Call nixfmt for the first time

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>
2024-09-19 16:20:49 +03:00 · 2023-09-06 16:10:11 +03:00 · 2023-09-06 16:10:11 +03:00 · 9de8497113
parent 6c7e4a2946
commit 9de8497113
35 changed files with 239 additions and 299 deletions
--- a/common/default.nix
+++ b/common/default.nix
@ -10,4 +10,4 @@
    ./stateless.nix
    ./user.nix
  ];
-}
+}
--- a/common/git.nix
+++ b/common/git.nix
@ -1,11 +1,8 @@
 { config, pkgs, lib, ... }:

-let
-  cfg = config.my.git;
+let cfg = config.my.git;
 in {
-  options = {
-    my.git.enable = lib.mkEnableOption "Enable git configuration";
-  };
+  options = { my.git.enable = lib.mkEnableOption "Enable git configuration"; };

  config = lib.mkIf (cfg.enable) {
    home-manager.useGlobalPkgs = true;
@ -22,4 +19,4 @@ in {
      home.stateVersion = "23.05";
    };
  };
-}
+}
--- a/common/laptop.nix
+++ b/common/laptop.nix
@ -1,7 +1,6 @@
 { config, pkgs, lib, ... }:

-let
-  cfg = config.my.laptop;
+let cfg = config.my.laptop;
 in {
  options = {
    my.laptop.enable = lib.mkEnableOption "Laptop-specific configuration";
@ -9,9 +8,7 @@ in {

  config = lib.mkIf (cfg.enable) {
    networking.wireless.iwd.enable = true;
-    environment.systemPackages = with pkgs; [
-      lm_sensors
-    ];
+    environment.systemPackages = with pkgs; [ lm_sensors ];

    hardware.bluetooth.enable = true;
    services.blueman.enable = true;
--- a/common/locale.nix
+++ b/common/locale.nix
@ -4,10 +4,10 @@
  time.timeZone = "Europe/Moscow";

  i18n.defaultLocale = "ru_RU.UTF-8";
-  
+
  console = {
    font = "${pkgs.terminus_font}/share/consolefonts/ter-u24b.psf.gz";
    keyMap = "us";
    packages = with pkgs; [ terminus_font ];
  };
-}
+}
--- a/common/networking.nix
+++ b/common/networking.nix
@ -16,10 +16,8 @@
  };

  # Used by systemd-resolved, not directly by resolv.conf.
-  networking.nameservers = [
-    "8.8.8.8#dns.google"
-    "1.0.0.1#cloudflare-dns.com"
-  ];
+  networking.nameservers =
+    [ "8.8.8.8#dns.google" "1.0.0.1#cloudflare-dns.com" ];

  networking.enableIPv6 = true;

@ -37,7 +35,8 @@
  };

  services.chrony.enable = true;
-  networking.timeServers = [ "ntp1.vniiftri.ru" "0.ru.pool.ntp.org" "0.pool.ntp.org" ];
+  networking.timeServers =
+    [ "ntp1.vniiftri.ru" "0.ru.pool.ntp.org" "0.pool.ntp.org" ];

  # Useful tools
  boot.kernelModules = [ "af_packet" ];
--- a/common/remote-access.nix
+++ b/common/remote-access.nix
@ -4,14 +4,14 @@
  services.openssh = {
    enable = true;
    settings.PasswordAuthentication = false;
-    
+
    # Cute banner, r-right?
    banner = ''

-Authorized access only!
+      Authorized access only!

-If you are not authorized to access or use this system, disconnect now!
+      If you are not authorized to access or use this system, disconnect now!

    '';
  };
-}
+}
--- a/common/stateless.nix
+++ b/common/stateless.nix
@ -5,4 +5,4 @@
    "vm.panic_on_oom" = true;
    "kernel.panic" = 3;
  };
-}
+}
--- a/common/user.nix
+++ b/common/user.nix
@ -1,7 +1,6 @@
 { config, pkgs, ... }:

-let
-  my = import ../.;
+let my = import ../.;
 in rec {
  users.mutableUsers = false;

@ -33,15 +32,13 @@ in rec {
    hashedPassword = my.secrets.hashed-password;
  };

-
  users.users.root = {
    hashedPassword = null;
-    openssh.authorizedKeys.keys = users.users.ivabus.openssh.authorizedKeys.keys;
+    openssh.authorizedKeys.keys =
+      users.users.ivabus.openssh.authorizedKeys.keys;
  };

-  programs.zsh = {
-    enable = true;
-  };
+  programs.zsh = { enable = true; };

  programs.gnupg.agent.enable = true;
  programs.ssh.startAgent = true;
--- a/default.nix
+++ b/default.nix
@ -3,10 +3,5 @@ rec {
  roles = import ./roles;
  secrets = import ./secrets.nix;

-  modules = { pkgs, ... }: {
-    imports = [
-      common
-      roles
-    ];
-  };
+  modules = { pkgs, ... }: { imports = [ common roles ]; };
 }
--- a/flake.nix
+++ b/flake.nix
@ -11,57 +11,50 @@
    apple-silicon-support.url = "github:tpwrules/nixos-apple-silicon";
  };

+  outputs =
+    { self, nixpkgs, home-manager, apple-silicon-support, ... }@inputs: {
+      # Stella = Unchartevice 6540 (Ryzen 3 3250U, 16GB RAM)
+      nixosConfigurations."stella" = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [ home-manager.nixosModules.home-manager ./machines/stella ];
+      };

-  outputs = { self, nixpkgs, home-manager, apple-silicon-support, ... }@inputs: {
-    # Stella = Unchartevice 6540 (Ryzen 3 3250U, 16GB RAM)
-    nixosConfigurations."stella" = nixpkgs.lib.nixosSystem {
-      system = "x86_64-linux";
-      modules = [
-        home-manager.nixosModules.home-manager
-        ./machines/stella
-      ];
-    };
+      # Vetus = iMac 27" 2017, i5, 64 GB RAM
+      nixosConfigurations."vetus" = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [ home-manager.nixosModules.home-manager ./machines/vetus ];
+      };

-    # Vetus = iMac 27" 2017, i5, 64 GB RAM
-    nixosConfigurations."vetus" = nixpkgs.lib.nixosSystem {
-      system = "x86_64-linux";
-      modules = [
-        home-manager.nixosModules.home-manager
-        ./machines/vetus
-      ];
-    };
+      # Celerrime = MacBook Air M2
+      nixosConfigurations."celerrime" = nixpkgs.lib.nixosSystem {
+        system = "aarch64-linux";
+        modules = [
+          home-manager.nixosModules.home-manager
+          apple-silicon-support.nixosModules.apple-silicon-support
+          ./machines/celerrime
+        ];
+      };

-    # Celerrime = MacBook Air M2
-    nixosConfigurations."celerrime" = nixpkgs.lib.nixosSystem {
-      system = "aarch64-linux";
-      modules = [
-        home-manager.nixosModules.home-manager
-        apple-silicon-support.nixosModules.apple-silicon-support
-        ./machines/celerrime
-      ];
-    };
-
-    # Raspberry Pi 4B 2GB RAM
-    nixosConfigurations."rubusidaeus" = nixpkgs.lib.nixosSystem {
+      # Raspberry Pi 4B 2GB RAM
+      nixosConfigurations."rubusidaeus" = nixpkgs.lib.nixosSystem {
        system = "aarch64-linux";
        modules = [
          "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
          home-manager.nixosModules.home-manager
          ./machines/rubusidaeus
        ];
-    };
+      };

-    /* These machines will be configured later. */
-    /*
-    # Effundam = MacBook Air M1 (server usage). Will not be added to flake.nix until thunderbolt and apfs proper support
-    nixosConfigurations."effundam" = nixpkgs.lib.nixosSystem {
-      system = "aarch64-linux";
-      modules = [
-        home-manager.nixosModules.home-manager
-        apple-silicon-support.nixosModules.apple-silicon-support
-        ./machines/effundam
-      ];
+      # These machines will be configured later.
+      /* # Effundam = MacBook Air M1 (server usage). Will not be added to flake.nix until thunderbolt and apfs proper support
+         nixosConfigurations."effundam" = nixpkgs.lib.nixosSystem {
+           system = "aarch64-linux";
+           modules = [
+             home-manager.nixosModules.home-manager
+             apple-silicon-support.nixosModules.apple-silicon-support
+             ./machines/effundam
+           ];
+         };
+      */
    };
-    */
-  };
 }
--- a/hardware/rpi4.nix
+++ b/hardware/rpi4.nix
@ -1,10 +1,11 @@
-
 { config, pkgs, lib, ... }:

 let
  overlay = final: super: {
    makeModulesClosure = x:
-      super.makeModulesClosure (x // { allowMissing = true; }); # Ignores missing kernel modules (can't build image without this fix)
+      super.makeModulesClosure (x // {
+        allowMissing = true;
+      }); # Ignores missing kernel modules (can't build image without this fix)
  };
 in {

--- a/machines/celerrime/default.nix
+++ b/machines/celerrime/default.nix
@ -1,12 +1,8 @@
 { config, pkgs, ... }:

-let
-  my = import ../..;
+let my = import ../..;
 in {
-  imports = [
-    ./hardware.nix
-    my.modules
-  ];
+  imports = [ ./hardware.nix my.modules ];

  networking.hostName = "celerrime";

@ -28,9 +24,7 @@ in {
    virtualisation.enable = false;
    yggdrasil-client.enable = true;

-    server = {
-      ivabus-dev.enable = true;
-    };
+    server = { ivabus-dev.enable = true; };
  };

  networking.useDHCP = true;
@ -40,9 +34,8 @@ in {
  hardware.asahi.addEdgeKernelConfig = true;
  hardware.asahi.useExperimentalGPUDriver = true;

-  environment.systemPackages = with pkgs; [
-    (retroarch.override { cores = with libretro; [ np2kai ];})
-  ];
+  environment.systemPackages = with pkgs;
+    [ (retroarch.override { cores = with libretro; [ np2kai ]; }) ];

  system.stateVersion = "23.05";
 }
--- a/machines/celerrime/hardware.nix
+++ b/machines/celerrime/hardware.nix
@ -1,32 +1,30 @@
 { config, lib, pkgs, modulesPath, ... }:

 {
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

  boot.initrd.availableKernelModules = [ "usb_storage" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];

-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/aed0b311-8954-4164-afc3-9e7c6a2d8c2a";
-      fsType = "ext4";
-    };
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/aed0b311-8954-4164-afc3-9e7c6a2d8c2a";
+    fsType = "ext4";
+  };

-  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/8551d309-afe6-4a25-b571-b2cb1eff7c09";
+  boot.initrd.luks.devices."cryptroot".device =
+    "/dev/disk/by-uuid/8551d309-afe6-4a25-b571-b2cb1eff7c09";

-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/771E-1309";
-      fsType = "vfat";
-    };
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/771E-1309";
+    fsType = "vfat";
+  };

-  swapDevices =
-    [ {
-      device = "/dev/disk/by-partuuid/dace6477-697e-4bba-aede-eb0e9f7a28ff";
-      randomEncryption.enable = true;
-    } ];
+  swapDevices = [{
+    device = "/dev/disk/by-partuuid/dace6477-697e-4bba-aede-eb0e9f7a28ff";
+    randomEncryption.enable = true;
+  }];

  networking.useDHCP = lib.mkDefault true;

--- a/machines/example/default.nix
+++ b/machines/example/default.nix
@ -1,8 +1,6 @@
-
 { config, pkgs, lib, ... }:

-let
-  my = import ../..;
+let my = import ../..;
 in {
  imports = [
    ./hardware.nix # Use nixos-generate-config --show-hardware-config > /etc/nixos/machines/MACHINE/hardware.nix
--- a/machines/rubusidaeus/default.nix
+++ b/machines/rubusidaeus/default.nix
@ -1,13 +1,8 @@
-
 { config, pkgs, lib, ... }:

-let
-  my = import ../..;
+let my = import ../..;
 in {
-  imports = [
-    my.modules
-    ../../hardware/rpi4.nix
-  ];
+  imports = [ my.modules ../../hardware/rpi4.nix ];

  networking.hostName = "rubusidaeus";

--- a/machines/stella/default.nix
+++ b/machines/stella/default.nix
@ -1,13 +1,8 @@
-
 { config, pkgs, lib, ... }:

-let
-  my = import ../..;
+let my = import ../..;
 in {
-  imports = [
-    ./hardware.nix
-    my.modules
-  ];
+  imports = [ ./hardware.nix my.modules ];

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
@ -28,8 +23,8 @@ in {
    yggdrasil-client.enable = true;
  };

-  services.xserver.videoDrivers=["amdgpu"];
-  boot.initrd.kernelModules=["amdgpu"];
+  services.xserver.videoDrivers = [ "amdgpu" ];
+  boot.initrd.kernelModules = [ "amdgpu" ];

  powerManagement = {
    enable = true;
--- a/machines/stella/hardware.nix
+++ b/machines/stella/hardware.nix
@ -1,36 +1,36 @@
-
 { config, lib, pkgs, modulesPath, ... }:

 {
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
+  boot.initrd.availableKernelModules =
+    [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-amd" "nct6775" ];
  boot.extraModulePackages = [ ];

  environment.etc = {
-      "sysconfig/lm_sensors".text = ''
-        HWMON_MODULES="lm75"
-  	'';
+    "sysconfig/lm_sensors".text = ''
+            HWMON_MODULES="lm75"
+      	'';
  };

-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/e9d47776-8f25-490b-9ea3-ee80ab9d6110";
-      fsType = "btrfs";
-    };
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/e9d47776-8f25-490b-9ea3-ee80ab9d6110";
+    fsType = "btrfs";
+  };

-  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/c2e3757b-b29c-4797-9535-084eb71351e9";
+  boot.initrd.luks.devices."cryptroot".device =
+    "/dev/disk/by-uuid/c2e3757b-b29c-4797-9535-084eb71351e9";

-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/4F73-6FFF";
-      fsType = "vfat";
-    };
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/4F73-6FFF";
+    fsType = "vfat";
+  };

  swapDevices = [ ];

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  hardware.cpu.amd.updateMicrocode =
+    lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/machines/vetus/default.nix
+++ b/machines/vetus/default.nix
@ -1,13 +1,8 @@
-
 { config, pkgs, ... }:

-let
-  my = import ../..;
+let my = import ../..;
 in {
-  imports = [
-    ./hardware.nix
-    my.modules
-  ];
+  imports = [ ./hardware.nix my.modules ];

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
@ -28,9 +23,9 @@ in {

  networking.useDHCP = true;

-  services.xserver.videoDrivers=["amdgpu"];
-  boot.initrd.kernelModules=["amdgpu"];
-  
+  services.xserver.videoDrivers = [ "amdgpu" ];
+  boot.initrd.kernelModules = [ "amdgpu" ];
+
  system.stateVersion = "23.05";
 }

--- a/machines/vetus/hardware.nix
+++ b/machines/vetus/hardware.nix
@ -1,29 +1,31 @@
 { config, lib, pkgs, modulesPath, ... }:

 {
-  imports =
-    [ (modulesPath + "/hardware/network/broadcom-43xx.nix")
-      (modulesPath + "/installer/scan/not-detected.nix")
-    ];
+  imports = [
+    (modulesPath + "/hardware/network/broadcom-43xx.nix")
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];

-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
+  boot.initrd.availableKernelModules =
+    [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];

-  fileSystems."/" =
-    { device = "/dev/nvme0n1p2";
-      fsType = "btrfs";
-    };
+  fileSystems."/" = {
+    device = "/dev/nvme0n1p2";
+    fsType = "btrfs";
+  };

-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/B167-E1D3";
-      fsType = "vfat";
-    };
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/B167-E1D3";
+    fsType = "vfat";
+  };

  swapDevices = [ ];

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  hardware.cpu.intel.updateMicrocode =
+    lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/pkgs/ivabus-dev.nix
+++ b/pkgs/ivabus-dev.nix
@ -1,4 +1,4 @@
-{ pkgs ? import <nixpkgs> {}, bundlerEnv, ... }:
+{ pkgs ? import <nixpkgs> { }, bundlerEnv, ... }:
 let
  version = "130812885aee9f2e0a5f6a4b534a3b6b68431554";
  repo = builtins.fetchGit {
--- a/roles/default.nix
+++ b/roles/default.nix
@ -14,4 +14,4 @@
    ./server/nginx.nix
    ./server/ivabus-dev.nix
  ];
-}
+}
--- a/roles/design.nix
+++ b/roles/design.nix
@ -1,14 +1,10 @@
 { config, lib, pkgs, ... }:

-let
-    cfg = config.my.roles.design;
+let cfg = config.my.roles.design;
 in {
-  options.my.roles.design.enable = lib.mkEnableOption "Enable design-specific programs";
+  options.my.roles.design.enable =
+    lib.mkEnableOption "Enable design-specific programs";
  config = lib.mkIf (cfg.enable) {
-    environment.systemPackages = with pkgs; [
-      inkscape
-      gimp
-      imagemagick
-    ];
+    environment.systemPackages = with pkgs; [ inkscape gimp imagemagick ];
  };
 }
--- a/roles/devel.nix
+++ b/roles/devel.nix
@ -1,10 +1,11 @@
 { config, pkgs, lib, ... }:

-let
-  cfg = config.my.roles.devel;
+let cfg = config.my.roles.devel;
 in {
-  options.my.roles.devel.enable = lib.mkEnableOption "Enable tools for development programs";
-  config = lib.mkIf (cfg.enable) ( lib.mkMerge [{
+  options.my.roles.devel.enable =
+    lib.mkEnableOption "Enable tools for development programs";
+  config = lib.mkIf (cfg.enable) (lib.mkMerge [
+    {
      nixpkgs.config.allowUnfree = true;
      environment.systemPackages = with pkgs; [
        rustc
@ -25,21 +26,27 @@ in {
      ];
    }
    # Architecture-specific packages and configuration
-    (lib.mkIf (!pkgs.stdenv.isAarch64) {boot.binfmt.emulatedSystems = [ "aarch64-linux" ];})
-    (lib.mkIf (!pkgs.stdenv.isAarch32) {boot.binfmt.emulatedSystems = [ "armv6l-linux" ];})
-    (lib.mkIf (!pkgs.stdenv.isx86_64) {boot.binfmt.emulatedSystems = [ "x86_64-linux" "i686-linux" ];})
+    (lib.mkIf (!pkgs.stdenv.isAarch64) {
+      boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+    })
+    (lib.mkIf (!pkgs.stdenv.isAarch32) {
+      boot.binfmt.emulatedSystems = [ "armv6l-linux" ];
+    })
+    (lib.mkIf (!pkgs.stdenv.isx86_64) {
+      boot.binfmt.emulatedSystems = [ "x86_64-linux" "i686-linux" ];
+    })
    # Remove CLion from builds while I'm semi-online
    # Install CLion only if we are on x86_64
-    /*(lib.mkIf (pkgs.stdenv.isx86_64) {
-      environment.systemPackages = with pkgs; [
-        jetbrains.clion
-      ];
-    })*/
+    /* (lib.mkIf (pkgs.stdenv.isx86_64) {
+         environment.systemPackages = with pkgs; [
+           jetbrains.clion
+         ];
+       })
+    */
    # Install vscode only if we are on x86_64 or aarch64 or aarch32
-    (lib.mkIf (pkgs.stdenv.isx86_64 || pkgs.stdenv.isAarch64 || pkgs.stdenv.isAarch32) {
-      environment.systemPackages = with pkgs; [
-        vscode
-      ];
-    })
+    (lib.mkIf
+      (pkgs.stdenv.isx86_64 || pkgs.stdenv.isAarch64 || pkgs.stdenv.isAarch32) {
+        environment.systemPackages = with pkgs; [ vscode ];
+      })
  ]);
 }
--- a/roles/gaming.nix
+++ b/roles/gaming.nix
@ -1,28 +1,29 @@
 { config, pkgs, lib, ... }:

-let
-  cfg = config.my.roles.gaming;
+let cfg = config.my.roles.gaming;
 in {
  options.my.roles.gaming.enable = lib.mkEnableOption "Enable wine & steam";
-  config = lib.mkIf (cfg.enable) ( lib.mkMerge [{
-    nixpkgs.config.allowUnfree = true;
-    hardware.opengl.driSupport32Bit = true;
-    services.pipewire.alsa.support32Bit = true;
-    environment.systemPackages = with pkgs; [
-      wineWowPackages.stable
-      wine
-      (wine.override { wineBuild = "wine64"; })
-      wineWowPackages.staging
-      winetricks
-      wineWowPackages.waylandFull
-      (retroarch.override { cores = with libretro; [ np2kai ];})
-    ];
-  }
-  # Enable steam only on x86_64 (since I have hosts with ARM, but I don't think I will enable my.roles.gaming on ARM system soon)
-  (lib.mkIf(pkgs.stdenv.isx86_64) {
-    programs.steam.enable = true; # Firewall ports used by Steam in-home streaming.
-    networking.firewall.allowedTCPPorts = [ 27036 27037 ];
-    networking.firewall.allowedUDPPorts = [ 27031 27036 ];
+  config = lib.mkIf (cfg.enable) (lib.mkMerge [
+    {
+      nixpkgs.config.allowUnfree = true;
+      hardware.opengl.driSupport32Bit = true;
+      services.pipewire.alsa.support32Bit = true;
+      environment.systemPackages = with pkgs; [
+        wineWowPackages.stable
+        wine
+        (wine.override { wineBuild = "wine64"; })
+        wineWowPackages.staging
+        winetricks
+        wineWowPackages.waylandFull
+        (retroarch.override { cores = with libretro; [ np2kai ]; })
+      ];
+    }
+    # Enable steam only on x86_64 (since I have hosts with ARM, but I don't think I will enable my.roles.gaming on ARM system soon)
+    (lib.mkIf (pkgs.stdenv.isx86_64) {
+      programs.steam.enable =
+        true; # Firewall ports used by Steam in-home streaming.
+      networking.firewall.allowedTCPPorts = [ 27036 27037 ];
+      networking.firewall.allowedUDPPorts = [ 27031 27036 ];
    })
  ]);
 }
--- a/roles/graphical.nix
+++ b/roles/graphical.nix
@ -1,7 +1,6 @@
 { config, pkgs, lib, ... }:

-let
-  cfg = config.my.roles.graphical;
+let cfg = config.my.roles.graphical;
 in {
  options.my.roles.graphical.enable = lib.mkEnableOption "Enable GUI";
  config = lib.mkIf (cfg.enable) {
@ -85,7 +84,8 @@ in {
      roboto-mono
      kochi-substitute
    ];
-    environment.sessionVariables.NIXOS_OZONE_WL = "1"; # Enable wayland for electron
+    environment.sessionVariables.NIXOS_OZONE_WL =
+      "1"; # Enable wayland for electron
    home-manager.users.ivabus = {
      gtk = {
        enable = true;
--- a/roles/latex.nix
+++ b/roles/latex.nix
@ -1,14 +1,14 @@
 { config, pkgs, lib, ... }:

-let
-  cfg = config.my.roles.latex;
+let cfg = config.my.roles.latex;
 in {
  options.my.roles.latex.enable = lib.mkEnableOption "Enable latex stuff";
-  config = lib.mkIf (cfg.enable){
-    environment.systemPackages = with pkgs; [
-      # Maybe I don't need to use -full variant of texlive
-      # TODO: I should find distribution I actually need
-      texlive.combined.scheme-full
-    ];
+  config = lib.mkIf (cfg.enable) {
+    environment.systemPackages = with pkgs;
+      [
+        # Maybe I don't need to use -full variant of texlive
+        # TODO: I should find distribution I actually need
+        texlive.combined.scheme-full
+      ];
  };
-}
+}
--- a/roles/media-client.nix
+++ b/roles/media-client.nix
@ -1,13 +1,10 @@
 { config, pkgs, lib, ... }:

-let
-  cfg = config.my.roles.media-client;
+let cfg = config.my.roles.media-client;
 in {
-  options.my.roles.media-client.enable = lib.mkEnableOption "Enable media players, downloaders, etc.";
-  config = lib.mkIf (cfg.enable){
-    environment.systemPackages = with pkgs; [
-      vlc
-      yt-dlp ffmpeg
-    ];
+  options.my.roles.media-client.enable =
+    lib.mkEnableOption "Enable media players, downloaders, etc.";
+  config = lib.mkIf (cfg.enable) {
+    environment.systemPackages = with pkgs; [ vlc yt-dlp ffmpeg ];
  };
-}
+}
--- a/roles/ntp-server.nix
+++ b/roles/ntp-server.nix
@ -1,13 +1,12 @@
 { config, pkgs, lib, ... }:

-let
-  cfg = config.my.roles.ntp-server;
+let cfg = config.my.roles.ntp-server;
 in {
  options.my.roles.ntp-server.enable = lib.mkEnableOption "Enable NTP server";
  config = lib.mkIf (cfg.enable) {
-	services.chrony.extraConfig = ''
-allow 192.168.0.0/16
-	'';
+    services.chrony.extraConfig = ''
+      allow 192.168.0.0/16
+      	'';
    networking.firewall.allowedUDPPorts = [ 123 ];
  };
 }
--- a/roles/server/ivabus-dev.nix
+++ b/roles/server/ivabus-dev.nix
@ -1,15 +1,14 @@
 { config, lib, pkgs, ... }:
-let
-  cfg = config.my.roles.server.ivabus-dev;
-in
-{
-	options.my.roles.server.ivabus-dev.enable = lib.mkEnableOption "Serve ivabus.dev";
+let cfg = config.my.roles.server.ivabus-dev;
+in {
+  options.my.roles.server.ivabus-dev.enable =
+    lib.mkEnableOption "Serve ivabus.dev";
  config = lib.mkIf (cfg.enable) {
    my.roles.server.nginx.enable = true;
    services.nginx = {
      virtualHosts."ivabus.dev" = {
        # i don't want to call package like this
-        root = pkgs.callPackage ../../pkgs/ivabus-dev.nix {};
+        root = pkgs.callPackage ../../pkgs/ivabus-dev.nix { };

        extraConfig = ''
          error_page 404 /404.html;
--- a/roles/server/nginx.nix
+++ b/roles/server/nginx.nix
@ -1,10 +1,9 @@
 { config, lib, pkgs, ... }:
-let
-  cfg = config.my.roles.server.nginx;
-in
-{
+let cfg = config.my.roles.server.nginx;
+in {
  # Don't call from machine setup, services will enable it automatically
-	options.my.roles.server.nginx.enable = lib.mkEnableOption "Initial nginx setup";
+  options.my.roles.server.nginx.enable =
+    lib.mkEnableOption "Initial nginx setup";
  config = lib.mkIf (cfg.enable) {
    services.nginx = {
      enable = true;
@ -14,4 +13,4 @@ in
      recommendedTlsSettings = true;
    };
  };
-}
+}
--- a/roles/torrent.nix
+++ b/roles/torrent.nix
@ -1,13 +1,12 @@
 { config, pkgs, lib, ... }:

-let
-  cfg = config.my.roles.torrent;
+let cfg = config.my.roles.torrent;
 in {
-  options.my.roles.torrent.enable = lib.mkEnableOption "Enable torrent support.";
+  options.my.roles.torrent.enable =
+    lib.mkEnableOption "Enable torrent support.";
  # TODO: do something about systems without GUI (i don't use any at the moment)
  config = lib.mkIf (cfg.enable) {
-    environment.systemPackages = with pkgs; [
-      (transmission.override {enableGTK3 = true;})
-    ];
+    environment.systemPackages = with pkgs;
+      [ (transmission.override { enableGTK3 = true; }) ];
  };
-}
+}
--- a/roles/virtualisation.nix
+++ b/roles/virtualisation.nix
@ -1,15 +1,12 @@
 { pkgs, config, lib, ... }:

-let
-  cfg = config.my.roles.virtualisation;
+let cfg = config.my.roles.virtualisation;
 in {
-  options.my.roles.virtualisation.enable = lib.mkEnableOption "Enable tools for virtualisation";
+  options.my.roles.virtualisation.enable =
+    lib.mkEnableOption "Enable tools for virtualisation";
  config = lib.mkIf (cfg.enable) {
    # TODO: Think if I ever need virtualisation
    virtualisation.libvirtd.enable = true;
-    environment.systemPackages = with pkgs; [
-      qemu_full
-      qemu-utils
-    ];
+    environment.systemPackages = with pkgs; [ qemu_full qemu-utils ];
  };
-}
+}
--- a/roles/yggdrasil-client.nix
+++ b/roles/yggdrasil-client.nix
@ -1,9 +1,9 @@
 { config, lib, ... }:

-let
-  cfg = config.my.roles.yggdrasil-client;
+let cfg = config.my.roles.yggdrasil-client;
 in {
-  options.my.roles.yggdrasil-client.enable = lib.mkEnableOption "Enable yggdrasil";
+  options.my.roles.yggdrasil-client.enable =
+    lib.mkEnableOption "Enable yggdrasil";
  config = lib.mkIf (cfg.enable) {
    services.yggdrasil = {
      enable = true;
@ -16,4 +16,4 @@ in {
      };
    };
  };
-}
+}
--- a/secrets.nix
+++ b/secrets.nix
@ -1,9 +1,9 @@
-
 let
  canaryHash = builtins.hashFile "sha256" ./secrets/canary;
-  expectedHash = "bc6f38a927602241c5e0996b61ebd3a90d5356ca76dc968ec14df3cd45c6612c";
-in
-  if canaryHash != expectedHash then abort "Secrets are not readable. Have you run `git-crypt unlock`?"
-  else {
-    hashed-password = builtins.readFile ./secrets/hashed-password;
-  }
+  expectedHash =
+    "bc6f38a927602241c5e0996b61ebd3a90d5356ca76dc968ec14df3cd45c6612c";
+in if canaryHash != expectedHash then
+  abort "Secrets are not readable. Have you run `git-crypt unlock`?"
+else {
+  hashed-password = builtins.readFile ./secrets/hashed-password;
+}
--- a/shells/crossShell.nix
+++ b/shells/crossShell.nix
@ -1,18 +1,9 @@
 { crossSystem ? "aarch64-unknown-linux-musl" }:

-let pkgs = import <nixpkgs> {
-  crossSystem = {
-    config = crossSystem;
-  };
-};
-in
-  pkgs.pkgsStatic.callPackage (
-    {mkShell, pkg-config, zlib, file}:
-    mkShell {
-      nativeBuildInputs = [ pkg-config file ];
-      buildInputs = [ zlib ];
-      env = {
-        CROSS_COMPILE = crossSystem;
-      };
-    }
-  ) {}
+let pkgs = import <nixpkgs> { crossSystem = { config = crossSystem; }; };
+in pkgs.pkgsStatic.callPackage ({ mkShell, pkg-config, zlib, file }:
+  mkShell {
+    nativeBuildInputs = [ pkg-config file ];
+    buildInputs = [ zlib ];
+    env = { CROSS_COMPILE = crossSystem; };
+  }) { }