-c02fk3q7md6t/default.nix
@@ -1,4 +1,5 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
+{
   imports = [ ../darwin-shared.nix ];
 
   system.stateVersion = 5;
diff --git a/nix/machines/mba-m2/default.nix b/nix/machines/mba-m2/default.nix
index 72a4e8b..04c5780 100644
--- a/nix/machines/mba-m2/default.nix
+++ b/nix/machines/mba-m2/default.nix
@@ -1,4 +1,5 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
+{
   imports = [ ../darwin-shared.nix ];
 
   system.stateVersion = 5;
diff --git a/nix/machines/vm-aarch64/default.nix b/nix/machines/vm-aarch64/default.nix
index b1444cc..86382af 100644
--- a/nix/machines/vm-aarch64/default.nix
+++ b/nix/machines/vm-aarch64/default.nix
@@ -1,5 +1,9 @@
-{ ... }: {
-  imports = [ ./hardware.nix ../vm-shared.nix ];
+{ ... }:
+{
+  imports = [
+    ./hardware.nix
+    ../vm-shared.nix
+  ];
 
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
diff --git a/nix/machines/vm-aarch64/hardware.nix b/nix/machines/vm-aarch64/hardware.nix
index 084cc74..67dc249 100644
--- a/nix/machines/vm-aarch64/hardware.nix
+++ b/nix/machines/vm-aarch64/hardware.nix
@@ -1,10 +1,14 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ lib, modulesPath, ... }: {
+{ lib, modulesPath, ... }:
+{
   imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
 
-  boot.initrd.availableKernelModules = [ "xhci_pci" "sr_mod" ];
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "sr_mod"
+  ];
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ ];
   boot.extraModulePackages = [ ];
@@ -17,7 +21,10 @@
   fileSystems."/boot" = {
     device = "/dev/disk/by-label/boot";
     fsType = "vfat";
-    options = [ "fmask=0022" "dmask=0022" ];
+    options = [
+      "fmask=0022"
+      "dmask=0022"
+    ];
   };
 
   swapDevices = [ ];
diff --git a/nix/machines/vm-hetzner/default.nix b/nix/machines/vm-hetzner/default.nix
index 889b00d..c7ab4c8 100644
--- a/nix/machines/vm-hetzner/default.nix
+++ b/nix/machines/vm-hetzner/default.nix
@@ -1,5 +1,9 @@
-{ pkgs, lib, ... }: {
-  imports = [ ./hardware.nix ../vm-shared.nix ];
+{ pkgs, lib, ... }:
+{
+  imports = [
+    ./hardware.nix
+    ../vm-shared.nix
+  ];
 
   boot.tmp.cleanOnBoot = true;
   zramSwap.enable = true;
@@ -14,8 +18,11 @@
   # This file was populated at runtime with the networking
   # details gathered from the active system.
   networking = {
-    nameservers =
-      [ "2a01:4ff:ff00::add:2" "2a01:4ff:ff00::add:1" "185.12.64.1" ];
+    nameservers = [
+      "2a01:4ff:ff00::add:2"
+      "2a01:4ff:ff00::add:1"
+      "185.12.64.1"
+    ];
     defaultGateway = "172.31.1.1";
     defaultGateway6 = {
       address = "fe80::1";
@@ -25,10 +32,12 @@
     usePredictableInterfaceNames = lib.mkForce false;
     interfaces = {
       eth0 = {
-        ipv4.addresses = [{
-          address = "5.78.87.68";
-          prefixLength = 32;
-        }];
+        ipv4.addresses = [
+          {
+            address = "5.78.87.68";
+            prefixLength = 32;
+          }
+        ];
         ipv6.addresses = [
           {
             address = "2a01:4ff:1f0:d1a3::1";
@@ -39,14 +48,18 @@
             prefixLength = 64;
           }
         ];
-        ipv4.routes = [{
-          address = "172.31.1.1";
-          prefixLength = 32;
-        }];
-        ipv6.routes = [{
-          address = "fe80::1";
-          prefixLength = 128;
-        }];
+        ipv4.routes = [
+          {
+            address = "172.31.1.1";
+            prefixLength = 32;
+          }
+        ];
+        ipv6.routes = [
+          {
+            address = "fe80::1";
+            prefixLength = 128;
+          }
+        ];
       };
 
     };
@@ -73,8 +86,7 @@
   # TODO(fcuny): I could create the configuration file to set the default branch
   services.gitolite = {
     enable = true;
-    adminPubkey =
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi";
+    adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi";
     user = "git";
     group = "git";
     extraGitoliteRc = ''
@@ -102,10 +114,8 @@
       readme = ":README.md";
       project-list = "/var/lib/gitolite/projects.list";
       about-filter = "${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh";
-      source-filter =
-        "${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py";
-      clone-url =
-        (lib.concatStringsSep " " [ "https://git.fcuny.net/$CGIT_REPO_URL" ]);
+      source-filter = "${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py";
+      clone-url = (lib.concatStringsSep " " [ "https://git.fcuny.net/$CGIT_REPO_URL" ]);
       enable-log-filecount = 1;
       enable-log-linecount = 1;
       enable-git-config = 1;
@@ -129,7 +139,9 @@
   virtualisation.oci-containers.containers.excalidraw = {
     autoStart = true;
     image = "excalidraw/excalidraw:latest";
-    environment = { TZ = "America/Los_Angeles"; };
+    environment = {
+      TZ = "America/Los_Angeles";
+    };
     ports = [ "127.0.0.1:3030:80" ];
     extraOptions = [ "--pull=always" ];
   };
@@ -151,7 +163,9 @@
         forceSSL = true;
         enableACME = true;
         locations = {
-          "/" = { root = "/srv/www/fcuny.net"; };
+          "/" = {
+            root = "/srv/www/fcuny.net";
+          };
           "/.well-known/acme-challenge" = {
             root = "/var/lib/acme/acme-challenges";
           };
@@ -190,8 +204,13 @@
       "/var/lib/gitolite/.ssh"
       "/var/lib/gitolite/.viminfo"
     ];
-    extraBackupArgs = [ "--exclude-caches" "--compression=max" ];
-    timerConfig = { OnCalendar = "*:0/30"; };
+    extraBackupArgs = [
+      "--exclude-caches"
+      "--compression=max"
+    ];
+    timerConfig = {
+      OnCalendar = "*:0/30";
+    };
     pruneOpts = [
       "--keep-hourly 36"
       "--keep-daily 7"
diff --git a/nix/machines/vm-hetzner/hardware.nix b/nix/machines/vm-hetzner/hardware.nix
index 89a92a9..351c991 100644
--- a/nix/machines/vm-hetzner/hardware.nix
+++ b/nix/machines/vm-hetzner/hardware.nix
@@ -1,8 +1,13 @@
-{ modulesPath, ... }: {
+{ modulesPath, ... }:
+{
   imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
 
-  boot.initrd.availableKernelModules =
-    [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
+  boot.initrd.availableKernelModules = [
+    "ata_piix"
+    "uhci_hcd"
+    "xen_blkfront"
+    "vmw_pvscsi"
+  ];
 
   boot.loader.grub = {
     enable = true;
diff --git a/nix/machines/vm-shared.nix b/nix/machines/vm-shared.nix
index 01dbaac..7586987 100644
--- a/nix/machines/vm-shared.nix
+++ b/nix/machines/vm-shared.nix
@@ -1,11 +1,18 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
+{
   boot.kernelPackages = pkgs.linuxPackages_latest;
 
   nix = {
     package = pkgs.nixVersions.latest;
     settings = {
-      trusted-users = [ "@admin" "fcuny" ];
-      experimental-features = [ "nix-command" "flakes" ];
+      trusted-users = [
+        "@admin"
+        "fcuny"
+      ];
+      experimental-features = [
+        "nix-command"
+        "flakes"
+      ];
     };
   };
 
@@ -18,14 +25,21 @@
   virtualisation.docker.enable = true;
 
   # Select internationalisation properties.
-  i18n = { defaultLocale = "en_US.UTF-8"; };
+  i18n = {
+    defaultLocale = "en_US.UTF-8";
+  };
 
   # Define a user account. Don't forget to set a password with ‘passwd’.
   users.mutableUsers = false;
 
   # List packages installed in system profile. To search, run:
   # $ nix search wget
-  environment.systemPackages = with pkgs; [ curl git vim jq ];
+  environment.systemPackages = with pkgs; [
+    curl
+    git
+    vim
+    jq
+  ];
 
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;
diff --git a/nix/machines/vm-synology/ddns.nix b/nix/machines/vm-synology/ddns.nix
index df59793..837bfa7 100644
--- a/nix/machines/vm-synology/ddns.nix
+++ b/nix/machines/vm-synology/ddns.nix
@@ -1,4 +1,5 @@
-{ ... }: {
+{ ... }:
+{
   age.secrets.ddns-updater = {
     file = ../../../secrets/ddns-updater.age;
     owner = "root";
@@ -16,6 +17,5 @@
   };
 
   # https://systemd.io/CREDENTIALS/
-  systemd.services.ddns-updater.serviceConfig.LoadCredential =
-    "config.json:/run/agenix/ddns-updater";
+  systemd.services.ddns-updater.serviceConfig.LoadCredential = "config.json:/run/agenix/ddns-updater";
 }
diff --git a/nix/machines/vm-synology/default.nix b/nix/machines/vm-synology/default.nix
index 68952c6..8e8dfc5 100644
--- a/nix/machines/vm-synology/default.nix
+++ b/nix/machines/vm-synology/default.nix
@@ -1,5 +1,12 @@
-{ ... }: {
-  imports = [ ./hardware.nix ../vm-shared.nix ./ddns.nix ./web.nix ./git.nix ];
+{ ... }:
+{
+  imports = [
+    ./hardware.nix
+    ../vm-shared.nix
+    ./ddns.nix
+    ./web.nix
+    ./git.nix
+  ];
 
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
diff --git a/nix/machines/vm-synology/git.nix b/nix/machines/vm-synology/git.nix
index 698f375..1e6a9e6 100644
--- a/nix/machines/vm-synology/git.nix
+++ b/nix/machines/vm-synology/git.nix
@@ -1,10 +1,10 @@
-{ pkgs, lib, ... }: {
+{ pkgs, lib, ... }:
+{
 
   # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/misc/gitolite.nix
   services.gitolite = {
     enable = true;
-    adminPubkey =
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi";
+    adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi";
     user = "git";
     group = "git";
     extraGitoliteRc = ''
@@ -19,12 +19,10 @@
 
   # let's make sure the default branch is `main'.
   systemd.tmpfiles.rules = [
-    "C /var/lib/gitolite/.gitconfig - git git 0644 ${
-      pkgs.writeText "gitolite-gitconfig" ''
-        [init]
-        	defaultBranch = main
-      ''
-    }"
+    "C /var/lib/gitolite/.gitconfig - git git 0644 ${pkgs.writeText "gitolite-gitconfig" ''
+      [init]
+      	defaultBranch = main
+    ''}"
   ];
 
   services.cgit.main = {
@@ -43,10 +41,8 @@
       readme = ":README.md";
       project-list = "/var/lib/gitolite/projects.list";
       about-filter = "${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh";
-      source-filter =
-        "${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py";
-      clone-url =
-        (lib.concatStringsSep " " [ "https://git.fcuny.net/$CGIT_REPO_URL" ]);
+      source-filter = "${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py";
+      clone-url = (lib.concatStringsSep " " [ "https://git.fcuny.net/$CGIT_REPO_URL" ]);
       enable-log-filecount = 1;
       enable-log-linecount = 1;
       enable-git-config = 1;
@@ -88,8 +84,17 @@
       "/var/lib/gitolite/.ssh"
       "/var/lib/gitolite/.viminfo"
     ];
-    extraBackupArgs = [ "--exclude-caches" "--compression=max" ];
-    timerConfig = { OnCalendar = "daily"; };
-    pruneOpts = [ "--keep-daily 7" "--keep-weekly 4" "--keep-monthly 3" ];
+    extraBackupArgs = [
+      "--exclude-caches"
+      "--compression=max"
+    ];
+    timerConfig = {
+      OnCalendar = "daily";
+    };
+    pruneOpts = [
+      "--keep-daily 7"
+      "--keep-weekly 4"
+      "--keep-monthly 3"
+    ];
   };
 }
diff --git a/nix/machines/vm-synology/hardware.nix b/nix/machines/vm-synology/hardware.nix
index 5511e98..cd1d5e7 100644
--- a/nix/machines/vm-synology/hardware.nix
+++ b/nix/machines/vm-synology/hardware.nix
@@ -6,8 +6,14 @@
 {
   imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
 
-  boot.initrd.availableKernelModules =
-    [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+  boot.initrd.availableKernelModules = [
+    "ata_piix"
+    "uhci_hcd"
+    "virtio_pci"
+    "virtio_scsi"
+    "sd_mod"
+    "sr_mod"
+  ];
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ "kvm-amd" ];
   boot.extraModulePackages = [ ];
@@ -20,7 +26,10 @@
   fileSystems."/boot" = {
     device = "/dev/disk/by-label/boot";
     fsType = "vfat";
-    options = [ "fmask=0022" "dmask=0022" ];
+    options = [
+      "fmask=0022"
+      "dmask=0022"
+    ];
   };
 
   swapDevices = [ ];
diff --git a/nix/machines/vm-synology/web.nix b/nix/machines/vm-synology/web.nix
index f9c34cc..03fe831 100644
--- a/nix/machines/vm-synology/web.nix
+++ b/nix/machines/vm-synology/web.nix
@@ -1,9 +1,12 @@
-{ ... }: {
+{ ... }:
+{
   # container for excalidraw
   virtualisation.oci-containers.containers.excalidraw = {
     autoStart = true;
     image = "excalidraw/excalidraw:latest";
-    environment = { TZ = "America/Los_Angeles"; };
+    environment = {
+      TZ = "America/Los_Angeles";
+    };
     ports = [ "127.0.0.1:3030:80" ];
     extraOptions = [ "--pull=always" ];
   };
@@ -30,7 +33,9 @@
         forceSSL = true;
         enableACME = true;
         locations = {
-          "/" = { root = "/srv/www/fcuny.net"; };
+          "/" = {
+            root = "/srv/www/fcuny.net";
+          };
           "/.well-known/acme-challenge" = {
             root = "/var/lib/acme/acme-challenges";
           };
diff --git a/nix/users/fcuny/1password.nix b/nix/users/fcuny/1password.nix
index fd1dfbe..bf8133f 100644
--- a/nix/users/fcuny/1password.nix
+++ b/nix/users/fcuny/1password.nix
@@ -1,11 +1,13 @@
 { config, ... }:
 let
   home = config.home.homeDirectory;
-  darwinSockPath =
-    "${home}/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock";
+  darwinSockPath = "${home}/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock";
   sockPath = ".1password/agent.sock";
-in {
-  home.sessionVariables = { SSH_AUTH_SOCK = "${home}/${sockPath}"; };
+in
+{
+  home.sessionVariables = {
+    SSH_AUTH_SOCK = "${home}/${sockPath}";
+  };
 
   home.file.sock = {
     source = config.lib.file.mkOutOfStoreSymlink darwinSockPath;
@@ -18,7 +20,9 @@ in {
     '';
   };
 
-  programs.ssh = { extraConfig = "IdentityAgent ~/${sockPath}"; };
+  programs.ssh = {
+    extraConfig = "IdentityAgent ~/${sockPath}";
+  };
 
   # Generate ssh agent config for 1Password
   # I want both my personal and work keys
diff --git a/nix/users/fcuny/darwin.nix b/nix/users/fcuny/darwin.nix
index b882bc5..1291031 100644
--- a/nix/users/fcuny/darwin.nix
+++ b/nix/users/fcuny/darwin.nix
@@ -1,4 +1,5 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
+{
   nixpkgs.overlays = import ../../../nix/lib/overlays.nix;
 
   # The user should already exist, but we need to set this up so Nix knows
diff --git a/nix/users/fcuny/git.nix b/nix/users/fcuny/git.nix
index c89454b..9f7023a 100644
--- a/nix/users/fcuny/git.nix
+++ b/nix/users/fcuny/git.nix
@@ -1,4 +1,5 @@
-{ lib, pkgs, ... }: {
+{ lib, pkgs, ... }:
+{
   home.packages = with pkgs; [
     gitAndTools.pre-commit
     git-credential-manager
@@ -10,7 +11,9 @@
     userName = "Franck Cuny";
     userEmail = "franck@fcuny.net";
 
-    aliases = { amend = "commit --amend"; };
+    aliases = {
+      amend = "commit --amend";
+    };
 
     # https://stackoverflow.com/questions/74012449/git-includeif-hasconfigremote-url-not-working
     # to test it's working as expected:
@@ -19,17 +22,18 @@
     includes = [
       {
         condition = "hasconfig:remote.*.url:git@github.rbx.com:*/**";
-        path = pkgs.writeText "username.cfg"
-          (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; });
+        path = pkgs.writeText "username.cfg" (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; });
       }
       {
         condition = "hasconfig:remote.*.url:git@github.com:Roblox/**";
-        path = pkgs.writeText "username.cfg"
-          (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; });
+        path = pkgs.writeText "username.cfg" (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; });
       }
     ];
 
-    ignores = [ ".envrc" ".direnv" ];
+    ignores = [
+      ".envrc"
+      ".direnv"
+    ];
 
     extraConfig = {
       core.whitespace = "trailing-space,space-before-tab";
diff --git a/nix/users/fcuny/go.nix b/nix/users/fcuny/go.nix
index b52f89e..401abe3 100644
--- a/nix/users/fcuny/go.nix
+++ b/nix/users/fcuny/go.nix
@@ -1,11 +1,21 @@
-{ config, pkgs, ... }: {
-  home.packages = with pkgs; [ go-tools golangci-lint gopls delve ];
+{ config, pkgs, ... }:
+{
+  home.packages = with pkgs; [
+    go-tools
+    golangci-lint
+    gopls
+    delve
+  ];
 
   programs.go = {
     enable = true;
     goPath = ".local/share/pkg.go";
     goBin = ".local/bin.go";
-    goPrivate = [ "github.rbx.com/*" "github.com/fcuny/*" "git.fcuny.net/*" ];
+    goPrivate = [
+      "github.rbx.com/*"
+      "github.com/fcuny/*"
+      "git.fcuny.net/*"
+    ];
   };
 
   home.sessionPath = [ config.home.sessionVariables.GOBIN ];
diff --git a/nix/users/fcuny/home-manager.nix b/nix/users/fcuny/home-manager.nix
index e975c37..e450c24 100644
--- a/nix/users/fcuny/home-manager.nix
+++ b/nix/users/fcuny/home-manager.nix
@@ -1,26 +1,34 @@
 { darwin, systemName, ... }:
 
-{ lib, pkgs, ... }: {
+{ lib, pkgs, ... }:
+{
   home.stateVersion = "23.05";
 
   xdg.enable = true;
 
-  imports = [ ./shell.nix ./ssh.nix ./git.nix ]
-    ++ lib.optionals darwin [ ./1password.nix ./go.nix ]
+  imports =
+    [
+      ./shell.nix
+      ./ssh.nix
+      ./git.nix
+    ]
+    ++ lib.optionals darwin [
+      ./1password.nix
+      ./go.nix
+    ]
     ++ lib.optionals (systemName == "hq-c02fk3q7md6t") [ ./work.nix ];
 
-  home.packages = with pkgs;
+  home.packages =
+    with pkgs;
     [
       # encryption
       age
 
-      # nix
       nil # nix lsp
-      nix-direnv
-      nixd
-      nixfmt-classic
-      nixpkgs-fmt
-    ] ++ (lib.optionals (darwin) [
+      nix-direnv # integration with direnv
+      nixfmt-rfc-style # new formatter
+    ]
+    ++ (lib.optionals (darwin) [
       # media
       mpv
       ffmpeg
diff --git a/nix/users/fcuny/k8s.nix b/nix/users/fcuny/k8s.nix
index 88a7350..cbc04ef 100644
--- a/nix/users/fcuny/k8s.nix
+++ b/nix/users/fcuny/k8s.nix
@@ -1,4 +1,5 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
+{
   home.packages = with pkgs; [
     kind # k8s in docker
     kubebuilder # generate controller
@@ -31,8 +32,7 @@
       klogs = "kubectl logs";
     };
     shellAliases = {
-      ukctx =
-        "${pkgs.gh}/bin/gh api --hostname github.rbx.com repos/Roblox/cell-lifecycle/contents/rks/kubeconfig --jq '.content' | base64 -d > ~/.kube/rksconfig";
+      ukctx = "${pkgs.gh}/bin/gh api --hostname github.rbx.com repos/Roblox/cell-lifecycle/contents/rks/kubeconfig --jq '.content' | base64 -d > ~/.kube/rksconfig";
     };
   };
 }
diff --git a/nix/users/fcuny/nixos.nix b/nix/users/fcuny/nixos.nix
index 4cc80bd..a6c302f 100644
--- a/nix/users/fcuny/nixos.nix
+++ b/nix/users/fcuny/nixos.nix
@@ -1,4 +1,5 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
+{
   # add ~/.local/bin to PATH
   environment.localBinInPath = true;
 
@@ -8,10 +9,13 @@
   users.users.fcuny = {
     isNormalUser = true;
     home = "/home/fcuny";
-    extraGroups = [ "docker" "wheel" "podman" ];
+    extraGroups = [
+      "docker"
+      "wheel"
+      "podman"
+    ];
     shell = pkgs.fish;
-    hashedPassword =
-      "$6$U4GoqhuHgdr.h0JP$C/BKslQfOpPJ5lUzrTeQh6i859R/jEKYSF9MaRhWYo5VG6aCDKsvb5xKSifH4nQt6okJixG9ceFh..Mnt93Jt/";
+    hashedPassword = "$6$U4GoqhuHgdr.h0JP$C/BKslQfOpPJ5lUzrTeQh6i859R/jEKYSF9MaRhWYo5VG6aCDKsvb5xKSifH4nQt6okJixG9ceFh..Mnt93Jt/";
     openssh.authorizedKeys.keys = [
       # key `nixos` in 1password
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
diff --git a/nix/users/fcuny/shell.nix b/nix/users/fcuny/shell.nix
index d95c74d..e690437 100644
--- a/nix/users/fcuny/shell.nix
+++ b/nix/users/fcuny/shell.nix
@@ -1,7 +1,10 @@
 { config, pkgs, ... }:
-let isLinux = pkgs.stdenv.isLinux;
-in {
-  home.packages = with pkgs;
+let
+  isLinux = pkgs.stdenv.isLinux;
+in
+{
+  home.packages =
+    with pkgs;
     [
       # shell
       shellcheck
@@ -28,7 +31,8 @@ in {
       aspellDicts.en
       aspellDicts.en-computers
       aspellDicts.en-science
-    ] ++ (lib.optionals (isLinux) [ htop ]);
+    ]
+    ++ (lib.optionals (isLinux) [ htop ]);
 
   # https://github.com/nix-community/home-manager/blob/master/modules/programs/fish.nix
   programs.fish = {
@@ -65,7 +69,10 @@ in {
   programs.fd = {
     enable = true;
     hidden = true;
-    ignores = [ ".git/" ".direnv/" ];
+    ignores = [
+      ".git/"
+      ".direnv/"
+    ];
   };
 
   programs.direnv = {
diff --git a/nix/users/fcuny/ssh.nix b/nix/users/fcuny/ssh.nix
index 2129650..004d44f 100644
--- a/nix/users/fcuny/ssh.nix
+++ b/nix/users/fcuny/ssh.nix
@@ -1,4 +1,5 @@
-{ ... }: {
+{ ... }:
+{
   # https://github.com/nix-community/home-manager/blob/master/modules/programs/ssh.nix
   programs.ssh = {
     enable = true;
@@ -12,26 +13,34 @@
         hostname = "github.com";
         user = "git";
         forwardAgent = false;
-        extraOptions = { preferredAuthentications = "publickey"; };
+        extraOptions = {
+          preferredAuthentications = "publickey";
+        };
       };
       "github.rbx.com" = {
         hostname = "github.rbx.com";
         user = "git";
         forwardAgent = false;
-        extraOptions = { preferredAuthentications = "publickey"; };
+        extraOptions = {
+          preferredAuthentications = "publickey";
+        };
       };
       "git" = {
         hostname = "git.fcuny.net";
         port = 422;
         user = "git";
         forwardAgent = false;
-        extraOptions = { preferredAuthentications = "publickey"; };
+        extraOptions = {
+          preferredAuthentications = "publickey";
+        };
       };
       "home" = {
         hostname = "fcuny.net";
         port = 422;
         user = "fcuny";
-        extraOptions = { preferredAuthentications = "publickey"; };
+        extraOptions = {
+          preferredAuthentications = "publickey";
+        };
       };
     };
   };
diff --git a/nix/users/fcuny/work.nix b/nix/users/fcuny/work.nix
index 67d7bdb..04cf7dc 100644
--- a/nix/users/fcuny/work.nix
+++ b/nix/users/fcuny/work.nix
@@ -1,4 +1,5 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
+{
   imports = [ ./k8s.nix ];
 
   home.packages = with pkgs; [
@@ -16,8 +17,7 @@
 
   programs.fish = {
     shellAbbrs = {
-      "ssh-sign-chi" =
-        "${pkgs.hashi}/bin/hashi -e chi1 sign --key=(op read 'op://employee/default rbx ssh key/public key'|psub) key";
+      "ssh-sign-chi" = "${pkgs.hashi}/bin/hashi -e chi1 sign --key=(op read 'op://employee/default rbx ssh key/public key'|psub) key";
     };
   };
 }
diff --git a/packages/hashi/default.nix b/packages/hashi/default.nix
index bfe01d5..97de12a 100644
--- a/packages/hashi/default.nix
+++ b/packages/hashi/default.nix
@@ -1,8 +1,13 @@
-{ stdenv, fetchurl, lib, ... }:
+{
+  stdenv,
+  fetchurl,
+  lib,
+  ...
+}:
 let
-  url =
-    "https://artifactory.rbx.com:443/artifactory/generic-rbx-local/hashi/0.1.4/bin/hashi_darwin-amd64";
-in stdenv.mkDerivation rec {
+  url = "https://artifactory.rbx.com:443/artifactory/generic-rbx-local/hashi/0.1.4/bin/hashi_darwin-amd64";
+in
+stdenv.mkDerivation rec {
   pname = "hashi";
   version = "0.1.4";
   src = fetchurl {
diff --git a/packages/perf-flamegraph-pid/default.nix b/packages/perf-flamegraph-pid/default.nix
index 0cd0a1b..9b3789b 100644
--- a/packages/perf-flamegraph-pid/default.nix
+++ b/packages/perf-flamegraph-pid/default.nix
@@ -1,12 +1,22 @@
-{ lib, stdenvNoCC, pkgs }:
+{
+  lib,
+  stdenvNoCC,
+  pkgs,
+}:
 
 stdenvNoCC.mkDerivation rec {
   pname = "perf-flamegraph-pid";
   src = ./perf-flamegraph-pid.sh;
   version = "0.1.0";
 
-  nativeBuildInputs = with pkgs; [ flamegraph linuxPackages_latest.perf ];
-  propagatedBuildInputs = with pkgs; [ flamegraph linuxPackages_latest.perf ];
+  nativeBuildInputs = with pkgs; [
+    flamegraph
+    linuxPackages_latest.perf
+  ];
+  propagatedBuildInputs = with pkgs; [
+    flamegraph
+    linuxPackages_latest.perf
+  ];
 
   dontUnpack = true;
   dontBuild = true;
diff --git a/packages/sapi/default.nix b/packages/sapi/default.nix
index 66df5c0..8a7adbd 100644
--- a/packages/sapi/default.nix
+++ b/packages/sapi/default.nix
@@ -1,11 +1,15 @@
-{ stdenv, fetchurl, lib, ... }:
+{
+  stdenv,
+  fetchurl,
+  lib,
+  ...
+}:
 
 stdenv.mkDerivation rec {
   pname = "sapi";
   version = "1.2.4";
   src = fetchurl {
-    url =
-      "https://artifactory.rbx.com:443/artifactory/generic-rbx-local/sapi-cli/darwin-amd64/v${version}/sapi";
+    url = "https://artifactory.rbx.com:443/artifactory/generic-rbx-local/sapi-cli/darwin-amd64/v${version}/sapi";
     sha256 = "sha256-Il/aqGzxtI84TdUAz4Fvw8RbAgGBZQPN3MZrOitrpVk=";
   };
 
@@ -25,4 +29,3 @@ stdenv.mkDerivation rec {
     platforms = [ "x86_64-darwin" ];
   };
 }
-
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 98e8dd4..34439cd 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,10 +1,12 @@
 let
-  fcuny =
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi";
+  fcuny = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi";
   users = [ fcuny ];
-  vm-synology =
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHf5gXGbOjaoqdpCDnHjBMhikuM0smLKhUo7J83+by+K";
-in {
-  "restic-backups.age".publicKeys = [ fcuny vm-synology ];
+  vm-synology = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHf5gXGbOjaoqdpCDnHjBMhikuM0smLKhUo7J83+by+K";
+in
+{
+  "restic-backups.age".publicKeys = [
+    fcuny
+    vm-synology
+  ];
   "ddns-updater.age".publicKeys = users ++ [ vm-synology ];
 }