assertions

2026-03-19 16:17:20 -05:00
parent dd04320fe7
commit d229cdbf6a
43 changed files with 1190 additions and 997 deletions
--- a/homes/aarch64-linux/matt@macbook-pro-nixos/default.nix
+++ b/homes/aarch64-linux/matt@macbook-pro-nixos/default.nix
@@ -153,12 +153,18 @@ in
  dconf = {
    enable = true;
    settings = {
-      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".name =  "Keyboard Backlight +";
+      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".name =
-      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".binding = "<Super>MonBrightnessUp";
+        "Keyboard Backlight +";
-      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".command = "brightnessctl -d kbd_backlight s +10";
+      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".binding =
-      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".name =  "Keyboard Backlight -";
+        "<Super>MonBrightnessUp";
-      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".binding = "<Super>MonBrightnessDown";
+      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".command =
-      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".command = "brightnessctl -d kbd_backlight s 10-";
+        "brightnessctl -d kbd_backlight s +10";
      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".name =
        "Keyboard Backlight -";
      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".binding =
        "<Super>MonBrightnessDown";
      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".command =
        "brightnessctl -d kbd_backlight s 10-";
      "org/gnome/shell".enabled-extensions = [
        "notch-clock-offset@christophbrill.de"
--- a/homes/aarch64-linux/root@macbook-pro-nixos/default.nix
+++ b/homes/aarch64-linux/root@macbook-pro-nixos/default.nix
@@ -1,6 +0,0 @@
 { lib, ... }:
 {
  home.username = "root";
  services.nextcloud-client.enable = lib.mkForce false;
  services.kdeconnect.enable = false;
 }
--- a/homes/aarch64-linux/root@pi5/default.nix
+++ b/homes/aarch64-linux/root@pi5/default.nix
@@ -1,6 +0,0 @@
 { lib, ... }:
 {
  home.username = "root";
  services.nextcloud-client.enable = lib.mkForce false;
  services.kdeconnect.enable = false;
 }
--- a/homes/x86_64-linux/matt@allyx/default.nix
+++ b/homes/x86_64-linux/matt@allyx/default.nix
@@ -38,7 +38,10 @@ in
        steamDirectory = "/home/matt/.local/share/Steam";
      };
-      enabledProviders = [ "sgdb" "steamCDN" ];
+      enabledProviders = [
        "sgdb"
        "steamCDN"
      ];
      imageProviderSettings.sgdb = {
        nsfw = false;
        humor = false;
--- a/homes/x86_64-linux/nixos@iso-minimal/default.nix
+++ b/homes/x86_64-linux/nixos@iso-minimal/default.nix
@@ -1,6 +0,0 @@
 { lib, ... }:
 {
  home.username = "nixos";
  services.nextcloud-client.enable = lib.mkForce false;
  services.kdeconnect.enable = false;
 }
--- a/homes/x86_64-linux/root@allyx/default.nix
+++ b/homes/x86_64-linux/root@allyx/default.nix
@@ -1,6 +0,0 @@
 { lib, ... }:
 {
  home.username = "root";
  services.nextcloud-client.enable = lib.mkForce false;
  services.kdeconnect.enable = false;
 }
--- a/homes/x86_64-linux/root@iso-minimal/default.nix
+++ b/homes/x86_64-linux/root@iso-minimal/default.nix
@@ -1,6 +0,0 @@
 { lib, ... }:
 {
  home.username = "root";
  services.nextcloud-client.enable = lib.mkForce false;
  services.kdeconnect.enable = false;
 }
--- a/homes/x86_64-linux/root@jallen-nas/default.nix
+++ b/homes/x86_64-linux/root@jallen-nas/default.nix
@@ -1,6 +0,0 @@
 { lib, ... }:
 {
  home.username = "root";
  services.nextcloud-client.enable = lib.mkForce false;
  services.kdeconnect.enable = false;
 }
--- a/homes/x86_64-linux/root@matt-nixos/default.nix
+++ b/homes/x86_64-linux/root@matt-nixos/default.nix
@@ -1,6 +0,0 @@
 { lib, ... }:
 {
  home.username = "root";
  services.nextcloud-client.enable = lib.mkForce false;
  services.kdeconnect.enable = false;
 }
--- a/homes/x86_64-linux/root@nuc-nixos/default.nix
+++ b/homes/x86_64-linux/root@nuc-nixos/default.nix
@@ -1,6 +0,0 @@
 { lib, ... }:
 {
  home.username = "root";
  services.nextcloud-client.enable = lib.mkForce false;
  services.kdeconnect.enable = false;
 }
--- a/modules/darwin/nix/default.nix
+++ b/modules/darwin/nix/default.nix
@@ -1,7 +1,5 @@
 {
  config,
  lib,
  namespace,
  ...
 }:
 {
--- a/modules/home/home/default.nix
+++ b/modules/home/home/default.nix
@@ -10,13 +10,26 @@
 let
  inherit (lib.${namespace}) enabled;
  isArm = ("aarch64-linux" == system) || ("aarch64-darwin" == system);
  # Non-login / system accounts (root, nixos installer, etc.) should not get
  # desktop packages, tmux, nh, kdeconnect, nextcloud-client, etc.
  # Detect them by username so individual host home files are not needed.
  isSystemUser = lib.elem config.home.username [
    "root"
    "nixos"
  ];
 in
 {
  home = {
    enableNixpkgsReleaseCheck = lib.mkDefault false;
-    homeDirectory = lib.mkDefault "/home/${config.home.username}";
+    homeDirectory = lib.mkDefault (
      if config.home.username == "root" then "/root" else "/home/${config.home.username}"
    );
    packages =
      with pkgs;
      (
        if isSystemUser then
          [ ]
        else
          [
            age
            clinfo
@@ -41,7 +54,7 @@ in
            wget
          ]
          ++ (
-        if hasDestopEnvironment then
+            if (hasDestopEnvironment) then
              [
                boxbuddy
                stable.chromium
@@ -64,6 +77,7 @@ in
              )
            else
              [ ]
          )
      );
    stateVersion = lib.mkDefault "23.11";
@@ -74,21 +88,19 @@ in
    # standalone homes don't load the nix-index-database HM module).
    # Set it per-host in homes that explicitly load the module.
    btop = {
-      enable = lib.mkDefault true;
+      enable = lib.mkDefault (!isSystemUser);
      package = pkgs.btop;
    };
-    fastfetch = lib.mkDefault enabled;
+    fastfetch.enable = lib.mkDefault (!isSystemUser);
    home-manager = lib.mkDefault enabled;
-    java = {
+    java.enable = lib.mkDefault (!isSystemUser);
-      enable = lib.mkDefault true;
+    mangohud.enable = lib.mkDefault (hasDestopEnvironment && !isSystemUser);
-    };
+    password-store.enable = lib.mkDefault (!isSystemUser);
    mangohud.enable = lib.mkDefault hasDestopEnvironment;
    password-store = enabled;
    nh = {
-      enable = true;
+      enable = lib.mkDefault (!isSystemUser);
      flake = "/etc/nixos";
      clean = {
-        enable = true;
+        enable = lib.mkDefault (!isSystemUser);
        extraArgs = "--keep 5";
      };
    };
@@ -105,7 +117,7 @@ in
    };
    tmux = {
-      enable = lib.mkDefault true;
+      enable = lib.mkDefault (!isSystemUser);
      terminal = "screen-256color";
      sensibleOnTop = true;
      focusEvents = true;
@@ -127,7 +139,7 @@ in
        tmuxPlugins.better-mouse-mode
      ];
      extraConfig = ''
-        set -g status-right '#[fg=black,bg=color15] #{cpu_percentage}  %H:%M '
+        set -g status-right '#[fg=black,bg=color15] #{cpu_percentage}  %H:%M '
        run-shell ${pkgs.tmuxPlugins.cpu}/share/tmux-plugins/cpu/cpu.tmux
        set -g default-terminal "xterm-256color"
        set -ga terminal-overrides ",*256col*:Tc"
@@ -145,11 +157,13 @@ in
  };
  services = {
-    nextcloud-client.enable = false; # lib.mkDefault hasDestopEnvironment;
+    # nextcloud-client is disabled by default for all users; systems that
-    pass-secret-service = lib.mkDefault enabled;
+    # want it enabled must opt in explicitly in their home configuration.
    nextcloud-client.enable = lib.mkDefault false;
    pass-secret-service.enable = lib.mkDefault (!isSystemUser);
    kdeconnect = {
-      enable = lib.mkDefault hasDestopEnvironment;
+      enable = lib.mkDefault (hasDestopEnvironment && !isSystemUser);
-      indicator = lib.mkDefault hasDestopEnvironment;
+      indicator = lib.mkDefault (hasDestopEnvironment && !isSystemUser);
      package = pkgs.kdePackages.kdeconnect-kde;
    };
  };
--- a/modules/home/programs/code/default.nix
+++ b/modules/home/programs/code/default.nix
@@ -8,12 +8,10 @@
 }:
 let
  isArm = ("aarch64-linux" == system) || ("aarch64-darwin" == system);
  isDarwin = ("aarch64-darwin" == system);
  x86_only = with pkgs; [
    vscode-extensions.redhat.vscode-xml
  ];
  open-remote-ssh = pkgs.${namespace}.open-remote-ssh;
 in
 {
  home.packages = with pkgs; [
--- a/modules/home/programs/hyprland/options.nix
+++ b/modules/home/programs/hyprland/options.nix
@@ -1,6 +1,5 @@
 {
  lib,
  pkgs,
  namespace,
  ...
 }:
--- a/modules/home/programs/wlogout/default.nix
+++ b/modules/home/programs/wlogout/default.nix
@@ -14,12 +14,42 @@
        programs.wlogout = {
          enable = false;
          layout = {
-            lock     = { label = "lock";      action = "hyprlock --immediate";           text = "Lock";      keybind = "l"; };
+            lock = {
-            hibernate = { label = "hibernate"; action = "systemctl hibernate";            text = "Hibernate"; keybind = "h"; };
+              label = "lock";
-            logout   = { label = "logout";    action = "sleep 1; hyprctl dispatch exit"; text = "Logout";    keybind = "e"; };
+              action = "hyprlock --immediate";
-            shutdown = { label = "shutdown";   action = "systemctl poweroff";             text = "Shutdown";  keybind = "s"; };
+              text = "Lock";
-            suspend  = { label = "suspend";    action = "systemctl suspend";              text = "Suspend";   keybind = "u"; };
+              keybind = "l";
-            reboot   = { label = "reboot";     action = "reboot";                         text = "Reboot";    keybind = "r"; };
+            };
            hibernate = {
              label = "hibernate";
              action = "systemctl hibernate";
              text = "Hibernate";
              keybind = "h";
            };
            logout = {
              label = "logout";
              action = "sleep 1; hyprctl dispatch exit";
              text = "Logout";
              keybind = "e";
            };
            shutdown = {
              label = "shutdown";
              action = "systemctl poweroff";
              text = "Shutdown";
              keybind = "s";
            };
            suspend = {
              label = "suspend";
              action = "systemctl suspend";
              text = "Suspend";
              keybind = "u";
            };
            reboot = {
              label = "reboot";
              action = "reboot";
              text = "Reboot";
              keybind = "r";
            };
          };
          style = ''
            * {
--- a/modules/nixos/boot/common/default.nix
+++ b/modules/nixos/boot/common/default.nix
@@ -22,6 +22,17 @@ in
  };
  config = mkIf cfg.enable {
    assertions = [
      {
        assertion = !cfg.yubikeyEncryption || config.${namespace}.hardware.disko.enableLuks;
        message = "mjallen.boot.common.yubikeyEncryption requires mjallen.hardware.disko.enableLuks = true.";
      }
      {
        assertion = !cfg.yubikeyEncryption || config.${namespace}.hardware.disko.enable;
        message = "mjallen.boot.common.yubikeyEncryption requires mjallen.hardware.disko.enable = true (disko-managed disk layout).";
      }
    ];
    boot = {
      kernelModules = [ "kvm" ];
@@ -78,7 +89,7 @@ in
                };
                slot = 2;
                twoFactor = false;
-                gracePeriod = yubikeyGracePeriod;
+                gracePeriod = cfg.yubikeyGracePeriod;
              };
            };
          };
--- a/modules/nixos/boot/lanzaboote/default.nix
+++ b/modules/nixos/boot/lanzaboote/default.nix
@@ -17,6 +17,13 @@ in
  };
  config = mkIf cfg.enable {
    assertions = [
      {
        assertion = cfg.configLimit > 0;
        message = "mjallen.bootloader.lanzaboote.configLimit must be a positive integer (got ${toString cfg.configLimit}).";
      }
    ];
    boot = {
      loader = {
        efi = {
--- a/modules/nixos/disko/default.nix
+++ b/modules/nixos/disko/default.nix
@@ -104,6 +104,21 @@ in
 {
  imports = [ ./options.nix ];
  config = lib.mkIf cfg.enable {
    assertions = [
      {
        assertion = cfg.rootDisk != "";
        message = "mjallen.hardware.disko.rootDisk must be set to a non-empty device path (e.g. \"/dev/nvme0n1\").";
      }
      {
        assertion = !(cfg.enableSwap && cfg.swapSize == "");
        message = "mjallen.hardware.disko.swapSize must be a non-empty size string when enableSwap is true (e.g. \"16G\").";
      }
      {
        assertion = cfg.compression != "";
        message = "mjallen.hardware.disko.compression must be a non-empty compression type (e.g. \"zstd\").";
      }
    ];
    disko.devices = lib.mkMerge [
      {
        nodev."/" = {
--- a/modules/nixos/gaming/default.nix
+++ b/modules/nixos/gaming/default.nix
@@ -7,11 +7,21 @@
 }:
 let
  cfg = config.${namespace}.gaming;
  hasDesktop =
    config.${namespace}.desktop.gnome.enable
    || config.${namespace}.desktop.hyprland.enable
    || config.${namespace}.desktop.cosmic.enable;
 in
 {
  imports = [ ./options.nix ];
  config = lib.mkIf cfg.enable {
    assertions = [
      {
        assertion = hasDesktop;
        message = "mjallen.gaming.enable requires a desktop environment (gnome, hyprland, or cosmic) to be enabled.";
      }
    ];
    # Network option required using sysctl to let Ubisoft Connect work as of 7-12-2023
    # Use mkDefault so jovian-nixos steam module (which sets this to `true`) wins.
    boot.kernel.sysctl."net.ipv4.tcp_mtu_probing" = lib.mkDefault 1;
--- a/modules/nixos/hardware/amd/default.nix
+++ b/modules/nixos/hardware/amd/default.nix
@@ -22,6 +22,17 @@ in
  };
  config = lib.mkIf cfg.enable {
    assertions = [
      {
        assertion = !(cfg.lact.enable && cfg.corectrl.enable);
        message = "mjallen.hardware.amd: lact and corectrl cannot both be enabled — they both manage AMD GPU power profiles and will conflict.";
      }
      {
        assertion = !cfg.corectrl.enablePolkit || cfg.corectrl.polkitGroup != "";
        message = "mjallen.hardware.amd.corectrl.polkitGroup must be a non-empty group name when enablePolkit is true.";
      }
    ];
    boot = {
      kernelModules = [
        "nct6775"
--- a/modules/nixos/hardware/battery/default.nix
+++ b/modules/nixos/hardware/battery/default.nix
@@ -21,6 +21,17 @@ in
  };
  config = mkIf cfg.enable {
    assertions = [
      {
        assertion = cfg.battery != "";
        message = "mjallen.hardware.battery.battery must be set to the sysfs path of the battery charge limit file (e.g. \"/sys/class/power_supply/BAT0/charge_control_end_threshold\").";
      }
      {
        assertion = cfg.chargeLimit > 0 && cfg.chargeLimit <= 100;
        message = "mjallen.hardware.battery.chargeLimit must be between 1 and 100 (got ${toString cfg.chargeLimit}).";
      }
    ];
    systemd = {
      services = {
        set-charge-limit = {
--- a/modules/nixos/hardware/raspberry-pi/default.nix
+++ b/modules/nixos/hardware/raspberry-pi/default.nix
@@ -260,6 +260,20 @@ in
  ];
  config = lib.mkIf cfg.enable {
    assertions = [
      {
        assertion = cfg.bootType != "uboot" || cfg.firmwarePackage != null;
        message = "mjallen.hardware.raspberry-pi.firmwarePackage must be set when bootType is \"uboot\".";
      }
      {
        assertion = cfg.bootType != "kernel" || cfg.firmwarePackage != null;
        message = "mjallen.hardware.raspberry-pi.firmwarePackage must be set when bootType is \"kernel\".";
      }
      {
        assertion = cfg.nixosGenerationsDir != "";
        message = "mjallen.hardware.raspberry-pi.nixosGenerationsDir must be a non-empty path.";
      }
    ];
    boot = {
      initrd.availableKernelModules = [
--- a/modules/nixos/headless/default.nix
+++ b/modules/nixos/headless/default.nix
@@ -15,6 +15,16 @@ in
  };
  config = mkIf cfg.enable {
    assertions = [
      {
        assertion =
          !config.${namespace}.desktop.gnome.enable
          && !config.${namespace}.desktop.hyprland.enable
          && !config.${namespace}.desktop.cosmic.enable;
        message = "mjallen.headless.enable = true is incompatible with having a desktop environment enabled (gnome, hyprland, or cosmic).";
      }
    ];
    boot.initrd.systemd.suppressedUnits = lib.mkIf config.systemd.enableEmergencyMode [
      "emergency.service"
      "emergency.target"
--- a/modules/nixos/home/default.nix
+++ b/modules/nixos/home/default.nix
@@ -36,6 +36,30 @@ in
  };
  config = {
    assertions =
      let
        desktopCount = lib.count lib.id [
          config.${namespace}.desktop.gnome.enable
          config.${namespace}.desktop.hyprland.enable
          config.${namespace}.desktop.cosmic.enable
        ];
      in
      [
        {
          assertion = desktopCount <= 1;
          message = ''
            At most one desktop environment may be enabled simultaneously.
            Currently enabled: ${
              lib.concatStringsSep ", " (
                lib.optional config.${namespace}.desktop.gnome.enable "gnome"
                ++ lib.optional config.${namespace}.desktop.hyprland.enable "hyprland"
                ++ lib.optional config.${namespace}.desktop.cosmic.enable "cosmic"
              )
            }.
          '';
        }
      ];
    # ${namespace}.home.extraOptions = {
    #   home.file = lib.mkAliasDefinitions options.${namespace}.home.file;
    #   home.stateVersion = lib.mkOptionDefault config.system.stateVersion;
--- a/modules/nixos/impermanence/default.nix
+++ b/modules/nixos/impermanence/default.nix
@@ -50,6 +50,17 @@ in
  };
  config = mkIf cfg.enable {
    assertions = [
      {
        assertion = lib.hasPrefix "/" cfg.persistencePath;
        message = "mjallen.impermanence.persistencePath must be an absolute path (got \"${cfg.persistencePath}\").";
      }
      {
        assertion = cfg.persistencePath != "/";
        message = "mjallen.impermanence.persistencePath must not be the filesystem root \"/\".";
      }
    ];
    environment.persistence."/nix/persist/system" = {
      hideMounts = true;
      directories = [
--- a/modules/nixos/network/default.nix
+++ b/modules/nixos/network/default.nix
@@ -57,6 +57,33 @@ in
  ];
  config = {
    assertions = [
      {
        assertion = cfg.hostName != "";
        message = "mjallen.network.hostName must be set to a non-empty string.";
      }
      {
        assertion = cfg.ipv4.method == "auto" || cfg.ipv4.method == "manual";
        message = "mjallen.network.ipv4.method must be either \"auto\" or \"manual\" (got \"${cfg.ipv4.method}\").";
      }
      {
        assertion = cfg.ipv4.method != "manual" || cfg.ipv4.interface != "";
        message = "mjallen.network.ipv4.interface must be set when ipv4.method is \"manual\".";
      }
      {
        assertion = cfg.ipv4.method != "manual" || cfg.ipv4.address != "";
        message = "mjallen.network.ipv4.address must be set when ipv4.method is \"manual\".";
      }
      {
        assertion = cfg.ipv4.method != "manual" || cfg.ipv4.gateway != "";
        message = "mjallen.network.ipv4.gateway must be set when ipv4.method is \"manual\".";
      }
      {
        assertion = cfg.nat.enable -> cfg.nat.externalInterface != "";
        message = "mjallen.network.nat.externalInterface must be set when NAT is enabled.";
      }
    ];
    systemd = {
      services = {
        NetworkManager-wait-online.enable = false;
--- a/modules/nixos/nix/default.nix
+++ b/modules/nixos/nix/default.nix
@@ -1,7 +1,6 @@
 {
  config,
  lib,
  inputs,
  namespace,
  ...
 }:
--- a/modules/nixos/power/default.nix
+++ b/modules/nixos/power/default.nix
@@ -20,6 +20,21 @@ in
  };
  config = mkIf cfg.enable {
    assertions = [
      {
        assertion = cfg.upsName != "";
        message = "mjallen.power.ups.upsName must be a non-empty string.";
      }
      {
        assertion = cfg.upsUser != "";
        message = "mjallen.power.ups.upsUser must be a non-empty string.";
      }
      {
        assertion = builtins.hasAttr "jallen-nas/ups_password" config.sops.secrets;
        message = "mjallen.power.ups requires a sops secret \"jallen-nas/ups_password\" to be declared.";
      }
    ];
    power.ups = {
      enable = true;
      openFirewall = true;
--- a/modules/nixos/services/netbootxyz/default.nix
+++ b/modules/nixos/services/netbootxyz/default.nix
@@ -25,8 +25,14 @@ in
      ];
      extraConfig = {
        networking.firewall = lib.mkIf cfg.openFirewall {
-          allowedTCPPorts = [ cfg.assetPort cfg.tftpPort ];
+          allowedTCPPorts = [
-          allowedUDPPorts = [ cfg.assetPort cfg.tftpPort ];
+            cfg.assetPort
            cfg.tftpPort
          ];
          allowedUDPPorts = [
            cfg.assetPort
            cfg.tftpPort
          ];
        };
        virtualisation.oci-containers.containers.netbootxyz.ports = lib.mkForce [
          "${toString cfg.port}:3000"
--- a/modules/nixos/sops/default.nix
+++ b/modules/nixos/sops/default.nix
@@ -14,6 +14,13 @@ in
  imports = [ ./options.nix ];
  config = lib.mkIf cfg.enable {
    assertions = [
      {
        assertion = cfg.sshKeyPaths != [ ];
        message = "mjallen.sops.sshKeyPaths must contain at least one SSH key path for age decryption.";
      }
    ];
    sops = {
      defaultSopsFile = if cfg.defaultSopsFile != null then cfg.defaultSopsFile else defaultSops;
      age.sshKeyPaths = cfg.sshKeyPaths;
--- a/packages/bcachefs/default.nix
+++ b/packages/bcachefs/default.nix
@@ -1,7 +1,6 @@
 {
  lib,
  stdenv,
  fetchFromGitHub,
  pkg-config,
  libuuid,
  libsodium,
--- a/packages/bcachefs/kernel-module.nix
+++ b/packages/bcachefs/kernel-module.nix
@@ -1,6 +1,5 @@
 bcachefs-tools:
 {
  lib,
  stdenv,
  kernelModuleMakeFlags,
  kernel,
--- a/packages/omnissa/default.nix
+++ b/packages/omnissa/default.nix
@@ -15,7 +15,9 @@ let
  version = "2512";
  sysArch =
-    if (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux") then
+    if
      (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux")
    then
      "x64"
    else
      throw "Unsupported system: ${stdenv.hostPlatform.system}";
@@ -168,7 +170,10 @@ stdenv.mkDerivation {
    description = "Allows you to connect to your Omnissa Horizon virtual desktop";
    homepage = "https://www.omnissa.com/products/horizon-8/";
    license = lib.licenses.unfree;
-    platforms = [ "x86_64-linux" "aarch64-linux" ];
+    platforms = [
      "x86_64-linux"
      "aarch64-linux"
    ];
    maintainers = with lib.maintainers; [ mhutter ];
  };
 }
--- a/packages/python/python-nanokvm/default.nix
+++ b/packages/python/python-nanokvm/default.nix
@@ -1,7 +1,6 @@
 {
  python3Packages,
  fetchFromGitHub,
  lib,
  ...
 }:
 python3Packages.buildPythonPackage rec {
--- a/systems/aarch64-linux/macbook-pro-nixos/hardware-configuration.nix
+++ b/systems/aarch64-linux/macbook-pro-nixos/hardware-configuration.nix
@@ -35,7 +35,10 @@
  fileSystems."/home" = {
    device = "/dev/mapper/cryptroot";
    fsType = "btrfs";
-    options = [ "subvol=home" "compress=zstd" ];
+    options = [
      "subvol=home"
      "compress=zstd"
    ];
  };
  boot.initrd.luks.devices."cryptroot".device =
@@ -44,31 +47,46 @@
  fileSystems."/persist" = {
    device = "/dev/mapper/cryptroot";
    fsType = "btrfs";
-    options = [ "subvol=persist" "compress=zstd" ];
+    options = [
      "subvol=persist"
      "compress=zstd"
    ];
  };
  fileSystems."/etc" = {
    device = "/dev/mapper/cryptroot";
    fsType = "btrfs";
-    options = [ "subvol=etc" "compress=zstd" ];
+    options = [
      "subvol=etc"
      "compress=zstd"
    ];
  };
  fileSystems."/root" = {
    device = "/dev/mapper/cryptroot";
    fsType = "btrfs";
-    options = [ "subvol=root" "compress=zstd" ];
+    options = [
      "subvol=root"
      "compress=zstd"
    ];
  };
  fileSystems."/nix" = {
    device = "/dev/mapper/cryptroot";
    fsType = "btrfs";
-    options = [ "subvol=nix" "compress=zstd" ];
+    options = [
      "subvol=nix"
      "compress=zstd"
    ];
  };
  fileSystems."/var/log" = {
    device = "/dev/mapper/cryptroot";
    fsType = "btrfs";
-    options = [ "subvol=log" "compress=zstd" ];
+    options = [
      "subvol=log"
      "compress=zstd"
    ];
  };
  swapDevices = [ ];
--- a/systems/x86_64-linux/allyx/boot.nix
+++ b/systems/x86_64-linux/allyx/boot.nix
@@ -1,7 +1,6 @@
 {
  config,
  pkgs,
  namespace,
  ...
 }:
 let
--- a/systems/x86_64-linux/iso-minimal/default.nix
+++ b/systems/x86_64-linux/iso-minimal/default.nix
@@ -117,7 +117,6 @@ in
    };
  };
  fileSystems = {
    "/etc".neededForBoot = true;
  };
--- a/systems/x86_64-linux/jallen-nas/boot.nix
+++ b/systems/x86_64-linux/jallen-nas/boot.nix
@@ -1,7 +1,5 @@
 {
  inputs,
  pkgs,
  namespace,
  ...
 }:
 let
--- a/systems/x86_64-linux/matt-nixos/boot.nix
+++ b/systems/x86_64-linux/matt-nixos/boot.nix
@@ -1,7 +1,6 @@
 {
  config,
  pkgs,
  namespace,
  ...
 }:
 let