assertions

homes/aarch64-linux/matt@macbook-pro-nixos/default.nix

@@ -153,12 +153,18 @@ in
   dconf = {
     enable = true;
     settings = {
-      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".name =  "Keyboard Backlight +";
+      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".name =
-      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".binding = "<Super>MonBrightnessUp";
+        "Keyboard Backlight +";
-      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".command = "brightnessctl -d kbd_backlight s +10";
+      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".binding =
-      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".name =  "Keyboard Backlight -";
+        "<Super>MonBrightnessUp";
-      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".binding = "<Super>MonBrightnessDown";
+      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".command =
-      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".command = "brightnessctl -d kbd_backlight s 10-";
+        "brightnessctl -d kbd_backlight s +10";
+      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".name =
+        "Keyboard Backlight -";
+      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".binding =
+        "<Super>MonBrightnessDown";
+      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".command =
+        "brightnessctl -d kbd_backlight s 10-";
 
       "org/gnome/shell".enabled-extensions = [
         "notch-clock-offset@christophbrill.de"

homes/aarch64-linux/root@macbook-pro-nixos/default.nix

@@ -1,6 +0,0 @@
-{ lib, ... }:
-{
-  home.username = "root";
-  services.nextcloud-client.enable = lib.mkForce false;
-  services.kdeconnect.enable = false;
-}

homes/aarch64-linux/root@pi5/default.nix

@@ -1,6 +0,0 @@
-{ lib, ... }:
-{
-  home.username = "root";
-  services.nextcloud-client.enable = lib.mkForce false;
-  services.kdeconnect.enable = false;
-}

homes/x86_64-linux/matt@allyx/default.nix

@@ -38,7 +38,10 @@ in
         steamDirectory = "/home/matt/.local/share/Steam";
       };
 
-      enabledProviders = [ "sgdb" "steamCDN" ];
+      enabledProviders = [
+        "sgdb"
+        "steamCDN"
+      ];
       imageProviderSettings.sgdb = {
         nsfw = false;
         humor = false;

homes/x86_64-linux/nixos@iso-minimal/default.nix

@@ -1,6 +0,0 @@
-{ lib, ... }:
-{
-  home.username = "nixos";
-  services.nextcloud-client.enable = lib.mkForce false;
-  services.kdeconnect.enable = false;
-}

homes/x86_64-linux/root@allyx/default.nix

@@ -1,6 +0,0 @@
-{ lib, ... }:
-{
-  home.username = "root";
-  services.nextcloud-client.enable = lib.mkForce false;
-  services.kdeconnect.enable = false;
-}

homes/x86_64-linux/root@iso-minimal/default.nix

@@ -1,6 +0,0 @@
-{ lib, ... }:
-{
-  home.username = "root";
-  services.nextcloud-client.enable = lib.mkForce false;
-  services.kdeconnect.enable = false;
-}

homes/x86_64-linux/root@jallen-nas/default.nix

@@ -1,6 +0,0 @@
-{ lib, ... }:
-{
-  home.username = "root";
-  services.nextcloud-client.enable = lib.mkForce false;
-  services.kdeconnect.enable = false;
-}

homes/x86_64-linux/root@matt-nixos/default.nix

@@ -1,6 +0,0 @@
-{ lib, ... }:
-{
-  home.username = "root";
-  services.nextcloud-client.enable = lib.mkForce false;
-  services.kdeconnect.enable = false;
-}

homes/x86_64-linux/root@nuc-nixos/default.nix

@@ -1,6 +0,0 @@
-{ lib, ... }:
-{
-  home.username = "root";
-  services.nextcloud-client.enable = lib.mkForce false;
-  services.kdeconnect.enable = false;
-}

modules/darwin/nix/default.nix

@@ -1,7 +1,5 @@
 {
-  config,
   lib,
-  namespace,
   ...
 }:
 {

modules/home/home/default.nix

@@ -10,13 +10,26 @@
 let
   inherit (lib.${namespace}) enabled;
   isArm = ("aarch64-linux" == system) || ("aarch64-darwin" == system);
+  # Non-login / system accounts (root, nixos installer, etc.) should not get
+  # desktop packages, tmux, nh, kdeconnect, nextcloud-client, etc.
+  # Detect them by username so individual host home files are not needed.
+  isSystemUser = lib.elem config.home.username [
+    "root"
+    "nixos"
+  ];
 in
 {
   home = {
     enableNixpkgsReleaseCheck = lib.mkDefault false;
-    homeDirectory = lib.mkDefault "/home/${config.home.username}";
+    homeDirectory = lib.mkDefault (
+      if config.home.username == "root" then "/root" else "/home/${config.home.username}"
+    );
     packages =
       with pkgs;
+      (
+        if isSystemUser then
+          [ ]
+        else
           [
             age
             clinfo
@@ -41,7 +54,7 @@ in
             wget
           ]
           ++ (
-        if hasDestopEnvironment then
+            if (hasDestopEnvironment) then
               [
                 boxbuddy
                 stable.chromium
@@ -64,6 +77,7 @@ in
               )
             else
               [ ]
+          )
       );
 
     stateVersion = lib.mkDefault "23.11";
@@ -74,21 +88,19 @@ in
     # standalone homes don't load the nix-index-database HM module).
     # Set it per-host in homes that explicitly load the module.
     btop = {
-      enable = lib.mkDefault true;
+      enable = lib.mkDefault (!isSystemUser);
       package = pkgs.btop;
     };
-    fastfetch = lib.mkDefault enabled;
+    fastfetch.enable = lib.mkDefault (!isSystemUser);
     home-manager = lib.mkDefault enabled;
-    java = {
+    java.enable = lib.mkDefault (!isSystemUser);
-      enable = lib.mkDefault true;
+    mangohud.enable = lib.mkDefault (hasDestopEnvironment && !isSystemUser);
-    };
+    password-store.enable = lib.mkDefault (!isSystemUser);
-    mangohud.enable = lib.mkDefault hasDestopEnvironment;
-    password-store = enabled;
     nh = {
-      enable = true;
+      enable = lib.mkDefault (!isSystemUser);
       flake = "/etc/nixos";
       clean = {
-        enable = true;
+        enable = lib.mkDefault (!isSystemUser);
         extraArgs = "--keep 5";
       };
     };
@@ -105,7 +117,7 @@ in
     };
 
     tmux = {
-      enable = lib.mkDefault true;
+      enable = lib.mkDefault (!isSystemUser);
       terminal = "screen-256color";
       sensibleOnTop = true;
       focusEvents = true;
@@ -127,7 +139,7 @@ in
         tmuxPlugins.better-mouse-mode
       ];
       extraConfig = ''
-        set -g status-right '#[fg=black,bg=color15] #{cpu_percentage}  %H:%M '
+        set -g status-right '#[fg=black,bg=color15] #{cpu_percentage}  %H:%M '
         run-shell ${pkgs.tmuxPlugins.cpu}/share/tmux-plugins/cpu/cpu.tmux
         set -g default-terminal "xterm-256color"
         set -ga terminal-overrides ",*256col*:Tc"
@@ -145,11 +157,13 @@ in
   };
 
   services = {
-    nextcloud-client.enable = false; # lib.mkDefault hasDestopEnvironment;
+    # nextcloud-client is disabled by default for all users; systems that
-    pass-secret-service = lib.mkDefault enabled;
+    # want it enabled must opt in explicitly in their home configuration.
+    nextcloud-client.enable = lib.mkDefault false;
+    pass-secret-service.enable = lib.mkDefault (!isSystemUser);
     kdeconnect = {
-      enable = lib.mkDefault hasDestopEnvironment;
+      enable = lib.mkDefault (hasDestopEnvironment && !isSystemUser);
-      indicator = lib.mkDefault hasDestopEnvironment;
+      indicator = lib.mkDefault (hasDestopEnvironment && !isSystemUser);
       package = pkgs.kdePackages.kdeconnect-kde;
     };
   };

modules/home/programs/code/default.nix

@@ -8,12 +8,10 @@
 }:
 let
   isArm = ("aarch64-linux" == system) || ("aarch64-darwin" == system);
-  isDarwin = ("aarch64-darwin" == system);
 
   x86_only = with pkgs; [
     vscode-extensions.redhat.vscode-xml
   ];
-  open-remote-ssh = pkgs.${namespace}.open-remote-ssh;
 in
 {
   home.packages = with pkgs; [

modules/home/programs/hyprland/options.nix

@@ -1,6 +1,5 @@
 {
   lib,
-  pkgs,
   namespace,
   ...
 }:

modules/home/programs/wlogout/default.nix

@@ -14,12 +14,42 @@
         programs.wlogout = {
           enable = false;
           layout = {
-            lock     = { label = "lock";      action = "hyprlock --immediate";           text = "Lock";      keybind = "l"; };
+            lock = {
-            hibernate = { label = "hibernate"; action = "systemctl hibernate";            text = "Hibernate"; keybind = "h"; };
+              label = "lock";
-            logout   = { label = "logout";    action = "sleep 1; hyprctl dispatch exit"; text = "Logout";    keybind = "e"; };
+              action = "hyprlock --immediate";
-            shutdown = { label = "shutdown";   action = "systemctl poweroff";             text = "Shutdown";  keybind = "s"; };
+              text = "Lock";
-            suspend  = { label = "suspend";    action = "systemctl suspend";              text = "Suspend";   keybind = "u"; };
+              keybind = "l";
-            reboot   = { label = "reboot";     action = "reboot";                         text = "Reboot";    keybind = "r"; };
+            };
+            hibernate = {
+              label = "hibernate";
+              action = "systemctl hibernate";
+              text = "Hibernate";
+              keybind = "h";
+            };
+            logout = {
+              label = "logout";
+              action = "sleep 1; hyprctl dispatch exit";
+              text = "Logout";
+              keybind = "e";
+            };
+            shutdown = {
+              label = "shutdown";
+              action = "systemctl poweroff";
+              text = "Shutdown";
+              keybind = "s";
+            };
+            suspend = {
+              label = "suspend";
+              action = "systemctl suspend";
+              text = "Suspend";
+              keybind = "u";
+            };
+            reboot = {
+              label = "reboot";
+              action = "reboot";
+              text = "Reboot";
+              keybind = "r";
+            };
           };
           style = ''
             * {

modules/nixos/boot/common/default.nix

@@ -22,6 +22,17 @@ in
   };
 
   config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = !cfg.yubikeyEncryption || config.${namespace}.hardware.disko.enableLuks;
+        message = "mjallen.boot.common.yubikeyEncryption requires mjallen.hardware.disko.enableLuks = true.";
+      }
+      {
+        assertion = !cfg.yubikeyEncryption || config.${namespace}.hardware.disko.enable;
+        message = "mjallen.boot.common.yubikeyEncryption requires mjallen.hardware.disko.enable = true (disko-managed disk layout).";
+      }
+    ];
+
     boot = {
 
       kernelModules = [ "kvm" ];
@@ -78,7 +89,7 @@ in
                 };
                 slot = 2;
                 twoFactor = false;
-                gracePeriod = yubikeyGracePeriod;
+                gracePeriod = cfg.yubikeyGracePeriod;
               };
             };
           };

modules/nixos/boot/lanzaboote/default.nix

@@ -17,6 +17,13 @@ in
   };
 
   config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.configLimit > 0;
+        message = "mjallen.bootloader.lanzaboote.configLimit must be a positive integer (got ${toString cfg.configLimit}).";
+      }
+    ];
+
     boot = {
       loader = {
         efi = {

modules/nixos/disko/default.nix

@@ -104,6 +104,21 @@ in
 {
   imports = [ ./options.nix ];
   config = lib.mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.rootDisk != "";
+        message = "mjallen.hardware.disko.rootDisk must be set to a non-empty device path (e.g. \"/dev/nvme0n1\").";
+      }
+      {
+        assertion = !(cfg.enableSwap && cfg.swapSize == "");
+        message = "mjallen.hardware.disko.swapSize must be a non-empty size string when enableSwap is true (e.g. \"16G\").";
+      }
+      {
+        assertion = cfg.compression != "";
+        message = "mjallen.hardware.disko.compression must be a non-empty compression type (e.g. \"zstd\").";
+      }
+    ];
+
     disko.devices = lib.mkMerge [
       {
         nodev."/" = {

modules/nixos/gaming/default.nix

@@ -7,11 +7,21 @@
 }:
 let
   cfg = config.${namespace}.gaming;
+  hasDesktop =
+    config.${namespace}.desktop.gnome.enable
+    || config.${namespace}.desktop.hyprland.enable
+    || config.${namespace}.desktop.cosmic.enable;
 in
 {
   imports = [ ./options.nix ];
 
   config = lib.mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = hasDesktop;
+        message = "mjallen.gaming.enable requires a desktop environment (gnome, hyprland, or cosmic) to be enabled.";
+      }
+    ];
     # Network option required using sysctl to let Ubisoft Connect work as of 7-12-2023
     # Use mkDefault so jovian-nixos steam module (which sets this to `true`) wins.
     boot.kernel.sysctl."net.ipv4.tcp_mtu_probing" = lib.mkDefault 1;

modules/nixos/hardware/amd/default.nix

@@ -22,6 +22,17 @@ in
   };
 
   config = lib.mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = !(cfg.lact.enable && cfg.corectrl.enable);
+        message = "mjallen.hardware.amd: lact and corectrl cannot both be enabled — they both manage AMD GPU power profiles and will conflict.";
+      }
+      {
+        assertion = !cfg.corectrl.enablePolkit || cfg.corectrl.polkitGroup != "";
+        message = "mjallen.hardware.amd.corectrl.polkitGroup must be a non-empty group name when enablePolkit is true.";
+      }
+    ];
+
     boot = {
       kernelModules = [
         "nct6775"

modules/nixos/hardware/battery/default.nix

@@ -21,6 +21,17 @@ in
   };
 
   config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.battery != "";
+        message = "mjallen.hardware.battery.battery must be set to the sysfs path of the battery charge limit file (e.g. \"/sys/class/power_supply/BAT0/charge_control_end_threshold\").";
+      }
+      {
+        assertion = cfg.chargeLimit > 0 && cfg.chargeLimit <= 100;
+        message = "mjallen.hardware.battery.chargeLimit must be between 1 and 100 (got ${toString cfg.chargeLimit}).";
+      }
+    ];
+
     systemd = {
       services = {
         set-charge-limit = {

modules/nixos/hardware/raspberry-pi/default.nix

@@ -260,6 +260,20 @@ in
   ];
 
   config = lib.mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.bootType != "uboot" || cfg.firmwarePackage != null;
+        message = "mjallen.hardware.raspberry-pi.firmwarePackage must be set when bootType is \"uboot\".";
+      }
+      {
+        assertion = cfg.bootType != "kernel" || cfg.firmwarePackage != null;
+        message = "mjallen.hardware.raspberry-pi.firmwarePackage must be set when bootType is \"kernel\".";
+      }
+      {
+        assertion = cfg.nixosGenerationsDir != "";
+        message = "mjallen.hardware.raspberry-pi.nixosGenerationsDir must be a non-empty path.";
+      }
+    ];
 
     boot = {
       initrd.availableKernelModules = [

modules/nixos/headless/default.nix

@@ -15,6 +15,16 @@ in
   };
 
   config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion =
+          !config.${namespace}.desktop.gnome.enable
+          && !config.${namespace}.desktop.hyprland.enable
+          && !config.${namespace}.desktop.cosmic.enable;
+        message = "mjallen.headless.enable = true is incompatible with having a desktop environment enabled (gnome, hyprland, or cosmic).";
+      }
+    ];
+
     boot.initrd.systemd.suppressedUnits = lib.mkIf config.systemd.enableEmergencyMode [
       "emergency.service"
       "emergency.target"

modules/nixos/home/default.nix

@@ -36,6 +36,30 @@ in
   };
 
   config = {
+    assertions =
+      let
+        desktopCount = lib.count lib.id [
+          config.${namespace}.desktop.gnome.enable
+          config.${namespace}.desktop.hyprland.enable
+          config.${namespace}.desktop.cosmic.enable
+        ];
+      in
+      [
+        {
+          assertion = desktopCount <= 1;
+          message = ''
+            At most one desktop environment may be enabled simultaneously.
+            Currently enabled: ${
+              lib.concatStringsSep ", " (
+                lib.optional config.${namespace}.desktop.gnome.enable "gnome"
+                ++ lib.optional config.${namespace}.desktop.hyprland.enable "hyprland"
+                ++ lib.optional config.${namespace}.desktop.cosmic.enable "cosmic"
+              )
+            }.
+          '';
+        }
+      ];
+
     # ${namespace}.home.extraOptions = {
     #   home.file = lib.mkAliasDefinitions options.${namespace}.home.file;
     #   home.stateVersion = lib.mkOptionDefault config.system.stateVersion;

modules/nixos/impermanence/default.nix

@@ -50,6 +50,17 @@ in
   };
 
   config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = lib.hasPrefix "/" cfg.persistencePath;
+        message = "mjallen.impermanence.persistencePath must be an absolute path (got \"${cfg.persistencePath}\").";
+      }
+      {
+        assertion = cfg.persistencePath != "/";
+        message = "mjallen.impermanence.persistencePath must not be the filesystem root \"/\".";
+      }
+    ];
+
     environment.persistence."/nix/persist/system" = {
       hideMounts = true;
       directories = [

modules/nixos/network/default.nix

@@ -57,6 +57,33 @@ in
   ];
 
   config = {
+    assertions = [
+      {
+        assertion = cfg.hostName != "";
+        message = "mjallen.network.hostName must be set to a non-empty string.";
+      }
+      {
+        assertion = cfg.ipv4.method == "auto" || cfg.ipv4.method == "manual";
+        message = "mjallen.network.ipv4.method must be either \"auto\" or \"manual\" (got \"${cfg.ipv4.method}\").";
+      }
+      {
+        assertion = cfg.ipv4.method != "manual" || cfg.ipv4.interface != "";
+        message = "mjallen.network.ipv4.interface must be set when ipv4.method is \"manual\".";
+      }
+      {
+        assertion = cfg.ipv4.method != "manual" || cfg.ipv4.address != "";
+        message = "mjallen.network.ipv4.address must be set when ipv4.method is \"manual\".";
+      }
+      {
+        assertion = cfg.ipv4.method != "manual" || cfg.ipv4.gateway != "";
+        message = "mjallen.network.ipv4.gateway must be set when ipv4.method is \"manual\".";
+      }
+      {
+        assertion = cfg.nat.enable -> cfg.nat.externalInterface != "";
+        message = "mjallen.network.nat.externalInterface must be set when NAT is enabled.";
+      }
+    ];
+
     systemd = {
       services = {
         NetworkManager-wait-online.enable = false;

modules/nixos/nix/default.nix

@@ -1,7 +1,6 @@
 {
   config,
   lib,
-  inputs,
   namespace,
   ...
 }:

modules/nixos/power/default.nix

@@ -20,6 +20,21 @@ in
   };
 
   config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.upsName != "";
+        message = "mjallen.power.ups.upsName must be a non-empty string.";
+      }
+      {
+        assertion = cfg.upsUser != "";
+        message = "mjallen.power.ups.upsUser must be a non-empty string.";
+      }
+      {
+        assertion = builtins.hasAttr "jallen-nas/ups_password" config.sops.secrets;
+        message = "mjallen.power.ups requires a sops secret \"jallen-nas/ups_password\" to be declared.";
+      }
+    ];
+
     power.ups = {
       enable = true;
       openFirewall = true;

modules/nixos/services/netbootxyz/default.nix

@@ -25,8 +25,14 @@ in
       ];
       extraConfig = {
         networking.firewall = lib.mkIf cfg.openFirewall {
-          allowedTCPPorts = [ cfg.assetPort cfg.tftpPort ];
+          allowedTCPPorts = [
-          allowedUDPPorts = [ cfg.assetPort cfg.tftpPort ];
+            cfg.assetPort
+            cfg.tftpPort
+          ];
+          allowedUDPPorts = [
+            cfg.assetPort
+            cfg.tftpPort
+          ];
         };
         virtualisation.oci-containers.containers.netbootxyz.ports = lib.mkForce [
           "${toString cfg.port}:3000"

modules/nixos/sops/default.nix

@@ -14,6 +14,13 @@ in
   imports = [ ./options.nix ];
 
   config = lib.mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.sshKeyPaths != [ ];
+        message = "mjallen.sops.sshKeyPaths must contain at least one SSH key path for age decryption.";
+      }
+    ];
+
     sops = {
       defaultSopsFile = if cfg.defaultSopsFile != null then cfg.defaultSopsFile else defaultSops;
       age.sshKeyPaths = cfg.sshKeyPaths;

packages/bcachefs/default.nix

@@ -1,7 +1,6 @@
 {
   lib,
   stdenv,
-  fetchFromGitHub,
   pkg-config,
   libuuid,
   libsodium,

packages/bcachefs/kernel-module.nix

@@ -1,6 +1,5 @@
 bcachefs-tools:
 {
-  lib,
   stdenv,
   kernelModuleMakeFlags,
   kernel,

packages/omnissa/default.nix

@@ -15,7 +15,9 @@ let
   version = "2512";
 
   sysArch =
-    if (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux") then
+    if
+      (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux")
+    then
       "x64"
     else
       throw "Unsupported system: ${stdenv.hostPlatform.system}";
@@ -168,7 +170,10 @@ stdenv.mkDerivation {
     description = "Allows you to connect to your Omnissa Horizon virtual desktop";
     homepage = "https://www.omnissa.com/products/horizon-8/";
     license = lib.licenses.unfree;
-    platforms = [ "x86_64-linux" "aarch64-linux" ];
+    platforms = [
+      "x86_64-linux"
+      "aarch64-linux"
+    ];
     maintainers = with lib.maintainers; [ mhutter ];
   };
 }

packages/python/python-nanokvm/default.nix

@@ -1,7 +1,6 @@
 {
   python3Packages,
   fetchFromGitHub,
-  lib,
   ...
 }:
 python3Packages.buildPythonPackage rec {

systems/aarch64-linux/macbook-pro-nixos/hardware-configuration.nix

@@ -35,7 +35,10 @@
   fileSystems."/home" = {
     device = "/dev/mapper/cryptroot";
     fsType = "btrfs";
-    options = [ "subvol=home" "compress=zstd" ];
+    options = [
+      "subvol=home"
+      "compress=zstd"
+    ];
   };
 
   boot.initrd.luks.devices."cryptroot".device =
@@ -44,31 +47,46 @@
   fileSystems."/persist" = {
     device = "/dev/mapper/cryptroot";
     fsType = "btrfs";
-    options = [ "subvol=persist" "compress=zstd" ];
+    options = [
+      "subvol=persist"
+      "compress=zstd"
+    ];
   };
 
   fileSystems."/etc" = {
     device = "/dev/mapper/cryptroot";
     fsType = "btrfs";
-    options = [ "subvol=etc" "compress=zstd" ];
+    options = [
+      "subvol=etc"
+      "compress=zstd"
+    ];
   };
 
   fileSystems."/root" = {
     device = "/dev/mapper/cryptroot";
     fsType = "btrfs";
-    options = [ "subvol=root" "compress=zstd" ];
+    options = [
+      "subvol=root"
+      "compress=zstd"
+    ];
   };
 
   fileSystems."/nix" = {
     device = "/dev/mapper/cryptroot";
     fsType = "btrfs";
-    options = [ "subvol=nix" "compress=zstd" ];
+    options = [
+      "subvol=nix"
+      "compress=zstd"
+    ];
   };
 
   fileSystems."/var/log" = {
     device = "/dev/mapper/cryptroot";
     fsType = "btrfs";
-    options = [ "subvol=log" "compress=zstd" ];
+    options = [
+      "subvol=log"
+      "compress=zstd"
+    ];
   };
 
   swapDevices = [ ];

systems/x86_64-linux/allyx/boot.nix

@@ -1,7 +1,6 @@
 {
   config,
   pkgs,
-  namespace,
   ...
 }:
 let

systems/x86_64-linux/iso-minimal/default.nix

@@ -117,7 +117,6 @@ in
     };
   };
 
-
   fileSystems = {
     "/etc".neededForBoot = true;
   };

systems/x86_64-linux/jallen-nas/boot.nix

@@ -1,7 +1,5 @@
 {
-  inputs,
   pkgs,
-  namespace,
   ...
 }:
 let

systems/x86_64-linux/matt-nixos/boot.nix

@@ -1,7 +1,6 @@
 {
   config,
   pkgs,
-  namespace,
   ...
 }:
 let